Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Facebook account hacked from Chinese IP

Started by shellcrash , Aug 12 2016 06:14 AM

  • Please log in to reply

#1
shellcrash
Posted 12 August 2016 - 06:14 AM

shellcrash

    New Member

  • Member
  • Pip
  • 2 posts
About 5 hours ago my Facebook account got hacked and FB forced me to reset my password. I come from an IT background and I definitely didn't get phished which leads me to believe my system has been compromised. My passwords are saved on my system using a password manager. I run several VMWare instances as part of my daily work flow. Can someone please confirm whether I have been infected somehow?
Somehow the above was posted with a lot of errors. Main points: definitely didn't get phished ; haven't logged into facebook in many months; have rooted Android which could also be the source of the compromise, although again I haven't logged into Facebook for more than a year and I don't have passwords saved on my android. I just need to start somewhere, my suspicion is my Windows system got compromised.  Below are the logs from Farbar:
Thanks

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 11-08-2016 01
Ran by user (administrator) on ASYLUM (12-08-2016 13:50:40)
Running from C:\
Loaded Profiles: user (Available Profiles: user)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
() C:\Program Files (x86)\Acunetix\Web Vulnerability Scanner 10\WVSScheduler.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 12 Organizer\PhotoshopElementsFileAgent.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\avp.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Felix Logic) C:\Program Files (x86)\Cold Turkey\CTService.exe
(Synametrics Technologies) C:\DeltaCopy\DCServce.exe
() C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe
() C:\DeltaCopy\rsync.exe
() C:\Program Files (x86)\Everything\Everything.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Brio) C:\Program Files\FolderSize\FolderSizeSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\ProgramData\MobileBrServ\mbbService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
() C:\Program Files (x86)\Intel Driver Update Utility\SUR\SurSvc.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe
() C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\avpui.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.31.5\GoogleCrashHandler.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Brio) C:\Program Files\FolderSize\FolderSize.exe
(Flux Software LLC) C:\Users\user\AppData\Local\FluxSoftware\Flux\flux.exe
(WordWeb Software) C:\Program Files (x86)\WordWeb\wweb32.exe
(Siber Systems) C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.31.5\GoogleCrashHandler64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe
(VMware, Inc.) C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe
(Samsung Electronics.) C:\Program Files (x86)\Samsung\Samsung Magician\Samsung Magician.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
() C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\esrv.exe
(IObit) C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe
() C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\esrv.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(Just Great Software) C:\Program Files (x86)\Just Great Software\EditPadPro7\EditPadPro7.exe
() C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\esrv_svc.exe
() C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\esrv.exe
() C:\Program Files (x86)\Everything\Everything.exe
(VMware, Inc.) C:\Program Files (x86)\VMware\VMware Workstation\vmware.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(VMware, Inc.) C:\Program Files (x86)\VMware\VMware Workstation\vmware-unity-helper.exe
(VMware, Inc.) C:\Program Files (x86)\VMware\VMware Workstation\x64\vmware-vmx.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1425408 2014-06-13] (IDT, Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2780400 2013-09-11] (Synaptics Incorporated)
HKLM\...\Run: [BLEServicesCtrl] => C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe [184632 2013-11-13] (Motorola Solutions, Inc.)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2787264 2016-01-12] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284440 2011-11-29] (Intel Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-05-15] (Apple Inc.)
HKLM-x32\...\Run: [HP CoolSense] => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [1343904 2012-11-05] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [WD Quick View] => C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe [5571944 2016-04-19] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [Everything] => C:\Program Files (x86)\Everything\Everything.exe [1048576 2014-08-06] ()
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3499920 2014-09-12] (Adobe Systems Inc.)
HKLM-x32\...\Run: [vmware-tray.exe] => C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe [104128 2015-10-18] (VMware, Inc.)
Winlogon\Notify\igfxcui: igfxdev.dll [X]
HKU\S-1-5-21-1349553858-4256529286-2489926899-1000\...\Run: [Free Download Manager] => C:\Program Files (x86)\Free Download Manager\fdm.exe [6864896 2013-01-30] (FreeDownloadManager.ORG)
HKU\S-1-5-21-1349553858-4256529286-2489926899-1000\...\Run: [Folder Size] => C:\Program Files\FolderSize\FolderSize.exe [169472 2013-02-13] (Brio)
HKU\S-1-5-21-1349553858-4256529286-2489926899-1000\...\Run: [CAHeadless] => C:\Program Files (x86)\Adobe\Elements 12 Organizer\CAHeadless\ElementsAutoAnalyzer.exe [1400224 2013-09-03] (Adobe Systems Incorporated)
HKU\S-1-5-21-1349553858-4256529286-2489926899-1000\...\Run: [Dropbox Update] => C:\Users\user\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-12] (Dropbox, Inc.)
HKU\S-1-5-21-1349553858-4256529286-2489926899-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [29494400 2016-07-13] (Skype Technologies S.A.)
HKU\S-1-5-21-1349553858-4256529286-2489926899-1000\...\Run: [f.lux] => C:\Users\user\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-24] (Flux Software LLC)
HKU\S-1-5-21-1349553858-4256529286-2489926899-1000\...\Run: [WordWeb] => C:\Program Files (x86)\WordWeb\wweb32.exe [82048 2015-10-06] (WordWeb Software)
HKU\S-1-5-21-1349553858-4256529286-2489926899-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-1349553858-4256529286-2489926899-1000\...\Run: [RoboForm] => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [110376 2016-07-01] (Siber Systems)
HKU\S-1-5-21-1349553858-4256529286-2489926899-1000\...\MountPoints2: {07698f14-65f4-11e5-9c45-005056c00008} - G:\AutoRun.exe
HKU\S-1-5-21-1349553858-4256529286-2489926899-1000\...\MountPoints2: {1a8600e1-95d8-11e2-bc8c-84a6c88ade36} - F:\AutoRun.exe
HKU\S-1-5-21-1349553858-4256529286-2489926899-1000\...\MountPoints2: {2848c8fb-b896-11e2-8d40-84a6c88ade36} - F:\VMC_PBStarter.exe
HKU\S-1-5-21-1349553858-4256529286-2489926899-1000\...\MountPoints2: {2848c908-b896-11e2-8d40-84a6c88ade36} - F:\VMC_PBStarter.exe
HKU\S-1-5-21-1349553858-4256529286-2489926899-1000\...\MountPoints2: {28ff26a7-b707-11e2-9bd6-84a6c88ade36} - F:\VMC_PBStarter.exe
HKU\S-1-5-21-1349553858-4256529286-2489926899-1000\...\MountPoints2: {6e039260-b892-11e2-aa1c-84a6c88ade36} - F:\VMC_PBStarter.exe
HKU\S-1-5-21-1349553858-4256529286-2489926899-1000\...\MountPoints2: {6f878799-b89f-11e2-bb40-84a6c88ade36} - F:\VMC_PBStarter.exe
HKU\S-1-5-21-1349553858-4256529286-2489926899-1000\...\MountPoints2: {6f87879b-b89f-11e2-bb40-84a6c88ade36} - F:\VMC_PBStarter.exe
HKU\S-1-5-21-1349553858-4256529286-2489926899-1000\...\MountPoints2: {6f87879d-b89f-11e2-bb40-84a6c88ade36} - F:\VMC_PBStarter.exe
HKU\S-1-5-21-1349553858-4256529286-2489926899-1000\...\MountPoints2: {d1f3f706-88ff-11e2-950d-84a6c88ade36} - F:\VMC_PBStarter.exe
HKU\S-1-5-21-1349553858-4256529286-2489926899-1000\...\MountPoints2: {eeaf36f8-3403-11e1-8c15-806e6f6e6963} - "E:\Install Navigator.exe"
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [175368 2016-01-23] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [153392 2016-01-23] (NVIDIA Corporation)
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt64.38.dll [2016-08-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt64.38.dll [2016-08-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt64.38.dll [2016-08-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt64.38.dll [2016-08-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt64.38.dll [2016-08-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt64.38.dll [2016-08-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt64.38.dll [2016-08-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt64.38.dll [2016-08-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt.38.dll [2016-08-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt.38.dll [2016-08-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt.38.dll [2016-08-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt.38.dll [2016-08-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt.38.dll [2016-08-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt.38.dll [2016-08-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt.38.dll [2016-08-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt.38.dll [2016-08-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt.38.dll [2016-08-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt.38.dll [2016-08-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt.38.dll [2016-08-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt.38.dll [2016-08-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt.38.dll [2016-08-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt.38.dll [2016-08-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt.38.dll [2016-08-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt.38.dll [2016-08-01] (Dropbox, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled [2015-08-30] ()
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
ProxyServer: [.DEFAULT] => localhost:8080
ProxyServer: [S-1-5-21-1349553858-4256529286-2489926899-1000] => 195.154.91.100:3128
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 10.0.0.1
Tcpip\..\Interfaces\{121D1369-C077-49C8-8FF6-E5169B3FE032}: [DhcpNameServer] 10.0.0.1
Tcpip\..\Interfaces\{4ECFCCE0-A497-4EB5-BF5C-7A4E2BD7400D}: [DhcpNameServer] 192.168.1.1 192.168.1.1
Tcpip\..\Interfaces\{744C9C2B-4D14-4DAA-8A30-CE8E58B4F37D}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{93C39E02-9877-4B9B-A080-1C778CF6F157}: [DhcpNameServer] 192.168.1.99 192.168.1.99
Tcpip\..\Interfaces\{9A96CD03-69C7-407C-A2C4-4CA96D8C7BEA}: [DhcpNameServer] 192.168.1.1 192.168.1.1
 
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = 
HKU\S-1-5-21-1349553858-4256529286-2489926899-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKU\S-1-5-21-1349553858-4256529286-2489926899-1000 -> {978671A5-5EB2-4B0B-8685-DA1FE2FBACD1} URL = hxxps://www.google.com/search?q={searchTerms}
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer.dll [2015-11-12] (IObit)
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2016-07-19] (Microsoft Corporation)
BHO: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll [2016-07-01] (Siber Systems Inc.)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2015-08-10] (Oracle Corporation)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2014-09-12] (Adobe Systems Incorporated)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-01-08] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2014-01-23] (Microsoft Corporation)
BHO: Kaspersky Protection plugin -> {C66D064F-82FE-4E1A-B06A-B2490BA48B18} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\x64\IEExt\ie_plugin.dll [2015-12-07] (AO Kaspersky Lab)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2016-06-14] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2015-08-10] (Oracle Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28] (Hewlett-Packard)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2014-09-12] (Adobe Systems Incorporated)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2016-07-19] (Microsoft Corporation)
BHO-x32: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll [2016-07-01] (Siber Systems Inc.)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-01-26] (Oracle Corporation)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2014-09-12] (Adobe Systems Incorporated)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-01-08] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2014-01-22] (Microsoft Corporation)
BHO-x32: Kaspersky Protection plugin -> {C66D064F-82FE-4E1A-B06A-B2490BA48B18} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\IEExt\ie_plugin.dll [2015-12-07] (AO Kaspersky Lab)
BHO-x32: Free Download Manager -> {CC59E0F9-7E43-44FA-9FAA-8377850BF205} -> C:\Program Files (x86)\Free Download Manager\iefdm2.dll [2013-01-11] (FreeDownloadManager.ORG)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2016-06-14] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-26] (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-28] (Hewlett-Packard)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2014-09-12] (Adobe Systems Incorporated)
Toolbar: HKLM - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll [2016-07-01] (Siber Systems Inc.)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2014-09-12] (Adobe Systems Incorporated)
Toolbar: HKLM - Kaspersky Protection toolbar - {3507FA00-ADA2-4A02-99B9-51AD26CA9120} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\x64\IEExt\ie_plugin.dll [2015-12-07] (AO Kaspersky Lab)
Toolbar: HKLM-x32 - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll [2016-07-01] (Siber Systems Inc.)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2014-09-12] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Kaspersky Protection toolbar - {3507FA00-ADA2-4A02-99B9-51AD26CA9120} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\IEExt\ie_plugin.dll [2015-12-07] (AO Kaspersky Lab)
Toolbar: HKU\S-1-5-21-1349553858-4256529286-2489926899-1000 -> &RoboForm Toolbar - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll [2016-07-01] (Siber Systems Inc.)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2016-05-17] (Microsoft Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-01-08] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-01-08] (Microsoft Corporation)
 
