Solved dllhost.exe COM Surrogate /Processid:{49A33422-EFF8-4925-805

[rspulma]

I just noticed that every time when I start my PC there are 4 (sometimes more) processes called dllhost.exe with a description COM Surrogate. But after 1-2 hours of working on my computer I can see about 20 dllhost.exe processes with the same call as I described below.
Process hacker shows me that all of them have a command line like:
C:\Windows\system32\DllHost.exe /Processid:{49A33422-EFF8-4925-805C-A476750C24DE}
So I don't know what to do. Sometimes it appears more processes like that and all of them have the same call
C:\Windows\system32\DllHost.exe /Processid:{49A33422-EFF8-4925-805C-A476750C24DE}

I checked registry trying to locate the meaning of
{49A33422-EFF8-4925-805C-A476750C24DE}
and I found a few strokes
one in HCR\AppID\{49A33422-EFF8-4925-805C-A476750C24DE}
inside there is only one key DllSurrogate
There is one branch in HCR\CLSID\{49A33422-EFF8-4925-805C-A476750C24DE}\
With key AppID with data:
{49A33422-EFF8-4925-805C-A476750C24DE}
and also there one branch
HKEY_CLASSES_ROOT\CLSID\{49A33422-EFF8-4925-805C-A476750C24DE}\InProcServer32\
with key
(Default) with data:
c:\Windows\System32\iMobileDisk.dll

So I guess the meaning of 49A33422-EFF8-4925-805C-A476750C24DE is
c:\Windows\System32\iMobileDisk.dll

I checked through the virus total and it is not a virus but could you tell me what this dll doing and why there are many dllhost.exe processes called with the same command line
C:\Windows\system32\DllHost.exe /Processid:{49A33422-EFF8-4925-805C-A476750C24DE}
Thank you in advance for any help and explanation.

 

[jmarket]

Hello and welcome to PCHF Let's you started shall we?

Please download the FRST 32 bit or FRST 64bit version to suit your operating system. It is important FRST is downloaded to your desktop.

If you are unsure if your operating system is 32 or 64 Bit please go HERE.

Once downloaded right click the FRST desktop icon and select "Run as administrator" from the menu"

If you receive any security warnings, or the User Account Control warning opens at any time whilst using FRST you can safely allow FRST to proceed.
Frst will open with two dialogue boxes, accept the disclaimer.

Accept the default whitelist options,
If the additions.txt options box is not checked please select it.
Then select "Scan"

Frst will take a few minutes to scan your computer, and when finished will produce two log files on your desktop, FRST.txt, and Addition.txt. They will display immediately on the desktop, but can be reopened later as a notepad file.

Please Copy and Paste the contents of these logs in your next post for review by our Security Team

 

[Malnutrition]

@rspulma Posting these here, since you sent them to me via PM.

Spoiler: Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 29-01-2017

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 29-01-2017
Ran by Explorer (administrator) on RICA (03-02-2017 16:19:55)
Running from C:\Users\Explorer\Downloads\Programs
Loaded Profiles: Explorer (Available Profiles: Explorer & named)
Platform: Windows 8.1 Enterprise (Update) (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\WTabletServiceCon.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(American Megatrends Inc.) C:\Program Files\AMI\DuOS\AndServMgr.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
(CrypKey (Canada) Ltd.) C:\Windows\System32\Crypserv.exe
() C:\Program Files (x86)\Droid4X\Droid4XService.exe
() C:\Program Files (x86)\HDD Regenerator\hrsrv.exe
(High-Logic B.V.) C:\Program Files (x86)\High-Logic FontService\fontservice.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe
() C:\Program Files (x86)\NetTime\NetTimeService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(arvato digital services llc) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
(DEVGURU Co., LTD.) C:\Program Files\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
() C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler64.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
(Wacom Technology) C:\Program Files\Tablet\Pen\WacomHost.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_Tablet.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
(Mindjet) C:\Program Files\Mindjet\MindManager 16\MmReminderService.exe
(ACD Systems) D:\Program Files\ACD Systems\ACDSee Pro\10.0\acdIDInTouch2.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
() C:\Program Files\Rainlendar2\Rainlendar2.exe
(Dominik Reichl) C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe
(Nokia) C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe
(Nokia) C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
(Epic Privacy Browser) C:\Users\Explorer\AppData\Local\Epic Privacy Browser\Installer\EpicUpdate.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieCtrl.exe
() D:\Program Files\ACD Systems\ACDSee Pro\10.0\ACDSeeCommanderPro10.exe
(Nokia) C:\Program Files (x86)\PC Connectivity Solution\Transports\NclUSBSrv64.exe
(Nokia) C:\Program Files (x86)\PC Connectivity Solution\Transports\NclRSSrv.exe
() C:\Program Files (x86)\WebMoney Agent\wmagent.exe
(Nokia) C:\Program Files (x86)\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-Agent.exe
(Dropbox, Inc.) C:\Users\Explorer\AppData\Roaming\Dropbox\bin\Dropbox.exe
(iSkySoft) C:\Program Files (x86)\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe
(NCH Software) C:\Program Files (x86)\NCH Software\Talk\talk.exe
(VMware, Inc.) C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
(Wondershare) C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
() C:\Program Files (x86)\NetTime\NetTime.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(High-Logic B.V.) D:\Program Files (x86)\High-Logic MainType\FmsProxy.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
(Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\idman.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(wj32) C:\Program Files\Process Hacker 2\ProcessHacker.exe
(Telegram Messenger LLP) C:\Users\Explorer\AppData\Roaming\Telegram Desktop\Telegram.exe
(eM Client s.r.o.) C:\Program Files (x86)\eM Client\MailClient.exe
(CJSC "Computing Forces") C:\Program Files (x86)\WebMoney\WebMoney.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office16\WINWORD.EXE
(JAM Software) D:\Program Files\JAM Software\UltraSearch\UltraSearch.exe
(CHENGDU YIWO Tech Development Co., Ltd) C:\Program Files\EaseUS\EaseUS Data Recovery Wizard\DRW.exe
(CHENGDU YIWO Tech Development Co., Ltd) C:\Program Files\EaseUS\EaseUS Data Recovery Wizard\DRWUI.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Microsoft Corporation) C:\Windows\System32\prevhost.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office16\EXCEL.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\calc.exe
(Ashampoo GmbH & Co. KG) C:\Program Files (x86)\Ashampoo\Ashampoo Snap 9\ashsnap.exe
(Microsoft Corporation) C:\Windows\System32\SppExtComObj.Exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(eM Client s.r.o.) C:\Program Files (x86)\eM Client\MailClient.exe
(Adobe Systems) C:\Program Files\Adobe\Adobe Lightroom\lightroom.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Adobe Lightroom\Helpers\DynamicLinkSupport\dynamiclink\CS6\dynamiclinkmanager.exe
(Adobe Systems, Incorporated) C:\Program Files\Adobe\Adobe Lightroom\Helpers\DynamicLinkMediaServer\dynamiclinkmediaserver\1.0\dynamiclinkmediaserver.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Adobe Lightroom\Helpers\DynamicLinkMediaServer\dynamiclinkmediaserver\1.0\32\Adobe QT32 Server.exe
() C:\Program Files\Gramblr\gramblr.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Don HO don.h@free.fr) C:\Program Files (x86)\Notepad++\notepad++.exe
(Artext) D:\Multitran\network\multitran.exe
(Foxit Software Inc.) C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\FoxitPhantomPDF.exe
(Foxit Corporation) C:\Users\Explorer\AppData\Roaming\Foxit Software\Addon\Foxit PhantomPDF\FoxitPhantomPDFUpdater.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(eM Client s.r.o.) C:\Program Files (x86)\eM Client\MailClient.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(eM Client s.r.o.) C:\Program Files (x86)\eM Client\MailClient.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Farbar) C:\Users\Explorer\Downloads\Programs\FRST64_2.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
HKLM\...\Run: [QuickSet] => C:\Program Files\Dell\QuickSet\QuickSet.exe [4146848 2012-03-01] (Dell Inc.)
HKLM\...\Run: [Eraser] => C:\Program Files\Eraser\Eraser.exe [1084328 2015-04-13] (The Eraser Project)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-01-07] (Adobe Systems Incorporated)
HKLM\...\Run: [MMReminderService] => C:\Program Files\Mindjet\MindManager 16\MMReminderService.exe [124616 2016-02-09] (Mindjet)
HKLM\...\Run: [Corel Update Helper] => D:\Program Files\Corel\Corel PaintShop Pro X8 (64-bit)\pua.exe [2012104 2015-11-27] (Corel Corporation)
HKLM\...\Run: [ACPW10EN] => D:\Program Files\ACD Systems\ACDSee Pro\10.0\acdIDInTouch2.exe [2152392 2016-09-08] (ACD Systems)
HKLM\...\Run: [!Tweak8SystemService] => net Start Tweak8SystemService
HKLM-x32\...\Run: [KeePass 2 PreLoad] => C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe [2867712 2017-01-09] (Dominik Reichl)
HKLM-x32\...\Run: [wmagent.exe] => C:\Program Files (x86)\WebMoney Agent\wmagent.exe [210400 2009-10-19] ()
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe [811792 2014-01-20] (BlueStack Systems, Inc.)
HKLM-x32\...\Run: [Nikon Message Center 2] => C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe [570880 2013-12-27] (Nikon Corporation)
HKLM-x32\...\Run: [iSkysoft Helper Compact.exe] => C:\Program Files (x86)\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe [2066432 2014-10-31] (iSkySoft)
HKLM-x32\...\Run: [Talk] => C:\Program Files (x86)\NCH Software\Talk\talk.exe [1401016 2017-01-02] (NCH Software)
HKLM-x32\...\Run: [vmware-tray.exe] => C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe [104128 2015-11-25] (VMware, Inc.)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2312896 2016-02-12] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2087264 2014-09-11] (Wondershare)
HKLM-x32\...\Run: [HDD Regenerator] => C:\Program Files (x86)\HDD Regenerator\Shell.exe [90336 2013-05-08] ()
HKLM-x32\...\Run: [NetTime] => C:\Program Files (x86)\NetTime\NetTime.exe [772096 2012-05-12] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-09-22] (Oracle Corporation)
HKLM-x32\...\Run: [FmsProxy] => D:\Program Files (x86)\High-Logic MainType\FmsProxy.exe [1720320 2016-07-04] (High-Logic B.V.)
HKLM Group Policy restriction on software: cipher.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.js <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.js <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: syskey.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.js <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.js <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.exe <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.js <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.jse <====== ATTENTION
HKLM Group Policy restriction on software: lsassw86s.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.js <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.js <====== ATTENTION
HKLM Group Policy restriction on software: %programfiles(x86)%\*\svchost.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.com <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.js <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.exe <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.js <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.scr <====== ATTENTION
HKLM Group Policy restriction on software: ** <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.scr <====== ATTENTION
HKLM Group Policy restriction on software: scsvserv.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Appdata\Roaming\Microsoft\Windows\IEUpdate\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*\svchost.exe <====== ATTENTION
HKLM Group Policy restriction on software: vssadmin.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.com <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %systemdrive%\*\svchost.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.js <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.bat <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.com <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.com <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.js <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: lsassvrtdbks.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.js <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.js <====== ATTENTION
HKLM Group Policy restriction on software: %programfiles%\*\svchost.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.exe <====== ATTENTION
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKLM\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKLM\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKLM\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKLM\...\Policies\Explorer: [NoViewContextMenu] 0
HKLM\...\Policies\Explorer: [NoShellSearchButton] 0
HKLM\...\Policies\Explorer: [HideClock] 0
HKLM\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKLM\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKLM\...\Policies\Explorer: [NoDeletePrinter] 0
HKLM\...\Policies\Explorer: [NoDFSTab] 0
HKLM\...\Policies\Explorer: [NoWindowsUpdate] 0
HKLM\...\Policies\Explorer: [NoEncryptOnMove] 0
HKLM\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKLM\...\Policies\Explorer: [NoResolveSearch] 0
HKLM\...\Policies\Explorer: [NoSaveSettings] 0
HKLM\...\Policies\Explorer: [NoHardwareTab] 0
HKLM\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-19\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-19\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-19\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-19\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-19\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-20\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-20\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-20\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-20\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-20\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-21-925185676-1098965860-4220522822-1001\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3675352 2013-10-28] (Disc Soft Ltd)
HKU\S-1-5-21-925185676-1098965860-4220522822-1001\...\Run: [Rainlendar2] => C:\Program Files\Rainlendar2\Rainlendar2.exe [3097640 2015-11-13] ()
HKU\S-1-5-21-925185676-1098965860-4220522822-1001\...\Run: [Dropbox Update] => C:\Users\Explorer\AppData\Local\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-05] (Dropbox, Inc.)
HKU\S-1-5-21-925185676-1098965860-4220522822-1001\...\Run: [KeePass Password Safe 2] => C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe [2867712 2017-01-09] (Dominik Reichl)
HKU\S-1-5-21-925185676-1098965860-4220522822-1001\...\Run: [PC Suite Tray] => C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe [1516632 2012-06-26] (Nokia)
HKU\S-1-5-21-925185676-1098965860-4220522822-1001\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1407912 2017-01-16] (Garmin Ltd. or its subsidiaries)
HKU\S-1-5-21-925185676-1098965860-4220522822-1001\...\Run: [Google Update] => C:\Users\Explorer\AppData\Local\Google\Update\1.3.32.7\GoogleUpdateCore.exe [601752 2016-12-16] (Google Inc.)
HKU\S-1-5-21-925185676-1098965860-4220522822-1001\...\Run: [Epic Privacy Browser Installer] => C:\Users\Explorer\AppData\Local\Epic Privacy Browser\Installer\EpicUpdate.exe [509096 2016-03-17] (Epic Privacy Browser)
HKU\S-1-5-21-925185676-1098965860-4220522822-1001\...\Run: [SandboxieControl] => C:\Program Files\Sandboxie\SbieCtrl.exe [797328 2016-06-14] (Sandboxie Holdings, LLC)
HKU\S-1-5-21-925185676-1098965860-4220522822-1001\...\Run: [ACDSeeCommanderPro10] => D:\Program Files\ACD Systems\ACDSee Pro\10.0\ACDSeeCommanderPro10.exe [3412936 2016-09-15] ()
HKU\S-1-5-21-925185676-1098965860-4220522822-1001\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-21-925185676-1098965860-4220522822-1001\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-21-925185676-1098965860-4220522822-1001\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-21-925185676-1098965860-4220522822-1001\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-21-925185676-1098965860-4220522822-1001\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-21-925185676-1098965860-4220522822-1001\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-21-925185676-1098965860-4220522822-1001\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-21-925185676-1098965860-4220522822-1001\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-21-925185676-1098965860-4220522822-1001\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-21-925185676-1098965860-4220522822-1001\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-21-925185676-1098965860-4220522822-1001\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-21-925185676-1098965860-4220522822-1001\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-21-925185676-1098965860-4220522822-1001\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-21-925185676-1098965860-4220522822-1001\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-21-925185676-1098965860-4220522822-1001\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-21-925185676-1098965860-4220522822-1001\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-21-925185676-1098965860-4220522822-1001\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-21-925185676-1098965860-4220522822-1001\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-21-925185676-1098965860-4220522822-1001\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-21-925185676-1098965860-4220522822-1001\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-21-925185676-1098965860-4220522822-1001\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-21-925185676-1098965860-4220522822-1001\...\MountPoints2: {8185036d-bf50-11e5-82f9-14feb5c3027f} - "E:\LGAutoRun.exe"
HKU\S-1-5-21-925185676-1098965860-4220522822-1001\...\MountPoints2: {b491a930-679a-11e3-825e-00dbdf2de1f9} - "E:\AutoRun.exe"
HKU\S-1-5-21-925185676-1098965860-4220522822-1001\...\MountPoints2: {e5212153-5f05-11e3-8251-806e6f6e6963} - "Q:\autorun.exe"
HKU\S-1-5-21-925185676-1098965860-4220522822-1001\Control Panel\Desktop\\SCRNSAVE.EXE ->
HKU\S-1-5-18\...\Run: [Copy] => "C:\Users\Explorer\AppData\Roaming\Copy\CopyAgent.exe"
HKU\S-1-5-18\...\Run: [ooVoo.exe] => C:\Program Files (x86)\ooVoo\oovoo.exe [36592672 2015-08-20] (ooVoo LLC)
HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1407912 2017-01-16] (Garmin Ltd. or its subsidiaries)
HKU\S-1-5-18\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-18\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-18\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-18\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-18\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-18\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-18\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-18\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-18\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoStartMenuSubFolders] 0
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [170688 2016-10-25] (NVIDIA Corporation)
AppInit_DLLs: , C:\Windows\Jaksta\AC\x64\jaudcap.dll => C:\Windows\Jaksta\AC\x64\jaudcap.dll [309168 2016-05-24] (Jaksta Technologies Pty Ltd)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [148200 2016-10-25] (NVIDIA Corporation)
SSODL: EldosMountNotificator-cbfs4 - {D29EAAAC-24D4-4112-9735-6FF24D2FF502} - C:\Windows\system32\cbfsMntNtf4.dll (EldoS Corporation)
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - %SystemRoot%\system32\wpdshserviceobj.dll (Microsoft Corporation)
SSODL-x32: EldosMountNotificator-cbfs4 - {D29EAAAC-24D4-4112-9735-6FF24D2FF502} - C:\Windows\SysWOW64\cbfsMntNtf4.dll (EldoS Corporation)
ShellIconOverlayIdentifiers: [ "CryptorShellExtHandler.IconOverlayExt"] -> {011F39D2-A764-419E-9479-69C93F6D37E0} => C:\Program Files (x86)\Boxcryptor\ShellExt\x64\Boxcryptor.Ext.dll [2015-06-26] (Secomba GmbH)
ShellIconOverlayIdentifiers: [ "CryptorShellExtHandler.IconOverlayExt2"] -> {F61B4933-D8AF-40DE-A335-F9B3BE1FF878} => C:\Program Files (x86)\Boxcryptor\ShellExt\x64\Boxcryptor.IconOverlayBlocker.Ext.dll [2015-06-26] (Secomba GmbH)
ShellIconOverlayIdentifiers: [ IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll [2015-08-14] (Tonec Inc.)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-01-22] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-01-22] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-01-22] ()
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => -> No File
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => -> No File
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => -> No File
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => -> No File
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => -> No File
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => -> No File
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => -> No File
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => -> No File
ShellIconOverlayIdentifiers: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Explorer\AppData\Local\MEGAsync\ShellExtX64.dll [2016-07-21] ()
ShellIconOverlayIdentifiers: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Explorer\AppData\Local\MEGAsync\ShellExtX64.dll [2016-07-21] ()
ShellIconOverlayIdentifiers: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Explorer\AppData\Local\MEGAsync\ShellExtX64.dll [2016-07-21] ()
ShellIconOverlayIdentifiers: [1aCopyShExtError] -> {83BEA36E-7680-4598-A4DF-994426F6E78D} => -> No File
ShellIconOverlayIdentifiers: [2aCopyShExtSynced] -> {845B7388-6F85-4F32-9FD5-F02DC7882B89} => -> No File
ShellIconOverlayIdentifiers: [3aCopyShExtSyncing] -> {F6378A7A-F753-449B-AE1B-997A96132E61} => -> No File
ShellIconOverlayIdentifiers: [4aCopyShExtSyncingProg1] -> {3A511828-777D-46F8-82F4-5B530C1B3D9E} => -> No File
ShellIconOverlayIdentifiers: [5aCopyShExtSyncingProg2] -> {C8C88204-5B14-40EC-BA72-8AEBC762047E} => -> No File
ShellIconOverlayIdentifiers: [6aCopyShExtSyncingProg3] -> {ACFF45C3-3EEB-4351-86C2-6696BA264239} => -> No File
ShellIconOverlayIdentifiers: [7aCopyShExtSyncingProg4] -> {29AF997F-488B-46F0-AE78-7146F1B89CC3} => -> No File
ShellIconOverlayIdentifiers: [8aCopyShExtSyncingProg5] -> {03F9AD29-1C78-4B66-8890-B177B5430C53} => -> No File
ShellIconOverlayIdentifiers: [EldosIconOverlay-cbfs4] -> {C198F50F-1D3A-4279-ABE1-0EC04BDB7426} => C:\Windows\system32\cbfsMntNtf4.dll [2013-11-15] (EldoS Corporation)
ShellIconOverlayIdentifiers: [{6238B220-1311-4627-B3DC-55736E5BA95F}] -> {6238B220-1311-4627-B3DC-55736E5BA95F} => c:\Windows\System32\iMobileDisk.dll [2012-05-11] ()
ShellIconOverlayIdentifiers-x32: [ "CryptorShellExtHandler.IconOverlayExt"] -> {011F39D2-A764-419E-9479-69C93F6D37E0} => C:\Program Files (x86)\Boxcryptor\ShellExt\x86\Boxcryptor.Ext.dll [2015-06-26] (Secomba GmbH)
ShellIconOverlayIdentifiers-x32: [ "CryptorShellExtHandler.IconOverlayExt2"] -> {F61B4933-D8AF-40DE-A335-F9B3BE1FF878} => C:\Program Files (x86)\Boxcryptor\ShellExt\x86\Boxcryptor.IconOverlayBlocker.Ext.dll [2015-06-26] (Secomba GmbH)
ShellIconOverlayIdentifiers-x32: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => -> No File
ShellIconOverlayIdentifiers-x32: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => -> No File
ShellIconOverlayIdentifiers-x32: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => -> No File
ShellIconOverlayIdentifiers-x32: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => -> No File
ShellIconOverlayIdentifiers-x32: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => -> No File
ShellIconOverlayIdentifiers-x32: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => -> No File
ShellIconOverlayIdentifiers-x32: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => -> No File
ShellIconOverlayIdentifiers-x32: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => -> No File
ShellIconOverlayIdentifiers-x32: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Explorer\AppData\Local\MEGAsync\ShellExtX32.dll [2016-07-21] ()
ShellIconOverlayIdentifiers-x32: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Explorer\AppData\Local\MEGAsync\ShellExtX32.dll [2016-07-21] ()
ShellIconOverlayIdentifiers-x32: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Explorer\AppData\Local\MEGAsync\ShellExtX32.dll [2016-07-21] ()
ShellIconOverlayIdentifiers-x32: [EldosIconOverlay-cbfs4] -> {C198F50F-1D3A-4279-ABE1-0EC04BDB7426} => C:\Windows\SysWOW64\cbfsMntNtf4.dll [2013-11-15] (EldoS Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass FF RunOnce.lnk [2016-07-06]
ShortcutTarget: Install LastPass FF RunOnce.lnk -> C:\Program Files (x86)\Common Files\wruninstall.exe (No File)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass IE RunOnce.lnk [2016-07-06]
ShortcutTarget: Install LastPass IE RunOnce.lnk -> C:\Program Files (x86)\Common Files\wruninstall.exe (No File)
Startup: C:\Users\Explorer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2017-02-02]
ShortcutTarget: Dropbox.lnk -> C:\Users\Explorer\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
GroupPolicy: Restriction <======= ATTENTION
GroupPolicy\User: Restriction <======= ATTENTION
GroupPolicyScripts: Restriction <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local: [ActivePolicy] SOFTWARE\Policies\Microsoft\Windows\IPSEC\Policy\Local\ipsecPolicy{be0e178f-2e50-4541-804c-a34f7db55587} <======= ATTENTION (Restriction - IP)
Winsock: Catalog5 09 C:\Windows\SysWOW64\wlidNSP.dll [50176 2014-10-28] (Microsoft Corporation)
Winsock: Catalog5 10 C:\Windows\SysWOW64\wlidNSP.dll [50176 2014-10-28] (Microsoft Corporation)
Winsock: Catalog5-x64 09 c:\Windows\System32\wlidnsp.dll [74240 2014-10-28] (Microsoft Corporation)
Winsock: Catalog5-x64 10 c:\Windows\System32\wlidnsp.dll [74240 2014-10-28] (Microsoft Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\..\Interfaces\{54997AEA-6BE5-4B1D-AA3A-01377EAF9D27}: [DhcpNameServer] 8.8.8.8
Tcpip\..\Interfaces\{7B4C56F8-54B9-49AE-AC24-2E617300C9FC}: [DhcpNameServer] 200.48.225.130 200.48.225.146
Tcpip\..\Interfaces\{98FE26F2-9E79-4C35-8D23-4F5B94D8526A}: [DhcpNameServer] 200.48.225.130 200.48.225.146

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-925185676-1098965860-4220522822-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-21-925185676-1098965860-4220522822-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKU\S-1-5-21-925185676-1098965860-4220522822-1001 -> DefaultScope {56B90406-7F40-474C-AC73-88B4F2C484EF} URL = hxxps://encrypted.google.com/search?hl={language}&q={searchTerms}
SearchScopes: HKU\S-1-5-21-925185676-1098965860-4220522822-1001 -> {56B90406-7F40-474C-AC73-88B4F2C484EF} URL = hxxps://encrypted.google.com/search?hl={language}&q={searchTerms}
BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll [2015-12-08] (Internet Download Manager, Tonec Inc.)
BHO: CmjBrowserHelperObject Object -> {6FE6A929-59D1-4763-91AD-29B61CFFB35B} -> C:\Program Files\Mindjet\MindManager 16\Mm8InternetExplorer.dll [2016-02-09] (Mindjet)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_111\bin\ssv.dll [2016-11-19] (Oracle Corporation)
BHO: Webroot Vault -> {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} -> No File
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_111\bin\jp2ssv.dll [2016-11-19] (Oracle Corporation)
BHO-x32: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll [2015-12-08] (Internet Download Manager, Tonec Inc.)
BHO-x32: PDFXChange 2012 IE Plugin -> {42DFA04F-0F16-418e-B80C-AB97A5AFAD3A} -> C:\Program Files\Tracker Software\PDF-XChange 5\PXCIEAddin5.dll [2013-11-08] (Tracker Software Products (Canada) Ltd.)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\ssv.dll [2016-12-09] (Oracle Corporation)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2015-06-02] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: Webroot Vault -> {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} -> No File
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office16\GROOVEEX.DLL [2016-11-16] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\jp2ssv.dll [2016-12-09] (Oracle Corporation)
Toolbar: HKLM - Webroot Toolbar - {97ab88ef-346b-4179-a0b1-7445896547a5} - No File
Toolbar: HKLM-x32 - PDFXChange 2012 IE Plugin - {42DFA04F-0F16-418e-B80C-AB97A5AFAD3A} - C:\Program Files\Tracker Software\PDF-XChange 5\PXCIEAddin5.dll [2013-11-08] (Tracker Software Products (Canada) Ltd.)
Toolbar: HKLM-x32 - Webroot Toolbar - {97ab88ef-346b-4179-a0b1-7445896547a5} - No File
IE Session Restore: HKU\S-1-5-21-925185676-1098965860-4220522822-1001 -> is enabled.
DPF: HKLM-x32 {538793D5-659C-4639-A56C-A179AD87ED44} hxxps://vpn.uam.es/CACHE/stc/2/binaries/vpnweb.cab
Handler-x32: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\BelarcAdvisor\System\BAVoilaX.dll [2013-04-16] (Belarc, Inc.)
Handler: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files\Microsoft Office\Office16\MSOSB.DLL [2016-11-16] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2016-11-16] (Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\Office16\MSOSB.DLL [2016-11-16] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2016-11-16] (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2016-09-23] (Skype Technologies)
Handler: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - D:\Program Files\Trend Micro\Titanium\UIFramework\ProToolbarIMRatingActiveX.dll No File

FireFox:
========
FF DefaultProfile: sxpbrh0x.default
FF ProfilePath: C:\Users\Explorer\AppData\Roaming\Mozilla\Firefox\Profiles\sxpbrh0x.default [2017-02-03]
FF DefaultSearchEngine.US: Mozilla\Firefox\Profiles\sxpbrh0x.default -> Google
FF NetworkProxy: Mozilla\Firefox\Profiles\sxpbrh0x.default -> autoconfig_url", "data:text/javascript,function FindProxyForURL(url, host) {if ((host == \"www.abc.net.au\")
(host == \"iview.abc.net.au\")
(host == \"iviewmetered-vh.akamaihd.net\")
(url.indexOf(\"proxmate=au\") != -1)
(host == \"livestream.com\")
(host == \"www.livestream.com\")
(host == \"api.new.livestream.com\")
(host == \"player.ooyala.com\")
(host == \"xnewsvidhd-vh.akamaihd.net\")
(host == \"www.animelab.com\")
(host == \"dcgm6i50yfgtk.cloudfront.net\")) { return 'PROXY au-node.proxmate.me:8008' } else if ((url.indexOf(\"proxmate=ca\") != -1)
(host == \"ici.tou.tv\")
(host == \"toutvuniver1-vh.akamaihd.net\")
(host == \"geoip.radio-canada.ca\")
(host == \"api.radio-canada.ca\")
(host == \"images.tou.tv\")
(host == \"player.siriusxm.ca\")
(host == \"primary.hls-streaming.production.streaming.siriusxm.ca\")
(host == \"now.sportsnet.ca\")
(host == \"watch.sportsnet.ca\")
(host == \"player.9c9media.com\")
(host == \"metrics.ctv.ca\")
(host == \"capi.9c9media.com\")
(host == \"www.ctv.ca\")
(host == \"www.willow.tv\")
(host == \"willowtv.live-s.cdn.bitgravity.com\")) { return 'PROXY ca-node.proxmate.me:8008' } else if ((host == \"arte.tv\")
(host == \"www.arte.tv\")
(host == \"geoftv-a.akamaihd.net\")
(host == \"hdfauthftv-a.akamaihd.net\")
(host == \"replayftv-vh.akamaihd.net\")
(host == \"ftvingest-vh.akamaihd.net\")
(host == \"live.francetv.fr\")
(host == \"d8.tv\")
(host == \"www.d8.tv\")
(host == \"us-cplus-aka.canal-plus.com\")
(host == \"hds_live_d8_aka-lh.akamaihd.net\")
(host == \"d17.tv\")
(host == \"www.d17.tv\")
(host == \"hds_live_d17_aka-lh.akamaihd.net\")
(url.indexOf(\"proxmate=fr\") != -1)
(host == \"www.6play.fr\")
(host == \"geo.6cloud.fr\")
(host == \"proxy-021.dc3.dailymotion.com\")
(host == \"proxy-67.dailymotion.com\")
(host == \"prof.estat.com\")
(host == \"metrics.dailymotion.com\")
(host == \"www.dailymotion.com\")
(host == \"vmap.snappytv.com\")) { return 'PROXY fr-node.proxmate.me:8008' } else if ((host == \"vod-akamai-psd-hds.p7s1digital.de\")
(host == \"vas.sim-technik.de\")
(url.indexOf(\"proxmate=de\") != -1)
(host == \"nightclub.de\")
(host == \"zdf.de\")
(host == \"www.zdf.de\")
(host == \"zdf_hds_de-f.akamaihd.net\")
(host == \"api.nowtv.de\")
(host == \"delivestream-lh.akamaihd.net\")
(host == \"cdnapi.kaltura.com\")
(host == \"disneychannel.de\")
(host == \"www.southpark.de\")) { return 'PROXY de-node.proxmate.me:8008' } else if ((host == \"www.tg4.ie\")
(url.indexOf(\"proxmate=ie\") != -1)) { return 'PROXY ie-node.proxmate.me:8008' } else if ((host == \"rai.tv\")
(host == \"www.rai.tv\")
(host == \"mediapolis.rai.it\")
(host == \"www.rai.it\")
(host == \"stream5.rai.it\")
(host == \"stream6.rai.it\")
(host == \"stream7.rai.it\")
(host == \"sspushrai1-s.akamaihd.net\")
(host == \"sspushrai2-s.akamaihd.net\")
(host == \"sspushraisport2-s.akamaihd.net\")
(host == \"sspushrai3-s.akamaihd.net\")
(host == \"secondary.adaptiveedge.rai.it\")
(host == \"rai-italia01.wt-eu02.net\")
(host == \"download.rai.tv\")
(host == \"mediapolisvod.rai.it\")
(host == \"ww.rai.tv\")
(host == \".xuniplay.fdnames.com\")
(url.indexOf(\"xuniplay.fdnames.com\") != -1)
(host == \"se-to1-8.se.live3.msf.ticdn.it\")
(host == \"live.shinystat.com\")
(host == \"lic.mediaset.net\")
(host == \"cssr.video.mediaset.it\")
(url.indexOf(\"proxmate=it\") != -1)
(host == \"www.vvvvid.it\")) { return 'PROXY it-node.proxmate.me:8008' } else if ((host == \"telecinco.es\")
(host == \"telecinco1-vh.akamaihd.net\")
(host == \"www.telecinco.es\")
(url.indexOf(\"proxmate=es\") != -1)
(host == \"antena3.com\")
(host == \"www.antena3.com\")
(host == \"geodesprogresiva.antena3.com\")
(host == \"rtve.es\")
(host == \"www.rtve.es\")
(host == \"ztnr.rtve.es\")
(host == \"mvodt.lvlt.rtve.es\")
(host == \"swf.rtve.es\")
(host == \"cuatro.com\")
(host == \"www.cuatro.com\")
(host == \"cuatro1-vh.akamaihd.net\")
(host == \"peliculas-online.atresplayer.com\")
(host == \"servicios.atresplayer.com\")
(host == \"atresplayer.com\")
(host == \"www.atresplayer.com\")
(host == \"k.uecdn.es\")
(host == \"v.uecdn.es\")
(host == \"as.com\")
(host == \"ep00.epimg.net\")
(host == \"futbol.as.com\")) { return 'PROXY es-node.proxmate.me:8008' } else if ((host == \"prosieben.ch\")
(host == \"www.prosieben.ch\")
(host == \"s1tv.ch\")
(host == \"www.s1tv.ch\")
(host == \"zba2-0-hds-live.zahs.tv\")
(host == \"embed-zattoo.com\")
(host == \"chtv.ch\")
(host == \"www.chtv.ch\")
(host == \"zba2-1-hds-live.zahs.tv\")
(host == \"sat1.ch\")
(host == \"www.sat1.ch\")
(host == \"rsi.ch\")
(host == \"www.rsi.ch\")
(host == \"codch-vh.akamaihd.net\")
(host == \"il.srgssr.ch\")
(host == \"ch.viva.tv\")
(host == \"intl.esperanto.mtvi.com\")
(url.indexOf(\"proxmate=ch\") != -1)
(host == \"zattoo.com\")
(host == \"www.srf.ch\")
(host == \"srgssruni1ch-lh.akamaihd.net\")
(host == \"srgssruni2ch-lh.akamaihd.net\")
(host == \"srgssruni3ch-lh.akamaihd.net\")
(host == \"www.teleboy.ch\")
(host == \"aka-cdn-ns.adtech.de\")
(host == \"teleboy.customers.cdn.iptv.ch\")) { return 'PROXY ch-node.proxmate.me:8008' } else if ((host == \"c.brightcove.com\")
(host == \"secure.brightcove.com\")
(host == \"metrics.brightcove.com\")
(host == \"stv-ak.cds1.yospace.com\")
(host == \"core.stvfiles.com\")
(host == \"player.stv.tv\")
(host == \"stv.brightcove.com.edgesuite.net\")
(host == \"uk-dev-stv.cdn.videoplaza.tv\")
(host == \"mercury.itv.com\")
(host == \"www.itv.com\")
(host == \"itv.com\")
(host == \"llnw.live.btv.simplestream.com\")
(host == \"players.simplestream.com\")
(host == \"uapi.simplestream.com\")
(host == \"channel5.com\")
(host == \"wwwcdn.channel5.com\")
(host == \"cassie.channel5.com\")
(host == \"player.channel5.com\")
(host == \"deliver-hls.channel5.com\")
(host == \"akahls.channel5.com\")
(host == \"llnwhls.channel5.com\")
(host == \"milkshake.tv\")
(host == \"www.milkshake.tv\")
(host == \"trk-euwest.tidaltv.com\")
(host == \"mp.adverts.itv.com\")
(host == \"req.tidaltv.com\")
(host == \"s1.2mdn.net\")
(host == \"pes.itv.com\")
(host == \"ned.itv.com\")
(host == \"itvdotcom.2cnt.net\")
(host == \"tom.itv.com\")
(host == \"dave.uktv.co.uk\")
(host == \"uktvplay.uktv.co.uk\")
(host == \"uktvhdse.brightcove.com.edgesuite.net\")
(host == \"admin.brightcove.com\")
(host == \"really.uktv.co.uk\")
(host == \"yesterday.uktv.co.uk\")
(host == \"drama.uktv.co.uk\")
(host == \"live.tvplayer.com\")
(host == \"tvplayer.com\")
(host == \"sapi.tvplayer.com\")
(host == \"api.tvplayer.com\")
(host == \"www.gamefront.com\")
(url.indexOf(\"proxmate=uk\") != -1)
(host == \"channel4.com\")
(host == \"ais.channel4.com\")
(host == \"pandr.my.channel4.com\")
(host == \"all4nav.channel4.com\")
(host == \"4id.channel4.com\")) { return 'PROXY uk-node.proxmate.me:8008' } else if ((host == \"link.theplatform.com\")
(host == \"discidevflash-f.akamaihd.net\")
(host == \"api.geoip.dp.discovery.com\")
(host == \"vidtech.cbsinteractive.com\")
(host == \"vidtech.cbsima.com\")
(host == \"om.cbsi.com\")
(host == \"media.mtvnservices.com\")
(host == \"api-manga.crunchyroll.com\")
(host == \"crunchyroll.com\")
(host == \"www.crunchyroll.com\")
(host == \"cdn.wwtv.warnerbros.com\")
(host == \"hlsioscwtv.warnerbros.com\")
(host == \"media.cwtv.com\")
(host == \"servicesaetn-a.akamaihd.net\")
(host == \"live.mlssoccer.com\")
(host == \"tvewnbc-i.akamaihd.net\")
(host == \"tvenbceast-i.akamaihd.net\")
(host == \"nbcmpx-vh.akamaihd.net\")
(host == \"www.pandora.com\")
(host == \"video.pbs.org\")
(host == \"ga.video.cdn.pbs.org\")
(host == \"urs.pbs.org\")
(host == \"play.spotify.com\")
(host == \"www.spotify.com\")
(host == \"play.spotify.edgekey.net\")
(host == \"www.iheart.com\")
(host == \"api2.iheart.com\")
(host == \"api.iheart.com\")
(host == \"iheart.com\")
(host == \"nick.mtvnimages.com\")
(host == \"sni-vh.akamaihd.net\")
(url.indexOf(\"proxmate=us\") != -1)
(url.indexOf(\".googlevideo.com\") != -1)
(host == \"api.segment.io\")
(host == \"www.vevo.com\")
(host == \"vevo.com\")
(host == \"apiv2.vevo.com\")
(host == \"songza.com\")
(host == \"new.songza.com\")
(host == \"www.daisuki.net\")
(host == \"bngn-vh.akamaihd.net\")
(host == \"bngnwww.b-ch.com\")
(host == \"www.hbogo.com\")
(host == \"catalog.lv3.hbogo.com\")
(host == \"profile.lv3.hbogo.com\")
(host == \"profile.hbogo.com\")
(url.indexOf(\".lv3.hbogo.com\") != -1)
(host == \"register.hbogo.com\")
(host == \"play.hbogo.com\")
(host == \"smetrics.hbogo.com\")
(url.indexOf(\".lv3.cdn.hbo.com\") != -1)
(host == \"comet.api.hbo.com\")
(host == \"play.google.com\")
(host == \"checkout.google.com\")
(host == \"store.google.com\")
(host == \"apis.google.com\")
(host == \"amc350888def-vh.akamaihd.net\")
(host == \"a564avoddashnsus-a.akamaihd.net\")
(host == \"atv-ps.amazon.com\")
(host == \"www.amazon.com\")
(host == \"amazon.com\")
(host == \"fls-na.amazon.com\")
(host == \"phds-vod.cdn.turner.com\")
(host == \"token.vgtf.net\")
(host == \"www.ondemandkorea.com\")
(host == \"www.fxnetworks.com\")
(host == \"fxvcms-f.akamaihd.net\")
(host == \"tvetelemundo-vh.akamaihd.net\")
(host == \"feed.theplatform.com\")
(host == \"fsvideohds-vh.akamaihd.net\")
(host == \"watchable.com\")
(host == \"cilhlsvod-f.akamaihd.net\")
(host == \"oxygenvod-vh.akamaihd.net\")
(host == \"tvesyfy-vh.akamaihd.net\")
(host == \"www.smithsonianchannel.com\")
(host == \"c.brightcove.com\")
(host == \"brightcove01.brightcove.com\")
(host == \"edge.api.brightcove.com\")
(host == \"www.eonline.com\")
(host == \"link.theplatform.com\")
(host == \"api.listenlive.co\")
(host == \"playerservices.streamtheworld.com\")
(host == \"player.listenlive.co\")
(url.indexOf(\"live.streamtheworld.com\") != -1)
(host == \"www.cartoonnetwork.com\")
(host == \"www.viki.com\")
(host == \"\\\"www.viki.com\")
(host == \"www.origin.com\")
(host == \"ht.cdn.turner.com\")
(host == \"aolvideoshd-vh.akamaihd.net\")
(host == \"syn.5min.com\")
(host == \"stvideos.5min.com\")
(host == \"www.showtime.com\")
(host == \"secure.showtime.com\")
(url.indexOf(\".vgtf.net\") != -1)
(host == \"phds-live.cdn.turner.com\")
(host == \"api.amplitude.com\")
(host == \"order.rhapsody.com\")
(host == \"payment.rhapsody.com\")
(host == \"www.pivot.tv\")
(host == \"js.maxmind.com\")
(host == \"shonenjump.viz.com\")) { return 'PROXY us-node.proxmate.me:8008' } else if ((host == \"livestreams.omroep.nl\")
(host == \".npostreaming.nl\")
(host == \"ida.omroep.nl\")
(host == \"npoplayer.omroep.nl\")
(host == \"www.zapp.nl\")
(host == \"tellerapi.omroep.nl\")
(host == \"e.omroep.nl\")
(url.indexOf(\"proxmate=nl\") != -1)) { return 'PROXY nl-node.proxmate.me:8008' } else if ((host == \"tvthek.orf.at\")
(host == \"apasfiisl.apa.at\")
(host == \"orf.oewabox.at\")
(host == \"194.232.200.58\")
(host == \"185.85.28.1\")
(host == \"atvplus.oewabox.at\")
(host == \"cdn.atv.at\")
(url.indexOf(\"proxmate=at\") != -1)
(host == \"hdsvodsportsman-vh.akamaihd.net\")
(host == \"streamaccess.unas.tv\")
(host == \"www.laola1.tv\")
(host == \"www.livestation.com\")
(host == \"livestation.com\")
(url.indexOf(\".emigrantas.tv\") != -1)) { return 'PROXY at-node.proxmate.me:8008' } else if ((host == \"netflix.com\")
(host == \"www.netflix.com\")
(host == \"cbp-us.nccp.netflix.com\")
(host == \"secure.netflix.com\")
(host == \"api-global.netflix.com\")
(host == \"ichnaea.netflix.com\")
(host == \"customerevents.netflix.com\")
(host == \"s.thebrighttag.com\")) { return 'PROXY usnet-node.proxmate.me:8008' } else if ((host == \"s.hulu.com\")
(host == \"www.funimation.com\")
(host == \"wpc.8c48.edgecastcdn.net\")
(host == \"southpark.cc.com\")
(host == \"api.utils.watchabc.go.com\")
(host == \"www.dramafever.com\")
(host == \"www.logotv.com\")
(host == \"api.watchabc.go.com\")
(host == \"theanimenetwork.com\")
(host == \"huluim.com\")
(host == \"www.hulu.com\")
(host == \"t2.hulu.com\")
(host == \"urlcheck.hulu.com\")
(host == \"t.hulu.com\")
(host == \"s.hulu.com\")
(host == \"play.hulu.com\")
(host == \"t2.huluim.com\")) { return 'PROXY ush-node.proxmate.me:8008' } else if ((host == \"player.ooyala.com\")
(host == \"l.ooyala.com\")) { return 'PROXY auv-node.proxmate.me:8008' } else if ((host == \"web-api-us.crackle.com\")
(host == \"legacyweb-us.crackle.com\")) { return 'PROXY us2-node.proxmate.me:8008' } else if ((host == \"counter.yadro.ru\")
(host == \"turbik.tv\")
(host == \"player.rutv.ru\")
(host == \"api.rutv.ru\")
(host == \"cdnng.v.rtr-vesti.ru\")
(host == \"player.vgtrk.com\")
(url.indexOf(\"proxmate=ru\") != -1)
(host == \"stream.1tv.ru\")
(host == \"mobdrm.1tv.ru\")) { return 'PROXY ru-node.proxmate.me:8008' } else if ((host == \"security.video.globo.com\")
(host == \"api.globovideos.com\")
(host == \"s.videos.globo.com\")
(host == \"gshow.globo.com\")
(host == \"voddownload02.video.globo.com\")
(host == \"secure.nuuvem.com\")
(host == \"webportal.nowonline.com.br\")) { return 'PROXY br-node.proxmate.me:8008' } else if ((host == \"www.bbc.co.uk\")
(host == \"open.live.bbc.co.uk\")
(host == \"fig.bbc.co.uk\")
(host == \"vod-hds-uk-live.edgesuite.net\")
(host == \"vod-hds-uk-live.bbcfmt.vo.llnwd.net\")
(host == \"vs-hds-uk-live.bbcfmt.vo.llnwd.net\")
(host == \"vs-hds-uk-live.edgesuite.net\")
(host == \"bbc.co.uk\")) { return 'PROXY ukb-node.proxmate.me:8008' } else { return 'DIRECT'; }}"
FF NetworkProxy: Mozilla\Firefox\Profiles\sxpbrh0x.default -> backup.ftp", "120.203.162.87"
FF NetworkProxy: Mozilla\Firefox\Profiles\sxpbrh0x.default -> backup.ftp_port", 8123
FF NetworkProxy: Mozilla\Firefox\Profiles\sxpbrh0x.default -> backup.socks", "120.203.162.87"
FF NetworkProxy: Mozilla\Firefox\Profiles\sxpbrh0x.default -> backup.socks_port", 8123
FF NetworkProxy: Mozilla\Firefox\Profiles\sxpbrh0x.default -> backup.ssl", "120.203.162.87"
FF NetworkProxy: Mozilla\Firefox\Profiles\sxpbrh0x.default -> backup.ssl_port", 8123
FF NetworkProxy: Mozilla\Firefox\Profiles\sxpbrh0x.default -> ftp", "185.127.164.20"
FF NetworkProxy: Mozilla\Firefox\Profiles\sxpbrh0x.default -> ftp_port", 443
FF NetworkProxy: Mozilla\Firefox\Profiles\sxpbrh0x.default -> http", "185.127.164.20"
FF NetworkProxy: Mozilla\Firefox\Profiles\sxpbrh0x.default -> http_port", 443
FF NetworkProxy: Mozilla\Firefox\Profiles\sxpbrh0x.default -> network.proxy.socks_remote_dns", 1
FF NetworkProxy: Mozilla\Firefox\Profiles\sxpbrh0x.default -> share_proxy_settings", true
FF NetworkProxy: Mozilla\Firefox\Profiles\sxpbrh0x.default -> socks", "185.127.164.20"
FF NetworkProxy: Mozilla\Firefox\Profiles\sxpbrh0x.default -> socks_port", 443
FF NetworkProxy: Mozilla\Firefox\Profiles\sxpbrh0x.default -> ssl", "185.127.164.20"
FF NetworkProxy: Mozilla\Firefox\Profiles\sxpbrh0x.default -> ssl_port", 443
FF NetworkProxy: Mozilla\Firefox\Profiles\sxpbrh0x.default -> type", 1
FF Extension: (Click&Clean) - C:\Users\Explorer\AppData\Roaming\Mozilla\Firefox\Profiles\sxpbrh0x.default\Extensions\clickclean@hotcleaner.com [2016-12-12]
FF Extension: (United States English Spellchecker) - C:\Users\Explorer\AppData\Roaming\Mozilla\Firefox\Profiles\sxpbrh0x.default\Extensions\en-US@dictionaries.addons.mozilla.org [2016-03-20]
FF Extension: (Spanish (Spain) Dictionary) - C:\Users\Explorer\AppData\Roaming\Mozilla\Firefox\Profiles\sxpbrh0x.default\Extensions\es-es@dictionaries.addons.mozilla.org [2016-04-06]
FF Extension: (Firebug) - C:\Users\Explorer\AppData\Roaming\Mozilla\Firefox\Profiles\sxpbrh0x.default\Extensions\firebug@software.joehewitt.com.xpi [2016-12-17]
FF Extension: (Russian Hunspell spellchecking dictionary) - C:\Users\Explorer\AppData\Roaming\Mozilla\Firefox\Profiles\sxpbrh0x.default\Extensions\hunspell-ru@dictionaries.addons.mozilla.org [2015-12-31]
FF Extension: (Proxy Switcher) - C:\Users\Explorer\AppData\Roaming\Mozilla\Firefox\Profiles\sxpbrh0x.default\Extensions\jid0-hjBdm7jJii7llLkqacvGnd3gHge@jetpack.xpi [2016-12-10]
FF Extension: (Session Manager) - C:\Users\Explorer\AppData\Roaming\Mozilla\Firefox\Profiles\sxpbrh0x.default\Extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}.xpi [2016-03-20]
FF Extension: (Webroot Password Manager) - C:\Users\Explorer\AppData\Roaming\Mozilla\Firefox\Profiles\sxpbrh0x.default\Extensions\{8ac62a8b-8b3f-43ba-9b1a-90c299b9dfda} [2016-07-06]
FF ProfilePath: C:\Users\Explorer\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox [2016-11-02]
FF NewTab: Mozilla\Firefox\Profiles\JonDoFox -> about:blank
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\JonDoFox -> Startpage HTTPS
FF SelectedSearchEngine: Mozilla\Firefox\Profiles\JonDoFox -> Startpage HTTPS
FF Homepage: Mozilla\Firefox\Profiles\JonDoFox -> about:home
FF NetworkProxy: Mozilla\Firefox\Profiles\JonDoFox -> ftp", "127.0.0.1"
FF NetworkProxy: Mozilla\Firefox\Profiles\JonDoFox -> ftp_port", 4001
FF NetworkProxy: Mozilla\Firefox\Profiles\JonDoFox -> gopher", "127.0.0.1"
FF NetworkProxy: Mozilla\Firefox\Profiles\JonDoFox -> gopher_port", 4001
FF NetworkProxy: Mozilla\Firefox\Profiles\JonDoFox -> http", "127.0.0.1"
FF NetworkProxy: Mozilla\Firefox\Profiles\JonDoFox -> http_port", 4001
FF NetworkProxy: Mozilla\Firefox\Profiles\JonDoFox -> no_proxies_on", ""
FF NetworkProxy: Mozilla\Firefox\Profiles\JonDoFox -> socks", "127.0.0.1"
FF NetworkProxy: Mozilla\Firefox\Profiles\JonDoFox -> socks_port", 4001
FF NetworkProxy: Mozilla\Firefox\Profiles\JonDoFox -> socks_remote_dns", true
FF NetworkProxy: Mozilla\Firefox\Profiles\JonDoFox -> ssl", "127.0.0.1"
FF NetworkProxy: Mozilla\Firefox\Profiles\JonDoFox -> ssl_port", 4001
FF NetworkProxy: Mozilla\Firefox\Profiles\JonDoFox -> type", 1
FF Extension: (HTTPS-Everywhere) - C:\Users\Explorer\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\Extensions\https-everywhere@eff.org [2015-02-09] [not signed]
FF Extension: (JonDoFox) - C:\Users\Explorer\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\Extensions\{437be45a-4114-11dd-b9ab-71d256d89593}.xpi [2014-12-02] [not signed]
FF Extension: (NoScript) - C:\Users\Explorer\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2015-02-09] [not signed]
FF Extension: (Webroot Password Manager) - C:\Users\Explorer\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\Extensions\{8ac62a8b-8b3f-43ba-9b1a-90c299b9dfda} [2016-07-06]
FF Extension: (Cookie Controller) - C:\Users\Explorer\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\Extensions\{ac2cfa60-bc96-11e0-962b-0800200c9a66}.xpi [2014-12-02] [not signed]
FF Extension: (DownloadHelper) - C:\Users\Explorer\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-12-27] [not signed]
FF Extension: (Adblock Plus) - C:\Users\Explorer\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-12-03] [not signed]
FF Extension: (ProfileSwitcher) - C:\Users\Explorer\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\Extensions\{fa8476cf-a98c-4e08-99b4-65a69cb4b7d4}.xpi [2014-12-02] [not signed]
FF SearchPlugin: C:\Users\Explorer\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\duckduckgo-ssl-javascript-free.xml [2014-12-02]
FF SearchPlugin: C:\Users\Explorer\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\google-de-ssl.xml [2014-12-02]
FF SearchPlugin: C:\Users\Explorer\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\google-encrypted-no-personalization.xml [2014-12-02]
FF SearchPlugin: C:\Users\Explorer\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\ixquick-ssl-pictures---deutsch.xml [2014-12-02]
FF SearchPlugin: C:\Users\Explorer\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\ixquick-ssl-pictures---english.xml [2014-12-02]
FF SearchPlugin: C:\Users\Explorer\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\ixquick.xml [2014-12-02]
FF SearchPlugin: C:\Users\Explorer\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\leo-eng-ger.xml [2014-12-02]
FF SearchPlugin: C:\Users\Explorer\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\leo-esp-ale.xml [2014-12-02]
FF SearchPlugin: C:\Users\Explorer\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\leo-fra-all.xml [2014-12-02]
FF SearchPlugin: C:\Users\Explorer\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\metager2.xml [2014-12-02]
FF SearchPlugin: C:\Users\Explorer\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\ssl-wikipedia-deutsch.xml [2014-12-02]
FF SearchPlugin: C:\Users\Explorer\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\ssl-wikipedia-english.xml [2014-12-02]
FF SearchPlugin: C:\Users\Explorer\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\startpage-https---deutsch.xml [2014-12-02]
FF SearchPlugin: C:\Users\Explorer\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\startpage-https.xml [2014-12-02]
FF HKU\S-1-5-21-925185676-1098965860-4220522822-1001\...\Firefox\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi
FF Extension: (IDM integration) - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi [2016-06-08]
FF HKU\S-1-5-21-925185676-1098965860-4220522822-1001\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\Explorer\AppData\Roaming\IDM\idmmzcc5
FF Extension: (IDM CC) - C:\Users\Explorer\AppData\Roaming\IDM\idmmzcc5 [2017-02-03] [not signed]
FF HKU\S-1-5-21-925185676-1098965860-4220522822-1001\...\SeaMonkey\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_23_0_0_207.dll [2016-12-11] ()
FF Plugin: @java.com/DTPlugin,version=11.111.2 -> C:\Program Files\Java\jre1.8.0_111\bin\dtplugin\npDeployJava1.dll [2016-11-19] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.111.2 -> C:\Program Files\Java\jre1.8.0_111\bin\plugin2\npjp2.dll [2016-11-19] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office16\NPSPWRAP.DLL [2015-07-31] (Microsoft Corporation)
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2016-02-12] (Adobe Systems)
FF Plugin: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_23_0_0_207.dll [2016-12-11] ()
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2015-12-29] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2015-12-29] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2015-12-29] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2015-12-29] (Foxit Corporation)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2016-10-06] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\dtplugin\npDeployJava1.dll [2016-12-09] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\plugin2\npjp2.dll [2016-12-09] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office16\NPSPWRAP.DLL [2015-07-31] (Microsoft Corporation)
FF Plugin-x32: @raidcall.en/RCplugin -> C:\Users\Explorer\AppData\Roaming\raidcall\plugins\nprcplugin.dll [2014-03-04] (Raidcall)
FF Plugin-x32: @raidcall.tw/RCplugin -> C:\Users\Explorer\AppData\Roaming\RCTW\plugins\nprcplugin.dll [2013-06-25] (Raidcall)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x86.dll [2013-11-08] (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2016-02-12] (Adobe Systems)
FF Plugin-x32: wacom.com/WacomTabletPlugin -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin HKU\S-1-5-21-925185676-1098965860-4220522822-1001: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Explorer\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited)
FF Plugin HKU\S-1-5-21-925185676-1098965860-4220522822-1001: @talk.google.com/GoogleTalkPlugin -> C:\Users\Explorer\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-925185676-1098965860-4220522822-1001: @talk.google.com/O1DPlugin -> C:\Users\Explorer\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-925185676-1098965860-4220522822-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Explorer\AppData\Local\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin HKU\S-1-5-21-925185676-1098965860-4220522822-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Explorer\AppData\Local\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin HKU\S-1-5-21-925185676-1098965860-4220522822-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Explorer\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-02-24] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-925185676-1098965860-4220522822-1001: @updates.epicbrowser.com/Epic Privacy Browser Installer;version=3 -> C:\Users\Explorer\AppData\Local\Epic Privacy Browser\Installer\1.3.27.13\npEpicUpdate3.dll [2016-03-17] (Epic Privacy Browser)
FF Plugin HKU\S-1-5-21-925185676-1098965860-4220522822-1001: @updates.epicbrowser.com/Epic Privacy Browser Installer;version=9 -> C:\Users\Explorer\AppData\Local\Epic Privacy Browser\Installer\1.3.27.13\npEpicUpdate3.dll [2016-03-17] (Epic Privacy Browser)
FF Plugin HKU\S-1-5-21-925185676-1098965860-4220522822-1001: @updates.epicbrowser.com/Epic Privacy Browser Update;version=3 -> C:\Users\Explorer\AppData\Local\Epic Privacy Browser\Update\1.3.27.13\npEpicUpdate3.dll [2014-09-29] (Epic Privacy Browser)
FF Plugin HKU\S-1-5-21-925185676-1098965860-4220522822-1001: @updates.epicbrowser.com/Epic Privacy Browser Update;version=9 -> C:\Users\Explorer\AppData\Local\Epic Privacy Browser\Update\1.3.27.13\npEpicUpdate3.dll [2014-09-29] (Epic Privacy Browser)
FF Plugin HKU\S-1-5-21-925185676-1098965860-4220522822-1001: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin ProgramFiles/Appdata: C:\Users\Explorer\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Explorer\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-12-08] (Google)

