Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Looking for a keylogger and/or other remote tools on my system

Started by 'puter gunna die , Sep 23 2017 09:25 PM

malware keylogger trojan spyware

This topic is locked

#1
'puter gunna die

Posted 23 September 2017 - 09:25 PM

Member

Member
49 posts

Hi I'm doing this from a linux machine that runs beside my windows 7 system. The windows 7 system may have a keylogger somewhere in it. A person I know (who is a d###) may have set up a webpage that stuck a few programs on one of the two hard disk drives on that system. It didn't set off any alarms, but judging from his recent facebook posts (made public), there is a veiled allusion to some things I searched for the other day. While it could be a compromise to my youtube account (which basically means google opened its legs to him as well), I cannot be safe enough from him. As a side question, how basic of a hacker can break into youtube accounts? He's not the ultra involved type when it comes to hacking, much like myself (he might have help). I never hack, nor do I do security for a living, so I don't have any answers to these. It's just that he seems to have information that I can recall originates from multiple online platforms, so I fear how deep into my layers he's delved.

Please help me find any malware, trojans, spyware, keyloggers, as I want to rule that out before turning my attention to external elements. I know you folks have the best ferreting applications around, as your brilliant community has gotten me out of multiple binds. Thank you so much!

Paul.

Edited by 'puter gunna die, 24 September 2017 - 04:35 AM.

#2
zep516

Posted 24 September 2017 - 10:31 AM

Trusted Helper

Malware Removal
8,093 posts

Hi! My name is zep516 and Welcome to Geekstogo!
I'll do the best I can to resolve your computer issue
Please make sure to carefully read any instruction that I give you. If you're not sure, or if something unexpected happens, don't continue Stop and ask! Never be afraid to ask questions!

Everything gets download to the desktop and tools are "Run as administrator."

Please download Farbar Recovery Scan Tool and save it to your Desktop.
Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
Press Scan button.
It will produce a log called FRST.txt in the same directory the tool is run from.
Please copy and paste log back here.
The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

#3
'puter gunna die

Posted 24 September 2017 - 04:54 PM

Member

Topic Starter
Member
49 posts

Hello and thank you!

Here is FRST

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 24-09-2017
Ran by MannerPanner (administrator) on MP8 (24-09-2017 18:47:51)
Running from C:\Users\MannerPanner\Desktop\fix
Loaded Profiles: MannerPanner (Available Profiles: MannerPanner)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
(AMD) C:\Windows\System32\atieclxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Dassault Systèmes) C:\Program Files\Dassault Systemes\DraftSight\bin\dsHttpApiService.exe
(ELTIMA Software) D:\Extra Programs\Flexihub\flexihub64.exe
( ) C:\Windows\System32\lxdxcoms.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\HpqSRmon.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(AVAST Software s.r.o.) C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\System32\PrintIsolationHost.exe
(Microsoft Corporation) C:\Windows\System32\PrintIsolationHost.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6846096 2012-11-19] (Realtek Semiconductor)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [239856 2017-08-31] (AVAST Software)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [630912 2012-05-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AMD AVT] => Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
HKLM-x32\...\Run: [hpqSRMon] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe [150016 2008-08-20] (Hewlett-Packard)
HKLM-x32\...\Run: [P17RunE] => RunDll32 P17RunE.dll,RunDLLEntry
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [453736 2013-02-19] (CANON INC.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-09-22] (Oracle Corporation)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2015-01-10] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk [2014-12-26]
ShortcutTarget: Adobe Gamma Loader.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
GroupPolicy: Restriction <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{6747012A-09BC-4536-B710-31085FADE753}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{74E9284A-90E3-4A68-97B1-0142EF7BF792}: [DhcpNameServer] 192.168.43.1
Tcpip\..\Interfaces\{A01BC9FB-26FF-487E-9BC4-C71DDB81AF13}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{A6392172-19CA-4C5A-9C0C-DBD24F66B945}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-2771466343-972908901-1180683727-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
HKU\S-1-5-21-2771466343-972908901-1180683727-1000\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://go.microsoft.com/fwlink/p/?LinkId=619797&pc=UE12&ocid=UE12DHP
hxxp://www.google.com/
hxxp://www.google.com/
hxxps://www.google.com/?trackid=sp-006
SearchScopes: HKLM-x32 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2771466343-972908901-1180683727-1000 -> DefaultScope {BEEE778D-C358-4AE2-80FC-EB1C64FABAFF} URL =
SearchScopes: HKU\S-1-5-21-2771466343-972908901-1180683727-1000 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_111\bin\ssv.dll [2016-10-19] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2017-08-31] (AVAST Software)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_111\bin\jp2ssv.dll [2016-10-19] (Oracle Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2017-08-31] (AVAST Software)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} hxxp://files.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: HKLM-x32 {E705A591-DA3C-4228-B0D5-A356DBA42FBF} hxxp://files.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://files.creative.com/Web/softwareupdate/ocx/150323/CTPID.cab

FireFox:
========
FF DefaultProfile: qm9nwsua.default
FF ProfilePath: C:\Users\MannerPanner\AppData\Roaming\Mozilla\Firefox\Profiles\qm9nwsua.default [2017-09-24]
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\qm9nwsua.default -> Yahoo!
FF DefaultSearchEngine.US: Mozilla\Firefox\Profiles\qm9nwsua.default -> Yahoo!
FF DefaultSearchUrl: Mozilla\Firefox\Profiles\qm9nwsua.default -> hxxps://www.google.com/search/?trackid=sp-006
FF SearchEngineOrder.1: Mozilla\Firefox\Profiles\qm9nwsua.default -> Google (avast)
FF SelectedSearchEngine: Mozilla\Firefox\Profiles\qm9nwsua.default -> Yahoo!
FF Homepage: Mozilla\Firefox\Profiles\qm9nwsua.default -> hxxps://search.yahoo.com/?type=313292&fr=spigot-yhp-ff
about:home
FF Keyword.URL: Mozilla\Firefox\Profiles\qm9nwsua.default -> hxxps://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=313292&p=
FF Extension: (Emoji Keyboard) - C:\Users\MannerPanner\AppData\Roaming\Mozilla\Firefox\Profiles\qm9nwsua.default\Extensions\@emojikeyboard.xpi [2017-07-31]
FF Extension: (Avast SafePrice) - C:\Users\MannerPanner\AppData\Roaming\Mozilla\Firefox\Profiles\qm9nwsua.default\Extensions\[email protected] [2017-09-04]
FF Extension: (Avast Online Security) - C:\Users\MannerPanner\AppData\Roaming\Mozilla\Firefox\Profiles\qm9nwsua.default\Extensions\[email protected] [2017-08-31]
FF SearchPlugin: C:\Users\MannerPanner\AppData\Roaming\Mozilla\Firefox\Profiles\qm9nwsua.default\searchplugins\google-avast.xml [2014-12-24]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_25_0_0_171.dll [2017-06-11] ()
FF Plugin: @java.com/DTPlugin,version=11.111.2 -> C:\Program Files\Java\jre1.8.0_111\bin\dtplugin\npDeployJava1.dll [2016-10-19] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.111.2 -> C:\Program Files\Java\jre1.8.0_111\bin\plugin2\npjp2.dll [2016-10-19] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_25_0_0_171.dll [2017-06-11] ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-27] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-27] (Google Inc.)