FireFox:
========
FF ProfilePath: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\00wvzp5h.default
FF NetworkProxy: "autoconfig_url", "http://localhost:8080/proxy.pac"
FF NetworkProxy: "backup.ftp", "localhost"
FF NetworkProxy: "backup.ftp_port", 8080
FF NetworkProxy: "backup.socks", "localhost"
FF NetworkProxy: "backup.socks_port", 8080
FF NetworkProxy: "backup.ssl", "localhost"
FF NetworkProxy: "backup.ssl_port", 8080
FF NetworkProxy: "ftp", "localhost"
FF NetworkProxy: "ftp_port", 8080
FF NetworkProxy: "http", "localhost"
FF NetworkProxy: "http_port", 8080
FF NetworkProxy: "share_proxy_settings", true
FF NetworkProxy: "socks", "localhost"
FF NetworkProxy: "socks_port", 8080
FF NetworkProxy: "ssl", "localhost"
FF NetworkProxy: "ssl_port", 8080
FF NetworkProxy: "type", 2
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_22_0_0_209.dll [2016-07-12] ()
FF Plugin: @java.com/DTPlugin,version=10.79.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2015-08-10] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.79.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2015-08-10] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2014-04-28] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_22_0_0_209.dll [2016-07-12] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-26] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-26] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-07-19] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-22] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.7 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll [2014-09-12] (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-06-30] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2014-04-28] (Adobe Systems)
FF user.js: detected! => C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\00wvzp5h.default\user.js [2016-02-04]
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2016-07-19] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2016-06-30] (Adobe Systems Inc.)
FF Extension: Advanced Cookie Manager - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\00wvzp5h.default\extensions\[email protected] [2016-03-22]
FF Extension: Tamper Data - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\00wvzp5h.default\extensions\{9c51bd27-6ed8-4000-a2bf-36cb95c0c947}.xpi [2016-04-28]
FF Extension: SQL Inject Me - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\00wvzp5h.default\extensions\[email protected] [2016-04-28]
FF Extension: Disconnect - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\00wvzp5h.default\extensions\[email protected] [2016-07-04]
FF Extension: LeechBlock - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\00wvzp5h.default\extensions\{a95d8332-e4b4-6e7f-98ac-20b733364387} [2016-08-12]
FF Extension: Selenium IDE: C# Formatters - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\00wvzp5h.default\Extensions\[email protected] [2015-08-13] [not signed]
FF Extension: Firebug - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\00wvzp5h.default\Extensions\[email protected] [2016-06-21]
FF Extension: Selenium IDE: Java Formatters - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\00wvzp5h.default\Extensions\[email protected] [2015-08-13] [not signed]
FF Extension: Firefox Plug-n-Hack - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\00wvzp5h.default\Extensions\[email protected] [2015-09-13] [not signed]
FF Extension: Selenium IDE: Python Formatters - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\00wvzp5h.default\Extensions\[email protected] [2015-08-13] [not signed]
FF Extension: Selenium IDE: Ruby Formatters - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\00wvzp5h.default\Extensions\[email protected] [2015-08-13] [not signed]
FF Extension: Session Manager - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\00wvzp5h.default\Extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}.xpi [2016-03-22]
FF Extension: Selenium IDE - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\00wvzp5h.default\Extensions\{a6fd85ed-e919-4a43-a5af-8da18bda539f}.xpi [2015-08-13] [not signed]
FF Extension: AlexaTopSites - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\00wvzp5h.default\Extensions\{e14cea6e-3529-4033-81e0-6679f201d75d}.xpi [2016-07-19]
FF Extension: Skype - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2016-01-06]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2016-01-22] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\FFExt\light_plugin_firefox
FF Extension: Kaspersky Protection - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\FFExt\light_plugin_firefox [2016-06-11]
FF HKLM-x32\...\Firefox\Extensions: [{22119944-ED35-4ab1-910B-E619EA06A115}] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox\roboform.xpi
FF Extension: RoboForm Toolbar - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox\roboform.xpi [2016-07-01]
FF HKU\S-1-5-21-1349553858-4256529286-2489926899-1000\...\Firefox\Extensions: [{22119944-ED35-4ab1-910B-E619EA06A115}] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox\roboform.xpi
 
Chrome: 
=======
CHR StartupUrls: Default -> "hxxp://google.com/"
CHR DefaultSearchURL: Default -> hxxps://www.google.co.za/search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR DefaultSearchKeyword: Default -> google.co.za
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\52.0.2743.116\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\52.0.2743.116\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\52.0.2743.116\pdf.dll => No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll => No File
CHR Plugin: (Free Download Manager Click Catcher Plug-In for Netscape, Opera, Mozilla) - C:\Program Files (x86)\Google\Chrome\Application\plugins\npfdm.dll (FreeDownloadManager.org)
CHR Plugin: (Microsoft Office 2013) - C:\Program Files (x86)\Mozilla Firefox\plugins\npMeetingJoinPluginOC.dll (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2013) - C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll => No File
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll => No File
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll => No File
CHR Plugin: (Java™ Platform SE 7 U25) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll => No File
CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll => No File
CHR Plugin: (Java Deployment Toolkit 7.0.250.17) - C:\Windows\SysWOW64\npDeployJava1.dll => No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll => No File
CHR Profile: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (My World) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aemeppengemohiobmmjhfddbhcgkomhm [2013-10-05]
CHR Extension: (YouTube) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-25]
CHR Extension: (Adblock Plus) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-06-30]
CHR Extension: (OneTab) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\chphlpgkkbolifaimnlloiipkdnihall [2016-06-07]
CHR Extension: (Alexa Traffic Rank) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\cknebhggccemgcnbidipinkifmmegdel [2016-04-07]
CHR Extension: (Adblock for Youtube™) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmedhionkhpnakcndndgjdbohmhepckk [2016-03-08]
CHR Extension: (Google Search) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-28]
CHR Extension: (Xdebug helper) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\eadndfjplgieldjbigjakmdgkmoaaaoc [2016-03-29]
CHR Extension: (MozBar) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\eakacpaijcpapndcfffdgphdiccmpknp [2016-08-12]
CHR Extension: (Session Buddy) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\edacconmaakjimmfgnblocblbcdcpbko [2016-04-30]
CHR Extension: (Adobe Acrobat) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2015-11-09]
CHR Extension: (Version Check) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\eihipkpiiekmobooapflpdhpkpjohahe [2016-07-19]
CHR Extension: (Postman) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhbjgbiflinjbdggehcddcbncdddomop [2016-07-23]
CHR Extension: (EditThisCookie) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\fngmhnnpilhplaeedifhccceomclgfbg [2014-09-29]
CHR Extension: (Page load time) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\fploionmjgeclbkemipmkogoaohcdbig [2015-11-06]
CHR Extension: (Follow) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkakfimgbmogkpmjokgnbbanmmemcdij [2015-06-24]
CHR Extension: (Helium Backup) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpglbgbpeobllokpmeagpoagjbfknanl [2016-06-02]
CHR Extension: (Appspector) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\homgcnaoacgigpkkljjjekpignblkeae [2015-06-24]
CHR Extension: (AngularJS Batarang) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ighdmehidhipcmcojjgiloacoafjmpfk [2016-03-08]
CHR Extension: (Proxy Era) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\jdhebjohjpgicipoimkglgledckdalke [2015-06-24]
CHR Extension: (Disconnect) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\jeoacafpbcihiomhlakheieifhpjdfeo [2016-01-22]
CHR Extension: (SA ID Number Tools) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfomngnpkgnofbnhbimmebjhpohapkcl [2016-03-26]
CHR Extension: (Request Maker) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\kajfghlhfkcocafkcjlajldicbikpgnp [2015-06-24]
CHR Extension: (StayFocusd) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\laankejkbhbdhmipfmgcngdelahlfoji [2016-04-28]
CHR Extension: (Linkclump) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfpjkncokllnfokkgpkobnkbkmelfefj [2015-08-29]
CHR Extension: (Skype) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2016-05-28]
CHR Extension: (Chrome Web Store Payments) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-07]
CHR Extension: (WebRTC Network Limiter) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\npeicpdbkakmehahjeeohfdhnlpdklia [2016-01-13]
CHR Extension: (Recent Bookmarks) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\olndffocioplakeilhkgenfgdincjlpn [2016-05-18]
CHR Extension: (Proxy List - Free Proxies for everyone) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\omihnninlhneakfglooiofgdbpmnhjgn [2015-08-15]
CHR Extension: (Gmail) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-28]
CHR Extension: (Chrome Media Router) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-08-03]
CHR Extension: (RoboForm Password Manager) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnlccmojcmeohlpggmfnbbiapkmbliob [2016-03-19]
CHR HKLM\...\Chrome\Extension: [eahebamiopdhefndnmappcihfajigkka] - hxxps://chrome.google.com/webstore/detail/eahebamiopdhefndnmappcihfajigkka
CHR HKLM\...\Chrome\Extension: [pnlccmojcmeohlpggmfnbbiapkmbliob] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Chrome\rf-chrome.crx [2014-02-07]
CHR HKLM-x32\...\Chrome\Extension: [eahebamiopdhefndnmappcihfajigkka] - hxxps://chrome.google.com/webstore/detail/eahebamiopdhefndnmappcihfajigkka
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2014-09-12]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2016-01-08]
CHR HKLM-x32\...\Chrome\Extension: [pnlccmojcmeohlpggmfnbbiapkmbliob] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Chrome\rf-chrome.crx [2014-02-07]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AcuWVSSchedulerv10; C:\Program Files (x86)\Acunetix\Web Vulnerability Scanner 10\WVSScheduler.exe [2028296 2016-02-17] ()
R2 AdobeActiveFileMonitor12.0; C:\Program Files (x86)\Adobe\Elements 12 Organizer\PhotoshopElementsFileAgent.exe [181152 2013-09-03] (Adobe Systems Incorporated)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-05-29] (Apple Inc.)
R2 AVP16.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\avp.exe [194000 2015-12-07] (Kaspersky Lab ZAO)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1433216 2016-01-08] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1773696 2016-01-08] (Microsoft Corporation)
R2 CTService; C:\Program Files (x86)\Cold Turkey\\CTService.exe [329728 2016-04-07] (Felix Logic) [File not signed]
R2 DeltaCopyService; C:\DeltaCopy\DCServce.exe [683008 2009-11-23] (Synametrics Technologies) [File not signed]
R2 DirMngr; C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe [216576 2016-07-05] () [File not signed]
S4 EaseUS Agent; C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe [36936 2013-12-02] (CHENGDU YIWO Tech Development Co., Ltd) [File not signed]
R2 ESRV_SVC_WILLAMETTE; C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\esrv_svc.exe [416408 2016-03-09] ()
R2 Everything; C:\Program Files (x86)\Everything\Everything.exe [1048576 2014-08-06] () [File not signed] <==== ATTENTION
R2 FolderSize; C:\Program Files\FolderSize\FolderSizeSvc.exe [163840 2013-02-13] (Brio) [File not signed]
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1163200 2016-01-12] (NVIDIA Corporation)
S4 Guard Agent; C:\Program Files (x86)\EaseUS\Todo Backup\bin\GuardAgent.exe [23624 2013-09-04] (CHENGDU YIWO Tech Development Co., Ltd) [File not signed]
R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1037824 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [29760 2016-07-04] (HP Inc.)
S2 iBtSiva; C:\Program Files (x86)\Intel\Bluetooth\ibtsiva.exe [127216 2015-01-21] (Intel Corporation)
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2413056 2011-06-28] (Realsil Microelectronics Inc.) [File not signed]
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [319080 2015-06-04] (Intel Corporation)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel® Corporation)
S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2940704 2015-12-28] (IObit)
R2 Mobile Broadband HL Service; C:\ProgramData\MobileBrServ\mbbservice.exe [232288 2012-03-12] ()
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [268192 2016-02-08] ()
S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2008-12-03] (Hewlett-Packard) [File not signed]
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1879488 2016-01-12] (NVIDIA Corporation)
R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [6308288 2016-01-12] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [4812736 2016-01-12] (NVIDIA Corporation)
S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2008-12-03] (Hewlett-Packard) [File not signed]
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-03-01] (Riverbed Technology, Inc.)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 SystemUsageReportSvc_WILLAMETTE; C:\Program Files (x86)\Intel Driver Update Utility\SUR\SurSvc.exe [118424 2016-03-09] ()
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [7183632 2016-07-18] (TeamViewer GmbH)
S3 USER_ESRV_SVC_WILLAMETTE; C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\esrv_svc.exe [416408 2016-03-09] ()
R2 VMwareHostd; C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe [12465856 2015-10-18] ()
S4 vncserver; C:\Program Files\RealVNC\VNC Server\vncserver.exe [4774208 2013-01-22] (RealVNC Ltd)
S3 vssbrigde64; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\x64\vssbridge64.exe [144640 2015-07-09] (AO Kaspersky Lab)
R2 WDBackup; C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [1049464 2016-04-19] (Western Digital Technologies, Inc.)
R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [314744 2016-04-19] (Western Digital Technologies, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3833248 2016-02-08] (Intel® Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R0 amdkmpfd; C:\Windows\System32\DRIVERS\amdkmpfd.sys [36096 2013-05-21] (Advanced Micro Devices, Inc.)
S3 anvsnddrv; C:\Windows\System32\drivers\anvsnddrv.sys [33872 2011-11-28] (AnvSoft Inc.)
S3 btmaux; C:\Windows\System32\DRIVERS\btmaux.sys [141624 2014-10-28] (Motorola Solutions, Inc.)
S3 btmhsf; C:\Windows\System32\DRIVERS\btmhsf.sys [1448248 2014-11-26] (Motorola Solutions, Inc.)
R0 cm_km; C:\Windows\System32\DRIVERS\cm_km.sys [389816 2015-07-06] (Kaspersky Lab ZAO)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 epmntdrv; C:\Windows\system32\epmntdrv.sys [17480 2013-03-07] () [File not signed]
S3 epmntdrv; C:\Windows\SysWOW64\epmntdrv.sys [14920 2013-03-07] () [File not signed]
R0 EUBAKUP; C:\Windows\System32\drivers\eubakup.sys [61000 2013-09-04] (CHENGDU YIWO Tech Development Co., Ltd) [File not signed]
R0 EUBKMON; C:\Windows\System32\drivers\EUBKMON.sys [48200 2013-09-04] () [File not signed]
R1 EUDSKACS; C:\Windows\system32\drivers\eudskacs.sys [18504 2013-09-04] (CHENGDU YIWO Tech Development Co., Ltd) [File not signed]
R1 EUFDDISK; C:\Windows\system32\drivers\EuFdDisk.sys [189000 2013-09-04] (CHENGDU YIWO Tech Development Co., Ltd) [File not signed]
S3 EuGdiDrv; C:\Windows\system32\EuGdiDrv.sys [9800 2013-03-07] () [File not signed]
S3 EuGdiDrv; C:\Windows\SysWOW64\EuGdiDrv.sys [9160 2013-03-07] () [File not signed]
R1 HBtnKey; C:\Windows\System32\DRIVERS\wstbtndb.sys [9856 2007-09-14] (Lenovo)
S3 HSPADataCardusbmdm; C:\Windows\System32\DRIVERS\HSPADataCardusbmdm.sys [122752 2010-09-09] (HSPADataCard Incorporated)
S3 HSPADataCardusbnmea; C:\Windows\System32\DRIVERS\HSPADataCardusbnmea.sys [122752 2010-09-09] (HSPADataCard Incorporated)
S3 HSPADataCardusbser; C:\Windows\System32\DRIVERS\HSPADataCardusbser.sys [122752 2010-09-09] (HSPADataCard Incorporated)
R1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [26528 2015-08-30] (REALiX™)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [478392 2015-06-22] (Kaspersky Lab ZAO)
R0 klbackupdisk; C:\Windows\System32\DRIVERS\klbackupdisk.sys [53432 2015-06-06] (Kaspersky Lab ZAO)
R1 klbackupflt; C:\Windows\System32\DRIVERS\klbackupflt.sys [70000 2015-06-27] (Kaspersky Lab ZAO)
R2 kldisk; C:\Windows\System32\DRIVERS\kldisk.sys [77728 2016-06-11] (AO Kaspersky Lab)
R3 klflt; C:\Windows\System32\DRIVERS\klflt.sys [181640 2015-12-07] (AO Kaspersky Lab)
R1 klhk; C:\Windows\System32\DRIVERS\klhk.sys [237480 2016-06-11] (AO Kaspersky Lab)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [943536 2016-06-11] (AO Kaspersky Lab)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [49240 2016-06-11] (AO Kaspersky Lab)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [41144 2015-06-06] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [41648 2015-06-07] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [41352 2015-12-07] (AO Kaspersky Lab)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [65208 2015-06-11] (Kaspersky Lab ZAO)
R1 Klwtp; C:\Windows\System32\DRIVERS\klwtp.sys [103096 2015-06-16] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [187056 2015-06-23] (Kaspersky Lab ZAO)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [180264 2016-05-28] (Intel Corporation)
R3 NETwNs64; C:\Windows\System32\DRIVERS\NETwsw01.sys [11534096 2015-05-04] (Intel Corporation)
R3 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-03-01] (Riverbed Technology, Inc.)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [26560 2016-01-12] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [47760 2015-12-18] (NVIDIA Corporation)
S3 ptun0901; C:\Windows\System32\DRIVERS\ptun0901.sys [27136 2015-01-26] (The OpenVPN Project)
R0 PxHlpa64; C:\Windows\System32\drivers\PxHlpa64.sys [56336 2013-07-19] (Corel Corporation)
S3 qcusbser; C:\Windows\System32\DRIVERS\qcusbser.sys [270048 2015-07-22] (QUALCOMM Incorporated)
S3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [44544 2012-12-10] (Research in Motion Ltd)
S3 RSP2STOR; C:\Windows\System32\DRIVERS\RtsP2Stor.sys [328920 2016-05-28] (Realtek Semiconductor Corp.)
R3 semav6msr64; C:\Windows\system32\drivers\semav6msr64.sys [21984 2016-03-09] ()
S3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [31472 2014-03-31] (Synaptics Incorporated)
S3 tapSF0901; C:\Windows\System32\DRIVERS\tapSF0901.sys [39104 2013-05-29] (Spotflux, Inc.)
R4 tib; C:\Windows\System32\DRIVERS\tib.sys [1119672 2015-05-16] (Acronis)
R1 UimBus; C:\Windows\System32\DRIVERS\uimx64.sys [90960 2013-02-18] (Windows ® 2000 DDK provider)
R1 Uim_IM; C:\Windows\System32\Drivers\Uim_IMx64.sys [633680 2013-02-18] (Paragon)
R1 Uim_VIM; C:\Windows\System32\Drivers\uim_vimx64.sys [390352 2013-02-18] (Paragon)
S3 utg0nde2; C:\Windows\SysWOW64\Drivers\utg0nde2.sys [7168 2015-08-15] () [File not signed]
R1 VBoxNetAdp; C:\Windows\System32\DRIVERS\VBoxNetAdp6.sys [127456 2016-03-04] (Oracle Corporation)
R1 VBoxNetLwf; C:\Windows\System32\DRIVERS\VBoxNetLwf.sys [205784 2016-03-04] (Oracle Corporation)
R0 vsock; C:\Windows\System32\drivers\vsock.sys [75512 2015-10-18] (VMware, Inc.)
R2 vstor2-mntapi20-shared; C:\Windows\SysWow64\drivers\vstor2-mntapi20-shared.sys [34520 2015-07-09] (VMware, Inc.)
S3 BtAudioBusSrv; System32\Drivers\BtAudioBus.sys [X]
S3 BthL2caScoIfSrv; System32\Drivers\BtL2caScoIf.sys [X]
S3 btmaudio; system32\drivers\btmaud.sys [X]
S3 cpudrv64; \??\C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys [X]
S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]
U4 klkbdflt2; system32\DRIVERS\klkbdflt2.sys [X]
S3 RimUsb; System32\Drivers\RimUsb_AMD64.sys [X]
S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-08-12 13:46 - 2016-08-12 13:50 - 00053083 _____ C:\FRST.txt
2016-08-12 12:26 - 2016-08-12 12:26 - 09682416 _____ C:\Users\user\Desktop\GSI6_ASYLUM_user_08_12_2016_12_21_39.zip
2016-08-12 12:26 - 2016-08-12 12:26 - 00000000 ____D C:\ProgramData\sb6s
2016-08-12 12:22 - 2016-08-12 12:22 - 00000000 ____D C:\ProgramData\se2o
2016-08-12 12:22 - 2016-08-12 12:22 - 00000000 ____D C:\ProgramData\sccg
2016-08-12 12:21 - 2016-08-12 12:21 - 00000000 ____D C:\ProgramData\s3g8
2016-08-12 12:21 - 2016-08-12 12:21 - 00000000 ____D C:\ProgramData\s1l8
2016-08-12 12:10 - 2016-08-12 12:09 - 00005534 _____ C:\Windows\system32\Drivers\etc\hosts - Copy
2016-08-12 11:55 - 2016-08-12 11:41 - 02393600 ____N (Farbar) C:\FRST64.exe
2016-08-12 11:41 - 2016-08-12 13:50 - 00000000 ____D C:\FRST
2016-08-12 11:09 - 2016-08-12 11:09 - 00262144 _____ C:\Users\UpdatusUser
2016-08-12 11:07 - 2016-08-12 11:15 - 00000000 ____D C:\Users\user\SecurityScans
2016-08-12 11:07 - 2016-08-12 11:07 - 00001053 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Baseline Security Analyzer 2.3.lnk
2016-08-12 11:07 - 2016-08-12 11:07 - 00001041 _____ C:\Users\Public\Desktop\Microsoft Baseline Security Analyzer 2.3.lnk
2016-08-12 11:07 - 2016-08-12 11:07 - 00000000 ____D C:\Program Files\Microsoft Baseline Security Analyzer 2
2016-08-12 09:17 - 2016-08-12 13:45 - 00000014 _____ C:\Users\user\Documents\Working Copy of Untitled 1.txt
2016-08-11 11:39 - 2016-08-11 11:39 - 00000021 _____ C:\Windows\S.dirmngr
2016-08-10 12:46 - 2016-08-10 13:04 - 154890367 _____ C:\Users\user\Desktop\ACDC Express 2016 Main Catalogue.pdf
2016-08-10 11:26 - 2016-08-02 16:54 - 00394440 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-08-10 11:26 - 2016-08-02 16:08 - 00346312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2016-08-10 11:26 - 2016-08-02 08:54 - 25808384 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-08-10 11:26 - 2016-08-02 08:47 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-08-10 11:26 - 2016-08-02 08:47 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-08-10 11:26 - 2016-08-02 08:32 - 02894336 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-08-10 11:26 - 2016-08-02 08:32 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-08-10 11:26 - 2016-08-02 08:31 - 00572416 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-08-10 11:26 - 2016-08-02 08:31 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-08-10 11:26 - 2016-08-02 08:31 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-08-10 11:26 - 2016-08-02 08:31 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-08-10 11:26 - 2016-08-02 08:24 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-08-10 11:26 - 2016-08-02 08:23 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-08-10 11:26 - 2016-08-02 08:20 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-08-10 11:26 - 2016-08-02 08:19 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-08-10 11:26 - 2016-08-02 08:19 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-08-10 11:26 - 2016-08-02 08:18 - 06047744 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-08-10 11:26 - 2016-08-02 08:18 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-08-10 11:26 - 2016-08-02 08:18 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-08-10 11:26 - 2016-08-02 08:11 - 00969216 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-08-10 11:26 - 2016-08-02 08:08 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-08-10 11:26 - 2016-08-02 08:03 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2016-08-10 11:26 - 2016-08-02 08:00 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-08-10 11:26 - 2016-08-02 07:59 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2016-08-10 11:26 - 2016-08-02 07:56 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-08-10 11:26 - 2016-08-02 07:55 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-08-10 11:26 - 2016-08-02 07:54 - 20343808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-08-10 11:26 - 2016-08-02 07:53 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-08-10 11:26 - 2016-08-02 07:51 - 00497664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-08-10 11:26 - 2016-08-02 07:51 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2016-08-10 11:26 - 2016-08-02 07:51 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-08-10 11:26 - 2016-08-02 07:51 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2016-08-10 11:26 - 2016-08-02 07:51 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2016-08-10 11:26 - 2016-08-02 07:50 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2016-08-10 11:26 - 2016-08-02 07:47 - 02286592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-08-10 11:26 - 2016-08-02 07:45 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2016-08-10 11:26 - 2016-08-02 07:44 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2016-08-10 11:26 - 2016-08-02 07:42 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2016-08-10 11:26 - 2016-08-02 07:41 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-08-10 11:26 - 2016-08-02 07:41 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2016-08-10 11:26 - 2016-08-02 07:41 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2016-08-10 11:26 - 2016-08-02 07:40 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-08-10 11:26 - 2016-08-02 07:38 - 00806400 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-08-10 11:26 - 2016-08-02 07:38 - 00724992 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-08-10 11:26 - 2016-08-02 07:37 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-08-10 11:26 - 2016-08-02 07:36 - 02131456 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-08-10 11:26 - 2016-08-02 07:33 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2016-08-10 11:26 - 2016-08-02 07:29 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2016-08-10 11:26 - 2016-08-02 07:28 - 15412224 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-08-10 11:26 - 2016-08-02 07:28 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2016-08-10 11:26 - 2016-08-02 07:26 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2016-08-10 11:26 - 2016-08-02 07:25 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2016-08-10 11:26 - 2016-08-02 07:24 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2016-08-10 11:26 - 2016-08-02 07:23 - 02868224 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-08-10 11:26 - 2016-08-02 07:22 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2016-08-10 11:26 - 2016-08-02 07:21 - 04608000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-08-10 11:26 - 2016-08-02 07:16 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2016-08-10 11:26 - 2016-08-02 07:15 - 00692736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-08-10 11:26 - 2016-08-02 07:14 - 02055680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-08-10 11:26 - 2016-08-02 07:14 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2016-08-10 11:26 - 2016-08-02 07:11 - 13808128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-08-10 11:26 - 2016-08-02 07:10 - 01550848 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-08-10 11:26 - 2016-08-02 06:59 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-08-10 11:26 - 2016-08-02 06:56 - 02393088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-08-10 11:26 - 2016-08-02 06:53 - 01316352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-08-10 11:26 - 2016-08-02 06:51 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-08-10 11:26 - 2016-07-08 17:37 - 00154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-08-10 11:26 - 2016-07-08 17:37 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-08-10 11:26 - 2016-07-08 17:32 - 01464320 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-08-10 11:26 - 2016-07-08 17:32 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-08-10 11:26 - 2016-07-08 17:32 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-08-10 11:26 - 2016-07-08 17:32 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-08-10 11:26 - 2016-07-08 17:32 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2016-08-10 11:26 - 2016-07-08 17:32 - 00343552 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-08-10 11:26 - 2016-07-08 17:32 - 00316416 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-08-10 11:26 - 2016-07-08 17:32 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-08-10 11:26 - 2016-07-08 17:32 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-08-10 11:26 - 2016-07-08 17:32 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2016-08-10 11:26 - 2016-07-08 17:32 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-08-10 11:26 - 2016-07-08 17:32 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-08-10 11:26 - 2016-07-08 17:32 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-08-10 11:26 - 2016-07-08 17:32 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-08-10 11:26 - 2016-07-08 17:32 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-08-10 11:26 - 2016-07-08 17:32 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-08-10 11:26 - 2016-07-08 17:32 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-08-10 11:26 - 2016-07-08 17:32 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-08-10 11:26 - 2016-07-08 17:17 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2016-08-10 11:26 - 2016-07-08 17:17 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2016-08-10 11:26 - 2016-07-08 17:16 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2016-08-10 11:26 - 2016-07-08 17:16 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-08-10 11:26 - 2016-07-08 17:16 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2016-08-10 11:26 - 2016-07-08 17:16 - 00260608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2016-08-10 11:26 - 2016-07-08 17:16 - 00251392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2016-08-10 11:26 - 2016-07-08 17:16 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2016-08-10 11:26 - 2016-07-08 17:16 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2016-08-10 11:26 - 2016-07-08 17:16 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2016-08-10 11:26 - 2016-07-08 17:16 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2016-08-10 11:26 - 2016-07-08 17:16 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2016-08-10 11:26 - 2016-07-08 17:16 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2016-08-10 11:26 - 2016-07-08 17:16 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2016-08-10 11:26 - 2016-07-08 17:16 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2016-08-10 11:26 - 2016-07-08 17:03 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-08-10 11:26 - 2016-07-08 17:01 - 03218944 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-08-10 11:26 - 2016-07-08 16:57 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-08-10 11:26 - 2016-07-08 16:56 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-08-10 11:26 - 2016-07-08 16:56 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-08-10 11:26 - 2016-07-08 16:55 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2016-08-10 11:26 - 2016-07-08 16:55 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-08-10 11:26 - 2016-07-08 16:50 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2016-08-06 02:09 - 2016-08-06 02:09 - 00000000 ____D C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2016-08-04 01:23 - 2016-08-04 01:23 - 06638280 _____ (Tim Kosse) C:\Users\user\Downloads\FileZilla_3.20.0_win64-setup.exe
2016-08-03 21:24 - 2016-08-03 21:31 - 00000000 ____D C:\Users\user\AppData\Roaming\.kde
2016-08-03 21:24 - 2016-08-03 21:24 - 00000000 ____D C:\Users\user\AppData\Local\GNU
2016-08-03 21:22 - 2016-08-03 21:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gpg4win
2016-08-03 21:10 - 2016-08-03 21:14 - 26769168 _____ (g10 Code GmbH) C:\Users\user\Downloads\gpg4win-2.3.2.exe
2016-08-03 20:47 - 2016-08-12 11:56 - 00000000 ____D C:\tails-i386-2.5
2016-08-03 13:27 - 2016-08-03 13:27 - 00226385 _____ C:\Users\user\Downloads\tails-signing main for keyring.key
2016-08-03 13:26 - 2016-08-03 13:26 - 00000801 _____ C:\Users\user\Downloads\tails-i386-2.5.iso.sig
2016-08-03 13:19 - 2016-08-03 13:20 - 00226385 _____ C:\Users\user\Downloads\tails-signing.key
2016-08-03 13:17 - 2016-08-03 13:17 - 00088234 _____ C:\Users\user\Downloads\tails-i386-2.5.torrent
2016-08-03 13:12 - 2016-08-03 22:29 - 00000210 _____ C:\Users\user\Downloads\GhostCrypter Instructions.txt
2016-08-03 13:11 - 2016-08-03 13:12 - 03626138 _____ C:\Users\user\Downloads\GhostCrypter.zip
2016-08-02 23:53 - 2016-08-02 23:38 - 00011578 _____ C:\Users\user\Desktop\temp.html
2016-08-02 05:02 - 2016-08-02 05:02 - 00000316 _____ C:\Users\user\Desktop\flashupdat.json
2016-08-02 01:09 - 2016-08-02 01:09 - 00001397 _____ C:\Users\user\Desktop\how to enable PIA OpenVPN with port forward.txt
2016-07-31 19:00 - 2016-07-31 19:12 - 00001086 _____ C:\Users\user\Downloads\port_forward.sh
2016-07-31 17:47 - 2016-07-31 17:47 - 07934976 _____ C:\Users\user\Downloads\dd-wrt.v24-29519_NEWD-2_K3.x_mega-nv64k.bin
2016-07-31 17:47 - 2016-07-31 17:47 - 03560448 _____ C:\Users\user\Downloads\dd-wrt.v24-19519_NEWD-2_K2.6_mini-e1200v2.bin
2016-07-31 00:36 - 2016-07-31 21:35 - 00002028 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wireshark.lnk
2016-07-31 00:36 - 2016-07-31 00:36 - 00001595 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wireshark Legacy.lnk
2016-07-31 00:34 - 2016-07-31 00:35 - 47611856 _____ (Wireshark development team) C:\Users\user\Downloads\Wireshark-win64-2.0.5.exe
2016-07-30 01:19 - 2016-07-30 01:55 - 00000297 _____ C:\Users\user\Desktop\crypter bought.txt
2016-07-26 23:10 - 2016-07-26 23:10 - 00000000 ____D C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Kodi
2016-07-15 00:06 - 2016-07-15 00:06 - 19527360 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2016-07-13 21:52 - 2016-06-26 02:27 - 00970240 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2016-07-13 21:52 - 2016-06-26 02:27 - 00756736 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2016-07-13 21:52 - 2016-06-26 02:27 - 00344576 _____ (Microsoft Corporation) C:\Windows\system32\ntprint.dll
2016-07-13 21:52 - 2016-06-26 02:27 - 00166400 _____ (Microsoft Corporation) C:\Windows\system32\inetpp.dll
2016-07-13 21:52 - 2016-06-26 02:27 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\inetppui.dll
2016-07-13 21:52 - 2016-06-25 21:54 - 00497152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2016-07-13 21:52 - 2016-06-25 21:53 - 00297472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntprint.dll
2016-07-13 21:52 - 2016-06-25 21:53 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\ntprint.exe
2016-07-13 21:52 - 2016-06-25 21:53 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\wpnpinst.exe
2016-07-13 21:52 - 2016-06-25 21:41 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntprint.exe
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-08-12 13:50 - 2015-05-16 19:01 - 00000000 ____D C:\ProgramData\Acronis
2016-08-12 13:50 - 2015-05-16 19:01 - 00000000 ____D C:\Program Files (x86)\Acronis
2016-08-12 13:37 - 2013-07-16 22:49 - 00000000 ____D C:\Users\user\AppData\Roaming\VMware
2016-08-12 13:33 - 2013-07-16 22:49 - 00000000 ____D C:\Users\user\AppData\Local\VMware
2016-08-12 13:06 - 2015-06-12 20:55 - 00000914 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1349553858-4256529286-2489926899-1000UA.job
2016-08-12 13:06 - 2013-05-23 12:13 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-08-12 13:06 - 2013-02-25 20:36 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-08-12 13:02 - 2013-07-14 16:03 - 00000000 ____D C:\ProgramData\VMware
2016-08-12 12:25 - 2014-09-26 11:40 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2016-08-12 12:21 - 2015-05-16 19:01 - 00000000 ____D C:\Users\Acronis Agent User
2016-08-12 12:10 - 2015-05-26 15:30 - 00000000 ____D C:\Users\user\AppData\Roaming\Everything
2016-08-12 11:55 - 2013-03-14 00:24 - 00007639 _____ C:\Users\user\AppData\Local\Resmon.ResmonCfg
2016-08-12 11:47 - 2015-11-09 22:04 - 00000000 ____D C:\Users\user\Desktop\mush projects
2016-08-12 11:22 - 2009-07-14 06:45 - 00021904 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-08-12 11:22 - 2009-07-14 06:45 - 00021904 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-08-12 11:09 - 2009-07-14 06:45 - 00000000 ____D C:\Windows\ServiceProfiles
2016-08-12 08:33 - 2015-06-24 02:33 - 00000332 _____ C:\Windows\Tasks\Bidaily Synchronize Task[973b].job
2016-08-12 07:29 - 2013-02-27 21:46 - 00000000 ____D C:\Users\user\Documents\Outlook Files
2016-08-12 07:24 - 2014-09-01 23:58 - 00000000 ____D C:\Users\user\AppData\Local\Adobe
2016-08-11 21:06 - 2015-06-12 20:55 - 00000862 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1349553858-4256529286-2489926899-1000Core.job
2016-08-11 17:52 - 2013-03-15 12:15 - 00000000 ____D C:\Users\user\AppData\Roaming\Skype
2016-08-11 16:04 - 2009-07-14 07:13 - 00791426 _____ C:\Windows\system32\PerfStringBackup.INI
2016-08-11 16:04 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\inf
2016-08-11 16:02 - 2016-02-04 12:25 - 00002868 _____ C:\Windows\System32\Tasks\Driver Booster SkipUAC (user)
2016-08-11 16:01 - 2014-08-17 15:36 - 00003758 _____ C:\Windows\System32\Tasks\AutoKMS
2016-08-11 16:01 - 2013-08-30 19:56 - 00003914 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{CA25E607-A6F0-4448-8465-8ACA0A5B6C75}
2016-08-11 15:59 - 2013-02-28 16:51 - 00000000 ____D C:\Users\user\AppData\Roaming\Free Download Manager
2016-08-11 11:39 - 2015-05-12 22:59 - 00008192 _____ C:\Windows\SysWOW64\WDPABKP.dat
2016-08-11 11:39 - 2014-06-29 14:02 - 00000000 __SHD C:\Users\user\IntelGraphicsProfiles
2016-08-11 11:39 - 2013-02-25 20:36 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-08-11 11:39 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-08-10 22:48 - 2015-08-30 12:52 - 00000000 ____D C:\Users\user\AppData\Local\IPVanish
2016-08-10 22:48 - 2015-06-22 01:04 - 00000000 ____D C:\Program Files (x86)\IPVanish
2016-08-10 22:46 - 2016-06-08 20:20 - 00000000 ____D C:\Users\user\AppData\Roaming\uTorrent
2016-08-10 22:39 - 2013-03-01 00:18 - 00000000 ____D C:\Users\user\AppData\Roaming\vlc
2016-08-10 15:39 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2016-08-10 13:15 - 2009-07-14 06:45 - 05078688 _____ C:\Windows\system32\FNTCACHE.DAT
2016-08-10 13:05 - 2013-02-27 21:35 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2016-08-10 13:05 - 2009-07-14 04:34 - 00000478 _____ C:\Windows\win.ini
2016-08-10 13:04 - 2013-07-25 12:14 - 00000000 ____D C:\Windows\system32\MRT
2016-08-10 12:57 - 2013-02-25 16:17 - 147640136 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-08-10 09:15 - 2015-08-30 15:32 - 00000000 ____D C:\ProgramData\ProductData
2016-08-09 20:00 - 2015-07-09 23:54 - 00000000 ____D C:\Users\user\AppData\Roaming\Kodi
2016-08-09 08:28 - 2016-05-31 09:14 - 00000328 _____ C:\Windows\Tasks\HPCeeScheduleForuser.job
2016-08-09 07:12 - 2016-05-31 09:14 - 00003180 _____ C:\Windows\System32\Tasks\HPCeeScheduleForuser
2016-08-08 23:08 - 2013-02-25 20:38 - 00002155 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-08-07 11:14 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\NDF
2016-08-06 02:09 - 2013-07-11 12:57 - 00000000 ____D C:\Users\user\AppData\Roaming\Dropbox
2016-08-05 15:24 - 2016-02-10 10:52 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-08-04 12:07 - 2016-02-05 11:00 - 03285539 ____H C:\Users\user\AppData\Local\IconCache.db.backup
2016-08-04 02:11 - 2013-12-22 17:57 - 00000000 ____D C:\Users\user\AppData\Local\CrashDumps
2016-08-04 01:24 - 2013-03-25 16:01 - 00000000 ____D C:\Users\user\AppData\Roaming\FileZilla
2016-08-04 01:23 - 2013-09-14 19:44 - 00000000 ____D C:\Program Files (x86)\FileZilla FTP Client
2016-08-04 01:23 - 2013-03-25 16:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
2016-08-03 21:32 - 2015-11-17 10:16 - 00000000 ____D C:\Users\user\AppData\Roaming\gnupg
2016-08-03 20:47 - 2014-01-14 19:01 - 00000000 ____D C:\DeltaCopy
2016-08-03 18:14 - 2013-03-15 12:15 - 00000000 ___RD C:\Program Files (x86)\Skype
2016-08-03 18:14 - 2013-03-15 12:15 - 00000000 ____D C:\ProgramData\Skype
2016-08-01 22:48 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\registration
2016-07-31 22:27 - 2013-06-18 13:40 - 00000600 _____ C:\Users\user\AppData\Local\PUTTY.RND
2016-07-31 17:58 - 2015-02-07 15:39 - 00000000 ____D C:\Users\user\AppData\Local\ElevatedDiagnostics
2016-07-31 00:40 - 2014-10-05 14:05 - 00000000 ____D C:\Users\user\AppData\Roaming\Wireshark
2016-07-31 00:36 - 2014-10-05 13:45 - 00000000 ____D C:\Program Files\Wireshark
2016-07-31 00:36 - 2014-09-19 11:57 - 00000000 ____D C:\ProgramData\Package Cache
2016-07-30 23:30 - 2016-06-20 14:26 - 00003152 _____ C:\Windows\System32\Tasks\Private Internet Access Startup
2016-07-30 23:30 - 2016-06-20 14:26 - 00000000 ____D C:\Program Files\pia_manager
2016-07-29 21:49 - 2013-10-10 21:41 - 00000000 ____D C:\Users\user\vpworkspace
2016-07-29 21:49 - 2013-10-10 21:37 - 00000000 ____D C:\Program Files (x86)\Visual Paradigm for UML 10.0
2016-07-29 14:01 - 2013-02-25 20:36 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-07-29 14:01 - 2013-02-25 20:36 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2016-07-29 13:23 - 2013-02-25 18:20 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2016-07-26 23:10 - 2015-07-09 21:47 - 00000000 ____D C:\Program Files (x86)\Kodi
2016-07-24 19:50 - 2015-11-06 22:38 - 00000931 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 11.lnk
2016-07-23 12:35 - 2016-06-21 18:37 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-07-23 11:56 - 2014-12-21 00:52 - 00000000 ____D C:\Users\user\AppData\Roaming\streamWriter
2016-07-23 11:46 - 2014-12-21 00:52 - 00000000 ____D C:\Program Files (x86)\streamWriter
2016-07-17 21:49 - 2016-01-12 15:20 - 00000000 ____D C:\Users\user\Desktop\UNISA
2016-07-16 11:40 - 2015-01-08 11:22 - 00004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2016-07-15 00:06 - 2013-05-23 12:13 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-07-15 00:06 - 2013-04-19 09:57 - 00796352 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-07-15 00:06 - 2013-04-19 09:57 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
 
==================== Files in the root of some directories =======
 
2013-12-06 16:17 - 2013-12-06 16:36 - 0000132 _____ () C:\Users\user\AppData\Roaming\Adobe PNG Format CS6 Prefs
2013-11-23 13:53 - 2015-10-22 13:55 - 0000087 _____ () C:\Users\user\AppData\Roaming\Camdata.ini
2013-11-23 13:53 - 2015-10-22 13:55 - 0000408 _____ () C:\Users\user\AppData\Roaming\CamLayout.ini
2013-11-23 13:53 - 2015-10-22 13:55 - 0000408 _____ () C:\Users\user\AppData\Roaming\CamShapes.ini
2013-11-23 13:53 - 2015-10-22 13:55 - 0004522 _____ () C:\Users\user\AppData\Roaming\CamStudio.cfg
2014-06-10 23:42 - 2014-06-11 00:29 - 0000154 _____ () C:\Users\user\AppData\Roaming\Rim.Desktop.Exception.log
2014-06-10 23:41 - 2014-06-25 14:22 - 0002671 _____ () C:\Users\user\AppData\Roaming\Rim.Desktop.HttpServerSetup.log
2014-06-10 23:42 - 2014-06-11 00:29 - 0000154 _____ () C:\Users\user\AppData\Roaming\Rim.DesktopHelper.Exception.log
2015-05-24 13:09 - 2015-05-24 13:09 - 0002154 _____ () C:\Users\user\AppData\Roaming\SAS7_000.DAT
2014-10-20 18:43 - 2014-10-20 18:43 - 0000038 ___SH () C:\Users\user\AppData\Local\69ff07055291669bb2b218.72821112
2013-03-25 18:47 - 2016-05-20 09:28 - 0001456 _____ () C:\Users\user\AppData\Local\Adobe Save for Web 13.0 Prefs
2013-06-18 13:40 - 2016-07-31 22:27 - 0000600 _____ () C:\Users\user\AppData\Local\PUTTY.RND
2013-03-14 00:24 - 2016-08-12 11:55 - 0007639 _____ () C:\Users\user\AppData\Local\Resmon.ResmonCfg
2014-02-14 23:16 - 2014-02-14 23:16 - 0000032 RSHOT () C:\Users\user\AppData\Local\t70rc.dat
2013-07-14 14:22 - 2013-07-14 14:23 - 0000097 __RSH () C:\ProgramData\1.12.5.lic
2013-02-28 22:41 - 2013-02-28 22:41 - 0000057 _____ () C:\ProgramData\Ament.ini
2015-08-27 22:04 - 2015-08-27 22:33 - 0000357 _____ () C:\ProgramData\hpzinstall.log
2013-03-06 21:50 - 2013-03-06 21:50 - 0000104 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
 