Chrome:
=======
CHR DefaultProfile: Default
CHR DefaultSearchKeyword: Default -> ARcalc
CHR Plugin: (Widevine Content Decryption Module) - C:\Program Files (x86)\Google\Chrome\Application\55.0.2883.87\WidevineCdm\_platform_specific\win_x86\widevinecdmadapter.dll (Google Inc.)
CHR Plugin: (Shockwave Flash) - C:\Users\Explorer\AppData\Local\Google\Chrome\User Data\PepperFlash\23.0.0.207\pepflashplayer.dll => No File
CHR Profile: C:\Users\Explorer\AppData\Local\Google\Chrome\User Data\Default [2017-02-03]
CHR Extension: (Google Drive) - C:\Users\Explorer\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21]
CHR Extension: (Session Manager) - C:\Users\Explorer\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbcnbpafconjjigibnhbfmmgdbbkcjfi [2014-12-24]
CHR Extension: (YouTube) - C:\Users\Explorer\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]
CHR Extension: (Google Search) - C:\Users\Explorer\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-28]
CHR Extension: (Session Buddy) - C:\Users\Explorer\AppData\Local\Google\Chrome\User Data\Default\Extensions\edacconmaakjimmfgnblocblbcdcpbko [2016-11-18]
CHR Extension: (User-Agent Switcher for Google Chrome) - C:\Users\Explorer\AppData\Local\Google\Chrome\User Data\Default\Extensions\ffhkkpnppgnfaobgihpdblnhmmbodake [2016-11-04]
CHR Extension: (Click&Clean) - C:\Users\Explorer\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod [2017-01-11]
CHR Extension: (SuperSorter) - C:\Users\Explorer\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjebfgojnlefhdgmomncgjglmdckngij [2016-08-08]
CHR Extension: (Page Ruler) - C:\Users\Explorer\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlpkojjdgbllmedoapgfodplfhcbnbpn [2016-05-19]
CHR Extension: (Aspect Ratio calculator) - C:\Users\Explorer\AppData\Local\Google\Chrome\User Data\Default\Extensions\klgkjdnciknlegnojnpgpofagaophdei [2016-04-14]
CHR Extension: (WorkFlowy) - C:\Users\Explorer\AppData\Local\Google\Chrome\User Data\Default\Extensions\koegeopamaoljbmhnfjbclbocehhgmkm [2016-12-21]
CHR Extension: (Harmonica Tunings) - C:\Users\Explorer\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkdcggjbhkaloeckehokgclkbfcpnabc [2014-05-24]
CHR Extension: (Take Webpage Screenshots Entirely - FireShot) - C:\Users\Explorer\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbpblocgmgfnpjjppndjkmgjaogfceg [2016-12-22]
CHR Extension: (COPY URL) - C:\Users\Explorer\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkhnbhdofgaendegcgbmndipmijhbili [2016-03-29]
CHR Extension: (Google Hangouts) - C:\Users\Explorer\AppData\Local\Google\Chrome\User Data\Default\Extensions\nckgahadagoaajjgafhacjanaoiihapd [2017-01-18]
CHR Extension: (Webroot Password Manager) - C:\Users\Explorer\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngkhgikojglcgnckopipfdajaifmmnnc [2016-07-06]
CHR Extension: (IDM Integration Module) - C:\Users\Explorer\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngpampappnmepgilojfohadhhmbhlaek [2016-12-11]
CHR Extension: (YSlow) - C:\Users\Explorer\AppData\Local\Google\Chrome\User Data\Default\Extensions\ninejjcohidippngpapiilnmkgllmakh [2016-10-18]
CHR Extension: (Autofill) - C:\Users\Explorer\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlmmgnhgdeffjkdckmikfpnddkbbfkkk [2017-01-04]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Explorer\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-18]
CHR Extension: (Hide My *** - VPN) - C:\Users\Explorer\AppData\Local\Google\Chrome\User Data\Default\Extensions\ocneleoikjgphlhjpeoabocgcegemegd [2014-08-03]
CHR Extension: (ColorPick Eyedropper) - C:\Users\Explorer\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohcpnigalekghcmgcdcenkpelffpdolg [2016-04-17]
CHR Extension: (TunnelBear VPN) - C:\Users\Explorer\AppData\Local\Google\Chrome\User Data\Default\Extensions\omdakjcmkglenbhjadbccaookpfjihpa [2017-01-17]
CHR Extension: (Proxy SwitchyOmega) - C:\Users\Explorer\AppData\Local\Google\Chrome\User Data\Default\Extensions\padekgcemlokbadohgkifijomclgjgif [2017-01-11]
CHR Extension: (Gmail) - C:\Users\Explorer\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-02]
CHR Extension: (Chrome Media Router) - C:\Users\Explorer\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-12-18]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [jeaohhlajejodfjadcponpnjgkiikocn] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2016-06-09]
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2016-06-09]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [ngkhgikojglcgnckopipfdajaifmmnnc] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2016-06-09]
CHR HKLM-x32\...\Chrome\Extension: [pkijdmeepjhpenmighhaodgfoogncnlk] - <no Path/update_url>

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [693440 2016-01-28] (Adobe Systems Incorporated)
S2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2227312 2017-01-19] (Adobe Systems, Incorporated)
R2 AndServMgr; C:\Program Files\AMI\DuOS\AndServMgr.exe [86992 2016-08-25] (American Megatrends Inc.)
S2 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [402192 2014-01-20] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [385808 2014-01-20] (BlueStack Systems, Inc.)
R2 Crypkey License; C:\Windows\system32\crypserv.exe [122880 2008-05-07] (CrypKey (Canada) Ltd.) [File not signed]
R2 Droid4XService; C:\Program Files (x86)\Droid4X\Droid4XService.exe [269312 2016-01-06] () [File not signed]
R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2770312 2016-11-13] (ESET)
S3 Garmin Device Interaction Service; C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe [1039376 2017-01-16] (Garmin Ltd. or its subsidiaries)
R2 gramblrclient; C:\Program Files\Gramblr\gramblr.exe [10242128 2017-02-03] () [File not signed]
R2 hddrsrv; C:\Program Files (x86)\HDD Regenerator\hrsrv.exe [82144 2013-05-08] ()
R2 HLfms; C:\Program Files (x86)\High-Logic FontService\fontservice.exe [5505008 2016-07-04] (High-Logic B.V.)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R) Corporation)
R2 Intel(R) Wireless Bluetooth(R) 4.0 Radio Management; C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe [157128 2013-09-18] (Intel Corporation)
S4 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
S3 memoQauhlp78; C:\Program Files (x86)\Kilgray\memoQ-2015\MemoQ.AutoUpdate.exe [223120 2016-07-19] (Kilgray)
R2 NetTimeSvc; C:\Program Files (x86)\NetTime\NetTimeService.exe [473088 2012-05-12] () [File not signed]
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [458176 2016-10-25] (NVIDIA Corporation)
S3 OpenVPNService; C:\Program Files\OpenVPN\bin\openvpnserv.exe [37504 2016-08-23] (The OpenVPN Project)
R2 PSI_SVC_2_x64; C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [337776 2014-04-30] (arvato digital services llc)
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-02-28] (Riverbed Technology, Inc.)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [289496 2013-10-16] (Realtek Semiconductor)
R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [197264 2016-06-14] (Sandboxie Holdings, LLC)
R2 ss_conn_service; C:\Program Files\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [754784 2016-01-08] (DEVGURU Co., LTD.)
S2 Tweak8SystemService; C:\Windows\system32\Tweak8SystemService.exe [134248 2015-07-31] (Totalidea Software)
R2 VMwareHostd; C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe [12462784 2015-11-25] ()
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)
R2 WTabletServiceCon; C:\Program Files\Tablet\Pen\WTabletServiceCon.exe [656664 2014-08-19] (Wacom Technology, Corp.)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 appliand; C:\Windows\system32\DRIVERS\appliand.sys [30304 2013-02-06] (Applian Technologies Inc.)
R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [115472 2014-01-20] (BlueStack Systems)
R3 btmaux; C:\Windows\system32\DRIVERS\btmaux.sys [140600 2013-07-22] (Motorola Solutions, Inc.)
R3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1390904 2013-09-05] (Motorola Solutions, Inc.)
R1 cbfs4; C:\Windows\system32\drivers\cbfs4.sys [387776 2013-11-15] (EldoS Corporation)
S3 dg_ssudbus; C:\Windows\system32\DRIVERS\ssudbus.sys [131712 2016-09-05] (Samsung Electronics Co., Ltd.)
S3 DIRECTIO; no ImagePath
U3 dtscsidrv; C:\Windows\System32\Drivers\dtscsidrv.sys [309248 2013-12-07] (Disc Soft Ltd)
R1 DuoVMDrv; C:\Windows\system32\DRIVERS\DuoVMDrv.sys [246720 2016-05-10] (American Megatrends Inc.)
R3 jakstaVA; C:\Windows\system32\DRIVERS\jaksta_va.sys [103816 2014-12-08] (e2eSoft)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [65408 2016-03-10] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-16] (Intel Corporation)
S3 NAVENG; no ImagePath
S3 NAVEX15; no ImagePath
S3 NdisImPlatformMp; C:\Windows\system32\DRIVERS\NdisImPlatform.sys [126464 2014-10-28] (Microsoft Corporation)
R1 NetworkX; C:\Windows\system32\ckldrv.sys [28664 2008-03-17] ()
R2 npf; C:\Windows\system32\drivers\npf.sys [36600 2013-02-28] (Riverbed Technology, Inc.)
R1 nvkflt; C:\Windows\system32\DRIVERS\nvkflt.sys [307768 2016-10-25] (NVIDIA Corporation)
R0 PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [56336 2012-06-22] (Corel Corporation)
S3 RTCore64; no ImagePath
S3 RTIFDH; C:\Windows\system32\DRIVERS\rtIFDH.sys [16256 2012-02-27] (Компания "Актив") [File not signed]
R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [204944 2016-06-14] (Sandboxie Holdings, LLC)
S3 silabenm; C:\Windows\system32\DRIVERS\silabenm.sys [27336 2012-12-11] (Silicon Laboratories) [File not signed]
S3 silabser; C:\Windows\system32\DRIVERS\silabser.sys [73216 2012-12-11] (Silicon Laboratories) [File not signed]
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [381440 2013-12-06] (Duplex Secure Ltd.)
S3 ssudmdm; C:\Windows\system32\DRIVERS\ssudmdm.sys [165504 2016-09-05] (Samsung Electronics Co., Ltd.)
R3 ST_ACCEL; C:\Windows\system32\DRIVERS\ST_Accel.sys [71832 2012-07-13] (STMicroelectronics)
U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [12352 2010-07-01] ()
S3 usbrndis6; C:\Windows\system32\DRIVERS\usb80236.sys [20992 2013-08-22] (Microsoft Corporation)
S3 VMSMP; no ImagePath
R3 vpnpbus; C:\Windows\System32\drivers\vpnpbus.sys [18624 2013-11-15] (EldoS Corporation)
R0 vsock; C:\Windows\System32\drivers\vsock.sys [75512 2015-11-05] (VMware, Inc.)
R2 vstor2-mntapi20-shared; C:\Windows\SysWow64\drivers\vstor2-mntapi20-shared.sys [34520 2015-07-09] (VMware, Inc.)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
R1 WindroyeBoxDrv; C:\Program Files\WindroyeBox\WindroyeBoxDrv.sys [252672 2015-03-03] (Windroy Corporation)
S3 WinRing0_1_2_0; C:\Users\Explorer\Downloads\Compressed\ThrottleStop_810_b2\ThrottleStop_810\WinRing0x64.sys [14544 2015-10-12] (OpenLibSys.org)
R3 WUDFWpdComp; C:\Windows\system32\DRIVERS\WUDFRd.sys [226304 2014-10-28] (Microsoft Corporation)
U3 DfSdkS; no ImagePath
S4 nvvad_WaveExtensible; \SystemRoot\system32\drivers\nvvad64v.sys [X]
U0 SR; no ImagePath
U2 srservice; no ImagePath
S3 vpnva; \SystemRoot\system32\DRIVERS\vpnva64-6.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-02-03 16:19 - 2017-02-03 16:19 - 00000000 ____D C:\FRST
2017-02-02 21:34 - 2017-02-03 05:12 - 00000000 ____D C:\AdwCleaner
2017-02-02 19:35 - 2017-02-02 19:35 - 00000000 ____D C:\Users\Explorer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2017-02-02 17:32 - 2017-02-02 18:10 - 00593770 _____ C:\Windows\ntbtlog.txt
2017-02-02 17:12 - 2016-11-30 01:34 - 00028352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aspnet_counters.dll
2017-02-02 17:12 - 2016-11-30 01:27 - 00030400 _____ (Microsoft Corporation) C:\Windows\system32\aspnet_counters.dll
2017-02-02 16:34 - 2016-11-12 14:08 - 25759744 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2017-02-02 16:34 - 2016-11-12 13:17 - 20302848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2017-02-02 16:34 - 2016-11-12 12:41 - 15257088 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2017-02-02 16:34 - 2016-11-12 12:21 - 13653504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2017-02-02 16:33 - 2016-11-19 12:53 - 00324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2017-02-02 16:33 - 2016-11-19 12:22 - 00111104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll
2017-02-02 16:33 - 2016-11-12 14:38 - 00613632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2017-02-02 16:33 - 2016-11-12 13:53 - 06049280 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2017-02-02 16:33 - 2016-11-12 13:29 - 00498688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2017-02-02 16:33 - 2016-11-12 13:14 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2017-02-02 16:33 - 2016-11-12 12:45 - 00880640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2017-02-02 16:33 - 2016-11-12 12:38 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2017-02-02 16:33 - 2016-11-12 12:37 - 04608000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2017-02-02 16:33 - 2016-11-12 12:35 - 02920960 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2017-02-02 16:33 - 2016-11-12 12:05 - 02444800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2017-02-02 16:33 - 2016-11-12 12:02 - 01312256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2017-02-02 16:33 - 2016-11-12 12:02 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2017-02-02 16:33 - 2016-11-09 12:25 - 01376768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll
2017-02-02 16:33 - 2016-11-05 13:35 - 04169216 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2017-02-02 16:33 - 2016-11-05 12:57 - 03320320 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2017-02-02 16:33 - 2016-11-05 12:11 - 03606528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2017-02-02 16:33 - 2016-11-05 10:56 - 02778624 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2017-02-02 16:33 - 2016-11-05 10:46 - 02463744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2017-02-02 16:33 - 2016-10-27 09:28 - 01097728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2017-02-02 16:33 - 2016-10-10 18:31 - 00990040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
2017-02-02 16:33 - 2016-10-10 13:18 - 00022360 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cmimcext.sys
2017-02-02 16:33 - 2016-10-09 09:08 - 00095232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shsetup.dll
2017-02-02 16:33 - 2016-10-08 16:31 - 00498688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dnsapi.dll
2017-02-02 16:33 - 2016-10-08 16:10 - 03547648 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2017-02-02 16:33 - 2016-10-05 09:01 - 01200128 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Globalization.dll
2017-02-02 16:33 - 2016-10-05 09:00 - 00868864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Globalization.dll
2017-02-02 16:33 - 2016-10-04 23:15 - 01969944 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2017-02-02 16:33 - 2016-10-04 23:15 - 01613528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2017-02-02 16:33 - 2016-10-04 23:15 - 00245320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2017-02-02 16:33 - 2016-09-20 17:30 - 02462040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2017-02-02 16:31 - 2016-11-10 21:33 - 01541240 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll
2017-02-02 16:31 - 2016-11-05 15:46 - 00422744 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\spaceport.sys
2017-02-02 16:31 - 2016-10-11 11:45 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\TpmTasks.dll
2017-02-02 16:31 - 2016-10-04 23:15 - 00324896 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2017-02-02 16:31 - 2016-09-27 15:16 - 00445873 _____ C:\Windows\system32\ApnDatabase.xml
2017-02-02 16:30 - 2016-11-19 16:24 - 00567152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2017-02-02 16:30 - 2016-11-19 16:24 - 00152856 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2017-02-02 16:30 - 2016-11-19 14:29 - 00401408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2017-02-02 16:30 - 2016-11-19 13:44 - 00445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2017-02-02 16:30 - 2016-11-16 16:49 - 00377176 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\clfs.sys
2017-02-02 16:30 - 2016-11-12 16:06 - 00738104 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2017-02-02 16:30 - 2016-11-12 14:25 - 00576000 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2017-02-02 16:30 - 2016-11-12 14:07 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2017-02-02 16:30 - 2016-11-12 13:23 - 01033216 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2017-02-02 16:30 - 2016-11-12 13:10 - 00806912 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2017-02-02 16:30 - 2016-11-12 12:20 - 01543680 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2017-02-02 16:30 - 2016-11-12 12:11 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2017-02-02 16:30 - 2016-10-27 21:56 - 01380048 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2017-02-02 16:30 - 2016-10-12 16:49 - 00379224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2017-02-02 16:30 - 2016-10-12 16:11 - 00922968 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\refs.sys
2017-02-02 16:30 - 2016-10-10 13:18 - 00069976 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2017-02-02 16:30 - 2016-10-09 09:17 - 00229888 _____ (Microsoft Corporation) C:\Windows\system32\ActionQueue.dll
2017-02-02 16:30 - 2016-10-09 09:08 - 00116224 _____ (Microsoft Corporation) C:\Windows\system32\shsetup.dll
2017-02-02 16:30 - 2016-10-08 17:24 - 00658432 _____ (Microsoft Corporation) C:\Windows\system32\dnsapi.dll
2017-02-02 16:30 - 2016-10-05 09:00 - 00323072 _____ (Microsoft Corporation) C:\Windows\system32\GlobCollationHost.dll
2017-02-02 16:30 - 2016-10-05 08:52 - 00513456 _____ C:\Windows\SysWOW64\locale.nls
2017-02-02 16:30 - 2016-10-05 08:52 - 00513456 _____ C:\Windows\system32\locale.nls
2017-02-01 17:12 - 2017-02-01 21:18 - 00000000 ____D C:\Users\Explorer\AppData\Local\Trend Micro
2017-01-31 18:20 - 2017-01-31 18:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Aspell
2017-01-31 17:31 - 2017-02-01 19:13 - 00000010 _____ C:\Users\Explorer\AppData\Local\sponge.last.runtime.cache
2017-01-31 16:26 - 2017-02-01 08:25 - 00407608 _____ (Trend Micro Inc.) C:\Windows\RegBootClean64.exe
2017-01-31 16:09 - 2017-02-01 21:18 - 00000000 ____D C:\ProgramData\Trend Micro
2017-01-31 16:08 - 2017-01-31 16:08 - 00000036 _____ C:\Users\Explorer\AppData\Local\housecall.guid.cache
2017-01-31 16:03 - 2017-01-31 16:06 - 145050392 _____ (Trend Micro Inc.) C:\Users\Public\Desktop\Trend_Micro.exe
2017-01-31 15:34 - 2017-01-31 15:34 - 00029177 _____ C:\ProgramData\agent.1485894894.bdinstall.bin
2017-01-31 15:20 - 2017-01-31 15:20 - 00046951 _____ C:\ProgramData\agent.1485894021.bdinstall.bin
2017-01-31 15:20 - 2017-01-31 15:20 - 00000000 ____D C:\ProgramData\Bitdefender Agent
2017-01-25 21:56 - 2017-01-25 21:56 - 00000905 _____ C:\Users\Public\Desktop\OBS Studio.lnk
2017-01-25 21:56 - 2017-01-25 21:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OBS Studio
2017-01-24 02:22 - 2017-01-24 02:22 - 00000000 ____D C:\Users\Explorer\AppData\Roaming\JAM Software
2017-01-23 07:24 - 2017-01-23 07:24 - 00000000 ____D C:\Users\Explorer\Documents\Mapify Pro and Pretty Roads
2017-01-21 03:26 - 2017-01-21 03:26 - 00097130 _____ C:\Users\Explorer\AppData\LocalLow\wbk2D45.tmp
2017-01-21 01:09 - 2017-01-21 01:09 - 00000000 ____D C:\Users\Explorer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Miranda IM
2017-01-18 23:30 - 2017-01-18 23:30 - 00000000 ____D C:\ProgramData\High-Logic
2017-01-18 22:06 - 2017-01-18 22:06 - 00002652 _____ C:\Users\Explorer\AppData\LocalLow\wbkD99A.tmp
2017-01-18 21:48 - 2017-02-03 05:35 - 00000000 ____D C:\Users\Explorer\AppData\Roaming\eM Client
2017-01-18 21:30 - 2017-01-18 21:30 - 00000978 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eM Client.lnk
2017-01-18 21:29 - 2017-01-18 21:35 - 00000000 ____D C:\Program Files (x86)\eM Client
2017-01-18 19:12 - 2017-01-18 19:12 - 00000000 ____D C:\Users\Explorer\.QtWebEngineProcess
2017-01-18 19:12 - 2017-01-18 19:12 - 00000000 ____D C:\Users\Explorer\.GoPro
2017-01-13 00:03 - 2017-01-13 00:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\High-Logic MainType
2017-01-13 00:02 - 2017-01-13 00:02 - 00000000 ____D C:\Users\Explorer\Documents\MainType
2017-01-13 00:02 - 2017-01-13 00:02 - 00000000 ____D C:\Users\Explorer\AppData\Roaming\MainType
2017-01-13 00:02 - 2017-01-13 00:02 - 00000000 ____D C:\ProgramData\High-Logic FontService
2017-01-13 00:02 - 2017-01-13 00:02 - 00000000 ____D C:\Program Files (x86)\High-Logic FontService
2017-01-13 00:02 - 2016-07-04 13:13 - 15137792 _____ C:\Windows\system32\hlfontlib.dll
2017-01-13 00:02 - 2016-07-04 13:13 - 02448384 _____ (High-Logic B.V.) C:\Windows\SysWOW64\hlfontlib.dll
2017-01-12 07:20 - 2017-01-12 07:20 - 00000000 ____D C:\Users\Explorer\Documents\Sony Photo Award
2017-01-09 22:44 - 2017-01-09 22:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UltraSearch
2017-01-08 00:24 - 2017-01-08 00:24 - 00000000 ____D C:\Users\Explorer\AppData\Roaming\Tweak-8
2017-01-08 00:24 - 2017-01-08 00:24 - 00000000 ____D C:\Users\Explorer\AppData\Local\Totalidea_Software
2017-01-08 00:23 - 2017-01-08 00:23 - 00000000 ____D C:\Windows\Tweak-8
2017-01-08 00:23 - 2017-01-08 00:23 - 00000000 ____D C:\Users\Explorer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tweak-8

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-02-03 16:23 - 2015-12-04 05:32 - 00000000 ____D C:\ProgramData\Gramblr
2017-02-03 16:23 - 2013-12-22 10:56 - 00000000 ____D C:\ProgramData\TEMP
2017-02-03 16:22 - 2014-11-14 10:12 - 00000996 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d0001d73c8b334.job
2017-02-03 16:21 - 2013-12-06 12:49 - 00000000 ____D C:\Users\Explorer\AppData\Roaming\Skype
2017-02-03 16:17 - 2014-05-06 18:56 - 00000996 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cf6986c118e050.job
2017-02-03 15:40 - 2013-12-06 08:24 - 00003596 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-925185676-1098965860-4220522822-1001
2017-02-03 15:33 - 2016-03-17 23:51 - 00002432 _____ C:\Users\Explorer\Desktop\Epic Privacy Browser.lnk
2017-02-03 15:33 - 2014-09-29 17:25 - 00000000 ____D C:\Users\Explorer\AppData\Local\Epic Privacy Browser
2017-02-03 15:32 - 2015-06-19 05:06 - 00001138 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-925185676-1098965860-4220522822-1001UA.job
2017-02-03 10:34 - 2015-02-12 12:54 - 00000000 ____D C:\Users\Explorer\AppData\Local\CrashDumps
2017-02-03 07:35 - 2016-12-10 23:12 - 00000000 ____D C:\Users\Explorer\AppData\LocalLow\Mozilla
2017-02-03 06:45 - 2013-12-07 01:24 - 00000000 ____D C:\Users\Explorer\Downloads\Compressed
2017-02-03 06:38 - 2013-12-06 08:35 - 00000000 ____D C:\Users\Explorer\AppData\Local\Apps\2.0
2017-02-03 06:25 - 2013-12-06 08:21 - 00000000 __RDO C:\Users\Explorer\SkyDrive
2017-02-03 05:34 - 2016-03-04 12:55 - 00000000 ____D C:\Users\Explorer\AppData\Roaming\Telegram Desktop
2017-02-03 05:22 - 2013-12-07 14:11 - 00000000 ___RD C:\Users\Explorer\Dropbox
2017-02-03 05:19 - 2016-10-27 19:48 - 00000000 ____D C:\Users\Explorer\.rainlendar2
2017-02-03 05:16 - 2013-08-22 08:36 - 00000000 ____D C:\Windows\Inf
2017-02-03 05:15 - 2014-07-20 10:54 - 00000000 ____D C:\ProgramData\VMware
2017-02-03 05:14 - 2016-04-11 02:14 - 00000000 ____D C:\ProgramData\NVIDIA
2017-02-03 05:14 - 2016-01-14 19:46 - 00000000 _____ C:\hsrv.txt
2017-02-03 05:14 - 2013-08-22 09:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-02-03 03:10 - 2015-12-04 05:32 - 00000000 ____D C:\Program Files\Gramblr
2017-02-03 02:00 - 2013-12-07 18:49 - 00000000 ____D C:\Users\Explorer\AppData\Local\Adobe
2017-02-02 21:57 - 2013-08-22 10:36 - 00000000 ____D C:\Windows\AppReadiness
2017-02-02 20:48 - 2013-08-22 09:44 - 06665784 _____ C:\Windows\system32\FNTCACHE.DAT
2017-02-02 20:38 - 2013-08-22 10:20 - 00000000 ____D C:\Windows\CbsTemp
2017-02-02 20:38 - 2013-08-22 08:36 - 00000000 ____D C:\Windows\system32\oobe
2017-02-02 20:34 - 2013-12-06 08:50 - 00000000 ____D C:\Users\Explorer\AppData\Roaming\KeePass
2017-02-02 20:32 - 2015-06-19 05:06 - 00001086 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-925185676-1098965860-4220522822-1001Core.job
2017-02-02 19:35 - 2013-12-07 13:42 - 00000000 ____D C:\Users\Explorer\AppData\Roaming\Dropbox
2017-02-02 17:25 - 2013-12-09 00:43 - 00000000 ____D C:\Windows\system32\MRT
2017-02-02 17:19 - 2013-12-09 00:43 - 135657872 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-02-02 17:16 - 2013-08-22 08:25 - 00000167 _____ C:\Windows\win.ini
2017-02-02 17:00 - 2015-02-12 12:53 - 00000000 ____D C:\ProgramData\TechSmith
2017-02-02 17:00 - 2013-12-06 08:17 - 00000000 ____D C:\Users\Explorer
2017-02-02 16:51 - 2015-02-12 12:55 - 00000000 ____D C:\Users\Explorer\AppData\Local\TechSmith
2017-02-02 04:09 - 2013-12-06 09:05 - 00000000 ____D C:\Temp
2017-02-02 03:55 - 2013-12-09 02:12 - 00000000 ____D C:\Users\Explorer\AppData\Roaming\uTorrent
2017-02-01 21:18 - 2013-08-22 10:36 - 00000000 ___HD C:\Windows\ELAMBKUP
2017-02-01 17:07 - 2013-08-22 08:25 - 00262144 ___SH C:\Windows\system32\config\ELAM
2017-02-01 17:06 - 2016-12-24 18:29 - 00000000 ____D C:\Users\Explorer\AppData\Local\JpegminiPro
2017-02-01 17:06 - 2016-07-17 15:35 - 00000000 ____D C:\Program Files (x86)\Remo Repair MOV 2.0
2017-02-01 08:32 - 2013-08-22 08:25 - 02359296 ___SH C:\Windows\system32\config\BBI
2017-01-31 18:38 - 2016-07-05 09:20 - 00000600 _____ C:\Users\Explorer\AppData\Local\PUTTY.RND
2017-01-31 02:40 - 2014-09-10 12:07 - 00000000 ____D C:\Users\Explorer\AppData\Roaming\Aegisub
2017-01-31 02:31 - 2014-09-10 12:09 - 00000000 ____D C:\Users\Explorer\AppData\Roaming\fontconfig
2017-01-30 22:00 - 2013-12-13 13:29 - 00001456 _____ C:\Users\Explorer\AppData\Local\Adobe Save for Web 13.0 Prefs
2017-01-30 21:01 - 2016-11-24 08:41 - 00000000 ____D C:\Users\Explorer\AppData\Roaming\vlc
2017-01-29 13:12 - 2015-12-20 01:44 - 00000000 ____D C:\Users\Explorer\AppData\Roaming\AIMP
2017-01-28 22:45 - 2016-07-06 10:47 - 00000000 ____D C:\ProgramData\WRData
2017-01-28 22:41 - 2015-11-23 15:16 - 00000000 ____D C:\Program Files (x86)\Tooligram Professional
2017-01-28 18:45 - 2016-03-30 21:30 - 00002062 _____ C:\Windows\Sandboxie.ini
2017-01-27 13:59 - 2014-10-20 16:44 - 00000000 ____D C:\ProgramData\boost_interprocess
2017-01-26 23:06 - 2016-03-17 21:23 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-01-26 22:16 - 2016-03-12 18:29 - 00001047 _____ C:\Windows\system32\Drivers\etc\hosts.ics
2017-01-26 21:57 - 2013-12-07 12:22 - 00000000 ____D C:\ProgramData\Package Cache
2017-01-26 21:53 - 2014-11-28 18:27 - 00000000 ____D C:\Users\Explorer\AppData\Roaming\Pointstone
2017-01-26 21:53 - 2014-10-22 14:45 - 00000000 ____D C:\ProgramData\Ashampoo
2017-01-26 21:25 - 2013-12-06 08:18 - 00000000 ____D C:\Users\Explorer\AppData\Local\Packages
2017-01-26 11:29 - 2015-08-18 09:14 - 00000000 ____D C:\Users\Explorer\Documents\ЗИЛ
2017-01-26 10:15 - 2016-07-31 00:25 - 00000000 ____D C:\Users\Explorer\AppData\Local\GoPro
2017-01-26 10:09 - 2015-01-06 12:48 - 00466456 _____ (Creative Labs) C:\Windows\system32\wrap_oal.dll
2017-01-26 10:09 - 2015-01-06 12:48 - 00444952 _____ (Creative Labs) C:\Windows\SysWOW64\wrap_oal.dll
2017-01-26 10:09 - 2015-01-06 12:48 - 00122904 _____ (Portions (C) Creative Labs Inc. and NVIDIA Corp.) C:\Windows\system32\OpenAL32.dll
2017-01-26 10:09 - 2015-01-06 12:48 - 00109080 _____ (Portions (C) Creative Labs Inc. and NVIDIA Corp.) C:\Windows\SysWOW64\OpenAL32.dll
2017-01-25 22:34 - 2015-11-07 05:09 - 00002827 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint 2016.lnk
2017-01-25 20:02 - 2013-12-09 08:33 - 00000600 _____ C:\Users\Explorer\AppData\Roaming\winscp.rnd
2017-01-25 03:21 - 2013-12-07 01:24 - 00000000 ____D C:\Users\Explorer\Downloads\Video
2017-01-24 14:30 - 2016-03-15 12:37 - 00000034 _____ C:\Users\Explorer\AppData\Roaming\AdobeWLCMCache.dat
2017-01-24 06:41 - 2013-12-06 08:43 - 00001129 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KeePass 2.lnk
2017-01-24 06:41 - 2013-12-06 08:43 - 00000000 ____D C:\Program Files (x86)\KeePass Password Safe 2
2017-01-23 21:29 - 2015-09-13 17:11 - 00000109 ___SH C:\Users\Explorer\AppData\Local\00000128
2017-01-23 16:49 - 2016-12-21 14:58 - 00000000 ____D C:\Users\Explorer\Documents\Poedit
2017-01-22 21:12 - 2014-03-27 09:27 - 00843676 _____ C:\Windows\system32\perfh00A.dat
2017-01-22 21:12 - 2014-03-27 09:27 - 00187258 _____ C:\Windows\system32\perfc00A.dat
2017-01-22 21:12 - 2013-09-29 23:14 - 01951454 _____ C:\Windows\system32\PerfStringBackup.INI
2017-01-21 23:00 - 2015-09-14 16:29 - 00000000 ____D C:\Users\Explorer\Documents\RS Ayahuasca
2017-01-21 00:38 - 2015-03-18 12:17 - 00000000 ____D C:\Users\Explorer\Documents\ATI
2017-01-18 23:27 - 2013-12-07 01:24 - 00000000 ____D C:\Users\Explorer\AppData\Roaming\DMCache
2017-01-18 23:25 - 2013-12-20 14:35 - 00000000 ____D C:\Users\Explorer\Documents\Dancebeat
2017-01-18 22:48 - 2015-11-07 05:09 - 00002849 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word 2016.lnk
2017-01-18 22:48 - 2015-11-07 05:09 - 00002821 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel 2016.lnk
2017-01-18 22:48 - 2015-11-07 05:09 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2016 Tools
2017-01-18 22:45 - 2013-12-08 20:02 - 00000000 ____D C:\Program Files\Microsoft Office
2017-01-18 16:19 - 2016-02-29 16:40 - 00000000 ____D C:\Users\Explorer\Documents\LRTimelapse
2017-01-18 16:19 - 2015-08-10 11:49 - 00000000 ____D C:\Users\Explorer\Documents\Файлы Outlook
2017-01-18 03:09 - 2016-09-02 23:25 - 00000753 _____ C:\Users\Explorer\Documents\CIII_LogFile.txt
2017-01-18 02:53 - 2016-01-31 18:32 - 00000000 ____D C:\Program Files (x86)\Garmin
2017-01-18 02:52 - 2016-04-27 03:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin
2017-01-18 02:51 - 2016-01-31 18:31 - 00003554 _____ C:\Windows\System32\Tasks\GarminUpdaterTask
2017-01-17 21:19 - 2013-12-06 12:49 - 00000000 ____D C:\ProgramData\Skype
2017-01-16 07:50 - 2016-10-23 08:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tooligram Professional
2017-01-12 21:34 - 2016-10-03 17:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2017-01-12 20:06 - 2016-03-25 22:26 - 00000000 ____D C:\Users\Explorer\AppData\Roaming\qBittorrent
2017-01-12 07:10 - 2015-12-10 08:52 - 00000000 ____D C:\Users\Explorer\AppData\Local\NVIDIA Corporation
2017-01-11 21:24 - 2013-12-07 01:24 - 00000000 ____D C:\Users\Explorer\AppData\Roaming\IDM
2017-01-08 05:14 - 2013-12-07 13:59 - 00000000 ____D C:\Users\Explorer\AppData\Roaming\Notepad++
2017-01-08 05:14 - 2013-12-07 13:59 - 00000000 ____D C:\Program Files (x86)\Notepad++
2017-01-08 00:13 - 2014-02-24 14:25 - 00000000 ____D C:\Program Files\paint.net
2017-01-07 23:48 - 2014-11-12 13:47 - 00000043 _____ C:\Users\Explorer\AppData\Local\~wmrg
2017-01-05 04:15 - 2016-09-18 05:39 - 00000000 ____D C:\Users\Explorer\DuOSShare

==================== Files in the root of some directories =======

2016-03-26 22:00 - 2016-03-26 22:00 - 0002749 _____ () C:\Program Files (x86)\GPR.lnk
2014-01-20 11:42 - 2015-11-25 00:49 - 0000132 _____ () C:\Users\Explorer\AppData\Roaming\Adobe BMP Format CC Prefs
2014-04-07 02:17 - 2014-04-07 02:17 - 0000132 _____ () C:\Users\Explorer\AppData\Roaming\Adobe GIF Format CC Prefs
2013-12-11 21:28 - 2015-11-03 00:53 - 0000132 _____ () C:\Users\Explorer\AppData\Roaming\Adobe PNG Format CC Prefs
2016-03-15 12:37 - 2017-01-24 14:30 - 0000034 _____ () C:\Users\Explorer\AppData\Roaming\AdobeWLCMCache.dat
2015-01-06 12:56 - 2013-07-22 03:59 - 0012005 _____ () C:\Users\Explorer\AppData\Roaming\alsoft.ini
2014-10-20 16:41 - 2014-10-31 23:06 - 0000268 ___RH () C:\Users\Explorer\AppData\Roaming\Ambience
2016-12-29 21:29 - 2016-12-29 21:29 - 0000003 _____ () C:\Users\Explorer\AppData\Roaming\CheckWinVer.log
2016-01-14 19:40 - 2016-04-02 10:04 - 0002044 _____ () C:\Users\Explorer\AppData\Roaming\droid4xinstaller.log
2016-04-28 15:56 - 2016-04-28 15:56 - 0347908 _____ () C:\Users\Explorer\AppData\Roaming\FontInfo.bin
2016-04-28 15:56 - 2016-04-28 15:56 - 0105744 _____ () C:\Users\Explorer\AppData\Roaming\GlyphInfo.bin
2015-03-20 14:21 - 2015-03-20 17:37 - 0576521 _____ () C:\Users\Explorer\AppData\Roaming\PS14_panel.log
2014-12-17 12:17 - 2014-12-17 12:17 - 0002114 _____ () C:\Users\Explorer\AppData\Roaming\SAS7_000.DAT
2013-12-09 08:33 - 2017-01-25 20:02 - 0000600 _____ () C:\Users\Explorer\AppData\Roaming\winscp.rnd
2015-08-10 11:58 - 2015-08-10 11:58 - 0038508 _____ () C:\Users\Explorer\AppData\Roaming\Значения, разделенные запятыми.ADR
2014-05-10 23:31 - 2015-03-01 20:06 - 0000010 _____ () C:\Users\Explorer\AppData\Local\.C3F2FH85-G3D2-2F02-D5CH-7D3D8C553E56
2015-03-20 13:48 - 2015-06-10 16:01 - 0000010 _____ () C:\Users\Explorer\AppData\Local\.DG212F11-EC8C-210D-DE1E-D9584D18D740
2015-09-13 17:11 - 2017-01-23 21:29 - 0000109 ___SH () C:\Users\Explorer\AppData\Local\00000128
2013-12-08 14:40 - 2013-12-12 18:22 - 144752885 _____ () C:\Users\Explorer\AppData\Local\ACCCx2_2_1_260.zip.aamdownload
2013-12-08 14:40 - 2013-12-12 18:22 - 0001817 _____ () C:\Users\Explorer\AppData\Local\ACCCx2_2_1_260.zip.aamdownload.aamd
2013-12-13 13:29 - 2017-01-30 22:00 - 0001456 _____ () C:\Users\Explorer\AppData\Local\Adobe Save for Web 13.0 Prefs
2013-12-08 20:43 - 2015-02-18 03:30 - 0026624 _____ () C:\Users\Explorer\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-01-30 19:03 - 2015-01-31 08:24 - 0342476 _____ () C:\Users\Explorer\AppData\Local\helpman.imc
2017-01-31 16:08 - 2017-01-31 16:08 - 0000036 _____ () C:\Users\Explorer\AppData\Local\housecall.guid.cache
2016-07-30 16:39 - 2016-07-30 16:39 - 0000001 _____ () C:\Users\Explorer\AppData\Local\llftool.4.40.agreement
2016-07-05 09:20 - 2017-01-31 18:38 - 0000600 _____ () C:\Users\Explorer\AppData\Local\PUTTY.RND
2015-12-04 08:42 - 2015-12-04 08:42 - 0000847 _____ () C:\Users\Explorer\AppData\Local\recently-used.xbel
2014-06-22 23:21 - 2016-10-13 13:36 - 0007583 _____ () C:\Users\Explorer\AppData\Local\Resmon.ResmonCfg
2017-01-31 17:31 - 2017-02-01 19:13 - 0000010 _____ () C:\Users\Explorer\AppData\Local\sponge.last.runtime.cache
2014-11-12 13:47 - 2017-01-07 23:48 - 0000043 _____ () C:\Users\Explorer\AppData\Local\~wmrg
2017-01-31 15:20 - 2017-01-31 15:20 - 0046951 _____ () C:\ProgramData\agent.1485894021.bdinstall.bin
2017-01-31 15:34 - 2017-01-31 15:34 - 0029177 _____ () C:\ProgramData\agent.1485894894.bdinstall.bin

