Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Credit Card Stolen 3 Times - Possible Key-logger / Spyware


  • This topic is locked This topic is locked
6 replies to this topic

#1 cmaroun

cmaroun

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:04:07 AM

Posted 11 September 2017 - 05:57 PM

Hi Guys,

 

In the past 6 month I had to change 3 credit cards. The cards are mostly used online using iPhone apps (Uber / Booking / iTunes) or on trusted websites using my personal Toshiba R840 laptop. I'd use some help reading the FRST log and determining if something suspicious is running in the background and Spying on my credit card details.

 

I did a preliminary cleanup using the Kaspersky Internet Security / MalwareBytes / Zemana & Hitman Pro.

And here are the logs of each of them with the detected threats.

 

 

HITMAN PRO LOGS

 

Malware _____________________________________________________________________
 
   C:\$Recycle.Bin\S-1-5-21-472345856-2661812082-469964496-1000\$R010E00.exe -> Deleted
      Size . . . . . . . : 112,814 bytes
      Age  . . . . . . . : 0.6 days (2017-09-06 03:28:14)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : C58F3830172DB0FACDE2FCEF17F89AB337E37B72151780ADA5BEB211D6D6F8E1
    > HitmanPro  . . . . : App/Generic-NG
      Fuzzy  . . . . . . : 116.0

 

MALWAREBYTES THREAT SCAN LOGS

 

Malwarebytes
www.malwarebytes.com
 
-Log Details-
Scan Date: 9/5/17
Scan Time: 8:08 PM
Log File: dd4fb8ec-925c-11e7-a595-00ff3bcb4c2a.json
Administrator: Yes
 
-Software Information-
Version: 3.2.2.2018
Components Version: 1.0.188
Update Package Version: 1.0.2731
License: Trial
 
-System Information-
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: CHUCKMAD-TOSH\CHUCKMAD
 
-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 454251
Threats Detected: 8
Threats Quarantined: 8
Time Elapsed: 1 hr, 22 min, 6 sec
 
-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect
 
-Scan Details-
Process: 0
(No malicious items detected)
 
Module: 0
(No malicious items detected)
 
Registry Key: 0
(No malicious items detected)
 
Registry Value: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Data Stream: 0
(No malicious items detected)
 
Folder: 0
(No malicious items detected)
 
File: 8
PUP.Optional.MindSpark, C:\USERS\CHUCKMAD\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\LOCAL STORAGE\http_couponxplorer.dl.myway.com_0.localstorage, Quarantined, [259], [240305],1.0.2731
PUP.Optional.MindSpark, C:\USERS\CHUCKMAD\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\LOCAL STORAGE\http_couponxplorer.dl.myway.com_0.localstorage-journal, Quarantined, [259], [240305],1.0.2731
PUP.Optional.MindSpark, C:\USERS\CHUCKMAD\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\LOCAL STORAGE\http_fromdoctopdf.dl.myway.com_0.localstorage, Quarantined, [259], [240305],1.0.2731
PUP.Optional.MindSpark, C:\USERS\CHUCKMAD\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\LOCAL STORAGE\http_fromdoctopdf.dl.myway.com_0.localstorage-journal, Quarantined, [259], [240305],1.0.2731
PUP.Optional.MindSpark, C:\USERS\CHUCKMAD\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\LOCAL STORAGE\http_couponxplorer.dl.tb.ask.com_0.localstorage, Quarantined, [259], [240306],1.0.2731
PUP.Optional.MindSpark, C:\USERS\CHUCKMAD\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\LOCAL STORAGE\http_couponxplorer.dl.tb.ask.com_0.localstorage-journal, Quarantined, [259], [240306],1.0.2731
PUP.Optional.MindSpark, C:\USERS\CHUCKMAD\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\LOCAL STORAGE\http_fromdoctopdf.dl.tb.ask.com_0.localstorage, Quarantined, [259], [240306],1.0.2731
PUP.Optional.MindSpark, C:\USERS\CHUCKMAD\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\LOCAL STORAGE\http_fromdoctopdf.dl.tb.ask.com_0.localstorage-journal, Quarantined, [259], [240306],1.0.2731
 
Physical Sector: 0
(No malicious items detected)
 
 
(end)

 

ZEMANA ANTIMALWARE LOGS

 

Detected Objects
-------------------------------------------------------
 
Proxy Server (User)
Status             : Scanned
Object             : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer
MD5                : -
Publisher          : -
Size               : -
Version            : -
Detection          : Potentially Unwanted Modification
Cleaning Action    : Delete
Related Objects    :
                Registry Entry - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer = 178.23.153.42:8080
 
Fake Internet Explorer Shortcut
Status             : Scanned
Object             : %programdata%\microsoft\windows\start menu\programs\recovery media creator help.lnk
MD5                : 49A9BABC19EEF6FCB221004FEBA92326
Publisher          : -
Size               : 2084
Version            : -
Detection          : Suspicious Browser Setting
Cleaning Action    : Repair
Related Objects    :
                Browser Setting - Fake Internet Explorer Shortcut
                File - %programdata%\microsoft\windows\start menu\programs\recovery media creator help.lnk
 
{19a21d68-025d-4765-9ad8-544726578ffa}
Status             : Scanned
Object             : NE->c:\windows\system32\tasks\{19a21d68-025d-4765-9ad8-544726578ffa}
MD5                : -
Publisher          : -
Size               : -
Version            : -
Detection          : Adware:Win32/CHR.TASKSCHD.GEN.A!Neng
Cleaning Action    : Quarantine
Related Objects    :
                (null) - (null)
 
{cc9055da-59ac-4b82-86ef-a087808f0e36}
Status             : Scanned
Object             : NE->c:\windows\system32\tasks\{cc9055da-59ac-4b82-86ef-a087808f0e36}
MD5                : -
Publisher          : -
Size               : -
Version            : -
Detection          : Adware:Win32/CHR.TASKSCHD.GEN.A!Neng
Cleaning Action    : Quarantine
Related Objects    :
                (null) - (null)
 
 

 

FARBAR LOGS

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 11-09-2017
Ran by SYSTEM (administrator) on CHUCKMAD-TOSH (11-09-2017 22:42:44)
Running from C:\Users\CHUCKMAD\Desktop
Loaded Profiles: CHUCKMAD (Available Profiles: CHUCKMAD & Guest)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE64.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Autodesk, Inc.) C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 18.0.0\avp.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Hagel Technologies Ltd.) C:\Program Files (x86)\DU Meter\DUMeterSvc.exe
(Native Instruments GmbH) C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
(Toshiba Europe GmbH) C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe
(TOSHIBA Corporation) C:\Windows\System32\ThpSrv.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Copyright 2017.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 18.0.0\avpui.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\TecoService.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Intelligent Display Management\TDLPowerCtrl.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Apoint.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\Teco.exe
(TOSHIBA Corporation) C:\Windows\System32\ThpSrv.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApMsgFwd.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
(Toshiba Europe GmbH) C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApntEx.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\hidfind.exe
(Copyright 2017.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
(TOSHIBA) C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\TOPI.exe
(Hagel Technologies Ltd.) C:\Program Files (x86)\DU Meter\DUMeter.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBtMng.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\Sync Utility\TosSyncScheduler.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBtSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosA2dp.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBtHid.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBtAvAC.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBtHSP.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 2.0\ksde.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 2.0\ksdeui.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Copyright 2017.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [] => [X]
HKLM\...\Run: [TDLPowerCtrl] => C:\Program Files\TOSHIBA\TOSHIBA Intelligent Display Management\TDLPowerCtrl.exe [498120 2011-01-24] (TOSHIBA Corporation)
HKLM\...\Run: [Apoint] => C:\Program Files\Apoint2K\Apoint.exe [328048 2011-01-21] (Alps Electric Co., Ltd.)
HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [571304 2010-12-10] (TOSHIBA Corporation)
HKLM\...\Run: [HSON] => C:\Program Files\TOSHIBA\TBS\HSON.exe [296824 2010-09-25] (TOSHIBA Corporation)
HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [973176 2010-12-16] (TOSHIBA Corporation)
HKLM\...\Run: [Teco] => C:\Program Files\TOSHIBA\TECO\Teco.exe [1519016 2011-01-28] (TOSHIBA Corporation)
HKLM\...\Run: [TosSENotify] => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [710040 2010-12-09] (TOSHIBA Corporation)
HKLM\...\Run: [ThpSrv] => C:\windows\system32\thpsrv /logon
HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [711576 2010-12-21] (TOSHIBA Corporation)
HKLM\...\Run: [TosVolRegulator] => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-12] (TOSHIBA Corporation)
HKLM\...\Run: [TosNC] => C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe [597928 2010-12-13] (TOSHIBA Corporation)
HKLM\...\Run: [TosReelTimeMonitor] => C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [38304 2010-12-14] (TOSHIBA Corporation)
HKLM\...\Run: [Toshiba TEMPRO] => C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe [1546720 2011-02-10] (Toshiba Europe GmbH)
HKLM\...\Run: [Toshiba Registration] => C:\Program Files\TOSHIBA\Registration\ToshibaReminder.exe [150992 2011-03-05] (Toshiba Europe GmbH)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [16781824 2017-01-11] (Realtek Semiconductor)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [303928 2017-07-14] (Apple Inc.)
HKLM\...\Run: [ZAM] => C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [15775888 2017-08-09] (Copyright 2017.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-02-05] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [TOSDCR] => C:\Program Files (x86)\TOSHIBA\PasswordUtility\TOSDCR.exe [169296 2007-08-28] ()
HKLM-x32\...\Run: [TWebCamera] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe [2475384 2011-01-17] (TOSHIBA CORPORATION.)
HKLM-x32\...\Run: [ITSecMng] => C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe [83336 2009-07-22] (TOSHIBA CORPORATION)
HKLM-x32\...\Run: [TSleepSrv] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe [252792 2010-06-05] (TOSHIBA)
HKLM-x32\...\Run: [TSUScheduler] => C:\Program Files (x86)\TOSHIBA\Sync Utility\TosSyncScheduler.exe [923000 2010-05-11] (TOSHIBA Corporation)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKU\S-1-5-19\...\Run: [TOPI.EXE] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe [845176 2011-02-18] (TOSHIBA)
HKU\S-1-5-20\...\Run: [TOPI.EXE] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe [845176 2011-02-18] (TOSHIBA)
HKU\S-1-5-21-472345856-2661812082-469964496-1000\...\Run: [TOPI.EXE] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe [845176 2011-02-18] (TOSHIBA)
HKU\S-1-5-21-472345856-2661812082-469964496-1000\...\Run: [DU Meter] => C:\Program Files (x86)\DU Meter\DUMeter.exe [1188752 2009-03-13] (Hagel Technologies Ltd.)
HKU\S-1-5-21-472345856-2661812082-469964496-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-472345856-2661812082-469964496-1000\...\Policies\Explorer: [] 
HKU\S-1-5-21-472345856-2661812082-469964496-1000\...\MountPoints2: {7288d5b5-3e52-11e1-aa42-68a3c42e2ab0} - "E:\WD SmartWare.exe" autoplay=true
HKU\S-1-5-18\...\Run: [TOPI.EXE] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe [845176 2011-02-18] (TOSHIBA)
HKU\S-1-5-18\...\Run: [Autodesk Sync] => C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe [1081224 2013-02-05] (Autodesk, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth Manager.lnk [2015-10-01]
ShortcutTarget: Bluetooth Manager.lnk -> C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk [2011-04-17]
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk [2011-04-17]
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
Startup: C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk [2011-04-17]
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{57A67124-8999-4E57-ABEB-9D8F9CD1124F}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{619C9262-4971-4DEC-890D-609727711787}: [DhcpNameServer] 172.20.10.1
 
Internet Explorer:
==================
HKU\S-1-5-21-472345856-2661812082-469964496-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://toshiba.msn.com
HKU\S-1-5-21-472345856-2661812082-469964496-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://toshiba.msn.com
SearchScopes: HKLM -> DefaultScope {2FEE3B32-2E73-43F8-BB96-9FA006BB95BA} URL = hxxp://www.bing.com/search?q={searchTerms}&form=TSHMDF&pc=MATM&src=IE-SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM -> {2FEE3B32-2E73-43F8-BB96-9FA006BB95BA} URL = hxxp://www.bing.com/search?q={searchTerms}&form=TSHMDF&pc=MATM&src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope {3E9D0279-4DFD-401F-A19E-349F39F43B6C} URL = hxxp://www.bing.com/search?q={searchTerms}&form=TSHMDF&pc=MATM&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> {3E9D0279-4DFD-401F-A19E-349F39F43B6C} URL = hxxp://www.bing.com/search?q={searchTerms}&form=TSHMDF&pc=MATM&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-472345856-2661812082-469964496-1000 -> {3E9D0279-4DFD-401F-A19E-349F39F43B6C} URL = 
SearchScopes: HKU\S-1-5-21-472345856-2661812082-469964496-1000 -> {E5FD8208-CC74-4B8F-8DD0-5B5E4D4E8E14} URL = hxxp://www.bing.com/search?q={searchTerms}&form=TSHMDF&pc=MATM&src=IE-SearchBox
BHO: Kaspersky Protection -> {0E2877D3-2641-4970-B794-A553E295428D} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 18.0.0\x64\IEExt\ie_plugin.dll [2017-08-28] (AO Kaspersky Lab)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Kaspersky Protection -> {0E2877D3-2641-4970-B794-A553E295428D} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 18.0.0\IEExt\ie_plugin.dll [2017-08-28] (AO Kaspersky Lab)
BHO-x32: DivX Plus Web Player HTML5 <video> -> {326E768D-4182-46FD-9C16-1449A49795F4} -> C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll [2011-10-26] (DivX, LLC)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll [2010-11-10] (Microsoft Corporation)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2015-09-24] (Adobe Systems Incorporated)
BHO-x32: Skype Plug-In -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2010-09-27] (Skype Technologies S.A.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: TOSHIBA Media Controller Plug-in -> {F3C88694-EFFA-4d78-B409-54B7B2535B14} -> C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll [2010-12-06] (<TOSHIBA>)
BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2015-09-24] (Adobe Systems Incorporated)
Toolbar: HKLM - Kaspersky Protection Toolbar - {4853DF44-7D6B-48E9-9258-D800EEE54AF6} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 18.0.0\x64\IEExt\ie_plugin.dll [2017-08-28] (AO Kaspersky Lab)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2015-09-24] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Kaspersky Protection Toolbar - {4853DF44-7D6B-48E9-9258-D800EEE54AF6} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 18.0.0\IEExt\ie_plugin.dll [2017-08-28] (AO Kaspersky Lab)
Toolbar: HKU\S-1-5-21-472345856-2661812082-469964496-1000 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2010-09-27] (Skype Technologies S.A.)
 
FireFox:
========
FF HKLM\...\Firefox\Extensions: [light_plugin_448EC0843447455C9DA355B3C2811D6A@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 18.0.0\FFExt\light_plugin_firefox\addon.xpi
FF Extension: (Kaspersky Protection) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 18.0.0\FFExt\light_plugin_firefox\addon.xpi [2017-08-28]
FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: (DivX Plus Web Player HTML5 &video&) - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011-11-18] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: (Adobe Acrobat - Create PDF) - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2017-08-28] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [light_plugin_448EC0843447455C9DA355B3C2811D6A@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 18.0.0\FFExt\light_plugin_firefox\addon.xpi
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_26_0_0_151.dll [2017-09-05] ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2011-06-20] (DivX, LLC.)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_26_0_0_151.dll [2017-09-05] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1229199.dll [2017-03-31] (Adobe Systems, Inc.)
FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll [2011-11-08] (DivX, LLC)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll [2011-06-20] (DivX, LLC.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @RIM.com/WebSLLauncher,version=1.0 -> C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll [2012-12-13] ()
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-27] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-27] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll [2015-09-24] (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-08-01] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-472345856-2661812082-469964496-1000: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\CHUCKMAD\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited)
FF Plugin HKU\S-1-5-21-472345856-2661812082-469964496-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\CHUCKMAD\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-472345856-2661812082-469964496-1000: @talk.google.com/O1DPlugin -> C:\Users\CHUCKMAD\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-472345856-2661812082-469964496-1000: @tools.google.com/Google Update;version=3 -> C:\Users\CHUCKMAD\AppData\Local\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-05-03] (Google Inc.)
FF Plugin HKU\S-1-5-21-472345856-2661812082-469964496-1000: @tools.google.com/Google Update;version=9 -> C:\Users\CHUCKMAD\AppData\Local\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-05-03] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\CHUCKMAD\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\CHUCKMAD\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-12-08] (Google)
 
Chrome: 
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp://toshiba.msn.com/
CHR Profile: C:\Users\CHUCKMAD\AppData\Local\Google\Chrome\User Data\Default [2017-09-11]
CHR Extension: (YouTube) - C:\Users\CHUCKMAD\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-06]
CHR Extension: (Google Search) - C:\Users\CHUCKMAD\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-15]
CHR Extension: (Kaspersky Protection) - C:\Users\CHUCKMAD\AppData\Local\Google\Chrome\User Data\Default\Extensions\mchjnmdbdlkdbfliogedbnpnanfjnolk [2017-08-28]
CHR Extension: (Chrome Web Store Payments) - C:\Users\CHUCKMAD\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-28]
CHR Extension: (DivX Plus Web Player HTML5 <video>) - C:\Users\CHUCKMAD\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm [2011-11-18]
CHR Extension: (Gmail) - C:\Users\CHUCKMAD\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-28]
CHR Extension: (Chrome Media Router) - C:\Users\CHUCKMAD\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-08-11]
CHR HKLM\...\Chrome\Extension: [mchjnmdbdlkdbfliogedbnpnanfjnolk] - hxxps://chrome.google.com/webstore/detail/mchjnmdbdlkdbfliogedbnpnanfjnolk
CHR HKLM-x32\...\Chrome\Extension: [mchjnmdbdlkdbfliogedbnpnanfjnolk] - hxxps://chrome.google.com/webstore/detail/mchjnmdbdlkdbfliogedbnpnanfjnolk
CHR HKLM-x32\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files (x86)\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx [2011-10-26]
StartMenuInternet: Google Chrome - C:\Users\CHUCKMAD\AppData\Local\Google\Chrome\Application\chrome.exe
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 ALG; C:\windows\System32\alg.exe [79360 2009-07-14] (Microsoft Corporation)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2017-04-03] (Apple Inc.)
R2 Autodesk Content Service; C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [12288 2012-12-13] (Autodesk, Inc.) [File not signed]
R2 AVP18.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 18.0.0\avp.exe [354672 2017-01-24] (AO Kaspersky Lab)
R2 DUMeterSvc; C:\Program Files (x86)\DU Meter\DUMeterSvc.exe [566672 2009-03-13] (Hagel Technologies Ltd.) [File not signed]
S3 EFS; C:\windows\System32\lsass.exe [30720 2017-07-07] (Microsoft Corporation)
S3 Fax; C:\windows\system32\fxssvc.exe [689152 2010-11-20] (Microsoft Corporation)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]
S3 IEEtwCollectorService; C:\windows\system32\IEEtwCollector.exe [116224 2017-07-14] (Microsoft Corporation)
R3 KeyIso; C:\windows\system32\lsass.exe [30720 2017-07-07] (Microsoft Corporation)
S3 klvssbridge64_18.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 18.0.0\x64\vssbridge64.exe [426416 2017-08-28] (AO Kaspersky Lab)
R2 KSDE2.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 2.0\ksde.exe [354672 2017-01-24] (AO Kaspersky Lab)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6058960 2017-08-21] (Malwarebytes)
S3 MSDTC; C:\windows\System32\msdtc.exe [141824 2009-07-14] (Microsoft Corporation)
S3 msiserver; C:\windows\System32\msiexec.exe [128512 2016-11-09] (Microsoft Corporation)
S3 msiserver; C:\windows\SysWOW64\msiexec.exe [73216 2016-11-09] (Microsoft Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2009-05-14] (Hewlett-Packard) [File not signed]
S3 Netlogon; C:\windows\system32\lsass.exe [30720 2017-07-07] (Microsoft Corporation)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2009-05-14] (Hewlett-Packard) [File not signed]
S3 ProtectedStorage; C:\windows\system32\lsass.exe [30720 2017-07-07] (Microsoft Corporation)
S3 RpcLocator; C:\windows\system32\locator.exe [10240 2009-07-14] (Microsoft Corporation)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [320512 2017-01-11] (Realtek Semiconductor)
R2 SamSs; C:\windows\system32\lsass.exe [30720 2017-07-07] (Microsoft Corporation)
S3 SNMPTRAP; C:\windows\System32\snmptrap.exe [14336 2009-07-14] (Microsoft Corporation)
R2 Spooler; C:\windows\System32\spoolsv.exe [559104 2012-02-11] (Microsoft Corporation)
S2 sppsvc; C:\windows\system32\sppsvc.exe [3524608 2010-11-20] (Microsoft Corporation)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 TemproMonitoringService; C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [112080 2011-02-10] (Toshiba Europe GmbH)
R2 Thpsrv; C:\windows\system32\ThpSrv.exe [526848 2010-12-25] (TOSHIBA Corporation) [File not signed]
S3 UI0Detect; C:\windows\system32\UI0Detect.exe [40960 2009-07-14] (Microsoft Corporation)
S3 VaultSvc; C:\windows\system32\lsass.exe [30720 2017-07-07] (Microsoft Corporation)
S3 vds; C:\windows\System32\vds.exe [533504 2010-11-20] (Microsoft Corporation)
S3 VSS; C:\windows\system32\vssvc.exe [1600512 2010-11-20] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 WSearch; C:\windows\system32\SearchIndexer.exe [591872 2017-07-14] (Microsoft Corporation)
R2 WSearch; C:\windows\SysWOW64\SearchIndexer.exe [427520 2017-07-14] (Microsoft Corporation)
R2 ZAMSvc; C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [15775888 2017-08-09] (Copyright 2017.)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R0 cm_km; C:\windows\System32\DRIVERS\cm_km.sys [247008 2016-12-26] (AO Kaspersky Lab)
R3 DUMeterDrv; C:\Program Files (x86)\DU Meter\DUMETR64.SYS [20840 2011-09-12] (Hagel Technologies Ltd.)
R1 ESProtectionDriver; C:\windows\system32\drivers\mbae64.sys [77440 2017-08-24] ()
S3 hitmanpro37; C:\windows\system32\drivers\hitmanpro37.sys [55232 2017-09-06] ()
R0 kl1; C:\windows\System32\DRIVERS\kl1.sys [554408 2016-10-01] (AO Kaspersky Lab)
R0 klbackupdisk; C:\windows\System32\DRIVERS\klbackupdisk.sys [70880 2016-12-22] (AO Kaspersky Lab)
R1 klbackupflt; C:\windows\System32\DRIVERS\klbackupflt.sys [86240 2016-12-27] (AO Kaspersky Lab)
R2 kldisk; C:\windows\System32\DRIVERS\kldisk.sys [78216 2016-05-31] (AO Kaspersky Lab)
R3 klflt; C:\windows\System32\DRIVERS\klflt.sys [206048 2017-08-28] (AO Kaspersky Lab)
R1 klhk; C:\windows\System32\DRIVERS\klhk.sys [317424 2017-08-28] (AO Kaspersky Lab)
R1 KLIF; C:\windows\System32\DRIVERS\klif.sys [1071328 2017-08-28] (AO Kaspersky Lab)
R1 KLIM6; C:\windows\System32\DRIVERS\klim6.sys [57936 2016-10-11] (AO Kaspersky Lab)
R3 klkbdflt; C:\windows\System32\DRIVERS\klkbdflt.sys [57568 2016-12-23] (AO Kaspersky Lab)
R3 klmouflt; C:\windows\System32\DRIVERS\klmouflt.sys [58592 2016-12-07] (AO Kaspersky Lab)
R1 klpd; C:\windows\System32\DRIVERS\klpd.sys [50672 2017-06-20] (AO Kaspersky Lab)
R3 kltap; C:\windows\System32\DRIVERS\kltap.sys [52152 2016-06-07] (The OpenVPN Project)
R1 kltdi; C:\windows\System32\DRIVERS\kltdi.sys [81904 2017-06-20] (AO Kaspersky Lab)
R1 Klwtp; C:\windows\System32\DRIVERS\klwtp.sys [137200 2017-06-20] (AO Kaspersky Lab)
R1 kneps; C:\windows\System32\DRIVERS\kneps.sys [199360 2017-06-20] (AO Kaspersky Lab)
R2 MBAMChameleon; C:\windows\system32\drivers\MBAMChameleon.sys [192960 2017-09-11] (Malwarebytes)
R3 MBAMProtection; C:\windows\system32\drivers\mbam.sys [45472 2017-09-11] (Malwarebytes)
R0 MBAMSwissArmy; C:\windows\System32\drivers\MBAMSwissArmy.sys [253888 2017-09-11] (Malwarebytes)
R3 MBAMWebProtection; C:\windows\system32\drivers\mwac.sys [84256 2017-09-11] (Malwarebytes)
S3 niks2m2audio; C:\windows\System32\Drivers\niks2m2audio.sys [382408 2015-09-04] (Native Instruments GmbH)
S3 niks2m2usb; C:\windows\System32\DRIVERS\niks2m2usb.sys [99712 2015-09-04] (Native Instruments GmbH)
R3 NIWinCDEmu; C:\windows\System32\DRIVERS\NIWinCDEmu.sys [112408 2015-08-24] ()
S3 RimUsb; C:\windows\System32\Drivers\RimUsb_AMD64.sys [74752 2011-07-25] (Research In Motion Limited)
R3 RimVSerPort; C:\windows\System32\DRIVERS\RimSerial_AMD64.sys [44032 2011-07-20] (Research in Motion Ltd)
R1 ZAM; C:\windows\System32\drivers\zam64.sys [203680 2017-09-06] (Zemana Ltd.)
R1 ZAM_Guard; C:\windows\System32\drivers\zamguard64.sys [203680 2017-09-06] (Zemana Ltd.)
S3 MFE_RR; \??\C:\Users\CHUCKMAD\AppData\Local\Temp\mfe_rr.sys [X] <==== ATTENTION
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-09-11 22:49 - 2017-09-11 22:49 - 000000000 ____D C:\Users\CHUCKMAD\AppData\Local\CrashDumps
2017-09-11 22:42 - 2017-09-11 22:52 - 000032628 _____ C:\Users\CHUCKMAD\Desktop\FRST.txt
2017-09-11 22:41 - 2017-09-11 22:42 - 000000000 ____D C:\FRST
2017-09-11 22:41 - 2017-09-11 22:41 - 000000000 ____D C:\Users\CHUCKMAD\Desktop\FRST-OlderVersion
2017-09-11 22:40 - 2017-09-11 22:41 - 002397184 _____ (Farbar) C:\Users\CHUCKMAD\Desktop\FRST64.exe
2017-09-11 20:03 - 2017-09-11 20:03 - 000000000 ____D C:\Users\CHUCKMAD\AppData\Local\Western Digital
2017-09-08 02:51 - 2017-09-11 19:52 - 000172776 _____ C:\windows\ntbtlog.txt
2017-09-08 01:36 - 2017-09-08 02:52 - 000000000 ____D C:\NPE
2017-09-08 01:31 - 2017-09-08 03:11 - 000000000 ____D C:\Users\CHUCKMAD\AppData\Local\NPE
2017-09-08 01:31 - 2017-09-08 01:31 - 000000000 ____D C:\ProgramData\Norton
2017-09-07 22:22 - 2017-09-08 01:31 - 000000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2017-09-07 22:20 - 2017-09-08 01:31 - 000000000 ____D C:\Users\CHUCKMAD\Desktop\mbar
2017-09-07 16:43 - 2017-09-07 16:43 - 000000000 ____D C:\Users\CHUCKMAD\Desktop\voicerecording
2017-09-06 22:39 - 2017-09-06 22:39 - 000010752 _____ C:\Users\CHUCKMAD\Documents\DU Meter Report.xls
2017-09-06 21:26 - 2017-09-11 22:51 - 000615160 _____ C:\windows\ZAM.krnl.trace
2017-09-06 21:26 - 2017-09-11 22:49 - 000095049 _____ C:\windows\ZAM_Guard.krnl.trace
2017-09-06 21:26 - 2017-09-06 21:26 - 000203680 _____ (Zemana Ltd.) C:\windows\system32\Drivers\zamguard64.sys
2017-09-06 21:26 - 2017-09-06 21:26 - 000203680 _____ (Zemana Ltd.) C:\windows\system32\Drivers\zam64.sys
2017-09-06 21:26 - 2017-09-06 21:26 - 000001119 _____ C:\Users\Public\Desktop\Zemana AntiMalware.lnk
2017-09-06 21:26 - 2017-09-06 21:26 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiMalware
2017-09-06 21:26 - 2017-09-06 21:26 - 000000000 ____D C:\Program Files (x86)\Zemana AntiMalware
2017-09-06 20:23 - 2017-09-06 20:23 - 000055232 _____ C:\windows\system32\Drivers\hitmanpro37.sys
2017-09-06 20:01 - 2017-09-06 20:01 - 000000000 ____D C:\Users\CHUCKMAD\AppData\Local\Zemana
2017-09-06 19:32 - 2017-09-06 19:32 - 000012872 _____ (SurfRight B.V.) C:\windows\system32\bootdelete.exe
2017-09-06 18:48 - 2017-09-06 19:35 - 000000000 ____D C:\ProgramData\HitmanPro
2017-09-06 18:48 - 2017-09-06 18:48 - 000000000 ____D C:\Program Files\HitmanPro
2017-09-06 02:42 - 2017-09-06 02:42 - 003923576 _____ (Google) C:\Users\CHUCKMAD\Downloads\chrome_cleanup_tool.exe
2017-09-05 20:01 - 2017-09-11 21:15 - 000084256 _____ (Malwarebytes) C:\windows\system32\Drivers\mwac.sys
2017-09-05 20:01 - 2017-09-11 19:45 - 000192960 _____ (Malwarebytes) C:\windows\system32\Drivers\MBAMChameleon.sys
2017-09-05 20:00 - 2017-09-11 20:14 - 000253888 _____ (Malwarebytes) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2017-09-05 20:00 - 2017-09-11 20:14 - 000045472 _____ (Malwarebytes) C:\windows\system32\Drivers\mbam.sys
2017-09-05 19:59 - 2017-09-07 22:23 - 000000000 ____D C:\ProgramData\Malwarebytes
2017-09-05 19:59 - 2017-09-05 19:59 - 000001878 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-09-05 19:59 - 2017-09-05 19:59 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-09-05 19:59 - 2017-09-05 19:59 - 000000000 ____D C:\Program Files\Malwarebytes
2017-09-05 19:59 - 2017-08-24 11:27 - 000077440 _____ C:\windows\system32\Drivers\mbae64.sys
2017-09-05 19:44 - 2017-09-05 19:45 - 000004324 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater
2017-09-01 18:01 - 2017-09-01 18:01 - 000001203 _____ C:\Users\Public\Desktop\SFV Checker.lnk
2017-09-01 18:01 - 2017-09-01 18:01 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Traction Software
2017-09-01 18:01 - 2017-09-01 18:01 - 000000000 ____D C:\Program Files (x86)\Traction Software
2017-09-01 17:58 - 2017-09-01 17:59 - 000339968 _____ (Mercedes) C:\Users\CHUCKMAD\Downloads\qsfv236.exe
2017-09-01 17:57 - 2017-09-01 17:58 - 005577872 _____ C:\Users\CHUCKMAD\Downloads\SFVCheckerInstall.exe
2017-08-28 22:39 - 2017-08-28 22:39 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Secure Connection
2017-08-28 22:39 - 2017-08-28 22:38 - 000001207 _____ C:\Users\Public\Desktop\Kaspersky Secure Connection.lnk
2017-08-28 22:36 - 2017-08-28 22:36 - 000003032 _____ C:\windows\System32\Tasks\Kaspersky_Upgrade_Launcher_{278ADC42-419D-4547-A6CA-5B74BE0AD901}
2017-08-28 22:36 - 2017-08-28 22:36 - 000000000 ____D C:\Program Files\Common Files\AV
2017-08-28 22:34 - 2017-08-28 22:34 - 000002121 _____ C:\Users\Public\Desktop\Safe Money.lnk
2017-08-28 22:34 - 2017-08-28 22:34 - 000002103 _____ C:\Users\Public\Desktop\Kaspersky Internet Security.lnk
2017-08-28 22:34 - 2017-08-28 22:34 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security
2017-08-28 22:32 - 2013-05-06 08:13 - 000110176 _____ (Kaspersky Lab ZAO) C:\windows\system32\klfphc.dll
2017-08-28 22:30 - 2017-09-11 21:02 - 000000000 ____D C:\ProgramData\Kaspersky Lab
2017-08-28 22:30 - 2017-08-28 22:49 - 001071328 _____ (AO Kaspersky Lab) C:\windows\system32\Drivers\klif.sys
2017-08-28 22:30 - 2017-08-28 22:49 - 000206048 _____ (AO Kaspersky Lab) C:\windows\system32\Drivers\klflt.sys
2017-08-28 22:30 - 2017-08-28 22:37 - 000000000 ____D C:\Program Files (x86)\Kaspersky Lab
2017-08-28 22:30 - 2017-08-28 22:30 - 000317424 _____ (AO Kaspersky Lab) C:\windows\system32\Drivers\klhk.sys
2017-08-28 22:30 - 2017-08-28 22:30 - 000149584 _____ (AO Kaspersky Lab) C:\windows\system32\klhkum.dll
2017-08-28 22:17 - 2016-07-22 17:58 - 000142336 _____ (Microsoft Corporation) C:\windows\system32\poqexec.exe
2017-08-28 22:17 - 2016-07-22 17:51 - 000123904 _____ (Microsoft Corporation) C:\windows\SysWOW64\poqexec.exe
2017-08-28 21:51 - 2017-08-28 21:54 - 152682264 _____ (Microsoft Corporation) C:\Users\CHUCKMAD\Downloads\msert.exe
2017-08-28 20:58 - 2017-08-28 20:58 - 002346160 _____ (Kaspersky Lab) C:\Users\CHUCKMAD\Downloads\kis18.0.0.405aben_12561.exe
2017-08-17 22:06 - 2017-07-29 17:56 - 000117248 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tdx.sys
2017-08-17 22:06 - 2017-07-21 17:26 - 000518144 _____ C:\windows\SysWOW64\msjetoledb40.dll
2017-08-17 22:06 - 2017-07-21 17:26 - 000409600 _____ (Microsoft Corporation) C:\windows\SysWOW64\msexch40.dll
2017-08-17 22:06 - 2017-07-21 17:26 - 000290816 _____ (Microsoft Corporation) C:\windows\SysWOW64\msjtes40.dll
2017-08-17 22:06 - 2017-07-21 17:26 - 000282624 _____ (Microsoft Corporation) C:\windows\SysWOW64\mstext40.dll
2017-08-17 22:06 - 2017-07-15 21:35 - 000394448 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2017-08-17 22:06 - 2017-07-15 20:52 - 000346320 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2017-08-17 22:06 - 2017-07-14 18:29 - 002319872 _____ (Microsoft Corporation) C:\windows\system32\tquery.dll
2017-08-17 22:06 - 2017-07-14 18:29 - 002222080 _____ (Microsoft Corporation) C:\windows\system32\mssrch.dll
2017-08-17 22:06 - 2017-07-14 18:29 - 002058240 _____ (Microsoft Corporation) C:\windows\system32\Query.dll
2017-08-17 22:06 - 2017-07-14 18:29 - 000778240 _____ (Microsoft Corporation) C:\windows\system32\mssvp.dll
2017-08-17 22:06 - 2017-07-14 18:29 - 000491520 _____ (Microsoft Corporation) C:\windows\system32\mssph.dll
2017-08-17 22:06 - 2017-07-14 18:29 - 000486400 _____ (Microsoft Corporation) C:\windows\system32\wer.dll
2017-08-17 22:06 - 2017-07-14 18:29 - 000288256 _____ (Microsoft Corporation) C:\windows\system32\mssphtb.dll
2017-08-17 22:06 - 2017-07-14 18:29 - 000115200 _____ (Microsoft Corporation) C:\windows\system32\mssitlb.dll
2017-08-17 22:06 - 2017-07-14 18:29 - 000099840 _____ (Microsoft Corporation) C:\windows\system32\mssprxy.dll
2017-08-17 22:06 - 2017-07-14 18:29 - 000075264 _____ (Microsoft Corporation) C:\windows\system32\msscntrs.dll
2017-08-17 22:06 - 2017-07-14 18:29 - 000034304 _____ (Microsoft Corporation) C:\windows\system32\werdiagcontroller.dll
2017-08-17 22:06 - 2017-07-14 18:29 - 000014336 _____ (Microsoft Corporation) C:\windows\system32\msshooks.dll
2017-08-17 22:06 - 2017-07-14 18:12 - 000591872 _____ (Microsoft Corporation) C:\windows\system32\SearchIndexer.exe
2017-08-17 22:06 - 2017-07-14 18:12 - 000249856 _____ (Microsoft Corporation) C:\windows\system32\SearchProtocolHost.exe
2017-08-17 22:06 - 2017-07-14 18:11 - 000113664 _____ (Microsoft Corporation) C:\windows\system32\SearchFilterHost.exe
2017-08-17 22:06 - 2017-07-14 18:10 - 001549824 _____ (Microsoft Corporation) C:\windows\SysWOW64\tquery.dll
2017-08-17 22:06 - 2017-07-14 18:10 - 001400320 _____ (Microsoft Corporation) C:\windows\SysWOW64\mssrch.dll
2017-08-17 22:06 - 2017-07-14 18:10 - 001363968 _____ (Microsoft Corporation) C:\windows\SysWOW64\Query.dll
2017-08-17 22:06 - 2017-07-14 18:10 - 000666624 _____ (Microsoft Corporation) C:\windows\SysWOW64\mssvp.dll
2017-08-17 22:06 - 2017-07-14 18:10 - 000382976 _____ (Microsoft Corporation) C:\windows\SysWOW64\wer.dll
2017-08-17 22:06 - 2017-07-14 18:10 - 000337408 _____ (Microsoft Corporation) C:\windows\SysWOW64\mssph.dll
2017-08-17 22:06 - 2017-07-14 18:10 - 000197120 _____ (Microsoft Corporation) C:\windows\SysWOW64\mssphtb.dll
2017-08-17 22:06 - 2017-07-14 18:10 - 000104448 _____ (Microsoft Corporation) C:\windows\SysWOW64\mssitlb.dll
2017-08-17 22:06 - 2017-07-14 18:10 - 000059392 _____ (Microsoft Corporation) C:\windows\SysWOW64\msscntrs.dll
2017-08-17 22:06 - 2017-07-14 18:10 - 000034816 _____ (Microsoft Corporation) C:\windows\SysWOW64\mssprxy.dll
2017-08-17 22:06 - 2017-07-14 18:00 - 000427520 _____ (Microsoft Corporation) C:\windows\SysWOW64\SearchIndexer.exe
2017-08-17 22:06 - 2017-07-14 18:00 - 000164352 _____ (Microsoft Corporation) C:\windows\SysWOW64\SearchProtocolHost.exe
2017-08-17 22:06 - 2017-07-14 17:59 - 000086528 _____ (Microsoft Corporation) C:\windows\SysWOW64\SearchFilterHost.exe
2017-08-17 22:06 - 2017-07-14 17:59 - 000009728 _____ (Microsoft Corporation) C:\windows\SysWOW64\msshooks.dll
2017-08-17 22:06 - 2017-07-14 17:57 - 000050688 _____ (Microsoft Corporation) C:\windows\system32\wermgr.exe
2017-08-17 22:06 - 2017-07-14 17:50 - 000054272 _____ (Microsoft Corporation) C:\windows\SysWOW64\wermgr.exe
2017-08-17 22:06 - 2017-07-14 17:50 - 000028672 _____ (Microsoft Corporation) C:\windows\SysWOW64\werdiagcontroller.dll
2017-08-17 22:06 - 2017-07-14 10:16 - 002724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2017-08-17 22:06 - 2017-07-14 10:15 - 000004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2017-08-17 22:06 - 2017-07-14 09:49 - 025733632 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2017-08-17 22:06 - 2017-07-14 09:47 - 000066560 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2017-08-17 22:06 - 2017-07-14 09:45 - 000417792 _____ (Microsoft Corporation) C:\windows\system32\html.iec
2017-08-17 22:06 - 2017-07-14 09:45 - 000048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2017-08-17 22:06 - 2017-07-14 09:44 - 000576512 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2017-08-17 22:06 - 2017-07-14 09:44 - 000088064 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2017-08-17 22:06 - 2017-07-14 09:38 - 002899456 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2017-08-17 22:06 - 2017-07-14 09:29 - 000054784 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2017-08-17 22:06 - 2017-07-14 09:28 - 000034304 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2017-08-17 22:06 - 2017-07-14 09:22 - 000615936 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2017-08-17 22:06 - 2017-07-14 09:20 - 000144384 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2017-08-17 22:06 - 2017-07-14 09:20 - 000116224 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2017-08-17 22:06 - 2017-07-14 09:19 - 000817664 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2017-08-17 22:06 - 2017-07-14 09:19 - 000814080 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2017-08-17 22:06 - 2017-07-14 09:08 - 000968704 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2017-08-17 22:06 - 2017-07-14 09:02 - 000489984 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2017-08-17 22:06 - 2017-07-14 08:49 - 000077824 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2017-08-17 22:06 - 2017-07-14 08:48 - 000087552 _____ (Microsoft Corporation) C:\windows\system32\tdc.ocx
2017-08-17 22:06 - 2017-07-14 08:47 - 000107520 _____ (Microsoft Corporation) C:\windows\system32\inseng.dll
2017-08-17 22:06 - 2017-07-14 08:42 - 000199680 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2017-08-17 22:06 - 2017-07-14 08:40 - 000092160 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2017-08-17 22:06 - 2017-07-14 08:35 - 005981184 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2017-08-17 22:06 - 2017-07-14 08:35 - 000315392 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2017-08-17 22:06 - 2017-07-14 08:33 - 000152064 _____ (Microsoft Corporation) C:\windows\system32\occache.dll
2017-08-17 22:06 - 2017-07-14 08:16 - 000262144 _____ (Microsoft Corporation) C:\windows\system32\webcheck.dll
2017-08-17 22:06 - 2017-07-14 08:11 - 000725504 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2017-08-17 22:06 - 2017-07-14 08:10 - 000806912 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2017-08-17 22:06 - 2017-07-14 08:09 - 002132992 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2017-08-17 22:06 - 2017-07-14 08:09 - 001359360 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2017-08-17 22:06 - 2017-07-14 07:40 - 015254016 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2017-08-17 22:06 - 2017-07-14 07:23 - 003240960 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2017-08-17 22:06 - 2017-07-14 07:07 - 001545728 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2017-08-17 22:06 - 2017-07-14 06:58 - 000800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2017-08-17 22:06 - 2017-07-14 06:01 - 002724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2017-08-17 22:06 - 2017-07-14 05:54 - 020270080 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2017-08-17 22:06 - 2017-07-14 05:48 - 000499200 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2017-08-17 22:06 - 2017-07-14 05:48 - 000341504 _____ (Microsoft Corporation) C:\windows\SysWOW64\html.iec
2017-08-17 22:06 - 2017-07-14 05:48 - 000062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2017-08-17 22:06 - 2017-07-14 05:48 - 000047616 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2017-08-17 22:06 - 2017-07-14 05:47 - 000064000 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2017-08-17 22:06 - 2017-07-14 05:44 - 002290176 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2017-08-17 22:06 - 2017-07-14 05:42 - 000047104 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2017-08-17 22:06 - 2017-07-14 05:41 - 000030720 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2017-08-17 22:06 - 2017-07-14 05:39 - 000476160 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2017-08-17 22:06 - 2017-07-14 05:38 - 000663552 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2017-08-17 22:06 - 2017-07-14 05:38 - 000620032 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2017-08-17 22:06 - 2017-07-14 05:38 - 000115712 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2017-08-17 22:06 - 2017-07-14 05:30 - 000416256 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2017-08-17 22:06 - 2017-07-14 05:26 - 000060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2017-08-17 22:06 - 2017-07-14 05:25 - 000091136 _____ (Microsoft Corporation) C:\windows\SysWOW64\inseng.dll
2017-08-17 22:06 - 2017-07-14 05:25 - 000073216 _____ (Microsoft Corporation) C:\windows\SysWOW64\tdc.ocx
2017-08-17 22:06 - 2017-07-14 05:23 - 000168960 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2017-08-17 22:06 - 2017-07-14 05:22 - 000076288 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2017-08-17 22:06 - 2017-07-14 05:21 - 000279040 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2017-08-17 22:06 - 2017-07-14 05:20 - 000130048 _____ (Microsoft Corporation) C:\windows\SysWOW64\occache.dll
2017-08-17 22:06 - 2017-07-14 05:17 - 004546048 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2017-08-17 22:06 - 2017-07-14 05:13 - 000230400 _____ (Microsoft Corporation) C:\windows\SysWOW64\webcheck.dll
2017-08-17 22:06 - 2017-07-14 05:12 - 000693248 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2017-08-17 22:06 - 2017-07-14 05:11 - 002057216 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2017-08-17 22:06 - 2017-07-14 05:11 - 001155072 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2017-08-17 22:06 - 2017-07-14 05:09 - 013663744 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2017-08-17 22:06 - 2017-07-14 04:53 - 002767872 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2017-08-17 22:06 - 2017-07-14 04:50 - 001314816 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2017-08-17 22:06 - 2017-07-14 04:48 - 000710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2017-08-17 22:06 - 2017-07-08 18:34 - 000370920 _____ (Microsoft Corporation) C:\windows\system32\clfs.sys
2017-08-17 22:06 - 2017-07-08 18:00 - 003224064 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2017-08-17 22:06 - 2017-07-07 18:37 - 000631176 _____ (Microsoft Corporation) C:\windows\system32\winresume.efi
2017-08-17 22:06 - 2017-07-07 18:33 - 005547752 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2017-08-17 22:06 - 2017-07-07 18:33 - 000706792 _____ (Microsoft Corporation) C:\windows\system32\winload.efi
2017-08-17 22:06 - 2017-07-07 18:33 - 000363752 _____ (Microsoft Corporation) C:\windows\system32\Drivers\volmgrx.sys
2017-08-17 22:06 - 2017-07-07 18:33 - 000154856 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2017-08-17 22:06 - 2017-07-07 18:33 - 000095464 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys
2017-08-17 22:06 - 2017-07-07 18:31 - 001732864 _____ (Microsoft Corporation) C:\windows\system32\ntdll.dll
2017-08-17 22:06 - 2017-07-07 18:29 - 001460736 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2017-08-17 22:06 - 2017-07-07 18:29 - 001212928 _____ (Microsoft Corporation) C:\windows\system32\rpcrt4.dll
2017-08-17 22:06 - 2017-07-07 18:29 - 001163264 _____ (Microsoft Corporation) C:\windows\system32\kernel32.dll
2017-08-17 22:06 - 2017-07-07 18:29 - 000880640 _____ (Microsoft Corporation) C:\windows\system32\advapi32.dll
2017-08-17 22:06 - 2017-07-07 18:29 - 000731648 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2017-08-17 22:06 - 2017-07-07 18:29 - 000690688 _____ (Microsoft Corporation) C:\windows\system32\adtschema.dll
2017-08-17 22:06 - 2017-07-07 18:29 - 000503808 _____ (Microsoft Corporation) C:\windows\system32\srcore.dll
2017-08-17 22:06 - 2017-07-07 18:29 - 000463872 _____ (Microsoft Corporation) C:\windows\system32\certcli.dll
2017-08-17 22:06 - 2017-07-07 18:29 - 000419840 _____ (Microsoft Corporation) C:\windows\system32\KernelBase.dll
2017-08-17 22:06 - 2017-07-07 18:29 - 000362496 _____ (Microsoft Corporation) C:\windows\system32\wow64win.dll
2017-08-17 22:06 - 2017-07-07 18:29 - 000345600 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2017-08-17 22:06 - 2017-07-07 18:29 - 000316928 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2017-08-17 22:06 - 2017-07-07 18:29 - 000312320 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
2017-08-17 22:06 - 2017-07-07 18:29 - 000243712 _____ (Microsoft Corporation) C:\windows\system32\wow64.dll
2017-08-17 22:06 - 2017-07-07 18:29 - 000215552 _____ (Microsoft Corporation) C:\windows\system32\winsrv.dll
2017-08-17 22:06 - 2017-07-07 18:29 - 000210432 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
2017-08-17 22:06 - 2017-07-07 18:29 - 000190464 _____ (Microsoft Corporation) C:\windows\system32\rpchttp.dll
2017-08-17 22:06 - 2017-07-07 18:29 - 000149504 _____ (Microsoft Corporation) C:\windows\system32\t2embed.dll
2017-08-17 22:06 - 2017-07-07 18:29 - 000146432 _____ (Microsoft Corporation) C:\windows\system32\msaudite.dll
2017-08-17 22:06 - 2017-07-07 18:29 - 000135680 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll
2017-08-17 22:06 - 2017-07-07 18:29 - 000123904 _____ (Microsoft Corporation) C:\windows\system32\bcrypt.dll
2017-08-17 22:06 - 2017-07-07 18:29 - 000086528 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2017-08-17 22:06 - 2017-07-07 18:29 - 000063488 _____ (Microsoft Corporation) C:\windows\system32\setbcdlocale.dll
2017-08-17 22:06 - 2017-07-07 18:29 - 000060416 _____ (Microsoft Corporation) C:\windows\system32\msobjs.dll
2017-08-17 22:06 - 2017-07-07 18:29 - 000059904 _____ (Microsoft Corporation) C:\windows\system32\appidapi.dll
2017-08-17 22:06 - 2017-07-07 18:29 - 000050176 _____ (Microsoft Corporation) C:\windows\system32\srclient.dll
2017-08-17 22:06 - 2017-07-07 18:29 - 000044032 _____ (Microsoft Corporation) C:\windows\system32\csrsrv.dll
2017-08-17 22:06 - 2017-07-07 18:29 - 000043520 _____ (Microsoft Corporation) C:\windows\system32\cryptbase.dll
2017-08-17 22:06 - 2017-07-07 18:29 - 000034816 _____ (Microsoft Corporation) C:\windows\system32\appidsvc.dll
2017-08-17 22:06 - 2017-07-07 18:29 - 000028672 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll
2017-08-17 22:06 - 2017-07-07 18:29 - 000028160 _____ (Microsoft Corporation) C:\windows\system32\secur32.dll
2017-08-17 22:06 - 2017-07-07 18:29 - 000022016 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2017-08-17 22:06 - 2017-07-07 18:29 - 000016384 _____ (Microsoft Corporation) C:\windows\system32\ntvdm64.dll
2017-08-17 22:06 - 2017-07-07 18:29 - 000013312 _____ (Microsoft Corporation) C:\windows\system32\wow64cpu.dll
2017-08-17 22:06 - 2017-07-07 18:29 - 000006656 _____ (Microsoft Corporation) C:\windows\system32\apisetschema.dll
2017-08-17 22:06 - 2017-07-07 18:29 - 000006144 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2017-08-17 22:06 - 2017-07-07 18:29 - 000005120 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2017-08-17 22:06 - 2017-07-07 18:29 - 000004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2017-08-17 22:06 - 2017-07-07 18:29 - 000004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2017-08-17 22:06 - 2017-07-07 18:29 - 000004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2017-08-17 22:06 - 2017-07-07 18:29 - 000004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2017-08-17 22:06 - 2017-07-07 18:29 - 000004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2017-08-17 22:06 - 2017-07-07 18:29 - 000004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2017-08-17 22:06 - 2017-07-07 18:29 - 000003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2017-08-17 22:06 - 2017-07-07 18:29 - 000003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2017-08-17 22:06 - 2017-07-07 18:29 - 000003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2017-08-17 22:06 - 2017-07-07 18:29 - 000003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2017-08-17 22:06 - 2017-07-07 18:29 - 000003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2017-08-17 22:06 - 2017-07-07 18:29 - 000003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2017-08-17 22:06 - 2017-07-07 18:29 - 000003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2017-08-17 22:06 - 2017-07-07 18:29 - 000003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2017-08-17 22:06 - 2017-07-07 18:29 - 000003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2017-08-17 22:06 - 2017-07-07 18:29 - 000003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2017-08-17 22:06 - 2017-07-07 18:29 - 000003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2017-08-17 22:06 - 2017-07-07 18:29 - 000003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2017-08-17 22:06 - 2017-07-07 18:29 - 000003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2017-08-17 22:06 - 2017-07-07 18:29 - 000003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2017-08-17 22:06 - 2017-07-07 18:29 - 000003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2017-08-17 22:06 - 2017-07-07 18:29 - 000003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2017-08-17 22:06 - 2017-07-07 18:29 - 000003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2017-08-17 22:06 - 2017-07-07 18:29 - 000003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2017-08-17 22:06 - 2017-07-07 18:29 - 000003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2017-08-17 22:06 - 2017-07-07 18:29 - 000003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2017-08-17 22:06 - 2017-07-07 18:15 - 004001000 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntkrnlpa.exe
2017-08-17 22:06 - 2017-07-07 18:15 - 003945192 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntoskrnl.exe
2017-08-17 22:06 - 2017-07-07 18:13 - 001314112 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntdll.dll
2017-08-17 22:06 - 2017-07-07 18:11 - 001114112 _____ (Microsoft Corporation) C:\windows\SysWOW64\kernel32.dll
2017-08-17 22:06 - 2017-07-07 18:11 - 000666112 _____ (Microsoft Corporation) C:\windows\SysWOW64\rpcrt4.dll
2017-08-17 22:06 - 2017-07-07 18:11 - 000275456 _____ (Microsoft Corporation) C:\windows\SysWOW64\KernelBase.dll
2017-08-17 22:06 - 2017-07-07 18:11 - 000261120 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll
2017-08-17 22:06 - 2017-07-07 18:11 - 000254464 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2017-08-17 22:06 - 2017-07-07 18:11 - 000223232 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncrypt.dll
2017-08-17 22:06 - 2017-07-07 18:11 - 000172032 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdigest.dll
2017-08-17 22:06 - 2017-07-07 18:11 - 000141312 _____ (Microsoft Corporation) C:\windows\SysWOW64\rpchttp.dll
2017-08-17 22:06 - 2017-07-07 18:11 - 000109568 _____ (Microsoft Corporation) C:\windows\SysWOW64\t2embed.dll
2017-08-17 22:06 - 2017-07-07 18:11 - 000096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll
2017-08-17 22:06 - 2017-07-07 18:11 - 000082944 _____ (Microsoft Corporation) C:\windows\SysWOW64\bcrypt.dll
2017-08-17 22:06 - 2017-07-07 18:11 - 000065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll
2017-08-17 22:06 - 2017-07-07 18:11 - 000043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\srclient.dll
2017-08-17 22:06 - 2017-07-07 18:11 - 000022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll
2017-08-17 22:06 - 2017-07-07 18:11 - 000005120 _____ (Microsoft Corporation) C:\windows\SysWOW64\wow32.dll
2017-08-17 22:06 - 2017-07-07 18:10 - 000690688 _____ (Microsoft Corporation) C:\windows\SysWOW64\adtschema.dll
2017-08-17 22:06 - 2017-07-07 18:10 - 000644096 _____ (Microsoft Corporation) C:\windows\SysWOW64\advapi32.dll
2017-08-17 22:06 - 2017-07-07 18:10 - 000554496 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2017-08-17 22:06 - 2017-07-07 18:10 - 000342528 _____ (Microsoft Corporation) C:\windows\SysWOW64\certcli.dll
2017-08-17 22:06 - 2017-07-07 18:10 - 000146432 _____ (Microsoft Corporation) C:\windows\SysWOW64\msaudite.dll
2017-08-17 22:06 - 2017-07-07 18:10 - 000060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\msobjs.dll
2017-08-17 22:06 - 2017-07-07 18:10 - 000050688 _____ (Microsoft Corporation) C:\windows\SysWOW64\appidapi.dll
2017-08-17 22:06 - 2017-07-07 18:10 - 000017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll
2017-08-17 22:06 - 2017-07-07 18:10 - 000006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\apisetschema.dll
2017-08-17 22:06 - 2017-07-07 18:10 - 000005120 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2017-08-17 22:06 - 2017-07-07 18:10 - 000004608 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2017-08-17 22:06 - 2017-07-07 18:10 - 000004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2017-08-17 22:06 - 2017-07-07 18:10 - 000004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2017-08-17 22:06 - 2017-07-07 18:10 - 000004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2017-08-17 22:06 - 2017-07-07 18:10 - 000004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2017-08-17 22:06 - 2017-07-07 18:10 - 000004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2017-08-17 22:06 - 2017-07-07 18:10 - 000003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2017-08-17 22:06 - 2017-07-07 18:10 - 000003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2017-08-17 22:06 - 2017-07-07 18:10 - 000003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2017-08-17 22:06 - 2017-07-07 18:10 - 000003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2017-08-17 22:06 - 2017-07-07 18:10 - 000003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2017-08-17 22:06 - 2017-07-07 18:10 - 000003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2017-08-17 22:06 - 2017-07-07 18:10 - 000003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2017-08-17 22:06 - 2017-07-07 18:10 - 000003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2017-08-17 22:06 - 2017-07-07 18:10 - 000003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2017-08-17 22:06 - 2017-07-07 18:10 - 000003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2017-08-17 22:06 - 2017-07-07 18:10 - 000003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2017-08-17 22:06 - 2017-07-07 18:10 - 000003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2017-08-17 22:06 - 2017-07-07 18:10 - 000003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2017-08-17 22:06 - 2017-07-07 18:10 - 000003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2017-08-17 22:06 - 2017-07-07 18:10 - 000003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2017-08-17 22:06 - 2017-07-07 18:10 - 000003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2017-08-17 22:06 - 2017-07-07 18:10 - 000003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2017-08-17 22:06 - 2017-07-07 18:02 - 000148480 _____ (Microsoft Corporation) C:\windows\system32\appidpolicyconverter.exe
2017-08-17 22:06 - 2017-07-07 18:01 - 000064000 _____ (Microsoft Corporation) C:\windows\system32\auditpol.exe
2017-08-17 22:06 - 2017-07-07 18:01 - 000062464 _____ (Microsoft Corporation) C:\windows\system32\Drivers\appid.sys
2017-08-17 22:06 - 2017-07-07 18:01 - 000017920 _____ (Microsoft Corporation) C:\windows\system32\appidcertstorecheck.exe
2017-08-17 22:06 - 2017-07-07 17:58 - 000338432 _____ (Microsoft Corporation) C:\windows\system32\conhost.exe
2017-08-17 22:06 - 2017-07-07 17:57 - 000296960 _____ (Microsoft Corporation) C:\windows\system32\rstrui.exe
2017-08-17 22:06 - 2017-07-07 17:54 - 000291328 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb10.sys
2017-08-17 22:06 - 2017-07-07 17:54 - 000159744 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb.sys
2017-08-17 22:06 - 2017-07-07 17:54 - 000129536 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb20.sys
2017-08-17 22:06 - 2017-07-07 17:53 - 000112640 _____ (Microsoft Corporation) C:\windows\system32\smss.exe
2017-08-17 22:06 - 2017-07-07 17:53 - 000030720 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe
2017-08-17 22:06 - 2017-07-07 17:51 - 000050176 _____ (Microsoft Corporation) C:\windows\SysWOW64\auditpol.exe
2017-08-17 22:06 - 2017-07-07 17:48 - 000025600 _____ (Microsoft Corporation) C:\windows\SysWOW64\setup16.exe
2017-08-17 22:06 - 2017-07-07 17:48 - 000014336 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntvdm64.dll
2017-08-17 22:06 - 2017-07-07 17:48 - 000007680 _____ (Microsoft Corporation) C:\windows\SysWOW64\instnm.exe
2017-08-17 22:06 - 2017-07-07 17:48 - 000002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\user.exe
2017-08-17 22:06 - 2017-07-07 17:47 - 000036352 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptbase.dll
2017-08-17 22:06 - 2017-07-07 17:47 - 000006144 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2017-08-17 22:06 - 2017-07-07 17:47 - 000004608 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2017-08-17 22:06 - 2017-07-07 17:47 - 000003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2017-08-17 22:06 - 2017-07-07 17:47 - 000003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2017-08-17 22:06 - 2017-07-01 16:05 - 001311744 _____ (Microsoft Corporation) C:\windows\SysWOW64\msjet40.dll
2017-08-17 22:06 - 2017-07-01 16:05 - 000866816 _____ (Microsoft Corporation) C:\windows\SysWOW64\mswdat10.dll
2017-08-17 22:06 - 2017-07-01 16:05 - 000641536 _____ (Microsoft Corporation) C:\windows\SysWOW64\mswstr10.dll
2017-08-17 22:06 - 2017-07-01 16:05 - 000616448 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrepl40.dll
2017-08-17 22:06 - 2017-07-01 16:05 - 000475648 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxbde40.dll
2017-08-17 22:06 - 2017-07-01 16:05 - 000375808 _____ (Microsoft Corporation) C:\windows\SysWOW64\mspbde40.dll
2017-08-17 22:06 - 2017-07-01 16:05 - 000343552 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrd3x40.dll
2017-08-17 22:06 - 2017-07-01 16:05 - 000339968 _____ (Microsoft Corporation) C:\windows\SysWOW64\msexcl40.dll
2017-08-17 22:06 - 2017-07-01 16:05 - 000310272 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrd2x40.dll
2017-08-17 22:06 - 2017-07-01 16:05 - 000240640 _____ (Microsoft Corporation) C:\windows\SysWOW64\msltus40.dll
2017-08-17 22:06 - 2017-07-01 16:05 - 000144896 _____ (Microsoft Corporation) C:\windows\SysWOW64\msjint40.dll
2017-08-17 22:06 - 2017-07-01 16:05 - 000083968 _____ (Microsoft Corporation) C:\windows\SysWOW64\msjter40.dll
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-09-11 22:31 - 2009-07-14 07:45 - 000016304 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-09-11 22:31 - 2009-07-14 07:45 - 000016304 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-09-11 21:52 - 2011-11-08 14:36 - 000000000 ____D C:\Users\CHUCKMAD\AppData\Roaming\vlc
2017-09-11 21:32 - 2011-11-29 23:00 - 000000936 _____ C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-472345856-2661812082-469964496-1000UA.job
2017-09-11 21:09 - 2011-10-10 02:29 - 000003950 _____ C:\windows\System32\Tasks\User_Feed_Synchronization-{2C8D865D-BB48-49ED-87A2-92F08FB22F6F}
2017-09-11 20:10 - 2009-07-14 08:08 - 000000006 ____H C:\windows\Tasks\SA.DAT
2017-09-11 12:32 - 2011-11-29 23:00 - 000000914 _____ C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-472345856-2661812082-469964496-1000Core.job
2017-09-11 02:00 - 2011-10-09 03:40 - 000000000 ____D C:\Users\CHUCKMAD\AppData\Local\Adobe
2017-09-08 19:13 - 2011-11-23 18:12 - 000775124 _____ C:\windows\SysWOW64\PerfStringBackup.INI
2017-09-08 19:12 - 2009-07-14 08:13 - 000775124 _____ C:\windows\system32\PerfStringBackup.INI
2017-09-08 19:12 - 2009-07-14 06:20 - 000000000 ____D C:\windows\inf
2017-09-07 22:30 - 2017-08-08 00:34 - 000000000 ____D C:\Users\CHUCKMAD\Documents\UTILS
2017-09-07 22:06 - 2017-06-29 01:15 - 000013899 _____ C:\Users\CHUCKMAD\Desktop\stolen card.xlsx
2017-09-06 23:17 - 2009-07-14 08:09 - 000000000 ____D C:\windows\System32\Tasks\WPD
2017-09-06 23:16 - 2011-04-17 07:40 - 000000828 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Recovery Media Creator Help.lnk
2017-09-06 21:31 - 2011-10-08 05:04 - 000000000 ____D C:\Users\CHUCKMAD
2017-09-06 18:38 - 2017-06-06 23:09 - 000004862 _____ C:\windows\system32\Drivers\rtkhdasetting.zip
2017-09-06 18:38 - 2017-06-06 23:09 - 000003144 _____ C:\windows\System32\Tasks\RTKCPL
2017-09-06 18:37 - 2017-06-06 23:09 - 000000000 ____D C:\windows\SysWOW64\RTCOM
2017-09-06 03:48 - 2012-03-12 19:29 - 000000000 ____D C:\windows\SysWOW64\Adobe
2017-09-05 22:22 - 2017-05-24 03:28 - 000000000 ____D C:\Users\CHUCKMAD\AppData\Roaming\spek
2017-09-05 19:59 - 2015-09-21 22:46 - 000004476 _____ C:\windows\System32\Tasks\Adobe Acrobat Update Task
2017-09-05 19:58 - 2017-07-06 22:30 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-09-05 19:45 - 2012-11-24 20:33 - 000803328 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2017-09-05 19:45 - 2012-03-09 13:26 - 000000000 ____D C:\windows\system32\Macromed
2017-09-05 19:45 - 2012-02-10 21:07 - 000144896 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-09-05 19:45 - 2011-03-05 08:08 - 000000000 ____D C:\windows\SysWOW64\Macromed
2017-09-05 19:22 - 2013-05-04 12:40 - 000000000 ____D C:\Users\CHUCKMAD\Documents\Outlook Files
2017-09-05 09:21 - 2009-07-14 06:20 - 000000000 ____D C:\windows\rescache
2017-09-01 18:01 - 2011-03-05 07:59 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2017-08-30 02:17 - 2011-10-14 14:14 - 000002414 _____ C:\Users\CHUCKMAD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-08-30 02:17 - 2011-10-14 14:14 - 000002406 _____ C:\Users\CHUCKMAD\Desktop\Google Chrome.lnk
2017-08-28 23:18 - 2012-08-27 22:50 - 000002465 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller X.lnk
2017-08-28 23:18 - 2012-08-27 22:50 - 000002453 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat X Pro.lnk
2017-08-28 23:18 - 2012-08-27 22:50 - 000001997 _____ C:\Users\Public\Desktop\Adobe Acrobat X Pro.lnk
2017-08-28 23:18 - 2012-08-27 22:50 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe LiveCycle ES2
2017-08-28 21:03 - 2011-11-23 18:13 - 000001945 _____ C:\windows\epplauncher.mif
2017-08-18 21:13 - 2009-07-14 07:45 - 005108064 _____ C:\windows\system32\FNTCACHE.DAT
2017-08-17 22:25 - 2009-07-14 05:34 - 000000478 _____ C:\windows\win.ini
2017-08-17 22:18 - 2013-11-18 01:32 - 000000000 ____D C:\windows\system32\MRT
2017-08-17 22:10 - 2011-11-10 13:29 - 140394280 ____C (Microsoft Corporation) C:\windows\system32\MRT.exe
2017-08-17 19:35 - 2011-11-16 14:20 - 000544424 ____N (Microsoft Corporation) C:\windows\system32\MpSigStub.exe
 
==================== Files in the root of some directories =======
 
2012-01-13 21:03 - 2013-08-11 17:20 - 000007859 _____ () C:\Users\CHUCKMAD\AppData\Roaming\pcouffin.cat
2012-01-13 21:03 - 2013-08-11 17:20 - 000001167 _____ () C:\Users\CHUCKMAD\AppData\Roaming\pcouffin.inf
2012-01-13 21:03 - 2013-08-11 17:20 - 000000055 _____ () C:\Users\CHUCKMAD\AppData\Roaming\pcouffin.log
2012-01-13 21:03 - 2013-08-11 17:20 - 000082816 _____ (VSO Software) C:\Users\CHUCKMAD\AppData\Roaming\pcouffin.sys
2011-11-08 12:11 - 2013-05-13 02:22 - 000007854 _____ () C:\Users\CHUCKMAD\AppData\Roaming\Rim.Desktop.Exception.log
2011-11-08 12:09 - 2013-01-04 03:57 - 000004465 _____ () C:\Users\CHUCKMAD\AppData\Roaming\Rim.Desktop.HttpServerSetup.log
2011-11-08 12:11 - 2013-05-13 02:22 - 000008470 _____ () C:\Users\CHUCKMAD\AppData\Roaming\Rim.DesktopHelper.Exception.log
2012-11-25 15:18 - 2013-05-13 02:22 - 000002079 _____ () C:\Users\CHUCKMAD\AppData\Roaming\Rim.Transcoder.Exception.log
2012-01-13 20:43 - 2013-08-11 17:19 - 000001185 _____ () C:\Users\CHUCKMAD\AppData\Roaming\vso_ts_preview.xml
2011-11-08 12:14 - 2013-05-13 01:21 - 000170496 _____ () C:\Users\CHUCKMAD\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2011-11-19 15:39 - 2017-05-31 10:37 - 000007607 _____ () C:\Users\CHUCKMAD\AppData\Local\resmon.resmoncfg
2011-11-19 15:26 - 2011-11-19 15:26 - 000000056 ____H () C:\ProgramData\ezsidmv.dat
2011-11-15 12:23 - 2011-11-19 18:43 - 000000765 _____ () C:\ProgramData\hpzinstall.log
 
Some files in TEMP:
====================
2014-08-15 00:44 - 2013-01-19 00:24 - 000040328 _____ (Autodesk, Inc.) C:\Users\CHUCKMAD\AppData\Local\Temp\AcDeltree.exe
2011-11-15 11:36 - 2011-10-06 03:23 - 000926560 _____ (DivX, LLC) C:\Users\CHUCKMAD\AppData\Local\Temp\DivXSetup.exe
2017-09-06 02:55 - 2017-09-06 02:55 - 000539520 _____ (Sysinternals - www.sysinternals.com) C:\Users\CHUCKMAD\AppData\Local\Temp\DWUZZFUBDPEWT.exe
2002-12-06 18:43 - 2002-12-06 18:43 - 000011264 _____ () C:\Users\CHUCKMAD\AppData\Local\Temp\InstallOptions.dll
2012-03-21 22:56 - 2012-03-21 22:56 - 000908576 _____ (Sun Microsystems, Inc.) C:\Users\CHUCKMAD\AppData\Local\Temp\jre-6u31-windows-i586-iftw-rv.exe
2012-11-24 16:39 - 2012-11-24 16:40 - 000912368 _____ (Sun Microsystems, Inc.) C:\Users\CHUCKMAD\AppData\Local\Temp\jre-6u37-windows-i586-iftw.exe
2013-01-31 21:20 - 2013-01-31 21:20 - 000915376 _____ (Sun Microsystems, Inc.) C:\Users\CHUCKMAD\AppData\Local\Temp\jre-6u39-windows-i586-iftw.exe
2013-03-01 23:00 - 2013-03-01 23:00 - 000897448 _____ (Oracle Corporation) C:\Users\CHUCKMAD\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe
2013-06-22 04:58 - 2013-06-22 04:58 - 000903080 _____ (Oracle Corporation) C:\Users\CHUCKMAD\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
2013-12-19 20:06 - 2013-12-19 20:06 - 000921512 _____ (Oracle Corporation) C:\Users\CHUCKMAD\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
2014-07-28 08:15 - 2014-07-28 08:15 - 000918440 _____ (Oracle Corporation) C:\Users\CHUCKMAD\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe
2011-10-13 12:58 - 2011-10-13 12:58 - 001853752 _____ (mIRC Co. Ltd.) C:\Users\CHUCKMAD\AppData\Local\Temp\mirc722.exe
2011-10-10 02:31 - 2010-10-12 02:12 - 000469256 _____ (Microsoft Corporation) C:\Users\CHUCKMAD\AppData\Local\Temp\MSN3F4C.exe
2010-03-16 17:12 - 2010-03-16 17:12 - 000149352 ____R (Microsoft Corporation) C:\Users\CHUCKMAD\AppData\Local\Temp\ose00000.exe
2011-11-19 15:26 - 2012-11-24 21:54 - 029304496 _____ (Skype Technologies S.A.) C:\Users\CHUCKMAD\AppData\Local\Temp\SkypeSetup.exe
2014-04-29 23:39 - 2014-04-29 23:39 - 001270352 _____ (BitTorrent Inc.) C:\Users\CHUCKMAD\AppData\Local\Temp\utt5591.tmp.exe
2016-08-31 04:28 - 2016-08-31 04:28 - 006503984 _____ (Microsoft Corporation) C:\Users\CHUCKMAD\AppData\Local\Temp\vcredist_x86.exe
2013-01-05 23:14 - 2013-01-05 23:39 - 022912657 _____ () C:\Users\CHUCKMAD\AppData\Local\Temp\vlc-2.0.4-win32.exe
2013-05-13 00:39 - 2013-05-13 00:45 - 022948790 _____ () C:\Users\CHUCKMAD\AppData\Local\Temp\vlc-2.0.6-win32.exe
2013-07-30 02:10 - 2013-07-30 02:25 - 022937227 _____ () C:\Users\CHUCKMAD\AppData\Local\Temp\vlc-2.0.7-win32.exe
2013-10-28 00:22 - 2013-10-28 00:26 - 023003252 _____ () C:\Users\CHUCKMAD\AppData\Local\Temp\vlc-2.0.8-win32.exe
2013-11-23 17:58 - 2013-11-23 18:07 - 024489269 _____ () C:\Users\CHUCKMAD\AppData\Local\Temp\vlc-2.1.1-win32.exe
2014-10-04 14:09 - 2014-10-04 14:53 - 024743106 _____ () C:\Users\CHUCKMAD\AppData\Local\Temp\vlc-2.1.5-win32.exe
2015-11-08 16:29 - 2015-11-08 16:30 - 028849904 _____ () C:\Users\CHUCKMAD\AppData\Local\Temp\vlc-2.2.1-win32.exe
2017-02-12 15:33 - 2017-02-12 15:33 - 030533688 _____ () C:\Users\CHUCKMAD\AppData\Local\Temp\vlc-2.2.4-win32.exe
2017-06-06 23:19 - 2017-06-06 23:20 - 030950664 _____ () C:\Users\CHUCKMAD\AppData\Local\Temp\vlc-2.2.6-win32.exe
2011-10-19 15:54 - 2011-10-19 15:54 - 000024064 _____ () C:\Users\CHUCKMAD\AppData\Local\Temp\winping.dll
2017-09-06 02:56 - 2017-09-06 02:56 - 000412544 _____ (Sysinternals - www.sysinternals.com) C:\Users\CHUCKMAD\AppData\Local\Temp\ZGY.exe
2015-03-18 00:01 - 2015-03-18 00:06 - 000000000 _____ () C:\Users\CHUCKMAD\AppData\Local\Temp\{20CF71EA-92A8-46E1-A82E-786B97238E6A}-41.0.2272.89_39.0.2171.95_chrome_updater.exe
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\SysWOW64\wininit.exe => File is digitally signed
C:\windows\explorer.exe => File is digitally signed
C:\windows\SysWOW64\explorer.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\SysWOW64\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\SysWOW64\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\SysWOW64\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll => File is digitally signed
C:\windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2017-09-11 20:54
 
==================== End of FRST.txt ============================
 
 
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-09-2017
Ran by SYSTEM (11-09-2017 22:54:17)
Running from C:\Users\CHUCKMAD\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2011-10-08 02:04:02)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-472345856-2661812082-469964496-500 - Administrator - Disabled)
CHUCKMAD (S-1-5-21-472345856-2661812082-469964496-1000 - Administrator - Enabled) => C:\Users\CHUCKMAD
Guest (S-1-5-21-472345856-2661812082-469964496-501 - Limited - Enabled) => C:\Users\Guest
HomeGroupUser$ (S-1-5-21-472345856-2661812082-469964496-1002 - Limited - Enabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Kaspersky Internet Security (Enabled - Up to date) {86367591-4BE4-AE08-2FD9-7FCB8259CD98}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Kaspersky Internet Security (Enabled - Up to date) {3D579475-6DDE-A186-1569-44B9F9DE8725}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security (Enabled) {BE0DF4B4-018B-AF50-0486-D6FE7C8A8AE3}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
64 Bit HP CIO Components Installer (HKLM\...\{BE930E38-7BB3-45B6-85B2-5251F374F844}) (Version: 6.2.2 - Hewlett-Packard) Hidden
AC3Filter 1.63b (HKLM-x32\...\AC3Filter_is1) (Version: 1.63b - Alexander Vigovsky)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 17.012.20098 - Adobe Systems Incorporated)
Adobe Acrobat X Pro - English, Français, Deutsch (HKLM-x32\...\{AC76BA86-1033-F400-7760-000000000005}) (Version: 10.1.16 - Adobe Systems)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 26.0.0.127 - Adobe Systems Incorporated)
Adobe Creative Suite 6 Master Collection (HKLM-x32\...\{E8AD3069-9EB7-4BA8-8BFE-83F4E69355C0}) (Version: 6 - Adobe Systems Incorporated)
Adobe Flash Player 26 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 26.0.0.151 - Adobe Systems Incorporated)
Adobe Flash Player 26 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 26.0.0.151 - Adobe Systems Incorporated)
Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.2 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.2.9.199 - Adobe Systems, Inc.)
Adobe Widget Browser (HKLM-x32\...\com.adobe.WidgetBrowser.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1) (Version: 2.0 Build 230 - Adobe Systems Incorporated.)
ALPS Touch Pad Driver (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 7.106.303.111 - ALPS ELECTRIC CO., LTD.)
Angry Birds (HKLM-x32\...\{2F7D5734-056F-4A0A-A1C7-CA1AAE5BB1EB}) (Version: 1.6.3.1 - Rovio)
Apple Application Support (32-bit) (HKLM-x32\...\{D2FE6376-E549-4F63-A2C5-CA24DA035DE4}) (Version: 5.6 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{BB109E24-EE90-485B-A28B-ADDEFB40540B}) (Version: 5.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{0A596141-97D5-45FA-9281-98DFAF48D579}) (Version: 10.3.2.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{52D87F32-70E4-4348-8148-C0B9F35B1314}) (Version: 2.3.0.177 - Apple Inc.)
ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.14 - Michael Tippach)
Atheros Bluetooth Filter Driver Package (HKLM\...\{65486209-5C54-439C-8383-8AC9BBE25932}) (Version: 1.00.0004 - Atheros Communications)
Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 9.2 - Atheros)
ATI Catalyst Install Manager (HKLM\...\{F6A4520C-431B-2080-2D07-D4C15AFF359E}) (Version: 3.0.804.0 - ATI Technologies, Inc.)
AutoCAD 2014 - English (HKLM\...\{5783F2D7-D001-0000-0102-0060B0CE6BBA}) (Version: 19.1.18.0 - Autodesk) Hidden
AutoCAD 2014 - English (HKLM\...\{5783F2D7-D001-0409-2102-0060B0CE6BBA}) (Version: 19.1.18.0 - Autodesk) Hidden
AutoCAD 2014 Language Pack - English (HKLM\...\{5783F2D7-D001-0409-1102-0060B0CE6BBA}) (Version: 19.1.18.0 - Autodesk) Hidden
Autodesk 360 (HKLM\...\{52B28CAD-F49D-47BA-9FFE-29C2E85F0D0B}) (Version: 4.0.27.1 - Autodesk)
Autodesk App Manager (HKLM-x32\...\{C070121A-C8C5-4D52-9A7D-D240631BD433}) (Version: 1.1.0 - Autodesk)
Autodesk AutoCAD 2014 - English (HKLM\...\AutoCAD 2014 - English) (Version: 19.1.18.0 - Autodesk)
Autodesk Content Service (HKLM-x32\...\{62F029AB-85F2-0000-866A-9FC0DD99DDBC}) (Version: 3.1.3.0 - Autodesk) Hidden
Autodesk Content Service (HKLM-x32\...\Autodesk Content Service) (Version: 3.1.3.0 - Autodesk)
Autodesk Content Service Language Pack (HKLM-x32\...\{62F029AB-85F2-0001-866A-9FC0DD99DDBC}) (Version: 3.1.3.0 - Autodesk) Hidden
Autodesk Featured Apps (HKLM-x32\...\{F732FEDA-7713-4428-934B-EF83B8DD65D0}) (Version: 1.1.0 - Autodesk)
Autodesk Material Library 2014 (HKLM-x32\...\{644F9B19-A462-499C-BF4D-300ABC2A28B1}) (Version: 4.0.19.0 - Autodesk)
Autodesk Material Library Base Resolution Image Library 2014 (HKLM-x32\...\{51BF3210-B825-4092-8E0D-66D689916E02}) (Version: 4.0.19.0 - Autodesk)
Autodesk ReCap (HKLM\...\{31ABA3F2-0000-1033-0102-111D43815377}) (Version: 1.0.43.13 - Autodesk) Hidden
Autodesk ReCap (HKLM\...\Autodesk ReCap) (Version: 1.0.43.13 - Autodesk)
Autodesk ReCap Language Pack-English (HKLM\...\{31ABA3F2-0010-1033-0102-111D43815377}) (Version: 1.0.43.13 - Autodesk) Hidden
bl (HKLM-x32\...\{2A075BB4-E976-4278-BF3F-E5C6945D84C0}) (Version: 1.0.0 - Your Company Name) Hidden
BlackBerry Desktop Software 7.1 (HKLM-x32\...\{7A3E6E1C-CF5A-4CE9-B8D6-A2F9B7BA18FC}) (Version: 7.1.0.37 - Research In Motion Ltd.) Hidden
BlackBerry Desktop Software 7.1 (HKLM-x32\...\BlackBerry_Desktop) (Version: 7.1.0.37 - Research In Motion Ltd.)
BlackBerry Device Software Updater (HKLM-x32\...\{38676C9C-270F-43D1-926A-E45DE8820A6B}) (Version: 7.1.0.34 - Research In Motion Ltd)
BlackBerry Device Software v6.0.0 for the BlackBerry 9700 smartphone (HKLM-x32\...\{A328C5CD-D500-43F0-9E83-C2F81ACD7A13}) (Version: 6.0.0.546 (Platform 6.6.0.207) - Research In Motion Ltd.)
Bluetooth Stack for Windows by Toshiba (HKLM\...\{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}) (Version: v8.00.04(T) - TOSHIBA CORPORATION)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Canon Auto Update Service (HKLM-x32\...\Auto Update Service) (Version: 1.1.0.13 - Canon Inc.)
Canon MOV Decoder (HKLM-x32\...\Canon MOV Decoder) (Version: 1.9.0.8 - Canon Inc.)
Canon MOV Encoder (HKLM-x32\...\Canon MOV Encoder) (Version: 1.8.0.1 - Canon Inc.)
Canon MovieEdit Task for ZoomBrowser EX (HKLM-x32\...\MovieEditTask) (Version: 3.9.0.6 - Canon Inc.)
Canon Utilities CameraWindow DC 8 (HKLM-x32\...\CameraWindowDC8) (Version: 8.6.0.11 - Canon Inc.)
Canon Utilities CameraWindow Launcher (HKLM-x32\...\CameraWindowLauncher) (Version: 7.6.0.1 - Canon Inc.)
Canon Utilities Digital Photo Professional 3.11 (HKLM-x32\...\DPP) (Version: 3.11.3.10 - Canon Inc.)
Canon Utilities Map Utility (HKLM-x32\...\MapUtility) (Version: 1.1.0.4 - Canon Inc.)
Canon Utilities Movie Uploader for YouTube (HKLM-x32\...\MovieUploaderForYouTube) (Version: 1.3.0.3 - Canon Inc.)
Canon Utilities MyCamera (HKLM-x32\...\MyCamera) (Version: 7.5.0.1 - Canon Inc.)
Canon Utilities PhotoStitch (HKLM-x32\...\PhotoStitch) (Version: 3.1.22.46 - Canon Inc.)
Canon Utilities ZoomBrowser EX (HKLM-x32\...\ZoomBrowser EX) (Version: 6.8.0.10 - Canon Inc.)
Canon ZoomBrowser EX Memory Card Utility (HKLM-x32\...\ZoomBrowser EX Memory Card Utility) (Version: 1.6.0.15 - Canon Inc.)
ccc-core-static (HKLM-x32\...\{73780DB3-3936-93D9-A3E8-CDB2F626EDCB}) (Version: 2011.0204.1809.32513 - ATI) Hidden
CollageIt 1.9.0 (HKLM-x32\...\{D9757258-30B2-496E-86F2-84920C5858E1}_is1) (Version:  - PearlMountain Technology Co., Ltd)
Complément Messenger (HKLM-x32\...\{6E5324C1-84FC-4F76-9A3A-C65E07F80EE6}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Complemento Messenger (HKLM-x32\...\{3A09ED0F-8DDF-47BB-B53D-841AB9D1D3A7}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Contrôle ActiveX Windows Live Mesh pour connexions à distance (HKLM-x32\...\{55D003F4-9599-44BF-BA9E-95D060730DD3}) (Version: 15.4.5722.2 - Microsoft Corporation)
Controlo ActiveX do Windows Live Mesh para Ligações Remotas (HKLM-x32\...\{E54EEB5D-41ED-40FE-B4A8-8565DB81469B}) (Version: 15.4.5722.2 - Microsoft Corporation)
ConvertXtoDVD 4.1.19.365 (HKLM-x32\...\{DB6AB705-C9BD-40E3-8929-2EA57F36A4FF}_is1) (Version: 4.1.19.365 - )
Counter-Strike 1.6 (HKLM-x32\...\{13B792AA-C078-43A4-8A3A-8B12D629940D}) (Version: 1.00.0000 - )
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
DirectVobSub 2.40.3644 x64 (HKLM\...\vsfilter64_is1) (Version: 2.40.3644 - MPC-HC Team)
DiskAid 5.42 (HKLM-x32\...\DiskAid_is1) (Version: 5.42 - DigiDNA)
DivX Setup (HKLM-x32\...\DivX Setup) (Version: 2.6.0.34 - DivX, LLC)
DJ_AIO_06_F2400_SW_Min (HKLM-x32\...\{5546F4E9-B0F4-4F54-B949-2AB006C9284F}) (Version: 140.0.690.000 - Hewlett-Packard) Hidden
DU Meter (HKLM-x32\...\DUMeter3_is1) (Version: 5.20 - Hagel Technologies Ltd.)
Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
FARO LS 1.1.501.0 (64bit) (HKLM-x32\...\{8A470330-70B2-49AD-86AF-79885EF9898A}) (Version: 5.1.0.30630 - FARO Scanner Production)
FlashFXP v4.1 (HKLM-x32\...\{96E3AED5-3D0B-4BB0-84C2-1EDADB204487}) (Version: 4.1.5.1667 - OpenSight Software, LLC)
Free Video to iPhone Converter version 5.0.45.716 (HKLM-x32\...\Free Video to iPhone Converter_is1) (Version: 5.0.45.716 - DVDVideoSoft Ltd.)
FxPro cAlgo (HKU\S-1-5-21-472345856-2661812082-469964496-1000\...\c4000c7708f752e8) (Version: 1.39.65534.35017 - FxPro cAlgo)
Galeria de Fotografias do Windows Live (HKLM-x32\...\{0EC0B576-90F9-43C3-8FAD-A4902DF4B8F4}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie de photos Windows Live (HKLM-x32\...\{488F0347-C4A7-4374-91A7-30818BEDA710}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
GMATPrep™ (HKLM-x32\...\{90D451F1-1F43-4AEC-8F24-D11972551D0E}) (Version: 2.3.601.409 - Graduate Management Admission Council ®)
Google Chrome (HKU\S-1-5-21-472345856-2661812082-469964496-1000\...\Google Chrome) (Version: 60.0.3112.113 - Google Inc.)
Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Talk Plugin (HKLM-x32\...\{F9B579C2-D854-300A-BE62-A09EB9D722E4}) (Version: 5.41.3.0 - Google)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
High-Definition Video Playback (HKLM-x32\...\{58CB9A9A-1EFB-4EA8-B50C-3097E754AC21}) (Version: 7.3.10800.5.0 - Nero AG) Hidden
HP Deskjet F2400 All-in-One Driver 14.0 Rel. 6 (HKLM\...\{819CA3BC-2FF8-4811-B42F-421F7BFD3559}) (Version: 14.0 - HP)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.1.80.1213 - Intel Corporation)
Intel® Network Connections Drivers (HKLM\...\PROSet) (Version: 16.4 - Intel)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.2.1004 - Intel Corporation)
iTunes (HKLM\...\{02F95875-9527-49CC-B32F-970ADAEBD1EF}) (Version: 12.6.2.20 - Apple Inc.)
Java 7 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.250 - Oracle)
Junk Mail filter update (HKLM-x32\...\{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Kaspersky Internet Security (HKLM-x32\...\{5AAE61FF-858E-453E-B8F3-944618149975}) (Version: 18.0.0.405 - Kaspersky Lab) Hidden
Kaspersky Internet Security (HKLM-x32\...\InstallWIX_{5AAE61FF-858E-453E-B8F3-944618149975}) (Version: 18.0.0.405 - Kaspersky Lab)
Kaspersky Secure Connection (HKLM-x32\...\{F33C0717-8E04-4EB5-90C8-47221287DB4F}) (Version: 18.0.0.405 - Kaspersky Lab) Hidden
Kaspersky Secure Connection (HKLM-x32\...\InstallWIX_{F33C0717-8E04-4EB5-90C8-47221287DB4F}) (Version: 18.0.0.405 - Kaspersky Lab)
Magic DVD Ripper V6.0.2 (HKLM-x32\...\Magic DVD Ripper_is1) (Version:  - Magic DVD Software, Inc.)
Malwarebytes version 3.2.2.2018 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.2.2.2018 - Malwarebytes)
Mesh Runtime (HKLM-x32\...\{8C6D6116-B724-4810-8F2D-D047E6B7D68E}) (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (HKLM-x32\...\{066219C8-4BE6-46D7-9E01-60FCFA6B32DC}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Messenger Companion (HKLM-x32\...\{50816F92-1652-4A7C-B9BC-48F682742C4B}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Messenger Companion (HKLM-x32\...\{847C879C-1467-4924-A491-1302B4C58F70}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.7 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.02053 - Microsoft Corporation)
Microsoft Calculator Plus (HKLM-x32\...\{83073C45-3003-4671-9A86-243AAADD915A}) (Version: 1.0.0 - Microsoft)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Primary Interoperability Assemblies 2005 (HKLM-x32\...\{2C303EE0-A595-3543-A71A-931C7AC40EDE}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.10.25017 (HKLM-x32\...\{e52a6842-b0ac-476e-b48f-378a97a67346}) (Version: 14.10.25017.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.10.25017 (HKLM-x32\...\{f325f05b-f963-4640-a43b-c8a494cdda0f}) (Version: 14.10.25017.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
mIRC (HKLM-x32\...\mIRC) (Version: 7.22 - mIRC Co. Ltd.)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Native Instruments Audio 2 DJ Driver (HKLM-x32\...\Native Instruments Audio 2 DJ Driver) (Version:  - Native Instruments)
Native Instruments Audio 4 DJ Driver (HKLM-x32\...\Native Instruments Audio 4 DJ Driver) (Version:  - Native Instruments)
Native Instruments Audio 8 DJ Driver (HKLM-x32\...\Native Instruments Audio 8 DJ Driver) (Version:  - Native Instruments)
Native Instruments Controller Editor (HKLM-x32\...\Native Instruments Controller Editor) (Version: 2.1.0.183 - Native Instruments)
Native Instruments Native Access (HKLM-x32\...\Native Instruments Native Access) (Version: 1.2.0.53 - Native Instruments)
Native Instruments Service Center (HKLM-x32\...\Native Instruments Service Center) (Version: 2.6.0.137 - Native Instruments)
Native Instruments Traktor 2 (HKLM-x32\...\Native Instruments Traktor 2) (Version: 2.11.0.23 - Native Instruments)
Native Instruments Traktor Audio 10 Driver (HKLM-x32\...\Native Instruments Traktor Audio 10 Driver) (Version:  - Native Instruments)
Native Instruments Traktor Audio 2 Driver (HKLM-x32\...\Native Instruments Traktor Audio 2 Driver) (Version:  - Native Instruments)
Native Instruments Traktor Audio 2 MK2 Driver (HKLM-x32\...\Native Instruments Traktor Audio 2 MK2 Driver) (Version:  - Native Instruments)
Native Instruments Traktor Audio 6 Driver (HKLM-x32\...\Native Instruments Traktor Audio 6 Driver) (Version:  - Native Instruments)
Native Instruments Traktor Kontrol D2 Driver (HKLM-x32\...\Native Instruments Traktor Kontrol D2 Driver) (Version:  - Native Instruments)
Native Instruments Traktor Kontrol F1 Driver (HKLM-x32\...\Native Instruments Traktor Kontrol F1 Driver) (Version:  - Native Instruments)
Native Instruments Traktor Kontrol S2 Driver (HKLM-x32\...\Native Instruments Traktor Kontrol S2 Driver) (Version:  - Native Instruments)
Native Instruments Traktor Kontrol S2 MK2 Driver (HKLM-x32\...\Native Instruments Traktor Kontrol S2 MK2 Driver) (Version:  - Native Instruments)
Native Instruments Traktor Kontrol S4 Driver (HKLM-x32\...\Native Instruments Traktor Kontrol S4 Driver) (Version:  - Native Instruments)
Native Instruments Traktor Kontrol S4 MK2 Driver (HKLM-x32\...\Native Instruments Traktor Kontrol S4 MK2 Driver) (Version:  - Native Instruments)
Native Instruments Traktor Kontrol S5 Driver (HKLM-x32\...\Native Instruments Traktor Kontrol S5 Driver) (Version:  - Native Instruments)
Native Instruments Traktor Kontrol S8 Driver (HKLM-x32\...\Native Instruments Traktor Kontrol S8 Driver) (Version:  - Native Instruments)
Native Instruments Traktor Kontrol X1 Driver (HKLM-x32\...\Native Instruments Traktor Kontrol X1 Driver) (Version:  - Native Instruments)
Native Instruments Traktor Kontrol X1 MK2 Driver (HKLM-x32\...\Native Instruments Traktor Kontrol X1 MK2 Driver) (Version:  - Native Instruments)
Native Instruments Traktor Kontrol Z1 Driver (HKLM-x32\...\Native Instruments Traktor Kontrol Z1 Driver) (Version:  - Native Instruments)
Native Instruments Traktor Kontrol Z2 Driver (HKLM-x32\...\Native Instruments Traktor Kontrol Z2 Driver) (Version:  - Native Instruments)
Nero 10 ClipartPack (HKLM-x32\...\{96ED4B78-300E-4033-AE6C-C115CEB4DF07}) (Version: 10.6.10000.11.0 - Nero AG)
Nero 10 Kwik Themes 1 (HKLM-x32\...\{43FBAB46-5969-4200-9958-1FF81FEE506F}) (Version: 10.6.10000.1.0 - Nero AG)
Nero 10 Kwik Themes 2 (HKLM-x32\...\{70F19404-B96C-4EBB-AD2B-3574F8736197}) (Version: 10.6.10000.2.0 - Nero AG)
Nero 10 Menu TemplatePack 1 (HKLM-x32\...\{42C8B7DF-FEB0-4D51-B169-506B6BEC5797}) (Version: 10.6.10000.0.0 - Nero AG)
Nero 10 Menu TemplatePack 2 (HKLM-x32\...\{E712C273-7564-4C8E-AA59-0FA19BC35117}) (Version: 10.6.10000.0.0 - Nero AG)
Nero 10 Menu TemplatePack 3 (HKLM-x32\...\{92146419-AE44-4C8B-A48B-0ABB1B5EC026}) (Version: 10.6.10000.1.0 - Nero AG)
Nero 10 Sample ImagePack (HKLM-x32\...\{ACD15FDF-FC42-4175-B477-576F92FF2256}) (Version: 10.6.10000.11.0 - Nero AG)
Nero 10 Sample Videos (HKLM-x32\...\{92A10E9D-EA00-4A46-8F22-EEA660992D61}) (Version: 10.6.10000.11.0 - Nero AG)
Nero BackItUp 10 (HKLM-x32\...\{68AB6930-5BFF-4FF6-923B-516A91984FE6}) (Version: 5.6.11500.16.100 - Nero AG)
Nero BurnRights 10 (HKLM-x32\...\{943CFD7D-5336-47AF-9418-E02473A5A517}) (Version: 4.2.10500.1.102 - Nero AG)
Nero Express 10 (HKLM-x32\...\{70550193-1C22-445C-8FA4-564E155DB1A7}) (Version: 10.2.12000.21.100 - Nero AG)
Nero InfoTool 10 (HKLM-x32\...\{F412B4AF-388C-4FF5-9B2F-33DB1C536953}) (Version: 7.2.10400.5.100 - Nero AG)
Nero Kwik Media (HKLM-x32\...\{1F7D9F37-C39C-486C-BDF8-8F440FFB3352}) (Version: 1.6.14000.46.100 - Nero AG)
Nero Multimedia Suite 10 Essentials (HKLM-x32\...\{0FF68F26-416C-4954-ACA5-6AD5F9DE99C1}) (Version: 10.5.14800 - Nero AG)
Nero RescueAgent 10 (HKLM-x32\...\{E337E787-CF61-4B7B-B84F-509202A54023}) (Version: 3.2.10800.9.100 - Nero AG)
Nero StartSmart 10 (HKLM-x32\...\{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}) (Version: 10.2.11600.14.100 - Nero AG)
Nero Vision 10 (HKLM-x32\...\{9A4297F3-2A51-4ED9-92CA-4BCB8380947E}) (Version: 7.4.10800.7.100 - Nero AG)
Nero Vision Xtra (HKLM-x32\...\{7AA92D13-8B7A-48B9-B18D-645564FAD258}) (Version: 10.6.10800 - Nero AG)
PDF Settings CS6 (HKLM-x32\...\{BFEAAE77-BD7F-4534-B286-9C5CB4697EB1}) (Version: 11.0 - Adobe Systems Incorporated) Hidden
ph (HKLM-x32\...\{185F9795-9663-4F13-9EF9-307A282ADB5A}) (Version: 1.0.0 - Your Company Name) Hidden
Photo Service - powered by myphotobook (HKLM-x32\...\eu.myphotobook.001F9DF2D0BAABEB11F42CCEE43224607B61109C.1) (Version: 1.2.0-545 - myphotobook GmbH)
Pioneer MIX Driver (HKLM-x32\...\Pioneer MIX) (Version: 4.2.2.0017 - Pioneer DJ Corporation.)
Pixlr-o-matic (HKLM-x32\...\{41A63ADA-088B-1C2D-43B3-E4087FE79881}) (Version: 2.1 - UNKNOWN) Hidden
Pixlr-o-matic (HKLM-x32\...\Pixlromatic) (Version: 2.1 - UNKNOWN)
PL-2303 USB-to-Serial (HKLM-x32\...\{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}) (Version: 1.3.0 - Prolific Technology INC)
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
PokerStars (HKLM-x32\...\PokerStars) (Version:  - PokerStars)
Realtek HDMI Audio Driver for ATI (HKLM-x32\...\{5449FB4F-1802-4D5B-A6D8-087DB1142147}) (Version: 6.0.1.6121 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8036 - Realtek Semiconductor Corp.)
rekordbox 4.2.2 (HKLM-x32\...\Pioneer rekordbox 4.2.2) (Version: 4.2.2.0017 - Pioneer DJ)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.32.0 - Renesas Electronics Corporation) Hidden
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.32.0 - Renesas Electronics Corporation)
RICOH Media Driver v2.11.17.03 (HKLM-x32\...\{FE041B02-234C-4AAA-9511-80DF6482A458}) (Version: 2.11.17.03 - RICOH)
Scan (HKLM-x32\...\{06A1D88C-E102-4527-AF70-29FFD7AF215A}) (Version: 140.0.80.000 - Hewlett-Packard) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
SFV Checker (HKLM-x32\...\{C9736F27-3CFC-4AF9-B2A7-5B1A54B1A84F}) (Version:  - )
SketchUp Import for AutoCAD 2014 (HKLM-x32\...\{644E9589-F73A-49A4-AC61-A953B9DE5669}) (Version: 1.1.0 - Autodesk)
Skype Toolbars (HKLM-x32\...\{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}) (Version: 5.0.4126 - Skype Technologies S.A.)
Skype™ 7.36 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.36.101 - Skype Technologies S.A.)
Spek (HKLM-x32\...\{7CDF6754-F5A0-4F34-B589-197530FEF862}) (Version: 0.8.2 - Spek Project)
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Tony Hawks Pro Skater HD (HKLM-x32\...\Tony Hawks Pro Skater HD_is1) (Version:  - )
Toolbox (HKLM-x32\...\{292F0F52-B62D-4E71-921B-89A682402201}) (Version: 140.0.428.000 - Hewlett-Packard) Hidden
TOSHIBA Assist (HKLM-x32\...\{C2A276E3-154E-44DC-AAF1-FFDD7FD30E35}) (Version: 4.02.02 - TOSHIBA CORPORATION)
TOSHIBA Battery Check Utility (HKLM-x32\...\{5468E297-7EF8-4CB3-A091-F8714147793F}) (Version: 1.00.01.01 - Toshiba Corporation)
TOSHIBA Bulletin Board (HKLM-x32\...\InstallShield_{229C190B-7690-40B7-8680-42530179F3E9}) (Version: 2.0.16.64 - TOSHIBA Corporation)
TOSHIBA ConfigFree (HKLM-x32\...\{48E7C66D-DB0F-49F9-8181-3BB5ECCED6CF}) (Version: 8.0.37 - TOSHIBA CORPORATION)
TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.1.0.6 for x64 - TOSHIBA Corporation)
TOSHIBA eco Utility (HKLM\...\{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}) (Version: 1.2.24.64 - TOSHIBA Corporation)
TOSHIBA Face Recognition (HKLM-x32\...\InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}) (Version: 3.1.8.64 - TOSHIBA Corporation)
TOSHIBA HDD Protection (HKLM\...\{94A90C69-71C1-470A-88F5-AA47ECC96B40}) (Version: 2.2.1.11 - TOSHIBA Corporation)
TOSHIBA HDD/SSD Alert (HKLM-x32\...\InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.1.64.7 - TOSHIBA Corporation)
TOSHIBA Intelligent Display Management (HKLM\...\{636E2BA9-126F-493D-A033-343C145AAD87}) (Version: 1.0.3.0 - TOSHIBA Corporation)
Toshiba Manuals (HKLM-x32\...\{90FF4432-21B7-4AF6-BA6E-FB8C1FED9173}) (Version: 10.02 - TOSHIBA)
TOSHIBA Media Controller (HKLM-x32\...\{C7A4F26F-F9B0-41B2-8659-99181108CDE3}) (Version: 1.0.86.2 - TOSHIBA CORPORATION)
TOSHIBA Media Controller Plug-in (HKLM-x32\...\{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}) (Version: 1.0.6.1 - TOSHIBA CORPORATION)
TOSHIBA Online Product Information (HKLM-x32\...\{2290A680-4083-410A-ADCC-7092C67FC052}) (Version: 4.00.0008 - TOSHIBA)
TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.7.4.64 - TOSHIBA Corporation)
TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.1.3.5109 - TOSHIBA CORPORATION)
TOSHIBA Recovery Media Creator Reminder (HKLM-x32\...\InstallShield_{773970F1-5EBA-4474-ADEE-1EA3B0A59492}) (Version: 1.00.0019 - TOSHIBA)
TOSHIBA ReelTime (HKLM-x32\...\InstallShield_{24811C12-F4A9-4D0F-8494-A7B8FE46123C}) (Version: 1.7.17.64 - TOSHIBA Corporation)
TOSHIBA Resolution+ Plug-in for Windows Media Player (HKLM-x32\...\{6CB76C9D-80C2-4CB3-A4CD-D96B239E3F94}) (Version: 1.0.1 - TOSHIBA Corporation)
TOSHIBA Security Assist (HKLM-x32\...\{1E63ACB5-D45E-4856-8FC9-78F4B0D7BB80}) (Version: 2.0.9 - TOSHIBA)
TOSHIBA Service Station (HKLM-x32\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.2.14 - TOSHIBA)
TOSHIBA Sleep Utility (HKLM-x32\...\{654F7484-88C5-46DC-AB32-C66BCB0E2102}) (Version: 1.4.2.7 - TOSHIBA Corporation)
TOSHIBA Sync Utility (HKLM-x32\...\{CCF62642-ECB1-4D2B-80C0-3FD3286AEAED}) (Version: 2.0.30 - TOSHIBA Corporation)
TOSHIBA TEMPRO (HKLM-x32\...\{F082CB11-4794-4259-99A1-D91BA762AD15}) (Version: 3.35 - Toshiba Europe GmbH)
TOSHIBA Value Added Package (HKLM-x32\...\InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}) (Version: 1.5.3.64 - TOSHIBA Corporation)
TOSHIBA VIDEO PLAYER (HKLM-x32\...\{6C5F3BDC-0A1B-4436-A696-5939629D5C31}) (Version: 4.00.4.54-A - TOSHIBA Corporation)
TOSHIBA Web Camera Application (HKLM-x32\...\InstallShield_{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}) (Version: 1.1.7.1 - TOSHIBA Corporation)
Total Video Converter 3.10 (HKLM-x32\...\Total Video Converter 3.10_is1) (Version:  - EffectMatrix Inc.)
UltraISO Premium V9.52 (HKLM-x32\...\UltraISO_is1) (Version:  - )
Uzak Bağlantılar İçin Windows Live Mesh ActiveX Denetimi (HKLM-x32\...\{241E7104-937A-4366-AD57-8FDDDB003939}) (Version: 15.4.5722.2 - Microsoft Corporation)
VC80CRTRedist - 8.0.50727.6195 (HKLM-x32\...\{933B4015-4618-4716-A828-5289FC03165F}) (Version: 1.2.0 - DivX, Inc) Hidden
VirtualDJ PRO Full (HKLM-x32\...\{4769E972-2E92-49C5-B6F9-465EFD0C4D94}) (Version: 7.0.5 - Atomix Productions)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.6 - VideoLAN)
VSO ConvertXToDVD (HKLM-x32\...\{CE1F93C0-4353-4C9D-84DA-AB4E7C63ED32}_is1) (Version: 5.0.0.45 - VSO-Software SARL)
Winamp (HKLM-x32\...\Winamp) (Version: 5.64  - Nullsoft, Inc)
Winamp Detector Plug-in (HKU\S-1-5-21-472345856-2661812082-469964496-1000\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
WinRAR 4.01 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 4.01.0 - win.rar GmbH)
WinZip 15.5 (HKLM-x32\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240C3}) (Version: 15.5.9579 - WinZip Computing, S.L. )
WirelessMon V4.0 (HKLM-x32\...\WirelessMon_is1) (Version:  - PassMark Software ®)
Zemana AntiMalware (HKLM-x32\...\{8F0CD7D1-42F3-4195-95CD-833578D45057}_is1) (Version: 2.74.0.150 - Zemana Ltd.)
بريد Windows Live (HKLM-x32\...\{0A4C4B29-5A9D-4910-A13C-B920D5758744}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
عنصر تحكم ActiveX الخاص بـ Windows Live Mesh للاتصالات البعيدة (HKLM-x32\...\{E18B30AA-6E2D-480C-B918-AF61009F4010}) (Version: 15.4.5722.2 - Microsoft Corporation)
معرض صور Windows Live (HKLM-x32\...\{FBCA06D2-4642-4F33-B20A-A7AB3F0D2E69}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
HKU\S-1-5-21-472345856-2661812082-469964496-1000\...\ChromeHTML: -> C:\Users\CHUCKMAD\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-472345856-2661812082-469964496-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\CHUCKMAD\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-472345856-2661812082-469964496-1000_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\CHUCKMAD\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-472345856-2661812082-469964496-1000_Classes\CLSID\{144DF3B2-2402-47AE-9583-5A045929A8D4}\InprocServer32 -> C:\Users\CHUCKMAD\AppData\Local\Google\Update\1.3.33.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-472345856-2661812082-469964496-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\CHUCKMAD\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-472345856-2661812082-469964496-1000_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\CHUCKMAD\AppData\Local\Google\Update\1.3.30.3\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-472345856-2661812082-469964496-1000_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Users\CHUCKMAD\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-472345856-2661812082-469964496-1000_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\CHUCKMAD\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-472345856-2661812082-469964496-1000_Classes\CLSID\{6A221957-2D85-42A7-8E19-BE33950D1DEB}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2014\acad.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-472345856-2661812082-469964496-1000_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\CHUCKMAD\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-472345856-2661812082-469964496-1000_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\CHUCKMAD\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-472345856-2661812082-469964496-1000_Classes\CLSID\{7DE1BE5C-CEBA-4F1D-ACBC-9CE11EE9A2A1}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2014\acad.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-472345856-2661812082-469964496-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\CHUCKMAD\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-472345856-2661812082-469964496-1000_Classes\CLSID\{BD0DEB94-63DB-4392-9420-6EEE05094B1F}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2014\acad.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-472345856-2661812082-469964496-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\CHUCKMAD\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-472345856-2661812082-469964496-1000_Classes\CLSID\{CB492AF1-2CEF-4E58-BE47-471C77D0C8BA}\InprocServer32 -> C:\Users\CHUCKMAD\AppData\Local\Google\Update\1.3.32.7\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-472345856-2661812082-469964496-1000_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\CHUCKMAD\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-472345856-2661812082-469964496-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\CHUCKMAD\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-472345856-2661812082-469964496-1000_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\CHUCKMAD\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-472345856-2661812082-469964496-1000_Classes\CLSID\{E2C40589-DE61-11ce-BAE0-0020AF6D7005}\InprocServer32 -> C:\Program Files\Autodesk\AutoCAD 2014\en-US\acadficn.dll (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-472345856-2661812082-469964496-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\CHUCKMAD\AppData\Local\Google\Update\1.3.33.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-472345856-2661812082-469964496-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\CHUCKMAD\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll => No File
ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\windows\system32\AcSignIcon.dll [2013-02-08] (Autodesk, Inc.)
ContextMenuHandlers1: [2.0 Zemana AntiMalware] -> {6ABB1C11-E261-4CEA-BBB5-3836225689DD} => C:\Program Files (x86)\Zemana AntiMalware\ZAMShellExt64.dll [2017-09-06] ()
ContextMenuHandlers1: [AcShellExtension.AcContextMenuHandler] -> {2E7A2C6C-B938-40a4-BA1C-C7EC982DC202} => C:\Program Files\Common Files\Autodesk Shared\AcShellEx\AcShellExtension.dll [2013-02-08] (Autodesk)
ContextMenuHandlers1: [Adobe.Acrobat.ContextMenu] -> {D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\..\Acrobat Elements\ContextMenu64.dll [2015-09-24] (Adobe Systems Inc.)
ContextMenuHandlers1: [Kaspersky Anti-Virus 18.0.0] -> {FF48AD48-74C7-4260-B385-FAEB80947450} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 18.0.0\x64\ShellEx.dll [2017-08-28] (AO Kaspersky Lab)
ContextMenuHandlers1-x32: [SFVChecker] -> {51131DA7-1D24-40e5-AE07-5E3750F5DE3C} => C:\Program Files (x86)\Traction Software\SFV Checker\SFVContextMenuExt.dll [2009-07-14] ()
ContextMenuHandlers1-x32: [tosBtShllExt] -> {6BEF3D0B-53F0-4b0d-B91C-C19ED3D4C9D1} => C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\sys\x64\TosBtShell.dll [2010-07-30] (TOSHIBA)
ContextMenuHandlers1-x32: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2011-05-28] ()
ContextMenuHandlers1-x32-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2011-05-28] ()
ContextMenuHandlers1-x32-x32: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files (x86)\WinZip\wzshls64.dll [2011-08-02] (WinZip Computing, S.L.)
ContextMenuHandlers2: [Kaspersky Anti-Virus 18.0.0] -> {FF48AD48-74C7-4260-B385-FAEB80947450} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 18.0.0\x64\ShellEx.dll [2017-08-28] (AO Kaspersky Lab)
ContextMenuHandlers2: [UltraISO] -> {AD392E40-428C-459F-961E-9B147782D099} => C:\Program Files (x86)\UltraISO\isoshl64.dll [2009-10-22] (EZB Systems, Inc.)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-08-21] (Malwarebytes)
ContextMenuHandlers4: [Kaspersky Anti-Virus 18.0.0] -> {FF48AD48-74C7-4260-B385-FAEB80947450} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 18.0.0\x64\ShellEx.dll [2017-08-28] (AO Kaspersky Lab)
ContextMenuHandlers4-x32: [SFVChecker] -> {51131DA7-1D24-40e5-AE07-5E3750F5DE3C} => C:\Program Files (x86)\Traction Software\SFV Checker\SFVContextMenuExt.dll [2009-07-14] ()
ContextMenuHandlers4-x32: [tosBtShllExt] -> {6BEF3D0B-53F0-4b0d-B91C-C19ED3D4C9D1} => C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\sys\x64\TosBtShell.dll [2010-07-30] (TOSHIBA)
ContextMenuHandlers4-x32: [UltraISO] -> {AD392E40-428C-459F-961E-9B147782D099} => C:\Program Files (x86)\UltraISO\isoshl64.dll [2009-10-22] (EZB Systems, Inc.)
ContextMenuHandlers4-x32: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2011-05-28] ()
ContextMenuHandlers4-x32-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2011-05-28] ()
ContextMenuHandlers4-x32-x32: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files (x86)\WinZip\wzshls64.dll [2011-08-02] (WinZip Computing, S.L.)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atiacm64.dll [2011-02-05] (Advanced Micro Devices, Inc.)
ContextMenuHandlers6: [2.0 Zemana AntiMalware] -> {6ABB1C11-E261-4CEA-BBB5-3836225689DD} => C:\Program Files (x86)\Zemana AntiMalware\ZAMShellExt64.dll [2017-09-06] ()
ContextMenuHandlers6: [Adobe.Acrobat.ContextMenu] -> {D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\..\Acrobat Elements\ContextMenu64.dll [2015-09-24] (Adobe Systems Inc.)
ContextMenuHandlers6: [Kaspersky Anti-Virus 18.0.0] -> {FF48AD48-74C7-4260-B385-FAEB80947450} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 18.0.0\x64\ShellEx.dll [2017-08-28] (AO Kaspersky Lab)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-08-21] (Malwarebytes)
ContextMenuHandlers6-x32: [SFVChecker] -> {51131DA7-1D24-40e5-AE07-5E3750F5DE3C} => C:\Program Files (x86)\Traction Software\SFV Checker\SFVContextMenuExt.dll [2009-07-14] ()
ContextMenuHandlers6-x32: [UltraISO] -> {AD392E40-428C-459F-961E-9B147782D099} => C:\Program Files (x86)\UltraISO\isoshl64.dll [2009-10-22] (EZB Systems, Inc.)
ContextMenuHandlers6-x32: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2011-05-28] ()
ContextMenuHandlers6-x32-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2011-05-28] ()
ContextMenuHandlers6-x32-x32: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files (x86)\WinZip\wzshls64.dll [2011-08-02] (WinZip Computing, S.L.)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {122A4818-DC1E-4CAA-BFEE-166777E42EE1} - \{3BB4ED96-D168-4FDF-8F7E-E0991F5685CE} -> No File <==== ATTENTION
Task: {16C2C718-80D8-499C-82F3-E06CF3E7F2D6} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2017-01-11] (Realtek Semiconductor)
Task: {188DCCAE-9BE8-48C0-A72B-B011F6C9D304} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-472345856-2661812082-469964496-1000Core => C:\Users\CHUCKMAD\AppData\Local\Google\Update\GoogleUpdate.exe [2015-09-07] (Google Inc.)
Task: {21D6D0ED-384C-4983-8590-9FFB685AD886} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-07-19] (Adobe Systems Incorporated)
Task: {50AE98BB-1FB7-443E-8258-4B6D5F0B5B37} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-09-05] (Adobe Systems Incorporated)
Task: {5628F37B-F27C-4F50-A9AF-02A4D4F50580} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-07] (Google Inc.)
Task: {829E6851-A92F-41AE-83AA-6C2AA02F926E} - System32\Tasks\Kaspersky_Upgrade_Launcher_{278ADC42-419D-4547-A6CA-5B74BE0AD901} => C:\Program Files\Common Files\AV\Kaspersky Lab\upgrade_launcher.exe [2017-08-28] (AO Kaspersky Lab)
Task: {960743A7-7202-41EB-9C93-261900052126} - System32\Tasks\{34BFB71D-B762-4ACE-BA4B-735297B451CA} => C:\windows\system32\pcalua.exe -a C:\Users\CHUCKMAD\Downloads\VobSub_2.23.exe -d C:\Users\CHUCKMAD\Downloads
Task: {A2924FB8-C0B5-4DC8-8E35-4E256237EB57} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-472345856-2661812082-469964496-1000Core => C:\Users\CHUCKMAD\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-15] (Facebook Inc.)
Task: {A8D7D840-90D2-4988-92BF-E3A95C1B45AE} - System32\Tasks\ConfigFree Startup Programs => C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe [2010-12-04] (TOSHIBA CORPORATION)
Task: {B666241B-DAFA-4AC7-B4AA-8025CB154CF6} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-472345856-2661812082-469964496-1000UA => C:\Users\CHUCKMAD\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-15] (Facebook Inc.)
Task: {CB05DF65-BDE1-4F82-A05E-598E7EC48E27} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-07] (Google Inc.)
Task: {CB1C24B7-9D1C-4783-90D6-35E3C7860AD7} - System32\Tasks\AdobeAAMUpdater-1.0-CHUCKMAD-TOSH-CHUCKMAD => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2012-04-04] (Adobe Systems Incorporated)
Task: {CB81CD2F-C2B1-4388-A6CC-CF4F9ACEE3D8} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2017-02-14] (Apple Inc.)
Task: {D7CD616C-C951-44EB-B3F7-085E323B04BD} - \{C882CB40-6D9D-4A65-8E80-5D7B91A6D5A3} -> No File <==== ATTENTION
Task: {DA7566AD-4524-4A55-B62E-79E6CEEFF868} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-472345856-2661812082-469964496-1000UA => C:\Users\CHUCKMAD\AppData\Local\Google\Update\GoogleUpdate.exe [2015-09-07] (Google Inc.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-472345856-2661812082-469964496-1000Core.job => C:\Users\CHUCKMAD\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-472345856-2661812082-469964496-1000UA.job => C:\Users\CHUCKMAD\AppData\Local\Facebook\Update\FacebookUpdate.exe
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
Shortcut: C:\Users\CHUCKMAD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VirtualDJ\Online Help.lnk -> hxxp://www.virtualdj.com/wiki
Shortcut: C:\Users\CHUCKMAD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VirtualDJ\www.virtualdj.com.lnk -> hxxp://www.virtualdj.com
 
==================== Loaded Modules (Whitelisted) ==============
 
2017-07-13 20:50 - 2017-07-13 20:50 - 001354040 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2017-01-13 14:56 - 2017-01-13 14:56 - 000092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2013-09-05 01:17 - 2013-09-05 01:17 - 004300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 16:23 - 2010-10-20 16:23 - 008801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2017-09-05 19:59 - 2017-08-24 11:27 - 002264528 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2010-11-19 03:18 - 2010-11-19 03:18 - 011190784 _____ () C:\Program Files\TOSHIBA\FlashCards\BlackPng.dll
2010-03-04 00:15 - 2010-03-04 00:15 - 000019256 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnF10.dll
2010-03-04 00:15 - 2010-03-04 00:15 - 000019256 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnF11.dll
2010-12-16 01:19 - 2010-12-16 01:19 - 000124320 _____ () C:\Program Files\TOSHIBA\TECO\MUIHelp.dll
2017-07-14 10:26 - 2017-07-14 10:26 - 001354040 _____ () C:\Program Files\iTunes\libxml2.dll
2017-07-14 10:27 - 2017-07-14 10:27 - 000092472 _____ () C:\Program Files\iTunes\zlib1.dll
2010-12-09 01:42 - 2010-12-09 01:42 - 000079264 _____ () C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosIPCWraper.dll
2011-02-05 04:07 - 2011-02-05 04:07 - 000243712 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2010-10-20 00:15 - 2010-10-20 00:15 - 000016384 ____R () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2017-08-28 22:31 - 2017-08-28 22:31 - 000836968 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 18.0.0\kpcengine.2.3.dll
2013-09-05 01:14 - 2013-09-05 01:14 - 004300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 16:45 - 2010-10-20 16:45 - 008801120 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\Users\CHUCKMAD\AppData\Local\Temp:GbSC7TDbbpKoxK1yXPr9BH1ip [2086]
AlternateDataStreams: C:\Users\CHUCKMAD\AppData\Local\yZMWrHjgM1FT:D6rGCcTSAuvR6LKC4p6wR4gei1 [2156]
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMChameleon => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMSwissArmy => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMChameleon => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMSwissArmy => ""="Driver"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
HKU\S-1-5-21-472345856-2661812082-469964496-1000\Software\Classes\.scr: AutoCADScriptFile => C:\windows\system32\notepad.exe "%1"
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2011-12-09 20:43 - 2012-08-27 23:27 - 000001033 ____N C:\windows\system32\Drivers\etc\hosts
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-472345856-2661812082-469964496-1000\Control Panel\Desktop\\Wallpaper -> 
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
MSCONFIG\startupreg: Acrobat Assistant 8.0 => "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
MSCONFIG\startupreg: Adobe Acrobat Speed Launcher => "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
MSCONFIG\startupreg: AdobeCS6ServiceManager => "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
MSCONFIG\startupreg: Autodesk Sync => C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe
MSCONFIG\startupreg: DivXUpdate => "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
MSCONFIG\startupreg: Facebook Update => "C:\Users\CHUCKMAD\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
MSCONFIG\startupreg: Google Update => C:\Users\CHUCKMAD\AppData\Local\Google\Update\1.3.33.5\GoogleUpdateCore.exe
MSCONFIG\startupreg: NBAgent => "C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe" /WinStart
MSCONFIG\startupreg: RIMBBLaunchAgent.exe => C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
MSCONFIG\startupreg: SwitchBoard => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{C8A0FA61-2DEF-4FDA-A370-1168D8B16370}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{ECF652C7-C538-40CF-B572-7088ADCBAB70}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{9E42AF00-E97F-42E3-9C28-81849D72DC1C}] => (Allow) LPort=2869
FirewallRules: [{FE13F652-6EC6-4661-B3F1-BB9A8026DDA9}] => (Allow) LPort=1900
FirewallRules: [{460936B3-C966-420B-A7B2-E66D374DFA71}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{72A4F4D5-6228-402C-B0CD-8B2F1D1651E8}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{4179F543-065E-4C00-9367-4CB659EA3722}] => (Allow) C:\Program Files (x86)\Research In Motion\BlackBerry Desktop\Rim.Desktop.exe
FirewallRules: [{8FC75FD0-F18E-4459-BCD9-9BEBEF65F847}] => (Allow) C:\Program Files (x86)\Research In Motion\BlackBerry Desktop\Rim.Desktop.exe
FirewallRules: [{7A45F89B-29DF-4B47-8001-0D2599B2AE41}] => (Allow) LPort=4481
FirewallRules: [{CA00C0DF-08F1-4EAA-BD06-2CDD1A4943EA}] => (Allow) LPort=4481
FirewallRules: [{28D31693-F54F-45DF-8E91-AF66B35AE878}] => (Allow) LPort=4482
FirewallRules: [{C50411E0-3809-4C08-A42B-1F51EAEA639E}] => (Allow) LPort=4482
FirewallRules: [{2F90E703-2CF9-4938-87E8-0B894A8CDBAF}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqkygrp.exe
FirewallRules: [{DCFDE401-C3A6-4D48-8637-00546E1942BC}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpfccopy.exe
FirewallRules: [{D38BEFBE-660A-4C9B-996F-93F3B6AE4181}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpiscnapp.exe
FirewallRules: [{FB168046-0AC9-4C81-AB26-A8CE923E25F9}] => (Allow) C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe
FirewallRules: [{97493F68-6632-4D7F-AD5A-57D58743EBD1}] => (Allow) C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe
FirewallRules: [{2DBB4D4F-6F09-4827-A8C7-EC4D930169B2}] => (Allow) C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe
FirewallRules: [{24B69062-C35B-4741-B6A7-7FF06DAD1C91}] => (Allow) C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe
FirewallRules: [{BC58A4F3-450E-4D8C-9CB6-8346E43E9FA1}] => (Allow) C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe
FirewallRules: [{7E1AC201-E762-40C4-90DF-F6F57A4D7682}] => (Allow) C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe
FirewallRules: [TCP Query User{A2C825EE-C890-45EF-813B-B2784A0DC0BC}C:\program files (x86)\mirc\mirc.exe] => (Allow) C:\program files (x86)\mirc\mirc.exe
FirewallRules: [UDP Query User{17788823-DA80-4E5D-82F6-129DE5DE4BAA}C:\program files (x86)\mirc\mirc.exe] => (Allow) C:\program files (x86)\mirc\mirc.exe
FirewallRules: [TCP Query User{7526CE6A-0C89-4228-B522-7821FD61B221}C:\program files (x86)\winamp\winamp.exe] => (Allow) C:\program files (x86)\winamp\winamp.exe
FirewallRules: [UDP Query User{F19FC60C-50CE-47EB-A88A-2A8F2D4C7DDA}C:\program files (x86)\winamp\winamp.exe] => (Allow) C:\program files (x86)\winamp\winamp.exe
FirewallRules: [TCP Query User{5478105F-57D2-486C-B48F-78FD96F1315D}C:\program files (x86)\valve\hl.exe] => (Allow) C:\program files (x86)\valve\hl.exe
FirewallRules: [UDP Query User{FA1DA967-F6D0-452A-8356-B5D7F9355D42}C:\program files (x86)\valve\hl.exe] => (Allow) C:\program files (x86)\valve\hl.exe
FirewallRules: [{10AA7272-3BB1-4A17-81EC-19E8D95657A1}] => (Allow) C:\Program Files (x86)\Adobe\Adobe Flash Builder 4.6\FlashBuilder.exe
FirewallRules: [{A49A8B36-BA08-4859-94B4-6A5F32B2EACB}] => (Allow) C:\Program Files (x86)\Adobe\Adobe Flash Builder 4.6\FlashBuilder.exe
FirewallRules: [{95FEB14C-1245-449C-A62E-D898B58B4524}] => (Allow) LPort=7935
FirewallRules: [{2A8C8A47-EFFC-4C39-B1B7-25D85F6571AE}] => (Allow) LPort=4481
FirewallRules: [{DD824FD5-B99A-4198-841F-4794530118FC}] => (Allow) LPort=4481
FirewallRules: [{69496351-7C3F-4990-964F-921D36E4B2D0}] => (Allow) LPort=4482
FirewallRules: [{80960541-D016-4A21-985F-325D862B726E}] => (Allow) LPort=4482
FirewallRules: [{0C35FD50-8882-43EC-BFFA-5C4E98E032DE}] => (Allow) C:\Program Files (x86)\Research In Motion\BlackBerry Desktop\Rim.Desktop.exe
FirewallRules: [{44E55AFB-B80F-40E6-80EA-FCA2C6320B0E}] => (Allow) C:\Program Files (x86)\Research In Motion\BlackBerry Desktop\Rim.Desktop.exe
FirewallRules: [{B356B48F-84F3-4428-9748-AD291E25C24A}] => (Allow) C:\Users\CHUCKMAD\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{E4E0275E-2D3B-421F-ADD2-3917A5F9A906}] => (Allow) C:\Users\CHUCKMAD\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{02AF7A1A-0984-488E-B911-8422A2F98D4A}] => (Allow) C:\Users\CHUCKMAD\AppData\Local\Facebook\Video\Skype\FacebookVideoCalling.exe
FirewallRules: [{C06708D5-B28F-4578-B006-EB822E74806D}] => (Allow) LPort=50248
FirewallRules: [TCP Query User{6186C3C0-51BB-4AE3-AF30-15513FE5FC16}C:\program files (x86)\toshiba\bluetooth toshiba stack\tosbtpcs.exe] => (Allow) C:\program files (x86)\toshiba\bluetooth toshiba stack\tosbtpcs.exe
FirewallRules: [UDP Query User{985DD3C8-F8CF-4840-8190-838B786D9208}C:\program files (x86)\toshiba\bluetooth toshiba stack\tosbtpcs.exe] => (Allow) C:\program files (x86)\toshiba\bluetooth toshiba stack\tosbtpcs.exe
FirewallRules: [{4D826017-A0F0-4B4B-8BC1-30FC383F46BD}] => (Block) C:\program files (x86)\toshiba\bluetooth toshiba stack\tosbtpcs.exe
FirewallRules: [{230A474D-9525-43F0-B3F9-D56AD5AB3899}] => (Block) C:\program files (x86)\toshiba\bluetooth toshiba stack\tosbtpcs.exe
FirewallRules: [{355D29E4-9A10-42F0-8670-89880E13C88A}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{5490E203-E64A-4064-8C06-C62E197DE874}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{C602CDA0-AA09-4959-9004-9FE8E1737CE5}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{69651F17-0D24-41C6-BDB2-4BB4420A024C}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [TCP Query User{2816BD62-444E-4A62-94FA-C1EAA1DE242C}C:\program files (x86)\pioneer\rekordbox 4.2.2\psvnfsd.exe] => (Allow) C:\program files (x86)\pioneer\rekordbox 4.2.2\psvnfsd.exe
FirewallRules: [UDP Query User{C31E91A6-D9F1-448F-9206-7A9547F50B91}C:\program files (x86)\pioneer\rekordbox 4.2.2\psvnfsd.exe] => (Allow) C:\program files (x86)\pioneer\rekordbox 4.2.2\psvnfsd.exe
FirewallRules: [TCP Query User{CB49A491-3714-4E3D-8C3F-84203098EB8A}C:\program files (x86)\pioneer\rekordbox 4.2.2\rekordbox.exe] => (Allow) C:\program files (x86)\pioneer\rekordbox 4.2.2\rekordbox.exe
FirewallRules: [UDP Query User{94716C60-57F9-4761-8CA4-59EAC14C26AF}C:\program files (x86)\pioneer\rekordbox 4.2.2\rekordbox.exe] => (Allow) C:\program files (x86)\pioneer\rekordbox 4.2.2\rekordbox.exe
FirewallRules: [TCP Query User{6AB9E36A-D286-4C70-B6E9-156D57A75CC6}C:\program files (x86)\pioneer\rekordbox 4.2.2\psvlinksysmgr.exe] => (Allow) C:\program files (x86)\pioneer\rekordbox 4.2.2\psvlinksysmgr.exe
FirewallRules: [UDP Query User{0A36EDA7-401E-4E55-8766-42AC0B066563}C:\program files (x86)\pioneer\rekordbox 4.2.2\psvlinksysmgr.exe] => (Allow) C:\program files (x86)\pioneer\rekordbox 4.2.2\psvlinksysmgr.exe
FirewallRules: [TCP Query User{2F3401B4-B03C-4AEF-8877-0543C9EA3A0D}C:\program files (x86)\pioneer\rekordbox 4.2.2\psvnfsd.exe] => (Allow) C:\program files (x86)\pioneer\rekordbox 4.2.2\psvnfsd.exe
FirewallRules: [UDP Query User{4F38621F-7817-464C-AE99-68C6AAFD9590}C:\program files (x86)\pioneer\rekordbox 4.2.2\psvnfsd.exe] => (Allow) C:\program files (x86)\pioneer\rekordbox 4.2.2\psvnfsd.exe
FirewallRules: [TCP Query User{BF6C10AF-9DB3-4649-AC06-958045BDA0B7}C:\program files (x86)\pioneer\rekordbox 4.2.2\psvlinksysmgr.exe] => (Allow) C:\program files (x86)\pioneer\rekordbox 4.2.2\psvlinksysmgr.exe
FirewallRules: [UDP Query User{EB32E2E7-9A20-4D3F-BCD8-975FA62F966E}C:\program files (x86)\pioneer\rekordbox 4.2.2\psvlinksysmgr.exe] => (Allow) C:\program files (x86)\pioneer\rekordbox 4.2.2\psvlinksysmgr.exe
FirewallRules: [TCP Query User{42606471-23B8-4CBC-A37D-2388C9A2F342}C:\users\CHUCKMAD\appdata\local\google\chrome\application\chrome.exe] => (Block) C:\users\CHUCKMAD\appdata\local\google\chrome\application\chrome.exe
FirewallRules: [UDP Query User{70167F79-FE93-49C8-A72C-BE3CDE8C7E2B}C:\users\CHUCKMAD\appdata\local\google\chrome\application\chrome.exe] => (Block) C:\users\CHUCKMAD\appdata\local\google\chrome\application\chrome.exe
FirewallRules: [TCP Query User{41FF76AE-527A-4548-A55E-29EFF38489DC}C:\users\CHUCKMAD\appdata\local\google\chrome\application\chrome.exe] => (Allow) C:\users\CHUCKMAD\appdata\local\google\chrome\application\chrome.exe
FirewallRules: [UDP Query User{92C4FFF2-4B4D-4FA7-85A4-CF85BA9E10F7}C:\users\CHUCKMAD\appdata\local\google\chrome\application\chrome.exe] => (Allow) C:\users\CHUCKMAD\appdata\local\google\chrome\application\chrome.exe
FirewallRules: [{9E33A62A-D50B-4271-9650-AC175A8EE022}] => (Allow) C:\Program Files\iTunes\iTunes.exe
 
==================== Restore Points =========================
 
21-08-2017 22:54:25 Windows Update
28-08-2017 22:17:50 Windows Update
01-09-2017 16:17:07 Removed Facebook Messenger 2.1.4814.0
06-09-2017 19:30:37 Checkpoint by HitmanPro
06-09-2017 19:32:20 Checkpoint by HitmanPro
08-09-2017 19:01:24 Windows Update
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (09/11/2017 10:49:47 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: prevhost.exe, version: 6.1.7601.17562, time stamp: 0x4d5dee89
Faulting module name: pdfprevhndlr.dll, version: 10.1.16.13, time stamp: 0x5603fdc2
Exception code: 0xc0000005
Fault offset: 0x00007b5e
Faulting process id: 0xbc0
Faulting application start time: 0x01d32b36d82cde13
Faulting application path: C:\Windows\SysWOW64\prevhost.exe
Faulting module path: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\pdfprevhndlr.dll
Report Id: 5ceb21f6-972a-11e7-944e-e89d87ab7722
 
Error: (09/11/2017 11:59:19 AM) (Source: Google Update) (EventID: 20) (User: CHUCKMAD-TOSH)
Description: Event-ID 20
 
Error: (09/11/2017 11:59:10 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 25995024
 
Error: (09/11/2017 11:59:10 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 25995024
 
Error: (09/11/2017 11:59:10 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (09/11/2017 03:32:07 AM) (Source: Google Update) (EventID: 20) (User: CHUCKMAD-TOSH)
Description: Event-ID 20
 
Error: (09/11/2017 01:38:30 AM) (Source: Google Update) (EventID: 20) (User: CHUCKMAD-TOSH)
Description: Event-ID 20
 
Error: (09/09/2017 04:19:22 AM) (Source: Google Update) (EventID: 20) (User: CHUCKMAD-TOSH)
Description: Event-ID 20
 
Error: (09/09/2017 04:19:05 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 19381190
 
Error: (09/09/2017 04:19:05 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 19381190
 
 
System errors:
=============
Error: (09/11/2017 07:47:00 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server:
{9E175B6D-F52A-11D8-B9A5-505054503030}
 
Error: (09/11/2017 07:47:00 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server:
{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
 
Error: (09/11/2017 07:46:46 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}
 
Error: (09/11/2017 07:46:35 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server:
{DD522ACC-F821-461A-A407-50B198B896DC}
 
Error: (09/11/2017 07:45:34 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The MBAMChameleon service failed to start due to the following error: 
The driver was not loaded because the system is booting into safe mode.
 
Error: (09/11/2017 07:45:33 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has failed to start.
 
Module Path: C:\windows\system32\athihvs.dll
Error Code: 21
 
Error: (09/11/2017 07:45:22 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
The dependency service or group failed to start.
 
Error: (09/11/2017 07:45:22 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
The dependency service or group failed to start.
 
Error: (09/11/2017 07:45:22 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
The dependency service or group failed to start.
 
Error: (09/11/2017 07:45:22 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
The dependency service or group failed to start.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5-2410M CPU @ 2.30GHz
Percentage of memory in use: 33%
Total physical RAM: 8165.43 MB
Available physical RAM: 5412.37 MB
Total Virtual: 16329.04 MB
Available Virtual: 12926.27 MB
 
==================== Drives ================================
 
Drive c: (TI30749400A) (Fixed) (Total:451.44 GB) (Free:34.51 GB) NTFS ==>[system with boot components (obtained from drive)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: EEA3CD17)
Partition 1: (Active) - (Size=1.5 GB) - (Type=27)
Partition 2: (Not Active) - (Size=451.4 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=12.9 GB) - (Type=17)
 
==================== End of Addition.txt ============================

Edited by cmaroun, 11 September 2017 - 06:25 PM.


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,215 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:07 PM

Posted 13 September 2017 - 09:24 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Press the windows key Press the Windows key + r on your keyboard at the same time. This will open the RUN BOX.+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

HKLM\...\Run: [] => [X]
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-472345856-2661812082-469964496-1000\...\Run: [AdobeBridge] => [X]
Toolbar: HKU\S-1-5-21-472345856-2661812082-469964496-1000 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
S3 MFE_RR; \??\C:\Users\CHUCKMAD\AppData\Local\Temp\mfe_rr.sys [X] <==== ATTENTION
CustomCLSID: HKU\S-1-5-21-472345856-2661812082-469964496-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\CHUCKMAD\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-472345856-2661812082-469964496-1000_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\CHUCKMAD\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-472345856-2661812082-469964496-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\CHUCKMAD\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-472345856-2661812082-469964496-1000_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\CHUCKMAD\AppData\Local\Google\Update\1.3.30.3\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-472345856-2661812082-469964496-1000_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Users\CHUCKMAD\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-472345856-2661812082-469964496-1000_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\CHUCKMAD\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-472345856-2661812082-469964496-1000_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\CHUCKMAD\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-472345856-2661812082-469964496-1000_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\CHUCKMAD\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-472345856-2661812082-469964496-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\CHUCKMAD\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-472345856-2661812082-469964496-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\CHUCKMAD\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-472345856-2661812082-469964496-1000_Classes\CLSID\{CB492AF1-2CEF-4E58-BE47-471C77D0C8BA}\InprocServer32 -> C:\Users\CHUCKMAD\AppData\Local\Google\Update\1.3.32.7\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-472345856-2661812082-469964496-1000_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\CHUCKMAD\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-472345856-2661812082-469964496-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\CHUCKMAD\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-472345856-2661812082-469964496-1000_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\CHUCKMAD\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-472345856-2661812082-469964496-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\CHUCKMAD\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll => No File
Task: {122A4818-DC1E-4CAA-BFEE-166777E42EE1} - \{3BB4ED96-D168-4FDF-8F7E-E0991F5685CE} -> No File <==== ATTENTION
Task: {D7CD616C-C951-44EB-B3F7-085E323B04BD} - \{C882CB40-6D9D-4A65-8E80-5D7B91A6D5A3} -> No File <==== ATTENTION
AlternateDataStreams: C:\Users\CHUCKMAD\AppData\Local\Temp:GbSC7TDbbpKoxK1yXPr9BH1ip [2086]
AlternateDataStreams: C:\Users\CHUCKMAD\AppData\Local\yZMWrHjgM1FT:D6rGCcTSAuvR6LKC4p6wR4gei1 [2156]

cmd: ipconfig /flushdns
cmd: IPCONFIG /release
cmd: IPCONFIG /renew
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: netsh winsock reset catalog
CMD: netsh int ip reset c:\resetlog.txt
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
CMD: bitsadmin /reset /allusers

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.

Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.

You can manually check your present version and update as recommended. (You need to check with Internet Explorer) <- Important.
https://www.java.com/en/download/installed.jsp

Be careful not to install malware posing as Java update!
Important read this blog.
http://blog.trendmicro.com/trendlabs-security-intelligence/malware-poses-as-an-update-for-java-0-day-fix/

Quoted from the page.
"In light of the recent events surrounding Java, users must seriously consider their use of Java. Do they really need it? If yes, make sure that users follow the steps we recommended and get the security update directly from the official oracle website." at:
http://www.oracle.com/technetwork/java/javase/downloads/index.html

How to disable Java in your browsers
http://www.infoworld.com/t/web-browsers/how-disable-java-in-your-browsers-210882

If still present after the update you can remove the old versions of Java via the Control Panel > Programs > Programs and Features.
Java 7 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.250 - Oracle)
===

Please let me know what problem persists with this computer.

p.s.
Chelck this out.
How to tell if my Wireless is secure.
http://www.ehow.com/how_6775466_tell-wireless-secure_.html

#3 cmaroun

cmaroun
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:04:07 AM

Posted 13 September 2017 - 12:25 PM

Hi nasdaq,
Thanks a lot for your fast reply! I will try to run the fix and post the logs by tomorrow.
Meanwhile is there a way to track the IPs used to transfer the information?
Reviewing Ipconfig /displaydns can show possible attacker IPs?

#4 nasdaq

nasdaq

  • Malware Response Team
  • 39,215 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:07 PM

Posted 13 September 2017 - 12:47 PM

Nothing shown on your logs.

Where was your personal information obtained from is unknown. If you computer was visited all traces are deleted by the offender.

#5 cmaroun

cmaroun
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:04:07 AM

Posted 14 September 2017 - 09:14 AM

FIXLOG
 
Fix result of Farbar Recovery Scan Tool (x64) Version: 13-09-2017 02
Ran by CHUCKMAD (14-09-2017 15:58:45) Run:1
Running from C:\Users\CHUCKMAD\Desktop
Loaded Profiles: CHUCKMAD &  (Available Profiles: CHUCKMAD & Guest)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
start
 
CreateRestorePoint:
EmptyTemp:
CloseProcesses:
 
HKLM\...\Run: [] => [X]
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-472345856-2661812082-469964496-1000\...\Run: [AdobeBridge] => [X]
Toolbar: HKU\S-1-5-21-472345856-2661812082-469964496-1000 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
S3 MFE_RR; \??\C:\Users\CHUCKMAD\AppData\Local\Temp\mfe_rr.sys [X] <==== ATTENTION
CustomCLSID: HKU\S-1-5-21-472345856-2661812082-469964496-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\CHUCKMAD\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-472345856-2661812082-469964496-1000_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\CHUCKMAD\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-472345856-2661812082-469964496-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\CHUCKMAD\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-472345856-2661812082-469964496-1000_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\CHUCKMAD\AppData\Local\Google\Update\1.3.30.3\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-472345856-2661812082-469964496-1000_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Users\CHUCKMAD\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-472345856-2661812082-469964496-1000_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\CHUCKMAD\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-472345856-2661812082-469964496-1000_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\CHUCKMAD\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-472345856-2661812082-469964496-1000_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\CHUCKMAD\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-472345856-2661812082-469964496-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\CHUCKMAD\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-472345856-2661812082-469964496-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\CHUCKMAD\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-472345856-2661812082-469964496-1000_Classes\CLSID\{CB492AF1-2CEF-4E58-BE47-471C77D0C8BA}\InprocServer32 -> C:\Users\CHUCKMAD\AppData\Local\Google\Update\1.3.32.7\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-472345856-2661812082-469964496-1000_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\CHUCKMAD\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-472345856-2661812082-469964496-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\CHUCKMAD\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-472345856-2661812082-469964496-1000_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\CHUCKMAD\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-472345856-2661812082-469964496-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\CHUCKMAD\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll => No File
Task: {122A4818-DC1E-4CAA-BFEE-166777E42EE1} - \{3BB4ED96-D168-4FDF-8F7E-E0991F5685CE} -> No File <==== ATTENTION
Task: {D7CD616C-C951-44EB-B3F7-085E323B04BD} - \{C882CB40-6D9D-4A65-8E80-5D7B91A6D5A3} -> No File <==== ATTENTION
AlternateDataStreams: C:\Users\CHUCKMAD\AppData\Local\Temp:GbSC7TDbbpKoxK1yXPr9BH1ip [2086]
AlternateDataStreams: C:\Users\CHUCKMAD\AppData\Local\yZMWrHjgM1FT:D6rGCcTSAuvR6LKC4p6wR4gei1 [2156]
 
cmd: ipconfig /flushdns
cmd: IPCONFIG /release
cmd: IPCONFIG /renew
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: netsh winsock reset catalog
CMD: netsh int ip reset c:\resetlog.txt
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
CMD: bitsadmin /reset /allusers
 
End
*****************
 
Restore point was successfully created.
Processes closed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
HKU\S-1-5-21-472345856-2661812082-469964496-1000\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge => value removed successfully
HKU\S-1-5-21-472345856-2661812082-469964496-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} => value removed successfully
HKLM\Software\Classes\CLSID\{47833539-D0C5-4125-9FA8-0819E2EAAC93} => key not found. 
HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE => key removed successfully
HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE => key removed successfully
HKLM\System\CurrentControlSet\Services\MFE_RR => key removed successfully
MFE_RR => service removed successfully
HKU\S-1-5-21-472345856-2661812082-469964496-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208} => key removed successfully
HKU\S-1-5-21-472345856-2661812082-469964496-1000_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448} => key removed successfully
HKU\S-1-5-21-472345856-2661812082-469964496-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1} => key removed successfully
HKU\S-1-5-21-472345856-2661812082-469964496-1000_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856} => key removed successfully
HKU\S-1-5-21-472345856-2661812082-469964496-1000_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4} => key removed successfully
HKU\S-1-5-21-472345856-2661812082-469964496-1000_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E} => key removed successfully
HKU\S-1-5-21-472345856-2661812082-469964496-1000_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98} => key removed successfully
HKU\S-1-5-21-472345856-2661812082-469964496-1000_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247} => key removed successfully
HKU\S-1-5-21-472345856-2661812082-469964496-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8} => key removed successfully
HKU\S-1-5-21-472345856-2661812082-469964496-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A} => key removed successfully
HKU\S-1-5-21-472345856-2661812082-469964496-1000_Classes\CLSID\{CB492AF1-2CEF-4E58-BE47-471C77D0C8BA} => key removed successfully
HKU\S-1-5-21-472345856-2661812082-469964496-1000_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2} => key removed successfully
HKU\S-1-5-21-472345856-2661812082-469964496-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9} => key removed successfully
HKU\S-1-5-21-472345856-2661812082-469964496-1000_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF} => key removed successfully
HKU\S-1-5-21-472345856-2661812082-469964496-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{122A4818-DC1E-4CAA-BFEE-166777E42EE1} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{122A4818-DC1E-4CAA-BFEE-166777E42EE1} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{3BB4ED96-D168-4FDF-8F7E-E0991F5685CE} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D7CD616C-C951-44EB-B3F7-085E323B04BD} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D7CD616C-C951-44EB-B3F7-085E323B04BD} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{C882CB40-6D9D-4A65-8E80-5D7B91A6D5A3} => key removed successfully
C:\Users\CHUCKMAD\AppData\Local\Temp => ":GbSC7TDbbpKoxK1yXPr9BH1ip" ADS removed successfully.
"C:\Users\CHUCKMAD\AppData\Local\yZMWrHjgM1FT" => ":D6rGCcTSAuvR6LKC4p6wR4gei1" ADS not found.
 
========= ipconfig /flushdns =========
 
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========= End of CMD: =========
 
 
========= IPCONFIG /release =========
 
 
Windows IP Configuration
 
No operation can be performed on Local Area Connection 4 while it has its media disconnected.
No operation can be performed on Wireless Network Connection 2 while it has its media disconnected.
No operation can be performed on Local Area Connection while it has its media disconnected.
 
Ethernet adapter Local Area Connection 4:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
 
Wireless LAN adapter Wireless Network Connection 2:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
 
Wireless LAN adapter Wireless Network Connection:
 
   Connection-specific DNS Suffix  . : 
   Link-local IPv6 Address . . . . . : fe80::18e9:71d6:6122:817d%11
   Default Gateway . . . . . . . . . : 
 
Ethernet adapter Local Area Connection:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
 
Tunnel adapter Local Area Connection* 11:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
 
Tunnel adapter isatap.lan:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
 
Tunnel adapter isatap.{3BCB4C2A-2C75-4AD0-95A3-F472CE468271}:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
 
Tunnel adapter isatap.{C8EC3CEA-C9A0-46BC-A3FD-D794FF13DF70}:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
 
Tunnel adapter isatap.{AB213C7B-C32C-4C47-AC03-ABB549E3811E}:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
 
========= End of CMD: =========
 
 
========= IPCONFIG /renew =========
 
 
Windows IP Configuration
 
No operation can be performed on Local Area Connection 4 while it has its media disconnected.
No operation can be performed on Wireless Network Connection 2 while it has its media disconnected.
An error occurred while renewing interface Wireless Network Connection : unable to contact your DHCP server. Request has timed out.
No operation can be performed on Local Area Connection while it has its media disconnected.
 
========= End of CMD: =========
 
 
========= netsh advfirewall reset =========
 
Ok.
 
 
========= End of CMD: =========
 
 
========= netsh advfirewall set allprofiles state ON =========
 
Ok.
 
 
========= End of CMD: =========
 
 
========= netsh winsock reset catalog =========
 
 
Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.
 
 
========= End of CMD: =========
 
 
========= netsh int ip reset c:\resetlog.txt =========
 
Reseting Global, OK!
Reseting Interface, OK!
Reseting Unicast Address, OK!
Reseting Route, OK!
Restart the computer to complete this action.
 
 
========= End of CMD: =========
 
 
========= netsh int ipv4 reset =========
 
There's no user specified settings to be reset.
 
 
========= End of CMD: =========
 
 
========= netsh int ipv6 reset =========
 
Reseting Interface, OK!
Restart the computer to complete this action.
 
 
========= End of CMD: =========
 
 
========= bitsadmin /reset /allusers =========
 
 
BITSADMIN version 3.0 [ 7.5.7601 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.
 
BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.
 
Unable to cancel {E8F31BFB-0AAE-4BFF-8A48-8CE5BA32F5D2}.
{B184E47B-29C9-4355-8F3B-08FA164D54A9} canceled.
1 out of 2 jobs canceled.
 
========= End of CMD: =========
 
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 262146721 B
Java, Flash, Steam htmlcache => 91637 B
Windows/system/drivers => 1750565598 B
Edge => 0 B
Chrome => 681308973 B
Firefox => 0 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 66228 B
Public => 0 B
ProgramData => 0 B
systemprofile => 50019 B
systemprofile32 => 49874 B
LocalService => 132244 B
NetworkService => 3488134 B
CHUCKMAD => 4441097747 B
Guest => 157195 B
 
RecycleBin => 1498449 B
EmptyTemp: => 6.7 GB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 16:05:53 ====


#6 nasdaq

nasdaq

  • Malware Response Team
  • 39,215 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:07 PM

Posted 15 September 2017 - 07:17 AM

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/


https://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/
Simple and easy ways to keep your computer safe and secure on the Internet.
===

#7 cmaroun

cmaroun
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:04:07 AM

Posted 15 September 2017 - 09:07 AM

Thanks a lot nasdaq for your time & help.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users