Results 1 to 10 of 10

Thread: Need help to trace and remove source of malious HDD write activity.

  1. #1
    Member
    Join Date
    Feb 2008
    Posts
    50

    Default Need help to trace and remove source of malious HDD write activity.

    As I only read but didn't properly follow the instructions by attaching the log files rather than paste the text in my thread started yesterday late night, I decided to start all over in a new thread so I can also add what I further have found out. Please, feel free to delete my previous thread or lock it whatever is in line with site policy.

    I suspect, well I'm pretty sure, that I have got some malware plaguing my system after noticing constantly ongoing HDD activity lately, but it wasn't until one of my favorite program failed to start, which lead me to find some strange items in the Registry. I have already posted about this in the main Spybot forum here, together with some screen shots, so will not repeat that part.

    I have made a backup of registry as instructed and will paste the FRST.txt and Addition.txt logs below.

    I was not able to run a successful aswMBR scan, even tried in Safe Mode, but the program always dies at the exact same point. I was able to capture it on video and have an image of the last frame before it dies to post if its deemed helpful.

    Before running FRST and posting here I made some attempts on my own to figure it out but eventually decided it's better to seek some help, but this is what I have done so far and concluded:

    I have made a full scan with S&D +AV w/o, applied full immunization, and ran the RootAnalyzer but without it to render anything of value as I can see it. I also ran the S&D Registry Repair tool, and deleted/repaired a few entries and I have log files for that if needed. Maybe it was a mistake, I don't know.

    I have uninstalled some older programs I no longer use, which was hanging around. There were two uninstalls that didn't go as expected and I will describe these here.

    Acronis True Image: This uninstall never completed and always hangs with a dialog saying "29 seconds left".

    Software for HP OfficeJet 8000: I no longer have this printer, and it seemed to be uninstalling OK, ending with a message "The uninstall will be completed on next reboot" but after a reboot (which it forced) the programs are still there and a second uninstall rendered the same result.

    What I have observed is that the free space on drive C: keeps on shrinking, the last 36 hours (since I started to monitor it) it has shrink with > 40gb (it was about 16gb as I wrote in my post yesterday night), so it appears that some kind of disk writing definitively is going on.

    I have also noticed that while in Safe Mode the HDD write activity seems to be none to very small, which may be due to something else. I'm writing this in Safe Mode with Network connectivity and it seems that occasionally there is some writing going on, but haven't been able to measure or confirm that it's the same yet. In any way, nothing compared to in Normal mode boot.

    My suspicion is that some kind of abuse of InprocServer32 (i.e. COM related) is going on as I found a whole lot of InprocServer32 registry keys with those cryptic value I posted screen shot of in the Spybot forum post. I have tried to locate the process (as there has to be one right?) responsible but without luck, but maybe I haven't used the right tools or doesn't know what to look for. So I will now post the FRST logs and hopefully will these give someone here a lead to follow.

    FRST.txt
    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 21-03-2021
    Ran by Joakim (administrator) on JOAKIM-PC (22-03-2021 21:31:38)
    Running from C:\Users\Joakim\Desktop
    Loaded Profiles: Joakim
    Platform: Windows 10 Pro Version 20H2 19042.868 (X64) Language: English (United States)
    Default browser: FF
    Boot Mode: Normal

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (ASUSTeK Computer Inc. -> ) C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe
    (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe
    (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe
    (ASUSTeK Computer Inc.) [File not signed] C:\Program Files (x86)\ASUS\AsusFanControlService\1.01.08\AsusFanControlService.exe
    (Binary Fortress Software Ltd -> Binary Fortress Software) C:\Program Files (x86)\DisplayFusion\DisplayFusion.exe
    (Binary Fortress Software Ltd -> Binary Fortress Software) C:\Program Files (x86)\DisplayFusion\DisplayFusionHookApp32.exe
    (Binary Fortress Software Ltd -> Binary Fortress Software) C:\Program Files (x86)\DisplayFusion\DisplayFusionHookApp64.exe
    (Binary Fortress Software Ltd -> Binary Fortress Software) C:\Program Files (x86)\DisplayFusion\DisplayFusionService.exe
    (Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
    (Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    (Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    (Intel Corporation -> Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
    (Intel® Upgrade Service -> Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
    (Ivaylo Beltchev -> IvoSoft) [File not signed] C:\Program Files\Classic Shell\ClassicStartMenu.exe
    (Malwarebytes Corporation -> Malwarebytes Corporation) [File not signed] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
    (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
    (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
    (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    (Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe <2>
    (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.2101.10.0_x64__8wekyb3d8bbwe\Calculator.exe
    (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
    (Microsoft Windows -> Microsoft Corporation) C:\Windows\splwow64.exe
    (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (Microsoft Windows Hardware Compatibility Publisher -> AMD) C:\Windows\System32\atieclxx.exe
    (Microsoft Windows Hardware Compatibility Publisher -> AMD) C:\Windows\System32\atiesrxx.exe
    (Microsoft Windows Publisher -> Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe <2>
    (Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe <7>
    (Nuance Communications, Inc. -> Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe
    (Open Source Developer, Stefan KUENG -> hxxps://tortoisesvn.net) C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
    (Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
    (Safer-Networking Ltd. -> Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
    (Safer-Networking Ltd. -> Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
    (Safer-Networking Ltd. -> Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
    (Safer-Networking Ltd. -> Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
    (Safer-Networking Ltd. -> Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
    (TechSmith Corporation -> TechSmith Corporation) C:\Program Files (x86)\TechSmith\Snagit 11\Snagit32.exe
    (TechSmith Corporation -> TechSmith Corporation) C:\Program Files (x86)\TechSmith\Snagit 11\SnagitEditor.exe
    (TechSmith Corporation -> TechSmith Corporation) C:\Program Files (x86)\TechSmith\Snagit 11\SnagPriv.exe
    (TechSmith Corporation) [File not signed] C:\Program Files (x86)\TechSmith\Snagit 11\TscHelp.exe
    (VMware, Inc. -> ) C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe
    (VMware, Inc. -> VMware, Inc.) C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe
    (VMware, Inc. -> VMware, Inc.) C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
    (VMware, Inc. -> VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
    (VMware, Inc. -> VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe

    ==================== Registry (Whitelisted) ===================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6827664 2012-08-07] (Realtek Semiconductor Corp -> Realtek Semiconductor)
    HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [163640 2017-08-13] (Ivaylo Beltchev -> IvoSoft) [File not signed]
    HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\System32\LogiLDA.dll [1832760 2012-09-20] (Logitech -> Logitech, Inc.)
    HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [6787856 2019-03-19] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
    HKU\S-1-5-21-1192574728-1841427162-4075779397-1000\...\Run: [DisplayFusion] => C:\Program Files (x86)\DisplayFusion\DisplayFusion.exe [13086144 2021-03-16] (Binary Fortress Software Ltd -> Binary Fortress Software)
    HKU\S-1-5-21-1192574728-1841427162-4075779397-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
    HKLM\...\Windows x64\Print Processors\hpcpp104: C:\Windows\System32\spool\prtprocs\x64\hpcpp104.dll [327168 2010-06-18] (Microsoft Windows Hardware Compatibility Publisher -> Hewlett-Packard Corporation)
    HKLM\...\Windows x64\Print Processors\hpcpp118: C:\Windows\System32\spool\prtprocs\x64\hpcpp118.dll [467456 2011-11-11] (Microsoft Windows Hardware Compatibility Publisher -> Hewlett-Packard Corporation)
    HKLM\...\Windows x64\Print Processors\hpfpp02t: C:\Windows\System32\spool\prtprocs\x64\hpfpp02t.dll [253440 2010-05-15] (Microsoft Windows Hardware Compatibility Publisher -> Hewlett-Packard Corporation)
    HKLM\...\Windows x64\Print Processors\hpfpp082: C:\Windows\System32\spool\prtprocs\x64\hpfpp082.dll [254976 2008-08-12] (Hewlett-Packard Corporation) [File not signed]
    HKLM\...\Windows x64\Print Processors\hpzpplhn: C:\Windows\System32\spool\prtprocs\x64\hpzpplhn.dll [99840 2008-05-07] (Microsoft Windows Hardware Compatibility Publisher -> Hewlett-Packard Corporation)
    HKLM\...\Print\Monitors\Adobe PDF Port Monitor: C:\WINDOWS\system32\AdobePDF.dll [55432 2012-09-23] (Adobe Systems, Incorporated -> Adobe Systems Inc)
    HKLM\...\Print\Monitors\HP Universal Print Monitor: C:\WINDOWS\system32\HPMPW081.DLL [67584 2011-11-11] (Microsoft Windows Hardware Compatibility Publisher -> Hewlett-Packard)
    HKLM\...\Print\Monitors\HPPMOPJL: C:\WINDOWS\system32\hppmopjl.dll [22016 2009-02-25] (Microsoft Windows Hardware Compatibility Publisher -> Hewlett-Packard Company)
    HKLM\...\Print\Monitors\MONVNC: C:\WINDOWS\system32\VNCpm.dll [37704 2016-11-18] (RealVNC Ltd -> RealVNC Ltd)
    HKLM\...\Print\Monitors\PCL hpf3l02t: C:\WINDOWS\system32\hpf3l02t.dll [138752 2010-05-15] (Microsoft Windows Hardware Compatibility Publisher -> Hewlett-Packard Company)
    HKLM\...\Print\Monitors\PCL hpf3l082: C:\WINDOWS\system32\hpf3l082.dll [131072 2008-08-12] (Hewlett-Packard Company) [File not signed]
    HKLM\...\Print\Monitors\PJL Language Monitor: C:\WINDOWS\system32\PJLMON.DLL [24064 2020-11-12] (Microsoft Windows -> Microsoft Corporation)
    HKLM\Software\...\AppCompatFlags\Custom\iisexpress.exe: [{9f4f4a9b-eec5-4906-92fe-d1f43ccf5c8d}.sdb] -> IIS Express Application Compatibility Database for x64
    HKLM\Software\...\AppCompatFlags\Custom\iisexpress.exe: [{fdfba1f3-74ae-4255-9c10-a0f552b4610f}.sdb] -> IIS Express Application Compatibility Database for x86
    HKLM\Software\...\AppCompatFlags\Custom\VB6.EXE: [{fbc6500a-a183-415c-9aa5-f67b9c1536a7}.sdb] -> VB6 shims
    HKLM\Software\...\AppCompatFlags\InstalledSDB\{9f4f4a9b-eec5-4906-92fe-d1f43ccf5c8d}: [DatabasePath] -> C:\WINDOWS\AppPatch\CustomSDB\{9f4f4a9b-eec5-4906-92fe-d1f43ccf5c8d}.sdb [2012-05-29]
    HKLM\Software\...\AppCompatFlags\InstalledSDB\{fbc6500a-a183-415c-9aa5-f67b9c1536a7}: [DatabasePath] -> C:\WINDOWS\AppPatch\CustomSDB\{fbc6500a-a183-415c-9aa5-f67b9c1536a7}.sdb [2016-07-29]
    HKLM\Software\...\AppCompatFlags\InstalledSDB\{fdfba1f3-74ae-4255-9c10-a0f552b4610f}: [DatabasePath] -> C:\WINDOWS\AppPatch\CustomSDB\{fdfba1f3-74ae-4255-9c10-a0f552b4610f}.sdb [2012-05-29]
    HKLM\Software\...\Authentication\Credential Providers: [{503739d0-4c5e-4cfd-b3ba-d881334f0df2}] ->
    IFEO\Notepad.exe: [Debugger] "C:\Program Files\TextPad 8\textpad.exe" -m -n
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2014-08-16]
    ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett Packard -> Hewlett-Packard Co.)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk.disabled [2010-09-14]
    ShortcutTarget: HP Digital Imaging Monitor.lnk.disabled -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett Packard -> Hewlett-Packard Co.)
    Startup: C:\Users\Joakim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk.disabled [2019-04-27]
    ShortcutTarget: Send to OneNote.lnk.disabled -> C:\Program Files (x86)\Microsoft Office\Office15\ONENOTEM.EXE (Microsoft Corporation -> Microsoft Corporation)
    BootExecute: autocheck autochk * sdnclean64.exe
    GroupPolicy: Restriction ? <==== ATTENTION
    Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
    HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
    HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
    HKU\S-1-5-21-1192574728-1841427162-4075779397-1000\SOFTWARE\Policies\Google: Restriction <==== ATTENTION

    ==================== Scheduled Tasks (Whitelisted) ============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    Task: {00104AB9-83C7-49EC-B5C3-3410482CD8E3} - System32\Tasks\Nero\Nero Info => C:\Program Files (x86)\Common Files\Nero\Nero Info\NeroInfo.exe [3685360 2015-06-04] (Nero AG -> Nero AG)
    Task: {0242EEF7-7092-4A4E-A078-3CB693073231} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
    Task: {076A58C9-C053-4E39-9850-AB69D2F68D22} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
    Task: {0ECBFBBC-8D03-4C4B-9D10-73A626107081} - System32\Tasks\Microsoft\Windows\SideShow\SessionAgent => {45F26E9E-6199-477F-85DA-AF1EDFE067B1}
    Task: {102C6229-B1A5-4200-9795-1758673B9EC4} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
    Task: {14DA1789-EB8D-4A9F-99D6-9B3AA501C554} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
    Task: {157F5C6E-F35E-4B6A-9F4D-7602644A4794} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [6189624 2020-04-26] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
    Task: {22D9EB26-9E67-451B-B1BA-26DA2CADB1B9} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [5723640 2019-09-04] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
    Task: {2ED34ACC-7956-4C1D-99D4-D5C484BEAA87} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\WINDOWS\ehome\mcupdate.exe
    Task: {362CF9C0-E2DA-4FB8-9173-8BDEB98B8BF4} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
    Task: {3A4C6FFB-2414-4C07-8120-ECE93E82B540} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION
    Task: {42B4B000-BCDA-46A7-AD25-ED156BDFFA62} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\WINDOWS\ehome\ehPrivJob.exe
    Task: {45F81331-DC43-4D8D-BE52-314F07B648F5} - System32\Tasks\{3CCC436F-0486-44A0-B3CF-08E06B3B245C} => C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\Beyond Compare 2\unins000.exe"
    Task: {486D715E-6AA2-44CF-BC48-B6990CBB53C6} - System32\Tasks\Microsoft\Windows\Shell\WindowsParentalControlsMigration => {343D770D-7788-47C2-B62A-B7C4CED925CB}
    Task: {544EF222-E964-464F-A87E-BEA3D8D61D1C} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
    Task: {5B42DD9C-5A26-4F27-BB95-34603F0997E5} - System32\Tasks\Microsoft\Windows\Shell\WindowsParentalControls => {DFA14C43-F385-4170-99CC-1B7765FA0E4A}
    Task: {5D4CA8BB-AEE4-4AFC-A6A3-93E60F33E019} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
    Task: {5F2BD987-9A41-4EBB-8529-B97D95749144} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
    Task: {5FD6327D-652D-4072-AAB6-29456C0EF88D} - System32\Tasks\{EAADEB72-A3B9-4FFF-968E-6274BE9B5DAA} => C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" -c /uninstall ACCESS /dll OSETUP.DLL
    Task: {65A8D21D-20DA-46C6-AF5C-4C7CB0B08507} - System32\Tasks\Microsoft\Windows\SideShow\SystemDataProviders => {7CCA6768-8373-4D28-8876-83E8B4E3A969}
    Task: {6637FC96-DC3B-4861-B9C7-B985D05C943E} - \Microsoft\Windows\Setup\GWXTriggers\Time-Weekend -> No File <==== ATTENTION
    Task: {66AC9380-27EF-4A8E-972D-E24197797BCA} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\WINDOWS\ehome\ehrec.exe
    Task: {68626C0A-4B37-4C8A-9E88-6D429F050ED8} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
    Task: {6C109582-AB87-40E9-A2D2-4F92D45ECC01} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
    Task: {70F70781-733E-4FBC-9035-82149B4D619A} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\WINDOWS\ehome\ehPrivJob.exe
    Task: {7588F7F4-E09A-4688-9512-4FD31EAD79CE} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [376496 2014-01-21] (Microsoft Corporation -> Microsoft Corporation)
    Task: {772A9B75-0B6D-4204-BA51-4E893995252F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-27] (Google Inc -> Google Inc.)
    Task: {79E837AC-E154-42AA-B67C-6345E8B872C8} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
    Task: {7AA97867-31E8-4F2C-B976-BE4C21E06A42} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\WINDOWS\ehome\ehPrivJob.exe
    Task: {7BBDB125-9437-484B-B122-07F5FADFAABE} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
    Task: {84F5344C-C89A-4871-9394-E876B590DA14} - System32\Tasks\ASUS\ASUS RegRun Loader => C:\Program Files (x86)\ASUS\AASP\1.00.91\AsLoader.exe [368128 2008-07-02] () [File not signed]
    Task: {8D4DF651-8418-4EB7-B3E1-88B4BB5C517E} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [694256 2021-03-12] (Mozilla Corporation -> Mozilla Foundation)
    Task: {8DA9167F-8E38-4F77-A340-B0D6574A1104} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\WINDOWS\ehome\MCUpdate.exe
    Task: {8DD6F3EC-6388-459B-9B83-2F9B209353D1} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\WINDOWS\ehome\ehPrivJob.exe
    Task: {904B7E0A-5A83-4AC4-9FAC-EE565247C079} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\WINDOWS\ehome\ehPrivJob.exe
    Task: {90725F84-79AF-4EE3-B272-88130A63334C} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
    Task: {98ED2EF5-0F52-4AAB-AB91-882315DCB97D} - System32\Tasks\{5D8807CA-9EC2-4CAE-821D-E78CBEB4CF8B} => C:\Windows\system32\pcalua.exe -a "C:\Users\Joakim\My Files\reggapps\webbuilder\webbuilder10-4-8\setup.exe" -d "C:\Users\Joakim\My Files\reggapps\webbuilder\webbuilder10-4-8"
    Task: {A1A40F86-D1FE-4DB1-B4C6-B60B54D41B81} - System32\Tasks\Microsoft\Windows\SideShow\AutoWake => {E51DFD48-AA36-4B45-BB52-E831F02E8316}
    Task: {A1E8519D-E416-4B57-9B86-E933606B200D} - System32\Tasks\{9A9F74E4-302B-4FCA-8D82-B4E0549DB7A2} => C:\Windows\system32\pcalua.exe -a C:\Users\Joakim\Downloads\winsdk_web.exe -d C:\Users\Joakim\Downloads
    Task: {A5A01E37-45AF-4A26-BA84-D9072A93F56B} - System32\Tasks\{F4EB935D-411D-4299-AA29-328899BFE341} => C:\Windows\system32\pcalua.exe -a C:\PBWin90\SETUP.EXE -d C:\PBWin90
    Task: {A61D7EB2-3D4D-456D-B1BF-7A447D0FA716} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\WINDOWS\ehome\ehPrivJob.exe
    Task: {A92F2A59-3FD9-439B-AB65-0021F7A31417} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\System32\browserchoice.exe
    Task: {AEEB9992-DB4E-4162-8E59-73B99B5C5BFB} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
    Task: {B0CBAB43-44FC-469B-A4CE-87426761FDCE} - System32\Tasks\Microsoft\Windows\PerfTrack\BackgroundConfigSurveyor => {EA9155A3-8A39-40B4-8963-D3C761B18371}
    Task: {B1EAF175-E39A-41FD-9A43-58BDD1AD4AA7} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-27] (Google Inc -> Google Inc.)
    Task: {B49D66A8-CAB9-4CF4-8A46-A374356BE9D5} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\WINDOWS\ehome\ehPrivJob.exe
    Task: {B4C6C284-7FA8-45D5-BC99-860D37E966DB} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [376496 2014-01-21] (Microsoft Corporation -> Microsoft Corporation)
    Task: {B53433C1-F3DF-4B5C-BC5F-8C0C9515CF3A} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
    Task: {BDCA0551-2536-4EE3-ABFC-E19F9BBC7EE9} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\WINDOWS\ehome\ehPrivJob.exe
    Task: {C0537AA2-25FF-4DDD-99A8-DF381C831519} - System32\Tasks\Microsoft\Windows\MobilePC\HotStart => {06DA0625-9701-43DA-BFD7-FBEEA2180A1E}
    Task: {C0B244BD-D6C0-43FD-80AC-CC61720DDD40} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
    Task: {C467A200-86CE-4560-A8AE-12E50E334326} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\WINDOWS\ehome\ehPrivJob.exe
    Task: {C48C0E08-7C9A-4974-9667-96196DFBF63E} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
    Task: {CBDAE4D6-D934-4DED-AECE-E9E11F769138} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [7177168 2020-04-26] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
    Task: {D6A15A93-52C9-4A33-B8DD-49471D36E2DE} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
    Task: {D74C3BDA-3D0D-4778-827E-66A3CE256617} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
    Task: {D759BBEC-5E84-49CA-BBAF-12D3C16505A9} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\WINDOWS\ehome\mcupdate.exe
    Task: {D7F3F922-DB4D-4D48-8DC7-5CA431D77FDC} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\WINDOWS\ehome\ehPrivJob.exe
    Task: {D9561916-8737-47A6-ACD2-8AADA932B33D} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe
    Task: {DD41C820-F7C7-4493-A681-D45116D33C2F} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
    Task: {E120CFA1-9609-45DF-AEBB-C4440FC2401D} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\WINDOWS\ehome\mcupdate.exe
    Task: {E1AEB713-6AF6-4130-AB48-7D80BE798466} - System32\Tasks\Safer-Networking\Spybot Anti-Beacon\Refresh Anti-Beacon immunization => C:\Program Files (x86)\Safer-Networking Ltd\Spybot Anti-Beacon\Spybot3AntiBeacon.exe [8790696 2019-12-18] (Safer-Networking Ltd. -> )
    Task: {F0C27E13-F419-4D9E-9E25-BAA134BD9207} - System32\Tasks\Microsoft\Windows\SideShow\GadgetManager => {FF87090D-4A9A-4F47-879B-29A80C355D61}
    Task: {F46BE67F-C57F-498B-BBC3-72FD521C83AE} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\WINDOWS\ehome\ehPrivJob.exe

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

    Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    ProxyServer: [S-1-5-21-1192574728-1841427162-4075779397-1011] => 127.0.0.1:9666
    ProxyServer: [S-1-5-21-1192574728-1841427162-4075779397-1013] => 127.0.0.1:9666
    Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
    Tcpip\..\Interfaces\{aa2de5df-b011-4181-af77-2ecafb56df16}: [DhcpNameServer] 213.226.224.12
    Tcpip\..\Interfaces\{bcc04047-a04c-45c1-ad8f-50ace4ac6038}: [DhcpNameServer] 213.226.224.12 194.213.224.1
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION

    Edge:
    =======
    DownloadDir: C:\Users\Joakim\Downloads
    Edge Session Restore: HKU\S-1-5-21-1192574728-1841427162-4075779397-1000 -> is enabled.
    Edge Notifications: HKU\S-1-5-21-1192574728-1841427162-4075779397-1000 -> hxxps://www.tradingview.com
    Edge DefaultProfile: Default
    Edge Profile: C:\Users\Joakim\AppData\Local\Microsoft\Edge\User Data\Default [2021-03-22]
    Edge DownloadDir: C:\Users\Joakim\Downloads
    Edge Notifications: Default -> hxxps://www.tradingview.com
    Edge Session Restore: Default -> is enabled.