Files to move or delete:
====================
C:\ProgramData\RegistryReviver.exe


Some files in TEMP:
====================
2017-01-25 21:59 - 2014-10-28 20:58 - 1040384 _____ (Microsoft Corporation) C:\Users\Explorer\AppData\Local\Temp\kernel32.dll
2017-02-02 03:56 - 2017-02-02 03:56 - 1066336 _____ (Microsoft Corporation) C:\Users\Explorer\AppData\Local\Temp\PidGenX.dll

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2016-03-26 02:17

==================== End of FRST.txt ============================

Spoiler: Explorer scan result of Farbar Recovery Scan Tool (x64) Version: 29-01-2017

Explorer scan result of Farbar Recovery Scan Tool (x64) Version: 29-01-2017
Ran by Explorer (03-02-2017 16:23:56)
Running from C:\Users\Explorer\Downloads\Programs
Windows 8.1 Enterprise (Update) (X64) (2013-12-06 13:18:08)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-925185676-1098965860-4220522822-500 - Administrator - Disabled)
Guest (S-1-5-21-925185676-1098965860-4220522822-501 - Limited - Disabled)
named (S-1-5-21-925185676-1098965860-4220522822-1005 - Limited - Enabled) => C:\Users\named
Explorer (S-1-5-21-925185676-1098965860-4220522822-1001 - Administrator - Enabled) => C:\Users\Explorer

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: ESET NOD32 Antivirus 9.0.408.0 (Disabled - Up to date) {EC1D6F37-E411-475A-DF50-12FF7FE4AC70}
AS: ESET NOD32 Antivirus 9.0.408.0 (Disabled - Up to date) {577C8ED3-C22B-48D4-E5E0-298D0463E6CD}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

"Лорелея - Программа для LiveInternet" (Версия 1.1.0.103) (HKLM-x32\...\Лорелея_is1) (Version: - Andrey Sorvin)
µTorrent (HKU\S-1-5-21-925185676-1098965860-4220522822-1001\...\uTorrent) (Version: 3.3.2.30488 - BitTorrent Inc.)
A1 Sitemap Generator (HKLM\...\016D8FA34C9345F4BAB03CF1A2D47E68_is1) (Version: 7.2.0 - Microsys)
ACDSee Pro 10 (64-bit) (HKLM\...\{13E67D9D-8F6F-4709-B380-A04EC12343E7}) (Version: 10.0.0.625 - ACD Systems International Inc.)
ActiveWorlds 3D (HKU\S-1-5-21-925185676-1098965860-4220522822-1001\...\ActiveWorlds 3D) (Version: 6.1 - ActiveWorlds, Inc)
Adobe After Effects CC 2014 (HKLM-x32\...\{2B22C750-5C3B-4738-B621-BA786AC7A494}) (Version: 13.0.0 - Adobe Systems Incorporated)
Adobe Audition CC 2015 (HKLM-x32\...\{839A3566-AED6-4787-A849-5CBE2B1DC6AE}) (Version: 8.0 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 3.5.1.209 - Adobe Systems Incorporated)
Adobe Dreamweaver CC 2014 (HKLM-x32\...\{7F823F8E-4348-11E4-8BF8-81763C49AA32}) (Version: 15.0.0 - Adobe Systems Incorporated)
Adobe Flash Player 23 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 23.0.0.207 - Adobe Systems Incorporated)
Adobe Illustrator CC 2015 (HKLM-x32\...\{5680D629-B263-49CC-821E-3CEBD4507B51}) (Version: 19.0 - Adobe Systems Incorporated)
Adobe InDesign CC 2014 (HKLM-x32\...\{CCDCB9C4-72BA-1014-A3F8-D123F2F18BC2}) (Version: 10.0 - Adobe Systems Incorporated)
Adobe Lightroom (HKLM-x32\...\{8048A5DF-8A70-5BE1-954B-E0FDE1BD0D0D}) (Version: 6.7 - Adobe Systems Incorporated)
Adobe Media Encoder CC 2014 (HKLM-x32\...\{663DEEEF-EF34-4DCB-8687-73A7AA146E02}) (Version: 8.0.0 - Adobe Systems Incorporated)
Adobe Photoshop CC 2014 (HKLM-x32\...\{D7A4F897-B20A-42D0-862D-CB5F6DB7391D}) (Version: 15.0 - Adobe Systems Incorporated)
Adobe Premiere Pro CC 2014 (HKLM-x32\...\{07BE616F-9E42-4C90-AF4F-0F32A5B088E7}) (Version: 8.0.0 - Adobe Systems Incorporated)
Adobe Premiere Pro CC 2015 (HKLM-x32\...\{38C72D42-0672-43B1-9E05-E7631684F9A1}) (Version: 9.2.0 - Adobe Systems Incorporated)
Adobe Update Management Tool (HKLM-x32\...\{534A7A1A-7102-4AF6-23EA-7CD279C7B625}_is1) (Version: 8.0 - PainteR)
Advanced PDF Password Recovery (HKLM-x32\...\{A85CC7BA-760F-4B65-8E2F-640BE314F2F8}) (Version: 5.06.113.2041 - Elcomsoft Co. Ltd.)
Advanced Renamer (HKLM-x32\...\Advanced Renamer_is1) (Version: 3.65 - Hulubulu Software)
Aegisub 3.0.0 (HKLM-x32\...\{24BC8B57-716C-444F-B46B-A3349B9164C5}_is1) (Version: 3.0.0 - Aegisub Team)
Aegisub 3.2.2 (HKLM\...\{24BC8B57-716C-444F-B46B-A3349B9164C5}_is1) (Version: 3.2.2 - Aegisub Team)
AIMP (HKLM-x32\...\AIMP) (Version: v4.11.1841, 09.10.2016 - AIMP DevTeam)
Akeeba eXtract Wizard 3.3 (HKLM-x32\...\{C5A52C02-1618-47DB-8A92-559DE29048EC}_is1) (Version: - Akeeba Developers)
Amazon Kindle (HKU\S-1-5-21-925185676-1098965860-4220522822-1001\...\Amazon Kindle) (Version: 1.17.1.44183 - Amazon)
Ancient Weapon Sounds (HKLM-x32\...\{E00A5837-482C-4DCE-B4CC-D16B343374E1}) (Version: 2.1.1 - Screaming Bee)
Anki (HKLM-x32\...\Anki) (Version: - )
Ansel (Version: 375.70 - NVIDIA Corporation) Hidden
ANT Drivers Installer x64 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
AntispamSniper for TheBat! (HKLM-x32\...\AntispamSniper for TheBat!) (Version: - )
Apowersoft Video Converter Studio V4.5.2 (HKLM-x32\...\{195E8D7F-292B-4B04-A6E7-E96CAF04C767}_is1) (Version: 4.5.2 - APOWERSOFT LIMITED)
Apple Mobile Device Support (HKLM\...\{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}) (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Arclab Watermark Studio 3.4 (HKLM-x32\...\Arclab Watermark Studio_is1) (Version: 3.4 - Arclab Software GbR)
Ashampoo Snap 9 (HKLM-x32\...\{0A11EA01-D628-EEFD-B5E8-864238AE9105}_is1) (Version: 9.0.5 - Ashampoo GmbH & Co. KG)
Asoftech Data Recovery (HKLM-x32\...\{1AED6EB7-8FEA-4021-B8FD-EBAA6B21679F}) (Version: 1.00 - )
Aspell English Dictionary-0.50-2 (HKLM-x32\...\Aspell English Dictionary_is1) (Version: - GNU)
Aspell Russian Dictionary-0.50-2 (HKLM-x32\...\Aspell Russian Dictionary_is1) (Version: - GNU)
Asterisk Key 10.0 (HKLM-x32\...\asterisk key) (Version: - )
ATLAS.ti (HKLM-x32\...\{ED0D2B4E-A7F0-4EB5-9431-1AEEEED0DE7B}) (Version: 7.5.7.0 - ATLAS.ti Scientific Software Development GmbH)
Atomic Mail Verifier 9.30.0.93 (HKLM-x32\...\AtomicMailVerifier_is1) (Version: 9.30.0.93 - AtomPark Software)
Attribute Manager 5.15 (HKLM-x32\...\Attribute Manager_is1) (Version: - MIKLSOFT, Inc.)
Audacity 2.1.2 (HKLM-x32\...\Audacity®_is1) (Version: 2.1.2 - Audacity Team)
Audials (HKLM-x32\...\{F5796078-0F2A-4E6F-BE6A-4E2A8464D3A2}) (Version: 14.0.60200.0 - Audials AG)
Avidemux 2.6 - 64 bits (HKLM-x32\...\Avidemux 2.6 - 64 bits (64-bit)) (Version: 2.6.15.161119 - )
Avidemux 2.6 - 64bits (HKLM-x32\...\Avidemux 2.6 - 64bits (64-bit)) (Version: 2.6.9.00 - )
Batch Converter Plug-In (HKLM-x32\...\{11BEA44C-BCFE-405E-9C76-33EF407A4354}) (Version: 4.0.4 - Screaming Bee)
Becky! Ver.2 (HKLM-x32\...\B2) (Version: - RimArts)
Belarc Advisor 8.4 (HKLM-x32\...\Belarc Advisor) (Version: 8.4.0.0 - Belarc Inc.)
Bitcoin Core (64-bit) (HKU\S-1-5-21-925185676-1098965860-4220522822-1001\...\Bitcoin Core (64-bit)) (Version: 0.10.0 - Bitcoin Core project)
Bitvise SSH Client 6.24 (remove only) (HKLM-x32\...\BvSshClient) (Version: - )
bl (x32 Version: 1.0.0 - Your Company Name) Hidden
Blue Satin Skin (HKLM-x32\...\{FB7D6550-9260-42E6-83C8-BF3A7E54442F}) (Version: 2.2.1 - Screaming Bee)
BlueStacks App Player (HKLM-x32\...\BlueStacks App Player) (Version: 0.10.7.5601 - BlueStack Systems, Inc.)
BlueStacks Notification Center (HKLM-x32\...\{783DCCCB-FBD0-4D1D-928D-7075DA8015E6}) (Version: 0.8.5.3042 - BlueStack Systems, Inc.)
Boilsoft Video Splitter 6.34 (HKLM-x32\...\{24549038-9956-4EE5-976D-4419AAEA7DD5}_is1) (Version: - Boilsoft, Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Boxcryptor 2.1 (HKLM-x32\...\{35475679-86D4-4472-8E92-9C34A6432314}) (Version: 2.1.417.123 - Secomba GmbH)
BS.Player PRO (HKLM-x32\...\BSPlayerp) (Version: 2.70.1080 - AB Team, d.o.o.)
CAcert Root Certificates (HKLM-x32\...\{3D42DACC-2DA6-455F-94FC-A15BCEF695E4}) (Version: 1.0.0 - CAcert Inc.)
calibre 64bit (HKLM\...\{D7533406-78CD-4C2F-B363-D7224851720E}) (Version: 2.71.0 - Kovid Goyal)
Canon Utilities Digital Photo Professional 3.5 (HKLM-x32\...\DPP) (Version: 3.5.2.0 - Canon Inc.)
CapMonster Standard (HKU\S-1-5-21-925185676-1098965860-4220522822-1001\...\CapMonster Standard) (Version: 2.6.0.0 - ZennoLab)
Capture NX 2 (HKLM\...\Capture NX 2) (Version: 2.4.7 - NIKON CORPORATION)
CardRecovery 6.10 (HKLM-x32\...\{88D68A69-D247-466B-90DD-575F6BE16230}_is1) (Version: - WinRecovery Software)
CCleaner (HKLM\...\CCleaner) (Version: 5.16 - Piriform)
CDex - Open Source Digital Audio CD Extractor (HKLM-x32\...\CDex) (Version: 1.70.5.2014 - Georgy Berdyshev)
Chameleon Startup Manager version 4.0.0.895 (HKLM-x32\...\{96C45BE0-C1AA-41B3-B161-F331DBC29B84-startup}}_is1) (Version: 4.0.0.895 - NeoSoft Tools)
Cisco AnyConnect Diagnostics and Reporting Tool (HKLM-x32\...\{7EC5A347-1BF1-4115-9063-55025F19AEFB}) (Version: 3.1.07021 - Cisco Systems, Inc.)
ClipSync Server (HKLM-x32\...\{2E4AB750-27D1-4D7E-BD37-BC69FD8D341E}) (Version: 1.0.0 - BDWM)
CnW (HKLM-x32\...\{72BCF850-3FCE-4BD9-AD43-6E92CB4470C2}) (Version: 5.09 - CnW Recovery Developments Ltd)
Color Suite v11.1.4 (HKLM-x32\...\{99487911-8011-42BC-B594-8B02BFD32B1D}_is1) (Version: 11.1.4 - Red Giant, LLC)
Comic Sound Pack (HKLM-x32\...\{91C78DA1-800F-4ACE-B6F6-206F7617D69E}) (Version: 2.1.1 - Screaming Bee)
Content Downloader X1 (HKLM-x32\...\Content Downloader X1) (Version: - )
Corel PaintShop Pro X8 (HKLM-x32\...\_{85C69B9B-F9BD-4A60-BD83-F2B7E081ED39}) (Version: 18.2.0.61 - Corel Corporation)
Creatures of Darkness (HKLM-x32\...\{573F9269-A022-4C6F-97BD-CF1316A76369}) (Version: 3.3.1 - Screaming Bee)
Cryptocat (HKU\S-1-5-21-925185676-1098965860-4220522822-1001\...\Cryptocat) (Version: 3.0.24 - Nadim Kobeissi)
CryptoPrevent (HKLM-x32\...\{5C5B24E7-4694-4049-A222-CCE7D3FAC63F}_is1) (Version: - Foolish IT LLC)
CrystalDiskInfo 7.0.0 (HKLM-x32\...\CrystalDiskInfo_is1) (Version: 7.0.0 - Crystal Dew World)
CrystalDiskMark 5.1.2 (HKLM\...\CrystalDiskMark5_is1) (Version: 5.1.2 - Crystal Dew World)
Customer Database Pro (HKLM-x32\...\Customer Database Pro) (Version: - Microguru Corporation)
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.48.1.0347 - Disc Soft Ltd)
Datacol5 (HKLM\...\Datacol_is1) (Version: 5.596 - Datacol)
DB Browser for SQLite (HKLM-x32\...\SqliteBrowser3) (Version: 3.8.0 - oldsch00l)
Deep Space Voices (HKLM-x32\...\{67CEC218-B250-4B4C-B23F-A597EC8DB153}) (Version: 3.3.1 - Screaming Bee)
Dell System Detect (HKU\S-1-5-21-925185676-1098965860-4220522822-1001\...\58d94f3ce2c27db0) (Version: 7.3.0.6 - Dell)
Distortion Control Data (HKLM-x32\...\{B08B4896-886C-4644-8664-BBA4CE99D318}) (Version: 1.00.0000 - Nikon)
DJ Streaming Plug-In (HKLM-x32\...\{956F54F5-0AA4-441D-8933-7B45F4F56F74}) (Version: 4.3.0 - Screaming Bee)
Droid4X (HKLM-x32\...\Droid4X) (Version: 0.9.0 - Haiyu Dongxiang Co.,Ltd.)
Dropbox (HKU\S-1-5-21-925185676-1098965860-4220522822-1001\...\Dropbox) (Version: 19.4.12 - Dropbox, Inc.)
DuOS (HKLM\...\{25E5B76A-CA64-4569-B639-0F50CF4FB537}) (Version: 2.0.8.8511 - American Megatrends Inc.)
EaseUS Data Recovery Wizard (HKLM\...\EaseUS Data Recovery Wizard_is1) (Version: - EaseUS)
Easy Watermark Studio version 3.5 (HKLM-x32\...\{5EC71BC9-52DB-417C-807F-19E6381863E8}_is1) (Version: 3.5 - Refero Group SRL)
EditPad Pro 7 v.7.4.0 (HKLM\...\EditPad Pro 7) (Version: v.7.4.0 - Just Great Software)
Elcomsoft Dictionaries (HKLM-x32\...\{74A23A1E-A394-4880-AB2B-076EDFC52AB5}) (Version: 1.0.1110 - Elcomsoft Co. Ltd.)
Elevated Installer (x32 Version: 5.1.1.0 - Garmin Ltd or its subsidiaries) Hidden
eM Client (HKLM-x32\...\{2A4CAF55-4B18-4B61-BE9E-94A54209F547}) (Version: 7.0.27943.0 - eM Client Inc.)
English Grammar in Use Extra application (HKLM-x32\...\EnglishGrammarinUseExtra) (Version: 1.0.0 - Cambridge University Press Holdings Limited)
English Grammar in Use Extra application (x32 Version: 1.0.0 - Cambridge University Press Holdings Limited) Hidden
English Grammar in Use Extra content (HKLM-x32\...\English Grammar in Use Extra content) (Version: 1.0.0.0 - Cambridge University Press)
Epic Privacy Browser (HKU\S-1-5-21-925185676-1098965860-4220522822-1001\...\Epic) (Version: 55.0.2661.75 - Epic)
Eraser 6.2.0.2969 (HKLM\...\{66AB13EA-E7D2-4CFC-9B66-8E9EE44C89EE}) (Version: 6.2.2969 - The Eraser Project)
eReg (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
Evernote v. 5.8.8 (HKLM-x32\...\{CD252A60-0965-11E5-B3A2-00505695D7B0}) (Version: 5.8.8.7837 - Evernote Corp.)
Exact Audio Copy 1.1 (HKLM-x32\...\Exact Audio Copy) (Version: 1.1 - Andre Wiethoff)
EXIF Date Changer v3.3.6 (HKLM-x32\...\{26CA1B07-BC53-4196-B9C2-A11C6F6F3E08}_is1) (Version: - Rellik Software)
Exif Tag Remover 5.1 (HKLM-x32\...\Exif Tag Remover_is1) (Version: - RL Vision)
Express Talk (HKLM-x32\...\Talk) (Version: 4.35 - NCH Software)
Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
Fade In Professional Screenwriting Software (HKLM-x32\...\Fade In Professional Screenwriting Software Demo_is1) (Version: - Fade In Professional Screenwriting Software)
Fantasy Sound Pack (HKLM-x32\...\{B53415F5-4060-48DA-ABB8-00F768158F47}) (Version: 1.1.1 - Screaming Bee)
Fantasy Voice Pack (HKLM-x32\...\{5F4C3E1F-87FC-41BD-B219-E4156BBD8AE5}) (Version: 1.3.2 - Screaming Bee)
Far Manager 3 (HKLM-x32\...\{01300352-5C74-4729-BD79-2086B8DC36EC}) (Version: 3.0.4774 - Eugene Roshal & Far Group)
Farm Animal Sounds (HKLM-x32\...\{F290F841-044D-44EF-9E51-FFFEA7FEE2D7}) (Version: 1.1.1 - Screaming Bee)
FastStone Image Viewer 5.5 (HKLM-x32\...\FastStone Image Viewer) (Version: 5.5 - FastStone Soft)
FBReader for Windows (HKLM-x32\...\FBReader for Windows) (Version: - )
Female Voice Pack (HKLM-x32\...\{D947A225-8C23-4E52-866E-CF3967476BFC}) (Version: 3.3.2 - Screaming Bee)
Fiddler (HKLM-x32\...\Fiddler2) (Version: 4.4.5.9 - Telerik)
FileLocator Pro x64 (HKLM\...\{FABB5600-6025-4CE1-A1B3-6AED653429C4}) (Version: 7.0.2028.1 - Mythicsoft Ltd)
FileOptimizer (HKLM-x32\...\FileOptimizer) (Version: 9.3.0.0 - Javier Gutiérrez Chamorro (Guti))
Final Draft (HKLM-x32\...\{E8FDC52C-83F4-4A0F-AA65-D0E8C0F3302F}) (Version: 9.0.0.163 - Final Draft, Inc.)
Flash Drive Tester v1.14 (HKLM-x32\...\{272C8DEE-F54F-406C-9AA6-B4DE2985A47C}) (Version: 1.14 - Virtual Console)
Fontlab Studio 5 (HKLM-x32\...\Studio 5.2_is1) (Version: 5.2 - FontLab)
Fontlab TransType4 (HKLM-x32\...\TransType4.0_is1) (Version: 4.0 - FontLab)
Fotosizer 2.08 (HKLM-x32\...\Fotosizer) (Version: 2.08.0.545 - Fotosizer.com)
Foxit PhantomPDF Business (HKLM-x32\...\{07396229-2F49-48AC-B275-F95228EC1E95}) (Version: 7.3.4.311 - Foxit Software Inc.)
FreeMind (HKLM-x32\...\B991B020-2968-11D8-AF23-444553540000_is1) (Version: 1.0.0 - )
Furry Voices for Second Life (HKLM-x32\...\{2032DA39-C844-43AE-B638-6A4F7496686E}) (Version: 1.3.1 - Screaming Bee)
Galactic Voices (HKLM-x32\...\{891D8FC9-726D-46F2-ADC0-E060A6EB1DC3}) (Version: 1.3.1 - Screaming Bee)
Garmin BaseCamp (HKLM-x32\...\{23A4DBD1-D847-4957-995D-8B1CC527E2E2}) (Version: 4.6.2.0 - Garmin Ltd or its subsidiaries)
Garmin Express (HKLM-x32\...\{9fbf4745-0038-4ed3-aee1-87af9b9ef8f1}) (Version: 5.1.1.0 - Garmin Ltd or its subsidiaries)
Garmin Express (x32 Version: 5.1.1.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (x32 Version: 5.1.1.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin MapSource (HKLM-x32\...\{AFBAB9A0-DDE8-49AE-8C17-A01B61BEE64B}) (Version: 6.16.3 - Garmin Ltd or its subsidiaries)
GMS.NET (HKU\S-1-5-21-925185676-1098965860-4220522822-1001\...\e80ba83f7712505b) (Version: 2.0.0.20 - codres.de)
Gnaural ver. 1.0.20110606 (HKLM-x32\...\Gnaural_is1) (Version: - Bret Logan)
GNU Aspell 0.50-3 (HKLM-x32\...\GNU Aspell_is1) (Version: - GNU)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 55.0.2883.87 - Google Inc.)
Google Drive plug-in 1.6.10.0 (HKLM\...\{52FDD388-69BC-4C53-B7D1-EFCA87E08EBD}) (Version: 1.6.10.0 - Google Inc)
Google Earth (HKLM-x32\...\{A0C18B96-AB79-46BD-8321-6FA83E6D25B9}) (Version: 7.1.7.2606 - Google)
Google Talk Plugin (HKLM-x32\...\{F9B579C2-D854-300A-BE62-A09EB9D722E4}) (Version: 5.41.3.0 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
gpr (HKLM-x32\...\{DA730E9B-D189-4D6F-99E4-EE35A2C4E365}) (Version: 1.27 - gpr)
Gramblr (HKLM\...\Gramblr) (Version: 2.8.2 - Gramblr Team)
Hard Disk Sentinel PRO (HKLM-x32\...\Hard Disk Sentinel_is1) (Version: - HDS)
HD Tune Pro 5.60 (HKLM-x32\...\HD Tune Pro_is1) (Version: - EFD Software)
HDD Regenerator (HKLM-x32\...\{CC5DA723-D428-40D1-B82B-21EB64B1273C}) (Version: 20.11.0011 - Abstradrome)
Herramientas de corrección de Microsoft Office 2016: español (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
HHD Software Hex Editor Neo 6.21 (HKU\S-1-5-21-925185676-1098965860-4220522822-1001\...\{8EB85C0E-DE7D-4A53-BD66-708B8F2C80B0}) (Version: 6.21.0.5841 - HHD Software, Ltd.)
HiDownloadPlatinum (HKLM-x32\...\HiDownload Platinum_is1) (Version: - )
High-Logic MainType 7 (HKLM-x32\...\MainType4_is1) (Version: - High-Logic B.V.)
Hosts File Editor (HKLM-x32\...\{EC9CF3E9-3C14-43D6-B9D0-5B4232926FAC}) (Version: 1.0.0 - Scott Lerch)
HxD Hex Editor version 1.7.7.0 (HKLM-x32\...\HxD Hex Editor_is1) (Version: 1.7.7.0 - Maлl Hцrz)
ICA (x32 Version: 18.2.0.61 - Corel Corporation) Hidden
IMAPSize 0.3.7 (HKLM-x32\...\IMAPSize_is1) (Version: - Broobles)
ImBatch 4.0.1 (HKLM-x32\...\{5C8028D2-E41D-44A3-A51E-E6FFF8F448B3}_is1) (Version: 4.0.1 - High Motion Software)
Inkscape 0.91 (HKLM\...\{81922150-317E-4BB0-A31D-FF1C14F707C5}) (Version: 0.91 - inkscape.org)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.15.1730 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.4229 - Intel Corporation)
Intel(R) Processor Identification Utility (HKLM-x32\...\{A92A4DB0-CD37-42D1-BE1D-603D53C24328}) (Version: 1.0.0.0 - Intel Corporation)
Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology (HKLM\...\{302600C1-6BDF-4FD1-1309-148929CC1385}) (Version: 3.1.1309.0390 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{1e9b4847-4e73-4d00-91f5-96e0f6ce3e5a}) (Version: 16.1.1 - Intel Corporation)
Internet Download Manager (HKLM-x32\...\Internet Download Manager) (Version: - Tonec Inc.)
IPM_PSP_COM64 (Version: 18.2.0.61 - Corel Corporation) Hidden
Java 8 Update 111 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180111F0}) (Version: 8.0.1110.14 - Oracle Corporation)
Java 8 Update 111 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180111F0}) (Version: 8.0.1110.14 - Oracle Corporation)
Jitsi (HKLM\...\{8D69CE08-8C5F-4428-B159-28AB690AFA27}) (Version: 2.4.4997 - Jitsi)
JMicron Flash Media Controller Driver (HKLM-x32\...\{26604C7E-A313-4D12-867F-7C6E7820BE4C}) (Version: 1.0.76.1 - JMicron Technology Corp.)
JonDo (HKLM-x32\...\JonDoUninstall) (Version: - )
JPEG Lossless Rotator 9.2 (HKLM\...\JPEG Lossless Rotator_is1) (Version: - Anny)
JPEGminiPro (HKLM-x32\...\{F6FB0050-975B-4E6B-B4BF-4E8BF8F3F864}) (Version: 1.9.5.0 - Beamr Imaging LTD)
JPEXS Free Flash Decompiler (HKLM-x32\...\{E618D276-6596-41F4-8A98-447D442A77DB}_is1) (Version: 4.0.5 - JPEXS)
KeePass Password Safe 2.35 (HKLM-x32\...\KeePassPasswordSafe2_is1) (Version: 2.35 - Dominik Reichl)
Kundli Chakra 2014 Professional (HKLM-x32\...\Kundli Chakra 2014 Professional_is1) (Version: - Horizon aarc)
Kutools for Excel (HKLM\...\{8517B4FB-CB2A-4544-8A1B-94E4CE01CA6D}) (Version: 10.0.0.228 - Detong Technology Ltd.)
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version: - )
LAV Filters 0.55.3 (HKLM-x32\...\lavfilters_is1) (Version: 0.55.3 - Hendrik Leppkes)
LeaderTask 8.4.1 (HKLM-x32\...\LeaderTask_is1) (Version: - Organizer LeaderTask LLC)
Light Image Resizer 5.0.2.0 (HKLM-x32\...\{D5C093E0-D3DF-42D3-AFD6-CAAFB6985CBC}_is1) (Version: 5.0.2.0 - ObviousIdea)
LinkChecker 8.6 (HKLM-x32\...\LinkChecker_is1) (Version: - )
LRTimelapse 4.7.1 (HKLM-x32\...\{3B86296C-F4C8-4FE7-8561-CC5F444098D4}}_is1) (Version: 4.7.1 - Gunther Wegner)
Lunascape6 (All Users) (HKLM-x32\...\Lunascape6) (Version: 6.9.2.27391 - Lunascape)
Maelstrom (HKU\S-1-5-21-925185676-1098965860-4220522822-1001\...\Maelstrom) (Version: 42.0.1.13 - Maelstrom)
MailingCheck (HKLM-x32\...\{369B1CE1-6D7B-443A-93D5-637FC67326AB}) (Version: 1.00.0004 - eDisplay srl)
Male Voice Pack (HKLM-x32\...\{2CC32E0E-9A10-4BCC-94F0-614F85375F59}) (Version: 1.3.1 - Screaming Bee)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Maxidix HotSpot version 14.9 (HKLM-x32\...\{83AE11EF-F89D-4732-A211-C8666259A613}_is1) (Version: 14.9 - Maxidix s.r.o.)
MediaInfo 0.7.87 (HKLM\...\MediaInfo) (Version: 0.7.87 - MediaArea.net)
MEGAsync (HKLM-x32\...\MEGAsync) (Version: - Mega Limited)
memoQ 2015 (HKLM-x32\...\{02493572-ba7f-4e14-9669-d4f3ca7e6734}_is1) (Version: - Kilgray)
MetadataTouch (HKLM-x32\...\{907943B7-967C-4490-A00C-83B4701E413B}) (Version: 7.00.0000 - Digital Confidence)
MetaX for Windows (HKLM-x32\...\{FD7A7C70-B21D-4309-BCCD-FD87ECF626EA}) (Version: 2.49 - No Bull Software)
Microsoft ASP.NET MVC 2 (HKLM-x32\...\{DD8FF2F3-0D97-4CF3-AF78-FA0E1B242244}) (Version: 2.0.60926.0 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Data Access Components 2.8 SDK (HKLM-x32\...\{DB29456E-BB83-42EE-9BD8-75A821560FBE}) (Version: 1.00.1425.0 - Microsoft Corporation)
Microsoft Office Language Pack 2016 - Russian/русский (HKLM\...\Office16.OMUI.ru-ru) (Version: 16.0.4266.1001 - Microsoft Corporation)
Microsoft Office Professional Plus 2016 (HKLM\...\Office16.PROPLUS) (Version: 16.0.4266.1001 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50901.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24210 (HKLM-x32\...\{f144e08f-9cbe-4f09-9a8c-f2b858b7ee7f}) (Version: 14.0.24210.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Mindjet MindManager 2016 (HKLM\...\{C6FFF09B-3978-450D-B560-E2D6068D3CEF}) (Version: 16.1.193 - Mindjet)
MiniTool Power Data Recovery Edition 7.0 (HKLM\...\MiniTool Power Data Recovery Edition_is1) (Version: - MiniTool Solution Ltd.)
Miranda IM 0.10.66 (HKLM-x32\...\Miranda IM) (Version: 0.10.66 - Miranda IM Project)
mIRC (HKLM-x32\...\mIRC) (Version: 7.38 - mIRC Co. Ltd.)
MKVToolNix 9.3.1 (64bit) (HKLM-x32\...\MKVToolNix) (Version: 9.3.1 - Moritz Bunkus)
MobiOne 2.6.1 (HKU\S-1-5-21-925185676-1098965860-4220522822-1001\...\com.poweredbypulse.profile-0-rb-10081-1394387867273) (Version: 2.6.1 - Genuitec, LLC)
Modern War Sounds (HKLM-x32\...\{A514E94F-C436-44C3-A1E9-1F58CD352669}) (Version: 1.0.1 - Screaming Bee)
MorphVOX Effects Rack (HKLM-x32\...\{4439ED25-D9ED-4E78-A41E-6C6C5DCEDE62}) (Version: 4.3.0 - Screaming Bee)
MorphVOX Pro (HKLM-x32\...\{76828C87-C612-4329-843B-4DB58060030A}) (Version: 4.4.9 - Screaming Bee)
Mozilla Firefox 50.1.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 50.1.0 (x86 en-US)) (Version: 50.1.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 50.1.0.6186 - Mozilla)
MP4Tools v3.4 (HKLM-x32\...\MP4Tools_is1) (Version: - Thüring IT-Consulting)
MSVC80_x64_v2 (Version: 1.0.3.0 - Nokia) Hidden
MSVC80_x86_v2 (x32 Version: 1.0.3.0 - Nokia) Hidden
MSVC90_x64 (Version: 1.0.1.2 - Nokia) Hidden
MSVC90_x86 (x32 Version: 1.0.1.2 - Nokia) Hidden
My Dream Diary (HKU\S-1-5-21-925185676-1098965860-4220522822-1001\...\My Dream Diary) (Version: - )
My MP4Box GUI 0.6.0.6 (HKLM\...\{3FBE3061-F2BC-4D3A-B4A9-8FB15C503F87}_is1) (Version: 0.6.0.6 - Matt Bodin)
MySQL Connector Net 6.1.6 (HKLM-x32\...\{5FD88490-011C-4DF1-B886-F298D955171B}) (Version: 6.1.6 - Oracle)
NbuExplorer version 3.2 (HKLM-x32\...\{6C58B3E8-0822-490B-BC94-40CC02A6B37F}_is1) (Version: 3.2 - Petr Vilem)
Nero BurningROM 2016 (HKLM-x32\...\{6C1E6289-0A1B-4ED5-A376-0819DE3651FD}) (Version: 17.0.00200 - Nero AG)
Nero Info (HKLM-x32\...\{F030BFE8-8476-4C08-A553-233DE80A2BE1}) (Version: 16.0.2000 - Nero AG)
NetTime (HKLM-x32\...\NetTime_is1) (Version: - Mark Griffiths)
Nikon Message Center 2 (HKLM-x32\...\{B014EE44-9197-4513-9613-71E6EB1B514E}) (Version: 2.1.1 - Nikon)
NirSoft WebVideoCap (HKLM-x32\...\NirSoft WebVideoCap) (Version: - )
Noise Reduction Plug-in 2.0 (HKLM-x32\...\{BF4742B0-7A7B-11E1-AFD0-F04DA23A5C58}) (Version: 2.0.471 - Sony)
Noki v2.1 (HKLM-x32\...\Noki_is1) (Version: - hz)
Nokia Connectivity Cable Driver (HKLM-x32\...\{29373274-977E-413C-A4DE-DC0F8E80C429}) (Version: 7.1.172.0 - Nokia)
Nokia PC Internet Access (HKLM-x32\...\Nokia PC Internet Access) (Version: 2.0.1.5 - Nokia)
Nokia PC Internet Access (x32 Version: 2.0.1.5 - Nokia) Hidden
Nokia PC Suite (HKLM-x32\...\Nokia PC Suite) (Version: 7.1.180.94 - Nokia)
Nokia PC Suite (x32 Version: 7.1.180.94 - Nokia) Hidden
Notepad++ (32-bit x86) (HKLM-x32\...\Notepad++) (Version: 7.2.2 - Notepad++ Team)
NVIDIA Graphics Driver 375.70 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 375.70 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.26.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.26.4 - NVIDIA Corporation)
ON1 Photo 10 (HKLM\...\ON1 Photo 10 PE) (Version: 10.5.1 - ON1)
One Click Root (HKLM-x32\...\{5B9840AC-FA2B-4C87-B636-78FF7B4DC963}) (Version: 1.00.0192 - One Click Root)
ooVoo (HKLM-x32\...\{FAA7F8FF-3C05-4A61-8F14-D8A6E9ED6623}) (Version: 3.6.9001 - ooVoo LLC.)
Opanda IExif 2.3 (HKLM-x32\...\Opanda IExif_is1) (Version: 2.3 - Opanda Studio)
Opanda PowerExif 1.2 Professional Trial (HKLM-x32\...\Opanda PowerExif Professional Trial_is1) (Version: 1.2 - Opanda Studio)
OpenAL (HKLM-x32\...\OpenAL) (Version: - )
OpenOffice 4.0.1 Language Pack (English) (HKLM-x32\...\{59256CE6-4343-41C5-B2AD-7133913AD540}) (Version: 4.01.9714 - Apache Software Foundation)
OpenVPN 2.3.12-I601 (HKLM\...\OpenVPN) (Version: 2.3.12-I601 - )
Oracle VM VirtualBox 4.3.12_ZZZZ (HKLM\...\{B5121457-0126-4E62-BCBF-6DC7C73D9E4A}) (Version: 4.3.12 - Oracle Corporation)
Outils de vérification linguistique 2016 de Microsoft Office - Français (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
PanoramaStudio 2.6 Pro ((uninstall)) (HKLM\...\PanoramaStudio2Pro) (Version: - )
PanoramaStudio 3.0 Pro ((uninstall)) (HKLM\...\PanoramaStudio3Pro) (Version: - )
Password Safe (HKLM-x32\...\Password Safe) (Version: - )
PC Connectivity Solution (HKLM-x32\...\{6D01D1B1-17BD-4F10-BB11-F08F0C47D42B}) (Version: 12.0.109.0 - Nokia)
PCSX2 - Playstation 2 Emulator (HKLM-x32\...\pcsx2-r5875) (Version: - )
PDF-XChange 2012 Pro (HKLM\...\{A922AD64-F9A6-4E5F-BE22-142CABB53C8D}) (Version: 5.0.272.306 - Tracker Software Products (Canada) Ltd.)
Personality Voices (HKLM-x32\...\{4B886E97-AF5B-46F0-9F48-6BE03149D972}) (Version: 1.0.1 - Screaming Bee)
ph (x32 Version: 1.0.0 - Your Company Name) Hidden
Phoenix Service Software (HKLM-x32\...\{E4C21200-3F47-4EB2-8B07-19E317CDE3FD}) (Version: 2012.50.000.49146 - Nokia)
Phoenix Service Software 2012.50.000.49146 (HKLM-x32\...\Phoenix Service Software 2012.50.000.49146_is1) (Version: - Seidea.com)
Phoenix UEFI Winflash (HKLM-x32\...\{E098A365-7CA4-48BD-83E2-F25F1CD2DF48}) (Version: 1.5.66.0 - Phoenix Technologies Ltd.)
Photo Frame Studio (HKLM-x32\...\Photo Frame Studio_is1) (Version: 3.0 - MOJOSOFT)
Photo Mechanic 5 (HKLM-x32\...\{DE924CF0-B8BB-42BA-BDA0-14535F79DF3F}) (Version: 5.0 - Camera Bits, Inc)
Photomatix Pro version 5.1.3 (HKLM\...\PhotomatixPro5x64_is1) (Version: 5.1.3 - HDRsoft Ltd)
Picture Control Utility x64 (HKLM\...\{11953C65-BB4E-4CA4-B0F0-2600A4B20040}) (Version: 1.5.1 - Nikon)
Pidgin (HKLM-x32\...\Pidgin) (Version: 2.10.11 - )
pidgin-otr 4.0.1 (HKLM-x32\...\pidgin-otr) (Version: 4.0.1 - Cypherpunks CA)
PIXPRO_SP360 (HKLM-x32\...\{93F8E743-7426-4997-A19B-EBA500F7F37B}) (Version: 2.00.03 - JK Imaging)
Poedit 1.8.11 (HKLM-x32\...\Poedit_is1) (Version: 1.8.11 - Vaclav Slavik)
PowerGREP 4 v.4.6.3 (HKLM\...\PowerGREP 4) (Version: v.4.6.3 - Just Great Software)
Prerequisite installer (x32 Version: 17.0.0002 - Nero AG) Hidden
Process Hacker 2.39 (r124) (HKLM\...\Process_Hacker2_is1) (Version: 2.39.0.124 - wj32)
Product Key Explorer 3.7.7 (HKLM-x32\...\Product Key Explorer_is1) (Version: - Nsasoft, LLC.)
PSD Codec by Ardfry Imaging, LLC (32 bit) (x32 Version: 1.0.15.0 - Ardfry Imaging, LLC) Hidden
PSD Codec by Ardfry Imaging, LLC (64 bit) (Version: 1.0.15.0 - Ardfry Imaging, LLC) Hidden
PSD CODEC Version 1.6.1.0 (HKLM\...\Ardfry PSD CODEC_is1) (Version: 1.6.1.0 - Ardfry Imaging, LLC)
PSPPContent (x32 Version: 18.2.0.61 - Corel Corporation) Hidden
PSPPHelp (x32 Version: 18.2.0.61 - Corel Corporation) Hidden
PSPPro64 (Version: 18.2.0.61 - Corel Corporation) Hidden
PTGui Pro 10.0.11 (HKLM-x32\...\PTGui) (Version: - New House Internet Services B.V.)
PuTTY (HKLM-x32\...\{ED9EF59B-0799-428E-823D-6D2B7B4FE2E0}) (Version: 0.67.0.0 - Simon Tatham)
qBittorrent 3.3.3 (HKLM-x32\...\qBittorrent) (Version: 3.3.3 - The qBittorrent project)
Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 11.0.26 - Dell Inc.)
QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
RaidCall (HKLM-x32\...\RaidCall) (Version: 8.1.8-1.0.3110.145 - raidcall.com.ru)
Rainlendar2 (remove only) (HKLM-x32\...\Rainlendar2) (Version: - )
RazorSQL 6.3.17 (HKLM-x32\...\RazorSQL 6.3.17_is1) (Version: - Richardson Software, LLC)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7083 - Realtek Semiconductor Corp.)
Recuva (HKLM\...\Recuva) (Version: 1.52 - Piriform)
Red Giant Link (HKLM-x32\...\{10F82E5B-B611-4C65-8F29-666A9EC5680A}_is1) (Version: 1.9.8.1 - Red Giant, LLC)
RegexMagic 2 v.2.1.1 (HKLM\...\RegexMagic 2) (Version: v.2.1.1 - Just Great Software)
Registry Trash Keys Finder (Freeware) (HKLM-x32\...\Registry Trash Keys Finder) (Version: 3.9.3.0 - SNC)
Remo Repair MOV (HKLM-x32\...\{8DD5B1BF-E1BB-43DB-965C-DC6180A19518}_is1) (Version: 2.0.0.16 - Remo Software)
Replay Media Catcher 6 (6.0.1.27) (HKLM-x32\...\Replay Media Catcher 6) (Version: 6.0.1.27 - Applian Technologies)
Revo Uninstaller Pro (HKLM\...\Revo Uninstaller Pro) (Version: - VS Revo Group)
Rosetta Stone TOTALe (x32 Version: 4.1.15.1 - Rosetta Stone, Ltd) Hidden
R-Undelete 4.9 (HKLM-x32\...\R-Undelete 4.9NSIS) (Version: 4.9.160808 - R-Tools Technology Inc.)
Samsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.59.0 - Samsung Electronics Co., Ltd.)
Sci-Fi 2 Sound Pack (HKLM-x32\...\{62DC2D57-7AB8-4181-994B-C62D55FCE6F4}) (Version: 1.3.1 - Screaming Bee)
Sci-Fi Sound Pack (HKLM-x32\...\{D16C611D-CA6F-402B-9EDA-9862CF4A701B}) (Version: 1.1.1 - Screaming Bee)
Sci-Fi Voice Pack (HKLM-x32\...\{BC038C91-D3C6-4E43-8439-B65976FE7937}) (Version: 1.3.1 - Screaming Bee)
Screaming Frog SEO Spider (HKLM-x32\...\Screaming Frog SEO Spider) (Version: 7.1 - Screaming Frog Ltd)
SDFormatter (HKLM-x32\...\{179324FF-7B16-4BA8-9836-055CAAEE4F08}) (Version: 4.0.0 - SD Association)
SecureZIP for Windows 14.20.0027 (HKLM\...\{E31117D0-A867-4AF2-BB50-E038E2C498E5}) (Version: 14.20.0027 - PKWARE, Inc)
SES Driver (HKLM\...\{D8CC254C-C671-4664-9A38-FA368D1E2C97}) (Version: 1.0.0 - Western Digital)
Setup (x32 Version: 18.2.0.61 - Corel Corporation) Hidden
SharePoint Client Components (HKLM\...\{95150004-1163-0409-1000-0000000FF1CE}) (Version: 15.0.4711.1001 - Microsoft Corporation)
Shtirlitz IV (HKLM-x32\...\ShtirlitzIV) (Version: - )
SignMyImage (HKLM-x32\...\SignMyImage) (Version: 4.15 - Filip Krolupper)
SkHistory (HKLM-x32\...\SkHistory) (Version: 0.9.7 - UNKNOWN)
SkHistory (x32 Version: 0.9.7 - UNKNOWN) Hidden
Skype chat helper (HKLM-x32\...\{EB951722-70F4-4EF1-902C-CD665AA17A19}) (Version: 1.1.1 - Pril)
Skype™ 7.31 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.31.104 - Skype Technologies S.A.)
Slack (HKU\S-1-5-21-925185676-1098965860-4220522822-1001\...\slack) (Version: 2.0.3 - Slack Technologies)
Smart Cutter (HKLM-x32\...\{BEDE9B89-27C6-45BB-B3E2-B6D8883D8326}) (Version: 1.9.4 - FameRing)
Sniper Elite V2 (HKLM-x32\...\Sniper Elite V2_is1) (Version: - )
SolveigMM Video Splitter Business Edition (HKLM-x32\...\SolveigMM Video Splitter Business Edition 6.0.1609.2) (Version: 6.0.1609.2 - Solveig Multimedia)
Sound Forge Pro (HKLM-x32\...\Sound Forge Pro) (Version: - )
Special Effects Voices (HKLM-x32\...\{913C4C4F-9E3E-41A6-A614-1BDC1352A225}) (Version: 1.0.2 - Screaming Bee)
Spooky Sounds (HKLM-x32\...\{F71EBF86-9A73-44C0-A674-55FA3E4A8428}) (Version: 2.1.1 - Screaming Bee)
SQL-Splitter 1.2.0.1 (HKLM-x32\...\SQL-Splitter_is1) (Version: - CoolFactory)
ST Microelectronics 3 Axis Digital Accelerometer Solution (HKLM-x32\...\{9C24F411-9CA7-4A8A-91F3-F08A4A38EB31}) (Version: 4.11.0028 - ST Microelectronics)
Stashimi Stub Installer (x32 Version: 18.001.1 - Nero AG) Hidden
Stellar Phoenix Outlook PST Repair - Technical (HKLM\...\Stellar Phoenix Outlook PST Repair - Technical_is1) (Version: 5.0.0.0 - Stellar Information Technology Pvt Ltd.)
Stellar Phoenix Video Repair (HKLM-x32\...\Stellar Phoenix Video Repair_is1) (Version: 2.0.0.0 - Stellar Information Technology Pvt Ltd.)
Stellar Phoenix Windows Data Recovery - Professional (HKLM-x32\...\Stellar Phoenix Windows Data Recovery - Professional_is1) (Version: 5.0.0.0 - Stellar Information Systems Ltd)
SuperMemo (HKLM-x32\...\SuperMemo) (Version: 15.4 - SuperMemo World)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TAP-Windows 9.21.2 (HKLM\...\TAP-Windows) (Version: 9.21.2 - )
Technitium MAC Address Changer v6.0.5 (HKLM-x32\...\TMACv6.0) (Version: 6.0.5 - Technitium)
Telegram Desktop version 0.10.20 (HKU\S-1-5-21-925185676-1098965860-4220522822-1001\...\{53F49750-6209-4FBF-9CA8-7A333C87D1ED}_is1) (Version: 0.10.20 - Telegram Messenger LLP)
Teleport Pro (HKLM-x32\...\Teleport Pro) (Version: 1.71 - Tennyson Maxwell Information Systems, Inc.)
Text Twist 2 1.00 (HKLM-x32\...\Text Twist 2 1.00) (Version: - )
Text-To-VoIP Plug-in (HKLM-x32\...\{C1A6E1A4-B337-41B5-B580-30EB1FF76D56}) (Version: 4.0.0 - Screaming Bee)
Tipard Video Converter Ultimate 9.0.32 (HKLM-x32\...\{F2922911-108A-4d9e-B33A-2A101444F4CE}_is1) (Version: 9.0.32 - Tipard Studio)
Tooligram Professional (HKLM-x32\...\{C46AD13D-E852-5802-FE02-0A633C6C2E3D}) (Version: 2.6.0 - Tooligram Group)
Total Commander 64-bit (Remove or Repair) (HKLM\...\Totalcmd64) (Version: 8.51a - Ghisler Software GmbH)
Total Commander 64-bit (Remove or Repair) (HKLM-x32\...\Totalcmd64) (Version: 8.52a - Ghisler Software GmbH)
Translator Fun Voice Pack (HKLM-x32\...\{C39768C1-82E7-4466-8526-2D8AC44B768F}) (Version: 1.5.1 - Screaming Bee)
Trapcode Suite 64-bit (HKLM-x32\...\InstallShield_{460D83C4-15D5-4C0E-9B7D-2204F196A010}) (Version: 12.1.3 - Red Giant)
Trapcode Suite 64-bit (Version: 12.1.3 - Red Giant) Hidden
Tweak-8 (HKLM\...\Tweak-8) (Version: 1.0 build 1080 - Totalidea Software)
Twidium Accounter 3.8 build 9 (HKLM-x32\...\Twidium Accounter_is1) (Version: - Twidium)
Twidium Twitter Edition 1.0.27 (HKLM-x32\...\Twidium Twitter Edition_is1) (Version: 1.0.27.0 - Twidium Team)
Twingly Screensaver (HKLM-x32\...\{EB711BC7-0FDF-460C-A00C-DF8E5E996037}) (Version: 1.0.0 - Primelabs)
Twister 0.9.28.0 (HKU\S-1-5-21-925185676-1098965860-4220522822-1001\...\Twister) (Version: 0.9.28.0 - )
UltraCompare (HKLM-x32\...\InstallShield_{11EF223E-CCCB-4BCC-918D-EA4E59FD05EF}) (Version: 15.10.20 - IDM Computer Solutions, Inc.)
UltraCompare (x32 Version: 15.10.20 - IDM Computer Solutions, Inc.) Hidden
UltraEdit (HKLM-x32\...\{39805786-E230-4C4F-B062-773DC53C7F11}) (Version: 22.20.40 - IDM Computer Solutions, Inc.)
UltraFinder (HKLM-x32\...\{3D79501A-B9BC-426B-90B0-D2B291E1E7C8}) (Version: 16.0.0.8 - IDM Computer Solutions, Inc.)
UltraSearch V2.1.2 (64 bit) (HKLM\...\UltraSearch_is1) (Version: 2.1.2 - JAM Software)
Unity Web Player (HKU\S-1-5-21-925185676-1098965860-4220522822-1001\...\UnityWebPlayer) (Version: 5.0.0f4 - Unity Technologies ApS)
Universal Adb Driver (HKLM-x32\...\{D9C4202E-6D51-4B06-A8F1-22316E654BCA}) (Version: 1.0.0 - ClockworkMod)
Unlocker 1.9.2 (HKLM\...\Unlocker) (Version: 1.9.2 - Cedrick Collomb)
Update for Skype for Business 2016 (KB3128049) 64-Bit Edition (HKLM\...\{90160000-0011-0000-1000-0000000FF1CE}_Office16.PROPLUS_{801D5242-0189-4C99-977B-0C77DBD1F046}) (Version: - Microsoft)
Update for Skype for Business 2016 (KB3128049) 64-Bit Edition (HKLM\...\{90160000-012B-0409-1000-0000000FF1CE}_Office16.PROPLUS_{801D5242-0189-4C99-977B-0C77DBD1F046}) (Version: - Microsoft)
Update for Skype for Business 2016 (KB3128049) 64-Bit Edition (HKLM\...\{90160000-012B-0419-1000-0000000FF1CE}_Office16.OMUI.ru-ru_{801D5242-0189-4C99-977B-0C77DBD1F046}) (Version: - Microsoft)
UUDeview for Windows (HKLM-x32\...\UUDeview for Windows) (Version: 1.3 - Michael Newcomb and Frank Pilhofer)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
Vegas Pro 13.0 (64-bit) (HKLM\...\{1EEE0BEE-0BC8-11E5-A19E-F04DA23A5C58}) (Version: 13.0.453 - Sony)
Vit Registry Fix 12.7.0 (Remove only) (HKLM\...\Vit Registry Fix) (Version: - VITSOFT)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
VMware Workstation (HKLM\...\{0AD91785-F9BD-47FD-84F7-9E27B5A1853D}) (Version: 12.1.0 - VMware, Inc.)
Voice Splicer Plug-In (HKLM-x32\...\{5A53F620-6A7A-4362-94AD-12D9FCB856E1}) (Version: 4.2.11 - Screaming Bee)
VoipConnect (HKLM-x32\...\VoipConnect_is1) (Version: 4.14 build 770 - Finarea S.A. Switzerland)
VX Search Ultimate 7.4.16 (HKLM-x32\...\VX Search Ultimate) (Version: 7.4.16 - Flexense Computing Systems Ltd.)
Wacom (HKLM\...\Pen Tablet Driver) (Version: 5.3.5-3 - Wacom Technology Corp.)
WebM for Premiere (HKLM\...\{7BCAE84F-ACE9-4089-87BB-75B914551743}) (Version: 1.0.0 - fnord software)
WebMoney Agent (HKLM-x32\...\WebMoney Agent) (Version: 3.5 - Softomate)
WebMoney Keeper WinPro 3.9.9.8 (HKLM-x32\...\{6D9A7CEE-054A-437D-99EF-DD7C77E001FD}) (Version: 3.9.9.8 - WM Transfer Ltd.)
WebTablet FB Plugin 32 bit (HKLM-x32\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.7 - Wacom Technology Corp.)
WebTablet FB Plugin 64 bit (HKLM\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.7 - Wacom Technology Corp.)
WinDirStat 1.1.2 (HKU\S-1-5-21-925185676-1098965860-4220522822-1001\...\WinDirStat) (Version: - )
WinDjView 2.0.2 (HKLM\...\WinDjView) (Version: 2.0.2 - Andrew Zhezherun)
Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows Driver Package - Nokia Modem (02/25/2011 4.7) (HKLM\...\E0AC723A3DE3A04256288CADBBB011B112AED454) (Version: 02/25/2011 4.7 - Nokia)
Windows Driver Package - Nokia Modem (02/25/2011 7.01.0.9) (HKLM\...\72A50F48CC5601190B9C4E74D81161693133E7F7) (Version: 02/25/2011 7.01.0.9 - Nokia)
Windows Driver Package - Nokia pccsmcfd LegacyDriver (05/31/2012 7.1.2.0) (HKLM\...\62BBD193ADFDBB228C7E1ADB56463F5732FF7F6F) (Version: 05/31/2012 7.1.2.0 - Nokia)
Windows Driver Package - Silicon Laboratories (silabenm) Ports (12/10/2012 6.6.1.0) (HKLM\...\D680DEE0F68D64EC53D0C5769879D15D387054CC) (Version: 12/10/2012 6.6.1.0 - Silicon Laboratories)
Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
Windows Driver Package - Western Digital Technologies (WDC_SAM) WDC_SAM (01/19/2011 1.0.0009.0) (HKLM\...\4CA7CFBB29889F25ACB3DF6E3A42BAE29EB43B20) (Version: 01/19/2011 1.0.0009.0 - Western Digital Technologies)
WinHex (HKLM-x32\...\WinHex) (Version: - )
WinMerge 2.14.0 (HKLM-x32\...\WinMerge_is1) (Version: 2.14.0 - Thingamahoochie Software)
WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.)
WinRAR 5.30 beta 5 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.30.5 - win.rar GmbH)
WinSCP 5.8.1 beta (HKLM-x32\...\winscp3_is1) (Version: 5.8.1 beta - Martin Prikryl)
WinX HD Video Converter Deluxe 5.9.4 (HKLM-x32\...\WinX HD Video Converter Deluxe_is1) (Version: - Digiarty Software, Inc.)
WM Recorder (HKLM-x32\...\WM Recorder14.16.2.0) (Version: 14.16.2.0 - AllAlex, Inc)
Workplace Backgrounds (HKLM-x32\...\{13304708-E115-4044-82DA-88A6F5424359}) (Version: 1.0.0 - Screaming Bee)
XnView 2.36 (HKLM-x32\...\XnView_is1) (Version: 2.36 - Gougelet Pierre-e)
yWriter5 (HKLM-x32\...\yWriter5_is1) (Version: - Spacejock Software)
ZennoPoster Standard (HKU\S-1-5-21-925185676-1098965860-4220522822-1001\...\ZennoPoster Standard) (Version: 5.9.9.1 - ZennoLab)
Домашняя бухгалтерия (HKU\S-1-5-21-925185676-1098965860-4220522822-1001\...\Домашняя бухгалтерия) (Version: 5.2 - Keepsoft)
Засоби перевірки правопису Microsoft Office 2016 – українська (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Парсер Яндекс Карт ver 4.3, версия 4.3.0.0 (HKLM-x32\...\{A793623D-40C5-4DB9-A2A4-2E91EA0DEC33}_is1) (Version: 4.3.0.0 - Parsinfo)
Поддержка программ Apple (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Средства проверки правописания Microsoft Office 2016 — русский (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {00CE6CA9-7691-46ED-A32B-41B5D8052A0B} - System32\Tasks\Norton AntiVirus\Norton Error Analyzer => C:\Program Files (x86)\Norton AntiVirus\Engine\22.6.0.142\SymErr.exe
Task: {063A6DF0-D9DF-4D01-98C0-43B458DBC34F} - System32\Tasks\{36E7CDCE-3B01-4650-8948-AF254DEB073C} => pcalua.exe -a C:\Users\Explorer\Downloads\Programs\Shtrl4.exe -d C:\Users\Explorer\AppData\Roaming\IDM
Task: {0A4E987C-6912-497D-A2C5-DDC107B9467C} - System32\Tasks\AdobeAAMUpdater-1.0-MicrosoftAccount-ltwingtrust@hotmail.com => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2016-01-07] (Adobe Systems Incorporated)
Task: {0AC4904A-8372-4020-9BFF-55B687BCD936} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express SelfUpdater\ExpressSelfUpdater.exe [2017-01-16] ()
Task: {0CB03F15-7BBF-4237-8FBB-FE6F3FA35FCD} - System32\Tasks\GoogleUpdateTaskMachineUA1cf6986c118e050 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {197671D1-207D-49D1-A944-E0D46AEF8027} - System32\Tasks\GoogleUpdateTaskMachineUA1d041918bdfa750 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {2409A78A-85F7-40FD-AD75-A78F381E4B62} - System32\Tasks\Chameleon Monitor-Explorer => c:\program files (x86)\common files\Chameleon Manager\monitor.exe [2015-02-10] (NeoSoft Tools)
Task: {2D04D24E-3525-4A26-A43D-33B1A0FF27BC} - System32\Tasks\GoogleUpdateTaskMachineUA1d0001d73c8b334 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {32B41AF0-40BF-4D96-9837-DD6843CC1A3C} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\Office16\msoia.exe [2015-07-31] (Microsoft Corporation)
Task: {36B69D02-CE82-4816-BD15-57E6CEC2A0DC} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-03-11] (Piriform Ltd)
Task: {3C7DF767-9E4B-4F3B-841D-95887E75AEFD} - \Pointstone\System Cleaner\Daily Notice -> No File <==== ATTENTION
Task: {43A17CBD-36AD-4BFB-B3C5-1FEF32E15681} - System32\Tasks\Red Giant Link => C:\Program Files\Red Giant Link\Red Giant Link.exe
Task: {4515A598-639B-489A-B22D-0FF6267D4734} - System32\Tasks\Norton AntiVirus\Norton Error Processor => C:\Program Files (x86)\Norton AntiVirus\Engine\22.6.0.142\SymErr.exe
Task: {4AC54D11-6DD2-4038-A5FF-94888CBDEE05} - System32\Tasks\Run RoboForm TaskBar Icon => D:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
Task: {5296151F-94E0-4363-BD38-3D32EB8820F6} - \{505A68B3-E825-4D29-AC08-B71CA2308CF5} -> No File <==== ATTENTION
Task: {5F4BF8A0-2FF1-467F-916B-CC2DAC8D72B1} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2016-10-25] (NVIDIA Corporation)
Task: {6A53FC7F-5F79-4FB4-8C68-579E7C847A2D} - System32\Tasks\{F5A09CDD-01AF-42BB-88BB-10471CCE6707} => pcalua.exe -a "C:\Program Files\ReviverSoft\Registry Reviver\Uninstall.exe"
Task: {7476B54B-CDB4-47A2-85FC-8F1BC37E7E33} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {7B81CF39-A304-40ED-B0FA-E97FCA106CC3} - System32\Tasks\Open URL by RoboForm => Rundll32.exe url.dll,FileProtocolHandler "hxxp://www.roboform.com/uninstall.html?aaa=KICMHMKMJMPMGMNMNMKJCNMMNJNMOJCNLMOJGMOJCNGMLJKJMJCNJJJJOMJMKJLMGMJJLMJMOJMMJNJICMIMCNGMCNNMNMFMOMOMCNPMCNGMJMPMPMFMJMCNMMCNGMJMPMPMCNNMJNPICMHMFMFMOMPMJNHICMEKMICNJJCKJNBJCMLKNIOJJIKJDJDJKJNIJNKJCMJNNICMJNDJCMKJBJJNMJCMPMFMPMFM (the data entry has 35 more characters).
Task: {8033146A-54E7-453E-A3E9-FC0972A14F1A} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2016-10-25] (NVIDIA Corporation)
Task: {8D6A16C1-3BA2-4877-85C3-A3631C653532} - System32\Tasks\{A1D5D0E4-BB6C-4E3C-BD67-E5A8C0E74A2E} => pcalua.exe -a C:\Users\Explorer\Downloads\Programs\MDAC_TYP.EXE -d C:\Users\Explorer\AppData\Roaming\IDM
Task: {8EC5BF83-AC06-4190-A64A-4096E5BBCD19} - System32\Tasks\Nero\Nero Info => C:\Program Files (x86)\Common Files\Nero\Nero Info\NeroInfo.exe [2015-06-04] (Nero AG)
Task: {8F3B47E0-D5F4-47FA-B387-F689471175DC} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\Office16\msoia.exe [2015-07-31] (Microsoft Corporation)
Task: {915FE576-044F-4C41-BB42-88FC4859018F} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-925185676-1098965860-4220522822-1001Core => C:\Users\Explorer\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2016-11-05] (Dropbox, Inc.)
Task: {91E9E3CA-F7D9-4D12-A30D-BB7ADA79C6DC} - System32\Tasks\Chameleon Startup Manager-Explorer => C:\Program Files (x86)\Chameleon Startup Manager\manager.exe [2015-02-10] (NeoSoft Tools)
Task: {92C88288-96C8-4FDF-A609-217497BFBEF9} - \Pointstone\System Cleaner\Log On Notice -> No File <==== ATTENTION
Task: {9822B3AD-B62E-42E8-8E38-EFEAEF22F1B2} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-925185676-1098965860-4220522822-1001UA => C:\Users\Explorer\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)
Task: {9CBC36AC-65A1-4EE6-ADFE-AFF60472DD16} - System32\Tasks\Chameleon Monitor-startup-Explorer => c:\program files (x86)\common files\Chameleon Manager\monitor.exe [2015-02-10] (NeoSoft Tools)
Task: {A549169A-D962-4B64-81D2-C964B9449C9A} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2016-10-25] (NVIDIA Corporation)
Task: {AA5D7753-F298-4993-9145-8B2B5CC146AF} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-925185676-1098965860-4220522822-1001UA => C:\Users\Explorer\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2016-11-05] (Dropbox, Inc.)
Task: {CA479769-6B76-4C74-B358-67423E5E14AE} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2016-10-25] (NVIDIA Corporation)
Task: {D3E94B6F-E162-41ED-A78D-49068CC7ED23} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2016-10-25] (NVIDIA Corporation)
Task: {DAAEF8CA-94B0-46E6-94ED-FDC4B3E4AF4A} - System32\Tasks\{2F3CCF69-1646-4DB0-AFD2-72E35FF466E2} => Chrome.exe hxxp://ui.skype.com/ui/0/6.18.0.106/ru/abandoninstall?page=tsMain
Task: {DDB4C5BF-2FE1-41E1-8D6F-FE99673976A4} - System32\Tasks\{CA56EAE6-5E60-454F-8EE2-3825A791791D} => pcalua.exe -a C:\Users\Explorer\Downloads\Programs\CardReader_JMicron_W7_A01_TKH3F_ZPE.exe -d C:\Users\Explorer\AppData\Roaming\IDM
Task: {E050D551-CEF3-49EA-B469-70424D4A805A} - System32\Tasks\Opera scheduled Autoupdate 1408935599 => C:\Program Files (x86)\Opera\launcher.exe
Task: {E2DB1668-3E8B-457C-AF8E-95E39708C96A} - System32\Tasks\{2090741D-AF19-4C0D-987B-D5AD2CA171A4} => pcalua.exe -a "H:\Games\Teenage Mutant Ninja Turtles\TMNT.EXE" -d "H:\Games\Teenage Mutant Ninja Turtles"
Task: {E51F8CD2-3D68-4A05-B85C-9933D704E00E} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2015-07-31] (Microsoft Corporation)
Task: {FCC01015-90D3-40BB-A7B7-FB8C342A9385} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-925185676-1098965860-4220522822-1001Core1d0411f110ceba0 => C:\Users\Explorer\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-925185676-1098965860-4220522822-1001Core.job => C:\Users\Explorer\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-925185676-1098965860-4220522822-1001UA.job => C:\Users\Explorer\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-925185676-1098965860-4220522822-1001Core.job => C:\Users\Explorer\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cf6986c118e050.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d0001d73c8b334.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-925185676-1098965860-4220522822-1001Core1cfd791cbe00d3.job => C:\Users\Explorer\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-925185676-1098965860-4220522822-1001Core1cfed3dadc0292f.job => C:\Users\Explorer\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-925185676-1098965860-4220522822-1001Core1cffedb14d73815.job => C:\Users\Explorer\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

