desly
Members-
Posts
12 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Everything posted by desly
-
proxy server keep changing back to 127.0.0.1 port 8080
desly replied to desly's topic in Resolved Malware Removal Logs
Addition.txt FRST.txt -
proxy server keep changing back to 127.0.0.1 port 8080
desly replied to desly's topic in Resolved Malware Removal Logs
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 07-12-2016 Ran by TOSHIBA (10-12-2016 11:11:34) Running from C:\Users\TOSHIBA\Desktop Windows 10 Home Single Language Version 1607 (X64) (2016-10-12 12:07:34) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-2841341764-4259199002-3796252902-500 - Administrator - Disabled) DefaultAccount (S-1-5-21-2841341764-4259199002-3796252902-503 - Limited - Disabled) Guest (S-1-5-21-2841341764-4259199002-3796252902-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-2841341764-4259199002-3796252902-1003 - Limited - Enabled) TOSHIBA (S-1-5-21-2841341764-4259199002-3796252902-1001 - Administrator - Enabled) => C:\Users\TOSHIBA ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Kaspersky Internet Security (Enabled - Up to date) {86367591-4BE4-AE08-2FD9-7FCB8259CD98} AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Kaspersky Internet Security (Enabled - Up to date) {3D579475-6DDE-A186-1569-44B9F9DE8725} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} FW: Kaspersky Internet Security (Enabled) {BE0DF4B4-018B-AF50-0486-D6FE7C8A8AE3} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) µTorrent (HKU\S-1-5-21-2841341764-4259199002-3796252902-1001\...\uTorrent) (Version: 3.4.7.42330 - BitTorrent Inc.) 12.0.0.0 (HKLM-x32\...\{FECB3E96-76A8-45A9-B73C-D7304DE02190}_is1) (Version: - Adobe Photoshop CS5 ME by Magic-M) Action! (HKLM-x32\...\Mirillis Action!) (Version: 1.30.3 - Mirillis) Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.5.1.17730 - Adobe Systems Inc.) Adobe Flash Player 23 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 23.0.0.185 - Adobe Systems Incorporated) Adobe Photoshop CC 2015 (HKLM-x32\...\{793C2BF7-A4FE-4608-91C9-9282C5801C21}) (Version: 16.0 - Adobe Systems Incorporated) Adobe Photoshop Lightroom 5.3 64-bit (HKLM\...\{2DD71ACB-552D-402C-9529-7906ACB95C30}) (Version: 5.3.1 - Adobe Systems Incorporated) Adobe Reader XI (11.0.07) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated) AMD Catalyst Control Center (HKLM-x32\...\WUCCCApp) (Version: 1.00.0000 - AMD) AMD Catalyst Install Manager (HKLM\...\{F2A7CE36-57BF-5C86-952D-90DBF3746D82}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.) Apple Application Support (32-bit) (HKLM-x32\...\{649A1FD9-5892-46AD-8DF0-C4A43FF61CB7}) (Version: 4.1 - Apple Inc.) Apple Application Support (64-bit) (HKLM\...\{0DE0A178-AC7B-4650-806C-CF226DE03766}) (Version: 4.1 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{3540181E-340A-4E7A-B409-31663472B2F7}) (Version: 9.1.0.6 - Apple Inc.) Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.) Atheros Bluetooth Filter Driver Package (HKLM\...\{026B819B-4D60-4C8B-892D-33A0D8666F60}) (Version: 2.0.0.1 - Atheros Communications) Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 10.0 - Atheros) BlueStacks App Player (HKLM-x32\...\BlueStacks App Player) (Version: 0.9.30.9239 - BlueStack Systems, Inc.) BlueStacks Notification Center (HKLM-x32\...\{3792811C-832F-4392-B44A-24092901EDDC}) (Version: 0.9.30.9239 - BlueStack Systems, Inc.) Cambridge Advanced Learner's Dictionary - 3rd Edition (HKLM-x32\...\NSIS_cald3) (Version: - ) CCleaner (HKLM\...\CCleaner) (Version: 5.13 - Piriform) CGS17_Setup_x64 (Version: 17.0 - Corel Corporation) Hidden Cisco Packet Tracer 6.1 Student (HKLM-x32\...\Cisco Packet Tracer 6.1 Student_is1) (Version: - Cisco Systems, Inc.) Cisco Packet Tracer 6.3 (HKLM-x32\...\Cisco Packet Tracer 6.3_is1) (Version: - Cisco Systems, Inc.) Cisco Packet Tracer 7.0 64Bit (HKLM\...\Cisco Packet Tracer 7.0 64Bit_is1) (Version: - Cisco Systems, Inc.) CloneCD (HKLM-x32\...\CloneCD) (Version: - SlySoft) Corel Graphics - Windows Shell Extension (HKLM\...\_{4AB916EE-ABA8-4079-9889-745798B6D809}) (Version: 17.0.0.491 - Corel Corporation) Corel Graphics - Windows Shell Extension (Version: 17.0.491 - Corel Corporation) Hidden Corel Graphics - Windows Shell Extension 32 Bit (Version: 17.0.491 - Corel Corporation) Hidden CorelDRAW Graphics Suite X7 - Capture (x64) (Version: 17.0 - Corel Corporation) Hidden CorelDRAW Graphics Suite X7 - Common (x64) (Version: 17.0 - Corel Corporation) Hidden CorelDRAW Graphics Suite X7 - Connect (x64) (Version: 17.0 - Corel Corporation) Hidden CorelDRAW Graphics Suite X7 - Custom Data (x64) (Version: 17.0 - Corel Corporation) Hidden CorelDRAW Graphics Suite X7 - Draw (x64) (Version: 17.0 - Corel Corporation) Hidden CorelDRAW Graphics Suite X7 - EN (x64) (Version: 17.0 - Corel Corporation) Hidden CorelDRAW Graphics Suite X7 - Filters (x64) (Version: 17.0 - Corel Corporation) Hidden CorelDRAW Graphics Suite X7 - FontNav (x64) (Version: 17.0 - Corel Corporation) Hidden CorelDRAW Graphics Suite X7 - IPM Content (x64) (Version: 17.0 - Corel Corporation) Hidden CorelDRAW Graphics Suite X7 - IPM T (x64) (Version: 17.0 - Corel Corporation) Hidden CorelDRAW Graphics Suite X7 - PHOTO-PAINT (x64) (Version: 17.0 - Corel Corporation) Hidden CorelDRAW Graphics Suite X7 - Photozoom Plugin (x64) (Version: 17.0 - Corel Corporation) Hidden CorelDRAW Graphics Suite X7 - Redist (x64) (Version: 17.0 - Corel Corporation) Hidden CorelDRAW Graphics Suite X7 - Setup Files (x64) (Version: 17.0 - Corel Corporation) Hidden CorelDRAW Graphics Suite X7 - VBA (x64) (Version: 17.0 - Corel Corporation) Hidden CorelDRAW Graphics Suite X7 - VideoBrowser (x64) (Version: 17.0 - Corel Corporation) Hidden CorelDRAW Graphics Suite X7 - Writing Tools (x64) (Version: 17.0 - Corel Corporation) Hidden CorelDRAW Graphics Suite X7 (64-Bit) (HKLM\...\_{5CB73140-806C-42C6-A05A-1AFD0E92DEB5}) (Version: 17.0.0.491 - Corel Corporation) EaseUS Partition Master 9.2.2 (HKLM-x32\...\EaseUS Partition Master_is1) (Version: - EaseUS) Focus 500,000 Images (HKLM-x32\...\InstallShield_{445D8BDE-8E58-418A-BAE4-2443F0D7B2A7}) (Version: 3.20.0000 - Focus) Focus 500,000 Images (x32 Version: 3.20.0000 - Focus) Hidden GNS3 1.2.3 (HKLM-x32\...\GNS3) (Version: 1.2.3 - ) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 55.0.2883.75 - Google Inc.) Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.31.5 - Google Inc.) Google Update Helper (x32 Version: 1.3.23.0 - BonanzaDeals) Hidden <==== ATTENTION HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.14.265 - SurfRight B.V.) Intel(R) C++ Redistributables for Windows* on Intel(R) 64 (HKLM-x32\...\{D2437C5C-2D8C-40D2-8059-689AD7239FA3}) (Version: 11.1.048 - Intel Corporation) Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation) Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.5.2.1001 - Intel Corporation) Internet Download Manager (HKLM-x32\...\Internet Download Manager) (Version: - Tonec Inc.) Internet Everywhere (HKLM-x32\...\InternetEverywhere) (Version: 3.0 - Internet Everywhere) iTunes (HKLM\...\{E690A491-702F-4DEC-9977-C015D1DBB57C}) (Version: 12.3.1.23 - Apple Inc.) Java 7 Update 55 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.550 - Oracle) Kaspersky Internet Security (HKLM-x32\...\InstallWIX_{77E7AE5C-181C-4CAF-ADBF-946F11C1CE26}) (Version: 16.0.0.614 - Kaspersky Lab) Kaspersky Password Manager (HKLM-x32\...\InstallWIX_{C706D102-D77E-4D45-B631-2A43C55F0F01}) (Version: 8.0.3.287 - Kaspersky Lab) Kaspersky Password Manager (x32 Version: 8.0.3.287 - Kaspersky Lab) Hidden Kaspersky Total Security (x32 Version: 16.0.0.614 - Kaspersky Lab) Hidden K-Lite Codec Pack 12.3.5 Full (HKLM-x32\...\KLiteCodecPack_is1) (Version: 12.3.5 - KLCP) Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes) Metric Collection SDK 35 (x32 Version: 1.2.0010.00 - Lenovo Group Limited) Hidden Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50709.0 - Microsoft Corporation) Microsoft Text-to-Speech Engine 4.0 (English) (HKLM-x32\...\MSTTS) (Version: - ) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation) Microsoft Visual Studio Tools for Applications 2012 (HKLM-x32\...\{89ca2a32-2b52-4595-8dfd-6fe4757958d0}) (Version: 11.0.51108 - Microsoft Corporation) Mozilla Firefox 36.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 36.0.1 (x86 en-US)) (Version: 36.0.1 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 36.0.1 - Mozilla) Oracle VM VirtualBox 5.1.6 (HKLM\...\{EEDDD7E2-A7A2-4FA9-8C32-ADB29A5096FF}) (Version: 5.1.6 - Oracle Corporation) Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden Pacote de Idiomas do Microsoft Visual Studio Tools for Applications 2012 x64 Hosting Support - PTB (Version: 11.0.51108 - Microsoft Corporation) Hidden Pacote de Idiomas do Microsoft Visual Studio Tools for Applications 2012 x86 Hosting Support - PTB (x32 Version: 11.0.51108 - Microsoft Corporation) Hidden PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden Premium Sound HD (HKLM\...\{94F03B8E-CB73-4653-AFE9-79112C01FED2}) (Version: 1.12.4600 - SRS Labs, Inc.) Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.3.730.2012 - Realtek) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6794 - Realtek Semiconductor Corp.) Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.8400.30136 - Realtek Semiconductor Corp.) Revo Uninstaller Pro 3.1.2 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.1.2 - VS Revo Group, Ltd.) Rosetta Stone Ltd Services (HKLM-x32\...\{7BB2EF8A-5376-4BAE-96D0-38BE49501F40}) (Version: 3.2.17 - Rosetta Stone Ltd.) Rosetta Stone TOTALe (x32 Version: 4.1.1 - Rosetta Stone, Ltd) Hidden Rosetta Stone TOTALe (x32 Version: 4.1.15.1 - Rosetta Stone, Ltd) Hidden Samsung Kies3 (HKLM-x32\...\InstallShield_{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.15072.2 - Samsung Electronics Co., Ltd.) Samsung Kies3 (x32 Version: 3.2.15072.2 - Samsung Electronics Co., Ltd.) Hidden Samsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.55.0 - Samsung Electronics Co., Ltd.) Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version: - Microsoft) Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (Version: - Microsoft) Hidden SES Driver (HKLM\...\{D8CC254C-C671-4664-9A38-FA368D1E2C97}) (Version: 1.0.0 - Western Digital) Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee) SHAREit (HKLM-x32\...\SHAREit_is1) (Version: 2.5.1.5 - Lenovo Group Limited) Skype Click to Call (HKLM-x32\...\{873F8E7C-10E6-449F-BD7E-5FBA7C8E1C9B}) (Version: 8.5.0.9167 - Microsoft Corporation) Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.) Smart Switch (HKLM-x32\...\InstallShield_{74FA5314-85C8-4E2A-907D-D9ECCCB770A7}) (Version: 4.0.15104.7 - Samsung Electronics Co., Ltd.) Smart Switch (x32 Version: 4.0.15104.7 - Samsung Electronics Co., Ltd.) Hidden Snagit 11 (HKLM-x32\...\{44BD21C2-9132-48DB-B65B-23817E4C6F4B}) (Version: 11.2.0 - TechSmith Corporation) SolarWinds Response Time Viewer (HKLM-x32\...\{5B415E10-D1C1-4E54-9061-AE0FB3D7F2B2}) (Version: 1.0.0.167 - SolarWinds) Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.16.3 - Synaptics Incorporated) Topaz InFocus (HKLM-x32\...\Topaz InFocus) (Version: 1.0.0 - Topaz Labs) Topaz InFocus (x32 Version: 1.0.0 - Topaz Labs) Hidden Topaz Adjust 4 (HKLM-x32\...\Topaz Adjust 4) (Version: 4.1.0 - Topaz Labs) Topaz Adjust 4 (x32 Version: 4.1.0 - Topaz Labs) Hidden Topaz Clean 2 (HKLM-x32\...\{3D4B5330-CEA9-4D58-8355-74729AE527CD}) (Version: 2.1.0 - Topaz Labs) Topaz Clean 3 (HKLM-x32\...\Topaz Clean 3) (Version: 3.0.2 - Topaz Labs) Topaz Clean 3 (x32 Version: 3.0.2 - Topaz Labs) Hidden Topaz DeJpeg 4 (HKLM-x32\...\Topaz DeJpeg 4) (Version: 4.0.2 - Topaz Labs) Topaz DeJpeg 4 (x32 Version: 4.0.2 - Topaz Labs) Hidden Topaz DeNoise 5 (HKLM-x32\...\Topaz DeNoise 5) (Version: 5.0.1 - Topaz Labs) Topaz DeNoise 5 (x32 Version: 5.0.1 - Topaz Labs) Hidden Topaz Detail 2 (HKLM-x32\...\Topaz Detail 2) (Version: 2.0.5 - Topaz Labs) Topaz Detail 2 (x32 Version: 2.0.5 - Topaz Labs) Hidden Topaz Detail 3 (HKLM-x32\...\Topaz Detail 3) (Version: 3.2.0 - Topaz Labs, LLC) Topaz Fusion Express 2 (HKLM-x32\...\Topaz Fusion Express 2) (Version: 2.0.1 - Topaz Labs) Topaz Fusion Express 2 (x32 Version: 2.0.1 - Topaz Labs) Hidden Topaz ReMask 2 (HKLM-x32\...\Topaz ReMask 2) (Version: 2.0.5 - Topaz Labs) Topaz ReMask 2 (x32 Version: 2.0.5 - Topaz Labs) Hidden Topaz Simplify 3 (HKLM-x32\...\Topaz Simplify 3) (Version: 3.0.2 - Topaz Labs) Topaz Simplify 3 (x32 Version: 3.0.2 - Topaz Labs) Hidden TOSHIBA Desktop Assist (HKLM\...\{95CCACF0-010D-45F0-82BF-858643D8BC02}) (Version: 1.00.0007.00002 - Toshiba Corporation) TOSHIBA eco Utility (HKLM\...\{5944B9D4-3C2A-48DE-931E-26B31714A2F7}) (Version: 2.0.0.6415 - Toshiba Corporation) TOSHIBA Function Key (HKLM\...\{16562A90-71BC-41A0-B890-D91B0C267120}) (Version: 1.00.6425 - Toshiba Corporation) TOSHIBA Manuals (HKLM-x32\...\{90FF4432-21B7-4AF6-BA6E-FB8C1FED9173}) (Version: 10.10 - TOSHIBA) Toshiba Password Utility (HKLM-x32\...\InstallShield_{6D35FF17-A8B3-43D3-917E-5A1F2C3FB628}) (Version: 2.00.910 - Toshiba Corporation) TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.8.17.640104 - Toshiba Corporation) Toshiba Places Icon Utility (HKLM\...\{C991A8C4-307C-4FDD-8AAE-A1BF44881E95}) (Version: 2.1.1 - TOSHIBA) TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.2.0.54043005 - Toshiba Corporation) TOSHIBA Resolution+ Plug-in for Windows Media Player (HKLM-x32\...\{6CB76C9D-80C2-4CB3-A4CD-D96B239E3F94}) (Version: 1.2.2.00 - TOSHIBA Corporation) TOSHIBA Service Station (HKLM\...\{B8C8422F-01F1-4791-B084-047AAFF9BFCC}) (Version: 2.4.4 - TOSHIBA) TOSHIBA System Driver (HKLM-x32\...\{1E6A96A1-2BAB-43EF-8087-30437593C66C}) (Version: 1.00.0012 - Toshiba Corporation) TOSHIBA System Settings (HKLM-x32\...\{05A55927-DB9B-4E26-BA44-828EBFF829F0}) (Version: 1.00.0002.32002 - Toshiba Corporation) Toshiba TEMPRO (HKLM-x32\...\{F76F5214-83A8-4030-80C9-1EF57391D72A}) (Version: 4.2.0 - Toshiba Europe GmbH) TOSHIBA VIDEO PLAYER (HKLM\...\{FF07604E-C860-40E9-A230-E37FA41F103A}) (Version: 5.1.0.12-A - Toshiba Corporation) Update for Skype for Business 2015 (KB3039776) 64-Bit Edition (HKLM\...\{90150000-012B-0409-1000-0000000FF1CE}_Office15.PROPLUS_{0FA8AE0C-69AE-4F60-A1AB-F79C6BA5A999}) (Version: - Microsoft) Update for Skype for Business 2015 (KB3118281) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{E34F92E8-F338-4749-BE58-E77D605FE648}) (Version: - Microsoft) Update for Skype for Business 2015 (KB3118281) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUS_{E34F92E8-F338-4749-BE58-E77D605FE648}) (Version: - Microsoft) Update for Skype for Business 2015 (KB3118281) 64-Bit Edition (HKLM\...\{90150000-012B-0409-1000-0000000FF1CE}_Office15.PROPLUS_{E34F92E8-F338-4749-BE58-E77D605FE648}) (Version: - Microsoft) VCE Exam Simulator Demo (HKLM-x32\...\VCE Exam Simulator Demo_is1) (Version: - Avanset) Viber (HKU\S-1-5-21-2841341764-4259199002-3796252902-1001\...\Viber) (Version: 5.2.0.2546 - Viber Media Inc) VirtualCloneDrive (HKLM-x32\...\VirtualCloneDrive) (Version: 5.4.7.0 - Elaborate Bytes) VLC media player (HKLM\...\VLC media player) (Version: 2.2.4 - VideoLAN) VMware Workstation (HKLM\...\{07C33FB0-25C8-4723-A1E4-01868089B961}) (Version: 12.5.2 - VMware, Inc.) WebcamMax (HKLM-x32\...\WebcamMax) (Version: 7.1.3.2.MultiLanguage - ) Windows 10 Upgrade Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.17364 - Microsoft Corporation) Windows Driver Package - Western Digital Technologies (WDC_SAM) WDC_SAM (01/19/2011 1.0.0009.0) (HKLM\...\4CA7CFBB29889F25ACB3DF6E3A42BAE29EB43B20) (Version: 01/19/2011 1.0.0009.0 - Western Digital Technologies) WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.) WinRAR 4.00 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.00.0 - win.rar GmbH) Wireshark 2.2.1 (64-bit) (HKLM-x32\...\Wireshark) (Version: 2.2.1 - The Wireshark developer community, hxxps://www.wireshark.org) Xilisoft Video Converter Ultimate (HKLM-x32\...\Xilisoft Video Converter Ultimate) (Version: 7.7.2.20130217 - Xilisoft) Yahoo! Messenger (HKLM-x32\...\Yahoo! Messenger) (Version: - Yahoo! Inc.) Zemana AntiMalware (HKLM-x32\...\{8F0CD7D1-42F3-4195-95CD-833578D45057}_is1) (Version: 2.70.25 - Zemana Ltd.) Языковой пакет для поддержки размещения набора средств Microsoft Visual Studio Tools для работы с приложениями 2012 (x64) - RUS (Version: 11.0.51108 - Microsoft Corporation) Hidden Языковой пакет для поддержки размещения набора средств Microsoft Visual Studio Tools для работы с приложениями 2012 (x86) - RUS (x32 Version: 11.0.51108 - Microsoft Corporation) Hidden ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-2841341764-4259199002-3796252902-1001_Classes\CLSID\{00000001-0E3A-4123-8B32-4B68A91E104A}\InprocServer32 -> C:\Program Files\TOSHIBA\TOSHIBA Places Icon Utility\TosDIBasePlace.dll (Toshiba Corporation) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {262DDD4F-3B33-4A8C-A45A-FBE68CC2A82D} - System32\Tasks\Toshiba\CommonNotifier => C:\Program Files (x86)\Toshiba TEMPRO\Toshiba.Tempro.UI.CommonNotifier.exe [2012-08-10] (Toshiba Europe GmbH) Task: {2848877C-ADAD-494D-8E67-B85DD3D23E6D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.) Task: {2E1E8925-9ABA-4D40-ABAE-E7A5DBC52954} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2841341764-4259199002-3796252902-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe Task: {3137EDDF-6AEE-418A-99DB-51D1EB66CDE6} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.) Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\WINDOWS\System32\AutoWorkplace.exe Task: {358D2DF9-F601-4C10-AA63-F8519595A006} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation) Task: {45F4087C-ADD6-4E1A-B544-83C1AD7307D6} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-10-12] (Adobe Systems Incorporated) Task: {48484ED3-8937-42D1-8D32-E846A7C8DDA7} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2015-08-27] (Apple Inc.) Task: {521EFD6D-C5CF-4552-A62E-815900EAD107} - System32\Tasks\klcp_update => C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe [2016-08-15] () Task: {54148399-229B-4991-B6B5-BF865D24EE65} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-2841341764-4259199002-3796252902-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe Task: {64748C4D-BBD6-41C5-BA03-D9E299F45D6C} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 35 => C:\Program Files (x86)\Lenovo\Customer Feedback Program 35\Lenovo.TVT.CustomerFeedback.Agent35.exe [2015-07-06] (Lenovo) Task: {6BFB1026-52E4-4025-ACAF-E048D63D8543} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-2841341764-4259199002-3796252902-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe Task: {6F8E4EC5-89C9-42A8-A605-9A62FB364181} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-12-08] (Piriform Ltd) Task: {72EB0BC5-7BEB-4DF9-A4B7-E53C589D4901} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2841341764-4259199002-3796252902-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe Task: {73E88E57-D0EF-4ECF-BD3B-86DA42A27A12} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation) Task: {9252894D-DA52-474B-A9B4-DDFFE515C1C6} - System32\Tasks\{BC2B1518-FC3A-4125-B44E-8649FE13BC07} => pcalua.exe -a C:\Users\TOSHIBA\AppData\Local\Mobogenie\driver\Unzip_Files\samsung_4523a0530\samsung.exe -d C:\Users\TOSHIBA\AppData\Local\Mobogenie\driver\Unzip_Files\samsung_4523a0530 Task: {92774DA2-FF5B-4D20-AF2A-E530E7BDF0B0} - System32\Tasks\TOSHIBA\Service Station => C:\Program Files\TOSHIBA\Toshiba Service Station\ToshibaServiceStation.exe [2012-07-27] (TOSHIBA Corporation) Task: {A294DC87-86EC-4E77-936A-85367BCB7AA4} - System32\Tasks\AdobeAAMUpdater-1.0-pc-TOSHIBA => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2015-05-26] (Adobe Systems Incorporated) Task: {B227FE77-EBF7-4952-9500-AF6DF46B0B4E} - \WPD\SqmUpload_S-1-5-21-2841341764-4259199002-3796252902-1001 -> No File <==== ATTENTION Task: {D1EFD7B6-EBD0-4B28-B14E-DABA2248B0BB} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-2841341764-4259199002-3796252902-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe Task: {D260A17A-A634-4D34-9C98-E2DAFE29A124} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation) Task: {D40629E6-D761-4F41-A3CF-83BE0D1ED37C} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2015-10-08] (Synaptics Incorporated) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Shortcuts ============================= (The entries could be listed to be restored or removed.) ==================== Loaded Modules (Whitelisted) ============== 2016-07-16 13:42 - 2016-07-16 13:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll 2016-10-12 22:45 - 2016-10-12 22:45 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll 2014-01-12 16:50 - 2012-10-23 19:42 - 00347120 ____N () C:\Program Files (x86)\InternetEverywhere\InternetEverywhere_Service.exe 2015-10-13 05:45 - 2015-10-13 05:45 - 00085800 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll 2015-10-13 05:45 - 2015-10-13 05:45 - 01328912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll 2016-11-11 23:20 - 2016-11-11 23:20 - 12472904 _____ () C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe 2016-10-12 22:45 - 2016-10-12 22:45 - 02681200 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll 2016-10-12 17:43 - 2016-10-12 17:43 - 01864384 _____ () C:\Users\TOSHIBA\AppData\Local\Microsoft\OneDrive\17.3.6517.0809_1\amd64\ClientTelemetry.dll 2016-07-12 18:40 - 2016-07-12 18:40 - 08909504 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll 2014-08-01 13:19 - 2011-03-02 13:40 - 00164864 _____ () C:\Program Files\WinRAR\rarext.dll 2016-12-09 16:06 - 2016-12-09 16:06 - 00152944 _____ () C:\Program Files (x86)\Zemana AntiMalware\ZAMShellExt64.dll 2016-10-12 22:45 - 2016-10-12 22:45 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll 2016-11-09 13:05 - 2016-11-02 12:30 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll 2016-11-09 13:05 - 2016-11-02 12:30 - 00693248 _____ () C:\Windows\ShellExperiences\MtcUvc.dll 2016-11-09 13:04 - 2016-11-02 12:21 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll 2016-11-09 13:04 - 2016-11-02 12:15 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll 2016-11-09 13:04 - 2016-11-02 12:14 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll 2016-11-09 13:04 - 2016-11-02 12:15 - 01033216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll 2016-11-09 13:04 - 2016-11-02 12:16 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll 2016-11-09 13:04 - 2016-11-02 12:17 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll 2012-12-10 05:12 - 2012-12-10 05:12 - 00158536 _____ () C:\WINDOWS\System32\SRSLabs\{176F4E15-8F7C-4833-ADED-81FAE8CCD186}\slcc3d64.dll 2015-07-09 00:18 - 2015-07-09 00:18 - 00794920 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\kpcengine.2.3.dll 2016-11-11 23:20 - 2016-11-11 23:20 - 00173128 _____ () C:\Program Files (x86)\VMware\VMware Workstation\nfc-types.dll 2016-11-11 23:20 - 2016-11-11 23:20 - 00199752 _____ () C:\Program Files (x86)\VMware\VMware Workstation\LIBEXPAT.dll 2016-11-11 23:20 - 2016-11-11 23:20 - 00396872 _____ () C:\Program Files (x86)\VMware\VMware Workstation\ssoClient.dll 2016-10-12 17:42 - 2016-10-12 17:42 - 01383616 _____ () C:\Users\TOSHIBA\AppData\Local\Microsoft\OneDrive\17.3.6517.0809_1\ClientTelemetry.dll 2016-07-12 18:40 - 2016-07-12 18:40 - 08909504 _____ () C:\Program Files (x86)\Microsoft Office\Office15\1033\GrooveIntlResource.dll 2016-12-09 06:31 - 2016-12-01 03:29 - 01834600 _____ () C:\Program Files (x86)\Google\Chrome\Application\55.0.2883.75\libglesv2.dll 2016-12-09 06:31 - 2016-12-01 03:29 - 00091240 _____ () C:\Program Files (x86)\Google\Chrome\Application\55.0.2883.75\libegl.dll 2012-09-06 08:32 - 2012-06-25 19:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service" ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2016-12-09 12:01 - 2016-12-09 13:01 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-2841341764-4259199002-3796252902-1001\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\windows\img0.jpg DNS Servers: 162.221.181.52 - 162.221.181.53 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == HKLM\...\StartupApproved\StartupFolder: => "Snagit 11.lnk" HKLM\...\StartupApproved\StartupFolder: => "Launcher.lnk" HKLM\...\StartupApproved\Run: => "SynTPEnh" HKLM\...\StartupApproved\Run: => "TecoResident" HKLM\...\StartupApproved\Run: => "TSleepSrv" HKLM\...\StartupApproved\Run: => "SRS Premium Sound HD" HKLM\...\StartupApproved\Run: => "TCrdMain" HKLM\...\StartupApproved\Run: => "TODDMain" HKLM\...\StartupApproved\Run: => "TosWaitSrv" HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0" HKLM\...\StartupApproved\Run: => "iTunesHelper" HKLM\...\StartupApproved\Run32: => "ToshibaDynamicIconUtility" HKLM\...\StartupApproved\Run32: => "StartCCC" HKLM\...\StartupApproved\Run32: => "TPUReg" HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched" HKLM\...\StartupApproved\Run32: => "VirtualCloneDrive" HKLM\...\StartupApproved\Run32: => "mobilegeni daemon" HKLM\...\StartupApproved\Run32: => "AdobeAAMUpdater-1.0" HKLM\...\StartupApproved\Run32: => "AdobeCS6ServiceManager" HKLM\...\StartupApproved\Run32: => "TkBellExe" HKLM\...\StartupApproved\Run32: => "SwitchBoard" HKLM\...\StartupApproved\Run32: => "BlueStacks Agent" HKLM\...\StartupApproved\Run32: => "Wondershare Helper Compact.exe" HKU\S-1-5-21-2841341764-4259199002-3796252902-1001\...\StartupApproved\Run: => "WebcamMaxAutoRun" HKU\S-1-5-21-2841341764-4259199002-3796252902-1001\...\StartupApproved\Run: => "Viber" HKU\S-1-5-21-2841341764-4259199002-3796252902-1001\...\StartupApproved\Run: => "uTorrent" HKU\S-1-5-21-2841341764-4259199002-3796252902-1001\...\StartupApproved\Run: => "Nimbuzz" HKU\S-1-5-21-2841341764-4259199002-3796252902-1001\...\StartupApproved\Run: => "Skype" HKU\S-1-5-21-2841341764-4259199002-3796252902-1001\...\StartupApproved\Run: => "CCleaner Monitoring" HKU\S-1-5-21-2841341764-4259199002-3796252902-1001\...\StartupApproved\Run: => "BitTorrent" HKU\S-1-5-21-2841341764-4259199002-3796252902-1001\...\StartupApproved\Run: => "kpm.exe" HKU\S-1-5-21-2841341764-4259199002-3796252902-1001\...\StartupApproved\Run: => "OneDrive" HKU\S-1-5-21-2841341764-4259199002-3796252902-1001\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_D57DC8CD91C640D5C9F3BEBC9460BA9B" ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [vm-monitoring-nb-session] => LPort=139 FirewallRules: [{0E87B5EB-2A2A-4C05-9C5A-5B9E1DF68622}] => C:\Users\TOSHIBA\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{DFC28760-C39A-447E-A7EE-A6D63991DCDF}] => C:\Users\TOSHIBA\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{948E757C-C96C-491F-80E6-E68231718422}] => C:\Program Files (x86)\Lenovo\SHAREit\SHAREit.exe FirewallRules: [{D0B93A2B-5085-4BB3-90EA-74F4665BDFF6}] => C:\Program Files (x86)\Lenovo\SHAREit\SHAREit.exe FirewallRules: [{C03300D5-4235-4C06-89D9-C78A050470F0}] => C:\Program Files\iTunes\iTunes.exe FirewallRules: [{0803CE69-1016-49E3-AB81-6B2BD699FF83}] => C:\Program Files\Microsoft Office\Office15\UcMapi.exe FirewallRules: [{122633C5-27D3-419E-BF60-B595E983BBC6}] => C:\Program Files\Microsoft Office\Office15\UcMapi.exe FirewallRules: [{DB654CDA-D3B6-4B98-95FE-C89B88F1CEC4}] => C:\Program Files\Microsoft Office\Office15\lync.exe FirewallRules: [{2D5BC514-1CC6-461A-B94D-D9932E7DCA50}] => C:\Program Files\Microsoft Office\Office15\lync.exe FirewallRules: [{AACE2BC8-222B-4554-AB85-7C7B81D68E67}] => C:\Users\TOSHIBA\AppData\Local\Viber\Viber.exe FirewallRules: [{1AE975D8-6EFC-46C6-8D00-3DAEE4642ED8}] => C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneDaemon.exe FirewallRules: [{D1C763D8-31DD-4EB6-955F-99393D959476}] => C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneDaemon.exe FirewallRules: [{C460F504-73E4-4777-94C8-4268565A0077}] => C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneLtdServices.exe FirewallRules: [{39794737-3397-4BFE-8ADC-9B608B2E5B35}] => C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneLtdServices.exe FirewallRules: [{892E2608-6CEB-40F9-A9C3-3F232061EC8D}] => C:\Program Files (x86)\Skype\Phone\Skype.exe FirewallRules: [{87D682AC-34B7-42D0-8629-A37ECC7D2358}] => C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe FirewallRules: [{D705C41C-8400-447F-8657-51EF8F46BA6E}] => C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe FirewallRules: [{D2F6CB77-AAFD-4DFF-887C-7DF1527870E8}] => C:\Program Files\Microsoft Office\Office15\lync.exe FirewallRules: [{0CEC3444-62A6-47D4-8427-A0F21D9CDCD5}] => C:\Program Files\Microsoft Office\Office15\lync.exe FirewallRules: [{A562A5C1-4B40-477B-9089-67077DE1F897}] => C:\Program Files\Microsoft Office\Office15\UcMapi.exe FirewallRules: [{EB57D217-DCFE-4351-8DCF-BBD24997DEAE}] => C:\Program Files\Microsoft Office\Office15\UcMapi.exe FirewallRules: [{30A5B12C-74EA-43A0-BB34-4EB6EE0302C9}] => C:\WINDOWS\SysWOW64\router.exe FirewallRules: [{87293806-8A19-4D26-801A-A8C9745755E2}] => C:\Program Files (x86)\Virtual WiFi Router\VirtualWiFiRouterLibrary.dll FirewallRules: [{E3164CC0-00A4-4762-8C40-5C0CB4B1A8BD}] => C:\Program Files (x86)\Virtual WiFi Router\VirtualWiFiRouterLibrary.dll FirewallRules: [{CCD1C424-B91F-415F-976A-CD3C1EA17DA9}] => C:\Program Files (x86)\Virtual WiFi Router\VirtualWiFiRouterLibrary.dll FirewallRules: [{014CF151-48BA-408B-A9C5-6809BB3D88AE}] => C:\Program Files (x86)\Virtual WiFi Router\VirtualWiFiRouterLibrary.dll FirewallRules: [{C991DB89-3AF8-4C65-B111-0D48A3D587C3}] => c:\Program Files\Corel\CorelDRAW Graphics Suite X7\Programs64\CorelDrw.exe FirewallRules: [{FA898563-3C7A-4960-8D0F-212436820E9B}] => c:\Program Files\Corel\CorelDRAW Graphics Suite X7\Programs64\CorelPP.exe FirewallRules: [{B86B557F-9BFD-4AC3-8C5D-6F9C4BA4E398}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{7FDEF2EB-E8A7-42D9-9083-432A7711D16A}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{F383A647-0F41-4FA4-BBE9-E94B1ADBB263}] => C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe FirewallRules: [{A471E2F5-E932-442C-8C9D-C56F0565024C}] => C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe FirewallRules: [{D40B1022-E0CD-42DC-8CE4-AF717EEA1068}] => C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe FirewallRules: [{230F049E-FD92-4E77-9693-C0238C540A1E}] => C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe FirewallRules: [TCP Query User{3F30943A-C155-4054-B944-209656C4F6D5}C:\program files (x86)\cisco packet tracer 6.1sv\bin\packettracer6.exe] => C:\program files (x86)\cisco packet tracer 6.1sv\bin\packettracer6.exe FirewallRules: [UDP Query User{968258E3-3E40-432B-9D93-6B46A135AB12}C:\program files (x86)\cisco packet tracer 6.1sv\bin\packettracer6.exe] => C:\program files (x86)\cisco packet tracer 6.1sv\bin\packettracer6.exe FirewallRules: [{57284858-ABE2-4FD0-B022-51A785823B4E}] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Restore Points ========================= 24-11-2016 15:04:19 Scheduled Checkpoint 04-12-2016 07:13:21 Scheduled Checkpoint 08-12-2016 12:03:04 Removed Reflector 2 ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (12/10/2016 11:07:00 AM) (Source: VSS) (EventID: 8193) (User: ) Description: Volume Shadow Copy Service error: Unexpected error calling routine QueryFullProcessImageNameW. hr = 0x8007001f, A device attached to the system is not functioning. . Operation: Executing Asynchronous Operation Context: Current State: DoSnapshotSet Error: (12/10/2016 11:04:31 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object. Details: AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol. System Error: Access is denied. . Error: (12/10/2016 11:02:52 AM) (Source: VSS) (EventID: 8194) (User: ) Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied. . This is often caused by incorrect security settings in either the writer or requestor process. Operation: Gathering Writer Data Context: Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220} Writer Name: System Writer Writer Instance ID: {7ab69059-116f-41ef-88e6-bcdcef552049} Error: (12/10/2016 10:49:45 AM) (Source: vmauthd) (EventID: 1000) (User: ) Description: Cannot find perfmon object in array returned by perfDLL, index=0 Error: (12/10/2016 09:09:35 AM) (Source: vmauthd) (EventID: 1000) (User: ) Description: Cannot find perfmon object in array returned by perfDLL, index=0 Error: (12/10/2016 09:07:31 AM) (Source: VSS) (EventID: 8193) (User: ) Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x00000358,SYSTEM\CurrentControlSet\Services\VSS\Diag\VssvcPublisher,0,REG_BINARY,0000008EBBC7F040.72). hr = 0x80070005, Access is denied. . Error: (12/10/2016 09:07:31 AM) (Source: VSS) (EventID: 8193) (User: ) Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x000008f4,(null),0,REG_BINARY,000000867777DD10.72). hr = 0x80070005, Access is denied. . Operation: BackupShutdown Event Context: Execution Context: Writer Writer Class Id: {cd3f2362-8bef-46c7-9181-d62844cdc0b2} Writer Name: MSSearch Service Writer Writer Instance ID: {d9c79c0e-1dea-45a8-baa7-2ae8898ddb99} Error: (12/10/2016 09:07:31 AM) (Source: VSS) (EventID: 8193) (User: ) Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x0000105c,(null),0,REG_BINARY,0000006CAD57DCD0.72). hr = 0x80070005, Access is denied. . Operation: BackupShutdown Event Context: Execution Context: Writer Writer Class Id: {a6ad56c2-b509-4e6c-bb19-49d8f43532f0} Writer Name: WMI Writer Writer Instance ID: {7ef1da28-869d-46b5-ad2b-a29abc62864f} Error: (12/10/2016 09:07:31 AM) (Source: VSS) (EventID: 8193) (User: ) Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x000006fc,(null),0,REG_BINARY,000000E10667D8B0.72). hr = 0x80070005, Access is denied. . Operation: BackupShutdown Event Context: Execution Context: Writer Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220} Writer Name: System Writer Writer Instance ID: {3b433bea-30ae-4ab3-9e34-d3fd34770426} Error: (12/10/2016 09:07:31 AM) (Source: VSS) (EventID: 8193) (User: ) Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x000001dc,(null),0,REG_BINARY,0000008EBBD7E9C0.72). hr = 0x80070005, Access is denied. . Operation: BackupShutdown Event Context: Execution Context: Writer Writer Class Id: {afbab4a2-367d-4d15-a586-71dbb18f8485} Writer Name: Registry Writer Writer Instance ID: {575f6a0a-1c95-4c5b-97f5-1d89056b872f} System errors: ============= Error: (12/10/2016 10:51:13 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {8D8F4F83-3594-4F07-8369-FC3C3CAE4919} and APPID {F72671A9-012C-4725-9D2F-2A4D32D65169} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (12/10/2016 09:12:40 AM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The VMware Workstation Server service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. Error: (12/10/2016 09:09:39 AM) (Source: Service Control Manager) (EventID: 7024) (User: ) Description: The HitmanPro 3.7 Crusader (Boot) service terminated with the following service-specific error: The operation completed successfully. Error: (12/10/2016 09:07:59 AM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The VMware Workstation Server service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. Error: (12/10/2016 07:23:42 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {8D8F4F83-3594-4F07-8369-FC3C3CAE4919} and APPID {F72671A9-012C-4725-9D2F-2A4D32D65169} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (12/10/2016 06:54:11 AM) (Source: Microsoft-Windows-HAL) (EventID: 13) (User: NT AUTHORITY) Description: The system watchdog timer was triggered. Error: (12/10/2016 06:54:42 AM) (Source: EventLog) (EventID: 6008) (User: ) Description: The previous system shutdown at 6:01:43 PM on 12/9/2016 was unexpected. Error: (12/09/2016 04:07:20 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {8D8F4F83-3594-4F07-8369-FC3C3CAE4919} and APPID {F72671A9-012C-4725-9D2F-2A4D32D65169} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (12/09/2016 04:00:45 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The VMware Workstation Server service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. Error: (12/09/2016 12:24:15 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {8D8F4F83-3594-4F07-8369-FC3C3CAE4919} and APPID {F72671A9-012C-4725-9D2F-2A4D32D65169} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. ==================== Memory info =========================== Processor: Intel(R) Core(TM) i5-3210M CPU @ 2.50GHz Percentage of memory in use: 47% Total physical RAM: 6097.7 MB Available physical RAM: 3177.54 MB Total Virtual: 6481.7 MB Available Virtual: 3133.82 MB ==================== Drives ================================ Drive c: (TI30964900A) (Fixed) (Total:194.88 GB) (Free:28.32 GB) NTFS Drive e: (D) (Fixed) (Total:392.02 GB) (Free:38.91 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 596.2 GB) (Disk ID: 08C8418F) Partition: GPT. ==================== End of Addition.txt ============================ -
proxy server keep changing back to 127.0.0.1 port 8080
desly replied to desly's topic in Resolved Malware Removal Logs
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 07-12-2016 Ran by TOSHIBA (administrator) on PC (10-12-2016 11:08:54) Running from C:\Users\TOSHIBA\Desktop Loaded Profiles: TOSHIBA (Available Profiles: TOSHIBA) Platform: Windows 10 Home Single Language Version 1607 (X64) Language: English (United States) Internet Explorer Version 11 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AMD) C:\Windows\System32\atiesrxx.exe (AMD) C:\Windows\System32\atieclxx.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE64.EXE (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\avp.exe () C:\Program Files (x86)\InternetEverywhere\InternetEverywhere_Service.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Rosetta Stone Ltd.) C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneDaemon.exe (Microsoft©) C:\Windows\SysWOW64\router.exe (arvato digital services llc) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe (VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\Teco\TecoService.exe (VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe (DEVGURU Co., LTD.) C:\Program Files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe (Zemana Ltd.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe () C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\avpui.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.31.5\GoogleCrashHandler.exe (Zemana Ltd.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe (Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IDMan.exe (Microsoft Corporation) C:\Program Files\Microsoft Office\Office15\ONENOTEM.EXE (Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.31.5\GoogleCrashHandler64.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe (Toshiba Europe GmbH) C:\Program Files (x86)\Toshiba TEMPRO\Toshiba.Tempro.UI.CommonNotifier.exe (Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.350_none_43278ee965418581\TiWorker.exe (Microsoft Corporation) C:\Windows\System32\smartscreen.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\System32\SrTasks.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ==================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13261456 2012-12-10] (Realtek Semiconductor) HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe [2608040 2012-08-14] (TOSHIBA Corporation) HKLM\...\Run: [TSleepSrv] => C:\Program Files (x86)\TOSHIBA\System Setting\TSleepSrv.exe [1548952 2012-08-05] (TOSHIBA Corporation) HKLM\...\Run: [TODDMain] => C:\Program Files (x86)\TOSHIBA\System Setting\TODDMain.exe [213136 2012-08-05] () HKLM\...\Run: [TecoResident] => C:\Program Files\TOSHIBA\Teco\TecoResident.exe [169896 2012-08-14] (TOSHIBA Corporation) HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [356776 2012-07-11] (TOSHIBA Corporation) HKLM\...\Run: [SRS Premium Sound HD] => C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe [2170784 2012-07-27] (SRS Labs, Inc.) HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500936 2015-05-26] (Adobe Systems Incorporated) HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-10-16] (Apple Inc.) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3954880 2015-10-08] (Synaptics Incorporated) HKLM\...\Run: [ZAM] => C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [13915888 2016-11-22] (Zemana Ltd.) HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-11-04] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [ToshibaDynamicIconUtility] => C:\Program Files\TOSHIBA\TOSHIBA Places Icon Utility\TosDIMonitor.exe [1498624 2012-08-09] (Toshiba) HKLM-x32\...\Run: [TPUReg] => C:\Program Files (x86)\TOSHIBA\Password Utility\TosPU.exe [6884352 2012-08-23] (Pegatron Corporation) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation) HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated) HKLM-x32\...\Run: [VirtualCloneDrive] => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [88984 2013-03-10] (Elaborate Bytes AG) HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2072928 2014-10-31] (Wondershare) HKLM-x32\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe [896632 2015-07-22] (BlueStack Systems, Inc.) HKLM-x32\...\Run: [vmware-tray.exe] => C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe [112200 2016-11-11] (VMware, Inc.) HKU\S-1-5-21-2841341764-4259199002-3796252902-1001\...\Run: [WebcamMaxAutoRun] => C:\Program Files (x86)\WebcamMax\WebcamMax.exe [1561232 2009-12-30] (CoolwareMax) HKU\S-1-5-21-2841341764-4259199002-3796252902-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [30877280 2014-12-11] (Skype Technologies S.A.) HKU\S-1-5-21-2841341764-4259199002-3796252902-1001\...\Run: [Viber] => C:\Users\TOSHIBA\AppData\Local\Viber\Viber.exe [71876176 2016-06-24] (Viber Media S.Ã r.l.) HKU\S-1-5-21-2841341764-4259199002-3796252902-1001\...\Run: [kpm.exe] => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Password Manager 8.0.3\kpm.exe [7473880 2015-07-18] (AO Kaspersky Lab) HKU\S-1-5-21-2841341764-4259199002-3796252902-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8590760 2015-12-08] (Piriform Ltd) HKU\S-1-5-21-2841341764-4259199002-3796252902-1001\...\Run: [uTorrent] => C:\Users\TOSHIBA\AppData\Roaming\uTorrent\uTorrent.exe [2247680 2016-05-06] (BitTorrent Inc.) HKU\S-1-5-21-2841341764-4259199002-3796252902-1001\...\Run: [IDMan] => C:\Program Files (x86)\Internet Download Manager\IDMan.exe [3981368 2016-10-25] (Tonec Inc.) HKU\S-1-5-21-2841341764-4259199002-3796252902-1001\...\Run: [GoogleChromeAutoLaunch_D57DC8CD91C640D5C9F3BEBC9460BA9B] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [941160 2016-12-01] (Google Inc.) HKU\S-1-5-21-2841341764-4259199002-3796252902-1001\...\MountPoints2: {83a0f546-b3bb-11e6-8221-4c72b99fe2d4} - "G:\HTC_Sync_Manager_PC.exe" ShellIconOverlayIdentifiers: [ IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll [2015-08-14] (Tonec Inc.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Launcher.lnk [2015-12-16] ShortcutTarget: Launcher.lnk -> C:\Program Files (x86)\InternetEverywhere\InternetEverywhere_Launcher.exe () Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Snagit 11.lnk [2015-12-16] ShortcutTarget: Snagit 11.lnk -> C:\Program Files (x86)\TechSmith\Snagit 11\Snagit32.exe (TechSmith Corporation) Startup: C:\Users\TOSHIBA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2016-11-14] ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office\Office15\ONENOTEM.EXE (Microsoft Corporation) BootExecute: autocheck autochk * bootdelete GroupPolicy\User: Restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings: [ProxySettingsPerUser] 0 <======= ATTENTION (Restriction - ProxySettings) Tcpip\..\Interfaces\{15987b5d-8a5c-477d-9c62-5f23e4e9f6dc}: [NameServer] 162.221.181.52,162.221.181.53,8.8.8.8 Tcpip\..\Interfaces\{1ec678d0-4ee7-4187-a62e-63cfe820fe91}: [NameServer] 162.221.181.52,162.221.181.53,8.8.8.8 Tcpip\..\Interfaces\{2b8dc4eb-88ea-416a-81dd-14eb714db0a7}: [DhcpNameServer] 192.168.0.1 Tcpip\..\Interfaces\{349f6f06-3afe-441b-a977-4413469dd60e}: [NameServer] 162.221.181.52,162.221.181.53,8.8.8.8 Tcpip\..\Interfaces\{349f6f06-3afe-441b-a977-4413469dd60e}: [DhcpNameServer] 62.240.32.5 62.68.42.2 Tcpip\..\Interfaces\{9b3bdb46-d425-4890-8e4b-8f3876644e06}: [NameServer] 162.221.181.52,162.221.181.53,8.8.8.8 Tcpip\..\Interfaces\{f20145d4-94ae-455b-811f-50613f5fbb3c}: [NameServer] 162.221.181.52,162.221.181.53,8.8.8.8 ManualProxies: 1http=127.0.0.1:8080;https=127.0.0.1:8080 Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://toshiba13.msn.com HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://toshiba13.msn.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com HKU\S-1-5-21-2841341764-4259199002-3796252902-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.ae/ SearchScopes: HKU\S-1-5-21-2841341764-4259199002-3796252902-1001 -> {3FEA05DB-89BB-49D5-9D2D-A133B2282315} URL = SearchScopes: HKU\S-1-5-21-2841341764-4259199002-3796252902-1001 -> {7A80F502-89DC-43FF-8D6E-FD71AC079A4C} URL = BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll [2016-10-10] (Internet Download Manager, Tonec Inc.) BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2016-08-27] (Microsoft Corporation) BHO: Kaspersky Protection plugin -> {C66D064F-82FE-4E1A-B06A-B2490BA48B18} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\x64\IEExt\ie_plugin.dll [2016-10-25] (AO Kaspersky Lab) BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2016-08-16] (Microsoft Corporation) BHO: Kaspersky Password Manager -> {F710F7E5-A520-471D-989C-F653AC328FB2} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Password Manager 8.0.3\x64\ie_engine.dll [2015-07-18] (AO Kaspersky Lab) BHO-x32: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll [2016-10-10] (Internet Download Manager, Tonec Inc.) BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2016-08-27] (Microsoft Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-04-14] (Oracle Corporation) BHO-x32: Kaspersky Protection plugin -> {C66D064F-82FE-4E1A-B06A-B2490BA48B18} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\IEExt\ie_plugin.dll [2016-10-25] (AO Kaspersky Lab) BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2016-08-16] (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-04-14] (Oracle Corporation) BHO-x32: Kaspersky Password Manager -> {F710F7E5-A520-471D-989C-F653AC328FB2} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Password Manager 8.0.3\ie_engine.dll [2015-07-18] (AO Kaspersky Lab) Toolbar: HKLM - Kaspersky Protection toolbar - {3507FA00-ADA2-4A02-99B9-51AD26CA9120} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\x64\IEExt\ie_plugin.dll [2016-10-25] (AO Kaspersky Lab) Toolbar: HKLM-x32 - Kaspersky Protection toolbar - {3507FA00-ADA2-4A02-99B9-51AD26CA9120} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\IEExt\ie_plugin.dll [2016-10-25] (AO Kaspersky Lab) Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2016-05-17] (Microsoft Corporation) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies) FireFox: ======== FF ProfilePath: C:\Users\TOSHIBA\AppData\Roaming\Mozilla\Firefox\Profiles\xwrr4w3r.default [2016-12-10] FF DefaultSearchEngine: Mozilla\Firefox\Profiles\xwrr4w3r.default -> Bing FF SelectedSearchEngine: Mozilla\Firefox\Profiles\xwrr4w3r.default -> Bing FF SearchEngineOrder.3: Mozilla\Firefox\Profiles\xwrr4w3r.default -> Bing FF Keyword.URL: Mozilla\Firefox\Profiles\xwrr4w3r.default -> hxxp://www.bing.com/search?FORM=U270DF&PC=U270&q= FF Homepage: Mozilla\Firefox\Profiles\xwrr4w3r.default -> hxxp://www.msn.com/?pc=U270&ocid=U270DHP&osmkt=en-us FF Extension: (Bing Search) - C:\Users\TOSHIBA\AppData\Roaming\Mozilla\Firefox\Profiles\xwrr4w3r.default\Extensions\bingsearch.full@microsoft.com.xpi [2016-08-29] FF SearchPlugin: C:\Users\TOSHIBA\AppData\Roaming\Mozilla\Firefox\Profiles\xwrr4w3r.default\searchplugins\bing-.xml [2016-08-29] FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext => not found FF HKLM-x32\...\Firefox\Extensions: [light_plugin_D772DC8D6FAF43A29B25C4EBAA5AD1DE@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\FFExt\light_plugin_firefox FF Extension: (Kaspersky Protection) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\FFExt\light_plugin_firefox [2016-10-25] FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK => not found FF HKU\S-1-5-21-2841341764-4259199002-3796252902-1001\...\Firefox\Extensions: [kpm_add_on@kaspersky] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Password Manager 8.0.3\kpm_add_on@kaspersky FF Extension: (Kaspersky Password Manager) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Password Manager 8.0.3\kpm_add_on@kaspersky [2015-10-11] FF HKU\S-1-5-21-2841341764-4259199002-3796252902-1001\...\Firefox\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi FF Extension: (IDM integration) - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi [2016-10-11] FF HKU\S-1-5-21-2841341764-4259199002-3796252902-1001\...\SeaMonkey\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi FF HKU\S-1-5-21-2841341764-4259199002-3796252902-1001\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\TOSHIBA\AppData\Roaming\IDM\idmmzcc5 FF Extension: (IDM CC) - C:\Users\TOSHIBA\AppData\Roaming\IDM\idmmzcc5 [2016-12-10] [not signed] FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_23_0_0_185.dll [2016-10-12] () FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50709.0\npctrl.dll [2016-07-11] ( Microsoft Corporation) FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation) FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN) FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2015-03-09] (Adobe Systems) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_23_0_0_185.dll [2016-10-12] () FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-10-08] () FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-07] (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-07] (Intel Corporation) FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-04-14] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-04-14] (Oracle Corporation) FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll [2011-08-22] (Yahoo! Inc.) FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-07-19] (Microsoft Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50709.0\npctrl.dll [2016-07-11] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-22] (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-05-08] (Adobe Systems Inc.) FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2015-03-09] (Adobe Systems) FF Plugin HKU\S-1-5-21-2841341764-4259199002-3796252902-1001: kaspersky.com/KPMPlugin -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Password Manager 8.0.3\npKPMPlugin.dll [2015-07-18] (Kaspersky Lab) FF Plugin HKU\S-1-5-21-2841341764-4259199002-3796252902-1001: kpm_add_on@kaspersky -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Password Manager 8.0.3\kpm_add_on@kaspersky [2015-10-11] () FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2016-07-19] (Microsoft Corporation) StartMenuInternet: FIREFOX.EXE - firefox.exe Chrome: ======= CHR DefaultProfile: Default CHR HomePage: Default -> msn.com/?pc=__PARAM__&ocid=__PARAM__DHP&osmkt=en-us CHR DefaultSearchURL: Default -> hxxp://www.bing.com/search?FORM=__PARAM__DF&PC=__PARAM__&q={searchTerms} CHR DefaultSearchKeyword: Default -> bing.com CHR Profile: C:\Users\TOSHIBA\AppData\Local\Google\Chrome\User Data\Default [2016-12-10] CHR Extension: (Google Slides) - C:\Users\TOSHIBA\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-08-07] CHR Extension: (Google Docs) - C:\Users\TOSHIBA\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-04-16] CHR Extension: (Google Drive) - C:\Users\TOSHIBA\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21] CHR Extension: (YouTube) - C:\Users\TOSHIBA\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-26] CHR Extension: (Google Search) - C:\Users\TOSHIBA\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27] CHR Extension: (Kaspersky Protection) - C:\Users\TOSHIBA\AppData\Local\Google\Chrome\User Data\Default\Extensions\eahebamiopdhefndnmappcihfajigkka [2016-10-26] CHR Extension: (Google Sheets) - C:\Users\TOSHIBA\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-08-07] CHR Extension: (Google Docs Offline) - C:\Users\TOSHIBA\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-17] CHR Extension: (AdBlock) - C:\Users\TOSHIBA\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-12-10] CHR Extension: (Betternet Unlimited Free VPN Proxy) - C:\Users\TOSHIBA\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjknjjomckknofjidppipffbpoekiipm [2016-11-12] CHR Extension: (Kaspersky Password Manager) - C:\Users\TOSHIBA\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlpfbladobbejblkbfleiljmikcfhkem [2015-10-11] CHR Extension: (Skype) - C:\Users\TOSHIBA\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2016-10-28] CHR Extension: (IDM Integration Module) - C:\Users\TOSHIBA\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngpampappnmepgilojfohadhhmbhlaek [2016-12-10] CHR Extension: (Chrome Web Store Payments) - C:\Users\TOSHIBA\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-04] CHR Extension: (Gmail) - C:\Users\TOSHIBA\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-16] CHR Extension: (Chrome Media Router) - C:\Users\TOSHIBA\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-12-09] CHR Profile: C:\Users\TOSHIBA\AppData\Local\Google\Chrome\User Data\Guest Profile [2016-12-09] CHR Profile: C:\Users\TOSHIBA\AppData\Local\Google\Chrome\User Data\User Data [2016-08-23] <==== ATTENTION CHR Extension: (Kaspersky Protection) - C:\Users\TOSHIBA\AppData\Local\Google\Chrome\User Data\User Data\Extensions\blbkdnmdcafmfhinpmnlhhddbepgkeaa [2014-12-24] CHR Extension: (YouTube) - C:\Users\TOSHIBA\AppData\Local\Google\Chrome\User Data\User Data\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-02-06] CHR Extension: (Google Search) - C:\Users\TOSHIBA\AppData\Local\Google\Chrome\User Data\User Data\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-03-28] CHR Extension: (Kaspersky URL Advisor) - C:\Users\TOSHIBA\AppData\Local\Google\Chrome\User Data\User Data\Extensions\dchlnpcodkpfdpacogkljefecpegganj [2014-12-24] CHR Extension: (RealDownloader) - C:\Users\TOSHIBA\AppData\Local\Google\Chrome\User Data\User Data\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2014-06-27] CHR Extension: (Chrome Hotword Shared Module) - C:\Users\TOSHIBA\AppData\Local\Google\Chrome\User Data\User Data\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-13] CHR Extension: (IDM Integration Module) - C:\Users\TOSHIBA\AppData\Local\Google\Chrome\User Data\User Data\Extensions\ngpampappnmepgilojfohadhhmbhlaek [2015-04-16] CHR Extension: (Google Wallet) - C:\Users\TOSHIBA\AppData\Local\Google\Chrome\User Data\User Data\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-03-09] CHR Extension: (Gmail) - C:\Users\TOSHIBA\AppData\Local\Google\Chrome\User Data\User Data\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-28] CHR Extension: (Anti-Banner) - C:\Users\TOSHIBA\AppData\Local\Google\Chrome\User Data\User Data\Extensions\pjldcfjmnllhmgjclecdnfampinooman [2014-12-24] CHR HKLM\...\Chrome\Extension: [eahebamiopdhefndnmappcihfajigkka] - hxxps://chrome.google.com/webstore/detail/eahebamiopdhefndnmappcihfajigkka CHR HKLM\...\Chrome\Extension: [jeaohhlajejodfjadcponpnjgkiikocn] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2016-10-22] CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2016-10-22] CHR HKU\S-1-5-21-2841341764-4259199002-3796252902-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - hxxps://clients2.google.com/service/update2/crx CHR HKU\S-1-5-21-2841341764-4259199002-3796252902-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [hegneaniplmfjcmohoclabblbahcbjoe] - hxxp://clients2.google.com/service/update2/crx CHR HKU\S-1-5-21-2841341764-4259199002-3796252902-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [hlpfbladobbejblkbfleiljmikcfhkem] - hxxps://chrome.google.com/webstore/detail/hlpfbladobbejblkbfleiljmikcfhkem CHR HKLM-x32\...\Chrome\Extension: [eahebamiopdhefndnmappcihfajigkka] - hxxps://chrome.google.com/webstore/detail/eahebamiopdhefndnmappcihfajigkka CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2016-10-22] ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.) R2 AVP16.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\avp.exe [194000 2015-10-07] (Kaspersky Lab ZAO) S3 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [433784 2015-06-16] (BlueStack Systems, Inc.) S3 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [413304 2015-06-16] (BlueStack Systems, Inc.) S3 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [831096 2015-07-21] (BlueStack Systems, Inc.) R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [135496 2016-12-10] (SurfRight B.V.) R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-06-27] (Intel Corporation) R2 InternetEverywhere_Service; C:\Program Files (x86)\InternetEverywhere\InternetEverywhere_Service.exe [347120 2012-10-23] () R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation) S3 Lenovo EasyPlus Hotspot; C:\Program Files (x86)\Common Files\LENOVO\easyplussdk\bin\EPHotspot64.exe [625632 2015-07-22] (Lenovo) R2 PSI_SVC_2_x64; c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [337776 2013-09-13] (arvato digital services llc) R2 router.exe; C:\WINDOWS\SysWOW64\router.exe [16384 2014-08-20] (Microsoft©) [File not signed] S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-03-01] (Riverbed Technology, Inc.) R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [201872 2012-12-10] (Realtek Semiconductor) R2 ss_conn_service; C:\Program Files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2015-05-21] (DEVGURU Co., LTD.) S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed] R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [255168 2015-10-08] (Synaptics Incorporated) S3 TemproMonitoringService; C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [114656 2012-08-10] (Toshiba Europe GmbH) R2 VMwareHostd; C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe [12472904 2016-11-11] () S3 vssbrigde64; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\x64\vssbridge64.exe [144640 2015-07-09] (AO Kaspersky Lab) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation) R2 ZAMSvc; C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [13915888 2016-11-22] (Zemana Ltd.) ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R3 AtiHDAudioService; C:\WINDOWS\system32\drivers\AtihdWT6.sys [102912 2015-05-28] (Advanced Micro Devices) R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [145528 2015-06-16] (BlueStack Systems) R0 cm_km; C:\WINDOWS\System32\DRIVERS\cm_km.sys [389816 2015-07-06] (Kaspersky Lab ZAO) S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131712 2016-09-05] (Samsung Electronics Co., Ltd.) R3 ElbyCDFL; C:\WINDOWS\System32\Drivers\ElbyCDFL.sys [40648 2007-02-16] (SlySoft, Inc.) R3 ElbyCDFL; C:\Windows\SysWOW64\Drivers\ElbyCDFL.sys [40648 2007-02-16] (SlySoft, Inc.) S3 epmntdrv; C:\windows\system32\epmntdrv.sys [17480 2013-03-07] () [File not signed] S3 epmntdrv; C:\windows\SysWOW64\epmntdrv.sys [13896 2013-03-07] () [File not signed] S3 EuGdiDrv; C:\windows\system32\EuGdiDrv.sys [9800 2013-03-07] () [File not signed] S3 EuGdiDrv; C:\windows\SysWOW64\EuGdiDrv.sys [9160 2013-03-07] () [File not signed] S3 ew_hwusbdev; C:\Windows\SysWOW64\DRIVERS\ew_hwusbdev.sys [117248 2014-01-12] (Huawei Technologies Co., Ltd.) S3 ew_usbenumfilter; C:\Windows\SysWOW64\drivers\ew_usbenumfilter.sys [13952 2014-01-12] (Huawei Technologies Co., Ltd.) S3 huawei_cdcacm; C:\Windows\SysWOW64\DRIVERS\ew_jucdcacm.sys [98304 2014-01-12] (Huawei Technologies Co., Ltd.) S3 huawei_cdcecm; C:\Windows\SysWOW64\DRIVERS\ew_jucdcecm.sys [72192 2014-01-12] (Huawei Technologies Co., Ltd.) S3 huawei_enumerator; C:\Windows\SysWOW64\drivers\ew_jubusenum.sys [87040 2014-01-12] (Huawei Technologies Co., Ltd.) S3 huawei_ext_ctrl; C:\Windows\SysWOW64\drivers\ew_juextctrl.sys [28672 2014-01-12] (Huawei Technologies Co., Ltd.) R0 kl1; C:\WINDOWS\System32\DRIVERS\kl1.sys [478392 2015-06-22] (Kaspersky Lab ZAO) R0 klbackupdisk; C:\WINDOWS\System32\DRIVERS\klbackupdisk.sys [53432 2015-06-06] (Kaspersky Lab ZAO) R1 klbackupflt; C:\WINDOWS\System32\DRIVERS\klbackupflt.sys [70512 2015-06-27] (Kaspersky Lab ZAO) R2 kldisk; C:\WINDOWS\system32\DRIVERS\kldisk.sys [77728 2016-03-02] (AO Kaspersky Lab) S0 klelam; C:\WINDOWS\System32\DRIVERS\klelam.sys [30328 2015-06-24] (Kaspersky Lab) R3 klflt; C:\WINDOWS\system32\DRIVERS\klflt.sys [181640 2015-10-20] (AO Kaspersky Lab) R1 klhk; C:\WINDOWS\system32\DRIVERS\klhk.sys [238000 2016-05-26] (AO Kaspersky Lab) R1 KLIF; C:\WINDOWS\System32\DRIVERS\klif.sys [933808 2016-05-26] (AO Kaspersky Lab) R1 KLIM6; C:\WINDOWS\system32\DRIVERS\klim6.sys [49240 2016-10-12] (AO Kaspersky Lab) R3 klkbdflt; C:\WINDOWS\system32\DRIVERS\klkbdflt.sys [41656 2015-06-06] (Kaspersky Lab ZAO) R3 klmouflt; C:\WINDOWS\system32\DRIVERS\klmouflt.sys [41656 2015-06-07] (Kaspersky Lab ZAO) R1 klpd; C:\WINDOWS\System32\DRIVERS\klpd.sys [41352 2015-10-07] (AO Kaspersky Lab) R1 klwfp; C:\WINDOWS\system32\DRIVERS\klwfp.sys [87984 2016-05-26] (AO Kaspersky Lab) R1 Klwtp; C:\WINDOWS\system32\DRIVERS\klwtp.sys [102584 2015-06-16] (Kaspersky Lab ZAO) R1 kneps; C:\WINDOWS\system32\DRIVERS\kneps.sys [187056 2015-06-23] (Kaspersky Lab ZAO) S3 Neo_VPN; C:\WINDOWS\system32\DRIVERS\Neo_VPN.sys [28640 2015-02-26] (SoftEther VPN Project at University of Tsukuba, Japan.) S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] () R2 NPF; C:\WINDOWS\System32\drivers\npf.sys [36600 2013-03-01] (Riverbed Technology, Inc.) R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [589824 2016-07-16] (Realtek ) R1 SeLow; C:\WINDOWS\system32\DRIVERS\SeLow_x64.sys [38368 2015-02-26] (SoftEther VPN Project at University of Tsukuba, Japan.) R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [51392 2015-10-08] (Synaptics Incorporated) S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [165504 2016-09-05] (Samsung Electronics Co., Ltd.) S3 taphss6; C:\WINDOWS\system32\DRIVERS\taphss6.sys [42184 2014-03-24] (Anchorfree Inc.) R3 Thotkey; C:\WINDOWS\System32\drivers\Thotkey.sys [54424 2015-07-29] (Toshiba Corporation) R1 VBoxNetAdp; C:\WINDOWS\system32\DRIVERS\VBoxNetAdp6.sys [121248 2016-09-12] (Oracle Corporation) R1 VBoxNetLwf; C:\WINDOWS\system32\DRIVERS\VBoxNetLwf.sys [195936 2016-09-12] (Oracle Corporation) R1 vmkbd3; C:\WINDOWS\system32\DRIVERS\vmkbd.sys [52288 2016-11-11] (VMware, Inc.) R0 vsock; C:\WINDOWS\system32\DRIVERS\vsock.sys [91712 2016-09-30] (VMware, Inc.) R2 vstor2-mntapi20-shared; C:\Windows\SysWow64\drivers\vstor2-mntapi20-shared.sys [34520 2015-07-09] (VMware, Inc.) S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation) S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation) S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation) R1 ZAM; C:\WINDOWS\System32\drivers\zam64.sys [203680 2016-12-09] (Zemana Ltd.) R1 ZAM_Guard; C:\WINDOWS\System32\drivers\zamguard64.sys [203680 2016-12-09] (Zemana Ltd.) U5 REALPLAYERUPDATESVC; no ImagePath ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-12-10 11:10 - 2016-12-10 11:10 - 00012353 _____ C:\Users\TOSHIBA\Downloads\vikings-fourth-season_HI_english-1460407.zip 2016-12-10 11:08 - 2016-12-10 11:11 - 00035917 _____ C:\Users\TOSHIBA\Desktop\FRST.txt 2016-12-10 09:06 - 2016-12-10 09:06 - 00092372 _____ C:\WINDOWS\system32\.crusader 2016-12-10 08:29 - 2016-12-10 08:31 - 00000000 ____D C:\Program Files\HitmanPro 2016-12-10 08:29 - 2016-12-10 08:29 - 00001977 _____ C:\Users\Public\Desktop\HitmanPro.lnk 2016-12-10 08:29 - 2016-12-10 08:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro 2016-12-10 08:28 - 2016-12-10 09:07 - 00000000 ____D C:\ProgramData\HitmanPro 2016-12-10 08:28 - 2016-12-10 08:28 - 00000000 ____D C:\Users\TOSHIBA\Desktop\Hitman Pro 3.7.14 Build 265 + Patch [4realtorrentz] 2016-12-10 08:28 - 2016-12-10 08:26 - 14357687 ____R C:\Users\TOSHIBA\Desktop\Hitman Pro 3.7.14 Build 265 + Patch [4realtorrentz].zip 2016-12-10 08:24 - 2016-12-10 08:26 - 14357687 _____ C:\Users\TOSHIBA\Downloads\Hitman Pro 3.7.14 Build 265 + Patch [4realtorrentz].zip 2016-12-10 08:24 - 2016-12-10 08:24 - 00019181 _____ C:\Users\TOSHIBA\Downloads\[limetorrents.cc]Hitman.Pro.3.7.14.Build.265...Patch.[4REALTORRENTZ].torrent 2016-12-10 08:21 - 2016-12-10 08:21 - 00014871 _____ C:\Users\TOSHIBA\Downloads\hitman pro 3 7 14 build 265 patch zip.torrent 2016-12-09 16:06 - 2016-12-09 16:06 - 00203680 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zam64.sys 2016-12-09 16:06 - 2016-12-09 16:06 - 00001232 _____ C:\Users\Public\Desktop\Zemana AntiMalware.lnk 2016-12-09 16:06 - 2016-12-09 16:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiMalware 2016-12-09 16:06 - 2016-12-09 16:06 - 00000000 ____D C:\Program Files (x86)\Zemana AntiMalware 2016-12-09 14:47 - 2016-12-09 14:47 - 00000000 ____D C:\Users\TOSHIBA\Downloads\Zemana Antimalware Software 2.50.2.83 [OS4World] 2016-12-09 13:58 - 2016-12-09 14:03 - 00000496 _____ C:\Users\TOSHIBA\Desktop\New Text Document.txt 2016-12-09 12:01 - 2016-12-09 12:01 - 22880203 _____ C:\Users\TOSHIBA\Downloads\ANTIMALWAREBYTES 2016 -SOPORTE TECNICOCV.rar 2016-12-09 12:01 - 2016-07-14 19:01 - 00000000 ____D C:\Users\TOSHIBA\Desktop\Malwarebytes AntiMalware Premium 2.2.1.1043 2016-12-09 11:49 - 2016-12-09 11:49 - 00006187 _____ C:\Users\TOSHIBA\Desktop\2016.12.09-11.14.13-i0-t92-d10.txt 2016-12-09 11:34 - 2016-12-09 11:34 - 00026778 _____ C:\Users\TOSHIBA\Downloads\westworld-first-season_HI_english-1458347.zip 2016-12-09 11:14 - 2016-12-10 11:10 - 00080330 _____ C:\WINDOWS\ZAM.krnl.trace 2016-12-09 11:14 - 2016-12-10 11:10 - 00047175 _____ C:\WINDOWS\ZAM_Guard.krnl.trace 2016-12-09 11:14 - 2016-12-09 14:04 - 00203680 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zamguard64.sys 2016-12-09 11:13 - 2016-12-09 16:06 - 00000000 ____D C:\Users\TOSHIBA\AppData\Local\Zemana 2016-12-09 10:41 - 2016-12-09 10:56 - 02420224 _____ (Farbar) C:\Users\TOSHIBA\Desktop\FRST64.exe 2016-12-09 10:22 - 2016-12-09 16:24 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2016-12-09 10:22 - 2016-12-09 10:22 - 00001186 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2016-12-09 10:22 - 2016-03-10 14:09 - 00065408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys 2016-12-09 10:22 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys 2016-12-09 10:22 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys 2016-12-09 08:40 - 2016-12-10 11:11 - 00000000 ____D C:\Users\TOSHIBA\Downloads\Vikings.S04E12.HDTV.x264-KILLERS[ettv] 2016-12-09 08:04 - 2016-12-09 08:04 - 00000000 ____D C:\Users\TOSHIBA\Downloads\Vikings.S04E11.HDTV.x264-KILLERS[ettv] 2016-12-09 07:01 - 2016-12-09 07:01 - 00000000 ____D C:\Users\TOSHIBA\Downloads\Arrow.S05E08.HDTV.x264-LOL[ettv] 2016-12-09 06:39 - 2016-12-09 06:39 - 00000000 ____D C:\Users\TOSHIBA\Downloads\The.Flash.2014.S03E09.HDTV.x264-LOL[ettv] 2016-12-08 07:46 - 2016-12-08 07:47 - 00000000 ____D C:\Users\TOSHIBA\Downloads\CBT Nuggets Cisco Virtual Internet Routing Lab (VIRL) 2016-12-08 06:16 - 2016-12-08 06:16 - 00000656 _____ C:\Users\TOSHIBA\Desktop\windows update10.diagcab 2016-12-06 19:12 - 2016-12-03 17:02 - 298707890 _____ C:\Users\TOSHIBA\Desktop\ICND1_SG.pdf 2016-12-06 06:25 - 2016-12-06 06:25 - 00001831 _____ C:\Users\TOSHIBA\Downloads\8C1961DCB44C0E060A1353B82EC0BEBB717410F4.torrent 2016-12-05 17:45 - 2016-12-05 17:48 - 00000000 ____D C:\Users\TOSHIBA\Desktop\CCNA ICND1 100-105 2016 2016-12-05 08:32 - 2016-12-08 06:55 - 00000000 ____D C:\Users\TOSHIBA\Downloads\CBT Nuggets GNS3 1.x Fundamentals 2016-12-05 08:32 - 2016-12-05 08:32 - 00019100 _____ C:\Users\TOSHIBA\Downloads\[limetorrents.cc]CBT.Nuggets.GNS3.1.x.Fundamentals.torrent 2016-12-05 08:26 - 2016-12-05 08:26 - 00023263 _____ C:\Users\TOSHIBA\Downloads\[limetorrents.cc]CBT.Nuggets.Cisco.Virtual.Internet.Routing.Lab..VIRL..Full.Course.-.2014.torrent 2016-12-05 08:20 - 2016-12-07 06:58 - 00000000 ____D C:\Users\TOSHIBA\Downloads\CBT Nuggets CCNA Hands on Labs Using Wireshark And GNS3 - [FirstUploads] 2016-12-05 08:19 - 2016-12-05 08:19 - 00172127 _____ C:\Users\TOSHIBA\Downloads\[limetorrents.cc]CBT.Nuggets.CCNA.Hands.on.Labs.Using.Wireshark.And.GNS3.-.[FirstUploads].torrent 2016-12-05 06:41 - 2016-12-09 11:34 - 00000000 ____D C:\Users\TOSHIBA\Downloads\Westworld.S01E10.HDTV.x264-FLEET[PRiME] 2016-11-30 14:54 - 2016-11-30 14:54 - 00021789 _____ C:\Users\TOSHIBA\Downloads\the-flash-third-season_HI_english-1455029.zip 2016-11-30 14:52 - 2016-11-30 14:52 - 00022526 _____ C:\Users\TOSHIBA\Downloads\gotham-third-season-2016_HI_english-1454601.zip 2016-11-30 06:39 - 2016-11-30 14:54 - 00000000 ____D C:\Users\TOSHIBA\Downloads\The.Flash.2014.S03E08.HDTV.x264-LOL[ettv] 2016-11-30 06:15 - 2016-11-30 14:53 - 00000000 ____D C:\Users\TOSHIBA\Downloads\Gotham.S03E11.HDTV.x264-LOL[ettv] 2016-11-28 08:23 - 2016-11-28 23:07 - 00000000 ____D C:\Users\TOSHIBA\Downloads\Westworld.S01E09.HDTV.x264-KILLERS[ettv] 2016-11-28 07:53 - 2016-11-28 23:07 - 00000000 ____D C:\Users\TOSHIBA\Downloads\Westworld.S01E08.HDTV.x264-KILLERS[ettv] 2016-11-28 07:31 - 2016-11-28 23:06 - 00000000 ____D C:\Users\TOSHIBA\Downloads\Westworld.S01E07.HDTV.x264-KILLERS[ettv] 2016-11-28 07:01 - 2016-11-28 23:05 - 00000000 ____D C:\Users\TOSHIBA\Downloads\Westworld.S01E06.PROPER.HDTV.x264-KILLERS[ettv] 2016-11-28 06:27 - 2016-11-28 23:04 - 00000000 ____D C:\Users\TOSHIBA\Downloads\Westworld.S01E05.HDTV.x264-KILLERS[ettv] 2016-11-27 08:23 - 2016-11-28 23:03 - 00000000 ____D C:\Users\TOSHIBA\Downloads\Westworld.S01E04.WEBRip.x264-FUM[ettv] 2016-11-27 07:40 - 2016-11-27 22:26 - 00000000 ____D C:\Users\TOSHIBA\Downloads\Westworld.S01E03.PROPER.HDTV.x264-KILLERS[ettv] 2016-11-27 06:45 - 2016-11-27 07:49 - 00000000 ____D C:\Users\TOSHIBA\Downloads\Westworld.S01E02.HDTV.x264-BATV[ettv] 2016-11-26 07:44 - 2016-11-26 19:33 - 00000000 ____D C:\Users\TOSHIBA\Downloads\The.Flash.2014.S03E07.HDTV.x264-LOL[ettv] 2016-11-25 17:11 - 2016-11-25 17:19 - 00000000 ____D C:\Users\TOSHIBA\Desktop\All Cisco Labs Eng Adel Al Hamedy 2016-11-25 13:57 - 2016-11-25 13:56 - 00113365 _____ C:\Users\TOSHIBA\Desktop\Static Route .pkt 2016-11-25 10:12 - 2016-11-25 10:17 - 00000000 ____D C:\Users\TOSHIBA\Cisco Packet Tracer 6.3 2016-11-25 10:10 - 2016-11-25 10:11 - 00000000 ____D C:\Program Files (x86)\Cisco Packet Tracer 6.3 2016-11-25 10:05 - 2016-11-25 10:05 - 00024679 _____ C:\Users\TOSHIBA\Downloads\westworld-first-season_HI_english-1417065.zip 2016-11-25 08:29 - 2016-11-25 08:29 - 00012207 _____ C:\Users\TOSHIBA\Downloads\Static Route (Demo).pkt 2016-11-25 08:01 - 2016-11-25 11:32 - 00000000 ____D C:\Users\TOSHIBA\Cisco Packet Tracer 7.0 2016-11-24 21:53 - 2016-11-24 21:55 - 00000000 ____D C:\Users\TOSHIBA\Desktop\Lynda.com - Illustrator CC Essential Training 2016-11-24 21:38 - 2015-08-15 11:39 - 127926272 _____ C:\Users\TOSHIBA\Desktop\IOSv-L3.qcow2 2016-11-22 23:06 - 2016-11-25 10:05 - 00000000 ____D C:\Users\TOSHIBA\Downloads\Westworld.S01E01.HDTV.x264-FUM[ettv] 2016-11-22 22:56 - 2016-11-22 22:56 - 00025779 _____ C:\Users\TOSHIBA\Downloads\gotham-third-season-2016_HI_english-1450551.zip 2016-11-22 19:34 - 2013-07-23 23:56 - 2459025408 _____ C:\Users\TOSHIBA\Desktop\kali-linux-1.0.4-amd64.iso 2016-11-22 06:39 - 2016-11-22 22:56 - 00000000 ____D C:\Users\TOSHIBA\Downloads\Gotham.S03E10.HDTV.x264-LOL[ettv] 2016-11-17 07:21 - 2016-11-17 07:35 - 172982492 _____ C:\Users\TOSHIBA\Downloads\L3-ADVENTERPRISEK9-M-15.5-2T.bin 2016-11-17 07:05 - 2016-11-18 00:05 - 00000000 ____D C:\Users\TOSHIBA\Downloads\Arrow.S05E07.HDTV.x264-LOL[ettv] 2016-11-16 11:16 - 2016-12-08 08:24 - 00000000 ____D C:\Users\TOSHIBA\GNS3 2016-11-16 11:15 - 2016-11-16 11:16 - 00000000 ____D C:\Users\TOSHIBA\AppData\Roaming\GNS3 2016-11-16 11:15 - 2016-11-16 11:15 - 00001658 _____ C:\Users\TOSHIBA\Desktop\GNS3.lnk 2016-11-16 11:15 - 2016-11-16 11:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GNS3 2016-11-16 11:14 - 2016-11-16 11:15 - 00000000 ____D C:\Program Files\GNS3 2016-11-16 08:47 - 2016-11-16 08:47 - 00001160 _____ C:\Users\Public\Desktop\Oracle VM VirtualBox.lnk 2016-11-16 08:47 - 2016-11-16 08:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Oracle VM VirtualBox 2016-11-16 08:47 - 2016-11-16 08:47 - 00000000 ____D C:\Program Files\Oracle 2016-11-16 08:47 - 2016-09-12 18:17 - 00149256 _____ (Oracle Corporation) C:\WINDOWS\system32\Drivers\VBoxUSBMon.sys 2016-11-16 08:08 - 2016-11-16 08:08 - 00000000 ____D C:\Users\TOSHIBA\Documents\Virtual Machines 2016-11-16 08:06 - 2016-11-16 08:45 - 00000000 ____D C:\Users\TOSHIBA\AppData\Roaming\VMware 2016-11-16 08:06 - 2016-11-16 08:45 - 00000000 ____D C:\Users\TOSHIBA\AppData\Local\VMware 2016-11-16 07:54 - 2016-11-16 07:54 - 00000000 ____D C:\Users\TOSHIBA\Desktop\Keygen-AMPED 2016-11-16 07:54 - 2016-11-11 23:22 - 00400968 _____ (VMware, Inc.) C:\WINDOWS\SysWOW64\vmnat.exe 2016-11-16 07:54 - 2016-11-11 23:22 - 00366664 _____ (VMware, Inc.) C:\WINDOWS\SysWOW64\vmnetdhcp.exe 2016-11-16 07:54 - 2016-11-11 23:21 - 01148488 _____ (VMware, Inc.) C:\WINDOWS\system32\vnetlib64.dll 2016-11-16 07:54 - 2016-11-11 23:16 - 00088128 _____ (VMware, Inc.) C:\WINDOWS\system32\Drivers\vmx86.sys 2016-11-16 07:54 - 2016-11-11 23:16 - 00052288 _____ (VMware, Inc.) C:\WINDOWS\system32\Drivers\vmkbd.sys 2016-11-16 07:54 - 2016-11-11 23:05 - 00066624 _____ (VMware, Inc.) C:\WINDOWS\system32\vnetinst.dll 2016-11-16 07:54 - 2016-11-11 23:05 - 00044096 _____ (VMware, Inc.) C:\WINDOWS\system32\Drivers\vmnetuserif.sys 2016-11-16 07:54 - 2016-09-30 01:12 - 00091712 _____ (VMware, Inc.) C:\WINDOWS\system32\Drivers\vsock.sys 2016-11-16 07:54 - 2016-09-30 01:12 - 00069104 _____ (VMware, Inc.) C:\WINDOWS\system32\vsocklib.dll 2016-11-16 07:54 - 2016-09-30 01:12 - 00065016 _____ (VMware, Inc.) C:\WINDOWS\SysWOW64\vsocklib.dll 2016-11-16 07:53 - 2016-11-16 07:53 - 01617228 _____ C:\WINDOWS\SysWOW64\PerfStringBackup.INI 2016-11-16 07:53 - 2016-11-16 07:53 - 00001287 _____ C:\Users\Public\Desktop\VMware Workstation Pro.lnk 2016-11-16 07:53 - 2016-11-16 07:53 - 00001024 _____ C:\WINDOWS\SysWOW64\%TMP% 2016-11-16 07:53 - 2016-11-16 07:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VMware 2016-11-16 07:53 - 2016-09-06 18:48 - 00083008 _____ (VMware, Inc.) C:\WINDOWS\system32\Drivers\hcmon.sys 2016-11-16 07:52 - 2016-12-10 10:49 - 00000000 ____D C:\ProgramData\VMware 2016-11-16 07:52 - 2016-11-16 07:52 - 00000000 ____D C:\Users\Public\Documents\Shared Virtual Machines 2016-11-16 07:52 - 2016-11-16 07:52 - 00000000 ____D C:\Program Files\Common Files\VMware 2016-11-16 07:52 - 2016-11-16 07:52 - 00000000 ____D C:\Program Files (x86)\VMware 2016-11-16 07:11 - 2016-11-16 07:11 - 00000000 ____D C:\Users\TOSHIBA\Downloads\VMware Workstation Pro v12.5.2 Build 4638234 Incl Keygen [Androgalaxy] 2016-11-16 06:40 - 2016-11-16 22:36 - 00000000 ____D C:\Users\TOSHIBA\Downloads\The.Flash.2014.S03E06.HDTV.x264-LOL[ettv] 2016-11-16 05:52 - 2016-11-17 07:35 - 00000000 ____D C:\Users\TOSHIBA\Desktop\IOU in GNS3 Ziad 2016-11-15 06:49 - 2016-11-16 22:41 - 00000000 ____D C:\Users\TOSHIBA\Downloads\Gotham.S03E09.HDTV.x264-LOL[ettv] 2016-11-14 07:31 - 2016-11-14 07:31 - 00000000 ____D