Chrome:
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxps://search.yahoo.com/?type=313292&fr=yo-yhp-ch
CHR StartupUrls: Default -> "hxxps://search.yahoo.com/?type=313292&fr=yo-yhp-ch",null,"hxxp://www.google.com/"
CHR NewTab: Default -> Not-active:"chrome-extension://fmkcedjopgcilkapfjcmjfmckgpoakha/ntp/newtab.html"
CHR Profile: C:\Users\MannerPanner\AppData\Local\Google\Chrome\User Data\Default [2017-09-24]
CHR Extension: (Google Slides) - C:\Users\MannerPanner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-04]
CHR Extension: (Google Docs) - C:\Users\MannerPanner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-04]
CHR Extension: (Google Drive) - C:\Users\MannerPanner\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21]
CHR Extension: (YouTube) - C:\Users\MannerPanner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-25]
CHR Extension: (Google Search) - C:\Users\MannerPanner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (Emoji Keyboard) - C:\Users\MannerPanner\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbcgkphadgmbalmlklhbdagcicajenei [2017-06-04]
CHR Extension: (Google Sheets) - C:\Users\MannerPanner\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-04]
CHR Extension: (New Tab Helper 4449) - C:\Users\MannerPanner\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmkcedjopgcilkapfjcmjfmckgpoakha [2016-07-18]
CHR Extension: (Google Docs Offline) - C:\Users\MannerPanner\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-16]
CHR Extension: (Avast Online Security) - C:\Users\MannerPanner\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2017-08-16]
CHR Extension: (NetBeans Connector) - C:\Users\MannerPanner\AppData\Local\Google\Chrome\User Data\Default\Extensions\hafdlehgocfcodbgjnpecfajgkeejnaa [2015-09-10]
CHR Extension: (Night Vision) - C:\Users\MannerPanner\AppData\Local\Google\Chrome\User Data\Default\Extensions\hamjjddlcjfininpcaoankggglkblckb [2016-09-29]
CHR Extension: (Pano View) - C:\Users\MannerPanner\AppData\Local\Google\Chrome\User Data\Default\Extensions\ljocfimgoablkhddbgakcbgfhdoamkhi [2017-03-17]
CHR Extension: (Chrome Web Store Payments) - C:\Users\MannerPanner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-21]
CHR Extension: (Gmail) - C:\Users\MannerPanner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-28]
CHR Extension: (Chrome Media Router) - C:\Users\MannerPanner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-08-07]
CHR HKLM-x32\...\Chrome\Extension: [daanglpcpkjjlkhcbladppjphglbigam] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-05-04] (Advanced Micro Devices, Inc.) [File not signed]
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7452288 2017-08-31] (AVAST Software s.r.o.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [275208 2017-08-31] (AVAST Software)
S3 Creative ALchemy AL6 Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [79360 2015-07-14] (Creative Labs) [File not signed]
S3 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2015-07-27] (Creative Labs) [File not signed]
R2 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [307200 2008-11-18] (Creative Technology Ltd) [File not signed]
R2 DraftSight API Service; C:\Program Files\Dassault Systemes\DraftSight\bin\dsHttpApiService.exe [121344 2017-02-21] (Dassault Systèmes) [File not signed]
R2 flexihub; D:\Extra Programs\Flexihub\flexihub64.exe [4531912 2016-06-29] (ELTIMA Software)
S3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [248832 2009-05-18] (Hewlett-Packard Co.) [File not signed]
R2 lxdx_device; C:\Windows\system32\lxdxcoms.exe [1039872 2009-10-16] ( ) [File not signed]
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6058960 2017-08-07] (Malwarebytes)
S3 VSStandardCollectorService140; D:\Extra Programs\VB2015\Team Tools\DiagnosticsHub\Collector\StandardCollector.Service.exe [52968 2015-07-07] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AODDriver4.1; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [55936 2011-11-13] (Advanced Micro Devices)
R1 aswbidsdriver; C:\Windows\system32\drivers\aswbidsdrivera.sys [320528 2017-08-31] (AVAST Software s.r.o.)
R0 aswbidsh; C:\Windows\system32\drivers\aswbidsha.sys [198976 2017-08-31] (AVAST Software s.r.o.)
R0 aswblog; C:\Windows\system32\drivers\aswbloga.sys [343296 2017-08-31] (AVAST Software s.r.o.)
R0 aswbuniv; C:\Windows\system32\drivers\aswbuniva.sys [57736 2017-08-31] (AVAST Software s.r.o.)
S3 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [47016 2017-08-31] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [41832 2017-08-31] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [147784 2017-08-31] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [110376 2017-08-31] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\drivers\aswRvrt.sys [84416 2017-08-31] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1016384 2017-08-31] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [590880 2017-08-31] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [199312 2017-09-18] (AVAST Software)
R0 aswVmm; C:\Windows\system32\drivers\aswVmm.sys [361336 2017-08-31] (AVAST Software)
R3 debutfilter; C:\Windows\System32\DRIVERS\debutfilterx64.sys [34512 2017-01-13] ()
R3 ELTIMA_USB_HUB_FILTER; C:\Windows\System32\drivers\fusbhub.sys [103560 2016-03-31] (ELTIMA Software)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [77440 2017-08-24] ()
R3 eustub; C:\Windows\System32\DRIVERS\eusbstub.sys [20616 2016-03-31] (ELTIMA Software)
S3 evserial8; C:\Windows\System32\DRIVERS\evserial8.sys [21128 2016-03-30] (ELTIMA Software)
R2 MBAMChameleon; C:\Windows\system32\drivers\MBAMChameleon.sys [192960 2017-09-23] (Malwarebytes)
R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [101824 2017-09-23] (Malwarebytes)
R3 MBAMProtection; C:\Windows\system32\drivers\mbam.sys [45472 2017-09-23] (Malwarebytes)
R0 MBAMSwissArmy; C:\Windows\System32\drivers\MBAMSwissArmy.sys [253888 2017-09-23] (Malwarebytes)
R3 MBAMWebProtection; C:\Windows\system32\drivers\mwac.sys [84256 2017-09-24] (Malwarebytes)
S3 usbUDisc; C:\Windows\System32\DRIVERS\USBDrv_AMD64.sys [18392 2013-01-25] (Scott)
R1 VBoxNetAdp; C:\Windows\System32\DRIVERS\VBoxNetAdp6.sys [119712 2016-06-16] (Oracle Corporation)
R1 VBoxNetLwf; C:\Windows\System32\DRIVERS\VBoxNetLwf.sys [192864 2016-06-16] (Oracle Corporation)
S3 VBoxUSB; C:\Windows\System32\Drivers\VBoxUSB.sys [115208 2014-11-24] (Oracle Corporation)
R3 VSBC8; C:\Windows\System32\DRIVERS\evsbc8.sys [104584 2016-03-30] (ELTIMA Software)
R3 vuhub; C:\Windows\System32\DRIVERS\vuhub.sys [118408 2016-03-31] (ELTIMA Software)
S3 VUSB3HUB; C:\Windows\System32\DRIVERS\ViaHub3.sys [225792 2014-10-31] (VIA Technologies, Inc.)
S3 xhcdrv; C:\Windows\System32\DRIVERS\xhcdrv.sys [305664 2014-10-31] (VIA Technologies, Inc.)
S3 LVPr2M64; system32\DRIVERS\LVPr2M64.sys [X]
S3 MSICDSetup; \??\D:\CDriver64.sys [X]
S3 NTIOLib_1_0_C; \??\D:\NTIOLib_X64.sys [X]
S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-09-24 18:47 - 2017-09-24 18:47 - 000000000 ____D C:\FRST
2017-09-24 18:46 - 2017-09-24 18:47 - 000000000 ____D C:\Users\MannerPanner\Desktop\fix
2017-09-23 18:17 - 2017-09-23 18:17 - 000000000 ____D C:\ProgramData\SWCUTemp
2017-09-23 00:55 - 2017-09-23 00:55 - 000000000 _____ C:\Windows\SysWOW64\last.dump
2017-09-23 00:39 - 2017-09-24 18:10 - 000084256 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2017-09-23 00:39 - 2017-09-23 00:59 - 000101824 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2017-09-23 00:39 - 2017-09-23 00:58 - 000045472 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2017-09-23 00:39 - 2017-09-23 00:39 - 000192960 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMChameleon.sys
2017-09-23 00:38 - 2017-09-23 00:58 - 000253888 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-09-23 00:38 - 2017-09-23 00:38 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-09-23 00:38 - 2017-09-23 00:38 - 000000000 ____D C:\ProgramData\MB2Migration
2017-09-23 00:38 - 2017-09-23 00:38 - 000000000 ____D C:\Program Files\Malwarebytes
2017-09-23 00:38 - 2017-08-24 11:27 - 000077440 _____ C:\Windows\system32\Drivers\mbae64.sys
2017-09-23 00:37 - 2017-09-23 00:37 - 068408664 _____ (Malwarebytes ) C:\Users\MannerPanner\Downloads\mb3-setup-consumer-3.2.2.2029.exe
2017-09-22 18:46 - 2011-12-25 03:54 - 170861445 _____ C:\Users\MannerPanner\Desktop\SLN Chistmas.MOV
2017-09-22 04:26 - 2017-09-22 04:26 - 000041506 _____ C:\Users\MannerPanner\Documents\S4 insurance claim.html
2017-09-22 04:26 - 2017-09-22 04:26 - 000000000 ____D C:\Users\MannerPanner\Documents\S4 insurance claim_files
2017-09-21 19:43 - 2017-09-21 19:46 - 024455128 _____ C:\Users\MannerPanner\Downloads\OTONI PERFECT.mp4
2017-09-20 01:51 - 2017-09-20 01:53 - 102237633 _____ C:\Users\MannerPanner\Downloads\yummy bbw studio.mp4
2017-09-20 01:47 - 2017-09-20 01:49 - 094612199 _____ C:\Users\MannerPanner\Downloads\yummy bbw in blue.mp4
2017-09-20 01:38 - 2017-09-20 01:40 - 093759087 _____ C:\Users\MannerPanner\Downloads\yummy bbw.mp4
2017-09-19 00:59 - 2017-09-19 00:59 - 000103996 _____ C:\Users\MannerPanner\Documents\tin toy arcade order.html
2017-09-19 00:59 - 2017-09-19 00:59 - 000000000 ____D C:\Users\MannerPanner\Documents\tin toy arcade order_files
2017-09-18 02:57 - 2017-09-18 02:58 - 018606822 _____ C:\Users\MannerPanner\Downloads\majorbimbo un dildos soft butt.mp4
2017-09-18 02:52 - 2017-09-18 02:52 - 002793617 _____ C:\Users\MannerPanner\Downloads\bitchucklover user name.mp4
2017-09-17 03:27 - 2017-09-17 03:31 - 190086228 _____ C:\Users\MannerPanner\Downloads\marina visconti beautiful eyes.mp4
2017-09-16 19:20 - 2017-09-16 19:25 - 039152251 _____ C:\Users\MannerPanner\Downloads\hot blue eye brunette bj.mp4
2017-09-13 01:37 - 2017-09-13 01:39 - 081234515 _____ C:\Users\MannerPanner\Downloads\scarlette rose brunette hottie.mp4
2017-09-13 01:17 - 2017-09-13 01:20 - 149624603 _____ C:\Users\MannerPanner\Downloads\molly manson cute little spinner.mp4
2017-09-12 19:52 - 2017-09-12 19:53 - 197268576 _____ C:\Users\MannerPanner\Downloads\couple comes hom and [bleep]s.mp4
2017-09-12 19:48 - 2017-09-12 19:50 - 097688170 _____ C:\Users\MannerPanner\Downloads\couple [bleep]s on couch.mp4
2017-09-12 19:44 - 2017-09-12 19:44 - 000000015 _____ C:\Users\MannerPanner\Desktop\sites.txt
2017-09-12 19:39 - 2017-09-12 19:41 - 096799575 _____ C:\Users\MannerPanner\Downloads\russian couple sex on couch.mp4
2017-09-11 19:26 - 2017-09-11 19:31 - 052706930 _____ C:\Users\MannerPanner\Downloads\Brooke Wylde.mp4
2017-09-11 19:14 - 2017-09-11 19:19 - 061101676 _____ C:\Users\MannerPanner\Downloads\Lexi Davis.mp4
2017-09-07 16:05 - 2017-09-07 16:05 - 000610393 _____ C:\Users\MannerPanner\Documents\homemadeprimercourse.pdf
2017-09-06 16:29 - 2017-09-06 16:30 - 047253505 _____ C:\Users\MannerPanner\Downloads\YouPorn_-_huge-tits-with-puffy-nipples.mp4
2017-09-06 16:27 - 2017-09-06 16:27 - 057281694 _____ C:\Users\MannerPanner\Downloads\YouPorn_-_nubile-films-ebbi-cums-on-a-stiff-[bleep].mp4
2017-09-06 16:23 - 2017-09-06 16:23 - 073436400 _____ C:\Users\MannerPanner\Downloads\YouPorn_-_nubiles-films-ebbi-wont-stop-till-the-sperm-starts-to-flow.mp4
2017-09-06 16:13 - 2017-09-06 16:13 - 053204163 _____ C:\Users\MannerPanner\Downloads\iwia [bleep].mp4
2017-09-06 15:41 - 2017-09-06 15:41 - 000637001 _____ C:\Users\MannerPanner\Downloads\puff nip hj.mp4
2017-09-06 02:07 - 2017-09-06 02:15 - 049157207 _____ C:\Users\MannerPanner\Downloads\kate england.mp4
2017-09-06 01:40 - 2017-09-06 01:56 - 199414004 _____ C:\Users\MannerPanner\Downloads\mia khalifa.mp4
2017-08-31 16:45 - 2017-08-31 16:45 - 000401488 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2017-08-26 21:02 - 2017-08-26 21:02 - 000000700 _____ C:\Users\MannerPanner\Documents\morgen.txt
2017-08-26 05:50 - 2017-08-26 05:51 - 006734376 _____ C:\Users\MannerPanner\Downloads\doggie style [bleep].mp4

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-09-24 18:39 - 2017-05-28 01:59 - 000000000 ____D C:\Users\MannerPanner\AppData\LocalLow\Mozilla
2017-09-24 04:09 - 2009-07-14 00:45 - 000029392 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-09-24 04:09 - 2009-07-14 00:45 - 000029392 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-09-23 00:56 - 2009-07-14 01:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2017-09-23 00:38 - 2015-01-11 22:50 - 000000000 ____D C:\ProgramData\Malwarebytes
2017-09-23 00:36 - 2015-08-02 23:57 - 000000000 ____D C:\Users\MannerPanner\Documents\Visual Studio 2015
2017-09-22 19:10 - 2016-12-26 18:52 - 000000000 ____D C:\Users\MannerPanner\AppData\Roaming\ActivePresenter
2017-09-20 04:49 - 2015-01-18 12:23 - 000007344 _____ C:\Users\MannerPanner\Desktop\smokers outlet online dot com.txt
2017-09-18 16:45 - 2014-12-24 22:28 - 000199312 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys
2017-09-05 11:47 - 2017-03-15 13:14 - 000000000 ___RD C:\Program Files (x86)\Skype
2017-09-05 11:47 - 2016-09-10 16:37 - 000000000 ____D C:\ProgramData\Skype
2017-09-04 19:14 - 2017-03-09 15:32 - 000004172 _____ C:\Windows\System32\Tasks\Avast Emergency Update
2017-09-04 19:11 - 2016-07-15 03:32 - 000003882 _____ C:\Windows\System32\Tasks\SafeZone scheduled Autoupdate 1468567940
2017-09-04 19:05 - 2017-05-28 01:59 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-09-04 19:05 - 2015-12-03 14:19 - 000000000 ____D C:\Program Files\Common Files\AV
2017-09-04 19:05 - 2014-12-24 19:57 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-08-31 16:45 - 2014-12-24 22:28 - 000590880 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2017-08-31 16:45 - 2014-12-24 22:28 - 000361336 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2017-08-31 16:45 - 2014-12-24 22:28 - 000147784 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2017-08-31 16:45 - 2014-12-24 22:28 - 000110376 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2017-08-31 16:45 - 2014-12-24 22:28 - 000084416 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2017-08-31 16:45 - 2014-12-24 22:28 - 000047016 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2017-08-31 16:44 - 2017-03-09 15:31 - 000343296 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbloga.sys
2017-08-31 16:44 - 2017-03-09 15:31 - 000320528 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbidsdrivera.sys
2017-08-31 16:44 - 2017-03-09 15:31 - 000198976 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbidsha.sys
2017-08-31 16:44 - 2017-03-09 15:31 - 000057736 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbuniva.sys
2017-08-31 16:44 - 2016-07-11 23:41 - 000041832 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2017-08-31 16:44 - 2014-12-24 22:28 - 001016384 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2017-08-28 19:49 - 2014-12-24 22:30 - 000002195 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-08-28 18:06 - 2016-10-17 04:06 - 000000000 ____D C:\Users\MannerPanner\AppData\Roaming\vlc