Shortcut: C:\Users\Explorer\Favorites\FileOptimizer Home Page.lnk -> hxxp://nikkhokkho.sourceforge.net/static.php?page=FileOptimize
Shortcut: C:\Users\Explorer\Favorites\NCH Software Download Site.lnk -> hxxp://www.nch.com.au/index.htm
Shortcut: C:\Users\Explorer\Dropbox\Равиль\для меня.lnk -> C:\Users\\Documents\для меня (No File) <===== Cyrillic
Shortcut: C:\Users\Explorer\Desktop\Домашняя бухгалтерия 5.lnk -> C:\Program Files (x86)\Keepsoft\HomeBuh5\HomeBuh5.exe (Keepsoft) <===== Cyrillic
Shortcut: C:\Users\Explorer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Yamb 2.1.0.0 beta 2\Yamb - Website.lnk -> hxxp://yamb.unite-video.com

ShortcutWithArgument: C:\Users\Explorer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\WorkFlowy.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=koegeopamaoljbmhnfjbclbocehhgmkm
ShortcutWithArgument: C:\Users\Explorer\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\aeea6001c9fdcab9\Click&Clean.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=ghgabhipcejejjmhhchfonmamedcbeod
ShortcutWithArgument: C:\Users\Explorer\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\a3a1d6b8109861c5\Hangouts.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=nckgahadagoaajjgafhacjanaoiihapd
ShortcutWithArgument: C:\Users\Explorer\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\5a7f1fc1149619d6\Epic Privacy Browser.lnk -> C:\Users\Explorer\AppData\Local\Epic Privacy Browser\Application\epic.exe (Hidden Reflex) -> --profile-directory=Default

==================== Loaded Modules (Whitelisted) ==============

2016-01-06 00:28 - 2016-01-06 00:28 - 00269312 _____ () C:\Program Files (x86)\Droid4X\Droid4XService.exe
2013-05-08 14:17 - 2013-05-08 14:17 - 00082144 _____ () C:\Program Files (x86)\HDD Regenerator\hrsrv.exe
2016-11-14 19:00 - 2012-05-12 01:27 - 00473088 _____ () C:\Program Files (x86)\NetTime\NetTimeService.exe
2016-04-11 02:14 - 2016-10-25 15:17 - 00133056 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2015-11-25 18:09 - 2015-11-25 18:09 - 12462784 _____ () C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe
2015-01-13 22:03 - 2014-08-19 14:12 - 01356568 _____ () C:\Program Files\Tablet\Pen\libxml2.dll
2016-01-22 13:55 - 2016-01-22 13:55 - 00553136 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
2014-05-01 09:13 - 2016-07-21 00:01 - 00592384 _____ () C:\Users\Explorer\AppData\Local\MEGAsync\ShellExtX64.dll
2012-05-11 00:23 - 2012-05-11 00:23 - 00204800 _____ () c:\Windows\System32\iMobileDisk.dll
2016-02-09 20:56 - 2016-02-09 20:56 - 00179888 _____ () C:\Program Files\Mindjet\MindManager 16\zlib64.dll
2015-06-01 13:00 - 2015-06-01 13:00 - 00102912 _____ () C:\Windows\System32\IccLibDll_x64.dll
2015-11-13 07:19 - 2015-11-13 07:19 - 03097640 _____ () C:\Program Files\Rainlendar2\Rainlendar2.exe
2014-04-28 01:19 - 2014-04-28 01:19 - 00184320 _____ () C:\Program Files\Rainlendar2\lua52.dll
2015-11-13 04:51 - 2015-11-13 04:51 - 00330240 _____ () C:\Program Files\Rainlendar2\libical.dll
2015-11-13 04:51 - 2015-11-13 04:51 - 00060928 _____ () C:\Program Files\Rainlendar2\libicalss.dll
2015-11-13 07:19 - 2015-11-13 07:19 - 00075816 _____ () C:\Program Files\Rainlendar2\plugins\iCalendarPlugin.dll
2014-04-28 01:19 - 2014-04-28 01:19 - 00015872 _____ () C:\Program Files\Rainlendar2\lfs.dll
2016-09-15 12:13 - 2016-09-15 12:13 - 03412936 _____ () D:\Program Files\ACD Systems\ACDSee Pro\10.0\ACDSeeCommanderPro10.exe
2009-10-19 06:47 - 2009-10-19 06:47 - 00210400 _____ () C:\Program Files (x86)\WebMoney Agent\wmagent.exe
2016-11-14 19:00 - 2012-05-12 09:28 - 00772096 _____ () C:\Program Files (x86)\NetTime\NetTime.exe
2016-07-28 13:45 - 2016-07-08 09:57 - 00082624 _____ () C:\Program Files\EaseUS\EaseUS Data Recovery Wizard\PubLog.dll
2016-07-28 13:46 - 2016-07-08 09:57 - 00528576 _____ () C:\Program Files\EaseUS\EaseUS Data Recovery Wizard\uexper64.dll
2016-07-28 13:45 - 2016-07-08 09:57 - 01102016 _____ () C:\Program Files\EaseUS\EaseUS Data Recovery Wizard\EUNTFSSearchDLL.dll
2015-06-17 15:23 - 2015-06-17 15:23 - 03691296 _____ () C:\Program Files\Kutools for Excel\KTEHelper64.dll
2015-06-17 15:23 - 2015-06-17 15:23 - 09507616 _____ () C:\Program Files\Kutools for Excel\KTELoader64.dll
2015-06-17 15:23 - 2015-06-17 15:23 - 06442784 _____ () C:\Program Files\Kutools for Excel\Pane\PaneforKutools64.dll
2016-07-07 15:57 - 2016-07-07 15:57 - 00752520 _____ () C:\Program Files\Google\Drive plugin for Office\adxloader64.dll
2016-09-17 10:48 - 2016-09-17 10:48 - 00569536 _____ () C:\Program Files\Adobe\Adobe Lightroom\AgKernel.dll
2016-09-17 10:49 - 2016-09-17 10:49 - 53322944 _____ () C:\Program Files\Adobe\Adobe Lightroom\libcef.dll
2016-09-17 10:49 - 2016-09-17 10:49 - 00730816 _____ () C:\Program Files\Adobe\Adobe Lightroom\WFCore.dll
2016-09-17 10:49 - 2016-09-17 10:49 - 00242368 _____ () C:\Program Files\Adobe\Adobe Lightroom\WFSQLite.dll
2016-09-17 10:49 - 2016-09-17 10:49 - 00095424 _____ () C:\Program Files\Adobe\Adobe Lightroom\WFWeb.dll
2016-09-17 10:49 - 2016-09-17 10:49 - 01164480 _____ () C:\Program Files\Adobe\Adobe Lightroom\WFOzClient.dll
2016-09-17 10:49 - 2016-09-17 10:49 - 00024768 _____ () C:\Program Files\Adobe\Adobe Lightroom\LightroomModels.dll
2016-09-17 10:48 - 2016-09-17 10:48 - 03505344 _____ () C:\Program Files\Adobe\Adobe Lightroom\Helpers\DynamicLinkMediaServer\dynamiclinkmediaserver\1.0\DNxHDCodec.dll
2015-01-30 20:20 - 2015-01-30 20:20 - 02299392 _____ () C:\Program Files\Adobe\Common\Plug-ins\7.0\MediaCore\Ogg.prm
2015-05-20 04:00 - 2014-03-07 12:27 - 01917952 _____ () C:\Program Files\Adobe\Common\Plug-ins\7.0\MediaCore\Theora.prm
2016-10-17 15:41 - 2016-10-17 15:41 - 03117056 _____ () C:\Program Files\Adobe\Common\Plug-ins\7.0\MediaCore\WebM.prm
2016-09-17 10:48 - 2016-09-17 10:48 - 00117440 _____ () C:\Program Files\Adobe\Adobe Lightroom\Helpers\DynamicLinkMediaServer\dynamiclinkmediaserver\1.0\Plug-ins\XMPFiles\MP4OEM_Handler.xpi
2015-12-04 05:32 - 2017-02-03 03:10 - 10242128 _____ () C:\Program Files\Gramblr\gramblr.exe
2010-07-14 23:44 - 2010-07-14 23:44 - 00020032 _____ () C:\Program Files\Unlocker\UnlockerCOM.dll
2016-05-29 18:34 - 2014-12-19 10:56 - 03806720 _____ () C:\Program Files\JPEG Lossless Rotator\contmenu.dll
2015-07-22 14:33 - 2015-01-12 03:20 - 00429056 _____ () C:\Program Files (x86)\ImBatch\ImBatchContextMenuHandler-X64.dll
2016-11-27 12:55 - 2016-11-27 12:55 - 00230064 _____ () C:\Program Files (x86)\Notepad++\NppShell_06.dll
2013-09-13 19:51 - 2013-09-13 19:51 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2013-09-13 19:51 - 2013-09-13 19:51 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2015-11-25 18:09 - 2015-11-25 18:09 - 01301696 _____ () C:\Program Files (x86)\VMware\VMware Workstation\libxml2.dll
2015-11-25 18:09 - 2015-11-25 18:09 - 00165056 _____ () C:\Program Files (x86)\VMware\VMware Workstation\nfc-types.dll
2015-11-25 18:09 - 2015-11-25 18:09 - 00191680 _____ () C:\Program Files (x86)\VMware\VMware Workstation\LIBEXPAT.dll
2015-11-25 18:09 - 2015-11-25 18:09 - 00388800 _____ () C:\Program Files (x86)\VMware\VMware Workstation\ssoClient.dll
2013-12-08 16:49 - 2013-09-16 14:20 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2012-06-26 13:11 - 2012-06-26 13:11 - 02302040 _____ () C:\Program Files (x86)\Nokia\Nokia PC Suite 7\QtCore4.dll
2012-06-26 13:11 - 2012-06-26 13:11 - 08197208 _____ () C:\Program Files (x86)\Nokia\Nokia PC Suite 7\QtGui4.dll
2012-06-26 13:11 - 2012-06-26 13:11 - 00345688 _____ () C:\Program Files (x86)\Nokia\Nokia PC Suite 7\QtXml4.dll
2012-06-26 13:10 - 2012-06-26 13:10 - 00202328 _____ () C:\Program Files (x86)\Nokia\Nokia PC Suite 7\imageformats\qjpeg4.dll
2012-06-26 13:10 - 2012-06-26 13:10 - 00027736 _____ () C:\Program Files (x86)\Nokia\Nokia PC Suite 7\imageformats\qsvg4.dll
2012-06-26 13:11 - 2012-06-26 13:11 - 00282200 _____ () C:\Program Files (x86)\Nokia\Nokia PC Suite 7\QtSvg4.dll
2017-02-02 19:34 - 2017-01-30 09:12 - 00801600 _____ () C:\Users\Explorer\AppData\Roaming\Dropbox\bin\dropbox_watchdog.dll
2017-02-02 19:35 - 2017-01-13 18:53 - 00035792 _____ () C:\Users\Explorer\AppData\Roaming\Dropbox\bin\_multiprocessing.pyd
2017-02-02 19:35 - 2017-01-13 18:53 - 00100296 _____ () C:\Users\Explorer\AppData\Roaming\Dropbox\bin\_ctypes.pyd
2017-02-02 19:35 - 2017-01-13 18:53 - 00018888 _____ () C:\Users\Explorer\AppData\Roaming\Dropbox\bin\select.pyd
2017-02-02 19:35 - 2017-01-30 09:14 - 00019776 _____ () C:\Users\Explorer\AppData\Roaming\Dropbox\bin\tornado.speedups.pyd
2017-02-02 19:35 - 2017-01-13 18:53 - 00694224 _____ () C:\Users\Explorer\AppData\Roaming\Dropbox\bin\unicodedata.pyd
2017-02-02 19:34 - 2017-01-30 09:14 - 00020824 _____ () C:\Users\Explorer\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._constant_time.pyd
2017-02-02 19:35 - 2017-01-13 18:54 - 00123856 _____ () C:\Users\Explorer\AppData\Roaming\Dropbox\bin\_cffi_backend.pyd
2017-02-02 19:34 - 2017-01-30 09:14 - 01682768 _____ () C:\Users\Explorer\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._openssl.pyd
2017-02-02 19:34 - 2017-01-30 09:14 - 00020816 _____ () C:\Users\Explorer\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._padding.pyd
2017-02-02 19:34 - 2017-01-13 18:53 - 00145864 _____ () C:\Users\Explorer\AppData\Roaming\Dropbox\bin\pyexpat.pyd
2017-02-02 19:34 - 2017-01-13 18:54 - 00019408 _____ () C:\Users\Explorer\AppData\Roaming\Dropbox\bin\faulthandler.pyd
2017-02-02 19:35 - 2017-01-13 18:53 - 00116688 _____ () C:\Users\Explorer\AppData\Roaming\Dropbox\bin\pywintypes27.dll
2017-02-02 19:35 - 2017-01-13 18:56 - 00105928 _____ () C:\Users\Explorer\AppData\Roaming\Dropbox\bin\win32api.pyd
2017-02-02 19:35 - 2017-01-30 09:14 - 00022864 _____ () C:\Users\Explorer\AppData\Roaming\Dropbox\bin\winffi.crt.compiled._winffi_crt.pyd
2017-02-02 19:34 - 2017-01-30 09:14 - 00052544 _____ () C:\Users\Explorer\AppData\Roaming\Dropbox\bin\psutil._psutil_windows.pyd
2017-02-02 19:34 - 2017-01-30 09:14 - 00038712 _____ () C:\Users\Explorer\AppData\Roaming\Dropbox\bin\fastpath.pyd
2017-02-02 19:35 - 2017-01-13 18:53 - 00392144 _____ () C:\Users\Explorer\AppData\Roaming\Dropbox\bin\pythoncom27.dll
2017-02-02 19:34 - 2017-01-13 18:56 - 00020936 _____ () C:\Users\Explorer\AppData\Roaming\Dropbox\bin\mmapfile.pyd
2017-02-02 19:35 - 2017-01-13 18:56 - 00024528 _____ () C:\Users\Explorer\AppData\Roaming\Dropbox\bin\win32event.pyd
2017-02-02 19:35 - 2017-01-13 18:57 - 00116176 _____ () C:\Users\Explorer\AppData\Roaming\Dropbox\bin\win32security.pyd
2017-02-02 19:35 - 2017-01-30 09:14 - 00381760 _____ () C:\Users\Explorer\AppData\Roaming\Dropbox\bin\win32com.shell.shell.pyd
2017-02-02 19:35 - 2017-01-13 18:56 - 00124880 _____ () C:\Users\Explorer\AppData\Roaming\Dropbox\bin\win32file.pyd
2017-02-02 19:35 - 2017-01-30 09:14 - 00026456 _____ () C:\Users\Explorer\AppData\Roaming\Dropbox\bin\winffi.kernel32.compiled._winffi_kernel32.pyd
2017-02-02 19:35 - 2017-01-13 18:56 - 00024016 _____ () C:\Users\Explorer\AppData\Roaming\Dropbox\bin\win32clipboard.pyd
2017-02-02 19:35 - 2017-01-13 18:56 - 00175560 _____ () C:\Users\Explorer\AppData\Roaming\Dropbox\bin\win32gui.pyd
2017-02-02 19:35 - 2017-01-13 18:57 - 00030160 _____ () C:\Users\Explorer\AppData\Roaming\Dropbox\bin\win32pipe.pyd
2017-02-02 19:35 - 2017-01-13 18:57 - 00043472 _____ () C:\Users\Explorer\AppData\Roaming\Dropbox\bin\win32process.pyd
2017-02-02 19:35 - 2017-01-13 18:57 - 00048592 _____ () C:\Users\Explorer\AppData\Roaming\Dropbox\bin\win32service.pyd
2017-02-02 19:35 - 2017-01-13 18:56 - 00057808 _____ () C:\Users\Explorer\AppData\Roaming\Dropbox\bin\win32evtlog.pyd
2017-02-02 19:35 - 2017-01-13 18:57 - 00024016 _____ () C:\Users\Explorer\AppData\Roaming\Dropbox\bin\win32profile.pyd
2017-02-02 19:34 - 2017-01-30 09:14 - 00246608 _____ () C:\Users\Explorer\AppData\Roaming\Dropbox\bin\breakpad.client.windows.handler.pyd
2017-02-02 19:34 - 2017-01-30 09:14 - 00027488 _____ () C:\Users\Explorer\AppData\Roaming\Dropbox\bin\dropbox.infinite.win.compiled._driverinstallation.pyd
2017-02-02 19:35 - 2017-01-13 18:55 - 00241104 _____ () C:\Users\Explorer\AppData\Roaming\Dropbox\bin\_jpegtran.pyd
2017-02-02 19:34 - 2017-01-30 09:14 - 00022336 _____ () C:\Users\Explorer\AppData\Roaming\Dropbox\bin\cpuid.compiled._cpuid.pyd
2017-02-02 19:35 - 2017-01-13 18:57 - 00028616 _____ () C:\Users\Explorer\AppData\Roaming\Dropbox\bin\win32ts.pyd
2017-02-02 19:34 - 2017-01-30 09:14 - 01826104 _____ () C:\Users\Explorer\AppData\Roaming\Dropbox\bin\PyQt5.QtCore.pyd
2017-02-02 19:35 - 2017-01-13 18:54 - 00083912 _____ () C:\Users\Explorer\AppData\Roaming\Dropbox\bin\sip.pyd
2017-02-02 19:34 - 2017-01-30 09:14 - 01972536 _____ () C:\Users\Explorer\AppData\Roaming\Dropbox\bin\PyQt5.QtGui.pyd
2017-02-02 19:35 - 2017-01-30 09:14 - 03928896 _____ () C:\Users\Explorer\AppData\Roaming\Dropbox\bin\PyQt5.QtWidgets.pyd
2017-02-02 19:34 - 2017-01-30 09:14 - 00531264 _____ () C:\Users\Explorer\AppData\Roaming\Dropbox\bin\PyQt5.QtNetwork.pyd
2017-02-02 19:35 - 2017-01-30 09:14 - 00025432 _____ () C:\Users\Explorer\AppData\Roaming\Dropbox\bin\winscreenshot.compiled._CaptureScreenshot.pyd
2017-02-02 19:35 - 2017-01-30 09:14 - 00133432 _____ () C:\Users\Explorer\AppData\Roaming\Dropbox\bin\PyQt5.QtWebKit.pyd
2017-02-02 19:35 - 2017-01-30 09:14 - 00224064 _____ () C:\Users\Explorer\AppData\Roaming\Dropbox\bin\PyQt5.QtWebKitWidgets.pyd
2017-02-02 19:34 - 2017-01-30 09:14 - 00207680 _____ () C:\Users\Explorer\AppData\Roaming\Dropbox\bin\PyQt5.QtPrintSupport.pyd
2017-02-02 19:35 - 2017-01-30 09:14 - 00021840 _____ () C:\Users\Explorer\AppData\Roaming\Dropbox\bin\winffi.user32.compiled._winffi_user32.pyd
2017-02-02 19:35 - 2017-01-30 09:14 - 00022872 _____ () C:\Users\Explorer\AppData\Roaming\Dropbox\bin\winffi.iphlpapi.compiled._winffi_iphlpapi.pyd
2017-02-02 19:35 - 2017-01-30 09:14 - 00021848 _____ () C:\Users\Explorer\AppData\Roaming\Dropbox\bin\winffi.winerror.compiled._winffi_winerror.pyd
2017-02-02 19:35 - 2017-01-30 09:14 - 00022872 _____ () C:\Users\Explorer\AppData\Roaming\Dropbox\bin\winffi.wininet.compiled._winffi_wininet.pyd
2017-02-02 19:35 - 2017-01-13 18:57 - 00350152 _____ () C:\Users\Explorer\AppData\Roaming\Dropbox\bin\winxpgui.pyd
2017-02-02 19:35 - 2017-01-30 09:14 - 00103232 _____ () C:\Users\Explorer\AppData\Roaming\Dropbox\bin\PyQt5.QtWinExtras.pyd
2017-02-02 19:35 - 2017-01-30 09:14 - 00023896 _____ () C:\Users\Explorer\AppData\Roaming\Dropbox\bin\winverifysignature.compiled._VerifySignature.pyd
2017-02-02 19:34 - 2017-01-30 09:14 - 00025936 _____ () C:\Users\Explorer\AppData\Roaming\Dropbox\bin\librsyncffi.compiled._librsyncffi.pyd
2017-02-02 19:34 - 2017-01-13 18:51 - 00036296 _____ () C:\Users\Explorer\AppData\Roaming\Dropbox\bin\librsync.dll
2017-02-02 19:34 - 2017-01-30 09:14 - 00084288 _____ () C:\Users\Explorer\AppData\Roaming\Dropbox\bin\dropbox_sqlite_ext.DLL
2017-02-02 19:34 - 2017-01-13 19:02 - 00017864 _____ () C:\Users\Explorer\AppData\Roaming\Dropbox\bin\libEGL.dll
2017-02-02 19:34 - 2017-01-13 19:02 - 01631184 _____ () C:\Users\Explorer\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2017-02-02 19:35 - 2017-01-30 09:14 - 00042816 _____ () C:\Users\Explorer\AppData\Roaming\Dropbox\bin\PyQt5.QtWebChannel.pyd
2017-02-02 19:35 - 2017-01-30 09:14 - 00171336 _____ () C:\Users\Explorer\AppData\Roaming\Dropbox\bin\PyQt5.QtWebEngineWidgets.pyd
2017-02-02 19:34 - 2017-01-30 09:14 - 00357688 _____ () C:\Users\Explorer\AppData\Roaming\Dropbox\bin\PyQt5.QtQml.pyd
2017-02-02 19:35 - 2017-01-13 18:57 - 00060880 _____ () C:\Users\Explorer\AppData\Roaming\Dropbox\bin\win32print.pyd
2017-02-02 19:35 - 2017-01-30 09:14 - 00026456 _____ () C:\Users\Explorer\AppData\Roaming\Dropbox\bin\winffi.winhttp.compiled._winffi_winhttp.pyd
2017-02-02 19:34 - 2017-01-30 09:14 - 00546104 _____ () C:\Users\Explorer\AppData\Roaming\Dropbox\bin\PyQt5.QtQuick.pyd
2017-02-02 19:35 - 2017-01-13 19:04 - 00697304 _____ () C:\Users\Explorer\AppData\Roaming\Dropbox\bin\QtQuick\Controls\qtquickcontrolsplugin.dll
2014-12-30 11:12 - 2014-10-31 16:40 - 01498112 _____ () C:\Program Files (x86)\Common Files\iSkysoft\iSkysoft Helper Compact\DAQExp.dll
2014-12-30 11:12 - 2014-05-19 17:19 - 00137728 _____ () C:\Program Files (x86)\Common Files\iSkysoft\iSkysoft Helper Compact\CBSCreateVC.dll
2016-01-28 12:32 - 2016-01-28 12:32 - 40523456 _____ () C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\CEF\libcef.dll
2016-05-09 15:31 - 2014-09-11 18:09 - 01498112 _____ () C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\DAQExp.dll
2016-05-09 15:31 - 2014-05-19 17:19 - 00137728 _____ () C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\CBSCreateVC.dll
2017-01-13 00:02 - 2016-07-04 13:13 - 15137792 _____ () C:\Windows\SYSTEM32\hlfontlib.dll
2016-11-15 06:27 - 2016-11-15 06:27 - 08911552 _____ () C:\Program Files (x86)\Microsoft Office\Office16\1033\GrooveIntlResource.dll
2014-05-01 09:15 - 2016-07-21 00:01 - 00564224 _____ () C:\Users\Explorer\AppData\Local\MEGAsync\ShellExtX32.dll
2016-12-15 00:20 - 2016-12-08 02:29 - 01829208 _____ () C:\Program Files (x86)\Google\Chrome\Application\55.0.2883.87\libglesv2.dll
2016-12-15 00:20 - 2016-12-08 02:29 - 00085848 _____ () C:\Program Files (x86)\Google\Chrome\Application\55.0.2883.87\libegl.dll
2017-01-11 14:14 - 2017-01-11 14:14 - 17835096 _____ () C:\Users\Explorer\AppData\Local\Google\Chrome\User Data\PepperFlash\24.0.0.194\pepflashplayer.dll
2016-09-21 15:40 - 2016-09-21 15:40 - 55719424 _____ () C:\Program Files (x86)\eM Client\libcef.DLL
2016-09-21 15:39 - 2016-09-21 15:39 - 00871936 _____ () C:\Program Files (x86)\eM Client\SQLite\x86\sqlite3.dll
2016-10-03 02:02 - 2016-08-31 03:41 - 00301056 _____ () C:\Program Files (x86)\Common Files\Solveig Multimedia\libebml.dll
2016-10-03 02:02 - 2016-08-31 03:42 - 00433152 _____ () C:\Program Files (x86)\Common Files\Solveig Multimedia\libmatroska.dll
2016-02-25 21:06 - 2016-02-25 21:06 - 00797184 _____ () D:\Program Files (x86)\Audials\Audials 2016\ac3filter.ax
2013-12-17 17:38 - 2008-12-19 12:26 - 02625536 _____ () C:\Program Files (x86)\Cucusoft\iPhone Tool Kits\Filter\ffdshow.ax
2016-05-22 16:39 - 2016-04-18 09:01 - 00268080 _____ () C:\Program Files (x86)\Ashampoo\Ashampoo Snap 9\CrashRpt1403.dll
2016-05-22 16:39 - 2016-04-18 09:01 - 00085296 _____ () C:\Program Files (x86)\Ashampoo\Ashampoo Snap 9\MouseHook.dll
2015-03-15 23:22 - 2013-06-09 18:18 - 00204800 _____ () C:\Program Files (x86)\Notepad++\plugins\ComparePlugin.dll
2016-11-27 12:55 - 2016-11-27 12:55 - 00021680 _____ () C:\Program Files (x86)\Notepad++\plugins\NppExport.dll
2014-01-06 18:42 - 2016-08-20 14:36 - 02873856 _____ () C:\Program Files (x86)\Notepad++\plugins\NppFTP.dll
2002-12-21 00:41 - 2002-12-21 00:41 - 01364823 _____ () D:\Program Files (x86)\Aspell\bin\aspell-15.dll
2014-10-03 17:40 - 2014-08-05 14:02 - 00014848 _____ () D:\Multitran\network\RusRes.DLL
2015-12-23 18:58 - 2015-12-23 18:58 - 02967040 _____ () C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\imgseg\x86\imgseg.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:41ADDB8A [131]
AlternateDataStreams: C:\ProgramData\TEMP:A064CECC [144]
AlternateDataStreams: C:\ProgramData\TEMP:B755D674 [194]
AlternateDataStreams: C:\ProgramData\TEMP5FBE8F9 [157]
AlternateDataStreams: C:\Users\Public\DRM:احتضان [48]
AlternateDataStreams: C:\Users\Explorer\Desktop\Inner-Light.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Explorer\Downloads\Keygen-MESMERiZE.rar:$CmdTcID [64]
AlternateDataStreams: C:\Users\Explorer\Downloads\Keygen-MESMERiZE.rar:$CmdZnID [26]
AlternateDataStreams: C:\Users\Explorer\Downloads\pijano (mastered).mp3:$CmdTcID [64]
AlternateDataStreams: C:\Users\Explorer\Downloads\pijano (mastered).mp3:$CmdZnID [26]
AlternateDataStreams: C:\Users\Explorer\Downloads\pocket.crx:$CmdZnID [26]
AlternateDataStreams: C:\Users\Explorer\Downloads\Reset_antispam_0.3.1.7z:$CmdZnID [26]
AlternateDataStreams: C:\Users\Explorer\Downloads\rokcandy-2.0.1 (1).zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\Explorer\Downloads\root.crt:$CmdZnID [26]
AlternateDataStreams: C:\Users\Explorer\Downloads\root.der:$CmdZnID [26]
AlternateDataStreams: C:\Users\Explorer\Downloads\You Will Not Face This Alone.mp3:$CmdTcID [64]
AlternateDataStreams: C:\Users\Explorer\Downloads\You Will Not Face This Alone.mp3:$CmdZnID [26]
AlternateDataStreams: C:\Users\Explorer\Downloads\[kickass.so]hotline.miami.update.3.gog.torrent:$CmdZnID [26]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRkrn => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRSVC => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

HKU\.DEFAULT\Software\Classes\exefile: "%1" %* <===== ATTENTION
HKU\.DEFAULT\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-925185676-1098965860-4220522822-1001\...\a-k-d.ru -> hxxps://a-k-d.ru
IE trusted site: HKU\S-1-5-21-925185676-1098965860-4220522822-1001\...\a-k-d.ru -> hxxp://a-k-d.ru
IE trusted site: HKU\S-1-5-21-925185676-1098965860-4220522822-1001\...\a-practic.ru -> hxxps://a-practic.ru
IE trusted site: HKU\S-1-5-21-925185676-1098965860-4220522822-1001\...\admkrsk.ru -> hxxps://torgi.admkrsk.ru
IE trusted site: HKU\S-1-5-21-925185676-1098965860-4220522822-1001\...\admkrsk.ru -> hxxp://torgi.admkrsk.ru
IE trusted site: HKU\S-1-5-21-925185676-1098965860-4220522822-1001\...\ahml.ru -> hxxps://ahml.ru
IE trusted site: HKU\S-1-5-21-925185676-1098965860-4220522822-1001\...\ahml.ru -> hxxp://ahml.ru
IE trusted site: HKU\S-1-5-21-925185676-1098965860-4220522822-1001\...\akosta.info -> hxxps://akosta.info
IE trusted site: HKU\S-1-5-21-925185676-1098965860-4220522822-1001\...\akosta.info -> hxxp://akosta.info
IE trusted site: HKU\S-1-5-21-925185676-1098965860-4220522822-1001\...\alfalot.ru -> hxxps://alfalot.ru
IE trusted site: HKU\S-1-5-21-925185676-1098965860-4220522822-1001\...\alfalot.ru -> hxxp://alfalot.ru
IE trusted site: HKU\S-1-5-21-925185676-1098965860-4220522822-1001\...\asgor.su -> hxxps://etp.asgor.su
IE trusted site: HKU\S-1-5-21-925185676-1098965860-4220522822-1001\...\asgor.su -> hxxp://etp.asgor.su
IE trusted site: HKU\S-1-5-21-925185676-1098965860-4220522822-1001\...\atctrade.ru -> hxxps://atctrade.ru
IE trusted site: HKU\S-1-5-21-925185676-1098965860-4220522822-1001\...\atctrade.ru -> hxxp://atctrade.ru
IE trusted site: HKU\S-1-5-21-925185676-1098965860-4220522822-1001\...\ati.su -> hxxps://d.ati.su
IE trusted site: HKU\S-1-5-21-925185676-1098965860-4220522822-1001\...\ati.su -> hxxp://d.ati.su
IE trusted site: HKU\S-1-5-21-925185676-1098965860-4220522822-1001\...\atlasnw.ru -> hxxps://atlasnw.ru
IE trusted site: HKU\S-1-5-21-925185676-1098965860-4220522822-1001\...\auction63.ru -> hxxps://auction63.ru
IE trusted site: HKU\S-1-5-21-925185676-1098965860-4220522822-1001\...\auction63.ru -> hxxp://auction63.ru

There are 161 more sites.


