Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Browser(s) hijacked; all standard tools give clean bill of health!


  • This topic is locked This topic is locked
17 replies to this topic

#1 AmooXerxes

AmooXerxes

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:36 PM

Posted 12 September 2016 - 08:06 PM

First time poster here. I'd like to thank, in advance, the administrators and creators for their benevolence and kindness.
 
I have managed to install a browser hijacker malware, while attempting to install an engineering calculator (my sloppy behavior!). As such, all browsers have been hijacked with the normal, adware/malware behavior: frequent redirects to malicious sites, hijacked homepage, sluggish behavior, added search bar (randomly comes and goes), etc. Installing another browser after the fact (Firefox), demonstrated similar behavior. the standard browsers I use are Chrome and Edge. Some info:
 
OS: Win 10-64
no illegal, cracked, pirated, or otherwise content on my system (I know, hard to believe!)
initial installed malware: Filefinder
observed redirects: tech-connect.biz, play-bar.net, isanalyze, and MAAANY more!
standard security: (standard windows stuff) + Kapersky Internet Security V.17 (bug went past all!)
 
actions taken thus far:
Malwarebytes (caught the tech-connect files; no change)
manually cleaned up some registry entries associated with: Filefinder and Webitar LLC (the apparent, proud creators, legally operating under our wonderful government's nose!)
Kaspersky full scan (nothing noteworthy)
Spybot (all good results)
rKill (all good results)
JRT (generic)
AdwCleaner (some generic cookie removal; all good results)
ComboFix (hmmm, don't remember any noteworthy results! didn't do anything dangerous, manually :)
HitmanPro (some generic cleanup; didn't seem to have caught anything of value)
and of course, Farbar - didn't seem to find anything either, though, it may have escaped my (untrained) scrutiny looking through the long reports; FRST results are attached.
 
I have reset the extensions, setting, etc., in chrome. The only recovered behavior is getting back control of the home page. Went down to only Google Docs and Google Docs Offline extensions, to no avail.
 
Not an expert, but, don't see any suspicious installed apps, no alarming directories in system drawers (unhidden), a few registry entries which I could associate with the culprit and removed (had to change key ownership first). The system seems to boot slower, and, the browsers aren't as responsive. They work most of the time, but, every couple of minutes I get a redirect, or, simply clicking anywhere on the browser opens a new tab, or, takes the current tab to a new page, most often caught as malicious by Kaspersky (which I've always had). It seems to like bing as the search engine; hmmmm!
 
The adware and redirects are, of course, annoying in the least. I'm afraid whatever agent is responsible may be doing more, though! Hate to wake up one morning and find some poor soul paying for my mortgage and all my credit card bills :)
 
Thank you, again, for any insight you may be able to share.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 31-08-2016
Ran by Saeed (administrator) on SAEED-MAIN (10-09-2016 17:41:12)
Running from C:\Users\Saeed\Downloads
Loaded Profiles: Saeed (Available Profiles: Saeed & DefaultAppPool)
Platform: Windows 10 Home Version 1511 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
(Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTServ.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsusFanControlService\1.02.00\AsusFanControlService.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(3Dconnexion) C:\Program Files\3Dconnexion\3DxWare\3DxWinCore64\Mgl3DCtlrRPCService.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Intuit) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe
(arvato digital services llc) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\avp.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
() C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.31.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.31.5\GoogleCrashHandler64.exe
() C:\Program Files\ATI Technologies\ATI.ACE\a4\AdaptiveSleepService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 1.0\ksde.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\DIGI+ Power Control\PowerControlHelp.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\avpui.exe
() C:\Program Files (x86)\ASUS\AI Suite II\EasyUpdate\EzUpdt.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 1.0\ksdeui.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\TurboVHelp.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\USB 3.0 Boost\U3BoostSvr64.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\EPU\EPUHelp.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(3Dconnexion, INC) C:\Program Files\3Dconnexion\3DxWare\3DxWinCore64\3DxService.exe
(Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe
(3Dconnexion) C:\Program Files\3Dconnexion\3DxWare\3DxWinCore64\3dxpiemenus.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe
(3Dconnexion) C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\3DxLCD10SPPRO.exe
(3Dconnexion) C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\zz3DxLCD20Mail.exe
(3Dconnexion) C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\zz3DxLCD30Calendar.exe
(3Dconnexion) C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\zz3DxLCD40Task.exe
(3Dconnexion) C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\zz3DxLCD50RSSReader.exe
(3Dconnexion) C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\zz3DxLCD60Picture.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\cnext.exe
() C:\Users\Saeed\AppData\Local\Amazon Music\Amazon Music Helper.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
(Intuit Inc.) C:\Program Files (x86)\Intuit\QuickBooks 2011\QBW32.EXE
(Dassault Systèmes SolidWorks Corp.) C:\Program Files\SolidWorks Corp\SolidWorks\sldworks_fs.exe
(Dassault Systèmes SolidWorks Corp.) C:\Program Files\SolidWorks Corp\SOLIDWORKS (2)\sldworks_fs.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7200984 2014-07-09] (Realtek Semiconductor)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\System32\LogiLDA.dll [3933496 2012-09-20] (Logitech, Inc.)
HKLM\...\Run: [THXCfg64] => C:\Windows\system32\THXCfg64.dll [26624 2011-05-13] (Creative Technology Ltd.)
HKLM\...\Run: [RunDLLEntry] => C:\Windows\system32\AmbRunE.dll [17920 2009-02-26] (Creative Technology Ltd.)
HKLM\...\Run: [3DxWare Service] => C:\Program Files\3Dconnexion\3DxWare\3DxWinCore64\3DxService.exe [2157440 2014-06-23] (3Dconnexion, INC)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3100440 2014-05-19] (Logitech, Inc.)
HKLM\...\Run: [StartCN] => C:\Program Files\AMD\CNext\CNext\cnext.exe [4866760 2015-11-29] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [THX Audio Control Panel] => C:\Program Files (x86)\Creative\Sound Blaster X-Fi MB 2\THXAudioCP\THXAudio.exe [1517056 2011-08-29] (Creative Technology Ltd)
HKLM-x32\...\Run: [UpdReg] => C:\Windows\UpdReg.EXE
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [285240 2012-11-19] (Intel Corporation)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [ASUS AiChargerPlus Execute] => C:\Program Files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe [550272 2013-01-28] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [Intuit SyncManager] => C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe [3761464 2013-09-30] (Intuit Inc. All rights reserved.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2015-08-06] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4127488 2015-06-16] (Safer-Networking Ltd.)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-3537868688-3037064431-4150770311-1000\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2014-07-03] (Google Inc.)
HKU\S-1-5-21-3537868688-3037064431-4150770311-1000\...\Run: [Amazon Music] => C:\Users\Saeed\AppData\Local\Amazon Music\Amazon Music Helper.exe [5887808 2015-10-07] ()
HKU\S-1-5-21-3537868688-3037064431-4150770311-1000\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
HKU\S-1-5-21-3537868688-3037064431-4150770311-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [31744 2015-10-30] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Intuit Data Protect.lnk [2016-09-08]
ShortcutTarget: Intuit Data Protect.lnk -> C:\Program Files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.exe (Intuit Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk [2016-09-08]
ShortcutTarget: QuickBooks Update Agent.lnk -> C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks_Standard_21.lnk [2016-09-08]
ShortcutTarget: QuickBooks_Standard_21.lnk -> C:\Program Files (x86)\Intuit\QuickBooks 2011\QBW32.EXE (Intuit Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SolidWorks 2014 Fast Start.lnk [2016-09-08]
ShortcutTarget: SolidWorks 2014 Fast Start.lnk -> C:\Windows\Installer\{4FFA60C4-9A8B-4C9E-8265-2241B266304C}\NewShortcut2_87EDF6C81D0A4B7B84F42FE0C6A9D608.exe (Flexera Software LLC)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SOLIDWORKS 2016 Fast Start.lnk [2016-09-08]
ShortcutTarget: SOLIDWORKS 2016 Fast Start.lnk -> C:\Windows\Installer\{768F3B65-1695-47B7-9002-B11400CB111D}\NewShortcut2_87EDF6C81D0A4B7B84F42FE0C6A9D608.exe (Flexera Software LLC)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SolidWorks Background Downloader.lnk [2016-09-08]
ShortcutTarget: SolidWorks Background Downloader.lnk -> C:\Program Files (x86)\Common Files\SOLIDWORKS Installation Manager\BackgroundDownloading\sldBgDwld.exe (Dassault Systèmes SolidWorks Corp.)
Startup: C:\Users\Saeed\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk [2016-09-08]
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

AutoConfigURL: [S-1-5-21-3537868688-3037064431-4150770311-1000] => hxxp://non-block.com/wpad.dat?9af934ac0601a149b7c23bb86f2d24de16119913
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{7e205a33-ca35-4f3a-83d7-de07ade0e184}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{cfee8848-4d32-45c6-a5b5-6c03b336707c}: [DhcpNameServer] 8.8.8.8 8.8.4.4
ManualProxies: 0hxxp://non-block.com/wpad.dat?9af934ac0601a149b7c23bb86f2d24de16119913

Internet Explorer:
==================
BHO: Kaspersky Protection -> {2E38825B-8815-42CF-9126-C58BC28D4591} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\x64\IEExt\ie_plugin.dll [2016-06-28] (AO Kaspersky Lab)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-26] (Google Inc.)
BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll [2014-05-19] (Logitech, Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\ssv.dll [2016-08-30] (Oracle Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-26] (Google Inc.)
BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll [2014-05-19] (Logitech, Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\jp2ssv.dll [2016-08-30] (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-26] (Google Inc.)
Toolbar: HKLM - Kaspersky Protection Toolbar - {093F479D-712E-46CD-9E06-62E734A05F68} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\x64\IEExt\ie_plugin.dll [2016-06-28] (AO Kaspersky Lab)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-26] (Google Inc.)
Toolbar: HKU\S-1-5-21-3537868688-3037064431-4150770311-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-26] (Google Inc.)
DPF: HKLM-x32 {AB6633A8-60A9-4F5D-B66C-ABE268CC3227} hxxps://www.solidworks.com/sw/support/subscription/sldimdownload.cab
Handler-x32: intu-help-qb4 - {ACE22922-D07C-4860-B51B-8CF472FEC2CB} - C:\Program Files (x86)\Intuit\QuickBooks 2011\HelpAsyncPluggableProtocol.dll [2014-02-03] (Intuit, Inc.)
Handler-x32: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\WINDOWS\system32\mscoree.dll [2015-10-30] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Saeed\AppData\Roaming\Mozilla\Firefox\Profiles\vbpnau9b.default
FF Plugin: 3ds.com/ComposerPlayerWebPlugin_x86_64 -> C:\PROGRA~1\SOLIDW~1\SO3CD7~1\Bin\NPCOMP~1.DLL [2016-04-05] (Dassault Systemes)
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_22_0_0_209.dll [2016-07-12] ()
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: 3ds.com/ComposerPlayerWebPlugin -> C:\PROGRA~1\SOLIDW~1\SO3CD7~1\Bin\x86\NPCOMP~1.DLL [2016-04-05] (Dassault Systemes)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_22_0_0_209.dll [2016-07-12] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-16] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-16] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.101.2 -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\dtplugin\npDeployJava1.dll [2016-08-30] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.101.2 -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\plugin2\npjp2.dll [2016-08-30] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-06-30] (Adobe Systems Inc.)
FF Extension: (Firefox Hotfix) - C:\Users\Saeed\AppData\Roaming\Mozilla\Firefox\Profiles\vbpnau9b.default\Extensions\firefox-hotfix@mozilla.org.xpi [2016-09-10]
FF HKLM\...\Firefox\Extensions: [light_plugin_F6F079488B53499DB99380A7E11A93F6@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\FFExt\light_plugin_firefox\addon.xpi
FF Extension: (Kaspersky Protection) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\FFExt\light_plugin_firefox\addon.xpi [2016-06-28]
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: (Logitech SetPoint) - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2014-07-06] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [light_plugin_F6F079488B53499DB99380A7E11A93F6@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\FFExt\light_plugin_firefox\addon.xpi

Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com
CHR StartupUrls: Default -> "hxxps://www.google.com/"
CHR Profile: C:\Users\Saeed\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Saeed\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-04]
CHR Extension: (Google Drive) - C:\Users\Saeed\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-22]
CHR Extension: (YouTube) - C:\Users\Saeed\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-27]
CHR Extension: (Google Search) - C:\Users\Saeed\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-28]
CHR Extension: (Kaspersky Protection) - C:\Users\Saeed\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhoibnponjcgjgcnfacekaijdbbplhib [2016-08-15]
CHR Extension: (Google Docs Offline) - C:\Users\Saeed\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-14]
CHR Extension: (ShopifyFD Dashboard Tool) - C:\Users\Saeed\AppData\Local\Google\Chrome\User Data\Default\Extensions\lffljkleilfpjlmcdnoaghhcbnemelge [2016-08-29]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Saeed\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-01]
CHR Extension: (Gmail) - C:\Users\Saeed\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-30]
CHR Extension: (Chrome Media Router) - C:\Users\Saeed\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-09-10]
CHR Profile: C:\Users\Saeed\AppData\Local\Google\Chrome\User Data\Profile 1
CHR HKLM\...\Chrome\Extension: [fhoibnponjcgjgcnfacekaijdbbplhib] - hxxps://chrome.google.com/webstore/detail/fhoibnponjcgjgcnfacekaijdbbplhib
CHR HKLM-x32\...\Chrome\Extension: [fhoibnponjcgjgcnfacekaijdbbplhib] - hxxps://chrome.google.com/webstore/detail/fhoibnponjcgjgcnfacekaijdbbplhib

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdaptiveSleepService; C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe [138752 2015-11-29] () [File not signed]
R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe [920736 2012-06-01] ()
R2 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe [951936 2012-06-01] (ASUSTeK Computer Inc.)
R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe [149120 2012-02-16] (ASUSTeK Computer Inc.)
R2 AsusFanControlService; C:\Program Files (x86)\ASUS\AsusFanControlService\1.02.00\AsusFanControlService.exe [1632256 2012-11-09] (ASUSTeK Computer Inc.) [File not signed]
R2 AVP17.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\avp.exe [241544 2016-06-28] (AO Kaspersky Lab)
S3 CoordinatorServiceHost; C:\Program Files\SOLIDWORKS Corp\SOLIDWORKS (2)\swScheduler\DTSCoordinatorService.exe [80792 2016-04-06] (Dassault Systèmes SolidWorks Corporation)
S3 Creative ALchemy AL6 Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [79360 2014-07-03] (Creative Labs) [File not signed]
S3 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2014-07-03] (Creative Labs) [File not signed]
R2 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [294912 2010-12-27] (Creative Technology Ltd) [File not signed]
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel® Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-09-16] (Intel Corporation)
S3 klvssbrigde64; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\x64\vssbridge64.exe [77328 2016-06-28] (AO Kaspersky Lab)
R2 KSDE1.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 1.0\ksde.exe [241544 2016-06-28] (AO Kaspersky Lab)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
R2 Mgl3DCtlrRPCService; C:\Program Files\3Dconnexion\3DxWare\3DxWinCore64\Mgl3DCtlrRPCService.exe [30208 2014-06-23] (3Dconnexion) [File not signed]
R2 PSI_SVC_2_x64; c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [337776 2014-04-30] (arvato digital services llc)
R2 QBCFMonitorService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [45056 2014-02-03] (Intuit) [File not signed]
S3 QBFCService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [61440 2009-07-23] (Intuit Inc.) [File not signed]
R2 QBVSS; C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe [1248256 2013-11-27] (Intuit Inc.) [File not signed]
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1750712 2015-06-16] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2102496 2015-06-16] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [224712 2015-07-24] (Safer-Networking Ltd.)
S3 SolidWorks Licensing Service; C:\Program Files (x86)\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe [79360 2014-07-04] (SolidWorks) [File not signed]
S3 vmicvss; C:\Windows\System32\ICSvc.dll [511488 2015-10-30] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2016-06-30] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 3dxhid; C:\Windows\System32\drivers\3dxhid.sys [39184 2014-12-10] (3Dconnexion SAM)
R3 AiChargerPlus; C:\Windows\SysWow64\drivers\AiChargerPlus.sys [14848 2013-01-28] (ASUSTek Computer Inc.)
S0 amdkmafd; C:\Windows\System32\drivers\amdkmafd.sys [40720 2015-07-28] (Advanced Micro Devices, Inc.)
R0 asahci64; C:\Windows\System32\drivers\asahci64.sys [49760 2012-01-06] (Asmedia Technology)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2012-08-22] ()
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2012-09-13] ()
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWT6.sys [111120 2016-02-10] (Advanced Micro Devices)
R0 cm_km; C:\Windows\System32\DRIVERS\cm_km.sys [238936 2016-06-10] (AO Kaspersky Lab)
S3 dg_ssudbus; C:\Windows\system32\DRIVERS\ssudbus.sys [129152 2016-04-25] (Samsung Electronics Co., Ltd.)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [554416 2016-06-02] (AO Kaspersky Lab)
R0 klbackupdisk; C:\Windows\System32\DRIVERS\klbackupdisk.sys [63920 2016-06-07] (AO Kaspersky Lab)
R1 klbackupflt; C:\Windows\System32\DRIVERS\klbackupflt.sys [86352 2016-06-15] (AO Kaspersky Lab)
R2 kldisk; C:\Windows\system32\DRIVERS\kldisk.sys [78216 2016-05-31] (AO Kaspersky Lab)
S0 klelam; C:\Windows\System32\DRIVERS\klelam.sys [28792 2016-03-31] (AO Kaspersky Lab)
R3 klflt; C:\Windows\system32\DRIVERS\klflt.sys [191312 2016-06-26] (AO Kaspersky Lab)
R1 klhk; C:\Windows\system32\DRIVERS\klhk.sys [435032 2016-09-07] (AO Kaspersky Lab)
R3 klids; C:\ProgramData\Kaspersky Lab\AVP17.0.0\Bases\klids.sys [182360 2016-09-07] (AO Kaspersky Lab)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [1012056 2016-09-07] (AO Kaspersky Lab)
R1 KLIM6; C:\Windows\system32\DRIVERS\klim6.sys [50008 2016-09-07] (AO Kaspersky Lab)
R3 klkbdflt; C:\Windows\system32\DRIVERS\klkbdflt.sys [52136 2016-05-19] (AO Kaspersky Lab)
R3 klmouflt; C:\Windows\system32\DRIVERS\klmouflt.sys [41656 2015-06-07] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [45488 2016-05-31] (AO Kaspersky Lab)
R3 kltap; C:\Windows\System32\drivers\kltap.sys [52152 2016-06-07] (The OpenVPN Project)
U0 klupd_klif_arkmon; C:\Windows\System32\Drivers\klupd_klif_arkmon.sys [223528 2016-08-23] (AO Kaspersky Lab)
U3 klupd_klif_klark; C:\Windows\System32\Drivers\klupd_klif_klark.sys [252560 2016-08-24] (AO Kaspersky Lab)
U0 klupd_klif_klbg; C:\Windows\System32\Drivers\klupd_klif_klbg.sys [112336 2016-08-24] (AO Kaspersky Lab)
U3 klupd_klif_mark; C:\Windows\System32\Drivers\klupd_klif_mark.sys [167904 2016-08-23] (AO Kaspersky Lab)
R1 klwfp; C:\Windows\system32\DRIVERS\klwfp.sys [85320 2016-06-18] (AO Kaspersky Lab)
R1 Klwtp; C:\Windows\system32\DRIVERS\klwtp.sys [127896 2016-09-07] (AO Kaspersky Lab)
R3 KMJHidMini; C:\Windows\System32\drivers\3dxkmj.sys [18944 2014-05-12] (3Dconnextion Inc.)
R3 KMJShim; C:\Windows\System32\drivers\3dxshim.sys [7168 2014-05-12] (3Dconnextion Inc.)
R1 kneps; C:\Windows\system32\DRIVERS\kneps.sys [194480 2016-06-14] (AO Kaspersky Lab)
R3 LGPBTDD; C:\Windows\System32\Drivers\LGPBTDD.sys [30728 2009-07-01] (Logitech Inc.)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2016-09-10] (Malwarebytes)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [65408 2016-03-10] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-16] (Intel Corporation)
S3 ssudmdm; C:\Windows\system32\DRIVERS\ssudmdm.sys [221824 2016-04-25] (Samsung Electronics Co., Ltd.)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
U3 idsvc; no ImagePath
U3 wpcsvc; no ImagePath