    FireFox:
    ========
    FF DefaultProfile: sohg7hk6.Joakim2
    FF DefaultProfile: joov35ql.default
    FF ProfilePath: C:\Users\Joakim\AppData\Roaming\Mozilla\Firefox\Profiles\sohg7hk6.Joakim2 [2021-03-22]
    FF NewTab: Mozilla\Firefox\Profiles\sohg7hk6.Joakim2 -> hxxps://search.yahoo.com/yhs/web?hspart=lvs&hsimp=yhs-awc&type=lvs__webcompa__1_0__ya__hp_WCYID10420__180524__yaff
    FF Notifications: Mozilla\Firefox\Profiles\sohg7hk6.Joakim2 -> hxxps://www.tradingview.com; hxxps://www.youtube.com; hxxps://www.studentagency.cz; hxxps://in.tradingview.com; hxxps://real-traders.slack.com; hxxps://forexlive.os.tc; hxxps://tr.tradingview.com; hxxps://www.regiojet.cz; hxxps://pafx.slack.com; hxxps://bullwaves.org; hxxps://ewtaf.com; hxxps://www.facebook.com; hxxps://pa-fx.echofin.co; hxxps://mcm-ct.com; hxxps://www.thenewsletterplugin.com; hxxps://www.reddit.com; hxxps://www.wpbeginner.com; hxxps://forexcrunch.pushengage.com; hxxps://www.podnikatel.cz
    FF Extension: (Classic Bookmarks Button) - C:\Users\Joakim\AppData\Roaming\Mozilla\Firefox\Profiles\sohg7hk6.Joakim2\Extensions\ClassicBookmarksButton@ArisT2Noia4dev.xpi [2016-06-25] [Legacy]
    FF Extension: (QuickMark) - C:\Users\Joakim\AppData\Roaming\Mozilla\Firefox\Profiles\sohg7hk6.Joakim2\Extensions\jid0-QT2VXewB9xzbRlyapSJjA4ebwoU@jetpack.xpi [2017-04-14] [Legacy]
    FF Extension: (SQLite Manager) - C:\Users\Joakim\AppData\Roaming\Mozilla\Firefox\Profiles\sohg7hk6.Joakim2\Extensions\SQLiteManager@mrinalkant.blogspot.com.xpi [2016-06-02] [Legacy]
    FF Extension: (Zoom Scheduler) - C:\Users\Joakim\AppData\Roaming\Mozilla\Firefox\Profiles\sohg7hk6.Joakim2\Extensions\{bf855ead-d7c3-4c7b-9f88-9a7e75c0efdf}.xpi [2021-02-03]
    FF Extension: (Tab Mix Plus) - C:\Users\Joakim\AppData\Roaming\Mozilla\Firefox\Profiles\sohg7hk6.Joakim2\Extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi [2017-08-29] [Legacy]
    FF SearchPlugin: C:\Users\Joakim\AppData\Roaming\Mozilla\Firefox\Profiles\sohg7hk6.Joakim2\searchplugins\yahoo-lavasoft-ff59.xml [2018-05-24]
    FF ProfilePath: C:\Users\Joakim\AppData\Roaming\Mozilla\Firefox\Profiles\o3zit03n.Joakim [2021-03-21]
    FF user.js: detected! => C:\Users\Joakim\AppData\Roaming\Mozilla\Firefox\Profiles\o3zit03n.Joakim\user.js [2008-11-30]
    FF Extension: (Unicode Input Tool/Converter) - C:\Users\Joakim\AppData\Roaming\Mozilla\Firefox\Profiles\o3zit03n.Joakim\Extensions\charrefunicode@brett.zamir.xpi [2016-04-27] [Legacy]
    FF Extension: (Classic Theme Restorer) - C:\Users\Joakim\AppData\Roaming\Mozilla\Firefox\Profiles\o3zit03n.Joakim\Extensions\ClassicThemeRestorer@ArisT2Noia4dev.xpi [2016-11-16] [Legacy]
    FF Extension: (DNS Cache) - C:\Users\Joakim\AppData\Roaming\Mozilla\Firefox\Profiles\o3zit03n.Joakim\Extensions\dnscache@dominik.jungowski.xpi [2016-04-27] [Legacy]
    FF Extension: (DrupalForFirebug) - C:\Users\Joakim\AppData\Roaming\Mozilla\Firefox\Profiles\o3zit03n.Joakim\Extensions\DrupalForFirebug@drupal.org.xpi [2016-04-27] [Legacy]
    FF Extension: (British English Dictionary) - C:\Users\Joakim\AppData\Roaming\Mozilla\Firefox\Profiles\o3zit03n.Joakim\Extensions\en-GB@dictionaries.addons.mozilla.org [2015-12-20] [Legacy] [not signed]
    FF Extension: (Firebug) - C:\Users\Joakim\AppData\Roaming\Mozilla\Firefox\Profiles\o3zit03n.Joakim\Extensions\firebug@software.joehewitt.com.xpi [2017-02-21] [Legacy]
    FF Extension: (Firepicker) - C:\Users\Joakim\AppData\Roaming\Mozilla\Firefox\Profiles\o3zit03n.Joakim\Extensions\firepicker@thedarkone.xpi [2016-04-29] [Legacy]
    FF Extension: (FoxyProxy Standard) - C:\Users\Joakim\AppData\Roaming\Mozilla\Firefox\Profiles\o3zit03n.Joakim\Extensions\foxyproxy@eric.h.jung [2017-02-21] [Legacy]
    FF Extension: (gui:config) - C:\Users\Joakim\AppData\Roaming\Mozilla\Firefox\Profiles\o3zit03n.Joakim\Extensions\guiconfig@slosd.net.xpi [2016-08-30] [Legacy]
    FF Extension: (Lightbeam) - C:\Users\Joakim\AppData\Roaming\Mozilla\Firefox\Profiles\o3zit03n.Joakim\Extensions\jid1-F9UJ2thwoAm5gQ@jetpack.xpi [2016-08-24] [Legacy]
    FF Extension: (Download to Firedrive) - C:\Users\Joakim\AppData\Roaming\Mozilla\Firefox\Profiles\o3zit03n.Joakim\Extensions\jid1-k2RjEUGSA7EuwA@jetpack.xpi [2016-04-28] [Legacy]
    FF Extension: (Lazarus: Form Recovery) - C:\Users\Joakim\AppData\Roaming\Mozilla\Firefox\Profiles\o3zit03n.Joakim\Extensions\lazarus@interclue.com.xpi [2016-04-27] [Legacy]
    FF Extension: (Link Widgets) - C:\Users\Joakim\AppData\Roaming\Mozilla\Firefox\Profiles\o3zit03n.Joakim\Extensions\linkwidget@clav.mozdev.org [2016-04-27] [Legacy]
    FF Extension: (Lucifox) - C:\Users\Joakim\AppData\Roaming\Mozilla\Firefox\Profiles\o3zit03n.Joakim\Extensions\Lucifox@lucidor.org [2017-02-21] [Legacy]
    FF Extension: (DBGbar) - C:\Users\Joakim\AppData\Roaming\Mozilla\Firefox\Profiles\o3zit03n.Joakim\Extensions\PHPdebugger@originallight.com.xpi [2016-04-27] [Legacy]
    FF Extension: (SQLite Manager) - C:\Users\Joakim\AppData\Roaming\Mozilla\Firefox\Profiles\o3zit03n.Joakim\Extensions\SQLiteManager@mrinalkant.blogspot.com.xpi [2016-04-29] [Legacy]
    FF Extension: (Source Viewer Tab) - C:\Users\Joakim\AppData\Roaming\Mozilla\Firefox\Profiles\o3zit03n.Joakim\Extensions\viewsourceintab@piro.sakura.ne.jp.xpi [2016-04-27] [Legacy]
    FF Extension: (View Source Choice) - C:\Users\Joakim\AppData\Roaming\Mozilla\Firefox\Profiles\o3zit03n.Joakim\Extensions\vsc@briks.si.xpi [2016-04-27] [Legacy]
    FF Extension: (CS Lite) - C:\Users\Joakim\AppData\Roaming\Mozilla\Firefox\Profiles\o3zit03n.Joakim\Extensions\{00084897-021a-4361-8423-083407a033e0} [2010-05-31] [Legacy] [not signed]
    FF Extension: (All-in-One Sidebar) - C:\Users\Joakim\AppData\Roaming\Mozilla\Firefox\Profiles\o3zit03n.Joakim\Extensions\{097d3191-e6fa-4728-9826-b533d755359d}.xpi [2017-02-21] [Legacy]
    FF Extension: (Flagfox) - C:\Users\Joakim\AppData\Roaming\Mozilla\Firefox\Profiles\o3zit03n.Joakim\Extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}.xpi [2017-02-21] [Legacy]
    FF Extension: (URL Link) - C:\Users\Joakim\AppData\Roaming\Mozilla\Firefox\Profiles\o3zit03n.Joakim\Extensions\{139a120b-c2ea-41d2-bf70-542d9f063dfd}.xpi [2017-02-21] [Legacy]
    FF Extension: (Quick Locale Switcher) - C:\Users\Joakim\AppData\Roaming\Mozilla\Firefox\Profiles\o3zit03n.Joakim\Extensions\{25A1388B-6B18-46c3-BEBA-A81915D0DE8F}.xpi [2016-04-27] [Legacy]
    FF Extension: (SEOquake) - C:\Users\Joakim\AppData\Roaming\Mozilla\Firefox\Profiles\o3zit03n.Joakim\Extensions\{317B5128-0B0B-49b2-B2DB-1E7560E16C74}.xpi [2017-02-21] [Legacy]
    FF Extension: (PDF Download) - C:\Users\Joakim\AppData\Roaming\Mozilla\Firefox\Profiles\o3zit03n.Joakim\Extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}.xpi [2016-04-27] [Legacy]
    FF Extension: (RefControl) - C:\Users\Joakim\AppData\Roaming\Mozilla\Firefox\Profiles\o3zit03n.Joakim\Extensions\{455D905A-D37C-4643-A9E2-F6FEFAA0424A}.xpi [2016-04-27] [Legacy]
    FF Extension: (ChatZilla) - C:\Users\Joakim\AppData\Roaming\Mozilla\Firefox\Profiles\o3zit03n.Joakim\Extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2} [2017-02-21] [Legacy]
    FF Extension: (UltraSurf Firefox Tool) - C:\Users\Joakim\AppData\Roaming\Mozilla\Firefox\Profiles\o3zit03n.Joakim\Extensions\{5B52016C-D097-4aec-BE61-9F129D8FDDBA} [2010-05-31] [Legacy] [not signed]
    FF Extension: (ColorZilla) - C:\Users\Joakim\AppData\Roaming\Mozilla\Firefox\Profiles\o3zit03n.Joakim\Extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326} [2015-09-05] [Legacy]
    FF Extension: (NoScript) - C:\Users\Joakim\AppData\Roaming\Mozilla\Firefox\Profiles\o3zit03n.Joakim\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2016-08-30] [Legacy]
    FF Extension: (View Dependencies) - C:\Users\Joakim\AppData\Roaming\Mozilla\Firefox\Profiles\o3zit03n.Joakim\Extensions\{8965bb4b-c2ca-2b84-6b49-7afb2760518c}.xpi [2016-04-27] [Legacy]
    FF Extension: (CookieCuller) - C:\Users\Joakim\AppData\Roaming\Mozilla\Firefox\Profiles\o3zit03n.Joakim\Extensions\{99B98C2C-7274-45a3-A640-D9DF1A1C8460}.xpi [2016-04-27] [Legacy]
    FF Extension: (Right-Click-Link) - C:\Users\Joakim\AppData\Roaming\Mozilla\Firefox\Profiles\o3zit03n.Joakim\Extensions\{AA6F0803-145A-4200-8E5E-68898D02B5B3}.xpi [2016-04-27] [Legacy]
    FF Extension: (Interclue) - C:\Users\Joakim\AppData\Roaming\Mozilla\Firefox\Profiles\o3zit03n.Joakim\Extensions\{c33c5b47-69c8-45a4-a5e0-af85bbe628dd}.xpi [2016-04-27] [Legacy]
    FF Extension: (Web Developer) - C:\Users\Joakim\AppData\Roaming\Mozilla\Firefox\Profiles\o3zit03n.Joakim\Extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}.xpi [2016-08-30] [Legacy]
    FF Extension: (JSView) - C:\Users\Joakim\AppData\Roaming\Mozilla\Firefox\Profiles\o3zit03n.Joakim\Extensions\{cf15270e-cf08-4def-b4ea-6a5ac23f3bca}.xpi [2011-10-25] [Legacy] [not signed]
    FF Extension: (Tab Mix Plus) - C:\Users\Joakim\AppData\Roaming\Mozilla\Firefox\Profiles\o3zit03n.Joakim\Extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi [2016-08-30] [Legacy]
    FF Extension: (CoLT) - C:\Users\Joakim\AppData\Roaming\Mozilla\Firefox\Profiles\o3zit03n.Joakim\Extensions\{e6c4c3ef-3d4d-42d6-8283-8da73c53a283}.xpi [2015-11-06] [Legacy]
    FF Extension: (User Agent Switcher) - C:\Users\Joakim\AppData\Roaming\Mozilla\Firefox\Profiles\o3zit03n.Joakim\Extensions\{e968fc70-8f95-4ab9-9e79-304de2a71ee1}.xpi [2016-04-27] [Legacy]
    FF Extension: (JavaScript Debugger) - C:\Users\Joakim\AppData\Roaming\Mozilla\Firefox\Profiles\o3zit03n.Joakim\Extensions\{f13b157f-b174-47e7-a34d-4815ddfdfeb8}.xpi [2016-04-27] [Legacy]
    FF Extension: (Server Switcher) - C:\Users\Joakim\AppData\Roaming\Mozilla\Firefox\Profiles\o3zit03n.Joakim\Extensions\{F7D360DC-B8F8-11DA-86BD-3EC8728786A0}.xpi [2016-04-27] [Legacy]
    FF ProfilePath: C:\Users\Joakim\AppData\Roaming\Mozilla\Firefox\Profiles\63qaefef.default-1615922512932 [2021-03-22]
    FF ProfilePath: C:\Users\Joakim\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\joov35ql.default [2015-12-10]
    FF Extension: (No Name) - C:\Program Files (x86)\BlueGriffon\extensions\csseditor@bluegriffon.com.xpi [not found]
    FF Extension: (No Name) - C:\Program Files (x86)\BlueGriffon\extensions\eyedropper@bluegriffon.com.xpi [not found]
    FF Extension: (No Name) - C:\Program Files (x86)\BlueGriffon\extensions\fs@bluegriffon.com.xpi [not found]
    FF Extension: (No Name) - C:\Program Files (x86)\BlueGriffon\extensions\gfd@bluegriffon.com.xpi [not found]
    FF Extension: (No Name) - C:\Program Files (x86)\BlueGriffon\extensions\markdown@bluegriffon.com.xpi [not found]
    FF Extension: (No Name) - C:\Program Files (x86)\BlueGriffon\extensions\mathml@bluegriffon.com.xpi [not found]
    FF Extension: (No Name) - C:\Program Files (x86)\BlueGriffon\extensions\op1@bluegriffon.com.xpi [not found]
    FF Extension: (No Name) - C:\Program Files (x86)\BlueGriffon\extensions\snippets@bluegriffon.com.xpi [not found]
    FF Extension: (No Name) - C:\Program Files (x86)\BlueGriffon\extensions\svg-edit@googlegroups.com.xpi [not found]
    FF Extension: (No Name) - C:\Program Files (x86)\BlueGriffon\extensions\tablelayout@bluegriffon.com.xpi [not found]
    FF Extension: (No Name) - C:\Program Files (x86)\BlueGriffon\extensions\templatesManager@bluegriffon.com.xpi [not found]
    FF Extension: (No Name) - C:\Program Files (x86)\BlueGriffon\extensions\thumbnailer@bluegriffon.com.xpi [not found]
    FF Extension: (No Name) - C:\Program Files (x86)\BlueGriffon\extensions\tipoftheday@bluegriffon.com.xpi [not found]
    FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
    FF Extension: (Adobe Acrobat - Create PDF) - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2014-06-04] [Legacy] [not signed]
    FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
    FF Extension: (HP Smart Web Printing) - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2014-08-16] [Legacy] [not signed]
    FF HKLM-x32\...\Firefox\Extensions: [msntoolbar@msn.com] - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1449.0\Firefox
    FF Extension: (Bing Bar) - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1449.0\Firefox [2014-08-16] [Legacy] [not signed]
    FF HKLM-x32\...\Firefox\Extensions: [{27182e60-b5f3-411c-b545-b44205977502}] - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension
    FF Extension: (Search Helper Extension) - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension [2014-08-26] [Legacy] [not signed]
    FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt => not found
    FF HKU\S-1-5-21-1192574728-1841427162-4075779397-1000\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation)
    FF Plugin: @videolan.org/vlc,version=3.0.10 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
    FF Plugin: @videolan.org/vlc,version=3.0.11 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
    FF Plugin: @videolan.org/vlc,version=3.0.12 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
    FF Plugin: @videolan.org/vlc,version=3.0.7.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
    FF Plugin: @videolan.org/vlc,version=3.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
    FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2014-04-28] (Adobe Systems Incorporated -> Adobe Systems)
    FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-20] (Google Inc -> Google)
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel® Identity Protection Technology Software -> Intel Corporation)
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel® Identity Protection Technology Software -> Intel Corporation)
    FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-07-19] (Microsoft Corporation -> Microsoft Corporation)
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation)
    FF Plugin-x32: @Microsoft.com/NpWinExt,version=5.0 -> C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll [2010-04-27] (Microsoft Corporation -> Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation -> Microsoft Corporation)
    FF Plugin-x32: @Nero.com/KM -> C:\Program Files (x86)\Common Files\Nero\BrowserPlugin\npBrowserPlugin.dll [2015-08-28] (Nero AG -> Nero AG)
    FF Plugin-x32: @veetle.com/vbp;version=0.9.17 -> C:\Program Files (x86)\Veetle\VLCBroadcast\npvbp.dll [No File]
    FF Plugin-x32: @videolan.org/vlc,version=2.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-05-24] (VideoLAN -> VideoLAN)
    FF Plugin-x32: @videolan.org/vlc,version=2.1.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-05-24] (VideoLAN -> VideoLAN)
    FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-05-24] (VideoLAN -> VideoLAN)
    FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-05-24] (VideoLAN -> VideoLAN)
    FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-05-24] (VideoLAN -> VideoLAN)
    FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-05-24] (VideoLAN -> VideoLAN)
    FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-05-24] (VideoLAN -> VideoLAN)
    FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-05-24] (VideoLAN -> VideoLAN)
    FF Plugin-x32: @videolan.org/vlc,version=3.0.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-05-24] (VideoLAN -> VideoLAN)
    FF Plugin-x32: @videolan.org/vlc,version=3.0.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-05-24] (VideoLAN -> VideoLAN)
    FF Plugin-x32: @videolan.org/vlc,version=3.0.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-05-24] (VideoLAN -> VideoLAN)
    FF Plugin-x32: @videolan.org/vlc,version=3.0.7 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-05-24] (VideoLAN -> VideoLAN)
    FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll [2014-05-08] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
    FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2014-04-28] (Adobe Systems Incorporated -> Adobe Systems)
    FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\antibeacon.js [2021-03-22] <==== ATTENTION (Points to *.cfg file)
    FF ExtraCheck: C:\Program Files\mozilla firefox\mozilla.cfg [2021-03-22] <==== ATTENTION

    Chrome:
    =======
    CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk]
    CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2014-05-08]
    CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk]


    ==================== Services (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    S4 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [65432 2014-05-08] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
    R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe [920736 2014-10-26] (ASUSTeK Computer Inc. -> )
    R2 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe [951936 2014-10-26] (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.)
    R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe [149120 2014-10-26] (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.)
    R2 AsusFanControlService; C:\Program Files (x86)\ASUS\AsusFanControlService\1.01.08\AsusFanControlService.exe [324608 2014-10-26] (ASUSTeK Computer Inc.) [File not signed]
    S3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [282112 2013-09-25] (Brother Industries, Ltd.) [File not signed]
    R2 DisplayFusionService; C:\Program Files (x86)\DisplayFusion\DisplayFusionService.exe [10891728 2021-03-16] (Binary Fortress Software Ltd -> Binary Fortress Software)
    S3 fussvc; C:\Program Files (x86)\Windows Kits\8.1\App Certification Kit\fussvc.exe [142336 2014-02-20] (Microsoft Corporation) [File not signed]
    R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2010-10-22] (Hewlett-Packard Co.) [File not signed]
    S3 ICCS; C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [160768 2011-05-27] (Intel Corporation) [File not signed]
    S4 IpOverUsbSvc; C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe [22744 2014-10-15] (Microsoft Corporation -> Microsoft Corporation)
    S4 Mach5 Mailer Scheduler; C:\Program Files (x86)\Mach5 Mailer 4\Mach5.SchedullerService.exe [20480 2010-07-15] () [File not signed]
    R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [398184 2012-12-14] (Malwarebytes Corporation -> Malwarebytes Corporation) [File not signed]
    S2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [682344 2012-12-14] (Malwarebytes Corporation -> Malwarebytes Corporation) [File not signed]
    R2 MSSQL$SQLEXPRESS; c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [29293408 2010-12-10] (Microsoft Corporation -> Microsoft Corporation)
    S4 msvsmon90; C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe [4737024 2008-07-29] (Microsoft Corporation -> Microsoft Corporation)
    R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [50688 2011-04-13] (Hewlett-Packard) [File not signed]
    R2 PDFProFiltSrvPP; C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [145736 2013-08-15] (Nuance Communications, Inc. -> Nuance Communications, Inc.)
    R2 Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.dll [66048 2011-04-13] (Hewlett-Packard) [File not signed]
    R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2747312 2020-04-26] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
    R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [4583240 2020-04-26] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
    R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [940976 2019-09-04] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
    S2 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [5352528 2021-03-10] (Microsoft Windows Publisher -> Microsoft Corporation)
    S4 Te.Service; C:\Program Files (x86)\Windows Kits\8.1\Testing\Runtimes\TAEF\Wex.Services.exe [119808 2013-08-22] (Microsoft Corporation) [File not signed]
    S3 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [7757552 2018-09-17] (TeamViewer GmbH -> TeamViewer GmbH)
    R2 VMwareHostd; C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe [15476144 2019-09-16] (VMware, Inc. -> )
    S3 vncserver; C:\Program Files\RealVNC\VNC Server\vncserver.exe [6694480 2016-11-18] (RealVNC Ltd -> RealVNC Ltd)
    S2 VsEtwService120; C:\Program Files\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\Services\VsEtwService.exe [89232 2014-07-22] (Microsoft Corporation -> Microsoft Corporation)
    S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2102.4-0\NisSrv.exe [2483616 2021-03-15] (Microsoft Windows Publisher -> Microsoft Corporation)
    S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2102.4-0\MsMpEng.exe [128376 2021-03-15] (Microsoft Windows Publisher -> Microsoft Corporation)

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One month (created) (Whitelisted) =========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2021-03-22 21:31 - 2021-03-22 21:36 - 000096381 _____ C:\Users\Joakim\Desktop\FRST.txt
    2021-03-22 20:37 - 2021-03-22 20:37 - 000000207 _____ C:\WINDOWS\tweaking.com-regbackup-JOAKIM-PC-Windows-10-Pro-(64-bit).dat
    2021-03-22 20:36 - 2021-03-22 20:36 - 000000000 ____D C:\RegBackup
    2021-03-22 20:34 - 2021-03-22 20:34 - 000000000 ____D C:\Users\Joakim\Downloads\tweaking.com_registry_backup_portable
    2021-03-22 20:24 - 2021-03-22 20:24 - 005509218 _____ C:\Users\Joakim\Downloads\tweaking.com_registry_backup_portable.zip
    2021-03-22 20:07 - 2021-03-22 20:07 - 004745728 _____ (AVAST Software) C:\Users\Joakim\Downloads\aswMBR.exe
    2021-03-22 19:50 - 2021-03-22 19:50 - 014178840 _____ (Malwarebytes Corp.) C:\Users\Joakim\Downloads\mbar-1.10.3.1001.exe
    2021-03-22 19:02 - 2021-03-22 19:06 - 011045518 _____ C:\Users\Joakim\Documents\JOAKIM-PC.arn
    2021-03-22 19:00 - 2021-03-22 19:00 - 000000000 ____D C:\Users\Joakim\Downloads\Autoruns
    2021-03-22 18:58 - 2021-03-22 18:58 - 002670815 _____ C:\Users\Joakim\Downloads\Autoruns.zip
    2021-03-22 15:34 - 2021-03-22 21:35 - 000000000 ____D C:\FRST
    2021-03-22 14:12 - 2021-03-22 14:12 - 002300928 _____ (Farbar) C:\Users\Joakim\Desktop\FRST64.exe
    2021-03-21 17:58 - 2021-03-21 17:58 - 000230219 _____ C:\Users\Joakim\Downloads\dao3502.zip
    2021-03-21 17:58 - 2021-03-21 17:58 - 000000000 ____D C:\Users\Joakim\Downloads\dao3502
    2021-03-21 17:56 - 2021-03-21 18:00 - 000000000 ____D C:\Users\Joakim\Downloads\dao350
    2021-03-21 17:55 - 2021-03-21 17:55 - 000225765 _____ C:\Users\Joakim\Downloads\dao350.zip
    2021-03-21 16:37 - 2021-03-21 16:37 - 010277376 _____ C:\Users\Joakim\Downloads\VB60SP6-KB2708437-x86-ENU.msi
    2021-03-21 16:15 - 2021-03-21 16:15 - 000000000 ____D C:\Program Files (x86)\CompChecker
    2021-03-21 16:14 - 2021-03-21 16:14 - 000324608 _____ C:\Users\Joakim\Downloads\cc_x64.msi
    2021-03-21 16:04 - 2021-03-21 16:04 - 000291840 _____ C:\Users\Joakim\Downloads\cc_x86.msi
    2021-03-20 23:28 - 2021-03-20 23:28 - 000011351 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
    2021-03-20 22:06 - 2021-03-20 22:06 - 3330084146 _____ C:\WINDOWS\MEMORY.DMP
    2021-03-20 22:06 - 2021-03-20 22:06 - 000000000 ____D C:\WINDOWS\Minidump
    2021-03-20 22:06 - 2021-03-20 22:06 - 000000000 _____ C:\WINDOWS\Minidump\032021-60734-01.dmp
    2021-03-20 19:56 - 2021-03-20 19:56 - 000000000 ____D C:\WINDOWS\SysWOW64\js
    2021-03-20 19:56 - 2021-03-20 19:56 - 000000000 ____D C:\WINDOWS\SysWOW64\images
    2021-03-20 19:56 - 2021-03-20 19:56 - 000000000 ____D C:\WINDOWS\SysWOW64\html
    2021-03-20 19:56 - 2021-03-20 19:56 - 000000000 ____D C:\WINDOWS\SysWOW64\css
    2021-03-20 18:33 - 2021-03-20 18:35 - 000000000 ____D C:\Users\Joakim\Downloads\HiJackThis
    2021-03-20 18:32 - 2021-03-20 18:32 - 002045714 _____ C:\Users\Joakim\Downloads\HiJackThis.zip
    2021-03-20 13:46 - 2021-03-20 13:46 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acronis
    2021-03-20 13:46 - 2021-03-20 13:46 - 000000000 ____D C:\Program Files (x86)\Acronis
    2021-03-20 01:07 - 2021-03-20 01:07 - 000000000 ____D C:\Users\Joakim\Downloads\ProcessExplorer
    2021-03-20 01:03 - 2021-03-20 01:03 - 002588891 _____ C:\Users\Joakim\Downloads\ProcessExplorer.zip
    2021-03-19 11:57 - 2021-03-19 11:57 - 000475649 _____ C:\Users\Joakim\Downloads\Spybot SnD License.pdf
    2021-03-18 19:17 - 2021-03-18 19:17 - 002215936 _____ C:\Users\Joakim\Downloads\LibreOffice_7.1.1_Win_x64_helppack_en-US.msi
    2021-03-18 19:16 - 2021-03-18 19:18 - 328736768 _____ C:\Users\Joakim\Downloads\LibreOffice_7.1.1_Win_x64.msi
    2021-03-17 17:06 - 2021-03-17 17:06 - 000312307 _____ C:\Users\Joakim\Downloads\Chronic-Lymphocytic-Leukemia.pdf
    2021-03-16 23:11 - 2021-03-16 23:11 - 000000000 ____D C:\WINDOWS\system32\Tasks\WPD
    2021-03-16 23:11 - 2021-03-16 23:11 - 000000000 ____D C:\WINDOWS\system32\Tasks\Lenovo
    2021-03-16 20:21 - 2021-03-16 20:21 - 000000000 ____D C:\Users\Joakim\Desktop\Old Firefox Data
    2021-03-16 18:39 - 2014-12-01 01:37 - 000450966 _____ C:\WINDOWS\system32\Drivers\etc\hosts.20210316-183933.backup
    2021-03-16 17:23 - 2021-03-22 20:35 - 000001517 _____ C:\Users\Joakim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Desktop Delphi Toasts App.lnk
    2021-03-16 17:23 - 2021-03-16 17:23 - 000000000 ____D C:\WINDOWS\system32\Tasks\Safer-Networking
    2021-03-16 17:23 - 2021-03-16 17:23 - 000000000 ____D C:\Users\Joakim\AppData\Local\Safer-Networking Ltd
    2021-03-16 17:23 - 2021-03-16 17:23 - 000000000 ____D C:\Safer-Networking Ltd
    2021-03-16 17:22 - 2021-03-22 20:30 - 000000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
    2021-03-16 17:22 - 2021-03-20 13:30 - 000001464 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
    2021-03-16 17:22 - 2021-03-20 13:30 - 000001452 _____ C:\ProgramData\Desktop\Spybot-S&D Start Center.lnk
    2021-03-16 17:22 - 2021-03-20 13:30 - 000000000 ____D C:\ProgramData\Spybot - Search & Destroy
    2021-03-16 17:22 - 2021-03-20 13:30 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
    2021-03-16 17:22 - 2021-03-16 17:22 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot Anti-Beacon
    2021-03-16 17:22 - 2021-03-16 17:22 - 000000000 ____D C:\Program Files (x86)\Safer-Networking Ltd
    2021-03-16 17:22 - 2019-06-21 08:34 - 000019904 _____ (Windows (R) Win 7 DDK provider) C:\WINDOWS\system32\Drivers\Spybot3ELAM.sys
    2021-03-16 17:22 - 2018-02-06 19:04 - 000032168 _____ (Safer-Networking Ltd.) C:\WINDOWS\system32\sdnclean64.exe
    2021-03-16 17:18 - 2021-03-16 17:19 - 069300040 _____ (Safer-Networking Ltd. ) C:\Users\Joakim\Downloads\spybotsd-2.8.68.0.exe
    2021-03-15 20:30 - 2021-03-16 11:24 - 000000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
    2021-03-14 22:00 - 2021-03-14 22:00 - 000107996 _____ C:\Users\Joakim\Documents\COVID19-okresy_-_VZOR-Cestne_prohlaseni_-_20210227.pdf
    2021-03-14 21:19 - 2021-03-14 21:19 - 000000000 ____D C:\WINDOWS\system32\Tasks\Mozilla
    2021-03-14 17:56 - 2021-03-14 17:56 - 000000000 ____D C:\Users\Joakim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Solar-PuTTY
    2021-03-14 16:43 - 2021-03-14 16:43 - 000056721 _____ C:\Users\Joakim\Documents\medrol-marketing-package-insert.pdf
    2021-03-12 23:44 - 2021-03-20 22:22 - 000000000 ____D C:\Program Files\Mozilla Firefox
    2021-03-12 23:11 - 2021-03-12 23:11 - 000546474 _____ C:\Users\Joakim\Documents\document-1083542071.pdf
    2021-03-10 04:25 - 2021-03-10 04:25 - 000480256 _____ C:\WINDOWS\system32\AssignedAccessCsp.dll
    2021-03-10 04:24 - 2021-03-10 04:24 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
    2021-03-10 04:24 - 2021-03-10 04:24 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
    2021-03-10 04:24 - 2021-03-10 04:24 - 001314128 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
    2021-03-10 04:24 - 2021-03-10 04:24 - 000611952 _____ C:\WINDOWS\SysWOW64\TextShaping.dll
    2021-03-10 04:23 - 2021-03-10 04:23 - 001822272 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
    2021-03-10 04:23 - 2021-03-10 04:23 - 001394024 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
    2021-03-10 04:23 - 2021-03-10 04:23 - 001163776 _____ C:\WINDOWS\system32\MBR2GPT.EXE
    2021-03-10 04:23 - 2021-03-10 04:23 - 000707016 _____ C:\WINDOWS\system32\TextShaping.dll
    2021-03-10 04:23 - 2021-03-10 04:23 - 000231248 _____ C:\WINDOWS\system32\containerdevicemanagement.dll
    2021-03-10 04:23 - 2021-03-10 04:23 - 000091136 _____ C:\WINDOWS\system32\Drivers\cimfs.sys
    2021-03-09 13:06 - 2021-03-09 13:07 - 000052056 _____ C:\Users\Joakim\Documents\Žádost o kompenzační bonus6.pdf
    2021-03-06 10:51 - 2021-03-06 10:51 - 001969907 _____ C:\Users\Joakim\Downloads\c06584212.pdf
    2021-03-06 10:49 - 2021-03-06 10:49 - 007877768 _____ C:\Users\Joakim\Downloads\c06704249.pdf
    2021-03-04 15:18 - 2021-03-04 15:18 - 000109356 _____ C:\Users\Joakim\Documents\Anna Thunderbird settings.pdf
    2021-03-04 11:20 - 2021-03-04 11:20 - 020541440 _____ C:\Users\Joakim\Downloads\TortoiseSVN-1.14.1.29085-x64-svn-1.14.1.msi
    2021-03-01 12:39 - 2021-03-01 12:40 - 000000000 ____D C:\Users\Joakim\AppData\Local\Viber
    2021-02-24 18:12 - 2021-02-24 18:12 - 000001086 _____ C:\ProgramData\Desktop\Resource Builder 4.lnk
    2021-02-24 18:12 - 2021-02-24 18:12 - 000000000 ____D C:\Program Files\SiComponents
    2021-02-24 17:10 - 2021-02-24 17:10 - 036520984 _____ (SiComponents ) C:\Users\Joakim\Downloads\ResourceBuilder4Setup.exe