==================== Files in the root of some directories =======

2017-03-10 06:03 - 2017-05-13 20:10 - 000000346 _____ () C:\Users\MannerPanner\AppData\Roaming\.ptbt0
2017-01-13 19:26 - 2017-01-13 19:26 - 000001181 _____ () C:\Users\MannerPanner\AppData\Roaming\trace_FilterInstaller.txt
2017-01-13 19:26 - 2017-01-13 19:26 - 000000000 _____ () C:\Users\MannerPanner\AppData\Roaming\trace_FilterInstaller.txt-CRT.txt
2014-12-24 22:00 - 2014-12-24 22:00 - 000000041 _____ () C:\Users\MannerPanner\AppData\Roaming\WB.CFG
2015-06-11 13:53 - 2015-06-11 13:53 - 000003584 _____ () C:\Users\MannerPanner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2017-04-01 00:03 - 2017-04-01 00:03 - 000009036 _____ () C:\Users\MannerPanner\AppData\Local\recently-used.xbel
2015-01-15 23:57 - 2015-01-15 23:57 - 000000000 _____ () C:\Users\MannerPanner\AppData\Local\{82E53B15-3DBE-4E54-8625-5AA958BCDDC2}
2014-12-24 20:24 - 2014-12-24 20:29 - 000000368 _____ () C:\ProgramData\hpzinstall.log

Some files in TEMP:
====================
2010-12-30 23:07 - 2010-12-30 23:07 - 000086880 ____R (Microsoft Corporation) C:\Users\MannerPanner\AppData\Local\Temp\devcon64.exe
2016-07-20 06:11 - 2016-07-20 06:11 - 000741440 _____ (Oracle Corporation) C:\Users\MannerPanner\AppData\Local\Temp\jre-8u101-windows-au.exe
2016-10-19 06:11 - 2016-10-19 06:11 - 000737856 _____ (Oracle Corporation) C:\Users\MannerPanner\AppData\Local\Temp\jre-8u111-windows-au.exe
2017-07-23 00:43 - 2017-07-23 00:43 - 000739904 _____ (Oracle Corporation) C:\Users\MannerPanner\AppData\Local\Temp\jre-8u141-windows-au.exe
2017-07-30 00:43 - 2017-07-30 00:43 - 000740416 _____ (Oracle Corporation) C:\Users\MannerPanner\AppData\Local\Temp\jre-8u144-windows-au.exe
2015-10-21 06:11 - 2015-10-21 06:11 - 000585824 _____ (Oracle Corporation) C:\Users\MannerPanner\AppData\Local\Temp\jre-8u65-windows-au.exe
2015-11-23 07:11 - 2015-11-23 07:11 - 000585824 _____ (Oracle Corporation) C:\Users\MannerPanner\AppData\Local\Temp\jre-8u66-windows-au.exe
2016-01-20 07:11 - 2016-01-20 07:11 - 000644704 _____ (Oracle Corporation) C:\Users\MannerPanner\AppData\Local\Temp\jre-8u71-windows-au.exe
2016-02-08 07:11 - 2016-02-08 07:11 - 000736352 _____ (Oracle Corporation) C:\Users\MannerPanner\AppData\Local\Temp\jre-8u73-windows-au.exe
2016-03-28 06:11 - 2016-03-28 06:11 - 000736320 _____ (Oracle Corporation) C:\Users\MannerPanner\AppData\Local\Temp\jre-8u77-windows-au.exe
2016-04-20 06:11 - 2016-05-30 06:10 - 000739904 _____ (Oracle Corporation) C:\Users\MannerPanner\AppData\Local\Temp\jre-8u91-windows-au.exe
2013-04-10 00:25 - 2013-04-10 00:25 - 001044048 ____N (CANON INC.) C:\Users\MannerPanner\AppData\Local\Temp\MSETUP4.EXE
2006-11-02 16:19 - 2006-11-02 16:19 - 000145184 ____R (Microsoft Corporation) C:\Users\MannerPanner\AppData\Local\Temp\ose00000.exe
2006-11-02 16:19 - 2006-11-02 16:19 - 000145184 ____R (Microsoft Corporation) C:\Users\MannerPanner\AppData\Local\Temp\ose00001.exe
2010-03-16 10:11 - 2010-03-16 10:11 - 000149352 ____R (Microsoft Corporation) C:\Users\MannerPanner\AppData\Local\Temp\ose00002.exe
2015-07-29 19:21 - 2016-05-18 17:25 - 000192512 _____ () C:\Users\MannerPanner\AppData\Local\Temp\sfamcc00001.dll
2015-02-10 13:56 - 2015-02-10 13:56 - 000105984 _____ () C:\Users\MannerPanner\AppData\Local\Temp\sfextra.dll
2017-03-15 13:12 - 2017-03-15 13:12 - 014456872 _____ (Microsoft Corporation) C:\Users\MannerPanner\AppData\Local\Temp\vc_redist.x86.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-09-10 00:34

==================== End of FRST.txt ============================

And "Addition"

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24-09-2017
Ran by MannerPanner (24-09-2017 18:48:45)
Running from C:\Users\MannerPanner\Desktop\fix
Windows 7 Professional Service Pack 1 (X64) (2014-12-24 23:09:18)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-2771466343-972908901-1180683727-500 - Administrator - Disabled)
Guest (S-1-5-21-2771466343-972908901-1180683727-501 - Limited - Disabled)
MannerPanner (S-1-5-21-2771466343-972908901-1180683727-1000 - Administrator - Enabled) => C:\Users\MannerPanner