========================== Drivers MD5 =======================

C:\Windows\System32\drivers\1394ohci.sys DF1C3D7E6C7929AD83BE22852B5B08CB
C:\Windows\System32\drivers\3dxhid.sys F43A6DAAF8082227AEDF8E39703267F6
C:\Windows\System32\drivers\3ware.sys 2C5B3035B86770ADD2FE9BFBAF5B35A4
C:\Windows\System32\drivers\ACPI.sys 469441BAE3FF8A16826FC62C51EF5E18
C:\Windows\System32\Drivers\acpiex.sys 7EADED8087C392876521F7EBCE846EF4
C:\Windows\System32\drivers\acpipagr.sys C498887123327CDFD73A05E7A2780920
C:\Windows\System32\drivers\acpipmi.sys C8DBE6EFFCF014CAA010B9BDDAC833EC
C:\Windows\System32\drivers\acpitime.sys 17039DBEB3B7B9ADCDB4B4533AA9771F
C:\Windows\System32\drivers\ADP80XX.SYS F7D0CD345D2DA42E7042ABCD73662403
C:\Windows\system32\drivers\afd.sys 70148EFA9A562E7185B75BBE7D376BF7
C:\Windows\System32\drivers\agp440.sys 870F1A2C936F92B5D053DF7EC75B352F
C:\Windows\System32\DRIVERS\ahcache.sys 3DF7751D5DC6525E7DC6617FBB45054F
C:\Windows\SysWow64\drivers\AiChargerPlus.sys 4BFB41025FA1C37205EDEEFDE36F7771
C:\Windows\System32\drivers\amdk8.sys B70F0F2F54B4A4DB6E9C830454752F5A
C:\Windows\System32\drivers\amdkmafd.sys B28145E732EDEBBEDABC311DBA56D52A
C:\Windows\system32\DRIVERS\atikmdag.sys 56E11C0684BAC10F8F3AA5AB6B764DF8
C:\Windows\system32\DRIVERS\atikmpag.sys 010AD6B61664F933172DA05049ECCDD4
C:\Windows\System32\drivers\amdppm.sys 35E890482C9728DD5C552B85DA8A5AB2
C:\Windows\System32\drivers\amdsata.sys 5B30BCFE6E02E45D3EE268FF001BC5E0
C:\Windows\System32\drivers\amdsbs.sys F20B30F35A5C7888441B4DCA001ECF8E
C:\Windows\System32\drivers\amdxata.sys AFE838D7576C581D6483529621AB10CC
C:\Windows\System32\drivers\appid.sys EDDB0D726DBECDFC1DBCC6DB464E5A13
C:\Windows\System32\drivers\arcsas.sys E3FE8F610B1CC12BC3B2E6BC43DC97E2
C:\Windows\System32\drivers\asahci64.sys EB6DC008A1F36DFD7999EB57E97EAACE
C:\Windows\SysWow64\drivers\AsIO.sys 798DE15F187C1F013095BBBEB6FB6197
C:\Windows\SysWow64\drivers\AsUpIO.sys 1392B92179B07B672720763D9B1028A5
C:\Windows\System32\drivers\asyncmac.sys 5E00748A1AD246CAECBBB7553BED36CC
C:\Windows\System32\drivers\atapi.sys 492B99D2E3D5D7BFD5F0AE1BE7BD37DD
C:\Windows\system32\drivers\AtihdWT6.sys 7FFB1E6F81C7BFD5B64D02A5B344B1D2
C:\Windows\System32\drivers\bxvbda.sys 6447BA6FA709514B6C803D159B4C7D1E
C:\Windows\System32\drivers\BasicDisplay.sys B4AC08B1D04D0CE085435E5CD0E663C5
C:\Windows\System32\drivers\BasicRender.sys 25B5BB369DEE2BAE4BF459C978FF9035
C:\Windows\System32\drivers\bcmfn.sys 3F5523DCEFE42B385659C5CB46A6B810
C:\Windows\System32\drivers\bcmfn2.sys 0B750A6A6D847E73CA48ADD7A0F5A393
C:\Windows\System32\Drivers\Beep.sys 5A88834AEE15D97695FAE0837B73B3E4
C:\Windows\System32\DRIVERS\bowser.sys DA2C6F7ACE392193C424FEA975C5BFFB
C:\Windows\System32\drivers\BthAvrcpTg.sys CAEC7BC11AF69A181AF7932E636E09E4
C:\Windows\System32\drivers\bthhfenum.sys 5F2B4B32E986C058525D3BA2A475A16C
C:\Windows\System32\drivers\BthHFHid.sys 5406289E8AE2CB52FC408154E0A64BA7
C:\Windows\System32\drivers\bthmodem.sys A76F20CCCA31895A1DA78A875E50F946
C:\Windows\System32\drivers\buttonconverter.sys BF89BDBA5D3A0B4256D3F6FC8D31880D
C:\Windows\System32\drivers\capimg.sys C24C27FDF93B85A4EFCF25F830253AA2
C:\Windows\System32\DRIVERS\cdfs.sys 7F9C7226D743B232907ED2537B8A574F
C:\Windows\System32\drivers\cdrom.sys 82D97776BF982AA143BDC7DFB5054EA8
C:\Windows\System32\drivers\circlass.sys 0505C1D991D0F9D47F3353BB98597C7E
C:\Windows\System32\drivers\CLFS.sys 8B4B39C507ABA09AAFE8E3932D1B392C
C:\Windows\System32\drivers\CmBatt.sys 95832B049E2833B9F5189823CDF946C7
C:\Windows\System32\DRIVERS\cm_km.sys B29A764A1E76473CD9D64C9438705C19
C:\Windows\System32\Drivers\cng.sys 570BA8E8E1E3064A7D92F862B7F59B60
C:\Windows\System32\DRIVERS\cnghwassist.sys 58D640BC2294C71BDE0953F12D4B432F
C:\Windows\System32\DriverStore\FileRepository\compositebus.inf_amd64_912dfdedc3d2f520\CompositeBus.sys 14F9883588398A1BDE49C75098C75DE6
C:\Windows\System32\drivers\condrv.sys 02B8E49148DE5E0A2F6FDF28CE94A6AC
C:\Windows\System32\drivers\dam.sys 2619DC483579DB9FE804044C1ADFFD1A
C:\Windows\System32\Drivers\dfsc.sys 935823F79CBEDB91637B63D37E3A5A36
C:\Windows\system32\DRIVERS\ssudbus.sys D722BC26F7431A4DA9A183E56CA9FEE3
C:\Windows\System32\drivers\disk.sys 4904B152E4942BF700F2D73228B4D477
C:\Windows\System32\drivers\dmvsc.sys 0197AE4B9790A4E73751CACFAA480126
C:\Windows\System32\drivers\drmkaud.sys 25FA06D3B49D6ADF8E874FFCDCD76B50
C:\Windows\System32\drivers\dxgkrnl.sys E5EF652F8C880EC48A4E827698416338
C:\Windows\System32\drivers\e1i63x64.sys E716140ACA798A5EC48531F0739A0290
C:\Windows\System32\drivers\evbda.sys 491275B864B704B54EC08168344E0F38
C:\Windows\System32\drivers\EhStorClass.sys CEF108FCE06892CFA5F1B49527D4BF49
C:\Windows\System32\drivers\EhStorTcgDrv.sys 5B1EAAE3001A7A320C106FC3859F4111
C:\Windows\System32\drivers\errdev.sys 7A2705148A4BB3CA255F81624338B461
C:\Windows\System32\Drivers\exfat.sys DFE8A33FBCF6F38182631A4D6097B92D
C:\Windows\System32\Drivers\fastfat.sys C330883C06E2D4CE4F6982F048265D37
C:\Windows\System32\drivers\fdc.sys 9D299AE86D671488926126A84DF77BFD
C:\Windows\System32\drivers\filecrypt.sys 8F2523C9D8F1448FF2156452AF60FA00
C:\Windows\System32\drivers\fileinfo.sys 92ECCFA58C8195B8EA33ED942469D4E6
C:\Windows\System32\drivers\filetrace.sys 87C51FDD50C17882BA93E28BBABB9847
C:\Windows\System32\drivers\flpydisk.sys E99261DD76D1C9E05AF575939CAE5AC5
C:\Windows\System32\drivers\fltmgr.sys 25D7A58625E1453E40D36825DE74E4F1
C:\Windows\System32\drivers\FsDepends.sys B4175E8BE60B099686FF55CA7D692316
C:\Windows\System32\Drivers\Fs_Rec.sys CC71372CEB811A72F1DC99089C5CBF53
C:\Windows\System32\DRIVERS\fvevol.sys 50DFE05C698E9B0A63D95E3D669A105C
C:\Windows\System32\drivers\gagp30kx.sys B9981A4CB9F728B3312A3885BFAA7204
C:\Windows\System32\drivers\vmgencounter.sys 77555B11B264991DDC26872FFCF1AB97
C:\Windows\System32\drivers\genericusbfn.sys F3AC9652D88BF87BA6596CBEA28CE10F
C:\Windows\System32\Drivers\msgpioclx.sys F802FBABF0C4DF1BAA733187B2E476F5
C:\Windows\System32\drivers\gpuenergydrv.sys D011B0ADB15F4815310CE1BF4780B33E
C:\Windows\System32\drivers\HDAudBus.sys 84BC034B6BB763733C1949B7B9BAF976
C:\Windows\System32\drivers\HidBatt.sys 6B8CB114B8E64C0636EB49F7B914D1FC
C:\Windows\System32\drivers\hidbth.sys D1AD197CCDAAC0CB4819DA1D6EB17BAE
C:\Windows\System32\drivers\hidi2c.sys 64909DECCFCC6FB5D9A5BAFDCCB31FEE
C:\Windows\System32\drivers\hidinterrupt.sys F510F7B7BF61DEAAC04E65C3B65E8D59
C:\Windows\System32\drivers\hidir.sys 90F3ED42D423C942BA5EA54E2FFE7AC7
C:\Windows\System32\drivers\hidusb.sys 128DEDDD61915DBA4D451D91D21F0513
C:\Windows\System32\drivers\HpSAMD.sys FF442DCDCE1F6E9FAA9C8AD0CD1D199B
C:\Windows\System32\drivers\HTTP.sys 63C3F74DC398A1C1A77E39DFB9C312CA
C:\Windows\System32\drivers\hwpolicy.sys CBA5E88A0F0475B7F49653BB72150BEF
C:\Windows\System32\drivers\hyperkbd.sys D668FAB4B0397B426EE3D41683B9A1C0
C:\Windows\System32\drivers\i8042prt.sys 53FDD9E69189E546DE4740F8C4D8AB2F
C:\Windows\System32\drivers\iai2c.sys 9A2A2F3C69B9A30B6E78536F6D258BAD
C:\Windows\System32\drivers\iaLPSS2i_I2C.sys 59A20F5AD9F4AE54098154359519408E
C:\Windows\System32\drivers\iaLPSSi_GPIO.sys 16A10CCEDCF5AC4CAAE43DC9FC40392F
C:\Windows\System32\drivers\iaLPSSi_I2C.sys EB82A11613326691508D9ED9A4FE29E7
C:\Windows\System32\drivers\iaStorA.sys AE0C5DF7E7DA3E7AC29B64CFA8C4F044
C:\Windows\System32\drivers\iaStorAV.sys 6B0029A0253098CCE28EACCFDB9E7208
C:\Windows\System32\drivers\iaStorV.sys 9652E1E35A92D8C75710C17A63B15796
C:\Windows\System32\drivers\ibbus.sys FFADF691F7BF727AF5C863454A372723
C:\Windows\System32\drivers\ICCWDT.sys C1010ADD3DDAE1196ED21057AF7B2AAE
C:\Windows\system32\drivers\RTKVHD64.sys 4C60B08DFC8E2543075FF13C9E68DD55
C:\Windows\System32\drivers\intelide.sys ECDB27420D3A98424666904525A8562A
C:\Windows\System32\drivers\intelpep.sys 8FF1978643EFD219C5BA49690191D701
C:\Windows\System32\drivers\intelppm.sys B61B60F36E1C8022FA8166ABF0F66B07
C:\Windows\System32\drivers\ioqos.sys CA0D42029AFFC4514D295E1EF823D02D
C:\Windows\System32\DRIVERS\ipfltdrv.sys 6E3F9D95235DFC9417384080A216F310
C:\Windows\System32\drivers\IPMIDrv.sys 4F527ECB5EAB47D8EAF34A469666C469
C:\Windows\System32\drivers\ipnat.sys 9E5E8F2A1996F23B7E9687846AA81B01
C:\Windows\System32\drivers\irenum.sys C317EB660138BC9CBFE37CCDE56351AE
C:\Windows\System32\drivers\isapnp.sys 531994A6D9399D9B74BE12B5BB58A81E
C:\Windows\System32\drivers\msiscsi.sys 68D5354A4A9692EEC24664C60F47D4A2
C:\Windows\System32\drivers\kbdclass.sys 701D7DB13B0815E7076EF4CB4CE981F8
C:\Windows\System32\drivers\kbdhid.sys 884EBBDDBF5968003B40185BD96FF0E6
C:\Windows\System32\drivers\kdnic.sys 6B3A0C7902811E6372643447E41F7048
C:\Windows\System32\DRIVERS\kl1.sys 97E3E8F35632EECD0ABD2DE6519A9666
C:\Windows\System32\DRIVERS\klbackupdisk.sys B01AD8DA034EE42D4C2282F77FDB03AE
C:\Windows\System32\DRIVERS\klbackupflt.sys 10549B5BFD9A3DCF4FFA6287236FA959
C:\Windows\system32\DRIVERS\kldisk.sys 7DAA9047F50BF5A3F8C147719FC520AF
C:\Windows\System32\DRIVERS\klelam.sys 5766A27C85EE813029831D125D2EFB45
C:\Windows\system32\DRIVERS\klflt.sys 63FD545876EF4248BE3C8788D8270758
C:\Windows\system32\DRIVERS\klhk.sys 3524D3B8F5BEF8C01EAF7EEFFA5EAB3F
C:\ProgramData\Kaspersky Lab\AVP17.0.0\Bases\klids.sys 7796EAD58D8C1A42AAB6B6CA9A3F106C
C:\Windows\System32\DRIVERS\klif.sys BBF9B967A410120E67FB6E7F53E7A7CA
C:\Windows\system32\DRIVERS\klim6.sys DDCD4AF37C41EAAA47E99D9D2605AC8D
C:\Windows\system32\DRIVERS\klkbdflt.sys 5480CC93737F48282552C84FA7EBA59B
C:\Windows\system32\DRIVERS\klmouflt.sys FD47C92A63B6EADEA830BFA96C06EAEE
C:\Windows\System32\DRIVERS\klpd.sys 6B0C605591C892CBB683F63EA47822DC
C:\Windows\System32\drivers\kltap.sys 828B042A95F055648DA190DF6C7AB1B6
C:\Windows\System32\Drivers\klupd_klif_arkmon.sys A10F8B0584926404E5CCF915704D27AA
C:\Windows\System32\Drivers\klupd_klif_klark.sys 3140F62A49A37687EFB50475F960B44A
C:\Windows\System32\Drivers\klupd_klif_klbg.sys 0E1A21C54398C8D8E791718AACF0E1EF
C:\Windows\System32\Drivers\klupd_klif_mark.sys EBC4BEEC7E807C49F9BC7546E5A67FEF
C:\Windows\system32\DRIVERS\klwfp.sys 4C5305295B51BA72FC9C8CDAB32F95C3
C:\Windows\system32\DRIVERS\klwtp.sys 9A234E6404390862643FDD2EBFDE41FA
C:\Windows\System32\drivers\3dxkmj.sys 7D78A7B19ABA781BBF75EC7EF8407668
C:\Windows\System32\drivers\3dxshim.sys C3D4347EDAFA5D6022277BA4D5BCBF2A
C:\Windows\system32\DRIVERS\kneps.sys 67EFD862ACEFCB9687523832C62FA584
C:\Windows\System32\Drivers\ksecdd.sys 982C795DE20CED7AEDD2E7899B5D9BC1
C:\Windows\System32\Drivers\ksecpkg.sys C2138FE291C8235C3A26CD04EE629163
C:\Windows\system32\drivers\ksthunk.sys E9BB0023D730701BB5D9839B44F5E6B5
C:\Windows\system32\DRIVERS\LEqdUsb.Sys 5EA1731968F2FD0E950DDCE6D36C5134
C:\Windows\System32\Drivers\LGPBTDD.sys F705A641C18DF31B48B5DBDA94B425E4
C:\Windows\system32\DRIVERS\LHidEqd.Sys 50AC0930F05DFB996F085B49E112E5C9
C:\Windows\system32\DRIVERS\LHidFilt.Sys 96EB043E2843B5A87A486D0BC6921094
C:\Windows\System32\drivers\lltdio.sys EC34EED89C34B27C292166B725AC7A7B
C:\Windows\system32\DRIVERS\LMouFilt.Sys A5C1DA229B3B660BBF3BDC30ADBFBB61
C:\Windows\System32\drivers\lsi_sas.sys 961F28D879D345BFA50AF51285C90F2E
C:\Windows\System32\drivers\lsi_sas2i.sys 6BFB8D1B3407518BE06B6F81F92FA0F5
C:\Windows\System32\drivers\lsi_sas3i.sys BE0E47988D78F731DEC2C0CB03E765CB
C:\Windows\System32\drivers\lsi_sss.sys F99BF02BE9219986817BF094981EEB18
C:\Windows\system32\drivers\luafv.sys 2FCF837196082864F66CFD9CAB256275
C:\WINDOWS\system32\drivers\mbam.sys 78BFF5425E044086E74E78650A359FBB
C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys 78488AF2AB2111D67B3C4044707A519B
C:\WINDOWS\system32\drivers\mwac.sys 898415AC0B5F1D2A9A48ABCB68A6DC4B
C:\Windows\System32\drivers\megasas.sys 2ED29B635F35E31A1C0D3DDB7DD2AD03
C:\Windows\System32\drivers\megasr.sys 22E3CB85870879CBAE13C5095A8B12E3
C:\Windows\system32\DRIVERS\TeeDriverx64.sys E0EF6C1399A9B1AAA0B28590411BED04
C:\Windows\System32\drivers\mlx4_bus.sys D41920FBFFF2BBCBBC69A5B383AD022E
C:\Windows\system32\drivers\mmcss.sys 64BD0C87064EA20C2D3DC4199F9C239C
C:\Windows\System32\drivers\modem.sys 8D4B46FA84A3A3702EDADD37FAC6EDBA
C:\Windows\System32\drivers\monitor.sys 78FEC1BDB168370F131BFBFEA0A04E9D
C:\Windows\System32\drivers\mouclass.sys D1CC0833CFBC4222A95CAA5D0C8C78FF
C:\Windows\System32\drivers\mouhid.sys C2E05EC6B80BCF5AE362DA873E1BCE64
C:\Windows\System32\drivers\mountmgr.sys D5B7668A8F6C67C51FA5C6C513396D6C
C:\Windows\System32\drivers\mpsdrv.sys 5FBCB85D127BE21E3A9DAF11A13C00EA
C:\Windows\System32\drivers\mqac.sys 2B9A1FF2450BAF7A795941BE471F16EF
C:\Windows\system32\drivers\mrxdav.sys BF6CA7EA5ECD6CF72D3D76652A9B8280
C:\Windows\System32\DRIVERS\mrxsmb.sys 0B3B0C1D86050355676640488FA897D3
C:\Windows\System32\DRIVERS\mrxsmb10.sys 1A490555FD330CA2764D89191177C867
C:\Windows\System32\DRIVERS\mrxsmb20.sys 0F47A6C09F0A7FB5513D322A2B9BE4EC
C:\Windows\System32\drivers\bridge.sys A4411C522D41707D5BCA817A5BB9E30B
C:\Windows\System32\Drivers\Msfs.sys D123343DDB02E372B02BF2C4293F835F
C:\Windows\System32\drivers\msgpiowin32.sys B3358F380BA3F29F56BE0F7734C24D5F
C:\Windows\System32\drivers\mshidkmdf.sys B2044D5D125F249680508EC0B2AAEFAC
C:\Windows\System32\drivers\mshidumdf.sys 36ABE7FC80BED4FE44754AE5CFB51432
C:\Windows\System32\drivers\msisadrv.sys 59307FEAFC9E72EEEC56B7FD7D294F4C
C:\Windows\system32\DRIVERS\MSKSSRV.sys E9457EDFEBC774199F907395C6D09CA2
C:\Windows\System32\drivers\mslldp.sys C85D79735641D27C5821C35ECDDC2334
C:\Windows\system32\DRIVERS\MSPCLOCK.sys EF75184B64356850D0F04D049C253526
C:\Windows\system32\DRIVERS\MSPQM.sys 543933D166C618E7588EA77707EC1683
C:\Windows\System32\Drivers\MsRPC.sys 182711E9DDF70121A20EBB61B2DFB9E8
C:\Windows\System32\drivers\mssmbios.sys E887FFDD6734C496407E9219225CB6FF
C:\Windows\system32\DRIVERS\MSTEE.sys 83A2AB75951000D681FABDB80C07AEFC
C:\Windows\System32\drivers\MTConfig.sys 4FA0483896FC16583851EFB733FCB083
C:\Windows\System32\Drivers\mup.sys 60F88248608315E13391C2F1C3B4473F
C:\Windows\System32\drivers\mvumis.sys 218705233D02776AE4D19CC37D985C1B
C:\Windows\System32\DRIVERS\nwifi.sys 549DFD8240CF20BFBD88AD9D89325DBF
C:\Windows\System32\drivers\ndfltr.sys B57CE307DA101C739885B7CC0678077F
C:\Windows\System32\drivers\ndis.sys E582DA849A58524E645545FB68B6625D
C:\Windows\System32\drivers\ndiscap.sys 202260E7CDD731A32AF62ABD1ABEE008
C:\Windows\System32\drivers\NdisImPlatform.sys A1D473D0CF10561F29B58EA7C5412A92
C:\Windows\System32\DRIVERS\ndistapi.sys 1A0AE283B8DE6BB76412A0F8213D45AC
C:\Windows\System32\drivers\ndisuio.sys A74EE2D2C0BFF5EC3A6185791868C4CA
C:\Windows\System32\drivers\NdisVirtualBus.sys 32A9BD1342640D48AD85C8B3E812B984
C:\Windows\System32\drivers\ndiswan.sys 6A6A8CF5EE61801375A38EBB871D4057
C:\Windows\System32\DRIVERS\ndiswan.sys 6A6A8CF5EE61801375A38EBB871D4057
C:\Windows\System32\DRIVERS\NDProxy.sys 50AEF8EF0064A91ABB08D858D039C9DE
C:\Windows\System32\drivers\Ndu.sys 883A36E2FF7FA3E1281CB575579FE3AF
C:\Windows\System32\drivers\netbios.sys 026618ECF6C4BEBDCB7885D42EC0DBE4
C:\Windows\System32\DRIVERS\netbt.sys C03E926B0E7D66D68994067231DC3246
C:\Windows\System32\Drivers\Npfs.sys 465DC580170CD844206D7E3EF1DBF2A1
C:\Windows\System32\drivers\npsvctrig.sys 29395C214D2CD4C81F73166AB988A797
C:\Windows\System32\drivers\nsiproxy.sys 2871225495F832A8C8A7DD1A17EDB3DC
C:\Windows\System32\Drivers\NTFS.sys 19BD8A88AAC580592668B070AC0727D9
C:\Windows\System32\Drivers\Null.sys 6DBD703320484C37CEA9E4E2D266A8CE
C:\Windows\System32\drivers\nvraid.sys 604D27CC38CC23493F218D0BB834B3FF
C:\Windows\System32\drivers\nvstor.sys 8B50D897657AB4A15FD9E251BBF7D107
C:\Windows\System32\drivers\nv_agp.sys 31F990B2B6B91E9D7A667405CE12FCB1
C:\Windows\System32\drivers\parport.sys 7D0FC96264C0F8F2C1321E33E8EB646C
C:\Windows\System32\drivers\partmgr.sys D330D74B5F99309B5CCA30AE41C57CDE
C:\Windows\System32\drivers\pci.sys 3F89E96BDA0A24A3D2DBB7CE1E625589
C:\Windows\System32\drivers\pciide.sys 2B4D98DF0CA57FB9536DBC80D2449D1F
C:\Windows\System32\drivers\pcmcia.sys F4D5793BF2E58AF15C6CF2FEEF9E73EB
C:\Windows\System32\drivers\pcw.sys 22A53744CEEADFFFD33BA010FAD95229
C:\Windows\System32\drivers\pdc.sys 34DDBE73E42A4EDED7BEFF66F270C1A4
C:\Windows\System32\drivers\peauth.sys E2F8376F9731D12A009C522036C6073A
C:\Windows\System32\drivers\percsas2i.sys 1398A85E59698067CBBE1D66A9C13ADF
C:\Windows\System32\drivers\percsas3i.sys 35F7C7AD709D909D618D9EDF987FC3ED
C:\Windows\System32\drivers\raspptp.sys 5BA6B9AD03B81546BA64E488C4EF9D17
C:\Windows\System32\drivers\processr.sys 21AECFF3EB5748CBE12538A2500EFDE5
C:\Windows\System32\drivers\pacer.sys 596FB6C5A72F34B7566930985E543806
C:\Windows\system32\drivers\qwavedrv.sys CFBA9C976CBF6796E5DC39EF59984021
C:\Windows\System32\DRIVERS\rasacd.sys 7B2AD8C55217B514C14281AB97B4E21D
C:\Windows\System32\drivers\AgileVpn.sys E15A9CE1E2E7D1C8DF97A4FC1FFE6289
C:\Windows\System32\drivers\rasl2tp.sys E3C82823B22463BC38AA4F8ADA852624
C:\Windows\System32\DRIVERS\raspppoe.sys 3369023EB5790A75BA7DABA14B75D922
C:\Windows\System32\drivers\rassstp.sys 1E32A8CD65C4AD0A827CFEB13034DA29
C:\Windows\System32\DRIVERS\rdbss.sys 1BB74617AE07539EC7C31C93F98644C7
C:\Windows\System32\drivers\rdpbus.sys D0221C13960E274CC539D72D5A842ED0
C:\Windows\System32\drivers\rdpdr.sys 1DC2CC74B51E4DC4CD5A20C1021E4010
C:\Windows\System32\drivers\rdpvideominiport.sys 177DF954D0DEC0465A380C75F6E7F65F
C:\Windows\System32\drivers\rdyboost.sys 5D1680871054D2B0B8A971BC8AB3B837
C:\Windows\System32\Drivers\ReFSv1.sys 341E6830DA70F65730300DAB4CB0B490
C:\Windows\System32\drivers\rspndr.sys 0AC5FCDC29ED97ECDEF1276425EE2059
C:\Windows\System32\drivers\vms3cap.sys 044890BB0D6CF1E23C1087234D320509
C:\Windows\System32\drivers\sbp2port.sys 530F797129776AA7E81994783A97E2AD
C:\Windows\System32\DRIVERS\scfilter.sys 9B6B1D4DB35A3D9BEAF023BC95E1F49D
C:\Windows\System32\drivers\sdbus.sys 1CDA6D0A2345AA589949AE9C83853913
C:\Windows\System32\drivers\sdstor.sys DE6D7DC78D956928F59F7415A0F41E13
C:\Windows\System32\drivers\SerCx.sys 67585C295FF2D221679E376B68893B35
C:\Windows\System32\drivers\SerCx2.sys B8C4852CBCAAC1374C08EC7445443824
C:\Windows\System32\drivers\serenum.sys D3A103944A8FCD78FD48B2B19092790C
C:\Windows\System32\drivers\serial.sys 249A563C48DFD9E42A37587653E003BB
C:\Windows\System32\drivers\sermouse.sys 0F5B43074AE731D2C6F061241C9D84A6
C:\Windows\System32\drivers\sfloppy.sys D9FE59276BD56A9643C32D5FACE2F251
C:\Windows\System32\drivers\SiSRaid2.sys ABBE803FE0BDAE0E5BE74DDEFBE62F23
C:\Windows\System32\drivers\sisraid4.sys 6043DF55CFE3C7ACF477645FA64DEA98
C:\Windows\System32\drivers\spaceport.sys 1A6CB30F0EFC1632E6F1B852CA892583
C:\Windows\System32\drivers\SpbCx.sys E1C158F6C00359278727A2CEE5D2ED71
C:\Windows\System32\DRIVERS\srv.sys BE88248427A6AA548A904FD867667F70
C:\Windows\System32\DRIVERS\srv2.sys 2568B86F6A50D254324CB89022CA9EFC
C:\Windows\System32\DRIVERS\srvnet.sys 6E520D6B16EA8AE23D1F81C1194F00C8
C:\Windows\system32\DRIVERS\ssudmdm.sys 36C3697CA09B23C77BDF95A6B0B57310
C:\Windows\System32\drivers\stexstor.sys CCDA497C880AD16D87EDFAEFCFB2EDF5
C:\Windows\System32\drivers\storahci.sys BF8EA6FC3358C2F69678E3E94F764F84
C:\Windows\System32\drivers\vmstorfl.sys 32FF460DA8C1F370F5C08B7654899B73
C:\Windows\System32\drivers\stornvme.sys CC21DB3EF619B9480FE31A4EFE92CBEB
C:\Windows\System32\drivers\storqosflt.sys 390B8A75768E2689586539C224520895
C:\Windows\System32\drivers\storufs.sys 770A92D9D3A0BF61C97C3AFCB36847D9
C:\Windows\System32\drivers\storvsc.sys 736A2418E3E7F3DB3CF6EB0A55D1D581
C:\Windows\System32\drivers\swenum.sys BD98B0225BCD49E8A62F4F8EE1D1F613
C:\Windows\System32\drivers\Synth3dVsc.sys CAE4B27B469C583131EA5AAE622F5D76
C:\Windows\System32\drivers\tcpip.sys CF63BF6AAEDF721E37F9E216FD321B8E
C:\Windows\System32\drivers\tcpip.sys CF63BF6AAEDF721E37F9E216FD321B8E
C:\Windows\System32\drivers\tcpipreg.sys 17F37EC9042D84561C550620643D9A85
C:\Windows\system32\DRIVERS\tdx.sys 91D3F2A6253EF83EFBD7903028F58C4D
C:\Windows\System32\drivers\terminpt.sys E730D0EB1B84EBC98423FC8D285EDBC0
C:\Windows\System32\drivers\tpm.sys 87B9ABB965F7AF987D52791F0DD1663D
C:\Windows\System32\drivers\TsUsbFlt.sys 48E828C66AB016E48F2CB4DD585315FD
C:\Windows\System32\drivers\TsUsbGD.sys 267C76EE60736EA5A1811A53FA02AABE
C:\Windows\System32\drivers\tunnel.sys 8CE72F094B822AD5EE9C3A3AFC0C16B6
C:\Windows\System32\drivers\uagp35.sys 42C546414F80BD6C0137FC3A106F8A69
C:\Windows\System32\drivers\uaspstor.sys 1686DBC81748B096232B15F16C302985
C:\Windows\System32\Drivers\UcmCx.sys 82D3B1F4D80057826AA649D78147DE36
C:\Windows\System32\drivers\UcmUcsi.sys 1C95F7CE37D9EFB90EBE987A9712356C
C:\Windows\System32\drivers\ucx01000.sys AED081772091C98173905E2DF28C223B
C:\Windows\System32\drivers\udecx.sys DCA34A111C29E4578DF2B8CEA3C7CDBD
C:\Windows\System32\DRIVERS\udfs.sys 718A956AE00CE086F381044AB66CC29C
C:\Windows\System32\drivers\UEFI.sys BA760F8E66428BA9FF1E8BFBC6248136
C:\Windows\System32\drivers\ufx01000.sys 05DD22294A4F3F89E52351C7721E6D2C
C:\Windows\System32\drivers\UfxChipidea.sys 2B1DABA97DDF5365FC66EE7DEDD86A13
C:\Windows\System32\drivers\ufxsynopsys.sys 2A87EA182EA333D79AA0B03833EA67F2
C:\Windows\System32\drivers\uliagpkx.sys 6DE78C04BF32ECA7AF3064F53687C9A5
C:\Windows\System32\drivers\umbus.sys 67D1E0E6E4D5D33AF0AEF0E33B4DA0F4
C:\Windows\System32\drivers\umpass.sys 11680607944A719EF20E0E740785712A
C:\Windows\System32\drivers\urschipidea.sys 2410A0C20D21A25E6C01979FA886BE90
C:\Windows\System32\drivers\urscx01000.sys 6E59CE43B6BA5AA1ADCF36A4DBBB92BB
C:\Windows\System32\drivers\urssynopsys.sys E8A59FA109A22FC07E44BDFCC9727DBD
C:\Windows\System32\drivers\usbccgp.sys D8A44550ECE102B6443F5D54DCE7DAB3
C:\Windows\System32\drivers\usbcir.sys 66B3D22DAB5312FF238ABF5C6D9F8FAB
C:\Windows\System32\drivers\usbehci.sys 3E4F20DB902D2E2914F3FF3DB9772200
C:\Windows\System32\drivers\usbhub.sys 41F7F00D76904416EF1F9EFA1A4C37A2
C:\Windows\System32\drivers\UsbHub3.sys E7463CE8579A0418A98BE9BE42C647D7
C:\Windows\System32\drivers\usbohci.sys DAB35CCA86F5FBE77D870A40089BC4A1
C:\Windows\System32\drivers\usbprint.sys 21162F65C7756AAECAEBED9E67D0A5FE
C:\Windows\System32\drivers\usbser.sys 4AAD6547953D373A1EB5B2DF583D868B
C:\Windows\System32\drivers\USBSTOR.SYS 8949F77132A4F8F3BA17C6727099F002
C:\Windows\System32\drivers\usbuhci.sys 8B3E458A8851F9A3B2109B1680EE1159
C:\Windows\System32\drivers\USBXHCI.SYS 9E9D58F5E1702955B2F4D62996F80E8E
C:\Windows\System32\drivers\vdrvroot.sys E1BE37312785A71862516F66B3FD24CE
C:\Windows\System32\drivers\VerifierExt.sys E42C0F2850735FF9D908B9DB581E6314
C:\Windows\System32\drivers\vhdmp.sys EC15FD6A28757793E2DA394CD94ABD52
C:\Windows\System32\drivers\vhf.sys D0C9632C350F46786643A069251BC249
C:\Windows\System32\drivers\vmbus.sys E886CB75DA2B6EB35469EF10135624C7
C:\Windows\System32\drivers\VMBusHID.sys 46D2EC27820EC0F798F85821E53C2942
C:\Windows\System32\drivers\volmgr.sys B9265F47E7A354BAAA0AF5CBA3F8F7CE
C:\Windows\System32\drivers\volmgrx.sys BEE9C8B72AB752B794F69C2B9B3678AA
C:\Windows\System32\drivers\volsnap.sys E1F91A727A04C9F8199D04FF3BBBF63C
C:\Windows\System32\drivers\vpci.sys F7B1B1101271E31F43CC76E890704F51
C:\Windows\System32\drivers\vsmraid.sys D48ED0A08BD2FD25A833E6AC99623091
C:\Windows\System32\drivers\vstxraid.sys 6990D4AFDF545669D4E6C232F26DE1FB
C:\Windows\System32\drivers\vwifibus.sys 1EE11F0508C58EF081F4176E66D6970B
C:\Windows\System32\drivers\vwififlt.sys 938E4EF58E42D252B742B0E243011B90
C:\Windows\System32\drivers\wacompen.sys 00C27B64C758C111E5D78A70DE6CA2B6
C:\Windows\System32\DRIVERS\wanarp.sys 8CB53620B2C2F0641DD7563EA0FDF491
C:\Windows\System32\DRIVERS\wanarp.sys 8CB53620B2C2F0641DD7563EA0FDF491
C:\Windows\system32\drivers\WdBoot.sys 069D3D6E20AD753B34FCE856F0436869
C:\Windows\System32\drivers\Wdf01000.sys 6CC727E94CD84E9720FDCDA8089CABCC
C:\Windows\system32\drivers\WdFilter.sys E3E97151A1D1E87BB2D5371F66C5F169
C:\Windows\System32\DRIVERS\wdiwifi.sys 2BC2E99623119521EEF7910A11D0FDE0
C:\Windows\System32\Drivers\WdNisDrv.sys 07B043160399AF4009054E2EA3464BF4
C:\Windows\System32\drivers\wfplwfs.sys C11272713719922DE5711094333BD166
C:\Windows\System32\drivers\wimmount.sys EF536C54AB9281FDC4E83B07279FCFC4
C:\Windows\System32\drivers\WindowsTrustedRT.sys D8966A76408107224C6013993135DD78
C:\Windows\System32\drivers\WindowsTrustedRTProxy.sys 8B102A7B6CE326FD4208CC7C2D183343
C:\Windows\System32\drivers\winmad.sys 4A53441C1C4D2878BEF27E381138BB2D
C:\Windows\System32\drivers\WinUSB.SYS 260907CE034FE327AC99BDA4153AB22F
C:\Windows\System32\drivers\winverbs.sys 40A3E8D729F458B2C9A8BD9380FF83D5
C:\Windows\System32\drivers\wmiacpi.sys 8F010BF65238F3F822D22BA12831796E
C:\Windows\System32\Drivers\Wof.sys 2A9650FCC696DB28E45EA8B33B99B8E6
C:\Windows\System32\DRIVERS\wpcfltr.sys 22C52D7EE7C7D0E02C8EFD8CAE8E3A71
C:\Windows\System32\drivers\WpdUpFltr.sys 1C08E424CBDD5065BB7266F8C048C1B1
C:\Windows\system32\drivers\ws2ifsl.sys 638B43D39A3D0B47024555CF1095E6F1
C:\Windows\System32\drivers\WSDPrint.sys F517CB0182B1DA5C0E0FC6B548FF60CC
C:\Windows\System32\drivers\WudfPf.sys A928F25CB62232F413EE655352856E10
C:\Windows\System32\drivers\WudfRd.sys A932391623D5CEC4EF4A2A17D3CEBFCD
C:\Windows\system32\DRIVERS\WUDFRd.sys A932391623D5CEC4EF4A2A17D3CEBFCD
C:\Windows\system32\DRIVERS\WUDFRd.sys A932391623D5CEC4EF4A2A17D3CEBFCD
C:\Windows\System32\drivers\xboxgip.sys F279536122B83FD0D8E158AA753E1B7C
C:\Windows\System32\drivers\xinputhid.sys DA0807D87A62D076C29C4E30F1E84F46

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-09-10 17:41 - 2016-09-10 17:41 - 00055675 _____ C:\Users\Saeed\Downloads\FRST.txt
2016-09-10 17:40 - 2016-09-10 17:41 - 00000000 ____D C:\FRST
2016-09-10 17:40 - 2016-09-10 17:40 - 02397696 _____ (Farbar) C:\Users\Saeed\Downloads\FRST64.exe
2016-09-10 17:20 - 2016-09-10 17:20 - 00001139 _____ C:\Users\Saeed\Desktop\JRT.txt
2016-09-10 17:17 - 2016-09-10 17:17 - 01610560 _____ (Malwarebytes) C:\Users\Saeed\Downloads\JRT.exe
2016-09-10 17:14 - 2016-09-10 17:14 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\Saeed\Downloads\rkill.exe
2016-09-10 17:14 - 2016-09-10 17:14 - 00002198 _____ C:\Users\Saeed\Desktop\Rkill.txt
2016-09-10 17:02 - 2016-09-10 17:05 - 00000000 ____D C:\AdwCleaner
2016-09-10 17:02 - 2016-09-10 17:02 - 03826240 _____ C:\Users\Saeed\Downloads\AdwCleaner.exe
2016-09-10 16:16 - 2016-09-10 17:28 - 00003240 _____ C:\WINDOWS\System32\Tasks\Kaspersky_Upgrade_Launcher_{278ADC42-419D-4547-A6CA-5B74BE0AD901}
2016-09-10 16:03 - 2016-09-10 16:03 - 00156663 _____ C:\Users\Saeed\Downloads\Regdelnull.zip
2016-09-10 16:03 - 2016-09-10 16:03 - 00000000 ____D C:\Users\Saeed\Downloads\Regdelnull
2016-09-10 14:19 - 2016-09-10 14:20 - 54287072 _____ (Microsoft Corporation) C:\Users\Saeed\Downloads\Windows-KB890830-x64-V5.39.exe
2016-09-10 14:01 - 2016-09-10 14:01 - 00000000 ____D C:\Users\Saeed\AppData\Local\Macromedia
2016-09-10 13:45 - 2016-09-10 13:51 - 00000000 ____D C:\Users\Saeed\AppData\Local\Mozilla
2016-09-10 13:45 - 2016-09-10 13:45 - 00001232 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2016-09-10 13:45 - 2016-09-10 13:45 - 00001220 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2016-09-10 13:45 - 2016-09-10 13:45 - 00000000 ____D C:\Users\Saeed\AppData\Roaming\Mozilla
2016-09-10 13:45 - 2016-09-10 13:45 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-09-10 13:45 - 2016-09-10 13:45 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-09-10 13:41 - 2016-09-10 13:45 - 00242136 _____ C:\Users\Saeed\Downloads\Firefox Setup Stub 48.0.2.exe
2016-09-10 13:15 - 2016-09-10 13:15 - 00000000 ____D C:\TDSSKiller_Quarantine
2016-09-10 13:10 - 2016-09-10 13:16 - 00283718 _____ C:\TDSSKiller.3.1.0.11_10.09.2016_13.10.13_log.txt
2016-09-10 13:06 - 2016-09-10 13:09 - 00279582 _____ C:\TDSSKiller.3.1.0.11_10.09.2016_13.06.16_log.txt
2016-09-10 13:02 - 2016-09-10 13:06 - 04747704 _____ (AO Kaspersky Lab) C:\Users\Saeed\Downloads\iexplore.exe
2016-09-09 12:30 - 2015-07-28 17:52 - 00821920 _____ (Safer-Networking Ltd. ) C:\Users\Public\Desktop\Post Win10 Spybot-install.exe
2016-09-09 12:25 - 2016-09-09 12:58 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2016-09-09 12:25 - 2016-09-09 12:32 - 00001464 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2016-09-09 12:25 - 2016-09-09 12:32 - 00001452 _____ C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2016-09-09 12:25 - 2016-09-09 12:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2016-09-09 12:25 - 2016-09-09 12:32 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2016-09-09 12:25 - 2016-09-09 12:25 - 00000000 ____D C:\WINDOWS\System32\Tasks\Safer-Networking
2016-09-09 12:25 - 2015-06-16 17:32 - 00020760 _____ (Safer-Networking Ltd.) C:\WINDOWS\system32\sdnclean64.exe
2016-09-09 12:19 - 2016-09-09 12:24 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\Saeed\Downloads\spybot-2.4.exe
2016-09-09 11:59 - 2016-09-09 11:59 - 05658674 _____ (Swearware) C:\Users\Saeed\Downloads\ComboFix.exe
2016-09-09 00:30 - 2016-09-09 00:39 - 00327962 _____ C:\WINDOWS\ntbtlog.txt
2016-09-09 00:30 - 2016-09-09 00:30 - 00000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2016-09-08 20:44 - 2016-09-08 20:44 - 00893621 _____ C:\Users\Saeed\Downloads\chrome_200_percent.pak
2016-09-08 20:28 - 2016-09-10 17:23 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-09-08 20:27 - 2016-09-08 20:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-09-08 20:27 - 2016-09-08 20:27 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-09-08 20:27 - 2016-09-08 20:27 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-09-08 20:27 - 2016-03-10 14:09 - 00065408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2016-09-08 20:27 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2016-09-08 20:27 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2016-09-08 20:26 - 2016-09-08 20:27 - 22851472 _____ (Malwarebytes ) C:\Users\Saeed\Downloads\mbam-setup-SEMFD.100SEM-2.2.1.1043.exe
2016-09-08 18:46 - 2016-09-08 18:46 - 00002264 _____ C:\Users\Saeed\Downloads\foo.txt
2016-09-08 17:29 - 2016-09-08 17:29 - 00009583 _____ C:\Users\Saeed\Downloads\foo.pdf
2016-09-08 16:02 - 2016-09-08 16:02 - 00000000 ____D C:\Users\Saeed\Downloads\turn calculator5
2016-09-08 16:01 - 2016-09-08 16:01 - 00009590 _____ C:\Users\Saeed\Downloads\turn calculator5.zip
2016-09-06 18:52 - 2016-09-06 18:52 - 00679986 _____ C:\Users\Saeed\Downloads\Statement_Sep 2015.pdf
2016-09-06 18:52 - 2016-09-06 18:52 - 00679946 _____ C:\Users\Saeed\Downloads\Statement_Oct 2015.pdf
2016-09-06 18:52 - 2016-09-06 18:52 - 00678880 _____ C:\Users\Saeed\Downloads\Statement_Nov 2015.pdf
2016-09-06 18:52 - 2016-09-06 18:52 - 00673793 _____ C:\Users\Saeed\Downloads\Statement_Dec 2015.pdf
2016-09-06 18:51 - 2016-09-06 18:51 - 00669813 _____ C:\Users\Saeed\Downloads\Statement_Feb 2016.pdf
2016-09-06 18:50 - 2016-09-06 18:50 - 00664668 _____ C:\Users\Saeed\Downloads\Statement_Jan 2016.pdf
2016-09-06 12:44 - 2016-09-06 12:44 - 00658767 _____ C:\Users\Saeed\Downloads\Statement_Jul 2016.pdf
2016-09-06 12:44 - 2016-09-06 12:44 - 00658733 _____ C:\Users\Saeed\Downloads\Statement_Jun 2016.pdf
2016-09-06 12:44 - 2016-09-06 12:44 - 00600989 _____ C:\Users\Saeed\Downloads\Statement_Aug 2016.pdf
2016-09-06 12:43 - 2016-09-06 12:43 - 00659787 _____ C:\Users\Saeed\Downloads\Statement_Apr 2016.pdf
2016-09-06 12:43 - 2016-09-06 12:43 - 00659784 _____ C:\Users\Saeed\Downloads\Statement_May 2016.pdf
2016-09-06 12:42 - 2016-09-06 12:42 - 00669866 _____ C:\Users\Saeed\Downloads\Statement_Mar 2016.pdf
2016-08-31 20:25 - 2016-08-31 20:28 - 352211760 _____ (AMD Inc.) C:\Users\Saeed\Downloads\15.301.2601.1002-whql-firepro-windows-retail (1).exe
2016-08-27 12:53 - 2016-08-27 12:53 - 00003332 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task
2016-08-27 12:52 - 2016-08-27 12:52 - 00000000 ____D C:\Users\Saeed\AppData\Roaming\Skype
2016-08-24 12:50 - 2016-08-24 12:50 - 20770948 _____ C:\Users\Saeed\Documents\Porsche E_9PA_KATALOG.pdf
2016-08-24 08:14 - 2016-08-24 08:14 - 00252560 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klupd_klif_klark.sys
2016-08-24 08:12 - 2016-08-24 08:12 - 00112336 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klupd_klif_klbg.sys
2016-08-23 02:22 - 2016-08-23 02:22 - 00223528 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klupd_klif_arkmon.sys
2016-08-23 02:22 - 2016-08-23 02:22 - 00167904 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klupd_klif_mark.sys
2016-08-17 20:32 - 2016-08-17 20:32 - 01128657 _____ C:\Users\Saeed\Downloads\TPC-ET-004_RiteflexTPCETBarrierFilmBro_Global_0613.pdf
2016-08-16 22:41 - 2016-08-16 23:10 - 00011714 _____ C:\Users\Saeed\Documents\PRN Manufacturing Space Underutilization Cost_9-16.xlsm
2016-08-16 22:13 - 2016-08-16 22:41 - 00011681 _____ C:\Users\Saeed\Documents\PRN Manufacturing Space Underutilization Cost_11-15 thru 8-16.xlsm
2016-08-16 20:53 - 2016-08-16 20:53 - 00552768 _____ C:\Users\Saeed\Downloads\fp7_cps21_e_cata (1).pdf
2016-08-16 20:42 - 2016-08-16 20:42 - 09768073 _____ C:\Users\Saeed\Downloads\fp7_e_cata (3).pdf
2016-08-16 20:42 - 2016-08-16 20:42 - 00552768 _____ C:\Users\Saeed\Downloads\fp7_cps21_e_cata.pdf
2016-08-16 20:41 - 2016-08-16 20:41 - 09768073 _____ C:\Users\Saeed\Downloads\fp7_e_cata (2).pdf
2016-08-16 20:20 - 2016-08-16 20:20 - 09768073 _____ C:\Users\Saeed\Downloads\fp7_e_cata.pdf
2016-08-16 20:20 - 2016-08-16 20:20 - 09768073 _____ C:\Users\Saeed\Downloads\fp7_e_cata (1).pdf
2016-08-15 09:51 - 2016-09-08 22:56 - 00002361 _____ C:\Users\Public\Desktop\Safe Money.lnk
2016-08-15 09:51 - 2016-09-08 22:56 - 00002343 _____ C:\Users\Public\Desktop\Kaspersky Internet Security.lnk
2016-08-15 09:51 - 2016-09-08 22:56 - 00001441 _____ C:\Users\Public\Desktop\Kaspersky Secure Connection.lnk
2016-08-15 09:51 - 2016-08-15 09:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Secure Connection
2016-08-15 09:51 - 2016-08-15 09:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security
2016-08-15 09:50 - 2016-09-10 16:16 - 00000000 ____D C:\Program Files\Common Files\AV
2016-08-15 09:49 - 2016-08-15 09:49 - 177912864 _____ (Kaspersky Lab) C:\Users\Saeed\Downloads\kis17.0.0.611en_10755.exe
2016-08-12 14:25 - 2016-08-12 14:25 - 00308962 _____ C:\Users\Saeed\Downloads\bol (8).pdf

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-09-10 17:40 - 2015-01-02 16:35 - 00000000 ____D C:\Personal
2016-09-10 17:26 - 2016-03-11 00:15 - 01015576 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-09-10 17:26 - 2015-10-30 00:21 - 00000000 ____D C:\WINDOWS\INF
2016-09-10 17:23 - 2016-04-04 10:43 - 00000000 ____D C:\Users\Saeed\AppData\Local\CrashDumps
2016-09-10 17:22 - 2015-07-29 10:54 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2016-09-10 17:22 - 2014-07-03 10:57 - 00000922 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-09-10 17:12 - 2014-07-03 10:57 - 00000926 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-09-10 17:08 - 2014-10-29 08:46 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-09-10 17:06 - 2016-03-11 00:22 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-09-10 17:06 - 2015-10-29 23:28 - 00786432 ___SH C:\WINDOWS\system32\config\BBI
2016-09-10 14:25 - 2014-07-03 13:16 - 147640136 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-09-10 14:16 - 2016-03-29 07:37 - 00004158 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{3E4A5F73-2743-4CF2-A8D0-A639FC6AA9D8}
2016-09-10 13:05 - 2014-07-04 16:15 - 00000000 ____D C:\Users\Saeed\AppData\Local\TempSWBackupDirectory
2016-09-10 12:51 - 2015-10-30 00:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-09-10 07:37 - 2015-10-30 00:24 - 00000000 ___HD C:\Program Files\WindowsApps
2016-09-09 00:00 - 2014-07-03 10:57 - 00002260 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-09-08 22:57 - 2016-05-03 08:37 - 00001223 _____ C:\Users\Saeed\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CNext.lnk
2016-09-08 22:57 - 2016-03-27 12:58 - 00002233 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth.lnk
2016-09-08 22:57 - 2016-03-11 00:27 - 00002365 _____ C:\Users\Saeed\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2016-09-08 22:57 - 2016-03-11 00:20 - 00001576 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2016-09-08 22:57 - 2015-11-01 09:37 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-09-08 22:57 - 2014-10-28 08:35 - 00002535 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2016-09-08 22:57 - 2014-07-03 10:57 - 00002276 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-09-08 22:56 - 2016-07-17 10:11 - 00001130 _____ C:\Users\Public\Desktop\Win32DiskImager.lnk
2016-09-08 22:56 - 2016-07-17 10:03 - 00002153 _____ C:\Users\Public\Desktop\SDFormatter.lnk
2016-09-08 22:56 - 2016-07-11 13:25 - 00002951 _____ C:\Users\Public\Desktop\Corel CAPTURE X8 (64-Bit).lnk
2016-09-08 22:56 - 2016-07-11 13:25 - 00002950 _____ C:\Users\Public\Desktop\Corel PHOTO-PAINT X8 (64-Bit).lnk
2016-09-08 22:56 - 2016-07-11 13:25 - 00002918 _____ C:\Users\Public\Desktop\CorelDRAW X8 (64-Bit).lnk
2016-09-08 22:56 - 2016-07-11 13:25 - 00002396 _____ C:\Users\Public\Desktop\Corel CONNECT X8 (64-Bit).lnk
2016-09-08 22:56 - 2016-07-11 13:25 - 00002309 _____ C:\Users\Public\Desktop\Corel Font Manager X8 (64-Bit).lnk
2016-09-08 22:56 - 2016-05-09 20:13 - 00002001 _____ C:\Users\Public\Desktop\VideoStudio MyDVD.lnk
2016-09-08 22:56 - 2016-03-22 22:14 - 00002092 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Triple Scoop Music.lnk
2016-09-08 22:56 - 2016-03-22 22:03 - 00001991 _____ C:\Users\Public\Desktop\VideoStudio Learning.lnk
2016-09-08 22:56 - 2016-03-22 22:03 - 00001100 _____ C:\Users\Public\Desktop\Corel VideoStudio Pro X8.lnk
2016-09-08 22:56 - 2016-03-22 22:03 - 00001100 _____ C:\Users\Public\Desktop\Corel FastFlick X8.lnk
2016-09-08 22:56 - 2016-03-22 22:03 - 00001095 _____ C:\Users\Public\Desktop\Corel ScreenCap X8.lnk
2016-09-08 22:56 - 2016-02-18 14:11 - 00002246 _____ C:\Users\Saeed\Desktop\Library Expert IPC 2015.lnk
2016-09-08 22:56 - 2016-02-10 19:26 - 00002945 _____ C:\Users\Public\Desktop\SOLIDWORKS Composer Player 2016 - x64 Edition.lnk
2016-09-08 22:56 - 2016-02-10 19:25 - 00003001 _____ C:\Users\Public\Desktop\SOLIDWORKS Explorer 2016.lnk
2016-09-08 22:56 - 2016-02-10 19:24 - 00002169 _____ C:\Users\Public\Desktop\eDrawings 2016 x64 Edition.lnk
2016-09-08 22:56 - 2016-02-10 19:18 - 00002745 _____ C:\Users\Public\Desktop\SOLIDWORKS 2016 x64 Edition.lnk
2016-09-08 22:56 - 2015-11-01 09:37 - 00002041 _____ C:\Users\Public\Desktop\Acrobat Reader DC.lnk
2016-09-08 22:56 - 2015-10-25 09:13 - 00002579 _____ C:\Users\Public\Desktop\Mselect3150.lnk
2016-09-08 22:56 - 2015-10-17 07:54 - 00001066 _____ C:\Users\Saeed\Desktop\Amazon Music.lnk
2016-09-08 22:56 - 2015-08-12 11:15 - 00002181 _____ C:\Users\Public\Desktop\DesignSpark PCB 7.1.lnk
2016-09-08 22:56 - 2015-03-25 14:08 - 00002989 _____ C:\Users\Public\Desktop\SolidWorks Explorer 2014.lnk
2016-09-08 22:56 - 2015-03-25 14:08 - 00002921 _____ C:\Users\Public\Desktop\SolidWorks Composer Player 2014 - x64 Edition.lnk
2016-09-08 22:56 - 2015-03-25 14:08 - 00002156 _____ C:\Users\Public\Desktop\eDrawings 2014 x64 Edition.lnk
2016-09-08 22:56 - 2015-03-25 14:08 - 00002054 _____ C:\Users\Public\Desktop\eDrawings 2014.lnk
2016-09-08 22:56 - 2015-02-10 16:15 - 00001217 _____ C:\Users\Public\Desktop\AMCap.lnk
2016-09-08 22:56 - 2015-02-10 15:19 - 00001024 _____ C:\Users\Public\Desktop\supereyes3.53.lnk
2016-09-08 22:56 - 2015-02-06 14:01 - 00001024 _____ C:\Users\Public\Desktop\supereyes3.3.lnk
2016-09-08 22:56 - 2015-01-15 10:14 - 00003039 _____ C:\Users\Public\Desktop\Corel PHOTO-PAINT X7 (64-Bit).lnk
2016-09-08 22:56 - 2015-01-15 10:14 - 00003036 _____ C:\Users\Public\Desktop\Corel CAPTURE X7 (64-Bit).lnk
2016-09-08 22:56 - 2015-01-15 10:14 - 00002499 _____ C:\Users\Public\Desktop\Bitstream Font Navigator (64-Bit).lnk
2016-09-08 22:56 - 2015-01-15 10:14 - 00002319 _____ C:\Users\Public\Desktop\Corel CONNECT X7 (64-Bit).lnk
2016-09-08 22:56 - 2015-01-02 17:58 - 00002160 _____ C:\Users\Public\Desktop\QuickBooks Premier Edition 2011.lnk
2016-09-08 22:56 - 2015-01-02 17:55 - 00000623 _____ C:\Users\Saeed\Desktop\Setup_QuickBooksPremier2011.lnk
2016-09-08 22:56 - 2014-09-13 09:21 - 00002148 _____ C:\Users\Public\Desktop\PCB Artist.lnk
2016-09-08 22:56 - 2014-07-04 23:20 - 00000980 _____ C:\Users\Public\Desktop\MemTweakIt.lnk
2016-09-08 22:56 - 2014-07-04 20:46 - 00002270 _____ C:\Users\Public\Desktop\3D Mouse Home.lnk
2016-09-08 22:56 - 2014-07-04 15:57 - 00002721 _____ C:\Users\Public\Desktop\SolidWorks 2014 x64 Edition.lnk
2016-09-08 22:56 - 2014-07-03 11:00 - 00002262 _____ C:\Users\Public\Desktop\Activate.lnk
2016-09-08 22:56 - 2014-07-03 10:28 - 00001391 _____ C:\Users\Saeed\Desktop\Internet Explorer.lnk
2016-09-08 22:56 - 2009-07-13 21:55 - 00001212 _____ C:\Users\Saeed\Desktop\Calculator.lnk
2016-09-07 09:14 - 2015-10-29 23:28 - 00032768 ___SH C:\WINDOWS\system32\config\ELAM
2016-09-07 09:14 - 2014-12-13 18:21 - 01012056 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klif.sys
2016-09-07 09:14 - 2014-11-22 14:12 - 00127896 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klwtp.sys
2016-09-07 09:14 - 2014-10-10 17:02 - 00050008 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klim6.sys
2016-09-07 09:13 - 2014-10-22 21:13 - 00435032 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klhk.sys
2016-09-04 11:34 - 2016-03-11 00:15 - 00000000 ____D C:\Users\Saeed
2016-09-01 10:09 - 2015-10-30 00:24 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-09-01 10:09 - 2015-10-30 00:11 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-08-31 20:31 - 2015-10-19 18:10 - 00000000 ____D C:\Program Files (x86)\AMD
2016-08-31 20:29 - 2016-03-11 00:14 - 00000000 ____D C:\Program Files\AMD
2016-08-31 20:28 - 2014-07-03 11:22 - 00000000 ____D C:\AMD
2016-08-30 15:44 - 2015-02-10 15:30 - 00000000 ____D C:\ProgramData\Oracle
2016-08-30 15:42 - 2015-11-28 14:18 - 00000000 ____D C:\Users\Saeed\.oracle_jre_usage
2016-08-30 15:42 - 2015-02-10 15:30 - 00097856 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2016-08-30 15:42 - 2015-02-10 15:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-08-30 15:42 - 2015-02-10 15:30 - 00000000 ____D C:\Program Files (x86)\Java
2016-08-27 12:53 - 2016-03-11 00:27 - 00000000 ___RD C:\Users\Saeed\OneDrive
2016-08-17 10:52 - 2015-10-30 00:24 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2016-08-17 08:55 - 2016-03-22 22:23 - 00000000 ____D C:\Program Files\proDAD
2016-08-15 09:51 - 2015-07-29 10:54 - 00000000 ____D C:\Program Files (x86)\Kaspersky Lab
2016-08-15 09:50 - 2015-10-30 00:24 - 00000000 ___HD C:\WINDOWS\ELAMBKUP

==================== Files in the root of some directories =======

2016-07-17 14:27 - 2016-07-17 14:27 - 0000600 _____ () C:\Users\Saeed\AppData\Local\PUTTY.RND
2014-07-05 10:59 - 2014-07-05 10:59 - 0007606 _____ () C:\Users\Saeed\AppData\Local\Resmon.ResmonCfg

Some files in TEMP:
====================
C:\Users\Saeed\AppData\Local\Temp\9042-4226-ec32-93a2.exe
C:\Users\Saeed\AppData\Local\Temp\jre-8u101-windows-au.exe
C:\Users\Saeed\AppData\Local\Temp\libeay32.dll
C:\Users\Saeed\AppData\Local\Temp\msvcr120.dll
C:\Users\Saeed\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== BCD ================================

Windows Boot Manager
--------------------
identifier {bootmgr}
device partition=\Device\HarddiskVolume1
description Windows Boot Manager
locale en-US
inherit {globalsettings}
default {current}
resumeobject {85154673-e758-11e5-8ca5-9260e83e6d5b}
displayorder {current}
toolsdisplayorder {memdiag}
timeout 30

Windows Boot Loader
-------------------
identifier {671334fc-02de-11e4-9774-cc3f23b0b5ca}
device ramdisk=[C:]\Recovery\671334fc-02de-11e4-9774-cc3f23b0b5ca\Winre.wim,{671334fd-02de-11e4-9774-cc3f23b0b5ca}
path \windows\system32\winload.exe
description Windows Recovery Environment
inherit {bootloadersettings}
osdevice ramdisk=[C:]\Recovery\671334fc-02de-11e4-9774-cc3f23b0b5ca\Winre.wim,{671334fd-02de-11e4-9774-cc3f23b0b5ca}
systemroot \windows
nx OptIn
winpe Yes

Windows Boot Loader
-------------------
identifier {current}
device partition=C:
path \WINDOWS\system32\winload.exe
description Windows 10
locale en-US
inherit {bootloadersettings}
recoverysequence {b2295cf4-e758-11e5-8ca5-9260e83e6d5b}
recoveryenabled Yes
allowedinmemorysettings 0x15000075
osdevice partition=C:
systemroot \WINDOWS
resumeobject {85154673-e758-11e5-8ca5-9260e83e6d5b}
nx OptIn
bootmenupolicy Standard

Windows Boot Loader
-------------------
identifier {b2295cf4-e758-11e5-8ca5-9260e83e6d5b}
device ramdisk=[\Device\HarddiskVolume3]\Recovery\WindowsRE\Winre.wim,{b2295cf5-e758-11e5-8ca5-9260e83e6d5b}
path \windows\system32\winload.exe
description Windows Recovery Environment
locale en-US
inherit {bootloadersettings}
displaymessage Recovery
displaymessageoverride Recovery
osdevice ramdisk=[\Device\HarddiskVolume3]\Recovery\WindowsRE\Winre.wim,{b2295cf5-e758-11e5-8ca5-9260e83e6d5b}
systemroot \windows
nx OptIn
bootmenupolicy Standard
winpe Yes

Resume from Hibernate
---------------------
identifier {671334fa-02de-11e4-9774-cc3f23b0b5ca}
device partition=C:
path \Windows\system32\winresume.exe
description Windows Resume Application
locale en-US
inherit {resumeloadersettings}
filedevice partition=C:
filepath \hiberfil.sys
debugoptionenabled No

Resume from Hibernate
---------------------
identifier {85154673-e758-11e5-8ca5-9260e83e6d5b}
device partition=C:
path \WINDOWS\system32\winresume.exe
description Windows Resume Application
locale en-US
inherit {resumeloadersettings}
recoverysequence {b2295cf4-e758-11e5-8ca5-9260e83e6d5b}
recoveryenabled Yes
allowedinmemorysettings 0x15000075
filedevice partition=C:
filepath \hiberfil.sys
bootmenupolicy Standard
debugoptionenabled No

Windows Memory Tester
---------------------
identifier {memdiag}
device partition=\Device\HarddiskVolume1
path \boot\memtest.exe
description Windows Memory Diagnostic
locale en-US
inherit {globalsettings}
badmemoryaccess Yes

EMS Settings
------------
identifier {emssettings}
bootems No

Debugger Settings
-----------------
identifier {dbgsettings}
debugtype Serial
debugport 1
baudrate 115200

RAM Defects
-----------
identifier {badmemory}

Global Settings
---------------
identifier {globalsettings}
inherit {dbgsettings}
{emssettings}
{badmemory}
integrityservices Enable

Boot Loader Settings
--------------------
identifier {bootloadersettings}
inherit {globalsettings}
{hypervisorsettings}

Hypervisor Settings
-------------------
identifier {hypervisorsettings}
hypervisordebugtype Serial
hypervisordebugport 1
hypervisorbaudrate 115200

Resume Loader Settings
----------------------
identifier {resumeloadersettings}
inherit {globalsettings}

Device options
--------------
identifier {671334fd-02de-11e4-9774-cc3f23b0b5ca}
description Ramdisk Options
ramdisksdidevice partition=C:
ramdisksdipath \Recovery\671334fc-02de-11e4-9774-cc3f23b0b5ca\boot.sdi

Device options
--------------
identifier {671334fe-02de-11e4-9774-cc3f23b0b5ca}
description Windows Setup
ramdisksdidevice partition=C:
ramdisksdipath \$WINDOWS.~BT\Sources\SafeOS\boot.sdi

Device options
--------------
identifier {b2295cf5-e758-11e5-8ca5-9260e83e6d5b}
description Windows Recovery
ramdisksdidevice partition=\Device\HarddiskVolume3
ramdisksdipath \Recovery\WindowsRE\boot.sdi



LastRegBack: 2016-09-01 10:09

==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 31-08-2016
Ran by Saeed (10-09-2016 17:41:44)
Running from C:\Users\Saeed\Downloads
Windows 10 Home Version 1511 (X64) (2016-03-11 07:25:05)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3537868688-3037064431-4150770311-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3537868688-3037064431-4150770311-503 - Limited - Disabled)
Guest (S-1-5-21-3537868688-3037064431-4150770311-501 - Limited - Enabled)
Saeed (S-1-5-21-3537868688-3037064431-4150770311-1000 - Administrator - Enabled) => C:\Users\Saeed

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Kaspersky Internet Security (Enabled - Up to date) {86367591-4BE4-AE08-2FD9-7FCB8259CD98}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {A16C3F68-9280-E053-1818-342707FECF4D}
AS: Kaspersky Internet Security (Enabled - Up to date) {3D579475-6DDE-A186-1569-44B9F9DE8725}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security (Enabled) {BE0DF4B4-018B-AF50-0486-D6FE7C8A8AE3}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

3Dconnexion 3DxWare 10 (64-bit) (HKLM-x32\...\{BAFCA6AC-8B37-405B-B57E-C1D45DE70ACC}) (Version: 10.1.2 - 3Dconnexion)
3Dconnexion Add-In for SolidWorks 2005 - 2014 (Version: 3.0.4 - 3Dconnexion) Hidden
3Dconnexion LCD Applets for SpacePilot Pro (x64) (Version: 1.3.2 - 3Dconnexion) Hidden
3Dconnexion Plug-in for Acrobat 3D (x32 Version: 1.3.0 - 3Dconnexion) Hidden
3DxWinCore (x64) (Version: 17.1.2.10488 - 3Dconnexion) Hidden
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.017.20053 - Adobe Systems Incorporated)
Adobe Flash Player 22 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 22.0.0.209 - Adobe Systems Incorporated)
AI Suite II (HKLM-x32\...\{34D3688E-A737-44C5-9E2A-FF73618728E1}) (Version: 2.04.01 - ASUSTeK Computer Inc.)
Amazon Music (HKU\S-1-5-21-3537868688-3037064431-4150770311-1000\...\Amazon Amazon Music) (Version: 3.11.2.1053 - Amazon Services LLC)
AMCap (HKLM-x32\...\AMCap) (Version: 9.22 - Noël Danjou)
AMD FirePro Settings (HKLM\...\WUCCCApp) (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.)
AMD Install Manager (HKLM\...\AMD Catalyst Install Manager) (Version: 5.00 - Advanced Micro Devices, Inc.)
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.16.12.0 - Asmedia Technology)
Asmedia ASM106x SATA Host Controller Driver (HKLM-x32\...\{61942EF5-2CD8-47D4-869C-2E9A8BB085F1}) (Version: 2.0.8.0000 - Asmedia Technology)
ASUS Product Register Program (HKLM-x32\...\{49BE9B8A-E858-4533-A74A-64306C13DB59}) (Version: 1.0.014 - ASUS)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Boris Graffiti 6 for Corel VideoStudio Pro X8 64-Bit (HKLM\...\{C0AC7ED4-3714-499D-849B-77396A04591C}) (Version: 6.1.0010 - Boris FX, Inc.)
Bullzip PDF Printer 10.10.0.2307 (HKLM\...\Bullzip PDF Printer_is1) (Version: 10.10.0.2307 - Bullzip)
Catalyst Control Center Next Localization BR (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization BR (Version: 2016.0709.311.3902 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (Version: 2016.0709.311.3902 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (Version: 2016.0709.311.3902 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (Version: 2016.0709.311.3902 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (Version: 2016.0709.311.3902 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (Version: 2016.0709.311.3902 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (Version: 2016.0709.311.3902 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (Version: 2016.0709.311.3902 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (Version: 2016.0709.311.3902 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (Version: 2016.0709.311.3902 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (Version: 2016.0709.311.3902 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (Version: 2016.0709.311.3902 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (Version: 2016.0709.311.3902 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (Version: 2016.0709.311.3902 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (Version: 2016.0709.311.3902 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (Version: 2016.0709.311.3902 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (Version: 2016.0709.311.3902 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (Version: 2016.0709.311.3902 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (Version: 2016.0709.311.3902 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (Version: 2016.0709.311.3902 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (Version: 2016.0709.311.3902 - Advanced Micro Devices, Inc.) Hidden
CGS17_Setup_x64 (Version: 17.1 - Corel Corporation) Hidden
Contents64 (Version: 18.0.0.181 - Corel Corporation) Hidden
Corel Graphics - Windows Shell Extension (HKLM\...\_{340C451C-F2FD-4309-B259-580FD5E44025}) (Version: 18.1.0.661 - Corel Corporation)
Corel Graphics - Windows Shell Extension (Version: 18.1.661 - Corel Corporation) Hidden
Corel Graphics - Windows Shell Extension 32 Bit Keys (Version: 18.1.661 - Corel Corporation) Hidden
Corel VideoStudio Ultimate X8 (HKLM-x32\...\_{A22A80C4-F237-4B5A-825F-0731971ECBE6}) (Version: 18.6.0.6 - Corel Corporation)
CorelDRAW Graphics Suite X7 - Capture (x64) (Version: 17.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Common (x64) (Version: 17.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Connect (x64) (Version: 17.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Custom Data (x64) (Version: 17.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Draw (x64) (Version: 17.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - EN (x64) (Version: 17.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Filters (x64) (Version: 17.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - FontNav (x64) (Version: 17.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - IPM Content (x64) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - IPM T (x64) (Version: 17.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - PHOTO-PAINT (x64) (Version: 17.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Photozoom Plugin (x64) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Redist (x64) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Setup Files (x64) (Version: 17.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - VBA (x64) (Version: 17.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - VideoBrowser (x64) (Version: 17.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Writing Tools (x64) (Version: 17.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 (64-Bit) (HKLM\...\_{5CB73140-806C-42C6-A05A-1AFD0E92DEB5}) (Version: 17.1.0.572 - Corel Corporation)
CorelDRAW Graphics Suite X8 - BR (x64) (Version: 18.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X8 - Capture (x64) (Version: 18.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X8 - Common (x64) (Version: 18.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X8 - Connect (x64) (Version: 18.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X8 - Custom Data (x64) (Version: 18.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X8 - Draw (x64) (Version: 18.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X8 - EN (x64) (Version: 18.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X8 - ES (x64) (Version: 18.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X8 - Filters (x64) (Version: 18.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X8 - Font Manager (x64) (Version: 18.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X8 - FR (x64) (Version: 18.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X8 - IPM (x64) (Version: 18.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X8 - IPM Content (x64) (Version: 18.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X8 - PHOTO-PAINT (x64) (Version: 18.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X8 - Redist (x64) (Version: 18.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X8 - Setup Files (x64) (Version: 18.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X8 - VBA (x64) (Version: 18.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X8 - VideoBrowser (x64) (Version: 18.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X8 - Workspaces (x64) (Version: 18.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X8 - Writing Tools (x64) (Version: 18.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X8 (64-Bit) (HKLM\...\_{4B3FC55D-E999-4BEC-AF29-1091E574961F}) (Version: 18.1.0.661 - Corel Corporation)
CorelDRAW Graphics Suite X8 (Version: 18.1 - Corel Corporation) Hidden
DesignSpark PCB 6.1 (x32 Version: 6.1 - RS Components) Hidden
DesignSpark PCB 7.1 (x32 Version: 7.1 - RS Components) Hidden
DesignSpark PCB Version 6.1 (HKLM-x32\...\InstallShield_{D50610AA-D25A-463B-98BF-E09585325711}) (Version: 6.1 - RS Components)
DesignSpark PCB Version 7.1 (HKLM-x32\...\InstallShield_{D5071054-F5FC-4B09-B970-96F5DFEF0E83}) (Version: 7.1 - RS Components)
eReg (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
Extended Asian Language font pack for Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-2530-0000-AC0F074E4100}) (Version: 15.007.20033 - Adobe Systems Incorporated)
Fontlab TransType4 (HKLM-x32\...\TransType4.0_is1) (Version: 4.0 - FontLab)
Ghostscript GPL 8.64 (Msi Setup) (HKLM-x32\...\_{06CD45E6-FF5E-4D8E-BC01-B276A90DADF2}) (Version: 8.64 - Corel Corporation)
Ghostscript GPL 8.64 (Msi Setup) (x32 Version: 8.64 - Corel Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 53.0.2785.101 - Google Inc.)
Google Earth (HKLM-x32\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.7619.1252 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
Haali Media Splitter (HKLM-x32\...\HaaliMkx) (Version: - )
ICA (x32 Version: 18.0.0.181 - Corel Corporation) Hidden
Intel® C++ Redistributables for Windows* on Intel® 64 (HKLM-x32\...\{D2437C5C-2D8C-40D2-8059-689AD7239FA3}) (Version: 11.1.048 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.15.1730 - Intel Corporation)
Intel® Network Connections 18.1.59.0 (HKLM\...\PROSetDX) (Version: 18.1.59.0 - Intel)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.7.0.1013 - Intel Corporation)
Intel® Watchdog Timer Driver (Intel® WDT) (HKLM-x32\...\{3FD0C489-0F02-481a-A3E1-9754CD396761}) (Version: - Intel Corporation)
IPM_Common_x64 (Version: 2.3 - Your Company Name) Hidden
IPM_VS_Pro64 (Version: 18.0 - Corel Corporation) Hidden
Java 8 Update 101 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180101F0}) (Version: 8.0.1010.13 - Oracle Corporation)
Kaspersky Internet Security (HKLM-x32\...\InstallWIX_{E27B1D7B-3B34-43A2-9FC0-9828D5DF46E2}) (Version: 17.0.0.611 - Kaspersky Lab)
Kaspersky Internet Security (x32 Version: 17.0.0.611 - Kaspersky Lab) Hidden
Kaspersky Secure Connection (HKLM-x32\...\InstallWIX_{1CF84962-50F8-48CA-9082-B70F3A02C686}) (Version: 17.0.0.611 - Kaspersky Lab)
Kaspersky Secure Connection (x32 Version: 17.0.0.611 - Kaspersky Lab) Hidden
Logitech SetPoint 6.65 (HKLM\...\sp6) (Version: 6.65.62 - Logitech)
MainConcept MJPEG Codec Demo (HKLM-x32\...\InstallShield_{805A7890-3138-44E4-8DAA-480C55516989}) (Version: 3.02.0004.0000 - MainConcept AG)
MainConcept MJPEG Codec Demo (x32 Version: 3.02.0004.0000 - MainConcept AG) Hidden
MainConcept MJPG software codec (Remove Only) (HKLM-x32\...\MCMJPG) (Version: - )
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
MemTweakIt 1.01.7 (HKLM\...\Mem TweakIt_is1) (Version: 1.01.7 - CPUID, Inc.)
Microscope 3.53c (HKLM-x32\...\Microscope) (Version: - )
Microsoft Office 2003 Web Components (HKLM-x32\...\{90120000-00A4-0409-0000-0000000FF1CE}) (Version: 12.0.6213.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23506 (HKLM-x32\...\{3ee5e5bb-b7cc-4556-8861-a00a82977d6c}) (Version: 14.0.23506.0 - Microsoft Corporation)
Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU (HKLM\...\Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU) (Version: - Microsoft Corporation)
Microsoft Visual Studio 2005 Tools for Applications - ENU (HKLM-x32\...\Microsoft Visual Studio 2005 Tools for Applications - ENU) (Version: - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2012 (HKLM-x32\...\{89ca2a32-2b52-4595-8dfd-6fe4757958d0}) (Version: 11.0.51108 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2015 (HKLM-x32\...\{dd8b09df-3ef8-49f1-bd1a-65278435860b}) (Version: 14.0.23217 - Microsoft Corporation)
Mozilla Firefox 48.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 48.0.2 (x86 en-US)) (Version: 48.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 48.0.2 - Mozilla)
Mselect3150 (HKLM-x32\...\{7FDD847F-60A4-490D-81C1-07BEBF5B57C7}) (Version: 3.1.5 - Panasonic Corporation, Motor Business Unit)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.9.2 - Notepad++ Team)
Pacote de Idiomas do Microsoft Visual Studio Tools for Applications 2012 x64 Hosting Support - PTB (Version: 11.0.51108 - Microsoft Corporation) Hidden
Pacote de Idiomas do Microsoft Visual Studio Tools for Applications 2012 x86 Hosting Support - PTB (x32 Version: 11.0.51108 - Microsoft Corporation) Hidden
PCB Artist Version 3.0 (HKLM-x32\...\{284A25AA-96B4-449D-BBA0-D0C97A5E213E}) (Version: 2.0 - Advanced Circuits)
PCB Library Expert 2015 IPC (HKLM-x32\...\PCB Library Expert 2015 IPC) (Version: 2015.17 - PCB Libraries, Inc.)
proDAD Adorage 3.0 (64bit) (Version: 3.0.110.2 - proDAD GmbH) Hidden
proDAD Mercalli 2.0 (64bit) (Version: 2.0.120 - proDAD GmbH) Hidden
proDAD Route 4.0 (64bit) (Version: 4.0.233.1 - proDAD GmbH) Hidden
proDAD Script 4.0 (64bit) (Version: 4.0.233.1 - proDAD GmbH) Hidden
proDAD Vitascene 2.0 (64bit) (Version: 2.0.233 - proDAD GmbH) Hidden
QuickBooks (x32 Version: 21.0.4014.904 - Intuit Inc.) Hidden
QuickBooks Premier Edition 2011 (HKLM-x32\...\{11E0AC7D-6824-4F67-865F-EE1C13D28C38}) (Version: 21.0.4014.904 - Intuit Inc.)
QuickTime 7 (HKLM-x32\...\{80CEEB1E-0A6C-45B9-A312-37A1D25FDEBC}) (Version: 7.78.80.95 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7058 - Realtek Semiconductor Corp.)
SDFormatter (HKLM-x32\...\{179324FF-7B16-4BA8-9836-055CAAEE4F08}) (Version: 4.0.0 - SD Association)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Setup (x32 Version: 18.0.0.181 - Corel Corporation) Hidden
Share64 (Version: 18.0.0.181 - Corel Corporation) Hidden
SolidWorks 2014 x64 Edition SP05 (HKLM-x32\...\SolidWorks Installation Manager 20140-40500-1100-100) (Version: 22.5.0.77 - SolidWorks Corporation)
SolidWorks 2014 x64 Edition SP05 (Version: 22.150.77 - SolidWorks) Hidden
SOLIDWORKS 2016 x64 Edition SP03 (HKLM-x32\...\SolidWorks Installation Manager 20160-40300-1100-100) (Version: 24.3.0.57 - SolidWorks Corporation)
SOLIDWORKS 2016 x64 Edition SP03 (Version: 24.130.57 - Dassault Systemes SolidWorks Corp) Hidden
SolidWorks Composer Player 2014 SP05 x64 Edition (Version: 22.50.77 - Dassault Systemes SolidWorks) Hidden
SOLIDWORKS Composer Player 2016 SP03 x64 Edition (Version: 24.30.57 - Dassault Systemes SolidWorks Corp) Hidden
SolidWorks eDrawings 2014 x64 Edition SP05 (Version: 14.5.0008 - Dassault Systèmes SolidWorks Corp) Hidden
SOLIDWORKS eDrawings 2016 x64 Edition SP03 (Version: 16.3.0030 - Dassault Systèmes SolidWorks Corp) Hidden
SolidWorks Explorer 2014 SP05 x64 Edition (Version: 22.50.77 - SolidWorks Corporation) Hidden
SOLIDWORKS Explorer 2016 SP03 x64 Edition (Version: 24.30.57 - Dassault Systemes SolidWorks Corp) Hidden
Sound Blaster X-Fi MB 2 (HKLM-x32\...\{89F922D6-E3E0-4303-AF8E-CE18412E3A18}) (Version: 1.04.02 - Creative Technology Limited)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.5.43 - Safer-Networking Ltd.)
Super Flexible File Synchronizer 5.12 (HKLM-x32\...\Super Flexible File Synchronizer_is1) (Version: 5.12 - Super Flexible Software)
VideoStudio MyDVD (HKLM-x32\...\{49D8422A-D54E-425F-8A38-54167B1174A1}) (Version: 1.0 - Corel)
VideoStudio MyDVD (x32 Version: 1.0.112 - Corel Corporation) Hidden
VSClassic64 (Version: 18.0.0.181 - Corel Corporation) Hidden
VSUltimate64 (Version: 18.0.0.181 - Corel Corporation) Hidden
Win32DiskImager version 0.9.5 (HKLM-x32\...\{D074CE74-912A-4AD3-A0BF-3937D9D01F17}_is1) (Version: 0.9.5 - ImageWriter Developers)
WPTx64 (HKLM-x32\...\{0B2C58EB-67A2-225B-60B2-D1990E55DD33}) (Version: 8.100.26866 - Microsoft)
Yawcam 0.4.1 (HKLM-x32\...\{8FE96B14-E1F9-47BF-8BA1-A81467CD259B}_is1) (Version: - )
Языковой пакет для поддержки размещения набора средств Microsoft Visual Studio Tools для работы с приложениями 2012 (x64) - RUS (Version: 11.0.51108 - Microsoft Corporation) Hidden
Языковой пакет для поддержки размещения набора средств Microsoft Visual Studio Tools для работы с приложениями 2012 (x86) - RUS (x32 Version: 11.0.51108 - Microsoft Corporation) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3537868688-3037064431-4150770311-1000_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Saeed\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\FileCoAuth.exe (Microsoft Corporation)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {003AD46D-097B-46A9-A8F9-C9AFA550E796} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {0C3449EE-386C-4048-8C99-9C7D6E780FC3} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {1A26B64B-3F71-4B9D-935E-CFB5FCFA69F1} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {1DEADDD0-AAA1-4400-A742-835D248903FE} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {1E380091-C0BB-4F89-88BD-DDB48F79E96B} - System32\Tasks\Kaspersky_Upgrade_Launcher_{278ADC42-419D-4547-A6CA-5B74BE0AD901} => C:\Program Files\Common Files\AV\Kaspersky Lab\upgrade_launcher.exe [2016-07-11] (AO Kaspersky Lab)
Task: {1FBC4F52-8395-4A3F-87E8-BD176E32FF50} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\Windows\ehome\ehPrivJob.exe
Task: {2402BEB8-9727-4E0C-9F64-0DBECE851884} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {2F41FFA8-A06E-4AC7-8544-BCE5D550B888} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {3171C2A3-CD0D-4B09-A0F3-1A8CDE310099} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-07-12] (Adobe Systems Incorporated)
Task: {32D21128-3ED4-4D66-B819-B403C9A6DB09} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {3464A773-578A-4AA6-AADF-7292EBA94B2C} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {390804B7-71AC-4B53-A4E7-32FA89BD63AC} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\Windows\ehome\mcupdate.exe
Task: {3C030A3A-0689-4DA6-94FD-841EFCE0437E} - System32\Tasks\ASUS\ASUS DigiPowerControl Help => C:\Program Files (x86)\ASUS\AI Suite II\DIGI+ Power Control\PowerControlHelp.exe [2013-01-14] (ASUSTeK Computer Inc.)
Task: {47807DCF-FA26-416A-B253-CF8F39E4CB87} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {4AB64C64-F7CD-4808-8EAB-F51645A79ACA} - System32\Tasks\ASUS\USB 3.0 Boost Service => C:\Program Files (x86)\ASUS\AI Suite II\USB 3.0 Boost\U3BoostSvr.exe [2011-09-09] ()
Task: {615CA9B5-510B-4890-B3DA-7194D3C20F50} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\Windows\ehome\MCUpdate.exe
Task: {6B0AD153-7669-415E-9CCA-7CA4DCEC8B3B} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {6BD49233-01DC-4643-8220-95482AA19861} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {6C3DFBDD-D922-4501-BCB9-D195EC0FDA62} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {705F886D-7722-45CC-B784-C65750DE4401} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\Windows\ehome\ehPrivJob.exe
Task: {7567F43A-5BA1-442F-9A3A-E9C282B7AA4E} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\Windows\ehome\ehPrivJob.exe
Task: {7A686E76-C31B-4511-B6F5-24247357E85A} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\Windows\ehome\ehrec.exe
Task: {7EA714CD-6305-4C55-BB24-2E981B31EEB6} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2015-06-16] (Safer-Networking Ltd.)
Task: {83428564-7A10-488B-9852-FED8C6C55296} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2015-06-16] (Safer-Networking Ltd.)
Task: {8413645C-6B58-4FF2-A683-6971034D8B11} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-06-25] (Adobe Systems Incorporated)
Task: {89952020-D7FB-4833-9A46-A846E7E32EE0} - System32\Tasks\3DconnexionCreateProcess_3DxService.exe => C:\Program Files\3Dconnexion\3DxWare\3DxWinCore64\3DxService.exe [2014-06-23] (3Dconnexion, INC)
Task: {8C4966C7-59EB-4492-B7D3-5C8C844A24E6} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {963D6CF5-BA46-4D5B-BCD9-E63415C6666C} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {963DBC0B-87D0-4C75-8BF8-E54104857965} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {9B89B3F8-A76E-412D-84D5-E3A352E92154} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {9C2657F1-E1D4-4F0D-A05F-7109C7BA09D8} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\Windows\ehome\ehPrivJob.exe
Task: {A1614FB3-48EC-4D75-B90F-A1EF13E3C76C} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
Task: {A2BA5346-07ED-482B-ACF4-5C6B67F77D89} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {AAB2C65E-B232-43AA-90A4-18112D584E48} - System32\Tasks\CorelUpdateHelperTaskCore => c:\Program Files (x86)\Corel\CUH\v2\CUH.exe [2016-08-25] (Corel Corporation)
Task: {AB9461C9-3C01-46F9-BBEA-92145FAD098A} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\Windows\ehome\ehPrivJob.exe
Task: {AF391CB4-6267-4D5C-9907-294DFE2C0308} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2015-06-16] (Safer-Networking Ltd.)
Task: {B052E9FE-6843-4883-ADD7-27E55C252F39} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\Windows\ehome\ehPrivJob.exe
Task: {B2355891-7A15-4065-8B6D-4BFFA9BE397A} - System32\Tasks\TinyTakeUpgrade => C:\Program Files (x86)\MangoApps\TinyTake by MangoApps\TinyTake.exe
Task: {B3312FD6-836B-4554-8A2D-31F4085BF73D} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {BD6F6C90-4A83-4C7B-9653-452D9426C8E7} - System32\Tasks\ASUS\ASUS AI Suite II Execute => C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe [2012-03-13] (ASUSTeK Computer Inc.)
Task: {BDBD5A0C-D44A-4BE1-9B5F-4DE53BC42F7F} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {C1CB1102-AC74-4647-97C0-06D4DBEBDE4E} - System32\Tasks\ASUS\Easy Update => C:\Program Files (x86)\ASUS\AI Suite II\EasyUpdate\EzUpdt.exe [2013-10-18] ()
Task: {C2BCC860-AFA8-468C-BD4C-92A4C65B0BAB} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\Windows\ehome\ehPrivJob.exe
Task: {C41D02DA-1E4A-4285-88CD-E8626D913892} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe
Task: {C7DC5939-83C9-4ABA-9C37-BF39B1477CF9} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\Windows\ehome\ehrec.exe
Task: {CE32C243-DA52-402A-AB53-E431DF45A1FC} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\Windows\ehome\mcupdate.exe
Task: {D1AA9FA6-17A5-41CB-B118-959E577C6CC9} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {D9BFDCE3-EA23-43DC-B40F-861C5552979D} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {DE69EF64-7B30-4E76-BF41-9AE808F071D5} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\Windows\ehome\ehPrivJob.exe
Task: {E52C3962-FE9C-4E6A-9B1F-8918EBD2CD65} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {F8AA2F8C-B08C-4137-A311-D7AC03D4874E} - System32\Tasks\OneDrive Standalone Update Task => C:\Users\Saeed\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\OneDriveStandaloneUpdater.exe [2016-08-27] (Microsoft Corporation)
Task: {FE5F56FB-9E38-48A9-BB6D-73C08AD0C869} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\Windows\ehome\ehPrivJob.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> "

==================== Loaded Modules (Whitelisted) ==============

2012-06-01 02:42 - 2012-06-01 02:42 - 00920736 ____N () C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe
2015-11-29 23:07 - 2015-11-29 23:07 - 00138752 _____ () C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe
2015-10-30 00:18 - 2015-10-30 00:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-07-12 11:13 - 2016-06-30 21:48 - 02656408 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2014-07-09 12:29 - 2013-10-18 18:04 - 01426232 _____ () C:\Program Files (x86)\ASUS\AI Suite II\EasyUpdate\EzUpdt.exe
2016-07-12 11:13 - 2016-06-30 21:48 - 02656408 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2016-08-27 12:52 - 2016-08-27 12:52 - 01864384 _____ () C:\Users\Saeed\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\amd64\ClientTelemetry.dll
2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:23 - 2010-10-20 15:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2016-03-11 00:11 - 2016-03-11 00:11 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2016-07-12 11:15 - 2016-06-30 20:48 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2016-07-12 11:13 - 2016-06-30 20:27 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-07-12 11:14 - 2016-06-30 20:21 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-07-12 11:13 - 2016-06-30 20:22 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-07-12 11:13 - 2016-06-30 20:24 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2014-07-03 11:00 - 2010-06-08 13:23 - 00236544 _____ () C:\Windows\SYSTEM32\APOMgr64.DLL
2014-06-23 20:37 - 2014-06-23 20:37 - 00044544 _____ () C:\WINDOWS\SYSTEM32\SPWINI.dll
2015-06-25 16:34 - 2015-06-25 16:34 - 00014336 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick.2\qtquick2plugin.dll
2015-06-25 16:37 - 2015-06-25 16:37 - 00739840 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Controls\qtquickcontrolsplugin.dll
2015-06-25 16:35 - 2015-06-25 16:35 - 00014336 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Window.2\windowplugin.dll
2015-06-25 16:38 - 2015-06-25 16:38 - 00071168 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Layouts\qquicklayoutsplugin.dll
2015-06-25 15:53 - 2015-06-25 15:53 - 00011776 _____ () C:\Program Files\AMD\CNext\CNext\libEGL.dll
2015-06-25 15:51 - 2015-06-25 15:51 - 02013696 _____ () C:\Program Files\AMD\CNext\CNext\libGLESv2.dll
2015-10-17 07:54 - 2015-10-07 22:48 - 05887808 _____ () C:\Users\Saeed\AppData\Local\Amazon Music\Amazon Music Helper.exe
2014-10-21 05:00 - 2014-10-21 05:00 - 00275960 _____ () C:\Program Files\SolidWorks Corp\SolidWorks\sldBodyDiffu.dll
2016-04-06 01:54 - 2016-04-06 01:54 - 00267672 _____ () C:\Program Files\SolidWorks Corp\SOLIDWORKS (2)\sldBodyDiffu.dll
2016-04-19 07:38 - 2016-04-19 07:38 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
2016-09-09 12:25 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2016-09-09 12:25 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2016-09-09 12:25 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2016-09-09 12:25 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2016-06-28 00:19 - 2016-06-28 00:19 - 00865232 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\kpcengine.2.3.dll
2014-07-04 23:22 - 2016-09-10 17:06 - 00032256 _____ () C:\Program Files (x86)\ASUS\AXSP\1.00.19\PEbiosinterface32.dll
2014-07-04 23:22 - 2010-06-28 19:58 - 00104448 ____N () C:\Program Files (x86)\ASUS\AXSP\1.00.19\ATKEX.dll
2016-07-13 09:42 - 2016-07-13 09:42 - 00016384 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PSIClient\99ef1e9269cf94f2dcc17cbf48bece86\PSIClient.ni.dll
2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:45 - 2010-10-20 15:45 - 08801120 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2014-07-09 12:29 - 2013-10-18 18:04 - 05777616 _____ () C:\Program Files (x86)\ASUS\AI Suite II\EasyUpdate\EzULIB.dll
2014-07-09 12:29 - 2013-05-08 16:22 - 00208896 _____ () C:\Program Files (x86)\ASUS\AI Suite II\EasyUpdate\ImageHelper.dll
2014-07-09 12:33 - 2014-07-09 12:12 - 00043520 ____N () C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\HookKey32.dll
2014-07-09 12:33 - 2013-08-19 17:21 - 00253952 _____ () C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\pngio.dll
2014-07-04 23:23 - 2011-07-12 19:14 - 00147456 ____N () C:\Program Files (x86)\ASUS\AI Suite II\AssistFunc.dll
2014-07-04 23:23 - 2010-10-05 08:22 - 00253952 ____N () C:\Program Files (x86)\ASUS\AI Suite II\pngio.dll
2014-07-09 12:29 - 2013-12-04 11:57 - 00870912 _____ () C:\Program Files (x86)\ASUS\AI Suite II\AI Charger+\AIChargerPlus.dll
2014-07-04 23:23 - 2012-10-08 17:07 - 00972288 ____N () C:\Program Files (x86)\ASUS\AI Suite II\BarGadget\BarGadget.dll
2014-07-09 12:29 - 2013-05-08 16:22 - 01040896 _____ () C:\Program Files (x86)\ASUS\AI Suite II\EasyUpdate\EasyUpdt.dll
2014-07-09 12:31 - 2012-06-19 12:56 - 01305600 _____ () C:\Program Files (x86)\ASUS\AI Suite II\MyLogo\MyLogo.dll
2014-07-09 12:32 - 2012-07-20 09:39 - 01047040 _____ () C:\Program Files (x86)\ASUS\AI Suite II\Probe_II\ProbeII.dll
2014-07-04 23:23 - 2013-04-15 14:19 - 00883712 ____N () C:\Program Files (x86)\ASUS\AI Suite II\Sensor\Sensor.dll
2014-07-04 23:23 - 2012-05-28 21:27 - 01622528 ____N () C:\Program Files (x86)\ASUS\AI Suite II\Sensor Graph\SensorGraph.dll
2014-07-04 23:23 - 2011-09-19 20:18 - 01243136 ____N () C:\Program Files (x86)\ASUS\AI Suite II\Settings\Settings.dll
2014-07-04 23:23 - 2011-07-21 09:06 - 00846848 ____N () C:\Program Files (x86)\ASUS\AI Suite II\Splitter\Splitter.dll
2014-07-04 23:23 - 2012-08-29 18:09 - 00875520 ____N () C:\Program Files (x86)\ASUS\AI Suite II\TabGadget\TabGadget.dll
2014-07-04 23:22 - 2010-08-22 19:17 - 00662016 ____R () C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMLib.dll
2014-07-04 23:23 - 2010-10-05 08:22 - 00208896 ____N () C:\Program Files (x86)\ASUS\AI Suite II\ImageHelper.dll
2014-07-04 23:23 - 2009-08-12 20:15 - 00253952 ____N () C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\pngio.dll
2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\office14\Cultures\office.odf
2016-08-27 12:52 - 2016-08-27 12:52 - 01383616 _____ () C:\Users\Saeed\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\ClientTelemetry.dll
2016-08-27 12:52 - 2016-08-27 12:52 - 00118976 _____ () C:\Users\Saeed\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\FileSyncViews.dll
2014-02-03 23:42 - 2014-02-03 23:42 - 00269128 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2011\boost_regex-vc90-mt-p-1_33.dll
2014-02-03 23:43 - 2014-02-03 23:43 - 00021320 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2011\QBCompressor.dll
2014-02-03 23:42 - 2014-02-03 23:42 - 00348488 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2011\BackupLib.dll
2014-02-03 23:43 - 2014-02-03 23:43 - 00126792 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2011\QBMAPILibrary.dll
2005-07-20 00:18 - 2005-07-20 00:18 - 00059904 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2011\zlib1.dll
2014-02-03 23:42 - 2014-02-03 23:42 - 00176968 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2011\boost_serialization-vc90-mt-p-1_33.dll
2014-02-03 23:43 - 2014-02-03 23:43 - 00042824 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2011\mbpopup.dll
2016-04-19 07:38 - 2016-04-19 07:38 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll
2016-04-19 07:38 - 2016-04-19 07:38 - 22284800 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkyWrap.dll
2016-09-08 20:15 - 2016-09-06 18:29 - 01806152 _____ () C:\Program Files (x86)\Google\Chrome\Application\53.0.2785.101\libglesv2.dll
2016-09-08 20:15 - 2016-09-06 18:29 - 00094024 _____ () C:\Program Files (x86)\Google\Chrome\Application\53.0.2785.101\libegl.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 19:34 - 2009-06-10 14:00 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3537868688-3037064431-4150770311-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Saeed\AppData\Local\Microsoft\Windows\Themes\img12.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [MSMQ-In-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-In-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [WCF-NetTcpActivator-In-TCP-64bit] => (Allow) LPort=808
FirewallRules: [{EC5A47C4-CD06-428F-BA58-25045CC35225}] => (Allow) C:\Program Files\SolidWorks Corp\SolidWorks\photoview\photoview360_cl.exe
FirewallRules: [{0BF6737E-D9EF-4AF8-9287-18F84B1EBD78}] => (Allow) C:\Program Files\SolidWorks Corp\SolidWorks\photoview\photoview360_cl.exe
FirewallRules: [{EBDC4E75-F568-4366-A667-E7587B8753E8}] => (Allow) C:\Program Files\SolidWorks Corp\SolidWorks\photoview\photoview360.exe
FirewallRules: [{2172AFEA-2097-4BBC-BB72-48D11B8D4F32}] => (Allow) C:\Program Files\SolidWorks Corp\SolidWorks\photoview\photoview360.exe
FirewallRules: [{F4FB5634-34EB-443E-8E69-9CB6DA635588}] => (Allow) C:\Program Files\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe
FirewallRules: [{8CFDA518-1D94-4A5E-9826-CB7B585AA7F1}] => (Allow) C:\Program Files\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe
FirewallRules: [{78230E1B-4A98-42F3-B92B-E7DACB7D7A69}] => (Block) c:\Program Files\Corel\CorelDRAW Graphics Suite X7\Programs64\CorelPP.exe
FirewallRules: [{F31D4182-71CF-46B5-8E18-A2A57E08815A}] => (Block) c:\Program Files\Corel\CorelDRAW Graphics Suite X7\Programs64\CorelDrw.exe
FirewallRules: [{D2CC740D-9D02-4EFB-8B78-38D2560B3253}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [{AB2A75E4-6614-45BC-8812-1193D0144C5C}] => (Allow) C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe
FirewallRules: [{A84717A0-B254-45E9-A968-EAE240B8C386}] => (Allow) C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe
FirewallRules: [{57F3E325-E4F1-4FA9-BD2D-1D9A4EF5C6EC}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{CC5C4354-6E2A-4B2D-B135-1C6034C1F0AF}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{267C0CE9-5C06-4152-A751-9AD364B4D5CD}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{E9DC61CB-E0C7-4568-8EF6-EB36FCE8D8DA}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{48AFF885-9A9C-4DB1-B6A8-8982621EB6E1}] => (Block) c:\Program Files\Corel\CorelDRAW Graphics Suite X8\Programs64\CorelDrw.exe
FirewallRules: [{C9071DCC-3487-4412-9A19-943EA8E6F3A6}] => (Block) c:\Program Files\Corel\CorelDRAW Graphics Suite X8\Programs64\CorelPP.exe
FirewallRules: [{ED936604-C72D-424D-8BBC-67AB6D72DDE9}] => (Allow) C:\Program Files\SolidWorks Corp\SOLIDWORKS (2)\swScheduler\DTSCoordinatorService.exe
FirewallRules: [{2FAF0E9E-6388-4A89-8FCD-3FD8BE2E5643}] => (Allow) C:\Program Files\SolidWorks Corp\SOLIDWORKS (2)\swScheduler\DTSCoordinatorService.exe
FirewallRules: [{F1EB6614-BA92-4844-9627-6246AFE47140}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{9C30C045-7E33-4EF0-9FC3-A6244C648670}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{79641B02-1382-4052-A37F-C1BA213E9964}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service

==================== Restore Points =========================

23-08-2016 16:07:18 Windows Update
30-08-2016 22:43:05 Scheduled Checkpoint
09-09-2016 14:57:48 Scheduled Checkpoint
10-09-2016 17:17:34 JRT Pre-Junkware Removal

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (09/10/2016 05:23:26 PM) (Source: QuickBooks) (EventID: 4) (User: )
Description: An unexpected error has occured in "QuickBooks":
Returning NULL QBWinInstance Handle

Error: (09/10/2016 05:23:26 PM) (Source: QuickBooks) (EventID: 4) (User: )
Description: An unexpected error has occured in "QuickBooks":
Returning NULL QBWinInstance Handle

Error: (09/10/2016 05:23:26 PM) (Source: QuickBooks) (EventID: 4) (User: )
Description: An unexpected error has occured in "QuickBooks":
Returning NULL QBWinInstance Handle

Error: (09/10/2016 05:23:18 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: CLI.exe, version: 4.5.0.0, time stamp: 0x56375a5d
Faulting module name: KERNELBASE.dll, version: 10.0.10586.494, time stamp: 0x5775e4c5
Exception code: 0xe0434352
Fault offset: 0x0000000000071f28
Faulting process id: 0x436c
Faulting application start time: 0x01d20bc2b1f029bb
Faulting application path: C:\Program Files (x86)\AMD\CNext\CCCSlim\CLI.exe
Faulting module path: C:\WINDOWS\system32\KERNELBASE.dll
Report Id: 7154a795-5f23-4395-99a8-083fb3f68989
Faulting package full name:
Faulting package-relative application ID:

Error: (09/10/2016 05:23:18 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: CLI.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.IO.FileLoadException
at ATI.ACE.CLI.Implementation.CLI_Main..ctor(System.String[])
at ATI.ACE.CLI.Implementation.CLI.Main(System.String[])

Exception Info: System.Reflection.TargetInvocationException
at System.RuntimeMethodHandle.InvokeMethod(System.Object, System.Object[], System.Signature, Boolean)
at System.Reflection.RuntimeMethodInfo.UnsafeInvokeInternal(System.Object, System.Object[], System.Object[])
at System.Reflection.RuntimeMethodInfo.Invoke(System.Object, System.Reflection.BindingFlags, System.Reflection.Binder, System.Object[], System.Globalization.CultureInfo)
at System.RuntimeType.InvokeMember(System.String, System.Reflection.BindingFlags, System.Reflection.Binder, System.Object, System.Object[], System.Reflection.ParameterModifier[], System.Globalization.CultureInfo, System.String[])
at ATI.ACE.CLI.EXE.CLI.Main(System.String[])

Error: (09/10/2016 05:17:36 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.

Error: (09/10/2016 05:07:47 PM) (Source: QuickBooks) (EventID: 4) (User: )
Description: An unexpected error has occured in "QuickBooks":
Returning NULL QBWinInstance Handle

Error: (09/10/2016 05:07:47 PM) (Source: QuickBooks) (EventID: 4) (User: )
Description: An unexpected error has occured in "QuickBooks":
Returning NULL QBWinInstance Handle

Error: (09/10/2016 05:07:47 PM) (Source: QuickBooks) (EventID: 4) (User: )
Description: An unexpected error has occured in "QuickBooks":
Returning NULL QBWinInstance Handle

Error: (09/10/2016 05:07:37 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: CLI.exe, version: 4.5.0.0, time stamp: 0x56375a5d
Faulting module name: KERNELBASE.dll, version: 10.0.10586.494, time stamp: 0x5775e4c5
Exception code: 0xe0434352
Fault offset: 0x0000000000071f28
Faulting process id: 0x1c6c
Faulting application start time: 0x01d20bc080e16246
Faulting application path: C:\Program Files (x86)\AMD\CNext\CCCSlim\CLI.exe
Faulting module path: C:\WINDOWS\system32\KERNELBASE.dll
Report Id: 52c9907b-7747-477c-9528-bbb1e3699c36
Faulting package full name:
Faulting package-relative application ID:


System errors:
=============
Error: (09/10/2016 05:33:57 PM) (Source: bowser) (EventID: 8003) (User: )
Description: The master browser has received a server announcement from the computer SAEED-LT2
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{7E205A33-CA35-4F3A-83D7-DE07ADE0E184}.
The master browser is stopping or an election is being forced.

Error: (09/10/2016 05:21:47 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Sync Host_3f7de service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (09/10/2016 05:09:55 PM) (Source: bowser) (EventID: 8003) (User: )
Description: The master browser has received a server announcement from the computer SAEED-LT2
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{7E205A33-CA35-4F3A-83D7-DE07ADE0E184}.
The master browser is stopping or an election is being forced.

Error: (09/10/2016 05:06:50 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The NetTcpActivator service depends on the NetTcpPortSharing service which failed to start because of the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Error: (09/10/2016 05:06:28 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Access_3f2dc service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (09/10/2016 05:06:28 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Storage_3f2dc service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (09/10/2016 05:06:28 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Contact Data_3f2dc service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (09/10/2016 05:06:28 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Sync Host_3f2dc service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (09/10/2016 05:05:59 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error:
An instance of the service is already running.

Error: (09/10/2016 05:05:30 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Kaspersky Secure Connection Service 1.0.0 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.


CodeIntegrity:
===================================
Date: 2016-09-01 11:55:53.205
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-08-10 09:14:52.434
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-07-13 22:31:09.255
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-07-13 09:42:33.553
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.StdFormat.dll that did not meet the Microsoft signing level requirements.

Date: 2016-07-13 09:42:33.522
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\ADODB.dll that did not meet the Microsoft signing level requirements.

Date: 2016-07-13 09:42:33.495
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\MSDATASRC\7.0.3300.0__b03f5f7f11d50a3a\MSDATASRC.dll that did not meet the Microsoft signing level requirements.

Date: 2016-07-13 09:42:33.445
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.StdFormat.dll that did not meet the Microsoft signing level requirements.

Date: 2016-07-13 09:42:33.429
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\ADODB.dll that did not meet the Microsoft signing level requirements.

Date: 2016-07-13 09:42:33.413
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\MSDATASRC\7.0.3300.0__b03f5f7f11d50a3a\MSDATASRC.dll that did not meet the Microsoft signing level requirements.

Date: 2016-07-13 09:42:32.728
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\stdole\7.0.3300.0__b03f5f7f11d50a3a\stdole.dll that did not meet the Microsoft signing level requirements.


==================== Memory info ===========================

Processor: Intel® Core™ i7-4930K CPU @ 3.40GHz
Percentage of memory in use: 22%
Total physical RAM: 16324.88 MB
Available physical RAM: 12623.25 MB
Total Virtual: 32708.88 MB
Available Virtual: 28777.85 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:465.22 GB) (Free:197.57 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: DAC52C20)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=465.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=450 MB) - (Type=27)

==================== End of Addition.txt ============================

Attached Files


Edited by Oh My!, 15 September 2016 - 07:32 PM.


BC AdBot (Login to Remove)

 


#2 AmooXerxes

AmooXerxes
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:36 PM

Posted 13 September 2016 - 11:50 AM

Update:

 

Upon boot this morning, and subsequent mbam scan, these keys were identified and quarantined:

 

 
Registry Values: 3
Hijack.AutoConfigURL.PrxySvrRST, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\IPHLPSVC\PARAMETERS\PROXYMGR\{57457629-A898-4753-9C82-D5B82C916A04}|AutoConfigUrl, http://non-block.com/wpad.dat?9af934ac0601a149b7c23bb86f2d24de16119913, Quarantined, [317cdc950f8b280e399fe109877db050]
PUP.Optional.AutoConfigURL.PrxySvrRST, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\NLASVC\PARAMETERS\INTERNET\MANUALPROXIES, 0http://non-block.com/wpad.dat?9af934ac0601a149b7c23bb86f2d24de16119913, Quarantined, [b9f4db960a901b1b49905a90689c4cb4]
Hijack.AutoConfigURL.PrxySvrRST, HKU\S-1-5-21-3537868688-3037064431-4150770311-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|AutoConfigUrl, http://non-block.com/wpad.dat?9af934ac0601a149b7c23bb86f2d24de16119913, Quarantined, [109d1e530199a195b3245c8e0cf858a8]
 
upon next reboot, system default app settings had to be refreshed; behavior hasn't changed noticeably; bug alive and well!


#3 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,600 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:36 PM

Posted 15 September 2016 - 07:27 PM

Greetings AmooXerxes and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met.
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. Please allow me just a bit of time to review what you have posted.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#4 AmooXerxes

AmooXerxes
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:36 PM

Posted 15 September 2016 - 07:55 PM

Hello Gary,

 

Thank you for your attention. My name is Saeed (Irish spelling ;)).

 

As a quick update: the system hasn't really changed behavior, and, I haven't done anything beyond running a few scans with the mentioned tools, for giggles! Short of Windows reporting just about every default app having been restored to default (2 or 3 times so far, at boot up), no change in behavior.

 

I look forward to your advice, and, whether you find anything conspicuous in the Farbar reports.

 

Kind Regards,

Saeed



#5 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,600 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:36 PM

Posted 15 September 2016 - 07:56 PM

Greetings and thank you again for your patience.

Please do this.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it as fixlist.txt in the same location/folder as FRST.exe (<<<Important)
CreateRestorePoint:
CloseProcesses:
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
AutoConfigURL: [S-1-5-21-3537868688-3037064431-4150770311-1000] => hxxp://non-block.com/wpad.dat?9af934ac0601a149b7c23bb86f2d24de16119913
U3 idsvc; no ImagePath
U3 wpcsvc; no ImagePath
C:\Users\Saeed\AppData\Local\Temp\9042-4226-ec32-93a2.exe
Task: {003AD46D-097B-46A9-A8F9-C9AFA550E796} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {0C3449EE-386C-4048-8C99-9C7D6E780FC3} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {1A26B64B-3F71-4B9D-935E-CFB5FCFA69F1} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {2F41FFA8-A06E-4AC7-8544-BCE5D550B888} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {32D21128-3ED4-4D66-B819-B403C9A6DB09} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {3464A773-578A-4AA6-AADF-7292EBA94B2C} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {6BD49233-01DC-4643-8220-95482AA19861} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {8C4966C7-59EB-4492-B7D3-5C8C844A24E6} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {963D6CF5-BA46-4D5B-BCD9-E63415C6666C} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {A2BA5346-07ED-482B-ACF4-5C6B67F77D89} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {D1AA9FA6-17A5-41CB-B118-959E577C6CC9} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {D9BFDCE3-EA23-43DC-B40F-861C5552979D} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
removeproxy:
CMD: ipconfig /flushdns
CMD: netsh winsock reset
CMD: ipconfig /release
CMD: ipconfig /renew
emptytemp:
  • Right click on FRST.exe, select Run as administrator then press the Fix button
  • When completed he tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog
  • Update on computer behavior

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#6 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,600 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:36 PM

Posted 15 September 2016 - 07:59 PM

Greetings Saeed,

Sorry I didn't see your last post before posting a fix. Yes, there are entries in the reports indicating a browser hijack.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#7 AmooXerxes

AmooXerxes
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:36 PM

Posted 15 September 2016 - 08:20 PM

Thanks Gary,

 

Performed the fix; here's the Fixlog:

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 16-09-2016
Ran by Saeed (15-09-2016 18:03:52) Run:1
Running from C:\Users\Saeed\Downloads
Loaded Profiles: Saeed (Available Profiles: Saeed & DefaultAppPool)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
AutoConfigURL: [S-1-5-21-3537868688-3037064431-4150770311-1000] => hxxp://non-block.com/wpad.dat?9af934ac0601a149b7c23bb86f2d24de16119913
U3 idsvc; no ImagePath
U3 wpcsvc; no ImagePath
C:\Users\Saeed\AppData\Local\Temp\9042-4226-ec32-93a2.exe
Task: {003AD46D-097B-46A9-A8F9-C9AFA550E796} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {0C3449EE-386C-4048-8C99-9C7D6E780FC3} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {1A26B64B-3F71-4B9D-935E-CFB5FCFA69F1} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {2F41FFA8-A06E-4AC7-8544-BCE5D550B888} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {32D21128-3ED4-4D66-B819-B403C9A6DB09} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {3464A773-578A-4AA6-AADF-7292EBA94B2C} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {6BD49233-01DC-4643-8220-95482AA19861} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {8C4966C7-59EB-4492-B7D3-5C8C844A24E6} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {963D6CF5-BA46-4D5B-BCD9-E63415C6666C} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {A2BA5346-07ED-482B-ACF4-5C6B67F77D89} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {D1AA9FA6-17A5-41CB-B118-959E577C6CC9} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {D9BFDCE3-EA23-43DC-B40F-861C5552979D} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
removeproxy:
CMD: ipconfig /flushdns
CMD: netsh winsock reset
CMD: ipconfig /release
CMD: ipconfig /renew
emptytemp:
*****************
 
Restore point was successfully created.
Processes closed successfully.
"HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SDWinLogon" => key removed successfully
HKU\S-1-5-21-3537868688-3037064431-4150770311-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\AutoConfigURL => value not found.
idsvc => service removed successfully
wpcsvc => service removed successfully
C:\Users\Saeed\AppData\Local\Temp\9042-4226-ec32-93a2.exe => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{003AD46D-097B-46A9-A8F9-C9AFA550E796}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{003AD46D-097B-46A9-A8F9-C9AFA550E796}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0C3449EE-386C-4048-8C99-9C7D6E780FC3}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0C3449EE-386C-4048-8C99-9C7D6E780FC3}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1A26B64B-3F71-4B9D-935E-CFB5FCFA69F1}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1A26B64B-3F71-4B9D-935E-CFB5FCFA69F1}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2F41FFA8-A06E-4AC7-8544-BCE5D550B888}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2F41FFA8-A06E-4AC7-8544-BCE5D550B888}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{32D21128-3ED4-4D66-B819-B403C9A6DB09}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{32D21128-3ED4-4D66-B819-B403C9A6DB09}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3464A773-578A-4AA6-AADF-7292EBA94B2C}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3464A773-578A-4AA6-AADF-7292EBA94B2C}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6BD49233-01DC-4643-8220-95482AA19861}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6BD49233-01DC-4643-8220-95482AA19861}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8C4966C7-59EB-4492-B7D3-5C8C844A24E6}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8C4966C7-59EB-4492-B7D3-5C8C844A24E6}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{963D6CF5-BA46-4D5B-BCD9-E63415C6666C}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{963D6CF5-BA46-4D5B-BCD9-E63415C6666C}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A2BA5346-07ED-482B-ACF4-5C6B67F77D89}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A2BA5346-07ED-482B-ACF4-5C6B67F77D89}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D1AA9FA6-17A5-41CB-B118-959E577C6CC9}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D1AA9FA6-17A5-41CB-B118-959E577C6CC9}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{D9BFDCE3-EA23-43DC-B40F-861C5552979D}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D9BFDCE3-EA23-43DC-B40F-861C5552979D}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess" => key removed successfully
 
========= RemoveProxy: =========
 
HKLM\SYSTEM\CurrentControlSet\services\NlaSvc\Parameters\Internet\ManualProxies\\ => value removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
HKU\S-1-5-21-3537868688-3037064431-4150770311-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\S-1-5-21-3537868688-3037064431-4150770311-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
 
 
========= End of RemoveProxy: =========
 
 
========= ipconfig /flushdns =========
 
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========= End of CMD: =========
 
 
========= netsh winsock reset =========
 
 
Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.
 
 
========= End of CMD: =========
 
 
========= ipconfig /release =========
 
 
Windows IP Configuration
 
No operation can be performed on Ethernet while it has its media disconnected.
 
Ethernet adapter Local Area Connection:
 
   Connection-specific DNS Suffix  . : 
   Link-local IPv6 Address . . . . . : fe80::91e9:e2a6:574d:bc5d%2
   Default Gateway . . . . . . . . . : 
 
Ethernet adapter Ethernet:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
 
Tunnel adapter Local Area Connection* 2:
 
   Connection-specific DNS Suffix  . : 
   IPv6 Address. . . . . . . . . . . : 2001:0:9d38:6abd:2c65:2e61:b8a2:52fd
   Link-local IPv6 Address . . . . . : fe80::2c65:2e61:b8a2:52fd%4
   Default Gateway . . . . . . . . . : ::
 
Tunnel adapter isatap.{7E205A33-CA35-4F3A-83D7-DE07ADE0E184}:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
 
========= End of CMD: =========
 
 
========= ipconfig /renew =========
 
 
Windows IP Configuration
 
No operation can be performed on Ethernet while it has its media disconnected.
 
Ethernet adapter Local Area Connection:
 
   Connection-specific DNS Suffix  . : Elantron
   Link-local IPv6 Address . . . . . : fe80::91e9:e2a6:574d:bc5d%2
   IPv4 Address. . . . . . . . . . . : 192.168.0.157
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 192.168.0.1
 
Ethernet adapter Ethernet:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
 
Tunnel adapter Local Area Connection* 2:
 
   Connection-specific DNS Suffix  . : 
   IPv6 Address. . . . . . . . . . . : 2001:0:9d38:6ab8:102f:263d:b8a2:52fd
   Link-local IPv6 Address . . . . . : fe80::102f:263d:b8a2:52fd%4
   Default Gateway . . . . . . . . . : ::
 
Tunnel adapter isatap.Elantron:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : Elantron
 
========= End of CMD: =========
 
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 300799 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 197396277 B
Java, Flash, Steam htmlcache => 523 B
Windows/system/drivers => 7598732 B
Edge => 3464362 B
Chrome => 476963090 B
Firefox => 77015042 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Default => 6656 B
ProgramData => 0 B
Public => 0 B
systemprofile => 128 B
systemprofile32 => 128 B
LocalService => 226288 B
NetworkService => 333098 B
Saeed => 313596600 B
DefaultAppPool => 0 B
 
RecycleBin => 7358840467 B
EmptyTemp: => 7.9 GB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 18:04:39 ====


#8 AmooXerxes

AmooXerxes
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:36 PM

Posted 15 September 2016 - 08:24 PM

p.s.

 

I've been clicking around in Chrome, and no bug behavior so far, albeit, a bit early to celebrate!!!



#9 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,600 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:36 PM

Posted 15 September 2016 - 09:08 PM

:thumbsup2:

Please do this.

===================================================

ESET Online Scanner

--------------------

I'd like us to scan your machine with ESET OnlineScan This process may may take several hours, that is normal.
  • Download esetsmartinstaller_enu.exe and save it to your Desktop
  • Double click the icon
  • Check YES, I accept the Terms of Use
  • Click the Start button
  • Accept any security warnings from your browser
  • Click Advanced settings
  • Check the following items

Enable detection of potentially unwanted applications
Remove found threats
Scan archives
Scan for potentially unsafe applications
Enable Anti-Stealth technology

  • Click Start
  • ESET will then download updates and begin scanning your computer
  • If no threats are found simply click Uninstall application on close and hit Finish
  • If threats are found click List of found threats
  • Click Export to text file
  • Save the file on your Desktop as ESET.txt
  • Click Back
  • Review the list of entries and if there are any you want to keep stop and copy/paste the ESET.txt report in your reply for my review
  • If you do not wish to keep any of the entries check Uninstall application on close and Delete quarantined files
  • Click Finish
  • Close the ESET Online Scanner window
  • Copy and paste the contents of ESET.txt in your reply
===================================================

screen317's Security Check

--------------------
  • Please download screen317's Security Check to your desktop
  • Double-click icon to launch the program
  • Click OK
  • Select Run Note: If you receive an error message saying UNSUPPORTED OPERATING SYSTEM! ABORTED! reboot your computer and attempt to run it again
  • Allow the program to run
  • A Notepad document will open on your desktop. Please copy and paste the contents in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • ESET log
  • Security Check log
  • How is your computer running?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#10 AmooXerxes

AmooXerxes
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:36 PM

Posted 16 September 2016 - 02:45 AM

Good Morning Gary,

 

Results of your instructed procedures:

 

ESET report:

 

C:\Users\Saeed\Documents\SolidWorks Downloads\SolidWorks 2014 x64 SP05\swelectric\PDFCre~1.cab Win32/Toolbar.Widgi potentially unwanted application deleted
C:\Users\Saeed\Documents\SolidWorks Downloads\SOLIDWORKS 2015 x64 SP02.1\swelectric\PDFCre~1.cab Win32/InstallMonetizer.AQ potentially unwanted application deleted
C:\Users\Saeed\Documents\SolidWorks Downloads\SOLIDWORKS 2016 x64 SP0.1\swelectric\PDFCre~1.cab Win32/InstallMonetizer.AQ potentially unwanted application deleted
C:\Users\Saeed\Documents\SolidWorks Downloads\SOLIDWORKS 2016 x64 SP01\swelectric\PDFCre~1.cab Win32/InstallMonetizer.AQ potentially unwanted application deleted
C:\Users\Saeed\Documents\SolidWorks Downloads\SOLIDWORKS 2016 x64 SP03\swelectric\PDFCre~1.cab Win32/InstallMonetizer.AQ potentially unwanted application deleted
C:\Users\Saeed\Documents\SolidWorks Downloads\SOLIDWORKS 2017 Beta 1\swelectric\PDFCre~1.cab Win32/InstallMonetizer.AQ potentially unwanted application deleted
 
and, Security check log:
 

Results of screen317's Security Check version 1.014 --- 12/23/15  
   x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
Kaspersky Internet Security   
Windows Defender              
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:````````` 
 MVPS Hosts File  
 Spybot - Search & Destroy 
 Java 8 Update 101  
 Java version 32-bit out of Date! 
 Adobe Flash Player 23.0.0.162  
 Mozilla Firefox (48.0.2) 
 Google Chrome (53.0.2785.113) 
 Google Chrome (53.0.2785.116) 
 Google Chrome (SetupMetrics...) 
````````Process Check: objlist.exe by Laurent````````  
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbam.exe  
 Spybot Teatimer.exe is disabled! 
 Malwarebytes Anti-Malware mbamscheduler.exe   
 Kaspersky Lab Kaspersky Secure Connection 1.0 ksde.exe  
 Kaspersky Lab Kaspersky Secure Connection 1.0 ksdeui.exe  
 Kaspersky Lab Kaspersky Internet Security 17.0.0 avp.exe  
 Kaspersky Lab Kaspersky Internet Security 17.0.0 avpui.exe  
 Kaspersky Lab Kaspersky Internet Security 17.0.0 x64 wmi64.exe 
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  % 
````````````````````End of Log`````````````````````` 
 
 
I haven't really exercised the system since the above were performed. All seems good so far!
 
I allowed ESET to delete the suspects, however, I'm surprised that it found issues with the Solidworks downloads. These are, perhaps, false alarms as they were downloaded directly by Dassault System's download manager. Unless, a bug attached itself to them after the fact. In any event, the downloads are not valuable at this point and I didn't bother keeping them.
 
I look forward to your conclusions, and, I'm very grateful for your assistance and kindness.
 


#11 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,600 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:36 PM

Posted 16 September 2016 - 09:01 AM

Greetings Saeed,

Often times legitimate programs install junk on the computer, and the items detected fall into that category. Here is a report on InstallMonetizer which provides some information about it. You will find the name InstallMonetizer if you click on the Virus Characteristics tab.

Things look good. Are there any remaining issues or questions before I post some final instructions and information?
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#12 AmooXerxes

AmooXerxes
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:36 PM

Posted 16 September 2016 - 11:33 AM

Thank you for the insight Gary.

 

I'm not seeing any unusual behavior on my system since the FRST fix. I assume all is well :)

 

If it's not an imposition, I'm very curious to know which part of the original FRST report may have flagged as a browser hijacker. And, why wouldn't FRST categorize it as such and white-list it.



#13 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,600 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:36 PM

Posted 16 September 2016 - 02:22 PM

Greetings Saeed,

No imposition at all.

FRST flags an enormous number of entries already deemed malicious. In other areas, like AutoConfigURL and Proxy Servers FRST will simply populate the entries because it is not uncommon for those entries to have user defined instructions. Quite often if an untrained eye looks at a FRST report it can be obvious there is a problem. Other times, like in your case it is only obvious to someone who has been specifically trained regarding what to look for.

Here were the 4 main entries of concern in your reports. 3 of them had some clues while the other one really didn't. The information you posted from the Malwarebytes scan actually provided the information, provided you understand how to read the lines (trained part).
 

Hijack.AutoConfigURL.PrxySvrRST, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\IPHLPSVC\PARAMETERS\PROXYMGR\{57457629-A898-4753-9C82-D5B82C916A04}|AutoConfigUrl, http://non-block.com/wpad.dat?9af934ac0601a149b7c23bb86f2d24de16119913, Quarantined, [317cdc950f8b280e399fe109877db050]

PUP.Optional.AutoConfigURL.PrxySvrRST, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\NLASVC\PARAMETERS\INTERNET\MANUALPROXIES, 0http://non-block.com/wpad.dat?9af934ac0601a149b7c23bb86f2d24de16119913, Quarantined, [b9f4db960a901b1b49905a90689c4cb4]

Hijack.AutoConfigURL.PrxySvrRST, HKU\S-1-5-21-3537868688-3037064431-4150770311-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|AutoConfigUrl, http://non-block.com/wpad.dat?9af934ac0601a149b7c23bb86f2d24de16119913, Quarantined, [109d1e530199a195b3245c8e0cf858a8]

C:\Users\Saeed\AppData\Local\Temp\9042-4226-ec32-93a2.exe


Even though Malwarebytes removed the entries they came back upon reboot. I think that was either because the 9042-4226-ec32-93a2.exe file was being launched at computer startup and that malicious file was changing the AutoConfigURL and Proxy settings or some of the information removed as a result of the emptytemp: command in the fixlist was the culprit. Java Cache can be a big factor in inserting malware into a computer.

So between removing the specific entries again and removing the launching point repopulating those entries we were able to resolve the issue. Quick overview but does this answer your questions?
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#14 AmooXerxes

AmooXerxes
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:36 PM

Posted 16 September 2016 - 03:43 PM

Absolutely Gary; thank you for taking the time to explain. You are a gentleman and a scholar.

 

My system is still happy as a clam :)



#15 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,600 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:36 PM

Posted 16 September 2016 - 05:44 PM

You are very kind, thank you. The time has come....

Now that your computer is running well it is my great pleasure to proclaim to you the Good News!

===================================================

All Clean!

--------------

Your machine appears to be clean and we will now remove the tools used and logs created during our steps. Please do this.

===================================================

Delfix by Xplode

--------------------
  • Download Delfix and save it to your Desktop
  • Double click the icon
  • Place checkmarks in:

Remove disinfection tools
Create registry backup
Purge system restore

  • Click Run
===================================================

You may delete any additional programs or logs on your computer which were not automatically removed by Delfix. Simply delete the log files or desktop icons. If we used Emsisoft Emergency Kit just delete the icon on your desktop and the C:\EEK folder.

Please take the time to read below on how to secure the machine and take the necessary steps to keep it clean :thumbsup:

Lawrence Abrams, the founder of BleepingComputer.com, has developed an excellent tutorial which will provide you with the information you need to know to keep your computer secure and clean. Please take the time to read:In addition, here are some more links you might find of interest:Thank you for placing your trust in BleepingComputer. It was a pleasure serving you. OhMy_done.gif
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users