    ==================== One month (modified) ==================

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2021-03-22 21:31 - 2019-12-07 10:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
    2021-03-22 21:21 - 2016-07-31 09:16 - 000000000 ____D C:\Users\Joakim\AppData\Local\ClassicShell
    2021-03-22 21:20 - 2016-11-25 22:00 - 000000000 ____D C:\Users\Joakim\AppData\LocalLow\Mozilla
    2021-03-22 21:05 - 2012-05-14 21:04 - 000000000 ____D C:\ProgramData\Mozilla
    2021-03-22 20:56 - 2013-03-04 00:51 - 000000000 ____D C:\Users\Joakim\AppData\Local\CrashDumps
    2021-03-22 20:32 - 2010-05-31 08:46 - 000000000 ____D C:\Users\Joakim\AppData\Local\TSVNCache
    2021-03-22 20:30 - 2020-09-23 06:47 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
    2021-03-22 20:30 - 2020-09-23 05:32 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
    2021-03-22 20:30 - 2010-05-30 18:14 - 000000000 ____D C:\ProgramData\VMware
    2021-03-22 20:05 - 2013-12-05 10:37 - 000000000 ____D C:\ProgramData\AVAST Software
    2021-03-22 19:50 - 2020-09-23 06:47 - 000004158 _____ C:\WINDOWS\system32\Tasks\User_Feed_Synchronization-{168BB0EE-813A-4573-905E-12E387787C84}
    2021-03-22 18:38 - 2018-07-24 19:28 - 000000000 ____D C:\Users\Joakim\AppData\Roaming\Slack
    2021-03-22 15:49 - 2019-12-07 10:13 - 000000000 ____D C:\WINDOWS\INF
    2021-03-21 20:52 - 2019-12-07 10:03 - 000524288 _____ C:\WINDOWS\system32\config\BBI
    2021-03-21 15:48 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\Help
    2021-03-20 23:38 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\bcastdvr
    2021-03-20 23:32 - 2019-12-07 10:03 - 000000000 ____D C:\WINDOWS\CbsTemp
    2021-03-20 22:58 - 2015-01-14 22:35 - 000000000 ____D C:\Program Files\Visual Paradigm CE 12.0
    2021-03-20 22:51 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\AppReadiness
    2021-03-20 22:51 - 2018-01-02 00:45 - 000000000 ____D C:\Users\Joakim\AppData\Local\Packages
    2021-03-20 22:50 - 2019-10-23 13:40 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Seagate
    2021-03-20 22:49 - 2019-10-23 16:08 - 000000000 ____D C:\Program Files (x86)\Premium Recovery Suite
    2021-03-20 22:07 - 2020-09-23 05:32 - 000637008 _____ C:\WINDOWS\system32\FNTCACHE.DAT
    2021-03-20 18:24 - 2013-03-02 20:56 - 000388608 _____ (Trend Micro Inc.) C:\Users\Joakim\Downloads\HijackThis205.exe
    2021-03-20 16:40 - 2020-06-09 08:12 - 000002438 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
    2021-03-20 16:40 - 2020-06-09 08:12 - 000002276 _____ C:\ProgramData\Desktop\Microsoft Edge.lnk
    2021-03-20 16:40 - 2019-12-07 10:14 - 000000000 ___HD C:\Program Files\WindowsApps
    2021-03-20 00:58 - 2018-05-19 14:08 - 000000000 ____D C:\Users\Joakim\AppData\Local\D3DSCache
    2021-03-19 21:52 - 2021-01-21 16:14 - 000000000 ____D C:\Users\Joakim\AppData\Roaming\vlc
    2021-03-19 01:33 - 2010-11-18 02:19 - 000007622 _____ C:\Users\Joakim\AppData\Local\Resmon.ResmonCfg
    2021-03-18 14:50 - 2010-06-01 00:10 - 000000029 _____ C:\WINDOWS\VBAddin.ini
    2021-03-18 09:28 - 2020-09-23 05:41 - 000000000 ____D C:\Users\DefaultAppPool
    2021-03-17 08:56 - 2011-01-21 19:38 - 000000000 ____D C:\Users\Joakim\Documents\kamila
    2021-03-16 23:13 - 2016-01-20 15:13 - 000000000 ____D C:\Users\Joakim\Documents\DisplayFusion Backups
    2021-03-16 23:13 - 2016-01-16 17:53 - 000001388 _____ C:\ProgramData\Desktop\DisplayFusion.lnk
    2021-03-16 23:13 - 2016-01-16 17:53 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DisplayFusion
    2021-03-16 23:13 - 2016-01-16 17:53 - 000000000 ____D C:\Program Files (x86)\DisplayFusion
    2021-03-16 17:22 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
    2021-03-16 16:34 - 2012-05-14 21:04 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
    2021-03-16 11:24 - 2011-07-15 22:08 - 000002102 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk
    2021-03-15 21:05 - 2018-02-14 17:37 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
    2021-03-14 21:19 - 2011-05-06 20:01 - 000001005 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
    2021-03-14 20:46 - 2020-02-24 14:38 - 000000128 _____ C:\Users\Joakim\AppData\Local\PUTTY.RND
    2021-03-12 16:07 - 2010-05-30 18:20 - 000000000 ____D C:\Users\Joakim\AppData\Roaming\VMware
    2021-03-12 16:02 - 2010-05-30 18:20 - 000000000 ____D C:\Users\Joakim\AppData\Local\VMware
    2021-03-10 21:41 - 2021-01-13 12:02 - 000000000 ____D C:\Users\Joakim\AppData\Roaming\ViberPC
    2021-03-10 20:31 - 2014-07-14 20:00 - 000000000 ____D C:\Program Files (x86)\Google
    2021-03-10 20:31 - 2010-10-16 16:47 - 000000000 ____D C:\Users\Joakim\AppData\Local\Google
    2021-03-10 20:30 - 2016-07-30 08:16 - 000000000 ___RD C:\Users\Joakim\OneDrive
    2021-03-10 04:59 - 2020-09-23 07:56 - 000749220 _____ C:\WINDOWS\system32\perfh01D.dat
    2021-03-10 04:59 - 2020-09-23 07:56 - 000159118 _____ C:\WINDOWS\system32\perfc01D.dat
    2021-03-10 04:59 - 2020-09-23 07:00 - 000821364 _____ C:\WINDOWS\system32\perfh015.dat
    2021-03-10 04:59 - 2020-09-23 07:00 - 000167086 _____ C:\WINDOWS\system32\perfc015.dat
    2021-03-10 04:59 - 2020-09-23 06:36 - 000751798 _____ C:\WINDOWS\system32\perfh005.dat
    2021-03-10 04:59 - 2020-09-23 06:36 - 000158964 _____ C:\WINDOWS\system32\perfc005.dat
    2021-03-10 04:59 - 2020-09-23 06:28 - 004250136 _____ C:\WINDOWS\system32\PerfStringBackup.INI
    2021-03-10 04:59 - 2020-09-23 05:24 - 000455408 _____ C:\WINDOWS\system32\perfh014.dat
    2021-03-10 04:59 - 2020-09-23 05:24 - 000081264 _____ C:\WINDOWS\system32\perfc014.dat
    2021-03-10 04:48 - 2019-12-07 10:54 - 000000000 ___SD C:\WINDOWS\system32\AppV
    2021-03-10 04:48 - 2019-12-07 10:54 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
    2021-03-10 04:48 - 2019-12-07 10:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
    2021-03-10 04:48 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
    2021-03-10 04:48 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
    2021-03-10 04:48 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\inetsrv
    2021-03-10 04:48 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
    2021-03-10 04:48 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SystemResources
    2021-03-10 04:48 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
    2021-03-10 04:48 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\SystemResetPlatform
    2021-03-10 04:48 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\setup
    2021-03-10 04:48 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\oobe
    2021-03-10 04:48 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\inetsrv
    2021-03-10 04:48 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\Dism
    2021-03-10 04:48 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\Provisioning
    2021-03-10 03:31 - 2013-08-22 09:29 - 000000000 ____D C:\WINDOWS\system32\MRT
    2021-03-10 03:14 - 2010-05-30 15:07 - 131005360 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
    2021-03-10 03:13 - 2014-10-26 09:35 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
    2021-03-10 01:03 - 2009-07-14 03:34 - 000000510 _____ C:\WINDOWS\win.ini
    2021-03-04 10:34 - 2020-09-23 06:47 - 000003480 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
    2021-03-04 10:34 - 2020-09-23 06:47 - 000003356 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
    2021-03-01 18:47 - 2019-10-30 21:09 - 000000000 ____D C:\Users\Joakim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Slack Technologies Inc
    2021-03-01 18:47 - 2018-07-24 19:28 - 000002208 _____ C:\Users\Joakim\Desktop\Slack.lnk
    2021-03-01 18:47 - 2018-07-24 19:28 - 000000000 ____D C:\Users\Joakim\AppData\Local\SquirrelTemp
    2021-03-01 18:47 - 2018-07-24 19:28 - 000000000 ____D C:\Users\Joakim\AppData\Local\slack
    2021-03-01 10:18 - 2010-08-19 19:35 - 000000000 ____D C:\Users\Joakim\Documents\Snagit
    2021-02-28 21:51 - 2010-06-02 09:47 - 000000000 ____D C:\Users\Joakim\AppData\Local\Axialis
    2021-02-28 21:45 - 2010-06-02 09:48 - 000000000 ____D C:\Users\Joakim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Axialis Software
    2021-02-28 21:43 - 2015-01-23 23:45 - 000000000 ____D C:\Users\Joakim\AppData\Local\JetBrains
    2021-02-25 18:19 - 2010-05-31 23:28 - 000000000 ____D C:\WinLicense
    2021-02-25 10:23 - 2010-06-02 22:38 - 000000000 ____D C:\ProgramData\SiComponents
    2021-02-24 18:12 - 2010-06-02 22:38 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SiComponents
    2021-02-20 04:12 - 2021-01-22 08:21 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools

    ==================== Files in the root of some directories ========

    2011-12-10 11:56 - 2011-12-10 11:56 - 000004136 _____ () C:\ProgramData\vtsnfuas.bat
    2017-06-26 09:18 - 2017-06-26 09:18 - 000000736 _____ () C:\Users\Joakim\phpedbakxp.bat
    2016-05-15 16:43 - 2016-05-15 16:43 - 000000000 ____D () C:\Users\Joakim\sqlitebrowser.exe
    2010-07-15 17:07 - 2010-07-15 17:07 - 000016384 _____ (Mach5) C:\Program Files (x86)\Common Files\Mach5.Install.dll
    2010-07-15 17:07 - 2010-07-15 17:07 - 000020480 _____ (Mach5) C:\Program Files (x86)\Common Files\Mach5.Mailer.Install.dll
    2014-06-23 16:58 - 2014-06-23 16:58 - 000002012 _____ () C:\Program Files (x86)\Common Files\Mach5.Mailer.Install.InstallState
    2014-12-15 23:50 - 2017-01-23 14:33 - 000000034 _____ () C:\Users\Joakim\AppData\Roaming\AdobeWLCMCache.dat
    2010-06-27 22:07 - 2012-03-31 18:37 - 000006656 _____ () C:\Users\Joakim\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    2020-02-24 14:38 - 2021-03-14 20:46 - 000000128 _____ () C:\Users\Joakim\AppData\Local\PUTTY.RND
    2010-11-18 02:19 - 2021-03-19 01:33 - 000007622 _____ () C:\Users\Joakim\AppData\Local\Resmon.ResmonCfg
    2008-02-05 13:28 - 2008-02-05 13:28 - 000000051 _____ () C:\Users\Joakim\AppData\Local\setup.txt

    ==================== End of FRST.txt ========================
    Addition.txt
    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21-03-2021
    Ran by Joakim (22-03-2021 21:37:52)
    Running from C:\Users\Joakim\Desktop
    Windows 10 Pro Version 20H2 19042.868 (X64) (2020-09-23 05:48:46)
    Boot Mode: Normal
    ==========================================================


    ==================== Accounts: =============================

    Acronis Agent User (S-1-5-21-1192574728-1841427162-4075779397-1011 - Administrator - Enabled) => C:\Users\Acronis Agent User
    Acronis Agent User 2 (S-1-5-21-1192574728-1841427162-4075779397-1013 - Administrator - Enabled) => C:\Users\Acronis Agent User 2
    Administrator (S-1-5-21-1192574728-1841427162-4075779397-500 - Administrator - Disabled)
    boinc_master (S-1-5-21-1192574728-1841427162-4075779397-1016 - Limited - Enabled) => C:\Users\boinc_master
    boinc_project (S-1-5-21-1192574728-1841427162-4075779397-1017 - Limited - Enabled)
    DefaultAccount (S-1-5-21-1192574728-1841427162-4075779397-503 - Limited - Disabled)
    Guest (S-1-5-21-1192574728-1841427162-4075779397-501 - Limited - Disabled)
    Joakim (S-1-5-21-1192574728-1841427162-4075779397-1000 - Administrator - Enabled) => C:\Users\Joakim
    WDAGUtilityAccount (S-1-5-21-1192574728-1841427162-4075779397-504 - Limited - Disabled)

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Spybot - Search and Destroy (Enabled - Up to date) {F77C7796-45C4-531E-0DAE-B4A8229B11C8}
    AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    ==================== Installed Programs ======================