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-09-06 03:56 - 2016-12-29 12:35 - 00002033 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 lmlicenses.wip4.adobe.com # Adobe Activation
127.0.0.1 lm.licenses.adobe.com # Adobe Activation
127.0.0.1 na1r.services.adobe.com # Adobe Activation
127.0.0.1 hlrcv.stage.adobe.com # Adobe Activation
127.0.0.1 practivate.adobe.com # Adobe Activation
127.0.0.1 activate.adobe.com # Adobe Activation
127.0.0.1 player.kmpmedia.net # Disable adv. in KMPlayer
127.0.0.1 sams.nikonimaging.com
127.0.0.1 activation.cloud.techsmith.com
127.0.0.1 oscount.techsmith.com
127.0.0.1 updater.techsmith.com
127.0.0.1 camtasiatudi.techsmith.com
127.0.0.1 tsccloud.cloudapp.net
127.0.0.1 assets.cloud.techsmith.com
127.0.0.1 activation.cloud.techsmith.com
127.0.0.1 oscount.techsmith.com
127.0.0.1 licensing.ultraedit.com
127.0.0.1 licensing2.ultraedit.com
127.0.0.1 82.146.58.150 # AntiSniper Voyager
127.0.0.1 licensing.ultraedit.com
127.0.0.1 acdid.acdsystems.com
127.0.0.1 activate.adobe.com
127.0.0.1 practivate.adobe.com
127.0.0.1 lmlicenses.wip4.adobe.com
127.0.0.1 lm.licenses.adobe.com
127.0.0.1 na1r.services.adobe.com
127.0.0.1 hlrcv.stage.adobe.com
127.0.0.1 activate-sea.adobe.com
127.0.0.1 activate-sjc0.adobe.com
127.0.0.1 ereg.adobe.com

There are 13 more lines.


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-925185676-1098965860-4220522822-1001\Control Panel\Desktop\\Wallpaper -> D:\Ivan Tours\01.jpg
DNS Servers: 200.48.225.130 - 200.48.225.146
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: ) (ConsentPromptBehaviorUser: ) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

HKLM\...\StartupApproved\Run32: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "QuickTime Task"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => LPort=139
FirewallRules: [TCP Query User{3BB22699-BF48-4579-A7DB-18EFA59FBF90}C:\program files (x86)\miranda im\miranda32.exe] => C:\program files (x86)\miranda im\miranda32.exe
FirewallRules: [UDP Query User{3B99E38B-965B-4DA8-B7E9-A04D67ECD3DC}C:\program files (x86)\miranda im\miranda32.exe] => C:\program files (x86)\miranda im\miranda32.exe
FirewallRules: [{79EA95A0-F365-4341-9F2C-6187DE252A4E}] => C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{254E2A50-690C-4C77-9130-D41659FF188D}] => C:\Users\Explorer\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{80FE8B9B-44B1-411D-AB9A-841C3BFD7A53}] => C:\Users\Explorer\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{03B81AE2-5B4B-4E25-9235-55BD36D99DDC}] => C:\Users\Explorer\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{A6030441-88B0-44E1-9EB0-48A359D8B7D2}] => C:\Users\Explorer\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{2996E2D0-38F4-45D6-9DFA-087F1CDC700E}] => %ProgramFiles% (x86)\Rosetta Stone\Rosetta Stone TOTALe\RosettaStoneTOTALe.exe
FirewallRules: [{FA265765-90E4-450B-9525-525DABABD0E6}] => %ProgramFiles% (x86)\WinSCP\WinSCP.exe
FirewallRules: [{0C3C898E-5433-45FA-BFE3-AF462F0DA31E}] => %ProgramFiles% (x86)\WinSCP\WinSCP.exe
FirewallRules: [TCP Query User{3F712BE6-AC16-402B-9CA6-B394CADB70C3}C:\program files (x86)\internet download manager\idman.exe] => C:\program files (x86)\internet download manager\idman.exe
FirewallRules: [UDP Query User{A30D5400-0AA6-4557-8328-5227BA3BD591}C:\program files (x86)\internet download manager\idman.exe] => C:\program files (x86)\internet download manager\idman.exe
FirewallRules: [{D36EDD44-9E33-493A-B46F-2D8A00F6DF3E}] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [{A94A54EF-1D2A-485A-B926-05F5A86BAD2C}] => C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{7F330708-61D1-4181-9BF8-994CCA79F140}] => C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{95C70A64-CD75-42CC-AFC9-F81D6AAB1801}] => C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{0F1E1D58-ACA1-46C7-B6F1-0BF8E843BB2B}] => C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{5D4594E3-DA28-4B07-8F2C-798772FC0DA2}] => C:\Program Files (x86)\Fiddler2\Fiddler.exe
FirewallRules: [TCP Query User{DF816B82-B9A4-4401-BCCF-167D918E3DFF}C:\users\Explorer\appdata\local\mobione studio\mobione 2.6.1\mobione.exe] => C:\users\Explorer\appdata\local\mobione studio\mobione 2.6.1\mobione.exe
FirewallRules: [UDP Query User{501BC721-DC3E-4A86-9BAF-AD4E8FEC110D}C:\users\Explorer\appdata\local\mobione studio\mobione 2.6.1\mobione.exe] => C:\users\Explorer\appdata\local\mobione studio\mobione 2.6.1\mobione.exe
FirewallRules: [{4D7A3AFE-2D55-4B6D-B03E-13D9489E5A2F}] => H:\Steam Games\SteamApps\common\Terraria\Terraria.exe
FirewallRules: [{CBDEDD27-68EB-4CB0-BD03-41E066BA2A71}] => H:\Steam Games\SteamApps\common\Terraria\Terraria.exe
FirewallRules: [TCP Query User{D7CA8E8D-8EF3-45B2-9D4A-49B61634B58E}C:\windows\system32\settingsynchost.exe] => C:\windows\system32\settingsynchost.exe
FirewallRules: [UDP Query User{4F52F55C-667C-44EC-B740-2D26FFE92C3A}C:\windows\system32\settingsynchost.exe] => C:\windows\system32\settingsynchost.exe
FirewallRules: [TCP Query User{CF192A0E-3DE8-485F-9402-B81C86964A45}C:\program files\bitcoin\bitcoin-qt.exe] => C:\program files\bitcoin\bitcoin-qt.exe
FirewallRules: [UDP Query User{42049264-9DCB-45B4-B509-11582FE2F4D7}C:\program files\bitcoin\bitcoin-qt.exe] => C:\program files\bitcoin\bitcoin-qt.exe
FirewallRules: [TCP Query User{DC0E8675-3213-4EAE-8569-EEA85CC336E5}C:\program files\jitsi\jitsi.exe] => C:\program files\jitsi\jitsi.exe
FirewallRules: [UDP Query User{D9AFE522-4A72-4B83-8558-C5318B94874A}C:\program files\jitsi\jitsi.exe] => C:\program files\jitsi\jitsi.exe
FirewallRules: [{1835B9E8-C504-42EC-B0F0-A1CC3F69412E}] => C:\Program Files (x86)\Nsasoft\ProductKeyExplorer\ProductKeyExplorer.exe
FirewallRules: [{BC15A39F-55DB-4D55-B70C-9BAD616E3916}] => C:\Program Files (x86)\Nsasoft\ProductKeyExplorer\ProductKeyExplorer.exe
FirewallRules: [{DC30A956-55E6-4EFD-BC39-A98A85A991CD}] => C:\Users\Explorer\AppData\Local\Facebook\Video\Skype\FacebookVideoCalling.exe
FirewallRules: [TCP Query User{40439AB4-5508-4E81-B43B-0740E87A0357}C:\users\Explorer\appdata\local\temp\cp3032020347734session\cptrustfolder3032020347734\adobecaptivatews] => C:\users\Explorer\appdata\local\temp\cp3032020347734session\cptrustfolder3032020347734\adobecaptivatews
FirewallRules: [UDP Query User{4D30EE59-57BC-4914-AA92-06C69D9DB6C3}C:\users\Explorer\appdata\local\temp\cp3032020347734session\cptrustfolder3032020347734\adobecaptivatews] => C:\users\Explorer\appdata\local\temp\cp3032020347734session\cptrustfolder3032020347734\adobecaptivatews
FirewallRules: [TCP Query User{399A0F49-F2BE-4099-A5A3-C29F4C3E8FAF}C:\users\Explorer\appdata\local\temp\cp996420483593session\cptrustfolder996420483593\adobecaptivatews] => C:\users\Explorer\appdata\local\temp\cp996420483593session\cptrustfolder996420483593\adobecaptivatews
FirewallRules: [UDP Query User{BD1E06E7-9A92-4958-B0BB-ECB6210E2597}C:\users\Explorer\appdata\local\temp\cp996420483593session\cptrustfolder996420483593\adobecaptivatews] => C:\users\Explorer\appdata\local\temp\cp996420483593session\cptrustfolder996420483593\adobecaptivatews
FirewallRules: [TCP Query User{12D2FDF4-4A66-4432-90DB-BB8524DCE62B}C:\users\Explorer\appdata\local\temp\cp3001220540515session\cptrustfolder3001220540546\adobecaptivatews] => C:\users\Explorer\appdata\local\temp\cp3001220540515session\cptrustfolder3001220540546\adobecaptivatews
FirewallRules: [UDP Query User{E6A65922-E7E8-44ED-9AA3-D13A25EE95A3}C:\users\Explorer\appdata\local\temp\cp3001220540515session\cptrustfolder3001220540546\adobecaptivatews] => C:\users\Explorer\appdata\local\temp\cp3001220540515session\cptrustfolder3001220540546\adobecaptivatews
FirewallRules: [TCP Query User{E6BE25A8-25D5-4F62-B547-34BECEFC01F0}C:\users\Explorer\appdata\local\temp\cp2960020607296session\cptrustfolder2960020607296\adobecaptivatews] => C:\users\Explorer\appdata\local\temp\cp2960020607296session\cptrustfolder2960020607296\adobecaptivatews
FirewallRules: [UDP Query User{57D45492-073F-479D-B084-350639AD561C}C:\users\Explorer\appdata\local\temp\cp2960020607296session\cptrustfolder2960020607296\adobecaptivatews] => C:\users\Explorer\appdata\local\temp\cp2960020607296session\cptrustfolder2960020607296\adobecaptivatews
FirewallRules: [{5DFA32DB-F20B-4BA9-91A6-571C654F31FE}] => %ProgramFiles% (x86)\Final Draft 9\Final Draft.exe
FirewallRules: [{867B1B76-71CE-4409-8741-7520BDE0C299}] => %ProgramFiles% (x86)\Final Draft 9\Final Draft.exe
FirewallRules: [TCP Query User{CB673008-3B3F-4D9E-BE63-4E0833A2FDA7}C:\users\Explorer\appdata\roaming\twister\bin\twisterd.exe] => C:\users\Explorer\appdata\roaming\twister\bin\twisterd.exe
FirewallRules: [UDP Query User{ED3C8D21-69D0-490D-8F0A-00D69CC7F107}C:\users\Explorer\appdata\roaming\twister\bin\twisterd.exe] => C:\users\Explorer\appdata\roaming\twister\bin\twisterd.exe
FirewallRules: [TCP Query User{0CC99D78-C12F-4118-9B79-17D02760E487}C:\program files (x86)\mirc\mirc.exe] => C:\program files (x86)\mirc\mirc.exe
FirewallRules: [UDP Query User{FB425734-EC38-4231-B018-0C262430CE9C}C:\program files (x86)\mirc\mirc.exe] => C:\program files (x86)\mirc\mirc.exe
FirewallRules: [{7A33F9DB-3235-4DD9-A840-667E92076675}] => LPort=51001
FirewallRules: [{40CA1EC6-912A-41DC-8E99-7103771CB798}] => C:\Program Files (x86)\VoipConnect.com\VoipConnect\VoipConnect.exe
FirewallRules: [{D5CF5821-74C8-4CF9-A422-1CACDC26AD5F}] => C:\Program Files (x86)\VoipConnect.com\VoipConnect\VoipConnect.exe
FirewallRules: [{0422736B-C8A4-45E3-93E0-806D06D0304C}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{9F95353B-5F2E-4FFC-9AA0-89131643B655}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{BBEEEA73-01AD-4A73-AB91-B6B24D215EF7}D:\voyager\voyager.exe] => D:\voyager\voyager.exe
FirewallRules: [UDP Query User{7C94E354-3363-4D10-B751-2CD3EB4B7C0E}D:\voyager\voyager.exe] => D:\voyager\voyager.exe
FirewallRules: [TCP Query User{1F3DECCD-E4EB-46BB-AD8A-E07087796441}C:\program files (x86)\gnaural\gnaural.exe] => C:\program files (x86)\gnaural\gnaural.exe
FirewallRules: [UDP Query User{2E6AF1CF-7599-4417-8BE3-5416C5D202F2}C:\program files (x86)\gnaural\gnaural.exe] => C:\program files (x86)\gnaural\gnaural.exe
FirewallRules: [TCP Query User{F9F7C21E-476F-40FC-9A3E-62ACA3AF4663}C:\program files (x86)\mozilla firefox\firefox.exe] => C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{5E215C76-6104-40EF-A595-3EA090121FFB}C:\program files (x86)\mozilla firefox\firefox.exe] => C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [TCP Query User{77C555E7-86E5-406F-8312-CA6C6BE9F790}C:\program files (x86)\voipconnect.com\voipconnect\voipconnect.exe] => C:\program files (x86)\voipconnect.com\voipconnect\voipconnect.exe
FirewallRules: [UDP Query User{B3254739-5155-48F8-8DC7-BA6C7E926C46}C:\program files (x86)\voipconnect.com\voipconnect\voipconnect.exe] => C:\program files (x86)\voipconnect.com\voipconnect\voipconnect.exe
FirewallRules: [TCP Query User{09903148-27CF-4AF1-9648-C47094636D45}C:\program files\qtox\bin\qtox.exe] => C:\program files\qtox\bin\qtox.exe
FirewallRules: [UDP Query User{8289089B-6593-4E55-B41A-C823755BF3BC}C:\program files\qtox\bin\qtox.exe] => C:\program files\qtox\bin\qtox.exe
FirewallRules: [TCP Query User{0F50CDD5-5887-4561-AF17-54444339ECC8}C:\users\Explorer\appdata\roaming\dropbox\bin\dropbox.exe] => C:\users\Explorer\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{9055331B-C859-4C34-B81C-AE313903A3E6}C:\users\Explorer\appdata\roaming\dropbox\bin\dropbox.exe] => C:\users\Explorer\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [TCP Query User{8C338BBA-A9C9-4E5C-853F-BAF43004FC58}D:\program files\adobe\adobe after effects cc 2014\support files\afterfx.exe] => D:\program files\adobe\adobe after effects cc 2014\support files\afterfx.exe
FirewallRules: [UDP Query User{64BBFF22-59E0-45DC-9611-838C02E47B64}D:\program files\adobe\adobe after effects cc 2014\support files\afterfx.exe] => D:\program files\adobe\adobe after effects cc 2014\support files\afterfx.exe
FirewallRules: [{345127E9-4E97-477E-BD5B-B70EAFA7BC3D}] => C:\Users\Explorer\AppData\Local\Maelstrom\Application\chrome.native.torrent.exe
FirewallRules: [{3C6661B7-1A73-46E5-93E0-892AB0CE47B4}] => C:\Users\Explorer\AppData\Local\Maelstrom\Application\chrome.native.torrent.exe
FirewallRules: [TCP Query User{721D3BB5-094D-494F-A0C3-961143AC6BB3}D:\tox\tox\win64-0.3.0.exe] => D:\tox\tox\win64-0.3.0.exe
FirewallRules: [UDP Query User{7EEB6A27-D15A-422A-87F9-451345F19CFF}D:\tox\tox\win64-0.3.0.exe] => D:\tox\tox\win64-0.3.0.exe
FirewallRules: [TCP Query User{B648B437-6D2E-4D68-AA47-1087B3F73F83}C:\windows\system32\wfs.exe] => C:\windows\system32\wfs.exe
FirewallRules: [UDP Query User{EBB7CFBE-3BEA-4006-9721-91E61C6EEA3A}C:\windows\system32\wfs.exe] => C:\windows\system32\wfs.exe
FirewallRules: [TCP Query User{51437C17-45B6-48BB-93F1-3AF85267782A}C:\program files (x86)\nch software\talk\talk.exe] => C:\program files (x86)\nch software\talk\talk.exe
FirewallRules: [UDP Query User{46082202-F0E8-49D4-9BF3-109B9B6F5AB6}C:\program files (x86)\nch software\talk\talk.exe] => C:\program files (x86)\nch software\talk\talk.exe
FirewallRules: [{9F07EBB1-FFC4-411C-A982-6BC7F5EED943}] => C:\Program Files (x86)\NCH Software\Talk\talk.exe
FirewallRules: [{32675478-1A9A-4F8A-9C85-FF2A4F46C051}] => C:\Program Files (x86)\NCH Software\Talk\talk.exe
FirewallRules: [{F630B317-C17E-4482-9D73-99842C2D152D}] => C:\Program Files (x86)\NCH Software\Talk\talk.exe
FirewallRules: [{10397154-91A9-4409-9488-1B8B2199B9F1}] => C:\Program Files (x86)\NCH Software\Talk\talk.exe
FirewallRules: [{FB395038-D381-4159-9820-D7A618C358BE}] => C:\Program Files (x86)\NCH Software\Talk\talk.exe
FirewallRules: [{2E423A41-E61B-488A-87FD-EA7C2441EA85}] => C:\Program Files (x86)\NCH Software\Talk\talk.exe
FirewallRules: [{915B48F5-32CD-44D1-81AE-D50157835DF4}] => C:\Program Files (x86)\NCH Software\Talk\talk.exe
FirewallRules: [{6D0B7B52-E234-4BCF-9CBE-C2ABBF496491}] => C:\Program Files (x86)\NCH Software\Talk\talk.exe
FirewallRules: [{2418FB47-D6EC-4CF2-AF8B-31B77BCA33F4}] => C:\Program Files (x86)\NCH Software\Talk\talk.exe
FirewallRules: [{B48C2C24-501C-4D0C-AFDE-A0FCF7EBC699}] => C:\Program Files (x86)\NCH Software\Talk\talk.exe
FirewallRules: [{0244CD01-E858-4285-9C1F-4E340908EEAE}] => C:\Program Files (x86)\NCH Software\Talk\talk.exe
FirewallRules: [{AEF16717-0E7C-4094-8AF9-251E3BE0A8A2}] => C:\Program Files (x86)\NCH Software\Talk\talk.exe
FirewallRules: [{E1281ABF-360F-4629-8383-68C80539EF22}] => C:\Program Files (x86)\NCH Software\Talk\talk.exe
FirewallRules: [{E1EFDE54-6F58-4D4B-8252-5DB2DC349213}] => C:\Program Files (x86)\NCH Software\Talk\talk.exe
FirewallRules: [{FA98E4C7-4EEE-4132-8809-96E6EAE6741B}] => C:\Program Files (x86)\NCH Software\Talk\talk.exe
FirewallRules: [{A08EBC77-1A3F-412E-8D02-14E8FFBBD880}] => C:\Program Files (x86)\NCH Software\Talk\talk.exe
FirewallRules: [{4B73B9E1-056E-4716-9EE2-1F0F8BAF1BC5}] => C:\Program Files (x86)\NCH Software\Talk\talk.exe
FirewallRules: [{03FA313F-9544-4C12-9D94-744A9D347AF2}] => C:\Program Files (x86)\NCH Software\Talk\talk.exe
FirewallRules: [{C8A1E3CE-5938-49D1-A2DB-EC9FA3E2906E}] => C:\Program Files (x86)\NCH Software\Talk\talk.exe
FirewallRules: [{1BADFC45-6C4A-484D-B568-71199EB9ED5A}] => C:\Program Files (x86)\NCH Software\Talk\talk.exe
FirewallRules: [{B55E2E3C-7932-42C3-BA60-53DF3E2A76C4}] => C:\Program Files (x86)\NCH Software\Talk\talk.exe
FirewallRules: [{E48E4FDE-EAEC-4785-AE48-4BD35B5547D5}] => C:\Program Files (x86)\NCH Software\Talk\talk.exe
FirewallRules: [{9AA10285-6668-4E9F-9DC3-89631C5D64DB}] => C:\Program Files (x86)\Nero\Nero 2016\Nero Burning ROM\StartNBR.exe
FirewallRules: [{52DD9D6E-9350-4A54-AEA9-8EBCA91836CD}] => C:\Program Files (x86)\Nero\Nero 2016\Nero Burning ROM\nero.exe
FirewallRules: [{F443DA9A-1EB5-4AF2-9C89-65C4C1274514}] => C:\Program Files (x86)\RaidCall.RU\rcplugin.exe
FirewallRules: [{D5F0FECB-75ED-439F-9F35-A58FD9473547}] => C:\Program Files (x86)\RaidCall.RU\rcplugin.exe
FirewallRules: [{EBEAA14F-4E6D-48B7-B979-1367E9B70701}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{4142E781-1FF1-4C20-88F9-C25432B932B6}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{9C1272CD-F8A3-428C-A83C-ED862C617658}] => %ProgramFiles%\IDM Computer Solutions\UltraEdit\Uedit32.exe
FirewallRules: [TCP Query User{F7947EE0-4807-439C-B442-16148C7A229C}C:\users\Explorer\appdata\roaming\haiyuinst\plugins\download\minithunderplatform.exe] => C:\users\Explorer\appdata\roaming\haiyuinst\plugins\download\minithunderplatform.exe
FirewallRules: [{623C63A0-EA81-4734-A5E1-B69D1CD5C73A}] => C:\Program Files (x86)\Droid4X\Droid4X.exe
FirewallRules: [{210DFFC3-F66C-49A0-95FA-FA43BB769DD8}] => C:\Program Files (x86)\Droid4X\download\MiniThunderPlatform.exe
FirewallRules: [{5A3E0959-7B94-40D5-BEAD-819033DE558D}] => C:\Program Files\Oracle\VirtualBox\vboxheadless.exe
FirewallRules: [{D7B7A8ED-788B-41FA-B636-7E7DA290F508}] => C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
FirewallRules: [{A2249D8C-E40E-4F5C-AEA2-1E3BB656E08C}] => C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
FirewallRules: [{1E30FEE0-0EDE-429F-8BDD-484F0CA24A86}] => C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe
FirewallRules: [{998DC954-5916-4181-BC70-65F20328C3F3}] => C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe
FirewallRules: [{54D26489-548D-425E-B852-9A2AC529FFC6}] => %systemroot%\system32\alg.exe
FirewallRules: [{751944FA-3731-4D92-9613-E32FA94238E1}] => C:\Program Files (x86)\Droid4X\MultiMgr.exe
FirewallRules: [{9A7C5B36-69B2-46D6-BF7F-4820321F96CC}] => C:\Program Files (x86)\qBittorrent\qbittorrent.exe
FirewallRules: [{A3748D19-C15E-421D-A689-DE28BE618906}] => C:\Program Files (x86)\qBittorrent\qbittorrent.exe
FirewallRules: [{64D47B7B-FD38-4F90-861C-C9A8C49BEC5D}] => C:\Program Files (x86)\AtomPark\Atomic Mail Verifier\AtomicMailVerifier.exe
FirewallRules: [{A5F37AC1-79D3-46D8-BFA1-70194CB474B7}] => C:\Program Files (x86)\AtomPark\Atomic Mail Verifier\AtomicMailVerifier.exe
FirewallRules: [{04013A99-2C59-4191-B7E3-C4019D896EF0}] => C:\Program Files (x86)\Applian Technologies\Replay Media Catcher 6\jrmcp.exe
FirewallRules: [{0AA97732-90DC-411D-BB2E-45984F649287}] => C:\Program Files (x86)\Applian Technologies\Replay Media Catcher 6\jrmcp.exe
FirewallRules: [{19DE3F49-C0C5-4D0A-8465-E6A1F7B9030F}] => C:\Program Files (x86)\Applian Technologies\Replay Media Catcher 6\jbp.exe
FirewallRules: [{5B1252CB-1F8F-4E0F-BCD1-61A85FC3420B}] => C:\Program Files (x86)\Applian Technologies\Replay Media Catcher 6\jbp.exe
FirewallRules: [{0444BBEE-67FD-451D-9BB0-BC9898EB4C6C}] => C:\Program Files (x86)\Applian Technologies\Replay Media Catcher 6\ffmpeg.exe
FirewallRules: [{94FD86E0-0A14-47D1-BFCF-49525A167183}] => C:\Program Files (x86)\Applian Technologies\Replay Media Catcher 6\ffmpeg.exe
FirewallRules: [{489BF9C8-1144-4971-9657-CEFAB3801D59}] => C:\Program Files (x86)\Applian Technologies\Replay Media Catcher 6\dl.exe
FirewallRules: [{900A7F4E-9826-4544-964F-9A8DDFA2DABF}] => C:\Program Files (x86)\Applian Technologies\Replay Media Catcher 6\dl.exe
FirewallRules: [{B841C62F-E638-4E1E-AEBE-6337B3A5DA0A}] => C:\Program Files (x86)\Applian Technologies\Replay Media Catcher 6\aria2c.exe
FirewallRules: [{1D72BE76-D67F-4B6A-A30A-0552FE864034}] => C:\Program Files (x86)\Applian Technologies\Replay Media Catcher 6\aria2c.exe
FirewallRules: [{DC985DF0-262D-4051-B439-455DE2A3ED00}] => C:\Program Files (x86)\Applian Technologies\Replay Media Catcher 6\qtCopy.exe
FirewallRules: [{AFD0924A-8E05-4115-8E48-FEB417EF0B7A}] => C:\Program Files (x86)\Applian Technologies\Replay Media Catcher 6\qtCopy.exe
FirewallRules: [{9A614AE7-2753-4306-8FF2-549ECBCD9328}] => D:\Program Files (x86)\Audials\Audials 2016\Audials.exe
FirewallRules: [{E6E74A5D-0139-4DC8-8144-B7435B1DBA99}] => LPort=12972
FirewallRules: [{1FCF2963-54D4-4171-B8D2-2F222DEE0650}] => LPort=14714
FirewallRules: [{0AC2AB9B-B8EE-49D2-860B-8B5049EF36B5}] => LPort=31931
FirewallRules: [TCP Query User{BB9A37A8-076E-43EF-BFA3-6C9E364C9FA7}C:\program files (x86)\bdwm\clipsync server\clipsync server.exe] => C:\program files (x86)\bdwm\clipsync server\clipsync server.exe
FirewallRules: [UDP Query User{E5F1214E-BACA-4095-B0C3-2977428D0A83}C:\program files (x86)\bdwm\clipsync server\clipsync server.exe] => C:\program files (x86)\bdwm\clipsync server\clipsync server.exe
FirewallRules: [TCP Query User{D88C0BC9-E6B5-4772-BE81-26B7CA092106}C:\program files\adobe\adobe premiere pro cc 2014\adobe premiere pro.exe] => C:\program files\adobe\adobe premiere pro cc 2014\adobe premiere pro.exe
FirewallRules: [UDP Query User{88AF2ACD-B723-4DD3-8090-4CDFE81A7E7E}C:\program files\adobe\adobe premiere pro cc 2014\adobe premiere pro.exe] => C:\program files\adobe\adobe premiere pro cc 2014\adobe premiere pro.exe
FirewallRules: [TCP Query User{64C8F271-8F34-4515-96C2-2C6C450FA4A9}C:\program files\on1\on1 photo 10\on1 photo 10.exe] => C:\program files\on1\on1 photo 10\on1 photo 10.exe
FirewallRules: [UDP Query User{D5C60433-0D8D-4127-98D1-78D18E8601C5}C:\program files\on1\on1 photo 10\on1 photo 10.exe] => C:\program files\on1\on1 photo 10\on1 photo 10.exe
FirewallRules: [{E0B2FF36-8CA8-4C1A-86F2-410537423324}] => C:\Program Files\AMI\DuOS\DuOS.exe
FirewallRules: [{FB9292E6-C887-4A27-9747-AEA68D8EEC76}] => C:\Program Files\AMI\DuOS\DuOS.exe
FirewallRules: [{85AB1D8C-972F-4846-ACDC-466917043A67}] => C:\Program Files\AMI\DuOS\Ubusd.exe
FirewallRules: [{1D2D9293-80A8-44A1-A3F6-FA6FF7DF6A31}] => C:\Program Files\AMI\DuOS\Ubusd.exe
FirewallRules: [{C628ED79-03E9-418D-B274-645413E98332}] => C:\Program Files\AMI\DuOS\Dsync.exe
FirewallRules: [{A8D0BEB8-261F-47EA-A5BE-BB62DA2697A6}] => C:\Program Files\AMI\DuOS\Dsync.exe
FirewallRules: [{C660BAD7-61C7-4688-BF98-BFEDE2DCBB4F}] => C:\Program Files\AMI\DuOS\SysEvent.exe
FirewallRules: [{11EB8B46-0E85-401B-A609-1210C8FF3184}] => C:\Program Files\AMI\DuOS\SysEvent.exe
FirewallRules: [{831243FA-0E3A-4F65-A997-1CB5588C0303}] => C:\Program Files\AMI\DuOS\locationservice.exe
FirewallRules: [{79461DBD-6A28-43FD-B952-2DF286E27808}] => C:\Program Files\AMI\DuOS\locationservice.exe
FirewallRules: [{A2E2AEED-B4DC-47E7-BAE5-9622F9FA0DBE}] => C:\Program Files\AMI\DuOS\CamProvider.exe
FirewallRules: [{A932FC6C-1D12-40A0-9D19-FCC5BD363F5B}] => C:\Program Files\AMI\DuOS\CamProvider.exe
FirewallRules: [{61817A31-0D2A-467C-9DBA-5E2D7EEFC239}] => C:\Program Files\AMI\DuOS\SensorService.exe
FirewallRules: [{AEC57AAC-5101-4A7A-BFBB-F321C5EB71B6}] => C:\Program Files\AMI\DuOS\SensorService.exe
FirewallRules: [{691EEC4D-D055-4441-AC0C-D01DF4AC6A87}] => C:\Program Files\AMI\DuOS\..\DuoVM\DuoVMHeadless.exe
FirewallRules: [{C58C9263-EAD4-485D-ACEF-CDACBED00CB7}] => C:\Program Files\AMI\DuOS\..\DuoVM\DuoVMHeadless.exe
FirewallRules: [{BF63DE1F-A700-4BD7-B79F-290C0BC63223}] => D:\Program Files (x86)\Apowersoft\Video Converter Studio\Video Converter Studio.exe
FirewallRules: [{1BAFDF42-FEE9-497F-9EA4-93906F7CCA34}] => D:\Program Files (x86)\Apowersoft\Video Converter Studio\Video Converter Studio.exe
FirewallRules: [TCP Query User{2C80E373-6253-4F1F-864C-ECF13B898098}D:\program files\adobe\adobe media encoder cc 2014\adobe media encoder.exe] => D:\program files\adobe\adobe media encoder cc 2014\adobe media encoder.exe
FirewallRules: [UDP Query User{52A89238-6F02-4A72-82B2-B9DD46B37947}D:\program files\adobe\adobe media encoder cc 2014\adobe media encoder.exe] => D:\program files\adobe\adobe media encoder cc 2014\adobe media encoder.exe
FirewallRules: [{E5E8F9D4-9096-49D5-A2AF-BF08F87BC356}] => C:\Program Files\WindroyeBox\WindroyeBoxHD.exe
FirewallRules: [{22A92A95-2EFD-48A3-BCA1-56D4FFBB3D48}] => C:\Program Files\WindroyeBox\WindroyeBoxHD.exe
FirewallRules: [TCP Query User{B5324F6A-85F9-4DBA-BD77-AD8FF8F416BC}C:\users\Explorer\downloads\compressed\socialkitdemo\socialkit.exe] => C:\users\Explorer\downloads\compressed\socialkitdemo\socialkit.exe
FirewallRules: [UDP Query User{47EB34F1-4785-40B4-A55B-E75A74E3C3F8}C:\users\Explorer\downloads\compressed\socialkitdemo\socialkit.exe] => C:\users\Explorer\downloads\compressed\socialkitdemo\socialkit.exe
FirewallRules: [{5D2B7C1E-6807-45BD-A1DD-1B44917C255C}] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [TCP Query User{7E83F546-A71C-4F33-860E-0A0347095156}C:\program files (x86)\videolan\vlc\vlc.exe] => C:\program files (x86)\videolan\vlc\vlc.exe
FirewallRules: [UDP Query User{C569FB11-C736-45E8-ACE3-E60DBAAE78CC}C:\program files (x86)\videolan\vlc\vlc.exe] => C:\program files (x86)\videolan\vlc\vlc.exe

==================== Restore Points =========================


==================== Faulty Device Manager Devices =============

Name: Microsoft Teredo Tunneling Adapter
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: Unknown USB Device (Device Descriptor Request Failed)
Description: Unknown USB Device (Device Descriptor Request Failed)
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: (Standard USB Host Controller)
Service:
Problem: : Windows has stopped this device because it has reported problems. (Code 43)
Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information about how to diagnose the problem, see the hardware documentation.


==================== Event log errors: =========================

Application errors:
==================
Error: (02/03/2017 04:19:14 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT AUTHORITY)
Description: Windows cannot load classes registry file.
DETAIL - Access is denied.

Error: (02/03/2017 04:19:13 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT AUTHORITY)
Description: Windows cannot load classes registry file.
DETAIL - Access is denied.

Error: (02/03/2017 11:15:50 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: AGSService.exe, version: 3.6.0.462, time stamp: 0x588050ed
Faulting module name: AGSService.exe, version: 3.6.0.462, time stamp: 0x588050ed
Exception code: 0xc0000005
Fault offset: 0x0007aea9
Faulting process id: 0x77c
Faulting application start time: 0x01d27e0649912eb6
Faulting application path: C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
Faulting module path: C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
Report Id: 06f89f45-ea2c-11e6-838f-00dbdf2de1f9
Faulting package full name:
Faulting package-relative application ID:

Error: (02/03/2017 10:33:16 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: explorer.exe, version: 6.3.9600.18460, time stamp: 0x57c1b8c1
Faulting module name: ntdll.dll, version: 6.3.9600.18438, time stamp: 0x57ae642e
Exception code: 0xc0000374
Fault offset: 0x00000000000f1b70
Faulting process id: 0x21dc
Faulting application start time: 0x01d27e12e838235b
Faulting application path: C:\Windows\explorer.exe
Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report Id: 143d7dee-ea26-11e6-838f-00dbdf2de1f9
Faulting package full name:
Faulting package-relative application ID:

Error: (02/03/2017 08:29:28 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xC004F074
Command-line arguments:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=81671aaf-79d1-4eb1-b004-8cbbe173afea;NotificationInterval=1440;Trigger=NetworkQuarantineRetry

Error: (02/03/2017 08:25:22 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xC004F074
Command-line arguments:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=81671aaf-79d1-4eb1-b004-8cbbe173afea;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (02/03/2017 08:25:01 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xC004F074
Command-line arguments:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=81671aaf-79d1-4eb1-b004-8cbbe173afea;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (02/03/2017 06:19:47 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT AUTHORITY)
Description: Windows cannot load classes registry file.
DETAIL - Access is denied.

Error: (02/03/2017 06:19:46 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT AUTHORITY)
Description: Windows cannot load classes registry file.
DETAIL - Access is denied.

Error: (02/03/2017 06:17:53 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT AUTHORITY)
Description: Windows cannot load classes registry file.
DETAIL - Access is denied.


System errors:
=============
Error: (02/03/2017 04:19:13 PM) (Source: DCOM) (EventID: 10005) (User: RICA)
Description: DCOM got error "1068" attempting to start the service workfolderssvc with arguments "Unavailable" in order to run the server:
{DA1C0281-456B-4F14-A46D-8ED2E21A866F}

Error: (02/03/2017 04:19:13 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Work Folders service depends on the Windows Search service which failed to start because of the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Error: (02/03/2017 04:19:13 PM) (Source: DCOM) (EventID: 10005) (User: RICA)
Description: DCOM got error "1068" attempting to start the service workfolderssvc with arguments "Unavailable" in order to run the server:
{DA1C0281-456B-4F14-A46D-8ED2E21A866F}

Error: (02/03/2017 04:19:13 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Work Folders service depends on the Windows Search service which failed to start because of the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Error: (02/03/2017 04:19:13 PM) (Source: DCOM) (EventID: 10005) (User: RICA)
Description: DCOM got error "1068" attempting to start the service workfolderssvc with arguments "Unavailable" in order to run the server:
{DA1C0281-456B-4F14-A46D-8ED2E21A866F}

Error: (02/03/2017 04:19:13 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Work Folders service depends on the Windows Search service which failed to start because of the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Error: (02/03/2017 04:19:13 PM) (Source: DCOM) (EventID: 10005) (User: RICA)
Description: DCOM got error "1068" attempting to start the service workfolderssvc with arguments "Unavailable" in order to run the server:
{DA1C0281-456B-4F14-A46D-8ED2E21A866F}

Error: (02/03/2017 04:19:13 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Work Folders service depends on the Windows Search service which failed to start because of the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Error: (02/03/2017 03:06:55 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 10. The Windows SChannel error state is 10.

Error: (02/03/2017 03:06:55 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 10. The Windows SChannel error state is 10.


CodeIntegrity:
===================================
Date: 2016-08-09 20:39:36.657
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\RMClock\RTCore64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-08-09 20:39:36.076
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\RMClock\RTCore64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-08-09 20:38:39.909
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\RMClock\RTCore64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-08-09 20:38:39.588
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\RMClock\RTCore64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-08-09 19:52:52.171
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\RMClock\RTCore64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-08-09 19:52:51.215
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\RMClock\RTCore64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-08-09 19:52:13.870
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\RMClock\RTCore64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-08-09 19:52:12.923
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\RMClock\RTCore64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-08-09 19:51:22.427
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\RMClock\RTCore64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-08-09 19:51:21.486
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\RMClock\RTCore64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i7-2620M CPU @ 2.70GHz
Percentage of memory in use: 81%
Total physical RAM: 8086.16 MB
Available physical RAM: 1468.86 MB
Total Virtual: 19435.36 MB
Available Virtual: 2952.81 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:150.22 GB) (Free:1.57 GB) NTFS
Drive d: () (Fixed) (Total:533.67 GB) (Free:12.88 GB) NTFS
Drive g: (Elements) (Fixed) (Total:931.48 GB) (Free:2.03 GB) NTFS
Drive h: (My Passport) (Fixed) (Total:1862.98 GB) (Free:2.72 GB) NTFS
Drive n: () (Fixed) (Total:3725.99 GB) (Free:3505.34 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 931.5 GB) (Disk ID: 4BDD9F5B)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (Size: 3726 GB) (Disk ID: 0229E0E8)

Partition: GPT.

========================================================
Disk: 3 (MBR Code: Windows XP) (Size: 1863 GB) (Disk ID: 0005F107)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

 

[Malnutrition]

While I look over things. Please run these three tools.


Zemana Deep Scan.

• 
  
  
  • Right click on Zemana and run as admin.
  • Click the Cog/Sproket Wheel, at the top right of Zemana
  • Select Advanced - I have read the warning and wish to proceed.
  • Place a tick next to Detect Suspicious (Root CA) Certificates.
  • Then click the house icon in Zemana.
  • Then hit your start button at the lower left hand corner of your desktop.
  • Then left click on Computer.
  • Drag Local Disk C: Into the area of Zemana that reads Drag and drop files here to scan them.
  • 
  • Once the scan has completed click graph icon on the top right of the programs User interface.
  • Double click to open the latest log-file.
  • Copy it to your clipboard.
  • Post the log here in your next reply.

Rogue Killer Scan.

Download RogueKiller from one of the following links and save it to your Desktop:

Link 1
Link 2

• Close all the running programs
• Double click on downloaded setup.exe file to install the program.
• Click on Start Scan button.
• Click on another Start Scan button.
• Wait until the Status box shows Scan Finished
• Click on Delete.

• Wait until the Status box shows Deleting Finished.

• Click on Report and copy/paste the content of the Notepad into your next reply.

• RKreport.txt could also be found on your desktop.
• If more than one log is produced post all logs.

Adware Cleaner Scan.

Please download AdwCleaner by Xplode onto your desktop.

• Close all open programs and internet browsers.
• Double click on adwcleaner.exe to run the tool.
• Click on Scan button.
• When the scan has finished click on Clean button.
• Your computer will be rebooted automatically. A text file will open after the restart.
• Please post the contents of that logfile with your next reply.
• You can find the logfile at C:\AdwCleaner[S1].txt as well.

 

[Malnutrition]

Uninstall these items below with Geek Uninstaller. If something will not un install then use Force Mode.

You may re-install Crypto Prevent when we are done here.

µTorrent (HKU\S-1-5-21-925185676-1098965860-4220522822-1001\...\uTorrent) (Version: 3.3.2.30488 - BitTorrent Inc.)
Bitcoin Core (64-bit) (HKU\S-1-5-21-925185676-1098965860-4220522822-1001\...\Bitcoin Core (64-bit)) (Version: 0.10.0 - Bitcoin Core project)
Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
Java 8 Update 111 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180111F0}) (Version: 8.0.1110.14 - Oracle Corporation)
Java 8 Update 111 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180111F0}) (Version: 8.0.1110.14 - Oracle Corporation)
qBittorrent 3.3.3 (HKLM-x32\...\qBittorrent) (Version: 3.3.3 - The qBittorrent project)
CryptoPrevent (HKLM-x32\...\{5C5B24E7-4694-4049-A222-CCE7D3FAC63F}_is1) (Version: - Foolish IT LLC)

Reboot your machine after removing these programs...
==========================================================================================================
It appears that your Eset Antivirus is only partially installed. It is listed here:

AV: ESET NOD32 Antivirus 9.0.408.0 (Disabled - Up to date) {EC1D6F37-E411-475A-DF50-12FF7FE4AC70}
AS: ESET NOD32 Antivirus 9.0.408.0 (Disabled - Up to date) {577C8ED3-C22B-48D4-E5E0-298D0463E6CD}

But not listed in your installed programs. There is also only one service running from the antivirus.

R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2770312 2016-11-13] (ESET)

Can you confirm if the antivirus is indeed working?
==========================================================================================================

Clean up temp files and reduce startup load with CCleaner.

• Download CCleaner from here.
• After install Click Options.
• Go to monitoring.
• Uncheck All Monitoring items.
• Go to advanced -- Click close program after cleaning.
• Go to settings -- click run ccleaner when the computer starts.
• Now that you have ccleaner installed and set-up:
• Open the program.
• Go to Tools
• Go to Startup
• Now double click each item. To Disable.
• Leave only your antivirus enabled.
• Then disable All items in your scheduled task as well.
• Unless they are related to windows defender.Or your antivirus.
• Reboot the machine.

FRST Fix.

Click Here To Download Fixlist.

Download attached fixlist.txt file and save it to the Desktop. NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work. NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system Run FRST/FRST64 and press the Fix button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run. When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

After you have posted the FRST fix.

Disable your Antivirus & Anti spyware applications!!
Download Autologger to your desktop.
Create a new folder on desktop.
Unzip it there.
Right click Autologger and run as admin.
AVZ4 will open and scan your machine, allow this to complete.
Upload Collectionlog.zip to your next reply.

 

[Malnutrition]

@rspulma How about an update for us?

 

[Malnutrition]

Hello @rspulma how are you moving along with the instructions? Have you got an update for us?

Please update this thread within 48 hours, or it will be closed. You can however have it re-opened at any time, by sending a private message to a staff member.

 

[rspulma]

I am sorry for my late answer. I will publish everything today.

 

[Malnutrition]

Thanks. We all volunteer our time here. So a followup from the OP is nice. :thumbsup:

 

[rspulma]

Thanks. We all volunteer our time here. So a followup from the OP is nice. :thumbsup:

"Followup from the OP" I am sorry but I didn't understand this part (((
I answered to you by primate mail.
Thank you very much guys!
The antiviturs is not installed I deleted NOD32 so i think I have to use special utility from ESET to delete nod32 totally in safe mod.

 

[Malnutrition]

"Followup from the OP" I am sorry but I didn't understand this part (((

It means that to have you come back and reply is nice, rather than you just letting this thread sit without an answer.

 

[rspulma]

It means that to have you come back and reply is nice, rather than you just letting this thread sit without an answer.

I am very sorry this week was very busy also all of that program takes so much time for reports, next time I will be more aware about it and publish my request considering time factor. Thank you very much!

 

[Malnutrition]

@rspulma how about an update?

 

[Malnutrition]

Hello @rspulma how are you moving along with the instructions? Have you got an update for us?

Please update this thread within 48 hours, or it will be closed. You can however have it re-opened at any time, by sending a private message to a staff member.