Some files in TEMP:
====================
C:\Users\user\AppData\Local\Temp\IPVanish-Setup-2.1.2.0.exe
C:\Users\user\AppData\Local\Temp\RoboForm-Setup.exe
C:\Users\user\AppData\Local\Temp\sqlite-3.7.2-sqlitejdbc.dll
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-08-06 00:26
 
==================== End of FRST.txt ============================
 
 
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 11-08-2016 01
Ran by user (administrator) on ASYLUM (12-08-2016 13:50:40)
Running from C:\
Loaded Profiles: user (Available Profiles: user)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
() C:\Program Files (x86)\Acunetix\Web Vulnerability Scanner 10\WVSScheduler.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 12 Organizer\PhotoshopElementsFileAgent.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\avp.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Felix Logic) C:\Program Files (x86)\Cold Turkey\CTService.exe
(Synametrics Technologies) C:\DeltaCopy\DCServce.exe
() C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe
() C:\DeltaCopy\rsync.exe
() C:\Program Files (x86)\Everything\Everything.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Brio) C:\Program Files\FolderSize\FolderSizeSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\ProgramData\MobileBrServ\mbbService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
() C:\Program Files (x86)\Intel Driver Update Utility\SUR\SurSvc.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe
() C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\avpui.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.31.5\GoogleCrashHandler.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Brio) C:\Program Files\FolderSize\FolderSize.exe
(Flux Software LLC) C:\Users\user\AppData\Local\FluxSoftware\Flux\flux.exe
(WordWeb Software) C:\Program Files (x86)\WordWeb\wweb32.exe
(Siber Systems) C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.31.5\GoogleCrashHandler64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe
(VMware, Inc.) C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe
(Samsung Electronics.) C:\Program Files (x86)\Samsung\Samsung Magician\Samsung Magician.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
() C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\esrv.exe
(IObit) C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe
() C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\esrv.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(Just Great Software) C:\Program Files (x86)\Just Great Software\EditPadPro7\EditPadPro7.exe
() C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\esrv_svc.exe
() C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\esrv.exe
() C:\Program Files (x86)\Everything\Everything.exe
(VMware, Inc.) C:\Program Files (x86)\VMware\VMware Workstation\vmware.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(VMware, Inc.) C:\Program Files (x86)\VMware\VMware Workstation\vmware-unity-helper.exe
(VMware, Inc.) C:\Program Files (x86)\VMware\VMware Workstation\x64\vmware-vmx.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1425408 2014-06-13] (IDT, Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2780400 2013-09-11] (Synaptics Incorporated)
HKLM\...\Run: [BLEServicesCtrl] => C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe [184632 2013-11-13] (Motorola Solutions, Inc.)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2787264 2016-01-12] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284440 2011-11-29] (Intel Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-05-15] (Apple Inc.)
HKLM-x32\...\Run: [HP CoolSense] => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [1343904 2012-11-05] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [WD Quick View] => C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe [5571944 2016-04-19] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [Everything] => C:\Program Files (x86)\Everything\Everything.exe [1048576 2014-08-06] ()
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3499920 2014-09-12] (Adobe Systems Inc.)
HKLM-x32\...\Run: [vmware-tray.exe] => C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe [104128 2015-10-18] (VMware, Inc.)
Winlogon\Notify\igfxcui: igfxdev.dll [X]
HKU\S-1-5-21-1349553858-4256529286-2489926899-1000\...\Run: [Free Download Manager] => C:\Program Files (x86)\Free Download Manager\fdm.exe [6864896 2013-01-30] (FreeDownloadManager.ORG)
HKU\S-1-5-21-1349553858-4256529286-2489926899-1000\...\Run: [Folder Size] => C:\Program Files\FolderSize\FolderSize.exe [169472 2013-02-13] (Brio)
HKU\S-1-5-21-1349553858-4256529286-2489926899-1000\...\Run: [CAHeadless] => C:\Program Files (x86)\Adobe\Elements 12 Organizer\CAHeadless\ElementsAutoAnalyzer.exe [1400224 2013-09-03] (Adobe Systems Incorporated)
HKU\S-1-5-21-1349553858-4256529286-2489926899-1000\...\Run: [Dropbox Update] => C:\Users\user\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-12] (Dropbox, Inc.)
HKU\S-1-5-21-1349553858-4256529286-2489926899-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [29494400 2016-07-13] (Skype Technologies S.A.)
HKU\S-1-5-21-1349553858-4256529286-2489926899-1000\...\Run: [f.lux] => C:\Users\user\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-24] (Flux Software LLC)
HKU\S-1-5-21-1349553858-4256529286-2489926899-1000\...\Run: [WordWeb] => C:\Program Files (x86)\WordWeb\wweb32.exe [82048 2015-10-06] (WordWeb Software)
HKU\S-1-5-21-1349553858-4256529286-2489926899-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-1349553858-4256529286-2489926899-1000\...\Run: [RoboForm] => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [110376 2016-07-01] (Siber Systems)
HKU\S-1-5-21-1349553858-4256529286-2489926899-1000\...\MountPoints2: {07698f14-65f4-11e5-9c45-005056c00008} - G:\AutoRun.exe
HKU\S-1-5-21-1349553858-4256529286-2489926899-1000\...\MountPoints2: {1a8600e1-95d8-11e2-bc8c-84a6c88ade36} - F:\AutoRun.exe
HKU\S-1-5-21-1349553858-4256529286-2489926899-1000\...\MountPoints2: {2848c8fb-b896-11e2-8d40-84a6c88ade36} - F:\VMC_PBStarter.exe
HKU\S-1-5-21-1349553858-4256529286-2489926899-1000\...\MountPoints2: {2848c908-b896-11e2-8d40-84a6c88ade36} - F:\VMC_PBStarter.exe
HKU\S-1-5-21-1349553858-4256529286-2489926899-1000\...\MountPoints2: {28ff26a7-b707-11e2-9bd6-84a6c88ade36} - F:\VMC_PBStarter.exe
HKU\S-1-5-21-1349553858-4256529286-2489926899-1000\...\MountPoints2: {6e039260-b892-11e2-aa1c-84a6c88ade36} - F:\VMC_PBStarter.exe
HKU\S-1-5-21-1349553858-4256529286-2489926899-1000\...\MountPoints2: {6f878799-b89f-11e2-bb40-84a6c88ade36} - F:\VMC_PBStarter.exe
HKU\S-1-5-21-1349553858-4256529286-2489926899-1000\...\MountPoints2: {6f87879b-b89f-11e2-bb40-84a6c88ade36} - F:\VMC_PBStarter.exe
HKU\S-1-5-21-1349553858-4256529286-2489926899-1000\...\MountPoints2: {6f87879d-b89f-11e2-bb40-84a6c88ade36} - F:\VMC_PBStarter.exe
HKU\S-1-5-21-1349553858-4256529286-2489926899-1000\...\MountPoints2: {d1f3f706-88ff-11e2-950d-84a6c88ade36} - F:\VMC_PBStarter.exe
HKU\S-1-5-21-1349553858-4256529286-2489926899-1000\...\MountPoints2: {eeaf36f8-3403-11e1-8c15-806e6f6e6963} - "E:\Install Navigator.exe"
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [175368 2016-01-23] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [153392 2016-01-23] (NVIDIA Corporation)
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt64.38.dll [2016-08-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt64.38.dll [2016-08-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt64.38.dll [2016-08-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt64.38.dll [2016-08-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt64.38.dll [2016-08-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt64.38.dll [2016-08-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt64.38.dll [2016-08-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt64.38.dll [2016-08-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt.38.dll [2016-08-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt.38.dll [2016-08-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt.38.dll [2016-08-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt.38.dll [2016-08-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt.38.dll [2016-08-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt.38.dll [2016-08-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt.38.dll [2016-08-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt.38.dll [2016-08-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt.38.dll [2016-08-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt.38.dll [2016-08-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt.38.dll [2016-08-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt.38.dll [2016-08-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt.38.dll [2016-08-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt.38.dll [2016-08-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt.38.dll [2016-08-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt.38.dll [2016-08-01] (Dropbox, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled [2015-08-30] ()
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
ProxyServer: [.DEFAULT] => localhost:8080
ProxyServer: [S-1-5-21-1349553858-4256529286-2489926899-1000] => 195.154.91.100:3128
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 10.0.0.1
Tcpip\..\Interfaces\{121D1369-C077-49C8-8FF6-E5169B3FE032}: [DhcpNameServer] 10.0.0.1
Tcpip\..\Interfaces\{4ECFCCE0-A497-4EB5-BF5C-7A4E2BD7400D}: [DhcpNameServer] 192.168.1.1 192.168.1.1
Tcpip\..\Interfaces\{744C9C2B-4D14-4DAA-8A30-CE8E58B4F37D}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{93C39E02-9877-4B9B-A080-1C778CF6F157}: [DhcpNameServer] 192.168.1.99 192.168.1.99
Tcpip\..\Interfaces\{9A96CD03-69C7-407C-A2C4-4CA96D8C7BEA}: [DhcpNameServer] 192.168.1.1 192.168.1.1
 
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = 
HKU\S-1-5-21-1349553858-4256529286-2489926899-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKU\S-1-5-21-1349553858-4256529286-2489926899-1000 -> {978671A5-5EB2-4B0B-8685-DA1FE2FBACD1} URL = hxxps://www.google.com/search?q={searchTerms}
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer.dll [2015-11-12] (IObit)
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2016-07-19] (Microsoft Corporation)
BHO: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll [2016-07-01] (Siber Systems Inc.)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2015-08-10] (Oracle Corporation)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2014-09-12] (Adobe Systems Incorporated)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-01-08] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2014-01-23] (Microsoft Corporation)
BHO: Kaspersky Protection plugin -> {C66D064F-82FE-4E1A-B06A-B2490BA48B18} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\x64\IEExt\ie_plugin.dll [2015-12-07] (AO Kaspersky Lab)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2016-06-14] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2015-08-10] (Oracle Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28] (Hewlett-Packard)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2014-09-12] (Adobe Systems Incorporated)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2016-07-19] (Microsoft Corporation)
BHO-x32: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll [2016-07-01] (Siber Systems Inc.)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-01-26] (Oracle Corporation)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2014-09-12] (Adobe Systems Incorporated)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-01-08] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2014-01-22] (Microsoft Corporation)
BHO-x32: Kaspersky Protection plugin -> {C66D064F-82FE-4E1A-B06A-B2490BA48B18} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\IEExt\ie_plugin.dll [2015-12-07] (AO Kaspersky Lab)
BHO-x32: Free Download Manager -> {CC59E0F9-7E43-44FA-9FAA-8377850BF205} -> C:\Program Files (x86)\Free Download Manager\iefdm2.dll [2013-01-11] (FreeDownloadManager.ORG)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2016-06-14] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-26] (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-28] (Hewlett-Packard)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2014-09-12] (Adobe Systems Incorporated)
Toolbar: HKLM - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll [2016-07-01] (Siber Systems Inc.)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2014-09-12] (Adobe Systems Incorporated)
Toolbar: HKLM - Kaspersky Protection toolbar - {3507FA00-ADA2-4A02-99B9-51AD26CA9120} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\x64\IEExt\ie_plugin.dll [2015-12-07] (AO Kaspersky Lab)
Toolbar: HKLM-x32 - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll [2016-07-01] (Siber Systems Inc.)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2014-09-12] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Kaspersky Protection toolbar - {3507FA00-ADA2-4A02-99B9-51AD26CA9120} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\IEExt\ie_plugin.dll [2015-12-07] (AO Kaspersky Lab)
Toolbar: HKU\S-1-5-21-1349553858-4256529286-2489926899-1000 -> &RoboForm Toolbar - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll [2016-07-01] (Siber Systems Inc.)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2016-05-17] (Microsoft Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-01-08] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-01-08] (Microsoft Corporation)
 
FireFox:
========
FF ProfilePath: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\00wvzp5h.default
FF NetworkProxy: "autoconfig_url", "http://localhost:8080/proxy.pac"
FF NetworkProxy: "backup.ftp", "localhost"
FF NetworkProxy: "backup.ftp_port", 8080
FF NetworkProxy: "backup.socks", "localhost"
FF NetworkProxy: "backup.socks_port", 8080
FF NetworkProxy: "backup.ssl", "localhost"
FF NetworkProxy: "backup.ssl_port", 8080
FF NetworkProxy: "ftp", "localhost"
FF NetworkProxy: "ftp_port", 8080
FF NetworkProxy: "http", "localhost"
FF NetworkProxy: "http_port", 8080
FF NetworkProxy: "share_proxy_settings", true
FF NetworkProxy: "socks", "localhost"
FF NetworkProxy: "socks_port", 8080
FF NetworkProxy: "ssl", "localhost"
FF NetworkProxy: "ssl_port", 8080
FF NetworkProxy: "type", 2
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_22_0_0_209.dll [2016-07-12] ()
FF Plugin: @java.com/DTPlugin,version=10.79.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2015-08-10] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.79.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2015-08-10] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2014-04-28] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_22_0_0_209.dll [2016-07-12] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-26] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-26] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-07-19] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-22] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.7 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll [2014-09-12] (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-06-30] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2014-04-28] (Adobe Systems)
FF user.js: detected! => C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\00wvzp5h.default\user.js [2016-02-04]
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2016-07-19] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2016-06-30] (Adobe Systems Inc.)
FF Extension: Advanced Cookie Manager - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\00wvzp5h.default\extensions\[email protected] [2016-03-22]
FF Extension: Tamper Data - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\00wvzp5h.default\extensions\{9c51bd27-6ed8-4000-a2bf-36cb95c0c947}.xpi [2016-04-28]
FF Extension: SQL Inject Me - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\00wvzp5h.default\extensions\[email protected] [2016-04-28]
FF Extension: Disconnect - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\00wvzp5h.default\extensions\[email protected] [2016-07-04]
FF Extension: LeechBlock - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\00wvzp5h.default\extensions\{a95d8332-e4b4-6e7f-98ac-20b733364387} [2016-08-12]
FF Extension: Selenium IDE: C# Formatters - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\00wvzp5h.default\Extensions\[email protected] [2015-08-13] [not signed]
FF Extension: Firebug - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\00wvzp5h.default\Extensions\[email protected] [2016-06-21]
FF Extension: Selenium IDE: Java Formatters - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\00wvzp5h.default\Extensions\[email protected] [2015-08-13] [not signed]
FF Extension: Firefox Plug-n-Hack - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\00wvzp5h.default\Extensions\[email protected] [2015-09-13] [not signed]
FF Extension: Selenium IDE: Python Formatters - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\00wvzp5h.default\Extensions\[email protected] [2015-08-13] [not signed]
FF Extension: Selenium IDE: Ruby Formatters - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\00wvzp5h.default\Extensions\[email protected] [2015-08-13] [not signed]
FF Extension: Session Manager - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\00wvzp5h.default\Extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}.xpi [2016-03-22]
FF Extension: Selenium IDE - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\00wvzp5h.default\Extensions\{a6fd85ed-e919-4a43-a5af-8da18bda539f}.xpi [2015-08-13] [not signed]
FF Extension: AlexaTopSites - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\00wvzp5h.default\Extensions\{e14cea6e-3529-4033-81e0-6679f201d75d}.xpi [2016-07-19]
FF Extension: Skype - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2016-01-06]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2016-01-22] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\FFExt\light_plugin_firefox
FF Extension: Kaspersky Protection - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\FFExt\light_plugin_firefox [2016-06-11]
FF HKLM-x32\...\Firefox\Extensions: [{22119944-ED35-4ab1-910B-E619EA06A115}] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox\roboform.xpi
FF Extension: RoboForm Toolbar - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox\roboform.xpi [2016-07-01]
FF HKU\S-1-5-21-1349553858-4256529286-2489926899-1000\...\Firefox\Extensions: [{22119944-ED35-4ab1-910B-E619EA06A115}] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox\roboform.xpi
 
Chrome: 
=======
CHR StartupUrls: Default -> "hxxp://google.com/"
CHR DefaultSearchURL: Default -> hxxps://www.google.co.za/search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR DefaultSearchKeyword: Default -> google.co.za
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\52.0.2743.116\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\52.0.2743.116\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\52.0.2743.116\pdf.dll => No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll => No File
CHR Plugin: (Free Download Manager Click Catcher Plug-In for Netscape, Opera, Mozilla) - C:\Program Files (x86)\Google\Chrome\Application\plugins\npfdm.dll (FreeDownloadManager.org)
CHR Plugin: (Microsoft Office 2013) - C:\Program Files (x86)\Mozilla Firefox\plugins\npMeetingJoinPluginOC.dll (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2013) - C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll => No File
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll => No File
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll => No File
CHR Plugin: (Java™ Platform SE 7 U25) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll => No File
CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll => No File
CHR Plugin: (Java Deployment Toolkit 7.0.250.17) - C:\Windows\SysWOW64\npDeployJava1.dll => No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll => No File
CHR Profile: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (My World) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aemeppengemohiobmmjhfddbhcgkomhm [2013-10-05]
CHR Extension: (YouTube) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-25]
CHR Extension: (Adblock Plus) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-06-30]
CHR Extension: (OneTab) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\chphlpgkkbolifaimnlloiipkdnihall [2016-06-07]
CHR Extension: (Alexa Traffic Rank) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\cknebhggccemgcnbidipinkifmmegdel [2016-04-07]
CHR Extension: (Adblock for Youtube™) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmedhionkhpnakcndndgjdbohmhepckk [2016-03-08]
CHR Extension: (Google Search) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-28]
CHR Extension: (Xdebug helper) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\eadndfjplgieldjbigjakmdgkmoaaaoc [2016-03-29]
CHR Extension: (MozBar) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\eakacpaijcpapndcfffdgphdiccmpknp [2016-08-12]
CHR Extension: (Session Buddy) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\edacconmaakjimmfgnblocblbcdcpbko [2016-04-30]
CHR Extension: (Adobe Acrobat) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2015-11-09]
CHR Extension: (Version Check) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\eihipkpiiekmobooapflpdhpkpjohahe [2016-07-19]
CHR Extension: (Postman) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhbjgbiflinjbdggehcddcbncdddomop [2016-07-23]
CHR Extension: (EditThisCookie) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\fngmhnnpilhplaeedifhccceomclgfbg [2014-09-29]
CHR Extension: (Page load time) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\fploionmjgeclbkemipmkogoaohcdbig [2015-11-06]
CHR Extension: (Follow) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkakfimgbmogkpmjokgnbbanmmemcdij [2015-06-24]
CHR Extension: (Helium Backup) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpglbgbpeobllokpmeagpoagjbfknanl [2016-06-02]
CHR Extension: (Appspector) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\homgcnaoacgigpkkljjjekpignblkeae [2015-06-24]
CHR Extension: (AngularJS Batarang) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ighdmehidhipcmcojjgiloacoafjmpfk [2016-03-08]
CHR Extension: (Proxy Era) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\jdhebjohjpgicipoimkglgledckdalke [2015-06-24]
CHR Extension: (Disconnect) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\jeoacafpbcihiomhlakheieifhpjdfeo [2016-01-22]
CHR Extension: (SA ID Number Tools) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfomngnpkgnofbnhbimmebjhpohapkcl [2016-03-26]
CHR Extension: (Request Maker) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\kajfghlhfkcocafkcjlajldicbikpgnp [2015-06-24]
CHR Extension: (StayFocusd) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\laankejkbhbdhmipfmgcngdelahlfoji [2016-04-28]
CHR Extension: (Linkclump) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfpjkncokllnfokkgpkobnkbkmelfefj [2015-08-29]
CHR Extension: (Skype) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2016-05-28]
CHR Extension: (Chrome Web Store Payments) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-07]
CHR Extension: (WebRTC Network Limiter) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\npeicpdbkakmehahjeeohfdhnlpdklia [2016-01-13]
CHR Extension: (Recent Bookmarks) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\olndffocioplakeilhkgenfgdincjlpn [2016-05-18]
CHR Extension: (Proxy List - Free Proxies for everyone) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\omihnninlhneakfglooiofgdbpmnhjgn [2015-08-15]
CHR Extension: (Gmail) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-28]
CHR Extension: (Chrome Media Router) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-08-03]
CHR Extension: (RoboForm Password Manager) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnlccmojcmeohlpggmfnbbiapkmbliob [2016-03-19]
CHR HKLM\...\Chrome\Extension: [eahebamiopdhefndnmappcihfajigkka] - hxxps://chrome.google.com/webstore/detail/eahebamiopdhefndnmappcihfajigkka
CHR HKLM\...\Chrome\Extension: [pnlccmojcmeohlpggmfnbbiapkmbliob] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Chrome\rf-chrome.crx [2014-02-07]
CHR HKLM-x32\...\Chrome\Extension: [eahebamiopdhefndnmappcihfajigkka] - hxxps://chrome.google.com/webstore/detail/eahebamiopdhefndnmappcihfajigkka
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2014-09-12]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2016-01-08]
CHR HKLM-x32\...\Chrome\Extension: [pnlccmojcmeohlpggmfnbbiapkmbliob] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Chrome\rf-chrome.crx [2014-02-07]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AcuWVSSchedulerv10; C:\Program Files (x86)\Acunetix\Web Vulnerability Scanner 10\WVSScheduler.exe [2028296 2016-02-17] ()
R2 AdobeActiveFileMonitor12.0; C:\Program Files (x86)\Adobe\Elements 12 Organizer\PhotoshopElementsFileAgent.exe [181152 2013-09-03] (Adobe Systems Incorporated)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-05-29] (Apple Inc.)
R2 AVP16.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\avp.exe [194000 2015-12-07] (Kaspersky Lab ZAO)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1433216 2016-01-08] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1773696 2016-01-08] (Microsoft Corporation)
R2 CTService; C:\Program Files (x86)\Cold Turkey\\CTService.exe [329728 2016-04-07] (Felix Logic) [File not signed]
R2 DeltaCopyService; C:\DeltaCopy\DCServce.exe [683008 2009-11-23] (Synametrics Technologies) [File not signed]
R2 DirMngr; C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe [216576 2016-07-05] () [File not signed]
S4 EaseUS Agent; C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe [36936 2013-12-02] (CHENGDU YIWO Tech Development Co., Ltd) [File not signed]
R2 ESRV_SVC_WILLAMETTE; C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\esrv_svc.exe [416408 2016-03-09] ()
R2 Everything; C:\Program Files (x86)\Everything\Everything.exe [1048576 2014-08-06] () [File not signed] <==== ATTENTION
R2 FolderSize; C:\Program Files\FolderSize\FolderSizeSvc.exe [163840 2013-02-13] (Brio) [File not signed]
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1163200 2016-01-12] (NVIDIA Corporation)
S4 Guard Agent; C:\Program Files (x86)\EaseUS\Todo Backup\bin\GuardAgent.exe [23624 2013-09-04] (CHENGDU YIWO Tech Development Co., Ltd) [File not signed]
R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1037824 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [29760 2016-07-04] (HP Inc.)
S2 iBtSiva; C:\Program Files (x86)\Intel\Bluetooth\ibtsiva.exe [127216 2015-01-21] (Intel Corporation)
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2413056 2011-06-28] (Realsil Microelectronics Inc.) [File not signed]
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [319080 2015-06-04] (Intel Corporation)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel® Corporation)
S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2940704 2015-12-28] (IObit)
R2 Mobile Broadband HL Service; C:\ProgramData\MobileBrServ\mbbservice.exe [232288 2012-03-12] ()
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [268192 2016-02-08] ()
S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2008-12-03] (Hewlett-Packard) [File not signed]
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1879488 2016-01-12] (NVIDIA Corporation)
R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [6308288 2016-01-12] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [4812736 2016-01-12] (NVIDIA Corporation)
S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2008-12-03] (Hewlett-Packard) [File not signed]
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-03-01] (Riverbed Technology, Inc.)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 SystemUsageReportSvc_WILLAMETTE; C:\Program Files (x86)\Intel Driver Update Utility\SUR\SurSvc.exe [118424 2016-03-09] ()
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [7183632 2016-07-18] (TeamViewer GmbH)
S3 USER_ESRV_SVC_WILLAMETTE; C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\esrv_svc.exe [416408 2016-03-09] ()
R2 VMwareHostd; C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe [12465856 2015-10-18] ()
S4 vncserver; C:\Program Files\RealVNC\VNC Server\vncserver.exe [4774208 2013-01-22] (RealVNC Ltd)
S3 vssbrigde64; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\x64\vssbridge64.exe [144640 2015-07-09] (AO Kaspersky Lab)
R2 WDBackup; C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [1049464 2016-04-19] (Western Digital Technologies, Inc.)
R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [314744 2016-04-19] (Western Digital Technologies, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3833248 2016-02-08] (Intel® Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R0 amdkmpfd; C:\Windows\System32\DRIVERS\amdkmpfd.sys [36096 2013-05-21] (Advanced Micro Devices, Inc.)
S3 anvsnddrv; C:\Windows\System32\drivers\anvsnddrv.sys [33872 2011-11-28] (AnvSoft Inc.)
S3 btmaux; C:\Windows\System32\DRIVERS\btmaux.sys [141624 2014-10-28] (Motorola Solutions, Inc.)
S3 btmhsf; C:\Windows\System32\DRIVERS\btmhsf.sys [1448248 2014-11-26] (Motorola Solutions, Inc.)
R0 cm_km; C:\Windows\System32\DRIVERS\cm_km.sys [389816 2015-07-06] (Kaspersky Lab ZAO)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 epmntdrv; C:\Windows\system32\epmntdrv.sys [17480 2013-03-07] () [File not signed]
S3 epmntdrv; C:\Windows\SysWOW64\epmntdrv.sys [14920 2013-03-07] () [File not signed]
R0 EUBAKUP; C:\Windows\System32\drivers\eubakup.sys [61000 2013-09-04] (CHENGDU YIWO Tech Development Co., Ltd) [File not signed]
R0 EUBKMON; C:\Windows\System32\drivers\EUBKMON.sys [48200 2013-09-04] () [File not signed]
R1 EUDSKACS; C:\Windows\system32\drivers\eudskacs.sys [18504 2013-09-04] (CHENGDU YIWO Tech Development Co., Ltd) [File not signed]
R1 EUFDDISK; C:\Windows\system32\drivers\EuFdDisk.sys [189000 2013-09-04] (CHENGDU YIWO Tech Development Co., Ltd) [File not signed]
S3 EuGdiDrv; C:\Windows\system32\EuGdiDrv.sys [9800 2013-03-07] () [File not signed]
S3 EuGdiDrv; C:\Windows\SysWOW64\EuGdiDrv.sys [9160 2013-03-07] () [File not signed]
R1 HBtnKey; C:\Windows\System32\DRIVERS\wstbtndb.sys [9856 2007-09-14] (Lenovo)
S3 HSPADataCardusbmdm; C:\Windows\System32\DRIVERS\HSPADataCardusbmdm.sys [122752 2010-09-09] (HSPADataCard Incorporated)
S3 HSPADataCardusbnmea; C:\Windows\System32\DRIVERS\HSPADataCardusbnmea.sys [122752 2010-09-09] (HSPADataCard Incorporated)
S3 HSPADataCardusbser; C:\Windows\System32\DRIVERS\HSPADataCardusbser.sys [122752 2010-09-09] (HSPADataCard Incorporated)
R1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [26528 2015-08-30] (REALiX™)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [478392 2015-06-22] (Kaspersky Lab ZAO)
R0 klbackupdisk; C:\Windows\System32\DRIVERS\klbackupdisk.sys [53432 2015-06-06] (Kaspersky Lab ZAO)
R1 klbackupflt; C:\Windows\System32\DRIVERS\klbackupflt.sys [70000 2015-06-27] (Kaspersky Lab ZAO)
R2 kldisk; C:\Windows\System32\DRIVERS\kldisk.sys [77728 2016-06-11] (AO Kaspersky Lab)
R3 klflt; C:\Windows\System32\DRIVERS\klflt.sys [181640 2015-12-07] (AO Kaspersky Lab)
R1 klhk; C:\Windows\System32\DRIVERS\klhk.sys [237480 2016-06-11] (AO Kaspersky Lab)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [943536 2016-06-11] (AO Kaspersky Lab)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [49240 2016-06-11] (AO Kaspersky Lab)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [41144 2015-06-06] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [41648 2015-06-07] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [41352 2015-12-07] (AO Kaspersky Lab)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [65208 2015-06-11] (Kaspersky Lab ZAO)
R1 Klwtp; C:\Windows\System32\DRIVERS\klwtp.sys [103096 2015-06-16] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [187056 2015-06-23] (Kaspersky Lab ZAO)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [180264 2016-05-28] (Intel Corporation)
R3 NETwNs64; C:\Windows\System32\DRIVERS\NETwsw01.sys [11534096 2015-05-04] (Intel Corporation)
R3 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-03-01] (Riverbed Technology, Inc.)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [26560 2016-01-12] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [47760 2015-12-18] (NVIDIA Corporation)
S3 ptun0901; C:\Windows\System32\DRIVERS\ptun0901.sys [27136 2015-01-26] (The OpenVPN Project)
R0 PxHlpa64; C:\Windows\System32\drivers\PxHlpa64.sys [56336 2013-07-19] (Corel Corporation)
S3 qcusbser; C:\Windows\System32\DRIVERS\qcusbser.sys [270048 2015-07-22] (QUALCOMM Incorporated)
S3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [44544 2012-12-10] (Research in Motion Ltd)
S3 RSP2STOR; C:\Windows\System32\DRIVERS\RtsP2Stor.sys [328920 2016-05-28] (Realtek Semiconductor Corp.)
R3 semav6msr64; C:\Windows\system32\drivers\semav6msr64.sys [21984 2016-03-09] ()
S3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [31472 2014-03-31] (Synaptics Incorporated)
S3 tapSF0901; C:\Windows\System32\DRIVERS\tapSF0901.sys [39104 2013-05-29] (Spotflux, Inc.)
R4 tib; C:\Windows\System32\DRIVERS\tib.sys [1119672 2015-05-16] (Acronis)
R1 UimBus; C:\Windows\System32\DRIVERS\uimx64.sys [90960 2013-02-18] (Windows ® 2000 DDK provider)
R1 Uim_IM; C:\Windows\System32\Drivers\Uim_IMx64.sys [633680 2013-02-18] (Paragon)
R1 Uim_VIM; C:\Windows\System32\Drivers\uim_vimx64.sys [390352 2013-02-18] (Paragon)
S3 utg0nde2; C:\Windows\SysWOW64\Drivers\utg0nde2.sys [7168 2015-08-15] () [File not signed]
R1 VBoxNetAdp; C:\Windows\System32\DRIVERS\VBoxNetAdp6.sys [127456 2016-03-04] (Oracle Corporation)
R1 VBoxNetLwf; C:\Windows\System32\DRIVERS\VBoxNetLwf.sys [205784 2016-03-04] (Oracle Corporation)
R0 vsock; C:\Windows\System32\drivers\vsock.sys [75512 2015-10-18] (VMware, Inc.)
R2 vstor2-mntapi20-shared; C:\Windows\SysWow64\drivers\vstor2-mntapi20-shared.sys [34520 2015-07-09] (VMware, Inc.)
S3 BtAudioBusSrv; System32\Drivers\BtAudioBus.sys [X]
S3 BthL2caScoIfSrv; System32\Drivers\BtL2caScoIf.sys [X]
S3 btmaudio; system32\drivers\btmaud.sys [X]
S3 cpudrv64; \??\C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys [X]
S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]
U4 klkbdflt2; system32\DRIVERS\klkbdflt2.sys [X]
S3 RimUsb; System32\Drivers\RimUsb_AMD64.sys [X]
S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-08-12 13:46 - 2016-08-12 13:50 - 00053083 _____ C:\FRST.txt
2016-08-12 12:26 - 2016-08-12 12:26 - 09682416 _____ C:\Users\user\Desktop\GSI6_ASYLUM_user_08_12_2016_12_21_39.zip
2016-08-12 12:26 - 2016-08-12 12:26 - 00000000 ____D C:\ProgramData\sb6s
2016-08-12 12:22 - 2016-08-12 12:22 - 00000000 ____D C:\ProgramData\se2o
2016-08-12 12:22 - 2016-08-12 12:22 - 00000000 ____D C:\ProgramData\sccg
2016-08-12 12:21 - 2016-08-12 12:21 - 00000000 ____D C:\ProgramData\s3g8
2016-08-12 12:21 - 2016-08-12 12:21 - 00000000 ____D C:\ProgramData\s1l8
2016-08-12 12:10 - 2016-08-12 12:09 - 00005534 _____ C:\Windows\system32\Drivers\etc\hosts - Copy
2016-08-12 11:55 - 2016-08-12 11:41 - 02393600 ____N (Farbar) C:\FRST64.exe
2016-08-12 11:41 - 2016-08-12 13:50 - 00000000 ____D C:\FRST
2016-08-12 11:09 - 2016-08-12 11:09 - 00262144 _____ C:\Users\UpdatusUser
2016-08-12 11:07 - 2016-08-12 11:15 - 00000000 ____D C:\Users\user\SecurityScans
2016-08-12 11:07 - 2016-08-12 11:07 - 00001053 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Baseline Security Analyzer 2.3.lnk
2016-08-12 11:07 - 2016-08-12 11:07 - 00001041 _____ C:\Users\Public\Desktop\Microsoft Baseline Security Analyzer 2.3.lnk
2016-08-12 11:07 - 2016-08-12 11:07 - 00000000 ____D C:\Program Files\Microsoft Baseline Security Analyzer 2
2016-08-12 09:17 - 2016-08-12 13:45 - 00000014 _____ C:\Users\user\Documents\Working Copy of Untitled 1.txt
2016-08-11 11:39 - 2016-08-11 11:39 - 00000021 _____ C:\Windows\S.dirmngr
2016-08-10 12:46 - 2016-08-10 13:04 - 154890367 _____ C:\Users\user\Desktop\ACDC Express 2016 Main Catalogue.pdf
2016-08-10 11:26 - 2016-08-02 16:54 - 00394440 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-08-10 11:26 - 2016-08-02 16:08 - 00346312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2016-08-10 11:26 - 2016-08-02 08:54 - 25808384 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-08-10 11:26 - 2016-08-02 08:47 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-08-10 11:26 - 2016-08-02 08:47 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-08-10 11:26 - 2016-08-02 08:32 - 02894336 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-08-10 11:26 - 2016-08-02 08:32 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-08-10 11:26 - 2016-08-02 08:31 - 00572416 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-08-10 11:26 - 2016-08-02 08:31 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-08-10 11:26 - 2016-08-02 08:31 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-08-10 11:26 - 2016-08-02 08:31 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-08-10 11:26 - 2016-08-02 08:24 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-08-10 11:26 - 2016-08-02 08:23 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-08-10 11:26 - 2016-08-02 08:20 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-08-10 11:26 - 2016-08-02 08:19 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-08-10 11:26 - 2016-08-02 08:19 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-08-10 11:26 - 2016-08-02 08:18 - 06047744 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-08-10 11:26 - 2016-08-02 08:18 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-08-10 11:26 - 2016-08-02 08:18 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-08-10 11:26 - 2016-08-02 08:11 - 00969216 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-08-10 11:26 - 2016-08-02 08:08 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-08-10 11:26 - 2016-08-02 08:03 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2016-08-10 11:26 - 2016-08-02 08:00 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-08-10 11:26 - 2016-08-02 07:59 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2016-08-10 11:26 - 2016-08-02 07:56 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-08-10 11:26 - 2016-08-02 07:55 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-08-10 11:26 - 2016-08-02 07:54 - 20343808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-08-10 11:26 - 2016-08-02 07:53 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-08-10 11:26 - 2016-08-02 07:51 - 00497664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-08-10 11:26 - 2016-08-02 07:51 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2016-08-10 11:26 - 2016-08-02 07:51 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-08-10 11:26 - 2016-08-02 07:51 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2016-08-10 11:26 - 2016-08-02 07:51 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2016-08-10 11:26 - 2016-08-02 07:50 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2016-08-10 11:26 - 2016-08-02 07:47 - 02286592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-08-10 11:26 - 2016-08-02 07:45 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2016-08-10 11:26 - 2016-08-02 07:44 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2016-08-10 11:26 - 2016-08-02 07:42 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2016-08-10 11:26 - 2016-08-02 07:41 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-08-10 11:26 - 2016-08-02 07:41 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2016-08-10 11:26 - 2016-08-02 07:41 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2016-08-10 11:26 - 2016-08-02 07:40 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-08-10 11:26 - 2016-08-02 07:38 - 00806400 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-08-10 11:26 - 2016-08-02 07:38 - 00724992 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-08-10 11:26 - 2016-08-02 07:37 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-08-10 11:26 - 2016-08-02 07:36 - 02131456 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-08-10 11:26 - 2016-08-02 07:33 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2016-08-10 11:26 - 2016-08-02 07:29 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2016-08-10 11:26 - 2016-08-02 07:28 - 15412224 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-08-10 11:26 - 2016-08-02 07:28 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2016-08-10 11:26 - 2016-08-02 07:26 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2016-08-10 11:26 - 2016-08-02 07:25 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2016-08-10 11:26 - 2016-08-02 07:24 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2016-08-10 11:26 - 2016-08-02 07:23 - 02868224 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-08-10 11:26 - 2016-08-02 07:22 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2016-08-10 11:26 - 2016-08-02 07:21 - 04608000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-08-10 11:26 - 2016-08-02 07:16 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2016-08-10 11:26 - 2016-08-02 07:15 - 00692736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-08-10 11:26 - 2016-08-02 07:14 - 02055680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-08-10 11:26 - 2016-08-02 07:14 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2016-08-10 11:26 - 2016-08-02 07:11 - 13808128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-08-10 11:26 - 2016-08-02 07:10 - 01550848 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-08-10 11:26 - 2016-08-02 06:59 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-08-10 11:26 - 2016-08-02 06:56 - 02393088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-08-10 11:26 - 2016-08-02 06:53 - 01316352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-08-10 11:26 - 2016-08-02 06:51 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-08-10 11:26 - 2016-07-08 17:37 - 00154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-08-10 11:26 - 2016-07-08 17:37 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-08-10 11:26 - 2016-07-08 17:32 - 01464320 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-08-10 11:26 - 2016-07-08 17:32 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-08-10 11:26 - 2016-07-08 17:32 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-08-10 11:26 - 2016-07-08 17:32 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-08-10 11:26 - 2016-07-08 17:32 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2016-08-10 11:26 - 2016-07-08 17:32 - 00343552 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-08-10 11:26 - 2016-07-08 17:32 - 00316416 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-08-10 11:26 - 2016-07-08 17:32 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-08-10 11:26 - 2016-07-08 17:32 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-08-10 11:26 - 2016-07-08 17:32 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2016-08-10 11:26 - 2016-07-08 17:32 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-08-10 11:26 - 2016-07-08 17:32 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-08-10 11:26 - 2016-07-08 17:32 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-08-10 11:26 - 2016-07-08 17:32 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-08-10 11:26 - 2016-07-08 17:32 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-08-10 11:26 - 2016-07-08 17:32 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-08-10 11:26 - 2016-07-08 17:32 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-08-10 11:26 - 2016-07-08 17:32 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-08-10 11:26 - 2016-07-08 17:17 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2016-08-10 11:26 - 2016-07-08 17:17 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2016-08-10 11:26 - 2016-07-08 17:16 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2016-08-10 11:26 - 2016-07-08 17:16 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-08-10 11:26 - 2016-07-08 17:16 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2016-08-10 11:26 - 2016-07-08 17:16 - 00260608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2016-08-10 11:26 - 2016-07-08 17:16 - 00251392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2016-08-10 11:26 - 2016-07-08 17:16 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2016-08-10 11:26 - 2016-07-08 17:16 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2016-08-10 11:26 - 2016-07-08 17:16 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2016-08-10 11:26 - 2016-07-08 17:16 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2016-08-10 11:26 - 2016-07-08 17:16 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2016-08-10 11:26 - 2016-07-08 17:16 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2016-08-10 11:26 - 2016-07-08 17:16 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2016-08-10 11:26 - 2016-07-08 17:16 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2016-08-10 11:26 - 2016-07-08 17:03 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-08-10 11:26 - 2016-07-08 17:01 - 03218944 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-08-10 11:26 - 2016-07-08 16:57 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-08-10 11:26 - 2016-07-08 16:56 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-08-10 11:26 - 2016-07-08 16:56 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-08-10 11:26 - 2016-07-08 16:55 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2016-08-10 11:26 - 2016-07-08 16:55 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-08-10 11:26 - 2016-07-08 16:50 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2016-08-06 02:09 - 2016-08-06 02:09 - 00000000 ____D C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2016-08-04 01:23 - 2016-08-04 01:23 - 06638280 _____ (Tim Kosse) C:\Users\user\Downloads\FileZilla_3.20.0_win64-setup.exe
2016-08-03 21:24 - 2016-08-03 21:31 - 00000000 ____D C:\Users\user\AppData\Roaming\.kde
2016-08-03 21:24 - 2016-08-03 21:24 - 00000000 ____D C:\Users\user\AppData\Local\GNU
2016-08-03 21:22 - 2016-08-03 21:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gpg4win
2016-08-03 21:10 - 2016-08-03 21:14 - 26769168 _____ (g10 Code GmbH) C:\Users\user\Downloads\gpg4win-2.3.2.exe
2016-08-03 20:47 - 2016-08-12 11:56 - 00000000 ____D C:\tails-i386-2.5
2016-08-03 13:27 - 2016-08-03 13:27 - 00226385 _____ C:\Users\user\Downloads\tails-signing main for keyring.key
2016-08-03 13:26 - 2016-08-03 13:26 - 00000801 _____ C:\Users\user\Downloads\tails-i386-2.5.iso.sig
2016-08-03 13:19 - 2016-08-03 13:20 - 00226385 _____ C:\Users\user\Downloads\tails-signing.key
2016-08-03 13:17 - 2016-08-03 13:17 - 00088234 _____ C:\Users\user\Downloads\tails-i386-2.5.torrent
2016-08-03 13:12 - 2016-08-03 22:29 - 00000210 _____ C:\Users\user\Downloads\GhostCrypter Instructions.txt
2016-08-03 13:11 - 2016-08-03 13:12 - 03626138 _____ C:\Users\user\Downloads\GhostCrypter.zip
2016-08-02 23:53 - 2016-08-02 23:38 - 00011578 _____ C:\Users\user\Desktop\temp.html
2016-08-02 05:02 - 2016-08-02 05:02 - 00000316 _____ C:\Users\user\Desktop\flashupdat.json
2016-08-02 01:09 - 2016-08-02 01:09 - 00001397 _____ C:\Users\user\Desktop\how to enable PIA OpenVPN with port forward.txt
2016-07-31 19:00 - 2016-07-31 19:12 - 00001086 _____ C:\Users\user\Downloads\port_forward.sh
2016-07-31 17:47 - 2016-07-31 17:47 - 07934976 _____ C:\Users\user\Downloads\dd-wrt.v24-29519_NEWD-2_K3.x_mega-nv64k.bin
2016-07-31 17:47 - 2016-07-31 17:47 - 03560448 _____ C:\Users\user\Downloads\dd-wrt.v24-19519_NEWD-2_K2.6_mini-e1200v2.bin
2016-07-31 00:36 - 2016-07-31 21:35 - 00002028 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wireshark.lnk
2016-07-31 00:36 - 2016-07-31 00:36 - 00001595 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wireshark Legacy.lnk
2016-07-31 00:34 - 2016-07-31 00:35 - 47611856 _____ (Wireshark development team) C:\Users\user\Downloads\Wireshark-win64-2.0.5.exe
2016-07-30 01:19 - 2016-07-30 01:55 - 00000297 _____ C:\Users\user\Desktop\crypter bought.txt
2016-07-26 23:10 - 2016-07-26 23:10 - 00000000 ____D C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Kodi
2016-07-15 00:06 - 2016-07-15 00:06 - 19527360 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2016-07-13 21:52 - 2016-06-26 02:27 - 00970240 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2016-07-13 21:52 - 2016-06-26 02:27 - 00756736 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2016-07-13 21:52 - 2016-06-26 02:27 - 00344576 _____ (Microsoft Corporation) C:\Windows\system32\ntprint.dll
2016-07-13 21:52 - 2016-06-26 02:27 - 00166400 _____ (Microsoft Corporation) C:\Windows\system32\inetpp.dll
2016-07-13 21:52 - 2016-06-26 02:27 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\inetppui.dll
2016-07-13 21:52 - 2016-06-25 21:54 - 00497152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2016-07-13 21:52 - 2016-06-25 21:53 - 00297472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntprint.dll
2016-07-13 21:52 - 2016-06-25 21:53 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\ntprint.exe
2016-07-13 21:52 - 2016-06-25 21:53 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\wpnpinst.exe
2016-07-13 21:52 - 2016-06-25 21:41 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntprint.exe
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-08-12 13:50 - 2015-05-16 19:01 - 00000000 ____D C:\ProgramData\Acronis
2016-08-12 13:50 - 2015-05-16 19:01 - 00000000 ____D C:\Program Files (x86)\Acronis
2016-08-12 13:37 - 2013-07-16 22:49 - 00000000 ____D C:\Users\user\AppData\Roaming\VMware
2016-08-12 13:33 - 2013-07-16 22:49 - 00000000 ____D C:\Users\user\AppData\Local\VMware
2016-08-12 13:06 - 2015-06-12 20:55 - 00000914 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1349553858-4256529286-2489926899-1000UA.job
2016-08-12 13:06 - 2013-05-23 12:13 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-08-12 13:06 - 2013-02-25 20:36 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-08-12 13:02 - 2013-07-14 16:03 - 00000000 ____D C:\ProgramData\VMware
2016-08-12 12:25 - 2014-09-26 11:40 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2016-08-12 12:21 - 2015-05-16 19:01 - 00000000 ____D C:\Users\Acronis Agent User
2016-08-12 12:10 - 2015-05-26 15:30 - 00000000 ____D C:\Users\user\AppData\Roaming\Everything
2016-08-12 11:55 - 2013-03-14 00:24 - 00007639 _____ C:\Users\user\AppData\Local\Resmon.ResmonCfg
2016-08-12 11:47 - 2015-11-09 22:04 - 00000000 ____D C:\Users\user\Desktop\mush projects
2016-08-12 11:22 - 2009-07-14 06:45 - 00021904 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-08-12 11:22 - 2009-07-14 06:45 - 00021904 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-08-12 11:09 - 2009-07-14 06:45 - 00000000 ____D C:\Windows\ServiceProfiles
2016-08-12 08:33 - 2015-06-24 02:33 - 00000332 _____ C:\Windows\Tasks\Bidaily Synchronize Task[973b].job
2016-08-12 07:29 - 2013-02-27 21:46 - 00000000 ____D C:\Users\user\Documents\Outlook Files
2016-08-12 07:24 - 2014-09-01 23:58 - 00000000 ____D C:\Users\user\AppData\Local\Adobe
2016-08-11 21:06 - 2015-06-12 20:55 - 00000862 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1349553858-4256529286-2489926899-1000Core.job
2016-08-11 17:52 - 2013-03-15 12:15 - 00000000 ____D C:\Users\user\AppData\Roaming\Skype
2016-08-11 16:04 - 2009-07-14 07:13 - 00791426 _____ C:\Windows\system32\PerfStringBackup.INI
2016-08-11 16:04 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\inf
2016-08-11 16:02 - 2016-02-04 12:25 - 00002868 _____ C:\Windows\System32\Tasks\Driver Booster SkipUAC (user)
2016-08-11 16:01 - 2014-08-17 15:36 - 00003758 _____ C:\Windows\System32\Tasks\AutoKMS
2016-08-11 16:01 - 2013-08-30 19:56 - 00003914 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{CA25E607-A6F0-4448-8465-8ACA0A5B6C75}
2016-08-11 15:59 - 2013-02-28 16:51 - 00000000 ____D C:\Users\user\AppData\Roaming\Free Download Manager
2016-08-11 11:39 - 2015-05-12 22:59 - 00008192 _____ C:\Windows\SysWOW64\WDPABKP.dat
2016-08-11 11:39 - 2014-06-29 14:02 - 00000000 __SHD C:\Users\user\IntelGraphicsProfiles
2016-08-11 11:39 - 2013-02-25 20:36 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-08-11 11:39 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-08-10 22:48 - 2015-08-30 12:52 - 00000000 ____D C:\Users\user\AppData\Local\IPVanish
2016-08-10 22:48 - 2015-06-22 01:04 - 00000000 ____D C:\Program Files (x86)\IPVanish
2016-08-10 22:46 - 2016-06-08 20:20 - 00000000 ____D C:\Users\user\AppData\Roaming\uTorrent
2016-08-10 22:39 - 2013-03-01 00:18 - 00000000 ____D C:\Users\user\AppData\Roaming\vlc
2016-08-10 15:39 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2016-08-10 13:15 - 2009-07-14 06:45 - 05078688 _____ C:\Windows\system32\FNTCACHE.DAT
2016-08-10 13:05 - 2013-02-27 21:35 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2016-08-10 13:05 - 2009-07-14 04:34 - 00000478 _____ C:\Windows\win.ini
2016-08-10 13:04 - 2013-07-25 12:14 - 00000000 ____D C:\Windows\system32\MRT
2016-08-10 12:57 - 2013-02-25 16:17 - 147640136 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-08-10 09:15 - 2015-08-30 15:32 - 00000000 ____D C:\ProgramData\ProductData
2016-08-09 20:00 - 2015-07-09 23:54 - 00000000 ____D C:\Users\user\AppData\Roaming\Kodi
2016-08-09 08:28 - 2016-05-31 09:14 - 00000328 _____ C:\Windows\Tasks\HPCeeScheduleForuser.job
2016-08-09 07:12 - 2016-05-31 09:14 - 00003180 _____ C:\Windows\System32\Tasks\HPCeeScheduleForuser
2016-08-08 23:08 - 2013-02-25 20:38 - 00002155 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-08-07 11:14 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\NDF
2016-08-06 02:09 - 2013-07-11 12:57 - 00000000 ____D C:\Users\user\AppData\Roaming\Dropbox
2016-08-05 15:24 - 2016-02-10 10:52 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-08-04 12:07 - 2016-02-05 11:00 - 03285539 ____H C:\Users\user\AppData\Local\IconCache.db.backup
2016-08-04 02:11 - 2013-12-22 17:57 - 00000000 ____D C:\Users\user\AppData\Local\CrashDumps
2016-08-04 01:24 - 2013-03-25 16:01 - 00000000 ____D C:\Users\user\AppData\Roaming\FileZilla
2016-08-04 01:23 - 2013-09-14 19:44 - 00000000 ____D C:\Program Files (x86)\FileZilla FTP Client
2016-08-04 01:23 - 2013-03-25 16:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
2016-08-03 21:32 - 2015-11-17 10:16 - 00000000 ____D C:\Users\user\AppData\Roaming\gnupg
2016-08-03 20:47 - 2014-01-14 19:01 - 00000000 ____D C:\DeltaCopy
2016-08-03 18:14 - 2013-03-15 12:15 - 00000000 ___RD C:\Program Files (x86)\Skype
2016-08-03 18:14 - 2013-03-15 12:15 - 00000000 ____D C:\ProgramData\Skype
2016-08-01 22:48 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\registration
2016-07-31 22:27 - 2013-06-18 13:40 - 00000600 _____ C:\Users\user\AppData\Local\PUTTY.RND
2016-07-31 17:58 - 2015-02-07 15:39 - 00000000 ____D C:\Users\user\AppData\Local\ElevatedDiagnostics
2016-07-31 00:40 - 2014-10-05 14:05 - 00000000 ____D C:\Users\user\AppData\Roaming\Wireshark
2016-07-31 00:36 - 2014-10-05 13:45 - 00000000 ____D C:\Program Files\Wireshark
2016-07-31 00:36 - 2014-09-19 11:57 - 00000000 ____D C:\ProgramData\Package Cache
2016-07-30 23:30 - 2016-06-20 14:26 - 00003152 _____ C:\Windows\System32\Tasks\Private Internet Access Startup
2016-07-30 23:30 - 2016-06-20 14:26 - 00000000 ____D C:\Program Files\pia_manager
2016-07-29 21:49 - 2013-10-10 21:41 - 00000000 ____D C:\Users\user\vpworkspace
2016-07-29 21:49 - 2013-10-10 21:37 - 00000000 ____D C:\Program Files (x86)\Visual Paradigm for UML 10.0
2016-07-29 14:01 - 2013-02-25 20:36 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-07-29 14:01 - 2013-02-25 20:36 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2016-07-29 13:23 - 2013-02-25 18:20 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2016-07-26 23:10 - 2015-07-09 21:47 - 00000000 ____D C:\Program Files (x86)\Kodi
2016-07-24 19:50 - 2015-11-06 22:38 - 00000931 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 11.lnk
2016-07-23 12:35 - 2016-06-21 18:37 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-07-23 11:56 - 2014-12-21 00:52 - 00000000 ____D C:\Users\user\AppData\Roaming\streamWriter
2016-07-23 11:46 - 2014-12-21 00:52 - 00000000 ____D C:\Program Files (x86)\streamWriter
2016-07-17 21:49 - 2016-01-12 15:20 - 00000000 ____D C:\Users\user\Desktop\UNISA
2016-07-16 11:40 - 2015-01-08 11:22 - 00004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2016-07-15 00:06 - 2013-05-23 12:13 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-07-15 00:06 - 2013-04-19 09:57 - 00796352 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-07-15 00:06 - 2013-04-19 09:57 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
 
==================== Files in the root of some directories =======
 
2013-12-06 16:17 - 2013-12-06 16:36 - 0000132 _____ () C:\Users\user\AppData\Roaming\Adobe PNG Format CS6 Prefs
2013-11-23 13:53 - 2015-10-22 13:55 - 0000087 _____ () C:\Users\user\AppData\Roaming\Camdata.ini
2013-11-23 13:53 - 2015-10-22 13:55 - 0000408 _____ () C:\Users\user\AppData\Roaming\CamLayout.ini
2013-11-23 13:53 - 2015-10-22 13:55 - 0000408 _____ () C:\Users\user\AppData\Roaming\CamShapes.ini
2013-11-23 13:53 - 2015-10-22 13:55 - 0004522 _____ () C:\Users\user\AppData\Roaming\CamStudio.cfg
2014-06-10 23:42 - 2014-06-11 00:29 - 0000154 _____ () C:\Users\user\AppData\Roaming\Rim.Desktop.Exception.log
2014-06-10 23:41 - 2014-06-25 14:22 - 0002671 _____ () C:\Users\user\AppData\Roaming\Rim.Desktop.HttpServerSetup.log
2014-06-10 23:42 - 2014-06-11 00:29 - 0000154 _____ () C:\Users\user\AppData\Roaming\Rim.DesktopHelper.Exception.log
2015-05-24 13:09 - 2015-05-24 13:09 - 0002154 _____ () C:\Users\user\AppData\Roaming\SAS7_000.DAT
2014-10-20 18:43 - 2014-10-20 18:43 - 0000038 ___SH () C:\Users\user\AppData\Local\69ff07055291669bb2b218.72821112
2013-03-25 18:47 - 2016-05-20 09:28 - 0001456 _____ () C:\Users\user\AppData\Local\Adobe Save for Web 13.0 Prefs
2013-06-18 13:40 - 2016-07-31 22:27 - 0000600 _____ () C:\Users\user\AppData\Local\PUTTY.RND
2013-03-14 00:24 - 2016-08-12 11:55 - 0007639 _____ () C:\Users\user\AppData\Local\Resmon.ResmonCfg
2014-02-14 23:16 - 2014-02-14 23:16 - 0000032 RSHOT () C:\Users\user\AppData\Local\t70rc.dat
2013-07-14 14:22 - 2013-07-14 14:23 - 0000097 __RSH () C:\ProgramData\1.12.5.lic
2013-02-28 22:41 - 2013-02-28 22:41 - 0000057 _____ () C:\ProgramData\Ament.ini
2015-08-27 22:04 - 2015-08-27 22:33 - 0000357 _____ () C:\ProgramData\hpzinstall.log
2013-03-06 21:50 - 2013-03-06 21:50 - 0000104 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
 
Some files in TEMP:
====================
C:\Users\user\AppData\Local\Temp\IPVanish-Setup-2.1.2.0.exe
C:\Users\user\AppData\Local\Temp\RoboForm-Setup.exe
C:\Users\user\AppData\Local\Temp\sqlite-3.7.2-sqlitejdbc.dll
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-08-06 00:26
 
==================== End of FRST.txt ============================
 
 

  • 0

Advertisements

#2
shellcrash
Posted 14 August 2016 - 03:30 PM

shellcrash

    New Member

  • Topic Starter
  • Member
  • Pip
  • 2 posts
Any takers for solving this problem?
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP