Jump to content

proxy server keep changing back to 127.0.0.1 port 8080


Recommended Posts

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 07-12-2016
Ran by TOSHIBA (administrator) on PC (09-12-2016 10:56:35)
Running from C:\Users\TOSHIBA\Desktop
Loaded Profiles: TOSHIBA &  (Available Profiles: TOSHIBA)
Platform: Windows 10 Home Single Language Version 1607 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE64.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
() C:\Program Files (x86)\InternetEverywhere\InternetEverywhere_Service.exe
(arvato digital services llc) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
(Microsoft©) C:\Windows\SysWOW64\router.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Teco\TecoService.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
(DEVGURU Co., LTD.) C:\Program Files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\avp.exe
(Rosetta Stone Ltd.) C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneDaemon.exe
() C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\avpui.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IDMan.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.31.5\GoogleCrashHandler.exe
(Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.31.5\GoogleCrashHandler64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Toshiba Europe GmbH) C:\Program Files (x86)\Toshiba TEMPRO\Toshiba.Tempro.UI.CommonNotifier.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13261456 2012-12-10] (Realtek Semiconductor)
HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe [2608040 2012-08-14] (TOSHIBA Corporation)
HKLM\...\Run: [TSleepSrv] => C:\Program Files (x86)\TOSHIBA\System Setting\TSleepSrv.exe [1548952 2012-08-05] (TOSHIBA Corporation)
HKLM\...\Run: [TODDMain] => C:\Program Files (x86)\TOSHIBA\System Setting\TODDMain.exe [213136 2012-08-05] ()
HKLM\...\Run: [TecoResident] => C:\Program Files\TOSHIBA\Teco\TecoResident.exe [169896 2012-08-14] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [356776 2012-07-11] (TOSHIBA Corporation)
HKLM\...\Run: [SRS Premium Sound HD] => C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe [2170784 2012-07-27] (SRS Labs, Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500936 2015-05-26] (Adobe Systems Incorporated)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-10-16] (Apple Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3954880 2015-10-08] (Synaptics Incorporated)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-11-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [ToshibaDynamicIconUtility] => C:\Program Files\TOSHIBA\TOSHIBA Places Icon Utility\TosDIMonitor.exe [1498624 2012-08-09] (Toshiba)
HKLM-x32\...\Run: [TPUReg] => C:\Program Files (x86)\TOSHIBA\Password Utility\TosPU.exe [6884352 2012-08-23] (Pegatron Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [VirtualCloneDrive] => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [88984 2013-03-10] (Elaborate Bytes AG)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2072928 2014-10-31] (Wondershare)
HKLM-x32\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe [896632 2015-07-22] (BlueStack Systems, Inc.)
HKLM-x32\...\Run: [vmware-tray.exe] => C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe [112200 2016-11-11] (VMware, Inc.)
HKU\S-1-5-21-2841341764-4259199002-3796252902-1001\...\Run: [WebcamMaxAutoRun] => C:\Program Files (x86)\WebcamMax\WebcamMax.exe [1561232 2009-12-30] (CoolwareMax)
HKU\S-1-5-21-2841341764-4259199002-3796252902-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [30877280 2014-12-11] (Skype Technologies S.A.)
HKU\S-1-5-21-2841341764-4259199002-3796252902-1001\...\Run: [Viber] => C:\Users\TOSHIBA\AppData\Local\Viber\Viber.exe [71876176 2016-06-24] (Viber Media S.à r.l.)
HKU\S-1-5-21-2841341764-4259199002-3796252902-1001\...\Run: [kpm.exe] => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Password Manager 8.0.3\kpm.exe [7473880 2015-07-18] (AO Kaspersky Lab)
HKU\S-1-5-21-2841341764-4259199002-3796252902-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8590760 2015-12-08] (Piriform Ltd)
HKU\S-1-5-21-2841341764-4259199002-3796252902-1001\...\Run: [uTorrent] => C:\Users\TOSHIBA\AppData\Roaming\uTorrent\uTorrent.exe [2247680 2016-05-06] (BitTorrent Inc.)
HKU\S-1-5-21-2841341764-4259199002-3796252902-1001\...\Run: [IDMan] => C:\Program Files (x86)\Internet Download Manager\IDMan.exe [3981368 2016-10-25] (Tonec Inc.)
HKU\S-1-5-21-2841341764-4259199002-3796252902-1001\...\Run: [GoogleChromeAutoLaunch_D57DC8CD91C640D5C9F3BEBC9460BA9B] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [941160 2016-12-01] (Google Inc.)
HKU\S-1-5-21-2841341764-4259199002-3796252902-1001\...\MountPoints2: {83a0f546-b3bb-11e6-8221-4c72b99fe2d4} - "G:\HTC_Sync_Manager_PC.exe" 
HKU\S-1-5-21-2841341764-4259199002-3796252902-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [WebcamMaxAutoRun] => C:\Program Files (x86)\WebcamMax\WebcamMax.exe [1561232 2009-12-30] (CoolwareMax)
HKU\S-1-5-21-2841341764-4259199002-3796252902-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [30877280 2014-12-11] (Skype Technologies S.A.)
HKU\S-1-5-21-2841341764-4259199002-3796252902-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Viber] => C:\Users\TOSHIBA\AppData\Local\Viber\Viber.exe [71876176 2016-06-24] (Viber Media S.à r.l.)
HKU\S-1-5-21-2841341764-4259199002-3796252902-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [kpm.exe] => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Password Manager 8.0.3\kpm.exe [7473880 2015-07-18] (AO Kaspersky Lab)
HKU\S-1-5-21-2841341764-4259199002-3796252902-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8590760 2015-12-08] (Piriform Ltd)
HKU\S-1-5-21-2841341764-4259199002-3796252902-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [uTorrent] => C:\Users\TOSHIBA\AppData\Roaming\uTorrent\uTorrent.exe [2247680 2016-05-06] (BitTorrent Inc.)
HKU\S-1-5-21-2841341764-4259199002-3796252902-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [IDMan] => C:\Program Files (x86)\Internet Download Manager\IDMan.exe [3981368 2016-10-25] (Tonec Inc.)
HKU\S-1-5-21-2841341764-4259199002-3796252902-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [GoogleChromeAutoLaunch_D57DC8CD91C640D5C9F3BEBC9460BA9B] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [941160 2016-12-01] (Google Inc.)
HKU\S-1-5-21-2841341764-4259199002-3796252902-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {83a0f546-b3bb-11e6-8221-4c72b99fe2d4} - "G:\HTC_Sync_Manager_PC.exe" 
ShellIconOverlayIdentifiers: [   IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll [2015-08-14] (Tonec Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Launcher.lnk [2015-12-16]
ShortcutTarget: Launcher.lnk -> C:\Program Files (x86)\InternetEverywhere\InternetEverywhere_Launcher.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Snagit 11.lnk [2015-12-16]
ShortcutTarget: Snagit 11.lnk -> C:\Program Files (x86)\TechSmith\Snagit 11\Snagit32.exe (TechSmith Corporation)
Startup: C:\Users\TOSHIBA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2016-11-14]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office\Office15\ONENOTEM.EXE (Microsoft Corporation)
GroupPolicy\User: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings: [ProxySettingsPerUser] 0 <======= ATTENTION (Restriction - ProxySettings)
ProxyEnable: [HKLM] => Proxy is enabled.
ProxyEnable: [HKLM-x32] => Proxy is enabled.
ProxyServer: [HKLM] => http=127.0.0.1:8080;https=127.0.0.1:8080
ProxyServer: [HKLM-x32] => http=127.0.0.1:8080;https=127.0.0.1:8080
AutoConfigURL: [HKLM] => http=127.0.0.1:8080;https=127.0.0.1:8080
Tcpip\..\Interfaces\{15987b5d-8a5c-477d-9c62-5f23e4e9f6dc}: [NameServer] 162.221.181.52,162.221.181.53,8.8.8.8
Tcpip\..\Interfaces\{1ec678d0-4ee7-4187-a62e-63cfe820fe91}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{2b8dc4eb-88ea-416a-81dd-14eb714db0a7}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{349f6f06-3afe-441b-a977-4413469dd60e}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{349f6f06-3afe-441b-a977-4413469dd60e}: [DhcpNameServer] 41.208.116.8 62.68.42.2
Tcpip\..\Interfaces\{9b3bdb46-d425-4890-8e4b-8f3876644e06}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{f20145d4-94ae-455b-811f-50613f5fbb3c}: [NameServer] 8.8.8.8,8.8.4.4

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://toshiba13.msn.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://toshiba13.msn.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKU\S-1-5-21-2841341764-4259199002-3796252902-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.ae/
HKU\S-1-5-21-2841341764-4259199002-3796252902-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.ae/
SearchScopes: HKU\S-1-5-21-2841341764-4259199002-3796252902-1001 -> {3FEA05DB-89BB-49D5-9D2D-A133B2282315} URL = 
SearchScopes: HKU\S-1-5-21-2841341764-4259199002-3796252902-1001 -> {7A80F502-89DC-43FF-8D6E-FD71AC079A4C} URL = 
SearchScopes: HKU\S-1-5-21-2841341764-4259199002-3796252902-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {3FEA05DB-89BB-49D5-9D2D-A133B2282315} URL = 
SearchScopes: HKU\S-1-5-21-2841341764-4259199002-3796252902-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {7A80F502-89DC-43FF-8D6E-FD71AC079A4C} URL = 
BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll [2016-10-10] (Internet Download Manager, Tonec Inc.)
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2016-08-27] (Microsoft Corporation)
BHO: Kaspersky Protection plugin -> {C66D064F-82FE-4E1A-B06A-B2490BA48B18} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\x64\IEExt\ie_plugin.dll [2016-10-25] (AO Kaspersky Lab)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2016-08-16] (Microsoft Corporation)
BHO: Kaspersky Password Manager -> {F710F7E5-A520-471D-989C-F653AC328FB2} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Password Manager 8.0.3\x64\ie_engine.dll [2015-07-18] (AO Kaspersky Lab)
BHO-x32: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll [2016-10-10] (Internet Download Manager, Tonec Inc.)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2016-08-27] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-04-14] (Oracle Corporation)
BHO-x32: Kaspersky Protection plugin -> {C66D064F-82FE-4E1A-B06A-B2490BA48B18} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\IEExt\ie_plugin.dll [2016-10-25] (AO Kaspersky Lab)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2016-08-16] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-04-14] (Oracle Corporation)
BHO-x32: Kaspersky Password Manager -> {F710F7E5-A520-471D-989C-F653AC328FB2} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Password Manager 8.0.3\ie_engine.dll [2015-07-18] (AO Kaspersky Lab)
Toolbar: HKLM - Kaspersky Protection toolbar - {3507FA00-ADA2-4A02-99B9-51AD26CA9120} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\x64\IEExt\ie_plugin.dll [2016-10-25] (AO Kaspersky Lab)
Toolbar: HKLM-x32 - Kaspersky Protection toolbar - {3507FA00-ADA2-4A02-99B9-51AD26CA9120} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\IEExt\ie_plugin.dll [2016-10-25] (AO Kaspersky Lab)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2016-05-17] (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)

FireFox:
========
FF ProfilePath: C:\Users\TOSHIBA\AppData\Roaming\Mozilla\Firefox\Profiles\xwrr4w3r.default [2016-10-28]
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\xwrr4w3r.default -> Bing 
FF SelectedSearchEngine: Mozilla\Firefox\Profiles\xwrr4w3r.default -> Bing 
FF SearchEngineOrder.3: Mozilla\Firefox\Profiles\xwrr4w3r.default -> Bing 
FF Keyword.URL: Mozilla\Firefox\Profiles\xwrr4w3r.default -> hxxp://www.bing.com/search?FORM=U270DF&PC=U270&q=
FF Homepage: Mozilla\Firefox\Profiles\xwrr4w3r.default -> hxxp://www.msn.com/?pc=U270&ocid=U270DHP&osmkt=en-us
FF Extension: (Bing Search) - C:\Users\TOSHIBA\AppData\Roaming\Mozilla\Firefox\Profiles\xwrr4w3r.default\Extensions\bingsearch.full@microsoft.com.xpi [2016-08-29]
FF SearchPlugin: C:\Users\TOSHIBA\AppData\Roaming\Mozilla\Firefox\Profiles\xwrr4w3r.default\searchplugins\bing-.xml [2016-08-29]
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext => not found
FF HKLM-x32\...\Firefox\Extensions: [light_plugin_D772DC8D6FAF43A29B25C4EBAA5AD1DE@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\FFExt\light_plugin_firefox
FF Extension: (Kaspersky Protection) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\FFExt\light_plugin_firefox [2016-10-25]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK => not found
FF HKU\S-1-5-21-2841341764-4259199002-3796252902-1001\...\Firefox\Extensions: [kpm_add_on@kaspersky] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Password Manager 8.0.3\kpm_add_on@kaspersky
FF Extension: (Kaspersky Password Manager) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Password Manager 8.0.3\kpm_add_on@kaspersky [2015-10-11]
FF HKU\S-1-5-21-2841341764-4259199002-3796252902-1001\...\Firefox\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi
FF Extension: (IDM integration) - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi [2016-10-11]
FF HKU\S-1-5-21-2841341764-4259199002-3796252902-1001\...\SeaMonkey\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi
FF HKU\S-1-5-21-2841341764-4259199002-3796252902-1001\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\TOSHIBA\AppData\Roaming\IDM\idmmzcc5
FF Extension: (IDM CC) - C:\Users\TOSHIBA\AppData\Roaming\IDM\idmmzcc5 [2016-12-09] [not signed]
FF HKU\S-1-5-21-2841341764-4259199002-3796252902-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Firefox\Extensions: [kpm_add_on@kaspersky] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Password Manager 8.0.3\kpm_add_on@kaspersky
FF HKU\S-1-5-21-2841341764-4259199002-3796252902-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Firefox\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi
FF HKU\S-1-5-21-2841341764-4259199002-3796252902-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\SeaMonkey\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi
FF HKU\S-1-5-21-2841341764-4259199002-3796252902-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\TOSHIBA\AppData\Roaming\IDM\idmmzcc5
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_23_0_0_185.dll [2016-10-12] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50709.0\npctrl.dll [2016-07-11] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2015-03-09] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_23_0_0_185.dll [2016-10-12] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-10-08] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-07] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-07] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-04-14] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-04-14] (Oracle Corporation)
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll [2011-08-22] (Yahoo! Inc.)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-07-19] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50709.0\npctrl.dll [2016-07-11] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-22] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-05-08] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2015-03-09] (Adobe Systems)
FF Plugin HKU\S-1-5-21-2841341764-4259199002-3796252902-1001: kaspersky.com/KPMPlugin -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Password Manager 8.0.3\npKPMPlugin.dll [2015-07-18] (Kaspersky Lab)
FF Plugin HKU\S-1-5-21-2841341764-4259199002-3796252902-1001: kpm_add_on@kaspersky -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Password Manager 8.0.3\kpm_add_on@kaspersky [2015-10-11] ()
FF Plugin HKU\S-1-5-21-2841341764-4259199002-3796252902-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: kaspersky.com/KPMPlugin -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Password Manager 8.0.3\npKPMPlugin.dll [2015-07-18] (Kaspersky Lab)
FF Plugin HKU\S-1-5-21-2841341764-4259199002-3796252902-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: kpm_add_on@kaspersky -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Password Manager 8.0.3\kpm_add_on@kaspersky [2015-10-11] ()
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2016-07-19] (Microsoft Corporation)
StartMenuInternet: FIREFOX.EXE - firefox.exe