 

[rspulma]

Hello I am very sorry for long answer this is the file fixlog.txt
The problem still exists...
This is the file fixlog.txt:

Fix result of Farbar Recovery Scan Tool (x64) Version: 23-02-2017 01

Ran by Traveller (23-02-2017 21:20:52) Run:1
Running from D:\FRST64
Loaded Profiles: Traveller (Available Profiles: Traveller & named)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start
CloseProcesses:
CreateRestorePoint:
Emptytemp:
HKLM\...\StartupApproved\Run32: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "QuickTime Task"
C:\Windows\system32\Drivers\etc\hosts
hosts:
HKU\.DEFAULT\Software\Classes\exefile: "%1" %* <===== ATTENTION
HKU\.DEFAULT\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRkrn => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRSVC => ""="Service"
AlternateDataStreams: C:\ProgramData\TEMP:41ADDB8A [131]
AlternateDataStreams: C:\ProgramData\TEMP:A064CECC [144]
AlternateDataStreams: C:\ProgramData\TEMP:B755D674 [194]
AlternateDataStreams: C:\ProgramData\TEMP5FBE8F9 [157]
AlternateDataStreams: C:\Users\Public\DRM:احتضان [48]
AlternateDataStreams: C:\Users\Traveller\Desktop\Inner-Light.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\Traveller\Downloads\Keygen-MESMERiZE.rar:$CmdTcID [64]
AlternateDataStreams: C:\Users\Traveller\Downloads\Keygen-MESMERiZE.rar:$CmdZnID [26]
AlternateDataStreams: C:\Users\Traveller\Downloads\pijano (mastered).mp3:$CmdTcID [64]
AlternateDataStreams: C:\Users\Traveller\Downloads\pijano (mastered).mp3:$CmdZnID [26]
AlternateDataStreams: C:\Users\Traveller\Downloads\pocket.crx:$CmdZnID [26]
AlternateDataStreams: C:\Users\Traveller\Downloads\Reset_antispam_0.3.1.7z:$CmdZnID [26]
AlternateDataStreams: C:\Users\Traveller\Downloads\rokcandy-2.0.1 (1).zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\Traveller\Downloads\root.crt:$CmdZnID [26]
AlternateDataStreams: C:\Users\Traveller\Downloads\root.der:$CmdZnID [26]
AlternateDataStreams: C:\Users\Traveller\Downloads\You Will Not Face This Alone.mp3:$CmdTcID [64]
AlternateDataStreams: C:\Users\Traveller\Downloads\You Will Not Face This Alone.mp3:$CmdZnID [26]
AlternateDataStreams: C:\Users\Traveller\Downloads\[kickass.so]hotline.miami.update.3.gog.torrent:$CmdZnID [26]
Shortcut: C:\Users\Traveller\Favorites\FileOptimizer Home Page.lnk -> hxxp://nikkhokkho.sourceforge.net/static.php?page=FileOptimize
Shortcut: C:\Users\Traveller\Favorites\NCH Software Download Site.lnk -> hxxp://www.nch.com.au/index.htm
Shortcut: C:\Users\Traveller\Dropbox\Равиль\для меня.lnk -> C:\Users\\Documents\для меня (No File) <===== Cyrillic
Shortcut: C:\Users\Traveller\Desktop\Домашняя бухгалтерия 5.lnk -> C:\Program Files (x86)\Keepsoft\HomeBuh5\HomeBuh5.exe (Keepsoft) <===== Cyrillic
Shortcut: C:\Users\Traveller\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Yamb 2.1.0.0 beta 2\Yamb - Website.lnk -> hxxp://yamb.unite-video.com
ShortcutWithArgument: C:\Users\Traveller\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\WorkFlowy.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=koegeopamaoljbmhnfjbclbocehhgmkm
ShortcutWithArgument: C:\Users\Traveller\AppData\Roaming\Microsoft\Internet Traveller\Quick Launch\User Pinned\ImplicitAppShortcuts\aeea6001c9fdcab9\Click&Clean.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=ghgabhipcejejjmhhchfonmamedcbeod
ShortcutWithArgument: C:\Users\Traveller\AppData\Roaming\Microsoft\Internet Traveller\Quick Launch\User Pinned\ImplicitAppShortcuts\a3a1d6b8109861c5\Hangouts.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=nckgahadagoaajjgafhacjanaoiihapd
ShortcutWithArgument: C:\Users\Traveller\AppData\Roaming\Microsoft\Internet Traveller\Quick Launch\User Pinned\ImplicitAppShortcuts\5a7f1fc1149619d6\Epic Privacy Browser.lnk -> C:\Users\Traveller\AppData\Local\Epic Privacy Browser\Application\epic.exe (Hidden Reflex) -> --profile-directory=Default
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-925185676-1098965860-4220522822-1001UA.job => C:\Users\Traveller\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-925185676-1098965860-4220522822-1001Core.job => C:\Users\Traveller\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cf6986c118e050.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d0001d73c8b334.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-925185676-1098965860-4220522822-1001Core1cfd791cbe00d3.job => C:\Users\Traveller\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-925185676-1098965860-4220522822-1001Core1cfed3dadc0292f.job => C:\Users\Traveller\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-925185676-1098965860-4220522822-1001Core1cffedb14d73815.job => C:\Users\Traveller\AppData\Local\Google\Update\GoogleUpdate.exe
Task: {FCC01015-90D3-40BB-A7B7-FB8C342A9385} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-925185676-1098965860-4220522822-1001Core1d0411f110ceba0 => C:\Users\Traveller\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)
Task: {CA479769-6B76-4C74-B358-67423E5E14AE} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2016-10-25] (NVIDIA Corporation)
Task: {D3E94B6F-E162-41ED-A78D-49068CC7ED23} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2016-10-25] (NVIDIA Corporation)
Task: {DAAEF8CA-94B0-46E6-94ED-FDC4B3E4AF4A} - System32\Tasks\{2F3CCF69-1646-4DB0-AFD2-72E35FF466E2} => Chrome.exe hxxp://ui.skype.com/ui/0/6.18.0.106/ru/abandoninstall?page=tsMain
Task: {DDB4C5BF-2FE1-41E1-8D6F-FE99673976A4} - System32\Tasks\{CA56EAE6-5E60-454F-8EE2-3825A791791D} => pcalua.exe -a C:\Users\Traveller\Downloads\Programs\CardReader_JMicron_W7_A01_TKH3F_ZPE.exe -d C:\Users\Traveller\AppData\Roaming\IDM
Task: {E050D551-CEF3-49EA-B469-70424D4A805A} - System32\Tasks\Opera scheduled Autoupdate 1408935599 => C:\Program Files (x86)\Opera\launcher.exe
Task: {E2DB1668-3E8B-457C-AF8E-95E39708C96A} - System32\Tasks\{2090741D-AF19-4C0D-987B-D5AD2CA171A4} => pcalua.exe -a "H:\Games\Teenage Mutant Ninja Turtles\TMNT.EXE" -d "H:\Games\Teenage Mutant Ninja Turtles"
Task: {91E9E3CA-F7D9-4D12-A30D-BB7ADA79C6DC} - System32\Tasks\Chameleon Startup Manager-Traveller => C:\Program Files (x86)\Chameleon Startup Manager\manager.exe [2015-02-10] (NeoSoft Tools)
Task: {92C88288-96C8-4FDF-A609-217497BFBEF9} - \Pointstone\System Cleaner\Log On Notice -> No File <==== ATTENTION
Task: {9822B3AD-B62E-42E8-8E38-EFEAEF22F1B2} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-925185676-1098965860-4220522822-1001UA => C:\Users\Traveller\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)
Task: {9CBC36AC-65A1-4EE6-ADFE-AFF60472DD16} - System32\Tasks\Chameleon Monitor-startup-Traveller => c:\program files (x86)\common files\Chameleon Manager\monitor.exe [2015-02-10] (NeoSoft Tools)
Task: {A549169A-D962-4B64-81D2-C964B9449C9A} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2016-10-25] (NVIDIA Corporation)
Task: {4AC54D11-6DD2-4038-A5FF-94888CBDEE05} - System32\Tasks\Run RoboForm TaskBar Icon => D:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
Task: {5296151F-94E0-4363-BD38-3D32EB8820F6} - \{505A68B3-E825-4D29-AC08-B71CA2308CF5} -> No File <==== ATTENTION
Task: {5F4BF8A0-2FF1-467F-916B-CC2DAC8D72B1} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2016-10-25] (NVIDIA Corporation)
Task: {6A53FC7F-5F79-4FB4-8C68-579E7C847A2D} - System32\Tasks\{F5A09CDD-01AF-42BB-88BB-10471CCE6707} => pcalua.exe -a "C:\Program Files\ReviverSoft\Registry Reviver\Uninstall.exe"
Task: {7476B54B-CDB4-47A2-85FC-8F1BC37E7E33} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {7B81CF39-A304-40ED-B0FA-E97FCA106CC3} - System32\Tasks\Open URL by RoboForm => Rundll32.exe url.dll,FileProtocolHandler "hxxp://www.roboform.com/uninstall.html?aaa=KICMHMKMJMPMGMNMNMKJCNMMNJNMOJCNLMOJGMOJCNGMLJKJMJCNJJJJOMJMKJLMGMJJLMJMOJMMJNJICMIMCNGMCNNMNMFMOMOMCNPMCNGMJMPMPMFMJMCNMMCNGMJMPMPMCNNMJNPICMHMFMFMOMPMJNHICMEKMICNJJCKJNBJCMLKNIOJJIKJDJDJKJNIJNKJCMJNNICMJNDJCMKJBJJNMJCMPMFMPMFM (the data entry has 35 more characters).
Task: {8033146A-54E7-453E-A3E9-FC0972A14F1A} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2016-10-25] (NVIDIA Corporation)
Task: {8D6A16C1-3BA2-4877-85C3-A3631C653532} - System32\Tasks\{A1D5D0E4-BB6C-4E3C-BD67-E5A8C0E74A2E} => pcalua.exe -a C:\Users\Traveller\Downloads\Programs\MDAC_TYP.EXE -d C:\Users\Traveller\AppData\Roaming\IDM
Task: {8EC5BF83-AC06-4190-A64A-4096E5BBCD19} - System32\Tasks\Nero\Nero Info => C:\Program Files (x86)\Common Files\Nero\Nero Info\NeroInfo.exe [2015-06-04] (Nero AG)
Task: {3C7DF767-9E4B-4F3B-841D-95887E75AEFD} - \Pointstone\System Cleaner\Daily Notice -> No File <==== ATTENTION
Task: {43A17CBD-36AD-4BFB-B3C5-1FEF32E15681} - System32\Tasks\Red Giant Link => C:\Program Files\Red Giant Link\Red Giant Link.exe
Task: {4515A598-639B-489A-B22D-0FF6267D4734} - System32\Tasks\Norton AntiVirus\Norton Error Processor => C:\Program Files (x86)\Norton AntiVirus\Engine\22.6.0.142\SymErr.exe
Task: {00CE6CA9-7691-46ED-A32B-41B5D8052A0B} - System32\Tasks\Norton AntiVirus\Norton Error Analyzer => C:\Program Files (x86)\Norton AntiVirus\Engine\22.6.0.142\SymErr.exe
Task: {063A6DF0-D9DF-4D01-98C0-43B458DBC34F} - System32\Tasks\{36E7CDCE-3B01-4650-8948-AF254DEB073C} => pcalua.exe -a C:\Users\Traveller\Downloads\Programs\Shtrl4.exe -d C:\Users\Traveller\AppData\Roaming\IDM
Task: {0A4E987C-6912-497D-A2C5-DDC107B9467C} - System32\Tasks\AdobeAAMUpdater-1.0-MicrosoftAccount-ltwingtrust@hotmail.com => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2016-01-07] (Adobe Systems Incorporated)
Task: {0AC4904A-8372-4020-9BFF-55B687BCD936} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express SelfUpdater\ExpressSelfUpdater.exe [2017-01-16] ()
Task: {0CB03F15-7BBF-4237-8FBB-FE6F3FA35FCD} - System32\Tasks\GoogleUpdateTaskMachineUA1cf6986c118e050 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {197671D1-207D-49D1-A944-E0D46AEF8027} - System32\Tasks\GoogleUpdateTaskMachineUA1d041918bdfa750 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {2409A78A-85F7-40FD-AD75-A78F381E4B62} - System32\Tasks\Chameleon Monitor-Traveller => c:\program files (x86)\common files\Chameleon Manager\monitor.exe [2015-02-10] (NeoSoft Tools)
Task: {2D04D24E-3525-4A26-A43D-33B1A0FF27BC} - System32\Tasks\GoogleUpdateTaskMachineUA1d0001d73c8b334 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
2017-01-25 21:59 - 2014-10-28 20:58 - 1040384 _____ (Microsoft Corporation) C:\Users\Traveller\AppData\Local\Temp\kernel32.dll
2017-02-02 03:56 - 2017-02-02 03:56 - 1066336 _____ (Microsoft Corporation) C:\Users\Traveller\AppData\Local\Temp\PidGenX.dll
C:\ProgramData\RegistryReviver.exe
2017-01-31 15:20 - 2017-01-31 15:20 - 0046951 _____ () C:\ProgramData\agent.1485894021.bdinstall.bin
2017-01-31 15:34 - 2017-01-31 15:34 - 0029177 _____ () C:\ProgramData\agent.1485894894.bdinstall.bin
2014-11-12 13:47 - 2017-01-07 23:48 - 0000043 _____ () C:\Users\Traveller\AppData\Local\~wmrg
2013-12-08 20:43 - 2015-02-18 03:30 - 0026624 _____ () C:\Users\Traveller\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-05-10 23:31 - 2015-03-01 20:06 - 0000010 _____ () C:\Users\Traveller\AppData\Local\.C3F2FH85-G3D2-2F02-D5CH-7D3D8C553E56
2015-03-20 13:48 - 2015-06-10 16:01 - 0000010 _____ () C:\Users\Traveller\AppData\Local\.DG212F11-EC8C-210D-DE1E-D9584D18D740
2015-09-13 17:11 - 2017-01-23 21:29 - 0000109 ___SH () C:\Users\Traveller\AppData\Local\00000128
2017-01-07 23:48 - 2014-11-12 13:47 - 00000043 _____ C:\Users\Traveller\AppData\Local\~wmrg
2017-01-12 20:06 - 2016-03-25 22:26 - 00000000 ____D C:\Users\Traveller\AppData\Roaming\qBittorrent
2017-01-18 02:51 - 2016-01-31 18:31 - 00003554 _____ C:\Windows\System32\Tasks\GarminUpdaterTask
2017-01-23 21:29 - 2015-09-13 17:11 - 00000109 ___SH C:\Users\Traveller\AppData\Local\00000128
2017-01-28 22:45 - 2016-07-06 10:47 - 00000000 ____D C:\ProgramData\WRData
2017-02-02 03:55 - 2013-12-09 02:12 - 00000000 ____D C:\Users\Traveller\AppData\Roaming\uTorrent
2017-02-02 17:25 - 2013-12-09 00:43 - 00000000 ____D C:\Windows\system32\MRT
2017-02-02 17:19 - 2013-12-09 00:43 - 135657872 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-02-03 16:17 - 2014-05-06 18:56 - 00000996 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cf6986c118e050.job
2017-02-03 15:40 - 2013-12-06 08:24 - 00003596 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-925185676-1098965860-4220522822-1001
2017-02-03 16:23 - 2013-12-22 10:56 - 00000000 ____D C:\ProgramData\TEMP
2017-02-03 16:22 - 2014-11-14 10:12 - 00000996 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d0001d73c8b334.job
2014-01-20 11:42 - 2015-11-25 00:49 - 0000132 _____ () C:\Users\Traveller\AppData\Roaming\Adobe BMP Format CC Prefs
2014-04-07 02:17 - 2014-04-07 02:17 - 0000132 _____ () C:\Users\Traveller\AppData\Roaming\Adobe GIF Format CC Prefs
2013-12-11 21:28 - 2015-11-03 00:53 - 0000132 _____ () C:\Users\Traveller\AppData\Roaming\Adobe PNG Format CC Prefs
2016-03-15 12:37 - 2017-01-24 14:30 - 0000034 _____ () C:\Users\Traveller\AppData\Roaming\AdobeWLCMCache.dat
2015-01-06 12:56 - 2013-07-22 03:59 - 0012005 _____ () C:\Users\Traveller\AppData\Roaming\alsoft.ini
2014-10-20 16:41 - 2014-10-31 23:06 - 0000268 ___RH () C:\Users\Traveller\AppData\Roaming\Ambience
2016-12-29 21:29 - 2016-12-29 21:29 - 0000003 _____ () C:\Users\Traveller\AppData\Roaming\CheckWinVer.log
2016-01-14 19:40 - 2016-04-02 10:04 - 0002044 _____ () C:\Users\Traveller\AppData\Roaming\droid4xinstaller.log
2016-04-28 15:56 - 2016-04-28 15:56 - 0347908 _____ () C:\Users\Traveller\AppData\Roaming\FontInfo.bin
2016-04-28 15:56 - 2016-04-28 15:56 - 0105744 _____ () C:\Users\Traveller\AppData\Roaming\GlyphInfo.bin
2015-03-20 14:21 - 2015-03-20 17:37 - 0576521 _____ () C:\Users\Traveller\AppData\Roaming\PS14_panel.log
2014-12-17 12:17 - 2014-12-17 12:17 - 0002114 _____ () C:\Users\Traveller\AppData\Roaming\SAS7_000.DAT
2013-12-09 08:33 - 2017-01-25 20:02 - 0000600 _____ () C:\Users\Traveller\AppData\Roaming\winscp.rnd
2015-08-10 11:58 - 2015-08-10 11:58 - 0038508 _____ () C:\Users\Traveller\AppData\Roaming\Значения, разделенные запятыми.ADR
2014-05-10 23:31 - 2015-03-01 20:06 - 0000010 _____ () C:\Users\Traveller\AppData\Local\.C3F2FH85-G3D2-2F02-D5CH-7D3D8C553E56
2015-03-20 13:48 - 2015-06-10 16:01 - 0000010 _____ () C:\Users\Traveller\AppData\Local\.DG212F11-EC8C-210D-DE1E-D9584D18D740
2015-09-13 17:11 - 2017-01-23 21:29 - 0000109 ___SH () C:\Users\Traveller\AppData\Local\00000128
2013-12-08 14:40 - 2013-12-12 18:22 - 144752885 _____ () C:\Users\Traveller\AppData\Local\ACCCx2_2_1_260.zip.aamdownload
2013-12-08 14:40 - 2013-12-12 18:22 - 0001817 _____ () C:\Users\Traveller\AppData\Local\ACCCx2_2_1_260.zip.aamdownload.aamd
2013-12-13 13:29 - 2017-01-30 22:00 - 0001456 _____ () C:\Users\Traveller\AppData\Local\Adobe Save for Web 13.0 Prefs
2013-12-08 20:43 - 2015-02-18 03:30 - 0026624 _____ () C:\Users\Traveller\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-01-30 19:03 - 2015-01-31 08:24 - 0342476 _____ () C:\Users\Traveller\AppData\Local\helpman.imc
2017-01-31 16:08 - 2017-01-31 16:08 - 0000036 _____ () C:\Users\Traveller\AppData\Local\housecall.guid.cache
2016-07-30 16:39 - 2016-07-30 16:39 - 0000001 _____ () C:\Users\Traveller\AppData\Local\llftool.4.40.agreement
2016-07-05 09:20 - 2017-01-31 18:38 - 0000600 _____ () C:\Users\Traveller\AppData\Local\PUTTY.RND
2015-12-04 08:42 - 2015-12-04 08:42 - 0000847 _____ () C:\Users\Traveller\AppData\Local\recently-used.xbel
2014-06-22 23:21 - 2016-10-13 13:36 - 0007583 _____ () C:\Users\Traveller\AppData\Local\Resmon.ResmonCfg
2017-01-31 17:31 - 2017-02-01 19:13 - 0000010 _____ () C:\Users\Traveller\AppData\Local\sponge.last.runtime.cache
2014-11-12 13:47 - 2017-01-07 23:48 - 0000043 _____ () C:\Users\Traveller\AppData\Local\~wmrg
2017-01-31 15:20 - 2017-01-31 15:20 - 0046951 _____ () C:\ProgramData\agent.1485894021.bdinstall.bin
2017-01-31 15:34 - 2017-01-31 15:34 - 0029177 _____ () C:\ProgramData\agent.1485894894.bdinstall.bin
2017-01-18 22:06 - 2017-01-18 22:06 - 00002652 _____ C:\Users\Traveller\AppData\LocalLow\wbkD99A.tmp
2017-01-31 16:26 - 2017-02-01 08:25 - 00407608 _____ (Trend Micro Inc.) C:\Windows\RegBootClean64.exe
2017-01-31 16:09 - 2017-02-01 21:18 - 00000000 ____D C:\ProgramData\Trend Micro
2017-01-31 16:08 - 2017-01-31 16:08 - 00000036 _____ C:\Users\Traveller\AppData\Local\housecall.guid.cache
2017-01-31 16:03 - 2017-01-31 16:06 - 145050392 _____ (Trend Micro Inc.) C:\Users\Public\Desktop\Trend_Micro.exe
2017-01-31 15:34 - 2017-01-31 15:34 - 00029177 _____ C:\ProgramData\agent.1485894894.bdinstall.bin
2017-01-31 15:20 - 2017-01-31 15:20 - 00046951 _____ C:\ProgramData\agent.1485894021.bdinstall.bin
2017-02-01 17:12 - 2017-02-01 21:18 - 00000000 ____D C:\Users\Traveller\AppData\Local\Trend Micro
U3 DfSdkS; no ImagePath
S4 nvvad_WaveExtensible; \SystemRoot\system32\drivers\nvvad64v.sys [X]
U0 SR; no ImagePath
U2 srservice; no ImagePath
S3 vpnva; \SystemRoot\system32\DRIVERS\vpnva64-6.sys [X]
S3 RTCore64; no ImagePath
S3 NAVENG; no ImagePath
S3 NAVEX15; no ImagePath
S3 DIRECTIO; no ImagePath
CHR HKLM-x32\...\Chrome\Extension: [pkijdmeepjhpenmighhaodgfoogncnlk] - <no Path/update_url>
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [ngkhgikojglcgnckopipfdajaifmmnnc] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR Extension: (YSlow) - C:\Users\Traveller\AppData\Local\Google\Chrome\User Data\Default\Extensions\ninejjcohidippngpapiilnmkgllmakh [2016-10-18]
CHR Extension: (Autofill) - C:\Users\Traveller\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlmmgnhgdeffjkdckmikfpnddkbbfkkk [2017-01-04]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Traveller\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-18]
CHR Extension: (COPY URL) - C:\Users\Traveller\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkhnbhdofgaendegcgbmndipmijhbili [2016-03-29]
CHR Extension: (YouTube) - C:\Users\Traveller\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]
CHR Extension: (Google Search) - C:\Users\Traveller\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-28]
FF Plugin ProgramFiles/Appdata: C:\Users\Traveller\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Traveller\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-925185676-1098965860-4220522822-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Traveller\AppData\Local\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin HKU\S-1-5-21-925185676-1098965860-4220522822-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Traveller\AppData\Local\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin HKU\S-1-5-21-925185676-1098965860-4220522822-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Traveller\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-02-24] (Unity Technologies ApS)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2016-02-12] (Adobe Systems)
FF Plugin-x32: wacom.com/WacomTabletPlugin -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin HKU\S-1-5-21-925185676-1098965860-4220522822-1001: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Traveller\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll
FF NetworkProxy: Mozilla\Firefox\Profiles\sxpbrh0x.default -> autoconfig_url", "data:text/javascript,function FindProxyForURL(url, host) {if ((host == \"www.abc.net.au\")
(host == \"iview.abc.net.au\")
(host == \"iviewmetered-vh.akamaihd.net\")
(url.indexOf(\"proxmate=au\") != -1)
(host == \"livestream.com\")
(host == \"www.livestream.com\")
(host == \"api.new.livestream.com\")
(host == \"player.ooyala.com\")
(host == \"xnewsvidhd-vh.akamaihd.net\")
(host == \"www.animelab.com\")
(host == \"dcgm6i50yfgtk.cloudfront.net\")) { return 'PROXY au-node.proxmate.me:8008' } else if ((url.indexOf(\"proxmate=ca\") != -1)
(host == \"ici.tou.tv\")
(host == \"toutvuniver1-vh.akamaihd.net\")
(host == \"geoip.radio-canada.ca\")
(host == \"api.radio-canada.ca\")
(host == \"images.tou.tv\")
(host == \"player.siriusxm.ca\")
(host == \"primary.hls-streaming.production.streaming.siriusxm.ca\")
(host == \"now.sportsnet.ca\")
(host == \"watch.sportsnet.ca\")
(host == \"player.9c9media.com\")
(host == \"metrics.ctv.ca\")
(host == \"capi.9c9media.com\")
(host == \"www.ctv.ca\")
(host == \"www.willow.tv\")
(host == \"willowtv.live-s.cdn.bitgravity.com\")) { return 'PROXY ca-node.proxmate.me:8008' } else if ((host == \"arte.tv\")
(host == \"www.arte.tv\")
(host == \"geoftv-a.akamaihd.net\")
(host == \"hdfauthftv-a.akamaihd.net\")
(host == \"replayftv-vh.akamaihd.net\")
(host == \"ftvingest-vh.akamaihd.net\")
(host == \"live.francetv.fr\")
(host == \"d8.tv\")
(host == \"www.d8.tv\")
(host == \"us-cplus-aka.canal-plus.com\")
(host == \"hds_live_d8_aka-lh.akamaihd.net\")
(host == \"d17.tv\")
(host == \"www.d17.tv\")
(host == \"hds_live_d17_aka-lh.akamaihd.net\")
(url.indexOf(\"proxmate=fr\") != -1)
(host == \"www.6play.fr\")
(host == \"geo.6cloud.fr\")
(host == \"proxy-021.dc3.dailymotion.com\")
(host == \"proxy-67.dailymotion.com\")
(host == \"prof.estat.com\")
(host == \"metrics.dailymotion.com\")
(host == \"www.dailymotion.com\")
(host == \"vmap.snappytv.com\")) { return 'PROXY fr-node.proxmate.me:8008' } else if ((host == \"vod-akamai-psd-hds.p7s1digital.de\")
(host == \"vas.sim-technik.de\")
(url.indexOf(\"proxmate=de\") != -1)
(host == \"nightclub.de\")
(host == \"zdf.de\")
(host == \"www.zdf.de\")
(host == \"zdf_hds_de-f.akamaihd.net\")
(host == \"api.nowtv.de\")
(host == \"delivestream-lh.akamaihd.net\")
(host == \"cdnapi.kaltura.com\")
(host == \"disneychannel.de\")
(host == \"www.southpark.de\")) { return 'PROXY de-node.proxmate.me:8008' } else if ((host == \"www.tg4.ie\")
(url.indexOf(\"proxmate=ie\") != -1)) { return 'PROXY ie-node.proxmate.me:8008' } else if ((host == \"rai.tv\")
(host == \"www.rai.tv\")
(host == \"mediapolis.rai.it\")
(host == \"www.rai.it\")
(host == \"stream5.rai.it\")
(host == \"stream6.rai.it\")
(host == \"stream7.rai.it\")
(host == \"sspushrai1-s.akamaihd.net\")
(host == \"sspushrai2-s.akamaihd.net\")
(host == \"sspushraisport2-s.akamaihd.net\")
(host == \"sspushrai3-s.akamaihd.net\")
(host == \"secondary.adaptiveedge.rai.it\")
(host == \"rai-italia01.wt-eu02.net\")
(host == \"download.rai.tv\")
(host == \"mediapolisvod.rai.it\")
(host == \"ww.rai.tv\")
(host == \".xuniplay.fdnames.com\")
(url.indexOf(\"xuniplay.fdnames.com\") != -1)
(host == \"se-to1-8.se.live3.msf.ticdn.it\")
(host == \"live.shinystat.com\")
(host == \"lic.mediaset.net\")
(host == \"cssr.video.mediaset.it\")
(url.indexOf(\"proxmate=it\") != -1)
(host == \"www.vvvvid.it\")) { return 'PROXY it-node.proxmate.me:8008' } else if ((host == \"telecinco.es\")
(host == \"telecinco1-vh.akamaihd.net\")
(host == \"www.telecinco.es\")
(url.indexOf(\"proxmate=es\") != -1)
(host == \"antena3.com\")
(host == \"www.antena3.com\")
(host == \"geodesprogresiva.antena3.com\")
(host == \"rtve.es\")
(host == \"www.rtve.es\")
(host == \"ztnr.rtve.es\")
(host == \"mvodt.lvlt.rtve.es\")
(host == \"swf.rtve.es\")
(host == \"cuatro.com\")
(host == \"www.cuatro.com\")
(host == \"cuatro1-vh.akamaihd.net\")
(host == \"peliculas-online.atresplayer.com\")
(host == \"servicios.atresplayer.com\")
(host == \"atresplayer.com\")
(host == \"www.atresplayer.com\")
(host == \"k.uecdn.es\")
(host == \"v.uecdn.es\")
(host == \"as.com\")
(host == \"ep00.epimg.net\")
(host == \"futbol.as.com\")) { return 'PROXY es-node.proxmate.me:8008' } else if ((host == \"prosieben.ch\")
(host == \"www.prosieben.ch\")
(host == \"s1tv.ch\")
(host == \"www.s1tv.ch\")
(host == \"zba2-0-hds-live.zahs.tv\")
(host == \"embed-zattoo.com\")
(host == \"chtv.ch\")
(host == \"www.chtv.ch\")
(host == \"zba2-1-hds-live.zahs.tv\")
(host == \"sat1.ch\")
(host == \"www.sat1.ch\")
(host == \"rsi.ch\")
(host == \"www.rsi.ch\")
(host == \"codch-vh.akamaihd.net\")
(host == \"il.srgssr.ch\")
(host == \"ch.viva.tv\")
(host == \"intl.esperanto.mtvi.com\")
(url.indexOf(\"proxmate=ch\") != -1)
(host == \"zattoo.com\")
(host == \"www.srf.ch\")
(host == \"srgssruni1ch-lh.akamaihd.net\")
(host == \"srgssruni2ch-lh.akamaihd.net\")
(host == \"srgssruni3ch-lh.akamaihd.net\")
(host == \"www.teleboy.ch\")
(host == \"aka-cdn-ns.adtech.de\")
(host == \"teleboy.customers.cdn.iptv.ch\")) { return 'PROXY ch-node.proxmate.me:8008' } else if ((host == \"c.brightcove.com\")
(host == \"secure.brightcove.com\")
(host == \"metrics.brightcove.com\")
(host == \"stv-ak.cds1.yospace.com\")
(host == \"core.stvfiles.com\")
(host == \"player.stv.tv\")
(host == \"stv.brightcove.com.edgesuite.net\")
(host == \"uk-dev-stv.cdn.videoplaza.tv\")
(host == \"mercury.itv.com\")
(host == \"www.itv.com\")
(host == \"itv.com\")
(host == \"llnw.live.btv.simplestream.com\")
(host == \"players.simplestream.com\")
(host == \"uapi.simplestream.com\")
(host == \"channel5.com\")
(host == \"wwwcdn.channel5.com\")
(host == \"cassie.channel5.com\")
(host == \"player.channel5.com\")
(host == \"deliver-hls.channel5.com\")
(host == \"akahls.channel5.com\")
(host == \"llnwhls.channel5.com\")
(host == \"milkshake.tv\")
(host == \"www.milkshake.tv\")
(host == \"trk-euwest.tidaltv.com\")
(host == \"mp.adverts.itv.com\")
(host == \"req.tidaltv.com\")
(host == \"s1.2mdn.net\")
(host == \"pes.itv.com\")
(host == \"ned.itv.com\")
(host == \"itvdotcom.2cnt.net\")
(host == \"tom.itv.com\")
(host == \"dave.uktv.co.uk\")
(host == \"uktvplay.uktv.co.uk\")
(host == \"uktvhdse.brightcove.com.edgesuite.net\")
(host == \"admin.brightcove.com\")
(host == \"really.uktv.co.uk\")
(host == \"yesterday.uktv.co.uk\")
(host == \"drama.uktv.co.uk\")
(host == \"live.tvplayer.com\")
(host == \"tvplayer.com\")
(host == \"sapi.tvplayer.com\")
(host == \"api.tvplayer.com\")
(host == \"www.gamefront.com\")
(url.indexOf(\"proxmate=uk\") != -1)
(host == \"channel4.com\")
(host == \"ais.channel4.com\")
(host == \"pandr.my.channel4.com\")
(host == \"all4nav.channel4.com\")
(host == \"4id.channel4.com\")) { return 'PROXY uk-node.proxmate.me:8008' } else if ((host == \"link.theplatform.com\")
(host == \"discidevflash-f.akamaihd.net\")
(host == \"api.geoip.dp.discovery.com\")
(host == \"vidtech.cbsinteractive.com\")
(host == \"vidtech.cbsima.com\")
(host == \"om.cbsi.com\")
(host == \"media.mtvnservices.com\")
(host == \"api-manga.crunchyroll.com\")
(host == \"crunchyroll.com\")
(host == \"www.crunchyroll.com\")
(host == \"cdn.wwtv.warnerbros.com\")
(host == \"hlsioscwtv.warnerbros.com\")
(host == \"media.cwtv.com\")
(host == \"servicesaetn-a.akamaihd.net\")
(host == \"live.mlssoccer.com\")
(host == \"tvewnbc-i.akamaihd.net\")
(host == \"tvenbceast-i.akamaihd.net\")
(host == \"nbcmpx-vh.akamaihd.net\")
(host == \"www.pandora.com\")
(host == \"video.pbs.org\")
(host == \"ga.video.cdn.pbs.org\")
(host == \"urs.pbs.org\")
(host == \"play.spotify.com\")
(host == \"www.spotify.com\")
(host == \"play.spotify.edgekey.net\")
(host == \"www.iheart.com\")
(host == \"api2.iheart.com\")
(host == \"api.iheart.com\")
(host == \"iheart.com\")
(host == \"nick.mtvnimages.com\")
(host == \"sni-vh.akamaihd.net\")
(url.indexOf(\"proxmate=us\") != -1)
(url.indexOf(\".googlevideo.com\") != -1)
(host == \"api.segment.io\")
(host == \"www.vevo.com\")
(host == \"vevo.com\")
(host == \"apiv2.vevo.com\")
(host == \"songza.com\")
(host == \"new.songza.com\")
(host == \"www.daisuki.net\")
(host == \"bngn-vh.akamaihd.net\")
(host == \"bngnwww.b-ch.com\")
(host == \"www.hbogo.com\")
(host == \"catalog.lv3.hbogo.com\")
(host == \"profile.lv3.hbogo.com\")
(host == \"profile.hbogo.com\")
(url.indexOf(\".lv3.hbogo.com\") != -1)
(host == \"register.hbogo.com\")
(host == \"play.hbogo.com\")
(host == \"smetrics.hbogo.com\")
(url.indexOf(\".lv3.cdn.hbo.com\") != -1)
(host == \"comet.api.hbo.com\")
(host == \"play.google.com\")
(host == \"checkout.google.com\")
(host == \"store.google.com\")
(host == \"apis.google.com\")
(host == \"amc350888def-vh.akamaihd.net\")
(host == \"a564avoddashnsus-a.akamaihd.net\")
(host == \"atv-ps.amazon.com\")
(host == \"www.amazon.com\")
(host == \"amazon.com\")
(host == \"fls-na.amazon.com\")
(host == \"phds-vod.cdn.turner.com\")
(host == \"token.vgtf.net\")
(host == \"www.ondemandkorea.com\")
(host == \"www.fxnetworks.com\")
(host == \"fxvcms-f.akamaihd.net\")
(host == \"tvetelemundo-vh.akamaihd.net\")
(host == \"feed.theplatform.com\")
(host == \"fsvideohds-vh.akamaihd.net\")
(host == \"watchable.com\")
(host == \"cilhlsvod-f.akamaihd.net\")
(host == \"oxygenvod-vh.akamaihd.net\")
(host == \"tvesyfy-vh.akamaihd.net\")
(host == \"www.smithsonianchannel.com\")
(host == \"c.brightcove.com\")
(host == \"brightcove01.brightcove.com\")
(host == \"edge.api.brightcove.com\")
(host == \"www.eonline.com\")
(host == \"link.theplatform.com\")
(host == \"api.listenlive.co\")
(host == \"playerservices.streamtheworld.com\")
(host == \"player.listenlive.co\")
(url.indexOf(\"live.streamtheworld.com\") != -1)
(host == \"www.cartoonnetwork.com\")
(host == \"www.viki.com\")
(host == \"\\\"www.viki.com\")
(host == \"www.origin.com\")
(host == \"ht.cdn.turner.com\")
(host == \"aolvideoshd-vh.akamaihd.net\")
(host == \"syn.5min.com\")
(host == \"stvideos.5min.com\")
(host == \"www.showtime.com\")
(host == \"secure.showtime.com\")
(url.indexOf(\".vgtf.net\") != -1)
(host == \"phds-live.cdn.turner.com\")
(host == \"api.amplitude.com\")
(host == \"order.rhapsody.com\")
(host == \"payment.rhapsody.com\")
(host == \"www.pivot.tv\")
(host == \"js.maxmind.com\")
(host == \"shonenjump.viz.com\")) { return 'PROXY us-node.proxmate.me:8008' } else if ((host == \"livestreams.omroep.nl\")
(host == \".npostreaming.nl\")
(host == \"ida.omroep.nl\")
(host == \"npoplayer.omroep.nl\")
(host == \"www.zapp.nl\")
(host == \"tellerapi.omroep.nl\")
(host == \"e.omroep.nl\")
(url.indexOf(\"proxmate=nl\") != -1)) { return 'PROXY nl-node.proxmate.me:8008' } else if ((host == \"tvthek.orf.at\")
(host == \"apasfiisl.apa.at\")
(host == \"orf.oewabox.at\")
(host == \"194.232.200.58\")
(host == \"185.85.28.1\")
(host == \"atvplus.oewabox.at\")
(host == \"cdn.atv.at\")
(url.indexOf(\"proxmate=at\") != -1)
(host == \"hdsvodsportsman-vh.akamaihd.net\")
(host == \"streamaccess.unas.tv\")
(host == \"www.laola1.tv\")
(host == \"www.livestation.com\")
(host == \"livestation.com\")
(url.indexOf(\".emigrantas.tv\") != -1)) { return 'PROXY at-node.proxmate.me:8008' } else if ((host == \"netflix.com\")
(host == \"www.netflix.com\")
(host == \"cbp-us.nccp.netflix.com\")
(host == \"secure.netflix.com\")
(host == \"api-global.netflix.com\")
(host == \"ichnaea.netflix.com\")
(host == \"customerevents.netflix.com\")
(host == \"s.thebrighttag.com\")) { return 'PROXY usnet-node.proxmate.me:8008' } else if ((host == \"s.hulu.com\")
(host == \"www.funimation.com\")
(host == \"wpc.8c48.edgecastcdn.net\")
(host == \"southpark.cc.com\")
(host == \"api.utils.watchabc.go.com\")
(host == \"www.dramafever.com\")
(host == \"www.logotv.com\")
(host == \"api.watchabc.go.com\")
(host == \"theanimenetwork.com\")
(host == \"huluim.com\")
(host == \"www.hulu.com\")
(host == \"t2.hulu.com\")
(host == \"urlcheck.hulu.com\")
(host == \"t.hulu.com\")
(host == \"s.hulu.com\")
(host == \"play.hulu.com\")
(host == \"t2.huluim.com\")) { return 'PROXY ush-node.proxmate.me:8008' } else if ((host == \"player.ooyala.com\")
(host == \"l.ooyala.com\")) { return 'PROXY auv-node.proxmate.me:8008' } else if ((host == \"web-api-us.crackle.com\")
(host == \"legacyweb-us.crackle.com\")) { return 'PROXY us2-node.proxmate.me:8008' } else if ((host == \"counter.yadro.ru\")
(host == \"turbik.tv\")
(host == \"player.rutv.ru\")
(host == \"api.rutv.ru\")
(host == \"cdnng.v.rtr-vesti.ru\")
(host == \"player.vgtrk.com\")
(url.indexOf(\"proxmate=ru\") != -1)
(host == \"stream.1tv.ru\")
(host == \"mobdrm.1tv.ru\")) { return 'PROXY ru-node.proxmate.me:8008' } else if ((host == \"security.video.globo.com\")
(host == \"api.globovideos.com\")
(host == \"s.videos.globo.com\")
(host == \"gshow.globo.com\")
(host == \"voddownload02.video.globo.com\")
(host == \"secure.nuuvem.com\")
(host == \"webportal.nowonline.com.br\")) { return 'PROXY br-node.proxmate.me:8008' } else if ((host == \"www.bbc.co.uk\")
(host == \"open.live.bbc.co.uk\")
(host == \"fig.bbc.co.uk\")
(host == \"vod-hds-uk-live.edgesuite.net\")
(host == \"vod-hds-uk-live.bbcfmt.vo.llnwd.net\")
(host == \"vs-hds-uk-live.bbcfmt.vo.llnwd.net\")
(host == \"vs-hds-uk-live.edgesuite.net\")
(host == \"bbc.co.uk\")) { return 'PROXY ukb-node.proxmate.me:8008' } else { return 'DIRECT'; }}"
FF NetworkProxy: Mozilla\Firefox\Profiles\sxpbrh0x.default -> backup.ftp", "120.203.162.87"
FF NetworkProxy: Mozilla\Firefox\Profiles\sxpbrh0x.default -> backup.ftp_port", 8123
FF NetworkProxy: Mozilla\Firefox\Profiles\sxpbrh0x.default -> backup.socks", "120.203.162.87"
FF NetworkProxy: Mozilla\Firefox\Profiles\sxpbrh0x.default -> backup.socks_port", 8123
FF NetworkProxy: Mozilla\Firefox\Profiles\sxpbrh0x.default -> backup.ssl", "120.203.162.87"
FF NetworkProxy: Mozilla\Firefox\Profiles\sxpbrh0x.default -> backup.ssl_port", 8123
FF NetworkProxy: Mozilla\Firefox\Profiles\sxpbrh0x.default -> ftp", "185.127.164.20"
FF NetworkProxy: Mozilla\Firefox\Profiles\sxpbrh0x.default -> ftp_port", 443
FF NetworkProxy: Mozilla\Firefox\Profiles\sxpbrh0x.default -> http", "185.127.164.20"
FF NetworkProxy: Mozilla\Firefox\Profiles\sxpbrh0x.default -> http_port", 443
FF NetworkProxy: Mozilla\Firefox\Profiles\sxpbrh0x.default -> network.proxy.socks_remote_dns", 1
FF NetworkProxy: Mozilla\Firefox\Profiles\sxpbrh0x.default -> share_proxy_settings", true
FF NetworkProxy: Mozilla\Firefox\Profiles\sxpbrh0x.default -> socks", "185.127.164.20"
FF NetworkProxy: Mozilla\Firefox\Profiles\sxpbrh0x.default -> socks_port", 443
FF NetworkProxy: Mozilla\Firefox\Profiles\sxpbrh0x.default -> ssl", "185.127.164.20"
FF NetworkProxy: Mozilla\Firefox\Profiles\sxpbrh0x.default -> ssl_port", 443
FF NetworkProxy: Mozilla\Firefox\Profiles\sxpbrh0x.default -> type", 1
Handler: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - D:\Program Files\Trend Micro\Titanium\UIFramework\ProToolbarIMRatingActiveX.dll No File
Toolbar: HKLM - Webroot Toolbar - {97ab88ef-346b-4179-a0b1-7445896547a5} - No File
Toolbar: HKLM-x32 - PDFXChange 2012 IE Plugin - {42DFA04F-0F16-418e-B80C-AB97A5AFAD3A} - C:\Program Files\Tracker Software\PDF-XChange 5\PXCIEAddin5.dll [2013-11-08] (Tracker Software Products (Canada) Ltd.)
Toolbar: HKLM-x32 - Webroot Toolbar - {97ab88ef-346b-4179-a0b1-7445896547a5} - No File
BHO-x32: Webroot Vault -> {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} -> No File
HKLM\SOFTWARE\Policies\Microsoft\Internet Traveller: Restriction <======= ATTENTION
HKU\S-1-5-21-925185676-1098965860-4220522822-1001\SOFTWARE\Policies\Microsoft\Internet Traveller: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Traveller\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Traveller\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Traveller\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Traveller\Main,Search Page =
HKLM\Software\Microsoft\Internet Traveller\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Traveller\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Traveller\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Traveller\Main,Default_Search_URL =
HKLM\Software\Microsoft\Internet Traveller\Main,Local Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Traveller\Main,Local Page =
HKU\S-1-5-21-925185676-1098965860-4220522822-1001\Software\Microsoft\Internet Traveller\Main,Start Page = about:blank
SearchScopes: HKU\S-1-5-21-925185676-1098965860-4220522822-1001 -> DefaultScope {56B90406-7F40-474C-AC73-88B4F2C484EF} URL = hxxps://encrypted.google.com/search?hl={language}&q={searchTerms}
SearchScopes: HKU\S-1-5-21-925185676-1098965860-4220522822-1001 -> {56B90406-7F40-474C-AC73-88B4F2C484EF} URL = hxxps://encrypted.google.com/search?hl={language}&q={searchTerms}
Tcpip\..\Interfaces\{54997AEA-6BE5-4B1D-AA3A-01377EAF9D27}: [DhcpNameServer] 8.8.8.8
Tcpip\..\Interfaces\{7B4C56F8-54B9-49AE-AC24-2E617300C9FC}: [DhcpNameServer] 200.48.225.130 200.48.225.146
Tcpip\..\Interfaces\{98FE26F2-9E79-4C35-8D23-4F5B94D8526A}: [DhcpNameServer] 200.48.225.130 200.48.225.146
HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local: [ActivePolicy] SOFTWARE\Policies\Microsoft\Windows\IPSEC\Policy\Local\ipsecPolicy{be0e178f-2e50-4541-804c-a34f7db55587} <======= ATTENTION (Restriction - IP)
GroupPolicy: Restriction <======= ATTENTION
GroupPolicy\User: Restriction <======= ATTENTION
GroupPolicyScripts: Restriction <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
ShortcutTarget: Install LastPass FF RunOnce.lnk -> C:\Program Files (x86)\Common Files\wruninstall.exe (No File)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass IE RunOnce.lnk [2016-07-06]
ShortcutTarget: Install LastPass IE RunOnce.lnk -> C:\Program Files (x86)\Common Files\wruninstall.exe (No File)
ShellIconOverlayIdentifiers-x32: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => -> No File
ShellIconOverlayIdentifiers-x32: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => -> No File
ShellIconOverlayIdentifiers-x32: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => -> No File
ShellIconOverlayIdentifiers-x32: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => -> No File
ShellIconOverlayIdentifiers-x32: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => -> No File
ShellIconOverlayIdentifiers-x32: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => -> No File
ShellIconOverlayIdentifiers-x32: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => -> No File
ShellIconOverlayIdentifiers-x32: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => -> No File
ShellIconOverlayIdentifiers: [1aCopyShExtError] -> {83BEA36E-7680-4598-A4DF-994426F6E78D} => -> No File
ShellIconOverlayIdentifiers: [2aCopyShExtSynced] -> {845B7388-6F85-4F32-9FD5-F02DC7882B89} => -> No File
ShellIconOverlayIdentifiers: [3aCopyShExtSyncing] -> {F6378A7A-F753-449B-AE1B-997A96132E61} => -> No File
ShellIconOverlayIdentifiers: [4aCopyShExtSyncingProg1] -> {3A511828-777D-46F8-82F4-5B530C1B3D9E} => -> No File
ShellIconOverlayIdentifiers: [5aCopyShExtSyncingProg2] -> {C8C88204-5B14-40EC-BA72-8AEBC762047E} => -> No File
ShellIconOverlayIdentifiers: [6aCopyShExtSyncingProg3] -> {ACFF45C3-3EEB-4351-86C2-6696BA264239} => -> No File
ShellIconOverlayIdentifiers: [7aCopyShExtSyncingProg4] -> {29AF997F-488B-46F0-AE78-7146F1B89CC3} => -> No File
ShellIconOverlayIdentifiers: [8aCopyShExtSyncingProg5] -> {03F9AD29-1C78-4B66-8890-B177B5430C53} => -> No File
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => -> No File
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => -> No File
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => -> No File
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => -> No File
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => -> No File
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => -> No File
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => -> No File
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => -> No File
HKU\S-1-5-18\...\Run: [Copy] => "C:\Users\Traveller\AppData\Roaming\Copy\CopyAgent.exe"
HKU\S-1-5-18\...\Run: [ooVoo.exe] => C:\Program Files (x86)\ooVoo\oovoo.exe [36592672 2015-08-20] (ooVoo LLC)
HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1407912 2017-01-16] (Garmin Ltd. or its subsidiaries)
HKU\S-1-5-18\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-18\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-18\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-18\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-18\...\Policies\Traveller: [NoViewOnDrive] 0
HKU\S-1-5-18\...\Policies\Traveller: [DisableLocalMachineRun] 0
HKU\S-1-5-18\...\Policies\Traveller: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-18\...\Policies\Traveller: [DisableCurrentUserRun] 0
HKU\S-1-5-18\...\Policies\Traveller: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-18\...\Policies\Traveller: [NoViewContextMenu] 0
HKU\S-1-5-18\...\Policies\Traveller: [NoShellSearchButton] 0
HKU\S-1-5-18\...\Policies\Traveller: [NoFind] 0
HKU\S-1-5-18\...\Policies\Traveller: [NoFile] 0
HKU\S-1-5-18\...\Policies\Traveller: [HideClock] 0
HKU\S-1-5-18\...\Policies\Traveller: [NoTrayContextMenu] 0
HKU\S-1-5-18\...\Policies\Traveller: [NoTrayItemsDisplay] 0
HKU\S-1-5-18\...\Policies\Traveller: [NoSetFolders] 0
HKU\S-1-5-18\...\Policies\Traveller: [NoDevMgrUpdate] 0
HKU\S-1-5-18\...\Policies\Traveller: [NoSetTaskbar] 0
HKU\S-1-5-18\...\Policies\Traveller: [NoDeletePrinter] 0
HKU\S-1-5-18\...\Policies\Traveller: [NoDFSTab] 0
HKU\S-1-5-18\...\Policies\Traveller: [NoChangeStartMenu] 0
HKU\S-1-5-18\...\Policies\Traveller: [NoLogoff] 0
HKU\S-1-5-18\...\Policies\Traveller: [NoWindowsUpdate] 0
HKU\S-1-5-18\...\Policies\Traveller: [NoEncryptOnMove] 0
HKU\S-1-5-18\...\Policies\Traveller: [NoRunasInstallPrompt] 0
HKU\S-1-5-18\...\Policies\Traveller: [NoResolveSearch] 0
HKU\S-1-5-18\...\Policies\Traveller: [NoSaveSettings] 0
HKU\S-1-5-18\...\Policies\Traveller: [NoHardwareTab] 0
HKU\S-1-5-18\...\Policies\Traveller: [NoStartMenuSubFolders] 0
HKU\S-1-5-21-925185676-1098965860-4220522822-1001\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-21-925185676-1098965860-4220522822-1001\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-21-925185676-1098965860-4220522822-1001\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-21-925185676-1098965860-4220522822-1001\...\Policies\Traveller: [DisableLocalMachineRun] 0
HKU\S-1-5-21-925185676-1098965860-4220522822-1001\...\Policies\Traveller: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-21-925185676-1098965860-4220522822-1001\...\Policies\Traveller: [DisableCurrentUserRun] 0
HKU\S-1-5-21-925185676-1098965860-4220522822-1001\...\Policies\Traveller: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-21-925185676-1098965860-4220522822-1001\...\Policies\Traveller: [NoViewContextMenu] 0
HKU\S-1-5-21-925185676-1098965860-4220522822-1001\...\Policies\Traveller: [NoShellSearchButton] 0
HKU\S-1-5-21-925185676-1098965860-4220522822-1001\...\Policies\Traveller: [HideClock] 0
HKU\S-1-5-21-925185676-1098965860-4220522822-1001\...\Policies\Traveller: [NoTrayItemsDisplay] 0
HKU\S-1-5-21-925185676-1098965860-4220522822-1001\...\Policies\Traveller: [NoDevMgrUpdate] 0
HKU\S-1-5-21-925185676-1098965860-4220522822-1001\...\Policies\Traveller: [NoDeletePrinter] 0
HKU\S-1-5-21-925185676-1098965860-4220522822-1001\...\Policies\Traveller: [NoDFSTab] 0
HKU\S-1-5-21-925185676-1098965860-4220522822-1001\...\Policies\Traveller: [NoWindowsUpdate] 0
HKU\S-1-5-21-925185676-1098965860-4220522822-1001\...\Policies\Traveller: [NoEncryptOnMove] 0
HKU\S-1-5-21-925185676-1098965860-4220522822-1001\...\Policies\Traveller: [NoRunasInstallPrompt] 0
HKU\S-1-5-21-925185676-1098965860-4220522822-1001\...\Policies\Traveller: [NoResolveSearch] 0
HKU\S-1-5-21-925185676-1098965860-4220522822-1001\...\Policies\Traveller: [NoSaveSettings] 0
HKU\S-1-5-21-925185676-1098965860-4220522822-1001\...\Policies\Traveller: [NoHardwareTab] 0
HKU\S-1-5-21-925185676-1098965860-4220522822-1001\...\Policies\Traveller: [NoStartMenuSubFolders] 0
HKU\S-1-5-21-925185676-1098965860-4220522822-1001\...\MountPoints2: {8185036d-bf50-11e5-82f9-14feb5c3027f} - "E:\LGAutoRun.exe"
HKU\S-1-5-21-925185676-1098965860-4220522822-1001\...\MountPoints2: {b491a930-679a-11e3-825e-00dbdf2de1f9} - "E:\AutoRun.exe"
HKU\S-1-5-21-925185676-1098965860-4220522822-1001\...\MountPoints2: {e5212153-5f05-11e3-8251-806e6f6e6963} - "Q:\autorun.exe"
HKU\S-1-5-21-925185676-1098965860-4220522822-1001\...\Run: [Google Update] => C:\Users\Traveller\AppData\Local\Google\Update\1.3.32.7\GoogleUpdateCore.exe [601752 2016-12-16] (Google Inc.)
HKLM\...\Policies\Traveller: [DisableLocalMachineRun] 0
HKLM\...\Policies\Traveller: [DisableLocalMachineRunOnce] 0
HKLM\...\Policies\Traveller: [DisableCurrentUserRun] 0
HKLM\...\Policies\Traveller: [DisableCurrentUserRunOnce] 0
HKLM\...\Policies\Traveller: [NoViewContextMenu] 0
HKLM\...\Policies\Traveller: [NoShellSearchButton] 0
HKLM\...\Policies\Traveller: [HideClock] 0
HKLM\...\Policies\Traveller: [NoTrayItemsDisplay] 0
HKLM\...\Policies\Traveller: [NoDevMgrUpdate] 0
HKLM\...\Policies\Traveller: [NoDeletePrinter] 0
HKLM\...\Policies\Traveller: [NoDFSTab] 0
HKLM\...\Policies\Traveller: [NoWindowsUpdate] 0
HKLM\...\Policies\Traveller: [NoEncryptOnMove] 0
HKLM\...\Policies\Traveller: [NoRunasInstallPrompt] 0
HKLM\...\Policies\Traveller: [NoResolveSearch] 0
HKLM\...\Policies\Traveller: [NoSaveSettings] 0
HKLM\...\Policies\Traveller: [NoHardwareTab] 0
HKLM\...\Policies\Traveller: [NoStartMenuSubFolders] 0
HKU\S-1-5-19\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-19\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-19\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-19\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-19\...\Policies\Traveller: [NoViewOnDrive] 0
HKU\S-1-5-19\...\Policies\Traveller: [DisableLocalMachineRun] 0
HKU\S-1-5-19\...\Policies\Traveller: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-19\...\Policies\Traveller: [DisableCurrentUserRun] 0
HKU\S-1-5-19\...\Policies\Traveller: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-19\...\Policies\Traveller: [NoViewContextMenu] 0
HKU\S-1-5-19\...\Policies\Traveller: [NoShellSearchButton] 0
HKU\S-1-5-19\...\Policies\Traveller: [NoFind] 0
HKU\S-1-5-19\...\Policies\Traveller: [NoFile] 0
HKU\S-1-5-19\...\Policies\Traveller: [HideClock] 0
HKU\S-1-5-19\...\Policies\Traveller: [NoTrayContextMenu] 0
HKU\S-1-5-19\...\Policies\Traveller: [NoTrayItemsDisplay] 0
HKU\S-1-5-19\...\Policies\Traveller: [NoSetFolders] 0
HKU\S-1-5-19\...\Policies\Traveller: [NoDevMgrUpdate] 0
HKU\S-1-5-19\...\Policies\Traveller: [NoSetTaskbar] 0
HKU\S-1-5-19\...\Policies\Traveller: [NoDeletePrinter] 0
HKU\S-1-5-19\...\Policies\Traveller: [NoDFSTab] 0
HKU\S-1-5-19\...\Policies\Traveller: [NoChangeStartMenu] 0
HKU\S-1-5-19\...\Policies\Traveller: [NoLogoff] 0
HKU\S-1-5-19\...\Policies\Traveller: [NoWindowsUpdate] 0
HKU\S-1-5-19\...\Policies\Traveller: [NoEncryptOnMove] 0
HKU\S-1-5-19\...\Policies\Traveller: [NoRunasInstallPrompt] 0
HKU\S-1-5-19\...\Policies\Traveller: [NoResolveSearch] 0
HKU\S-1-5-19\...\Policies\Traveller: [NoSaveSettings] 0
HKU\S-1-5-19\...\Policies\Traveller: [NoHardwareTab] 0
HKU\S-1-5-19\...\Policies\Traveller: [NoStartMenuSubFolders] 0
HKU\S-1-5-20\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-20\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-20\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-20\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-20\...\Policies\Traveller: [NoViewOnDrive] 0
HKU\S-1-5-20\...\Policies\Traveller: [DisableLocalMachineRun] 0
HKU\S-1-5-20\...\Policies\Traveller: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-20\...\Policies\Traveller: [DisableCurrentUserRun] 0
HKU\S-1-5-20\...\Policies\Traveller: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-20\...\Policies\Traveller: [NoViewContextMenu] 0
HKU\S-1-5-20\...\Policies\Traveller: [NoShellSearchButton] 0
HKU\S-1-5-20\...\Policies\Traveller: [NoFind] 0
HKU\S-1-5-20\...\Policies\Traveller: [NoFile] 0
HKU\S-1-5-20\...\Policies\Traveller: [HideClock] 0
HKU\S-1-5-20\...\Policies\Traveller: [NoTrayContextMenu] 0
HKU\S-1-5-20\...\Policies\Traveller: [NoTrayItemsDisplay] 0
HKU\S-1-5-20\...\Policies\Traveller: [NoSetFolders] 0
HKU\S-1-5-20\...\Policies\Traveller: [NoDevMgrUpdate] 0
HKU\S-1-5-20\...\Policies\Traveller: [NoSetTaskbar] 0
HKU\S-1-5-20\...\Policies\Traveller: [NoDeletePrinter] 0
HKU\S-1-5-20\...\Policies\Traveller: [NoDFSTab] 0
HKU\S-1-5-20\...\Policies\Traveller: [NoChangeStartMenu] 0
HKU\S-1-5-20\...\Policies\Traveller: [NoLogoff] 0
HKU\S-1-5-20\...\Policies\Traveller: [NoWindowsUpdate] 0
HKU\S-1-5-20\...\Policies\Traveller: [NoEncryptOnMove] 0
HKU\S-1-5-20\...\Policies\Traveller: [NoRunasInstallPrompt] 0
HKU\S-1-5-20\...\Policies\Traveller: [NoResolveSearch] 0
HKU\S-1-5-20\...\Policies\Traveller: [NoSaveSettings] 0
HKU\S-1-5-20\...\Policies\Traveller: [NoHardwareTab] 0
HKU\S-1-5-20\...\Policies\Traveller: [NoStartMenuSubFolders] 0
HKLM Group Policy restriction on software: cipher.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.js <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.js <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: syskey.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.js <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.js <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.exe <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.js <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.jse <====== ATTENTION
HKLM Group Policy restriction on software: lsassw86s.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.js <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.js <====== ATTENTION
HKLM Group Policy restriction on software: %programfiles(x86)%\*\svchost.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.com <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.js <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.exe <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.js <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.scr <====== ATTENTION
HKLM Group Policy restriction on software: ** <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.scr <====== ATTENTION
HKLM Group Policy restriction on software: scsvserv.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Appdata\Roaming\Microsoft\Windows\IEUpdate\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*\svchost.exe <====== ATTENTION
HKLM Group Policy restriction on software: vssadmin.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.com <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %systemdrive%\*\svchost.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.js <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.bat <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.com <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.com <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.js <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: lsassvrtdbks.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.js <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.js <====== ATTENTION
HKLM Group Policy restriction on software: %programfiles%\*\svchost.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.exe <====== ATTENTION
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-09-22] (Oracle Corporation)
CMD: RD /S /Q %WinDir%\System32\GroupPolicyUsers
CMD: RD /S /Q %WinDir%\System32\GroupPolicy
CMD: RD /S /Q %WinDir%\SysWOW64\GroupPolicyUsers
CMD: RD /S /Q %WinDir%\SysWOW64\GroupPolicy
CMD: RD /S /Q %WinDir%\SysNative\GroupPolicyUsers
CMD: RD /S /Q %WinDir%\SysNative\GroupPolicy
CMD: gpupdate /force
CMD: bitsadmin /reset /allusers
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: ipconfig /flushdns
EmptyTemp:
end

*****************

Processes closed successfully.
Restore point was successfully created.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32\\iTunesHelper => value removed successfully
HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\iTunesHelper => value not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32\\QuickTime Task => value removed successfully
HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\QuickTime Task => value not found.
Could not move "C:\Windows\system32\Drivers\etc\hosts" => Scheduled to move on reboot.
Could not move "C:\Windows\System32\Drivers\etc\hosts" => Scheduled to move on reboot.
HKU\.DEFAULT\Software\Classes\exefile => key removed successfully
HKU\.DEFAULT\Software\Classes\.exe => key removed successfully
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\WRkrn => key removed successfully
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\WRSVC => key removed successfully
C:\ProgramData\TEMP => ":41ADDB8A" ADS removed successfully.
C:\ProgramData\TEMP => ":A064CECC" ADS removed successfully.
C:\ProgramData\TEMP => ":B755D674" ADS removed successfully.
C:\ProgramData\TEMP => "5FBE8F9" ADS removed successfully.
C:\Users\Public\DRM => ":احتضان" ADS removed successfully.
C:\Users\Traveller\Desktop\Inner-Light.jpg => ":$CmdZnID" ADS removed successfully.
C:\Users\Traveller\Downloads\Keygen-MESMERiZE.rar => ":$CmdTcID" ADS removed successfully.
C:\Users\Traveller\Downloads\Keygen-MESMERiZE.rar => ":$CmdZnID" ADS removed successfully.
C:\Users\Traveller\Downloads\pijano (mastered).mp3 => ":$CmdTcID" ADS removed successfully.
C:\Users\Traveller\Downloads\pijano (mastered).mp3 => ":$CmdZnID" ADS removed successfully.
C:\Users\Traveller\Downloads\pocket.crx => ":$CmdZnID" ADS removed successfully.
C:\Users\Traveller\Downloads\Reset_antispam_0.3.1.7z => ":$CmdZnID" ADS removed successfully.
C:\Users\Traveller\Downloads\rokcandy-2.0.1 (1).zip => ":$CmdZnID" ADS removed successfully.
C:\Users\Traveller\Downloads\root.crt => ":$CmdZnID" ADS removed successfully.
C:\Users\Traveller\Downloads\root.der => ":$CmdZnID" ADS removed successfully.
C:\Users\Traveller\Downloads\You Will Not Face This Alone.mp3 => ":$CmdTcID" ADS removed successfully.
C:\Users\Traveller\Downloads\You Will Not Face This Alone.mp3 => ":$CmdZnID" ADS removed successfully.
C:\Users\Traveller\Downloads\[kickass.so]hotline.miami.update.3.gog.torrent => ":$CmdZnID" ADS removed successfully.
C:\Users\Traveller\Favorites\FileOptimizer Home Page.lnk => moved successfully
C:\Users\Traveller\Favorites\NCH Software Download Site.lnk => moved successfully
C:\Users\Traveller\Dropbox\Равиль\для меня.lnk => moved successfully
C:\Users\Traveller\Desktop\Домашняя бухгалтерия 5.lnk => moved successfully
C:\Users\Traveller\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Yamb 2.1.0.0 beta 2\Yamb - Website.lnk => moved successfully
C:\Users\Traveller\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\WorkFlowy.lnk => Shortcut argument removed successfully.
C:\Users\Traveller\AppData\Roaming\Microsoft\Internet Traveller\Quick Launch\User Pinned\ImplicitAppShortcuts\aeea6001c9fdcab9\Click&Clean.lnk => not found.
C:\Users\Traveller\AppData\Roaming\Microsoft\Internet Traveller\Quick Launch\User Pinned\ImplicitAppShortcuts\a3a1d6b8109861c5\Hangouts.lnk => not found.
C:\Users\Traveller\AppData\Roaming\Microsoft\Internet Traveller\Quick Launch\User Pinned\ImplicitAppShortcuts\5a7f1fc1149619d6\Epic Privacy Browser.lnk => not found.
C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-925185676-1098965860-4220522822-1001UA.job => moved successfully
C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-925185676-1098965860-4220522822-1001Core.job => moved successfully
C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cf6986c118e050.job => moved successfully
C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d0001d73c8b334.job => moved successfully
C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-925185676-1098965860-4220522822-1001Core1cfd791cbe00d3.job => moved successfully
C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-925185676-1098965860-4220522822-1001Core1cfed3dadc0292f.job => moved successfully
C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-925185676-1098965860-4220522822-1001Core1cffedb14d73815.job => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FCC01015-90D3-40BB-A7B7-FB8C342A9385} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FCC01015-90D3-40BB-A7B7-FB8C342A9385} => key removed successfully
C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-925185676-1098965860-4220522822-1001Core1d0411f110ceba0 => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskUserS-1-5-21-925185676-1098965860-4220522822-1001Core1d0411f110ceba0 => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CA479769-6B76-4C74-B358-67423E5E14AE} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CA479769-6B76-4C74-B358-67423E5E14AE} => key removed successfully
C:\Windows\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{D3E94B6F-E162-41ED-A78D-49068CC7ED23} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D3E94B6F-E162-41ED-A78D-49068CC7ED23} => key removed successfully
C:\Windows\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DAAEF8CA-94B0-46E6-94ED-FDC4B3E4AF4A} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DAAEF8CA-94B0-46E6-94ED-FDC4B3E4AF4A} => key removed successfully
C:\Windows\System32\Tasks\{2F3CCF69-1646-4DB0-AFD2-72E35FF466E2} => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{2F3CCF69-1646-4DB0-AFD2-72E35FF466E2} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DDB4C5BF-2FE1-41E1-8D6F-FE99673976A4} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DDB4C5BF-2FE1-41E1-8D6F-FE99673976A4} => key removed successfully
C:\Windows\System32\Tasks\{CA56EAE6-5E60-454F-8EE2-3825A791791D} => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{CA56EAE6-5E60-454F-8EE2-3825A791791D} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{E050D551-CEF3-49EA-B469-70424D4A805A} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E050D551-CEF3-49EA-B469-70424D4A805A} => key removed successfully
C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1408935599 => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Opera scheduled Autoupdate 1408935599 => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E2DB1668-3E8B-457C-AF8E-95E39708C96A} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E2DB1668-3E8B-457C-AF8E-95E39708C96A} => key removed successfully
C:\Windows\System32\Tasks\{2090741D-AF19-4C0D-987B-D5AD2CA171A4} => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{2090741D-AF19-4C0D-987B-D5AD2CA171A4} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{91E9E3CA-F7D9-4D12-A30D-BB7ADA79C6DC} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{91E9E3CA-F7D9-4D12-A30D-BB7ADA79C6DC} => key removed successfully
C:\Windows\System32\Tasks\Chameleon Startup Manager-Traveller => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Chameleon Startup Manager-Traveller => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{92C88288-96C8-4FDF-A609-217497BFBEF9} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{92C88288-96C8-4FDF-A609-217497BFBEF9} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Pointstone\System Cleaner\Log On Notice => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9822B3AD-B62E-42E8-8E38-EFEAEF22F1B2} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9822B3AD-B62E-42E8-8E38-EFEAEF22F1B2} => key removed successfully
C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-925185676-1098965860-4220522822-1001UA => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskUserS-1-5-21-925185676-1098965860-4220522822-1001UA => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9CBC36AC-65A1-4EE6-ADFE-AFF60472DD16} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9CBC36AC-65A1-4EE6-ADFE-AFF60472DD16} => key removed successfully
C:\Windows\System32\Tasks\Chameleon Monitor-startup-Traveller => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Chameleon Monitor-startup-Traveller => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{A549169A-D962-4B64-81D2-C964B9449C9A} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A549169A-D962-4B64-81D2-C964B9449C9A} => key removed successfully
C:\Windows\System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4AC54D11-6DD2-4038-A5FF-94888CBDEE05} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4AC54D11-6DD2-4038-A5FF-94888CBDEE05} => key removed successfully
C:\Windows\System32\Tasks\Run RoboForm TaskBar Icon => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Run RoboForm TaskBar Icon => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5296151F-94E0-4363-BD38-3D32EB8820F6} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5296151F-94E0-4363-BD38-3D32EB8820F6} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{505A68B3-E825-4D29-AC08-B71CA2308CF5} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{5F4BF8A0-2FF1-467F-916B-CC2DAC8D72B1} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5F4BF8A0-2FF1-467F-916B-CC2DAC8D72B1} => key removed successfully
C:\Windows\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6A53FC7F-5F79-4FB4-8C68-579E7C847A2D} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6A53FC7F-5F79-4FB4-8C68-579E7C847A2D} => key removed successfully
C:\Windows\System32\Tasks\{F5A09CDD-01AF-42BB-88BB-10471CCE6707} => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{F5A09CDD-01AF-42BB-88BB-10471CCE6707} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{7476B54B-CDB4-47A2-85FC-8F1BC37E7E33} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7476B54B-CDB4-47A2-85FC-8F1BC37E7E33} => key removed successfully
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7B81CF39-A304-40ED-B0FA-E97FCA106CC3} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7B81CF39-A304-40ED-B0FA-E97FCA106CC3} => key removed successfully
C:\Windows\System32\Tasks\Open URL by RoboForm => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Open URL by RoboForm => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8033146A-54E7-453E-A3E9-FC0972A14F1A} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8033146A-54E7-453E-A3E9-FC0972A14F1A} => key removed successfully
C:\Windows\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8D6A16C1-3BA2-4877-85C3-A3631C653532} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8D6A16C1-3BA2-4877-85C3-A3631C653532} => key removed successfully
C:\Windows\System32\Tasks\{A1D5D0E4-BB6C-4E3C-BD67-E5A8C0E74A2E} => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{A1D5D0E4-BB6C-4E3C-BD67-E5A8C0E74A2E} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8EC5BF83-AC06-4190-A64A-4096E5BBCD19} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8EC5BF83-AC06-4190-A64A-4096E5BBCD19} => key removed successfully
C:\Windows\System32\Tasks\Nero\Nero Info => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Nero\Nero Info => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3C7DF767-9E4B-4F3B-841D-95887E75AEFD} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3C7DF767-9E4B-4F3B-841D-95887E75AEFD} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Pointstone\System Cleaner\Daily Notice => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{43A17CBD-36AD-4BFB-B3C5-1FEF32E15681} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{43A17CBD-36AD-4BFB-B3C5-1FEF32E15681} => key removed successfully
C:\Windows\System32\Tasks\Red Giant Link => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Red Giant Link => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4515A598-639B-489A-B22D-0FF6267D4734} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4515A598-639B-489A-B22D-0FF6267D4734} => key removed successfully
C:\Windows\System32\Tasks\Norton AntiVirus\Norton Error Processor => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Norton AntiVirus\Norton Error Processor => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{00CE6CA9-7691-46ED-A32B-41B5D8052A0B} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{00CE6CA9-7691-46ED-A32B-41B5D8052A0B} => key removed successfully
C:\Windows\System32\Tasks\Norton AntiVirus\Norton Error Analyzer => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Norton AntiVirus\Norton Error Analyzer => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{063A6DF0-D9DF-4D01-98C0-43B458DBC34F} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{063A6DF0-D9DF-4D01-98C0-43B458DBC34F} => key removed successfully
C:\Windows\System32\Tasks\{36E7CDCE-3B01-4650-8948-AF254DEB073C} => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{36E7CDCE-3B01-4650-8948-AF254DEB073C} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0A4E987C-6912-497D-A2C5-DDC107B9467C} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0A4E987C-6912-497D-A2C5-DDC107B9467C} => key removed successfully
C:\Windows\System32\Tasks\AdobeAAMUpdater-1.0-MicrosoftAccount-ltwingtrust@hotmail.com => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AdobeAAMUpdater-1.0-MicrosoftAccount-ltwingtrust@hotmail.com => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0AC4904A-8372-4020-9BFF-55B687BCD936} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0AC4904A-8372-4020-9BFF-55B687BCD936} => key removed successfully
C:\Windows\System32\Tasks\GarminUpdaterTask => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GarminUpdaterTask => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0CB03F15-7BBF-4237-8FBB-FE6F3FA35FCD} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0CB03F15-7BBF-4237-8FBB-FE6F3FA35FCD} => key removed successfully
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA1cf6986c118e050 => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA1cf6986c118e050 => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{197671D1-207D-49D1-A944-E0D46AEF8027} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{197671D1-207D-49D1-A944-E0D46AEF8027} => key removed successfully
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA1d041918bdfa750 => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA1d041918bdfa750 => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2409A78A-85F7-40FD-AD75-A78F381E4B62} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2409A78A-85F7-40FD-AD75-A78F381E4B62} => key removed successfully
C:\Windows\System32\Tasks\Chameleon Monitor-Traveller => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Chameleon Monitor-Traveller => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2D04D24E-3525-4A26-A43D-33B1A0FF27BC} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2D04D24E-3525-4A26-A43D-33B1A0FF27BC} => key removed successfully
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA1d0001d73c8b334 => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA1d0001d73c8b334 => key removed successfully
C:\Users\Traveller\AppData\Local\Temp\kernel32.dll => moved successfully
C:\Users\Traveller\AppData\Local\Temp\PidGenX.dll => moved successfully
C:\ProgramData\RegistryReviver.exe => moved successfully
C:\ProgramData\agent.1485894021.bdinstall.bin => moved successfully
C:\ProgramData\agent.1485894894.bdinstall.bin => moved successfully
C:\Users\Traveller\AppData\Local\~wmrg => moved successfully
C:\Users\Traveller\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini => moved successfully
C:\Users\Traveller\AppData\Local\.C3F2FH85-G3D2-2F02-D5CH-7D3D8C553E56 => moved successfully
C:\Users\Traveller\AppData\Local\.DG212F11-EC8C-210D-DE1E-D9584D18D740 => moved successfully
C:\Users\Traveller\AppData\Local\00000128 => moved successfully
"C:\Users\Traveller\AppData\Local\~wmrg" => not found.
C:\Users\Traveller\AppData\Roaming\qBittorrent => moved successfully
"C:\Windows\System32\Tasks\GarminUpdaterTask" => not found.
"C:\Users\Traveller\AppData\Local\00000128" => not found.

"C:\ProgramData\WRData" folder move:

Could not move "C:\ProgramData\WRData" => Scheduled to move on reboot.

C:\Users\Traveller\AppData\Roaming\uTorrent => moved successfully
C:\Windows\system32\MRT => moved successfully
C:\Windows\system32\MRT.exe => moved successfully
"C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cf6986c118e050.job" => not found.
C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-925185676-1098965860-4220522822-1001 => moved successfully
C:\ProgramData\TEMP => moved successfully
"C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d0001d73c8b334.job" => not found.
C:\Users\Traveller\AppData\Roaming\Adobe BMP Format CC Prefs => moved successfully
C:\Users\Traveller\AppData\Roaming\Adobe GIF Format CC Prefs => moved successfully
C:\Users\Traveller\AppData\Roaming\Adobe PNG Format CC Prefs => moved successfully
C:\Users\Traveller\AppData\Roaming\AdobeWLCMCache.dat => moved successfully
C:\Users\Traveller\AppData\Roaming\alsoft.ini => moved successfully
C:\Users\Traveller\AppData\Roaming\Ambience => moved successfully
C:\Users\Traveller\AppData\Roaming\CheckWinVer.log => moved successfully
C:\Users\Traveller\AppData\Roaming\droid4xinstaller.log => moved successfully
C:\Users\Traveller\AppData\Roaming\FontInfo.bin => moved successfully
C:\Users\Traveller\AppData\Roaming\GlyphInfo.bin => moved successfully
C:\Users\Traveller\AppData\Roaming\PS14_panel.log => moved successfully
C:\Users\Traveller\AppData\Roaming\SAS7_000.DAT => moved successfully
C:\Users\Traveller\AppData\Roaming\winscp.rnd => moved successfully
C:\Users\Traveller\AppData\Roaming\Значения, разделенные запятыми.ADR => moved successfully
"C:\Users\Traveller\AppData\Local\.C3F2FH85-G3D2-2F02-D5CH-7D3D8C553E56" => not found.
"C:\Users\Traveller\AppData\Local\.DG212F11-EC8C-210D-DE1E-D9584D18D740" => not found.
"C:\Users\Traveller\AppData\Local\00000128" => not found.
C:\Users\Traveller\AppData\Local\ACCCx2_2_1_260.zip.aamdownload => moved successfully
C:\Users\Traveller\AppData\Local\ACCCx2_2_1_260.zip.aamdownload.aamd => moved successfully
C:\Users\Traveller\AppData\Local\Adobe Save for Web 13.0 Prefs => moved successfully
"C:\Users\Traveller\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini" => not found.
C:\Users\Traveller\AppData\Local\helpman.imc => moved successfully
C:\Users\Traveller\AppData\Local\housecall.guid.cache => moved successfully
C:\Users\Traveller\AppData\Local\llftool.4.40.agreement => moved successfully
C:\Users\Traveller\AppData\Local\PUTTY.RND => moved successfully
C:\Users\Traveller\AppData\Local\recently-used.xbel => moved successfully
C:\Users\Traveller\AppData\Local\Resmon.ResmonCfg => moved successfully
C:\Users\Traveller\AppData\Local\sponge.last.runtime.cache => moved successfully
"C:\Users\Traveller\AppData\Local\~wmrg" => not found.
"C:\ProgramData\agent.1485894021.bdinstall.bin" => not found.
"C:\ProgramData\agent.1485894894.bdinstall.bin" => not found.
C:\Users\Traveller\AppData\LocalLow\wbkD99A.tmp => moved successfully
C:\Windows\RegBootClean64.exe => moved successfully
C:\ProgramData\Trend Micro => moved successfully
"C:\Users\Traveller\AppData\Local\housecall.guid.cache" => not found.
C:\Users\Public\Desktop\Trend_Micro.exe => moved successfully
"C:\ProgramData\agent.1485894894.bdinstall.bin" => not found.
"C:\ProgramData\agent.1485894021.bdinstall.bin" => not found.
C:\Users\Traveller\AppData\Local\Trend Micro => moved successfully
HKLM\System\CurrentControlSet\Services\DfSdkS => key removed successfully
DfSdkS => service removed successfully
HKLM\System\CurrentControlSet\Services\nvvad_WaveExtensible => key removed successfully
nvvad_WaveExtensible => service removed successfully
HKLM\System\CurrentControlSet\Services\SR => key removed successfully
SR => service removed successfully
HKLM\System\CurrentControlSet\Services\srservice => key removed successfully
srservice => service removed successfully
HKLM\System\CurrentControlSet\Services\vpnva => key removed successfully
vpnva => service removed successfully
HKLM\System\CurrentControlSet\Services\RTCore64 => key removed successfully
RTCore64 => service removed successfully
HKLM\System\CurrentControlSet\Services\NAVENG => key removed successfully
NAVENG => service removed successfully
HKLM\System\CurrentControlSet\Services\NAVEX15 => key removed successfully
NAVEX15 => service removed successfully
HKLM\System\CurrentControlSet\Services\DIRECTIO => key removed successfully
DIRECTIO => service removed successfully
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\pkijdmeepjhpenmighhaodgfoogncnlk => key removed successfully
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\iikflkcanblccfahdhdonehdalibjnif => key removed successfully
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\ngkhgikojglcgnckopipfdajaifmmnnc => key removed successfully
HKLM\SOFTWARE\Google\Chrome\Extensions\iikflkcanblccfahdhdonehdalibjnif => key removed successfully
C:\Users\Traveller\AppData\Local\Google\Chrome\User Data\Default\Extensions\ninejjcohidippngpapiilnmkgllmakh => moved successfully
C:\Users\Traveller\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlmmgnhgdeffjkdckmikfpnddkbbfkkk => moved successfully
C:\Users\Traveller\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda => moved successfully
C:\Users\Traveller\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkhnbhdofgaendegcgbmndipmijhbili => moved successfully
C:\Users\Traveller\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo => moved successfully
C:\Users\Traveller\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf => moved successfully
C:\Users\Traveller\AppData\Roaming\mozilla\plugins\npgoogletalk.dll => moved successfully
C:\Users\Traveller\AppData\Roaming\mozilla\plugins\npo1d.dll => moved successfully
HKU\S-1-5-21-925185676-1098965860-4220522822-1001\Software\MozillaPlugins\@tools.google.com/Google Update;version=3 => key removed successfully
C:\Users\Traveller\AppData\Local\Google\Update\1.3.32.7\npGoogleUpdate3.dll => moved successfully
HKU\S-1-5-21-925185676-1098965860-4220522822-1001\Software\MozillaPlugins\@tools.google.com/Google Update;version=9 => key removed successfully
C:\Users\Traveller\AppData\Local\Google\Update\1.3.32.7\npGoogleUpdate3.dll => not found.
HKU\S-1-5-21-925185676-1098965860-4220522822-1001\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0 => key removed successfully
C:\Users\Traveller\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll => moved successfully
HKLM\Software\Wow6432Node\MozillaPlugins\@wacom.com/wtPlugin,version=2.1.0.7 => key removed successfully
C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll => moved successfully
HKLM\Software\Wow6432Node\MozillaPlugins\adobe.com/AdobeAAMDetect => key removed successfully
C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll => moved successfully
HKLM\Software\Wow6432Node\MozillaPlugins\wacom.com/WacomTabletPlugin => key removed successfully
C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll => not found.
HKU\S-1-5-21-925185676-1098965860-4220522822-1001\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin => key not found.
C:\Users\Traveller\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll => not found.
HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3 => key removed successfully
C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll => moved successfully
HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9 => key removed successfully
C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll => not found.
"C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll" => not found.
Firefox Proxy settings were reset.
(host == \"iview.abc.net.au\") => Error: No automatic fix found for this entry.
(host == \"iviewmetered-vh.akamaihd.net\") => Error: No automatic fix found for this entry.
(url.indexOf(\"proxmate=au\") != -1) => Error: No automatic fix found for this entry.
(host == \"livestream.com\") => Error: No automatic fix found for this entry.
(host == \"www.livestream.com\") => Error: No automatic fix found for this entry.
(host == \"api.new.livestream.com\") => Error: No automatic fix found for this entry.
(host == \"player.ooyala.com\") => Error: No automatic fix found for this entry.
(host == \"xnewsvidhd-vh.akamaihd.net\") => Error: No automatic fix found for this entry.
(host == \"www.animelab.com\") => Error: No automatic fix found for this entry.
{ return 'PROXY au-node.proxmate.me:8008' } else if ((url.indexOf(\"proxmate=ca\") != -1) => No running process found
(host == \"ici.tou.tv\") => Error: No automatic fix found for this entry.
(host == \"toutvuniver1-vh.akamaihd.net\") => Error: No automatic fix found for this entry.
(host == \"geoip.radio-canada.ca\") => Error: No automatic fix found for this entry.
(host == \"api.radio-canada.ca\") => Error: No automatic fix found for this entry.
(host == \"images.tou.tv\") => Error: No automatic fix found for this entry.
(host == \"player.siriusxm.ca\") => Error: No automatic fix found for this entry.
(host == \"primary.hls-streaming.production.streaming.siriusxm.ca\") => Error: No automatic fix found for this entry.
(host == \"now.sportsnet.ca\") => Error: No automatic fix found for this entry.
(host == \"watch.sportsnet.ca\") => Error: No automatic fix found for this entry.
(host == \"player.9c9media.com\") => Error: No automatic fix found for this entry.
(host == \"metrics.ctv.ca\") => Error: No automatic fix found for this entry.
(host == \"capi.9c9media.com\") => Error: No automatic fix found for this entry.
(host == \"www.ctv.ca\") => Error: No automatic fix found for this entry.
(host == \"www.willow.tv\") => Error: No automatic fix found for this entry.
{ return 'PROXY ca-node.proxmate.me:8008' } else if ((host == \"arte.tv\") => No running process found
(host == \"www.arte.tv\") => Error: No automatic fix found for this entry.
(host == \"geoftv-a.akamaihd.net\") => Error: No automatic fix found for this entry.
(host == \"hdfauthftv-a.akamaihd.net\") => Error: No automatic fix found for this entry.
(host == \"replayftv-vh.akamaihd.net\") => Error: No automatic fix found for this entry.
(host == \"ftvingest-vh.akamaihd.net\") => Error: No automatic fix found for this entry.
(host == \"live.francetv.fr\") => Error: No automatic fix found for this entry.
(host == \"d8.tv\") => Error: No automatic fix found for this entry.
(host == \"www.d8.tv\") => Error: No automatic fix found for this entry.
(host == \"us-cplus-aka.canal-plus.com\") => Error: No automatic fix found for this entry.
(host == \"hds_live_d8_aka-lh.akamaihd.net\") => Error: No automatic fix found for this entry.
(host == \"d17.tv\") => Error: No automatic fix found for this entry.
(host == \"www.d17.tv\") => Error: No automatic fix found for this entry.
(host == \"hds_live_d17_aka-lh.akamaihd.net\") => Error: No automatic fix found for this entry.
(url.indexOf(\"proxmate=fr\") != -1) => Error: No automatic fix found for this entry.
(host == \"www.6play.fr\") => Error: No automatic fix found for this entry.
(host == \"geo.6cloud.fr\") => Error: No automatic fix found for this entry.
(host == \"proxy-021.dc3.dailymotion.com\") => Error: No automatic fix found for this entry.
(host == \"proxy-67.dailymotion.com\") => Error: No automatic fix found for this entry.
(host == \"prof.estat.com\") => Error: No automatic fix found for this entry.
(host == \"metrics.dailymotion.com\") => Error: No automatic fix found for this entry.
(host == \"www.dailymotion.com\") => Error: No automatic fix found for this entry.
{ return 'PROXY fr-node.proxmate.me:8008' } else if ((host == \"vod-akamai-psd-hds.p7s1digital.de\") => No running process found
(host == \"vas.sim-technik.de\") => Error: No automatic fix found for this entry.
(url.indexOf(\"proxmate=de\") != -1) => Error: No automatic fix found for this entry.
(host == \"nightclub.de\") => Error: No automatic fix found for this entry.
(host == \"zdf.de\") => Error: No automatic fix found for this entry.
(host == \"www.zdf.de\") => Error: No automatic fix found for this entry.
(host == \"zdf_hds_de-f.akamaihd.net\") => Error: No automatic fix found for this entry.
(host == \"api.nowtv.de\") => Error: No automatic fix found for this entry.
(host == \"delivestream-lh.akamaihd.net\") => Error: No automatic fix found for this entry.
(host == \"cdnapi.kaltura.com\") => Error: No automatic fix found for this entry.
(host == \"disneychannel.de\") => Error: No automatic fix found for this entry.
{ return 'PROXY de-node.proxmate.me:8008' } else if ((host == \"www.tg4.ie\") => No running process found
(url.indexOf(\"proxmate=ie\") != -1)) { return 'PROXY ie-node.proxmate.me:8008' } else if ((host == \"rai.tv\") => Error: No automatic fix found for this entry.
(host == \"www.rai.tv\") => Error: No automatic fix found for this entry.
(host == \"mediapolis.rai.it\") => Error: No automatic fix found for this entry.
(host == \"www.rai.it\") => Error: No automatic fix found for this entry.
(host == \"stream5.rai.it\") => Error: No automatic fix found for this entry.
(host == \"stream6.rai.it\") => Error: No automatic fix found for this entry.
(host == \"stream7.rai.it\") => Error: No automatic fix found for this entry.
(host == \"sspushrai1-s.akamaihd.net\") => Error: No automatic fix found for this entry.
(host == \"sspushrai2-s.akamaihd.net\") => Error: No automatic fix found for this entry.
(host == \"sspushraisport2-s.akamaihd.net\") => Error: No automatic fix found for this entry.
(host == \"sspushrai3-s.akamaihd.net\") => Error: No automatic fix found for this entry.
(host == \"secondary.adaptiveedge.rai.it\") => Error: No automatic fix found for this entry.
(host == \"rai-italia01.wt-eu02.net\") => Error: No automatic fix found for this entry.
(host == \"download.rai.tv\") => Error: No automatic fix found for this entry.
(host == \"mediapolisvod.rai.it\") => Error: No automatic fix found for this entry.
(host == \"ww.rai.tv\") => Error: No automatic fix found for this entry.
(host == \".xuniplay.fdnames.com\") => Error: No automatic fix found for this entry.
(url.indexOf(\"xuniplay.fdnames.com\") != -1) => Error: No automatic fix found for this entry.
(host == \"se-to1-8.se.live3.msf.ticdn.it\") => Error: No automatic fix found for this entry.
(host == \"live.shinystat.com\") => Error: No automatic fix found for this entry.
(host == \"lic.mediaset.net\") => Error: No automatic fix found for this entry.
(host == \"cssr.video.mediaset.it\") => Error: No automatic fix found for this entry.
(url.indexOf(\"proxmate=it\") != -1) => Error: No automatic fix found for this entry.
{ return 'PROXY it-node.proxmate.me:8008' } else if ((host == \"telecinco.es\") => No running process found
(host == \"telecinco1-vh.akamaihd.net\") => Error: No automatic fix found for this entry.
(host == \"www.telecinco.es\") => Error: No automatic fix found for this entry.
(url.indexOf(\"proxmate=es\") != -1) => Error: No automatic fix found for this entry.
(host == \"antena3.com\") => Error: No automatic fix found for this entry.
(host == \"www.antena3.com\") => Error: No automatic fix found for this entry.
(host == \"geodesprogresiva.antena3.com\") => Error: No automatic fix found for this entry.
(host == \"rtve.es\") => Error: No automatic fix found for this entry.
(host == \"www.rtve.es\") => Error: No automatic fix found for this entry.
(host == \"ztnr.rtve.es\") => Error: No automatic fix found for this entry.
(host == \"mvodt.lvlt.rtve.es\") => Error: No automatic fix found for this entry.
(host == \"swf.rtve.es\") => Error: No automatic fix found for this entry.
(host == \"cuatro.com\") => Error: No automatic fix found for this entry.
(host == \"www.cuatro.com\") => Error: No automatic fix found for this entry.
(host == \"cuatro1-vh.akamaihd.net\") => Error: No automatic fix found for this entry.
(host == \"peliculas-online.atresplayer.com\") => Error: No automatic fix found for this entry.
(host == \"servicios.atresplayer.com\") => Error: No automatic fix found for this entry.
(host == \"atresplayer.com\") => Error: No automatic fix found for this entry.
(host == \"www.atresplayer.com\") => Error: No automatic fix found for this entry.
(host == \"k.uecdn.es\") => Error: No automatic fix found for this entry.
(host == \"v.uecdn.es\") => Error: No automatic fix found for this entry.
(host == \"as.com\") => Error: No automatic fix found for this entry.
(host == \"ep00.epimg.net\") => Error: No automatic fix found for this entry.
{ return 'PROXY es-node.proxmate.me:8008' } else if ((host == \"prosieben.ch\") => No running process found
(host == \"www.prosieben.ch\") => Error: No automatic fix found for this entry.
(host == \"s1tv.ch\") => Error: No automatic fix found for this entry.
(host == \"www.s1tv.ch\") => Error: No automatic fix found for this entry.
(host == \"zba2-0-hds-live.zahs.tv\") => Error: No automatic fix found for this entry.
(host == \"embed-zattoo.com\") => Error: No automatic fix found for this entry.
(host == \"chtv.ch\") => Error: No automatic fix found for this entry.
(host == \"www.chtv.ch\") => Error: No automatic fix found for this entry.
(host == \"zba2-1-hds-live.zahs.tv\") => Error: No automatic fix found for this entry.
(host == \"sat1.ch\") => Error: No automatic fix found for this entry.
(host == \"www.sat1.ch\") => Error: No automatic fix found for this entry.
(host == \"rsi.ch\") => Error: No automatic fix found for this entry.
(host == \"www.rsi.ch\") => Error: No automatic fix found for this entry.
(host == \"codch-vh.akamaihd.net\") => Error: No automatic fix found for this entry.
(host == \"il.srgssr.ch\") => Error: No automatic fix found for this entry.
(host == \"ch.viva.tv\") => Error: No automatic fix found for this entry.
(host == \"intl.esperanto.mtvi.com\") => Error: No automatic fix found for this entry.
(url.indexOf(\"proxmate=ch\") != -1) => Error: No automatic fix found for this entry.
(host == \"zattoo.com\") => Error: No automatic fix found for this entry.
(host == \"www.srf.ch\") => Error: No automatic fix found for this entry.
(host == \"srgssruni1ch-lh.akamaihd.net\") => Error: No automatic fix found for this entry.
(host == \"srgssruni2ch-lh.akamaihd.net\") => Error: No automatic fix found for this entry.
(host == \"srgssruni3ch-lh.akamaihd.net\") => Error: No automatic fix found for this entry.
(host == \"www.teleboy.ch\") => Error: No automatic fix found for this entry.
(host == \"aka-cdn-ns.adtech.de\") => Error: No automatic fix found for this entry.
{ return 'PROXY ch-node.proxmate.me:8008' } else if ((host == \"c.brightcove.com\") => No running process found
(host == \"secure.brightcove.com\") => Error: No automatic fix found for this entry.
(host == \"metrics.brightcove.com\") => Error: No automatic fix found for this entry.
(host == \"stv-ak.cds1.yospace.com\") => Error: No automatic fix found for this entry.
(host == \"core.stvfiles.com\") => Error: No automatic fix found for this entry.
(host == \"player.stv.tv\") => Error: No automatic fix found for this entry.
(host == \"stv.brightcove.com.edgesuite.net\") => Error: No automatic fix found for this entry.
(host == \"uk-dev-stv.cdn.videoplaza.tv\") => Error: No automatic fix found for this entry.
(host == \"mercury.itv.com\") => Error: No automatic fix found for this entry.
(host == \"www.itv.com\") => Error: No automatic fix found for this entry.
(host == \"itv.com\") => Error: No automatic fix found for this entry.
(host == \"llnw.live.btv.simplestream.com\") => Error: No automatic fix found for this entry.
(host == \"players.simplestream.com\") => Error: No automatic fix found for this entry.
(host == \"uapi.simplestream.com\") => Error: No automatic fix found for this entry.
(host == \"channel5.com\") => Error: No automatic fix found for this entry.
(host == \"wwwcdn.channel5.com\") => Error: No automatic fix found for this entry.
(host == \"cassie.channel5.com\") => Error: No automatic fix found for this entry.
(host == \"player.channel5.com\") => Error: No automatic fix found for this entry.
(host == \"deliver-hls.channel5.com\") => Error: No automatic fix found for this entry.
(host == \"akahls.channel5.com\") => Error: No automatic fix found for this entry.
(host == \"llnwhls.channel5.com\") => Error: No automatic fix found for this entry.
(host == \"milkshake.tv\") => Error: No automatic fix found for this entry.
(host == \"www.milkshake.tv\") => Error: No automatic fix found for this entry.
(host == \"trk-euwest.tidaltv.com\") => Error: No automatic fix found for this entry.
(host == \"mp.adverts.itv.com\") => Error: No automatic fix found for this entry.
(host == \"req.tidaltv.com\") => Error: No automatic fix found for this entry.
(host == \"s1.2mdn.net\") => Error: No automatic fix found for this entry.
(host == \"pes.itv.com\") => Error: No automatic fix found for this entry.
(host == \"ned.itv.com\") => Error: No automatic fix found for this entry.
(host == \"itvdotcom.2cnt.net\") => Error: No automatic fix found for this entry.
(host == \"tom.itv.com\") => Error: No automatic fix found for this entry.
(host == \"dave.uktv.co.uk\") => Error: No automatic fix found for this entry.
(host == \"uktvplay.uktv.co.uk\") => Error: No automatic fix found for this entry.
(host == \"uktvhdse.brightcove.com.edgesuite.net\") => Error: No automatic fix found for this entry.
(host == \"admin.brightcove.com\") => Error: No automatic fix found for this entry.
(host == \"really.uktv.co.uk\") => Error: No automatic fix found for this entry.
(host == \"yesterday.uktv.co.uk\") => Error: No automatic fix found for this entry.
(host == \"drama.uktv.co.uk\") => Error: No automatic fix found for this entry.
(host == \"live.tvplayer.com\") => Error: No automatic fix found for this entry.
(host == \"tvplayer.com\") => Error: No automatic fix found for this entry.
(host == \"sapi.tvplayer.com\") => Error: No automatic fix found for this entry.
(host == \"api.tvplayer.com\") => Error: No automatic fix found for this entry.
(host == \"www.gamefront.com\") => Error: No automatic fix found for this entry.
(url.indexOf(\"proxmate=uk\") != -1) => Error: No automatic fix found for this entry.
(host == \"channel4.com\") => Error: No automatic fix found for this entry.
(host == \"ais.channel4.com\") => Error: No automatic fix found for this entry.
(host == \"pandr.my.channel4.com\") => Error: No automatic fix found for this entry.
(host == \"all4nav.channel4.com\") => Error: No automatic fix found for this entry.
{ return 'PROXY uk-node.proxmate.me:8008' } else if ((host == \"link.theplatform.com\") => No running process found
(host == \"discidevflash-f.akamaihd.net\") => Error: No automatic fix found for this entry.
(host == \"api.geoip.dp.discovery.com\") => Error: No automatic fix found for this entry.
(host == \"vidtech.cbsinteractive.com\") => Error: No automatic fix found for this entry.
(host == \"vidtech.cbsima.com\") => Error: No automatic fix found for this entry.
(host == \"om.cbsi.com\") => Error: No automatic fix found for this entry.
(host == \"media.mtvnservices.com\") => Error: No automatic fix found for this entry.
(host == \"api-manga.crunchyroll.com\") => Error: No automatic fix found for this entry.
(host == \"crunchyroll.com\") => Error: No automatic fix found for this entry.
(host == \"www.crunchyroll.com\") => Error: No automatic fix found for this entry.
(host == \"cdn.wwtv.warnerbros.com\") => Error: No automatic fix found for this entry.
(host == \"hlsioscwtv.warnerbros.com\") => Error: No automatic fix found for this entry.
(host == \"media.cwtv.com\") => Error: No automatic fix found for this entry.
(host == \"servicesaetn-a.akamaihd.net\") => Error: No automatic fix found for this entry.
(host == \"live.mlssoccer.com\") => Error: No automatic fix found for this entry.
(host == \"tvewnbc-i.akamaihd.net\") => Error: No automatic fix found for this entry.
(host == \"tvenbceast-i.akamaihd.net\") => Error: No automatic fix found for this entry.
(host == \"nbcmpx-vh.akamaihd.net\") => Error: No automatic fix found for this entry.
(host == \"www.pandora.com\") => Error: No automatic fix found for this entry.
(host == \"video.pbs.org\") => Error: No automatic fix found for this entry.
(host == \"ga.video.cdn.pbs.org\") => Error: No automatic fix found for this entry.
(host == \"urs.pbs.org\") => Error: No automatic fix found for this entry.
(host == \"play.spotify.com\") => Error: No automatic fix found for this entry.
(host == \"www.spotify.com\") => Error: No automatic fix found for this entry.
(host == \"play.spotify.edgekey.net\") => Error: No automatic fix found for this entry.
(host == \"www.iheart.com\") => Error: No automatic fix found for this entry.
(host == \"api2.iheart.com\") => Error: No automatic fix found for this entry.
(host == \"api.iheart.com\") => Error: No automatic fix found for this entry.
(host == \"iheart.com\") => Error: No automatic fix found for this entry.
(host == \"nick.mtvnimages.com\") => Error: No automatic fix found for this entry.
(host == \"sni-vh.akamaihd.net\") => Error: No automatic fix found for this entry.
(url.indexOf(\"proxmate=us\") != -1) => Error: No automatic fix found for this entry.
(url.indexOf(\".googlevideo.com\") != -1) => Error: No automatic fix found for this entry.
(host == \"api.segment.io\") => Error: No automatic fix found for this entry.
(host == \"www.vevo.com\") => Error: No automatic fix found for this entry.
(host == \"vevo.com\") => Error: No automatic fix found for this entry.
(host == \"apiv2.vevo.com\") => Error: No automatic fix found for this entry.
(host == \"songza.com\") => Error: No automatic fix found for this entry.
(host == \"new.songza.com\") => Error: No automatic fix found for this entry.
(host == \"www.daisuki.net\") => Error: No automatic fix found for this entry.
(host == \"bngn-vh.akamaihd.net\") => Error: No automatic fix found for this entry.
(host == \"bngnwww.b-ch.com\") => Error: No automatic fix found for this entry.
(host == \"www.hbogo.com\") => Error: No automatic fix found for this entry.
(host == \"catalog.lv3.hbogo.com\") => Error: No automatic fix found for this entry.
(host == \"profile.lv3.hbogo.com\") => Error: No automatic fix found for this entry.
(host == \"profile.hbogo.com\") => Error: No automatic fix found for this entry.
(url.indexOf(\".lv3.hbogo.com\") != -1) => Error: No automatic fix found for this entry.
(host == \"register.hbogo.com\") => Error: No automatic fix found for this entry.
(host == \"play.hbogo.com\") => Error: No automatic fix found for this entry.
(host == \"smetrics.hbogo.com\") => Error: No automatic fix found for this entry.
(url.indexOf(\".lv3.cdn.hbo.com\") != -1) => Error: No automatic fix found for this entry.
(host == \"comet.api.hbo.com\") => Error: No automatic fix found for this entry.
(host == \"play.google.com\") => Error: No automatic fix found for this entry.
(host == \"checkout.google.com\") => Error: No automatic fix found for this entry.
(host == \"store.google.com\") => Error: No automatic fix found for this entry.
(host == \"apis.google.com\") => Error: No automatic fix found for this entry.
(host == \"amc350888def-vh.akamaihd.net\") => Error: No automatic fix found for this entry.
(host == \"a564avoddashnsus-a.akamaihd.net\") => Error: No automatic fix found for this entry.
(host == \"atv-ps.amazon.com\") => Error: No automatic fix found for this entry.
(host == \"www.amazon.com\") => Error: No automatic fix found for this entry.
(host == \"amazon.com\") => Error: No automatic fix found for this entry.
(host == \"fls-na.amazon.com\") => Error: No automatic fix found for this entry.
(host == \"phds-vod.cdn.turner.com\") => Error: No automatic fix found for this entry.
(host == \"token.vgtf.net\") => Error: No automatic fix found for this entry.
(host == \"www.ondemandkorea.com\") => Error: No automatic fix found for this entry.
(host == \"www.fxnetworks.com\") => Error: No automatic fix found for this entry.
(host == \"fxvcms-f.akamaihd.net\") => Error: No automatic fix found for this entry.
(host == \"tvetelemundo-vh.akamaihd.net\") => Error: No automatic fix found for this entry.
(host == \"feed.theplatform.com\") => Error: No automatic fix found for this entry.
(host == \"fsvideohds-vh.akamaihd.net\") => Error: No automatic fix found for this entry.
(host == \"watchable.com\") => Error: No automatic fix found for this entry.
(host == \"cilhlsvod-f.akamaihd.net\") => Error: No automatic fix found for this entry.
(host == \"oxygenvod-vh.akamaihd.net\") => Error: No automatic fix found for this entry.
(host == \"tvesyfy-vh.akamaihd.net\") => Error: No automatic fix found for this entry.
(host == \"www.smithsonianchannel.com\") => Error: No automatic fix found for this entry.
(host == \"c.brightcove.com\") => Error: No automatic fix found for this entry.
(host == \"brightcove01.brightcove.com\") => Error: No automatic fix found for this entry.
(host == \"edge.api.brightcove.com\") => Error: No automatic fix found for this entry.
(host == \"www.eonline.com\") => Error: No automatic fix found for this entry.
(host == \"link.theplatform.com\") => Error: No automatic fix found for this entry.
(host == \"api.listenlive.co\") => Error: No automatic fix found for this entry.
(host == \"playerservices.streamtheworld.com\") => Error: No automatic fix found for this entry.
(host == \"player.listenlive.co\") => Error: No automatic fix found for this entry.
(url.indexOf(\"live.streamtheworld.com\") != -1) => Error: No automatic fix found for this entry.
(host == \"www.cartoonnetwork.com\") => Error: No automatic fix found for this entry.
(host == \"www.viki.com\") => Error: No automatic fix found for this entry.
(host == \"\\\"www.viki.com\") => Error: No automatic fix found for this entry.
(host == \"www.origin.com\") => Error: No automatic fix found for this entry.
(host == \"ht.cdn.turner.com\") => Error: No automatic fix found for this entry.
(host == \"aolvideoshd-vh.akamaihd.net\") => Error: No automatic fix found for this entry.
(host == \"syn.5min.com\") => Error: No automatic fix found for this entry.
(host == \"stvideos.5min.com\") => Error: No automatic fix found for this entry.
(host == \"www.showtime.com\") => Error: No automatic fix found for this entry.
(host == \"secure.showtime.com\") => Error: No automatic fix found for this entry.
(url.indexOf(\".vgtf.net\") != -1) => Error: No automatic fix found for this entry.
(host == \"phds-live.cdn.turner.com\") => Error: No automatic fix found for this entry.
(host == \"api.amplitude.com\") => Error: No automatic fix found for this entry.
(host == \"order.rhapsody.com\") => Error: No automatic fix found for this entry.
(host == \"payment.rhapsody.com\") => Error: No automatic fix found for this entry.
(host == \"www.pivot.tv\") => Error: No automatic fix found for this entry.
(host == \"js.maxmind.com\") => Error: No automatic fix found for this entry.
{ return 'PROXY us-node.proxmate.me:8008' } else if ((host == \"livestreams.omroep.nl\") => No running process found
(host == \".npostreaming.nl\") => Error: No automatic fix found for this entry.
(host == \"ida.omroep.nl\") => Error: No automatic fix found for this entry.
(host == \"npoplayer.omroep.nl\") => Error: No automatic fix found for this entry.
(host == \"www.zapp.nl\") => Error: No automatic fix found for this entry.
(host == \"tellerapi.omroep.nl\") => Error: No automatic fix found for this entry.
(host == \"e.omroep.nl\") => Error: No automatic fix found for this entry.
(url.indexOf(\"proxmate=nl\") != -1)) { return 'PROXY nl-node.proxmate.me:8008' } else if ((host == \"tvthek.orf.at\") => Error: No automatic fix found for this entry.
(host == \"apasfiisl.apa.at\") => Error: No automatic fix found for this entry.
(host == \"orf.oewabox.at\") => Error: No automatic fix found for this entry.
(host == \"194.232.200.58\") => Error: No automatic fix found for this entry.
(host == \"185.85.28.1\") => Error: No automatic fix found for this entry.
(host == \"atvplus.oewabox.at\") => Error: No automatic fix found for this entry.
(host == \"cdn.atv.at\") => Error: No automatic fix found for this entry.
(url.indexOf(\"proxmate=at\") != -1) => Error: No automatic fix found for this entry.
(host == \"hdsvodsportsman-vh.akamaihd.net\") => Error: No automatic fix found for this entry.
(host == \"streamaccess.unas.tv\") => Error: No automatic fix found for this entry.
(host == \"www.laola1.tv\") => Error: No automatic fix found for this entry.
(host == \"www.livestation.com\") => Error: No automatic fix found for this entry.
(host == \"livestation.com\") => Error: No automatic fix found for this entry.
(url.indexOf(\".emigrantas.tv\") != -1)) { return 'PROXY at-node.proxmate.me:8008' } else if ((host == \"netflix.com\") => Error: No automatic fix found for this entry.
(host == \"www.netflix.com\") => Error: No automatic fix found for this entry.
(host == \"cbp-us.nccp.netflix.com\") => Error: No automatic fix found for this entry.
(host == \"secure.netflix.com\") => Error: No automatic fix found for this entry.
(host == \"api-global.netflix.com\") => Error: No automatic fix found for this entry.
(host == \"ichnaea.netflix.com\") => Error: No automatic fix found for this entry.
(host == \"customerevents.netflix.com\") => Error: No automatic fix found for this entry.
{ return 'PROXY usnet-node.proxmate.me:8008' } else if ((host == \"s.hulu.com\") => No running process found
(host == \"www.funimation.com\") => Error: No automatic fix found for this entry.
(host == \"wpc.8c48.edgecastcdn.net\") => Error: No automatic fix found for this entry.
(host == \"southpark.cc.com\") => Error: No automatic fix found for this entry.
(host == \"api.utils.watchabc.go.com\") => Error: No automatic fix found for this entry.
(host == \"www.dramafever.com\") => Error: No automatic fix found for this entry.
(host == \"www.logotv.com\") => Error: No automatic fix found for this entry.
(host == \"api.watchabc.go.com\") => Error: No automatic fix found for this entry.
(host == \"theanimenetwork.com\") => Error: No automatic fix found for this entry.
(host == \"huluim.com\") => Error: No automatic fix found for this entry.
(host == \"www.hulu.com\") => Error: No automatic fix found for this entry.
(host == \"t2.hulu.com\") => Error: No automatic fix found for this entry.
(host == \"urlcheck.hulu.com\") => Error: No automatic fix found for this entry.
(host == \"t.hulu.com\") => Error: No automatic fix found for this entry.
(host == \"s.hulu.com\") => Error: No automatic fix found for this entry.
(host == \"play.hulu.com\") => Error: No automatic fix found for this entry.
{ return 'PROXY ush-node.proxmate.me:8008' } else if ((host == \"player.ooyala.com\") => No running process found
{ return 'PROXY auv-node.proxmate.me:8008' } else if ((host == \"web-api-us.crackle.com\") => No running process found
{ return 'PROXY us2-node.proxmate.me:8008' } else if ((host == \"counter.yadro.ru\") => No running process found
(host == \"turbik.tv\") => Error: No automatic fix found for this entry.
(host == \"player.rutv.ru\") => Error: No automatic fix found for this entry.
(host == \"api.rutv.ru\") => Error: No automatic fix found for this entry.
(host == \"cdnng.v.rtr-vesti.ru\") => Error: No automatic fix found for this entry.
(host == \"player.vgtrk.com\") => Error: No automatic fix found for this entry.
(url.indexOf(\"proxmate=ru\") != -1) => Error: No automatic fix found for this entry.
(host == \"stream.1tv.ru\") => Error: No automatic fix found for this entry.
{ return 'PROXY ru-node.proxmate.me:8008' } else if ((host == \"security.video.globo.com\") => No running process found
(host == \"api.globovideos.com\") => Error: No automatic fix found for this entry.
(host == \"s.videos.globo.com\") => Error: No automatic fix found for this entry.
(host == \"gshow.globo.com\") => Error: No automatic fix found for this entry.
(host == \"voddownload02.video.globo.com\") => Error: No automatic fix found for this entry.
(host == \"secure.nuuvem.com\") => Error: No automatic fix found for this entry.
{ return 'PROXY br-node.proxmate.me:8008' } else if ((host == \"www.bbc.co.uk\") => No running process found
(host == \"open.live.bbc.co.uk\") => Error: No automatic fix found for this entry.
(host == \"fig.bbc.co.uk\") => Error: No automatic fix found for this entry.
(host == \"vod-hds-uk-live.edgesuite.net\") => Error: No automatic fix found for this entry.
(host == \"vod-hds-uk-live.bbcfmt.vo.llnwd.net\") => Error: No automatic fix found for this entry.
(host == \"vs-hds-uk-live.bbcfmt.vo.llnwd.net\") => Error: No automatic fix found for this entry.
(host == \"vs-hds-uk-live.edgesuite.net\") => Error: No automatic fix found for this entry.
{ return 'PROXY ukb-node.proxmate.me:8008' } else { return 'DIRECT'; }}" => No running process found
Firefox Proxy settings were reset.
Firefox Proxy settings were reset.
Firefox Proxy settings were reset.
Firefox Proxy settings were reset.
Firefox Proxy settings were reset.
Firefox Proxy settings were reset.
Firefox Proxy settings were reset.
Firefox Proxy settings were reset.
Firefox Proxy settings were reset.
Firefox Proxy settings were reset.
Firefox Proxy settings were reset.
Firefox Proxy settings were reset.
Firefox Proxy settings were reset.
Firefox Proxy settings were reset.
Firefox Proxy settings were reset.
Firefox Proxy settings were reset.
Firefox Proxy settings were reset.
HKCR\PROTOCOLS\Handler\tmtbim => key not found.
HKCR\CLSID\{0B37915C-8B98-4B9E-80D4-464D2C830D10} => key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{97ab88ef-346b-4179-a0b1-7445896547a5} => value removed successfully
HKCR\CLSID\{97ab88ef-346b-4179-a0b1-7445896547a5} => key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{42DFA04F-0F16-418e-B80C-AB97A5AFAD3A} => value removed successfully
HKCR\Wow6432Node\CLSID\{42DFA04F-0F16-418e-B80C-AB97A5AFAD3A} => key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{97ab88ef-346b-4179-a0b1-7445896547a5} => value removed successfully
HKCR\Wow6432Node\CLSID\{97ab88ef-346b-4179-a0b1-7445896547a5} => key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c8d5d964-2be8-4c5b-8cf5-6e975aa88504} => key removed successfully
HKCR\Wow6432Node\CLSID\{c8d5d964-2be8-4c5b-8cf5-6e975aa88504} => key not found.
HKLM\SOFTWARE\Policies\Microsoft\Internet Traveller: Restriction <======= ATTENTION => Error: No automatic fix found for this entry.
HKU\S-1-5-21-925185676-1098965860-4220522822-1001\SOFTWARE\Policies\Microsoft\Internet Traveller: Restriction <======= ATTENTION => Error: No automatic fix found for this entry.
HKLM\Software\Microsoft\Internet Traveller\Main,Start Page = about:blank => Error: No automatic fix found for this entry.
HKLM\Software\Wow6432Node\Microsoft\Internet Traveller\Main,Start Page = about:blank => Error: No automatic fix found for this entry.
HKLM\Software\Microsoft\Internet Traveller\Main,Search Page = => Error: No automatic fix found for this entry.
HKLM\Software\Wow6432Node\Microsoft\Internet Traveller\Main,Search Page = => Error: No automatic fix found for this entry.
HKLM\Software\Microsoft\Internet Traveller\Main,Default_Page_URL = => Error: No automatic fix found for this entry.
HKLM\Software\Wow6432Node\Microsoft\Internet Traveller\Main,Default_Page_URL = => Error: No automatic fix found for this entry.
HKLM\Software\Microsoft\Internet Traveller\Main,Default_Search_URL = => Error: No automatic fix found for this entry.
HKLM\Software\Wow6432Node\Microsoft\Internet Traveller\Main,Default_Search_URL = => Error: No automatic fix found for this entry.
HKLM\Software\Microsoft\Internet Traveller\Main,Local Page = => Error: No automatic fix found for this entry.
HKLM\Software\Wow6432Node\Microsoft\Internet Traveller\Main,Local Page = => Error: No automatic fix found for this entry.
HKU\S-1-5-21-925185676-1098965860-4220522822-1001\Software\Microsoft\Internet Traveller\Main,Start Page = about:blank => Error: No automatic fix found for this entry.
HKU\S-1-5-21-925185676-1098965860-4220522822-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKU\S-1-5-21-925185676-1098965860-4220522822-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56B90406-7F40-474C-AC73-88B4F2C484EF} => key removed successfully
HKCR\CLSID\{56B90406-7F40-474C-AC73-88B4F2C484EF} => key not found.
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{54997AEA-6BE5-4B1D-AA3A-01377EAF9D27}\\DhcpNameServer => value removed successfully
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{7B4C56F8-54B9-49AE-AC24-2E617300C9FC}\\DhcpNameServer => value removed successfully
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{98FE26F2-9E79-4C35-8D23-4F5B94D8526A}\\DhcpNameServer => value removed successfully
HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\\ActivePolicy => value removed successfully
C:\Windows\system32\GroupPolicy\Machine => moved successfully
C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully
C:\Windows\SysWOW64\GroupPolicy\GPT.ini => moved successfully
C:\Windows\system32\GroupPolicy\User => moved successfully
"C:\Windows\system32\GroupPolicy\Machine" => not found.
HKLM\SOFTWARE\Policies\Google => key removed successfully
C:\Program Files (x86)\Common Files\wruninstall.exe => not found.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass IE RunOnce.lnk => moved successfully
C:\Program Files (x86)\Common Files\wruninstall.exe => not found.
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\"DropboxExt1" => key removed successfully
HKCR\Wow6432Node\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => key not found.
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\"DropboxExt2" => key removed successfully
HKCR\Wow6432Node\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => key not found.
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\"DropboxExt3" => key removed successfully
HKCR\Wow6432Node\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => key not found.
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\"DropboxExt4" => key removed successfully
HKCR\Wow6432Node\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => key not found.
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\"DropboxExt5" => key removed successfully
HKCR\Wow6432Node\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => key not found.
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\"DropboxExt6" => key removed successfully
HKCR\Wow6432Node\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => key not found.
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\"DropboxExt7" => key removed successfully
HKCR\Wow6432Node\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => key not found.
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\"DropboxExt8" => key removed successfully
HKCR\Wow6432Node\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => key not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\1aCopyShExtError => key removed successfully
HKCR\CLSID\{83BEA36E-7680-4598-A4DF-994426F6E78D} => key not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\2aCopyShExtSynced => key removed successfully
HKCR\CLSID\{845B7388-6F85-4F32-9FD5-F02DC7882B89} => key not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\3aCopyShExtSyncing => key removed successfully
HKCR\CLSID\{F6378A7A-F753-449B-AE1B-997A96132E61} => key not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\4aCopyShExtSyncingProg1 => key removed successfully
HKCR\CLSID\{3A511828-777D-46F8-82F4-5B530C1B3D9E} => key not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\5aCopyShExtSyncingProg2 => key removed successfully
HKCR\CLSID\{C8C88204-5B14-40EC-BA72-8AEBC762047E} => key not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\6aCopyShExtSyncingProg3 => key removed successfully
HKCR\CLSID\{ACFF45C3-3EEB-4351-86C2-6696BA264239} => key not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\7aCopyShExtSyncingProg4 => key removed successfully
HKCR\CLSID\{29AF997F-488B-46F0-AE78-7146F1B89CC3} => key not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\8aCopyShExtSyncingProg5 => key removed successfully
HKCR\CLSID\{03F9AD29-1C78-4B66-8890-B177B5430C53} => key not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\"DropboxExt1" => key removed successfully
HKCR\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => key not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\"DropboxExt2" => key removed successfully
HKCR\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => key not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\"DropboxExt3" => key removed successfully
HKCR\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => key not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\"DropboxExt4" => key removed successfully
HKCR\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => key not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\"DropboxExt5" => key removed successfully
HKCR\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => key not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\"DropboxExt6" => key removed successfully
HKCR\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => key not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\"DropboxExt7" => key removed successfully
HKCR\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => key not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\"DropboxExt8" => key removed successfully
HKCR\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => key not found.
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run\\Copy => value removed successfully
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run\\ooVoo.exe => value removed successfully
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run\\GarminExpressTrayApp => value removed successfully
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\system\\DisableCMD => value removed successfully
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\system\\NoDispAppearancePage => value removed successfully
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\system\\NoDispBackgroundPage => value removed successfully
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\system\\NoDispSettingsPage => value removed successfully
HKU\S-1-5-18\...\Policies\Traveller: [NoViewOnDrive] 0 => Error: No automatic fix found for this entry.
HKU\S-1-5-18\...\Policies\Traveller: [DisableLocalMachineRun] 0 => Error: No automatic fix found for this entry.
HKU\S-1-5-18\...\Policies\Traveller: [DisableLocalMachineRunOnce] 0 => Error: No automatic fix found for this entry.
HKU\S-1-5-18\...\Policies\Traveller: [DisableCurrentUserRun] 0 => Error: No automatic fix found for this entry.
HKU\S-1-5-18\...\Policies\Traveller: [DisableCurrentUserRunOnce] 0 => Error: No automatic fix found for this entry.
HKU\S-1-5-18\...\Policies\Traveller: [NoViewContextMenu] 0 => Error: No automatic fix found for this entry.
HKU\S-1-5-18\...\Policies\Traveller: [NoShellSearchButton] 0 => Error: No automatic fix found for this entry.
HKU\S-1-5-18\...\Policies\Traveller: [NoFind] 0 => Error: No automatic fix found for this entry.
HKU\S-1-5-18\...\Policies\Traveller: [NoFile] 0 => Error: No automatic fix found for this entry.
HKU\S-1-5-18\...\Policies\Traveller: [HideClock] 0 => Error: No automatic fix found for this entry.
HKU\S-1-5-18\...\Policies\Traveller: [NoTrayContextMenu] 0 => Error: No automatic fix found for this entry.
HKU\S-1-5-18\...\Policies\Traveller: [NoTrayItemsDisplay] 0 => Error: No automatic fix found for this entry.
HKU\S-1-5-18\...\Policies\Traveller: [NoSetFolders] 0 => Error: No automatic fix found for this entry.
HKU\S-1-5-18\...\Policies\Traveller: [NoDevMgrUpdate] 0 => Error: No automatic fix found for this entry.
HKU\S-1-5-18\...\Policies\Traveller: [NoSetTaskbar] 0 => Error: No automatic fix found for this entry.
HKU\S-1-5-18\...\Policies\Traveller: [NoDeletePrinter] 0 => Error: No automatic fix found for this entry.
HKU\S-1-5-18\...\Policies\Traveller: [NoDFSTab] 0 => Error: No automatic fix found for this entry.
HKU\S-1-5-18\...\Policies\Traveller: [NoChangeStartMenu] 0 => Error: No automatic fix found for this entry.
HKU\S-1-5-18\...\Policies\Traveller: [NoLogoff] 0 => Error: No automatic fix found for this entry.
HKU\S-1-5-18\...\Policies\Traveller: [NoWindowsUpdate] 0 => Error: No automatic fix found for this entry.
HKU\S-1-5-18\...\Policies\Traveller: [NoEncryptOnMove] 0 => Error: No automatic fix found for this entry.
HKU\S-1-5-18\...\Policies\Traveller: [NoRunasInstallPrompt] 0 => Error: No automatic fix found for this entry.
HKU\S-1-5-18\...\Policies\Traveller: [NoResolveSearch] 0 => Error: No automatic fix found for this entry.
HKU\S-1-5-18\...\Policies\Traveller: [NoSaveSettings] 0 => Error: No automatic fix found for this entry.
HKU\S-1-5-18\...\Policies\Traveller: [NoHardwareTab] 0 => Error: No automatic fix found for this entry.
HKU\S-1-5-18\...\Policies\Traveller: [NoStartMenuSubFolders] 0 => Error: No automatic fix found for this entry.
HKU\S-1-5-21-925185676-1098965860-4220522822-1001\Software\Microsoft\Windows\CurrentVersion\Policies\system\\DisableCMD => value removed successfully
HKU\S-1-5-21-925185676-1098965860-4220522822-1001\Software\Microsoft\Windows\CurrentVersion\Policies\system\\NoDispAppearancePage => value removed successfully
HKU\S-1-5-21-925185676-1098965860-4220522822-1001\Software\Microsoft\Windows\CurrentVersion\Policies\system\\NoDispSettingsPage => value removed successfully
HKU\S-1-5-21-925185676-1098965860-4220522822-1001\...\Policies\Traveller: [DisableLocalMachineRun] 0 => Error: No automatic fix found for this entry.
HKU\S-1-5-21-925185676-1098965860-4220522822-1001\...\Policies\Traveller: [DisableLocalMachineRunOnce] 0 => Error: No automatic fix found for this entry.
HKU\S-1-5-21-925185676-1098965860-4220522822-1001\...\Policies\Traveller: [DisableCurrentUserRun] 0 => Error: No automatic fix found for this entry.
HKU\S-1-5-21-925185676-1098965860-4220522822-1001\...\Policies\Traveller: [DisableCurrentUserRunOnce] 0 => Error: No automatic fix found for this entry.
HKU\S-1-5-21-925185676-1098965860-4220522822-1001\...\Policies\Traveller: [NoViewContextMenu] 0 => Error: No automatic fix found for this entry.
HKU\S-1-5-21-925185676-1098965860-4220522822-1001\...\Policies\Traveller: [NoShellSearchButton] 0 => Error: No automatic fix found for this entry.
HKU\S-1-5-21-925185676-1098965860-4220522822-1001\...\Policies\Traveller: [HideClock] 0 => Error: No automatic fix found for this entry.
HKU\S-1-5-21-925185676-1098965860-4220522822-1001\...\Policies\Traveller: [NoTrayItemsDisplay] 0 => Error: No automatic fix found for this entry.
HKU\S-1-5-21-925185676-1098965860-4220522822-1001\...\Policies\Traveller: [NoDevMgrUpdate] 0 => Error: No automatic fix found for this entry.
HKU\S-1-5-21-925185676-1098965860-4220522822-1001\...\Policies\Traveller: [NoDeletePrinter] 0 => Error: No automatic fix found for this entry.
HKU\S-1-5-21-925185676-1098965860-4220522822-1001\...\Policies\Traveller: [NoDFSTab] 0 => Error: No automatic fix found for this entry.
HKU\S-1-5-21-925185676-1098965860-4220522822-1001\...\Policies\Traveller: [NoWindowsUpdate] 0 => Error: No automatic fix found for this entry.
HKU\S-1-5-21-925185676-1098965860-4220522822-1001\...\Policies\Traveller: [NoEncryptOnMove] 0 => Error: No automatic fix found for this entry.
HKU\S-1-5-21-925185676-1098965860-4220522822-1001\...\Policies\Traveller: [NoRunasInstallPrompt] 0 => Error: No automatic fix found for this entry.
HKU\S-1-5-21-925185676-1098965860-4220522822-1001\...\Policies\Traveller: [NoResolveSearch] 0 => Error: No automatic fix found for this entry.
HKU\S-1-5-21-925185676-1098965860-4220522822-1001\...\Policies\Traveller: [NoSaveSettings] 0 => Error: No automatic fix found for this entry.
HKU\S-1-5-21-925185676-1098965860-4220522822-1001\...\Policies\Traveller: [NoHardwareTab] 0 => Error: No automatic fix found for this entry.
HKU\S-1-5-21-925185676-1098965860-4220522822-1001\...\Policies\Traveller: [NoStartMenuSubFolders] 0 => Error: No automatic fix found for this entry.
HKU\S-1-5-21-925185676-1098965860-4220522822-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8185036d-bf50-11e5-82f9-14feb5c3027f} => key removed successfully
HKCR\CLSID\{8185036d-bf50-11e5-82f9-14feb5c3027f} => key not found.
HKU\S-1-5-21-925185676-1098965860-4220522822-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b491a930-679a-11e3-825e-00dbdf2de1f9} => key removed successfully
HKCR\CLSID\{b491a930-679a-11e3-825e-00dbdf2de1f9} => key not found.
HKU\S-1-5-21-925185676-1098965860-4220522822-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e5212153-5f05-11e3-8251-806e6f6e6963} => key removed successfully
HKCR\CLSID\{e5212153-5f05-11e3-8251-806e6f6e6963} => key not found.
HKU\S-1-5-21-925185676-1098965860-4220522822-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Google Update => value removed successfully
HKLM\...\Policies\Traveller: [DisableLocalMachineRun] 0 => Error: No automatic fix found for this entry.
HKLM\...\Policies\Traveller: [DisableLocalMachineRunOnce] 0 => Error: No automatic fix found for this entry.
HKLM\...\Policies\Traveller: [DisableCurrentUserRun] 0 => Error: No automatic fix found for this entry.
HKLM\...\Policies\Traveller: [DisableCurrentUserRunOnce] 0 => Error: No automatic fix found for this entry.
HKLM\...\Policies\Traveller: [NoViewContextMenu] 0 => Error: No automatic fix found for this entry.
HKLM\...\Policies\Traveller: [NoShellSearchButton] 0 => Error: No automatic fix found for this entry.
HKLM\...\Policies\Traveller: [HideClock] 0 => Error: No automatic fix found for this entry.
HKLM\...\Policies\Traveller: [NoTrayItemsDisplay] 0 => Error: No automatic fix found for this entry.
HKLM\...\Policies\Traveller: [NoDevMgrUpdate] 0 => Error: No automatic fix found for this entry.
HKLM\...\Policies\Traveller: [NoDeletePrinter] 0 => Error: No automatic fix found for this entry.
HKLM\...\Policies\Traveller: [NoDFSTab] 0 => Error: No automatic fix found for this entry.
HKLM\...\Policies\Traveller: [NoWindowsUpdate] 0 => Error: No automatic fix found for this entry.
HKLM\...\Policies\Traveller: [NoEncryptOnMove] 0 => Error: No automatic fix found for this entry.
HKLM\...\Policies\Traveller: [NoRunasInstallPrompt] 0 => Error: No automatic fix found for this entry.
HKLM\...\Policies\Traveller: [NoResolveSearch] 0 => Error: No automatic fix found for this entry.
HKLM\...\Policies\Traveller: [NoSaveSettings] 0 => Error: No automatic fix found for this entry.
HKLM\...\Policies\Traveller: [NoHardwareTab] 0 => Error: No automatic fix found for this entry.
HKLM\...\Policies\Traveller: [NoStartMenuSubFolders] 0 => Error: No automatic fix found for this entry.
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Policies\system\\DisableCMD => value removed successfully
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Policies\system\\NoDispAppearancePage => value removed successfully
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Policies\system\\NoDispBackgroundPage => value removed successfully
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Policies\system\\NoDispSettingsPage => value removed successfully
HKU\S-1-5-19\...\Policies\Traveller: [NoViewOnDrive] 0 => Error: No automatic fix found for this entry.
HKU\S-1-5-19\...\Policies\Traveller: [DisableLocalMachineRun] 0 => Error: No automatic fix found for this entry.
HKU\S-1-5-19\...\Policies\Traveller: [DisableLocalMachineRunOnce] 0 => Error: No automatic fix found for this entry.
HKU\S-1-5-19\...\Policies\Traveller: [DisableCurrentUserRun] 0 => Error: No automatic fix found for this entry.
HKU\S-1-5-19\...\Policies\Traveller: [DisableCurrentUserRunOnce] 0 => Error: No automatic fix found for this entry.
HKU\S-1-5-19\...\Policies\Traveller: [NoViewContextMenu] 0 => Error: No automatic fix found for this entry.
HKU\S-1-5-19\...\Policies\Traveller: [NoShellSearchButton] 0 => Error: No automatic fix found for this entry.
HKU\S-1-5-19\...\Policies\Traveller: [NoFind] 0 => Error: No automatic fix found for this entry.
HKU\S-1-5-19\...\Policies\Traveller: [NoFile] 0 => Error: No automatic fix found for this entry.
HKU\S-1-5-19\...\Policies\Traveller: [HideClock] 0 => Error: No automatic fix found for this entry.
HKU\S-1-5-19\...\Policies\Traveller: [NoTrayContextMenu] 0 => Error: No automatic fix found for this entry.
HKU\S-1-5-19\...\Policies\Traveller: [NoTrayItemsDisplay] 0 => Error: No automatic fix found for this entry.
HKU\S-1-5-19\...\Policies\Traveller: [NoSetFolders] 0 => Error: No automatic fix found for this entry.
HKU\S-1-5-19\...\Policies\Traveller: [NoDevMgrUpdate] 0 => Error: No automatic fix found for this entry.
HKU\S-1-5-19\...\Policies\Traveller: [NoSetTaskbar] 0 => Error: No automatic fix found for this entry.
HKU\S-1-5-19\...\Policies\Traveller: [NoDeletePrinter] 0 => Error: No automatic fix found for this entry.
HKU\S-1-5-19\...\Policies\Traveller: [NoDFSTab] 0 => Error: No automatic fix found for this entry.
HKU\S-1-5-19\...\Policies\Traveller: [NoChangeStartMenu] 0 => Error: No automatic fix found for this entry.
HKU\S-1-5-19\...\Policies\Traveller: [NoLogoff] 0 => Error: No automatic fix found for this entry.
HKU\S-1-5-19\...\Policies\Traveller: [NoWindowsUpdate] 0 => Error: No automatic fix found for this entry.
HKU\S-1-5-19\...\Policies\Traveller: [NoEncryptOnMove] 0 => Error: No automatic fix found for this entry.
HKU\S-1-5-19\...\Policies\Traveller: [NoRunasInstallPrompt] 0 => Error: No automatic fix found for this entry.
HKU\S-1-5-19\...\Policies\Traveller: [NoResolveSearch] 0 => Error: No automatic fix found for this entry.
HKU\S-1-5-19\...\Policies\Traveller: [NoSaveSettings] 0 => Error: No automatic fix found for this entry.
HKU\S-1-5-19\...\Policies\Traveller: [NoHardwareTab] 0 => Error: No automatic fix found for this entry.
HKU\S-1-5-19\...\Policies\Traveller: [NoStartMenuSubFolders] 0 => Error: No automatic fix found for this entry.
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Policies\system\\DisableCMD => value removed successfully
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Policies\system\\NoDispAppearancePage => value removed successfully
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Policies\system\\NoDispBackgroundPage => value removed successfully
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Policies\system\\NoDispSettingsPage => value removed successfully
HKU\S-1-5-20\...\Policies\Traveller: [NoViewOnDrive] 0 => Error: No automatic fix found for this entry.
HKU\S-1-5-20\...\Policies\Traveller: [DisableLocalMachineRun] 0 => Error: No automatic fix found for this entry.
HKU\S-1-5-20\...\Policies\Traveller: [DisableLocalMachineRunOnce] 0 => Error: No automatic fix found for this entry.
HKU\S-1-5-20\...\Policies\Traveller: [DisableCurrentUserRun] 0 => Error: No automatic fix found for this entry.
HKU\S-1-5-20\...\Policies\Traveller: [DisableCurrentUserRunOnce] 0 => Error: No automatic fix found for this entry.
HKU\S-1-5-20\...\Policies\Traveller: [NoViewContextMenu] 0 => Error: No automatic fix found for this entry.
HKU\S-1-5-20\...\Policies\Traveller: [NoShellSearchButton] 0 => Error: No automatic fix found for this entry.
HKU\S-1-5-20\...\Policies\Traveller: [NoFind] 0 => Error: No automatic fix found for this entry.
HKU\S-1-5-20\...\Policies\Traveller: [NoFile] 0 => Error: No automatic fix found for this entry.
HKU\S-1-5-20\...\Policies\Traveller: [HideClock] 0 => Error: No automatic fix found for this entry.
HKU\S-1-5-20\...\Policies\Traveller: [NoTrayContextMenu] 0 => Error: No automatic fix found for this entry.
HKU\S-1-5-20\...\Policies\Traveller: [NoTrayItemsDisplay] 0 => Error: No automatic fix found for this entry.
HKU\S-1-5-20\...\Policies\Traveller: [NoSetFolders] 0 => Error: No automatic fix found for this entry.
HKU\S-1-5-20\...\Policies\Traveller: [NoDevMgrUpdate] 0 => Error: No automatic fix found for this entry.
HKU\S-1-5-20\...\Policies\Traveller: [NoSetTaskbar] 0 => Error: No automatic fix found for this entry.
HKU\S-1-5-20\...\Policies\Traveller: [NoDeletePrinter] 0 => Error: No automatic fix found for this entry.
HKU\S-1-5-20\...\Policies\Traveller: [NoDFSTab] 0 => Error: No automatic fix found for this entry.
HKU\S-1-5-20\...\Policies\Traveller: [NoChangeStartMenu] 0 => Error: No automatic fix found for this entry.
HKU\S-1-5-20\...\Policies\Traveller: [NoLogoff] 0 => Error: No automatic fix found for this entry.
HKU\S-1-5-20\...\Policies\Traveller: [NoWindowsUpdate] 0 => Error: No automatic fix found for this entry.
HKU\S-1-5-20\...\Policies\Traveller: [NoEncryptOnMove] 0 => Error: No automatic fix found for this entry.
HKU\S-1-5-20\...\Policies\Traveller: [NoRunasInstallPrompt] 0 => Error: No automatic fix found for this entry.
HKU\S-1-5-20\...\Policies\Traveller: [NoResolveSearch] 0 => Error: No automatic fix found for this entry.
HKU\S-1-5-20\...\Policies\Traveller: [NoSaveSettings] 0 => Error: No automatic fix found for this entry.
HKU\S-1-5-20\...\Policies\Traveller: [NoHardwareTab] 0 => Error: No automatic fix found for this entry.
HKU\S-1-5-20\...\Policies\Traveller: [NoStartMenuSubFolders] 0 => Error: No automatic fix found for this entry.
HKLM Group Policy restriction on software: cipher.exe <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.txt*.js <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.avi*.jse <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %appdata%\*\*.exe <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.mp3*.scr <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %userprofile%\*.jse <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.xlsx*.js <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.bmp*.pif <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.mp3*.pif <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.wma*.exe <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.scr <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.xlsx*.exe <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.docx*.js <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.js <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.jpg*.scr <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.cmd <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.wmv*.scr <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %appdata%\*\*.js <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.cmd <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: syskey.exe <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.scr <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.jse <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %appdata%\*\*.pif <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.rar*.js <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.rar*.cmd <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.txt*.cmd <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.doc*.jse <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.js <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.com <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.avi*.pif <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.mp4*.pif <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.jpg*.pif <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.pub*.com <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.mp3*.jse <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.wma*.pif <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %userprofile%\*.js <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.pptx*.scr <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.pub*.cmd <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.pdf*.pif <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.mp3*.bat <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.xls*.jse <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.png*.pif <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.pptx*.js <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.js <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.ppt*.cmd <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.png*.cmd <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.docx*.exe <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.doc*.exe <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: C:\Users\*.jse <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.xlsx*.scr <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.gif*.com <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.pdf*.cmd <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %programdata%\*.scr <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.wmv*.com <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.doc*.pif <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %userprofile%\*.pif <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.rtf*.exe <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.wav*.exe <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.png*.jse <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.wma*.cmd <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.mp3*.js <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.pif <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.7z*.com <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.scr <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.pdf*.bat <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %appdata%\*\*.scr <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.exe <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.docx*.bat <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.pub*.jse <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %programdata%\*.com <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %appdata%\*.js <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.gif*.exe <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.jpg*.jse <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: lsassw86s.exe <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.xls*.exe <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %userprofile%\AppData\*.jse <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.jpeg*.pif <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %userprofile%\*.bat <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.scr <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.pub*.bat <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.rtf*.js <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.ppt*.exe <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.mp4*.jse <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %programdata%\*.jse <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.jpg*.com <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.docx*.jse <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.avi*.scr <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.rtf*.jse <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.wma*.com <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.jpeg*.jse <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.wma*.bat <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.zip*.cmd <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.avi*.js <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: C:\Users\*.bat <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.avi*.bat <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.cmd <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %allusersprofile%\*.com <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.bmp*.scr <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.cmd <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.ppt*.pif <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.mp3*.cmd <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.xls*.com <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.txt*.exe <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.pdf*.exe <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %userprofile%\AppData\*.bat <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %userprofile%\AppData\*.js <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %programfiles(x86)%\*\svchost.exe <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.rtf*.com <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %appdata%\*\*.bat <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.bat <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.bat <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.rar*.pif <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.zip*.jse <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.mp4*.exe <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.jpeg*.exe <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %allusersprofile%\*.scr <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: C:\Users\*.pif <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.pub*.exe <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.jpeg*.scr <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.pub*.js <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.rtf*.scr <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.wmv*.jse <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.exe <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.avi*.exe <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.png*.com <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.wav*.js <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.gif*.js <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.pif <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.jpg*.cmd <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.exe <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: C:\Users\*.exe <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.jpeg*.bat <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.zip*.exe <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %appdata%\*.com <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.jse <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.pptx*.exe <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: C:\Users\*.cmd <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.jpeg*.cmd <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %programdata%\*.bat <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.js <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.exe <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.bat <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.bat <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.divx*.jse <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.divx*.com <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.exe <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.rar*.scr <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: ** <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.wma*.scr <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.scr <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.pif <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.bmp*.cmd <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.doc*.scr <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %appdata%\*.pif <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.pdf*.jse <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.jse <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.wav*.com <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %userprofile%\AppData\*.pif <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %userprofile%\*.scr <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %userprofile%\*.cmd <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.pdf*.com <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.pif <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.txt*.com <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.rtf*.pif <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.wmv*.bat <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.rtf*.cmd <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.xls*.js <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.docx*.pif <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.txt*.scr <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.wav*.jse <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.divx*.scr <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.rar*.exe <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.exe <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.xlsx*.cmd <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.wma*.jse <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.mp4*.scr <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.doc*.cmd <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.7z*.cmd <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.exe <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %appdata%\*.exe <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %programdata%\*.js <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.wav*.pif <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.jpeg*.com <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.7z*.scr <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.png*.scr <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: scsvserv.exe <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.bmp*.js <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.xlsx*.jse <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.pub*.pif <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.png*.bat <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.wmv*.exe <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.txt*.jse <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %appdata%\*\*.com <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %userprofile%\*.exe <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.bat <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.gif*.cmd <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %userprofile%\AppData\*.exe <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.pptx*.jse <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.gif*.jse <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.xls*.cmd <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.rar*.com <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.wav*.scr <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.xlsx*.com <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.bmp*.bat <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.cmd <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.rar*.bat <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.scr <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.xls*.pif <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.ppt*.bat <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %userprofile%\Appdata\Roaming\Microsoft\Windows\IEUpdate\*.exe <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.jse <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %userprofile%\AppData\*.cmd <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.com <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %allusersprofile%\*.cmd <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %programdata%\*\svchost.exe <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: vssadmin.exe <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.pub*.scr <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.pptx*.com <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.wmv*.pif <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.doc*.bat <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.txt*.bat <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.zip*.com <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *:\$Recycle.Bin <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.pptx*.pif <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.com <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.docx*.com <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.js <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.wmv*.cmd <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: C:\Users\*.scr <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.avi*.cmd <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.zip*.bat <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %programdata%\*.cmd <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.com <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %systemdrive%\*\svchost.exe <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.txt*.pif <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.pif <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.gif*.bat <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %appdata%\*\*.cmd <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %appdata%\*.jse <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.bat <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %allusersprofile%\*.jse <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.mp4*.bat <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.com <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.pif <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.7z*.pif <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.mp4*.js <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.wmv*.js <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %allusersprofile%\*.exe <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %allusersprofile%\*.js <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.xlsx*.bat <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.png*.js <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.pptx*.bat <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: C:\Users\*.js <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.divx*.exe <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.wma*.js <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.divx*.bat <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.avi*.com <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.wav*.cmd <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.bmp*.com <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %appdata%\*\*.jse <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.ppt*.com <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %appdata%\*.scr <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %programdata%\*.pif <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.wav*.bat <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.zip*.pif <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.jpeg*.js <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %userprofile%\*.com <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.docx*.cmd <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.mp4*.com <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.7z*.js <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.xlsx*.pif <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.pptx*.cmd <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.zip*.js <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.zip*.scr <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.jpg*.exe <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.7z*.bat <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.pdf*.scr <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.xls*.bat <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.mp4*.cmd <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %programdata%\*.exe <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: lsassvrtdbks.exe <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.docx*.scr <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.js <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.rtf*.bat <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.rar*.jse <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.7z*.jse <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.cmd <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.xls*.scr <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.doc*.js <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %userprofile%\AppData\*.scr <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.gif*.scr <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.pif <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %allusersprofile%\*.bat <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.js <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.jpg*.js <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.divx*.pif <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.mp3*.exe <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.ppt*.js <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %programfiles%\*\svchost.exe <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.cmd <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.ppt*.scr <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %allusersprofile%\*.pif <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.com <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.jse <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.divx*.cmd <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.bmp*.exe <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %appdata%\*.bat <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.mp3*.com <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.bat <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.scr <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.bmp*.jse <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.ppt*.jse <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.gif*.pif <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %appdata%\*.cmd <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.jse <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %userprofile%\AppData\*.com <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.jse <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.jpg*.bat <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.divx*.js <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.pdf*.js <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.doc*.com <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.com <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.7z*.exe <====== ATTENTION => restored successfully
HKLM Group Policy restriction on software: *.png*.exe <====== ATTENTION => restored successfully
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched => value not found.

========= RD /S /Q %WinDir%\System32\GroupPolicyUsers =========


========= End of CMD: =========


========= RD /S /Q %WinDir%\System32\GroupPolicy =========


========= End of CMD: =========


========= RD /S /Q %WinDir%\SysWOW64\GroupPolicyUsers =========


========= End of CMD: =========


========= RD /S /Q %WinDir%\SysWOW64\GroupPolicy =========


========= End of CMD: =========


========= RD /S /Q %WinDir%\SysNative\GroupPolicyUsers =========

The system cannot find the path specified.

========= End of CMD: =========


========= RD /S /Q %WinDir%\SysNative\GroupPolicy =========

The system cannot find the path specified.

========= End of CMD: =========


========= gpupdate /force =========

Updating policy...



Computer Policy update has completed successfully.

User Policy update has completed successfully.




========= End of CMD: =========


========= bitsadmin /reset /allusers =========


BITSADMIN version 3.0 [ 7.7.9600 ]
BITS administration utility.
(C) Copyright 2000-2006 Microsoft Corp.

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

Unable to cancel {46BD48A5-CD80-45E0-B4AD-B14688AD27BE}.
0 out of 1 jobs canceled.

========= End of CMD: =========


========= reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f =========

The operation completed successfully.



========= End of Reg: =========


========= reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f =========

The operation completed successfully.



========= End of Reg: =========


========= netsh advfirewall reset =========

Ok.


========= End of CMD: =========


========= netsh advfirewall set allprofiles state ON =========

Ok.


========= End of CMD: =========


========= ipconfig /flushdns =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========


=========== EmptyTemp: ==========

BITS transfer queue => 16777216 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 6564754 B
Java, Flash, Steam htmlcache => 914 B
Windows/system/drivers => 209458152 B
Edge => 0 B
Chrome => 543675531 B
Firefox => 212319627 B
Opera => 131743379 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 330231 B
systemprofile32 => 216009 B
LocalService => 4808 B
NetworkService => 63926146 B
Traveller => 1381725440 B
UpdatusUser => 0 B
UpdatusUser => 0 B
named => 0 B

RecycleBin => 0 B
EmptyTemp: => 2.4 GB temporary data Removed.

================================

Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 23-02-2017 21:34:37)

C:\Windows\system32\Drivers\etc\hosts => Is moved successfully
Hosts restored successfully.
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.
"C:\ProgramData\WRData" => Could not move

==== End of Fixlog 21:34:41 ====

 

[rspulma]

I found that all of that dllhost.exe processes appeared when I start my explorer.exe

Spoiler: dllhost.exe properties

Command line: C:\Windows\system32\DllHost.exe /Processid:{49A33422-EFF8-4925-805C-A476750C24DE}
Current Directory: C:\Windows\system32\
PEB address: 0x7ff65f68f000
Parent: svchost.exe (852)
Mitigation: DEP (permanent); ASLR (high entropy); CF Guard

 

[Malnutrition]

Clean up temp files and reduce startup load with CCleaner.


Note: This tool will clean your browsing history as well.

• Download CCleaner from here.
• After install Click Options.
• Go to monitoring.
• Uncheck All Monitoring items.
• Go to advanced -- Click close program after cleaning.
• Go to settings -- click run ccleaner when the computer starts.
• Now that you have ccleaner installed and set-up:
• Open the program.
• Go to Tools
• Go to Startup
• Now double click each item. To Disable.
• Leave only your antivirus enabled.
• Then disable All items in your scheduled task as well.
• Unless they are related to windows defender.Or your antivirus.
• Reboot the machine.

Rogue Killer Scan.

Download RogueKiller -- (Portable) -- from one of the following links and save it to your Desktop:

Link 1
Link 2

• Close all other the running programs
• Disable ALL Antivirus -- Antimalware -- Applications.
• Right Click Rogue Killer and Run as Administrator.
• Click the Start Scan button.
• Allow the scan to run -- it can take ten minutes or more.
• Once the scan is complete check All items for removal.
• 
  
  
• After All items are checked then press Remove Selected.
  
• Wait until the Status box shows Deleting Finished.
• Click on open report -- then open txt
  
• Copy the content of the report and paste it here in your next reply.

JRT Scan.


Please download Junkware Removal Tool and save it on your desktop.

• Shut down your anti-virus, anti-spyware, and firewall software now to avoid potential conflicts.
• Run the tool by double-clicking it. If you are using Windows Vista or Windows 7, right-click it and select Run as administrator.
• The tool will open and start scanning your system.
• Please be patient as this can take a while to complete depending on your system's specifications.
• On completion, a log is saved to your desktop and will automatically open.
• Please post the JRT log.

Eliminate restrictive settings with this tool.

• Temporarily disable your antivirus
  
• Download SupRestric.exe save to your desktop.
• Close all running programs.
• Double click the file to launch it.
• Windows: 7/8/10 Vista and run as administrator
• Click Yes at any prompt.
  
• The analysis takes only a few moments.
• The report is on the desktop ( CTR.txt )
• Copy paste report in next reply.
• A reboot is needed to complete the repairs.

Adware Cleaner Scan.

Please download AdwCleaner by Xplode onto your desktop.

• Close all open programs and internet browsers.
• Double click on adwcleaner.exe to run the tool.
• Click on Scan button.
• When the scan has finished click on Clean button.
• Your computer will be rebooted automatically. A text file will open after the restart.
• Please post the contents of that logfile with your next reply.
• You can find the logfile at C:\AdwCleaner[S1].txt as well.

 

[Malnutrition]

@rspulma How are you coming along with the instructions?

 

[Malnutrition]

@rspulma How about an update?

 

[Malnutrition]

@rspulma After you complete the latest scans then we will rename the c:\Windows\System32\iMobileDisk.dll file so that it does not load, and if there is no issue caused by this file not loading we will then delete it.