    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    3D Thumbnail Generator 1.0 (HKLM-x32\...\3D Thumbnail Generator_is1) (Version: 1.0 - SoftOrbits)
    64 Bit HP CIO Components Installer (HKLM\...\{BC741628-0AFC-405C-8946-DD46D1005A0A}) (Version: 8.2.4 - Hewlett-Packard) Hidden
    7-Zip 17.00 (x64 edition) (HKLM\...\{23170F69-40C1-2702-1700-000001000000}) (Version: 17.00.00.0 - Igor Pavlov)
    Acrobat.com (HKLM-x32\...\{F8131A35-47FD-27AD-116D-0E79AF5DE5EE}) (Version: 2.1.0 - Adobe Systems Incorporated) Hidden
    Acronis True Image WD Edition (HKLM-x32\...\{9B683A28-2172-4CF1-B85D-41375E80652A}) (Version: 13.0.14184 - Acronis)
    Adobe Acrobat XI Pro (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-000000000006}) (Version: 11.0.07 - Adobe Systems)
    Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 18.0.0.180 - Adobe Systems Incorporated)
    Adobe Illustrator CC 2014 (HKLM-x32\...\{2B4B4082-8043-4646-8334-B0A29E641211}) (Version: 18.1.1 - Adobe Systems Incorporated)
    Adobe InDesign CC 2014 (HKLM-x32\...\{CCDCB9C4-72BA-1014-A3F8-D123F2F18BC2}) (Version: 10.0 - Adobe Systems Incorporated)
    Adobe Update Management Tool (HKLM-x32\...\{534A7A1A-7102-4AF6-23EA-7CD279C7B625}_is1) (Version: 7.1 - PainteR)
    Akamai NetSession Interface (HKU\S-1-5-21-1192574728-1841427162-4075779397-1011\...\Akamai) (Version: - Akamai Technologies, Inc)
    Akamai NetSession Interface (HKU\S-1-5-21-1192574728-1841427162-4075779397-1013\...\Akamai) (Version: - Akamai Technologies, Inc)
    AMD Catalyst Control Center (HKLM-x32\...\WUCCCApp) (Version: 1.00.0000 - AMD)
    AMD Catalyst Install Manager (HKLM\...\{AAFD93A0-6522-9FF4-69CF-15B98681681A}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
    Android SDK Tools (HKLM-x32\...\Android SDK Tools) (Version: 1.16 - Google Inc.)
    Application Insights Tools for Visual Studio 2013 (HKLM-x32\...\{05F508E8-2DC6-4B12-B6A9-51000536216A}) (Version: 2.4 - Microsoft Corporation) Hidden
    Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.14.3.0 - Asmedia Technology)
    Aspell English Dictionary-0.50-2 (HKLM-x32\...\Aspell English Dictionary_is1) (Version: - GNU)
    AutoIt v3.3.14.2 (HKLM-x32\...\AutoItv3) (Version: 3.3.14.2 - AutoIt Team)
    AutoIt v3.3.15.0 (Beta) (HKLM-x32\...\AutoItv3beta) (Version: 3.3.15.0 - AutoIt Team)
    Axialis IconWorkshop 6.91 (HKLM-x32\...\IconWorkshop ) (Version: 6.91 - Axialis Software)
    AzureTools.Notifications (HKLM-x32\...\{3FBFCF2C-392A-4632-9442-14C305B44D5E}) (Version: 2.1.10731.1602 - Microsoft Corporation) Hidden
    B4J v2.20 (HKLM-x32\...\{EDE7CEAB-7394-4B50-8109-268DFB9A3023}_is1) (Version: - Anywhere Software)
    Behaviors SDK (Windows Phone) for Visual Studio 2013 (HKLM-x32\...\{594DB57D-58D1-4AA3-AE6C-BF99484F52F8}) (Version: 12.0.50716.0 - Microsoft Corporation) Hidden
    Behaviors SDK (Windows) for Visual Studio 2013 (HKLM-x32\...\{28C7344F-E894-4CF5-8D05-EDC7ED71796C}) (Version: 12.0.50429.0 - Microsoft Corporation) Hidden
    Beyond Compare 4.3.7 (HKLM\...\BeyondCompare4_is1) (Version: 4.3.7.25118 - Scooter Software)
    Bing Bar (HKLM-x32\...\{08234a0d-cf39-4dca-99f0-0c5cb496da81}) (Version: 5.0.1449.0 - Microsoft Corporation)
    Bing Bar Platform (HKLM-x32\...\{4F7177E9-2B54-48B4-AAFD-03FA1F87A542}) (Version: 5.0.1449.0 - Microsoft Corporation) Hidden
    Blend for Visual Studio 2012 (HKLM-x32\...\{57F20F04-014D-453F-B6A3-AE9485C4DFAB}) (Version: 5.0.30709.0 - Microsoft Corporation) Hidden
    Blend for Visual Studio 2012 ENU resources (HKLM-x32\...\{532DBCC8-9468-435C-AEF6-30B7F50735A2}) (Version: 5.0.30709.0 - Microsoft Corporation) Hidden
    Blend for Visual Studio 2013 (HKLM-x32\...\{EBC890A6-DE7C-44B4-AA03-119B6190D3E1}) (Version: 12.0.41002.1 - Microsoft Corporation) Hidden
    Blend for Visual Studio 2013 ENU resources (HKLM-x32\...\{9ED1634C-4E71-4992-A1BA-7C4BE6EE39E1}) (Version: 12.0.41002.1 - Microsoft Corporation) Hidden
    Blend for Visual Studio SDK for .NET 4.5 (HKLM-x32\...\{37E53780-3944-4A6A-842F-727128E8616E}) (Version: 3.0.40218.0 - Microsoft Corporation) Hidden
    Blend for Visual Studio SDK for Silverlight 5 (HKLM-x32\...\{0C03A66F-1FF0-45F9-8D67-0D806EBFFBA1}) (Version: 3.0.40218.0 - Microsoft Corporation) Hidden
    Brother MFL-Pro Suite DCP-9020CDW (HKLM-x32\...\{E98A9C92-E767-475B-8BC6-8780A86DDC72}) (Version: 1.0.5.0 - Brother Industries, Ltd.)
    Build Tools - amd64 (HKLM\...\{CC1F74DF-058F-406C-BC7D-F14D6E5F7CBD}) (Version: 12.0.31101 - Microsoft Corporation) Hidden
    Build Tools - x86 (HKLM-x32\...\{B255880F-8C5E-4FAF-8F9C-7DBA635B2615}) (Version: 12.0.31101 - Microsoft Corporation) Hidden
    Build Tools Language Resources - amd64 (HKLM\...\{E43BBAEB-4914-44C6-88C0-E7A1DBD20A91}) (Version: 12.0.31101 - Microsoft Corporation) Hidden
    Build Tools Language Resources - x86 (HKLM-x32\...\{D37FDF2F-8766-4BDF-A0E3-A60BDBB630ED}) (Version: 12.0.31101 - Microsoft Corporation) Hidden
    Chrome Embedded Browser version 3.1364.1094 (HKLM-x32\...\Chrome Embedded Browser_is1) (Version: 3.1364.1094 - NuSphere Corp.)
    Chrome Embedded Browser version 3.1547.32 (HKLM\...\Chrome Embedded Browser_is1) (Version: 3.1547.32 - NuSphere Corp.)
    ChunkVNC 3.3.1 version 3.3.1 (HKLM-x32\...\{8A5584D1-8163-4316-A404-95080A30A93C}_is1) (Version: 3.3.1 - supercoe)
    Classic Shell (HKLM\...\{CABCE573-0A86-42FA-A52A-C7EA61D5BE08}) (Version: 4.3.1 - IvoSoft)
    CodeSMART 10 with VS10x Extensions (Evaluation Version) (HKLM-x32\...\CodeSMART 10 - EVALUATION_is1) (Version: 10.51 - AxTools)
    CodeSMART 2013 for VB6 (HKLM-x32\...\AxTools CodeSMART 2013 for VB6_is1) (Version: 8.5 - AxTools)
    Component Checker (HKLM\...\{32E52354-FD81-4BA3-8261-70FB3AA8E8B5}) (Version: 2.0.0 - Microsoft)
    CPUID ROG CPU-Z 1.61.3 (HKLM\...\CPUID ROG CPU-Z_is1) (Version: 1.61.3 - CPUID, Inc.)
    Crystal Reports Basic for Visual Studio 2008 (HKLM-x32\...\{AA467959-A1D6-4F45-90CD-11DC57733F32}) (Version: 10.5.0.0 - Business Objects)
    Crystal Reports for Visual Studio (HKLM-x32\...\{AC41D924-8C68-4BD5-A7A1-0AE4176C31A6}) (Version: 12.51.0.240 - SAP) Hidden
    Déjà Vu X3 (HKLM-x32\...\{E350DBC6-7B58-4AFE-AB3E-08A536B8514B}) (Version: 9.00.0793 - ATRIL Language Engineering, S.L.)
    Disktrix UltimateDefrag (HKLM-x32\...\UltimateDefrag) (Version: - )
    DisplayFusion 9.7.2 (Beta 7) (HKLM-x32\...\B076073A-5527-4f4f-B46B-B10692277DA2_is1) (Version: 9.7.1.107 - Binary Fortress Software)
    Dotfuscator and Analytics Community Edition (HKLM-x32\...\{2386192E-D6DB-4AD2-9564-65586A0AE53E}) (Version: 5.5.4954.46574 - PreEmptive Solutions) Hidden
    Dotfuscator and Analytics Community Edition (HKLM-x32\...\{372D17F6-A54E-4A01-B264-1314890FFE61}) (Version: 5.5.4521.29298 - PreEmptive Solutions) Hidden
    Dotfuscator Software Services - Community Edition (HKLM-x32\...\{1AA5BD63-6614-44B2-88A7-605191EDB835}) (Version: 5.0.2500.0 - PreEmptive Solutions)
    Entity Framework 6.1.1 Tools for Visual Studio 2013 (HKLM-x32\...\{85253F13-EE42-4850-A3A5-79B90E92D7AC}) (Version: 12.0.30610.0 - Microsoft Corporation)
    Entity Framework Designer for Visual Studio 2012 - enu (HKLM-x32\...\{0A1A1D48-DB23-443A-BC7B-49255D138020}) (Version: 11.1.20702.00 - Microsoft Corporation)
    FireFly Visual Designer 3.10 (Registered) (HKLM-x32\...\FireFly Visual Designer_is1) (Version: - PlanetSquires)
    FlashFXP 5 (HKLM-x32\...\FlashFXP 5) (Version: 5.4.0.3970 - OpenSight Software LLC)
    FxExperience Tools 0.1 (HKLM-x32\...\FxExperience Tools 0.1) (Version: - FxExperience)
    GIGABYTE Remote Utilities (HKLM-x32\...\{DA60AB6B-6C9C-4B5F-BC61-3B0D9BCBD50B}) (Version: 3.0.0.0 - GIGABYTE)
    GIGABYTE U7300 BDA Device (HKLM-x32\...\TVRTLDrv) (Version: - )
    GNU Aspell 0.50-3 (HKLM-x32\...\GNU Aspell_is1) (Version: - GNU)
    Google Earth Plug-in (HKLM-x32\...\{57BB4801-61C8-4E74-9672-2160728A461E}) (Version: 7.1.5.1557 - Google)
    Host OpenAL (ADI) (HKLM-x32\...\Host OpenAL (ADI)) (Version: - )
    HP Customer Participation Program 14.0 (HKLM\...\HPExtendedCapabilities) (Version: 14.0 - HP)
    HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)
    HP Officejet Pro 8000 A809 Series (HKLM\...\{A9E695CB-A6AA-4B4C-9754-BA3CFF1C3B00}) (Version: 14.0 - HP)
    HP Smart Web Printing 4.60 (HKLM\...\HP Smart Web Printing) (Version: 4.60 - HP)
    HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP)
    HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
    HPDiagnosticAlert (HKLM-x32\...\{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}) (Version: 1.00.0000 - Microsoft) Hidden
    ICMarkets - MetaTrader 5 (HKLM\...\ICMarkets - MetaTrader 5) (Version: 5.00 - MetaQuotes Software Corp.)
    IIS 8.0 Express (HKLM\...\{7BF61FA9-BDFB-4563-98AD-FCB0DA28CCC7}) (Version: 8.0.1557 - Microsoft Corporation)
    IIS Express Application Compatibility Database for x64 (HKLM\...\{9f4f4a9b-eec5-4906-92fe-d1f43ccf5c8d}.sdb) (Version: - )
    IIS Express Application Compatibility Database for x86 (HKLM\...\{fdfba1f3-74ae-4255-9c10-a0f552b4610f}.sdb) (Version: - )
    ImageConverter Plus 7.1 (HKLM-x32\...\ImageConverter Plus_is1) (Version: - fCoder Group, Inc.)
    Inno Script Studio (HKLM-x32\...\{7C22BD69-9939-43CE-B16E-437DB2A39492}_is1) (Version: 2.5.1.0 - Kymoto Solutions)
    Inno Setup QuickStart Pack version 5.5.9 (HKLM-x32\...\Inno Setup 5_is1) (Version: 5.5.9 - Martijn Laan)
    Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
    Intel(R) Network Connections 17.3.63.0 (HKLM\...\PROSetDX) (Version: 17.3.63.0 - Intel)
    Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.5.235 - Intel Corporation)
    Intel® Watchdog Timer Driver (Intel® WDT) (HKLM-x32\...\{3FD0C489-0F02-481a-A3E1-9754CD396761}) (Version: - Intel Corporation)
    ISSkin 3.0 (HKLM-x32\...\ISSkin_is1) (Version: 3.0 - Codejock Software)
    Java SE Development Kit 8 Update 20 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180200}) (Version: 8.0.200.26 - Oracle Corporation)
    JavaFX Scene Builder 2.0 (HKLM-x32\...\{B4665EB1-1F7A-44F5-AD07-C20A938E8BC2}) (Version: 2.0 - Oracle)
    JetBrains PhpStorm 10.0.3 (HKLM-x32\...\PhpStorm 10.0.3) (Version: 143.1770 - JetBrains s.r.o.)
    JetBrains Products in Visual Studio 2010 (HKU\S-1-5-21-1192574728-1841427162-4075779397-1000\...\{3c5e89e2-1ac3-59d3-bc96-499e1c070dea}) (Version: 1 - JetBrains s.r.o.)
    JetBrains Products in Visual Studio 2012 (HKU\S-1-5-21-1192574728-1841427162-4075779397-1000\...\{494c3c2b-34d1-53e1-ba93-2344d42e0b79}) (Version: 1 - JetBrains s.r.o.)
    JetBrains Products in Visual Studio 2013 (HKU\S-1-5-21-1192574728-1841427162-4075779397-1000\...\{bf70078c-5e98-52f6-af00-eba9a1c75eec}) (Version: 1 - JetBrains s.r.o.)
    JetBrains ReSharper 9 (HKLM-x32\...\{2663211F-9CB2-4881-9BA0-EBE2F41438D3}) (Version: 9.0.0.0 - JetBrains Inc) Hidden
    Kit SDK de vérification de Visual Studio 2012 - fra (HKLM-x32\...\{8A3862F9-F587-3DFA-AAFC-C1F0E116F05C}) (Version: 12.0.30501 - Microsoft Corporation) Hidden
    kSign 3.0 (HKLM-x32\...\{0D30E99C-8676-4BA5-99A8-C0BCE9BDDC93}_is1) (Version: 3.0.0.0 - K Software)
    LibreOffice 5.4.7.2 (HKLM\...\{26D12F93-E454-4637-9A5C-D52F6B4CC0DD}) (Version: 5.4.7.2 - The Document Foundation)
    LocalESPC (HKLM-x32\...\{62910715-63E3-0AB0-0B29-99140DE1C15E}) (Version: 8.59.29989 - Microsoft Corporation) Hidden
    LocalESPC Dev12 (HKLM-x32\...\{492498A3-F88C-FE2F-755C-9B1B91724CA5}) (Version: 8.100.25984 - Microsoft Corporation) Hidden
    LocalESPCui for en-us (HKLM-x32\...\{B5DA9D49-9BD8-0F2F-52FC-C7E66BC8D944}) (Version: 8.59.25584 - Microsoft) Hidden
    LocalESPCui for en-us Dev12 (HKLM-x32\...\{B1C38F27-D377-8C98-D98D-29B67C0B978D}) (Version: 8.100.25984 - Microsoft) Hidden
    Logitech Unifying Software 2.50 (HKLM\...\Logitech Unifying) (Version: 2.50.25 - Logitech)
    Mach5 Mailer (HKLM-x32\...\{28DAE481-F41C-46B2-B1AE-F4B5CB914B91}) (Version: 4.5.14 - Mach5 Mailer 4)
    Malwarebytes Anti-Malware version 1.70.0.1100 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.70.0.1100 - Malwarebytes Corporation)
    Memory Profiler (HKLM-x32\...\{54F76D6C-0EC3-43D9-8BCC-73E31AB0BF06}) (Version: 12.0.31101 - Microsoft Corporation) Hidden
    Memory Profiler (HKLM-x32\...\{A88AEB8B-A6C5-41BC-8F71-F704DD1E0D00}) (Version: 12.0.31101 - Microsoft Corporation) Hidden
    MetaTrader 4 IC Markets (HKLM-x32\...\MetaTrader 4 IC Markets) (Version: 4.00 - MetaQuotes Software Corp.)
    Microsoft .NET Framework 4 Multi-Targeting Pack (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}) (Version: 4.0.30319 - Microsoft Corporation)
    Microsoft .NET Framework 4.5 Multi-Targeting Pack (HKLM-x32\...\{56E962F0-4FB0-3C67-88DB-9EAA6EEFC493}) (Version: 4.5.50710 - Microsoft Corporation)
    Microsoft .NET Framework 4.5 SDK (HKLM-x32\...\{4AE57014-05C4-4864-A13D-86517A7E1BA4}) (Version: 4.5.50710 - Microsoft Corporation)
    Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (ENU) (HKLM-x32\...\{D3517C62-68A5-37CF-92F7-93C029A89681}) (Version: 4.5.50932 - Microsoft Corporation)
    Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (HKLM-x32\...\{6A0C6700-EA93-372C-8871-DCCF13D160A4}) (Version: 4.5.50932 - Microsoft Corporation)
    Microsoft .NET Framework 4.5.1 SDK (HKLM-x32\...\{19A5926D-66E1-46FC-854D-163AA10A52D3}) (Version: 4.5.51641 - Microsoft Corporation)
    Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools (HKLM-x32\...\{40416836-56CC-4C0E-A6AF-5C34BADCE483}) (Version: 2.0.50217.0 - Microsoft Corporation)
    Microsoft ASP.NET MVC 2 (HKLM-x32\...\{DD8FF2F3-0D97-4CF3-AF78-FA0E1B242244}) (Version: 2.0.60926.0 - Microsoft Corporation)
    Microsoft ASP.NET MVC 3 (HKLM-x32\...\{D32EF103-4016-4C15-BCB0-700C0A7A2309}) (Version: 3.0.50813.0 - Microsoft Corporation)
    Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
    Microsoft ASP.NET Web Pages (HKLM-x32\...\{631471BE-DEAB-454B-A9AC-CE3EB42C28B3}) (Version: 1.0.20105.0 - Microsoft Corporation)
    Microsoft Device Emulator (64 bit) version 3.0 - ENU (HKLM\...\{EF8B1A2E-9CCB-3AB2-91E3-4EEDAB1294E1}) (Version: 9.0.21022 - Microsoft Corporation)
    Microsoft Document Explorer 2008 (HKLM-x32\...\Microsoft Document Explorer 2008) (Version: - Microsoft Corporation)
    Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 89.0.774.57 - Microsoft Corporation)
    Microsoft Help Viewer 1.1 (HKLM\...\Microsoft Help Viewer 1.1) (Version: 1.1.40219 - Microsoft Corporation)
    Microsoft Help Viewer 2.0 (HKLM-x32\...\Microsoft Help Viewer 2.0) (Version: 2.0.50727 - Microsoft Corporation)
    Microsoft Help Viewer 2.1 (HKLM-x32\...\Microsoft Help Viewer 2.1) (Version: 2.1.21005 - Microsoft Corporation)
    Microsoft Office Professional Plus 2013 (HKLM-x32\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
    Microsoft Office Proofing Tools 2013 - Svenska (HKLM-x32\...\{90150000-001F-041D-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)
    Microsoft Primary Interoperability Assemblies 2005 (HKLM-x32\...\{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}) (Version: 8.0.50727.42 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50918.0 - Microsoft Corporation)
    Microsoft Silverlight 3 SDK (HKLM-x32\...\{2012098D-EEE9-4769-8DD3-B038050854D4}) (Version: 3.0.40818.0 - Microsoft Corporation)
    Microsoft Silverlight 4 SDK (HKLM-x32\...\{189AEA94-DAFB-487A-8CEE-F9D3DDE0A748}) (Version: 4.0.60310.0 - Microsoft Corporation)
    Microsoft Silverlight 5 SDK (HKLM-x32\...\{E1FBB3D4-ADB0-4949-B101-855DA061C735}) (Version: 5.0.61118.0 - Microsoft Corporation)
    Microsoft SQL Server 2005 (HKLM-x32\...\Microsoft SQL Server 2005) (Version: - Microsoft Corporation)
    Microsoft SQL Server 2008 R2 Data-Tier Application Framework (HKLM-x32\...\{BC537AE0-88AF-47ED-B762-33B0D62B5188}) (Version: 10.50.1750.9 - Microsoft Corporation)
    Microsoft SQL Server 2008 R2 Data-Tier Application Project (HKLM-x32\...\{7A56D81D-6406-40E7-9184-8AC1769C4D69}) (Version: 10.50.1750.9 - Microsoft Corporation)
    Microsoft SQL Server 2008 R2 Management Objects (HKLM-x32\...\{77F1F8AD-51B8-4490-AEEC-BF480073E0FC}) (Version: 10.50.1750.9 - Microsoft Corporation)
    Microsoft SQL Server 2008 R2 Management Objects (x64) (HKLM\...\{EAEBF166-B06A-4D7F-BAF7-6615303D5C7C}) (Version: 10.50.1750.9 - Microsoft Corporation)
    Microsoft SQL Server 2008 R2 Transact-SQL Language Service (HKLM-x32\...\{09C52940-A4D1-4409-A7CC-1AAE630CF578}) (Version: 10.50.1750.9 - Microsoft Corporation)
    Microsoft SQL Server 2012 Command Line Utilities (HKLM\...\{58FED865-4F13-408D-A5BF-996019C4B936}) (Version: 11.1.3000.0 - Microsoft Corporation)
    Microsoft SQL Server 2012 Data-Tier App Framework (HKLM-x32\...\{1B876496-B3A2-4D22-9B12-B608A3FD4B8B}) (Version: 11.1.2902.0 - Microsoft Corporation)
    Microsoft SQL Server 2012 Data-Tier App Framework (x64) (HKLM\...\{A6BA243E-85A3-4635-A269-32949C98AC7F}) (Version: 11.1.2902.0 - Microsoft Corporation)
    Microsoft SQL Server 2012 Express LocalDB (HKLM\...\{6C026A91-640F-4A23-8B68-05D589CC6F18}) (Version: 11.1.3000.0 - Microsoft Corporation)
    Microsoft SQL Server 2012 Management Objects (HKLM-x32\...\{2F7DBBE6-8EBC-495C-9041-46A772F4E311}) (Version: 11.1.3000.0 - Microsoft Corporation)
    Microsoft SQL Server 2012 Management Objects (x64) (HKLM\...\{43A5C316-9521-49C3-B9B6-FCE5E1005DF0}) (Version: 11.1.3000.0 - Microsoft Corporation)
    Microsoft SQL Server 2012 Native Client (HKLM\...\{D411E9C9-CE62-4DBF-9D92-4CB22B750ED5}) (Version: 11.1.3000.0 - Microsoft Corporation)
    Microsoft SQL Server 2012 Transact-SQL Compiler Service (HKLM\...\{BEB0F91E-F2EA-48A1-B938-7857ABF2A93D}) (Version: 11.0.2100.60 - Microsoft Corporation)
    Microsoft SQL Server 2012 Transact-SQL ScriptDom (HKLM\...\{54C5041B-0E91-4E92-8417-AAA12493C790}) (Version: 11.1.3000.0 - Microsoft Corporation)
    Microsoft SQL Server 2012 T-SQL Language Service (HKLM-x32\...\{04DD7AF4-A6D3-4E30-9BB9-3B3670719234}) (Version: 11.1.3000.0 - Microsoft Corporation)
    Microsoft SQL Server 2014 Express LocalDB (HKLM\...\{AB8DE9BA-19E1-446A-BCFA-6B3DA9751E21}) (Version: 12.0.2000.8 - Microsoft Corporation)
    Microsoft SQL Server 2014 Management Objects (HKLM-x32\...\{2774595F-BC2A-4B12-A25B-0C37A37049B0}) (Version: 12.0.2000.8 - Microsoft Corporation)
    Microsoft SQL Server 2014 Management Objects (x64) (HKLM\...\{1F9EB3B6-AED7-4AA7-B8F1-8E314B74B2A5}) (Version: 12.0.2000.8 - Microsoft Corporation)
    Microsoft SQL Server 2014 Transact-SQL ScriptDom (HKLM\...\{020CDFE0-C127-4047-B571-37C82396B662}) (Version: 12.0.2000.8 - Microsoft Corporation)
    Microsoft SQL Server 2014 T-SQL Language Service (HKLM-x32\...\{47D08E7A-92A1-489B-B0BF-415516497BCE}) (Version: 12.0.2000.8 - Microsoft Corporation)
    Microsoft SQL Server Compact 3.5 for Devices ENU (HKLM-x32\...\{241F2BF7-69EB-42A4-9156-96B2426C7504}) (Version: 3.5.5386.0 - Microsoft Corporation)
    Microsoft SQL Server Compact 3.5 SP1 Design Tools English (HKLM-x32\...\{0C19D563-5F25-4621-BF10-01F741BD283F}) (Version: 3.5.5692.0 - Microsoft Corporation)
    Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
    Microsoft SQL Server Compact 3.5 SP2 x64 ENU (HKLM\...\{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}) (Version: 3.5.8080.0 - Microsoft Corporation)
    Microsoft SQL Server Compact 4.0 SP1 x64 ENU (HKLM\...\{78909610-D229-459C-A936-25D92283D3FD}) (Version: 4.0.8876.1 - Microsoft Corporation)
    Microsoft SQL Server Data Tools - enu (11.1.20627.00) (HKLM-x32\...\{FA804794-2CCB-4301-954F-2C2894698876}) (Version: 11.1.20627.00 - Microsoft Corporation)
    Microsoft SQL Server Data Tools - enu (12.0.41012.0) (HKLM-x32\...\{AC8E0CF4-42A1-4151-B684-97CF6FD726CF}) (Version: 12.0.41012.0 - Microsoft Corporation)
    Microsoft SQL Server Data Tools Build Utilities - enu (11.1.20627.00) (HKLM-x32\...\{790E9425-8570-493F-9AE7-81AFC9E46930}) (Version: 11.1.20627.00 - Microsoft Corporation)
    Microsoft SQL Server Data Tools Build Utilities - enu (12.0.30919.1) (HKLM-x32\...\{6781FF9B-E87D-4A03-9373-A55A288B83FA}) (Version: 12.0.30919.1 - Microsoft Corporation)
    Microsoft SQL Server Database Publishing Wizard 1.3 (HKLM-x32\...\{9A33B83D-FFC4-44CF-BEEF-632DECEF2FCD}) (Version: 10.0.1600.22 - Microsoft Corporation)
    Microsoft SQL Server Database Publishing Wizard 1.4 (HKLM-x32\...\{ACE28263-76A4-4BF5-B6F4-8BD719595969}) (Version: 10.1.2512.8 - Microsoft Corporation)
    Microsoft SQL Server Native Client (HKLM\...\{9ACF3FDB-C8E6-444C-8C64-13A221F7BFFD}) (Version: 9.00.5000.00 - Microsoft Corporation)
    Microsoft SQL Server Setup Support Files (English) (HKLM-x32\...\{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}) (Version: 9.00.5000.00 - Microsoft Corporation)
    Microsoft SQL Server System CLR Types (HKLM-x32\...\{877B76B2-F83F-4F5A-B28D-3F398641ADB6}) (Version: 10.50.1750.9 - Microsoft Corporation)
    Microsoft SQL Server System CLR Types (x64) (HKLM\...\{1E6ED082-E32D-4B2B-8B6A-70B094815135}) (Version: 10.50.1750.9 - Microsoft Corporation)
    Microsoft SQL Server VSS Writer (HKLM\...\{B636C9B9-A3F2-4DCE-ADCC-72E095018385}) (Version: 9.00.5000.00 - Microsoft Corporation)
    Microsoft Sync Framework Runtime v1.0 SP1 (x64) (HKLM\...\{8438EC02-B8A9-462D-AC72-1B521349C001}) (Version: 1.0.3010.0 - Microsoft Corporation)
    Microsoft Sync Framework SDK v1.0 SP1 (HKLM-x32\...\{0E3DFC64-CC49-4BE2-8C9C-58EF129675DB}) (Version: 1.0.3010.0 - Microsoft Corporation)
    Microsoft Sync Framework Services v1.0 SP1 (x64) (HKLM\...\{034106B5-54B7-467F-B477-5B7DBB492624}) (Version: 1.0.3010.0 - Microsoft Corporation)
    Microsoft Sync Services for ADO.NET v2.0 SP1 (x64) (HKLM\...\{1D1CEEF8-3741-45BD-8E77-963E1DEBDDD3}) (Version: 2.0.3010.0 - Microsoft Corporation)
    Microsoft System CLR Types for SQL Server 2012 (HKLM-x32\...\{070C38AC-05CE-43DF-9A20-141332F6AB2B}) (Version: 11.1.3366.16 - Microsoft Corporation)
    Microsoft System CLR Types for SQL Server 2012 (x64) (HKLM\...\{05FF8209-C4F1-4C77-BC28-791653156D20}) (Version: 11.1.3366.16 - Microsoft Corporation)
    Microsoft System CLR Types for SQL Server 2014 (HKLM\...\{8C06D6DB-A391-4686-B050-99CC522A7843}) (Version: 12.0.2000.8 - Microsoft Corporation)
    Microsoft System CLR Types for SQL Server 2014 (HKLM-x32\...\{4AEB505C-95E1-4964-9B64-8D27F3186D30}) (Version: 12.0.2000.8 - Microsoft Corporation)
    Microsoft Team Foundation Server 2010 Object Model - ENU (HKLM\...\Microsoft Team Foundation Server 2010 Object Model - ENU) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Update Health Tools (HKLM\...\{99FAF70F-9B61-4AB0-9EC0-B31F98FFDC4A}) (Version: 2.75.0.0 - Microsoft Corporation)
    Microsoft Visual Basic 2008 Step by Step (HKLM-x32\...\{2680ED27-5D5B-4994-A505-16D8ADE006C0}) (Version: 2.00.10 - Microsoft Press)
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
    Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM-x32\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Designtime - 10.0.30319 (HKLM\...\{F5079164-1DB9-3BDA-853B-F78AF67CE071}) (Version: 10.0.30319 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Runtime - 10.0.40219 (HKLM\...\{1C7C8AAF-A16D-32E8-89E5-F6D165DE0BCE}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Runtime - 10.0.40219 (HKLM-x32\...\{5D9ED403-94DE-3BA0-B1D6-71F4BDA412E6}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
    Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.20.27508 (HKLM-x32\...\{7b178cda-9740-4701-a92a-f168d213b343}) (Version: 14.20.27508.1 - Microsoft Corporation)
    Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.20.27508 (HKLM-x32\...\{8c3f057e-d6a6-4338-ac6a-f1c795a6577b}) (Version: 14.20.27508.1 - Microsoft Corporation)
    Microsoft Visual F# 2.0 Runtime (HKLM-x32\...\{85467CBC-7A39-33C9-8940-D72D9269B84F}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual Studio 2008 Professional Edition - ENU (HKLM-x32\...\Microsoft Visual Studio 2008 Professional Edition - ENU) (Version: - Microsoft Corporation)
    Microsoft Visual Studio 2008 Professional Edition - ENU Service Pack 1 (KB945140) (HKLM-x32\...\{D7DAD1E4-45F4-3B2B-899A-EA728167EC4F}.KB945140) (Version: 1 - Microsoft Corporation)
    Microsoft Visual Studio 2008 Remote Debugger - ENU (HKLM\...\Microsoft Visual Studio 2008 Remote Debugger - ENU) (Version: - Microsoft Corporation)
    Microsoft Visual Studio 2008 Remote Debugger - ENU Service Pack 1 (KB945140) (HKLM-x32\...\{64D5BBC6-5270-3711-AA39-31C1087AF4E6}.KB945140) (Version: 1 - Microsoft Corporation)
    Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools (HKLM-x32\...\{14DD7530-CCD2-3798-B37D-3839ED6A441C}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual Studio 2010 IntelliTrace Collection (x64) (HKLM\...\{88BAE373-00F4-3E33-828F-96E89E5E0CB9}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual Studio 2010 Service Pack 1 (HKLM-x32\...\Microsoft Visual Studio 2010 Service Pack 1) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
    Microsoft Visual Studio 2010 Ultimate - ENU (HKLM-x32\...\Microsoft Visual Studio 2010 Ultimate - ENU) (Version: 10.0.30319 - Microsoft Corporation)
    Microsoft Visual Studio 6.0 Enterprise Edition (HKLM-x32\...\Visual Studio 6.0 Enterprise Edition) (Version: - )
    Microsoft Visual Studio Macro Tools (HKLM-x32\...\Microsoft Visual Studio Macro Tools) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual Studio Ultimate 2012 (HKLM-x32\...\{9600393b-6ede-469b-a522-689fce1461d1}) (Version: 11.0.50727.1 - Microsoft Corporation)
    Microsoft Visual Studio Ultimate 2013 with Update 4 (HKLM-x32\...\{dca572ee-b6f6-4560-9879-fec58cc0022c}) (Version: 12.0.31101 - Microsoft Corporation)
    Microsoft Visual Studio Web Authoring Component (HKLM-x32\...\VisualWebDeveloper) (Version: 12.0.4518.1066 - Microsoft Corporation)
    Microsoft Web Deploy 3.5 (HKLM\...\{69A998C5-00A9-42CA-AB4E-C31CFFCD9251}) (Version: 3.1237.1763 - Microsoft Corporation)
    Microsoft Web Deploy dbSqlPackage Provider - enu (HKLM-x32\...\{E4C33F5B-1B2F-466E-957E-B274F08151A0}) (Version: 10.3.20225.0 - Microsoft Corporation)
    Microsoft Web Platform Installer 5.0 (HKLM\...\{4D84C195-86F0-4B34-8FDE-4A17EB41306A}) (Version: 5.0.50430.0 - Microsoft Corporation)
    Microsoft Windows SDK for Visual Studio 2008 .NET Framework Tools - enu (HKLM\...\{29C93182-34F6-3275-A18D-59326851CD57}) (Version: 3.5.21022 - Microsoft Corporation)
    Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries (HKLM\...\{5DE154DF-A55E-4FA5-BE59-32E78FCACF3E}) (Version: 6.1.5288.17011 - Microsoft Corporation)
    Microsoft Windows SDK for Visual Studio 2008 SDK Reference Assemblies and IntelliSense (HKLM\...\{9aa5f39c-a8de-46b0-919a-0248f8bc8490}) (Version: 6.1.5288.17011 - Microsoft Corporation)
    Microsoft Windows SDK for Visual Studio 2008 SP1 Tools (HKLM\...\{62EED300-E841-4083-A1D6-60B906271804}) (Version: 6.1.5294.17011 - Microsoft Corporation)
    Microsoft Windows SDK for Visual Studio 2008 SP1 Win32 Tools (HKLM\...\{A992BBAA-723D-4574-A07F-983BF8FAA3E1}) (Version: 6.1.5294.17011 - Microsoft Corporation)
    Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
    Mozilla Embedded Browser version 18.0.2 (HKLM-x32\...\Mozilla Embedded Browser_is1) (Version: 18.0.2 - NuSphere Corp.)
    Mozilla Embedded Browser version 26.0.0 (HKLM\...\Mozilla Embedded Browser_is1) (Version: 26.0.0 - NuSphere Corp.)
    Mozilla Firefox 86.0.1 (x64 en-US) (HKLM\...\Mozilla Firefox 86.0.1 (x64 en-US)) (Version: 86.0.1 - Mozilla)
    Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 57.0 - Mozilla)
    Mozilla Thunderbird 78.8.1 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 78.8.1 (x86 en-US)) (Version: 78.8.1 - Mozilla)
    MSDN Library - October 2001 (HKLM-x32\...\MSDN Library - October 2001) (Version: - )
    MSDN Library - Visual Studio 6.0a (HKLM-x32\...\Microsoft Developer Network - Visual Studio 6.0a) (Version: - )
    MSDN Library for Visual Studio 2008 - ENU (HKLM-x32\...\{3A762A82-618D-3CAA-B847-D074ABFA0B2E}) (Version: 9.0.21022 - Microsoft) Hidden
    MSDN Library for Visual Studio 2008 - ENU (HKLM-x32\...\MSDN Library for Visual Studio 2008 - ENU) (Version: 9.0 - Microsoft)
    msftedit.dll fix (HKLM-x32\...\WYSIWYG_Web_Builder_11_hotfix) (Version: - )
    MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
    MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
    MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
    Multi-Targeting Pack for Microsoft .NET Framework 4.0.3 (KB2600213) (HKLM-x32\...\{CF7E5677-6897-304F-85E8-1355F5FED7DD}) (Version: 4.0.551 - Microsoft Corporation) Hidden
    Multi-Targeting Pack for Microsoft .NET Framework 4.0.3 (KB2600213) (HKLM-x32\...\Multi-Targeting Pack for Microsoft .NET Framework 4.0.3) (Version: 4.0.551 - Microsoft Corporation)
    Nástroje kontroly pravopisu pro Microsoft Office 2013 – čeština (HKLM-x32\...\{90150000-001F-0405-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)
    Nero 2016 (HKLM-x32\...\{9AFD4E43-C353-40B8-BDC6-6A80F66FA142}) (Version: 17.0.01500 - Nero AG)
    Nero BackItUp 10 (HKLM-x32\...\{68AB6930-5BFF-4FF6-923B-516A91984FE6}) (Version: 5.8.10600.6.100 - Nero AG)
    Nero Burning ROM 10 (HKLM-x32\...\{7A5D731D-B4B3-490E-B339-75685712BAAB}) (Version: 10.6.10700.5.100 - Nero AG)
    Nero BurnRights 10 (HKLM-x32\...\{943CFD7D-5336-47AF-9418-E02473A5A517}) (Version: 4.4.10400.2.100 - Nero AG)
    Nero CoverDesigner 10 (HKLM-x32\...\{FCF00A6E-FB58-477A-ABE9-232907105521}) (Version: 5.6.10600.4.100 - Nero AG)
    Nero DiscSpeed 10 (HKLM-x32\...\{34490F4E-48D0-492E-8249-B48BECF0537C}) (Version: 6.4.10500.1.100 - Nero AG)
    Nero Express 10 (HKLM-x32\...\{70550193-1C22-445C-8FA4-564E155DB1A7}) (Version: 10.6.10800.6.100 - Nero AG)
    Nero Info (HKLM-x32\...\{F030BFE8-8476-4C08-A553-233DE80A2BE1}) (Version: 16.0.2000 - Nero AG)
    Nero InfoTool 10 (HKLM-x32\...\{F412B4AF-388C-4FF5-9B2F-33DB1C536953}) (Version: 7.4.10300.1.100 - Nero AG)
    Nero Multimedia Suite 10 (HKLM-x32\...\{277C1559-4CF7-44FF-8D07-98AA9C13AABD}) (Version: 10.0.13100 - Nero AG)
    Nero Prerequisite Installer 1.0 (HKLM-x32\...\{011E92F1-AF76-4983-8707-79F8F1956439}) (Version: 11.0.11500 - Nero AG)
    Nero Recode 10 (HKLM-x32\...\{8ECEC853-5C3D-4B10-B5C7-FF11FF724807}) (Version: 4.10.10700.5.100 - Nero AG)
    Nero RescueAgent 10 (HKLM-x32\...\{E337E787-CF61-4B7B-B84F-509202A54023}) (Version: 3.6.10500.3.100 - Nero AG)
    Nero SoundTrax 10 (HKLM-x32\...\{E1EE5339-5D32-458F-BAAB-B19F6301BCE2}) (Version: 4.10.10500.4.100 - Nero AG)
    Nero StartSmart 10 (HKLM-x32\...\{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}) (Version: 10.6.10500.3.100 - Nero AG)
    Nero Vision 10 (HKLM-x32\...\{9A4297F3-2A51-4ED9-92CA-4BCB8380947E}) (Version: 7.4.11000.9.100 - Nero AG)
    Nero WaveEditor 10 (HKLM-x32\...\{EDCDFAD5-DF80-4600-A493-E9DAD6810230}) (Version: 5.10.10700.6.100 - Nero AG)
    Nuance PaperPort 12 (HKLM-x32\...\{2A770862-7142-4C77-8117-F933E4110A3F}) (Version: 12.1.0006 - Nuance Communications, Inc.)
    Nuance PDF Viewer Plus (HKLM-x32\...\{28656860-4728-433C-8AD4-D1A930437BC8}) (Version: 5.30.3290 - Nuance Communications, Inc)
    NuSphere PhpED version 16.0 (HKLM\...\NuSphere PhpED_is1) (Version: 16.0 - NuSphere Corp.)
    Open XML SDK 2.5 for Microsoft Office (HKLM-x32\...\{3EA16E23-14D2-466A-8268-D7CD40DC46B6}) (Version: 2.5.5631 - Microsoft Corporation) Hidden
    Outils de vérification linguistique 2013 de Microsoft Office - Français (HKLM-x32\...\{90150000-001F-040C-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
    PaperPort Image Printer 64-bit (HKLM\...\{715CAACC-579B-4831-A5F4-A83A8DE3EFE2}) (Version: 14.00.0000 - Nuance Communications, Inc.)
    PB/Win 9.05 (HKLM-x32\...\PB/Win 9.05) (Version: 9.05 - PowerBASIC, Inc.)
    PerfectIt 3 (HKLM-x32\...\{3AE58A70-C6BE-4136-BAB1-09EED1EBC474}) (Version: 3.0.31 - Intelligent Editing)
    Php Documentor version 2.0 for NuSphere PhpED (HKLM-x32\...\PHP Documentor_is1) (Version: 16.0 - NuSphere Corp.)
    php-4.4.9 for NuSphere PhpED (HKLM-x32\...\PHP_is1) (Version: 13.0 - NuSphere Corp.)
    php-5.2.17 for NuSphere PhpED (HKLM-x32\...\PHP5_is1) (Version: 16.0 - NuSphere Corp.)
    php-5.3.8 for NuSphere PhpED (HKLM-x32\...\PHP53_is1) (Version: 6.2 - NuSphere Corp.)
    php-5.4.42 for NuSphere PhpED (HKLM-x32\...\PHP54_is1) (Version: 16.0 - NuSphere Corp.)
    php-5.5.26 x64 for NuSphere PhpED (HKLM\...\PHP55x64_is1) (Version: 16.0 - NuSphere Corp.)
    Polystyle 2.0zo (trial) for NuSphere PhpED (HKLM-x32\...\POLYSTYLE_is1) (Version: 6.2 - NuSphere Corp.)
    PowerISO (HKLM-x32\...\PowerISO) (Version: 4.7 - PowerISO Computing, Inc.)
    PowreShellIntegration.Notifications (HKLM-x32\...\{ED8DFB38-C87B-42B3-A33E-B20DF935C055}) (Version: 2.5.21003.1603 - Microsoft Corporation) Hidden
    PreEmptive Analytics Visual Studio Components (HKLM-x32\...\{2C76E3DA-BA76-4FAD-B1B1-72B46D639028}) (Version: 1.0.2180.1 - PreEmptive Solutions) Hidden
    PreEmptive Analytics Visual Studio Components (HKLM-x32\...\{943F3FB1-3F9C-4FB7-A4E2-6D53617068C3}) (Version: 1.2.3197.1 - PreEmptive Solutions) Hidden
    Prerequisites for SSDT (HKLM-x32\...\{21373064-AD95-48DB-A32E-0D9E08EF7355}) (Version: 12.0.2000.8 - Microsoft Corporation)
    Prerequisites for SSDT (HKLM-x32\...\{35C1D9D6-87C0-46A3-B1B4-EDBCC063221C}) (Version: 11.1.3000.0 - Microsoft Corporation)
    Python Tools Redirection Template (HKLM-x32\...\{2881CFB4-71F9-40C7-8228-6395117C0EDA}) (Version: 1.3 - Microsoft Corporation) Hidden
    Raptr (HKLM-x32\...\Raptr) (Version: - )
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6699 - Realtek Semiconductor Corp.)
    Release Management for Visual Studio 2013 (HKLM-x32\...\{86B7A089-11F3-41B0-8E90-EB25812B79FA}) (Version: 1.0 - Microsoft Corporation) Hidden
    Resource Builder 3.0.3.25 (HKLM-x32\...\{E01C4F76-D759-4B2D-A617-53188FF290E6}_is1) (Version: 3.0.3.25 - SiComponents)
    Resource Builder 4 4.0.0.14 (HKLM\...\{00472BCC-486B-4DC4-89E4-7C3161E2D09F}_is1) (Version: 4.0.0.14 - SiComponents)
    SciTE4AutoIt3 16.306.1237.0 (HKLM-x32\...\SciTE4AutoIt3) (Version: 16.306.1237.0 - Jos van der Zande)
    SDK de comprobación de Visual Studio 2012 - esn (HKLM-x32\...\{90EF884E-5253-324C-9C11-63C9DA16BF0C}) (Version: 12.0.30501 - Microsoft Corporation) Hidden
    SDL Trados 2019 SR1 - Remove suite of products (HKLM-x32\...\TranslationStudio2019) (Version: 15.1.48878 - SDL)
    SDL Trados Legacy Compatibility Module (HKLM-x32\...\{7F8F4AF6-0CE2-46E9-BA14-C55F19968926}) (Version: 2.1.128 - SDL)
    SDL Trados Studio 2019 SR1 (HKLM-x32\...\{FD155FAD-9D85-48DC-81A0-857FA6C45600}) (Version: 15.1.48730 - SDL)
    SDL WorldServer Components 15.0 (HKLM-x32\...\{47296A40-7216-4068-B82D-EC9A0B5709EE}) (Version: 15.0.48730 - SDL)
    SharePoint Client Components (HKLM\...\{95150002-1163-0409-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
    SharePoint Client Components (HKLM\...\{95160001-1163-0409-1000-0000000FF1CE}) (Version: 16.0.2617.1200 - Microsoft Corporation) Hidden
    Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 14.0 - HP)
    Skype version 8.69 (HKLM-x32\...\Skype_is1) (Version: 8.69 - Skype Technologies S.A.)
    Slack (HKU\S-1-5-21-1192574728-1841427162-4075779397-1000\...\slack) (Version: 4.13.0 - Slack Technologies Inc.)
    Snagit 11 (HKLM-x32\...\{68723B04-57EC-11E1-A6A8-9E2D4824019B}) (Version: 11.1.0 - TechSmith Corporation)
    SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version: - )
    Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.8.68.0 - Safer-Networking Ltd.)
    Spybot Anti-Beacon (HKLM-x32\...\{419A7FCF-93E1-474D-BFE9-987CF3F90C88}_is1) (Version: 3.5 - Safer-Networking Ltd.)
    Stashimi Stub Installer (HKLM-x32\...\{910B539D-F257-46C8-9CB8-6C95EFF9CF22}) (Version: 18.001.1 - Nero AG) Hidden
    StExBar (HKLM\...\{1C062224-6915-420A-B8A0-702A776D2A63}) (Version: 1.11.1 - Stefans Tools)
    StExBar (HKLM\...\{ACD1B392-D2B0-47BE-8454-1FCFE6B93EEF}) (Version: 1.11.1 - Stefans Tools)
    Team Explorer for Microsoft Visual Studio 2013 (HKLM-x32\...\{C9E7751E-88ED-36CF-B610-71A1D262E906}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
    TeamViewer 11 (HKLM-x32\...\TeamViewer) (Version: 11.0.133222 - TeamViewer)
    TechPowerUp GPU-Z (HKLM-x32\...\TechPowerUp GPU-Z) (Version: - TechPowerUp)
    TextPad 8 (HKLM\...\{861AB1C1-1967-4C4A-BF86-C255E2D2B8FD}) (Version: 8.0.1 - Helios)
    ThunderFix 1.0.0.2 (HKLM-x32\...\{52291FC0-33D3-4A18-9587-5115225545D8}_is1) (Version: - )
    TIME TO WIN Millennium Edition (HKLM-x32\...\TIME TO WIN Millennium Edition) (Version: - )
    TortoiseSVN 1.14.0.28885 (64 bit) (HKLM\...\{7FB289B9-BA33-446A-A0E8-9BF59226A631}) (Version: 1.14.28885 - TortoiseSVN)
    TypeScript Power Tool (HKLM-x32\...\{6098D454-CB7B-44C2-8615-D869FD9655C7}) (Version: 1.0.5.0 - Microsoft Corporation) Hidden
    TypeScript Tools for Microsoft Visual Studio 2013 (HKLM-x32\...\{0E4A9B1A-12D2-4827-BE61-44DBD72797FB}) (Version: 1.0.5.0 - Microsoft Corporation) Hidden
    Ultra Defragmenter (HKLM-x32\...\UltraDefrag) (Version: 6.1.0 - UltraDefrag Development Team)
    UltraVnc (HKLM\...\Ultravnc2_is1) (Version: 1.0.9.6 - uvnc bvba)
    UniSuiteFree 1.0 (HKLM\...\{5F944502-5CB4-4108-91EE-5D37EA2F5E1A}) (Version: 1.0 - CyberActiveX)
    UniSuiteLite 1.0 (HKLM\...\{549E3EDD-33FC-4B61-9B25-2E333AEC814D}) (Version: 1.0 - CyberActiveX)
    UniSuitePlus 1.00 (HKLM\...\{41745680-F50F-4176-A746-BA9DA94A3EE0}) (Version: 1.00 - CyberActiveX)
    Update for (KB2504637) (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation)
    Update for Skype for Business 2015 (KB4484289) 32-Bit Edition (HKLM-x32\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{F97B139A-D8BF-46FF-A6F6-50710FED8644}) (Version: - Microsoft)
    Update for Skype for Business 2015 (KB4484289) 32-Bit Edition (HKLM-x32\...\{90150000-002A-0000-1000-0000000FF1CE}_Office15.PROPLUS_{F97B139A-D8BF-46FF-A6F6-50710FED8644}) (Version: - Microsoft)
    Update for Skype for Business 2015 (KB4484289) 32-Bit Edition (HKLM-x32\...\{90150000-012B-0409-0000-0000000FF1CE}_Office15.PROPLUS_{F97B139A-D8BF-46FF-A6F6-50710FED8644}) (Version: - Microsoft)
    Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{32DC821E-4A7D-4878-BEE8-337FA153D7F2}) (Version: 2.63.0.0 - Microsoft Corporation) Hidden
    UpdateAssistant (HKLM\...\{C4BE7550-ECE1-417D-A787-01266DC1F5A6}) (Version: 1.22.0.0 - Microsoft Corporation) Hidden
    Upgrading Microsoft Visual Baisc 6.0 to Microsoft Visual Basic .NET (HKLM-x32\...\{092E79CB-2FC1-404B-A31A-9E2D4D3DC135}) (Version: 1.0.0 - MSDN)
    VB6 shims (HKLM\...\{fbc6500a-a183-415c-9aa5-f67b9c1536a7}.sdb) (Version: - )
    vbAdvance 3.1 (HKLM-x32\...\vbAdvance_is1) (Version: - Young Dynamic Software)
    VC Runtimes MSI (HKLM-x32\...\{FF29527A-44CD-3422-945E-981A13584000}) (Version: 9.0.21022 - Microsoft) Hidden
    Viber (HKLM-x32\...\{E3A96F0B-19F9-4370-9B8D-4F9347D7C583}) (Version: 14.4.1.12 - Viber Media S.a.r.l) Hidden
    Viber (HKU\S-1-5-21-1192574728-1841427162-4075779397-1000\...\{c1321454-1fd8-4474-8979-2a45e12ec15f}) (Version: 14.4.1.12 - 2010-2020 Viber Media S.a.r.l)
    Virtaal 0.6.1 (HKLM-x32\...\Virtaal_is1) (Version: 0.6.1 - Zuza Software Foundation)
    Visual C++ 2008 IA64 Runtime - v9.0.30729.01 (HKLM-x32\...\{22E23C71-C27A-3F30-8849-BB6129E50679}.vc_i64runtime_30729_01) (Version: 9.0.30729.01 - Microsoft Corporation)
    Visual C++ 2008 x64 Runtime - v9.0.30729.01 (HKLM-x32\...\{0DF3AE91-E533-3960-8516-B23737F8B7A2}.vc_x64runtime_30729_01) (Version: 9.0.30729.01 - Microsoft Corporation)
    Visual C++ 2008 x64 Runtime - v9.0.30729.4148 (HKLM-x32\...\{3C11D2DA-6802-3F66-BE6B-B2C046AFE866}.vc_x64runtime_30729_4148) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Visual C++ 2008 x64 Runtime - v9.0.30729.6161 (HKLM-x32\...\{E7E58A3A-D9BD-3D4B-9475-AE757454AD82}.vc_x64runtime_30729_6161) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Visual C++ 2008 x86 Runtime - v9.0.30729.01 (HKLM-x32\...\{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01) (Version: 9.0.30729.01 - Microsoft Corporation)
    Visual C++ 2008 x86 Runtime - v9.0.30729.4148 (HKLM-x32\...\{7B33F480-496D-334A-BAC2-205DEC0CBC2D}.vc_x86runtime_30729_4148) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Visual C++ 2008 x86 Runtime - v9.0.30729.6161 (HKLM-x32\...\{3F8D9A47-9C50-3F46-8F12-B92DD5CA0A2E}.vc_x86runtime_30729_6161) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Visual Studio .NET Prerequisites - English (HKLM\...\{D3E39E77-0EB4-36FB-B97A-8C8AB21B9A45}) (Version: 9.0.30729 - Microsoft Corporation)
    Visual Studio 2005 Tools for Office Second Edition Runtime (HKLM-x32\...\Microsoft Visual Studio 2005 Tools for Office Runtime) (Version: - Microsoft Corporation)
    Visual Studio 2010 Prerequisites - English (HKLM\...\{662014D2-0450-37ED-ABAE-157C88127BEB}) (Version: 10.0.40219 - Microsoft Corporation)
    Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{112C23F2-C036-4D40-BED4-0CB47BF5555C}) (Version: 4.0.8080.0 - Microsoft Corporation)
    Visual Studio 2013 Update 4 (KB2829760) (HKLM-x32\...\{53d408db-eb91-43fb-9d8f-167681c19763}) (Version: 12.0.31101 - Microsoft Corporation)
    Visual Studio Tools for the Office system 3.0 Runtime (HKLM-x32\...\Visual Studio Tools for the Office system 3.0 Runtime) (Version: - Microsoft Corporation)
    Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258) (HKLM-x32\...\{8FB53850-246A-3507-8ADE-0060093FFEA6}.KB949258) (Version: 1 - Microsoft Corporation)
    vivoTV (HKLM-x32\...\vivoTV_is1) (Version: - )
    VLC media player (HKLM\...\VLC media player) (Version: 3.0.12 - VideoLAN)
    VLC media player (HKLM-x32\...\VLC media player) (Version: 3.0.7 - VideoLAN)
    VNC Server 6.0.1 (HKLM\...\{C6C31B05-EAC0-4173-9F4F-2DDF93BA0D34}) (Version: 6.0.1.23971 - RealVNC Ltd)
    VS Update core components (HKLM-x32\...\{9F7DE660-6BFE-3BA2-A93D-4F13BD13E10B}) (Version: 12.0.31101 - Microsoft Corporation) Hidden
    WCF Data Services 5.0 (for OData v3) Primary Components (HKLM-x32\...\{0BCC836F-0B28-4090-B58A-64883BAA3B2F}) (Version: 5.0.50628.0 - Microsoft Corporation) Hidden
    WCF Data Services 5.6.0 Runtime (HKLM-x32\...\{46910786-E4AC-41E4-A4A0-C086EA85242D}) (Version: 5.6.61587.0 - Microsoft Corporation) Hidden
    WCF Data Services Tools for Microsoft Visual Studio 2012 (HKLM-x32\...\{148878BD-A2A5-4CF1-A103-2BA632F41953}) (Version: 5.0.50710.0 - Microsoft Corporation) Hidden
    WCF Data Services Tools for Microsoft Visual Studio 2013 (HKLM-x32\...\{BF3E2194-F89B-44FB-A801-464BF787599F}) (Version: 5.6.61587.0 - Microsoft Corporation) Hidden
    WCF RIA Services V1.0 SP2 (HKLM-x32\...\{5D8DD6A8-C4D7-4554-93F9-F1CC28C72600}) (Version: 4.1.62812.0 - Microsoft Corporation)
    Web Deployment Tool (HKLM\...\{0F37D969-1260-419E-B308-EF7D29ABDE20}) (Version: 1.1.0618 - Microsoft Corporation)
    Workflow Manager Client 1.0 (HKLM\...\{A5ABAF5F-B5B6-44B3-B69F-2E13DC60FC9F}) (Version: 2.0.40131.0 - Microsoft Corporation) Hidden
    Workflow Manager Tools 1.0 for Visual Studio (HKLM\...\{A79F6653-6AF1-4AF2-BC15-F5D6C05E1E6A}) (Version: 2.0.40326.0 - Microsoft Corporation) Hidden
    WYSIWYG Web Builder 10 (HKLM-x32\...\WYSIWYG_Web_Builder_10) (Version: - )
    Xtreme SuitePro ActiveX v15.2.1.0221 (HKLM-x32\...\APP-Codejock.SuitePro.ActiveX.v15.2.1.0221_is1) (Version: 15.2.1.0221 - Codejock Software)
    Xtreme SuitePro ActiveX v15.3.1 (HKLM-x32\...\APP-Codejock.SuitePro.ActiveX.v15.3.1_is1) (Version: 15.3.1 - Codejock Software)
    Xtreme SuitePro ActiveX v16.2.4 (HKLM-x32\...\APP-Codejock.SuitePro.ActiveX.v16.2.4_is1) (Version: 16.2.4 - Codejock Software)
    Xtreme SuitePro ActiveX v16.2.6 (HKLM-x32\...\APP-Codejock.SuitePro.ActiveX.16.2.6_is1) (Version: 16.2.6 - Codejock Software)
    Xtreme SuitePro ActiveX v16.3.0 (HKLM-x32\...\APP-Codejock.SuitePro.ActiveX.16.3.0_is1) (Version: 16.3.0 - Codejock Software)
    Xtreme SuitePro ActiveX v16.3.1 (HKLM-x32\...\APP-Codejock.SuitePro.ActiveX.16.3.1_is1) (Version: 16.3.1 - Codejock Software)
    Xtreme SuitePro ActiveX v16.4.0 (HKLM-x32\...\APP-Codejock.SuitePro.ActiveX.16.4.0_is1) (Version: 16.4.0 - Codejock Software)
    Zoom (HKU\S-1-5-21-1192574728-1841427162-4075779397-1000\...\ZoomUMX) (Version: 5.4.3 (58891.1115) - Zoom Video Communications, Inc.)
    Пакет Visual Studio 2012 Verification SDK - rus (HKLM-x32\...\{977CABC5-7B4B-3AE4-8E1B-56C673C1D638}) (Version: 12.0.30501 - Microsoft Corporation) Hidden