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

ActivePresenter (HKLM-x32\...\{A2A40277-D807-4754-95A3-2F294C2C51D3}_is1) (Version: 6.0.5 - Atomi Systems, Inc.)
Adobe Flash Player 25 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 25.0.0.171 - Adobe Systems Incorporated)
Adobe Photoshop 7.0 (HKLM-x32\...\Adobe Photoshop 7.0) (Version: 7.0 - Adobe Systems, Inc.)
AIM 7 (HKLM-x32\...\AIM_7) (Version: - )
AMD Catalyst Install Manager (HKLM\...\{DD562794-C098-A1E5-66ED-10E8BD1C84C5}) (Version: 3.0.864.0 - Advanced Micro Devices, Inc.)
Apache Tomcat 8.0.15 (HKLM\...\nbi-tomcat-8.0.15.0.0) (Version: - )
Application Insights Tools for Visual Studio 2015 (HKLM-x32\...\{9F429DF7-F8DD-4980-9673-E6DACA012F6C}) (Version: 3.3 - Microsoft Corporation) Hidden
Audacity 2.1.0 (HKLM-x32\...\Audacity_is1) (Version: 2.1.0 - Audacity Team)
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 17.6.2310 - AVAST Software)
Azure AD Authentication Connected Service (HKLM-x32\...\{3FEAC561-1CF6-41D6-B0F3-BECDD9C88A1B}) (Version: 14.0.23107 - Microsoft Corporation) Hidden
AzureTools.Notifications (HKLM-x32\...\{1E5CA362-39B6-4BD0-B9C0-69CF15F0FEA2}) (Version: 2.7.30611.1601 - Microsoft Corporation) Hidden
Blend for Visual Studio SDK for .NET 4.5 (HKLM-x32\...\{37E53780-3944-4A6A-842F-727128E8616E}) (Version: 3.0.40218.0 - Microsoft Corporation) Hidden
BufferChm (HKLM-x32\...\{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}) (Version: 130.0.327.000 - Hewlett-Packard) Hidden
Cakewalk Pro Audio 9 (HKLM-x32\...\Cakewalk Pro Audio 9) (Version: - )
Canon IJ Network Scanner Selector EX (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX) (Version: - Canon Inc.)
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: 3.3.0 - Canon Inc.)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version: - Canon Inc.)
Canon MG3500 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG3500_series) (Version: 1.00 - Canon Inc.)
Canon MG3500 series On-screen Manual (HKLM-x32\...\Canon MG3500 series On-screen Manual) (Version: 7.6.1 - Canon Inc.)
Canon MG3500 series User Registration (HKLM-x32\...\Canon MG3500 series User Registration) (Version: - ‭Canon Inc.)
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.1.0 - Canon Inc.)
Canon Utilities EOS Utility (HKLM-x32\...\EOS Utility) (Version: 2.3.1.3 - Canon Inc.)
Canon Utilities PhotoStitch (HKLM-x32\...\PhotoStitch) (Version: 3.1.21.45 - Canon Inc.)
Control Center for KODAK Webcams (HKLM-x32\...\Control Center for KODAK Webcams) (Version: - )
Creative ALchemy (HKLM-x32\...\ALchemy) (Version: 1.43 - Creative Technology Limited)
Creative Audio Control Panel (HKLM-x32\...\AudioCS) (Version: 2.56 - Creative Technology Limited)
Creative MediaSource 5 (HKLM-x32\...\{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}) (Version: 5.26 - Creative Technology Limited)
Creative Software AutoUpdate (HKLM-x32\...\Creative Software AutoUpdate) (Version: 1.40 - Creative Technology Limited)
Creative Sound Blaster Properties x64 Edition (HKLM-x32\...\Creative Sound Blaster Properties x64 Edition) (Version: - )
Creative WaveStudio 7 (HKLM-x32\...\WaveStudio 7) (Version: 7.14 - Creative Technology Limited)
Data Lifeguard Diagnostic for Windows 1.27 (HKLM-x32\...\{519C4DB6-B53B-4F5C-8297-89B2BE949FA5}_is1) (Version: - Western Digital Corporation)
DebugMode Wax 2.0 (HKLM-x32\...\DebugMode Wax 2.0) (Version: - )
Debut Video Capture Software (HKLM-x32\...\Debut) (Version: 3.07 - NCH Software)
Destinations (HKLM-x32\...\{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}) (Version: 130.0.0.0 - Hewlett-Packard) Hidden
DocProc (HKLM-x32\...\{9B362566-EC1B-4700-BB9C-EC661BDE2175}) (Version: 13.0.0.0 - Hewlett-Packard) Hidden
Dotfuscator and Analytics Community Edition 5.18.1 (HKLM-x32\...\{9890DF1A-10E9-4236-94B1-1EFAA4099F13}) (Version: 5.18.1.2898 - PreEmptive Solutions) Hidden
DraftSight 2017 SP1 x64 (HKLM\...\{B1574FBB-7FFA-47A8-8AB9-8819E5B05277}) (Version: 17.1.0096 - Dassault Systemes)
Entity Framework 6.1.3 Tools for Visual Studio 2015 (HKLM-x32\...\{1A8A9739-BAD7-491F-B5B9-A79A2B965422}) (Version: 14.0.40302.0 - Microsoft Corporation)
Entity Framework Designer for Visual Studio 2012 - enu (HKLM-x32\...\{32136776-FE3F-453D-80DA-CDD993BDB2A3}) (Version: 11.1.20810.00 - Microsoft Corporation)
Exif Pilot 5.0 (HKLM-x32\...\Exif Pilot_is1) (Version: 5.0 - Two Pilots)
Express Zip File Compression (HKLM-x32\...\ExpressZip) (Version: 3.03 - NCH Software)
ffdshow [rev 2527] [2008-12-19] (HKLM-x32\...\ffdshow_is1) (Version: 1.0 - )
FlexiHub (HKLM\...\FlexiHub_is1) (Version: 2.6 (Build 2.6.9127) - ELTIMA Software)
FLV.com FLV Downloader 11.6 (HKLM-x32\...\{1a413f37-ed88-4fec-9666-76FAF2D9B362}) (Version: 11.6 - GreenTree Applications SRL)
GIMP 2.8.18 (HKLM\...\GIMP-2_is1) (Version: 2.8.18 - The GIMP Team)
GIMP Extensions 2.8.20150403 (HKLM\...\GIMP Extensions) (Version: 2.8.20150403 - Pedro Cunha)
GlassFish Server Open Source Edition 4.1 (HKLM\...\nbi-glassfish-mod-4.1.0.13.0) (Version: - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 60.0.3112.113 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
GPBaseService2 (HKLM-x32\...\{63FF21C9-A810-464F-B60A-3111747B1A6D}) (Version: 130.0.367.000 - Hewlett-Packard) Hidden
HandBrake 1.0.3 (HKLM-x32\...\HandBrake) (Version: 1.0.3 - )
HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP)
HP Photosmart Essential 3.5 (HKLM\...\HP Photosmart Essential) (Version: 3.5 - HP)
HP Scanjet G3010 (HKLM\...\{3B3FA519-42F3-4534-B867-960481329CFC}) (Version: 13.0 - HP)
HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP)
HP Update (HKLM-x32\...\{7059BDA7-E1DB-442C-B7A1-6144596720A4}) (Version: 4.000.011.006 - Hewlett-Packard)
hpg3010 (HKLM-x32\...\{11B47315-4D03-4684-AA7F-E962524C738E}) (Version: 14.0.0.0 - Hewlett-Packard) Hidden
HPPhotosmartEssential (HKLM-x32\...\{D79113E7-274C-470B-BD46-01B10219DF6A}) (Version: 2.04.0000 - Hewlett-Packard) Hidden
HPProductAssistant (HKLM-x32\...\{C43326F5-F135-4551-8270-7F7ABA0462E1}) (Version: 130.0.367.000 - Hewlett-Packard) Hidden
Hugin (HKLM\...\{C64F9956-580A-4D11-AFA0-C567B2A17B7B}) (Version: 16.2.0.0 - Hugin developer team)
IIS 10.0 Express (HKLM\...\{5984D8DA-C1AF-4284-9C88-D7150425B315}) (Version: 10.0.1734 - Microsoft Corporation)
IIS Express Application Compatibility Database for x64 (HKLM\...\{08274920-8908-45c2-9258-8ad67ff77b09}.sdb) (Version: - )
IIS Express Application Compatibility Database for x86 (HKLM\...\{ad846bae-d44b-4722-abad-f7420e08bcd9}.sdb) (Version: - )
Java 8 Update 111 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180111F0}) (Version: 8.0.1110.14 - Oracle Corporation)
Java SE Development Kit 8 Update 51 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180510}) (Version: 8.0.510.16 - Oracle Corporation)
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version: - )
Macromedia Flash MX (HKLM-x32\...\{3BE480ED-E17A-431A-981C-5C2EDDBCD3BF}) (Version: 6 - Macromedia)
Malwarebytes version 3.2.2.2029 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.2.2.2029 - Malwarebytes)
Microsoft .NET Framework 4.5 Multi-Targeting Pack (HKLM-x32\...\{56E962F0-4FB0-3C67-88DB-9EAA6EEFC493}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5 SDK (HKLM-x32\...\{1948E039-EC79-4591-951D-9867A8C14C90}) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (ENU) (HKLM-x32\...\{D3517C62-68A5-37CF-92F7-93C029A89681}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (HKLM-x32\...\{6A0C6700-EA93-372C-8871-DCCF13D160A4}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 SDK (HKLM-x32\...\{19A5926D-66E1-46FC-854D-163AA10A52D3}) (Version: 4.5.51641 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 Multi-Targeting Pack (ENU) (HKLM-x32\...\{290FC320-2F5A-329E-8840-C4193BD7A9EE}) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 Multi-Targeting Pack (HKLM-x32\...\{B941AFB4-8851-33A1-9E72-0C33D463C41C}) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.6 SDK (HKLM-x32\...\{B5915D37-0637-4A26-A3AA-C5DC9F856370}) (Version: 4.6.00081 - Microsoft Corporation)
Microsoft .NET Framework 4.6 Targeting Pack (ENU) (HKLM-x32\...\{3D3CEBE6-40EA-4C48-97FD-73828281AB4A}) (Version: 4.6.00081 - Microsoft Corporation)
Microsoft .NET Framework 4.6 Targeting Pack (HKLM-x32\...\{2CC6A4A7-AAC2-46C9-9DBB-3727B5954F65}) (Version: 4.6.00081 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Version Manager (x64) 1.0.0-beta5 (HKLM\...\{c5a4aba3-1aba-3ef8-b2d5-c3fa37f59738}) (Version: 1.0.10609.0 - Microsoft Corporation)
Microsoft Help Viewer 2.0 (HKLM-x32\...\Microsoft Help Viewer 2.0) (Version: 2.0.50727 - Microsoft Corporation)
Microsoft Help Viewer 2.2 (HKLM-x32\...\Microsoft Help Viewer 2.2) (Version: 2.2.23107 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft SQL Server 2012 Command Line Utilities (HKLM\...\{9D573E71-1077-4C7E-B4DB-4E22A5D2B48B}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Data-Tier App Framework (HKLM\...\{36E619BC-A234-4EC3-849B-779A7C865A45}) (Version: 11.0.2316.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Data-Tier App Framework (HKLM-x32\...\{FBA6F90E-36EC-4FC9-9B25-3834E3BD46A8}) (Version: 11.0.2316.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Express LocalDB (HKLM\...\{13D558FE-A863-402C-B115-160007277033}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects (HKLM-x32\...\{DA1C1761-5F4F-4332-AB9D-29EDF3F8EA0A}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects (x64) (HKLM\...\{FA0A244E-F3C2-4589-B42A-3D522DE79A42}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client (HKLM\...\{49D665A2-4C2A-476E-9AB8-FCC425F526FC}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Transact-SQL Compiler Service (HKLM\...\{BEB0F91E-F2EA-48A1-B938-7857ABF2A93D}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Transact-SQL ScriptDom (HKLM\...\{0E8670B8-3965-4930-ADA6-570348B67153}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 T-SQL Language Service (HKLM-x32\...\{6D6D43E5-218C-4B05-92D3-2240810F4760}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2014 Management Objects (HKLM-x32\...\{2774595F-BC2A-4B12-A25B-0C37A37049B0}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Management Objects (x64) (HKLM\...\{1F9EB3B6-AED7-4AA7-B8F1-8E314B74B2A5}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Transact-SQL ScriptDom (HKLM\...\{020CDFE0-C127-4047-B571-37C82396B662}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 T-SQL Language Service (HKLM-x32\...\{47D08E7A-92A1-489B-B0BF-415516497BCE}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 SP1 x64 ENU (HKLM\...\{78909610-D229-459C-A936-25D92283D3FD}) (Version: 4.0.8876.1 - Microsoft Corporation)
Microsoft SQL Server Data Tools - enu (11.1.20828.01) (HKLM-x32\...\{4F2B8233-35EE-4197-8C3B-EACCBF712029}) (Version: 11.1.20828.01 - Microsoft Corporation)
Microsoft SQL Server Data Tools - enu (14.0.50616.0) (HKLM-x32\...\{58246C80-3941-4B69-AE31-264644E2ADB8}) (Version: 14.0.50616.0 - Microsoft Corporation)
Microsoft SQL Server Data Tools Build Utilities - enu (11.1.20828.01) (HKLM-x32\...\{FAE0523E-08A4-4717-8E8E-6EC6F32CBE88}) (Version: 11.1.20828.01 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (HKLM-x32\...\{E2082604-4BA5-44BB-BBFB-AF0F3CB8C6AB}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (x64) (HKLM\...\{F1949145-EB64-4DE7-9D81-E6D27937146C}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM\...\{68BA34E8-9B9D-4A74-83F0-7D366B532D75}) (Version: 12.0.2402.11 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM-x32\...\{718FFB65-F6E4-4D62-861F-ED10ED32C936}) (Version: 12.0.2402.11 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23026 (HKLM-x32\...\{e46eca4f-393b-40df-9f49-076faf788d83}) (Version: 14.0.23026.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio Community 2015 (HKLM-x32\...\{50b32652-69d2-4b93-9316-edcd12067b8b}) (Version: 14.0.23107.10 - Microsoft Corporation)
Microsoft Web Deploy 3.6 (HKLM\...\{ED4CC1E5-043E-4157-8452-B5E533FE2BA1}) (Version: 3.1238.1955 - Microsoft Corporation)
Mozilla Firefox 55.0.3 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 55.0.3 (x86 en-US)) (Version: 55.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 55.0.3.6445 - Mozilla)
MPC-HC 1.7.10 (64-bit) (HKLM\...\{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1) (Version: 1.7.10 - MPC-HC Team)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
msxml4 (HKLM-x32\...\{5AE3D9F1-9E9E-4015-8787-E22705AA32C5}) (Version: 1.0.0 - Default Company Name)
Multi-Device Hybrid Apps using C# - Templates - ENU (HKLM-x32\...\{12D99739-FFD3-3761-8AA6-F929E0FE407E}) (Version: 14.0.23107 - Microsoft Corporation) Hidden
MyDriveConnect 4.0.0.2117 (HKLM-x32\...\MyDriveConnect) (Version: 4.0.0.2117 - TomTom)
NetBeans IDE 8.0.2 (HKLM\...\nbi-nb-base-8.0.2.0.201411181905) (Version: 8.0.2 - NetBeans.org)
NirSoft BlueScreenView (HKLM-x32\...\NirSoft BlueScreenView) (Version: - )
OCR Software by I.R.I.S. 13.0 (HKLM\...\HPOCR) (Version: 13.0 - HP)
OpenLibraries (HKLM-x32\...\OpenLibraries) (Version: - )
Oracle VM VirtualBox 5.0.22 (HKLM\...\{A961B9B7-C851-411E-907A-E7E96C631369}) (Version: 5.0.22 - Oracle Corporation)
PhoenixSuit (HKLM-x32\...\{6EF04997-3ADF-491E-84E1-09228A74BC30}) (Version: 1.0.8 - AllWinnerTech)
PreEmptive Analytics Visual Studio Components (HKLM-x32\...\{436A18DD-5F2C-4B3C-985E-AD3C13B0CC25}) (Version: 1.2.5134.1 - PreEmptive Solutions) Hidden
Prerequisites for SSDT (HKLM-x32\...\{21373064-AD95-48DB-A32E-0D9E08EF7355}) (Version: 12.0.2000.8 - Microsoft Corporation)
Prerequisites for SSDT (HKLM-x32\...\{9169C939-ED01-446A-BD0C-29873BAF4E48}) (Version: 11.0.2100.60 - Microsoft Corporation)
Ralink RT2870 Wireless LAN Card (HKLM-x32\...\{28DA7D8B-F9A4-4F18-8AA0-551B1E084D0D}) (Version: 1.5.12.0 - Ralink)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.53.216.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6782 - Realtek Semiconductor Corp.)
Roslyn Language Services - x86 (HKLM-x32\...\{5B47029B-1E62-30FF-906E-694851C22782}) (Version: 14.0.23107 - Microsoft Corporation) Hidden
Roslyn Language Services - x86 (HKLM-x32\...\{6C1985E7-E1C5-3A95-86EF-2C62465F15C3}) (Version: 14.0.23107 - Microsoft Corporation) Hidden
SafeZone Stable 4.58.2552.909 (HKLM-x32\...\SafeZone 4.58.2552.909) (Version: 4.58.2552.909 - Avast Software) Hidden
Scan (HKLM-x32\...\{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}) (Version: 13.0.0.0 - Hewlett-Packard) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Skype™ 7.40 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.40.103 - Skype Technologies S.A.)
SolutionCenter (HKLM-x32\...\{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}) (Version: 130.0.369.000 - Hewlett-Packard) Hidden
SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version: - )
Team Explorer for Microsoft Visual Studio 2015 (HKLM-x32\...\{791295AE-3B0A-3222-9E69-26C8C106E8D1}) (Version: 14.0.23102 - Microsoft Corporation) Hidden
Test Tools for Microsoft Visual Studio 2015 (HKLM-x32\...\{9EABBFE1-7EED-47D9-8FB8-21D7E4808057}) (Version: 14.0.23107 - Microsoft Corporation) Hidden
TypeScript Power Tool (HKLM-x32\...\{6E3FB6C9-8C3C-45D4-BD9E-AECA430EE8E0}) (Version: 1.5.3.0 - Microsoft Corporation) Hidden
TypeScript Tools for Microsoft Visual Studio 2015 (HKLM-x32\...\{EA2C2406-C25C-4845-842F-360EFEA4CDCE}) (Version: 1.5.3.0 - Microsoft Corporation) Hidden
TypeScript Tools for Microsoft Visual Studio 2015 1.5.3.0 (HKLM-x32\...\{7f54b430-3428-4775-aeae-531e46185ec6}) (Version: 1.5.23115.0 - Microsoft Corporation)
Update for (KB2504637) (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation)
Visual Studio C++ 10.0 Runtime (HKLM-x32\...\{4412F224-3849-4461-A3E9-DEEF8D252790}) (Version: 10.0.0 - TomTom International B.V.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
WCF Data Services 5.6.4 Runtime (HKLM-x32\...\{DB85E7BD-B2DD-43D4-B3C0-23D7B527B597}) (Version: 5.6.62175.4 - Microsoft Corporation) Hidden
WCF Data Services Tools for Microsoft Visual Studio 2015 (HKLM-x32\...\{0A3B508E-5638-4471-BCC9-954E1868CB86}) (Version: 5.6.62175.4 - Microsoft Corporation) Hidden
WebReg (HKLM-x32\...\{43CDF946-F5D9-4292-B006-BA0D92013021}) (Version: 130.0.128.017 - Hewlett-Packard) Hidden
Winamp (HKLM-x32\...\Winamp) (Version: 5.666 - Nullsoft, Inc)
Windows Driver Package - Google, Inc. (WinUSB) AndroidUsbDeviceClass (08/27/2012 7.0.0000.00001) (HKLM\...\450B7CBC371CAEC6A328083977AA7A09E7AE5D29) (Version: 08/27/2012 7.0.0000.00001 - Google, Inc.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

HKU\S-1-5-21-2771466343-972908901-1180683727-1000\...\ChromeHTML: -> <==== ATTENTION
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-08-31] (AVAST Software)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-08-31] (AVAST Software)
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-08-31] (AVAST Software)
ContextMenuHandlers1: [ExpressZip] -> {8EEA165E-0B8B-4BA7-9796-50214C767171} => C:\Program Files (x86)\NCH Software\ExpressZip\ezcm64.dll [2017-03-17] ()
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-08-31] (AVAST Software)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atiacm64.dll [2012-05-04] (Advanced Micro Devices, Inc.)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-08-31] (AVAST Software)
ContextMenuHandlers6: [ExpressZip] -> {8EEA165E-0B8B-4BA7-9796-50214C767171} => C:\Program Files (x86)\NCH Software\ExpressZip\ezcm64.dll [2017-03-17] ()

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0006C113-F30E-40B5-AC66-44E562FCA28D} - System32\Tasks\SafeZone scheduled Autoupdate 1468567940 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2017-08-04] (Avast Software)
Task: {0222E554-9D75-4245-998E-6007B7C436B2} - System32\Tasks\TinyTakeUpgrade => C:\Users\MannerPanner\AppData\Local\MangoApps\TinyTake by MangoApps\TinyTake.exe
Task: {12C12974-96BA-4A5D-BC51-03D9CD9A5BDD} - System32\Tasks\avastBCLRestartS-1-5-21-2771466343-972908901-1180683727-1000 => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
Task: {138EBB68-B8DE-40EA-BE92-1C1C9BEEB06B} - System32\Tasks\{82E74451-2453-4566-85D2-390B829C27A8} => C:\Windows\system32\pcalua.exe -a "D:\programs\flash mx\Macromedia Flash MX Serial (1).exe" -d "D:\programs\flash mx"
Task: {1CBFF46F-9B5F-424A-8A4A-64E87B2BDD81} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2017-08-31] (AVAST Software)
Task: {3C644219-1AB4-4594-A657-6E03CC847CBF} - System32\Tasks\{FB2B0D0F-A38E-4FCD-A665-94EA39CB3B05} => C:\Windows\system32\pcalua.exe -a C:\Windows\IsUninst.exe -c -f"d:\extra programs\Cakewalk\CWPA9_Uninst.isu"
Task: {6EF96A2F-3171-4942-A4ED-D12E377F0184} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {722F2A4B-636A-47E0-93FF-E58F7971786F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {82764188-124F-4A58-ACB3-C43A8663AC79} - System32\Tasks\{5D40DA97-87E7-40FA-9550-A6893EC80B20} => C:\Windows\system32\pcalua.exe -a E:\applications\cakewalkv9\cakewalk90\Setup.exe -d E:\applications\cakewalkv9\cakewalk90
Task: {E27050E3-EE49-4038-9DFD-FDD391F44077} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

Shortcut: C:\Users\MannerPanner\Favorites\NCH Software Download Site.lnk -> hxxp://www.nchsoftware.com/index.htm

ShortcutWithArgument: C:\Users\MannerPanner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Pano View.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=ljocfimgoablkhddbgakcbgfhdoamkhi

==================== Loaded Modules (Whitelisted) ==============

2015-03-02 18:03 - 2009-10-16 19:12 - 000177664 _____ () C:\Windows\system32\spool\PRTPROCS\x64\lxdxdrpp.dll
2017-09-23 00:38 - 2017-08-24 11:27 - 002264528 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2013-09-05 00:17 - 2013-09-05 00:17 - 004300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:23 - 2010-10-20 15:23 - 008801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2017-03-17 11:51 - 2017-03-17 11:51 - 000105984 _____ () C:\Program Files (x86)\NCH Software\ExpressZip\ezcm64.dll
2017-08-31 16:44 - 2017-08-31 16:44 - 000067408 _____ () C:\Program Files\AVAST Software\Avast\x64\module_lifetime.dll
2017-08-31 16:44 - 2017-08-31 16:44 - 000169832 _____ () c:\Program Files\AVAST Software\Avast\x64\vaarclient.dll
2017-08-31 16:44 - 2017-08-31 16:44 - 000824944 _____ () C:\Program Files\AVAST Software\Avast\x64\ffl2.dll
2017-08-31 16:44 - 2017-08-31 16:44 - 000286712 _____ () c:\Program Files\AVAST Software\Avast\x64\StreamBack.dll
2012-05-04 16:40 - 2012-05-04 16:40 - 000103424 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2012-05-04 16:47 - 2012-05-04 16:47 - 000369152 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2017-08-31 16:44 - 2017-08-31 16:44 - 000059040 _____ () C:\Program Files\AVAST Software\Avast\module_lifetime.dll
2017-08-31 16:44 - 2017-08-31 16:44 - 000167096 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2017-08-31 16:44 - 2017-08-31 16:44 - 000211904 _____ () C:\Program Files\AVAST Software\Avast\event_routing_rpc.dll
2017-08-31 16:44 - 2017-08-31 16:44 - 000241960 _____ () C:\Program Files\AVAST Software\Avast\tasks_core.dll
2017-08-31 16:44 - 2017-08-31 16:44 - 000149568 _____ () C:\Program Files\AVAST Software\Avast\network_notifications.dll
2017-09-22 12:19 - 2017-09-22 12:19 - 005903912 _____ () C:\Program Files\AVAST Software\Avast\defs\17092206\algo.dll
2017-08-31 16:44 - 2017-08-31 16:44 - 000685688 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2017-08-31 16:44 - 2017-08-31 16:44 - 000241448 _____ () C:\Program Files\AVAST Software\Avast\streamback.dll
2017-09-24 08:55 - 2017-09-24 08:55 - 005904424 _____ () C:\Program Files\AVAST Software\Avast\defs\17092400\algo.dll
2015-07-14 19:00 - 2009-02-06 18:52 - 000073728 _____ () C:\Windows\SysWOW64\CmdRtr.DLL
2015-07-14 19:00 - 2009-07-10 09:07 - 000166912 _____ () C:\Windows\SysWOW64\APOMngr.DLL
2017-07-20 03:50 - 2017-07-20 03:50 - 067109376 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2017-08-31 16:44 - 2017-08-31 16:44 - 000233768 _____ () C:\Program Files\AVAST Software\Avast\gaming_mode_ui.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 22:34 - 2017-06-12 00:42 - 000000826 _____ C:\Windows\system32\Drivers\etc\hosts

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2771466343-972908901-1180683727-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\MannerPanner\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\startupreg: Aim => "C:\Program Files (x86)\AIM\aim.exe" /d locale=en-US
MSCONFIG\startupreg: BCSSync => "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
MSCONFIG\startupreg: eM Client => "C:\Program Files (x86)\eM Client\MailClient.exe" /startup
MSCONFIG\startupreg: HP Software Update => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{3C1E3724-E18D-4EC4-9DDF-D02CF71D1613}] => (Allow) C:\Program Files (x86)\AIM\aim.exe
FirewallRules: [{24FF4E50-4EED-4266-A696-CEF31342DE59}] => (Allow) C:\Program Files (x86)\AIM\aim.exe
FirewallRules: [{DB9D7316-0262-4260-8E7E-2D9327C18DD6}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqkygrp.exe
FirewallRules: [{DD0D7A32-B409-489A-A5FD-2DC9C976E517}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpfccopy.exe
FirewallRules: [{6363C17F-F899-4B6B-8D4B-FA9C47BA94CE}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpiscnapp.exe
FirewallRules: [{CFE74F8F-62AE-47A0-9C05-F2C6198D6C33}] => (Allow) C:\Program Files (x86)\common files\hp\digital imaging\bin\hpqphotocrm.exe
FirewallRules: [{DD15E850-F5D3-4A9D-92CB-CD883C567A72}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqsudi.exe
FirewallRules: [{4C3F10D3-F11F-4AA7-B0B4-7B8C68A536EC}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqpsapp.exe
FirewallRules: [{0A41911E-9DA4-45A3-90DC-2499D6FA6634}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqpse.exe
FirewallRules: [{E1BD01A9-C880-4C4F-8904-37EDC2D465C0}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgplgtupl.exe
FirewallRules: [{8E5BBEBB-1CCE-4B07-83F5-A2B19C6B6F18}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
FirewallRules: [{57FAD0AD-CC13-438A-83C5-1C2BE8544868}] => (Allow) C:\Program Files (x86)\HP\hp software update\hpwucli.exe
FirewallRules: [{F88577E1-83A5-48BA-938F-8B66A3A09BB1}] => (Allow) C:\Program Files (x86)\AIM\aim.exe
FirewallRules: [{21B36FEF-B1B2-4674-97F9-515E8B8FBE0A}] => (Allow) C:\Program Files (x86)\AIM\aim.exe
FirewallRules: [{4B0B6F6E-4004-4927-A12F-8B3096EDAD45}] => (Allow) C:\Program Files (x86)\Dell V305\dldtamon.exe
FirewallRules: [{AAD14008-8BD9-452F-ABA3-DDD1DA752B24}] => (Allow) C:\Program Files (x86)\Dell V305\dldtamon.exe
FirewallRules: [{1FC30F6F-5C0C-4A23-92BB-856AB5149915}] => (Allow) C:\Program Files (x86)\Dell V305\dldtamon.exe
FirewallRules: [{CE1B0A21-5DE4-4307-90D0-7AE8C152344A}] => (Allow) C:\Program Files (x86)\Dell V305\dldtamon.exe
FirewallRules: [{3580CA4C-CC75-418A-B0EF-2D8F35A324FE}] => (Allow) C:\Program Files (x86)\Dell V305\frun.exe
FirewallRules: [{8426ADAF-D6FA-4E1E-A20D-8210E0ACB3F8}] => (Allow) C:\Program Files (x86)\Dell V305\frun.exe
FirewallRules: [{33636CDF-081C-4054-9903-B36DDBA56F30}] => (Allow) C:\Program Files (x86)\Dell V305\frun.exe
FirewallRules: [{8D4A0979-EDCE-4DF1-B293-A80A0E2887B3}] => (Allow) C:\Program Files (x86)\Dell V305\frun.exe
FirewallRules: [{20FFA078-3A32-4038-A116-857032C57E92}] => (Allow) C:\Windows\System32\lxdxcoms.exe
FirewallRules: [{098550D8-13C1-463E-9383-7070DF6508F8}] => (Allow) C:\Windows\System32\lxdxcoms.exe
FirewallRules: [{830FE0BE-1A23-4019-A86A-7EA69F2E6AD2}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{C89A6C46-4AF5-4FB2-B584-8642257D4F31}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{65C06A39-AC10-47FD-A903-C125B580F823}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{69EAF757-48F3-4953-BF60-F25C491BF5E5}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{C0AC5498-CC48-4801-BD13-3FC612B1A517}] => (Allow) D:\Extra Programs\Winamp\winamp.exe
FirewallRules: [{71EA348D-4A50-4412-BFE5-0B7378690361}] => (Allow) D:\Extra Programs\Winamp\winamp.exe
FirewallRules: [{C590A62A-24D3-4E06-AD39-CFA0E464B2FC}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{52CEB0ED-62D8-4136-9A2F-4BE667A53405}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [TCP Query User{BCE41088-4C27-495B-A723-34A6EA4462EA}D:\extra programs\net beans ide\netbeans 8.0.2\bin\netbeans64.exe] => (Allow) D:\extra programs\net beans ide\netbeans 8.0.2\bin\netbeans64.exe
FirewallRules: [UDP Query User{D136E6DC-79A1-4475-B455-674B24471F5D}D:\extra programs\net beans ide\netbeans 8.0.2\bin\netbeans64.exe] => (Allow) D:\extra programs\net beans ide\netbeans 8.0.2\bin\netbeans64.exe
FirewallRules: [{EF62D1A4-2EC0-48A4-BAAE-E9685AFEE799}] => (Allow) D:\Extra Programs\VB2015\Common7\IDE\devenv.exe
FirewallRules: [{5C9D56A2-1E4A-4E60-A5C2-8E981FF229D3}] => (Allow) D:\Extra Programs\Flexihub\flexihub64.exe
FirewallRules: [{26A3C1F2-CE5D-4E82-8881-1654D3BBD037}] => (Allow) D:\Extra Programs\Flexihub\flexihub-gui.exe
FirewallRules: [{D834C143-0C4B-4954-8474-9609BD41BD43}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{17319100-8FFC-4331-A711-E60F7CB5387C}] => (Allow) D:\Extra Programs\ActivePresenter\ActivePresenter.exe
FirewallRules: [{56D1B73B-C2C8-4D8F-A5DC-2BF1081B98CD}] => (Allow) D:\Extra Programs\ActivePresenter\ActivePresenter.exe
FirewallRules: [{F32EB09D-F6DE-4AE0-BE79-4615E1119370}] => (Allow) D:\Extra Programs\ActivePresenter\rlhtmlrenderer.exe
FirewallRules: [{D3C0EAEF-53A8-4A99-8BC4-2D80AAA00828}] => (Allow) D:\Extra Programs\ActivePresenter\rlhtmlrenderer.exe
FirewallRules: [{7A624003-BBA3-41D0-857E-2E0769023522}] => (Allow) D:\Extra Programs\ActivePresenter\rlactivator.exe
FirewallRules: [{FC851DB8-38F6-40B1-933E-22C439E90C63}] => (Allow) D:\Extra Programs\ActivePresenter\rlactivator.exe
FirewallRules: [{3050F56D-3FD8-42C4-8174-671483340E4B}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\4.58.2552.909\SZBrowser.exe
FirewallRules: [{3C54AB2A-BB0B-4520-8FDA-AB54BBA59DCE}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{7ED92AA5-F578-414A-9ECD-485E8E9CFAA6}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\4.58.2552.909_0\SZBrowser.exe

==================== Restore Points =========================

23-09-2017 02:59:03 Scheduled Checkpoint

==================== Faulty Device Manager Devices =============

Name: hp scanjet
Description: hp scanjet
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: USB Device(VID_1f3a_PID_efe8)
Description: USB Device(VID_1f3a_PID_efe8)
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: USB Devices
Service: usbUDisc
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

==================== Event log errors: =========================

Application errors:
==================
Error: (08/28/2017 06:07:14 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: winamp.exe, version: 5.6.6.3516, time stamp: 0x52aa753e
Faulting module name: MSVCR90.dll, version: 9.0.30729.6161, time stamp: 0x4dace5b9
Exception code: 0xc0000417
Fault offset: 0x00059d8a
Faulting process id: 0x1f44
Faulting application start time: 0x01d32049dbdf867f
Faulting application path: D:\Extra Programs\Winamp\winamp.exe
Faulting module path: C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\MSVCR90.dll
Report Id: 3ebb9708-8c3d-11e7-a08a-d43d7eb62193

Error: (08/05/2017 08:45:25 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: DraftSight.exe, version: 17.1.0.12557, time stamp: 0x58ac068d
Faulting module name: DraftSight.exe, version: 17.1.0.12557, time stamp: 0x58ac068d
Exception code: 0xc0000005
Fault offset: 0x000000000002adb7
Faulting process id: 0xe44
Faulting application start time: 0x01d30de88f721e69
Faulting application path: C:\Program Files\Dassault Systemes\DraftSight\bin\DraftSight.exe
Faulting module path: C:\Program Files\Dassault Systemes\DraftSight\bin\DraftSight.exe
Report Id: f368d44c-79db-11e7-b204-d43d7eb62193

Error: (08/05/2017 08:32:49 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: DraftSight.exe, version: 17.1.0.12557, time stamp: 0x58ac068d
Faulting module name: DraftSight.exe, version: 17.1.0.12557, time stamp: 0x58ac068d
Exception code: 0xc0000005
Fault offset: 0x000000000002adb7
Faulting process id: 0xe80
Faulting application start time: 0x01d30de6c3a9e464
Faulting application path: C:\Program Files\Dassault Systemes\DraftSight\bin\DraftSight.exe
Faulting module path: C:\Program Files\Dassault Systemes\DraftSight\bin\DraftSight.exe
Report Id: 30de582e-79da-11e7-b204-d43d7eb62193

Error: (08/05/2017 08:06:53 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: draftsight.exe, version: 17.1.0.12557, time stamp: 0x58ac068d
Faulting module name: draftsight.exe, version: 17.1.0.12557, time stamp: 0x58ac068d
Exception code: 0xc0000005
Fault offset: 0x000000000002adb7
Faulting process id: 0xe54
Faulting application start time: 0x01d30de30c0cae12
Faulting application path: C:\Program Files\Dassault Systemes\DraftSight\bin\draftsight.exe
Faulting module path: C:\Program Files\Dassault Systemes\DraftSight\bin\draftsight.exe
Report Id: 9134b7f2-79d6-11e7-bbb1-d43d7eb62193

Error: (08/02/2017 06:57:23 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program flvcomdownloader.exe version 11.6.0.1 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: b14

Start Time: 01d30b77ac140cff

Termination Time: 5

Application Path: D:\Extra Programs\flv\FLV Downloader\flvcomdownloader.exe

Report Id: 5960e58c-7771-11e7-bbd4-d43d7eb62193

Error: (06/29/2017 02:58:55 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Photoshop.exe version 7.0.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 7e0

Start Time: 01d2f0a507eb93c0

Termination Time: 10

Application Path: C:\Program Files (x86)\Adobe\Photoshop 7.0\Photoshop.exe

Report Id: 674c7391-5c98-11e7-b58e-d43d7eb62193

Error: (03/26/2017 09:15:46 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SAFlashPlayer.exe, version: 6.0.21.0, time stamp: 0x3c85aaa3
Faulting module name: SAFlashPlayer.exe, version: 6.0.21.0, time stamp: 0x3c85aaa3
Exception code: 0xc0000005
Fault offset: 0x00029275
Faulting process id: 0x9f0
Faulting application start time: 0x01d2a696cb59bccb
Faulting application path: C:\Program Files (x86)\Macromedia\Flash MX\Players\SAFlashPlayer.exe
Faulting module path: C:\Program Files (x86)\Macromedia\Flash MX\Players\SAFlashPlayer.exe
Report Id: e7775eb0-128a-11e7-9bef-d43d7eb62193

Error: (03/26/2017 09:09:28 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SAFlashPlayer.exe, version: 6.0.21.0, time stamp: 0x3c85aaa3
Faulting module name: SAFlashPlayer.exe, version: 6.0.21.0, time stamp: 0x3c85aaa3
Exception code: 0xc0000005
Fault offset: 0x00032f8b
Faulting process id: 0xbc4
Faulting application start time: 0x01d2a696c0c5d6bf
Faulting application path: C:\Program Files (x86)\Macromedia\Flash MX\Players\SAFlashPlayer.exe
Faulting module path: C:\Program Files (x86)\Macromedia\Flash MX\Players\SAFlashPlayer.exe
Report Id: 0636b6f1-128a-11e7-9bef-d43d7eb62193

Error: (03/12/2017 05:50:31 AM) (Source: Windows Search Service) (EventID: 7042) (User: )
Description: The Windows Search Service is being stopped because there is a problem with the indexer: The catalog is corrupt.

Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

Error: (03/12/2017 05:50:31 AM) (Source: Windows Search Service) (EventID: 7040) (User: )
Description: The search service has detected corrupted data files in the index {id=4400}. The service will attempt to automatically correct this problem by rebuilding the index.

Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

System errors:
=============
Error: (09/23/2017 01:11:55 AM) (Source: volsnap) (EventID: 36) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.

Error: (09/23/2017 01:00:38 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}
and APPID
{344ED43D-D086-4961-86A6-1106F4ACAD9B}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

Error: (09/23/2017 01:00:17 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.

Error: (09/17/2017 03:30:43 AM) (Source: volsnap) (EventID: 36) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.

Error: (09/09/2017 11:51:41 PM) (Source: volsnap) (EventID: 36) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.

Error: (09/09/2017 11:47:28 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Windows Update service hung on starting.

Error: (09/09/2017 11:42:42 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}
and APPID
{344ED43D-D086-4961-86A6-1106F4ACAD9B}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

Error: (09/09/2017 11:42:14 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}
and APPID
{344ED43D-D086-4961-86A6-1106F4ACAD9B}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

Error: (09/09/2017 11:40:08 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 11:37:42 PM on ‎9/‎9/‎2017 was unexpected.

Error: (09/04/2017 10:51:21 PM) (Source: volsnap) (EventID: 36) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.

CodeIntegrity:
===================================
Date: 2016-08-27 17:53:25.811
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\VBoxDrv.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-08-27 17:53:25.780
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\VBoxUSBMon.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-08-27 17:53:25.624
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\VBoxNetLwf.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-08-27 17:53:25.593
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\VBoxNetAdp6.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-08-27 17:53:24.875
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\aswKbd.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-08-27 17:53:24.470
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\aswSnx.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-08-19 17:44:07.779
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\VBoxDrv.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-08-19 17:44:07.748
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\VBoxUSBMon.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-08-19 17:44:07.530
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\VBoxNetLwf.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-08-19 17:44:07.436
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\VBoxNetAdp6.sys because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Processor: AMD A8-3850 APU with Radeon™ HD Graphics
Percentage of memory in use: 34%
Total physical RAM: 7660.71 MB
Available physical RAM: 4987.63 MB
Total Virtual: 15319.61 MB
Available Virtual: 12568.23 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:74.5 GB) (Free:15.32 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (Large Drive ) (Fixed) (Total:931.51 GB) (Free:695.92 GB) NTFS
Drive f: () (Removable) (Total:3.67 GB) (Free:3.67 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 74.5 GB) (Disk ID: D0F4738C)
Partition 1: (Active) - (Size=74.5 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 2A7B8F19)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (Size: 3.7 GB) (Disk ID: 00000000)

Partition: GPT.

==================== End of Addition.txt ============================

#4
zep516

Posted 24 September 2017 - 05:24 PM

Trusted Helper

Malware Removal
8,093 posts

Hello,

Not seeing any type of keylogger or any other files / software like that. There are a few Items in the log that we can take care of though.

A few items to fix

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
Open notepad (Start =>All Programs => Accessories => Notepad).
Copy/Paste the contents of the code box below into Notepad.

start
CloseProcesses:
CreateRestorePoint:
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
GroupPolicy: Restriction <==== ATTENTION
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =  
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =  
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =  
SearchScopes: HKU\S-1-5-21-2771466343-972908901-1180683727-1000 -> DefaultScope {BEEE778D-C358-4AE2-80FC-EB1C64FABAFF} URL =  
S3 LVPr2M64; system32\DRIVERS\LVPr2M64.sys [X]
S3 MSICDSetup; \??\D:\CDriver64.sys [X]
S3 NTIOLib_1_0_C; \??\D:\NTIOLib_X64.sys [X]
S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [X]
HKU\S-1-5-21-2771466343-972908901-1180683727-1000\...\ChromeHTML: ->  <==== ATTENTION
CMD: bitsadmin /reset /allusers
CMD: ipconfig /flushdns
Emptytemp:

Click Format and ensure Wordwrap is unchecked.
Save as Fixlist.txt to your Desktop (Must be in this location)
Run FRST/FRST64 and press the Fix button just once and wait.
If the tool needed a restart please make sure you let the system to restart normally and let the tool completes its run after restart.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

Note: If the tool warns you about the version you're using being an outdated version please download and run the updated version.

#5
'puter gunna die

Posted 24 September 2017 - 06:17 PM

Member

Topic Starter
Member
49 posts

Fix result of Farbar Recovery Scan Tool (x64) Version: 24-09-2017
Ran by MannerPanner (24-09-2017 19:59:37) Run:1
Running from C:\Users\MannerPanner\Desktop\fix
Loaded Profiles: MannerPanner (Available Profiles: MannerPanner)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start
CloseProcesses:
CreateRestorePoint:
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
GroupPolicy: Restriction <==== ATTENTION
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2771466343-972908901-1180683727-1000 -> DefaultScope {BEEE778D-C358-4AE2-80FC-EB1C64FABAFF} URL =
S3 LVPr2M64; system32\DRIVERS\LVPr2M64.sys [X]
S3 MSICDSetup; \??\D:\CDriver64.sys [X]
S3 NTIOLib_1_0_C; \??\D:\NTIOLib_X64.sys [X]
S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [X]
HKU\S-1-5-21-2771466343-972908901-1180683727-1000\...\ChromeHTML: -> <==== ATTENTION
CMD: bitsadmin /reset /allusers
CMD: ipconfig /flushdns
Emptytemp:

*****************

Processes closed successfully.
Restore point was successfully created.
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender => key removed successfully
C:\Windows\system32\GroupPolicy\Machine => moved successfully
C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully
C:\Windows\SysWOW64\GroupPolicy\GPT.ini => moved successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKU\S-1-5-21-2771466343-972908901-1180683727-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKLM\System\CurrentControlSet\Services\LVPr2M64 => key removed successfully
LVPr2M64 => service removed successfully
HKLM\System\CurrentControlSet\Services\MSICDSetup => key removed successfully
MSICDSetup => service removed successfully
HKLM\System\CurrentControlSet\Services\NTIOLib_1_0_C => key removed successfully
NTIOLib_1_0_C => service removed successfully
HKLM\System\CurrentControlSet\Services\VBoxNetFlt => key removed successfully
VBoxNetFlt => service removed successfully
HKU\S-1-5-21-2771466343-972908901-1180683727-1000_Classes\ChromeHTML => key removed successfully

========= bitsadmin /reset /allusers =========

BITSADMIN version 3.0 [ 7.5.7601 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

{DD094175-E54D-4226-8678-D54DC9148DD6} canceled.
{A8D0026B-7326-4D13-B3F3-72A9FFCAB1CF} canceled.
2 out of 2 jobs canceled.

========= End of CMD: =========

========= ipconfig /flushdns =========

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 136864536 B
Java, Flash, Steam htmlcache => 22876 B
Windows/system/drivers => 688125848 B
Edge => 0 B
Chrome => 837859546 B
Firefox => 389126463 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 66228 B
Public => 0 B
ProgramData => 0 B
systemprofile => 58502742 B
systemprofile32 => 70952 B
LocalService => 66448 B
NetworkService => 1596362 B
MannerPanner => 853474970 B

RecycleBin => 0 B
EmptyTemp: => 2.8 GB temporary data Removed.

================================

The system needed a reboot.

==== End of Fixlog 20:01:44 ====

#6
'puter gunna die

Posted 24 September 2017 - 06:18 PM

Member

Topic Starter
Member
49 posts

This system has two hard disks so you know.

#7
'puter gunna die

Posted 24 September 2017 - 06:30 PM

Member

Topic Starter
Member
49 posts

Oh and I ran malwarebytes before I contacted you. Just in case there was anything related there.

Attached Files

MBAMSERVICE.LOG 984.23KB 344 downloads

#8
'puter gunna die

Posted 25 September 2017 - 01:55 AM

Member

Topic Starter
Member
49 posts

I meant I ran malwarebytes as a prerequisite to opening this thread. It had found some items I forgot about, so I remembered it now.

#9
zep516

Posted 25 September 2017 - 08:33 AM

Trusted Helper

Malware Removal
8,093 posts

Run Malwarebytes again and post the log this way,

Posting the Malwarebytes log.

After the restart once you are back at your desktop, open MBAM once more.
Click on the History tab > Application Logs.
Double click on the Scan Log which shows the Date and time of the scan just performed.
Click 'Export'.
Click 'Text file (*.txt)'
In the Save File dialog box which appears, click on Desktop.
In the File name: box type a name for your scan log.
A message box named 'File Saved' should appear stating "Your file has been successfully exported".
Click Ok
post that saved log to your next reply.

#10
'puter gunna die

Posted 26 September 2017 - 03:22 AM

Member

Topic Starter
Member
49 posts

Okay so Malwarebytes did what appears to be a succession of scans on it's own, which may be part of their premium trial or whatever. I'm just going to post all of those from the history since I began investigating on the 23rd.

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 9/23/17
Scan Time: 12:39 AM
Log File: 31c922cc-a019-11e7-bf1a-d43d7eb62193.json
Administrator: Yes

-Software Information-
Version: 3.2.2.2029
Components Version: 1.0.188
Update Package Version: 1.0.2866
License: Trial

-System Information-
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: MP8\MannerPanner

-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 371024
Threats Detected: 34
Threats Quarantined: 34
Time Elapsed: 8 min, 33 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 1
PUP.Optional.BrowserExtensions, C:\Users\MannerPanner\AppData\Roaming\BrowserExtensions\BEHelper.exe, Quarantined, [13725], [236175],1.0.2866

Module: 1
PUP.Optional.BrowserExtensions, C:\Users\MannerPanner\AppData\Roaming\BrowserExtensions\BEHelper.exe, Quarantined, [13725], [236175],1.0.2866

Registry Key: 13
PUP.Optional.BrowserExtensions, HKU\S-1-5-21-2771466343-972908901-1180683727-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{3A787631-66A2-4634-B928-A37E73B58FB6}, Quarantined, [13725], [236175],1.0.2866
PUP.Optional.BrowserExtensions, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{34A0D84B-CDDC-4EC4-AFDD-4F1DDE1D14E5}, Quarantined, [13725], [236175],1.0.2866
PUP.Optional.BrowserExtensions, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{34A0D84B-CDDC-4EC4-AFDD-4F1DDE1D14E5}, Quarantined, [13725], [236175],1.0.2866
PUP.Optional.BrowserExtensions, HKLM\SOFTWARE\CLASSES\CLSID\{34A0D84B-CDDC-4EC4-AFDD-4F1DDE1D14E5}, Quarantined, [13725], [236175],1.0.2866
PUP.Optional.BrowserExtensions, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{34A0D84B-CDDC-4EC4-AFDD-4F1DDE1D14E5}, Quarantined, [13725], [236175],1.0.2866
PUP.Optional.BrowserExtensions, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{34A0D84B-CDDC-4EC4-AFDD-4F1DDE1D14E5}, Quarantined, [13725], [236175],1.0.2866
PUP.Optional.BrowserExtensions, HKU\S-1-5-21-2771466343-972908901-1180683727-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{34A0D84B-CDDC-4EC4-AFDD-4F1DDE1D14E5}, Quarantined, [13725], [236175],1.0.2866
PUP.Optional.BrowserExtensions, HKU\S-1-5-21-2771466343-972908901-1180683727-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{34A0D84B-CDDC-4EC4-AFDD-4F1DDE1D14E5}, Quarantined, [13725], [236175],1.0.2866
PUP.Optional.BrowserExtensions, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{34A0D84B-CDDC-4EC4-AFDD-4F1DDE1D14E5}\InprocServer32, Quarantined, [13725], [236175],1.0.2866
PUP.Optional.BrowserExtensions, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{34A0D84B-CDDC-4EC4-AFDD-4F1DDE1D14E5}\InprocServer32, Quarantined, [13725], [236175],1.0.2866
PUP.Optional.BrowserExtensions, HKLM\SOFTWARE\CLASSES\CLSID\{34A0D84B-CDDC-4EC4-AFDD-4F1DDE1D14E5}\InprocServer32, Quarantined, [13725], [236175],1.0.2866
PUP.Optional.BrowserExtensions, HKU\S-1-5-21-2771466343-972908901-1180683727-1000\SOFTWARE\APPDATALOW\SOFTWARE\BROWSER EXTENSIONS, Quarantined, [13725], [236179],1.0.2866
PUP.Optional.Spigot, HKU\S-1-5-21-2771466343-972908901-1180683727-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{BEEE778D-C358-4AE2-80FC-EB1C64FABAFF}, Quarantined, [638], [243431],1.0.2866

Registry Value: 3
PUP.Optional.BrowserExtensions, HKU\S-1-5-21-2771466343-972908901-1180683727-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|Browser Extensions, Quarantined, [13725], [236175],1.0.2866
PUP.Optional.BrowserExtensions, HKU\S-1-5-21-2771466343-972908901-1180683727-1000\SOFTWARE\APPDATALOW\SOFTWARE\BROWSER EXTENSIONS|SS_VER, Quarantined, [13725], [236179],1.0.2866
PUP.Optional.Spigot, HKU\S-1-5-21-2771466343-972908901-1180683727-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{BEEE778D-C358-4AE2-80FC-EB1C64FABAFF}|URL, Quarantined, [638], [243431],1.0.2866

Registry Data: 1
PUP.Optional.Spigot, HKU\S-1-5-21-2771466343-972908901-1180683727-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|START PAGE, Replaced, [638], [293199],1.0.2866

Data Stream: 0
(No malicious items detected)

Folder: 1
PUP.Optional.BrowserExtensions, C:\USERS\MANNERPANNER\APPDATA\ROAMING\BROWSEREXTENSIONS, Quarantined, [13725], [236175],1.0.2866

File: 14
PUP.Optional.BrowserExtensions, C:\USERS\MANNERPANNER\APPDATA\ROAMING\BROWSEREXTENSIONS\UNINSTALL.EXE, Quarantined, [13725], [236175],1.0.2866
PUP.Optional.BrowserExtensions, C:\Users\MannerPanner\AppData\Roaming\BrowserExtensions\BEHelper.exe, Quarantined, [13725], [236175],1.0.2866
PUP.Optional.BrowserExtensions, C:\Users\MannerPanner\AppData\Roaming\BrowserExtensions\Button.exe, Quarantined, [13725], [236175],1.0.2866
PUP.Optional.BrowserExtensions, C:\Users\MannerPanner\AppData\Roaming\BrowserExtensions\Button64.exe, Quarantined, [13725], [236175],1.0.2866
PUP.Optional.BrowserExtensions, C:\Users\MannerPanner\AppData\Roaming\BrowserExtensions\ButtonWrap.dll, Quarantined, [13725], [236175],1.0.2866
PUP.Optional.BrowserExtensions, C:\Users\MannerPanner\AppData\Roaming\BrowserExtensions\ButtonWrap64.dll, Quarantined, [13725], [236175],1.0.2866
PUP.Optional.BrowserExtensions, C:\Users\MannerPanner\AppData\Roaming\BrowserExtensions\Coupons.dll, Quarantined, [13725], [236175],1.0.2866
PUP.Optional.BrowserExtensions, C:\Users\MannerPanner\AppData\Roaming\BrowserExtensions\Coupons64.dll, Quarantined, [13725], [236175],1.0.2866
PUP.Optional.Spigot, C:\USERS\MANNERPANNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QM9NWSUA.DEFAULT\SEARCHPLUGINS\YAHOO_FF.XML, Quarantined, [638], [243427],1.0.2866
PUP.Optional.Spigot, C:\USERS\MANNERPANNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QM9NWSUA.DEFAULT\PREFS.JS, Replaced, [638], [301667],1.0.2866
PUP.Optional.Spigot, C:\USERS\MANNERPANNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QM9NWSUA.DEFAULT\PREFS.JS, Replaced, [638], [303258],1.0.2866
PUP.Optional.Spigot, C:\PROGRAMDATA\FLV.COM FLV DOWNLOADER\YTD_INSTALLER.EXE, Quarantined, [638], [300859],1.0.2866
Generic.Malware/Suspicious, C:\USERS\MANNERPANNER\APPDATA\LOCAL\TEMP\{6D29ED71-8E6D-4703-9061-782D8C916361}\BROWSEREXTENSIONSSETUP.EXE, Quarantined, [0], [392686],1.0.2866
Adware.Downloader, C:\USERS\MANNERPANNER\APPDATA\LOCAL\TEMP\BDDE-B5A0-E1CA-0535.EXE, Quarantined, [535], [331683],1.0.2866

Physical Sector: 0
(No malicious items detected)

(end)

Next report.

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 9/24/17
Scan Time: 2:01 AM
Log File: ce8ef653-a0ed-11e7-9100-d43d7eb62193.json
Administrator: Yes

-Software Information-
Version: 3.2.2.2029
Components Version: 1.0.188
Update Package Version: 1.0.2872
License: Trial

-System Information-
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: System

-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 370557
Threats Detected: 2
Threats Quarantined: 0
(No malicious items detected)
Time Elapsed: 12 min, 49 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 2
PUP.Optional.Spigot, C:\USERS\MANNERPANNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QM9NWSUA.DEFAULT\PREFS.JS, No Action By User, [638], [301667],1.0.2872
PUP.Optional.Spigot, C:\USERS\MANNERPANNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QM9NWSUA.DEFAULT\PREFS.JS, No Action By User, [638], [303258],1.0.2872

Physical Sector: 0
(No malicious items detected)

(end)

The 25th September report.

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 9/25/17
Scan Time: 2:01 AM
Log File: f8e95f18-a1b6-11e7-88ed-d43d7eb62193.json
Administrator: Yes

-Software Information-
Version: 3.2.2.2029
Components Version: 1.0.188
Update Package Version: 1.0.2878
License: Trial

-System Information-
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: System

-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 368069
Threats Detected: 2
Threats Quarantined: 0
(No malicious items detected)
Time Elapsed: 10 min, 22 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 2
PUP.Optional.Spigot, C:\USERS\MANNERPANNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QM9NWSUA.DEFAULT\PREFS.JS, No Action By User, [638], [301667],1.0.2878
PUP.Optional.Spigot, C:\USERS\MANNERPANNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QM9NWSUA.DEFAULT\PREFS.JS, No Action By User, [638], [303258],1.0.2878

Physical Sector: 0
(No malicious items detected)

(end)

#11
'puter gunna die

Posted 26 September 2017 - 03:25 AM

Member

Topic Starter
Member
49 posts

Oh, and it did one on the 26th too. I foolishly did one manually, and no threats found on that second one, predictably.

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 9/26/17
Scan Time: 2:01 AM
Log File: 23627288-a280-11e7-82f8-d43d7eb62193.json
Administrator: Yes

-Software Information-
Version: 3.2.2.2029
Components Version: 1.0.188
Update Package Version: 1.0.2886
License: Trial

-System Information-
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: System

-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 368326
Threats Detected: 2
Threats Quarantined: 2
Time Elapsed: 12 min, 36 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 2
PUP.Optional.Spigot, C:\USERS\MANNERPANNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QM9NWSUA.DEFAULT\PREFS.JS, Replaced, [640], [301667],1.0.2886
PUP.Optional.Spigot, C:\USERS\MANNERPANNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QM9NWSUA.DEFAULT\PREFS.JS, Replaced, [640], [303258],1.0.2886

Physical Sector: 0
(No malicious items detected)

(end)

Second manual report (no threats).

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 9/26/17
Scan Time: 4:59 AM
Log File: 0d4004f2-a299-11e7-9aa1-d43d7eb62193.json
Administrator: Yes

-Software Information-
Version: 3.2.2.2029
Components Version: 1.0.188
Update Package Version: 1.0.2887
License: Trial

-System Information-
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: MP8\MannerPanner

-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 368402
Threats Detected: 0
(No malicious items detected)
Threats Quarantined: 0
(No malicious items detected)
Time Elapsed: 6 min, 5 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 0
(No malicious items detected)

Physical Sector: 0
(No malicious items detected)

(end)

#12
'puter gunna die

Posted 26 September 2017 - 03:27 AM

Member

Topic Starter
Member
49 posts

I did hardly any browsing on this win7 machine during this time due to being on Linux in the interim. Peculiar that it would have new objects found; just a thought.

#13
zep516

Posted 26 September 2017 - 04:29 PM

Trusted Helper

Malware Removal
8,093 posts

Hello,

Lets run 2 more adware scans, adwCleaner and JRT.

Next

Download AdwCleaner from here. Save the file to the desktop.
NOTE: If you are using IE 8 or above you may get a warning that stops the program from downloading. Just click on the warning and allow the download to complete.
Close all open windows and browsers.

XP users: Double click the AdwCleaner icon to start the program.
Vista/7/8 users: Right click the AdwCleaner icon on the desktop, click Run as administrator and accept the UAC prompt to run AdwCleaner.
You will see the following console:

Click the Scan button and wait for the scan to finish.
After the Scan has finished the window may or may not show what it found and above, in the progress bar, you will see: Pending. Please uncheck elements you don't want to remove.
Click the Clean button.
Everything checked will be moved to Quarantine.
When the program has finished cleaning a report appears.Once done it will ask to reboot, allow this

On reboot a log will be produced please copy / paste that in your next reply. This report is also saved to C:\AdwCleaner\AdwCleaner[C0].txt

Next

Please download Junkware Removal Tool to your Desktop.
Please close your security software to avoid potential conflicts. See Here how to disable you security protection (Anti Virus)
Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.
The tool will open and start scanning your system.
Please be patient as this can take a while to complete, depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
Please post the contents of JRT.txt into your reply.

#14
'puter gunna die

Posted 27 September 2017 - 02:15 AM

Member

Topic Starter
Member
49 posts

Just posting this then going to bed. Thanks again!

# AdwCleaner 7.0.2.1 - Logfile created on Wed Sep 27 07:44:08 2017
# Updated on 2017/29/08 by Malwarebytes
# Database: 09-23-2017.2
# Running on Windows 7 Professional (X64)
# Mode: scan
# Support: https://www.malwarebytes.com/support

***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

PUP.Optional.MalwareProtection, C:\Users\MannerPanner\AppData\Local\MalwareProtectionLive

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\CLSID\{A2970C7C-8392-4E6F-8B51-B763CF38E13C}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\CLSID\{3CCC052E-BDEE-408A-BEA7-90914EF2964B}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\CLSID\{61F47056-E400-43D3-AF1E-AB7DFFD4C4AD}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\CLSID\{E2B98EEA-EE55-4E9B-A8C1-6E5288DF785A}

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries.

*************************

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt ##########

AFTER RE-BOOT

# AdwCleaner 7.0.2.1 - Logfile created on Wed Sep 27 07:46:31 2017
# Updated on 2017/29/08 by Malwarebytes
# Running on Windows 7 Professional (X64)
# Mode: clean
# Support: https://www.malwarebytes.com/support

***** [ Services ] *****

No malicious services deleted.

***** [ Folders ] *****

Deleted: C:\Users\MannerPanner\AppData\Local\MalwareProtectionLive

***** [ Files ] *****

No malicious files deleted.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks deleted.

***** [ Registry ] *****

Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{A2970C7C-8392-4E6F-8B51-B763CF38E13C}
Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{3CCC052E-BDEE-408A-BEA7-90914EF2964B}
Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{61F47056-E400-43D3-AF1E-AB7DFFD4C4AD}
Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{E2B98EEA-EE55-4E9B-A8C1-6E5288DF785A}

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries deleted.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries deleted.

*************************

::Tracing keys deleted
::Winsock settings cleared
::Additional Actions: 0

*************************

C:/AdwCleaner/AdwCleaner[S0].txt - [1368 B] - [2017/9/27 7:44:8]

########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt ##########

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.4 (07.09.2017)
Operating System: Windows 7 Professional x64
Ran by MannerPanner (Administrator) on Wed 09/27/2017 at 3:59:07.87
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

File System: 8

Successfully deleted: C:\Users\MannerPanner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\92FM3TAZ (Temporary Internet Files Folder)
Successfully deleted: C:\Users\MannerPanner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HJQMJBVS (Temporary Internet Files Folder)
Successfully deleted: C:\Users\MannerPanner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L2NPLR7A (Temporary Internet Files Folder)
Successfully deleted: C:\Users\MannerPanner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TW7LS8X6 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\92FM3TAZ (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HJQMJBVS (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L2NPLR7A (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TW7LS8X6 (Temporary Internet Files Folder)

Deleted the following from C:\Users\MannerPanner\AppData\Roaming\Mozilla\Firefox\Profiles\qm9nwsua.default\prefs.js
user_pref(browser.startup.homepage, hxxps://search.yahoo.com/?type=313292&fr=spigot-yhp-ff|about:home);

Registry: 0

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 09/27/2017 at 4:03:55.77
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

#15
'puter gunna die

Posted 27 September 2017 - 02:19 AM

Member

Topic Starter
Member
49 posts

Just freaktab.com (android dev site) and social media visited today.

Back to Virus, Spyware, Malware Removal · Next Unread Topic →

Also tagged with one or more of these keywords: malware, keylogger, trojan, spyware

Security → Virus, Spyware, Malware Removal → Hijacked Windows defender [Closed] Started by relay , 17 Nov 2023 shell, spyware, keylogger and 2 more...	8 replies 3,050 views	DR M 23 Nov 2023
Security → Virus, Spyware, Malware Removal → Possible Malware infection - help request [Solved] Started by Maffu , 07 May 2023 malware, advapi and 1 more... 1 2 3 4	Hot 51 replies 12,735 views	DR M 26 Jun 2023
Security → Virus, Spyware, Malware Removal → Help getting started checking laptop for malware [Solved] Started by triedeverything , 12 Apr 2023 help, malware, spyware 1 2	Hot 19 replies 5,806 views	DR M 16 Apr 2023
Security → Virus, Spyware, Malware Removal → Trojan Backdoor activity 578 Started by spotted jaguar , 15 Oct 2022 trojan, backdoor, 578	1 reply 1,939 views	RKinner 15 Oct 2022
Security → Virus, Spyware, Malware Removal → Checkmate Ransomware detection / removal? Started by JcTcom , 18 Aug 2022 Checkmate, Ransomware, Virus and 5 more...	0 replies 1,864 views	JcTcom 18 Aug 2022