C:\Users\TOSHIBA\Documents\OneNote Notebooks 2016-11-13 06:56 - 2016-11-18 00:04 - 00000000 ____D C:\Users\TOSHIBA\Downloads\Arrow.S05E06.HDTV.x264-LOL[ettv] 2016-11-11 23:05 - 2016-11-11 23:05 - 00098360 _____ (VMware, Inc.) C:\WINDOWS\system32\vmnetbridge.dll 2016-11-11 23:05 - 2016-11-11 23:05 - 00066624 _____ (VMware, Inc.) C:\WINDOWS\system32\Drivers\vmnetbridge.sys 2016-11-11 23:05 - 2016-11-11 23:05 - 00046144 _____ (VMware, Inc.) C:\WINDOWS\system32\Drivers\vmnetadapter.sys 2016-11-11 23:05 - 2016-11-11 23:05 - 00045632 _____ (VMware, Inc.) C:\WINDOWS\system32\Drivers\vmnet.sys 2016-11-11 07:43 - 2016-11-13 22:32 - 00000000 ____D C:\Users\TOSHIBA\Downloads\The.Blacklist.S04E08.HDTV.x264-KILLERS[ettv] 2016-11-10 08:33 - 2016-11-18 00:03 - 00000000 ____D C:\Users\TOSHIBA\Downloads\Arrow.S05E05.HDTV.x264-LOL[ettv] ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-12-10 11:08 - 2016-08-22 15:18 - 00000000 ____D C:\FRST 2016-12-10 11:08 - 2016-07-16 13:36 - 00000000 ____D C:\WINDOWS\CbsTemp 2016-12-10 10:58 - 2013-10-16 22:58 - 00000000 ____D C:\Users\TOSHIBA\AppData\Local\Adobe 2016-12-10 10:51 - 2014-11-13 09:29 - 00000575 _____ C:\WINDOWS\SysWOW64\router.xml 2016-12-10 10:50 - 2013-10-14 07:10 - 00000000 ____D C:\ProgramData\Kaspersky Lab 2016-12-10 10:49 - 2016-10-12 13:55 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT 2016-12-10 09:13 - 2016-07-16 08:04 - 00524288 _____ C:\WINDOWS\system32\config\BBI 2016-12-10 09:11 - 2016-10-25 23:24 - 00000000 ____D C:\Users\TOSHIBA\AppData\Roaming\DMCache 2016-12-10 09:07 - 2016-09-13 10:06 - 00000000 ____D C:\Users\TOSHIBA\AppData\Roaming\uTorrent 2016-12-10 09:06 - 2014-10-23 11:14 - 00000000 ____D C:\Users\TOSHIBA\Documents\Corel 2016-12-10 09:04 - 2016-10-12 12:58 - 00000000 ____D C:\WINDOWS\system32\SleepStudy 2016-12-10 08:10 - 2016-07-16 13:47 - 00000000 ___HD C:\Program Files\WindowsApps 2016-12-10 08:10 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\AppReadiness 2016-12-10 07:30 - 2013-10-19 02:34 - 00001518 _____ C:\Users\TOSHIBA\Desktop\iexplore.lnk 2016-12-10 07:11 - 2016-10-12 13:07 - 00000000 ____D C:\Users\TOSHIBA 2016-12-09 14:10 - 2015-04-16 08:04 - 00000000 ____D C:\Users\TOSHIBA\Downloads\Compressed 2016-12-09 12:10 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\system32\NDF 2016-12-09 11:10 - 2016-10-25 23:24 - 00000000 ____D C:\Users\TOSHIBA\AppData\Roaming\IDM 2016-12-09 10:22 - 2014-05-17 09:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2016-12-09 10:22 - 2014-05-17 09:08 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware 2016-12-09 10:12 - 2014-02-28 10:50 - 00000000 ____D C:\ProgramData\Malwarebytes 2016-12-09 09:07 - 2014-01-15 15:00 - 00004437 _____ C:\Users\TOSHIBA\Desktop\Pass.txt 2016-12-09 08:09 - 2016-09-13 10:07 - 00000942 _____ C:\Users\TOSHIBA\Desktop\µTorrent.lnk 2016-12-09 07:40 - 2015-04-16 08:04 - 00000000 ____D C:\Users\TOSHIBA\Downloads\Video 2016-12-09 06:31 - 2015-12-07 19:50 - 00002283 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2016-12-09 06:31 - 2015-12-07 19:50 - 00002271 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2016-12-08 16:54 - 2013-01-11 01:11 - 00000000 ____D C:\Users\TOSHIBA\AppData\Local\VirtualStore 2016-12-08 16:49 - 2015-04-06 19:05 - 00000000 ____D C:\Users\TOSHIBA\.VirtualBox 2016-12-08 15:12 - 2015-09-09 10:00 - 00000540 _____ C:\Users\TOSHIBA\.packettracer 2016-12-08 14:35 - 2016-09-16 23:19 - 00000000 ____D C:\Users\TOSHIBA\AppData\Roaming\vlc 2016-12-08 11:57 - 2014-06-27 08:56 - 00000000 ____D C:\ProgramData\Real 2016-12-08 11:57 - 2014-06-27 08:56 - 00000000 ____D C:\Program Files (x86)\Real 2016-12-08 11:57 - 2014-06-27 08:55 - 00000000 ____D C:\Users\TOSHIBA\AppData\Roaming\Real 2016-12-08 11:52 - 2013-01-11 01:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Golden Al-Wafi Translator 2016-12-07 18:29 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\SchCache 2016-12-06 12:58 - 2014-07-27 13:02 - 00000000 ____D C:\Users\TOSHIBA\AppData\Local\ElevatedDiagnostics 2016-12-03 07:02 - 2013-01-11 01:11 - 00000000 ____D C:\Users\TOSHIBA\AppData\Local\Packages 2016-11-30 06:18 - 2016-10-22 12:47 - 00000000 ____D C:\Users\TOSHIBA\Desktop\Mov 2016-11-25 11:17 - 2016-10-16 13:36 - 00001090 _____ C:\Users\TOSHIBA\Desktop\Cisco Packet Tracer.lnk 2016-11-25 11:17 - 2016-10-16 13:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cisco Packet Tracer 2016-11-25 11:17 - 2016-10-16 13:36 - 00000000 ____D C:\Program Files\Cisco Packet Tracer 7.0 2016-11-25 08:01 - 2016-10-16 13:37 - 00021504 _____ C:\Users\TOSHIBA\AppData\Local\WebpageIcons.db 2016-11-20 18:34 - 2015-11-21 21:58 - 01630362 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2016-11-16 22:38 - 2016-11-09 07:56 - 00000000 ____D C:\Users\TOSHIBA\Downloads\Gotham.S03E08.HDTV.x264-LOL[ettv] 2016-11-16 11:58 - 2016-10-06 14:44 - 00000000 ____D C:\Users\TOSHIBA\Desktop\IOU ON GNS3 2016-11-16 11:14 - 2015-09-09 15:49 - 00000000 ____D C:\Program Files (x86)\WinPcap 2016-11-16 08:50 - 2015-04-06 19:05 - 00000000 ____D C:\Users\TOSHIBA\VirtualBox VMs 2016-11-16 08:47 - 2016-07-16 13:45 - 00000000 ____D C:\WINDOWS\INF 2016-11-12 22:40 - 2015-01-24 13:36 - 00000000 ____D C:\ProgramData\Corel 2016-11-11 01:41 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\LiveKernelReports 2016-11-10 14:16 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\rescache 2016-11-10 11:13 - 2016-11-09 08:00 - 00000000 ____D C:\Users\TOSHIBA\Downloads\The.Blacklist.S04E07.HDTV.x264-KILLERS[ettv] ==================== Files in the root of some directories ======= 2015-03-10 12:33 - 2015-03-16 17:00 - 0000132 _____ () C:\Users\TOSHIBA\AppData\Roaming\Adobe PNG Format CS6 Prefs 2013-10-31 12:50 - 2014-03-16 15:11 - 0001456 _____ () C:\Users\TOSHIBA\AppData\Local\Adobe Save for Web 12.0 Prefs ME 2013-10-27 01:19 - 2015-04-07 22:55 - 0001456 _____ () C:\Users\TOSHIBA\AppData\Local\Adobe Save for Web 13.0 Prefs 2015-09-23 13:43 - 2015-09-23 16:37 - 0000600 _____ () C:\Users\TOSHIBA\AppData\Local\PUTTY.RND 2013-10-14 05:51 - 2016-10-27 06:50 - 0007605 _____ () C:\Users\TOSHIBA\AppData\Local\resmon.resmoncfg 2016-10-16 13:37 - 2016-11-25 08:01 - 0021504 _____ () C:\Users\TOSHIBA\AppData\Local\WebpageIcons.db 2013-11-04 00:57 - 2016-08-26 14:43 - 0000041 ___SH () C:\ProgramData\.zreglib Some files in TEMP: ==================== C:\Users\TOSHIBA\AppData\Local\Temp\DriverBoosterSetup.exe C:\Users\TOSHIBA\AppData\Local\Temp\trotux.exe C:\Users\TOSHIBA\AppData\Local\Temp\Wireshark-win64-1.12.1.exe ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\WINDOWS\system32\winlogon.exe => File is digitally signed C:\WINDOWS\system32\wininit.exe => File is digitally signed C:\WINDOWS\explorer.exe => File is digitally signed C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed C:\WINDOWS\system32\svchost.exe => File is digitally signed C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed C:\WINDOWS\system32\services.exe => File is digitally signed C:\WINDOWS\system32\User32.dll => File is digitally signed C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed C:\WINDOWS\system32\userinit.exe => File is digitally signed C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed C:\WINDOWS\system32\rpcss.dll => File is digitally signed C:\WINDOWS\system32\dnsapi.dll => File is digitally signed C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2016-12-04 14:41 ==================== End of FRST.txt ============================ -
proxy server keep changing back to 127.0.0.1 port 8080
desly replied to desly's topic in Resolved Malware Removal Logs
-
proxy server keep changing back to 127.0.0.1 port 8080
desly replied to desly's topic in Resolved Malware Removal Logs
-
proxy server keep changing back to 127.0.0.1 port 8080
desly replied to desly's topic in Resolved Malware Removal Logs
after restart my laptop, proxy server changing to 127.0.0.1 and scanning my laptop with zemana find nothing -
proxy server keep changing back to 127.0.0.1 port 8080
desly replied to desly's topic in Resolved Malware Removal Logs
not working -
proxy server keep changing back to 127.0.0.1 port 8080
desly replied to desly's topic in Resolved Malware Removal Logs
-
proxy server keep changing back to 127.0.0.1 port 8080
desly replied to desly's topic in Resolved Malware Removal Logs
Zemana AntiMalware 2.70.2.25 (Installed) ------------------------------------------------------- Scan Result : Completed Scan Date : 2016/12/9 Operating System : Windows 10 64-bit Processor : 4X Intel(R) Core(TM) i5-3210M CPU @ 2.50GHz BIOS Mode : UEFI CUID : 12EC5AC96CD19DDFDD7744 Scan Type : System Scan Duration : 29m 58s Scanned Objects : 203789 Detected Objects : 10 Excluded Objects : 0 Read Level : Normal Auto Upload : Enabled Detect All Extensions : Disabled Scan Documents : Disabled Domain Info : WORKGROUP,0,2 Detected Objects ------------------------------------------------------- Proxy Settings (System) Status : Scanned Object : HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ProxySettingsPerUser MD5 : - Publisher : - Size : - Version : - Detection : Suspicious Setting Cleaning Action : Delete Related Objects : Registry Entry - HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ProxySettingsPerUser = disabled Internet Settings (System) Status : Scanned Object : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\SavedLegacySettings MD5 : - Publisher : - Size : - Version : - Detection : Suspicious Setting Cleaning Action : Delete Related Objects : Registry Entry - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\SavedLegacySettings = 46000000120200000300000028000000687474703D3132372E302E302E313A383038303B68747470733D3132372E302E302E313A383038300B0000003C2D6C6F6F706261636B3E000000000000000000000000000000000000000000000000000000000000000000000000 Internet Settings (System) Status : Scanned Object : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\DefaultConnectionSettings MD5 : - Publisher : - Size : - Version : - Detection : Suspicious Setting Cleaning Action : Delete Related Objects : Registry Entry - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\DefaultConnectionSettings = 46000000850000000300000028000000687474703D3132372E302E302E313A383038303B68747470733D3132372E302E302E313A383038300B0000003C2D6C6F6F706261636B3E000000000000000000000000000000000000000000000000000000000000000000000000 Proxy Enabled (System) Status : Scanned Object : HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyEnable MD5 : - Publisher : - Size : - Version : - Detection : Suspicious Setting Cleaning Action : Repair Related Objects : Registry Entry - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyEnable = enabled Proxy Server (System) Status : Scanned Object : HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer MD5 : - Publisher : - Size : - Version : - Detection : Suspicious Setting Cleaning Action : Delete Related Objects : Registry Entry - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer = http=127.0.0.1:8080;https=127.0.0.1:8080 trash Status : Scanned Object : %appdata%\mozilla\firefox\profiles\xwrr4w3r.default\extensions\trash MD5 : - Publisher : - Size : - Version : - Detection : PUA.FirefoxExt!Gr Cleaning Action : Repair Related Objects : Browser Extension - trash Hosts File Status : Scanned Object : %systemroot%\system32\drivers\etc\hosts MD5 : 6A4029CFF35FD4BA34C001C1ED5D9945 Publisher : - Size : 27 Version : - Detection : Hosts Hijack Cleaning Action : Repair Related Objects : Hosts file - 127.0.0.1 - ca File - %systemroot%\system32\drivers\etc\hosts keygen.exe Status : Scanned Object : %userprofile%\desktop\keygen-amped\amped\keygen.exe MD5 : 358544C0473D293789F378F5E8982F23 Publisher : - Size : 48128 Version : - Detection : Malware:Win32/Thracia.A!Eair Cleaning Action : Quarantine Related Objects : File - %userprofile%\desktop\keygen-amped\amped\keygen.exe Mobogenie.exe Status : Scanned Object : %userprofile%\downloads\programs\mobogenie.exe MD5 : 7624E9648862909BDEE1246B9B599CF9 Publisher : Beijing AmazGame Age Internet Technology Co., Ltd. Size : 788032 Version : 0.0.0.0 Detection : Adware:Win32/AutoBulk.4631da!Ep Cleaning Action : Quarantine Related Objects : File - %userprofile%\downloads\programs\mobogenie.exe Mirillis Action! 1.30.x Activator - [Fullstuff.net].exe Status : Scanned Object : %userprofile%\downloads\mirillis action v1.30.3 setup + activator\crack\mirillis action! 1.30.x activator - [fullstuff.net].exe MD5 : 5CCDD43175B19B8BAF97D338F6C7C027 Publisher : - Size : 50176 Version : 1.0.0.0 Detection : Adware:Win32/Cardunia.A!Eece Cleaning Action : Quarantine Related Objects : File - %userprofile%\downloads\mirillis action v1.30.3 setup + activator\crack\mirillis action! 1.30.x activator - [fullstuff.net].exe Cleaning Result ------------------------------------------------------- Cleaned : 10 Reported as safe : 0 Failed : 0 2016.12.09-11.14.13-i0-t92-d10.txt -
proxy server keep changing back to 127.0.0.1 port 8080
desly replied to desly's topic in Resolved Malware Removal Logs
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 07-12-2016 Ran by TOSHIBA (09-12-2016 10:58:42) Running from C:\Users\TOSHIBA\Desktop Windows 10 Home Single Language Version 1607 (X64) (2016-10-12 12:07:34) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-2841341764-4259199002-3796252902-500 - Administrator - Disabled) DefaultAccount (S-1-5-21-2841341764-4259199002-3796252902-503 - Limited - Disabled) Guest (S-1-5-21-2841341764-4259199002-3796252902-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-2841341764-4259199002-3796252902-1003 - Limited - Enabled) TOSHIBA (S-1-5-21-2841341764-4259199002-3796252902-1001 - Administrator - Enabled) => C:\Users\TOSHIBA ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Kaspersky Internet Security (Enabled - Up to date) {86367591-4BE4-AE08-2FD9-7FCB8259CD98} AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Kaspersky Internet Security (Enabled - Up to date) {3D579475-6DDE-A186-1569-44B9F9DE8725} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} FW: Kaspersky Internet Security (Enabled) {BE0DF4B4-018B-AF50-0486-D6FE7C8A8AE3} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) µTorrent (HKU\S-1-5-21-2841341764-4259199002-3796252902-1001\...\uTorrent) (Version: 3.4.7.42330 - BitTorrent Inc.) µTorrent (HKU\S-1-5-21-2841341764-4259199002-3796252902-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\uTorrent) (Version: 3.4.7.42330 - BitTorrent Inc.) 12.0.0.0 (HKLM-x32\...\{FECB3E96-76A8-45A9-B73C-D7304DE02190}_is1) (Version: - Adobe Photoshop CS5 ME by Magic-M) Action! (HKLM-x32\...\Mirillis Action!) (Version: 1.30.3 - Mirillis) Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.5.1.17730 - Adobe Systems Inc.) Adobe Flash Player 23 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 23.0.0.185 - Adobe Systems Incorporated) Adobe Photoshop CC 2015 (HKLM-x32\...\{793C2BF7-A4FE-4608-91C9-9282C5801C21}) (Version: 16.0 - Adobe Systems Incorporated) Adobe Photoshop Lightroom 5.3 64-bit (HKLM\...\{2DD71ACB-552D-402C-9529-7906ACB95C30}) (Version: 5.3.1 - Adobe Systems Incorporated) Adobe Reader XI (11.0.07) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated) AMD Catalyst Control Center (HKLM-x32\...\WUCCCApp) (Version: 1.00.0000 - AMD) AMD Catalyst Install Manager (HKLM\...\{F2A7CE36-57BF-5C86-952D-90DBF3746D82}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.) Apple Application Support (32-bit) (HKLM-x32\...\{649A1FD9-5892-46AD-8DF0-C4A43FF61CB7}) (Version: 4.1 - Apple Inc.) Apple Application Support (64-bit) (HKLM\...\{0DE0A178-AC7B-4650-806C-CF226DE03766}) (Version: 4.1 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{3540181E-340A-4E7A-B409-31663472B2F7}) (Version: 9.1.0.6 - Apple Inc.) Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.) Atheros Bluetooth Filter Driver Package (HKLM\...\{026B819B-4D60-4C8B-892D-33A0D8666F60}) (Version: 2.0.0.1 - Atheros Communications) Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 10.0 - Atheros) BlueStacks App Player (HKLM-x32\...\BlueStacks App Player) (Version: 0.9.30.9239 - BlueStack Systems, Inc.) BlueStacks Notification Center (HKLM-x32\...\{3792811C-832F-4392-B44A-24092901EDDC}) (Version: 0.9.30.9239 - BlueStack Systems, Inc.) Cambridge Advanced Learner's Dictionary - 3rd Edition (HKLM-x32\...\NSIS_cald3) (Version: - ) CCleaner (HKLM\...\CCleaner) (Version: 5.13 - Piriform) CGS17_Setup_x64 (Version: 17.0 - Corel Corporation) Hidden Cisco Packet Tracer 6.1 Student (HKLM-x32\...\Cisco Packet Tracer 6.1 Student_is1) (Version: - Cisco Systems, Inc.) Cisco Packet Tracer 6.3 (HKLM-x32\...\Cisco Packet Tracer 6.3_is1) (Version: - Cisco Systems, Inc.) Cisco Packet Tracer 7.0 64Bit (HKLM\...\Cisco Packet Tracer 7.0 64Bit_is1) (Version: - Cisco Systems, Inc.) CloneCD (HKLM-x32\...\CloneCD) (Version: - SlySoft) Corel Graphics - Windows Shell Extension (HKLM\...\_{4AB916EE-ABA8-4079-9889-745798B6D809}) (Version: 17.0.0.491 - Corel Corporation) Corel Graphics - Windows Shell Extension (Version: 17.0.491 - Corel Corporation) Hidden Corel Graphics - Windows Shell Extension 32 Bit (Version: 17.0.491 - Corel Corporation) Hidden CorelDRAW Graphics Suite X7 - Capture (x64) (Version: 17.0 - Corel Corporation) Hidden CorelDRAW Graphics Suite X7 - Common (x64) (Version: 17.0 - Corel Corporation) Hidden CorelDRAW Graphics Suite X7 - Connect (x64) (Version: 17.0 - Corel Corporation) Hidden CorelDRAW Graphics Suite X7 - Custom Data (x64) (Version: 17.0 - Corel Corporation) Hidden CorelDRAW Graphics Suite X7 - Draw (x64) (Version: 17.0 - Corel Corporation) Hidden CorelDRAW Graphics Suite X7 - EN (x64) (Version: 17.0 - Corel Corporation) Hidden CorelDRAW Graphics Suite X7 - Filters (x64) (Version: 17.0 - Corel Corporation) Hidden CorelDRAW Graphics Suite X7 - FontNav (x64) (Version: 17.0 - Corel Corporation) Hidden CorelDRAW Graphics Suite X7 - IPM Content (x64) (Version: 17.0 - Corel Corporation) Hidden CorelDRAW Graphics Suite X7 - IPM T (x64) (Version: 17.0 - Corel Corporation) Hidden CorelDRAW Graphics Suite X7 - PHOTO-PAINT (x64) (Version: 17.0 - Corel Corporation) Hidden CorelDRAW Graphics Suite X7 - Photozoom Plugin (x64) (Version: 17.0 - Corel Corporation) Hidden CorelDRAW Graphics Suite X7 - Redist (x64) (Version: 17.0 - Corel Corporation) Hidden CorelDRAW Graphics Suite X7 - Setup Files (x64) (Version: 17.0 - Corel Corporation) Hidden CorelDRAW Graphics Suite X7 - VBA (x64) (Version: 17.0 - Corel Corporation) Hidden CorelDRAW Graphics Suite X7 - VideoBrowser (x64) (Version: 17.0 - Corel Corporation) Hidden CorelDRAW Graphics Suite X7 - Writing Tools (x64) (Version: 17.0 - Corel Corporation) Hidden CorelDRAW Graphics Suite X7 (64-Bit) (HKLM\...\_{5CB73140-806C-42C6-A05A-1AFD0E92DEB5}) (Version: 17.0.0.491 - Corel Corporation) EaseUS Partition Master 9.2.2 (HKLM-x32\...\EaseUS Partition Master_is1) (Version: - EaseUS) Focus 500,000 Images (HKLM-x32\...\InstallShield_{445D8BDE-8E58-418A-BAE4-2443F0D7B2A7}) (Version: 3.20.0000 - Focus) Focus 500,000 Images (x32 Version: 3.20.0000 - Focus) Hidden GNS3 1.2.3 (HKLM-x32\...\GNS3) (Version: 1.2.3 - ) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 55.0.2883.75 - Google Inc.) Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.31.5 - Google Inc.) Google Update Helper (x32 Version: 1.3.23.0 - BonanzaDeals) Hidden <==== ATTENTION Intel(R) C++ Redistributables for Windows* on Intel(R) 64 (HKLM-x32\...\{D2437C5C-2D8C-40D2-8059-689AD7239FA3}) (Version: 11.1.048 - Intel Corporation) Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation) Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.5.2.1001 - Intel Corporation) Internet Download Manager (HKLM-x32\...\Internet Download Manager) (Version: - Tonec Inc.) Internet Everywhere (HKLM-x32\...\InternetEverywhere) (Version: 3.0 - Internet Everywhere) iTunes (HKLM\...\{E690A491-702F-4DEC-9977-C015D1DBB57C}) (Version: 12.3.1.23 - Apple Inc.) Java 7 Update 55 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.550 - Oracle) Kaspersky Internet Security (HKLM-x32\...\InstallWIX_{77E7AE5C-181C-4CAF-ADBF-946F11C1CE26}) (Version: 16.0.0.614 - Kaspersky Lab) Kaspersky Password Manager (HKLM-x32\...\InstallWIX_{C706D102-D77E-4D45-B631-2A43C55F0F01}) (Version: 8.0.3.287 - Kaspersky Lab) Kaspersky Password Manager (x32 Version: 8.0.3.287 - Kaspersky Lab) Hidden Kaspersky Total Security (x32 Version: 16.0.0.614 - Kaspersky Lab) Hidden K-Lite Codec Pack 12.3.5 Full (HKLM-x32\...\KLiteCodecPack_is1) (Version: 12.3.5 - KLCP) Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes) Metric Collection SDK 35 (x32 Version: 1.2.0010.00 - Lenovo Group Limited) Hidden Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50709.0 - Microsoft Corporation) Microsoft Text-to-Speech Engine 4.0 (English) (HKLM-x32\...\MSTTS) (Version: - ) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation) Microsoft Visual Studio Tools for Applications 2012 (HKLM-x32\...\{89ca2a32-2b52-4595-8dfd-6fe4757958d0}) (Version: 11.0.51108 - Microsoft Corporation) Mozilla Firefox 36.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 36.0.1 (x86 en-US)) (Version: 36.0.1 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 36.0.1 - Mozilla) Oracle VM VirtualBox 5.1.6 (HKLM\...\{EEDDD7E2-A7A2-4FA9-8C32-ADB29A5096FF}) (Version: 5.1.6 - Oracle Corporation) Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden Pacote de Idiomas do Microsoft Visual Studio Tools for Applications 2012 x64 Hosting Support - PTB (Version: 11.0.51108 - Microsoft Corporation) Hidden Pacote de Idiomas do Microsoft Visual Studio Tools for Applications 2012 x86 Hosting Support - PTB (x32 Version: 11.0.51108 - Microsoft Corporation) Hidden PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden Premium Sound HD (HKLM\...\{94F03B8E-CB73-4653-AFE9-79112C01FED2}) (Version: 1.12.4600 - SRS Labs, Inc.) Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.3.730.2012 - Realtek) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6794 - Realtek Semiconductor Corp.) Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.8400.30136 - Realtek Semiconductor Corp.) Revo Uninstaller Pro 3.1.2 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.1.2 - VS Revo Group, Ltd.) Rosetta Stone Ltd Services (HKLM-x32\...\{7BB2EF8A-5376-4BAE-96D0-38BE49501F40}) (Version: 3.2.17 - Rosetta Stone Ltd.) Rosetta Stone TOTALe (x32 Version: 4.1.1 - Rosetta Stone, Ltd) Hidden Rosetta Stone TOTALe (x32 Version: 4.1.15.1 - Rosetta Stone, Ltd) Hidden Samsung Kies3 (HKLM-x32\...\InstallShield_{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.15072.2 - Samsung Electronics Co., Ltd.) Samsung Kies3 (x32 Version: 3.2.15072.2 - Samsung Electronics Co., Ltd.) Hidden Samsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.55.0 - Samsung Electronics Co., Ltd.) Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version: - Microsoft) Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (Version: - Microsoft) Hidden SES Driver (HKLM\...\{D8CC254C-C671-4664-9A38-FA368D1E2C97}) (Version: 1.0.0 - Western Digital) Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee) SHAREit (HKLM-x32\...\SHAREit_is1) (Version: 2.5.1.5 - Lenovo Group Limited) Skype Click to Call (HKLM-x32\...\{873F8E7C-10E6-449F-BD7E-5FBA7C8E1C9B}) (Version: 8.5.0.9167 - Microsoft Corporation) Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.) Smart Switch (HKLM-x32\...\InstallShield_{74FA5314-85C8-4E2A-907D-D9ECCCB770A7}) (Version: 4.0.15104.7 - Samsung Electronics Co., Ltd.) Smart Switch (x32 Version: 4.0.15104.7 - Samsung Electronics Co., Ltd.) Hidden Snagit 11 (HKLM-x32\...\{44BD21C2-9132-48DB-B65B-23817E4C6F4B}) (Version: 11.2.0 - TechSmith Corporation) SolarWinds Response Time Viewer (HKLM-x32\...\{5B415E10-D1C1-4E54-9061-AE0FB3D7F2B2}) (Version: 1.0.0.167 - SolarWinds) Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.16.3 - Synaptics Incorporated) Topaz InFocus (HKLM-x32\...\Topaz InFocus) (Version: 1.0.0 - Topaz Labs) Topaz InFocus (x32 Version: 1.0.0 - Topaz Labs) Hidden Topaz Adjust 4 (HKLM-x32\...\Topaz Adjust 4) (Version: 4.1.0 - Topaz Labs) Topaz Adjust 4 (x32 Version: 4.1.0 - Topaz Labs) Hidden Topaz Clean 2 (HKLM-x32\...\{3D4B5330-CEA9-4D58-8355-74729AE527CD}) (Version: 2.1.0 - Topaz Labs) Topaz Clean 3 (HKLM-x32\...\Topaz Clean 3) (Version: 3.0.2 - Topaz Labs) Topaz Clean 3 (x32 Version: 3.0.2 - Topaz Labs) Hidden Topaz DeJpeg 4 (HKLM-x32\...\Topaz DeJpeg 4) (Version: 4.0.2 - Topaz Labs) Topaz DeJpeg 4 (x32 Version: 4.0.2 - Topaz Labs) Hidden Topaz DeNoise 5 (HKLM-x32\...\Topaz DeNoise 5) (Version: 5.0.1 - Topaz Labs) Topaz DeNoise 5 (x32 Version: 5.0.1 - Topaz Labs) Hidden Topaz Detail 2 (HKLM-x32\...\Topaz Detail 2) (Version: 2.0.5 - Topaz Labs) Topaz Detail 2 (x32 Version: 2.0.5 - Topaz Labs) Hidden Topaz Detail 3 (HKLM-x32\...\Topaz Detail 3) (Version: 3.2.0 - Topaz Labs, LLC) Topaz Fusion Express 2 (HKLM-x32\...\Topaz Fusion Express 2) (Version: 2.0.1 - Topaz Labs) Topaz Fusion Express 2 (x32 Version: 2.0.1 - Topaz Labs) Hidden Topaz ReMask 2 (HKLM-x32\...\Topaz ReMask 2) (Version: 2.0.5 - Topaz Labs) Topaz ReMask 2 (x32 Version: 2.0.5 - Topaz Labs) Hidden Topaz Simplify 3 (HKLM-x32\...