    Packages:
    =========
    HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_122.3.838.0_x64__v10z8vjag6ke6 [2021-02-27] (HP Inc.)
    Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-01-17] (Microsoft Corporation) [MS Ad]
    Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-01-17] (Microsoft Corporation) [MS Ad]
    Paket za lokalni interfejs za bosanski -> C:\Program Files\WindowsApps\Microsoft.LanguageExperiencePackbs-Latn-BA_19041.11.29.0_neutral__8wekyb3d8bbwe [2021-02-13] (Microsoft Corporation)
    Twitter -> C:\Program Files\WindowsApps\9E2F88E3.Twitter_6.1.4.1000_neutral__wgeqdkkx372wm [2018-09-09] (Twitter Inc.)
    WindowsDVDPlayer -> C:\Program Files\WindowsApps\Microsoft.WindowsDVDPlayer_3.6.13291.0_x64__8wekyb3d8bbwe [2021-03-20] (Microsoft Corporation)

    ==================== Custom CLSID (Whitelisted): ==============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    CustomCLSID: HKU\S-1-5-21-1192574728-1841427162-4075779397-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Joakim\AppData\Roaming\Dropbox\bin\Dropbox.exe /autoplay => No File
    CustomCLSID: HKU\S-1-5-21-1192574728-1841427162-4075779397-1000_Classes\CLSID\{213218C6-D5EC-37E5-B4F1-C10B0E699671}\InprocServer32 -> C:\Users\Joakim\AppData\Roaming\Intelligent Editing\PerfectIt 3\PerfectIt 3.DLL (Intelligent Editing -> Intelligent Editing)
    CustomCLSID: HKU\S-1-5-21-1192574728-1841427162-4075779397-1000_Classes\CLSID\{5A9E21A2-851A-4BEB-B16F-DBBE7D648AF9}\InprocServer32 -> C:\Program Files\TextPad 8\System\ShellExt64.dll (Helios Software Solutions Ltd -> )
    CustomCLSID: HKU\S-1-5-21-1192574728-1841427162-4075779397-1000_Classes\CLSID\{5B61B9F7-FB51-370C-8A8D-DFB0022B1C4F}\InprocServer32 -> C:\Users\Joakim\AppData\Roaming\Intelligent Editing\PerfectIt 3\PerfectIt 3.DLL (Intelligent Editing -> Intelligent Editing)
    CustomCLSID: HKU\S-1-5-21-1192574728-1841427162-4075779397-1000_Classes\CLSID\{740755A7-1F3C-3731-81C3-FE28F7CD760A}\InprocServer32 -> C:\Users\Joakim\AppData\Roaming\Intelligent Editing\PerfectIt 3\PerfectIt 3.DLL (Intelligent Editing -> Intelligent Editing)
    CustomCLSID: HKU\S-1-5-21-1192574728-1841427162-4075779397-1000_Classes\CLSID\{8A791F0C-C63C-4EC5-B97F-FBCE74EDBC54}\InprocServer32 -> C:\Program Files\TextPad 7\System\shellext64.dll => No File
    CustomCLSID: HKU\S-1-5-21-1192574728-1841427162-4075779397-1000_Classes\CLSID\{A0DFA63D-1559-389A-A0B8-97A72E73FE93}\InprocServer32 -> C:\Users\Joakim\AppData\Roaming\Intelligent Editing\PerfectIt 3\PerfectIt 3.DLL (Intelligent Editing -> Intelligent Editing)
    CustomCLSID: HKU\S-1-5-21-1192574728-1841427162-4075779397-1000_Classes\CLSID\{AE8D2568-9E18-392D-8E45-BA2E9FED732D}\InprocServer32 -> C:\Users\Joakim\AppData\Roaming\Intelligent Editing\PerfectIt 3\PerfectIt 3.DLL (Intelligent Editing -> Intelligent Editing)
    CustomCLSID: HKU\S-1-5-21-1192574728-1841427162-4075779397-1000_Classes\CLSID\{B09F620D-6094-3E2C-884F-9877DBF3CB92}\InprocServer32 -> C:\Users\Joakim\AppData\Roaming\Intelligent Editing\PerfectIt 3\PerfectIt 3.DLL (Intelligent Editing -> Intelligent Editing)
    CustomCLSID: HKU\S-1-5-21-1192574728-1841427162-4075779397-1000_Classes\CLSID\{B65CAD9D-F572-4BD9-9FF1-CBE8AF9FB67D}\InprocServer32 -> C:\Users\Joakim\AppData\Roaming\Intelligent Editing\PerfectIt 3\adxloader64.dll () [File not signed]
    CustomCLSID: HKU\S-1-5-21-1192574728-1841427162-4075779397-1000_Classes\CLSID\{C3D2FD77-92B5-3482-871D-91FD59968632}\InprocServer32 -> C:\Users\Joakim\AppData\Roaming\Intelligent Editing\PerfectIt 3\PerfectIt 3.DLL (Intelligent Editing -> Intelligent Editing)
    CustomCLSID: HKU\S-1-5-21-1192574728-1841427162-4075779397-1000_Classes\CLSID\{C5894223-5F98-3D9A-9D0E-3F4E8BAB5FEA}\InprocServer32 -> C:\Users\Joakim\AppData\Roaming\Intelligent Editing\PerfectIt 3\PerfectIt 3.DLL (Intelligent Editing -> Intelligent Editing)
    CustomCLSID: HKU\S-1-5-21-1192574728-1841427162-4075779397-1000_Classes\CLSID\{CA97C009-FE21-3CDC-82A2-96CC5982A1BE}\InprocServer32 -> C:\Users\Joakim\AppData\Roaming\Intelligent Editing\PerfectIt 3\PerfectIt 3.DLL (Intelligent Editing -> Intelligent Editing)
    CustomCLSID: HKU\S-1-5-21-1192574728-1841427162-4075779397-1000_Classes\CLSID\{E1A118D7-AE45-3DA8-B340-4AE00F3A5B02}\InprocServer32 -> C:\Users\Joakim\AppData\Roaming\Intelligent Editing\PerfectIt 3\PerfectIt 3.DLL (Intelligent Editing -> Intelligent Editing)
    ShellIconOverlayIdentifiers: [ Tortoise1Normal] -> {C5994560-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (Open Source Developer, Stefan KUENG -> hxxp://tortoisesvn.net)
    ShellIconOverlayIdentifiers: [ Tortoise2Modified] -> {C5994561-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (Open Source Developer, Stefan KUENG -> hxxp://tortoisesvn.net)
    ShellIconOverlayIdentifiers: [ Tortoise3Conflict] -> {C5994562-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (Open Source Developer, Stefan KUENG -> hxxp://tortoisesvn.net)
    ShellIconOverlayIdentifiers: [ Tortoise4Locked] -> {C5994563-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (Open Source Developer, Stefan KUENG -> hxxp://tortoisesvn.net)
    ShellIconOverlayIdentifiers: [ Tortoise5ReadOnly] -> {C5994564-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (Open Source Developer, Stefan KUENG -> hxxp://tortoisesvn.net)
    ShellIconOverlayIdentifiers: [ Tortoise6Deleted] -> {C5994565-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (Open Source Developer, Stefan KUENG -> hxxp://tortoisesvn.net)
    ShellIconOverlayIdentifiers: [ Tortoise7Added] -> {C5994566-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (Open Source Developer, Stefan KUENG -> hxxp://tortoisesvn.net)
    ShellIconOverlayIdentifiers: [ Tortoise8Ignored] -> {C5994567-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (Open Source Developer, Stefan KUENG -> hxxp://tortoisesvn.net)
    ShellIconOverlayIdentifiers: [ Tortoise9Unversioned] -> {C5994568-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (Open Source Developer, Stefan KUENG -> hxxp://tortoisesvn.net)
    ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
    ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2017-08-13] (Ivaylo Beltchev -> IvoSoft) [File not signed]
    ShellIconOverlayIdentifiers-x32: [ Tortoise1Normal] -> {C5994560-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (Open Source Developer, Stefan KUENG -> hxxp://tortoisesvn.net)
    ShellIconOverlayIdentifiers-x32: [ Tortoise2Modified] -> {C5994561-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (Open Source Developer, Stefan KUENG -> hxxp://tortoisesvn.net)
    ShellIconOverlayIdentifiers-x32: [ Tortoise3Conflict] -> {C5994562-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (Open Source Developer, Stefan KUENG -> hxxp://tortoisesvn.net)
    ShellIconOverlayIdentifiers-x32: [ Tortoise4Locked] -> {C5994563-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (Open Source Developer, Stefan KUENG -> hxxp://tortoisesvn.net)
    ShellIconOverlayIdentifiers-x32: [ Tortoise5ReadOnly] -> {C5994564-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (Open Source Developer, Stefan KUENG -> hxxp://tortoisesvn.net)
    ShellIconOverlayIdentifiers-x32: [ Tortoise6Deleted] -> {C5994565-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (Open Source Developer, Stefan KUENG -> hxxp://tortoisesvn.net)
    ShellIconOverlayIdentifiers-x32: [ Tortoise7Added] -> {C5994566-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (Open Source Developer, Stefan KUENG -> hxxp://tortoisesvn.net)
    ShellIconOverlayIdentifiers-x32: [ Tortoise8Ignored] -> {C5994567-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (Open Source Developer, Stefan KUENG -> hxxp://tortoisesvn.net)
    ShellIconOverlayIdentifiers-x32: [ Tortoise9Unversioned] -> {C5994568-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (Open Source Developer, Stefan KUENG -> hxxp://tortoisesvn.net)
    ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2017-08-13] (Ivaylo Beltchev -> IvoSoft) [File not signed]
    ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2017-04-29] (Igor Pavlov) [File not signed]
    ContextMenuHandlers1: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat Elements\ContextMenuShim64.dll [2012-09-23] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
    ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files (x86)\Notepad++\NppShell_06.dll [2020-11-02] (Notepad++ -> )
    ContextMenuHandlers1: [CirrusShellEx] -> {57FA2D12-D22D-490A-805A-5CB48E84F12A} => C:\Program Files\Beyond Compare 4\BCShellEx64.dll [2020-09-24] (Scooter Software Inc -> Scooter Software)
    ContextMenuHandlers1-x32: [CnvShell] -> {A118FEA0-1D1B-4165-BC37-88F95B250E7A} => C:\Windows\SysWow64\cnvshell.dll [2009-02-06] (fCoder Group International) [File not signed]
    ContextMenuHandlers1: [Notepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files (x86)\Notepad++\NppShell_06.dll [2020-11-02] (Notepad++ -> )
    ContextMenuHandlers1: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\Program Files (x86)\PowerISO\PWRISOSH.DLL [2010-04-23] (PowerISO Computing, Inc.) [File not signed]
    ContextMenuHandlers1: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2019-04-15] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
    ContextMenuHandlers1: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2019-04-15] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
    ContextMenuHandlers1: [SnagItMainShellExt] -> {CF74B903-3389-469c-B3B6-0204D204FCBD} => C:\Program Files (x86)\TechSmith\Snagit 11\DLLx64\SnagitShellExt64.dll [2012-09-07] (TechSmith Corporation -> TechSmith Corporation)
    ContextMenuHandlers1: [StExBar] -> {6c7a85a7-27c6-49ce-98b2-a8479b0dd63d} => C:\Program Files\StExBar\StExBar.dll [2021-01-15] (Open Source Developer, Stefan KUENG -> hxxps://tools.stefankueng.com)
    ContextMenuHandlers1: [TortoiseSVN] -> {30351349-7B7D-4FCC-81B4-1E394CA267EB} => C:\Program Files\TortoiseSVN\bin\TortoiseStub.dll [2020-05-24] (Open Source Developer, Stefan KUENG -> hxxps://tortoisesvn.net)
    ContextMenuHandlers1-x32: [TranslationStudioShlExt2011] -> {F6C08E19-DCE1-45B5-A225-E94FADB585DD} => C:\Program Files (x86)\SDL\SDL Trados Studio\Studio15\TranslationStudioExt.dll [2019-02-04] (TODO: <Company name>) [File not signed]
    ContextMenuHandlers2: [StExBar] -> {6c7a85a7-27c6-49ce-98b2-a8479b0dd63d} => C:\Program Files\StExBar\StExBar.dll [2021-01-15] (Open Source Developer, Stefan KUENG -> hxxps://tools.stefankueng.com)
    ContextMenuHandlers2: [TortoiseSVN] -> {30351349-7B7D-4FCC-81B4-1E394CA267EB} => C:\Program Files\TortoiseSVN\bin\TortoiseStub.dll [2020-05-24] (Open Source Developer, Stefan KUENG -> hxxps://tortoisesvn.net)
    ContextMenuHandlers2-x32: [VMDiskMenuHandler] -> {271DC252-6FE1-4D59-9053-E4CF50AB99DE} => C:\Program Files (x86)\VMware\VMware Workstation\vmdkShellExt.dll [2019-09-16] (VMware, Inc. -> VMware, Inc.)
    ContextMenuHandlers2: [VMDiskMenuHandler64] -> {E4D28EDC-8C0B-43EE-9E7D-C8A8682334DC} => C:\Program Files (x86)\VMware\VMware Workstation\x64\vmdkShellExt64.dll [2019-09-16] (VMware, Inc. -> VMware, Inc.)
    ContextMenuHandlers3: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
    ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamext.dll [2012-12-14] (Malwarebytes Corporation -> Malwarebytes Corporation) [File not signed]
    ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2017-04-29] (Igor Pavlov) [File not signed]
    ContextMenuHandlers4: [CirrusShellEx] -> {57FA2D12-D22D-490A-805A-5CB48E84F12A} => C:\Program Files\Beyond Compare 4\BCShellEx64.dll [2020-09-24] (Scooter Software Inc -> Scooter Software)
    ContextMenuHandlers4: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\Program Files (x86)\PowerISO\PWRISOSH.DLL [2010-04-23] (PowerISO Computing, Inc.) [File not signed]
    ContextMenuHandlers4: [SnagItMainShellExt] -> {CF74B903-3389-469c-B3B6-0204D204FCBD} => C:\Program Files (x86)\TechSmith\Snagit 11\DLLx64\SnagitShellExt64.dll [2012-09-07] (TechSmith Corporation -> TechSmith Corporation)
    ContextMenuHandlers4: [StExBar] -> {6c7a85a7-27c6-49ce-98b2-a8479b0dd63d} => C:\Program Files\StExBar\StExBar.dll [2021-01-15] (Open Source Developer, Stefan KUENG -> hxxps://tools.stefankueng.com)
    ContextMenuHandlers4: [TortoiseSVN] -> {30351349-7B7D-4FCC-81B4-1E394CA267EB} => C:\Program Files\TortoiseSVN\bin\TortoiseStub.dll [2020-05-24] (Open Source Developer, Stefan KUENG -> hxxps://tortoisesvn.net)
    ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atiacm64.dll [2015-11-04] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
    ContextMenuHandlers5: [Gadgets] -> {6B9228DA-9C15-419e-856C-19E768A13BDC} => -> No File
    ContextMenuHandlers5: [StExBar] -> {6c7a85a7-27c6-49ce-98b2-a8479b0dd63d} => C:\Program Files\StExBar\StExBar.dll [2021-01-15] (Open Source Developer, Stefan KUENG -> hxxps://tools.stefankueng.com)
    ContextMenuHandlers5: [TortoiseSVN] -> {30351349-7B7D-4FCC-81B4-1E394CA267EB} => C:\Program Files\TortoiseSVN\bin\TortoiseStub.dll [2020-05-24] (Open Source Developer, Stefan KUENG -> hxxps://tortoisesvn.net)
    ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2017-04-29] (Igor Pavlov) [File not signed]
    ContextMenuHandlers6: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat Elements\ContextMenuShim64.dll [2012-09-23] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
    ContextMenuHandlers6: [CirrusShellEx] -> {57FA2D12-D22D-490A-805A-5CB48E84F12A} => C:\Program Files\Beyond Compare 4\BCShellEx64.dll [2020-09-24] (Scooter Software Inc -> Scooter Software)
    ContextMenuHandlers6-x32: [CnvShell] -> {A118FEA0-1D1B-4165-BC37-88F95B250E7A} => C:\Windows\SysWow64\cnvshell.dll [2009-02-06] (fCoder Group International) [File not signed]
    ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamext.dll [2012-12-14] (Malwarebytes Corporation -> Malwarebytes Corporation) [File not signed]
    ContextMenuHandlers6: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\Program Files (x86)\PowerISO\PWRISOSH.DLL [2010-04-23] (PowerISO Computing, Inc.) [File not signed]
    ContextMenuHandlers6: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2019-04-15] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
    ContextMenuHandlers6: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2019-04-15] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
    ContextMenuHandlers6: [StartMenuExt] -> {E595F05F-903F-4318-8B0A-7F633B520D2B} => C:\WINDOWS\System32\StartMenuHelper64.dll [2017-08-13] (Ivaylo Beltchev -> IvoSoft) [File not signed]
    ContextMenuHandlers6: [StExBar] -> {6c7a85a7-27c6-49ce-98b2-a8479b0dd63d} => C:\Program Files\StExBar\StExBar.dll [2021-01-15] (Open Source Developer, Stefan KUENG -> hxxps://tools.stefankueng.com)
    ContextMenuHandlers6: [TortoiseSVN] -> {30351349-7B7D-4FCC-81B4-1E394CA267EB} => C:\Program Files\TortoiseSVN\bin\TortoiseStub.dll [2020-05-24] (Open Source Developer, Stefan KUENG -> hxxps://tortoisesvn.net)
    ContextMenuHandlers1_S-1-5-21-1192574728-1841427162-4075779397-1000: [TextPad8] -> {5A9E21A2-851A-4BEB-B16F-DBBE7D648AF9} => C:\Program Files\TextPad 8\System\ShellExt64.dll [2016-01-17] (Helios Software Solutions Ltd -> )

    ==================== Codecs (Whitelisted) ====================

    ==================== Shortcuts & WMI ========================

    ==================== Loaded Modules (Whitelisted) =============

    2014-10-26 20:31 - 2010-06-29 09:58 - 000104448 _____ () [File not signed] C:\Program Files (x86)\ASUS\AXSP\1.00.19\ATKEX.dll
    2014-10-26 20:31 - 2021-03-22 20:33 - 000039936 _____ () [File not signed] C:\Program Files (x86)\ASUS\AXSP\1.00.19\PEbiosinterface32.dll
    2020-03-07 22:47 - 2019-08-15 18:13 - 001265664 _____ () [File not signed] C:\Program Files (x86)\DisplayFusion\runtimes\win-x64\native\e_sqlite3.dll
    2018-01-24 22:07 - 2005-04-22 05:36 - 000143360 _____ () [File not signed] C:\WINDOWS\system32\BrSNMP64.dll
    2014-10-26 20:31 - 2010-08-09 20:33 - 000108544 _____ (ASUS) [File not signed] C:\Program Files (x86)\ASUS\AAHM\1.00.20\ASACPI.DLL
    2014-10-26 20:34 - 2010-10-26 17:54 - 000108544 _____ (ASUS) [File not signed] C:\Program Files (x86)\ASUS\AsusFanControlService\1.01.08\AsAcpi.dll
    2018-01-24 22:07 - 2012-07-14 09:53 - 000087040 _____ (Brother Industries, Ltd.) [File not signed] C:\WINDOWS\system32\BrNetSti.dll
    2010-10-22 12:08 - 2010-10-22 12:08 - 001039360 _____ (Hewlett-Packard Co.) [File not signed] c:\program files (x86)\hp\digital imaging\bin\hpslpsvc64.dll
    2010-09-14 13:11 - 2008-08-12 09:58 - 000131072 _____ (Hewlett-Packard Company) [File not signed] C:\WINDOWS\System32\hpf3l082.dll
    2010-09-14 13:16 - 2008-08-12 09:58 - 000254976 _____ (Hewlett-Packard Corporation) [File not signed] C:\WINDOWS\system32\spool\PRTPROCS\x64\hpfpp082.dll
    2011-04-13 16:08 - 2011-04-13 16:08 - 000050688 _____ (Hewlett-Packard) [File not signed] c:\windows\system32\hpzinw12.dll
    2011-04-13 16:08 - 2011-04-13 16:08 - 000066048 _____ (Hewlett-Packard) [File not signed] c:\windows\system32\hpzipm12.dll
    2012-09-07 15:30 - 2012-09-07 15:30 - 000480256 _____ (hxxp://hunspell.sourceforge.net/) [File not signed] C:\Program Files (x86)\TechSmith\Snagit 11\libhunspell.dll
    2017-04-29 11:55 - 2017-04-29 11:55 - 000075776 _____ (Igor Pavlov) [File not signed] C:\Program Files\7-Zip\7-zip.dll
    2017-08-13 08:49 - 2017-08-13 08:49 - 000885560 _____ (Ivaylo Beltchev -> IvoSoft) [File not signed] C:\Program Files\Classic Shell\ClassicExplorer64.dll
    2017-08-13 08:49 - 2017-08-13 08:49 - 003664184 _____ (Ivaylo Beltchev -> IvoSoft) [File not signed] C:\Program Files\Classic Shell\ClassicStartMenuDLL.dll
    2017-08-13 08:49 - 2017-08-13 08:49 - 000291128 _____ (Ivaylo Beltchev -> IvoSoft) [File not signed] C:\WINDOWS\System32\StartMenuHelper64.dll
    2012-09-07 15:30 - 2012-09-07 15:30 - 000066192 ____R (LEAD Technologies, Inc -> LEAD Technologies, Inc.) [File not signed] C:\Program Files (x86)\TechSmith\Snagit 11\LFJbg15U.DLL
    2012-09-07 15:30 - 2012-09-07 15:30 - 000126096 ____R (LEAD Technologies, Inc -> LEAD Technologies, Inc.) [File not signed] C:\Program Files (x86)\TechSmith\Snagit 11\LFPng15U.DLL
    2012-09-07 15:30 - 2012-09-07 15:30 - 000212112 _____ (LEAD Technologies, Inc -> LEAD Technologies, Inc.) [File not signed] C:\Program Files (x86)\TechSmith\Snagit 11\Ltimgclr15u.dll
    2012-09-07 15:30 - 2012-09-07 15:30 - 000208016 _____ (LEAD Technologies, Inc -> LEAD Technologies, Inc.) [File not signed] C:\Program Files (x86)\TechSmith\Snagit 11\Ltimgefx15u.dll
    2012-09-07 15:30 - 2012-09-07 15:30 - 000134288 _____ (LEAD Technologies, Inc -> LEAD Technologies, Inc.) [File not signed] C:\Program Files (x86)\TechSmith\Snagit 11\Ltimgutl15u.dll
    2012-09-07 15:30 - 2012-09-07 15:30 - 000122000 _____ (LEAD Technologies, Inc -> LEAD Technologies, Inc.) [File not signed] C:\Program Files (x86)\TechSmith\Snagit 11\Lttwn15u.dll
    2013-03-02 21:18 - 2012-12-14 15:49 - 000508264 _____ (Malwarebytes Corporation -> Malwarebytes Corporation) [File not signed] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.dll
    2013-03-02 21:18 - 2012-12-14 16:49 - 000093544 _____ (Malwarebytes Corporation -> Malwarebytes Corporation) [File not signed] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamext.dll
    2013-03-02 21:18 - 2012-12-14 15:49 - 002171240 _____ (Malwarebytes Corporation -> Malwarebytes Corporation) [File not signed] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamnet.dll
    2010-04-23 01:56 - 2010-04-23 01:56 - 000221696 _____ (PowerISO Computing, Inc.) [File not signed] C:\Program Files (x86)\PowerISO\PWRISOSH.DLL
    2012-09-07 15:30 - 2012-09-07 15:30 - 000165888 _____ (TechSmith Corporation) [File not signed] C:\Program Files (x86)\TechSmith\Snagit 11\TSCREC3.dll

    ==================== Alternate Data Streams (Whitelisted) ========

    (If an entry is included in the fixlist, only the ADS will be removed.)