Chrome: 
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> msn.com/?pc=__PARAM__&ocid=__PARAM__DHP&osmkt=en-us
CHR DefaultSearchURL: Default -> hxxp://www.bing.com/search?FORM=__PARAM__DF&PC=__PARAM__&q={searchTerms}
CHR DefaultSearchKeyword: Default -> bing.com
CHR Profile: C:\Users\TOSHIBA\AppData\Local\Google\Chrome\User Data\Default [2016-12-09]
CHR Extension: (Google Slides) - C:\Users\TOSHIBA\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-08-07]
CHR Extension: (Google Docs) - C:\Users\TOSHIBA\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-04-16]
CHR Extension: (Google Drive) - C:\Users\TOSHIBA\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21]
CHR Extension: (YouTube) - C:\Users\TOSHIBA\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-26]
CHR Extension: (Google Search) - C:\Users\TOSHIBA\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (Kaspersky Protection) - C:\Users\TOSHIBA\AppData\Local\Google\Chrome\User Data\Default\Extensions\eahebamiopdhefndnmappcihfajigkka [2016-10-26]
CHR Extension: (Google Sheets) - C:\Users\TOSHIBA\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-08-07]
CHR Extension: (Google Docs Offline) - C:\Users\TOSHIBA\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-17]
CHR Extension: (AdBlock) - C:\Users\TOSHIBA\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-11-23]
CHR Extension: (Betternet Unlimited Free VPN Proxy) - C:\Users\TOSHIBA\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjknjjomckknofjidppipffbpoekiipm [2016-11-12]
CHR Extension: (Kaspersky Password Manager) - C:\Users\TOSHIBA\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlpfbladobbejblkbfleiljmikcfhkem [2015-10-11]
CHR Extension: (Skype) - C:\Users\TOSHIBA\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2016-10-28]
CHR Extension: (IDM Integration Module) - C:\Users\TOSHIBA\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngpampappnmepgilojfohadhhmbhlaek [2016-11-26]
CHR Extension: (Chrome Web Store Payments) - C:\Users\TOSHIBA\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-04]
CHR Extension: (Gmail) - C:\Users\TOSHIBA\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-16]
CHR Extension: (Chrome Media Router) - C:\Users\TOSHIBA\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-10-16]
CHR Profile: C:\Users\TOSHIBA\AppData\Local\Google\Chrome\User Data\Guest Profile [2016-12-09]
CHR Profile: C:\Users\TOSHIBA\AppData\Local\Google\Chrome\User Data\User Data [2016-08-23] <==== ATTENTION
CHR Extension: (Kaspersky Protection) - C:\Users\TOSHIBA\AppData\Local\Google\Chrome\User Data\User Data\Extensions\blbkdnmdcafmfhinpmnlhhddbepgkeaa [2014-12-24]
CHR Extension: (YouTube) - C:\Users\TOSHIBA\AppData\Local\Google\Chrome\User Data\User Data\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-02-06]
CHR Extension: (Google Search) - C:\Users\TOSHIBA\AppData\Local\Google\Chrome\User Data\User Data\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-03-28]
CHR Extension: (Kaspersky URL Advisor) - C:\Users\TOSHIBA\AppData\Local\Google\Chrome\User Data\User Data\Extensions\dchlnpcodkpfdpacogkljefecpegganj [2014-12-24]
CHR Extension: (RealDownloader) - C:\Users\TOSHIBA\AppData\Local\Google\Chrome\User Data\User Data\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2014-06-27]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\TOSHIBA\AppData\Local\Google\Chrome\User Data\User Data\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-13]
CHR Extension: (IDM Integration Module) - C:\Users\TOSHIBA\AppData\Local\Google\Chrome\User Data\User Data\Extensions\ngpampappnmepgilojfohadhhmbhlaek [2015-04-16]
CHR Extension: (Google Wallet) - C:\Users\TOSHIBA\AppData\Local\Google\Chrome\User Data\User Data\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-03-09]
CHR Extension: (Gmail) - C:\Users\TOSHIBA\AppData\Local\Google\Chrome\User Data\User Data\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-28]
CHR Extension: (Anti-Banner) - C:\Users\TOSHIBA\AppData\Local\Google\Chrome\User Data\User Data\Extensions\pjldcfjmnllhmgjclecdnfampinooman [2014-12-24]
CHR HKLM\...\Chrome\Extension: [eahebamiopdhefndnmappcihfajigkka] - hxxps://chrome.google.com/webstore/detail/eahebamiopdhefndnmappcihfajigkka
CHR HKLM\...\Chrome\Extension: [jeaohhlajejodfjadcponpnjgkiikocn] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2016-10-22]
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2016-10-22]
CHR HKU\S-1-5-21-2841341764-4259199002-3796252902-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-2841341764-4259199002-3796252902-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [hegneaniplmfjcmohoclabblbahcbjoe] - hxxp://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-2841341764-4259199002-3796252902-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [hlpfbladobbejblkbfleiljmikcfhkem] - hxxps://chrome.google.com/webstore/detail/hlpfbladobbejblkbfleiljmikcfhkem
CHR HKU\S-1-5-21-2841341764-4259199002-3796252902-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-2841341764-4259199002-3796252902-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [hegneaniplmfjcmohoclabblbahcbjoe] - hxxp://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-2841341764-4259199002-3796252902-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [hlpfbladobbejblkbfleiljmikcfhkem] - hxxps://chrome.google.com/webstore/detail/hlpfbladobbejblkbfleiljmikcfhkem
CHR HKLM-x32\...\Chrome\Extension: [eahebamiopdhefndnmappcihfajigkka] - hxxps://chrome.google.com/webstore/detail/eahebamiopdhefndnmappcihfajigkka
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2016-10-22]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.)
R2 AVP16.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\avp.exe [194000 2015-10-07] (Kaspersky Lab ZAO)
S3 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [433784 2015-06-16] (BlueStack Systems, Inc.)
S3 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [413304 2015-06-16] (BlueStack Systems, Inc.)
S3 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [831096 2015-07-21] (BlueStack Systems, Inc.)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-06-27] (Intel Corporation)
R2 InternetEverywhere_Service; C:\Program Files (x86)\InternetEverywhere\InternetEverywhere_Service.exe [347120 2012-10-23] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
S3 Lenovo EasyPlus Hotspot; C:\Program Files (x86)\Common Files\LENOVO\easyplussdk\bin\EPHotspot64.exe [625632 2015-07-22] (Lenovo)
R2 PSI_SVC_2_x64; c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [337776 2013-09-13] (arvato digital services llc)
R2 router.exe; C:\WINDOWS\SysWOW64\router.exe [16384 2014-08-20] (Microsoft©) [File not signed]
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-03-01] (Riverbed Technology, Inc.)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [201872 2012-12-10] (Realtek Semiconductor)
R2 ss_conn_service; C:\Program Files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2015-05-21] (DEVGURU Co., LTD.)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [255168 2015-10-08] (Synaptics Incorporated)
S3 TemproMonitoringService; C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [114656 2012-08-10] (Toshiba Europe GmbH)
R2 VMwareHostd; C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe [12472904 2016-11-11] ()
S3 vssbrigde64; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\x64\vssbridge64.exe [144640 2015-07-09] (AO Kaspersky Lab)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 AtiHDAudioService; C:\WINDOWS\system32\drivers\AtihdWT6.sys [102912 2015-05-28] (Advanced Micro Devices)
R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [145528 2015-06-16] (BlueStack Systems)
R0 cm_km; C:\WINDOWS\System32\DRIVERS\cm_km.sys [389816 2015-07-06] (Kaspersky Lab ZAO)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131712 2016-09-05] (Samsung Electronics Co., Ltd.)
R3 ElbyCDFL; C:\WINDOWS\System32\Drivers\ElbyCDFL.sys [40648 2007-02-16] (SlySoft, Inc.)
R3 ElbyCDFL; C:\Windows\SysWOW64\Drivers\ElbyCDFL.sys [40648 2007-02-16] (SlySoft, Inc.)
S3 epmntdrv; C:\windows\system32\epmntdrv.sys [17480 2013-03-07] () [File not signed]
S3 epmntdrv; C:\windows\SysWOW64\epmntdrv.sys [13896 2013-03-07] () [File not signed]
S3 EuGdiDrv; C:\windows\system32\EuGdiDrv.sys [9800 2013-03-07] () [File not signed]
S3 EuGdiDrv; C:\windows\SysWOW64\EuGdiDrv.sys [9160 2013-03-07] () [File not signed]
S3 ew_hwusbdev; C:\Windows\SysWOW64\DRIVERS\ew_hwusbdev.sys [117248 2014-01-12] (Huawei Technologies Co., Ltd.)
S3 ew_usbenumfilter; C:\Windows\SysWOW64\drivers\ew_usbenumfilter.sys [13952 2014-01-12] (Huawei Technologies Co., Ltd.)
S3 huawei_cdcacm; C:\Windows\SysWOW64\DRIVERS\ew_jucdcacm.sys [98304 2014-01-12] (Huawei Technologies Co., Ltd.)
S3 huawei_cdcecm; C:\Windows\SysWOW64\DRIVERS\ew_jucdcecm.sys [72192 2014-01-12] (Huawei Technologies Co., Ltd.)
S3 huawei_enumerator; C:\Windows\SysWOW64\drivers\ew_jubusenum.sys [87040 2014-01-12] (Huawei Technologies Co., Ltd.)
S3 huawei_ext_ctrl; C:\Windows\SysWOW64\drivers\ew_juextctrl.sys [28672 2014-01-12] (Huawei Technologies Co., Ltd.)
R0 kl1; C:\WINDOWS\System32\DRIVERS\kl1.sys [478392 2015-06-22] (Kaspersky Lab ZAO)
R0 klbackupdisk; C:\WINDOWS\System32\DRIVERS\klbackupdisk.sys [53432 2015-06-06] (Kaspersky Lab ZAO)
R1 klbackupflt; C:\WINDOWS\System32\DRIVERS\klbackupflt.sys [70512 2015-06-27] (Kaspersky Lab ZAO)
R2 kldisk; C:\WINDOWS\system32\DRIVERS\kldisk.sys [77728 2016-03-02] (AO Kaspersky Lab)
S0 klelam; C:\WINDOWS\System32\DRIVERS\klelam.sys [30328 2015-06-24] (Kaspersky Lab)
R3 klflt; C:\WINDOWS\system32\DRIVERS\klflt.sys [181640 2015-10-20] (AO Kaspersky Lab)
R1 klhk; C:\WINDOWS\system32\DRIVERS\klhk.sys [238000 2016-05-26] (AO Kaspersky Lab)
R1 KLIF; C:\WINDOWS\System32\DRIVERS\klif.sys [933808 2016-05-26] (AO Kaspersky Lab)
R1 KLIM6; C:\WINDOWS\system32\DRIVERS\klim6.sys [49240 2016-10-12] (AO Kaspersky Lab)
R3 klkbdflt; C:\WINDOWS\system32\DRIVERS\klkbdflt.sys [41656 2015-06-06] (Kaspersky Lab ZAO)
R3 klmouflt; C:\WINDOWS\system32\DRIVERS\klmouflt.sys [41656 2015-06-07] (Kaspersky Lab ZAO)
R1 klpd; C:\WINDOWS\System32\DRIVERS\klpd.sys [41352 2015-10-07] (AO Kaspersky Lab)
R1 klwfp; C:\WINDOWS\system32\DRIVERS\klwfp.sys [87984 2016-05-26] (AO Kaspersky Lab)
R1 Klwtp; C:\WINDOWS\system32\DRIVERS\klwtp.sys [102584 2015-06-16] (Kaspersky Lab ZAO)
R1 kneps; C:\WINDOWS\system32\DRIVERS\kneps.sys [187056 2015-06-23] (Kaspersky Lab ZAO)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2016-12-09] (Malwarebytes)
S3 Neo_VPN; C:\WINDOWS\system32\DRIVERS\Neo_VPN.sys [28640 2015-02-26] (SoftEther VPN Project at University of Tsukuba, Japan.)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R2 NPF; C:\WINDOWS\System32\drivers\npf.sys [36600 2013-03-01] (Riverbed Technology, Inc.)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [589824 2016-07-16] (Realtek                                            )
R1 SeLow; C:\WINDOWS\system32\DRIVERS\SeLow_x64.sys [38368 2015-02-26] (SoftEther VPN Project at University of Tsukuba, Japan.)
R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [51392 2015-10-08] (Synaptics Incorporated)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [165504 2016-09-05] (Samsung Electronics Co., Ltd.)
S3 taphss6; C:\WINDOWS\system32\DRIVERS\taphss6.sys [42184 2014-03-24] (Anchorfree Inc.)
R3 Thotkey; C:\WINDOWS\System32\drivers\Thotkey.sys [54424 2015-07-29] (Toshiba Corporation)
R1 VBoxNetAdp; C:\WINDOWS\system32\DRIVERS\VBoxNetAdp6.sys [121248 2016-09-12] (Oracle Corporation)
R1 VBoxNetLwf; C:\WINDOWS\system32\DRIVERS\VBoxNetLwf.sys [195936 2016-09-12] (Oracle Corporation)
R1 vmkbd3; C:\WINDOWS\system32\DRIVERS\vmkbd.sys [52288 2016-11-11] (VMware, Inc.)
R0 vsock; C:\WINDOWS\system32\DRIVERS\vsock.sys [91712 2016-09-30] (VMware, Inc.)
R2 vstor2-mntapi20-shared; C:\Windows\SysWow64\drivers\vstor2-mntapi20-shared.sys [34520 2015-07-09] (VMware, Inc.)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
U5 REALPLAYERUPDATESVC; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-12-09 10:56 - 2016-12-09 10:57 - 00039565 _____ C:\Users\TOSHIBA\Desktop\FRST.txt
2016-12-09 10:41 - 2016-12-09 10:56 - 02420224 _____ (Farbar) C:\Users\TOSHIBA\Desktop\FRST64.exe
2016-12-09 10:22 - 2016-12-09 10:30 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-12-09 10:22 - 2016-12-09 10:22 - 00001186 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-12-09 10:22 - 2016-03-10 14:09 - 00065408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2016-12-09 10:22 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2016-12-09 10:22 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2016-12-09 08:40 - 2016-12-09 08:40 - 00000000 ____D C:\Users\TOSHIBA\Downloads\Vikings.S04E12.HDTV.x264-KILLERS[ettv]
2016-12-09 08:04 - 2016-12-09 08:04 - 00000000 ____D C:\Users\TOSHIBA\Downloads\Vikings.S04E11.HDTV.x264-KILLERS[ettv]
2016-12-09 07:01 - 2016-12-09 07:01 - 00000000 ____D C:\Users\TOSHIBA\Downloads\Arrow.S05E08.HDTV.x264-LOL[ettv]
2016-12-09 06:39 - 2016-12-09 06:39 - 00000000 ____D C:\Users\TOSHIBA\Downloads\The.Flash.2014.S03E09.HDTV.x264-LOL[ettv]
2016-12-08 07:46 - 2016-12-08 07:47 - 00000000 ____D C:\Users\TOSHIBA\Downloads\CBT Nuggets Cisco Virtual Internet Routing Lab (VIRL)
2016-12-08 06:16 - 2016-12-08 06:16 - 00000656 _____ C:\Users\TOSHIBA\Desktop\windows update10.diagcab
2016-12-06 19:12 - 2016-12-03 17:02 - 298707890 _____ C:\Users\TOSHIBA\Desktop\ICND1_SG.pdf
2016-12-06 06:25 - 2016-12-06 06:25 - 00001831 _____ C:\Users\TOSHIBA\Downloads\8C1961DCB44C0E060A1353B82EC0BEBB717410F4.torrent
2016-12-05 17:45 - 2016-12-05 17:48 - 00000000 ____D C:\Users\TOSHIBA\Desktop\CCNA ICND1 100-105 2016
2016-12-05 08:32 - 2016-12-08 06:55 - 00000000 ____D C:\Users\TOSHIBA\Downloads\CBT Nuggets GNS3 1.x Fundamentals
2016-12-05 08:32 - 2016-12-05 08:32 - 00019100 _____ C:\Users\TOSHIBA\Downloads\[limetorrents.cc]CBT.Nuggets.GNS3.1.x.Fundamentals.torrent
2016-12-05 08:26 - 2016-12-05 08:26 - 00023263 _____ C:\Users\TOSHIBA\Downloads\[limetorrents.cc]CBT.Nuggets.Cisco.Virtual.Internet.Routing.Lab..VIRL..Full.Course.-.2014.torrent
2016-12-05 08:20 - 2016-12-07 06:58 - 00000000 ____D C:\Users\TOSHIBA\Downloads\CBT Nuggets CCNA Hands on Labs Using Wireshark And GNS3 - [FirstUploads]
2016-12-05 08:19 - 2016-12-05 08:19 - 00172127 _____ C:\Users\TOSHIBA\Downloads\[limetorrents.cc]CBT.Nuggets.CCNA.Hands.on.Labs.Using.Wireshark.And.GNS3.-.[FirstUploads].torrent
2016-12-05 06:41 - 2016-12-05 06:41 - 00000000 ____D C:\Users\TOSHIBA\Downloads\Westworld.S01E10.HDTV.x264-FLEET[PRiME]
2016-11-30 14:54 - 2016-11-30 14:54 - 00021789 _____ C:\Users\TOSHIBA\Downloads\the-flash-third-season_HI_english-1455029.zip
2016-11-30 14:52 - 2016-11-30 14:52 - 00022526 _____ C:\Users\TOSHIBA\Downloads\gotham-third-season-2016_HI_english-1454601.zip
2016-11-30 06:39 - 2016-11-30 14:54 - 00000000 ____D C:\Users\TOSHIBA\Downloads\The.Flash.2014.S03E08.HDTV.x264-LOL[ettv]
2016-11-30 06:15 - 2016-11-30 14:53 - 00000000 ____D C:\Users\TOSHIBA\Downloads\Gotham.S03E11.HDTV.x264-LOL[ettv]
2016-11-28 08:23 - 2016-11-28 23:07 - 00000000 ____D C:\Users\TOSHIBA\Downloads\Westworld.S01E09.HDTV.x264-KILLERS[ettv]
2016-11-28 07:53 - 2016-11-28 23:07 - 00000000 ____D C:\Users\TOSHIBA\Downloads\Westworld.S01E08.HDTV.x264-KILLERS[ettv]
2016-11-28 07:31 - 2016-11-28 23:06 - 00000000 ____D C:\Users\TOSHIBA\Downloads\Westworld.S01E07.HDTV.x264-KILLERS[ettv]
2016-11-28 07:01 - 2016-11-28 23:05 - 00000000 ____D C:\Users\TOSHIBA\Downloads\Westworld.S01E06.PROPER.HDTV.x264-KILLERS[ettv]
2016-11-28 06:27 - 2016-11-28 23:04 - 00000000 ____D C:\Users\TOSHIBA\Downloads\Westworld.S01E05.HDTV.x264-KILLERS[ettv]
2016-11-27 08:23 - 2016-11-28 23:03 - 00000000 ____D C:\Users\TOSHIBA\Downloads\Westworld.S01E04.WEBRip.x264-FUM[ettv]
2016-11-27 07:40 - 2016-11-27 22:26 - 00000000 ____D C:\Users\TOSHIBA\Downloads\Westworld.S01E03.PROPER.HDTV.x264-KILLERS[ettv]
2016-11-27 06:45 - 2016-11-27 07:49 - 00000000 ____D C:\Users\TOSHIBA\Downloads\Westworld.S01E02.HDTV.x264-BATV[ettv]
2016-11-26 07:44 - 2016-11-26 19:33 - 00000000 ____D C:\Users\TOSHIBA\Downloads\The.Flash.2014.S03E07.HDTV.x264-LOL[ettv]
2016-11-25 17:11 - 2016-11-25 17:19 - 00000000 ____D C:\Users\TOSHIBA\Desktop\All Cisco Labs Eng Adel Al Hamedy
2016-11-25 13:57 - 2016-11-25 13:56 - 00113365 _____ C:\Users\TOSHIBA\Desktop\Static Route .pkt
2016-11-25 10:12 - 2016-11-25 10:17 - 00000000 ____D C:\Users\TOSHIBA\Cisco Packet Tracer 6.3
2016-11-25 10:10 - 2016-11-25 10:11 - 00000000 ____D C:\Program Files (x86)\Cisco Packet Tracer 6.3
2016-11-25 10:05 - 2016-11-25 10:05 - 00024679 _____ C:\Users\TOSHIBA\Downloads\westworld-first-season_HI_english-1417065.zip
2016-11-25 08:29 - 2016-11-25 08:29 - 00012207 _____ C:\Users\TOSHIBA\Downloads\Static Route (Demo).pkt
2016-11-25 08:01 - 2016-11-25 11:32 - 00000000 ____D C:\Users\TOSHIBA\Cisco Packet Tracer 7.0
2016-11-24 21:53 - 2016-11-24 21:55 - 00000000 ____D C:\Users\TOSHIBA\Desktop\Lynda.com - Illustrator CC Essential Training
2016-11-24 21:38 - 2015-08-15 11:39 - 127926272 _____ C:\Users\TOSHIBA\Desktop\IOSv-L3.qcow2
2016-11-22 23:06 - 2016-11-25 10:05 - 00000000 ____D C:\Users\TOSHIBA\Downloads\Westworld.S01E01.HDTV.x264-FUM[ettv]
2016-11-22 22:56 - 2016-11-22 22:56 - 00025779 _____ C:\Users\TOSHIBA\Downloads\gotham-third-season-2016_HI_english-1450551.zip
2016-11-22 19:34 - 2013-07-23 23:56 - 2459025408 _____ C:\Users\TOSHIBA\Desktop\kali-linux-1.0.4-amd64.iso
2016-11-22 06:39 - 2016-11-22 22:56 - 00000000 ____D C:\Users\TOSHIBA\Downloads\Gotham.S03E10.HDTV.x264-LOL[ettv]
2016-11-17 07:21 - 2016-11-17 07:35 - 172982492 _____ C:\Users\TOSHIBA\Downloads\L3-ADVENTERPRISEK9-M-15.5-2T.bin
2016-11-17 07:05 - 2016-11-18 00:05 - 00000000 ____D C:\Users\TOSHIBA\Downloads\Arrow.S05E07.HDTV.x264-LOL[ettv]
2016-11-16 11:16 - 2016-12-08 08:24 - 00000000 ____D C:\Users\TOSHIBA\GNS3
2016-11-16 11:15 - 2016-11-16 11:16 - 00000000 ____D C:\Users\TOSHIBA\AppData\Roaming\GNS3
2016-11-16 11:15 - 2016-11-16 11:15 - 00001658 _____ C:\Users\TOSHIBA\Desktop\GNS3.lnk
2016-11-16 11:15 - 2016-11-16 11:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GNS3
2016-11-16 11:14 - 2016-11-16 11:15 - 00000000 ____D C:\Program Files\GNS3
2016-11-16 08:47 - 2016-11-16 08:47 - 00001160 _____ C:\Users\Public\Desktop\Oracle VM VirtualBox.lnk
2016-11-16 08:47 - 2016-11-16 08:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Oracle VM VirtualBox
2016-11-16 08:47 - 2016-11-16 08:47 - 00000000 ____D C:\Program Files\Oracle
2016-11-16 08:47 - 2016-09-12 18:17 - 00149256 _____ (Oracle Corporation) C:\WINDOWS\system32\Drivers\VBoxUSBMon.sys
2016-11-16 08:08 - 2016-11-16 08:08 - 00000000 ____D C:\Users\TOSHIBA\Documents\Virtual Machines
2016-11-16 08:06 - 2016-11-16 08:45 - 00000000 ____D C:\Users\TOSHIBA\AppData\Roaming\VMware
2016-11-16 08:06 - 2016-11-16 08:45 - 00000000 ____D C:\Users\TOSHIBA\AppData\Local\VMware
2016-11-16 07:54 - 2016-11-16 07:54 - 00000000 ____D C:\Users\TOSHIBA\Desktop\Keygen-AMPED
2016-11-16 07:54 - 2016-11-11 23:22 - 00400968 _____ (VMware, Inc.) C:\WINDOWS\SysWOW64\vmnat.exe
2016-11-16 07:54 - 2016-11-11 23:22 - 00366664 _____ (VMware, Inc.) C:\WINDOWS\SysWOW64\vmnetdhcp.exe
2016-11-16 07:54 - 2016-11-11 23:21 - 01148488 _____ (VMware, Inc.) C:\WINDOWS\system32\vnetlib64.dll
2016-11-16 07:54 - 2016-11-11 23:16 - 00088128 _____ (VMware, Inc.) C:\WINDOWS\system32\Drivers\vmx86.sys
2016-11-16 07:54 - 2016-11-11 23:16 - 00052288 _____ (VMware, Inc.) C:\WINDOWS\system32\Drivers\vmkbd.sys
2016-11-16 07:54 - 2016-11-11 23:05 - 00066624 _____ (VMware, Inc.) C:\WINDOWS\system32\vnetinst.dll
2016-11-16 07:54 - 2016-11-11 23:05 - 00044096 _____ (VMware, Inc.) C:\WINDOWS\system32\Drivers\vmnetuserif.sys
2016-11-16 07:54 - 2016-09-30 01:12 - 00091712 _____ (VMware, Inc.) C:\WINDOWS\system32\Drivers\vsock.sys
2016-11-16 07:54 - 2016-09-30 01:12 - 00069104 _____ (VMware, Inc.) C:\WINDOWS\system32\vsocklib.dll
2016-11-16 07:54 - 2016-09-30 01:12 - 00065016 _____ (VMware, Inc.) C:\WINDOWS\SysWOW64\vsocklib.dll
2016-11-16 07:53 - 2016-11-16 07:53 - 01617228 _____ C:\WINDOWS\SysWOW64\PerfStringBackup.INI
2016-11-16 07:53 - 2016-11-16 07:53 - 00001287 _____ C:\Users\Public\Desktop\VMware Workstation Pro.lnk
2016-11-16 07:53 - 2016-11-16 07:53 - 00001024 _____ C:\WINDOWS\SysWOW64\%TMP%
2016-11-16 07:53 - 2016-11-16 07:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VMware
2016-11-16 07:53 - 2016-09-06 18:48 - 00083008 _____ (VMware, Inc.) C:\WINDOWS\system32\Drivers\hcmon.sys
2016-11-16 07:52 - 2016-12-09 10:18 - 00000000 ____D C:\ProgramData\VMware
2016-11-16 07:52 - 2016-11-16 07:52 - 00000000 ____D C:\Users\Public\Documents\Shared Virtual Machines
2016-11-16 07:52 - 2016-11-16 07:52 - 00000000 ____D C:\Program Files\Common Files\VMware
2016-11-16 07:52 - 2016-11-16 07:52 - 00000000 ____D C:\Program Files (x86)\VMware
2016-11-16 07:11 - 2016-11-16 07:11 - 00000000 ____D C:\Users\TOSHIBA\Downloads\VMware Workstation Pro v12.5.2 Build 4638234 Incl Keygen [Androgalaxy]
2016-11-16 06:40 - 2016-11-16 22:36 - 00000000 ____D C:\Users\TOSHIBA\Downloads\The.Flash.2014.S03E06.HDTV.x264-LOL[ettv]
2016-11-16 05:52 - 2016-11-17 07:35 - 00000000 ____D C:\Users\TOSHIBA\Desktop\IOU in GNS3 Ziad
2016-11-15 06:49 - 2016-11-16 22:41 - 00000000 ____D C:\Users\TOSHIBA\Downloads\Gotham.S03E09.HDTV.x264-LOL[ettv]
2016-11-14 07:31 - 2016-11-14 07:31 - 00000000 ____D C:\Users\TOSHIBA\Documents\OneNote Notebooks
2016-11-13 06:56 - 2016-11-18 00:04 - 00000000 ____D C:\Users\TOSHIBA\Downloads\Arrow.S05E06.HDTV.x264-LOL[ettv]
2016-11-11 23:05 - 2016-11-11 23:05 - 00098360 _____ (VMware, Inc.) C:\WINDOWS\system32\vmnetbridge.dll
2016-11-11 23:05 - 2016-11-11 23:05 - 00066624 _____ (VMware, Inc.) C:\WINDOWS\system32\Drivers\vmnetbridge.sys
2016-11-11 23:05 - 2016-11-11 23:05 - 00046144 _____ (VMware, Inc.) C:\WINDOWS\system32\Drivers\vmnetadapter.sys
2016-11-11 23:05 - 2016-11-11 23:05 - 00045632 _____ (VMware, Inc.) C:\WINDOWS\system32\Drivers\vmnet.sys
2016-11-11 07:43 - 2016-11-13 22:32 - 00000000 ____D C:\Users\TOSHIBA\Downloads\The.Blacklist.S04E08.HDTV.x264-KILLERS[ettv]
2016-11-10 08:33 - 2016-11-18 00:03 - 00000000 ____D C:\Users\TOSHIBA\Downloads\Arrow.S05E05.HDTV.x264-LOL[ettv]
2016-11-09 13:05 - 2016-11-02 14:01 - 00484584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2016-11-09 13:05 - 2016-11-02 14:01 - 00315744 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2016-11-09 13:05 - 2016-11-02 13:22 - 01570672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2016-11-09 13:05 - 2016-11-02 13:22 - 00601712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2016-11-09 13:05 - 2016-11-02 13:20 - 00590960 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2016-11-09 13:05 - 2016-11-02 13:13 - 01883784 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2016-11-09 13:05 - 2016-11-02 13:13 - 00773720 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2016-11-09 13:05 - 2016-11-02 13:12 - 02255712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2016-11-09 13:05 - 2016-11-02 13:12 - 00376672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2016-11-09 13:05 - 2016-11-02 13:12 - 00341344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2016-11-09 13:05 - 2016-11-02 13:10 - 02323728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll
2016-11-09 13:05 - 2016-11-02 13:09 - 02257104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2016-11-09 13:05 - 2016-11-02 13:08 - 00576408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2016-11-09 13:05 - 2016-11-02 13:08 - 00186424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\weretw.dll
2016-11-09 13:05 - 2016-11-02 13:05 - 06657176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2016-11-09 13:05 - 2016-11-02 13:05 - 03892352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2016-11-09 13:05 - 2016-11-02 13:05 - 00959112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2016-11-09 13:05 - 2016-11-02 13:05 - 00951904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2016-11-09 13:05 - 2016-11-02 13:05 - 00405856 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2016-11-09 13:05 - 2016-11-02 13:04 - 04312248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2016-11-09 13:05 - 2016-11-02 13:03 - 00714592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2016-11-09 13:05 - 2016-11-02 13:02 - 00682816 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2016-11-09 13:05 - 2016-11-02 13:02 - 00238056 _____ (Microsoft Corporation) C:\WINDOWS\system32\weretw.dll
2016-11-09 13:05 - 2016-11-02 13:01 - 01415744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2016-11-09 13:05 - 2016-11-02 13:01 - 01263856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2016-11-09 13:05 - 2016-11-02 13:01 - 00545936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2016-11-09 13:05 - 2016-11-02 13:00 - 08156080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2016-11-09 13:05 - 2016-11-02 13:00 - 01274712 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2016-11-09 13:05 - 2016-11-02 13:00 - 00534096 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2016-11-09 13:05 - 2016-11-02 12:59 - 04673304 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2016-11-09 13:05 - 2016-11-02 12:50 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LaunchWinApp.exe
2016-11-09 13:05 - 2016-11-02 12:49 - 00147968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32k.sys
2016-11-09 13:05 - 2016-11-02 12:49 - 00037376 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2016-11-09 13:05 - 2016-11-02 12:48 - 00081408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2016-11-09 13:05 - 2016-11-02 12:47 - 00047104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Shell.Search.UriHandler.dll
2016-11-09 13:05 - 2016-11-02 12:46 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininetlui.dll
2016-11-09 13:05 - 2016-11-02 12:44 - 00180224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2016-11-09 13:05 - 2016-11-02 12:44 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AuthExt.dll
2016-11-09 13:05 - 2016-11-02 12:43 - 00557568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll
2016-11-09 13:05 - 2016-11-02 12:42 - 00632832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sud.dll
2016-11-09 13:05 - 2016-11-02 12:42 - 00549376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActionCenterCPL.dll
2016-11-09 13:05 - 2016-11-02 12:42 - 00506880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DevicePairing.dll
2016-11-09 13:05 - 2016-11-02 12:42 - 00223232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgentUserBroker.exe
2016-11-09 13:05 - 2016-11-02 12:40 - 00896512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontext.dll
2016-11-09 13:05 - 2016-11-02 12:40 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\indexeddbserver.dll
2016-11-09 13:05 - 2016-11-02 12:39 - 00465920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppBroker.dll
2016-11-09 13:05 - 2016-11-02 12:39 - 00348672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\zipfldr.dll
2016-11-09 13:05 - 2016-11-02 12:38 - 00760832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\appwiz.cpl
2016-11-09 13:05 - 2016-11-02 12:37 - 19415040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-11-09 13:05 - 2016-11-02 12:36 - 07626752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2016-11-09 13:05 - 2016-11-02 12:34 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\LaunchWinApp.exe
2016-11-09 13:05 - 2016-11-02 12:33 - 12349952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2016-11-09 13:05 - 2016-11-02 12:33 - 03307520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2016-11-09 13:05 - 2016-11-02 12:32 - 00040448 _____ (Microsoft Corporation) C:\WINDOWS\system32\efsext.dll
2016-11-09 13:05 - 2016-11-02 12:31 - 01228288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usercpl.dll
2016-11-09 13:05 - 2016-11-02 12:31 - 00226304 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcTok.exe
2016-11-09 13:05 - 2016-11-02 12:31 - 00115712 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSpkg.dll
2016-11-09 13:05 - 2016-11-02 12:31 - 00097792 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2016-11-09 13:05 - 2016-11-02 12:31 - 00090624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
2016-11-09 13:05 - 2016-11-02 12:30 - 09131008 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2016-11-09 13:05 - 2016-11-02 12:30 - 00567296 _____ (Microsoft Corporation) C:\WINDOWS\system32\DevicePairing.dll
2016-11-09 13:05 - 2016-11-02 12:30 - 00109056 _____ (Microsoft Corporation) C:\WINDOWS\system32\dab.dll
2016-11-09 13:05 - 2016-11-02 12:30 - 00058880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Shell.Search.UriHandler.dll
2016-11-09 13:05 - 2016-11-02 12:29 - 07469056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2016-11-09 13:05 - 2016-11-02 12:29 - 00884224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2016-11-09 13:05 - 2016-11-02 12:29 - 00336896 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkBindingEngineMigPlugin.dll
2016-11-09 13:05 - 2016-11-02 12:29 - 00296960 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsensorgroup.dll
2016-11-09 13:05 - 2016-11-02 12:29 - 00122368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NPSM.dll
2016-11-09 13:05 - 2016-11-02 12:28 - 04423680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll
2016-11-09 13:05 - 2016-11-02 12:28 - 00566784 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActionCenterCPL.dll
2016-11-09 13:05 - 2016-11-02 12:28 - 00432128 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpAXHolder.dll
2016-11-09 13:05 - 2016-11-02 12:28 - 00411136 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCenter.dll
2016-11-09 13:05 - 2016-11-02 12:28 - 00324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.LockScreen.dll
2016-11-09 13:05 - 2016-11-02 12:28 - 00274432 _____ (Microsoft Corporation) C:\WINDOWS\system32\ListSvc.dll
2016-11-09 13:05 - 2016-11-02 12:28 - 00252928 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll
2016-11-09 13:05 - 2016-11-02 12:28 - 00240640 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkDesktopSettings.dll
2016-11-09 13:05 - 2016-11-02 12:28 - 00115200 _____ (Microsoft Corporation) C:\WINDOWS\system32\IdCtrls.dll
2016-11-09 13:05 - 2016-11-02 12:28 - 00109568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\chartv.dll
2016-11-09 13:05 - 2016-11-02 12:28 - 00079360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\asycfilt.dll
2016-11-09 13:05 - 2016-11-02 12:27 - 02458112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\themecpl.dll
2016-11-09 13:05 - 2016-11-02 12:27 - 01388544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Cred.dll
2016-11-09 13:05 - 2016-11-02 12:27 - 00631296 _____ (Microsoft Corporation) C:\WINDOWS\system32\WlanMediaManager.dll
2016-11-09 13:05 - 2016-11-02 12:27 - 00580608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hgcpl.dll
2016-11-09 13:05 - 2016-11-02 12:27 - 00545792 _____ (Microsoft Corporation) C:\WINDOWS\system32\timedate.cpl
2016-11-09 13:05 - 2016-11-02 12:27 - 00495104 _____ (Microsoft Corporation) C:\WINDOWS\system32\DataSenseHandlers.dll
2016-11-09 13:05 - 2016-11-02 12:27 - 00422400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.dll
2016-11-09 13:05 - 2016-11-02 12:26 - 02747392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpcore.dll
2016-11-09 13:05 - 2016-11-02 12:26 - 02484736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gameux.dll
2016-11-09 13:05 - 2016-11-02 12:26 - 00912896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comdlg32.dll
2016-11-09 13:05 - 2016-11-02 12:26 - 00712192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Search.dll
2016-11-09 13:05 - 2016-11-02 12:26 - 00579072 _____ (Microsoft Corporation) C:\WINDOWS\system32\ddraw.dll
2016-11-09 13:05 - 2016-11-02 12:26 - 00388608 _____ (Microsoft Corporation) C:\WINDOWS\system32\zipfldr.dll
2016-11-09 13:05 - 2016-11-02 12:26 - 00358912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\stobject.dll
2016-11-09 13:05 - 2016-11-02 12:26 - 00278016 _____ (Microsoft Corporation) C:\WINDOWS\system32\netplwiz.dll
2016-11-09 13:05 - 2016-11-02 12:26 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll
2016-11-09 13:05 - 2016-11-02 12:25 - 02998272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2016-11-09 13:05 - 2016-11-02 12:25 - 01556480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll
2016-11-09 13:05 - 2016-11-02 12:25 - 00655872 _____ (Microsoft Corporation) C:\WINDOWS\system32\sud.dll
2016-11-09 13:05 - 2016-11-02 12:25 - 00496128 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.UserAccountsHandlers.dll
2016-11-09 13:05 - 2016-11-02 12:24 - 00940032 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontext.dll
2016-11-09 13:05 - 2016-11-02 12:23 - 03106304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstsc.exe
2016-11-09 13:05 - 2016-11-02 12:23 - 02104320 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
2016-11-09 13:05 - 2016-11-02 12:23 - 00101888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bowser.sys
2016-11-09 13:05 - 2016-11-02 12:22 - 13441024 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2016-11-09 13:05 - 2016-11-02 12:22 - 04749312 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2016-11-09 13:05 - 2016-11-02 12:22 - 00337920 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2016-11-09 13:05 - 2016-11-02 12:21 - 00942080 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2016-11-09 13:05 - 2016-11-02 12:19 - 00981504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.OnlineId.dll
2016-11-09 13:05 - 2016-11-02 12:19 - 00154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\NPSM.dll
2016-11-09 13:05 - 2016-11-02 12:19 - 00130560 _____ (Microsoft Corporation) C:\WINDOWS\system32\chartv.dll
2016-11-09 13:05 - 2016-11-02 12:19 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\system32\asycfilt.dll
2016-11-09 13:05 - 2016-11-02 12:18 - 00991232 _____ (Microsoft Corporation) C:\WINDOWS\system32\comdlg32.dll
2016-11-09 13:05 - 2016-11-02 12:18 - 00836608 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcRefreshTask.dll
2016-11-09 13:05 - 2016-11-02 12:17 - 01282048 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2016-11-09 13:05 - 2016-11-02 12:17 - 00909824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Search.dll
2016-11-09 13:05 - 2016-11-02 12:17 - 00828416 _____ (Microsoft Corporation) C:\WINDOWS\system32\appwiz.cpl
2016-11-09 13:05 - 2016-11-02 12:17 - 00389632 _____ (Microsoft Corporation) C:\WINDOWS\system32\stobject.dll
2016-11-09 13:05 - 2016-11-02 12:16 - 03400192 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncCenter.dll
2016-11-09 13:05 - 2016-11-02 12:16 - 03133440 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcore.dll
2016-11-09 13:05 - 2016-11-02 12:16 - 02512384 _____ (Microsoft Corporation) C:\WINDOWS\system32\themecpl.dll
2016-11-09 13:05 - 2016-11-02 12:16 - 01359360 _____ (Microsoft Corporation) C:\WINDOWS\system32\usercpl.dll
2016-11-09 13:05 - 2016-11-02 12:16 - 00881664 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2016-11-09 13:05 - 2016-11-02 12:16 - 00629248 _____ (Microsoft Corporation) C:\WINDOWS\system32\hgcpl.dll
2016-11-09 13:05 - 2016-11-02 12:16 - 00308736 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActionCenter.dll
2016-11-09 13:05 - 2016-11-02 12:15 - 02611200 _____ (Microsoft Corporation) C:\WINDOWS\system32\gameux.dll
2016-11-09 13:05 - 2016-11-02 12:15 - 00483328 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.dll
2016-11-09 13:05 - 2016-11-02 12:14 - 01726976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
2016-11-09 13:05 - 2016-11-02 10:20 - 00446896 _____ C:\WINDOWS\system32\ApnDatabase.xml
2016-11-09 13:04 - 2016-11-02 13:20 - 00378720 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2016-11-09 13:04 - 2016-11-02 13:15 - 01051112 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2016-11-09 13:04 - 2016-11-02 13:15 - 00894096 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2016-11-09 13:04 - 2016-11-02 13:14 - 07816544 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-11-09 13:04 - 2016-11-02 13:13 - 01354320 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2016-11-09 13:04 - 2016-11-02 13:13 - 01173496 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2016-11-09 13:04 - 2016-11-02 13:13 - 00423776 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifitask.exe
2016-11-09 13:04 - 2016-11-02 13:08 - 00602464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll
2016-11-09 13:04 - 2016-11-02 13:08 - 00111968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupApi.dll
2016-11-09 13:04 - 2016-11-02 13:05 - 20969928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2016-11-09 13:04 - 2016-11-02 13:04 - 02678056 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll
2016-11-09 13:04 - 2016-11-02 13:04 - 00596832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comctl32.dll
2016-11-09 13:04 - 2016-11-02 13:03 - 02750936 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2016-11-09 13:04 - 2016-11-02 13:02 - 00848736 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll
2016-11-09 13:04 - 2016-11-02 13:02 - 00148832 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupApi.dll
2016-11-09 13:04 - 2016-11-02 13:01 - 01425000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d9.dll
2016-11-09 13:04 - 2016-11-02 13:01 - 00276832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\input.dll
2016-11-09 13:04 - 2016-11-02 13:01 - 00092512 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2016-11-09 13:04 - 2016-11-02 13:00 - 22223968 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2016-11-09 13:04 - 2016-11-02 13:00 - 04130432 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2016-11-09 13:04 - 2016-11-02 13:00 - 01061968 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2016-11-09 13:04 - 2016-11-02 12:56 - 01609920 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d9.dll
2016-11-09 13:04 - 2016-11-02 12:56 - 01572768 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2016-11-09 13:04 - 2016-11-02 12:56 - 01418312 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2016-11-09 13:04 - 2016-11-02 12:56 - 00628552 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2016-11-09 13:04 - 2016-11-02 12:56 - 00322912 _____ (Microsoft Corporation) C:\WINDOWS\system32\input.dll
2016-11-09 13:04 - 2016-11-02 12:55 - 00048992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\iorate.sys
2016-11-09 13:04 - 2016-11-02 12:48 - 00095232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TSpkg.dll
2016-11-09 13:04 - 2016-11-02 12:48 - 00032768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\efsext.dll
2016-11-09 13:04 - 2016-11-02 12:47 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.BlockedShutdown.dll
2016-11-09 13:04 - 2016-11-02 12:47 - 00156672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BcastDVRHelper.dll
2016-11-09 13:04 - 2016-11-02 12:46 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppCapture.dll
2016-11-09 13:04 - 2016-11-02 12:45 - 00492032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcastdvr.exe
2016-11-09 13:04 - 2016-11-02 12:45 - 00253952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.BioFeedback.dll
2016-11-09 13:04 - 2016-11-02 12:45 - 00182784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsensorgroup.dll
2016-11-09 13:04 - 2016-11-02 12:44 - 00231936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.LockScreen.dll
2016-11-09 13:04 - 2016-11-02 12:43 - 00731136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d8.dll
2016-11-09 13:04 - 2016-11-02 12:43 - 00270336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2016-11-09 13:04 - 2016-11-02 12:43 - 00198144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FSClient.dll
2016-11-09 13:04 - 2016-11-02 12:43 - 00126464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2016-11-09 13:04 - 2016-11-02 12:42 - 00866816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Cred.dll
2016-11-09 13:04 - 2016-11-02 12:42 - 00306176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2016-11-09 13:04 - 2016-11-02 12:42 - 00202752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.HumanInterfaceDevice.dll
2016-11-09 13:04 - 2016-11-02 12:41 - 00635904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2016-11-09 13:04 - 2016-11-02 12:40 - 00548352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ddraw.dll
2016-11-09 13:04 - 2016-11-02 12:39 - 00236544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAnimation.dll
2016-11-09 13:04 - 2016-11-02 12:38 - 22563840 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-11-09 13:04 - 2016-11-02 12:36 - 19415552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-11-09 13:04 - 2016-11-02 12:36 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ErrorDetailsUpdate.dll
2016-11-09 13:04 - 2016-11-02 12:35 - 00336896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msinfo32.exe
2016-11-09 13:04 - 2016-11-02 12:34 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\system32\microsoft-windows-system-events.dll
2016-11-09 13:04 - 2016-11-02 12:33 - 00206848 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2016-11-09 13:04 - 2016-11-02 12:32 - 00045056 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2016-11-09 13:04 - 2016-11-02 12:31 - 03196416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
2016-11-09 13:04 - 2016-11-02 12:31 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\system32\BcastDVRHelper.dll
2016-11-09 13:04 - 2016-11-02 12:31 - 00170496 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppCapture.dll
2016-11-09 13:04 - 2016-11-02 12:31 - 00159232 _____ (Microsoft Corporation) C:\WINDOWS\system32\ACPBackgroundManagerPolicy.dll
2016-11-09 13:04 - 2016-11-02 12:31 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininetlui.dll
2016-11-09 13:04 - 2016-11-02 12:30 - 12175360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-11-09 13:04 - 2016-11-02 12:30 - 00635904 _____ (Microsoft Corporation) C:\WINDOWS\system32\FlightSettings.dll
2016-11-09 13:04 - 2016-11-02 12:30 - 00363520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.BioFeedback.dll
2016-11-09 13:04 - 2016-11-02 12:30 - 00321536 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2016-11-09 13:04 - 2016-11-02 12:30 - 00134144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ErrorDetails.dll
2016-11-09 13:04 - 2016-11-02 12:29 - 03666432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-11-09 13:04 - 2016-11-02 12:29 - 01247232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Globalization.dll
2016-11-09 13:04 - 2016-11-02 12:29 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.BlockedShutdown.dll
2016-11-09 13:04 - 2016-11-02 12:29 - 00314880 _____ (Microsoft Corporation) C:\WINDOWS\system32\FSClient.dll
2016-11-09 13:04 - 2016-11-02 12:29 - 00276992 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2016-11-09 13:04 - 2016-11-02 12:29 - 00211968 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2016-11-09 13:04 - 2016-11-02 12:29 - 00139264 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2016-11-09 13:04 - 2016-11-02 12:28 - 06044160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2016-11-09 13:04 - 2016-11-02 12:28 - 00807424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.OnlineId.dll
2016-11-09 13:04 - 2016-11-02 12:28 - 00748544 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2016-11-09 13:04 - 2016-11-02 12:28 - 00690176 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2016-11-09 13:04 - 2016-11-02 12:28 - 00321024 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkUXBroker.dll
2016-11-09 13:04 - 2016-11-02 12:28 - 00279552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.HumanInterfaceDevice.dll
2016-11-09 13:04 - 2016-11-02 12:28 - 00260608 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgentUserBroker.exe
2016-11-09 13:04 - 2016-11-02 12:28 - 00088576 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2016-11-09 13:04 - 2016-11-02 12:27 - 23677952 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-11-09 13:04 - 2016-11-02 12:27 - 00605184 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe
2016-11-09 13:04 - 2016-11-02 12:27 - 00261632 _____ (Microsoft Corporation) C:\WINDOWS\system32\indexeddbserver.dll
2016-11-09 13:04 - 2016-11-02 12:26 - 01880576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2016-11-09 13:04 - 2016-11-02 12:26 - 01595392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-11-09 13:04 - 2016-11-02 12:26 - 01509376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2016-11-09 13:04 - 2016-11-02 12:26 - 00798208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2016-11-09 13:04 - 2016-11-02 12:26 - 00273920 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAnimation.dll
2016-11-09 13:04 - 2016-11-02 12:25 - 02256384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2016-11-09 13:04 - 2016-11-02 12:25 - 00956416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2016-11-09 13:04 - 2016-11-02 12:25 - 00772608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntshrui.dll
2016-11-09 13:04 - 2016-11-02 12:25 - 00541696 _____ (Microsoft Corporation) C:\WINDOWS\system32\ipnathlp.dll
2016-11-09 13:04 - 2016-11-02 12:24 - 03778560 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2016-11-09 13:04 - 2016-11-02 12:23 - 02356736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVidCtl.dll
2016-11-09 13:04 - 2016-11-02 12:23 - 00199680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GlobCollationHost.dll
2016-11-09 13:04 - 2016-11-02 12:23 - 00072704 _____ (Microsoft Corporation) C:\WINDOWS\system32\ErrorDetailsUpdate.dll
2016-11-09 13:04 - 2016-11-02 12:22 - 13081600 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-11-09 13:04 - 2016-11-02 12:22 - 00369664 _____ (Microsoft Corporation) C:\WINDOWS\system32\msinfo32.exe
2016-11-09 13:04 - 2016-11-02 12:21 - 05111296 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
2016-11-09 13:04 - 2016-11-02 12:20 - 02273792 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2016-11-09 13:04 - 2016-11-02 12:20 - 00167936 _____ (Microsoft Corporation) C:\WINDOWS\system32\ErrorDetails.dll
2016-11-09 13:04 - 2016-11-02 12:19 - 08127488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-11-09 13:04 - 2016-11-02 12:19 - 08075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2016-11-09 13:04 - 2016-11-02 12:19 - 01586176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Globalization.dll
2016-11-09 13:04 - 2016-11-02 12:19 - 00805888 _____ (Microsoft Corporation) C:\WINDOWS\system32\FrameServer.dll
2016-11-09 13:04 - 2016-11-02 12:18 - 01690112 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2016-11-09 13:04 - 2016-11-02 12:18 - 00243712 _____ (Microsoft Corporation) C:\WINDOWS\system32\shdocvw.dll
2016-11-09 13:04 - 2016-11-02 12:17 - 04746752 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-11-09 13:04 - 2016-11-02 12:17 - 00982528 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2016-11-09 13:04 - 2016-11-02 12:16 - 04148736 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2016-11-09 13:04 - 2016-11-02 12:16 - 02688512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2016-11-09 13:04 - 2016-11-02 12:16 - 02669056 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2016-11-09 13:04 - 2016-11-02 12:16 - 01779712 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-11-09 13:04 - 2016-11-02 12:16 - 01637888 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2016-11-09 13:04 - 2016-11-02 12:16 - 01490944 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2016-11-09 13:04 - 2016-11-02 12:16 - 00770560 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2016-11-09 13:04 - 2016-11-02 12:16 - 00579072 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppBroker.dll
2016-11-09 13:04 - 2016-11-02 12:16 - 00265728 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
2016-11-09 13:04 - 2016-11-02 12:15 - 04708864 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
2016-11-09 13:04 - 2016-11-02 12:15 - 03616768 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-11-09 13:04 - 2016-11-02 12:15 - 01513472 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2016-11-09 13:04 - 2016-11-02 12:15 - 01348608 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll
2016-11-09 13:04 - 2016-11-02 12:15 - 00842240 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntshrui.dll
2016-11-09 13:04 - 2016-11-02 12:13 - 03496960 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVidCtl.dll
2016-11-09 13:04 - 2016-11-02 12:13 - 03299840 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstsc.exe
2016-11-09 13:04 - 2016-11-02 12:13 - 00322048 _____ (Microsoft Corporation) C:\WINDOWS\system32\GlobCollationHost.dll
2016-11-09 13:04 - 2016-11-02 11:11 - 00788624 _____ C:\WINDOWS\SysWOW64\locale.nls
2016-11-09 13:04 - 2016-11-02 11:11 - 00788624 _____ C:\WINDOWS\system32\locale.nls
2016-11-09 13:04 - 2016-08-02 06:30 - 00822784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2016-11-09 08:00 - 2016-11-10 11:13 - 00000000 ____D C:\Users\TOSHIBA\Downloads\The.Blacklist.S04E07.HDTV.x264-KILLERS[ettv]
2016-11-09 07:56 - 2016-11-16 22:38 - 00000000 ____D C:\Users\TOSHIBA\Downloads\Gotham.S03E08.HDTV.x264-LOL[ettv]

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-12-09 10:56 - 2016-08-22 15:18 - 00000000 ____D C:\FRST
2016-12-09 10:34 - 2013-10-14 07:10 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2016-12-09 10:22 - 2014-05-17 09:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-12-09 10:22 - 2014-05-17 09:08 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-12-09 10:20 - 2014-11-13 09:29 - 00000575 _____ C:\WINDOWS\SysWOW64\router.xml
2016-12-09 10:18 - 2016-10-12 13:55 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-12-09 10:18 - 2016-07-16 08:04 - 00524288 _____ C:\WINDOWS\system32\config\BBI
2016-12-09 10:17 - 2016-10-25 23:24 - 00000000 ____D C:\Users\TOSHIBA\AppData\Roaming\DMCache
2016-12-09 10:12 - 2014-02-28 10:50 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-12-09 10:11 - 2016-09-13 10:06 - 00000000 ____D C:\Users\TOSHIBA\AppData\Roaming\uTorrent
2016-12-09 09:07 - 2014-01-15 15:00 - 00004437 _____ C:\Users\TOSHIBA\Desktop\Pass.txt
2016-12-09 08:47 - 2013-10-19 02:34 - 00001518 _____ C:\Users\TOSHIBA\Desktop\iexplore.lnk
2016-12-09 08:37 - 2016-10-12 12:58 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2016-12-09 08:11 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-12-09 08:09 - 2016-09-13 10:07 - 00000942 _____ C:\Users\TOSHIBA\Desktop\µTorrent.lnk
2016-12-09 07:40 - 2015-04-16 08:04 - 00000000 ____D C:\Users\TOSHIBA\Downloads\Video
2016-12-09 06:31 - 2015-12-07 19:50 - 00002283 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-12-09 06:31 - 2015-12-07 19:50 - 00002271 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-12-09 06:22 - 2016-07-16 13:47 - 00000000 ___HD C:\Program Files\WindowsApps
2016-12-09 06:08 - 2013-10-16 22:58 - 00000000 ____D C:\Users\TOSHIBA\AppData\Local\Adobe
2016-12-08 16:54 - 2013-01-11 01:11 - 00000000 ____D C:\Users\TOSHIBA\AppData\Local\VirtualStore
2016-12-08 16:49 - 2015-04-06 19:05 - 00000000 ____D C:\Users\TOSHIBA\.VirtualBox
2016-12-08 15:12 - 2015-09-09 10:00 - 00000540 _____ C:\Users\TOSHIBA\.packettracer
2016-12-08 14:35 - 2016-09-16 23:19 - 00000000 ____D C:\Users\TOSHIBA\AppData\Roaming\vlc
2016-12-08 11:57 - 2014-06-27 08:56 - 00000000 ____D C:\ProgramData\Real
2016-12-08 11:57 - 2014-06-27 08:56 - 00000000 ____D C:\Program Files (x86)\Real
2016-12-08 11:57 - 2014-06-27 08:55 - 00000000 ____D C:\Users\TOSHIBA\AppData\Roaming\Real
2016-12-08 11:52 - 2013-01-11 01:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Golden Al-Wafi Translator
2016-12-08 06:18 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\system32\NDF
2016-12-08 06:12 - 2015-04-16 08:04 - 00000000 ____D C:\Users\TOSHIBA\Downloads\Compressed
2016-12-07 18:29 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\SchCache
2016-12-06 15:14 - 2016-10-12 13:07 - 00000000 ____D C:\Users\TOSHIBA
2016-12-06 12:58 - 2014-07-27 13:02 - 00000000 ____D C:\Users\TOSHIBA\AppData\Local\ElevatedDiagnostics
2016-12-03 07:02 - 2013-01-11 01:11 - 00000000 ____D C:\Users\TOSHIBA\AppData\Local\Packages
2016-11-30 06:18 - 2016-10-22 12:47 - 00000000 ____D C:\Users\TOSHIBA\Desktop\Mov
2016-11-25 11:17 - 2016-10-16 13:36 - 00001090 _____ C:\Users\TOSHIBA\Desktop\Cisco Packet Tracer.lnk
2016-11-25 11:17 - 2016-10-16 13:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cisco Packet Tracer
2016-11-25 11:17 - 2016-10-16 13:36 - 00000000 ____D C:\Program Files\Cisco Packet Tracer 7.0
2016-11-25 08:01 - 2016-10-16 13:37 - 00021504 _____ C:\Users\TOSHIBA\AppData\Local\WebpageIcons.db
2016-11-20 18:34 - 2015-11-21 21:58 - 01630362 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-11-16 11:58 - 2016-10-06 14:44 - 00000000 ____D C:\Users\TOSHIBA\Desktop\IOU ON GNS3
2016-11-16 11:14 - 2015-09-09 15:49 - 00000000 ____D C:\Program Files (x86)\WinPcap
2016-11-16 08:50 - 2015-04-06 19:05 - 00000000 ____D C:\Users\TOSHIBA\VirtualBox VMs
2016-11-16 08:47 - 2016-07-16 13:45 - 00000000 ____D C:\WINDOWS\INF
2016-11-12 22:40 - 2015-01-24 13:36 - 00000000 ____D C:\ProgramData\Corel
2016-11-11 01:41 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2016-11-10 14:16 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\rescache
2016-11-09 15:09 - 2016-05-20 10:43 - 00000000 ____D C:\Users\TOSHIBA\Desktop\FreePik
2016-11-09 14:05 - 2013-01-11 01:09 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-11-09 13:58 - 2016-10-12 12:58 - 05466232 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-11-09 13:55 - 2016-07-16 13:47 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2016-11-09 13:55 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2016-11-09 13:55 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\system32\oobe
2016-11-09 13:55 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\system32\migwiz
2016-11-09 13:55 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\ShellExperiences
2016-11-09 13:55 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\bcastdvr
2016-11-09 13:52 - 2016-07-16 13:36 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-11-09 13:44 - 2013-10-14 09:46 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-11-09 13:37 - 2013-10-14 09:46 - 141011376 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe

==================== Files in the root of some directories =======

2015-03-10 12:33 - 2015-03-16 17:00 - 0000132 _____ () C:\Users\TOSHIBA\AppData\Roaming\Adobe PNG Format CS6 Prefs
2013-10-31 12:50 - 2014-03-16 15:11 - 0001456 _____ () C:\Users\TOSHIBA\AppData\Local\Adobe Save for Web 12.0 Prefs ME
2013-10-27 01:19 - 2015-04-07 22:55 - 0001456 _____ () C:\Users\TOSHIBA\AppData\Local\Adobe Save for Web 13.0 Prefs
2015-09-23 13:43 - 2015-09-23 16:37 - 0000600 _____ () C:\Users\TOSHIBA\AppData\Local\PUTTY.RND
2013-10-14 05:51 - 2016-10-27 06:50 - 0007605 _____ () C:\Users\TOSHIBA\AppData\Local\resmon.resmoncfg
2016-10-16 13:37 - 2016-11-25 08:01 - 0021504 _____ () C:\Users\TOSHIBA\AppData\Local\WebpageIcons.db
2013-11-04 00:57 - 2016-08-26 14:43 - 0000041 ___SH () C:\ProgramData\.zreglib

Some files in TEMP:
====================
C:\Users\TOSHIBA\AppData\Local\Temp\DriverBoosterSetup.exe
C:\Users\TOSHIBA\AppData\Local\Temp\trotux.exe
C:\Users\TOSHIBA\AppData\Local\Temp\Wireshark-win64-1.12.1.exe


==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2016-12-04 14:41

==================== End of FRST.txt ============================

FRST.txt

Addition.txt

Link to post
Share on other sites

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 07-12-2016
Ran by TOSHIBA (09-12-2016 10:58:42)
Running from C:\Users\TOSHIBA\Desktop
Windows 10 Home Single Language Version 1607 (X64) (2016-10-12 12:07:34)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2841341764-4259199002-3796252902-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2841341764-4259199002-3796252902-503 - Limited - Disabled)
Guest (S-1-5-21-2841341764-4259199002-3796252902-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2841341764-4259199002-3796252902-1003 - Limited - Enabled)
TOSHIBA (S-1-5-21-2841341764-4259199002-3796252902-1001 - Administrator - Enabled) => C:\Users\TOSHIBA

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Kaspersky Internet Security (Enabled - Up to date) {86367591-4BE4-AE08-2FD9-7FCB8259CD98}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Kaspersky Internet Security (Enabled - Up to date) {3D579475-6DDE-A186-1569-44B9F9DE8725}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security (Enabled) {BE0DF4B4-018B-AF50-0486-D6FE7C8A8AE3}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-2841341764-4259199002-3796252902-1001\...\uTorrent) (Version: 3.4.7.42330 - BitTorrent Inc.)
µTorrent (HKU\S-1-5-21-2841341764-4259199002-3796252902-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\uTorrent) (Version: 3.4.7.42330 - BitTorrent Inc.)
12.0.0.0 (HKLM-x32\...\{FECB3E96-76A8-45A9-B73C-D7304DE02190}_is1) (Version:  - Adobe Photoshop CS5 ME by Magic-M)
Action! (HKLM-x32\...\Mirillis Action!) (Version: 1.30.3 - Mirillis)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.5.1.17730 - Adobe Systems Inc.)
Adobe Flash Player 23 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 23.0.0.185 - Adobe Systems Incorporated)
Adobe Photoshop CC 2015 (HKLM-x32\...\{793C2BF7-A4FE-4608-91C9-9282C5801C21}) (Version: 16.0 - Adobe Systems Incorporated)
Adobe Photoshop Lightroom 5.3 64-bit (HKLM\...\{2DD71ACB-552D-402C-9529-7906ACB95C30}) (Version: 5.3.1 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.07) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
AMD Catalyst Control Center (HKLM-x32\...\WUCCCApp) (Version: 1.00.0000 - AMD)
AMD Catalyst Install Manager (HKLM\...\{F2A7CE36-57BF-5C86-952D-90DBF3746D82}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
Apple Application Support (32-bit) (HKLM-x32\...\{649A1FD9-5892-46AD-8DF0-C4A43FF61CB7}) (Version: 4.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{0DE0A178-AC7B-4650-806C-CF226DE03766}) (Version: 4.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{3540181E-340A-4E7A-B409-31663472B2F7}) (Version: 9.1.0.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
Atheros Bluetooth Filter Driver Package (HKLM\...\{026B819B-4D60-4C8B-892D-33A0D8666F60}) (Version: 2.0.0.1 - Atheros Communications)
Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 10.0 - Atheros)
BlueStacks App Player (HKLM-x32\...\BlueStacks App Player) (Version: 0.9.30.9239 - BlueStack Systems, Inc.)
BlueStacks Notification Center (HKLM-x32\...\{3792811C-832F-4392-B44A-24092901EDDC}) (Version: 0.9.30.9239 - BlueStack Systems, Inc.)
Cambridge Advanced Learner's Dictionary - 3rd Edition (HKLM-x32\...\NSIS_cald3) (Version:  - )
CCleaner (HKLM\...\CCleaner) (Version: 5.13 - Piriform)
CGS17_Setup_x64 (Version: 17.0 - Corel Corporation) Hidden
Cisco Packet Tracer 6.1 Student (HKLM-x32\...\Cisco Packet Tracer 6.1 Student_is1) (Version:  - Cisco Systems, Inc.)
Cisco Packet Tracer 6.3 (HKLM-x32\...\Cisco Packet Tracer 6.3_is1) (Version:  - Cisco Systems, Inc.)
Cisco Packet Tracer 7.0 64Bit (HKLM\...\Cisco Packet Tracer 7.0 64Bit_is1) (Version:  - Cisco Systems, Inc.)
CloneCD (HKLM-x32\...\CloneCD) (Version:  - SlySoft)
Corel Graphics - Windows Shell Extension (HKLM\...\_{4AB916EE-ABA8-4079-9889-745798B6D809}) (Version: 17.0.0.491 - Corel Corporation)
Corel Graphics - Windows Shell Extension (Version: 17.0.491 - Corel Corporation) Hidden
Corel Graphics - Windows Shell Extension 32 Bit (Version: 17.0.491 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Capture (x64) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Common (x64) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Connect (x64) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Custom Data (x64) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Draw (x64) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - EN (x64) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Filters (x64) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - FontNav (x64) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - IPM Content (x64) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - IPM T (x64) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - PHOTO-PAINT (x64) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Photozoom Plugin (x64) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Redist (x64) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Setup Files (x64) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - VBA (x64) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - VideoBrowser (x64) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Writing Tools (x64) (Version: 17.0 -  Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 (64-Bit) (HKLM\...\_{5CB73140-806C-42C6-A05A-1AFD0E92DEB5}) (Version: 17.0.0.491 - Corel Corporation)
EaseUS Partition Master 9.2.2 (HKLM-x32\...\EaseUS Partition Master_is1) (Version:  - EaseUS)
Focus 500,000 Images (HKLM-x32\...\InstallShield_{445D8BDE-8E58-418A-BAE4-2443F0D7B2A7}) (Version: 3.20.0000 - Focus)
Focus 500,000 Images (x32 Version: 3.20.0000 - Focus) Hidden
GNS3 1.2.3 (HKLM-x32\...\GNS3) (Version: 1.2.3 - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 55.0.2883.75 - Google Inc‎.‎)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.31.5 - Google Inc.)
Google Update Helper (x32 Version: 1.3.23.0 - BonanzaDeals) Hidden <==== ATTENTION
Intel(R) C++ Redistributables for Windows* on Intel(R) 64 (HKLM-x32\...\{D2437C5C-2D8C-40D2-8059-689AD7239FA3}) (Version: 11.1.048 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.5.2.1001 - Intel Corporation)
Internet Download Manager (HKLM-x32\...\Internet Download Manager) (Version:  - Tonec Inc.)
Internet Everywhere (HKLM-x32\...\InternetEverywhere) (Version: 3.0 - Internet Everywhere)
iTunes (HKLM\...\{E690A491-702F-4DEC-9977-C015D1DBB57C}) (Version: 12.3.1.23 - Apple Inc.)
Java 7 Update 55 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.550 - Oracle)
Kaspersky Internet Security (HKLM-x32\...\InstallWIX_{77E7AE5C-181C-4CAF-ADBF-946F11C1CE26}) (Version: 16.0.0.614 - Kaspersky Lab)
Kaspersky Password Manager (HKLM-x32\...\InstallWIX_{C706D102-D77E-4D45-B631-2A43C55F0F01}) (Version: 8.0.3.287 - Kaspersky Lab)
Kaspersky Password Manager (x32 Version: 8.0.3.287 - Kaspersky Lab) Hidden
Kaspersky Total Security (x32 Version: 16.0.0.614 - Kaspersky Lab) Hidden
K-Lite Codec Pack 12.3.5 Full (HKLM-x32\...\KLiteCodecPack_is1) (Version: 12.3.5 - KLCP)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Metric Collection SDK 35 (x32 Version: 1.2.0010.00 - Lenovo Group Limited) Hidden
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50709.0 - Microsoft Corporation)
Microsoft Text-to-Speech Engine 4.0 (English) (HKLM-x32\...\MSTTS) (Version:  - )
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2012 (HKLM-x32\...\{89ca2a32-2b52-4595-8dfd-6fe4757958d0}) (Version: 11.0.51108 - Microsoft Corporation)
Mozilla Firefox 36.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 36.0.1 (x86 en-US)) (Version: 36.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 36.0.1 - Mozilla)
Oracle VM VirtualBox 5.1.6 (HKLM\...\{EEDDD7E2-A7A2-4FA9-8C32-ADB29A5096FF}) (Version: 5.1.6 - Oracle Corporation)
Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Pacote de Idiomas do Microsoft Visual Studio Tools for Applications 2012 x64 Hosting Support - PTB (Version: 11.0.51108 - Microsoft Corporation) Hidden
Pacote de Idiomas do Microsoft Visual Studio Tools for Applications 2012 x86 Hosting Support - PTB (x32 Version: 11.0.51108 - Microsoft Corporation) Hidden
PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
Premium Sound HD (HKLM\...\{94F03B8E-CB73-4653-AFE9-79112C01FED2}) (Version: 1.12.4600 - SRS Labs, Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.3.730.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6794 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.8400.30136 - Realtek Semiconductor Corp.)
Revo Uninstaller Pro 3.1.2 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.1.2 - VS Revo Group, Ltd.)
Rosetta Stone Ltd Services (HKLM-x32\...\{7BB2EF8A-5376-4BAE-96D0-38BE49501F40}) (Version: 3.2.17 - Rosetta Stone Ltd.)
Rosetta Stone TOTALe (x32 Version: 4.1.1 - Rosetta Stone, Ltd) Hidden
Rosetta Stone TOTALe (x32 Version: 4.1.15.1 - Rosetta Stone, Ltd) Hidden
Samsung Kies3 (HKLM-x32\...\InstallShield_{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.15072.2 - Samsung Electronics Co., Ltd.)
Samsung Kies3 (x32 Version: 3.2.15072.2 - Samsung Electronics Co., Ltd.) Hidden
Samsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.55.0 - Samsung Electronics Co., Ltd.)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version:  - Microsoft)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (Version:  - Microsoft) Hidden
SES Driver (HKLM\...\{D8CC254C-C671-4664-9A38-FA368D1E2C97}) (Version: 1.0.0 - Western Digital)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
SHAREit (HKLM-x32\...\SHAREit_is1) (Version: 2.5.1.5 - Lenovo Group Limited)
Skype Click to Call (HKLM-x32\...\{873F8E7C-10E6-449F-BD7E-5FBA7C8E1C9B}) (Version: 8.5.0.9167 - Microsoft Corporation)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Smart Switch (HKLM-x32\...\InstallShield_{74FA5314-85C8-4E2A-907D-D9ECCCB770A7}) (Version: 4.0.15104.7 - Samsung Electronics Co., Ltd.)
Smart Switch (x32 Version: 4.0.15104.7 - Samsung Electronics Co., Ltd.) Hidden
Snagit 11 (HKLM-x32\...\{44BD21C2-9132-48DB-B65B-23817E4C6F4B}) (Version: 11.2.0 - TechSmith Corporation)
SolarWinds Response Time Viewer (HKLM-x32\...\{5B415E10-D1C1-4E54-9061-AE0FB3D7F2B2}) (Version: 1.0.0.167 - SolarWinds)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.16.3 - Synaptics Incorporated)
Topaz  InFocus (HKLM-x32\...\Topaz  InFocus) (Version: 1.0.0 - Topaz Labs)
Topaz  InFocus (x32 Version: 1.0.0 - Topaz Labs) Hidden
Topaz Adjust 4 (HKLM-x32\...\Topaz Adjust 4) (Version: 4.1.0 - Topaz Labs)
Topaz Adjust 4 (x32 Version: 4.1.0 - Topaz Labs) Hidden
Topaz Clean 2 (HKLM-x32\...\{3D4B5330-CEA9-4D58-8355-74729AE527CD}) (Version: 2.1.0 - Topaz Labs)
Topaz Clean 3 (HKLM-x32\...\Topaz Clean 3) (Version: 3.0.2 - Topaz Labs)
Topaz Clean 3 (x32 Version: 3.0.2 - Topaz Labs) Hidden
Topaz DeJpeg 4 (HKLM-x32\...\Topaz DeJpeg 4) (Version: 4.0.2 - Topaz Labs)
Topaz DeJpeg 4 (x32 Version: 4.0.2 - Topaz Labs) Hidden
Topaz DeNoise 5 (HKLM-x32\...\Topaz DeNoise 5) (Version: 5.0.1 - Topaz Labs)
Topaz DeNoise 5 (x32 Version: 5.0.1 - Topaz Labs) Hidden
Topaz Detail 2 (HKLM-x32\...\Topaz Detail 2) (Version: 2.0.5 - Topaz Labs)
Topaz Detail 2 (x32 Version: 2.0.5 - Topaz Labs) Hidden
Topaz Detail 3 (HKLM-x32\...\Topaz Detail 3) (Version: 3.2.0 - Topaz Labs, LLC)
Topaz Fusion Express 2 (HKLM-x32\...\Topaz Fusion Express 2) (Version: 2.0.1 - Topaz Labs)
Topaz Fusion Express 2 (x32 Version: 2.0.1 - Topaz Labs) Hidden
Topaz ReMask 2 (HKLM-x32\...\Topaz ReMask 2) (Version: 2.0.5 - Topaz Labs)
Topaz ReMask 2 (x32 Version: 2.0.5 - Topaz Labs) Hidden
Topaz Simplify 3 (HKLM-x32\...\Topaz Simplify 3) (Version: 3.0.2 - Topaz Labs)
Topaz Simplify 3 (x32 Version: 3.0.2 - Topaz Labs) Hidden
TOSHIBA Desktop Assist (HKLM\...\{95CCACF0-010D-45F0-82BF-858643D8BC02}) (Version: 1.00.0007.00002 - Toshiba Corporation)
TOSHIBA eco Utility (HKLM\...\{5944B9D4-3C2A-48DE-931E-26B31714A2F7}) (Version: 2.0.0.6415 - Toshiba Corporation)
TOSHIBA Function Key (HKLM\...\{16562A90-71BC-41A0-B890-D91B0C267120}) (Version: 1.00.6425 - Toshiba Corporation)
TOSHIBA Manuals (HKLM-x32\...\{90FF4432-21B7-4AF6-BA6E-FB8C1FED9173}) (Version: 10.10 - TOSHIBA)
Toshiba Password Utility (HKLM-x32\...\InstallShield_{6D35FF17-A8B3-43D3-917E-5A1F2C3FB628}) (Version: 2.00.910 - Toshiba Corporation)
TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.8.17.640104 - Toshiba Corporation)
Toshiba Places Icon Utility (HKLM\...\{C991A8C4-307C-4FDD-8AAE-A1BF44881E95}) (Version: 2.1.1 - TOSHIBA)
TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.2.0.54043005 - Toshiba Corporation)
TOSHIBA Resolution+ Plug-in for Windows Media Player (HKLM-x32\...\{6CB76C9D-80C2-4CB3-A4CD-D96B239E3F94}) (Version: 1.2.2.00 - TOSHIBA Corporation)
TOSHIBA Service Station (HKLM\...\{B8C8422F-01F1-4791-B084-047AAFF9BFCC}) (Version: 2.4.4 - TOSHIBA)
TOSHIBA System Driver (HKLM-x32\...\{1E6A96A1-2BAB-43EF-8087-30437593C66C}) (Version: 1.00.0012 - Toshiba Corporation)
TOSHIBA System Settings (HKLM-x32\...\{05A55927-DB9B-4E26-BA44-828EBFF829F0}) (Version: 1.00.0002.32002 - Toshiba Corporation)
Toshiba TEMPRO (HKLM-x32\...\{F76F5214-83A8-4030-80C9-1EF57391D72A}) (Version: 4.2.0 - Toshiba Europe GmbH)
TOSHIBA VIDEO PLAYER (HKLM\...\{FF07604E-C860-40E9-A230-E37FA41F103A}) (Version: 5.1.0.12-A - Toshiba Corporation)
Update for Skype for Business 2015 (KB3039776) 64-Bit Edition (HKLM\...\{90150000-012B-0409-1000-0000000FF1CE}_Office15.PROPLUS_{0FA8AE0C-69AE-4F60-A1AB-F79C6BA5A999}) (Version:  - Microsoft)
Update for Skype for Business 2015 (KB3118281) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{E34F92E8-F338-4749-BE58-E77D605FE648}) (Version:  - Microsoft)
Update for Skype for Business 2015 (KB3118281) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUS_{E34F92E8-F338-4749-BE58-E77D605FE648}) (Version:  - Microsoft)
Update for Skype for Business 2015 (KB3118281) 64-Bit Edition (HKLM\...\{90150000-012B-0409-1000-0000000FF1CE}_Office15.PROPLUS_{E34F92E8-F338-4749-BE58-E77D605FE648}) (Version:  - Microsoft)
VCE Exam Simulator Demo (HKLM-x32\...\VCE Exam Simulator Demo_is1) (Version:  - Avanset)
Viber (HKU\S-1-5-21-2841341764-4259199002-3796252902-1001\...\Viber) (Version: 5.2.0.2546 - Viber Media Inc)
Viber (HKU\S-1-5-21-2841341764-4259199002-3796252902-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Viber) (Version: 5.2.0.2546 - Viber Media Inc)
VirtualCloneDrive (HKLM-x32\...\VirtualCloneDrive) (Version: 5.4.7.0 - Elaborate Bytes)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.4 - VideoLAN)
VMware Workstation (HKLM\...\{07C33FB0-25C8-4723-A1E4-01868089B961}) (Version: 12.5.2 - VMware, Inc.)
WebcamMax (HKLM-x32\...\WebcamMax) (Version: 7.1.3.2.MultiLanguage - )
Windows 10 Upgrade Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.17364 - Microsoft Corporation)
Windows Driver Package - Western Digital Technologies (WDC_SAM) WDC_SAM  (01/19/2011 1.0.0009.0) (HKLM\...\4CA7CFBB29889F25ACB3DF6E3A42BAE29EB43B20) (Version: 01/19/2011 1.0.0009.0 - Western Digital Technologies)
WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.)
WinRAR 4.00 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.00.0 - win.rar GmbH)
Wireshark 2.2.1 (64-bit) (HKLM-x32\...\Wireshark) (Version: 2.2.1 - The Wireshark developer community, hxxps://www.wireshark.org)
Xilisoft Video Converter Ultimate (HKLM-x32\...\Xilisoft Video Converter Ultimate) (Version: 7.7.2.20130217 - Xilisoft)
Yahoo! Messenger (HKLM-x32\...\Yahoo! Messenger) (Version:  - Yahoo! Inc.)
Языковой пакет для поддержки размещения набора средств Microsoft Visual Studio Tools для работы с приложениями 2012 (x64) - RUS (Version: 11.0.51108 - Microsoft Corporation) Hidden
Языковой пакет для поддержки размещения набора средств Microsoft Visual Studio Tools для работы с приложениями 2012 (x86) - RUS (x32 Version: 11.0.51108 - Microsoft Corporation) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2841341764-4259199002-3796252902-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{00000001-0E3A-4123-8B32-4B68A91E104A}\InprocServer32 -> C:\Program Files\TOSHIBA\TOSHIBA Places Icon Utility\TosDIBasePlace.dll (Toshiba Corporation)
CustomCLSID: HKU\S-1-5-21-2841341764-4259199002-3796252902-1001_Classes\CLSID\{00000001-0E3A-4123-8B32-4B68A91E104A}\InprocServer32 -> C:\Program Files\TOSHIBA\TOSHIBA Places Icon Utility\TosDIBasePlace.dll (Toshiba Corporation)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {262DDD4F-3B33-4A8C-A45A-FBE68CC2A82D} - System32\Tasks\Toshiba\CommonNotifier => C:\Program Files (x86)\Toshiba TEMPRO\Toshiba.Tempro.UI.CommonNotifier.exe [2012-08-10] (Toshiba Europe GmbH)
Task: {2848877C-ADAD-494D-8E67-B85DD3D23E6D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {2E1E8925-9ABA-4D40-ABAE-E7A5DBC52954} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2841341764-4259199002-3796252902-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {3137EDDF-6AEE-418A-99DB-51D1EB66CDE6} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\WINDOWS\System32\AutoWorkplace.exe
Task: {358D2DF9-F601-4C10-AA63-F8519595A006} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {45F4087C-ADD6-4E1A-B544-83C1AD7307D6} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-10-12] (Adobe Systems Incorporated)
Task: {48484ED3-8937-42D1-8D32-E846A7C8DDA7} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2015-08-27] (Apple Inc.)
Task: {521EFD6D-C5CF-4552-A62E-815900EAD107} - System32\Tasks\klcp_update => C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe [2016-08-15] ()
Task: {54148399-229B-4991-B6B5-BF865D24EE65} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-2841341764-4259199002-3796252902-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe
Task: {64748C4D-BBD6-41C5-BA03-D9E299F45D6C} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 35 => C:\Program Files (x86)\Lenovo\Customer Feedback Program 35\Lenovo.TVT.CustomerFeedback.Agent35.exe [2015-07-06] (Lenovo)
Task: {6BFB1026-52E4-4025-ACAF-E048D63D8543} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-2841341764-4259199002-3796252902-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe
Task: {6F8E4EC5-89C9-42A8-A605-9A62FB364181} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-12-08] (Piriform Ltd)
Task: {72EB0BC5-7BEB-4DF9-A4B7-E53C589D4901} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2841341764-4259199002-3796252902-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {73E88E57-D0EF-4ECF-BD3B-86DA42A27A12} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {9252894D-DA52-474B-A9B4-DDFFE515C1C6} - System32\Tasks\{BC2B1518-FC3A-4125-B44E-8649FE13BC07} => pcalua.exe -a C:\Users\TOSHIBA\AppData\Local\Mobogenie\driver\Unzip_Files\samsung_4523a0530\samsung.exe -d C:\Users\TOSHIBA\AppData\Local\Mobogenie\driver\Unzip_Files\samsung_4523a0530
Task: {92774DA2-FF5B-4D20-AF2A-E530E7BDF0B0} - System32\Tasks\TOSHIBA\Service Station => C:\Program Files\TOSHIBA\Toshiba Service Station\ToshibaServiceStation.exe [2012-07-27] (TOSHIBA Corporation)
Task: {A294DC87-86EC-4E77-936A-85367BCB7AA4} - System32\Tasks\AdobeAAMUpdater-1.0-pc-TOSHIBA => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2015-05-26] (Adobe Systems Incorporated)
Task: {B227FE77-EBF7-4952-9500-AF6DF46B0B4E} - \WPD\SqmUpload_S-1-5-21-2841341764-4259199002-3796252902-1001 -> No File <==== ATTENTION
Task: {D1EFD7B6-EBD0-4B28-B14E-DABA2248B0BB} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-2841341764-4259199002-3796252902-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe
Task: {D260A17A-A634-4D34-9C98-E2DAFE29A124} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {D40629E6-D761-4F41-A3CF-83BE0D1ED37C} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2015-10-08] (Synaptics Incorporated)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2016-07-16 13:42 - 2016-07-16 13:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-10-12 22:45 - 2016-10-12 22:45 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2015-10-13 05:45 - 2015-10-13 05:45 - 00085800 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-10-13 05:45 - 2015-10-13 05:45 - 01328912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2014-01-12 16:50 - 2012-10-23 19:42 - 00347120 ____N () C:\Program Files (x86)\InternetEverywhere\InternetEverywhere_Service.exe
2016-11-11 23:20 - 2016-11-11 23:20 - 12472904 _____ () C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe
2016-10-12 22:45 - 2016-10-12 22:45 - 02681200 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll
2016-10-12 17:43 - 2016-10-12 17:43 - 01864384 _____ () C:\Users\TOSHIBA\AppData\Local\Microsoft\OneDrive\17.3.6517.0809_1\amd64\ClientTelemetry.dll
2016-07-12 18:40 - 2016-07-12 18:40 - 08909504 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2014-08-01 13:19 - 2011-03-02 13:40 - 00164864 _____ () C:\Program Files\WinRAR\rarext.dll
2016-10-12 22:45 - 2016-10-12 22:45 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2016-11-09 13:05 - 2016-11-02 12:30 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2016-11-09 13:04 - 2016-11-02 12:21 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-11-09 13:04 - 2016-11-02 12:15 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-11-09 13:04 - 2016-11-02 12:14 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2016-11-09 13:04 - 2016-11-02 12:15 - 01033216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2016-11-09 13:04 - 2016-11-02 12:16 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-11-09 13:04 - 2016-11-02 12:17 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2012-12-10 05:12 - 2012-12-10 05:12 - 00158536 _____ () C:\WINDOWS\System32\SRSLabs\{176F4E15-8F7C-4833-ADED-81FAE8CCD186}\slcc3d64.dll
2015-07-09 00:18 - 2015-07-09 00:18 - 00794920 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\kpcengine.2.3.dll
2016-11-11 23:20 - 2016-11-11 23:20 - 00173128 _____ () C:\Program Files (x86)\VMware\VMware Workstation\nfc-types.dll
2016-11-11 23:20 - 2016-11-11 23:20 - 00199752 _____ () C:\Program Files (x86)\VMware\VMware Workstation\LIBEXPAT.dll
2016-11-11 23:20 - 2016-11-11 23:20 - 00396872 _____ () C:\Program Files (x86)\VMware\VMware Workstation\ssoClient.dll
2012-09-06 08:32 - 2012-06-25 19:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2016-07-12 18:40 - 2016-07-12 18:40 - 08909504 _____ () C:\Program Files (x86)\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2016-12-09 06:31 - 2016-12-01 03:29 - 01834600 _____ () C:\Program Files (x86)\Google\Chrome\Application\55.0.2883.75\libglesv2.dll
2016-12-09 06:31 - 2016-12-01 03:29 - 00091240 _____ () C:\Program Files (x86)\Google\Chrome\Application\55.0.2883.75\libegl.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 15:25 - 2016-08-23 15:45 - 00000027 ____A C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1       localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
HKU\S-1-5-21-2841341764-4259199002-3796252902-1001\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\windows\img0.jpg
HKU\S-1-5-21-2841341764-4259199002-3796252902-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\windows\img0.jpg
DNS Servers: 8.8.8.8 - 8.8.4.4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

HKLM\...\StartupApproved\StartupFolder: => "Snagit 11.lnk"
HKLM\...\StartupApproved\StartupFolder: => "Launcher.lnk"
HKLM\...\StartupApproved\Run: => "SynTPEnh"
HKLM\...\StartupApproved\Run: => "TecoResident"
HKLM\...\StartupApproved\Run: => "TSleepSrv"
HKLM\...\StartupApproved\Run: => "SRS Premium Sound HD"
HKLM\...\StartupApproved\Run: => "TCrdMain"
HKLM\...\StartupApproved\Run: => "TODDMain"
HKLM\...\StartupApproved\Run: => "TosWaitSrv"
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "ToshibaDynamicIconUtility"
HKLM\...\StartupApproved\Run32: => "StartCCC"
HKLM\...\StartupApproved\Run32: => "TPUReg"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "VirtualCloneDrive"
HKLM\...\StartupApproved\Run32: => "mobilegeni daemon"
HKLM\...\StartupApproved\Run32: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run32: => "AdobeCS6ServiceManager"
HKLM\...\StartupApproved\Run32: => "TkBellExe"
HKLM\...\StartupApproved\Run32: => "SwitchBoard"
HKLM\...\StartupApproved\Run32: => "BlueStacks Agent"
HKLM\...\StartupApproved\Run32: => "Wondershare Helper Compact.exe"
HKU\S-1-5-21-2841341764-4259199002-3796252902-1001\...\StartupApproved\Run: => "WebcamMaxAutoRun"
HKU\S-1-5-21-2841341764-4259199002-3796252902-1001\...\StartupApproved\Run: => "Viber"
HKU\S-1-5-21-2841341764-4259199002-3796252902-1001\...\StartupApproved\Run: => "uTorrent"
HKU\S-1-5-21-2841341764-4259199002-3796252902-1001\...\StartupApproved\Run: => "Nimbuzz"
HKU\S-1-5-21-2841341764-4259199002-3796252902-1001\...\StartupApproved\Run: => "Skype"
HKU\S-1-5-21-2841341764-4259199002-3796252902-1001\...\StartupApproved\Run: => "CCleaner Monitoring"
HKU\S-1-5-21-2841341764-4259199002-3796252902-1001\...\StartupApproved\Run: => "BitTorrent"
HKU\S-1-5-21-2841341764-4259199002-3796252902-1001\...\StartupApproved\Run: => "kpm.exe"
HKU\S-1-5-21-2841341764-4259199002-3796252902-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-2841341764-4259199002-3796252902-1001\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_D57DC8CD91C640D5C9F3BEBC9460BA9B"
HKU\S-1-5-21-2841341764-4259199002-3796252902-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\Run: => "WebcamMaxAutoRun"
HKU\S-1-5-21-2841341764-4259199002-3796252902-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\Run: => "Viber"
HKU\S-1-5-21-2841341764-4259199002-3796252902-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\Run: => "uTorrent"
HKU\S-1-5-21-2841341764-4259199002-3796252902-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\Run: => "Nimbuzz"
HKU\S-1-5-21-2841341764-4259199002-3796252902-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\Run: => "Skype"
HKU\S-1-5-21-2841341764-4259199002-3796252902-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\Run: => "CCleaner Monitoring"
HKU\S-1-5-21-2841341764-4259199002-3796252902-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\Run: => "BitTorrent"
HKU\S-1-5-21-2841341764-4259199002-3796252902-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\Run: => "kpm.exe"
HKU\S-1-5-21-2841341764-4259199002-3796252902-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-2841341764-4259199002-3796252902-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_D57DC8CD91C640D5C9F3BEBC9460BA9B"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => LPort=139
FirewallRules: [{0E87B5EB-2A2A-4C05-9C5A-5B9E1DF68622}] => C:\Users\TOSHIBA\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{DFC28760-C39A-447E-A7EE-A6D63991DCDF}] => C:\Users\TOSHIBA\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{948E757C-C96C-491F-80E6-E68231718422}] => C:\Program Files (x86)\Lenovo\SHAREit\SHAREit.exe
FirewallRules: [{D0B93A2B-5085-4BB3-90EA-74F4665BDFF6}] => C:\Program Files (x86)\Lenovo\SHAREit\SHAREit.exe
FirewallRules: [{C03300D5-4235-4C06-89D9-C78A050470F0}] => C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{0803CE69-1016-49E3-AB81-6B2BD699FF83}] => C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{122633C5-27D3-419E-BF60-B595E983BBC6}] => C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{DB654CDA-D3B6-4B98-95FE-C89B88F1CEC4}] => C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{2D5BC514-1CC6-461A-B94D-D9932E7DCA50}] => C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{AACE2BC8-222B-4554-AB85-7C7B81D68E67}] => C:\Users\TOSHIBA\AppData\Local\Viber\Viber.exe
FirewallRules: [{1AE975D8-6EFC-46C6-8D00-3DAEE4642ED8}] => C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneDaemon.exe
FirewallRules: [{D1C763D8-31DD-4EB6-955F-99393D959476}] => C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneDaemon.exe
FirewallRules: [{C460F504-73E4-4777-94C8-4268565A0077}] => C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneLtdServices.exe
FirewallRules: [{39794737-3397-4BFE-8ADC-9B608B2E5B35}] => C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneLtdServices.exe
FirewallRules: [{892E2608-6CEB-40F9-A9C3-3F232061EC8D}] => C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{87D682AC-34B7-42D0-8629-A37ECC7D2358}] => C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [{D705C41C-8400-447F-8657-51EF8F46BA6E}] => C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [{D2F6CB77-AAFD-4DFF-887C-7DF1527870E8}] => C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{0CEC3444-62A6-47D4-8427-A0F21D9CDCD5}] => C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{A562A5C1-4B40-477B-9089-67077DE1F897}] => C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{EB57D217-DCFE-4351-8DCF-BBD24997DEAE}] => C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{30A5B12C-74EA-43A0-BB34-4EB6EE0302C9}] => C:\WINDOWS\SysWOW64\router.exe
FirewallRules: [{87293806-8A19-4D26-801A-A8C9745755E2}] => C:\Program Files (x86)\Virtual WiFi Router\VirtualWiFiRouterLibrary.dll
FirewallRules: [{E3164CC0-00A4-4762-8C40-5C0CB4B1A8BD}] => C:\Program Files (x86)\Virtual WiFi Router\VirtualWiFiRouterLibrary.dll
FirewallRules: [{CCD1C424-B91F-415F-976A-CD3C1EA17DA9}] => C:\Program Files (x86)\Virtual WiFi Router\VirtualWiFiRouterLibrary.dll
FirewallRules: [{014CF151-48BA-408B-A9C5-6809BB3D88AE}] => C:\Program Files (x86)\Virtual WiFi Router\VirtualWiFiRouterLibrary.dll
FirewallRules: [{C991DB89-3AF8-4C65-B111-0D48A3D587C3}] => c:\Program Files\Corel\CorelDRAW Graphics Suite X7\Programs64\CorelDrw.exe
FirewallRules: [{FA898563-3C7A-4960-8D0F-212436820E9B}] => c:\Program Files\Corel\CorelDRAW Graphics Suite X7\Programs64\CorelPP.exe
FirewallRules: [{B86B557F-9BFD-4AC3-8C5D-6F9C4BA4E398}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{7FDEF2EB-E8A7-42D9-9083-432A7711D16A}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{F383A647-0F41-4FA4-BBE9-E94B1ADBB263}] => C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
FirewallRules: [{A471E2F5-E932-442C-8C9D-C56F0565024C}] => C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
FirewallRules: [{D40B1022-E0CD-42DC-8CE4-AF717EEA1068}] => C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe
FirewallRules: [{230F049E-FD92-4E77-9693-C0238C540A1E}] => C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe
FirewallRules: [TCP Query User{3F30943A-C155-4054-B944-209656C4F6D5}C:\program files (x86)\cisco packet tracer 6.1sv\bin\packettracer6.exe] => C:\program files (x86)\cisco packet tracer 6.1sv\bin\packettracer6.exe
FirewallRules: [UDP Query User{968258E3-3E40-432B-9D93-6B46A135AB12}C:\program files (x86)\cisco packet tracer 6.1sv\bin\packettracer6.exe] => C:\program files (x86)\cisco packet tracer 6.1sv\bin\packettracer6.exe
FirewallRules: [{57284858-ABE2-4FD0-B022-51A785823B4E}] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

24-11-2016 15:04:19 Scheduled Checkpoint
04-12-2016 07:13:21 Scheduled Checkpoint
08-12-2016 12:03:04 Removed Reflector 2

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (12/09/2016 10:19:05 AM) (Source: vmauthd) (EventID: 1000) (User: )
Description: Cannot find perfmon object in array returned by perfDLL, index=0

Error: (12/09/2016 10:12:41 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbamservice.exe, version: 3.1.0.388, time stamp: 0x58320f73
Faulting module name: RPCRT4.dll, version: 10.0.14393.82, time stamp: 0x57a558cf
Exception code: 0xc0000005
Fault offset: 0x0000000000005689
Faulting process id: 0xff4
Faulting application start time: 0x01d251f3fb995d4c
Faulting application path: C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
Faulting module path: C:\WINDOWS\System32\RPCRT4.dll
Report Id: a76b1e86-06be-4275-9a15-e4e7428346eb
Faulting package full name: 
Faulting package-relative application ID:

Error: (12/09/2016 10:12:41 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbamtray.exe, version: 3.0.0.849, time stamp: 0x583dca59
Faulting module name: mbamtray.exe, version: 3.0.0.849, time stamp: 0x583dca59
Exception code: 0xc0000005
Fault offset: 0x00055315
Faulting process id: 0x1e3c
Faulting application start time: 0x01d251f3fc1a6b1a
Faulting application path: C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
Faulting module path: C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
Report Id: 03c20dc0-6d73-4310-a768-a5ea7c827024
Faulting package full name: 
Faulting package-relative application ID:

Error: (12/09/2016 10:12:23 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine QueryFullProcessImageNameW.  hr = 0x8007001f, A device attached to the system is not functioning.
.


Operation:
   Executing Asynchronous Operation

Context:
   Current State: DoSnapshotSet

Error: (12/09/2016 10:11:54 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.

Error: (12/09/2016 10:11:27 AM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {9bf7cea5-7a00-44a2-b001-c02d00d2e522}

Error: (12/09/2016 08:08:23 AM) (Source: vmauthd) (EventID: 1000) (User: )
Description: Cannot find perfmon object in array returned by perfDLL, index=0

Error: (12/09/2016 06:06:42 AM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0

Error: (12/09/2016 06:02:56 AM) (Source: vmauthd) (EventID: 1000) (User: )
Description: Cannot find perfmon object in array returned by perfDLL, index=0

Error: (12/09/2016 06:02:50 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "BITS" in DLL "C:\Windows\System32\bitsperf.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.


System errors:
=============
Error: (12/09/2016 10:20:22 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
 and APPID 
{F72671A9-012C-4725-9D2F-2A4D32D65169}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (12/09/2016 10:18:44 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The MBAMService service depends on the MBAMProtector service which failed to start because of the following error: 
MBAMService is not a valid Win32 application.

Error: (12/09/2016 10:18:44 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The MBAMProtector service failed to start due to the following error: 
MBAMProtector is not a valid Win32 application.

Error: (12/09/2016 10:17:32 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The VMware Workstation Server service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (12/09/2016 08:11:00 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
 and APPID 
{F72671A9-012C-4725-9D2F-2A4D32D65169}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (12/09/2016 08:06:57 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The VMware Workstation Server service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (12/09/2016 06:05:15 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
 and APPID 
{F72671A9-012C-4725-9D2F-2A4D32D65169}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (12/09/2016 06:01:58 AM) (Source: Microsoft-Windows-HAL) (EventID: 13) (User: NT AUTHORITY)
Description: The system watchdog timer was triggered.

Error: (12/09/2016 06:02:29 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 3:40:02 PM on ‎12/‎8/‎2016 was unexpected.

Error: (12/08/2016 04:40:45 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
 and APPID 
{F72671A9-012C-4725-9D2F-2A4D32D65169}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i5-3210M CPU @ 2.50GHz
Percentage of memory in use: 49%
Total physical RAM: 6097.7 MB
Available physical RAM: 3107.84 MB
Total Virtual: 7121.7 MB
Available Virtual: 3662.42 MB

==================== Drives ================================

Drive c: (TI30964900A) (Fixed) (Total:194.88 GB) (Free:29.63 GB) NTFS
Drive e: (D) (Fixed) (Total:392.02 GB) (Free:38.91 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 596.2 GB) (Disk ID: 08C8418F)

Partition: GPT.

==================== End of Addition.txt ============================

Link to post
Share on other sites

Please download Zemana AntiMalware and save it to your  Desktop.

  • Install the program and once the installation is complete it will start automatically.
  • Without changing any options, press Scanto begin.
  • After the short scan is finished, if threats are detected press Next to remove them.


Note: If restart is required to finish the cleaning process, you should click Reboot. If reboot isn't required, please restart your computer manually.

  • Open Zemana AntiMalware again.
  • Click on 4zu6vb.jpg icon and double click the latest report.
  • Now click File > Save As and choose your Desktop before pressing Save.
  • The only left thing is to attach saved report in your next message.

Link to post
Share on other sites

Zemana AntiMalware 2.70.2.25 (Installed)

-------------------------------------------------------
Scan Result            : Completed
Scan Date              : 2016/12/9
Operating System       : Windows 10 64-bit
Processor              : 4X Intel(R) Core(TM) i5-3210M CPU @ 2.50GHz
BIOS Mode              : UEFI
CUID                   : 12EC5AC96CD19DDFDD7744
Scan Type              : System Scan
Duration               : 29m 58s
Scanned Objects        : 203789
Detected Objects       : 10
Excluded Objects       : 0
Read Level             : Normal
Auto Upload            : Enabled
Detect All Extensions  : Disabled
Scan Documents         : Disabled
Domain Info            : WORKGROUP,0,2

Detected Objects
-------------------------------------------------------

Proxy Settings (System)
Status             : Scanned
Object             : HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ProxySettingsPerUser
MD5                : -
Publisher          : -
Size               : -
Version            : -
Detection          : Suspicious Setting
Cleaning Action    : Delete
Related Objects    :
                Registry Entry - HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ProxySettingsPerUser = disabled

Internet Settings (System)
Status             : Scanned
Object             : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\SavedLegacySettings
MD5                : -
Publisher          : -
Size               : -
Version            : -
Detection          : Suspicious Setting
Cleaning Action    : Delete
Related Objects    :
                Registry Entry - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\SavedLegacySettings = 46000000120200000300000028000000687474703D3132372E302E302E313A383038303B68747470733D3132372E302E302E313A383038300B0000003C2D6C6F6F706261636B3E000000000000000000000000000000000000000000000000000000000000000000000000

Internet Settings (System)
Status             : Scanned
Object             : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\DefaultConnectionSettings
MD5                : -
Publisher          : -
Size               : -
Version            : -
Detection          : Suspicious Setting
Cleaning Action    : Delete
Related Objects    :
                Registry Entry - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\DefaultConnectionSettings = 46000000850000000300000028000000687474703D3132372E302E302E313A383038303B68747470733D3132372E302E302E313A383038300B0000003C2D6C6F6F706261636B3E000000000000000000000000000000000000000000000000000000000000000000000000

Proxy Enabled (System)
Status             : Scanned
Object             : HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyEnable
MD5                : -
Publisher          : -
Size               : -
Version            : -
Detection          : Suspicious Setting
Cleaning Action    : Repair
Related Objects    :
                Registry Entry - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyEnable = enabled

Proxy Server (System)
Status             : Scanned
Object             : HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer
MD5                : -
Publisher          : -
Size               : -
Version            : -
Detection          : Suspicious Setting
Cleaning Action    : Delete
Related Objects    :
                Registry Entry - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer = http=127.0.0.1:8080;https=127.0.0.1:8080

trash
Status             : Scanned
Object             : %appdata%\mozilla\firefox\profiles\xwrr4w3r.default\extensions\trash
MD5                : -
Publisher          : -
Size               : -
Version            : -
Detection          : PUA.FirefoxExt!Gr
Cleaning Action    : Repair
Related Objects    :
                Browser Extension - trash

Hosts File
Status             : Scanned
Object             : %systemroot%\system32\drivers\etc\hosts
MD5                : 6A4029CFF35FD4BA34C001C1ED5D9945
Publisher          : -
Size               : 27
Version            : -
Detection          : Hosts Hijack
Cleaning Action    : Repair
Related Objects    :
                Hosts file - 127.0.0.1 - ca
                File - %systemroot%\system32\drivers\etc\hosts

keygen.exe
Status             : Scanned
Object             : %userprofile%\desktop\keygen-amped\amped\keygen.exe
MD5                : 358544C0473D293789F378F5E8982F23
Publisher          : -
Size               : 48128
Version            : -
Detection          : Malware:Win32/Thracia.A!Eair
Cleaning Action    : Quarantine
Related Objects    :
                File - %userprofile%\desktop\keygen-amped\amped\keygen.exe

Mobogenie.exe
Status             : Scanned
Object             : %userprofile%\downloads\programs\mobogenie.exe
MD5                : 7624E9648862909BDEE1246B9B599CF9
Publisher          : Beijing AmazGame Age Internet Technology Co., Ltd.
Size               : 788032
Version            : 0.0.0.0
Detection          : Adware:Win32/AutoBulk.4631da!Ep
Cleaning Action    : Quarantine
Related Objects    :
                File - %userprofile%\downloads\programs\mobogenie.exe

Mirillis Action! 1.30.x Activator - [Fullstuff.net].exe
Status             : Scanned
Object             : %userprofile%\downloads\mirillis action v1.30.3 setup + activator\crack\mirillis action! 1.30.x activator - [fullstuff.net].exe
MD5                : 5CCDD43175B19B8BAF97D338F6C7C027
Publisher          : -
Size               : 50176
Version            : 1.0.0.0
Detection          : Adware:Win32/Cardunia.A!Eece
Cleaning Action    : Quarantine
Related Objects    :
                File - %userprofile%\downloads\mirillis action v1.30.3 setup + activator\crack\mirillis action! 1.30.x activator - [fullstuff.net].exe


Cleaning Result
-------------------------------------------------------
Cleaned               : 10
Reported as safe      : 0
Failed                : 0
 

2016.12.09-11.14.13-i0-t92-d10.txt

Link to post
Share on other sites

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 07-12-2016
Ran by TOSHIBA (administrator) on PC (10-12-2016 11:08:54)
Running from C:\Users\TOSHIBA\Desktop
Loaded Profiles: TOSHIBA (Available Profiles: TOSHIBA)
Platform: Windows 10 Home Single Language Version 1607 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE64.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\avp.exe
() C:\Program Files (x86)\InternetEverywhere\InternetEverywhere_Service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Rosetta Stone Ltd.) C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneDaemon.exe
(Microsoft©) C:\Windows\SysWOW64\router.exe
(arvato digital services llc) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Teco\TecoService.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
(DEVGURU Co., LTD.) C:\Program Files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe
(Zemana Ltd.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
() C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\avpui.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.31.5\GoogleCrashHandler.exe
(Zemana Ltd.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
(Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IDMan.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office15\ONENOTEM.EXE
(Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.31.5\GoogleCrashHandler64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
(Toshiba Europe GmbH) C:\Program Files (x86)\Toshiba TEMPRO\Toshiba.Tempro.UI.CommonNotifier.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.350_none_43278ee965418581\TiWorker.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\SrTasks.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13261456 2012-12-10] (Realtek Semiconductor)
HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe [2608040 2012-08-14] (TOSHIBA Corporation)
HKLM\...\Run: [TSleepSrv] => C:\Program Files (x86)\TOSHIBA\System Setting\TSleepSrv.exe [1548952 2012-08-05] (TOSHIBA Corporation)
HKLM\...\Run: [TODDMain] => C:\Program Files (x86)\TOSHIBA\System Setting\TODDMain.exe [213136 2012-08-05] ()
HKLM\...\Run: [TecoResident] => C:\Program Files\TOSHIBA\Teco\TecoResident.exe [169896 2012-08-14] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [356776 2012-07-11] (TOSHIBA Corporation)
HKLM\...\Run: [SRS Premium Sound HD] => C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe [2170784 2012-07-27] (SRS Labs, Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500936 2015-05-26] (Adobe Systems Incorporated)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-10-16] (Apple Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3954880 2015-10-08] (Synaptics Incorporated)
HKLM\...\Run: [ZAM] => C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [13915888 2016-11-22] (Zemana Ltd.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-11-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [ToshibaDynamicIconUtility] => C:\Program Files\TOSHIBA\TOSHIBA Places Icon Utility\TosDIMonitor.exe [1498624 2012-08-09] (Toshiba)
HKLM-x32\...\Run: [TPUReg] => C:\Program Files (x86)\TOSHIBA\Password Utility\TosPU.exe [6884352 2012-08-23] (Pegatron Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [VirtualCloneDrive] => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [88984 2013-03-10] (Elaborate Bytes AG)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2072928 2014-10-31] (Wondershare)
HKLM-x32\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe [896632 2015-07-22] (BlueStack Systems, Inc.)
HKLM-x32\...\Run: [vmware-tray.exe] => C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe [112200 2016-11-11] (VMware, Inc.)
HKU\S-1-5-21-2841341764-4259199002-3796252902-1001\...\Run: [WebcamMaxAutoRun] => C:\Program Files (x86)\WebcamMax\WebcamMax.exe [1561232 2009-12-30] (CoolwareMax)
HKU\S-1-5-21-2841341764-4259199002-3796252902-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [30877280 2014-12-11] (Skype Technologies S.A.)
HKU\S-1-5-21-2841341764-4259199002-3796252902-1001\...\Run: [Viber] => C:\Users\TOSHIBA\AppData\Local\Viber\Viber.exe [71876176 2016-06-24] (Viber Media S.à r.l.)
HKU\S-1-5-21-2841341764-4259199002-3796252902-1001\...\Run: [kpm.exe] => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Password Manager 8.0.3\kpm.exe [7473880 2015-07-18] (AO Kaspersky Lab)
HKU\S-1-5-21-2841341764-4259199002-3796252902-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8590760 2015-12-08] (Piriform Ltd)
HKU\S-1-5-21-2841341764-4259199002-3796252902-1001\...\Run: [uTorrent] => C:\Users\TOSHIBA\AppData\Roaming\uTorrent\uTorrent.exe [2247680 2016-05-06] (BitTorrent Inc.)
HKU\S-1-5-21-2841341764-4259199002-3796252902-1001\...\Run: [IDMan] => C:\Program Files (x86)\Internet Download Manager\IDMan.exe [3981368 2016-10-25] (Tonec Inc.)
HKU\S-1-5-21-2841341764-4259199002-3796252902-1001\...\Run: [GoogleChromeAutoLaunch_D57DC8CD91C640D5C9F3BEBC9460BA9B] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [941160 2016-12-01] (Google Inc.)
HKU\S-1-5-21-2841341764-4259199002-3796252902-1001\...\MountPoints2: {83a0f546-b3bb-11e6-8221-4c72b99fe2d4} - "G:\HTC_Sync_Manager_PC.exe" 
ShellIconOverlayIdentifiers: [   IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll [2015-08-14] (Tonec Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Launcher.lnk [2015-12-16]
ShortcutTarget: Launcher.lnk -> C:\Program Files (x86)\InternetEverywhere\InternetEverywhere_Launcher.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Snagit 11.lnk [2015-12-16]
ShortcutTarget: Snagit 11.lnk -> C:\Program Files (x86)\TechSmith\Snagit 11\Snagit32.exe (TechSmith Corporation)
Startup: C:\Users\TOSHIBA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2016-11-14]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office\Office15\ONENOTEM.EXE (Microsoft Corporation)
BootExecute: autocheck autochk * bootdelete
GroupPolicy\User: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings: [ProxySettingsPerUser] 0 <======= ATTENTION (Restriction - ProxySettings)
Tcpip\..\Interfaces\{15987b5d-8a5c-477d-9c62-5f23e4e9f6dc}: [NameServer] 162.221.181.52,162.221.181.53,8.8.8.8
Tcpip\..\Interfaces\{1ec678d0-4ee7-4187-a62e-63cfe820fe91}: [NameServer] 162.221.181.52,162.221.181.53,8.8.8.8
Tcpip\..\Interfaces\{2b8dc4eb-88ea-416a-81dd-14eb714db0a7}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{349f6f06-3afe-441b-a977-4413469dd60e}: [NameServer] 162.221.181.52,162.221.181.53,8.8.8.8
Tcpip\..\Interfaces\{349f6f06-3afe-441b-a977-4413469dd60e}: [DhcpNameServer] 62.240.32.5 62.68.42.2
Tcpip\..\Interfaces\{9b3bdb46-d425-4890-8e4b-8f3876644e06}: [NameServer] 162.221.181.52,162.221.181.53,8.8.8.8
Tcpip\..\Interfaces\{f20145d4-94ae-455b-811f-50613f5fbb3c}: [NameServer] 162.221.181.52,162.221.181.53,8.8.8.8
ManualProxies: 1http=127.0.0.1:8080;https=127.0.0.1:8080

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://toshiba13.msn.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://toshiba13.msn.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKU\S-1-5-21-2841341764-4259199002-3796252902-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.ae/
SearchScopes: HKU\S-1-5-21-2841341764-4259199002-3796252902-1001 -> {3FEA05DB-89BB-49D5-9D2D-A133B2282315} URL = 
SearchScopes: HKU\S-1-5-21-2841341764-4259199002-3796252902-1001 -> {7A80F502-89DC-43FF-8D6E-FD71AC079A4C} URL = 
BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll [2016-10-10] (Internet Download Manager, Tonec Inc.)
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2016-08-27] (Microsoft Corporation)
BHO: Kaspersky Protection plugin -> {C66D064F-82FE-4E1A-B06A-B2490BA48B18} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\x64\IEExt\ie_plugin.dll [2016-10-25] (AO Kaspersky Lab)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2016-08-16] (Microsoft Corporation)
BHO: Kaspersky Password Manager -> {F710F7E5-A520-471D-989C-F653AC328FB2} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Password Manager 8.0.3\x64\ie_engine.dll [2015-07-18] (AO Kaspersky Lab)
BHO-x32: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll [2016-10-10] (Internet Download Manager, Tonec Inc.)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2016-08-27] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-04-14] (Oracle Corporation)
BHO-x32: Kaspersky Protection plugin -> {C66D064F-82FE-4E1A-B06A-B2490BA48B18} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\IEExt\ie_plugin.dll [2016-10-25] (AO Kaspersky Lab)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2016-08-16] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-04-14] (Oracle Corporation)
BHO-x32: Kaspersky Password Manager -> {F710F7E5-A520-471D-989C-F653AC328FB2} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Password Manager 8.0.3\ie_engine.dll [2015-07-18] (AO Kaspersky Lab)
Toolbar: HKLM - Kaspersky Protection toolbar - {3507FA00-ADA2-4A02-99B9-51AD26CA9120} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\x64\IEExt\ie_plugin.dll [2016-10-25] (AO Kaspersky Lab)
Toolbar: HKLM-x32 - Kaspersky Protection toolbar - {3507FA00-ADA2-4A02-99B9-51AD26CA9120} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\IEExt\ie_plugin.dll [2016-10-25] (AO Kaspersky Lab)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2016-05-17] (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)

FireFox:
========
FF ProfilePath: C:\Users\TOSHIBA\AppData\Roaming\Mozilla\Firefox\Profiles\xwrr4w3r.default [2016-12-10]
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\xwrr4w3r.default -> Bing 
FF SelectedSearchEngine: Mozilla\Firefox\Profiles\xwrr4w3r.default -> Bing 
FF SearchEngineOrder.3: Mozilla\Firefox\Profiles\xwrr4w3r.default -> Bing 
FF Keyword.URL: Mozilla\Firefox\Profiles\xwrr4w3r.default -> hxxp://www.bing.com/search?FORM=U270DF&PC=U270&q=
FF Homepage: Mozilla\Firefox\Profiles\xwrr4w3r.default -> hxxp://www.msn.com/?pc=U270&ocid=U270DHP&osmkt=en-us
FF Extension: (Bing Search) - C:\Users\TOSHIBA\AppData\Roaming\Mozilla\Firefox\Profiles\xwrr4w3r.default\Extensions\bingsearch.full@microsoft.com.xpi [2016-08-29]
FF SearchPlugin: C:\Users\TOSHIBA\AppData\Roaming\Mozilla\Firefox\Profiles\xwrr4w3r.default\searchplugins\bing-.xml [2016-08-29]
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext => not found
FF HKLM-x32\...\Firefox\Extensions: [light_plugin_D772DC8D6FAF43A29B25C4EBAA5AD1DE@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\FFExt\light_plugin_firefox
FF Extension: (Kaspersky Protection) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\FFExt\light_plugin_firefox [2016-10-25]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK => not found
FF HKU\S-1-5-21-2841341764-4259199002-3796252902-1001\...\Firefox\Extensions: [kpm_add_on@kaspersky] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Password Manager 8.0.3\kpm_add_on@kaspersky
FF Extension: (Kaspersky Password Manager) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Password Manager 8.0.3\kpm_add_on@kaspersky [2015-10-11]
FF HKU\S-1-5-21-2841341764-4259199002-3796252902-1001\...\Firefox\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi
FF Extension: (IDM integration) - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi [2016-10-11]
FF HKU\S-1-5-21-2841341764-4259199002-3796252902-1001\...\SeaMonkey\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi
FF HKU\S-1-5-21-2841341764-4259199002-3796252902-1001\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\TOSHIBA\AppData\Roaming\IDM\idmmzcc5
FF Extension: (IDM CC) - C:\Users\TOSHIBA\AppData\Roaming\IDM\idmmzcc5 [2016-12-10] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_23_0_0_185.dll [2016-10-12] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50709.0\npctrl.dll [2016-07-11] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2015-03-09] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_23_0_0_185.dll [2016-10-12] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-10-08] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-07] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-07] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-04-14] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-04-14] (Oracle Corporation)
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll [2011-08-22] (Yahoo! Inc.)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-07-19] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50709.0\npctrl.dll [2016-07-11] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-22] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-05-08] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2015-03-09] (Adobe Systems)
FF Plugin HKU\S-1-5-21-2841341764-4259199002-3796252902-1001: kaspersky.com/KPMPlugin -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Password Manager 8.0.3\npKPMPlugin.dll [2015-07-18] (Kaspersky Lab)
FF Plugin HKU\S-1-5-21-2841341764-4259199002-3796252902-1001: kpm_add_on@kaspersky -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Password Manager 8.0.3\kpm_add_on@kaspersky [2015-10-11] ()
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2016-07-19] (Microsoft Corporation)
StartMenuInternet: FIREFOX.EXE - firefox.exe

Chrome: 
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> msn.com/?pc=__PARAM__&ocid=__PARAM__DHP&osmkt=en-us
CHR DefaultSearchURL: Default -> hxxp://www.bing.com/search?FORM=__PARAM__DF&PC=__PARAM__&q={searchTerms}
CHR DefaultSearchKeyword: Default -> bing.com
CHR Profile: C:\Users\TOSHIBA\AppData\Local\Google\Chrome\User Data\Default [2016-12-10]
CHR Extension: (Google Slides) - C:\Users\TOSHIBA\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-08-07]
CHR Extension: (Google Docs) - C:\Users\TOSHIBA\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-04-16]
CHR Extension: (Google Drive) - C:\Users\TOSHIBA\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21]
CHR Extension: (YouTube) - C:\Users\TOSHIBA\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-26]
CHR Extension: (Google Search) - C:\Users\TOSHIBA\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (Kaspersky Protection) - C:\Users\TOSHIBA\AppData\Local\Google\Chrome\User Data\Default\Extensions\eahebamiopdhefndnmappcihfajigkka [2016-10-26]
CHR Extension: (Google Sheets) - C:\Users\TOSHIBA\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-08-07]
CHR Extension: (Google Docs Offline) - C:\Users\TOSHIBA\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-17]
CHR Extension: (AdBlock) - C:\Users\TOSHIBA\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-12-10]
CHR Extension: (Betternet Unlimited Free VPN Proxy) - C:\Users\TOSHIBA\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjknjjomckknofjidppipffbpoekiipm [2016-11-12]
CHR Extension: (Kaspersky Password Manager) - C:\Users\TOSHIBA\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlpfbladobbejblkbfleiljmikcfhkem [2015-10-11]
CHR Extension: (Skype) - C:\Users\TOSHIBA\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2016-10-28]
CHR Extension: (IDM Integration Module) - C:\Users\TOSHIBA\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngpampappnmepgilojfohadhhmbhlaek [2016-12-10]
CHR Extension: (Chrome Web Store Payments) - C:\Users\TOSHIBA\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-04]
CHR Extension: (Gmail) - C:\Users\TOSHIBA\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-16]
CHR Extension: (Chrome Media Router) - C:\Users\TOSHIBA\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-12-09]
CHR Profile: C:\Users\TOSHIBA\AppData\Local\Google\Chrome\User Data\Guest Profile [2016-12-09]
CHR Profile: C:\Users\TOSHIBA\AppData\Local\Google\Chrome\User Data\User Data [2016-08-23] <==== ATTENTION
CHR Extension: (Kaspersky Protection) - C:\Users\TOSHIBA\AppData\Local\Google\Chrome\User Data\User Data\Extensions\blbkdnmdcafmfhinpmnlhhddbepgkeaa [2014-12-24]
CHR Extension: (YouTube) - C:\Users\TOSHIBA\AppData\Local\Google\Chrome\User Data\User Data\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-02-06]
CHR Extension: (Google Search) - C:\Users\TOSHIBA\AppData\Local\Google\Chrome\User Data\User Data\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-03-28]
CHR Extension: (Kaspersky URL Advisor) - C:\Users\TOSHIBA\AppData\Local\Google\Chrome\User Data\User Data\Extensions\dchlnpcodkpfdpacogkljefecpegganj [2014-12-24]
CHR Extension: (RealDownloader) - C:\Users\TOSHIBA\AppData\Local\Google\Chrome\User Data\User Data\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2014-06-27]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\TOSHIBA\AppData\Local\Google\Chrome\User Data\User Data\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-13]
CHR Extension: (IDM Integration Module) - C:\Users\TOSHIBA\AppData\Local\Google\Chrome\User Data\User Data\Extensions\ngpampappnmepgilojfohadhhmbhlaek [2015-04-16]
CHR Extension: (Google Wallet) - C:\Users\TOSHIBA\AppData\Local\Google\Chrome\User Data\User Data\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-03-09]
CHR Extension: (Gmail) - C:\Users\TOSHIBA\AppData\Local\Google\Chrome\User Data\User Data\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-28]
CHR Extension: (Anti-Banner) - C:\Users\TOSHIBA\AppData\Local\Google\Chrome\User Data\User Data\Extensions\pjldcfjmnllhmgjclecdnfampinooman [2014-12-24]
CHR HKLM\...\Chrome\Extension: [eahebamiopdhefndnmappcihfajigkka] - hxxps://chrome.google.com/webstore/detail/eahebamiopdhefndnmappcihfajigkka
CHR HKLM\...\Chrome\Extension: [jeaohhlajejodfjadcponpnjgkiikocn] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2016-10-22]
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2016-10-22]
CHR HKU\S-1-5-21-2841341764-4259199002-3796252902-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-2841341764-4259199002-3796252902-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [hegneaniplmfjcmohoclabblbahcbjoe] - hxxp://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-2841341764-4259199002-3796252902-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [hlpfbladobbejblkbfleiljmikcfhkem] - hxxps://chrome.google.com/webstore/detail/hlpfbladobbejblkbfleiljmikcfhkem
CHR HKLM-x32\...\Chrome\Extension: [eahebamiopdhefndnmappcihfajigkka] - hxxps://chrome.google.com/webstore/detail/eahebamiopdhefndnmappcihfajigkka
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2016-10-22]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.)
R2 AVP16.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\avp.exe [194000 2015-10-07] (Kaspersky Lab ZAO)
S3 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [433784 2015-06-16] (BlueStack Systems, Inc.)
S3 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [413304 2015-06-16] (BlueStack Systems, Inc.)
S3 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [831096 2015-07-21] (BlueStack Systems, Inc.)
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [135496 2016-12-10] (SurfRight B.V.)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-06-27] (Intel Corporation)
R2 InternetEverywhere_Service; C:\Program Files (x86)\InternetEverywhere\InternetEverywhere_Service.exe [347120 2012-10-23] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
S3 Lenovo EasyPlus Hotspot; C:\Program Files (x86)\Common Files\LENOVO\easyplussdk\bin\EPHotspot64.exe [625632 2015-07-22] (Lenovo)
R2 PSI_SVC_2_x64; c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [337776 2013-09-13] (arvato digital services llc)
R2 router.exe; C:\WINDOWS\SysWOW64\router.exe [16384 2014-08-20] (Microsoft©) [File not signed]
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-03-01] (Riverbed Technology, Inc.)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [201872 2012-12-10] (Realtek Semiconductor)
R2 ss_conn_service; C:\Program Files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2015-05-21] (DEVGURU Co., LTD.)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [255168 2015-10-08] (Synaptics Incorporated)
S3 TemproMonitoringService; C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [114656 2012-08-10] (Toshiba Europe GmbH)
R2 VMwareHostd; C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe [12472904 2016-11-11] ()
S3 vssbrigde64; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\x64\vssbridge64.exe [144640 2015-07-09] (AO Kaspersky Lab)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)
R2 ZAMSvc; C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [13915888 2016-11-22] (Zemana Ltd.)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 AtiHDAudioService; C:\WINDOWS\system32\drivers\AtihdWT6.sys [102912 2015-05-28] (Advanced Micro Devices)
R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [145528 2015-06-16] (BlueStack Systems)
R0 cm_km; C:\WINDOWS\System32\DRIVERS\cm_km.sys [389816 2015-07-06] (Kaspersky Lab ZAO)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131712 2016-09-05] (Samsung Electronics Co., Ltd.)
R3 ElbyCDFL; C:\WINDOWS\System32\Drivers\ElbyCDFL.sys [40648 2007-02-16] (SlySoft, Inc.)
R3 ElbyCDFL; C:\Windows\SysWOW64\Drivers\ElbyCDFL.sys [40648 2007-02-16] (SlySoft, Inc.)
S3 epmntdrv; C:\windows\system32\epmntdrv.sys [17480 2013-03-07] () [File not signed]
S3 epmntdrv; C:\windows\SysWOW64\epmntdrv.sys [13896 2013-03-07] () [File not signed]
S3 EuGdiDrv; C:\windows\system32\EuGdiDrv.sys [9800 2013-03-07] () [File not signed]
S3 EuGdiDrv; C:\windows\SysWOW64\EuGdiDrv.sys [9160 2013-03-07] () [File not signed]
S3 ew_hwusbdev; C:\Windows\SysWOW64\DRIVERS\ew_hwusbdev.sys [117248 2014-01-12] (Huawei Technologies Co., Ltd.)
S3 ew_usbenumfilter; C:\Windows\SysWOW64\drivers\ew_usbenumfilter.sys [13952 2014-01-12] (Huawei Technologies Co., Ltd.)
S3 huawei_cdcacm; C:\Windows\SysWOW64\DRIVERS\ew_jucdcacm.sys [98304 2014-01-12] (Huawei Technologies Co., Ltd.)
S3 huawei_cdcecm; C:\Windows\SysWOW64\DRIVERS\ew_jucdcecm.sys [72192 2014-01-12] (Huawei Technologies Co., Ltd.)
S3 huawei_enumerator; C:\Windows\SysWOW64\drivers\ew_jubusenum.sys [87040 2014-01-12] (Huawei Technologies Co., Ltd.)
S3 huawei_ext_ctrl; C:\Windows\SysWOW64\drivers\ew_juextctrl.sys [28672 2014-01-12] (Huawei Technologies Co., Ltd.)
R0 kl1; C:\WINDOWS\System32\DRIVERS\kl1.sys [478392 2015-06-22] (Kaspersky Lab ZAO)
R0 klbackupdisk; C:\WINDOWS\System32\DRIVERS\klbackupdisk.sys [53432 2015-06-06] (Kaspersky Lab ZAO)
R1 klbackupflt; C:\WINDOWS\System32\DRIVERS\klbackupflt.sys [70512 2015-06-27] (Kaspersky Lab ZAO)
R2 kldisk; C:\WINDOWS\system32\DRIVERS\kldisk.sys [77728 2016-03-02] (AO Kaspersky Lab)
S0 klelam; C:\WINDOWS\System32\DRIVERS\klelam.sys [30328 2015-06-24] (Kaspersky Lab)
R3 klflt; C:\WINDOWS\system32\DRIVERS\klflt.sys [181640 2015-10-20] (AO Kaspersky Lab)
R1 klhk; C:\WINDOWS\system32\DRIVERS\klhk.sys [238000 2016-05-26] (AO Kaspersky Lab)
R1 KLIF; C:\WINDOWS\System32\DRIVERS\klif.sys [933808 2016-05-26] (AO Kaspersky Lab)
R1 KLIM6; C:\WINDOWS\system32\DRIVERS\klim6.sys [49240 2016-10-12] (AO Kaspersky Lab)
R3 klkbdflt; C:\WINDOWS\system32\DRIVERS\klkbdflt.sys [41656 2015-06-06] (Kaspersky Lab ZAO)
R3 klmouflt; C:\WINDOWS\system32\DRIVERS\klmouflt.sys [41656 2015-06-07] (Kaspersky Lab ZAO)
R1 klpd; C:\WINDOWS\System32\DRIVERS\klpd.sys [41352 2015-10-07] (AO Kaspersky Lab)
R1 klwfp; C:\WINDOWS\system32\DRIVERS\klwfp.sys [87984 2016-05-26] (AO Kaspersky Lab)
R1 Klwtp; C:\WINDOWS\system32\DRIVERS\klwtp.sys [102584 2015-06-16] (Kaspersky Lab ZAO)
R1 kneps; C:\WINDOWS\system32\DRIVERS\kneps.sys [187056 2015-06-23] (Kaspersky Lab ZAO)
S3 Neo_VPN; C:\WINDOWS\system32\DRIVERS\Neo_VPN.sys [28640 2015-02-26] (SoftEther VPN Project at University of Tsukuba, Japan.)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R2 NPF; C:\WINDOWS\System32\drivers\npf.sys [36600 2013-03-01] (Riverbed Technology, Inc.)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [589824 2016-07-16] (Realtek                                            )
R1 SeLow; C:\WINDOWS\system32\DRIVERS\SeLow_x64.sys [38368 2015-02-26] (SoftEther VPN Project at University of Tsukuba, Japan.)
R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [51392 2015-10-08] (Synaptics Incorporated)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [165504 2016-09-05] (Samsung Electronics Co., Ltd.)
S3 taphss6; C:\WINDOWS\system32\DRIVERS\taphss6.sys [42184 2014-03-24] (Anchorfree Inc.)
R3 Thotkey; C:\WINDOWS\System32\drivers\Thotkey.sys [54424 2015-07-29] (Toshiba Corporation)
R1 VBoxNetAdp; C:\WINDOWS\system32\DRIVERS\VBoxNetAdp6.sys [121248 2016-09-12] (Oracle Corporation)
R1 VBoxNetLwf; C:\WINDOWS\system32\DRIVERS\VBoxNetLwf.sys [195936 2016-09-12] (Oracle Corporation)
R1 vmkbd3; C:\WINDOWS\system32\DRIVERS\vmkbd.sys [52288 2016-11-11] (VMware, Inc.)
R0 vsock; C:\WINDOWS\system32\DRIVERS\vsock.sys [91712 2016-09-30] (VMware, Inc.)
R2 vstor2-mntapi20-shared; C:\Windows\SysWow64\drivers\vstor2-mntapi20-shared.sys [34520 2015-07-09] (VMware, Inc.)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
R1 ZAM; C:\WINDOWS\System32\drivers\zam64.sys [203680 2016-12-09] (Zemana Ltd.)
R1 ZAM_Guard; C:\WINDOWS\System32\drivers\zamguard64.sys [203680 2016-12-09] (Zemana Ltd.)
U5 REALPLAYERUPDATESVC; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-12-10 11:10 - 2016-12-10 11:10 - 00012353 _____ C:\Users\TOSHIBA\Downloads\vikings-fourth-season_HI_english-1460407.zip
2016-12-10 11:08 - 2016-12-10 11:11 - 00035917 _____ C:\Users\TOSHIBA\Desktop\FRST.txt
2016-12-10 09:06 - 2016-12-10 09:06 - 00092372 _____ C:\WINDOWS\system32\.crusader
2016-12-10 08:29 - 2016-12-10 08:31 - 00000000 ____D C:\Program Files\HitmanPro
2016-12-10 08:29 - 2016-12-10 08:29 - 00001977 _____ C:\Users\Public\Desktop\HitmanPro.lnk
2016-12-10 08:29 - 2016-12-10 08:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2016-12-10 08:28 - 2016-12-10 09:07 - 00000000 ____D C:\ProgramData\HitmanPro
2016-12-10 08:28 - 2016-12-10 08:28 - 00000000 ____D C:\Users\TOSHIBA\Desktop\Hitman Pro 3.7.14 Build 265 + Patch [4realtorrentz]
2016-12-10 08:28 - 2016-12-10 08:26 - 14357687 ____R C:\Users\TOSHIBA\Desktop\Hitman Pro 3.7.14 Build 265 + Patch [4realtorrentz].zip
2016-12-10 08:24 - 2016-12-10 08:26 - 14357687 _____ C:\Users\TOSHIBA\Downloads\Hitman Pro 3.7.14 Build 265 + Patch [4realtorrentz].zip
2016-12-10 08:24 - 2016-12-10 08:24 - 00019181 _____ C:\Users\TOSHIBA\Downloads\[limetorrents.cc]Hitman.Pro.3.7.14.Build.265...Patch.[4REALTORRENTZ].torrent
2016-12-10 08:21 - 2016-12-10 08:21 - 00014871 _____ C:\Users\TOSHIBA\Downloads\hitman pro 3 7 14 build 265 patch zip.torrent
2016-12-09 16:06 - 2016-12-09 16:06 - 00203680 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zam64.sys
2016-12-09 16:06 - 2016-12-09 16:06 - 00001232 _____ C:\Users\Public\Desktop\Zemana AntiMalware.lnk
2016-12-09 16:06 - 2016-12-09 16:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiMalware
2016-12-09 16:06 - 2016-12-09 16:06 - 00000000 ____D C:\Program Files (x86)\Zemana AntiMalware
2016-12-09 14:47 - 2016-12-09 14:47 - 00000000 ____D C:\Users\TOSHIBA\Downloads\Zemana Antimalware Software 2.50.2.83 [OS4World]
2016-12-09 13:58 - 2016-12-09 14:03 - 00000496 _____ C:\Users\TOSHIBA\Desktop\New Text Document.txt
2016-12-09 12:01 - 2016-12-09 12:01 - 22880203 _____ C:\Users\TOSHIBA\Downloads\ANTIMALWAREBYTES 2016 -SOPORTE TECNICOCV.rar
2016-12-09 12:01 - 2016-07-14 19:01 - 00000000 ____D C:\Users\TOSHIBA\Desktop\Malwarebytes AntiMalware Premium 2.2.1.1043
2016-12-09 11:49 - 2016-12-09 11:49 - 00006187 _____ C:\Users\TOSHIBA\Desktop\2016.12.09-11.14.13-i0-t92-d10.txt
2016-12-09 11:34 - 2016-12-09 11:34 - 00026778 _____ C:\Users\TOSHIBA\Downloads\westworld-first-season_HI_english-1458347.zip
2016-12-09 11:14 - 2016-12-10 11:10 - 00080330 _____ C:\WINDOWS\ZAM.krnl.trace
2016-12-09 11:14 - 2016-12-10 11:10 - 00047175 _____ C:\WINDOWS\ZAM_Guard.krnl.trace
2016-12-09 11:14 - 2016-12-09 14:04 - 00203680 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zamguard64.sys
2016-12-09 11:13 - 2016-12-09 16:06 - 00000000 ____D C:\Users\TOSHIBA\AppData\Local\Zemana
2016-12-09 10:41 - 2016-12-09 10:56 - 02420224 _____ (Farbar) C:\Users\TOSHIBA\Desktop\FRST64.exe
2016-12-09 10:22 - 2016-12-09 16:24 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-12-09 10:22 - 2016-12-09 10:22 - 00001186 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-12-09 10:22 - 2016-03-10 14:09 - 00065408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2016-12-09 10:22 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2016-12-09 10:22 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2016-12-09 08:40 - 2016-12-10 11:11 - 00000000 ____D C:\Users\TOSHIBA\Downloads\Vikings.S04E12.HDTV.x264-KILLERS[ettv]
2016-12-09 08:04 - 2016-12-09 08:04 - 00000000 ____D C:\Users\TOSHIBA\Downloads\Vikings.S04E11.HDTV.x264-KILLERS[ettv]
2016-12-09 07:01 - 2016-12-09 07:01 - 00000000 ____D C:\Users\TOSHIBA\Downloads\Arrow.S05E08.HDTV.x264-LOL[ettv]
2016-12-09 06:39 - 2016-12-09 06:39 - 00000000 ____D C:\Users\TOSHIBA\Downloads\The.Flash.2014.S03E09.HDTV.x264-LOL[ettv]
2016-12-08 07:46 - 2016-12-08 07:47 - 00000000 ____D C:\Users\TOSHIBA\Downloads\CBT Nuggets Cisco Virtual Internet Routing Lab (VIRL)
2016-12-08 06:16 - 2016-12-08 06:16 - 00000656 _____ C:\Users\TOSHIBA\Desktop\windows update10.diagcab
2016-12-06 19:12 - 2016-12-03 17:02 - 298707890 _____ C:\Users\TOSHIBA\Desktop\ICND1_SG.pdf
2016-12-06 06:25 - 2016-12-06 06:25 - 00001831 _____ C:\Users\TOSHIBA\Downloads\8C1961DCB44C0E060A1353B82EC0BEBB717410F4.torrent
2016-12-05 17:45 - 2016-12-05 17:48 - 00000000 ____D C:\Users\TOSHIBA\Desktop\CCNA ICND1 100-105 2016
2016-12-05 08:32 - 2016-12-08 06:55 - 00000000 ____D C:\Users\TOSHIBA\Downloads\CBT Nuggets GNS3 1.x Fundamentals
2016-12-05 08:32 - 2016-12-05 08:32 - 00019100 _____ C:\Users\TOSHIBA\Downloads\[limetorrents.cc]CBT.Nuggets.GNS3.1.x.Fundamentals.torrent
2016-12-05 08:26 - 2016-12-05 08:26 - 00023263 _____ C:\Users\TOSHIBA\Downloads\[limetorrents.cc]CBT.Nuggets.Cisco.Virtual.Internet.Routing.Lab..VIRL..Full.Course.-.2014.torrent
2016-12-05 08:20 - 2016-12-07 06:58 - 00000000 ____D C:\Users\TOSHIBA\Downloads\CBT Nuggets CCNA Hands on Labs Using Wireshark And GNS3 - [FirstUploads]
2016-12-05 08:19 - 2016-12-05 08:19 - 00172127 _____ C:\Users\TOSHIBA\Downloads\[limetorrents.cc]CBT.Nuggets.CCNA.Hands.on.Labs.Using.Wireshark.And.GNS3.-.[FirstUploads].torrent
2016-12-05 06:41 - 2016-12-09 11:34 - 00000000 ____D C:\Users\TOSHIBA\Downloads\Westworld.S01E10.HDTV.x264-FLEET[PRiME]
2016-11-30 14:54 - 2016-11-30 14:54 - 00021789 _____ C:\Users\TOSHIBA\Downloads\the-flash-third-season_HI_english-1455029.zip
2016-11-30 14:52 - 2016-11-30 14:52 - 00022526 _____ C:\Users\TOSHIBA\Downloads\gotham-third-season-2016_HI_english-1454601.zip
2016-11-30 06:39 - 2016-11-30 14:54 - 00000000 ____D C:\Users\TOSHIBA\Downloads\The.Flash.2014.S03E08.HDTV.x264-LOL[ettv]
2016-11-30 06:15 - 2016-11-30 14:53 - 00000000 ____D C:\Users\TOSHIBA\Downloads\Gotham.S03E11.HDTV.x264-LOL[ettv]
2016-11-28 08:23 - 2016-11-28 23:07 - 00000000 ____D C:\Users\TOSHIBA\Downloads\Westworld.S01E09.HDTV.x264-KILLERS[ettv]
2016-11-28 07:53 - 2016-11-28 23:07 - 00000000 ____D C:\Users\TOSHIBA\Downloads\Westworld.S01E08.HDTV.x264-KILLERS[ettv]
2016-11-28 07:31 - 2016-11-28 23:06 - 00000000 ____D C:\Users\TOSHIBA\Downloads\Westworld.S01E07.HDTV.x264-KILLERS[ettv]
2016-11-28 07:01 - 2016-11-28 23:05 - 00000000 ____D C:\Users\TOSHIBA\Downloads\Westworld.S01E06.PROPER.HDTV.x264-KILLERS[ettv]
2016-11-28 06:27 - 2016-11-28 23:04 - 00000000 ____D C:\Users\TOSHIBA\Downloads\Westworld.S01E05.HDTV.x264-KILLERS[ettv]
2016-11-27 08:23 - 2016-11-28 23:03 - 00000000 ____D C:\Users\TOSHIBA\Downloads\Westworld.S01E04.WEBRip.x264-FUM[ettv]
2016-11-27 07:40 - 2016-11-27 22:26 - 00000000 ____D C:\Users\TOSHIBA\Downloads\Westworld.S01E03.PROPER.HDTV.x264-KILLERS[ettv]
2016-11-27 06:45 - 2016-11-27 07:49 - 00000000 ____D C:\Users\TOSHIBA\Downloads\Westworld.S01E02.HDTV.x264-BATV[ettv]
2016-11-26 07:44 - 2016-11-26 19:33 - 00000000 ____D C:\Users\TOSHIBA\Downloads\The.Flash.2014.S03E07.HDTV.x264-LOL[ettv]
2016-11-25 17:11 - 2016-11-25 17:19 - 00000000 ____D C:\Users\TOSHIBA\Desktop\All Cisco Labs Eng Adel Al Hamedy
2016-11-25 13:57 - 2016-11-25 13:56 - 00113365 _____ C:\Users\TOSHIBA\Desktop\Static Route .pkt
2016-11-25 10:12 - 2016-11-25 10:17 - 00000000 ____D C:\Users\TOSHIBA\Cisco Packet Tracer 6.3
2016-11-25 10:10 - 2016-11-25 10:11 - 00000000 ____D C:\Program Files (x86)\Cisco Packet Tracer 6.3
2016-11-25 10:05 - 2016-11-25 10:05 - 00024679 _____ C:\Users\TOSHIBA\Downloads\westworld-first-season_HI_english-1417065.zip
2016-11-25 08:29 - 2016-11-25 08:29 - 00012207 _____ C:\Users\TOSHIBA\Downloads\Static Route (Demo).pkt
2016-11-25 08:01 - 2016-11-25 11:32 - 00000000 ____D C:\Users\TOSHIBA\Cisco Packet Tracer 7.0
2016-11-24 21:53 - 2016-11-24 21:55 - 00000000 ____D C:\Users\TOSHIBA\Desktop\Lynda.com - Illustrator CC Essential Training
2016-11-24 21:38 - 2015-08-15 11:39 - 127926272 _____ C:\Users\TOSHIBA\Desktop\IOSv-L3.qcow2
2016-11-22 23:06 - 2016-11-25 10:05 - 00000000 ____D C:\Users\TOSHIBA\Downloads\Westworld.S01E01.HDTV.x264-FUM[ettv]
2016-11-22 22:56 - 2016-11-22 22:56 - 00025779 _____ C:\Users\TOSHIBA\Downloads\gotham-third-season-2016_HI_english-1450551.zip
2016-11-22 19:34 - 2013-07-23 23:56 - 2459025408 _____ C:\Users\TOSHIBA\Desktop\kali-linux-1.0.4-amd64.iso
2016-11-22 06:39 - 2016-11-22 22:56 - 00000000 ____D C:\Users\TOSHIBA\Downloads\Gotham.S03E10.HDTV.x264-LOL[ettv]
2016-11-17 07:21 - 2016-11-17 07:35 - 172982492 _____ C:\Users\TOSHIBA\Downloads\L3-ADVENTERPRISEK9-M-15.5-2T.bin
2016-11-17 07:05 - 2016-11-18 00:05 - 00000000 ____D C:\Users\TOSHIBA\Downloads\Arrow.S05E07.HDTV.x264-LOL[ettv]
2016-11-16 11:16 - 2016-12-08 08:24 - 00000000 ____D C:\Users\TOSHIBA\GNS3
2016-11-16 11:15 - 2016-11-16 11:16 - 00000000 ____D C:\Users\TOSHIBA\AppData\Roaming\GNS3
2016-11-16 11:15 - 2016-11-16 11:15 - 00001658 _____ C:\Users\TOSHIBA\Desktop\GNS3.lnk
2016-11-16 11:15 - 2016-11-16 11:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GNS3
2016-11-16 11:14 - 2016-11-16 11:15 - 00000000 ____D C:\Program Files\GNS3
2016-11-16 08:47 - 2016-11-16 08:47 - 00001160 _____ C:\Users\Public\Desktop\Oracle VM VirtualBox.lnk
2016-11-16 08:47 - 2016-11-16 08:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Oracle VM VirtualBox
2016-11-16 08:47 - 2016-11-16 08:47 - 00000000 ____D C:\Program Files\Oracle
2016-11-16 08:47 - 2016-09-12 18:17 - 00149256 _____ (Oracle Corporation) C:\WINDOWS\system32\Drivers\VBoxUSBMon.sys
2016-11-16 08:08 - 2016-11-16 08:08 - 00000000 ____D C:\Users\TOSHIBA\Documents\Virtual Machines
2016-11-16 08:06 - 2016-11-16 08:45 - 00000000 ____D C:\Users\TOSHIBA\AppData\Roaming\VMware
2016-11-16 08:06 - 2016-11-16 08:45 - 00000000 ____D C:\Users\TOSHIBA\AppData\Local\VMware
2016-11-16 07:54 - 2016-11-16 07:54 - 00000000 ____D C:\Users\TOSHIBA\Desktop\Keygen-AMPED
2016-11-16 07:54 - 2016-11-11 23:22 - 00400968 _____ (VMware, Inc.) C:\WINDOWS\SysWOW64\vmnat.exe
2016-11-16 07:54 - 2016-11-11 23:22 - 00366664 _____ (VMware, Inc.) C:\WINDOWS\SysWOW64\vmnetdhcp.exe
2016-11-16 07:54 - 2016-11-11 23:21 - 01148488 _____ (VMware, Inc.) C:\WINDOWS\system32\vnetlib64.dll
2016-11-16 07:54 - 2016-11-11 23:16 - 00088128 _____ (VMware, Inc.) C:\WINDOWS\system32\Drivers\vmx86.sys
2016-11-16 07:54 - 2016-11-11 23:16 - 00052288 _____ (VMware, Inc.) C:\WINDOWS\system32\Drivers\vmkbd.sys
2016-11-16 07:54 - 2016-11-11 23:05 - 00066624 _____ (VMware, Inc.) C:\WINDOWS\system32\vnetinst.dll
2016-11-16 07:54 - 2016-11-11 23:05 - 00044096 _____ (VMware, Inc.) C:\WINDOWS\system32\Drivers\vmnetuserif.sys
2016-11-16 07:54 - 2016-09-30 01:12 - 00091712 _____ (VMware, Inc.) C:\WINDOWS\system32\Drivers\vsock.sys
2016-11-16 07:54 - 2016-09-30 01:12 - 00069104 _____ (VMware, Inc.) C:\WINDOWS\system32\vsocklib.dll
2016-11-16 07:54 - 2016-09-30 01:12 - 00065016 _____ (VMware, Inc.) C:\WINDOWS\SysWOW64\vsocklib.dll
2016-11-16 07:53 - 2016-11-16 07:53 - 01617228 _____ C:\WINDOWS\SysWOW64\PerfStringBackup.INI
2016-11-16 07:53 - 2016-11-16 07:53 - 00001287 _____ C:\Users\Public\Desktop\VMware Workstation Pro.lnk
2016-11-16 07:53 - 2016-11-16 07:53 - 00001024 _____ C:\WINDOWS\SysWOW64\%TMP%
2016-11-16 07:53 - 2016-11-16 07:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VMware
2016-11-16 07:53 - 2016-09-06 18:48 - 00083008 _____ (VMware, Inc.) C:\WINDOWS\system32\Drivers\hcmon.sys
2016-11-16 07:52 - 2016-12-10 10:49 - 00000000 ____D C:\ProgramData\VMware
2016-11-16 07:52 - 2016-11-16 07:52 - 00000000 ____D C:\Users\Public\Documents\Shared Virtual Machines
2016-11-16 07:52 - 2016-11-16 07:52 - 00000000 ____D C:\Program Files\Common Files\VMware
2016-11-16 07:52 - 2016-11-16 07:52 - 00000000 ____D C:\Program Files (x86)\VMware
2016-11-16 07:11 - 2016-11-16 07:11 - 00000000 ____D C:\Users\TOSHIBA\Downloads\VMware Workstation Pro v12.5.2 Build 4638234 Incl Keygen [Androgalaxy]
2016-11-16 06:40 - 2016-11-16 22:36 - 00000000 ____D C:\Users\TOSHIBA\Downloads\The.Flash.2014.S03E06.HDTV.x264-LOL[ettv]
2016-11-16 05:52 - 2016-11-17 07:35 - 00000000 ____D C:\Users\TOSHIBA\Desktop\IOU in GNS3 Ziad
2016-11-15 06:49 - 2016-11-16 22:41 - 00000000 ____D C:\Users\TOSHIBA\Downloads\Gotham.S03E09.HDTV.x264-LOL[ettv]
2016-11-14 07:31 - 2016-11-14 07:31 - 00000000 ____D C:\Users\TOSHIBA\Documents\OneNote Notebooks
2016-11-13 06:56 - 2016-11-18 00:04 - 00000000 ____D C:\Users\TOSHIBA\Downloads\Arrow.S05E06.HDTV.x264-LOL[ettv]
2016-11-11 23:05 - 2016-11-11 23:05 - 00098360 _____ (VMware, Inc.) C:\WINDOWS\system32\vmnetbridge.dll
2016-11-11 23:05 - 2016-11-11 23:05 - 00066624 _____ (VMware, Inc.) C:\WINDOWS\system32\Drivers\vmnetbridge.sys
2016-11-11 23:05 - 2016-11-11 23:05 - 00046144 _____ (VMware, Inc.) C:\WINDOWS\system32\Drivers\vmnetadapter.sys
2016-11-11 23:05 - 2016-11-11 23:05 - 00045632 _____ (VMware, Inc.) C:\WINDOWS\system32\Drivers\vmnet.sys
2016-11-11 07:43 - 2016-11-13 22:32 - 00000000 ____D C:\Users\TOSHIBA\Downloads\The.Blacklist.S04E08.HDTV.x264-KILLERS[ettv]
2016-11-10 08:33 - 2016-11-18 00:03 - 00000000 ____D C:\Users\TOSHIBA\Downloads\Arrow.S05E05.HDTV.x264-LOL[ettv]

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-12-10 11:08 - 2016-08-22 15:18 - 00000000 ____D C:\FRST
2016-12-10 11:08 - 2016-07-16 13:36 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-12-10 10:58 - 2013-10-16 22:58 - 00000000 ____D C:\Users\TOSHIBA\AppData\Local\Adobe
2016-12-10 10:51 - 2014-11-13 09:29 - 00000575 _____ C:\WINDOWS\SysWOW64\router.xml
2016-12-10 10:50 - 2013-10-14 07:10 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2016-12-10 10:49 - 2016-10-12 13:55 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-12-10 09:13 - 2016-07-16 08:04 - 00524288 _____ C:\WINDOWS\system32\config\BBI
2016-12-10 09:11 - 2016-10-25 23:24 - 00000000 ____D C:\Users\TOSHIBA\AppData\Roaming\DMCache
2016-12-10 09:07 - 2016-09-13 10:06 - 00000000 ____D C:\Users\TOSHIBA\AppData\Roaming\uTorrent
2016-12-10 09:06 - 2014-10-23 11:14 - 00000000 ____D C:\Users\TOSHIBA\Documents\Corel
2016-12-10 09:04 - 2016-10-12 12:58 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2016-12-10 08:10 - 2016-07-16 13:47 - 00000000 ___HD C:\Program Files\WindowsApps
2016-12-10 08:10 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-12-10 07:30 - 2013-10-19 02:34 - 00001518 _____ C:\Users\TOSHIBA\Desktop\iexplore.lnk
2016-12-10 07:11 - 2016-10-12 13:07 - 00000000 ____D C:\Users\TOSHIBA
2016-12-09 14:10 - 2015-04-16 08:04 - 00000000 ____D C:\Users\TOSHIBA\Downloads\Compressed
2016-12-09 12:10 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\system32\NDF
2016-12-09 11:10 - 2016-10-25 23:24 - 00000000 ____D C:\Users\TOSHIBA\AppData\Roaming\IDM
2016-12-09 10:22 - 2014-05-17 09:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-12-09 10:22 - 2014-05-17 09:08 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-12-09 10:12 - 2014-02-28 10:50 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-12-09 09:07 - 2014-01-15 15:00 - 00004437 _____ C:\Users\TOSHIBA\Desktop\Pass.txt
2016-12-09 08:09 - 2016-09-13 10:07 - 00000942 _____ C:\Users\TOSHIBA\Desktop\µTorrent.lnk
2016-12-09 07:40 - 2015-04-16 08:04 - 00000000 ____D C:\Users\TOSHIBA\Downloads\Video
2016-12-09 06:31 - 2015-12-07 19:50 - 00002283 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-12-09 06:31 - 2015-12-07 19:50 - 00002271 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-12-08 16:54 - 2013-01-11 01:11 - 00000000 ____D C:\Users\TOSHIBA\AppData\Local\VirtualStore
2016-12-08 16:49 - 2015-04-06 19:05 - 00000000 ____D C:\Users\TOSHIBA\.VirtualBox
2016-12-08 15:12 - 2015-09-09 10:00 - 00000540 _____ C:\Users\TOSHIBA\.packettracer
2016-12-08 14:35 - 2016-09-16 23:19 - 00000000 ____D C:\Users\TOSHIBA\AppData\Roaming\vlc
2016-12-08 11:57 - 2014-06-27 08:56 - 00000000 ____D C:\ProgramData\Real
2016-12-08 11:57 - 2014-06-27 08:56 - 00000000 ____D C:\Program Files (x86)\Real
2016-12-08 11:57 - 2014-06-27 08:55 - 00000000 ____D C:\Users\TOSHIBA\AppData\Roaming\Real
2016-12-08 11:52 - 2013-01-11 01:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Golden Al-Wafi Translator
2016-12-07 18:29 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\SchCache
2016-12-06 12:58 - 2014-07-27 13:02 - 00000000 ____D C:\Users\TOSHIBA\AppData\Local\ElevatedDiagnostics
2016-12-03 07:02 - 2013-01-11 01:11 - 00000000 ____D C:\Users\TOSHIBA\AppData\Local\Packages
2016-11-30 06:18 - 2016-10-22 12:47 - 00000000 ____D C:\Users\TOSHIBA\Desktop\Mov
2016-11-25 11:17 - 2016-10-16 13:36 - 00001090 _____ C:\Users\TOSHIBA\Desktop\Cisco Packet Tracer.lnk
2016-11-25 11:17 - 2016-10-16 13:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cisco Packet Tracer
2016-11-25 11:17 - 2016-10-16 13:36 - 00000000 ____D C:\Program Files\Cisco Packet Tracer 7.0
2016-11-25 08:01 - 2016-10-16 13:37 - 00021504 _____ C:\Users\TOSHIBA\AppData\Local\WebpageIcons.db
2016-11-20 18:34 - 2015-11-21 21:58 - 01630362 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-11-16 22:38 - 2016-11-09 07:56 - 00000000 ____D C:\Users\TOSHIBA\Downloads\Gotham.S03E08.HDTV.x264-LOL[ettv]
2016-11-16 11:58 - 2016-10-06 14:44 - 00000000 ____D C:\Users\TOSHIBA\Desktop\IOU ON GNS3
2016-11-16 11:14 - 2015-09-09 15:49 - 00000000 ____D C:\Program Files (x86)\WinPcap
2016-11-16 08:50 - 2015-04-06 19:05 - 00000000 ____D C:\Users\TOSHIBA\VirtualBox VMs
2016-11-16 08:47 - 2016-07-16 13:45 - 00000000 ____D C:\WINDOWS\INF
2016-11-12 22:40 - 2015-01-24 13:36 - 00000000 ____D C:\ProgramData\Corel
2016-11-11 01:41 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2016-11-10 14:16 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\rescache
2016-11-10 11:13 - 2016-11-09 08:00 - 00000000 ____D C:\Users\TOSHIBA\Downloads\The.Blacklist.S04E07.HDTV.x264-KILLERS[ettv]

==================== Files in the root of some directories =======

2015-03-10 12:33 - 2015-03-16 17:00 - 0000132 _____ () C:\Users\TOSHIBA\AppData\Roaming\Adobe PNG Format CS6 Prefs
2013-10-31 12:50 - 2014-03-16 15:11 - 0001456 _____ () C:\Users\TOSHIBA\AppData\Local\Adobe Save for Web 12.0 Prefs ME
2013-10-27 01:19 - 2015-04-07 22:55 - 0001456 _____ () C:\Users\TOSHIBA\AppData\Local\Adobe Save for Web 13.0 Prefs
2015-09-23 13:43 - 2015-09-23 16:37 - 0000600 _____ () C:\Users\TOSHIBA\AppData\Local\PUTTY.RND
2013-10-14 05:51 - 2016-10-27 06:50 - 0007605 _____ () C:\Users\TOSHIBA\AppData\Local\resmon.resmoncfg
2016-10-16 13:37 - 2016-11-25 08:01 - 0021504 _____ () C:\Users\TOSHIBA\AppData\Local\WebpageIcons.db
2013-11-04 00:57 - 2016-08-26 14:43 - 0000041 ___SH () C:\ProgramData\.zreglib

Some files in TEMP:
====================
C:\Users\TOSHIBA\AppData\Local\Temp\DriverBoosterSetup.exe
C:\Users\TOSHIBA\AppData\Local\Temp\trotux.exe
C:\Users\TOSHIBA\AppData\Local\Temp\Wireshark-win64-1.12.1.exe


==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2016-12-04 14:41

==================== End of FRST.txt ============================

Link to post
Share on other sites

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 07-12-2016
Ran by TOSHIBA (10-12-2016 11:11:34)
Running from C:\Users\TOSHIBA\Desktop
Windows 10 Home Single Language Version 1607 (X64) (2016-10-12 12:07:34)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2841341764-4259199002-3796252902-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2841341764-4259199002-3796252902-503 - Limited - Disabled)
Guest (S-1-5-21-2841341764-4259199002-3796252902-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2841341764-4259199002-3796252902-1003 - Limited - Enabled)
TOSHIBA (S-1-5-21-2841341764-4259199002-3796252902-1001 - Administrator - Enabled) => C:\Users\TOSHIBA

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Kaspersky Internet Security (Enabled - Up to date) {86367591-4BE4-AE08-2FD9-7FCB8259CD98}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Kaspersky Internet Security (Enabled - Up to date) {3D579475-6DDE-A186-1569-44B9F9DE8725}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security (Enabled) {BE0DF4B4-018B-AF50-0486-D6FE7C8A8AE3}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-2841341764-4259199002-3796252902-1001\...\uTorrent) (Version: 3.4.7.42330 - BitTorrent Inc.)
12.0.0.0 (HKLM-x32\...\{FECB3E96-76A8-45A9-B73C-D7304DE02190}_is1) (Version:  - Adobe Photoshop CS5 ME by Magic-M)
Action! (HKLM-x32\...\Mirillis Action!) (Version: 1.30.3 - Mirillis)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.5.1.17730 - Adobe Systems Inc.)
Adobe Flash Player 23 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 23.0.0.185 - Adobe Systems Incorporated)
Adobe Photoshop CC 2015 (HKLM-x32\...\{793C2BF7-A4FE-4608-91C9-9282C5801C21}) (Version: 16.0 - Adobe Systems Incorporated)
Adobe Photoshop Lightroom 5.3 64-bit (HKLM\...\{2DD71ACB-552D-402C-9529-7906ACB95C30}) (Version: 5.3.1 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.07) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
AMD Catalyst Control Center (HKLM-x32\...\WUCCCApp) (Version: 1.00.0000 - AMD)
AMD Catalyst Install Manager (HKLM\...\{F2A7CE36-57BF-5C86-952D-90DBF3746D82}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
Apple Application Support (32-bit) (HKLM-x32\...\{649A1FD9-5892-46AD-8DF0-C4A43FF61CB7}) (Version: 4.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{0DE0A178-AC7B-4650-806C-CF226DE03766}) (Version: 4.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{3540181E-340A-4E7A-B409-31663472B2F7}) (Version: 9.1.0.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
Atheros Bluetooth Filter Driver Package (HKLM\...\{026B819B-4D60-4C8B-892D-33A0D8666F60}) (Version: 2.0.0.1 - Atheros Communications)
Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 10.0 - Atheros)
BlueStacks App Player (HKLM-x32\...\BlueStacks App Player) (Version: 0.9.30.9239 - BlueStack Systems, Inc.)
BlueStacks Notification Center (HKLM-x32\...\{3792811C-832F-4392-B44A-24092901EDDC}) (Version: 0.9.30.9239 - BlueStack Systems, Inc.)
Cambridge Advanced Learner's Dictionary - 3rd Edition (HKLM-x32\...\NSIS_cald3) (Version:  - )
CCleaner (HKLM\...\CCleaner) (Version: 5.13 - Piriform)
CGS17_Setup_x64 (Version: 17.0 - Corel Corporation) Hidden
Cisco Packet Tracer 6.1 Student (HKLM-x32\...\Cisco Packet Tracer 6.1 Student_is1) (Version:  - Cisco Systems, Inc.)
Cisco Packet Tracer 6.3 (HKLM-x32\...\Cisco Packet Tracer 6.3_is1) (Version:  - Cisco Systems, Inc.)
Cisco Packet Tracer 7.0 64Bit (HKLM\...\Cisco Packet Tracer 7.0 64Bit_is1) (Version:  - Cisco Systems, Inc.)
CloneCD (HKLM-x32\...\CloneCD) (Version:  - SlySoft)
Corel Graphics - Windows Shell Extension (HKLM\...\_{4AB916EE-ABA8-4079-9889-745798B6D809}) (Version: 17.0.0.491 - Corel Corporation)
Corel Graphics - Windows Shell Extension (Version: 17.0.491 - Corel Corporation) Hidden
Corel Graphics - Windows Shell Extension 32 Bit (Version: 17.0.491 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Capture (x64) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Common (x64) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Connect (x64) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Custom Data (x64) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Draw (x64) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - EN (x64) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Filters (x64) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - FontNav (x64) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - IPM Content (x64) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - IPM T (x64) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - PHOTO-PAINT (x64) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Photozoom Plugin (x64) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Redist (x64) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Setup Files (x64) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - VBA (x64) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - VideoBrowser (x64) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Writing Tools (x64) (Version: 17.0 -  Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 (64-Bit) (HKLM\...\_{5CB73140-806C-42C6-A05A-1AFD0E92DEB5}) (Version: 17.0.0.491 - Corel Corporation)
EaseUS Partition Master 9.2.2 (HKLM-x32\...\EaseUS Partition Master_is1) (Version:  - EaseUS)
Focus 500,000 Images (HKLM-x32\...\InstallShield_{445D8BDE-8E58-418A-BAE4-2443F0D7B2A7}) (Version: 3.20.0000 - Focus)
Focus 500,000 Images (x32 Version: 3.20.0000 - Focus) Hidden
GNS3 1.2.3 (HKLM-x32\...\GNS3) (Version: 1.2.3 - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 55.0.2883.75 - Google Inc‎.‎)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.31.5 - Google Inc.)
Google Update Helper (x32 Version: 1.3.23.0 - BonanzaDeals) Hidden <==== ATTENTION
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.14.265 - SurfRight B.V.)
Intel(R) C++ Redistributables for Windows* on Intel(R) 64 (HKLM-x32\...\{D2437C5C-2D8C-40D2-8059-689AD7239FA3}) (Version: 11.1.048 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.5.2.1001 - Intel Corporation)
Internet Download Manager (HKLM-x32\...\Internet Download Manager) (Version:  - Tonec Inc.)
Internet Everywhere (HKLM-x32\...\InternetEverywhere) (Version: 3.0 - Internet Everywhere)
iTunes (HKLM\...\{E690A491-702F-4DEC-9977-C015D1DBB57C}) (Version: 12.3.1.23 - Apple Inc.)
Java 7 Update 55 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.550 - Oracle)
Kaspersky Internet Security (HKLM-x32\...\InstallWIX_{77E7AE5C-181C-4CAF-ADBF-946F11C1CE26}) (Version: 16.0.0.614 - Kaspersky Lab)
Kaspersky Password Manager (HKLM-x32\...\InstallWIX_{C706D102-D77E-4D45-B631-2A43C55F0F01}) (Version: 8.0.3.287 - Kaspersky Lab)
Kaspersky Password Manager (x32 Version: 8.0.3.287 - Kaspersky Lab) Hidden
Kaspersky Total Security (x32 Version: 16.0.0.614 - Kaspersky Lab) Hidden
K-Lite Codec Pack 12.3.5 Full (HKLM-x32\...\KLiteCodecPack_is1) (Version: 12.3.5 - KLCP)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Metric Collection SDK 35 (x32 Version: 1.2.0010.00 - Lenovo Group Limited) Hidden
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50709.0 - Microsoft Corporation)
Microsoft Text-to-Speech Engine 4.0 (English) (HKLM-x32\...\MSTTS) (Version:  - )
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2012 (HKLM-x32\...\{89ca2a32-2b52-4595-8dfd-6fe4757958d0}) (Version: 11.0.51108 - Microsoft Corporation)
Mozilla Firefox 36.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 36.0.1 (x86 en-US)) (Version: 36.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 36.0.1 - Mozilla)
Oracle VM VirtualBox 5.1.6 (HKLM\...\{EEDDD7E2-A7A2-4FA9-8C32-ADB29A5096FF}) (Version: 5.1.6 - Oracle Corporation)
Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Pacote de Idiomas do Microsoft Visual Studio Tools for Applications 2012 x64 Hosting Support - PTB (Version: 11.0.51108 - Microsoft Corporation) Hidden
Pacote de Idiomas do Microsoft Visual Studio Tools for Applications 2012 x86 Hosting Support - PTB (x32 Version: 11.0.51108 - Microsoft Corporation) Hidden
PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
Premium Sound HD (HKLM\...\{94F03B8E-CB73-4653-AFE9-79112C01FED2}) (Version: 1.12.4600 - SRS Labs, Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.3.730.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6794 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.8400.30136 - Realtek Semiconductor Corp.)
Revo Uninstaller Pro 3.1.2 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.1.2 - VS Revo Group, Ltd.)
Rosetta Stone Ltd Services (HKLM-x32\...\{7BB2EF8A-5376-4BAE-96D0-38BE49501F40}) (Version: 3.2.17 - Rosetta Stone Ltd.)
Rosetta Stone TOTALe (x32 Version: 4.1.1 - Rosetta Stone, Ltd) Hidden
Rosetta Stone TOTALe (x32 Version: 4.1.15.1 - Rosetta Stone, Ltd) Hidden
Samsung Kies3 (HKLM-x32\...\InstallShield_{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.15072.2 - Samsung Electronics Co., Ltd.)
Samsung Kies3 (x32 Version: 3.2.15072.2 - Samsung Electronics Co., Ltd.) Hidden
Samsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.55.0 - Samsung Electronics Co., Ltd.)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version:  - Microsoft)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (Version:  - Microsoft) Hidden
SES Driver (HKLM\...\{D8CC254C-C671-4664-9A38-FA368D1E2C97}) (Version: 1.0.0 - Western Digital)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
SHAREit (HKLM-x32\...\SHAREit_is1) (Version: 2.5.1.5 - Lenovo Group Limited)
Skype Click to Call (HKLM-x32\...\{873F8E7C-10E6-449F-BD7E-5FBA7C8E1C9B}) (Version: 8.5.0.9167 - Microsoft Corporation)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Smart Switch (HKLM-x32\...\InstallShield_{74FA5314-85C8-4E2A-907D-D9ECCCB770A7}) (Version: 4.0.15104.7 - Samsung Electronics Co., Ltd.)
Smart Switch (x32 Version: 4.0.15104.7 - Samsung Electronics Co., Ltd.) Hidden
Snagit 11 (HKLM-x32\...\{44BD21C2-9132-48DB-B65B-23817E4C6F4B}) (Version: 11.2.0 - TechSmith Corporation)
SolarWinds Response Time Viewer (HKLM-x32\...\{5B415E10-D1C1-4E54-9061-AE0FB3D7F2B2}) (Version: 1.0.0.167 - SolarWinds)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.16.3 - Synaptics Incorporated)
Topaz  InFocus (HKLM-x32\...\Topaz  InFocus) (Version: 1.0.0 - Topaz Labs)
Topaz  InFocus (x32 Version: 1.0.0 - Topaz Labs) Hidden
Topaz Adjust 4 (HKLM-x32\...\Topaz Adjust 4) (Version: 4.1.0 - Topaz Labs)
Topaz Adjust 4 (x32 Version: 4.1.0 - Topaz Labs) Hidden
Topaz Clean 2 (HKLM-x32\...\{3D4B5330-CEA9-4D58-8355-74729AE527CD}) (Version: 2.1.0 - Topaz Labs)
Topaz Clean 3 (HKLM-x32\...\Topaz Clean 3) (Version: 3.0.2 - Topaz Labs)
Topaz Clean 3 (x32 Version: 3.0.2 - Topaz Labs) Hidden
Topaz DeJpeg 4 (HKLM-x32\...\Topaz DeJpeg 4) (Version: 4.0.2 - Topaz Labs)
Topaz DeJpeg 4 (x32 Version: 4.0.2 - Topaz Labs) Hidden
Topaz DeNoise 5 (HKLM-x32\...\Topaz DeNoise 5) (Version: 5.0.1 - Topaz Labs)
Topaz DeNoise 5 (x32 Version: 5.0.1 - Topaz Labs) Hidden
Topaz Detail 2 (HKLM-x32\...\Topaz Detail 2) (Version: 2.0.5 - Topaz Labs)
Topaz Detail 2 (x32 Version: 2.0.5 - Topaz Labs) Hidden
Topaz Detail 3 (HKLM-x32\...\Topaz Detail 3) (Version: 3.2.0 - Topaz Labs, LLC)
Topaz Fusion Express 2 (HKLM-x32\...\Topaz Fusion Express 2) (Version: 2.0.1 - Topaz Labs)
Topaz Fusion Express 2 (x32 Version: 2.0.1 - Topaz Labs) Hidden
Topaz ReMask 2 (HKLM-x32\...\Topaz ReMask 2) (Version: 2.0.5 - Topaz Labs)
Topaz ReMask 2 (x32 Version: 2.0.5 - Topaz Labs) Hidden
Topaz Simplify 3 (HKLM-x32\...\Topaz Simplify 3) (Version: 3.0.2 - Topaz Labs)
Topaz Simplify 3 (x32 Version: 3.0.2 - Topaz Labs) Hidden
TOSHIBA Desktop Assist (HKLM\...\{95CCACF0-010D-45F0-82BF-858643D8BC02}) (Version: 1.00.0007.00002 - Toshiba Corporation)
TOSHIBA eco Utility (HKLM\...\{5944B9D4-3C2A-48DE-931E-26B31714A2F7}) (Version: 2.0.0.6415 - Toshiba Corporation)
TOSHIBA Function Key (HKLM\...\{16562A90-71BC-41A0-B890-D91B0C267120}) (Version: 1.00.6425 - Toshiba Corporation)
TOSHIBA Manuals (HKLM-x32\...\{90FF4432-21B7-4AF6-BA6E-FB8C1FED9173}) (Version: 10.10 - TOSHIBA)
Toshiba Password Utility (HKLM-x32\...\InstallShield_{6D35FF17-A8B3-43D3-917E-5A1F2C3FB628}) (Version: 2.00.910 - Toshiba Corporation)
TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.8.17.640104 - Toshiba Corporation)
Toshiba Places Icon Utility (HKLM\...\{C991A8C4-307C-4FDD-8AAE-A1BF44881E95}) (Version: 2.1.1 - TOSHIBA)
TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.2.0.54043005 - Toshiba Corporation)
TOSHIBA Resolution+ Plug-in for Windows Media Player (HKLM-x32\...\{6CB76C9D-80C2-4CB3-A4CD-D96B239E3F94}) (Version: 1.2.2.00 - TOSHIBA Corporation)
TOSHIBA Service Station (HKLM\...\{B8C8422F-01F1-4791-B084-047AAFF9BFCC}) (Version: 2.4.4 - TOSHIBA)
TOSHIBA System Driver (HKLM-x32\...\{1E6A96A1-2BAB-43EF-8087-30437593C66C}) (Version: 1.00.0012 - Toshiba Corporation)
TOSHIBA System Settings (HKLM-x32\...\{05A55927-DB9B-4E26-BA44-828EBFF829F0}) (Version: 1.00.0002.32002 - Toshiba Corporation)
Toshiba TEMPRO (HKLM-x32\...\{F76F5214-83A8-4030-80C9-1EF57391D72A}) (Version: 4.2.0 - Toshiba Europe GmbH)
TOSHIBA VIDEO PLAYER (HKLM\...\{FF07604E-C860-40E9-A230-E37FA41F103A}) (Version: 5.1.0.12-A - Toshiba Corporation)
Update for Skype for Business 2015 (KB3039776) 64-Bit Edition (HKLM\...\{90150000-012B-0409-1000-0000000FF1CE}_Office15.PROPLUS_{0FA8AE0C-69AE-4F60-A1AB-F79C6BA5A999}) (Version:  - Microsoft)
Update for Skype for Business 2015 (KB3118281) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{E34F92E8-F338-4749-BE58-E77D605FE648}) (Version:  - Microsoft)
Update for Skype for Business 2015 (KB3118281) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUS_{E34F92E8-F338-4749-BE58-E77D605FE648}) (Version:  - Microsoft)
Update for Skype for Business 2015 (KB3118281) 64-Bit Edition (HKLM\...\{90150000-012B-0409-1000-0000000FF1CE}_Office15.PROPLUS_{E34F92E8-F338-4749-BE58-E77D605FE648}) (Version:  - Microsoft)
VCE Exam Simulator Demo (HKLM-x32\...\VCE Exam Simulator Demo_is1) (Version:  - Avanset)
Viber (HKU\S-1-5-21-2841341764-4259199002-3796252902-1001\...\Viber) (Version: 5.2.0.2546 - Viber Media Inc)
VirtualCloneDrive (HKLM-x32\...\VirtualCloneDrive) (Version: 5.4.7.0 - Elaborate Bytes)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.4 - VideoLAN)
VMware Workstation (HKLM\...\{07C33FB0-25C8-4723-A1E4-01868089B961}) (Version: 12.5.2 - VMware, Inc.)
WebcamMax (HKLM-x32\...\WebcamMax) (Version: 7.1.3.2.MultiLanguage - )
Windows 10 Upgrade Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.17364 - Microsoft Corporation)
Windows Driver Package - Western Digital Technologies (WDC_SAM) WDC_SAM  (01/19/2011 1.0.0009.0) (HKLM\...\4CA7CFBB29889F25ACB3DF6E3A42BAE29EB43B20) (Version: 01/19/2011 1.0.0009.0 - Western Digital Technologies)
WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.)
WinRAR 4.00 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.00.0 - win.rar GmbH)
Wireshark 2.2.1 (64-bit) (HKLM-x32\...\Wireshark) (Version: 2.2.1 - The Wireshark developer community, hxxps://www.wireshark.org)
Xilisoft Video Converter Ultimate (HKLM-x32\...\Xilisoft Video Converter Ultimate) (Version: 7.7.2.20130217 - Xilisoft)
Yahoo! Messenger (HKLM-x32\...\Yahoo! Messenger) (Version:  - Yahoo! Inc.)
Zemana AntiMalware (HKLM-x32\...\{8F0CD7D1-42F3-4195-95CD-833578D45057}_is1) (Version: 2.70.25 - Zemana Ltd.)
Языковой пакет для поддержки размещения набора средств Microsoft Visual Studio Tools для работы с приложениями 2012 (x64) - RUS (Version: 11.0.51108 - Microsoft Corporation) Hidden
Языковой пакет для поддержки размещения набора средств Microsoft Visual Studio Tools для работы с приложениями 2012 (x86) - RUS (x32 Version: 11.0.51108 - Microsoft Corporation) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2841341764-4259199002-3796252902-1001_Classes\CLSID\{00000001-0E3A-4123-8B32-4B68A91E104A}\InprocServer32 -> C:\Program Files\TOSHIBA\TOSHIBA Places Icon Utility\TosDIBasePlace.dll (Toshiba Corporation)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {262DDD4F-3B33-4A8C-A45A-FBE68CC2A82D} - System32\Tasks\Toshiba\CommonNotifier => C:\Program Files (x86)\Toshiba TEMPRO\Toshiba.Tempro.UI.CommonNotifier.exe [2012-08-10] (Toshiba Europe GmbH)
Task: {2848877C-ADAD-494D-8E67-B85DD3D23E6D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {2E1E8925-9ABA-4D40-ABAE-E7A5DBC52954} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2841341764-4259199002-3796252902-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {3137EDDF-6AEE-418A-99DB-51D1EB66CDE6} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\WINDOWS\System32\AutoWorkplace.exe
Task: {358D2DF9-F601-4C10-AA63-F8519595A006} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {45F4087C-ADD6-4E1A-B544-83C1AD7307D6} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-10-12] (Adobe Systems Incorporated)
Task: {48484ED3-8937-42D1-8D32-E846A7C8DDA7} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2015-08-27] (Apple Inc.)
Task: {521EFD6D-C5CF-4552-A62E-815900EAD107} - System32\Tasks\klcp_update => C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe [2016-08-15] ()
Task: {54148399-229B-4991-B6B5-BF865D24EE65} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-2841341764-4259199002-3796252902-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe
Task: {64748C4D-BBD6-41C5-BA03-D9E299F45D6C} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 35 => C:\Program Files (x86)\Lenovo\Customer Feedback Program 35\Lenovo.TVT.CustomerFeedback.Agent35.exe [2015-07-06] (Lenovo)
Task: {6BFB1026-52E4-4025-ACAF-E048D63D8543} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-2841341764-4259199002-3796252902-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe
Task: {6F8E4EC5-89C9-42A8-A605-9A62FB364181} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-12-08] (Piriform Ltd)
Task: {72EB0BC5-7BEB-4DF9-A4B7-E53C589D4901} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2841341764-4259199002-3796252902-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {73E88E57-D0EF-4ECF-BD3B-86DA42A27A12} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {9252894D-DA52-474B-A9B4-DDFFE515C1C6} - System32\Tasks\{BC2B1518-FC3A-4125-B44E-8649FE13BC07} => pcalua.exe -a C:\Users\TOSHIBA\AppData\Local\Mobogenie\driver\Unzip_Files\samsung_4523a0530\samsung.exe -d C:\Users\TOSHIBA\AppData\Local\Mobogenie\driver\Unzip_Files\samsung_4523a0530
Task: {92774DA2-FF5B-4D20-AF2A-E530E7BDF0B0} - System32\Tasks\TOSHIBA\Service Station => C:\Program Files\TOSHIBA\Toshiba Service Station\ToshibaServiceStation.exe [2012-07-27] (TOSHIBA Corporation)
Task: {A294DC87-86EC-4E77-936A-85367BCB7AA4} - System32\Tasks\AdobeAAMUpdater-1.0-pc-TOSHIBA => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2015-05-26] (Adobe Systems Incorporated)
Task: {B227FE77-EBF7-4952-9500-AF6DF46B0B4E} - \WPD\SqmUpload_S-1-5-21-2841341764-4259199002-3796252902-1001 -> No File <==== ATTENTION
Task: {D1EFD7B6-EBD0-4B28-B14E-DABA2248B0BB} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-2841341764-4259199002-3796252902-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe
Task: {D260A17A-A634-4D34-9C98-E2DAFE29A124} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {D40629E6-D761-4F41-A3CF-83BE0D1ED37C} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2015-10-08] (Synaptics Incorporated)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2016-07-16 13:42 - 2016-07-16 13:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-10-12 22:45 - 2016-10-12 22:45 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2014-01-12 16:50 - 2012-10-23 19:42 - 00347120 ____N () C:\Program Files (x86)\InternetEverywhere\InternetEverywhere_Service.exe
2015-10-13 05:45 - 2015-10-13 05:45 - 00085800 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-10-13 05:45 - 2015-10-13 05:45 - 01328912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2016-11-11 23:20 - 2016-11-11 23:20 - 12472904 _____ () C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe
2016-10-12 22:45 - 2016-10-12 22:45 - 02681200 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll
2016-10-12 17:43 - 2016-10-12 17:43 - 01864384 _____ () C:\Users\TOSHIBA\AppData\Local\Microsoft\OneDrive\17.3.6517.0809_1\amd64\ClientTelemetry.dll
2016-07-12 18:40 - 2016-07-12 18:40 - 08909504 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2014-08-01 13:19 - 2011-03-02 13:40 - 00164864 _____ () C:\Program Files\WinRAR\rarext.dll
2016-12-09 16:06 - 2016-12-09 16:06 - 00152944 _____ () C:\Program Files (x86)\Zemana AntiMalware\ZAMShellExt64.dll
2016-10-12 22:45 - 2016-10-12 22:45 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2016-11-09 13:05 - 2016-11-02 12:30 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2016-11-09 13:05 - 2016-11-02 12:30 - 00693248 _____ () C:\Windows\ShellExperiences\MtcUvc.dll
2016-11-09 13:04 - 2016-11-02 12:21 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-11-09 13:04 - 2016-11-02 12:15 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-11-09 13:04 - 2016-11-02 12:14 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2016-11-09 13:04 - 2016-11-02 12:15 - 01033216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2016-11-09 13:04 - 2016-11-02 12:16 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-11-09 13:04 - 2016-11-02 12:17 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2012-12-10 05:12 - 2012-12-10 05:12 - 00158536 _____ () C:\WINDOWS\System32\SRSLabs\{176F4E15-8F7C-4833-ADED-81FAE8CCD186}\slcc3d64.dll
2015-07-09 00:18 - 2015-07-09 00:18 - 00794920 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\kpcengine.2.3.dll
2016-11-11 23:20 - 2016-11-11 23:20 - 00173128 _____ () C:\Program Files (x86)\VMware\VMware Workstation\nfc-types.dll
2016-11-11 23:20 - 2016-11-11 23:20 - 00199752 _____ () C:\Program Files (x86)\VMware\VMware Workstation\LIBEXPAT.dll
2016-11-11 23:20 - 2016-11-11 23:20 - 00396872 _____ () C:\Program Files (x86)\VMware\VMware Workstation\ssoClient.dll
2016-10-12 17:42 - 2016-10-12 17:42 - 01383616 _____ () C:\Users\TOSHIBA\AppData\Local\Microsoft\OneDrive\17.3.6517.0809_1\ClientTelemetry.dll
2016-07-12 18:40 - 2016-07-12 18:40 - 08909504 _____ () C:\Program Files (x86)\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2016-12-09 06:31 - 2016-12-01 03:29 - 01834600 _____ () C:\Program Files (x86)\Google\Chrome\Application\55.0.2883.75\libglesv2.dll
2016-12-09 06:31 - 2016-12-01 03:29 - 00091240 _____ () C:\Program Files (x86)\Google\Chrome\Application\55.0.2883.75\libegl.dll
2012-09-06 08:32 - 2012-06-25 19:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2016-12-09 12:01 - 2016-12-09 13:01 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2841341764-4259199002-3796252902-1001\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\windows\img0.jpg
DNS Servers: 162.221.181.52 - 162.221.181.53
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

HKLM\...\StartupApproved\StartupFolder: => "Snagit 11.lnk"
HKLM\...\StartupApproved\StartupFolder: => "Launcher.lnk"
HKLM\...\StartupApproved\Run: => "SynTPEnh"
HKLM\...\StartupApproved\Run: => "TecoResident"
HKLM\...\StartupApproved\Run: => "TSleepSrv"
HKLM\...\StartupApproved\Run: => "SRS Premium Sound HD"
HKLM\...\StartupApproved\Run: => "TCrdMain"
HKLM\...\StartupApproved\Run: => "TODDMain"
HKLM\...\StartupApproved\Run: => "TosWaitSrv"
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "ToshibaDynamicIconUtility"
HKLM\...\StartupApproved\Run32: => "StartCCC"
HKLM\...\StartupApproved\Run32: => "TPUReg"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "VirtualCloneDrive"
HKLM\...\StartupApproved\Run32: => "mobilegeni daemon"
HKLM\...\StartupApproved\Run32: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run32: => "AdobeCS6ServiceManager"
HKLM\...\StartupApproved\Run32: => "TkBellExe"
HKLM\...\StartupApproved\Run32: => "SwitchBoard"
HKLM\...\StartupApproved\Run32: => "BlueStacks Agent"
HKLM\...\StartupApproved\Run32: => "Wondershare Helper Compact.exe"
HKU\S-1-5-21-2841341764-4259199002-3796252902-1001\...\StartupApproved\Run: => "WebcamMaxAutoRun"
HKU\S-1-5-21-2841341764-4259199002-3796252902-1001\...\StartupApproved\Run: => "Viber"
HKU\S-1-5-21-2841341764-4259199002-3796252902-1001\...\StartupApproved\Run: => "uTorrent"
HKU\S-1-5-21-2841341764-4259199002-3796252902-1001\...\StartupApproved\Run: => "Nimbuzz"
HKU\S-1-5-21-2841341764-4259199002-3796252902-1001\...\StartupApproved\Run: => "Skype"
HKU\S-1-5-21-2841341764-4259199002-3796252902-1001\...\StartupApproved\Run: => "CCleaner Monitoring"
HKU\S-1-5-21-2841341764-4259199002-3796252902-1001\...\StartupApproved\Run: => "BitTorrent"
HKU\S-1-5-21-2841341764-4259199002-3796252902-1001\...\StartupApproved\Run: => "kpm.exe"
HKU\S-1-5-21-2841341764-4259199002-3796252902-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-2841341764-4259199002-3796252902-1001\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_D57DC8CD91C640D5C9F3BEBC9460BA9B"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => LPort=139
FirewallRules: [{0E87B5EB-2A2A-4C05-9C5A-5B9E1DF68622}] => C:\Users\TOSHIBA\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{DFC28760-C39A-447E-A7EE-A6D63991DCDF}] => C:\Users\TOSHIBA\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{948E757C-C96C-491F-80E6-E68231718422}] => C:\Program Files (x86)\Lenovo\SHAREit\SHAREit.exe
FirewallRules: [{D0B93A2B-5085-4BB3-90EA-74F4665BDFF6}] => C:\Program Files (x86)\Lenovo\SHAREit\SHAREit.exe
FirewallRules: [{C03300D5-4235-4C06-89D9-C78A050470F0}] => C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{0803CE69-1016-49E3-AB81-6B2BD699FF83}] => C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{122633C5-27D3-419E-BF60-B595E983BBC6}] => C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{DB654CDA-D3B6-4B98-95FE-C89B88F1CEC4}] => C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{2D5BC514-1CC6-461A-B94D-D9932E7DCA50}] => C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{AACE2BC8-222B-4554-AB85-7C7B81D68E67}] => C:\Users\TOSHIBA\AppData\Local\Viber\Viber.exe
FirewallRules: [{1AE975D8-6EFC-46C6-8D00-3DAEE4642ED8}] => C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneDaemon.exe
FirewallRules: [{D1C763D8-31DD-4EB6-955F-99393D959476}] => C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneDaemon.exe
FirewallRules: [{C460F504-73E4-4777-94C8-4268565A0077}] => C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneLtdServices.exe
FirewallRules: [{39794737-3397-4BFE-8ADC-9B608B2E5B35}] => C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneLtdServices.exe
FirewallRules: [{892E2608-6CEB-40F9-A9C3-3F232061EC8D}] => C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{87D682AC-34B7-42D0-8629-A37ECC7D2358}] => C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [{D705C41C-8400-447F-8657-51EF8F46BA6E}] => C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [{D2F6CB77-AAFD-4DFF-887C-7DF1527870E8}] => C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{0CEC3444-62A6-47D4-8427-A0F21D9CDCD5}] => C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{A562A5C1-4B40-477B-9089-67077DE1F897}] => C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{EB57D217-DCFE-4351-8DCF-BBD24997DEAE}] => C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{30A5B12C-74EA-43A0-BB34-4EB6EE0302C9}] => C:\WINDOWS\SysWOW64\router.exe
FirewallRules: [{87293806-8A19-4D26-801A-A8C9745755E2}] => C:\Program Files (x86)\Virtual WiFi Router\VirtualWiFiRouterLibrary.dll
FirewallRules: [{E3164CC0-00A4-4762-8C40-5C0CB4B1A8BD}] => C:\Program Files (x86)\Virtual WiFi Router\VirtualWiFiRouterLibrary.dll
FirewallRules: [{CCD1C424-B91F-415F-976A-CD3C1EA17DA9}] => C:\Program Files (x86)\Virtual WiFi Router\VirtualWiFiRouterLibrary.dll
FirewallRules: [{014CF151-48BA-408B-A9C5-6809BB3D88AE}] => C:\Program Files (x86)\Virtual WiFi Router\VirtualWiFiRouterLibrary.dll
FirewallRules: [{C991DB89-3AF8-4C65-B111-0D48A3D587C3}] => c:\Program Files\Corel\CorelDRAW Graphics Suite X7\Programs64\CorelDrw.exe
FirewallRules: [{FA898563-3C7A-4960-8D0F-212436820E9B}] => c:\Program Files\Corel\CorelDRAW Graphics Suite X7\Programs64\CorelPP.exe
FirewallRules: [{B86B557F-9BFD-4AC3-8C5D-6F9C4BA4E398}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{7FDEF2EB-E8A7-42D9-9083-432A7711D16A}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{F383A647-0F41-4FA4-BBE9-E94B1ADBB263}] => C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
FirewallRules: [{A471E2F5-E932-442C-8C9D-C56F0565024C}] => C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
FirewallRules: [{D40B1022-E0CD-42DC-8CE4-AF717EEA1068}] => C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe
FirewallRules: [{230F049E-FD92-4E77-9693-C0238C540A1E}] => C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe
FirewallRules: [TCP Query User{3F30943A-C155-4054-B944-209656C4F6D5}C:\program files (x86)\cisco packet tracer 6.1sv\bin\packettracer6.exe] => C:\program files (x86)\cisco packet tracer 6.1sv\bin\packettracer6.exe
FirewallRules: [UDP Query User{968258E3-3E40-432B-9D93-6B46A135AB12}C:\program files (x86)\cisco packet tracer 6.1sv\bin\packettracer6.exe] => C:\program files (x86)\cisco packet tracer 6.1sv\bin\packettracer6.exe
FirewallRules: [{57284858-ABE2-4FD0-B022-51A785823B4E}] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

24-11-2016 15:04:19 Scheduled Checkpoint
04-12-2016 07:13:21 Scheduled Checkpoint
08-12-2016 12:03:04 Removed Reflector 2

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (12/10/2016 11:07:00 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine QueryFullProcessImageNameW.  hr = 0x8007001f, A device attached to the system is not functioning.
.


Operation:
   Executing Asynchronous Operation

Context:
   Current State: DoSnapshotSet

Error: (12/10/2016 11:04:31 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.

Error: (12/10/2016 11:02:52 AM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {7ab69059-116f-41ef-88e6-bcdcef552049}

Error: (12/10/2016 10:49:45 AM) (Source: vmauthd) (EventID: 1000) (User: )
Description: Cannot find perfmon object in array returned by perfDLL, index=0

Error: (12/10/2016 09:09:35 AM) (Source: vmauthd) (EventID: 1000) (User: )
Description: Cannot find perfmon object in array returned by perfDLL, index=0

Error: (12/10/2016 09:07:31 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x00000358,SYSTEM\CurrentControlSet\Services\VSS\Diag\VssvcPublisher,0,REG_BINARY,0000008EBBC7F040.72).  hr = 0x80070005, Access is denied.
.

Error: (12/10/2016 09:07:31 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x000008f4,(null),0,REG_BINARY,000000867777DD10.72).  hr = 0x80070005, Access is denied.
.


Operation:
   BackupShutdown Event

Context:
   Execution Context: Writer
   Writer Class Id: {cd3f2362-8bef-46c7-9181-d62844cdc0b2}
   Writer Name: MSSearch Service Writer
   Writer Instance ID: {d9c79c0e-1dea-45a8-baa7-2ae8898ddb99}

Error: (12/10/2016 09:07:31 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x0000105c,(null),0,REG_BINARY,0000006CAD57DCD0.72).  hr = 0x80070005, Access is denied.
.


Operation:
   BackupShutdown Event

Context:
   Execution Context: Writer
   Writer Class Id: {a6ad56c2-b509-4e6c-bb19-49d8f43532f0}
   Writer Name: WMI Writer
   Writer Instance ID: {7ef1da28-869d-46b5-ad2b-a29abc62864f}

Error: (12/10/2016 09:07:31 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x000006fc,(null),0,REG_BINARY,000000E10667D8B0.72).  hr = 0x80070005, Access is denied.
.


Operation:
   BackupShutdown Event

Context:
   Execution Context: Writer
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {3b433bea-30ae-4ab3-9e34-d3fd34770426}

Error: (12/10/2016 09:07:31 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x000001dc,(null),0,REG_BINARY,0000008EBBD7E9C0.72).  hr = 0x80070005, Access is denied.
.


Operation:
   BackupShutdown Event

Context:
   Execution Context: Writer
   Writer Class Id: {afbab4a2-367d-4d15-a586-71dbb18f8485}
   Writer Name: Registry Writer
   Writer Instance ID: {575f6a0a-1c95-4c5b-97f5-1d89056b872f}


System errors:
=============
Error: (12/10/2016 10:51:13 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
 and APPID 
{F72671A9-012C-4725-9D2F-2A4D32D65169}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (12/10/2016 09:12:40 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The VMware Workstation Server service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (12/10/2016 09:09:39 AM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The HitmanPro 3.7 Crusader (Boot) service terminated with the following service-specific error: 
The operation completed successfully.

Error: (12/10/2016 09:07:59 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The VMware Workstation Server service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (12/10/2016 07:23:42 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
 and APPID 
{F72671A9-012C-4725-9D2F-2A4D32D65169}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (12/10/2016 06:54:11 AM) (Source: Microsoft-Windows-HAL) (EventID: 13) (User: NT AUTHORITY)
Description: The system watchdog timer was triggered.

Error: (12/10/2016 06:54:42 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 6:01:43 PM on ‎12/‎9/‎2016 was unexpected.

Error: (12/09/2016 04:07:20 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
 and APPID 
{F72671A9-012C-4725-9D2F-2A4D32D65169}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (12/09/2016 04:00:45 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The VMware Workstation Server service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (12/09/2016 12:24:15 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
 and APPID 
{F72671A9-012C-4725-9D2F-2A4D32D65169}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i5-3210M CPU @ 2.50GHz
Percentage of memory in use: 47%
Total physical RAM: 6097.7 MB
Available physical RAM: 3177.54 MB
Total Virtual: 6481.7 MB
Available Virtual: 3133.82 MB

==================== Drives ================================

Drive c: (TI30964900A) (Fixed) (Total:194.88 GB) (Free:28.32 GB) NTFS
Drive e: (D) (Fixed) (Total:392.02 GB) (Free:38.91 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 596.2 GB) (Disk ID: 08C8418F)

Partition: GPT.

==================== End of Addition.txt ============================

 

Link to post
Share on other sites

This should fix it:

 

FRST.gif Fix with Farbar Recovery Scan Tool

icon_exclaim.gif This fix was created for this user for use on that particular machine. icon_exclaim.gif


icon_exclaim.gif Running it on another one may cause damage and render the system unstable. icon_exclaim.gif

Download attached fixlist.txt file and save it to the Desktop:

Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Press the Fix button just once and wait.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finished FRST will generate a log on the Desktop, called Fixlog.txt.

Please upload it to your reply.

fixlist.txt

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.