\Topaz Simplify 3) (Version: 3.0.2 - Topaz Labs) Topaz Simplify 3 (x32 Version: 3.0.2 - Topaz Labs) Hidden TOSHIBA Desktop Assist (HKLM\...\{95CCACF0-010D-45F0-82BF-858643D8BC02}) (Version: 1.00.0007.00002 - Toshiba Corporation) TOSHIBA eco Utility (HKLM\...\{5944B9D4-3C2A-48DE-931E-26B31714A2F7}) (Version: 2.0.0.6415 - Toshiba Corporation) TOSHIBA Function Key (HKLM\...\{16562A90-71BC-41A0-B890-D91B0C267120}) (Version: 1.00.6425 - Toshiba Corporation) TOSHIBA Manuals (HKLM-x32\...\{90FF4432-21B7-4AF6-BA6E-FB8C1FED9173}) (Version: 10.10 - TOSHIBA) Toshiba Password Utility (HKLM-x32\...\InstallShield_{6D35FF17-A8B3-43D3-917E-5A1F2C3FB628}) (Version: 2.00.910 - Toshiba Corporation) TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.8.17.640104 - Toshiba Corporation) Toshiba Places Icon Utility (HKLM\...\{C991A8C4-307C-4FDD-8AAE-A1BF44881E95}) (Version: 2.1.1 - TOSHIBA) TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.2.0.54043005 - Toshiba Corporation) TOSHIBA Resolution+ Plug-in for Windows Media Player (HKLM-x32\...\{6CB76C9D-80C2-4CB3-A4CD-D96B239E3F94}) (Version: 1.2.2.00 - TOSHIBA Corporation) TOSHIBA Service Station (HKLM\...\{B8C8422F-01F1-4791-B084-047AAFF9BFCC}) (Version: 2.4.4 - TOSHIBA) TOSHIBA System Driver (HKLM-x32\...\{1E6A96A1-2BAB-43EF-8087-30437593C66C}) (Version: 1.00.0012 - Toshiba Corporation) TOSHIBA System Settings (HKLM-x32\...\{05A55927-DB9B-4E26-BA44-828EBFF829F0}) (Version: 1.00.0002.32002 - Toshiba Corporation) Toshiba TEMPRO (HKLM-x32\...\{F76F5214-83A8-4030-80C9-1EF57391D72A}) (Version: 4.2.0 - Toshiba Europe GmbH) TOSHIBA VIDEO PLAYER (HKLM\...\{FF07604E-C860-40E9-A230-E37FA41F103A}) (Version: 5.1.0.12-A - Toshiba Corporation) Update for Skype for Business 2015 (KB3039776) 64-Bit Edition (HKLM\...\{90150000-012B-0409-1000-0000000FF1CE}_Office15.PROPLUS_{0FA8AE0C-69AE-4F60-A1AB-F79C6BA5A999}) (Version: - Microsoft) Update for Skype for Business 2015 (KB3118281) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{E34F92E8-F338-4749-BE58-E77D605FE648}) (Version: - Microsoft) Update for Skype for Business 2015 (KB3118281) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUS_{E34F92E8-F338-4749-BE58-E77D605FE648}) (Version: - Microsoft) Update for Skype for Business 2015 (KB3118281) 64-Bit Edition (HKLM\...\{90150000-012B-0409-1000-0000000FF1CE}_Office15.PROPLUS_{E34F92E8-F338-4749-BE58-E77D605FE648}) (Version: - Microsoft) VCE Exam Simulator Demo (HKLM-x32\...\VCE Exam Simulator Demo_is1) (Version: - Avanset) Viber (HKU\S-1-5-21-2841341764-4259199002-3796252902-1001\...\Viber) (Version: 5.2.0.2546 - Viber Media Inc) Viber (HKU\S-1-5-21-2841341764-4259199002-3796252902-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Viber) (Version: 5.2.0.2546 - Viber Media Inc) VirtualCloneDrive (HKLM-x32\...\VirtualCloneDrive) (Version: 5.4.7.0 - Elaborate Bytes) VLC media player (HKLM\...\VLC media player) (Version: 2.2.4 - VideoLAN) VMware Workstation (HKLM\...\{07C33FB0-25C8-4723-A1E4-01868089B961}) (Version: 12.5.2 - VMware, Inc.) WebcamMax (HKLM-x32\...\WebcamMax) (Version: 7.1.3.2.MultiLanguage - ) Windows 10 Upgrade Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.17364 - Microsoft Corporation) Windows Driver Package - Western Digital Technologies (WDC_SAM) WDC_SAM (01/19/2011 1.0.0009.0) (HKLM\...\4CA7CFBB29889F25ACB3DF6E3A42BAE29EB43B20) (Version: 01/19/2011 1.0.0009.0 - Western Digital Technologies) WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.) WinRAR 4.00 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.00.0 - win.rar GmbH) Wireshark 2.2.1 (64-bit) (HKLM-x32\...\Wireshark) (Version: 2.2.1 - The Wireshark developer community, hxxps://www.wireshark.org) Xilisoft Video Converter Ultimate (HKLM-x32\...\Xilisoft Video Converter Ultimate) (Version: 7.7.2.20130217 - Xilisoft) Yahoo! Messenger (HKLM-x32\...\Yahoo! Messenger) (Version: - Yahoo! Inc.) Языковой пакет для поддержки размещения набора средств Microsoft Visual Studio Tools для работы с приложениями 2012 (x64) - RUS (Version: 11.0.51108 - Microsoft Corporation) Hidden Языковой пакет для поддержки размещения набора средств Microsoft Visual Studio Tools для работы с приложениями 2012 (x86) - RUS (x32 Version: 11.0.51108 - Microsoft Corporation) Hidden ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-2841341764-4259199002-3796252902-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{00000001-0E3A-4123-8B32-4B68A91E104A}\InprocServer32 -> C:\Program Files\TOSHIBA\TOSHIBA Places Icon Utility\TosDIBasePlace.dll (Toshiba Corporation) CustomCLSID: HKU\S-1-5-21-2841341764-4259199002-3796252902-1001_Classes\CLSID\{00000001-0E3A-4123-8B32-4B68A91E104A}\InprocServer32 -> C:\Program Files\TOSHIBA\TOSHIBA Places Icon Utility\TosDIBasePlace.dll (Toshiba Corporation) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {262DDD4F-3B33-4A8C-A45A-FBE68CC2A82D} - System32\Tasks\Toshiba\CommonNotifier => C:\Program Files (x86)\Toshiba TEMPRO\Toshiba.Tempro.UI.CommonNotifier.exe [2012-08-10] (Toshiba Europe GmbH) Task: {2848877C-ADAD-494D-8E67-B85DD3D23E6D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.) Task: {2E1E8925-9ABA-4D40-ABAE-E7A5DBC52954} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2841341764-4259199002-3796252902-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe Task: {3137EDDF-6AEE-418A-99DB-51D1EB66CDE6} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.) Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\WINDOWS\System32\AutoWorkplace.exe Task: {358D2DF9-F601-4C10-AA63-F8519595A006} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation) Task: {45F4087C-ADD6-4E1A-B544-83C1AD7307D6} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-10-12] (Adobe Systems Incorporated) Task: {48484ED3-8937-42D1-8D32-E846A7C8DDA7} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2015-08-27] (Apple Inc.) Task: {521EFD6D-C5CF-4552-A62E-815900EAD107} - System32\Tasks\klcp_update => C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe [2016-08-15] () Task: {54148399-229B-4991-B6B5-BF865D24EE65} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-2841341764-4259199002-3796252902-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe Task: {64748C4D-BBD6-41C5-BA03-D9E299F45D6C} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 35 => C:\Program Files (x86)\Lenovo\Customer Feedback Program 35\Lenovo.TVT.CustomerFeedback.Agent35.exe [2015-07-06] (Lenovo) Task: {6BFB1026-52E4-4025-ACAF-E048D63D8543} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-2841341764-4259199002-3796252902-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe Task: {6F8E4EC5-89C9-42A8-A605-9A62FB364181} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-12-08] (Piriform Ltd) Task: {72EB0BC5-7BEB-4DF9-A4B7-E53C589D4901} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2841341764-4259199002-3796252902-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe Task: {73E88E57-D0EF-4ECF-BD3B-86DA42A27A12} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation) Task: {9252894D-DA52-474B-A9B4-DDFFE515C1C6} - System32\Tasks\{BC2B1518-FC3A-4125-B44E-8649FE13BC07} => pcalua.exe -a C:\Users\TOSHIBA\AppData\Local\Mobogenie\driver\Unzip_Files\samsung_4523a0530\samsung.exe -d C:\Users\TOSHIBA\AppData\Local\Mobogenie\driver\Unzip_Files\samsung_4523a0530 Task: {92774DA2-FF5B-4D20-AF2A-E530E7BDF0B0} - System32\Tasks\TOSHIBA\Service Station => C:\Program Files\TOSHIBA\Toshiba Service Station\ToshibaServiceStation.exe [2012-07-27] (TOSHIBA Corporation) Task: {A294DC87-86EC-4E77-936A-85367BCB7AA4} - System32\Tasks\AdobeAAMUpdater-1.0-pc-TOSHIBA => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2015-05-26] (Adobe Systems Incorporated) Task: {B227FE77-EBF7-4952-9500-AF6DF46B0B4E} - \WPD\SqmUpload_S-1-5-21-2841341764-4259199002-3796252902-1001 -> No File <==== ATTENTION Task: {D1EFD7B6-EBD0-4B28-B14E-DABA2248B0BB} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-2841341764-4259199002-3796252902-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe Task: {D260A17A-A634-4D34-9C98-E2DAFE29A124} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation) Task: {D40629E6-D761-4F41-A3CF-83BE0D1ED37C} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2015-10-08] (Synaptics Incorporated) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Shortcuts ============================= (The entries could be listed to be restored or removed.) ==================== Loaded Modules (Whitelisted) ============== 2016-07-16 13:42 - 2016-07-16 13:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll 2016-10-12 22:45 - 2016-10-12 22:45 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll 2015-10-13 05:45 - 2015-10-13 05:45 - 00085800 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll 2015-10-13 05:45 - 2015-10-13 05:45 - 01328912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll 2014-01-12 16:50 - 2012-10-23 19:42 - 00347120 ____N () C:\Program Files (x86)\InternetEverywhere\InternetEverywhere_Service.exe 2016-11-11 23:20 - 2016-11-11 23:20 - 12472904 _____ () C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe 2016-10-12 22:45 - 2016-10-12 22:45 - 02681200 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll 2016-10-12 17:43 - 2016-10-12 17:43 - 01864384 _____ () C:\Users\TOSHIBA\AppData\Local\Microsoft\OneDrive\17.3.6517.0809_1\amd64\ClientTelemetry.dll 2016-07-12 18:40 - 2016-07-12 18:40 - 08909504 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll 2014-08-01 13:19 - 2011-03-02 13:40 - 00164864 _____ () C:\Program Files\WinRAR\rarext.dll 2016-10-12 22:45 - 2016-10-12 22:45 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll 2016-11-09 13:05 - 2016-11-02 12:30 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll 2016-11-09 13:04 - 2016-11-02 12:21 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll 2016-11-09 13:04 - 2016-11-02 12:15 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll 2016-11-09 13:04 - 2016-11-02 12:14 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll 2016-11-09 13:04 - 2016-11-02 12:15 - 01033216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll 2016-11-09 13:04 - 2016-11-02 12:16 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll 2016-11-09 13:04 - 2016-11-02 12:17 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll 2012-12-10 05:12 - 2012-12-10 05:12 - 00158536 _____ () C:\WINDOWS\System32\SRSLabs\{176F4E15-8F7C-4833-ADED-81FAE8CCD186}\slcc3d64.dll 2015-07-09 00:18 - 2015-07-09 00:18 - 00794920 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\kpcengine.2.3.dll 2016-11-11 23:20 - 2016-11-11 23:20 - 00173128 _____ () C:\Program Files (x86)\VMware\VMware Workstation\nfc-types.dll 2016-11-11 23:20 - 2016-11-11 23:20 - 00199752 _____ () C:\Program Files (x86)\VMware\VMware Workstation\LIBEXPAT.dll 2016-11-11 23:20 - 2016-11-11 23:20 - 00396872 _____ () C:\Program Files (x86)\VMware\VMware Workstation\ssoClient.dll 2012-09-06 08:32 - 2012-06-25 19:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll 2016-07-12 18:40 - 2016-07-12 18:40 - 08909504 _____ () C:\Program Files (x86)\Microsoft Office\Office15\1033\GrooveIntlResource.dll 2016-12-09 06:31 - 2016-12-01 03:29 - 01834600 _____ () C:\Program Files (x86)\Google\Chrome\Application\55.0.2883.75\libglesv2.dll 2016-12-09 06:31 - 2016-12-01 03:29 - 00091240 _____ () C:\Program Files (x86)\Google\Chrome\Application\55.0.2883.75\libegl.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service" ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2013-08-22 15:25 - 2016-08-23 15:45 - 00000027 ____A C:\WINDOWS\system32\Drivers\etc\hosts 127.0.0.1 localhost ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg HKU\S-1-5-21-2841341764-4259199002-3796252902-1001\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\windows\img0.jpg HKU\S-1-5-21-2841341764-4259199002-3796252902-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\windows\img0.jpg DNS Servers: 8.8.8.8 - 8.8.4.4 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == HKLM\...\StartupApproved\StartupFolder: => "Snagit 11.lnk" HKLM\...\StartupApproved\StartupFolder: => "Launcher.lnk" HKLM\...\StartupApproved\Run: => "SynTPEnh" HKLM\...\StartupApproved\Run: => "TecoResident" HKLM\...\StartupApproved\Run: => "TSleepSrv" HKLM\...\StartupApproved\Run: => "SRS Premium Sound HD" HKLM\...\StartupApproved\Run: => "TCrdMain" HKLM\...\StartupApproved\Run: => "TODDMain" HKLM\...\StartupApproved\Run: => "TosWaitSrv" HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0" HKLM\...\StartupApproved\Run: => "iTunesHelper" HKLM\...\StartupApproved\Run32: => "ToshibaDynamicIconUtility" HKLM\...\StartupApproved\Run32: => "StartCCC" HKLM\...\StartupApproved\Run32: => "TPUReg" HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched" HKLM\...\StartupApproved\Run32: => "VirtualCloneDrive" HKLM\...\StartupApproved\Run32: => "mobilegeni daemon" HKLM\...\StartupApproved\Run32: => "AdobeAAMUpdater-1.0" HKLM\...\StartupApproved\Run32: => "AdobeCS6ServiceManager" HKLM\...\StartupApproved\Run32: => "TkBellExe" HKLM\...\StartupApproved\Run32: => "SwitchBoard" HKLM\...\StartupApproved\Run32: => "BlueStacks Agent" HKLM\...\StartupApproved\Run32: => "Wondershare Helper Compact.exe" HKU\S-1-5-21-2841341764-4259199002-3796252902-1001\...\StartupApproved\Run: => "WebcamMaxAutoRun" HKU\S-1-5-21-2841341764-4259199002-3796252902-1001\...\StartupApproved\Run: => "Viber" HKU\S-1-5-21-2841341764-4259199002-3796252902-1001\...\StartupApproved\Run: => "uTorrent" HKU\S-1-5-21-2841341764-4259199002-3796252902-1001\...\StartupApproved\Run: => "Nimbuzz" HKU\S-1-5-21-2841341764-4259199002-3796252902-1001\...\StartupApproved\Run: => "Skype" HKU\S-1-5-21-2841341764-4259199002-3796252902-1001\...\StartupApproved\Run: => "CCleaner Monitoring" HKU\S-1-5-21-2841341764-4259199002-3796252902-1001\...\StartupApproved\Run: => "BitTorrent" HKU\S-1-5-21-2841341764-4259199002-3796252902-1001\...\StartupApproved\Run: => "kpm.exe" HKU\S-1-5-21-2841341764-4259199002-3796252902-1001\...\StartupApproved\Run: => "OneDrive" HKU\S-1-5-21-2841341764-4259199002-3796252902-1001\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_D57DC8CD91C640D5C9F3BEBC9460BA9B" HKU\S-1-5-21-2841341764-4259199002-3796252902-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\Run: => "WebcamMaxAutoRun" HKU\S-1-5-21-2841341764-4259199002-3796252902-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\Run: => "Viber" HKU\S-1-5-21-2841341764-4259199002-3796252902-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\Run: => "uTorrent" HKU\S-1-5-21-2841341764-4259199002-3796252902-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\Run: => "Nimbuzz" HKU\S-1-5-21-2841341764-4259199002-3796252902-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\Run: => "Skype" HKU\S-1-5-21-2841341764-4259199002-3796252902-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\Run: => "CCleaner Monitoring" HKU\S-1-5-21-2841341764-4259199002-3796252902-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\Run: => "BitTorrent" HKU\S-1-5-21-2841341764-4259199002-3796252902-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\Run: => "kpm.exe" HKU\S-1-5-21-2841341764-4259199002-3796252902-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\Run: => "OneDrive" HKU\S-1-5-21-2841341764-4259199002-3796252902-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_D57DC8CD91C640D5C9F3BEBC9460BA9B" ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [vm-monitoring-nb-session] => LPort=139 FirewallRules: [{0E87B5EB-2A2A-4C05-9C5A-5B9E1DF68622}] => C:\Users\TOSHIBA\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{DFC28760-C39A-447E-A7EE-A6D63991DCDF}] => C:\Users\TOSHIBA\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{948E757C-C96C-491F-80E6-E68231718422}] => C:\Program Files (x86)\Lenovo\SHAREit\SHAREit.exe FirewallRules: [{D0B93A2B-5085-4BB3-90EA-74F4665BDFF6}] => C:\Program Files (x86)\Lenovo\SHAREit\SHAREit.exe FirewallRules: [{C03300D5-4235-4C06-89D9-C78A050470F0}] => C:\Program Files\iTunes\iTunes.exe FirewallRules: [{0803CE69-1016-49E3-AB81-6B2BD699FF83}] => C:\Program Files\Microsoft Office\Office15\UcMapi.exe FirewallRules: [{122633C5-27D3-419E-BF60-B595E983BBC6}] => C:\Program Files\Microsoft Office\Office15\UcMapi.exe FirewallRules: [{DB654CDA-D3B6-4B98-95FE-C89B88F1CEC4}] => C:\Program Files\Microsoft Office\Office15\lync.exe FirewallRules: [{2D5BC514-1CC6-461A-B94D-D9932E7DCA50}] => C:\Program Files\Microsoft Office\Office15\lync.exe FirewallRules: [{AACE2BC8-222B-4554-AB85-7C7B81D68E67}] => C:\Users\TOSHIBA\AppData\Local\Viber\Viber.exe FirewallRules: [{1AE975D8-6EFC-46C6-8D00-3DAEE4642ED8}] => C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneDaemon.exe FirewallRules: [{D1C763D8-31DD-4EB6-955F-99393D959476}] => C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneDaemon.exe FirewallRules: [{C460F504-73E4-4777-94C8-4268565A0077}] => C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneLtdServices.exe FirewallRules: [{39794737-3397-4BFE-8ADC-9B608B2E5B35}] => C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneLtdServices.exe FirewallRules: [{892E2608-6CEB-40F9-A9C3-3F232061EC8D}] => C:\Program Files (x86)\Skype\Phone\Skype.exe FirewallRules: [{87D682AC-34B7-42D0-8629-A37ECC7D2358}] => C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe FirewallRules: [{D705C41C-8400-447F-8657-51EF8F46BA6E}] => C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe FirewallRules: [{D2F6CB77-AAFD-4DFF-887C-7DF1527870E8}] => C:\Program Files\Microsoft Office\Office15\lync.exe FirewallRules: [{0CEC3444-62A6-47D4-8427-A0F21D9CDCD5}] => C:\Program Files\Microsoft Office\Office15\lync.exe FirewallRules: [{A562A5C1-4B40-477B-9089-67077DE1F897}] => C:\Program Files\Microsoft Office\Office15\UcMapi.exe FirewallRules: [{EB57D217-DCFE-4351-8DCF-BBD24997DEAE}] => C:\Program Files\Microsoft Office\Office15\UcMapi.exe FirewallRules: [{30A5B12C-74EA-43A0-BB34-4EB6EE0302C9}] => C:\WINDOWS\SysWOW64\router.exe FirewallRules: [{87293806-8A19-4D26-801A-A8C9745755E2}] => C:\Program Files (x86)\Virtual WiFi Router\VirtualWiFiRouterLibrary.dll FirewallRules: [{E3164CC0-00A4-4762-8C40-5C0CB4B1A8BD}] => C:\Program Files (x86)\Virtual WiFi Router\VirtualWiFiRouterLibrary.dll FirewallRules: [{CCD1C424-B91F-415F-976A-CD3C1EA17DA9}] => C:\Program Files (x86)\Virtual WiFi Router\VirtualWiFiRouterLibrary.dll FirewallRules: [{014CF151-48BA-408B-A9C5-6809BB3D88AE}] => C:\Program Files (x86)\Virtual WiFi Router\VirtualWiFiRouterLibrary.dll FirewallRules: [{C991DB89-3AF8-4C65-B111-0D48A3D587C3}] => c:\Program Files\Corel\CorelDRAW Graphics Suite X7\Programs64\CorelDrw.exe FirewallRules: [{FA898563-3C7A-4960-8D0F-212436820E9B}] => c:\Program Files\Corel\CorelDRAW Graphics Suite X7\Programs64\CorelPP.exe FirewallRules: [{B86B557F-9BFD-4AC3-8C5D-6F9C4BA4E398}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{7FDEF2EB-E8A7-42D9-9083-432A7711D16A}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{F383A647-0F41-4FA4-BBE9-E94B1ADBB263}] => C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe FirewallRules: [{A471E2F5-E932-442C-8C9D-C56F0565024C}] => C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe FirewallRules: [{D40B1022-E0CD-42DC-8CE4-AF717EEA1068}] => C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe FirewallRules: [{230F049E-FD92-4E77-9693-C0238C540A1E}] => C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe FirewallRules: [TCP Query User{3F30943A-C155-4054-B944-209656C4F6D5}C:\program files (x86)\cisco packet tracer 6.1sv\bin\packettracer6.exe] => C:\program files (x86)\cisco packet tracer 6.1sv\bin\packettracer6.exe FirewallRules: [UDP Query User{968258E3-3E40-432B-9D93-6B46A135AB12}C:\program files (x86)\cisco packet tracer 6.1sv\bin\packettracer6.exe] => C:\program files (x86)\cisco packet tracer 6.1sv\bin\packettracer6.exe FirewallRules: [{57284858-ABE2-4FD0-B022-51A785823B4E}] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Restore Points ========================= 24-11-2016 15:04:19 Scheduled Checkpoint 04-12-2016 07:13:21 Scheduled Checkpoint 08-12-2016 12:03:04 Removed Reflector 2 ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (12/09/2016 10:19:05 AM) (Source: vmauthd) (EventID: 1000) (User: ) Description: Cannot find perfmon object in array returned by perfDLL, index=0 Error: (12/09/2016 10:12:41 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: mbamservice.exe, version: 3.1.0.388, time stamp: 0x58320f73 Faulting module name: RPCRT4.dll, version: 10.0.14393.82, time stamp: 0x57a558cf Exception code: 0xc0000005 Fault offset: 0x0000000000005689 Faulting process id: 0xff4 Faulting application start time: 0x01d251f3fb995d4c Faulting application path: C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe Faulting module path: C:\WINDOWS\System32\RPCRT4.dll Report Id: a76b1e86-06be-4275-9a15-e4e7428346eb Faulting package full name: Faulting package-relative application ID: Error: (12/09/2016 10:12:41 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: mbamtray.exe, version: 3.0.0.849, time stamp: 0x583dca59 Faulting module name: mbamtray.exe, version: 3.0.0.849, time stamp: 0x583dca59 Exception code: 0xc0000005 Fault offset: 0x00055315 Faulting process id: 0x1e3c Faulting application start time: 0x01d251f3fc1a6b1a Faulting application path: C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe Faulting module path: C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe Report Id: 03c20dc0-6d73-4310-a768-a5ea7c827024 Faulting package full name: Faulting package-relative application ID: Error: (12/09/2016 10:12:23 AM) (Source: VSS) (EventID: 8193) (User: ) Description: Volume Shadow Copy Service error: Unexpected error calling routine QueryFullProcessImageNameW. hr = 0x8007001f, A device attached to the system is not functioning. . Operation: Executing Asynchronous Operation Context: Current State: DoSnapshotSet Error: (12/09/2016 10:11:54 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object. Details: AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol. System Error: Access is denied. . Error: (12/09/2016 10:11:27 AM) (Source: VSS) (EventID: 8194) (User: ) Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied. . This is often caused by incorrect security settings in either the writer or requestor process. Operation: Gathering Writer Data Context: Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220} Writer Name: System Writer Writer Instance ID: {9bf7cea5-7a00-44a2-b001-c02d00d2e522} Error: (12/09/2016 08:08:23 AM) (Source: vmauthd) (EventID: 1000) (User: ) Description: Cannot find perfmon object in array returned by perfDLL, index=0 Error: (12/09/2016 06:06:42 AM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: ) Description: Event-ID 0 Error: (12/09/2016 06:02:56 AM) (Source: vmauthd) (EventID: 1000) (User: ) Description: Cannot find perfmon object in array returned by perfDLL, index=0 Error: (12/09/2016 06:02:50 AM) (Source: Perflib) (EventID: 1008) (User: ) Description: The Open Procedure for service "BITS" in DLL "C:\Windows\System32\bitsperf.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code. System errors: ============= Error: (12/09/2016 10:20:22 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {8D8F4F83-3594-4F07-8369-FC3C3CAE4919} and APPID {F72671A9-012C-4725-9D2F-2A4D32D65169} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (12/09/2016 10:18:44 AM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The MBAMService service depends on the MBAMProtector service which failed to start because of the following error: MBAMService is not a valid Win32 application. Error: (12/09/2016 10:18:44 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The MBAMProtector service failed to start due to the following error: MBAMProtector is not a valid Win32 application. Error: (12/09/2016 10:17:32 AM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The VMware Workstation Server service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. Error: (12/09/2016 08:11:00 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {8D8F4F83-3594-4F07-8369-FC3C3CAE4919} and APPID {F72671A9-012C-4725-9D2F-2A4D32D65169} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (12/09/2016 08:06:57 AM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The VMware Workstation Server service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. Error: (12/09/2016 06:05:15 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {8D8F4F83-3594-4F07-8369-FC3C3CAE4919} and APPID {F72671A9-012C-4725-9D2F-2A4D32D65169} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (12/09/2016 06:01:58 AM) (Source: Microsoft-Windows-HAL) (EventID: 13) (User: NT AUTHORITY) Description: The system watchdog timer was triggered. Error: (12/09/2016 06:02:29 AM) (Source: EventLog) (EventID: 6008) (User: ) Description: The previous system shutdown at 3:40:02 PM on 12/8/2016 was unexpected. Error: (12/08/2016 04:40:45 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {8D8F4F83-3594-4F07-8369-FC3C3CAE4919} and APPID {F72671A9-012C-4725-9D2F-2A4D32D65169} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. ==================== Memory info =========================== Processor: Intel(R) Core(TM) i5-3210M CPU @ 2.50GHz Percentage of memory in use: 49% Total physical RAM: 6097.7 MB Available physical RAM: 3107.84 MB Total Virtual: 7121.7 MB Available Virtual: 3662.42 MB ==================== Drives ================================ Drive c: (TI30964900A) (Fixed) (Total:194.88 GB) (Free:29.63 GB) NTFS Drive e: (D) (Fixed) (Total:392.02 GB) (Free:38.91 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 596.2 GB) (Disk ID: 08C8418F) Partition: GPT. ==================== End of Addition.txt ============================ -
proxy server keep changing back to 127.0.0.1 port 8080
desly replied to desly's topic in Resolved Malware Removal Logs
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 07-12-2016 Ran by TOSHIBA (administrator) on PC (09-12-2016 10:56:35) Running from C:\Users\TOSHIBA\Desktop Loaded Profiles: TOSHIBA & (Available Profiles: TOSHIBA) Platform: Windows 10 Home Single Language Version 1607 (X64) Language: English (United States) Internet Explorer Version 11 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AMD) C:\Windows\System32\atiesrxx.exe (AMD) C:\Windows\System32\atieclxx.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE64.EXE (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe () C:\Program Files (x86)\InternetEverywhere\InternetEverywhere_Service.exe (arvato digital services llc) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (Microsoft©) C:\Windows\SysWOW64\router.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe (TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\Teco\TecoService.exe (VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe (VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe (DEVGURU Co., LTD.) C:\Program Files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\avp.exe (Rosetta Stone Ltd.) C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneDaemon.exe () C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\avpui.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IDMan.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.31.5\GoogleCrashHandler.exe (Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.31.5\GoogleCrashHandler64.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Toshiba Europe GmbH) C:\Program Files (x86)\Toshiba TEMPRO\Toshiba.Tempro.UI.CommonNotifier.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\System32\smartscreen.exe ==================== Registry (Whitelisted) ==================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13261456 2012-12-10] (Realtek Semiconductor) HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe [2608040 2012-08-14] (TOSHIBA Corporation) HKLM\...\Run: [TSleepSrv] => C:\Program Files (x86)\TOSHIBA\System Setting\TSleepSrv.exe [1548952 2012-08-05] (TOSHIBA Corporation) HKLM\...\Run: [TODDMain] => C:\Program Files (x86)\TOSHIBA\System Setting\TODDMain.exe [213136 2012-08-05] () HKLM\...\Run: [TecoResident] => C:\Program Files\TOSHIBA\Teco\TecoResident.exe [169896 2012-08-14] (TOSHIBA Corporation) HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [356776 2012-07-11] (TOSHIBA Corporation) HKLM\...\Run: [SRS Premium Sound HD] => C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe [2170784 2012-07-27] (SRS Labs, Inc.) HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500936 2015-05-26] (Adobe Systems Incorporated) HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-10-16] (Apple Inc.) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3954880 2015-10-08] (Synaptics Incorporated) HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-11-04] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [ToshibaDynamicIconUtility] => C:\Program Files\TOSHIBA\TOSHIBA Places Icon Utility\TosDIMonitor.exe [1498624 2012-08-09] (Toshiba) HKLM-x32\...\Run: [TPUReg] => C:\Program Files (x86)\TOSHIBA\Password Utility\TosPU.exe [6884352 2012-08-23] (Pegatron Corporation) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation) HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated) HKLM-x32\...\Run: [VirtualCloneDrive] => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [88984 2013-03-10] (Elaborate Bytes AG) HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2072928 2014-10-31] (Wondershare) HKLM-x32\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe [896632 2015-07-22] (BlueStack Systems, Inc.) HKLM-x32\...\Run: [vmware-tray.exe] => C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe [112200 2016-11-11] (VMware, Inc.) HKU\S-1-5-21-2841341764-4259199002-3796252902-1001\...\Run: [WebcamMaxAutoRun] => C:\Program Files (x86)\WebcamMax\WebcamMax.exe [1561232 2009-12-30] (CoolwareMax) HKU\S-1-5-21-2841341764-4259199002-3796252902-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [30877280 2014-12-11] (Skype Technologies S.A.) HKU\S-1-5-21-2841341764-4259199002-3796252902-1001\...\Run: [Viber] => C:\Users\TOSHIBA\AppData\Local\Viber\Viber.exe [71876176 2016-06-24] (Viber Media S.Ã r.l.) HKU\S-1-5-21-2841341764-4259199002-3796252902-1001\...\Run: [kpm.exe] => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Password Manager 8.0.3\kpm.exe [7473880 2015-07-18] (AO Kaspersky Lab) HKU\S-1-5-21-2841341764-4259199002-3796252902-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8590760 2015-12-08] (Piriform Ltd) HKU\S-1-5-21-2841341764-4259199002-3796252902-1001\...\Run: [uTorrent] => C:\Users\TOSHIBA\AppData\Roaming\uTorrent\uTorrent.exe [2247680 2016-05-06] (BitTorrent Inc.) HKU\S-1-5-21-2841341764-4259199002-3796252902-1001\...\Run: [IDMan] => C:\Program Files (x86)\Internet Download Manager\IDMan.exe [3981368 2016-10-25] (Tonec Inc.) HKU\S-1-5-21-2841341764-4259199002-3796252902-1001\...\Run: [GoogleChromeAutoLaunch_D57DC8CD91C640D5C9F3BEBC9460BA9B] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [941160 2016-12-01] (Google Inc.) HKU\S-1-5-21-2841341764-4259199002-3796252902-1001\...\MountPoints2: {83a0f546-b3bb-11e6-8221-4c72b99fe2d4} - "G:\HTC_Sync_Manager_PC.exe" HKU\S-1-5-21-2841341764-4259199002-3796252902-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [WebcamMaxAutoRun] => C:\Program Files (x86)\WebcamMax\WebcamMax.exe [1561232 2009-12-30] (CoolwareMax) HKU\S-1-5-21-2841341764-4259199002-3796252902-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [30877280 2014-12-11] (Skype Technologies S.A.) HKU\S-1-5-21-2841341764-4259199002-3796252902-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Viber] => C:\Users\TOSHIBA\AppData\Local\Viber\Viber.exe [71876176 2016-06-24] (Viber Media S.Ã r.l.) HKU\S-1-5-21-2841341764-4259199002-3796252902-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [kpm.exe] => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Password Manager 8.0.3\kpm.exe [7473880 2015-07-18] (AO Kaspersky Lab) HKU\S-1-5-21-2841341764-4259199002-3796252902-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8590760 2015-12-08] (Piriform Ltd) HKU\S-1-5-21-2841341764-4259199002-3796252902-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [uTorrent] => C:\Users\TOSHIBA\AppData\Roaming\uTorrent\uTorrent.exe [2247680 2016-05-06] (BitTorrent Inc.) HKU\S-1-5-21-2841341764-4259199002-3796252902-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [IDMan] => C:\Program Files (x86)\Internet Download Manager\IDMan.exe [3981368 2016-10-25] (Tonec Inc.) HKU\S-1-5-21-2841341764-4259199002-3796252902-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [GoogleChromeAutoLaunch_D57DC8CD91C640D5C9F3BEBC9460BA9B] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [941160 2016-12-01] (Google Inc.) HKU\S-1-5-21-2841341764-4259199002-3796252902-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {83a0f546-b3bb-11e6-8221-4c72b99fe2d4} - "G:\HTC_Sync_Manager_PC.exe" ShellIconOverlayIdentifiers: [ IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll [2015-08-14] (Tonec Inc.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Launcher.lnk [2015-12-16] ShortcutTarget: Launcher.lnk -> C:\Program Files (x86)\InternetEverywhere\InternetEverywhere_Launcher.exe () Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Snagit 11.lnk [2015-12-16] ShortcutTarget: Snagit 11.lnk -> C:\Program Files (x86)\TechSmith\Snagit 11\Snagit32.exe (TechSmith Corporation) Startup: C:\Users\TOSHIBA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2016-11-14] ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office\Office15\ONENOTEM.EXE (Microsoft Corporation) GroupPolicy\User: Restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings: [ProxySettingsPerUser] 0 <======= ATTENTION (Restriction - ProxySettings) ProxyEnable: [HKLM] => Proxy is enabled. ProxyEnable: [HKLM-x32] => Proxy is enabled. ProxyServer: [HKLM] => http=127.0.0.1:8080;https=127.0.0.1:8080 ProxyServer: [HKLM-x32] => http=127.0.0.1:8080;https=127.0.0.1:8080 AutoConfigURL: [HKLM] => http=127.0.0.1:8080;https=127.0.0.1:8080 Tcpip\..\Interfaces\{15987b5d-8a5c-477d-9c62-5f23e4e9f6dc}: [NameServer] 162.221.181.52,162.221.181.53,8.8.8.8 Tcpip\..\Interfaces\{1ec678d0-4ee7-4187-a62e-63cfe820fe91}: [NameServer] 8.8.8.8,8.8.4.4 Tcpip\..\Interfaces\{2b8dc4eb-88ea-416a-81dd-14eb714db0a7}: [DhcpNameServer] 192.168.0.1 Tcpip\..\Interfaces\{349f6f06-3afe-441b-a977-4413469dd60e}: [NameServer] 8.8.8.8,8.8.4.4 Tcpip\..\Interfaces\{349f6f06-3afe-441b-a977-4413469dd60e}: [DhcpNameServer] 41.208.116.8 62.68.42.2 Tcpip\..\Interfaces\{9b3bdb46-d425-4890-8e4b-8f3876644e06}: [NameServer] 8.8.8.8,8.8.4.4 Tcpip\..\Interfaces\{f20145d4-94ae-455b-811f-50613f5fbb3c}: [NameServer] 8.8.8.8,8.8.4.4 Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://toshiba13.msn.com HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://toshiba13.msn.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com HKU\S-1-5-21-2841341764-4259199002-3796252902-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.ae/ HKU\S-1-5-21-2841341764-4259199002-3796252902-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.ae/ SearchScopes: HKU\S-1-5-21-2841341764-4259199002-3796252902-1001 -> {3FEA05DB-89BB-49D5-9D2D-A133B2282315} URL = SearchScopes: HKU\S-1-5-21-2841341764-4259199002-3796252902-1001 -> {7A80F502-89DC-43FF-8D6E-FD71AC079A4C} URL = SearchScopes: HKU\S-1-5-21-2841341764-4259199002-3796252902-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {3FEA05DB-89BB-49D5-9D2D-A133B2282315} URL = SearchScopes: HKU\S-1-5-21-2841341764-4259199002-3796252902-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {7A80F502-89DC-43FF-8D6E-FD71AC079A4C} URL = BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll [2016-10-10] (Internet Download Manager, Tonec Inc.) BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2016-08-27] (Microsoft Corporation) BHO: Kaspersky Protection plugin -> {C66D064F-82FE-4E1A-B06A-B2490BA48B18} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\x64\IEExt\ie_plugin.dll [2016-10-25] (AO Kaspersky Lab) BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2016-08-16] (Microsoft Corporation) BHO: Kaspersky Password Manager -> {F710F7E5-A520-471D-989C-F653AC328FB2} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Password Manager 8.0.3\x64\ie_engine.dll [2015-07-18] (AO Kaspersky Lab) BHO-x32: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll [2016-10-10] (Internet Download Manager, Tonec Inc.) BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2016-08-27] (Microsoft Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-04-14] (Oracle Corporation) BHO-x32: Kaspersky Protection plugin -> {C66D064F-82FE-4E1A-B06A-B2490BA48B18} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\IEExt\ie_plugin.dll [2016-10-25] (AO Kaspersky Lab) BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2016-08-16] (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-04-14] (Oracle Corporation) BHO-x32: Kaspersky Password Manager -> {F710F7E5-A520-471D-989C-F653AC328FB2} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Password Manager 8.0.3\ie_engine.dll [2015-07-18] (AO Kaspersky Lab) Toolbar: HKLM - Kaspersky Protection toolbar - {3507FA00-ADA2-4A02-99B9-51AD26CA9120} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\x64\IEExt\ie_plugin.dll [2016-10-25] (AO Kaspersky Lab) Toolbar: HKLM-x32 - Kaspersky Protection toolbar - {3507FA00-ADA2-4A02-99B9-51AD26CA9120} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\IEExt\ie_plugin.dll [2016-10-25] (AO Kaspersky Lab) Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2016-05-17] (Microsoft Corporation) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies) FireFox: ======== FF ProfilePath: C:\Users\TOSHIBA\AppData\Roaming\Mozilla\Firefox\Profiles\xwrr4w3r.default [2016-10-28] FF DefaultSearchEngine: Mozilla\Firefox\Profiles\xwrr4w3r.default -> Bing FF SelectedSearchEngine: Mozilla\Firefox\Profiles\xwrr4w3r.default -> Bing FF SearchEngineOrder.3: Mozilla\Firefox\Profiles\xwrr4w3r.default -> Bing FF Keyword.URL: Mozilla\Firefox\Profiles\xwrr4w3r.default -> hxxp://www.bing.com/search?FORM=U270DF&PC=U270&q= FF Homepage: Mozilla\Firefox\Profiles\xwrr4w3r.default -> hxxp://www.msn.com/?pc=U270&ocid=U270DHP&osmkt=en-us FF Extension: (Bing Search) - C:\Users\TOSHIBA\AppData\Roaming\Mozilla\Firefox\Profiles\xwrr4w3r.default\Extensions\bingsearch.full@microsoft.com.xpi [2016-08-29] FF SearchPlugin: C:\Users\TOSHIBA\AppData\Roaming\Mozilla\Firefox\Profiles\xwrr4w3r.default\searchplugins\bing-.xml [2016-08-29] FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext => not found FF HKLM-x32\...\Firefox\Extensions: [light_plugin_D772DC8D6FAF43A29B25C4EBAA5AD1DE@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\FFExt\light_plugin_firefox FF Extension: (Kaspersky Protection) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\FFExt\light_plugin_firefox [2016-10-25] FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK => not found FF HKU\S-1-5-21-2841341764-4259199002-3796252902-1001\...\Firefox\Extensions: [kpm_add_on@kaspersky] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Password Manager 8.0.3\kpm_add_on@kaspersky FF Extension: (Kaspersky Password Manager) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Password Manager 8.0.3\kpm_add_on@kaspersky [2015-10-11] FF HKU\S-1-5-21-2841341764-4259199002-3796252902-1001\...\Firefox\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi FF Extension: (IDM integration) - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi [2016-10-11] FF HKU\S-1-5-21-2841341764-4259199002-3796252902-1001\...\SeaMonkey\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi FF HKU\S-1-5-21-2841341764-4259199002-3796252902-1001\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\TOSHIBA\AppData\Roaming\IDM\idmmzcc5 FF Extension: (IDM CC) - C:\Users\TOSHIBA\AppData\Roaming\IDM\idmmzcc5 [2016-12-09] [not signed] FF HKU\S-1-5-21-2841341764-4259199002-3796252902-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Firefox\Extensions: [kpm_add_on@kaspersky] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Password Manager 8.0.3\kpm_add_on@kaspersky FF HKU\S-1-5-21-2841341764-4259199002-3796252902-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Firefox\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi FF HKU\S-1-5-21-2841341764-4259199002-3796252902-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\SeaMonkey\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi FF HKU\S-1-5-21-2841341764-4259199002-3796252902-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\TOSHIBA\AppData\Roaming\IDM\idmmzcc5 FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_23_0_0_185.dll [2016-10-12] () FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50709.0\npctrl.dll [2016-07-11] ( Microsoft Corporation) FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation) FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN) FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2015-03-09] (Adobe Systems) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_23_0_0_185.dll [2016-10-12] () FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-10-08] () FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-07] (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-07] (Intel Corporation) FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-04-14] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-04-14] (Oracle Corporation) FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll [2011-08-22] (Yahoo! Inc.) FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-07-19] (Microsoft Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50709.0\npctrl.dll [2016-07-11] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-22] (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-05-08] (Adobe Systems Inc.) FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2015-03-09] (Adobe Systems) FF Plugin HKU\S-1-5-21-2841341764-4259199002-3796252902-1001: kaspersky.com/KPMPlugin -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Password Manager 8.0.3\npKPMPlugin.dll [2015-07-18] (Kaspersky Lab) FF Plugin HKU\S-1-5-21-2841341764-4259199002-3796252902-1001: kpm_add_on@kaspersky -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Password Manager 8.0.3\kpm_add_on@kaspersky [2015-10-11] () FF Plugin HKU\S-1-5-21-2841341764-4259199002-3796252902-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: kaspersky.com/KPMPlugin -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Password Manager 8.0.3\npKPMPlugin.dll [2015-07-18] (Kaspersky Lab) FF Plugin HKU\S-1-5-21-2841341764-4259199002-3796252902-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: kpm_add_on@kaspersky -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Password Manager 8.0.3\kpm_add_on@kaspersky [2015-10-11] () FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2016-07-19] (Microsoft Corporation) StartMenuInternet: FIREFOX.EXE - firefox.exe Chrome: ======= CHR DefaultProfile: Default CHR HomePage: Default -> msn.com/?pc=__PARAM__&ocid=__PARAM__DHP&osmkt=en-us CHR DefaultSearchURL: Default -> hxxp://www.bing.com/search?FORM=__PARAM__DF&PC=__PARAM__&q={searchTerms} CHR DefaultSearchKeyword: Default -> bing.com CHR Profile: C:\Users\TOSHIBA\AppData\Local\Google\Chrome\User Data\Default [2016-12-09] CHR Extension: (Google Slides) - C:\Users\TOSHIBA\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-08-07] CHR Extension: (Google Docs) - C:\Users\TOSHIBA\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-04-16] CHR Extension: (Google Drive) - C:\Users\TOSHIBA\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21] CHR Extension: (YouTube) - C:\Users\TOSHIBA\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-26] CHR Extension: (Google Search) - C:\Users\TOSHIBA\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27] CHR Extension: (Kaspersky Protection) - C:\Users\TOSHIBA\AppData\Local\Google\Chrome\User Data\Default\Extensions\eahebamiopdhefndnmappcihfajigkka [2016-10-26] CHR Extension: (Google Sheets) - C:\Users\TOSHIBA\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-08-07] CHR Extension: (Google Docs Offline) - C:\Users\TOSHIBA\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-17] CHR Extension: (AdBlock) - C:\Users\TOSHIBA\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-11-23] CHR Extension: (Betternet Unlimited Free VPN Proxy) - C:\Users\TOSHIBA\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjknjjomckknofjidppipffbpoekiipm [2016-11-12] CHR Extension: (Kaspersky Password Manager) - C:\Users\TOSHIBA\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlpfbladobbejblkbfleiljmikcfhkem [2015-10-11] CHR Extension: (Skype) - C:\Users\TOSHIBA\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2016-10-28] CHR Extension: (IDM Integration Module) - C:\Users\TOSHIBA\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngpampappnmepgilojfohadhhmbhlaek [2016-11-26] CHR Extension: (Chrome Web Store Payments) - C:\Users\TOSHIBA\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-04] CHR Extension: (Gmail) - C:\Users\TOSHIBA\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-16] CHR Extension: (Chrome Media Router) - C:\Users\TOSHIBA\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-10-16] CHR Profile: C:\Users\TOSHIBA\AppData\Local\Google\Chrome\User Data\Guest Profile [2016-12-09] CHR Profile: C:\Users\TOSHIBA\AppData\Local\Google\Chrome\User Data\User Data [2016-08-23] <==== ATTENTION CHR Extension: (Kaspersky Protection) - C:\Users\TOSHIBA\AppData\Local\Google\Chrome\User Data\User Data\Extensions\blbkdnmdcafmfhinpmnlhhddbepgkeaa [2014-12-24] CHR Extension: (YouTube) - C:\Users\TOSHIBA\AppData\Local\Google\Chrome\User Data\User Data\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-02-06] CHR Extension: (Google Search) - C:\Users\TOSHIBA\AppData\Local\Google\Chrome\User Data\User Data\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-03-28] CHR Extension: (Kaspersky URL Advisor) - C:\Users\TOSHIBA\AppData\Local\Google\Chrome\User Data\User Data\Extensions\dchlnpcodkpfdpacogkljefecpegganj [2014-12-24] CHR Extension: (RealDownloader) - C:\Users\TOSHIBA\AppData\Local\Google\Chrome\User Data\User Data\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2014-06-27] CHR Extension: (Chrome Hotword Shared Module) - C:\Users\TOSHIBA\AppData\Local\Google\Chrome\User Data\User Data\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-13] CHR Extension: (IDM Integration Module) - C:\Users\TOSHIBA\AppData\Local\Google\Chrome\User Data\User Data\Extensions\ngpampappnmepgilojfohadhhmbhlaek [2015-04-16] CHR Extension: (Google Wallet) - C:\Users\TOSHIBA\AppData\Local\Google\Chrome\User Data\User Data\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-03-09] CHR Extension: (Gmail) - C:\Users\TOSHIBA\AppData\Local\Google\Chrome\User Data\User Data\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-28] CHR Extension: (Anti-Banner) - C:\Users\TOSHIBA\AppData\Local\Google\Chrome\User Data\User Data\Extensions\pjldcfjmnllhmgjclecdnfampinooman [2014-12-24] CHR HKLM\...\Chrome\Extension: [eahebamiopdhefndnmappcihfajigkka] - hxxps://chrome.google.com/webstore/detail/eahebamiopdhefndnmappcihfajigkka CHR HKLM\...\Chrome\Extension: [jeaohhlajejodfjadcponpnjgkiikocn] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2016-10-22] CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2016-10-22] CHR HKU\S-1-5-21-2841341764-4259199002-3796252902-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - hxxps://clients2.google.com/service/update2/crx CHR HKU\S-1-5-21-2841341764-4259199002-3796252902-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [hegneaniplmfjcmohoclabblbahcbjoe] - hxxp://clients2.google.com/service/update2/crx CHR HKU\S-1-5-21-2841341764-4259199002-3796252902-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [hlpfbladobbejblkbfleiljmikcfhkem] - hxxps://chrome.google.com/webstore/detail/hlpfbladobbejblkbfleiljmikcfhkem CHR HKU\S-1-5-21-2841341764-4259199002-3796252902-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - hxxps://clients2.google.com/service/update2/crx CHR HKU\S-1-5-21-2841341764-4259199002-3796252902-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [hegneaniplmfjcmohoclabblbahcbjoe] - hxxp://clients2.google.com/service/update2/crx CHR HKU\S-1-5-21-2841341764-4259199002-3796252902-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [hlpfbladobbejblkbfleiljmikcfhkem] - hxxps://chrome.google.com/webstore/detail/hlpfbladobbejblkbfleiljmikcfhkem CHR HKLM-x32\...\Chrome\Extension: [eahebamiopdhefndnmappcihfajigkka] - hxxps://chrome.google.com/webstore/detail/eahebamiopdhefndnmappcihfajigkka CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2016-10-22] ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.) R2 AVP16.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\avp.exe [194000 2015-10-07] (Kaspersky Lab ZAO) S3 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [433784 2015-06-16] (BlueStack Systems, Inc.) S3 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [413304 2015-06-16] (BlueStack Systems, Inc.) S3 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [831096 2015-07-21] (BlueStack Systems, Inc.) R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-06-27] (Intel Corporation) R2 InternetEverywhere_Service; C:\Program Files (x86)\InternetEverywhere\InternetEverywhere_Service.exe [347120 2012-10-23] () R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation) S3 Lenovo EasyPlus Hotspot; C:\Program Files (x86)\Common Files\LENOVO\easyplussdk\bin\EPHotspot64.exe [625632 2015-07-22] (Lenovo) R2 PSI_SVC_2_x64; c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [337776 2013-09-13] (arvato digital services llc) R2 router.exe; C:\WINDOWS\SysWOW64\router.exe [16384 2014-08-20] (Microsoft©) [File not signed] S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-03-01] (Riverbed Technology, Inc.) R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [201872 2012-12-10] (Realtek Semiconductor) R2 ss_conn_service; C:\Program Files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2015-05-21] (DEVGURU Co., LTD.) S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed] R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [255168 2015-10-08] (Synaptics Incorporated) S3 TemproMonitoringService; C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [114656 2012-08-10] (Toshiba Europe GmbH) R2 VMwareHostd; C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe [12472904 2016-11-11] () S3 vssbrigde64; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\x64\vssbridge64.exe [144640 2015-07-09] (AO Kaspersky Lab) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation) ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R3 AtiHDAudioService; C:\WINDOWS\system32\drivers\AtihdWT6.sys [102912 2015-05-28] (Advanced Micro Devices) R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [145528 2015-06-16] (BlueStack Systems) R0 cm_km; C:\WINDOWS\System32\DRIVERS\cm_km.sys [389816 2015-07-06] (Kaspersky Lab ZAO) S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131712 2016-09-05] (Samsung Electronics Co., Ltd.) R3 ElbyCDFL; C:\WINDOWS\System32\Drivers\ElbyCDFL.sys [40648 2007-02-16] (SlySoft, Inc.) R3 ElbyCDFL; C:\Windows\SysWOW64\Drivers\ElbyCDFL.sys [40648 2007-02-16] (SlySoft, Inc.) S3 epmntdrv; C:\windows\system32\epmntdrv.sys [17480 2013-03-07] () [File not signed] S3 epmntdrv; C:\windows\SysWOW64\epmntdrv.sys [13896 2013-03-07] () [File not signed] S3 EuGdiDrv; C:\windows\system32\EuGdiDrv.sys [9800 2013-03-07] () [File not signed] S3 EuGdiDrv; C:\windows\SysWOW64\EuGdiDrv.sys [9160 2013-03-07] () [File not signed] S3 ew_hwusbdev; C:\Windows\SysWOW64\DRIVERS\ew_hwusbdev.sys [117248 2014-01-12] (Huawei Technologies Co., Ltd.) S3 ew_usbenumfilter; C:\Windows\SysWOW64\drivers\ew_usbenumfilter.sys [13952 2014-01-12] (Huawei Technologies Co., Ltd.) S3 huawei_cdcacm; C:\Windows\SysWOW64\DRIVERS\ew_jucdcacm.sys [98304 2014-01-12] (Huawei Technologies Co., Ltd.) S3 huawei_cdcecm; C:\Windows\SysWOW64\DRIVERS\ew_jucdcecm.sys [72192 2014-01-12] (Huawei Technologies Co., Ltd.) S3 huawei_enumerator; C:\Windows\SysWOW64\drivers\ew_jubusenum.sys [87040 2014-01-12] (Huawei Technologies Co., Ltd.) S3 huawei_ext_ctrl; C:\Windows\SysWOW64\drivers\ew_juextctrl.sys [28672 2014-01-12] (Huawei Technologies Co., Ltd.) R0 kl1; C:\WINDOWS\System32\DRIVERS\kl1.sys [478392 2015-06-22] (Kaspersky Lab ZAO) R0 klbackupdisk; C:\WINDOWS\System32\DRIVERS\klbackupdisk.sys [53432 2015-06-06] (Kaspersky Lab ZAO) R1 klbackupflt; C:\WINDOWS\System32\DRIVERS\klbackupflt.sys [70512 2015-06-27] (Kaspersky Lab ZAO) R2 kldisk; C:\WINDOWS\system32\DRIVERS\kldisk.sys [77728 2016-03-02] (AO Kaspersky Lab) S0 klelam; C:\WINDOWS\System32\DRIVERS\klelam.sys [30328 2015-06-24] (Kaspersky Lab) R3 klflt; C:\WINDOWS\system32\DRIVERS\klflt.sys [181640 2015-10-20] (AO Kaspersky Lab) R1 klhk; C:\WINDOWS\system32\DRIVERS\klhk.sys [238000 2016-05-26] (AO Kaspersky Lab) R1 KLIF; C:\WINDOWS\System32\DRIVERS\klif.sys [933808 2016-05-26] (AO Kaspersky Lab) R1 KLIM6; C:\WINDOWS\system32\DRIVERS\klim6.sys [49240 2016-10-12] (AO Kaspersky Lab) R3 klkbdflt; C:\WINDOWS\system32\DRIVERS\klkbdflt.sys [41656 2015-06-06] (Kaspersky Lab ZAO) R3 klmouflt; C:\WINDOWS\system32\DRIVERS\klmouflt.sys [41656 2015-06-07] (Kaspersky Lab ZAO) R1 klpd; C:\WINDOWS\System32\DRIVERS\klpd.sys [41352 2015-10-07] (AO Kaspersky Lab) R1 klwfp; C:\WINDOWS\system32\DRIVERS\klwfp.sys [87984 2016-05-26] (AO Kaspersky Lab) R1 Klwtp; C:\WINDOWS\system32\DRIVERS\klwtp.sys [102584 2015-06-16] (Kaspersky Lab ZAO) R1 kneps; C:\WINDOWS\system32\DRIVERS\kneps.sys [187056 2015-06-23] (Kaspersky Lab ZAO) R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2016-12-09] (Malwarebytes) S3 Neo_VPN; C:\WINDOWS\system32\DRIVERS\Neo_VPN.sys [28640 2015-02-26] (SoftEther VPN Project at University of Tsukuba, Japan.) S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] () R2 NPF; C:\WINDOWS\System32\drivers\npf.sys [36600 2013-03-01] (Riverbed Technology, Inc.) R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [589824 2016-07-16] (Realtek ) R1 SeLow; C:\WINDOWS\system32\DRIVERS\SeLow_x64.sys [38368 2015-02-26] (SoftEther VPN Project at University of Tsukuba, Japan.) R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [51392 2015-10-08] (Synaptics Incorporated) S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [165504 2016-09-05] (Samsung Electronics Co., Ltd.) S3 taphss6; C:\WINDOWS\system32\DRIVERS\taphss6.sys [42184 2014-03-24] (Anchorfree Inc.) R3 Thotkey; C:\WINDOWS\System32\drivers\Thotkey.sys [54424 2015-07-29] (Toshiba Corporation) R1 VBoxNetAdp; C:\WINDOWS\system32\DRIVERS\VBoxNetAdp6.sys [121248 2016-09-12] (Oracle Corporation) R1 VBoxNetLwf; C:\WINDOWS\system32\DRIVERS\VBoxNetLwf.sys [195936 2016-09-12] (Oracle Corporation) R1 vmkbd3; C:\WINDOWS\system32\DRIVERS\vmkbd.sys [52288 2016-11-11] (VMware, Inc.) R0 vsock; C:\WINDOWS\system32\DRIVERS\vsock.sys [91712 2016-09-30] (VMware, Inc.) R2 vstor2-mntapi20-shared; C:\Windows\SysWow64\drivers\vstor2-mntapi20-shared.sys [34520 2015-07-09] (VMware, Inc.) S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation) S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation) S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation) U5 REALPLAYERUPDATESVC; no ImagePath ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-12-09 10:56 - 2016-12-09 10:57 - 00039565 _____ C:\Users\TOSHIBA\Desktop\FRST.txt 2016-12-09 10:41 - 2016-12-09 10:56 - 02420224 _____ (Farbar) C:\Users\TOSHIBA\Desktop\FRST64.exe 2016-12-09 10:22 - 2016-12-09 10:30 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2016-12-09 10:22 - 2016-12-09 10:22 - 00001186 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2016-12-09 10:22 - 2016-03-10 14:09 - 00065408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys 2016-12-09 10:22 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys 2016-12-09 10:22 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys 2016-12-09 08:40 - 2016-12-09 08:40 - 00000000 ____D C:\Users\TOSHIBA\Downloads\Vikings.S04E12.HDTV.x264-KILLERS[ettv] 2016-12-09 08:04 - 2016-12-09 08:04 - 00000000 ____D C:\Users\TOSHIBA\Downloads\Vikings.S04E11.HDTV.x264-KILLERS[ettv] 2016-12-09 07:01 - 2016-12-09 07:01 - 00000000 ____D C:\Users\TOSHIBA\Downloads\Arrow.S05E08.HDTV.x264-LOL[ettv] 2016-12-09 06:39 - 2016-12-09 06:39 - 00000000 ____D C:\Users\TOSHIBA\Downloads\The.Flash.2014.S03E09.HDTV.x264-LOL[ettv] 2016-12-08 07:46 - 2016-12-08 07:47 - 00000000 ____D C:\Users\TOSHIBA\Downloads\CBT Nuggets Cisco Virtual Internet Routing Lab (VIRL) 2016-12-08 06:16 - 2016-12-08 06:16 - 00000656 _____ C:\Users\TOSHIBA\Desktop\windows update10.diagcab 2016-12-06 19:12 - 2016-12-03 17:02 - 298707890 _____ C:\Users\TOSHIBA\Desktop\ICND1_SG.pdf 2016-12-06 06:25 - 2016-12-06 06:25 - 00001831 _____ C:\Users\TOSHIBA\Downloads\8C1961DCB44C0E060A1353B82EC0BEBB717410F4.torrent 2016-12-05 17:45 - 2016-12-05 17:48 - 00000000 ____D C:\Users\TOSHIBA\Desktop\CCNA ICND1 100-105 2016 2016-12-05 08:32 - 2016-12-08 06:55 - 00000000 ____D C:\Users\TOSHIBA\Downloads\CBT Nuggets GNS3 1.x Fundamentals 2016-12-05 08:32 - 2016-12-05 08:32 - 00019100 _____ C:\Users\TOSHIBA\Downloads\[limetorrents.cc]CBT.Nuggets.GNS3.1.x.Fundamentals.torrent 2016-12-05 08:26 - 2016-12-05 08:26 - 00023263 _____ C:\Users\TOSHIBA\Downloads\[limetorrents.cc]CBT.Nuggets.Cisco.Virtual.Internet.Routing.Lab..VIRL..Full.Course.-.2014.torrent 2016-12-05 08:20 - 2016-12-07 06:58 - 00000000 ____D C:\Users\TOSHIBA\Downloads\CBT Nuggets CCNA Hands on Labs Using Wireshark And GNS3 - [FirstUploads] 2016-12-05 08:19 - 2016-12-05 08:19 - 00172127 _____ C:\Users\TOSHIBA\Downloads\[limetorrents.cc]CBT.Nuggets.CCNA.Hands.on.Labs.Using.Wireshark.And.GNS3.-.[FirstUploads].torrent 2016-12-05 06:41 - 2016-12-05 06:41 - 00000000 ____D C:\Users\TOSHIBA\Downloads\Westworld.S01E10.HDTV.x264-FLEET[PRiME] 2016-11-30 14:54 - 2016-11-30 14:54 - 00021789 _____ C:\Users\TOSHIBA\Downloads\the-flash-third-season_HI_english-1455029.zip 2016-11-30 14:52 - 2016-11-30 14:52 - 00022526 _____ C:\Users\TOSHIBA\Downloads\gotham-third-season-2016_HI_english-1454601.zip 2016-11-30 06:39 - 2016-11-30 14:54 - 00000000 ____D C:\Users\TOSHIBA\Downloads\The.Flash.2014.S03E08.HDTV.x264-LOL[ettv] 2016-11-30 06:15 - 2016-11-30 14:53 - 00000000 ____D C:\Users\TOSHIBA\Downloads\Gotham.S03E11.HDTV.x264-LOL[ettv] 2016-11-28 08:23 - 2016-11-28 23:07 - 00000000 ____D C:\Users\TOSHIBA\Downloads\Westworld.S01E09.HDTV.x264-KILLERS[ettv] 2016-11-28 07:53 - 2016-11-28 23:07 - 00000000 ____D C:\Users\TOSHIBA\Downloads\Westworld.S01E08.HDTV.x264-KILLERS[ettv] 2016-11-28 07:31 - 2016-11-28 23:06 - 00000000 ____D C:\Users\TOSHIBA\Downloads\Westworld.S01E07.HDTV.x264-KILLERS[ettv] 2016-11-28 07:01 - 2016-11-28 23:05 - 00000000 ____D C:\Users\TOSHIBA\Downloads\Westworld.S01E06.PROPER.HDTV.x264-KILLERS[ettv] 2016-11-28 06:27 - 2016-11-28 23:04 - 00000000 ____D C:\Users\TOSHIBA\Downloads\Westworld.S01E05.HDTV.x264-KILLERS[ettv] 2016-11-27 08:23 - 2016-11-28 23:03 - 00000000 ____D C:\Users\TOSHIBA\Downloads\Westworld.S01E04.WEBRip.x264-FUM[ettv] 2016-11-27 07:40 - 2016-11-27 22:26 - 00000000 ____D C:\Users\TOSHIBA\Downloads\Westworld.S01E03.PROPER.HDTV.x264-KILLERS[ettv] 2016-11-27 06:45 - 2016-11-27 07:49 - 00000000 ____D C:\Users\TOSHIBA\Downloads\Westworld.S01E02.HDTV.x264-BATV[ettv] 2016-11-26 07:44 - 2016-11-26 19:33 - 00000000 ____D C:\Users\TOSHIBA\Downloads\The.Flash.2014.S03E07.HDTV.x264-LOL[ettv] 2016-11-25 17:11 - 2016-11-25 17:19 - 00000000 ____D C:\Users\TOSHIBA\Desktop\All Cisco Labs Eng Adel Al Hamedy 2016-11-25 13:57 - 2016-11-25 13:56 - 00113365 _____ C:\Users\TOSHIBA\Desktop\Static Route .pkt 2016-11-25 10:12 - 2016-11-25 10:17 - 00000000 ____D C:\Users\TOSHIBA\Cisco Packet Tracer 6.3 2016-11-25 10:10 - 2016-11-25 10:11 - 00000000 ____D C:\Program Files (x86)\Cisco Packet Tracer 6.3 2016-11-25 10:05 - 2016-11-25 10:05 - 00024679 _____ C:\Users\TOSHIBA\Downloads\westworld-first-season_HI_english-1417065.zip 2016-11-25 08:29 - 2016-11-25 08:29 - 00012207 _____ C:\Users\TOSHIBA\Downloads\Static Route (Demo).pkt 2016-11-25 08:01 - 2016-11-25 11:32 - 00000000 ____D C:\Users\TOSHIBA\Cisco Packet Tracer 7.0 2016-11-24 21:53 - 2016-11-24 21:55 - 00000000 ____D C:\Users\TOSHIBA\Desktop\Lynda.com - Illustrator CC Essential Training 2016-11-24 21:38 - 2015-08-15 11:39 - 127926272 _____ C:\Users\TOSHIBA\Desktop\IOSv-L3.qcow2 2016-11-22 23:06 - 2016-11-25 10:05 - 00000000 ____D C:\Users\TOSHIBA\Downloads\Westworld.S01E01.HDTV.x264-FUM[ettv] 2016-11-22 22:56 - 2016-11-22 22:56 - 00025779 _____ C:\Users\TOSHIBA\Downloads\gotham-third-season-2016_HI_english-1450551.zip 2016-11-22 19:34 - 2013-07-23 23:56 - 2459025408 _____ C:\Users\TOSHIBA\Desktop\kali-linux-1.0.4-amd64.iso 2016-11-22 06:39 - 2016-11-22 22:56 - 00000000 ____D C:\Users\TOSHIBA\Downloads\Gotham.S03E10.HDTV.x264-LOL[ettv] 2016-11-17 07:21 - 2016-11-17 07:35 - 172982492 _____ C:\Users\TOSHIBA\Downloads\L3-ADVENTERPRISEK9-M-15.5-2T.bin 2016-11-17 07:05 - 2016-11-18 00:05 - 00000000 ____D C:\Users\TOSHIBA\Downloads\Arrow.S05E07.HDTV.x264-LOL[ettv] 2016-11-16 11:16 - 2016-12-08 08:24 - 00000000 ____D C:\Users\TOSHIBA\GNS3 2016-11-16 11:15 - 2016-11-16 11:16 - 00000000 ____D C:\Users\TOSHIBA\AppData\Roaming\GNS3 2016-11-16 11:15 - 2016-11-16 11:15 - 00001658 _____ C:\Users\TOSHIBA\Desktop\GNS3.lnk 2016-11-16 11:15 - 2016-11-16 11:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GNS3 2016-11-16 11:14 - 2016-11-16 11:15 - 00000000 ____D C:\Program Files\GNS3 2016-11-16 08:47 - 2016-11-16 08:47 - 00001160 _____ C:\Users\Public\Desktop\Oracle VM VirtualBox.lnk 2016-11-16 08:47 - 2016-11-16 08:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Oracle VM VirtualBox 2016-11-16 08:47 - 2016-11-16 08:47 - 00000000 ____D C:\Program Files\Oracle 2016-11-16 08:47 - 2016-09-12 18:17 - 00149256 _____ (Oracle Corporation) C:\WINDOWS\system32\Drivers\VBoxUSBMon.sys 2016-11-16 08:08 - 2016-11-16 08:08 - 00000000 ____D C:\Users\TOSHIBA\Documents\Virtual Machines 2016-11-16 08:06 - 2016-11-16 08:45 - 00000000 ____D C:\Users\TOSHIBA\AppData\Roaming\VMware 2016-11-16 08:06 - 2016-11-16 08:45 - 00000000 ____D C:\Users\TOSHIBA\AppData\Local\VMware 2016-11-16 07:54 - 2016-11-16 07:54 - 00000000 ____D C:\Users\TOSHIBA\Desktop\Keygen-AMPED 2016-11-16 07:54 - 2016-11-11 23:22 - 00400968 _____ (VMware, Inc.) C:\WINDOWS\SysWOW64\vmnat.exe 2016-11-16 07:54 - 2016-11-11 23:22 - 00366664 _____ (VMware, Inc.) C:\WINDOWS\SysWOW64\vmnetdhcp.exe 2016-11-16 07:54 - 2016-11-11 23:21 - 01148488 _____ (VMware, Inc.) C:\WINDOWS\system32\vnetlib64.dll 2016-11-16 07:54 - 2016-11-11 23:16 - 00088128 _____ (VMware, Inc.) C:\WINDOWS\system32\Drivers\vmx86.sys 2016-11-16 07:54 - 2016-11-11 23:16 - 00052288 _____ (VMware, Inc.) C:\WINDOWS\system32\Drivers\vmkbd.sys 2016-11-16 07:54 - 2016-11-11 23:05 - 00066624 _____ (VMware, Inc.) C:\WINDOWS\system32\vnetinst.dll 2016-11-16 07:54 - 2016-11-11 23:05 - 00044096 _____ (VMware, Inc.) C:\WINDOWS\system32\Drivers\vmnetuserif.sys 2016-11-16 07:54 - 2016-09-30 01:12 - 00091712 _____ (VMware, Inc.) C:\WINDOWS\system32\Drivers\vsock.sys 2016-11-16 07:54 - 2016-09-30 01:12 - 00069104 _____ (VMware, Inc.) C:\WINDOWS\system32\vsocklib.dll 2016-11-16 07:54 - 2016-09-30 01:12 - 00065016 _____ (VMware, Inc.) C:\WINDOWS\SysWOW64\vsocklib.dll 2016-11-16 07:53 - 2016-11-16 07:53 - 01617228 _____ C:\WINDOWS\SysWOW64\PerfStringBackup.INI 2016-11-16 07:53 - 2016-11-16 07:53 - 00001287 _____ C:\Users\Public\Desktop\VMware Workstation Pro.lnk 2016-11-16 07:53 - 2016-11-16 07:53 - 00001024 _____ C:\WINDOWS\SysWOW64\%TMP% 2016-11-16 07:53 - 2016-11-16 07:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VMware 2016-11-16 07:53 - 2016-09-06 18:48 - 00083008 _____ (VMware, Inc.) C:\WINDOWS\system32\Drivers\hcmon.sys 2016-11-16 07:52 - 2016-12-09 10:18 - 00000000 ____D C:\ProgramData\VMware 2016-11-16 07:52 - 2016-11-16 07:52 - 00000000 ____D C:\Users\Public\Documents\Shared Virtual Machines 2016-11-16 07:52 - 2016-11-16 07:52 - 00000000 ____D C:\Program Files\Common Files\VMware 2016-11-16 07:52 - 2016-11-16 07:52 - 00000000 ____D C:\Program Files (x86)\VMware 2016-11-16 07:11 - 2016-11-16 07:11 - 00000000 ____D C:\Users\TOSHIBA\Downloads\VMware Workstation Pro v12.5.2 Build 4638234 Incl Keygen [Androgalaxy] 2016-11-16 06:40 - 2016-11-16 22:36 - 00000000 ____D C:\Users\TOSHIBA\Downloads\The.Flash.2014.S03E06.HDTV.x264-LOL[ettv] 2016-11-16 05:52 - 2016-11-17 07:35 - 00000000 ____D C:\Users\TOSHIBA\Desktop\IOU in GNS3 Ziad 2016-11-15 06:49 - 2016-11-16 22:41 - 00000000 ____D C:\Users\TOSHIBA\Downloads\Gotham.S03E09.HDTV.x264-LOL[ettv] 2016-11-14 07:31 - 2016-11-14 07:31 - 00000000 ____D C:\Users\TOSHIBA\Documents\OneNote Notebooks 2016-11-13 06:56 - 2016-11-18 00:04 - 00000000 ____D C:\Users\TOSHIBA\Downloads\Arrow.S05E06.HDTV.x264-LOL[ettv] 2016-11-11 23:05 - 2016-11-11 23:05 - 00098360 _____ (VMware, Inc.) C:\WINDOWS\system32\vmnetbridge.dll 2016-11-11 23:05 - 2016-11-11 23:05 - 00066624 _____ (VMware, Inc.) C:\WINDOWS\system32\Drivers\vmnetbridge.sys 2016-11-11 23:05 - 2016-11-11 23:05 - 00046144 _____ (VMware, Inc.) C:\WINDOWS\system32\Drivers\vmnetadapter.sys 2016-11-11 23:05 - 2016-11-11 23:05 - 00045632 _____ (VMware, Inc.) C:\WINDOWS\system32\Drivers\vmnet.sys 2016-11-11 07:43 - 2016-11-13 22:32 - 00000000 ____D C:\Users\TOSHIBA\Downloads\The.Blacklist.S04E08.HDTV.x264-KILLERS[ettv] 2016-11-10 08:33 - 2016-11-18 00:03 - 00000000 ____D C:\Users\TOSHIBA\Downloads\Arrow.S05E05.HDTV.x264-LOL[ettv] 2016-11-09 13:05 - 2016-11-02 14:01 - 00484584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll 2016-11-09 13:05 - 2016-11-02 14:01 - 00315744 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll 2016-11-09 13:05 - 2016-11-02 13:22 - 01570672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll 2016-11-09 13:05 - 2016-11-02 13:22 - 00601712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll 2016-11-09 13:05 - 2016-11-02 13:20 - 00590960 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll 2016-11-09 13:05 - 2016-11-02 13:13 - 01883784 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll 2016-11-09 13:05 - 2016-11-02 13:13 - 00773720 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll 2016-11-09 13:05 - 2016-11-02 13:12 - 02255712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys 2016-11-09 13:05 - 2016-11-02 13:12 - 00376672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys 2016-11-09 13:05 - 2016-11-02 13:12 - 00341344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll 2016-11-09 13:05 - 2016-11-02 13:10 - 02323728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll 2016-11-09 13:05 - 2016-11-02 13:09 - 02257104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll 2016-11-09 13:05 - 2016-11-02 13:08 - 00576408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll 2016-11-09 13:05 - 2016-11-02 13:08 - 00186424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\weretw.dll 2016-11-09 13:05 - 2016-11-02 13:05 - 06657176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll 2016-11-09 13:05 - 2016-11-02 13:05 - 03892352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll 2016-11-09 13:05 - 2016-11-02 13:05 - 00959112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll 2016-11-09 13:05 - 2016-11-02 13:05 - 00951904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll 2016-11-09 13:05 - 2016-11-02 13:05 - 00405856 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll 2016-11-09 13:05 - 2016-11-02 13:04 - 04312248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe 2016-11-09 13:05 - 2016-11-02 13:03 - 00714592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys 2016-11-09 13:05 - 2016-11-02 13:02 - 00682816 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll 2016-11-09 13:05 - 2016-11-02 13:02 - 00238056 _____ (Microsoft Corporation) C:\WINDOWS\system32\weretw.dll 2016-11-09 13:05 - 2016-11-02 13:01 - 01415744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll 2016-11-09 13:05 - 2016-11-02 13:01 - 01263856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll 2016-11-09 13:05 - 2016-11-02 13:01 - 00545936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe 2016-11-09 13:05 - 2016-11-02 13:00 - 08156080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll 2016-11-09 13:05 - 2016-11-02 13:00 - 01274712 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll 2016-11-09 13:05 - 2016-11-02 13:00 - 00534096 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll 2016-11-09 13:05 - 2016-11-02 12:59 - 04673304 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe 2016-11-09 13:05 - 2016-11-02 12:50 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LaunchWinApp.exe 2016-11-09 13:05 - 2016-11-02 12:49 - 00147968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32k.sys 2016-11-09 13:05 - 2016-11-02 12:49 - 00037376 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll 2016-11-09 13:05 - 2016-11-02 12:48 - 00081408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll 2016-11-09 13:05 - 2016-11-02 12:47 - 00047104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Shell.Search.UriHandler.dll 2016-11-09 13:05 - 2016-11-02 12:46 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininetlui.dll 2016-11-09 13:05 - 2016-11-02 12:44 - 00180224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe 2016-11-09 13:05 - 2016-11-02 12:44 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AuthExt.dll 2016-11-09 13:05 - 2016-11-02 12:43 - 00557568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll 2016-11-09 13:05 - 2016-11-02 12:42 - 00632832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sud.dll 2016-11-09 13:05 - 2016-11-02 12:42 - 00549376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActionCenterCPL.dll 2016-11-09 13:05 - 2016-11-02 12:42 - 00506880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DevicePairing.dll 2016-11-09 13:05 - 2016-11-02 12:42 - 00223232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgentUserBroker.exe 2016-11-09 13:05 - 2016-11-02 12:40 - 00896512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontext.dll 2016-11-09 13:05 - 2016-11-02 12:40 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\indexeddbserver.dll 2016-11-09 13:05 - 2016-11-02 12:39 - 00465920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppBroker.dll 2016-11-09 13:05 - 2016-11-02 12:39 - 00348672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\zipfldr.dll 2016-11-09 13:05 - 2016-11-02 12:38 - 00760832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\appwiz.cpl 2016-11-09 13:05 - 2016-11-02 12:37 - 19415040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll 2016-11-09 13:05 - 2016-11-02 12:36 - 07626752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll 2016-11-09 13:05 - 2016-11-02 12:34 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\LaunchWinApp.exe 2016-11-09 13:05 - 2016-11-02 12:33 - 12349952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll 2016-11-09 13:05 - 2016-11-02 12:33 - 03307520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll 2016-11-09 13:05 - 2016-11-02 12:32 - 00040448 _____ (Microsoft Corporation) C:\WINDOWS\system32\efsext.dll 2016-11-09 13:05 - 2016-11-02 12:31 - 01228288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usercpl.dll 2016-11-09 13:05 - 2016-11-02 12:31 - 00226304 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcTok.exe 2016-11-09 13:05 - 2016-11-02 12:31 - 00115712 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSpkg.dll 2016-11-09 13:05 - 2016-11-02 12:31 - 00097792 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll 2016-11-09 13:05 - 2016-11-02 12:31 - 00090624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll 2016-11-09 13:05 - 2016-11-02 12:30 - 09131008 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll 2016-11-09 13:05 - 2016-11-02 12:30 - 00567296 _____ (Microsoft Corporation) C:\WINDOWS\system32\DevicePairing.dll 2016-11-09 13:05 - 2016-11-02 12:30 - 00109056 _____ (Microsoft Corporation) C:\WINDOWS\system32\dab.dll 2016-11-09 13:05 - 2016-11-02 12:30 - 00058880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Shell.Search.UriHandler.dll 2016-11-09 13:05 - 2016-11-02 12:29 - 07469056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll 2016-11-09 13:05 - 2016-11-02 12:29 - 00884224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll 2016-11-09 13:05 - 2016-11-02 12:29 - 00336896 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkBindingEngineMigPlugin.dll 2016-11-09 13:05 - 2016-11-02 12:29 - 00296960 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsensorgroup.dll 2016-11-09 13:05 - 2016-11-02 12:29 - 00122368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NPSM.dll 2016-11-09 13:05 - 2016-11-02 12:28 - 04423680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll 2016-11-09 13:05 - 2016-11-02 12:28 - 00566784 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActionCenterCPL.dll 2016-11-09 13:05 - 2016-11-02 12:28 - 00432128 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpAXHolder.dll 2016-11-09 13:05 - 2016-11-02 12:28 - 00411136 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCenter.dll 2016-11-09 13:05 - 2016-11-02 12:28 - 00324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.LockScreen.dll 2016-11-09 13:05 - 2016-11-02 12:28 - 00274432 _____ (Microsoft Corporation) C:\WINDOWS\system32\ListSvc.dll 2016-11-09 13:05 - 2016-11-02 12:28 - 00252928 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll 2016-11-09 13:05 - 2016-11-02 12:28 - 00240640 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkDesktopSettings.dll 2016-11-09 13:05 - 2016-11-02 12:28 - 00115200 _____ (Microsoft Corporation) C:\WINDOWS\system32\IdCtrls.dll 2016-11-09 13:05 - 2016-11-02 12:28 - 00109568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\chartv.dll 2016-11-09 13:05 - 2016-11-02 12:28 - 00079360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\asycfilt.dll 2016-11-09 13:05 - 2016-11-02 12:27 - 02458112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\themecpl.dll 2016-11-09 13:05 - 2016-11-02 12:27 - 01388544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Cred.dll 2016-11-09 13:05 - 2016-11-02 12:27 - 00631296 _____ (Microsoft Corporation) C:\WINDOWS\system32\WlanMediaManager.dll 2016-11-09 13:05 - 2016-11-02 12:27 - 00580608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hgcpl.dll 2016-11-09 13:05 - 2016-11-02 12:27 - 00545792 _____ (Microsoft Corporation) C:\WINDOWS\system32\timedate.cpl 2016-11-09 13:05 - 2016-11-02 12:27 - 00495104 _____ (Microsoft Corporation) C:\WINDOWS\system32\DataSenseHandlers.dll 2016-11-09 13:05 - 2016-11-02 12:27 - 00422400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.dll 2016-11-09 13:05 - 2016-11-02 12:26 - 02747392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpcore.dll 2016-11-09 13:05 - 2016-11-02 12:26 - 02484736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gameux.dll 2016-11-09 13:05 - 2016-11-02 12:26 - 00912896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comdlg32.dll 2016-11-09 13:05 - 2016-11-02 12:26 - 00712192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Search.dll 2016-11-09 13:05 - 2016-11-02 12:26 - 00579072 _____ (Microsoft Corporation) C:\WINDOWS\system32\ddraw.dll 2016-11-09 13:05 - 2016-11-02 12:26 - 00388608 _____ (Microsoft Corporation) C:\WINDOWS\system32\zipfldr.dll 2016-11-09 13:05 - 2016-11-02 12:26 - 00358912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\stobject.dll 2016-11-09 13:05 - 2016-11-02 12:26 - 00278016 _____ (Microsoft Corporation) C:\WINDOWS\system32\netplwiz.dll 2016-11-09 13:05 - 2016-11-02 12:26 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll 2016-11-09 13:05 - 2016-11-02 12:25 - 02998272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys 2016-11-09 13:05 - 2016-11-02 12:25 - 01556480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll 2016-11-09 13:05 - 2016-11-02 12:25 - 00655872 _____ (Microsoft Corporation) C:\WINDOWS\system32\sud.dll 2016-11-09 13:05 - 2016-11-02 12:25 - 00496128 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.UserAccountsHandlers.dll 2016-11-09 13:05 - 2016-11-02 12:24 - 00940032 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontext.dll 2016-11-09 13:05 - 2016-11-02 12:23 - 03106304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstsc.exe 2016-11-09 13:05 - 2016-11-02 12:23 - 02104320 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll 2016-11-09 13:05 - 2016-11-02 12:23 - 00101888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bowser.sys 2016-11-09 13:05 - 2016-11-02 12:22 - 13441024 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll 2016-11-09 13:05 - 2016-11-02 12:22 - 04749312 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll 2016-11-09 13:05 - 2016-11-02 12:22 - 00337920 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll 2016-11-09 13:05 - 2016-11-02 12:21 - 00942080 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll 2016-11-09 13:05 - 2016-11-02 12:19 - 00981504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.OnlineId.dll 2016-11-09 13:05 - 2016-11-02 12:19 - 00154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\NPSM.dll 2016-11-09 13:05 - 2016-11-02 12:19 - 00130560 _____ (Microsoft Corporation) C:\WINDOWS\system32\chartv.dll 2016-11-09 13:05 - 2016-11-02 12:19 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\system32\asycfilt.dll 2016-11-09 13:05 - 2016-11-02 12:18 - 00991232 _____ (Microsoft Corporation) C:\WINDOWS\system32\comdlg32.dll 2016-11-09 13:05 - 2016-11-02 12:18 - 00836608 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcRefreshTask.dll 2016-11-09 13:05 - 2016-11-02 12:17 - 01282048 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll 2016-11-09 13:05 - 2016-11-02 12:17 - 00909824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Search.dll 2016-11-09 13:05 - 2016-11-02 12:17 - 00828416 _____ (Microsoft Corporation) C:\WINDOWS\system32\appwiz.cpl 2016-11-09 13:05 - 2016-11-02 12:17 - 00389632 _____ (Microsoft Corporation) C:\WINDOWS\system32\stobject.dll 2016-11-09 13:05 - 2016-11-02 12:16 - 03400192 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncCenter.dll 2016-11-09 13:05 - 2016-11-02 12:16 - 03133440 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcore.dll 2016-11-09 13:05 - 2016-11-02 12:16 - 02512384 _____ (Microsoft Corporation) C:\WINDOWS\system32\themecpl.dll 2016-11-09 13:05 - 2016-11-02 12:16 - 01359360 _____ (Microsoft Corporation) C:\WINDOWS\system32\usercpl.dll 2016-11-09 13:05 - 2016-11-02 12:16 - 00881664 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll 2016-11-09 13:05 - 2016-11-02 12:16 - 00629248 _____ (Microsoft Corporation) C:\WINDOWS\system32\hgcpl.dll 2016-11-09 13:05 - 2016-11-02 12:16 - 00308736 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActionCenter.dll 2016-11-09 13:05 - 2016-11-02 12:15 - 02611200 _____ (Microsoft Corporation) C:\WINDOWS\system32\gameux.dll 2016-11-09 13:05 - 2016-11-02 12:15 - 00483328 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.dll 2016-11-09 13:05 - 2016-11-02 12:14 - 01726976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll 2016-11-09 13:05 - 2016-11-02 10:20 - 00446896 _____ C:\WINDOWS\system32\ApnDatabase.xml 2016-11-09 13:04 - 2016-11-02 13:20 - 00378720 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll 2016-11-09 13:04 - 2016-11-02 13:15 - 01051112 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi 2016-11-09 13:04 - 2016-11-02 13:15 - 00894096 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe 2016-11-09 13:04 - 2016-11-02 13:14 - 07816544 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe 2016-11-09 13:04 - 2016-11-02 13:13 - 01354320 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi 2016-11-09 13:04 - 2016-11-02 13:13 - 01173496 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe 2016-11-09 13:04 - 2016-11-02 13:13 - 00423776 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifitask.exe 2016-11-09 13:04 - 2016-11-02 13:08 - 00602464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll 2016-11-09 13:04 - 2016-11-02 13:08 - 00111968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupApi.dll 2016-11-09 13:04 - 2016-11-02 13:05 - 20969928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll 2016-11-09 13:04 - 2016-11-02 13:04 - 02678056 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll 2016-11-09 13:04 - 2016-11-02 13:04 - 00596832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comctl32.dll 2016-11-09 13:04 - 2016-11-02 13:03 - 02750936 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll 2016-11-09 13:04 - 2016-11-02 13:02 - 00848736 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll 2016-11-09 13:04 - 2016-11-02 13:02 - 00148832 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupApi.dll 2016-11-09 13:04 - 2016-11-02 13:01 - 01425000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d9.dll 2016-11-09 13:04 - 2016-11-02 13:01 - 00276832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\input.dll 2016-11-09 13:04 - 2016-11-02 13:01 - 00092512 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll 2016-11-09 13:04 - 2016-11-02 13:00 - 22223968 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll 2016-11-09 13:04 - 2016-11-02 13:00 - 04130432 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll 2016-11-09 13:04 - 2016-11-02 13:00 - 01061968 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll 2016-11-09 13:04 - 2016-11-02 12:56 - 01609920 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d9.dll 2016-11-09 13:04 - 2016-11-02 12:56 - 01572768 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll 2016-11-09 13:04 - 2016-11-02 12:56 - 01418312 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll 2016-11-09 13:04 - 2016-11-02 12:56 - 00628552 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe 2016-11-09 13:04 - 2016-11-02 12:56 - 00322912 _____ (Microsoft Corporation) C:\WINDOWS\system32\input.dll 2016-11-09 13:04 - 2016-11-02 12:55 - 00048992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\iorate.sys 2016-11-09 13:04 - 2016-11-02 12:48 - 00095232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TSpkg.dll 2016-11-09 13:04 - 2016-11-02 12:48 - 00032768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\efsext.dll 2016-11-09 13:04 - 2016-11-02 12:47 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.BlockedShutdown.dll 2016-11-09 13:04 - 2016-11-02 12:47 - 00156672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BcastDVRHelper.dll 2016-11-09 13:04 - 2016-11-02 12:46 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppCapture.dll 2016-11-09 13:04 - 2016-11-02 12:45 - 00492032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcastdvr.exe 2016-11-09 13:04 - 2016-11-02 12:45 - 00253952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.BioFeedback.dll 2016-11-09 13:04 - 2016-11-02 12:45 - 00182784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsensorgroup.dll 2016-11-09 13:04 - 2016-11-02 12:44 - 00231936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.LockScreen.dll 2016-11-09 13:04 - 2016-11-02 12:43 - 00731136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d8.dll 2016-11-09 13:04 - 2016-11-02 12:43 - 00270336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll 2016-11-09 13:04 - 2016-11-02 12:43 - 00198144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FSClient.dll 2016-11-09 13:04 - 2016-11-02 12:43 - 00126464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll 2016-11-09 13:04 - 2016-11-02 12:42 - 00866816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Cred.dll 2016-11-09 13:04 - 2016-11-02 12:42 - 00306176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll 2016-11-09 13:04 - 2016-11-02 12:42 - 00202752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.HumanInterfaceDevice.dll 2016-11-09 13:04 - 2016-11-02 12:41 - 00635904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll 2016-11-09 13:04 - 2016-11-02 12:40 - 00548352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ddraw.dll 2016-11-09 13:04 - 2016-11-02 12:39 - 00236544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAnimation.dll 2016-11-09 13:04 - 2016-11-02 12:38 - 22563840 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll 2016-11-09 13:04 - 2016-11-02 12:36 - 19415552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll 2016-11-09 13:04 - 2016-11-02 12:36 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ErrorDetailsUpdate.dll 2016-11-09 13:04 - 2016-11-02 12:35 - 00336896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msinfo32.exe 2016-11-09 13:04 - 2016-11-02 12:34 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\system32\microsoft-windows-system-events.dll 2016-11-09 13:04 - 2016-11-02 12:33 - 00206848 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys 2016-11-09 13:04 - 2016-11-02 12:32 - 00045056 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll 2016-11-09 13:04 - 2016-11-02 12:31 - 03196416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll 2016-11-09 13:04 - 2016-11-02 12:31 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\system32\BcastDVRHelper.dll 2016-11-09 13:04 - 2016-11-02 12:31 - 00170496 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppCapture.dll 2016-11-09 13:04 - 2016-11-02 12:31 - 00159232 _____ (Microsoft Corporation) C:\WINDOWS\system32\ACPBackgroundManagerPolicy.dll 2016-11-09 13:04 - 2016-11-02 12:31 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininetlui.dll 2016-11-09 13:04 - 2016-11-02 12:30 - 12175360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll 2016-11-09 13:04 - 2016-11-02 12:30 - 00635904 _____ (Microsoft Corporation) C:\WINDOWS\system32\FlightSettings.dll 2016-11-09 13:04 - 2016-11-02 12:30 - 00363520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.BioFeedback.dll 2016-11-09 13:04 - 2016-11-02 12:30 - 00321536 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll 2016-11-09 13:04 - 2016-11-02 12:30 - 00134144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ErrorDetails.dll 2016-11-09 13:04 - 2016-11-02 12:29 - 03666432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll 2016-11-09 13:04 - 2016-11-02 12:29 - 01247232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Globalization.dll 2016-11-09 13:04 - 2016-11-02 12:29 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.BlockedShutdown.dll 2016-11-09 13:04 - 2016-11-02 12:29 - 00314880 _____ (Microsoft Corporation) C:\WINDOWS\system32\FSClient.dll 2016-11-09 13:04 - 2016-11-02 12:29 - 00276992 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll 2016-11-09 13:04 - 2016-11-02 12:29 - 00211968 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe 2016-11-09 13:04 - 2016-11-02 12:29 - 00139264 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll 2016-11-09 13:04 - 2016-11-02 12:28 - 06044160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll 2016-11-09 13:04 - 2016-11-02 12:28 - 00807424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.OnlineId.dll 2016-11-09 13:04 - 2016-11-02 12:28 - 00748544 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll 2016-11-09 13:04 - 2016-11-02 12:28 - 00690176 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll 2016-11-09 13:04 - 2016-11-02 12:28 - 00321024 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkUXBroker.dll 2016-11-09 13:04 - 2016-11-02 12:28 - 00279552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.HumanInterfaceDevice.dll 2016-11-09 13:04 - 2016-11-02 12:28 - 00260608 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgentUserBroker.exe 2016-11-09 13:04 - 2016-11-02 12:28 - 00088576 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll 2016-11-09 13:04 - 2016-11-02 12:27 - 23677952 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll 2016-11-09 13:04 - 2016-11-02 12:27 - 00605184 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe 2016-11-09 13:04 - 2016-11-02 12:27 - 00261632 _____ (Microsoft Corporation) C:\WINDOWS\system32\indexeddbserver.dll 2016-11-09 13:04 - 2016-11-02 12:26 - 01880576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll 2016-11-09 13:04 - 2016-11-02 12:26 - 01595392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll 2016-11-09 13:04 - 2016-11-02 12:26 - 01509376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll 2016-11-09 13:04 - 2016-11-02 12:26 - 00798208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll 2016-11-09 13:04 - 2016-11-02 12:26 - 00273920 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAnimation.dll 2016-11-09 13:04 - 2016-11-02 12:25 - 02256384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll 2016-11-09 13:04 - 2016-11-02 12:25 - 00956416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll 2016-11-09 13:04 - 2016-11-02 12:25 - 00772608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntshrui.dll 2016-11-09 13:04 - 2016-11-02 12:25 - 00541696 _____ (Microsoft Corporation) C:\WINDOWS\system32\ipnathlp.dll 2016-11-09 13:04 - 2016-11-02 12:24 - 03778560 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll 2016-11-09 13:04 - 2016-11-02 12:23 - 02356736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVidCtl.dll 2016-11-09 13:04 - 2016-11-02 12:23 - 00199680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GlobCollationHost.dll 2016-11-09 13:04 - 2016-11-02 12:23 - 00072704 _____ (Microsoft Corporation) C:\WINDOWS\system32\ErrorDetailsUpdate.dll 2016-11-09 13:04 - 2016-11-02 12:22 - 13081600 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll 2016-11-09 13:04 - 2016-11-02 12:22 - 00369664 _____ (Microsoft Corporation) C:\WINDOWS\system32\msinfo32.exe 2016-11-09 13:04 - 2016-11-02 12:21 - 05111296 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll 2016-11-09 13:04 - 2016-11-02 12:20 - 02273792 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll 2016-11-09 13:04 - 2016-11-02 12:20 - 00167936 _____ (Microsoft Corporation) C:\WINDOWS\system32\ErrorDetails.dll 2016-11-09 13:04 - 2016-11-02 12:19 - 08127488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll 2016-11-09 13:04 - 2016-11-02 12:19 - 08075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll 2016-11-09 13:04 - 2016-11-02 12:19 - 01586176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Globalization.dll 2016-11-09 13:04 - 2016-11-02 12:19 - 00805888 _____ (Microsoft Corporation) C:\WINDOWS\system32\FrameServer.dll 2016-11-09 13:04 - 2016-11-02 12:18 - 01690112 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll 2016-11-09 13:04 - 2016-11-02 12:18 - 00243712 _____ (Microsoft Corporation) C:\WINDOWS\system32\shdocvw.dll 2016-11-09 13:04 - 2016-11-02 12:17 - 04746752 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll 2016-11-09 13:04 - 2016-11-02 12:17 - 00982528 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll 2016-11-09 13:04 - 2016-11-02 12:16 - 04148736 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll 2016-11-09 13:04 - 2016-11-02 12:16 - 02688512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll 2016-11-09 13:04 - 2016-11-02 12:16 - 02669056 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll 2016-11-09 13:04 - 2016-11-02 12:16 - 01779712 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll 2016-11-09 13:04 - 2016-11-02 12:16 - 01637888 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll 2016-11-09 13:04 - 2016-11-02 12:16 - 01490944 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll 2016-11-09 13:04 - 2016-11-02 12:16 - 00770560 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll 2016-11-09 13:04 - 2016-11-02 12:16 - 00579072 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppBroker.dll 2016-11-09 13:04 - 2016-11-02 12:16 - 00265728 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll 2016-11-09 13:04 - 2016-11-02 12:15 - 04708864 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll 2016-11-09 13:04 - 2016-11-02 12:15 - 03616768 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys 2016-11-09 13:04 - 2016-11-02 12:15 - 01513472 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys 2016-11-09 13:04 - 2016-11-02 12:15 - 01348608 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll 2016-11-09 13:04 - 2016-11-02 12:15 - 00842240 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntshrui.dll 2016-11-09 13:04 - 2016-11-02 12:13 - 03496960 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVidCtl.dll 2016-11-09 13:04 - 2016-11-02 12:13 - 03299840 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstsc.exe 2016-11-09 13:04 - 2016-11-02 12:13 - 00322048 _____ (Microsoft Corporation) C:\WINDOWS\system32\GlobCollationHost.dll 2016-11-09 13:04 - 2016-11-02 11:11 - 00788624 _____ C:\WINDOWS\SysWOW64\locale.nls 2016-11-09 13:04 - 2016-11-02 11:11 - 00788624 _____ C:\WINDOWS\system32\locale.nls 2016-11-09 13:04 - 2016-08-02 06:30 - 00822784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll 2016-11-09 08:00 - 2016-11-10 11:13 - 00000000 ____D C:\Users\TOSHIBA\Downloads\The.Blacklist.S04E07.HDTV.x264-KILLERS[ettv] 2016-11-09 07:56 - 2016-11-16 22:38 - 00000000 ____D C:\Users\TOSHIBA\Downloads\Gotham.S03E08.HDTV.x264-LOL[ettv] ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-12-09 10:56 - 2016-08-22 15:18 - 00000000 ____D C:\FRST 2016-12-09 10:34 - 2013-10-14 07:10 - 00000000 ____D C:\ProgramData\Kaspersky Lab 2016-12-09 10:22 - 2014-05-17 09:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2016-12-09 10:22 - 2014-05-17 09:08 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware 2016-12-09 10:20 - 2014-11-13 09:29 - 00000575 _____ C:\WINDOWS\SysWOW64\router.xml 2016-12-09 10:18 - 2016-10-12 13:55 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT 2016-12-09 10:18 - 2016-07-16 08:04 - 00524288 _____ C:\WINDOWS\system32\config\BBI 2016-12-09 10:17 - 2016-10-25 23:24 - 00000000 ____D C:\Users\TOSHIBA\AppData\Roaming\DMCache 2016-12-09 10:12 - 2014-02-28 10:50 - 00000000 ____D C:\ProgramData\Malwarebytes 2016-12-09 10:11 - 2016-09-13 10:06 - 00000000 ____D C:\Users\TOSHIBA\AppData\Roaming\uTorrent 2016-12-09 09:07 - 2014-01-15 15:00 - 00004437 _____ C:\Users\TOSHIBA\Desktop\Pass.txt 2016-12-09 08:47 - 2013-10-19 02:34 - 00001518 _____ C:\Users\TOSHIBA\Desktop\iexplore.lnk 2016-12-09 08:37 - 2016-10-12 12:58 - 00000000 ____D C:\WINDOWS\system32\SleepStudy 2016-12-09 08:11 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\AppReadiness 2016-12-09 08:09 - 2016-09-13 10:07 - 00000942 _____ C:\Users\TOSHIBA\Desktop\µTorrent.lnk 2016-12-09 07:40 - 2015-04-16 08:04 - 00000000 ____D C:\Users\TOSHIBA\Downloads\Video 2016-12-09 06:31 - 2015-12-07 19:50 - 00002283 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2016-12-09 06:31 - 2015-12-07 19:50 - 00002271 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2016-12-09 06:22 - 2016-07-16 13:47 - 00000000 ___HD C:\Program Files\WindowsApps 2016-12-09 06:08 - 2013-10-16 22:58 - 00000000 ____D C:\Users\TOSHIBA\AppData\Local\Adobe 2016-12-08 16:54 - 2013-01-11 01:11 - 00000000 ____D C:\Users\TOSHIBA\AppData\Local\VirtualStore 2016-12-08 16:49 - 2015-04-06 19:05 - 00000000 ____D C:\Users\TOSHIBA\.VirtualBox 2016-12-08 15:12 - 2015-09-09 10:00 - 00000540 _____ C:\Users\TOSHIBA\.packettracer 2016-12-08 14:35 - 2016-09-16 23:19 - 00000000 ____D C:\Users\TOSHIBA\AppData\Roaming\vlc 2016-12-08 11:57 - 2014-06-27 08:56 - 00000000 ____D C:\ProgramData\Real 2016-12-08 11:57 - 2014-06-27 08:56 - 00000000 ____D C:\Program Files (x86)\Real 2016-12-08 11:57 - 2014-06-27 08:55 - 00000000 ____D C:\Users\TOSHIBA\AppData\Roaming\Real 2016-12-08 11:52 - 2013-01-11 01:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Golden Al-Wafi Translator 2016-12-08 06:18 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\system32\NDF 2016-12-08 06:12 - 2015-04-16 08:04 - 00000000 ____D C:\Users\TOSHIBA\Downloads\Compressed 2016-12-07 18:29 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\SchCache 2016-12-06 15:14 - 2016-10-12 13:07 - 00000000 ____D C:\Users\TOSHIBA 2016-12-06 12:58 - 2014-07-27 13:02 - 00000000 ____D C:\Users\TOSHIBA\AppData\Local\ElevatedDiagnostics 2016-12-03 07:02 - 2013-01-11 01:11 - 00000000 ____D C:\Users\TOSHIBA\AppData\Local\Packages 2016-11-30 06:18 - 2016-10-22 12:47 - 00000000 ____D C:\Users\TOSHIBA\Desktop\Mov 2016-11-25 11:17 - 2016-10-16 13:36 - 00001090 _____ C:\Users\TOSHIBA\Desktop\Cisco Packet Tracer.lnk 2016-11-25 11:17 - 2016-10-16 13:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cisco Packet Tracer 2016-11-25 11:17 - 2016-10-16 13:36 - 00000000 ____D C:\Program Files\Cisco Packet Tracer 7.0 2016-11-25 08:01 - 2016-10-16 13:37 - 00021504 _____ C:\Users\TOSHIBA\AppData\Local\WebpageIcons.db 2016-11-20 18:34 - 2015-11-21 21:58 - 01630362 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2016-11-16 11:58 - 2016-10-06 14:44 - 00000000 ____D C:\Users\TOSHIBA\Desktop\IOU ON GNS3 2016-11-16 11:14 - 2015-09-09 15:49 - 00000000 ____D C:\Program Files (x86)\WinPcap 2016-11-16 08:50 - 2015-04-06 19:05 - 00000000 ____D C:\Users\TOSHIBA\VirtualBox VMs 2016-11-16 08:47 - 2016-07-16 13:45 - 00000000 ____D C:\WINDOWS\INF 2016-11-12 22:40 - 2015-01-24 13:36 - 00000000 ____D C:\ProgramData\Corel 2016-11-11 01:41 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\LiveKernelReports 2016-11-10 14:16 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\rescache 2016-11-09 15:09 - 2016-05-20 10:43 - 00000000 ____D C:\Users\TOSHIBA\Desktop\FreePik 2016-11-09 14:05 - 2013-01-11 01:09 - 00000000 __RHD C:\Users\Public\AccountPictures 2016-11-09 13:58 - 2016-10-12 12:58 - 05466232 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2016-11-09 13:55 - 2016-07-16 13:47 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel 2016-11-09 13:55 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns 2016-11-09 13:55 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\system32\oobe 2016-11-09 13:55 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\system32\migwiz 2016-11-09 13:55 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\ShellExperiences 2016-11-09 13:55 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\bcastdvr 2016-11-09 13:52 - 2016-07-16 13:36 - 00000000 ____D C:\WINDOWS\CbsTemp 2016-11-09 13:44 - 2013-10-14 09:46 - 00000000 ____D C:\WINDOWS\system32\MRT 2016-11-09 13:37 - 2013-10-14 09:46 - 141011376 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe ==================== Files in the root of some directories ======= 2015-03-10 12:33 - 2015-03-16 17:00 - 0000132 _____ () C:\Users\TOSHIBA\AppData\Roaming\Adobe PNG Format CS6 Prefs 2013-10-31 12:50 - 2014-03-16 15:11 - 0001456 _____ () C:\Users\TOSHIBA\AppData\Local\Adobe Save for Web 12.0 Prefs ME 2013-10-27 01:19 - 2015-04-07 22:55 - 0001456 _____ () C:\Users\TOSHIBA\AppData\Local\Adobe Save for Web 13.0 Prefs 2015-09-23 13:43 - 2015-09-23 16:37 - 0000600 _____ () C:\Users\TOSHIBA\AppData\Local\PUTTY.RND 2013-10-14 05:51 - 2016-10-27 06:50 - 0007605 _____ () C:\Users\TOSHIBA\AppData\Local\resmon.resmoncfg 2016-10-16 13:37 - 2016-11-25 08:01 - 0021504 _____ () C:\Users\TOSHIBA\AppData\Local\WebpageIcons.db 2013-11-04 00:57 - 2016-08-26 14:43 - 0000041 ___SH () C:\ProgramData\.zreglib Some files in TEMP: ==================== C:\Users\TOSHIBA\AppData\Local\Temp\DriverBoosterSetup.exe C:\Users\TOSHIBA\AppData\Local\Temp\trotux.exe C:\Users\TOSHIBA\AppData\Local\Temp\Wireshark-win64-1.12.1.exe ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\WINDOWS\system32\winlogon.exe => File is digitally signed C:\WINDOWS\system32\wininit.exe => File is digitally signed C:\WINDOWS\explorer.exe => File is digitally signed C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed C:\WINDOWS\system32\svchost.exe => File is digitally signed C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed C:\WINDOWS\system32\services.exe => File is digitally signed C:\WINDOWS\system32\User32.dll => File is digitally signed C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed C:\WINDOWS\system32\userinit.exe => File is digitally signed C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed C:\WINDOWS\system32\rpcss.dll => File is digitally signed C:\WINDOWS\system32\dnsapi.dll => File is digitally signed C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2016-12-04 14:41 ==================== End of FRST.txt ============================ FRST.txt Addition.txt