    AlternateDataStreams: C:\ProgramData\TEMP:C8B8CEBD [132]

    ==================== Safe Mode (Whitelisted) ==================

    ==================== Association (Whitelisted) =================

    ==================== Internet Explorer (Whitelisted) ==========

    HKU\S-1-5-21-1192574728-1841427162-4075779397-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.astrocalc.com/
    HKU\S-1-5-21-1192574728-1841427162-4075779397-1011\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.astrocalc.com/
    HKU\S-1-5-21-1192574728-1841427162-4075779397-1011\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://uk.msn.com/?ocid=iehp
    HKU\S-1-5-21-1192574728-1841427162-4075779397-1013\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.astrocalc.com/
    HKU\S-1-5-21-1192574728-1841427162-4075779397-1013\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://uk.msn.com/?ocid=iehp
    SearchScopes: HKU\S-1-5-21-1192574728-1841427162-4075779397-1000 -> {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL =
    SearchScopes: HKU\S-1-5-21-1192574728-1841427162-4075779397-1000 -> {C0C3A6C6-03BC-4195-8FCB-AEA091301353} URL = hxxps://search.yahoo.com/yhs/search?hspart=lvs&hsimp=yhs-awc&type=lvs__webcompa__1_0__ya__ch_WCYID10420__180524__yaie&p={searchTerms}
    SearchScopes: HKU\S-1-5-21-1192574728-1841427162-4075779397-1011 -> {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL =
    SearchScopes: HKU\S-1-5-21-1192574728-1841427162-4075779397-1013 -> {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL =
    BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2020-04-14] (Microsoft Corporation -> Microsoft Corporation)
    BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll [2017-08-13] (Ivaylo Beltchev -> IvoSoft) [File not signed]
    BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2014-05-08] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
    BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2018-05-15] (Microsoft Corporation -> Microsoft Corporation)
    BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll [2017-08-13] (Ivaylo Beltchev -> IvoSoft) [File not signed]
    BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2014-05-08] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
    BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2010-05-28] (Hewlett-Packard Company -> Hewlett-Packard Co.)
    BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2020-04-14] (Microsoft Corporation -> Microsoft Corporation)
    BHO-x32: Microsoft Web Test Recorder 12.0 Helper -> {432dd630-7e03-4c97-9d62-b99f52df4fc2} -> C:\Program Files (x86)\Microsoft Visual Studio 12.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll [2013-10-05] (Microsoft Corporation -> Microsoft Corporation)
    BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll [2017-08-13] (Ivaylo Beltchev -> IvoSoft) [File not signed]
    BHO-x32: PlusIEEventHelper Class -> {551A852F-39A6-44A7-9C13-AFBEC9185A9D} -> C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll [2009-02-06] (Zeon Corporation) [File not signed]
    BHO-x32: Search Helper -> {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} -> C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2010-05-14] (Microsoft Corporation -> Microsoft Corporation)
    BHO-x32: Microsoft Web Test Recorder 10.0 Helper -> {876d9f09-c6d6-4324-a2cc-04dd9a4de12f} -> C:\Program Files (x86)\Microsoft Visual Studio 11.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll [2012-07-26] (Microsoft Corporation -> Microsoft Corporation)
    BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2014-05-08] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
    BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2018-05-15] (Microsoft Corporation -> Microsoft Corporation)
    BHO-x32: Microsoft Web Test Recorder 10.0 Helper -> {DDA57003-0068-4ed2-9D32-4D1EC707D94D} -> c:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll [2010-03-19] (Microsoft Corporation -> Microsoft Corporation)
    BHO-x32: FlashFXP Helper for Internet Explorer -> {E5A1691B-D188-4419-AD02-90002030B8EE} -> C:\Program Files (x86)\FlashFXP\IEFlash.dll [2007-05-16] (IniCom Networks, Inc. -> IniCom Networks, Inc.)
    BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll [2017-08-13] (Ivaylo Beltchev -> IvoSoft) [File not signed]
    BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2014-05-08] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
    BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2010-05-28] (Hewlett-Packard Company -> Hewlett-Packard Co.)
    Toolbar: HKLM - NuSphere Debugger ToolBar - {0F62D223-9206-4EA3-9EA8-D0F3C7C82ACA} - C:\Program Files\NuSphere\PhpED\NuSphereIEBar64.dll [2015-07-30] (Nusphere -> )
    Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2014-05-08] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
    Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll [2017-08-13] (Ivaylo Beltchev -> IvoSoft) [File not signed]
    Toolbar: HKLM - StExBar - {6c7a85a7-27c6-49ce-98b2-a8479b0dd63d} - C:\Program Files\StExBar\StExBar.dll [2021-01-15] (Open Source Developer, Stefan KUENG -> hxxps://tools.stefankueng.com)
    Toolbar: HKLM-x32 - NuSphere Debugger ToolBar - {0F62D223-9206-4EA3-9EA8-D0F3C7C82ACA} - C:\Program Files\NuSphere\PhpED\NuSphereIEBar.dll [2015-07-30] (Nusphere -> )
    Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2014-05-08] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
    Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll [2017-08-13] (Ivaylo Beltchev -> IvoSoft) [File not signed]
    Toolbar: HKU\S-1-5-21-1192574728-1841427162-4075779397-1000 -> No Name - {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File
    Toolbar: HKU\S-1-5-21-1192574728-1841427162-4075779397-1000 -> Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2014-05-08] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
    Toolbar: HKU\S-1-5-21-1192574728-1841427162-4075779397-1000 -> StExBar - {6C7A85A7-27C6-49CE-98B2-A8479B0DD63D} - C:\Program Files\StExBar\StExBar.dll [2021-01-15] (Open Source Developer, Stefan KUENG -> hxxps://tools.stefankueng.com)
    Toolbar: HKU\S-1-5-21-1192574728-1841427162-4075779397-1011 -> No Name - {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File
    Toolbar: HKU\S-1-5-21-1192574728-1841427162-4075779397-1011 -> No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
    Toolbar: HKU\S-1-5-21-1192574728-1841427162-4075779397-1011 -> Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2014-05-08] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
    Toolbar: HKU\S-1-5-21-1192574728-1841427162-4075779397-1011 -> StExBar - {6C7A85A7-27C6-49CE-98B2-A8479B0DD63D} - C:\Program Files\StExBar\StExBar.dll [2021-01-15] (Open Source Developer, Stefan KUENG -> hxxps://tools.stefankueng.com)
    Toolbar: HKU\S-1-5-21-1192574728-1841427162-4075779397-1013 -> No Name - {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File
    Toolbar: HKU\S-1-5-21-1192574728-1841427162-4075779397-1013 -> No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
    Toolbar: HKU\S-1-5-21-1192574728-1841427162-4075779397-1013 -> Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2014-05-08] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
    Toolbar: HKU\S-1-5-21-1192574728-1841427162-4075779397-1013 -> StExBar - {6C7A85A7-27C6-49CE-98B2-A8479B0DD63D} - C:\Program Files\StExBar\StExBar.dll [2021-01-15] (Open Source Developer, Stefan KUENG -> hxxps://tools.stefankueng.com)
    DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - No File

    (If an entry is included in the fixlist, it will be removed from the registry.)

    IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
    IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
    IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
    IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
    IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
    IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
    IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
    IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
    IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
    IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
    IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
    IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
    IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
    IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
    IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
    IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
    IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
    IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
    IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
    IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

    There are 7942 more sites.

    IE trusted site: HKU\S-1-5-21-1192574728-1841427162-4075779397-1000\...\localhost -> localhost
    IE trusted site: HKU\S-1-5-21-1192574728-1841427162-4075779397-1000\...\webcompanion.com -> hxxp://webcompanion.com
    IE restricted site: HKU\S-1-5-21-1192574728-1841427162-4075779397-1000\...\007guard.com -> install.007guard.com
    IE restricted site: HKU\S-1-5-21-1192574728-1841427162-4075779397-1000\...\008i.com -> 008i.com
    IE restricted site: HKU\S-1-5-21-1192574728-1841427162-4075779397-1000\...\008k.com -> www.008k.com
    IE restricted site: HKU\S-1-5-21-1192574728-1841427162-4075779397-1000\...\00hq.com -> www.00hq.com
    IE restricted site: HKU\S-1-5-21-1192574728-1841427162-4075779397-1000\...\010402.com -> 010402.com
    IE restricted site: HKU\S-1-5-21-1192574728-1841427162-4075779397-1000\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
    IE restricted site: HKU\S-1-5-21-1192574728-1841427162-4075779397-1000\...\0scan.com -> www.0scan.com
    IE restricted site: HKU\S-1-5-21-1192574728-1841427162-4075779397-1000\...\1-2005-search.com -> www.1-2005-search.com
    IE restricted site: HKU\S-1-5-21-1192574728-1841427162-4075779397-1000\...\1-domains-registrations.com -> www.1-domains-registrations.com
    IE restricted site: HKU\S-1-5-21-1192574728-1841427162-4075779397-1000\...\1000gratisproben.com -> www.1000gratisproben.com
    IE restricted site: HKU\S-1-5-21-1192574728-1841427162-4075779397-1000\...\1001namen.com -> www.1001namen.com
    IE restricted site: HKU\S-1-5-21-1192574728-1841427162-4075779397-1000\...\100888290cs.com -> mir.100888290cs.com
    IE restricted site: HKU\S-1-5-21-1192574728-1841427162-4075779397-1000\...\100sexlinks.com -> www.100sexlinks.com
    IE restricted site: HKU\S-1-5-21-1192574728-1841427162-4075779397-1000\...\10sek.com -> www.10sek.com
    IE restricted site: HKU\S-1-5-21-1192574728-1841427162-4075779397-1000\...\12-26.net -> user1.12-26.net
    IE restricted site: HKU\S-1-5-21-1192574728-1841427162-4075779397-1000\...\12-27.net -> user1.12-27.net
    IE restricted site: HKU\S-1-5-21-1192574728-1841427162-4075779397-1000\...\123fporn.info -> www.123fporn.info
    IE restricted site: HKU\S-1-5-21-1192574728-1841427162-4075779397-1000\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
    IE restricted site: HKU\S-1-5-21-1192574728-1841427162-4075779397-1000\...\123moviedownload.com -> www.123moviedownload.com
    IE restricted site: HKU\S-1-5-21-1192574728-1841427162-4075779397-1000\...\123simsen.com -> www.123simsen.com

    There are 7947 more sites.

    IE restricted site: HKU\S-1-5-21-1192574728-1841427162-4075779397-1011\...\007guard.com -> install.007guard.com
    IE restricted site: HKU\S-1-5-21-1192574728-1841427162-4075779397-1011\...\008i.com -> 008i.com
    IE restricted site: HKU\S-1-5-21-1192574728-1841427162-4075779397-1011\...\008k.com -> www.008k.com
    IE restricted site: HKU\S-1-5-21-1192574728-1841427162-4075779397-1011\...\00hq.com -> www.00hq.com
    IE restricted site: HKU\S-1-5-21-1192574728-1841427162-4075779397-1011\...\010402.com -> 010402.com
    IE restricted site: HKU\S-1-5-21-1192574728-1841427162-4075779397-1011\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
    IE restricted site: HKU\S-1-5-21-1192574728-1841427162-4075779397-1011\...\0scan.com -> www.0scan.com
    IE restricted site: HKU\S-1-5-21-1192574728-1841427162-4075779397-1011\...\1-2005-search.com -> www.1-2005-search.com
    IE restricted site: HKU\S-1-5-21-1192574728-1841427162-4075779397-1011\...\1-domains-registrations.com -> www.1-domains-registrations.com
    IE restricted site: HKU\S-1-5-21-1192574728-1841427162-4075779397-1011\...\1000gratisproben.com -> www.1000gratisproben.com
    IE restricted site: HKU\S-1-5-21-1192574728-1841427162-4075779397-1011\...\1001namen.com -> www.1001namen.com
    IE restricted site: HKU\S-1-5-21-1192574728-1841427162-4075779397-1011\...\100888290cs.com -> mir.100888290cs.com
    IE restricted site: HKU\S-1-5-21-1192574728-1841427162-4075779397-1011\...\100sexlinks.com -> www.100sexlinks.com
    IE restricted site: HKU\S-1-5-21-1192574728-1841427162-4075779397-1011\...\10sek.com -> www.10sek.com
    IE restricted site: HKU\S-1-5-21-1192574728-1841427162-4075779397-1011\...\12-26.net -> user1.12-26.net
    IE restricted site: HKU\S-1-5-21-1192574728-1841427162-4075779397-1011\...\12-27.net -> user1.12-27.net
    IE restricted site: HKU\S-1-5-21-1192574728-1841427162-4075779397-1011\...\123fporn.info -> www.123fporn.info
    IE restricted site: HKU\S-1-5-21-1192574728-1841427162-4075779397-1011\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
    IE restricted site: HKU\S-1-5-21-1192574728-1841427162-4075779397-1011\...\123moviedownload.com -> www.123moviedownload.com
    IE restricted site: HKU\S-1-5-21-1192574728-1841427162-4075779397-1011\...\123simsen.com -> www.123simsen.com

    There are 7947 more sites.

    IE restricted site: HKU\S-1-5-21-1192574728-1841427162-4075779397-1013\...\007guard.com -> install.007guard.com
    IE restricted site: HKU\S-1-5-21-1192574728-1841427162-4075779397-1013\...\008i.com -> 008i.com
    IE restricted site: HKU\S-1-5-21-1192574728-1841427162-4075779397-1013\...\008k.com -> www.008k.com
    IE restricted site: HKU\S-1-5-21-1192574728-1841427162-4075779397-1013\...\00hq.com -> www.00hq.com
    IE restricted site: HKU\S-1-5-21-1192574728-1841427162-4075779397-1013\...\010402.com -> 010402.com
    IE restricted site: HKU\S-1-5-21-1192574728-1841427162-4075779397-1013\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
    IE restricted site: HKU\S-1-5-21-1192574728-1841427162-4075779397-1013\...\0scan.com -> www.0scan.com
    IE restricted site: HKU\S-1-5-21-1192574728-1841427162-4075779397-1013\...\1-2005-search.com -> www.1-2005-search.com
    IE restricted site: HKU\S-1-5-21-1192574728-1841427162-4075779397-1013\...\1-domains-registrations.com -> www.1-domains-registrations.com
    IE restricted site: HKU\S-1-5-21-1192574728-1841427162-4075779397-1013\...\1000gratisproben.com -> www.1000gratisproben.com
    IE restricted site: HKU\S-1-5-21-1192574728-1841427162-4075779397-1013\...\1001namen.com -> www.1001namen.com
    IE restricted site: HKU\S-1-5-21-1192574728-1841427162-4075779397-1013\...\100888290cs.com -> mir.100888290cs.com
    IE restricted site: HKU\S-1-5-21-1192574728-1841427162-4075779397-1013\...\100sexlinks.com -> www.100sexlinks.com
    IE restricted site: HKU\S-1-5-21-1192574728-1841427162-4075779397-1013\...\10sek.com -> www.10sek.com
    IE restricted site: HKU\S-1-5-21-1192574728-1841427162-4075779397-1013\...\12-26.net -> user1.12-26.net
    IE restricted site: HKU\S-1-5-21-1192574728-1841427162-4075779397-1013\...\12-27.net -> user1.12-27.net
    IE restricted site: HKU\S-1-5-21-1192574728-1841427162-4075779397-1013\...\123fporn.info -> www.123fporn.info
    IE restricted site: HKU\S-1-5-21-1192574728-1841427162-4075779397-1013\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
    IE restricted site: HKU\S-1-5-21-1192574728-1841427162-4075779397-1013\...\123moviedownload.com -> www.123moviedownload.com
    IE restricted site: HKU\S-1-5-21-1192574728-1841427162-4075779397-1013\...\123simsen.com -> www.123simsen.com

    There are 7947 more sites.

    IE restricted site: HKU\S-1-5-21-1192574728-1841427162-4075779397-1016\...\007guard.com -> install.007guard.com
    IE restricted site: HKU\S-1-5-21-1192574728-1841427162-4075779397-1016\...\008i.com -> 008i.com
    IE restricted site: HKU\S-1-5-21-1192574728-1841427162-4075779397-1016\...\008k.com -> www.008k.com
    IE restricted site: HKU\S-1-5-21-1192574728-1841427162-4075779397-1016\...\00hq.com -> www.00hq.com
    IE restricted site: HKU\S-1-5-21-1192574728-1841427162-4075779397-1016\...\010402.com -> 010402.com
    IE restricted site: HKU\S-1-5-21-1192574728-1841427162-4075779397-1016\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
    IE restricted site: HKU\S-1-5-21-1192574728-1841427162-4075779397-1016\...\0scan.com -> www.0scan.com
    IE restricted site: HKU\S-1-5-21-1192574728-1841427162-4075779397-1016\...\1-2005-search.com -> www.1-2005-search.com
    IE restricted site: HKU\S-1-5-21-1192574728-1841427162-4075779397-1016\...\1-domains-registrations.com -> www.1-domains-registrations.com
    IE restricted site: HKU\S-1-5-21-1192574728-1841427162-4075779397-1016\...\1000gratisproben.com -> www.1000gratisproben.com
    IE restricted site: HKU\S-1-5-21-1192574728-1841427162-4075779397-1016\...\1001namen.com -> www.1001namen.com
    IE restricted site: HKU\S-1-5-21-1192574728-1841427162-4075779397-1016\...\100888290cs.com -> mir.100888290cs.com
    IE restricted site: HKU\S-1-5-21-1192574728-1841427162-4075779397-1016\...\100sexlinks.com -> www.100sexlinks.com
    IE restricted site: HKU\S-1-5-21-1192574728-1841427162-4075779397-1016\...\10sek.com -> www.10sek.com
    IE restricted site: HKU\S-1-5-21-1192574728-1841427162-4075779397-1016\...\12-26.net -> user1.12-26.net
    IE restricted site: HKU\S-1-5-21-1192574728-1841427162-4075779397-1016\...\12-27.net -> user1.12-27.net
    IE restricted site: HKU\S-1-5-21-1192574728-1841427162-4075779397-1016\...\123fporn.info -> www.123fporn.info
    IE restricted site: HKU\S-1-5-21-1192574728-1841427162-4075779397-1016\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
    IE restricted site: HKU\S-1-5-21-1192574728-1841427162-4075779397-1016\...\123moviedownload.com -> www.123moviedownload.com
    IE restricted site: HKU\S-1-5-21-1192574728-1841427162-4075779397-1016\...\123simsen.com -> www.123simsen.com

    There are 7947 more sites.


    ==================== Hosts content: =========================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2009-07-14 03:34 - 2021-03-22 20:37 - 000456032 ____N C:\WINDOWS\system32\drivers\etc\hosts
    127.0.0.1 www.007guard.com
    127.0.0.1 007guard.com
    127.0.0.1 008i.com
    127.0.0.1 www.008k.com
    127.0.0.1 008k.com
    127.0.0.1 www.00hq.com
    127.0.0.1 00hq.com
    127.0.0.1 010402.com
    127.0.0.1 www.032439.com
    127.0.0.1 032439.com
    127.0.0.1 www.0scan.com
    127.0.0.1 0scan.com
    127.0.0.1 1000gratisproben.com
    127.0.0.1 www.1000gratisproben.com
    127.0.0.1 1001namen.com
    127.0.0.1 www.1001namen.com
    127.0.0.1 100888290cs.com
    127.0.0.1 www.100888290cs.com
    127.0.0.1 www.100sexlinks.com
    127.0.0.1 100sexlinks.com
    127.0.0.1 10sek.com
    127.0.0.1 www.10sek.com
    127.0.0.1 www.1-2005-search.com
    127.0.0.1 1-2005-search.com
    127.0.0.1 123fporn.info
    127.0.0.1 www.123fporn.info
    127.0.0.1 123haustiereundmehr.com
    127.0.0.1 www.123haustiereundmehr.com
    127.0.0.1 www.123moviedownload.com
    127.0.0.1 123moviedownload.com

    There are 15643 more lines.


    ==================== Other Areas ===========================

    (Currently there is no automatic fix for this section.)

    HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\ProgramData\Oracle\Java\javapath;%CommonProgramFiles%\Microsoft Shared\Windows Live;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Program Files (x86)\AMD APP\bin\x86_64;C:\Program Files (x86)\AMD APP\bin\x86;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\PBWin90\BIN;C:\Winlicense\WinlicenseSDK;C:\Dev\Vendor\vbRC5BaseDlls;C:\Dev\Firefly3\ChartsDLL\Release;C:\Dev\Firefly3\CalcDLL\Release;C:\Dev\Firefly3\UtilDLL\Release;C:\Program Files (x86)\ImageConverter Plus;C:\Program Files (x86)\ImageConverter Plus\Microsoft.VC80.CRT;C:\Program Files (x86)\ImageConverter Plus\Microsoft.VC80.MFC;C:\Program Files\Microsoft SDKs\Windows\v6.0A\Bin;C:\Program Files (x86)\Microsoft SDKs\Windows\v6.0A\Bin;C:\Program Files (x86)\Common Files\Acronis\SnapAPI\;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;c:\Program Files (x86)\Microsoft SQL Server\90\Tools\binn\;C:\Program Files (x86)\Microsoft ASP.NET\ASP.NET Web Pages\v1.0\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\Program Files (x86)\Windows Kits\8.1\Windows Performance Toolkit\;C:\Program Files (x86)\Microsoft SDKs\TypeScript\1.0\;C:\Program Files\Microsoft SQL Server\120\Tools\Binn\;C:\Program Files\Microsoft\Web Platform Installer\;C:\Program Files (x86)\AMD\ATI.ACE\Core-Static;%SYSTEMROOT%\System32\OpenSSH\;C:\Program Files\TortoiseSVN\bin
    HKCU\Environment\\Path -> C:\Program Files (x86)\ImageConverter Plus;C:\Program Files (x86)\ImageConverter Plus\Microsoft.VC80.CRT;C:\Program Files (x86)\ImageConverter Plus\Microsoft.VC80.MFC;;%USERPROFILE%\AppData\Local\Microsoft\WindowsApps
    HKU\S-1-5-21-1192574728-1841427162-4075779397-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Joakim\AppData\Local\DisplayFusion\Wallpaper_1.png
    HKU\S-1-5-21-1192574728-1841427162-4075779397-1011\Control Panel\Desktop\\Wallpaper ->
    HKU\S-1-5-21-1192574728-1841427162-4075779397-1013\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
    HKU\S-1-5-21-1192574728-1841427162-4075779397-1016\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
    DNS Servers: 213.226.224.12
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off)
    HKLM\software\microsoft\Windows\CurrentVersion\Telephony\Providers => ProviderFileName2 -> ndptsp.tsp (No File)
    Windows Firewall is enabled.

    Network Binding:
    =============
    VMware Network Adapter VMnet8: VMware Bridge Protocol -> vmware_bridge (disabled)
    VMware Network Adapter VMnet1: VMware Bridge Protocol -> vmware_bridge (disabled)
    Local Area Connection 3: VMware Bridge Protocol -> vmware_bridge (enabled)

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    (If an entry is included in the fixlist, it will be removed.)

    MSCONFIG\Services: BOINC => 2
    MSCONFIG\Services: Mach5 Mailer Scheduler => 2
    MSCONFIG\Services: TeamViewer => 2
    MSCONFIG\startupreg: ApnUpdater => "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
    HKLM\...\StartupApproved\StartupFolder: => "HP Digital Imaging Monitor.lnk"
    HKLM\...\StartupApproved\StartupFolder: => "HP Digital Imaging Monitor.lnk.disabled"
    HKLM\...\StartupApproved\Run: => "Logitech Download Assistant"
    HKLM\...\StartupApproved\Run: => "Acronis Scheduler2 Service"
    HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
    HKLM\...\StartupApproved\Run: => "boinctray"
    HKLM\...\StartupApproved\Run: => "TortoiseHgOverlayIconServer"
    HKLM\...\StartupApproved\Run32: => "ControlCenter4"
    HKLM\...\StartupApproved\Run32: => "BrStsMon00"
    HKLM\...\StartupApproved\Run32: => "Acrobat Assistant 8.0"
    HKLM\...\StartupApproved\Run32: => "Adobe ARM"
    HKLM\...\StartupApproved\Run32: => "ASUS AiChargerPlus Execute"
    HKLM\...\StartupApproved\Run32: => "Bing Bar"
    HKLM\...\StartupApproved\Run32: => "HP Software Update"
    HKLM\...\StartupApproved\Run32: => "Raptr"
    HKLM\...\StartupApproved\Run32: => "vmware-tray.exe"
    HKLM\...\StartupApproved\Run32: => "IndexSearch"
    HKLM\...\StartupApproved\Run32: => "PaperPort PTD"
    HKLM\...\StartupApproved\Run32: => "PDF5 Registry Controller"
    HKLM\...\StartupApproved\Run32: => "PDFHook"
    HKU\S-1-5-21-1192574728-1841427162-4075779397-1000\...\StartupApproved\StartupFolder: => "Send to OneNote.lnk"
    HKU\S-1-5-21-1192574728-1841427162-4075779397-1000\...\StartupApproved\StartupFolder: => "Send to OneNote.lnk.disabled"
    HKU\S-1-5-21-1192574728-1841427162-4075779397-1000\...\StartupApproved\Run: => "boincmgr"
    HKU\S-1-5-21-1192574728-1841427162-4075779397-1000\...\StartupApproved\Run: => "Codejock Update"
    HKU\S-1-5-21-1192574728-1841427162-4075779397-1000\...\StartupApproved\Run: => "OneDrive"
    HKU\S-1-5-21-1192574728-1841427162-4075779397-1000\...\StartupApproved\Run: => "ISUSPM"
    HKU\S-1-5-21-1192574728-1841427162-4075779397-1000\...\StartupApproved\Run: => "Viber"

    ==================== FirewallRules (Whitelisted) ================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    FirewallRules: [Microsoft-Windows-Unified-Telemetry-Client] => (Block) C:\WINDOWS\system32\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation)
    FirewallRules: [{5DE243FE-09EB-4D1A-B0A1-E339583D3CD0}] => (Allow) LPort=1688
    FirewallRules: [{6873E13E-24DE-407A-A7B8-12AF79C93580}] => (Allow) C:\Users\Joakim\AppData\Roaming\Zoom\bin\airhost.exe => No File
    FirewallRules: [{1C013A2C-0103-4182-8D02-2A64F96521AB}] => (Allow) C:\Users\Joakim\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
    FirewallRules: [TCP Query User{609EB4D7-1F61-4509-893C-3286ECF35966}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe => No File
    FirewallRules: [{E749EFFE-15C1-4550-92DB-87BE4BD40C19}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
    FirewallRules: [{BEC3445F-36DD-45C8-BF57-0C079F8F4674}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
    FirewallRules: [{C8A7111D-BE7E-47AF-A104-C554A71067A6}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe (Microsoft Corporation -> Microsoft Corporation)
    FirewallRules: [{DA0BD2F5-FCF7-4AAC-B58D-9B1C99177D71}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe (Microsoft Corporation -> Microsoft Corporation)
    FirewallRules: [{82E78FD3-0B87-43A8-B3C8-96500EF9274C}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
    FirewallRules: [{056D6F21-9401-4D29-9A87-A66CF3154063}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
    FirewallRules: [TCP Query User{63F2E23C-A40B-41DA-9BFB-3FCD6F60E9FF}C:\program files (x86)\nero\nero 2016\nero burning rom\nero.exe] => (Allow) C:\program files (x86)\nero\nero 2016\nero burning rom\nero.exe (Nero AG -> Nero AG)
    FirewallRules: [UDP Query User{29A44729-2B6E-4483-9B99-D0735FD32F3B}C:\program files (x86)\nero\nero 2016\nero burning rom\nero.exe] => (Allow) C:\program files (x86)\nero\nero 2016\nero burning rom\nero.exe (Nero AG -> Nero AG)
    FirewallRules: [TCP Query User{DCF682B3-4EDD-4F48-936C-4EC42CB49A33}C:\program files (x86)\mach5 mailer 4\popmonger.exe] => (Allow) C:\program files (x86)\mach5 mailer 4\popmonger.exe (Mach5) [File not signed]
    FirewallRules: [UDP Query User{2C58268B-9854-426A-A9C2-CCF2D675B31B}C:\program files (x86)\mach5 mailer 4\popmonger.exe] => (Allow) C:\program files (x86)\mach5 mailer 4\popmonger.exe (Mach5) [File not signed]
    FirewallRules: [{2B4340B8-DB1B-43DD-AFB5-3AABBD8E7E7F}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH -> TeamViewer GmbH)
    FirewallRules: [{78995063-38D5-4348-A444-3B10919782EC}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH -> TeamViewer GmbH)
    FirewallRules: [{892C2EB9-00F0-4213-9802-44021D742738}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer GmbH -> TeamViewer GmbH)
    FirewallRules: [{4D874F93-7391-4D0B-95CC-305006E806B4}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer GmbH -> TeamViewer GmbH)
    FirewallRules: [{A8BC7BC7-7A5D-4694-81B2-891F63A84E93}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe (Microsoft Corporation -> Microsoft Corporation)
    FirewallRules: [{0B13671D-0730-4D1D-8812-AD37FF7303AC}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe (Microsoft Corporation -> Microsoft Corporation)
    FirewallRules: [{B8A9DF5A-DBB5-4CE1-9E09-6214BDC34B26}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
    FirewallRules: [{621F5F1E-8240-4BF4-A4C6-FE31428A2860}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
    FirewallRules: [TCP Query User{878D5190-4058-48DF-9A7D-E605D315E718}C:\program files\videolan\vlc\vlc.exe] => (Allow) C:\program files\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
    FirewallRules: [UDP Query User{6FBB196C-6B69-4DAA-A29E-ACBA0179BFBA}C:\program files\videolan\vlc\vlc.exe] => (Allow) C:\program files\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
    FirewallRules: [{A52490F7-4F8D-4566-B3CD-AA180AC3A687}] => (Allow) C:\Program Files\ICMarkets - MetaTrader 5\metatester64.exe (MetaQuotes Ltd. -> MetaQuotes Software Corp.)
    FirewallRules: [TCP Query User{5BF293A1-DF7F-4A20-976C-319047C05337}C:\program files (x86)\flashfxp 5\flashfxp.exe] => (Allow) C:\program files (x86)\flashfxp 5\flashfxp.exe (OpenSight Software LLC -> OpenSight Software, LLC)
    FirewallRules: [UDP Query User{02979B3B-D210-4BCE-8987-CA85ADCD3251}C:\program files (x86)\flashfxp 5\flashfxp.exe] => (Allow) C:\program files (x86)\flashfxp 5\flashfxp.exe (OpenSight Software LLC -> OpenSight Software, LLC)
    FirewallRules: [{C4214EEE-19A1-40D4-98C7-2E0670833262}] => (Allow) C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe (VMware, Inc. -> VMware, Inc.)
    FirewallRules: [{8D5F48BC-6E80-4FBE-9BD0-B0A441A4FEC0}] => (Allow) C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe (VMware, Inc. -> VMware, Inc.)
    FirewallRules: [{011A5C70-0AAC-44E6-BB07-C80FC3F558A1}] => (Allow) C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe (VMware, Inc. -> )
    FirewallRules: [{1C137ACF-261E-457A-AB1C-9E8374D4DAB3}] => (Allow) C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe (VMware, Inc. -> )
    FirewallRules: [{ED5EE750-F261-4F0F-B83E-5305665E75C7}] => (Allow) LPort=54925
    FirewallRules: [{6FA501C5-46D4-447E-A84D-C3F3E0892E77}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
    FirewallRules: [{393ECCAD-CD38-4E47-8A98-D98645076563}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
    FirewallRules: [{CAB000AA-5242-4193-AE0B-F5AEA499C6F3}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
    FirewallRules: [{6FD3CF4F-D28B-476F-9E98-540C5EEA2825}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
    FirewallRules: [{FA880D7F-C866-4DC1-8A59-6E2B6BF0E398}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
    FirewallRules: [{F70A3C62-4951-4E18-9B8F-0D4A7F80CD3B}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
    DomainProfile\AuthorizedApplications: [C:\Program Files (x86)\FlashFXP\FlashFXP.exe] => Enabled:FlashFXP v3
    DomainProfile\AuthorizedApplications: [C:\Program Files (x86)\FlashFXP 4\FlashFXP.exe] => Enabled:FlashFXP v3
    StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\FlashFXP\FlashFXP.exe] => Enabled:FlashFXP v3
    StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\FlashFXP 4\FlashFXP.exe] => Enabled:FlashFXP v3
    StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
    StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
    StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
    StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service

    ==================== Restore Points =========================

    07-03-2021 07:31:23 Scheduled Checkpoint
    10-03-2021 03:32:00 Windows Modules Installer
    16-03-2021 01:23:53 Windows Modules Installer
    18-03-2021 01:03:15 Windows Modules Installer
    19-03-2021 23:49:30 Removed Acronis True Image WD Edition
    21-03-2021 16:06:26 Installed Component Checker

    ==================== Faulty Device Manager Devices ============


    ==================== Event log errors: ========================

    Application errors:
    ==================
    Error: (03/22/2021 09:44:47 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: SDUpdate.exe, version: 2.8.68.100, time stamp: 0x5ea5e0d1
    Faulting module name: SDUpdate.exe, version: 2.8.68.100, time stamp: 0x5ea5e0d1
    Exception code: 0xc0000005
    Fault offset: 0x00005c92
    Faulting process id: 0x1fe0
    Faulting application start time: 0x01d71f5c319beccf
    Faulting application path: C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
    Faulting module path: C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
    Report Id: fab585f5-ac96-4cf9-9857-095953c2d305
    Faulting package full name:
    Faulting package-relative application ID:

    Error: (03/22/2021 09:35:32 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: SDUpdate.exe, version: 2.8.68.100, time stamp: 0x5ea5e0d1
    Faulting module name: hhctrl.ocx_unloaded, version: 10.0.19041.746, time stamp: 0x2667553c
    Exception code: 0xc0000005
    Fault offset: 0x000260b6
    Faulting process id: 0x1e5c
    Faulting application start time: 0x01d71f55357becf8
    Faulting application path: C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
    Faulting module path: hhctrl.ocx
    Report Id: 00ab68dc-84c1-4ce1-84eb-e13037323d48
    Faulting package full name:
    Faulting package-relative application ID:

    Error: (03/22/2021 08:56:51 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: aswMBR.exe, version: 0.9.9.1771, time stamp: 0x5147644e
    Faulting module name: ntdll.dll, version: 10.0.19041.844, time stamp: 0xa9ac4e88
    Exception code: 0xc0000005
    Fault offset: 0x000870e1
    Faulting process id: 0x2b74
    Faulting application start time: 0x01d71f55438fc4c5
    Faulting application path: C:\Users\Joakim\Downloads\aswMBR.exe
    Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
    Report Id: 462b2890-e0ab-451f-aec7-329f39117e8e
    Faulting package full name:
    Faulting package-relative application ID:

    Error: (03/22/2021 08:54:47 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: SDUpdate.exe, version: 2.8.68.100, time stamp: 0x5ea5e0d1
    Faulting module name: SDUpdate.exe, version: 2.8.68.100, time stamp: 0x5ea5e0d1
    Exception code: 0xc0000005
    Fault offset: 0x00005c92
    Faulting process id: 0x1e5c
    Faulting application start time: 0x01d71f55357becf8
    Faulting application path: C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
    Faulting module path: C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
    Report Id: 122276e4-6ff4-4a22-a6be-c093f13c2a97
    Faulting package full name:
    Faulting package-relative application ID:

    Error: (03/22/2021 08:54:45 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: aswMBR.exe, version: 0.9.9.1771, time stamp: 0x5147644e
    Faulting module name: ntdll.dll, version: 10.0.19041.844, time stamp: 0xa9ac4e88
    Exception code: 0xc0000005
    Fault offset: 0x000870e1
    Faulting process id: 0x29f8
    Faulting application start time: 0x01d71f54e7305eaa
    Faulting application path: C:\Users\Joakim\Downloads\aswMBR.exe
    Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
    Report Id: 5a979b59-fd6b-4354-b3ac-7fbd484327fd
    Faulting package full name:
    Faulting package-relative application ID:

    Error: (03/22/2021 08:51:46 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: aswMBR.exe, version: 0.9.9.1771, time stamp: 0x5147644e
    Faulting module name: ntdll.dll, version: 10.0.19041.844, time stamp: 0xa9ac4e88
    Exception code: 0xc0000005
    Fault offset: 0x000870e1
    Faulting process id: 0x2690
    Faulting application start time: 0x01d71f541b5fa7b3
    Faulting application path: C:\Users\Joakim\Downloads\aswMBR.exe
    Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
    Report Id: 9cd66d7f-fb97-4c13-83d2-e1cd72715da9
    Faulting package full name:
    Faulting package-relative application ID:

    Error: (03/22/2021 08:45:28 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: SDUpdate.exe, version: 2.8.68.100, time stamp: 0x5ea5e0d1
    Faulting module name: hhctrl.ocx_unloaded, version: 10.0.19041.746, time stamp: 0x2667553c
    Exception code: 0xc0000005
    Fault offset: 0x000260b6
    Faulting process id: 0x3c8
    Faulting application start time: 0x01d71f53cfdc452c
    Faulting application path: C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
    Faulting module path: hhctrl.ocx
    Report Id: a19c36a7-c7e0-4f74-9a93-9a09cd54968f
    Faulting package full name:
    Faulting package-relative application ID:

    Error: (03/22/2021 08:44:47 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: SDUpdate.exe, version: 2.8.68.100, time stamp: 0x5ea5e0d1
    Faulting module name: SDUpdate.exe, version: 2.8.68.100, time stamp: 0x5ea5e0d1
    Exception code: 0xc0000005
    Fault offset: 0x00005c92
    Faulting process id: 0x3c8
    Faulting application start time: 0x01d71f53cfdc452c
    Faulting application path: C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
    Faulting module path: C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
    Report Id: 12ab1cae-6c1f-4a77-b014-ed7b5ae088d2
    Faulting package full name:
    Faulting package-relative application ID:


    System errors:
    =============
    Error: (03/22/2021 08:36:37 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The Software Protection service failed to start due to the following error:
    The service did not respond to the start or control request in a timely fashion.

    Error: (03/22/2021 08:36:37 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
    Description: A timeout was reached (30000 milliseconds) while waiting for the Software Protection service to connect.

    Error: (03/22/2021 08:36:07 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The System Guard Runtime Monitor Broker service failed to start due to the following error:
    The service did not respond to the start or control request in a timely fashion.

    Error: (03/22/2021 08:36:07 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
    Description: A timeout was reached (30000 milliseconds) while waiting for the System Guard Runtime Monitor Broker service to connect.

    Error: (03/22/2021 08:32:21 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The Software Protection service failed to start due to the following error:
    The service did not respond to the start or control request in a timely fashion.

    Error: (03/22/2021 08:32:21 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
    Description: A timeout was reached (30000 milliseconds) while waiting for the Software Protection service to connect.

    Error: (03/22/2021 08:30:31 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
    Description: The shpamsvc service terminated with the following error:
    Catastrophic failure

    Error: (03/22/2021 08:30:25 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
    Description: The UevAgentService service terminated with the following service-specific error:
    The storage control blocks were destroyed.


    Windows Defender:
    ================
    Date: 2021-03-15 21:33:14
    Description:
    Microsoft Defender Antivirus scan has been stopped before completion.
    Scan Type: Antimalware
    Scan Parameters: Quick Scan

    Date: 2021-03-15 08:54:02
    Description:
    Microsoft Defender Antivirus scan has been stopped before completion.
    Scan Type: Antimalware
    Scan Parameters: Quick Scan

    Date: 2021-03-14 08:50:40
    Description:
    Microsoft Defender Antivirus scan has been stopped before completion.
    Scan Type: Antimalware
    Scan Parameters: Quick Scan

    Date: 2021-03-14 03:50:54
    Description:
    Microsoft Defender Antivirus scan has been stopped before completion.
    Scan Type: Antimalware
    Scan Parameters: Quick Scan

    Date: 2021-03-13 08:49:52
    Description:
    Microsoft Defender Antivirus scan has been stopped before completion.
    Scan Type: Antimalware
    Scan Parameters: Quick Scan
    
    CodeIntegrity:
    ===============
    Date: 2021-03-22 21:42:53
    Description:
    Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll that did not meet the Windows signing level requirements.

    Date: 2021-03-22 20:41:39
    Description:
    Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll because the set of per-page image hashes could not be found on the system.


    ==================== Memory info ===========================

    BIOS: American Megatrends Inc. 1903 08/19/2013
    Motherboard: ASUSTeK COMPUTER INC. MAXIMUS V GENE
    Processor: Intel(R) Core(TM) i7-3770K CPU @ 3.50GHz
    Percentage of memory in use: 19%
    Total physical RAM: 32712.48 MB
    Available physical RAM: 26425.63 MB
    Total Virtual: 65480.48 MB
    Available Virtual: 59500.76 MB

    ==================== Drives ================================

    Drive c: () (Fixed) (Total:1862.41 GB) (Free:1241.28 GB) NTFS
    Drive d: (Data) (Fixed) (Total:1863.01 GB) (Free:1184.14 GB) NTFS
    Drive f: (PATRIOT) (Removable) (Total:7.46 GB) (Free:2.6 GB) FAT32
    Drive g: (Storage) (Fixed) (Total:1397.26 GB) (Free:1119.08 GB) NTFS

    \\?\Volume{67c5537b-6b68-11df-aafe-806e6f6e6963}\ (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.03 GB) NTFS
    \\?\Volume{1af5142a-0000-0000-0000-e0a0d1010000}\ () (Fixed) (Total:0.5 GB) (Free:0.07 GB) NTFS

    ==================== MBR & Partition Table ====================

    ==========================================================
    Disk: 0 (MBR Code: Windows 7/8/10) (Size: 1863 GB) (Disk ID: 1AF5142A)
    Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
    Partition 2: (Not Active) - (Size=1862.4 GB) - (Type=07 NTFS)
    Partition 3: (Not Active) - (Size=514 MB) - (Type=27)

    ==========================================================
    Disk: 1 (MBR Code: Windows 7/8/10) (Size: 1863 GB) (Disk ID: 2047AD66)
    Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)

    ==========================================================
    Disk: 2 (MBR Code: Windows 7/8/10) (Size: 1397.3 GB) (Disk ID: 1ACE5830)
    Partition 1: (Not Active) - (Size=1397.3 GB) - (Type=07 NTFS)

    ==========================================================
    Disk: 3 (MBR Code: Windows XP) (Size: 7.5 GB) (Disk ID: C3072E18)
    Partition 1: (Not Active) - (Size=7.5 GB) - (Type=0C)

    ==================== End of Addition.txt =======================

    So hope there is someone willing to help with assisting in catching this mystic thingy.
    Life on Earth is expensive but it includes a free trip around the Sun every year.

  2. #2
    Security Expert Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    3,974

    Default

    I've found a few things but none of it appears to be malicious.

    I did note that if found you would like to remove remnants of
    Acronis True Image
    Software for HP OfficeJet 8000


    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~`
    Start Farbar Recovery Scan Tool with Administrator privileges
    (Right click on the FRST icon and select Run as administrator)

    highlight on the text below and select Copy.
    beginning with Start:: and finishing with End::
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    Highlight the entire content of the quote box below and select Copy.


    Start::
    CloseProcesses:
    CreateRestorePoint:
    GroupPolicy: Restriction ? <==== ATTENTION
    Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
    HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
    HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
    HKU\S-1-5-21-1192574728-1841427162-4075779397-1000\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
    Task: {0242EEF7-7092-4A4E-A078-3CB693073231} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
    Task: {076A58C9-C053-4E39-9850-AB69D2F68D22} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
    Task: {102C6229-B1A5-4200-9795-1758673B9EC4} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
    Task: {14DA1789-EB8D-4A9F-99D6-9B3AA501C554} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
    Task: {362CF9C0-E2DA-4FB8-9173-8BDEB98B8BF4} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
    Task: {3A4C6FFB-2414-4C07-8120-ECE93E82B540} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION
    Task: {544EF222-E964-464F-A87E-BEA3D8D61D1C} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
    Task: {5D4CA8BB-AEE4-4AFC-A6A3-93E60F33E019} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
    Task: {6637FC96-DC3B-4861-B9C7-B985D05C943E} - \Microsoft\Windows\Setup\GWXTriggers\Time-Weekend -> No File <==== ATTENTION
    Task: {68626C0A-4B37-4C8A-9E88-6D429F050ED8} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
    Task: {79E837AC-E154-42AA-B67C-6345E8B872C8} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
    Task: {90725F84-79AF-4EE3-B272-88130A63334C} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
    Task: {AEEB9992-DB4E-4162-8E59-73B99B5C5BFB} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
    Task: {C0B244BD-D6C0-43FD-80AC-CC61720DDD40} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
    Task: {D6A15A93-52C9-4A33-B8DD-49471D36E2DE} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
    Task: {D74C3BDA-3D0D-4778-827E-66A3CE256617} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
    FF user.js: detected! => C:\Users\Joakim\AppData\Roaming\Mozilla\Firefox\Profiles\o3zit03n.Joakim\user.js [2008-11-30]
    FF Extension: (No Name) - C:\Program Files (x86)\BlueGriffon\extensions\csseditor@bluegriffon.com.xpi [not found]
    FF Extension: (No Name) - C:\Program Files (x86)\BlueGriffon\extensions\eyedropper@bluegriffon.com.xpi [not found]
    FF Extension: (No Name) - C:\Program Files (x86)\BlueGriffon\extensions\fs@bluegriffon.com.xpi [not found]
    FF Extension: (No Name) - C:\Program Files (x86)\BlueGriffon\extensions\gfd@bluegriffon.com.xpi [not found]
    FF Extension: (No Name) - C:\Program Files (x86)\BlueGriffon\extensions\markdown@bluegriffon.com.xpi [not found]
    FF Extension: (No Name) - C:\Program Files (x86)\BlueGriffon\extensions\mathml@bluegriffon.com.xpi [not found]
    FF Extension: (No Name) - C:\Program Files (x86)\BlueGriffon\extensions\op1@bluegriffon.com.xpi [not found]
    FF Extension: (No Name) - C:\Program Files (x86)\BlueGriffon\extensions\snippets@bluegriffon.com.xpi [not found]
    FF Extension: (No Name) - C:\Program Files (x86)\BlueGriffon\extensions\svg-edit@googlegroups.com.xpi [not found]
    FF Extension: (No Name) - C:\Program Files (x86)\BlueGriffon\extensions\tablelayout@bluegriffon.com.xpi [not found]
    FF Extension: (No Name) - C:\Program Files (x86)\BlueGriffon\extensions\templatesManager@bluegriffon.com.xpi [not found]
    FF Extension: (No Name) - C:\Program Files (x86)\BlueGriffon\extensions\thumbnailer@bluegriffon.com.xpi [not found]
    FF Extension: (No Name) - C:\Program Files (x86)\BlueGriffon\extensions\tipoftheday@bluegriffon.com.xpi [not found]
    FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
    FF Extension: (HP Smart Web Printing) - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2014-08-16] [Legacy] [not signed]
    FF Plugin-x32: @veetle.com/vbp;version=0.9.17 -> C:\Program Files (x86)\Veetle\VLCBroadcast\npvbp.dll [No File]
    FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\antibeacon.js [2021-03-22] <==== ATTENTION (Points to *.cfg file)
    FF ExtraCheck: C:\Program Files\mozilla firefox\mozilla.cfg [2021-03-22] <==== ATTENTION
    R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2010-10-22] (Hewlett-Packard Co.) [File not signed]
    ContextMenuHandlers5: [Gadgets] -> {6B9228DA-9C15-419e-856C-19E768A13BDC} => -> No File
    AlternateDataStreams: C:\ProgramData\TEMP:C8B8CEBD [132]
    SearchScopes: HKU\S-1-5-21-1192574728-1841427162-4075779397-1000 -> {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL =
    SearchScopes: HKU\S-1-5-21-1192574728-1841427162-4075779397-1011 -> {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL =
    SearchScopes: HKU\S-1-5-21-1192574728-1841427162-4075779397-1013 -> {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL =
    BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2010-05-28] (Hewlett-Packard Company -> Hewlett-Packard Co.)
    BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2010-05-28] (Hewlett-Packard Company -> Hewlett-Packard Co.)
    Toolbar: HKU\S-1-5-21-1192574728-1841427162-4075779397-1000 -> No Name - {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File
    Toolbar: HKU\S-1-5-21-1192574728-1841427162-4075779397-1011 -> No Name - {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File
    Toolbar: HKU\S-1-5-21-1192574728-1841427162-4075779397-1011 -> No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
    Toolbar: HKU\S-1-5-21-1192574728-1841427162-4075779397-1013 -> No Name - {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File
    Toolbar: HKU\S-1-5-21-1192574728-1841427162-4075779397-1013 -> No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - No File
    2021-03-20 13:46 - 2021-03-20 13:46 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acronis
    2021-03-20 13:46 - 2021-03-20 13:46 - 000000000 ____D C:\Program Files (x86)\Acronis
    HKLM\...\StartupApproved\Run: => "Acronis Scheduler2 Service"
    FirewallRules: [{6873E13E-24DE-407A-A7B8-12AF79C93580}] => (Allow) C:\Users\Joakim\AppData\Roaming\Zoom\bin\airhost.exe => No File
    HP Officejet Pro 8000 A809 Series (HKLM\...\{A9E695CB-A6AA-4B4C-9754-BA3CFF1C3B00}) (Version: 14.0 - HP)
    HP Smart Web Printing 4.60 (HKLM\...\HP Smart Web Printing) (Version: 4.60 - HP)
    HKLM\...\Windows x64\Print Processors\hpcpp104: C:\Windows\System32\spool\prtprocs\x64\hpcpp104.dll [327168 2010-06-18] (Microsoft Windows Hardware Compatibility Publisher -> Hewlett-Packard Corporation)
    HKLM\...\Windows x64\Print Processors\hpcpp118: C:\Windows\System32\spool\prtprocs\x64\hpcpp118.dll [467456 2011-11-11] (Microsoft Windows Hardware Compatibility Publisher -> Hewlett-Packard Corporation)
    HKLM\...\Windows x64\Print Processors\hpfpp02t: C:\Windows\System32\spool\prtprocs\x64\hpfpp02t.dll [253440 2010-05-15] (Microsoft Windows Hardware Compatibility Publisher -> Hewlett-Packard Corporation)
    HKLM\...\Windows x64\Print Processors\hpfpp082: C:\Windows\System32\spool\prtprocs\x64\hpfpp082.dll [254976 2008-08-12] (Hewlett-Packard Corporation) [File not signed]
    HKLM\...\Windows x64\Print Processors\hpzpplhn: C:\Windows\System32\spool\prtprocs\x64\hpzpplhn.dll [99840 2008-05-07] (Microsoft Windows Hardware Compatibility Publisher -> Hewlett-Packard Corporation)
    HKLM\...\Print\Monitors\HP Universal Print Monitor: C:\WINDOWS\system32\HPMPW081.DLL [67584 2011-11-11] (Microsoft Windows Hardware Compatibility Publisher -> Hewlett-Packard)
    HKLM\...\Print\Monitors\HPPMOPJL: C:\WINDOWS\system32\hppmopjl.dll [22016 2009-02-25] (Microsoft Windows Hardware Compatibility Publisher -> Hewlett-Packard Company)
    HKLM\...\Print\Monitors\PCL hpf3l02t: C:\WINDOWS\system32\hpf3l02t.dll [138752 2010-05-15] (Microsoft Windows Hardware Compatibility Publisher -> Hewlett-Packard Company)
    HKLM\...\Print\Monitors\PCL hpf3l082: C:\WINDOWS\system32\hpf3l082.dll [131072 2008-08-12] (Hewlett-Packard Company) [File not signed]
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2014-08-16]
    ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett Packard -> Hewlett-Packard Co.)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk.disabled [2010-09-14]
    ShortcutTarget: HP Digital Imaging Monitor.lnk.disabled -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett Packard -> Hewlett-Packard Co.)
    EmptyTemp:
    C:\Windows\Temp\*.*
    End::
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


    Start FRST (FRST64) with Administrator privileges
    Press the Fix button. FRST will process the lines copied above from the clipboard.
    When finished, a log file Fixlog.txt will pop up and saved in the same location the tool was ran from.

    Please copy and paste its contents in your next reply.
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    Download and run AdwCleaner

    Download AdwCleaner from here and save it to your desktop.
    you can download AdwCleaner here: https://malwarebytes.com/adwcleaner
    • run AdwCleaner by clicking on Scan Now
    • when it has finished, leave everything that was found checked, (ticked), then click on Clean and Repair
    • if it asks to reboot, allow the reboot
    • on reboot, click on View Log File; please attach the content of the log to your next reply.

    ============================================

    Run Malwarebytes Anti-Malware

    You may have Malwarebytes Anti-Malware installed but if not, you can download it from here:
    • run the program
    • click on the ‘Dashboard’ to make sure everything is up to date, (it is not necessary to upgrade to the premium version of MBAM)
    • click on the ‘Scan’ tab, (directly below the Dashboard tab)
    • select the Threat Scan option
    • slick the Scan Now button
    • Threat Scan will begin
    • when the scan has completed and if malware was found, click the Quarantine Selected button to allow MBAM to quarantine what was found
    • if prompted to restart the computer, close all other programs and click Yes to restart your computer
    • once you are back at your desktop, open MBAM once more
    • click on the ‘Reports’ tab
    • double-click on the most recent Scan Report
    • click on Export, then Copy to Clipboard

    Logs to include with the next post:

    Fixlog.txt
    AdwCleaner log
    Mbam.txt
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

  3. #3
    Member
    Join Date
    Feb 2008
    Posts
    50

    Smile

    Thanks Juliet,

    much appreciate your assistance.

    Here is the FRST fixlog.txt
    Fix result of Farbar Recovery Scan Tool (x64) Version: 21-03-2021
    Ran by Joakim (24-03-2021 17:57:02) Run:1
    Running from C:\Users\Joakim\Desktop
    Loaded Profiles: Joakim & Acronis Agent User & Acronis Agent User 2 & boinc_master
    Boot Mode: Normal
    ==============================================

    fixlist content:
    *****************
    CloseProcesses:
    CreateRestorePoint:
    GroupPolicy: Restriction ? <==== ATTENTION
    Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
    HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
    HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
    HKU\S-1-5-21-1192574728-1841427162-4075779397-1000\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
    Task: {0242EEF7-7092-4A4E-A078-3CB693073231} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
    Task: {076A58C9-C053-4E39-9850-AB69D2F68D22} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
    Task: {102C6229-B1A5-4200-9795-1758673B9EC4} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
    Task: {14DA1789-EB8D-4A9F-99D6-9B3AA501C554} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
    Task: {362CF9C0-E2DA-4FB8-9173-8BDEB98B8BF4} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
    Task: {3A4C6FFB-2414-4C07-8120-ECE93E82B540} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION
    Task: {544EF222-E964-464F-A87E-BEA3D8D61D1C} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
    Task: {5D4CA8BB-AEE4-4AFC-A6A3-93E60F33E019} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
    Task: {6637FC96-DC3B-4861-B9C7-B985D05C943E} - \Microsoft\Windows\Setup\GWXTriggers\Time-Weekend -> No File <==== ATTENTION
    Task: {68626C0A-4B37-4C8A-9E88-6D429F050ED8} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
    Task: {79E837AC-E154-42AA-B67C-6345E8B872C8} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
    Task: {90725F84-79AF-4EE3-B272-88130A63334C} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
    Task: {AEEB9992-DB4E-4162-8E59-73B99B5C5BFB} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
    Task: {C0B244BD-D6C0-43FD-80AC-CC61720DDD40} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
    Task: {D6A15A93-52C9-4A33-B8DD-49471D36E2DE} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
    Task: {D74C3BDA-3D0D-4778-827E-66A3CE256617} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
    FF user.js: detected! => C:\Users\Joakim\AppData\Roaming\Mozilla\Firefox\Profiles\o3zit03n.Joakim\user.js [2008-11-30]
    FF Extension: (No Name) - C:\Program Files (x86)\BlueGriffon\extensions\csseditor@bluegriffon.com.xpi [not found]
    FF Extension: (No Name) - C:\Program Files (x86)\BlueGriffon\extensions\eyedropper@bluegriffon.com.xpi [not found]
    FF Extension: (No Name) - C:\Program Files (x86)\BlueGriffon\extensions\fs@bluegriffon.com.xpi [not found]
    FF Extension: (No Name) - C:\Program Files (x86)\BlueGriffon\extensions\gfd@bluegriffon.com.xpi [not found]
    FF Extension: (No Name) - C:\Program Files (x86)\BlueGriffon\extensions\markdown@bluegriffon.com.xpi [not found]
    FF Extension: (No Name) - C:\Program Files (x86)\BlueGriffon\extensions\mathml@bluegriffon.com.xpi [not found]
    FF Extension: (No Name) - C:\Program Files (x86)\BlueGriffon\extensions\op1@bluegriffon.com.xpi [not found]
    FF Extension: (No Name) - C:\Program Files (x86)\BlueGriffon\extensions\snippets@bluegriffon.com.xpi [not found]
    FF Extension: (No Name) - C:\Program Files (x86)\BlueGriffon\extensions\svg-edit@googlegroups.com.xpi [not found]
    FF Extension: (No Name) - C:\Program Files (x86)\BlueGriffon\extensions\tablelayout@bluegriffon.com.xpi [not found]
    FF Extension: (No Name) - C:\Program Files (x86)\BlueGriffon\extensions\templatesManager@bluegriffon.com.xpi [not found]
    FF Extension: (No Name) - C:\Program Files (x86)\BlueGriffon\extensions\thumbnailer@bluegriffon.com.xpi [not found]
    FF Extension: (No Name) - C:\Program Files (x86)\BlueGriffon\extensions\tipoftheday@bluegriffon.com.xpi [not found]
    FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
    FF Extension: (HP Smart Web Printing) - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2014-08-16] [Legacy] [not signed]
    FF Plugin-x32: @veetle.com/vbp;version=0.9.17 -> C:\Program Files (x86)\Veetle\VLCBroadcast\npvbp.dll [No File]
    FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\antibeacon.js [2021-03-22] <==== ATTENTION (Points to *.cfg file)
    FF ExtraCheck: C:\Program Files\mozilla firefox\mozilla.cfg [2021-03-22] <==== ATTENTION
    R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2010-10-22] (Hewlett-Packard Co.) [File not signed]
    ContextMenuHandlers5: [Gadgets] -> {6B9228DA-9C15-419e-856C-19E768A13BDC} => -> No File
    AlternateDataStreams: C:\ProgramData\TEMP:C8B8CEBD [132]
    SearchScopes: HKU\S-1-5-21-1192574728-1841427162-4075779397-1000 -> {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL =
    SearchScopes: HKU\S-1-5-21-1192574728-1841427162-4075779397-1011 -> {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL =
    SearchScopes: HKU\S-1-5-21-1192574728-1841427162-4075779397-1013 -> {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL =
    BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2010-05-28] (Hewlett-Packard Company -> Hewlett-Packard Co.)
    BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2010-05-28] (Hewlett-Packard Company -> Hewlett-Packard Co.)
    Toolbar: HKU\S-1-5-21-1192574728-1841427162-4075779397-1000 -> No Name - {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File
    Toolbar: HKU\S-1-5-21-1192574728-1841427162-4075779397-1011 -> No Name - {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File
    Toolbar: HKU\S-1-5-21-1192574728-1841427162-4075779397-1011 -> No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
    Toolbar: HKU\S-1-5-21-1192574728-1841427162-4075779397-1013 -> No Name - {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File
    Toolbar: HKU\S-1-5-21-1192574728-1841427162-4075779397-1013 -> No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - No File
    2021-03-20 13:46 - 2021-03-20 13:46 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acronis
    2021-03-20 13:46 - 2021-03-20 13:46 - 000000000 ____D C:\Program Files (x86)\Acronis
    HKLM\...\StartupApproved\Run: => "Acronis Scheduler2 Service"
    FirewallRules: [{6873E13E-24DE-407A-A7B8-12AF79C93580}] => (Allow) C:\Users\Joakim\AppData\Roaming\Zoom\bin\airhost.exe => No File
    HP Officejet Pro 8000 A809 Series (HKLM\...\{A9E695CB-A6AA-4B4C-9754-BA3CFF1C3B00}) (Version: 14.0 - HP)
    HP Smart Web Printing 4.60 (HKLM\...\HP Smart Web Printing) (Version: 4.60 - HP)
    HKLM\...\Windows x64\Print Processors\hpcpp104: C:\Windows\System32\spool\prtprocs\x64\hpcpp104.dll [327168 2010-06-18] (Microsoft Windows Hardware Compatibility Publisher -> Hewlett-Packard Corporation)
    HKLM\...\Windows x64\Print Processors\hpcpp118: C:\Windows\System32\spool\prtprocs\x64\hpcpp118.dll [467456 2011-11-11] (Microsoft Windows Hardware Compatibility Publisher -> Hewlett-Packard Corporation)
    HKLM\...\Windows x64\Print Processors\hpfpp02t: C:\Windows\System32\spool\prtprocs\x64\hpfpp02t.dll [253440 2010-05-15] (Microsoft Windows Hardware Compatibility Publisher -> Hewlett-Packard Corporation)
    HKLM\...\Windows x64\Print Processors\hpfpp082: C:\Windows\System32\spool\prtprocs\x64\hpfpp082.dll [254976 2008-08-12] (Hewlett-Packard Corporation) [File not signed]
    HKLM\...\Windows x64\Print Processors\hpzpplhn: C:\Windows\System32\spool\prtprocs\x64\hpzpplhn.dll [99840 2008-05-07] (Microsoft Windows Hardware Compatibility Publisher -> Hewlett-Packard Corporation)
    HKLM\...\Print\Monitors\HP Universal Print Monitor: C:\WINDOWS\system32\HPMPW081.DLL [67584 2011-11-11] (Microsoft Windows Hardware Compatibility Publisher -> Hewlett-Packard)
    HKLM\...\Print\Monitors\HPPMOPJL: C:\WINDOWS\system32\hppmopjl.dll [22016 2009-02-25] (Microsoft Windows Hardware Compatibility Publisher -> Hewlett-Packard Company)
    HKLM\...\Print\Monitors\PCL hpf3l02t: C:\WINDOWS\system32\hpf3l02t.dll [138752 2010-05-15] (Microsoft Windows Hardware Compatibility Publisher -> Hewlett-Packard Company)
    HKLM\...\Print\Monitors\PCL hpf3l082: C:\WINDOWS\system32\hpf3l082.dll [131072 2008-08-12] (Hewlett-Packard Company) [File not signed]
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2014-08-16]
    ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett Packard -> Hewlett-Packard Co.)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk.disabled [2010-09-14]
    ShortcutTarget: HP Digital Imaging Monitor.lnk.disabled -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett Packard -> Hewlett-Packard Co.)
    EmptyTemp:
    C:\Windows\Temp\*.*

    *****************

    Processes closed successfully.
    Restore point was successfully created.
    C:\WINDOWS\system32\GroupPolicy\Machine => moved successfully
    C:\WINDOWS\system32\GroupPolicy\GPT.ini => moved successfully
    C:\WINDOWS\SysWOW64\GroupPolicy\GPT.ini => moved successfully
    C:\ProgramData\NTUSER.pol => moved successfully
    HKLM\SOFTWARE\Policies\Mozilla => removed successfully
    HKLM\SOFTWARE\Policies\Google => removed successfully
    HKU\S-1-5-21-1192574728-1841427162-4075779397-1000\SOFTWARE\Policies\Google => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0242EEF7-7092-4A4E-A078-3CB693073231}" => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0242EEF7-7092-4A4E-A078-3CB693073231}" => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d" => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{076A58C9-C053-4E39-9850-AB69D2F68D22}" => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{076A58C9-C053-4E39-9850-AB69D2F68D22}" => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d" => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{102C6229-B1A5-4200-9795-1758673B9EC4}" => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{102C6229-B1A5-4200-9795-1758673B9EC4}" => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UNP\RunCampaignManager" => not found
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{14DA1789-EB8D-4A9F-99D6-9B3AA501C554}" => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{14DA1789-EB8D-4A9F-99D6-9B3AA501C554}" => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{362CF9C0-E2DA-4FB8-9173-8BDEB98B8BF4}" => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{362CF9C0-E2DA-4FB8-9173-8BDEB98B8BF4}" => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3A4C6FFB-2414-4C07-8120-ECE93E82B540}" => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3A4C6FFB-2414-4C07-8120-ECE93E82B540}" => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d" => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{544EF222-E964-464F-A87E-BEA3D8D61D1C}" => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{544EF222-E964-464F-A87E-BEA3D8D61D1C}" => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess" => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5D4CA8BB-AEE4-4AFC-A6A3-93E60F33E019}" => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5D4CA8BB-AEE4-4AFC-A6A3-93E60F33E019}" => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime" => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6637FC96-DC3B-4861-B9C7-B985D05C943E}" => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6637FC96-DC3B-4861-B9C7-B985D05C943E}" => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-Weekend" => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{68626C0A-4B37-4C8A-9E88-6D429F050ED8}" => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{68626C0A-4B37-4C8A-9E88-6D429F050ED8}" => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime" => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{79E837AC-E154-42AA-B67C-6345E8B872C8}" => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{79E837AC-E154-42AA-B67C-6345E8B872C8}" => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\OfficeSoftwareProtectionPlatform\SvcRestartTask" => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{90725F84-79AF-4EE3-B272-88130A63334C}" => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{90725F84-79AF-4EE3-B272-88130A63334C}" => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d" => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AEEB9992-DB4E-4162-8E59-73B99B5C5BFB}" => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AEEB9992-DB4E-4162-8E59-73B99B5C5BFB}" => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d" => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C0B244BD-D6C0-43FD-80AC-CC61720DDD40}" => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C0B244BD-D6C0-43FD-80AC-CC61720DDD40}" => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d" => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D6A15A93-52C9-4A33-B8DD-49471D36E2DE}" => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D6A15A93-52C9-4A33-B8DD-49471D36E2DE}" => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D74C3BDA-3D0D-4778-827E-66A3CE256617}" => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D74C3BDA-3D0D-4778-827E-66A3CE256617}" => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent" => removed successfully
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer => removed successfully
    C:\Users\Joakim\AppData\Roaming\Mozilla\Firefox\Profiles\o3zit03n.Joakim\user.js => moved successfully
    C:\Program Files (x86)\BlueGriffon\extensions\csseditor@bluegriffon.com.xpi => path removed successfully
    C:\Program Files (x86)\BlueGriffon\extensions\eyedropper@bluegriffon.com.xpi => path removed successfully
    C:\Program Files (x86)\BlueGriffon\extensions\fs@bluegriffon.com.xpi => path removed successfully
    C:\Program Files (x86)\BlueGriffon\extensions\gfd@bluegriffon.com.xpi => path removed successfully
    C:\Program Files (x86)\BlueGriffon\extensions\markdown@bluegriffon.com.xpi => path removed successfully
    C:\Program Files (x86)\BlueGriffon\extensions\mathml@bluegriffon.com.xpi => path removed successfully
    C:\Program Files (x86)\BlueGriffon\extensions\op1@bluegriffon.com.xpi => path removed successfully
    C:\Program Files (x86)\BlueGriffon\extensions\snippets@bluegriffon.com.xpi => path removed successfully
    C:\Program Files (x86)\BlueGriffon\extensions\svg-edit@googlegroups.com.xpi => path removed successfully
    C:\Program Files (x86)\BlueGriffon\extensions\tablelayout@bluegriffon.com.xpi => path removed successfully
    C:\Program Files (x86)\BlueGriffon\extensions\templatesManager@bluegriffon.com.xpi => path removed successfully
    C:\Program Files (x86)\BlueGriffon\extensions\thumbnailer@bluegriffon.com.xpi => path removed successfully
    C:\Program Files (x86)\BlueGriffon\extensions\tipoftheday@bluegriffon.com.xpi => path removed successfully
    "HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\smartwebprinting@hp.com" => removed successfully
    C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 => moved successfully
    HKLM\Software\Wow6432Node\MozillaPlugins\@veetle.com/vbp;version=0.9.17 => removed successfully
    C:\Program Files\mozilla firefox\defaults\pref\antibeacon.js => moved successfully
    C:\Program Files\mozilla firefox\mozilla.cfg => moved successfully
    HPSLPSVC => Service stopped successfully.
    HKLM\System\CurrentControlSet\Services\HPSLPSVC => removed successfully
    HPSLPSVC => service removed successfully
    HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\Gadgets => removed successfully
    C:\ProgramData\TEMP => ":C8B8CEBD" ADS removed successfully
    HKU\S-1-5-21-1192574728-1841427162-4075779397-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} => removed successfully
    HKU\S-1-5-21-1192574728-1841427162-4075779397-1011\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} => removed successfully
    HKU\S-1-5-21-1192574728-1841427162-4075779397-1013\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} => removed successfully
    HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0347C33E-8762-4905-BF09-768834316C61} => removed successfully
    HKLM\Software\Wow6432Node\Classes\CLSID\{0347C33E-8762-4905-BF09-768834316C61} => removed successfully
    HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} => removed successfully
    HKLM\Software\Wow6432Node\Classes\CLSID\{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} => removed successfully
    "HKU\S-1-5-21-1192574728-1841427162-4075779397-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3}" => removed successfully
    "HKU\S-1-5-21-1192574728-1841427162-4075779397-1011\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3}" => removed successfully
    "HKU\S-1-5-21-1192574728-1841427162-4075779397-1011\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440}" => removed successfully
    "HKU\S-1-5-21-1192574728-1841427162-4075779397-1013\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3}" => removed successfully
    "HKU\S-1-5-21-1192574728-1841427162-4075779397-1013\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440}" => removed successfully
    HKLM\Software\Classes\PROTOCOLS\Handler\skype4com => removed successfully
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acronis => moved successfully
    C:\Program Files (x86)\Acronis => moved successfully
    "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\Acronis Scheduler2 Service" => removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Acronis Scheduler2 Service" => not found
    "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{6873E13E-24DE-407A-A7B8-12AF79C93580}" => removed successfully
    HP Officejet Pro 8000 A809 Series (HKLM\...\{A9E695CB-A6AA-4B4C-9754-BA3CFF1C3B00}) (Version: 14.0 - HP) => Error: No automatic fix found for this entry.
    HP Smart Web Printing 4.60 (HKLM\...\HP Smart Web Printing) (Version: 4.60 - HP) => Error: No automatic fix found for this entry.
    HKLM\System\CurrentControlSet\Control\Print\Environments\Windows x64\Print Processors\hpcpp104 => removed successfully
    HKLM\System\CurrentControlSet\Control\Print\Environments\Windows x64\Print Processors\hpcpp118 => removed successfully
    HKLM\System\CurrentControlSet\Control\Print\Environments\Windows x64\Print Processors\hpfpp02t => removed successfully
    HKLM\System\CurrentControlSet\Control\Print\Environments\Windows x64\Print Processors\hpfpp082 => removed successfully
    HKLM\System\CurrentControlSet\Control\Print\Environments\Windows x64\Print Processors\hpzpplhn => removed successfully
    HKLM\System\CurrentControlSet\Control\Print\Monitors\HP Universal Print Monitor => removed successfully
    HKLM\System\CurrentControlSet\Control\Print\Monitors\HPPMOPJL => removed successfully
    HKLM\System\CurrentControlSet\Control\Print\Monitors\PCL hpf3l02t => removed successfully
    HKLM\System\CurrentControlSet\Control\Print\Monitors\PCL hpf3l082 => removed successfully
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk => moved successfully
    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe => moved successfully
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk.disabled => moved successfully
    "C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe" => not found

    =========== "C:\Windows\Temp\*.*" ==========

    C:\Windows\Temp\.ses => moved successfully
    C:\Windows\Temp\af397ef28e484961ba48646a5d38cf54.db.ses => moved successfully
    C:\Windows\Temp\hpqddsvc.log => moved successfully
    C:\Windows\Temp\HPSLPSVC0000.log => moved successfully
    C:\Windows\Temp\HPSLPSVC0001.log => moved successfully
    C:\Windows\Temp\HPSLPSVC0002.log => moved successfully
    C:\Windows\Temp\HPSLPSVC0003.log => moved successfully
    C:\Windows\Temp\HPSLPSVC0004.log => moved successfully
    C:\Windows\Temp\HPSLPSVC0005.log => moved successfully
    C:\Windows\Temp\HPSLPSVC0006.log => moved successfully
    C:\Windows\Temp\HPSLPSVC0007.log => moved successfully
    C:\Windows\Temp\HPSLPSVC0008.log => moved successfully
    C:\Windows\Temp\HPSLPSVC0009.log => moved successfully
    C:\Windows\Temp\HPSLPSVC0010.log => moved successfully
    C:\Windows\Temp\HPSLPSVC0011.log => moved successfully
    C:\Windows\Temp\HPSLPSVC0012.log => moved successfully
    C:\Windows\Temp\mat-debug-11156.log => moved successfully
    C:\Windows\Temp\mat-debug-13380.log => moved successfully
    C:\Windows\Temp\mat-debug-14284.log => moved successfully
    C:\Windows\Temp\mat-debug-15152.log => moved successfully
    C:\Windows\Temp\mat-debug-19492.log => moved successfully
    C:\Windows\Temp\mat-debug-2208.log => moved successfully
    C:\Windows\Temp\mat-debug-2508.log => moved successfully
    C:\Windows\Temp\mat-debug-7176.log => moved successfully
    C:\Windows\Temp\mat-debug-8892.log => moved successfully
    C:\Windows\Temp\MpCmdRun.log => moved successfully
    C:\Windows\Temp\MpSigStub.log => moved successfully
    C:\Windows\Temp\msedge_installer.log => moved successfully
    C:\Windows\Temp\TBitDefenderUpdaterThread.log => moved successfully
    C:\Windows\Temp\TSpybotUpdaterThread.log => moved successfully
    C:\Windows\Temp\vminst.log => moved successfully

    ========= End -> "C:\Windows\Temp\*.*" ========


    =========== EmptyTemp: ==========

    BITS transfer queue => 9461760 B
    DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 126533893 B
    Java, Flash, Steam htmlcache => 26825 B
    Windows/system/drivers => 142658 B
    Edge => 5627791 B
    Firefox => 1134414959 B
    Opera => 0 B

    Temp, IE cache, history, cookies, recent:
    Default => 23330 B
    ProgramData => 23330 B
    Public => 23330 B
    systemprofile => 23330 B
    systemprofile32 => 23330 B
    LocalService => 146848 B
    NetworkService => 815926 B
    Joakim => 344107141 B
    Acronis Agent User => 344146855 B
    Acronis Agent User 2 => 344186569 B
    boinc_master => 344226283 B
    DefaultAppPool => 344265997 B

    RecycleBin => 0 B
    EmptyTemp: => 2.8 GB temporary data Removed.

    ================================


    The system needed a reboot.

    ==== End of Fixlog 18:25:03 ====
    here is adwCleaner scan log
    # -------------------------------
    # Malwarebytes AdwCleaner 8.2.0.0
    # -------------------------------
    # Build: 03-22-2021
    # Database: 2021-03-22.1 (Cloud)
    # Support: https://www.malwarebytes.com/support
    #
    # -------------------------------
    # Mode: Scan
    # -------------------------------
    # Start: 03-24-2021
    # Duration: 00:00:37
    # OS: Windows 10 Pro
    # Scanned: 31980
    # Detected: 21


    ***** [ Services ] *****

    No malicious services found.

    ***** [ Folders ] *****

    No malicious folders found.

    ***** [ Files ] *****

    No malicious files found.

    ***** [ DLL ] *****

    No malicious DLLs found.

    ***** [ WMI ] *****

    No malicious WMI found.

    ***** [ Shortcuts ] *****

    No malicious shortcuts found.

    ***** [ Tasks ] *****

    No malicious tasks found.

    ***** [ Registry ] *****

    PUP.Optional.AuslogicsBoostSpeed HKLM\SOFTWARE\CLASSES\INTERFACE\{DCC049B0-CA04-4E58-B4C8-CE62AC6F5096}
    PUP.Optional.AuslogicsBoostSpeed HKLM\SOFTWARE\CLASSES\TYPELIB\{FE9301D5-9266-4A2F-8767-85482115CAB0}
    PUP.Optional.AuslogicsBoostSpeed HKLM\Software\Wow6432Node\\CLASSES\INTERFACE\{DCC049B0-CA04-4E58-B4C8-CE62AC6F5096}
    PUP.Optional.AuslogicsBoostSpeed HKLM\Software\Wow6432Node\\CLASSES\TYPELIB\{FE9301D5-9266-4A2F-8767-85482115CAB0}
    PUP.Optional.Legacy HKCU\Software\AppDataLow\Software\Smartbar
    PUP.Optional.Legacy HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|Web Companion
    PUP.Optional.Legacy HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\dospop.com
    PUP.Optional.Legacy HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\incredibar.com
    PUP.Optional.Legacy HKCU\Software\YahooPartnerToolbar
    PUP.Optional.Legacy HKLM\Software\Classes\AppID\{278029E0-2347-4254-A65E-204AC55E2508}
    PUP.Optional.Legacy HKLM\Software\Microsoft\Shared Tools\MSConfig\startupreg\ApnUpdater
    PUP.Optional.Legacy HKLM\Software\Wow6432Node\\Classes\AppID\{278029E0-2347-4254-A65E-204AC55E2508}
    PUP.Optional.Legacy HKLM\Software\Wow6432Node\\Classes\CLSID\{00B11DA2-75ED-4364-ABA5-9A95B1F5E946}
    PUP.Optional.Legacy HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\dospop.com
    PUP.Optional.Legacy HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\incredibar.com
    PUP.Optional.Legacy HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\dospop.com
    PUP.Optional.Legacy HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\incredibar.com
    PUP.Optional.WebCompanion HKCU\Software\Lavasoft\Web Companion
    PUP.Optional.WebCompanion HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com
    PUP.Optional.WebCompanion HKLM\Software\Wow6432Node\Lavasoft\Web Companion
    PUP.Optional.ZoltaRegistryCleaner HKCU\Software\Little Registry Cleaner

    ***** [ Chromium (and derivatives) ] *****

    No malicious Chromium entries found.

    ***** [ Chromium URLs ] *****

    No malicious Chromium URLs found.

    ***** [ Firefox (and derivatives) ] *****

    No malicious Firefox entries found.

    ***** [ Firefox URLs ] *****

    No malicious Firefox URLs found.

    ***** [ Hosts File Entries ] *****

    No malicious hosts file entries found.

    ***** [ Preinstalled Software ] *****

    No Preinstalled Software found.



    ########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S00].txt ##########
    and here the adwCleaner clean log
    # -------------------------------
    # Malwarebytes AdwCleaner 8.2.0.0
    # -------------------------------
    # Build: 03-22-2021
    # Database: 2021-03-22.1 (Cloud)
    # Support: https://www.malwarebytes.com/support
    #
    # -------------------------------
    # Mode: Clean
    # -------------------------------
    # Start: 03-24-2021
    # Duration: 00:00:11
    # OS: Windows 10 Pro
    # Cleaned: 21
    # Failed: 0


    ***** [ Services ] *****

    No malicious services cleaned.

    ***** [ Folders ] *****

    No malicious folders cleaned.

    ***** [ Files ] *****

    No malicious files cleaned.

    ***** [ DLL ] *****

    No malicious DLLs cleaned.

    ***** [ WMI ] *****

    No malicious WMI cleaned.

    ***** [ Shortcuts ] *****

    No malicious shortcuts cleaned.

    ***** [ Tasks ] *****

    No malicious tasks cleaned.

    ***** [ Registry ] *****

    Deleted HKCU\Software\AppDataLow\Software\Smartbar
    Deleted HKCU\Software\Lavasoft\Web Companion
    Deleted HKCU\Software\Little Registry Cleaner
    Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|Web Companion
    Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com
    Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\dospop.com
    Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\incredibar.com
    Deleted HKCU\Software\YahooPartnerToolbar
    Deleted HKLM\SOFTWARE\CLASSES\INTERFACE\{DCC049B0-CA04-4E58-B4C8-CE62AC6F5096}
    Deleted HKLM\SOFTWARE\CLASSES\TYPELIB\{FE9301D5-9266-4A2F-8767-85482115CAB0}
    Deleted HKLM\Software\Classes\AppID\{278029E0-2347-4254-A65E-204AC55E2508}
    Deleted HKLM\Software\Microsoft\Shared Tools\MSConfig\startupreg\ApnUpdater
    Deleted HKLM\Software\Wow6432Node\Lavasoft\Web Companion
    Deleted HKLM\Software\Wow6432Node\\CLASSES\INTERFACE\{DCC049B0-CA04-4E58-B4C8-CE62AC6F5096}
    Deleted HKLM\Software\Wow6432Node\\CLASSES\TYPELIB\{FE9301D5-9266-4A2F-8767-85482115CAB0}
    Deleted HKLM\Software\Wow6432Node\\Classes\AppID\{278029E0-2347-4254-A65E-204AC55E2508}
    Deleted HKLM\Software\Wow6432Node\\Classes\CLSID\{00B11DA2-75ED-4364-ABA5-9A95B1F5E946}
    Deleted HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\dospop.com
    Deleted HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\incredibar.com
    Deleted HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\dospop.com
    Deleted HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\incredibar.com

    ***** [ Chromium (and derivatives) ] *****

    No malicious Chromium entries cleaned.

    ***** [ Chromium URLs ] *****

    No malicious Chromium URLs cleaned.

    ***** [ Firefox (and derivatives) ] *****

    No malicious Firefox entries cleaned.

    ***** [ Firefox URLs ] *****

    No malicious Firefox URLs cleaned.

    ***** [ Hosts File Entries ] *****

    No malicious hosts file entries cleaned.

    ***** [ Preinstalled Software ] *****

    No Preinstalled Software cleaned.


    *************************

    [+] remove_folder_Auslogics
    [+] remove_folder_Auslogics(2)
    [+] remove_folder_Auslogics(3)
    [+] remove_folder_Auslogics(4)
    [+] remove_regKey_Auslogics
    [+] Delete Tracing Keys
    [+] Reset Winsock

    *************************

    AdwCleaner[S00].txt - [3653 octets] - [24/03/2021 19:04:02]

    ########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########
    As for Malwarebytes Anti-Malware, I have version 1.70 Pro installed and realize that's maybe a bit oldish (or historic may be the Cultural word). I have simply kept it around as a "second opinion" as I went on a tour in the anti-virus/maleware landscape ending up with Windows Defender, and then recently decided to give S&D as 2nd chance as I noticed AV now also was incorporated.

    So, would I be better of uninstall my 1.70 and go for what you suggested above?

    As for the original problem I came here for, it seems that my HDD still is cheawing away... just by the sound of it, but will have to take a closer look at that once this phase is done.

    Joakim/yettyn
    Life on Earth is expensive but it includes a free trip around the Sun every year.

  4. #4
    Security Expert Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    3,974

    Default

    As for Malwarebytes Anti-Malware, I have version 1.70 Pro installed and realize that's maybe a bit oldish
    It is.
    Have you allowed it to upgrade when prompted?

    So, would I be better of uninstall my 1.70 and go for what you suggested above?
    Is this an app your have a paid subscription for?

    If not, we can download a free version of the most current which has a 30 day? trial for the premium.

    IF, you uninstall the version of Malwabytes you have already on the machine follow the below.

    You may have Malwarebytes Anti-Malware installed but if not, you can download it from here:
    • run the program
    • click on the ‘Dashboard’ to make sure everything is up to date, (it is not necessary to upgrade to the premium version of MBAM)
    • click on the ‘Scan’ tab, (directly below the Dashboard tab)
    • select the Threat Scan option
    • slick the Scan Now button
    • Threat Scan will begin
    • when the scan has completed and if malware was found, click the Quarantine Selected button to allow MBAM to quarantine what was found
    • if prompted to restart the computer, close all other programs and click Yes to restart your computer
    • once you are back at your desktop, open MBAM once more
    • click on the ‘Reports’ tab
    • double-click on the most recent Scan Report
    • click on Export, then Copy to Clipboard



    You posted the Malwarebytes AdwCleaner 8.2.0.0 twice.


    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

  5. #5
    Member
    Join Date
    Feb 2008
    Posts
    50

    Default

    Quote Originally Posted by Juliet View Post
    It is.
    Have you allowed it to upgrade when prompted?
    Yes, it has allowed me to update definitions before scanning, that's why I have kept it as a backup. I just use it to scan, not the real time protection as I have S&D for that.

    Quote Originally Posted by Juliet View Post
    Is this an app your have a paid subscription for?
    Not any more, bought it almost 10 years ago I think, I don't quite remember, but as it have allowed me to update definitions...


    Quote Originally Posted by Juliet View Post
    You posted the Malwarebytes AdwCleaner 8.2.0.0 twice.
    It created 2 logs, one for the scan and one for the cleaning, so I posted both.

    Regarding the FRST fix, it said it removed the Acronis and HP stuff sucessfully, however, then I look in the CP's Programs & Features, as well as the new Apps interface in Win settings, they are still there. Also the specific Acronis accounts are still there, and a few others I don't quite know why as I haven't created them myself. The boinc accounts I know was created by the software used as "donated" CPU time to a research project, but I have since uninstalled that software.

    So which of these accounts can I safely remove?
    ==================== Accounts: =============================

    Acronis Agent User (S-1-5-21-1192574728-1841427162-4075779397-1011 - Administrator - Enabled) => C:\Users\Acronis Agent User
    Acronis Agent User 2 (S-1-5-21-1192574728-1841427162-4075779397-1013 - Administrator - Enabled) => C:\Users\Acronis Agent User 2
    Administrator (S-1-5-21-1192574728-1841427162-4075779397-500 - Administrator - Disabled)
    boinc_master (S-1-5-21-1192574728-1841427162-4075779397-1016 - Limited - Enabled) => C:\Users\boinc_master
    boinc_project (S-1-5-21-1192574728-1841427162-4075779397-1017 - Limited - Enabled)
    DefaultAccount (S-1-5-21-1192574728-1841427162-4075779397-503 - Limited - Disabled)
    Guest (S-1-5-21-1192574728-1841427162-4075779397-501 - Limited - Disabled)
    Joakim (S-1-5-21-1192574728-1841427162-4075779397-1000 - Administrator - Enabled) => C:\Users\Joakim
    WDAGUtilityAccount (S-1-5-21-1192574728-1841427162-4075779397-504 - Limited - Disabled)
    Joakim is my personal account I have created with admin permissions and the only one I personally login to use.

    I will get back with the malwarebytes scan. My cat is very ill and I have to nurse/monitor him basically 24/7 so a bit hard to stay sharp here...

    Thanks again.

    Joakim
    Life on Earth is expensive but it includes a free trip around the Sun every year.

  6. #6
    Security Expert Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    3,974

    Default

    So which of these accounts can I safely remove?
    ==================== Accounts: =============================

    Acronis Agent User (S-1-5-21-1192574728-1841427162-4075779397-1011 - Administrator - Enabled) => C:\Users\Acronis Agent User
    Acronis Agent User 2 (S-1-5-21-1192574728-1841427162-4075779397-1013 - Administrator - Enabled) => C:\Users\Acronis Agent User 2
    I would delete the ones listed with the Acronis name.

    When your finished scanning please post the logs.
    I personally wont be able to get back till morning.
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

  7. #7
    Security Expert Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    3,974

    Default

    How is it today?
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

  8. #8
    Member
    Join Date
    Feb 2008
    Posts
    50

    Thumbs up

    Hi and sorry for my absence, I got caught up in other matters that couldn't wait.

    Meanwhile, I think I have solved the problem with my mysterious malware constantly plaguing my HDD... and I think it falls outside of the type that is dealt with here, but it's called "WofCompressedData", the new henchman of Microsoft latest invention "Compact OS". I spotted this by an incident as I was watching Windows's Resource Monitor and Google soon solved the mystery on my behalf.

    I opened an elevated command prompt and ran:
    compact /compactos:query

    and got:
    The system is in the compact state

    Apparently, someone took the decision for me, without my consent afaik and began to compact all files in my system, which explains the constantly ongoing HDD chewing and loss of not only performance but also rendering some of my old favorite programs non-functional, like VB6. So problem solved really, well I still have to restore my system to a functional uncompressed state, but that's not really a matter for this forum.
    For anyone running into the same coming here, here are a few urls that basically tells you all you need to know:
    https://www.tenforums.com/general-su...make-stop.html
    https://devblogs.microsoft.com/oldne...8-00/?p=102597
    https://docs.microsoft.com/en-us/win...top/compact-os

    As for Malwarebytes Anti-Malware, I decided to uninstall my antique version and try the modern brand, and... I have to say I didn't like it. It's not as bad as the other Bloatware like Avast, AVG etc. but I can see the signs, once having been a great fan of Avast just to eventually have it ruin my system... so it's uninstalled already and for now I will stick with S&D only. I ran the scan and it was clean, except for that it flagged a few of my own programs that contains encryption (but not to hide any mal), with I use in work with my clients. So I'm not gonna post that.

    Acronis and the HP software still hangs in the "Programs and Features" installed list, refusing to uninstall but now when I know I'm not really infected I can probably tackle that in other ways, as it's not really a matter for this forum. In anyway, it's been an educational experience and I'm grateful and very much appreciate the assistance you have given. You folks are doing a great job here, donating your time helping those in need.

    Thank you
    Life on Earth is expensive but it includes a free trip around the Sun every year.

  9. #9
    Security Expert Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    3,974

    Default

    Personal matters take precedence.

    Sounds like the system was doing a backup compiling files first.....

    I was glad to help with what I could.

    Let's delete the tools and folders I had you download.



    Use this tool to remove quarantined items:

    Please download KpRm by Kernel-panik and save to your Desktop.
    • Click on KpRm.exe to run the tool.

      Vista/Windows 7/8/10 users right-click and select Run As Administrator.
    • Put a check mark next to these items:

      - Delete tools
      - Delete now
    • Click the "Run" button.
    • When the tool has finished, it will create and open a log report and delete itself.
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

  10. #10
    Security Expert Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    3,974

    Default

    Glad we could help.
    Since this issue appears resolved ... this Topic is closed.
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •