Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

c0000135 the program can't start because %hs is missing


  • This topic is locked This topic is locked
11 replies to this topic

#1 Aasir42

Aasir42

  • Members
  • 10 posts
  • OFFLINE
  •  

Posted 14 August 2015 - 05:18 PM

hi i really need help because i need my files and computer urgently

 

so ive used the farbar program thing. excuse me im not a tech geek so excuse my lingo 

 

Any help on what to do next would be appreciated

 

this is the log after scanning>>>:

 

 
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:14-08-2015 01
Ran by SYSTEM on MININT-K8CE52K (14-08-2015 21:43:41)
Running from g:\
Platform: Windows 7 Home Basic (X64) Language: English (United States)
Internet Explorer Version 11
Boot Mode: Recovery
 
Default: ControlSet001
ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [518784 2011-03-08] (Conexant Systems, Inc.)
HKLM\...\Run: [AtherosBtStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [790688 2011-04-29] (Atheros Commnucations)
HKLM\...\Run: [AthBtTray] => C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe [657568 2011-04-29] (Atheros Commnucations)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2284328 2011-02-14] (Synaptics Incorporated)
HKLM\...\Run: [btbb_McciTrayApp] => C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe [3457424 2011-05-26] (Alcatel-Lucent)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-02-12] (Apple Inc.)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [283160 2010-11-05] (Intel Corporation)
HKLM-x32\...\Run: [ISBMgr.exe] => C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe [2757312 2011-02-15] (Sony Corporation)
HKLM-x32\...\Run: [Norton Online Backup] => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [1155928 2010-06-01] (Symantec Corporation)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [PWRISOVM.EXE] => C:\Program Files (x86)\PowerISO\PWRISOVM.EXE [312376 2012-02-08] (Power Software Ltd)
HKLM-x32\...\Run: [BabylonToolbar] => C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.4.19.19\BabylonToolbarsrv.exe [286720 2010-11-07] (Babylon Ltd.)
HKLM-x32\...\Run: [UnlockerAssistant] => "C:\Program Files (x86)\Unlocker\unlockerassistant.exe"
HKLM-x32\...\Run: [SweetIM] => C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe [114992 2012-02-16] (SweetIM Technologies Ltd.)
HKLM-x32\...\Run: [Sweetpacks Communicator] => C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe [295728 2012-02-26] (SweetIM Technologies Ltd.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-02-12] (Apple Inc.)
HKLM-x32\...\Run: [mobilegeni daemon] => C:\Program Files (x86)\Mobogenie\DaemonProcess.exe
HKLM-x32\...\Run: [AVP] => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe [206448 2014-01-01] (Kaspersky Lab ZAO)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2014\avgui.exe [5212072 2015-07-29] (AVG Technologies CZ, s.r.o.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\klogon: C:\Windows\System32\klogon.dll (Kaspersky Lab ZAO)
HKLM\...26dfa299cadb\InprocServer32: [Authentication UI Logon UI] authuitu.dll <==== ATTENTION
HKU\Aasir\...\Run: [Elbserver] => C:\Program Files (x86)\Sony\Media Gallery\ElbServer.exe [83344 2011-04-02] (Sony Corporation)
HKU\Aasir\...\Run: [msnmsgr] => C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe [4240760 2010-11-10] (Microsoft Corporation)
HKU\Aasir\...\Run: [Advanced SystemCare 5] => C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe [620376 2011-12-29] (IObit)
HKU\Aasir\...\Run: [DAEMON Tools Lite] => "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
HKU\Aasir\...\Run: [VRLPHelper] => C:\Program Files (x86)\Sony\Media Gallery\VRLPHelper.exe [186768 2011-04-02] (Sony Corporation)
HKU\Aasir\...\Run: [OfficeSyncProcess] => C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE [720064 2015-03-18] (Microsoft Corporation)
HKU\Aasir\...\Run: [Spotify Web Helper] => C:\Users\Aasir\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1171968 2014-01-20] (Spotify Ltd)
HKU\Aasir\...\Run: [Optimizer Pro] => C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe [81952 2012-10-30] (PC Utilities Pro)
HKU\Aasir\...\Run: [Facebook Update] => C:\Users\Aasir\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2013-10-13] (Facebook Inc.)
HKU\Aasir\...\Run: [Steam] => C:\Program Files (x86)\Steam\Steam.exe [2895552 2015-07-23] (Valve Corporation)
HKU\Aasir\...\Run: [Spotify] => C:\Users\Aasir\AppData\Roaming\Spotify\Spotify.exe [6118400 2014-01-20] (Spotify Ltd)
HKU\Aasir\...\Run: [SurfEasy] => C:\Program Files (x86)\SurfEasy VPN\client\SurfEasyVPN.exe [5295800 2013-09-24] ()
HKU\Aasir\...\Run: [NextLive] => C:\Windows\SysWOW64\rundll32.exe "C:\Users\Aasir\AppData\Roaming\newnext.me\nengine.dll",EntryPoint -m l
HKU\Aasir\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-09-13] (Apple Inc.)
HKU\Aasir\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-09-15] (Apple Inc.)
HKU\Aasir\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [22012688 2015-06-20] (Google)
HKU\Aasir\...\Run: [GoogleChromeAutoLaunch_8E8FED5B853279EF7181421BDCB092A9] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [813896 2015-07-30] (Google Inc.)
HKU\Aasir\...\Run: [uTorrent] => C:\Users\Aasir\AppData\Roaming\uTorrent\uTorrent.exe [1693024 2015-08-03] (BitTorrent Inc.)
HKU\Aasir\...\RunOnce: [Application Restart #0] => C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE [720064 2015-03-18] (Microsoft Corporation)
HKU\Aasir\...\RunOnce: [Application Restart #1] => C:\Users\Aasir\AppData\Roaming\uTorrent\uTorrent.exe [1693024 2015-08-03] (BitTorrent Inc.)
HKU\Aasir\...\RunOnce: [Application Restart #2] => C:\Windows\SysWOW64\ctfmon.exe ctfmon.exe
HKU\Aasir\...\RunOnce: [Application Restart #3] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [813896 2015-07-30] (Google Inc.)
HKU\Aasir\...\RunOnce: [Application Restart #4] => C:\Program Files\Windows Media Player\wmpnscfg.exe [70656 2009-07-13] (Microsoft Corporation)
HKU\Aasir\...\RunOnce: [Application Restart #5] => C:\Program Files\Windows Media Player\wmpnscfg.exe [70656 2009-07-13] (Microsoft Corporation)
HKU\Aasir\...\RunOnce: [Application Restart #6] => C:\Program Files\Windows Media Player\wmpnscfg.exe [70656 2009-07-13] (Microsoft Corporation)
HKU\Aasir\...\Winlogon: [Shell] C:\Windows\explorer.exe [2871808 2011-07-12] (Microsoft Corporation) <==== ATTENTION
HKU\Aasir\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Bubbles.scr [899584 2010-11-20] (Microsoft Corporation)
HKU\TeeSupport\...\Run: [Spotify] => C:\Users\TeeSupport\AppData\Roaming\Spotify\Spotify.exe [4503448 2013-04-05] (Spotify Ltd)
HKU\TeeSupport\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-09-13] (Apple Inc.)
HKU\TeeSupport\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-09-15] (Apple Inc.)
Startup: C:\Users\Aasir\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk [2013-05-02]
ShortcutTarget: MyPC Backup.lnk -> C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe (No File)
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
S2 AdvancedSystemCareService5; C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe [497496 2011-12-29] (IObit)
S2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.)
S2 Atheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [146592 2011-04-29] (Atheros)
S2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3259304 2015-07-29] (AVG Technologies CZ, s.r.o.)
S2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [301896 2015-07-29] (AVG Technologies CZ, s.r.o.)
S2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe [206448 2014-01-01] (Kaspersky Lab ZAO)
S2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1394816 2015-05-01] (Microsoft Corporation)
S2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1772672 2015-05-01] (Microsoft Corporation)
S2 McciCMService64; C:\Program Files\Common Files\Motive\McciCMService.exe [517632 2011-03-23] (Alcatel-Lucent)
S2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-01] (Symantec Corporation)
S2 persdwmsrv; C:\Program Files (x86)\Winreview.ru\Personalization Panel DWM Controller\persdwmsrv.exe [7680 2011-05-28] (winreview.ru)
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [117264 2010-06-25] (CACE Technologies, Inc.)
S2 SampleCollector; C:\Program Files\Sony\VAIO Care\VCPerfService.exe [259192 2011-01-29] (Sony Corporation)
S2 SurfEasyVPN; C:\Program Files (x86)\SurfEasy VPN\client\SurfEasyService.exe [3186360 2013-09-24] ()
S2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe [2589496 2014-10-17] (AVG Technologies)
S2 uCamMonitor; C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [105024 2011-02-23] (ArcSoft, Inc.)
S2 VCFw; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [887000 2011-01-20] (Sony Corporation)
S3 VUAgent; C:\Program Files\Sony\VAIO Update 5\VUAgent.exe [1021112 2011-03-30] (Sony Corporation)
S4 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
S2 FontCache; %SystemRoot%\system32\FntCache.dll [X]
S2 Update lucky leap; "C:\Program Files (x86)\lucky leap\updateluckyleap.exe" [X]
S2 Util lucky leap; "C:\Program Files (x86)\lucky leap\bin\utilluckyleap.exe" [X]
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 ArcSoftKsUFilter; C:\Windows\System32\DRIVERS\ArcSoftKsUFilter.sys [19968 2009-05-26] (ArcSoft, Inc.)
S2 Aspi32; C:\Windows\SysWOW64\drivers\aspi32.sys [16877 2002-07-16] (Adaptec)
S1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [152344 2014-06-30] (AVG Technologies CZ, s.r.o.)
S1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [244504 2014-07-21] (AVG Technologies CZ, s.r.o.)
S0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [237536 2015-05-26] (AVG Technologies CZ, s.r.o.)
S1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [237848 2014-10-24] (AVG Technologies CZ, s.r.o.)
S0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [369120 2015-05-26] (AVG Technologies CZ, s.r.o.)
S0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [211936 2015-05-26] (AVG Technologies CZ, s.r.o.)
S0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-17] (AVG Technologies CZ, s.r.o.)
S1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [276960 2015-05-18] (AVG Technologies CZ, s.r.o.)
S1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2012-03-19] (DT Soft Ltd)
S1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [498512 2015-07-29] (Symantec Corporation)
S3 HP8107Fltr; C:\Windows\System32\DRIVERS\HP8107.sys [13824 2010-02-04] (Windows ® Win 7 DDK provider)
S0 KL1; C:\Windows\System32\DRIVERS\kl1.sys [460888 2011-03-04] (Kaspersky Lab ZAO)
S1 kl2; C:\Windows\System32\DRIVERS\kl2.sys [11864 2011-03-04] (Kaspersky Lab ZAO)
S1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [637272 2014-01-02] (Kaspersky Lab)
S1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [29488 2011-03-10] (Kaspersky Lab ZAO)
S3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [22544 2009-11-02] (Kaspersky Lab)
S3 MREMP50; C:\Program Files (x86)\Common Files\Motive\MREMP50.sys [21248 2011-05-26] (Printing Communications Assoc., Inc. (PCAUSA))
S3 MRESP50; C:\Program Files (x86)\Common Files\Motive\MRESP50.sys [20096 2011-05-26] (Printing Communications Assoc., Inc. (PCAUSA))
S3 NPF; C:\Windows\System32\drivers\npf.sys [35344 2010-06-25] (CACE Technologies, Inc.)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [27520 2007-05-14] (Research In Motion Limited)
S3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [31744 2009-01-09] (Research in Motion Ltd)
S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2013-04-24] (Anchorfree Inc.)
S3 tapse01; C:\Windows\System32\DRIVERS\tapse01.sys [39608 2013-09-24] (The OpenVPN Project)
S3 TuneUpUtilitiesDrv; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys [14112 2014-09-08] (TuneUp Software)
S3 MREMP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS [X]
S3 MREMPR5; \??\C:\PROGRA~2\COMMON~1\Motive\MREMPR5.SYS [X]
S3 MRENDIS5; \??\C:\PROGRA~2\COMMON~1\Motive\MRENDIS5.SYS [X]
S3 MRESP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-08-14 21:43 - 2015-08-14 21:43 - 00000000 ____D C:\FRST
2015-08-12 10:19 - 2015-07-30 09:57 - 01251328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-08-12 10:19 - 2015-07-30 09:57 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-08-12 10:19 - 2015-07-30 09:57 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2015-08-12 10:19 - 2015-07-30 09:55 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2015-08-12 10:19 - 2015-07-30 08:49 - 00299520 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-08-12 10:19 - 2015-07-16 11:51 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-08-12 10:19 - 2015-07-16 11:51 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-08-12 10:19 - 2015-07-16 11:43 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-08-12 10:19 - 2015-07-16 11:39 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-08-12 10:19 - 2015-07-16 11:38 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-08-12 10:19 - 2015-07-16 11:29 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-08-12 10:19 - 2015-07-16 11:24 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-08-12 10:19 - 2015-07-16 11:19 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-08-12 10:19 - 2015-07-16 11:17 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-08-12 10:19 - 2015-07-16 11:12 - 04520448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-08-12 10:19 - 2015-07-16 11:06 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-08-12 10:19 - 2015-07-16 11:06 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-08-12 10:19 - 2015-07-16 11:05 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-08-12 10:19 - 2015-07-16 10:37 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-08-12 10:19 - 2015-07-14 18:55 - 01390592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2015-08-12 10:19 - 2015-07-14 18:55 - 01241088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2015-08-12 10:19 - 2015-07-14 18:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
2015-08-12 10:19 - 2015-07-14 18:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2015-08-12 10:19 - 2015-07-09 09:42 - 00179712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
2015-08-12 10:18 - 2015-07-20 09:56 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-08-12 10:18 - 2015-07-20 09:56 - 00173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-08-12 10:18 - 2015-07-20 09:56 - 00093184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-08-12 10:18 - 2015-07-20 09:56 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-08-12 10:18 - 2015-07-20 09:56 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-08-12 10:18 - 2015-07-10 09:34 - 12875776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-08-11 10:31 - 2015-08-11 10:31 - 00000000 ____D C:\Users\Aasir\AppData\Local\{AB947A12-A90C-4FC8-893B-B7BA98E711DE}
2015-08-08 06:33 - 2015-08-08 06:33 - 00065514 _____ C:\Users\Aasir\Documents\Carrefour Survey Results.xlsx
2015-08-06 08:37 - 2015-08-06 08:37 - 00000000 ____D C:\Users\Aasir\AppData\Local\{661CB921-7F36-4F83-A116-40634188DB12}
2015-08-06 06:18 - 2015-08-06 06:18 - 00000000 ____D C:\Users\Aasir\AppData\Local\{7712FC7E-C632-4C9E-A17E-506283EFDEE1}
2015-08-03 10:59 - 2015-08-03 10:59 - 00000000 ____D C:\Users\Aasir\AppData\Local\CEF
2015-08-03 10:58 - 2015-08-03 10:58 - 00000000 ____D C:\Users\Aasir\AppData\Local\{155CA2C3-BF4E-439F-9C41-C6422C180E37}
2015-08-03 09:58 - 2015-08-03 09:58 - 00000000 __SHD C:\found.009
2015-07-28 07:29 - 2015-07-25 10:07 - 00017856 _____ (Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
2015-07-28 07:29 - 2015-07-25 10:04 - 00765440 _____ (Microsoft Corporation) C:\Windows\System32\invagent.dll
2015-07-28 07:29 - 2015-07-25 10:04 - 00726528 _____ (Microsoft Corporation) C:\Windows\System32\generaltel.dll
2015-07-28 07:29 - 2015-07-25 10:03 - 01085440 _____ (Microsoft Corporation) C:\Windows\System32\appraiser.dll
2015-07-28 07:29 - 2015-07-25 10:03 - 00433664 _____ (Microsoft Corporation) C:\Windows\System32\devinv.dll
2015-07-28 07:29 - 2015-07-25 10:03 - 00227328 _____ (Microsoft Corporation) C:\Windows\System32\aepdu.dll
2015-07-28 07:29 - 2015-07-25 10:03 - 00067584 _____ (Microsoft Corporation) C:\Windows\System32\acmigration.dll
2015-07-28 07:29 - 2015-07-25 09:55 - 01145856 _____ (Microsoft Corporation) C:\Windows\System32\aeinv.dll
2015-07-22 12:48 - 2015-07-22 12:48 - 00000000 ____D C:\Users\Aasir\AppData\Local\{404AD427-0543-46F5-96AB-81C24D53C686}
2015-07-22 11:14 - 2015-07-22 12:28 - 00000000 ____D C:\Users\Aasir\Desktop\New folder
2015-07-20 13:44 - 2015-07-14 19:19 - 00100864 _____ (Microsoft Corporation) C:\Windows\System32\fontsub.dll
2015-07-20 13:44 - 2015-07-14 19:19 - 00046080 _____ (Adobe Systems) C:\Windows\System32\atmlib.dll
2015-07-20 13:44 - 2015-07-14 19:19 - 00014336 _____ (Microsoft Corporation) C:\Windows\System32\dciman32.dll
2015-07-20 13:44 - 2015-07-14 18:55 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2015-07-20 13:44 - 2015-07-14 17:59 - 00372224 _____ (Adobe Systems Incorporated) C:\Windows\System32\atmfd.dll
2015-07-18 17:17 - 2015-07-18 17:17 - 00000000 ____D C:\Users\Aasir\AppData\Local\{4B295D45-A343-4618-94D0-A103DEEB210D}
2015-07-18 16:29 - 2015-07-18 16:52 - 00000000 ____D C:\Users\Aasir\Downloads\Mad Max Fury Road 1080p WEBRiP - BLiTZCRiEG
2015-07-17 18:26 - 2015-07-18 17:44 - 00000000 ____D C:\Users\Aasir\Downloads\The Maze Runner (2014) [1080p]
2015-07-17 18:26 - 2015-07-17 18:38 - 00000000 ____D C:\Users\Aasir\Downloads\Meek Mill - Dreams Worth More Than Money (Explicit) 2015 {MP3 Album}~{VBUc}
2015-07-17 18:12 - 2015-07-18 17:45 - 00000000 ____D C:\Users\Aasir\Downloads\Ted 2 2015 UNCENSORED 1080p HC HDRip x264 AAC-JYK
2015-07-17 18:07 - 2015-07-17 18:10 - 00000000 ____D C:\Users\Aasir\Downloads\Hacking Wireless Networks For Dummies
2015-07-17 17:59 - 2015-07-17 18:03 - 00000000 ____D C:\Users\Aasir\AppData\Local\ERW
2015-07-17 17:59 - 2015-07-17 17:59 - 00001210 _____ C:\Users\Public\Desktop\ePub Reader for Windows.lnk
2015-07-17 17:59 - 2015-07-17 17:59 - 00000000 ____D C:\Program Files (x86)\ePub Reader for Windows
2015-07-17 17:57 - 2015-07-17 17:57 - 01115709 _____ (HANSoft, Inc. ) C:\Users\Aasir\Downloads\ERWsetup.exe
2015-07-17 17:55 - 2015-07-17 18:01 - 00000000 ____D C:\Users\Aasir\Downloads\Great Gatsby, The
2015-07-17 13:57 - 2015-07-17 13:57 - 00001476 _____ C:\Users\Public\Desktop\Norton Security Scan.LNK
2015-07-17 13:57 - 2015-07-17 13:57 - 00000000 ____D C:\Windows\System32\Drivers\NSSx64
2015-07-17 13:57 - 2015-07-17 13:57 - 00000000 ____D C:\Program Files (x86)\Norton Security Scan
2015-07-16 10:17 - 2015-07-16 10:18 - 00000000 ____D C:\Users\Aasir\AppData\Local\{B413B079-6336-4F20-885B-8F0B2FF6406E}
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-08-14 20:44 - 2015-04-20 07:10 - 00000000 ___SD C:\Windows\System32\GWX
2015-08-14 20:44 - 2014-12-12 17:23 - 00000000 ____D C:\Windows\System32\appraiser
2015-08-14 20:44 - 2014-11-27 07:04 - 00000000 ___RD C:\Users\Aasir\Google Drive
2015-08-14 20:44 - 2014-09-05 11:21 - 00000000 ____D C:\ProgramData\MFAData
2015-08-14 20:44 - 2014-09-05 10:06 - 00000000 ___SD C:\Windows\System32\CompatTel
2015-08-14 20:44 - 2013-08-16 07:10 - 00000000 ____D C:\Program Files (x86)\Steam
2015-08-14 20:44 - 2013-03-28 16:13 - 00000000 ____D C:\Users\Aasir\AppData\Roaming\uTorrent
2015-08-14 20:44 - 2013-03-14 14:10 - 00000000 ____D C:\Windows\System32\Macromed
2015-08-14 20:44 - 2012-05-22 03:56 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-08-14 20:44 - 2012-05-22 03:56 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2015-08-14 20:44 - 2012-03-17 05:57 - 00000000 ____D C:\ProgramData\Norton
2015-08-14 20:44 - 2011-12-04 19:26 - 00000000 ____D C:\users\Aasir
2015-08-14 20:44 - 2011-08-13 07:00 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2015-08-14 20:44 - 2011-08-13 06:58 - 00000000 ____D C:\ProgramData\Sony Corporation
2015-08-14 20:44 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\NDF
2015-08-14 20:44 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2015-08-14 05:15 - 2011-08-13 06:35 - 01718191 _____ C:\Windows\WindowsUpdate.log
2015-08-14 05:13 - 2013-02-08 05:33 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-08-14 05:12 - 2013-03-14 14:10 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-08-14 05:11 - 2014-09-07 05:28 - 00118959 _____ C:\Windows\setupact.log
2015-08-14 05:11 - 2012-08-19 07:43 - 00000906 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3875845209-2866507240-2612726953-1000Core.job
2015-08-14 05:10 - 2012-08-19 07:43 - 00000928 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3875845209-2866507240-2612726953-1000UA.job
2015-08-14 05:10 - 2011-12-05 08:27 - 00000908 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3875845209-2866507240-2612726953-1000UA.job
2015-08-14 05:10 - 2011-12-05 08:27 - 00000856 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3875845209-2866507240-2612726953-1000Core.job
2015-08-13 18:40 - 2009-07-13 20:45 - 00022816 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-08-13 18:40 - 2009-07-13 20:45 - 00022816 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-08-13 16:35 - 2013-02-08 05:33 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-08-13 09:10 - 2011-12-05 08:27 - 00003934 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{0A6A98C4-FF93-4DD8-82C9-58DC4163C356}
2015-08-13 09:05 - 2013-12-08 09:50 - 00000366 _____ C:\Windows\Tasks\AmiUpdXp.job
2015-08-13 05:16 - 2011-12-09 01:19 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-08-13 04:46 - 2009-07-13 18:34 - 00000478 _____ C:\Windows\win.ini
2015-08-13 04:37 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\tracing
2015-08-12 17:00 - 2013-04-06 19:16 - 00000452 ____H C:\Windows\Tasks\Norton Security Scan for TeeSupport.job
2015-08-12 16:59 - 2012-04-15 08:30 - 00000452 ____H C:\Windows\Tasks\Norton Security Scan for Aasir.job
2015-08-12 16:56 - 2013-02-11 09:29 - 00000000 ____D C:\Users\Aasir\Documents\Bluetooth Folder
2015-08-12 11:44 - 2013-03-14 14:10 - 00778440 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-08-12 11:44 - 2013-03-14 14:10 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-08-12 11:44 - 2013-03-14 14:10 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-08-12 09:43 - 2013-02-08 05:34 - 00002202 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-08-12 04:47 - 2012-03-24 14:44 - 00000292 _____ C:\Windows\Tasks\DLL-files.com Fixer_UPDATES.job
2015-08-11 10:35 - 2012-08-29 10:55 - 00000000 ____D C:\Users\Aasir\AppData\Roaming\Spotify
2015-08-11 10:32 - 2013-04-05 11:25 - 00000000 ____D C:\users\TeeSupport
2015-08-11 10:32 - 2009-07-13 21:13 - 00816250 _____ C:\Windows\System32\PerfStringBackup.INI
2015-08-11 10:31 - 2013-01-20 09:43 - 00000000 ____D C:\Users\Aasir\Tracing
2015-08-11 10:30 - 2014-01-01 10:04 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2015-08-11 10:27 - 2013-03-24 17:19 - 00000320 _____ C:\Windows\Tasks\iuwtrew.job
2015-08-11 10:27 - 2012-08-07 14:15 - 00065536 _____ C:\Windows\System32\Ikeext.etl
2015-08-11 10:27 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-08-11 10:17 - 2012-06-14 01:57 - 00000000 ____D C:\Users\Aasir\AppData\Roaming\Skype
2015-08-09 06:57 - 2013-03-06 14:40 - 00000000 ____D C:\Users\Aasir\AppData\Local\CrashDumps
2015-08-08 05:05 - 2014-11-21 09:53 - 00000984 _____ C:\Users\Public\Desktop\AVG 2014.lnk
2015-08-06 08:33 - 2014-09-07 05:28 - 00094972 _____ C:\Windows\PFRO.log
2015-08-06 06:15 - 2015-04-08 14:07 - 00001329 _____ C:\Users\Aasir\Desktop\Norton Installation Files.lnk
2015-08-03 10:56 - 2011-12-05 08:39 - 00000000 ____D C:\temp
2015-07-22 14:11 - 2012-01-10 07:07 - 00000023 _____ C:\test.xml
2015-07-22 12:41 - 2009-07-13 20:45 - 00440128 _____ C:\Windows\System32\FNTCACHE.DAT
2015-07-19 16:17 - 2014-09-05 10:44 - 00000000 ____D C:\Users\Aasir\AppData\Local\Windows Live
2015-07-19 16:14 - 2013-04-18 07:56 - 00000000 ____D C:\Users\Aasir\AppData\Roaming\vlc
2015-07-17 14:07 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache
2015-07-17 13:57 - 2012-04-15 08:30 - 00003614 _____ C:\Windows\System32\Tasks\Norton Security Scan for Aasir
2015-07-16 15:06 - 2014-11-26 09:55 - 00002061 _____ C:\Users\Public\Desktop\Google Slides.lnk
2015-07-16 15:06 - 2014-11-26 09:55 - 00002059 _____ C:\Users\Public\Desktop\Google Sheets.lnk
2015-07-16 15:06 - 2014-11-26 09:55 - 00002049 _____ C:\Users\Public\Desktop\Google Docs.lnk
2015-07-15 16:31 - 2013-02-08 05:33 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-07-15 16:31 - 2013-02-08 05:33 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
 
Some files in TEMP:
====================
C:\Users\Aasir\AppData\Local\Temp\htmlayout.dll
C:\Users\Aasir\AppData\Local\Temp\MouseKeyboardCenterx64_1033.exe
C:\Users\Aasir\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Aasir\AppData\Local\Temp\uninstall6923230.exe
C:\Users\Aasir\AppData\Local\Temp\uninstall6941748.exe
C:\Users\Aasir\AppData\Local\Temp\utt5DD9.tmp.exe
C:\Users\Aasir\AppData\Local\Temp\utt8670.tmp.exe
 
==================== Known DLLs (Whitelisted) =========================
 
C:\Windows\System32\IERTUTIL.dll IS MISSING <==== ATTENTION
C:\Windows\System32\LPK.dll IS MISSING <==== ATTENTION
C:\Windows\System32\SHELL32.dll IS MISSING <==== ATTENTION
C:\Windows\System32\URLMON.dll IS MISSING <==== ATTENTION
C:\Windows\System32\WININET.dll IS MISSING <==== ATTENTION
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\dnsapi.dll => MD5 is legit
C:\Windows\SysWOW64\dnsapi.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
==================== Restore Points =========================
 
Restore point made on: 2015-07-28 17:01:18
Restore point made on: 2015-08-08 14:10:10
Restore point made on: 2015-08-13 04:36:26
Restore point made on: 2015-08-13 17:05:32
 
==================== Memory info =========================== 
 
Percentage of memory in use: 18%
Total physical RAM: 4043.86 MB
Available physical RAM: 3286.17 MB
Total Virtual: 4042.01 MB
Available Virtual: 3285.07 MB
 
==================== Drives ================================
 
Drive c: (AASIRS LOCAL DISK!!) (Fixed) (Total:286.04 GB) (Free:127.39 GB) NTFS
Drive e: (Recovery) (Fixed) (Total:11.95 GB) (Free:0.82 GB) NTFS ==>[system with boot components (obtained from reading drive)]
Drive f: (Oxford IB Economics) (CDROM) (Total:0.2 GB) (Free:0 GB) UDF
Drive g: (AHMED OSMAN) (Removable) (Total:3.92 GB) (Free:3.92 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[system with boot components (obtained from reading drive)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: D5F9D4F6)
Partition 1: (Not Active) - (Size=11.9 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=286 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (Size: 3.9 GB) (Disk ID: 2476153F)
Partition 1: (Not Active) - (Size=3.9 GB) - (Type=0B)
 
 
LastRegBack: 2015-08-07 11:47
 
==================== End of log ============================


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,958 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:54 AM

Posted 15 August 2015 - 09:15 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.


start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

HKLM-x32\...\Run: [BabylonToolbar] => C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.4.19.19\BabylonToolbarsrv.exe [286720 2010-11-07] (Babylon Ltd.)
HKLM-x32\...\Run: [SweetIM] => C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe [114992 2012-02-16] (SweetIM Technologies Ltd.)
HKLM-x32\...\Run: [Sweetpacks Communicator] => C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe [295728 2012-02-26] (SweetIM Technologies Ltd.)
HKLM-x32\...\Run: [mobilegeni daemon] => C:\Program Files (x86)\Mobogenie\DaemonProcess.exe
HKLM\...26dfa299cadb\InprocServer32: [Authentication UI Logon UI] authuitu.dll <==== ATTENTION
HKU\Aasir\...\Run: [Optimizer Pro] => C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe [81952 2012-10-30] (PC Utilities Pro)
HKU\Aasir\...\Run: [NextLive] => C:\Windows\SysWOW64\rundll32.exe "C:\Users\Aasir\AppData\Roaming\newnext.me\nengine.dll",EntryPoint -m l
HKU\Aasir\...\Winlogon: [Shell] C:\Windows\explorer.exe [2871808 2011-07-12] (Microsoft Corporation) <==== ATTENTION
Startup: C:\Users\Aasir\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk [2013-05-02]
ShortcutTarget: MyPC Backup.lnk -> C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe (No File)
S2 FontCache; %SystemRoot%\system32\FntCache.dll [X]
S2 Update lucky leap; "C:\Program Files (x86)\lucky leap\updateluckyleap.exe" [X]
S2 Util lucky leap; "C:\Program Files (x86)\lucky leap\bin\utilluckyleap.exe" [X]
S3 MREMP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS [X]
S3 MREMPR5; \??\C:\PROGRA~2\COMMON~1\Motive\MREMPR5.SYS [X]
S3 MRENDIS5; \??\C:\PROGRA~2\COMMON~1\Motive\MRENDIS5.SYS [X]
S3 MRESP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS [X]

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
===

p.s.
If you are unable to create the Fixlist.txt with Notepad download the file I have attached.
Save the file in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry

How is the computer running now?

#3 Aasir42

Aasir42
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  

Posted 15 August 2015 - 05:13 PM

thank u so much for your help

 

ive pasted the fixlist.txt you gave me above and clicked fix and the same BSOD happens... but heres the fixlog>>>

 

 

Fix result of Farbar Recovery Scan Tool (x64) Version:14-08-2015 01
Ran by SYSTEM (2015-08-15 23:21:58) Run:3
Running from g:\
Boot Mode: Recovery
==============================================
 
fixlist content:
*****************
start
 
CreateRestorePoint:
EmptyTemp:
CloseProcesses:
 
HKLM-x32\...\Run: [BabylonToolbar] => C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.4.19.19\BabylonToolbarsrv.exe [286720 2010-11-07] (Babylon Ltd.)
HKLM-x32\...\Run: [SweetIM] => C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe [114992 2012-02-16] (SweetIM Technologies Ltd.)
HKLM-x32\...\Run: [Sweetpacks Communicator] => C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe [295728 2012-02-26] (SweetIM Technologies Ltd.)
HKLM-x32\...\Run: [mobilegeni daemon] => C:\Program Files (x86)\Mobogenie\DaemonProcess.exe
HKLM\...26dfa299cadb\InprocServer32: [Authentication UI Logon UI] authuitu.dll <==== ATTENTION
HKU\Aasir\...\Run: [Optimizer Pro] => C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe [81952 2012-10-30] (PC Utilities Pro)
HKU\Aasir\...\Run: [NextLive] => C:\Windows\SysWOW64\rundll32.exe "C:\Users\Aasir\AppData\Roaming\newnext.me\nengine.dll",EntryPoint -m l
HKU\Aasir\...\Winlogon: [Shell] C:\Windows\explorer.exe [2871808 2011-07-12] (Microsoft Corporation) <==== ATTENTION
Startup: C:\Users\Aasir\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk [2013-05-02]
ShortcutTarget: MyPC Backup.lnk -> C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe (No File)
S2 FontCache; %SystemRoot%\system32\FntCache.dll [X]
S2 Update lucky leap; "C:\Program Files (x86)\lucky leap\updateluckyleap.exe" [X]
S2 Util lucky leap; "C:\Program Files (x86)\lucky leap\bin\utilluckyleap.exe" [X]
S3 MREMP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS [X]
S3 MREMPR5; \??\C:\PROGRA~2\COMMON~1\Motive\MREMPR5.SYS [X]
S3 MRENDIS5; \??\C:\PROGRA~2\COMMON~1\Motive\MRENDIS5.SYS [X]
S3 MRESP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS [X]
 
End
*****************
 
Error: Restore point can only be created in normal mode.
EmptyTemp: => Error: This directive works only outside recovery mode.
CloseProcesses: => Error: This directive works only outside recovery mode.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\BabylonToolbar => value not found.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\SweetIM => value not found.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\Sweetpacks Communicator => value not found.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\mobilegeni daemon => value not found.
HKLM\Software\Classes\CLSID\{7986d495-ce42-4926-8afc-26dfa299cadb}\InprocServer32\\Default => value restored successfully
HKU\Aasir\Software\Microsoft\Windows\CurrentVersion\Run\\Optimizer Pro => value not found.
HKU\Aasir\Software\Microsoft\Windows\CurrentVersion\Run\\NextLive => value not found.
HKU\Aasir\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => value not found.
C:\Users\Aasir\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk not found.
C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe not found.
FontCache => service not found.
Update lucky leap => service not found.
Util lucky leap => service not found.
MREMP50a64 => service not found.
MREMPR5 => service not found.
MRENDIS5 => service not found.
MRESP50a64 => service not found.
 
==== End of Fixlog 23:22:00 ====

Edited by Aasir42, 15 August 2015 - 05:24 PM.


#4 nasdaq

nasdaq

  • Malware Response Team
  • 38,958 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:54 AM

Posted 16 August 2015 - 08:00 AM

The fix will not work from the Recovery Console.

Restore system files
http://windows.microsoft.com/en-ca/windows7/restore-system-files-and-settings

Follow the instructions on this page.

Restart the computer normally if not already in that mode.
If successful please run the Farbar tool and Post a fresh FRST log for my review.

#5 Aasir42

Aasir42
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  

Posted 16 August 2015 - 09:31 AM

i ran the system restore and it failed for some reason saying my files and settings were not changed but i restarted my computer and it works now 

 

should i run AdwCleaner?



#6 nasdaq

nasdaq

  • Malware Response Team
  • 38,958 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:54 AM

Posted 16 August 2015 - 09:40 AM

Yes and please run the Farbar tool and post a fresh FRST log.

#7 Aasir42

Aasir42
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  

Posted 16 August 2015 - 09:42 AM

heres the FRST log for review but once again, the system restore did not run successfully but my computer starts normally now, >>>>

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:14-08-2015 01
Ran by SYSTEM on MININT-0P59M9Q (16-08-2015 16:38:19)
Running from g:\
Platform: Windows 7 Home Basic (X64) Language: English (United States)
Internet Explorer Version 11
Boot Mode: Recovery
 
Default: ControlSet001
ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [518784 2011-03-08] (Conexant Systems, Inc.)
HKLM\...\Run: [AtherosBtStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [790688 2011-04-29] (Atheros Commnucations)
HKLM\...\Run: [AthBtTray] => C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe [657568 2011-04-29] (Atheros Commnucations)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2284328 2011-02-14] (Synaptics Incorporated)
HKLM\...\Run: [btbb_McciTrayApp] => C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe [3457424 2011-05-26] (Alcatel-Lucent)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-02-12] (Apple Inc.)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [283160 2010-11-05] (Intel Corporation)
HKLM-x32\...\Run: [ISBMgr.exe] => C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe [2757312 2011-02-15] (Sony Corporation)
HKLM-x32\...\Run: [Norton Online Backup] => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [1155928 2010-06-01] (Symantec Corporation)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [PWRISOVM.EXE] => C:\Program Files (x86)\PowerISO\PWRISOVM.EXE [312376 2012-02-08] (Power Software Ltd)
HKLM-x32\...\Run: [BabylonToolbar] => C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.4.19.19\BabylonToolbarsrv.exe [286720 2010-11-07] (Babylon Ltd.)
HKLM-x32\...\Run: [UnlockerAssistant] => "C:\Program Files (x86)\Unlocker\unlockerassistant.exe"
HKLM-x32\...\Run: [SweetIM] => C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe [114992 2012-02-16] (SweetIM Technologies Ltd.)
HKLM-x32\...\Run: [Sweetpacks Communicator] => C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe [295728 2012-02-26] (SweetIM Technologies Ltd.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-02-12] (Apple Inc.)
HKLM-x32\...\Run: [mobilegeni daemon] => C:\Program Files (x86)\Mobogenie\DaemonProcess.exe
HKLM-x32\...\Run: [AVP] => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe [206448 2014-01-01] (Kaspersky Lab ZAO)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2014\avgui.exe [5212072 2015-07-29] (AVG Technologies CZ, s.r.o.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\klogon: C:\Windows\System32\klogon.dll (Kaspersky Lab ZAO)
HKLM\...26dfa299cadb\InprocServer32: [Authentication UI Logon UI] authuitu.dll <==== ATTENTION
HKU\Aasir\...\Run: [Elbserver] => C:\Program Files (x86)\Sony\Media Gallery\ElbServer.exe [83344 2011-04-02] (Sony Corporation)
HKU\Aasir\...\Run: [msnmsgr] => C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe [4240760 2010-11-10] (Microsoft Corporation)
HKU\Aasir\...\Run: [Advanced SystemCare 5] => C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe [620376 2011-12-29] (IObit)
HKU\Aasir\...\Run: [DAEMON Tools Lite] => "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
HKU\Aasir\...\Run: [VRLPHelper] => C:\Program Files (x86)\Sony\Media Gallery\VRLPHelper.exe [186768 2011-04-02] (Sony Corporation)
HKU\Aasir\...\Run: [OfficeSyncProcess] => C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE [720064 2015-03-18] (Microsoft Corporation)
HKU\Aasir\...\Run: [Spotify Web Helper] => C:\Users\Aasir\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1171968 2014-01-20] (Spotify Ltd)
HKU\Aasir\...\Run: [Optimizer Pro] => C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe [81952 2012-10-30] (PC Utilities Pro)
HKU\Aasir\...\Run: [Facebook Update] => C:\Users\Aasir\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2013-10-13] (Facebook Inc.)
HKU\Aasir\...\Run: [Steam] => C:\Program Files (x86)\Steam\Steam.exe [2895552 2015-07-23] (Valve Corporation)
HKU\Aasir\...\Run: [Spotify] => C:\Users\Aasir\AppData\Roaming\Spotify\Spotify.exe [6118400 2014-01-20] (Spotify Ltd)
HKU\Aasir\...\Run: [SurfEasy] => C:\Program Files (x86)\SurfEasy VPN\client\SurfEasyVPN.exe [5295800 2013-09-24] ()
HKU\Aasir\...\Run: [NextLive] => C:\Windows\SysWOW64\rundll32.exe "C:\Users\Aasir\AppData\Roaming\newnext.me\nengine.dll",EntryPoint -m l
HKU\Aasir\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-09-13] (Apple Inc.)
HKU\Aasir\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-09-15] (Apple Inc.)
HKU\Aasir\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [22012688 2015-06-20] (Google)
HKU\Aasir\...\Run: [GoogleChromeAutoLaunch_8E8FED5B853279EF7181421BDCB092A9] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [813896 2015-08-07] (Google Inc.)
HKU\Aasir\...\Run: [uTorrent] => C:\Users\Aasir\AppData\Roaming\uTorrent\uTorrent.exe [1693024 2015-08-03] (BitTorrent Inc.)
HKU\Aasir\...\Winlogon: [Shell] C:\Windows\explorer.exe [2871808 2011-07-12] (Microsoft Corporation) <==== ATTENTION
HKU\Aasir\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Bubbles.scr [899584 2010-11-20] (Microsoft Corporation)
HKU\TeeSupport\...\Run: [Spotify] => C:\Users\TeeSupport\AppData\Roaming\Spotify\Spotify.exe [4503448 2013-04-05] (Spotify Ltd)
HKU\TeeSupport\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-09-13] (Apple Inc.)
HKU\TeeSupport\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-09-15] (Apple Inc.)
Startup: C:\Users\Aasir\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk [2013-05-02]
ShortcutTarget: MyPC Backup.lnk -> C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe (No File)
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
S2 AdvancedSystemCareService5; C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe [497496 2011-12-29] (IObit)
S2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.)
S2 Atheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [146592 2011-04-29] (Atheros)
S2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3259304 2015-07-29] (AVG Technologies CZ, s.r.o.)
S2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [301896 2015-07-29] (AVG Technologies CZ, s.r.o.)
S2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe [206448 2014-01-01] (Kaspersky Lab ZAO)
S2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1394816 2015-05-01] (Microsoft Corporation)
S2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1772672 2015-05-01] (Microsoft Corporation)
S2 McciCMService64; C:\Program Files\Common Files\Motive\McciCMService.exe [517632 2011-03-23] (Alcatel-Lucent)
S2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-01] (Symantec Corporation)
S2 persdwmsrv; C:\Program Files (x86)\Winreview.ru\Personalization Panel DWM Controller\persdwmsrv.exe [7680 2011-05-28] (winreview.ru)
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [117264 2010-06-25] (CACE Technologies, Inc.)
S2 SampleCollector; C:\Program Files\Sony\VAIO Care\VCPerfService.exe [259192 2011-01-29] (Sony Corporation)
S2 SurfEasyVPN; C:\Program Files (x86)\SurfEasy VPN\client\SurfEasyService.exe [3186360 2013-09-24] ()
S2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe [2589496 2014-10-17] (AVG Technologies)
S2 uCamMonitor; C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [105024 2011-02-23] (ArcSoft, Inc.)
S2 VCFw; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [887000 2011-01-20] (Sony Corporation)
S3 VUAgent; C:\Program Files\Sony\VAIO Update 5\VUAgent.exe [1021112 2011-03-30] (Sony Corporation)
S4 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
S2 Update lucky leap; "C:\Program Files (x86)\lucky leap\updateluckyleap.exe" [X]
S2 Util lucky leap; "C:\Program Files (x86)\lucky leap\bin\utilluckyleap.exe" [X]
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 ArcSoftKsUFilter; C:\Windows\System32\DRIVERS\ArcSoftKsUFilter.sys [19968 2009-05-26] (ArcSoft, Inc.)
S2 Aspi32; C:\Windows\SysWOW64\drivers\aspi32.sys [16877 2002-07-16] (Adaptec)
S1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [152344 2014-06-30] (AVG Technologies CZ, s.r.o.)
S1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [244504 2014-07-21] (AVG Technologies CZ, s.r.o.)
S0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [237536 2015-05-26] (AVG Technologies CZ, s.r.o.)
S1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [237848 2014-10-24] (AVG Technologies CZ, s.r.o.)
S0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [369120 2015-05-26] (AVG Technologies CZ, s.r.o.)
S0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [211936 2015-05-26] (AVG Technologies CZ, s.r.o.)
S0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-17] (AVG Technologies CZ, s.r.o.)
S1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [276960 2015-05-18] (AVG Technologies CZ, s.r.o.)
S1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2012-03-19] (DT Soft Ltd)
S1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [498512 2015-07-29] (Symantec Corporation)
S3 HP8107Fltr; C:\Windows\System32\DRIVERS\HP8107.sys [13824 2010-02-04] (Windows ® Win 7 DDK provider)
S0 KL1; C:\Windows\System32\DRIVERS\kl1.sys [460888 2011-03-04] (Kaspersky Lab ZAO)
S1 kl2; C:\Windows\System32\DRIVERS\kl2.sys [11864 2011-03-04] (Kaspersky Lab ZAO)
S1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [637272 2014-01-02] (Kaspersky Lab)
S1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [29488 2011-03-10] (Kaspersky Lab ZAO)
S3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [22544 2009-11-02] (Kaspersky Lab)
S3 MREMP50; C:\Program Files (x86)\Common Files\Motive\MREMP50.sys [21248 2011-05-26] (Printing Communications Assoc., Inc. (PCAUSA))
S3 MRESP50; C:\Program Files (x86)\Common Files\Motive\MRESP50.sys [20096 2011-05-26] (Printing Communications Assoc., Inc. (PCAUSA))
S3 NPF; C:\Windows\System32\drivers\npf.sys [35344 2010-06-25] (CACE Technologies, Inc.)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [27520 2007-05-14] (Research In Motion Limited)
S3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [31744 2009-01-09] (Research in Motion Ltd)
S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2013-04-24] (Anchorfree Inc.)
S3 tapse01; C:\Windows\System32\DRIVERS\tapse01.sys [39608 2013-09-24] (The OpenVPN Project)
S3 TuneUpUtilitiesDrv; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys [14112 2014-09-08] (TuneUp Software)
S3 MREMP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS [X]
S3 MREMPR5; \??\C:\PROGRA~2\COMMON~1\Motive\MREMPR5.SYS [X]
S3 MRENDIS5; \??\C:\PROGRA~2\COMMON~1\Motive\MRENDIS5.SYS [X]
S3 MRESP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS [X]
 
========================== Drivers MD5 =======================
 
C:\Windows\system32\drivers\1394ohci.sys ==> MD5 is legit
C:\Windows\System32\drivers\ACPI.sys ==> MD5 is legit
C:\Windows\system32\drivers\acpipmi.sys ==> MD5 is legit
C:\Windows\system32\drivers\adp94xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\adpahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\adpu320.sys ==> MD5 is legit
C:\Windows\system32\drivers\afd.sys FA886682CFC5D36718D3E436AACF10B9
C:\Windows\system32\drivers\agp440.sys ==> MD5 is legit
C:\Windows\system32\drivers\aliide.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdide.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdk8.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdppm.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdsata.sys D4121AE6D0C0E7E13AA221AA57EF2D49
C:\Windows\system32\drivers\amdsbs.sys ==> MD5 is legit
C:\Windows\System32\drivers\amdxata.sys 540DAF1CEA6094886D72126FD7C33048
C:\Windows\system32\drivers\appid.sys 90C53BD47979FB8814F465A08B885102
C:\Windows\system32\drivers\arc.sys ==> MD5 is legit
C:\Windows\system32\drivers\arcsas.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ArcSoftKsUFilter.sys C130BC4A51B1382B2BE8E44579EC4C0A
C:\Windows\SysWOW64\drivers\aspi32.sys 5B01AF89D16D562825C4DB4530F20CBB
C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit
C:\Windows\system32\drivers\atapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\btath_flt.sys 50F257E19554421B6891E3F998EDCA90
C:\Windows\System32\DRIVERS\athrx.sys E8E1AE3CAA4C7286D40715336D8A11D4
C:\Windows\System32\DRIVERS\avgdiska.sys CDE60914D4ED81291F0CCFDB2CA311B9
C:\Windows\System32\DRIVERS\avgidsdrivera.sys E7E1A0AB30587BF3734A2EC66BBCE743
C:\Windows\System32\DRIVERS\avgidsha.sys 6805C3630FD401721200A9198553F09E
C:\Windows\System32\DRIVERS\avgldx64.sys 5980222218A0773E2994E524E5BA2464
C:\Windows\System32\DRIVERS\avgloga.sys C16CBC8EF6D8CC426F6C18D450A016A7
C:\Windows\System32\DRIVERS\avgmfx64.sys 3BEAEEFEFF30C99EA22D0F3942291433
C:\Windows\System32\DRIVERS\avgrkx64.sys C4F9056928B26BCAF15872E46B29184F
C:\Windows\System32\DRIVERS\avgtdia.sys 0D9C55812B8F8FD8F073AC6C1AF2DFE6
C:\Windows\system32\drivers\bxvbda.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\b57nd60a.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Beep.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\blbdrive.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bowser.sys ==> MD5 is legit
C:\Windows\system32\drivers\BrFiltLo.sys ==> MD5 is legit
C:\Windows\system32\drivers\BrFiltUp.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legit
C:\Windows\System32\drivers\btath_a2dp.sys B3BCD755FA9A359D10208CC9F09847CC
C:\Windows\System32\drivers\btath_avdt.sys 9BBBA9D6DBDEFC8A6542BC7A6EBAF710
C:\Windows\System32\DRIVERS\btath_bus.sys D838DD1BCB328EFCFAD7A52DE9E3CAFD
C:\Windows\System32\DRIVERS\btath_hcrp.sys A441B800E04CF8443FAF519207563ABB
C:\Windows\System32\DRIVERS\btath_lwflt.sys B16F8429A35BBA2A8EF9DB2E08675B97
C:\Windows\System32\DRIVERS\btath_rcp.sys C24231C6BDFE21735930084A22089AAB
C:\Windows\System32\DRIVERS\btfilter.sys 3632FA4C6B3CE9EC827690DEAC266D8C
C:\Windows\system32\drivers\BthEnum.sys CF98190A94F62E405C8CB255018B2315
C:\Windows\System32\DRIVERS\bthmodem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bthpan.sys 02DD601B708DD0667E1331FA8518E9FF
C:\Windows\System32\Drivers\BTHport.sys 738D0E9272F59EB7A1449C3EC118E6C4
C:\Windows\System32\Drivers\BTHUSB.sys F188B7394D81010767B6DF3178519A37
C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdrom.sys ==> MD5 is legit
C:\Windows\system32\drivers\circlass.sys ==> MD5 is legit
C:\Windows\System32\CLFS.sys 404B7DF9CA4D1CB675045AF220FF3285
C:\Windows\System32\DRIVERS\CmBatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\cmdide.sys ==> MD5 is legit
C:\Windows\System32\Drivers\cng.sys 27667A788130A7F7A5858DE27572E6D7
C:\Windows\System32\drivers\CHDRT64.sys 1F394DF3714ED4280047810790E6DF69
C:\Windows\System32\DRIVERS\compbatt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\CompositeBus.sys ==> MD5 is legit
C:\Windows\system32\drivers\crcdisk.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\dc3d.sys D06E443457FADC6B1AFAF3AA4B6936F6
C:\Windows\System32\Drivers\dfsc.sys ==> MD5 is legit
C:\Windows\System32\drivers\discache.sys ==> MD5 is legit
C:\Windows\System32\drivers\disk.sys ==> MD5 is legit
C:\Windows\system32\drivers\drmkaud.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\dtsoftbus01.sys 46571ED73AE84469DCA53081D33CF3C8
C:\Windows\System32\drivers\dxgkrnl.sys 87CE5C8965E101CCCED1F4675557E868
C:\Windows\System32\DRIVERS\e1y60x64.sys 50AD8FC1DC800FF36087994C8F7FDFF2
C:\Windows\system32\drivers\evbda.sys ==> MD5 is legit
C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys 93EA893A8C2C561648A559E48C723412
C:\Windows\system32\drivers\elxstor.sys ==> MD5 is legit
C:\Windows\system32\drivers\errdev.sys ==> MD5 is legit
C:\Windows\System32\Drivers\exfat.sys ==> MD5 is legit
C:\Windows\System32\Drivers\fastfat.sys ==> MD5 is legit
C:\Windows\system32\drivers\fdc.sys ==> MD5 is legit
C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legit
C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legit
C:\Windows\system32\drivers\flpydisk.sys ==> MD5 is legit
C:\Windows\System32\drivers\fltmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Fs_Rec.sys 6BD9295CC032DD3077C671FCCF579A7B
C:\Windows\System32\DRIVERS\fvevol.sys 8F6322049018354F45F05A2FD2D4E5E0
C:\Windows\system32\drivers\gagp30kx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\GEARAspiWDM.sys 8E98D21EE06192492A5671A6144D092F
C:\Windows\System32\DRIVERS\hamachi.sys 1E6438D4EA6E1174A3B3B1EDC4DE660B
C:\Windows\system32\drivers\hcw85cir.sys ==> MD5 is legit
C:\Windows\System32\drivers\HdAudio.sys 975761C778E33CD22498059B91E7373A
C:\Windows\System32\DRIVERS\HDAudBus.sys ==> MD5 is legit
C:\Windows\system32\drivers\HidBatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\hidbth.sys ==> MD5 is legit
C:\Windows\system32\drivers\hidir.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\hidusb.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\HP8107.sys 43A7573A319761ACF57A3825D8402D41
C:\Windows\system32\drivers\HpSAMD.sys ==> MD5 is legit
C:\Windows\System32\drivers\HTTP.sys F61634BEC53F73702A10DE69F6DCAF57
C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\i8042prt.sys ==> MD5 is legit
C:\Windows\System32\drivers\iaStor.sys D7921D5A870B11CC1ADAB198A519D50A
C:\Windows\system32\drivers\iaStorV.sys AAAF44DB3BD0B9D1FB6969B23ECC8366
C:\Windows\System32\DRIVERS\igdkmd64.sys EFE5A0AF39A8E179624117C521F1E012
C:\Windows\system32\drivers\iirsp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\IntcDAud.sys FC727061C0F47C8059E88E05D5C8E381
C:\Windows\system32\drivers\intelide.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\intelppm.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\IPMIDrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\ipnat.sys ==> MD5 is legit
C:\Windows\System32\drivers\irenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\isapnp.sys ==> MD5 is legit
C:\Windows\system32\drivers\msiscsi.sys 96BB922A0981BC7432C8CF52B5410FE6
C:\Windows\System32\DRIVERS\kbdclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\kbdhid.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\kl1.sys E656FE10D6D27794AFA08136685A69E8
C:\Windows\System32\DRIVERS\kl2.sys D865DD8B0448E3F963D68C04C532858F
C:\Windows\System32\DRIVERS\klif.sys 8490798365236B6C8E54DEDD27A42D07
C:\Windows\System32\DRIVERS\klim6.sys 89FB5A33D7171B6D84F5EB721D5055E1
C:\Windows\System32\DRIVERS\klmouflt.sys 9468D07E91BA136D82415F5DFC1FE168
C:\Windows\System32\Drivers\ksecdd.sys 67A1743377EBB5D9A370A8C2086CFDCC
C:\Windows\System32\Drivers\ksecpkg.sys 522A1595D5701800DD41B2D472F5AAED
C:\Windows\system32\drivers\ksthunk.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\L1C62x64.sys 95CA93FC12BE372BB952669F37FFF9C5
C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_fc.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_sas.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_sas2.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_scsi.sys ==> MD5 is legit
C:\Windows\system32\drivers\luafv.sys ==> MD5 is legit
C:\Windows\system32\drivers\megasas.sys ==> MD5 is legit
C:\Windows\system32\drivers\MegaSR.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\HECIx64.sys A6518DCC42F7A6E999BB3BEA8FD87567
C:\Windows\System32\drivers\modem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouhid.sys ==> MD5 is legit
C:\Windows\System32\drivers\mountmgr.sys 67050452C0118BAF2883928E6FCCFE47
C:\Windows\system32\drivers\mpio.sys ==> MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys ==> MD5 is legit
C:\Program Files (x86)\Common Files\Motive\MREMP50.sys 9BD4DCB5412921864A7AACDEDFBD1923
C:\Program Files (x86)\Common Files\Motive\MRESP50.sys 07C02C892E8E1A72D6BF35004F0E9C5E
C:\Windows\system32\drivers\mrxdav.sys AE3334958D8F631FF14A0AEB3D7EFB3A
C:\Windows\System32\DRIVERS\mrxsmb.sys B2081803D510DCE174992BA880EDCA70
C:\Windows\System32\DRIVERS\mrxsmb10.sys 552FA62B0EFECD22D8D52499324BCA4F
C:\Windows\System32\DRIVERS\mrxsmb20.sys 97687971F9CB30E2633DE0F1296B9F61
C:\Windows\system32\drivers\msahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\msdsm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Msfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legit
C:\Windows\System32\drivers\msisadrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legit
C:\Windows\System32\Drivers\MsRPC.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mssmbios.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legit
C:\Windows\system32\drivers\MTConfig.sys ==> MD5 is legit
C:\Windows\System32\Drivers\mup.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\nwifi.sys ==> MD5 is legit
C:\Windows\System32\drivers\ndis.sys 760E38053BF56E501D562B70AD796B88
C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit
C:\Windows\System32\Drivers\NDProxy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netaapl64.sys EE00C544C025958AF50C7B199F3C8595
C:\Windows\System32\DRIVERS\netbios.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbt.sys ==> MD5 is legit
C:\Windows\system32\drivers\nfrd960.sys ==> MD5 is legit
C:\Windows\System32\drivers\npf.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Npfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Ntfs.sys 1A29A59A4C5BA6F8C85062A613B7E2B2
C:\Windows\System32\DRIVERS\NuidFltr.sys 96ACBF3DDC38A52FEE115F577F36568F
C:\Windows\System32\Drivers\Null.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\nvlddmkm.sys DD81FBC57AB9134CDDC5CE90880BFD80
C:\Windows\system32\drivers\nvraid.sys 0A92CB65770442ED0DC44834632F66AD
C:\Windows\system32\drivers\nvstor.sys DAB0E87525C10052BF65F06152F37E4A
C:\Windows\system32\drivers\nv_agp.sys ==> MD5 is legit
C:\Windows\system32\drivers\ohci1394.sys ==> MD5 is legit
C:\Windows\system32\drivers\parport.sys ==> MD5 is legit
C:\Windows\System32\drivers\partmgr.sys E9766131EEADE40A27DC27D2D68FBA9C
C:\Windows\System32\drivers\pci.sys ==> MD5 is legit
C:\Windows\system32\drivers\pciide.sys ==> MD5 is legit
C:\Windows\system32\drivers\pcmcia.sys ==> MD5 is legit
C:\Windows\System32\drivers\pcw.sys ==> MD5 is legit
C:\Windows\System32\drivers\peauth.sys ED6E75158D28D33A2E2A020AC5B2B59D
C:\Windows\System32\DRIVERS\point64.sys E4799B87675C59AA1F620DE5C6F113BB
C:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legit
C:\Windows\system32\drivers\processr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legit
C:\Windows\system32\drivers\ql2300.sys ==> MD5 is legit
C:\Windows\system32\drivers\ql40xx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\qrkis.sys E92CA234469CC386AD81B9DB924FE9D4
C:\Windows\system32\drivers\qwavedrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rdbss.sys ==> MD5 is legit
C:\Windows\system32\drivers\rdpbus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\RDPCDD.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legit
C:\Windows\System32\Drivers\RDPWD.sys FE571E088C2D83619D2D48D4E961BF41
C:\Windows\System32\drivers\rdyboost.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rfcomm.sys 3DD798846E2C28102B922C56E71B7932
C:\Windows\System32\Drivers\RimUsb_AMD64.sys 7B04C9843921AB1F695FB395422C5360
C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys C903D49655B4AAE46673F0AAA6BE0F58
C:\Windows\System32\Drivers\RootMdm.sys 388D3DD1A6457280F3BADBA9F3ACD6B1
C:\Windows\System32\DRIVERS\RtsPStor.sys D5C3E1629A3F7F0857D27949252B94CE
C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit
C:\Windows\system32\drivers\sbp2port.sys ==> MD5 is legit
C:\Windows\System32\Drivers\SCDEmu.sys C81EB41E9FFC35560E5025891DC01A6E
C:\Windows\System32\DRIVERS\scfilter.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\sdbus.sys 111E0EBC0AD79CB0FA014B907B231CF0
C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\serenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\serial.sys ==> MD5 is legit
C:\Windows\system32\drivers\sermouse.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\SFEP.sys 286D3889E6AB5589646FF8A63CB928AE
C:\Windows\system32\drivers\sffdisk.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_mmc.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_sd.sys ==> MD5 is legit
C:\Windows\system32\drivers\sfloppy.sys ==> MD5 is legit
C:\Windows\system32\drivers\SiSRaid2.sys ==> MD5 is legit
C:\Windows\system32\drivers\sisraid4.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legit
C:\Windows\System32\Drivers\spldr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\srv.sys 441FBA48BFF01FDB9D5969EBC1838F0B
C:\Windows\System32\DRIVERS\srv2.sys B4ADEBBF5E3677CCE9651E0F01F7CC28
C:\Windows\System32\DRIVERS\srvnet.sys 27E461F0BE5BFF5FC737328F749538C3
C:\Windows\system32\drivers\stexstor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\swenum.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\SynTP.sys C43E3CA9C672B2EC30B66CCE0B89BD36
C:\Windows\System32\DRIVERS\tap0901.sys F0B9D3ED88E56D3CD713DFF21E42AAF0
C:\Windows\System32\DRIVERS\taphss.sys B70DF208E97536CA9F29289E609F5B16
C:\Windows\System32\DRIVERS\taphss6.sys 83C57F165F0216E5CE40D7E4E00DC76D
C:\Windows\System32\DRIVERS\tapse01.sys 966BE5876648FFCE6929B1F2BF18C989
C:\Windows\System32\drivers\tcpip.sys 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E
C:\Windows\System32\DRIVERS\tcpip.sys 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E
C:\Windows\System32\drivers\tcpipreg.sys 1B16D0BD9841794A6E0CDE0CEF744ABC
C:\Windows\System32\drivers\tdpipe.sys ==> MD5 is legit
C:\Windows\System32\drivers\tdtcp.sys 51C5ECEB1CDEE2468A1748BE550CFBC8
C:\Windows\System32\DRIVERS\tdx.sys 70988118145F5F10EF24720B97F35F65
C:\Windows\System32\DRIVERS\termdd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\tssecsrv.sys E232A3B43A894BB327FC161529BD9ED1
C:\Windows\System32\drivers\tsusbflt.sys ==> MD5 is legit
C:\Windows\system32\drivers\TsUsbGD.sys 9CC2CCAE8A84820EAECB886D477CBCB8
C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys 45427C4B8CAC6B241478F149B935CD80
C:\Windows\System32\DRIVERS\tunnel.sys ==> MD5 is legit
C:\Windows\system32\drivers\uagp35.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\udfs.sys ==> MD5 is legit
C:\Windows\system32\drivers\uliagpkx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\umbus.sys ==> MD5 is legit
C:\Windows\system32\drivers\umpass.sys ==> MD5 is legit
C:\Windows\System32\Drivers\usbaapl64.sys 5C3BE22E485B9BF11FCEFDC676C728D0
C:\Windows\system32\drivers\usbaudio.sys B0435098C81D04CAFFF80DDB746CD3A2
C:\Windows\System32\DRIVERS\usbccgp.sys DCA68B0943D6FA415F0C56C92158A83A
C:\Windows\system32\drivers\usbcir.sys 80B0F7D5CCF86CEB5D402EAAF61FEC31
C:\Windows\system32\drivers\usbehci.sys 18A85013A3E0F7E1755365D287443965
C:\Windows\System32\DRIVERS\usbhub.sys 8D1196CFBB223621F2C67D45710F25BA
C:\Windows\system32\drivers\usbohci.sys 765A92D428A8DB88B960DA5A8D6089DC
C:\Windows\system32\drivers\usbprint.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\USBSTOR.SYS FED648B01349A3C8395A5169DB5FB7D6
C:\Windows\system32\drivers\usbuhci.sys DD253AFC3BC6CBA412342DE60C3647F3
C:\Windows\System32\Drivers\usbvideo.sys 1F775DA4CF1A3A1834207E975A72E9D7
C:\Windows\System32\Drivers\VBTUSB.sys 70A90412F0AE18021794A0754C2D6299
C:\Windows\System32\drivers\vdrvroot.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit
C:\Windows\System32\drivers\vga.sys ==> MD5 is legit
C:\Windows\system32\drivers\vhdmp.sys ==> MD5 is legit
C:\Windows\system32\drivers\viaide.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgrx.sys ==> MD5 is legit
C:\Windows\System32\drivers\volsnap.sys ==> MD5 is legit
C:\Windows\system32\drivers\vsmraid.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwifibus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwififlt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwifimp.sys ==> MD5 is legit
C:\Windows\system32\drivers\wacompen.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\System32\drivers\wd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wdcsam64.sys ==> MD5 is legit
C:\Windows\System32\drivers\Wdf01000.sys E2C933EDBC389386EBE6D2BA953F43D8
C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legit
C:\Windows\System32\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\SysWOW64\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\WinUsb.sys FE88B288356E7B47B74B13372ADD906D
C:\Windows\System32\DRIVERS\wmiacpi.sys ==> MD5 is legit
C:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legit
C:\Windows\System32\drivers\WudfPf.sys AB886378EEB55C6C75B4F2D14B6C869F
C:\Windows\System32\DRIVERS\WUDFRd.sys DDA4CAF29D8C0A297F886BFE561E6659
C:\Windows\System32\DRIVERS\xnacc.sys 4A5CE13408945E525503B5F73D29B9C5
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-08-16 06:33 - 2015-08-16 06:33 - 00000310 _____ C:\AdwCleaner[S1].txt
2015-08-16 06:33 - 2015-08-16 06:33 - 00000000 ____D C:\AdwCleaner
2015-08-16 06:31 - 2015-08-16 06:31 - 01563648 _____ C:\Users\Aasir\Downloads\adwcleaner_5.000.exe
2015-08-16 06:26 - 2015-08-16 06:26 - 00000000 ____D C:\Users\Aasir\AppData\Local\{C7FF75CD-FB16-4DCC-A9BD-FEF867AB69E0}
2015-08-14 21:43 - 2015-08-16 16:38 - 00000000 ____D C:\FRST
2015-08-12 10:28 - 2015-07-15 10:15 - 05568960 _____ (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2015-08-12 10:28 - 2015-07-15 10:15 - 00155584 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2015-08-12 10:28 - 2015-07-15 10:15 - 00095680 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2015-08-12 10:28 - 2015-07-15 10:15 - 00094656 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\mountmgr.sys
2015-08-12 10:28 - 2015-07-15 10:12 - 01730496 _____ (Microsoft Corporation) C:\Windows\System32\ntdll.dll
2015-08-12 10:28 - 2015-07-15 10:11 - 00362496 _____ (Microsoft Corporation) C:\Windows\System32\wow64win.dll
2015-08-12 10:28 - 2015-07-15 10:11 - 00243712 _____ (Microsoft Corporation) C:\Windows\System32\wow64.dll
2015-08-12 10:28 - 2015-07-15 10:11 - 00215040 _____ (Microsoft Corporation) C:\Windows\System32\winsrv.dll
2015-08-12 10:28 - 2015-07-15 10:11 - 00210944 _____ (Microsoft Corporation) C:\Windows\System32\wdigest.dll
2015-08-12 10:28 - 2015-07-15 10:11 - 00013312 _____ (Microsoft Corporation) C:\Windows\System32\wow64cpu.dll
2015-08-12 10:28 - 2015-07-15 10:10 - 01743360 _____ (Microsoft Corporation) C:\Windows\System32\sysmain.dll
2015-08-12 10:28 - 2015-07-15 10:10 - 01461760 _____ (Microsoft Corporation) C:\Windows\System32\lsasrv.dll
2015-08-12 10:28 - 2015-07-15 10:10 - 01216512 _____ (Microsoft Corporation) C:\Windows\System32\rpcrt4.dll
2015-08-12 10:28 - 2015-07-15 10:10 - 01163264 _____ (Microsoft Corporation) C:\Windows\System32\kernel32.dll
2015-08-12 10:28 - 2015-07-15 10:10 - 00729088 _____ (Microsoft Corporation) C:\Windows\System32\kerberos.dll
2015-08-12 10:28 - 2015-07-15 10:10 - 00503808 _____ (Microsoft Corporation) C:\Windows\System32\srcore.dll
2015-08-12 10:28 - 2015-07-15 10:10 - 00424960 _____ (Microsoft Corporation) C:\Windows\System32\KernelBase.dll
2015-08-12 10:28 - 2015-07-15 10:10 - 00342016 _____ (Microsoft Corporation) C:\Windows\System32\schannel.dll
2015-08-12 10:28 - 2015-07-15 10:10 - 00315392 _____ (Microsoft Corporation) C:\Windows\System32\msv1_0.dll
2015-08-12 10:28 - 2015-07-15 10:10 - 00309760 _____ (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2015-08-12 10:28 - 2015-07-15 10:10 - 00296960 _____ (Microsoft Corporation) C:\Windows\System32\rstrui.exe
2015-08-12 10:28 - 2015-07-15 10:10 - 00136192 _____ (Microsoft Corporation) C:\Windows\System32\sspicli.dll
2015-08-12 10:28 - 2015-07-15 10:10 - 00112640 _____ (Microsoft Corporation) C:\Windows\System32\smss.exe
2015-08-12 10:28 - 2015-07-15 10:10 - 00086528 _____ (Microsoft Corporation) C:\Windows\System32\TSpkg.dll
2015-08-12 10:28 - 2015-07-15 10:10 - 00050176 _____ (Microsoft Corporation) C:\Windows\System32\srclient.dll
2015-08-12 10:28 - 2015-07-15 10:10 - 00044032 _____ (Microsoft Corporation) C:\Windows\System32\cryptbase.dll
2015-08-12 10:28 - 2015-07-15 10:10 - 00043520 _____ (Microsoft Corporation) C:\Windows\System32\csrsrv.dll
2015-08-12 10:28 - 2015-07-15 10:10 - 00031232 _____ (Microsoft Corporation) C:\Windows\System32\lsass.exe
2015-08-12 10:28 - 2015-07-15 10:10 - 00029184 _____ (Microsoft Corporation) C:\Windows\System32\sspisrv.dll
2015-08-12 10:28 - 2015-07-15 10:10 - 00028160 _____ (Microsoft Corporation) C:\Windows\System32\secur32.dll
2015-08-12 10:28 - 2015-07-15 10:10 - 00022016 _____ (Microsoft Corporation) C:\Windows\System32\credssp.dll
2015-08-12 10:28 - 2015-07-15 10:10 - 00016384 _____ (Microsoft Corporation) C:\Windows\System32\ntvdm64.dll
2015-08-12 10:28 - 2015-07-15 10:10 - 00011264 _____ (Microsoft Corporation) C:\Windows\System32\msmmsp.dll
2015-08-12 10:28 - 2015-07-15 10:09 - 00338432 _____ (Microsoft Corporation) C:\Windows\System32\conhost.exe
2015-08-12 10:28 - 2015-07-15 10:09 - 00064000 _____ (Microsoft Corporation) C:\Windows\System32\auditpol.exe
2015-08-12 10:28 - 2015-07-15 10:00 - 00006144 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
2015-08-12 10:28 - 2015-07-15 10:00 - 00005120 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
2015-08-12 10:28 - 2015-07-15 10:00 - 00004608 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
2015-08-12 10:28 - 2015-07-15 10:00 - 00004608 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
2015-08-12 10:28 - 2015-07-15 10:00 - 00004096 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-08-12 10:28 - 2015-07-15 10:00 - 00004096 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
2015-08-12 10:28 - 2015-07-15 10:00 - 00004096 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
2015-08-12 10:28 - 2015-07-15 10:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-08-12 10:28 - 2015-07-15 10:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-08-12 10:28 - 2015-07-15 10:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-08-12 10:28 - 2015-07-15 10:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
2015-08-12 10:28 - 2015-07-15 10:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
2015-08-12 10:28 - 2015-07-15 10:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-08-12 10:28 - 2015-07-15 10:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
2015-08-12 10:28 - 2015-07-15 10:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
2015-08-12 10:28 - 2015-07-15 10:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
2015-08-12 10:28 - 2015-07-15 10:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
2015-08-12 10:28 - 2015-07-15 10:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
2015-08-12 10:28 - 2015-07-15 10:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
2015-08-12 10:28 - 2015-07-15 10:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
2015-08-12 10:28 - 2015-07-15 10:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
2015-08-12 10:28 - 2015-07-15 10:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
2015-08-12 10:28 - 2015-07-15 10:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-08-12 10:28 - 2015-07-15 10:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
2015-08-12 10:28 - 2015-07-15 10:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
2015-08-12 10:28 - 2015-07-15 09:59 - 03989952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-08-12 10:28 - 2015-07-15 09:59 - 03934656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-08-12 10:28 - 2015-07-15 09:56 - 01311768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-08-12 10:28 - 2015-07-15 09:55 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-08-12 10:28 - 2015-07-15 09:55 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-08-12 10:28 - 2015-07-15 09:55 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-08-12 10:28 - 2015-07-15 09:55 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-08-12 10:28 - 2015-07-15 09:55 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-08-12 10:28 - 2015-07-15 09:54 - 00552960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-08-12 10:28 - 2015-07-15 09:54 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-08-12 10:28 - 2015-07-15 09:54 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-08-12 10:28 - 2015-07-15 09:54 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2015-08-12 10:28 - 2015-07-15 09:54 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-08-12 10:28 - 2015-07-15 09:54 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-08-12 10:28 - 2015-07-15 09:54 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-08-12 10:28 - 2015-07-15 09:53 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-08-12 10:28 - 2015-07-15 09:53 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2015-08-12 10:28 - 2015-07-15 09:53 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-08-12 10:28 - 2015-07-15 09:53 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-08-12 10:28 - 2015-07-15 09:53 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-08-12 10:28 - 2015-07-15 09:53 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-08-12 10:28 - 2015-07-15 09:44 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-08-12 10:28 - 2015-07-15 09:44 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-08-12 10:28 - 2015-07-15 09:44 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-08-12 10:28 - 2015-07-15 09:44 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-08-12 10:28 - 2015-07-15 09:44 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-08-12 10:28 - 2015-07-15 09:44 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-08-12 10:28 - 2015-07-15 09:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-08-12 10:28 - 2015-07-15 09:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-08-12 10:28 - 2015-07-15 09:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-08-12 10:28 - 2015-07-15 09:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-08-12 10:28 - 2015-07-15 09:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-08-12 10:28 - 2015-07-15 09:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-08-12 10:28 - 2015-07-15 09:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-08-12 10:28 - 2015-07-15 09:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-08-12 10:28 - 2015-07-15 09:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-08-12 10:28 - 2015-07-15 09:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-08-12 10:28 - 2015-07-15 09:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-08-12 10:28 - 2015-07-15 09:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-08-12 10:28 - 2015-07-15 09:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-08-12 10:28 - 2015-07-15 09:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-08-12 10:28 - 2015-07-15 08:46 - 00290816 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\mrxsmb10.sys
2015-08-12 10:28 - 2015-07-15 08:46 - 00159232 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\mrxsmb.sys
2015-08-12 10:28 - 2015-07-15 08:46 - 00129024 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\mrxsmb20.sys
2015-08-12 10:28 - 2015-07-15 08:34 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-08-12 10:27 - 2015-07-15 10:05 - 00146432 _____ (Microsoft Corporation) C:\Windows\System32\msaudite.dll
2015-08-12 10:27 - 2015-07-15 10:05 - 00060416 _____ (Microsoft Corporation) C:\Windows\System32\msobjs.dll
2015-08-12 10:27 - 2015-07-15 10:00 - 00686080 _____ (Microsoft Corporation) C:\Windows\System32\adtschema.dll
2015-08-12 10:27 - 2015-07-15 10:00 - 00006656 _____ (Microsoft Corporation) C:\Windows\System32\apisetschema.dll
2015-08-12 10:27 - 2015-07-15 10:00 - 00004096 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
2015-08-12 10:27 - 2015-07-15 10:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
2015-08-12 10:27 - 2015-07-15 10:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
2015-08-12 10:27 - 2015-07-15 09:49 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-08-12 10:27 - 2015-07-15 09:48 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-08-12 10:27 - 2015-07-15 09:44 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-08-12 10:27 - 2015-07-15 09:44 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-08-12 10:27 - 2015-07-15 09:44 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-08-12 10:27 - 2015-07-15 09:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-08-12 10:27 - 2015-07-15 09:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-08-12 10:27 - 2015-07-15 09:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-08-12 10:27 - 2015-07-15 08:37 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-08-12 10:27 - 2015-07-15 08:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-08-12 10:27 - 2015-07-15 08:34 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-08-12 10:27 - 2015-07-15 08:34 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-08-12 10:27 - 2015-07-15 08:34 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-08-12 10:27 - 2015-07-10 09:51 - 03722752 _____ (Microsoft Corporation) C:\Windows\System32\mstscax.dll
2015-08-12 10:27 - 2015-07-10 09:51 - 00158720 _____ (Microsoft Corporation) C:\Windows\System32\aaclient.dll
2015-08-12 10:27 - 2015-07-10 09:51 - 00044032 _____ (Microsoft Corporation) C:\Windows\System32\tsgqec.dll
2015-08-12 10:27 - 2015-07-10 09:34 - 03221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2015-08-12 10:27 - 2015-07-10 09:34 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2015-08-12 10:27 - 2015-07-10 09:33 - 00131584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2015-08-12 10:21 - 2015-07-14 19:19 - 00052736 _____ (Microsoft Corporation) C:\Windows\System32\basesrv.dll
2015-08-12 10:19 - 2015-07-30 10:06 - 02565120 _____ (Microsoft Corporation) C:\Windows\System32\d3d10warp.dll
2015-08-12 10:19 - 2015-07-30 10:06 - 01648128 _____ (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2015-08-12 10:19 - 2015-07-30 10:06 - 01180160 _____ (Microsoft Corporation) C:\Windows\System32\FntCache.dll
2015-08-12 10:19 - 2015-07-30 10:06 - 00100864 _____ (Microsoft Corporation) C:\Windows\System32\fontsub.dll
2015-08-12 10:19 - 2015-07-30 10:06 - 00046080 _____ (Adobe Systems) C:\Windows\System32\atmlib.dll
2015-08-12 10:19 - 2015-07-30 10:06 - 00041984 _____ (Microsoft Corporation) C:\Windows\System32\lpk.dll
2015-08-12 10:19 - 2015-07-30 10:06 - 00014336 _____ (Microsoft Corporation) C:\Windows\System32\dciman32.dll
2015-08-12 10:19 - 2015-07-30 09:57 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2015-08-12 10:19 - 2015-07-30 09:57 - 01251328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-08-12 10:19 - 2015-07-30 09:57 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2015-08-12 10:19 - 2015-07-30 09:57 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-08-12 10:19 - 2015-07-30 09:57 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2015-08-12 10:19 - 2015-07-30 09:55 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2015-08-12 10:19 - 2015-07-30 08:56 - 03208192 _____ (Microsoft Corporation) C:\Windows\System32\win32k.sys
2015-08-12 10:19 - 2015-07-30 08:52 - 00372736 _____ (Adobe Systems Incorporated) C:\Windows\System32\atmfd.dll
2015-08-12 10:19 - 2015-07-30 08:49 - 00299520 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-08-12 10:19 - 2015-07-20 16:39 - 00389840 _____ (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2015-08-12 10:19 - 2015-07-20 16:12 - 00342736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-08-12 10:19 - 2015-07-16 13:14 - 25192448 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2015-08-12 10:19 - 2015-07-16 12:54 - 02724864 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2015-08-12 10:19 - 2015-07-16 12:54 - 00004096 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollectorres.dll
2015-08-12 10:19 - 2015-07-16 12:37 - 00066560 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2015-08-12 10:19 - 2015-07-16 12:36 - 00584192 _____ (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2015-08-12 10:19 - 2015-07-16 12:36 - 00417792 _____ (Microsoft Corporation) C:\Windows\System32\html.iec
2015-08-12 10:19 - 2015-07-16 12:36 - 00048640 _____ (Microsoft Corporation) C:\Windows\System32\ieetwproxystub.dll
2015-08-12 10:19 - 2015-07-16 12:35 - 02885632 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2015-08-12 10:19 - 2015-07-16 12:35 - 00088064 _____ (Microsoft Corporation) C:\Windows\System32\MshtmlDac.dll
2015-08-12 10:19 - 2015-07-16 12:27 - 00054784 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2015-08-12 10:19 - 2015-07-16 12:26 - 05923328 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2015-08-12 10:19 - 2015-07-16 12:26 - 00034304 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2015-08-12 10:19 - 2015-07-16 12:23 - 00615936 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2015-08-12 10:19 - 2015-07-16 12:21 - 00816640 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll
2015-08-12 10:19 - 2015-07-16 12:21 - 00814080 _____ (Microsoft Corporation) C:\Windows\System32\jscript9diag.dll
2015-08-12 10:19 - 2015-07-16 12:21 - 00144384 _____ (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2015-08-12 10:19 - 2015-07-16 12:21 - 00114688 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollector.exe
2015-08-12 10:19 - 2015-07-16 12:20 - 19870208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-08-12 10:19 - 2015-07-16 12:12 - 00968704 _____ (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
2015-08-12 10:19 - 2015-07-16 12:08 - 00490496 _____ (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2015-08-12 10:19 - 2015-07-16 12:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-08-12 10:19 - 2015-07-16 12:00 - 00077824 _____ (Microsoft Corporation) C:\Windows\System32\JavaScriptCollectionAgent.dll
2015-08-12 10:19 - 2015-07-16 11:55 - 00199680 _____ (Microsoft Corporation) C:\Windows\System32\msrating.dll
2015-08-12 10:19 - 2015-07-16 11:54 - 00092160 _____ (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2015-08-12 10:19 - 2015-07-16 11:51 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-08-12 10:19 - 2015-07-16 11:51 - 00316928 _____ (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2015-08-12 10:19 - 2015-07-16 11:51 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-08-12 10:19 - 2015-07-16 11:50 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-08-12 10:19 - 2015-07-16 11:50 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-08-12 10:19 - 2015-07-16 11:49 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-08-12 10:19 - 2015-07-16 11:45 - 02279424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-08-12 10:19 - 2015-07-16 11:43 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-08-12 10:19 - 2015-07-16 11:43 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-08-12 10:19 - 2015-07-16 11:41 - 00479232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-08-12 10:19 - 2015-07-16 11:39 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-08-12 10:19 - 2015-07-16 11:39 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-08-12 10:19 - 2015-07-16 11:38 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-08-12 10:19 - 2015-07-16 11:36 - 00801280 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2015-08-12 10:19 - 2015-07-16 11:35 - 00720384 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2015-08-12 10:19 - 2015-07-16 11:34 - 14451200 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2015-08-12 10:19 - 2015-07-16 11:33 - 01359360 _____ (Microsoft Corporation) C:\Windows\System32\mshtmlmedia.dll
2015-08-12 10:19 - 2015-07-16 11:32 - 02125824 _____ (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2015-08-12 10:19 - 2015-07-16 11:29 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-08-12 10:19 - 2015-07-16 11:24 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-08-12 10:19 - 2015-07-16 11:20 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-08-12 10:19 - 2015-07-16 11:19 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-08-12 10:19 - 2015-07-16 11:17 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-08-12 10:19 - 2015-07-16 11:12 - 04520448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-08-12 10:19 - 2015-07-16 11:12 - 02427904 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2015-08-12 10:19 - 2015-07-16 11:10 - 12856832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-08-12 10:19 - 2015-07-16 11:06 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-08-12 10:19 - 2015-07-16 11:06 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-08-12 10:19 - 2015-07-16 11:05 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-08-12 10:19 - 2015-07-16 11:01 - 01545728 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2015-08-12 10:19 - 2015-07-16 10:49 - 00800768 _____ (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2015-08-12 10:19 - 2015-07-16 10:42 - 01951232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-08-12 10:19 - 2015-07-16 10:38 - 01310720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-08-12 10:19 - 2015-07-16 10:37 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-08-12 10:19 - 2015-07-14 19:19 - 02004992 _____ (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2015-08-12 10:19 - 2015-07-14 19:19 - 01887232 _____ (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2015-08-12 10:19 - 2015-07-14 19:14 - 00002048 _____ (Microsoft Corporation) C:\Windows\System32\msxml6r.dll
2015-08-12 10:19 - 2015-07-14 19:13 - 00002048 _____ (Microsoft Corporation) C:\Windows\System32\msxml3r.dll
2015-08-12 10:19 - 2015-07-14 18:55 - 01390592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2015-08-12 10:19 - 2015-07-14 18:55 - 01241088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2015-08-12 10:19 - 2015-07-14 18:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
2015-08-12 10:19 - 2015-07-14 18:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2015-08-12 10:19 - 2015-07-09 09:57 - 00193536 _____ (Microsoft Corporation) C:\Windows\System32\notepad.exe
2015-08-12 10:19 - 2015-07-09 09:57 - 00193536 _____ (Microsoft Corporation) C:\Windows\notepad.exe
2015-08-12 10:19 - 2015-07-09 09:42 - 00179712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
2015-08-12 10:19 - 2015-07-01 12:49 - 00260096 _____ (Microsoft Corporation) C:\Windows\System32\WebClnt.dll
2015-08-12 10:19 - 2015-07-01 12:48 - 00102912 _____ (Microsoft Corporation) C:\Windows\System32\davclnt.dll
2015-08-12 10:19 - 2015-07-01 12:30 - 00206848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2015-08-12 10:19 - 2015-07-01 12:30 - 00082432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
2015-08-12 10:18 - 2015-07-20 10:12 - 03154944 _____ (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2015-08-12 10:18 - 2015-07-20 10:12 - 02606080 _____ (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2015-08-12 10:18 - 2015-07-20 10:12 - 00696320 _____ (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2015-08-12 10:18 - 2015-07-20 10:12 - 00192000 _____ (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2015-08-12 10:18 - 2015-07-20 10:12 - 00139776 _____ (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2015-08-12 10:18 - 2015-07-20 10:12 - 00098304 _____ (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2015-08-12 10:18 - 2015-07-20 10:12 - 00091136 _____ (Microsoft Corporation) C:\Windows\System32\WinSetupUI.dll
2015-08-12 10:18 - 2015-07-20 10:12 - 00037888 _____ (Microsoft Corporation) C:\Windows\System32\wups2.dll
2015-08-12 10:18 - 2015-07-20 10:12 - 00037376 _____ (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2015-08-12 10:18 - 2015-07-20 10:12 - 00036864 _____ (Microsoft Corporation) C:\Windows\System32\wups.dll
2015-08-12 10:18 - 2015-07-20 10:12 - 00012288 _____ (Microsoft Corporation) C:\Windows\System32\wu.upgrade.ps.dll
2015-08-12 10:18 - 2015-07-20 09:56 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-08-12 10:18 - 2015-07-20 09:56 - 00173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-08-12 10:18 - 2015-07-20 09:56 - 00093184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-08-12 10:18 - 2015-07-20 09:56 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-08-12 10:18 - 2015-07-20 09:56 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-08-12 10:18 - 2015-07-10 09:51 - 14177280 _____ (Microsoft Corporation) C:\Windows\System32\shell32.dll
2015-08-12 10:18 - 2015-07-10 09:34 - 12875776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-08-12 10:17 - 2015-05-09 10:26 - 00493504 _____ (Microsoft Corporation) C:\Windows\System32\mcupdate_GenuineIntel.dll
2015-08-11 10:31 - 2015-08-11 10:31 - 00000000 ____D C:\Users\Aasir\AppData\Local\{AB947A12-A90C-4FC8-893B-B7BA98E711DE}
2015-08-08 06:33 - 2015-08-08 06:33 - 00065514 _____ C:\Users\Aasir\Documents\Carrefour Survey Results.xlsx
2015-08-06 08:37 - 2015-08-06 08:37 - 00000000 ____D C:\Users\Aasir\AppData\Local\{661CB921-7F36-4F83-A116-40634188DB12}
2015-08-06 06:18 - 2015-08-06 06:18 - 00000000 ____D C:\Users\Aasir\AppData\Local\{7712FC7E-C632-4C9E-A17E-506283EFDEE1}
2015-08-03 10:59 - 2015-08-03 10:59 - 00000000 ____D C:\Users\Aasir\AppData\Local\CEF
2015-08-03 10:58 - 2015-08-03 10:58 - 00000000 ____D C:\Users\Aasir\AppData\Local\{155CA2C3-BF4E-439F-9C41-C6422C180E37}
2015-08-03 09:58 - 2015-08-03 09:58 - 00000000 __SHD C:\found.009
2015-07-28 07:29 - 2015-07-25 10:07 - 00017856 _____ (Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
2015-07-28 07:29 - 2015-07-25 10:04 - 00765440 _____ (Microsoft Corporation) C:\Windows\System32\invagent.dll
2015-07-28 07:29 - 2015-07-25 10:04 - 00726528 _____ (Microsoft Corporation) C:\Windows\System32\generaltel.dll
2015-07-28 07:29 - 2015-07-25 10:03 - 01085440 _____ (Microsoft Corporation) C:\Windows\System32\appraiser.dll
2015-07-28 07:29 - 2015-07-25 10:03 - 00433664 _____ (Microsoft Corporation) C:\Windows\System32\devinv.dll
2015-07-28 07:29 - 2015-07-25 10:03 - 00227328 _____ (Microsoft Corporation) C:\Windows\System32\aepdu.dll
2015-07-28 07:29 - 2015-07-25 10:03 - 00067584 _____ (Microsoft Corporation) C:\Windows\System32\acmigration.dll
2015-07-28 07:29 - 2015-07-25 09:55 - 01145856 _____ (Microsoft Corporation) C:\Windows\System32\aeinv.dll
2015-07-22 12:48 - 2015-07-22 12:48 - 00000000 ____D C:\Users\Aasir\AppData\Local\{404AD427-0543-46F5-96AB-81C24D53C686}
2015-07-22 11:14 - 2015-07-22 12:28 - 00000000 ____D C:\Users\Aasir\Desktop\New folder
2015-07-18 17:17 - 2015-07-18 17:17 - 00000000 ____D C:\Users\Aasir\AppData\Local\{4B295D45-A343-4618-94D0-A103DEEB210D}
2015-07-18 16:29 - 2015-07-18 16:52 - 00000000 ____D C:\Users\Aasir\Downloads\Mad Max Fury Road 1080p WEBRiP - BLiTZCRiEG
2015-07-17 18:26 - 2015-07-18 17:44 - 00000000 ____D C:\Users\Aasir\Downloads\The Maze Runner (2014) [1080p]
2015-07-17 18:26 - 2015-07-17 18:38 - 00000000 ____D C:\Users\Aasir\Downloads\Meek Mill - Dreams Worth More Than Money (Explicit) 2015 {MP3 Album}~{VBUc}
2015-07-17 18:12 - 2015-07-18 17:45 - 00000000 ____D C:\Users\Aasir\Downloads\Ted 2 2015 UNCENSORED 1080p HC HDRip x264 AAC-JYK
2015-07-17 18:07 - 2015-07-17 18:10 - 00000000 ____D C:\Users\Aasir\Downloads\Hacking Wireless Networks For Dummies
2015-07-17 17:59 - 2015-07-17 18:03 - 00000000 ____D C:\Users\Aasir\AppData\Local\ERW
2015-07-17 17:59 - 2015-07-17 17:59 - 00001210 _____ C:\Users\Public\Desktop\ePub Reader for Windows.lnk
2015-07-17 17:59 - 2015-07-17 17:59 - 00000000 ____D C:\Program Files (x86)\ePub Reader for Windows
2015-07-17 17:57 - 2015-07-17 17:57 - 01115709 _____ (HANSoft, Inc. ) C:\Users\Aasir\Downloads\ERWsetup.exe
2015-07-17 17:55 - 2015-07-17 18:01 - 00000000 ____D C:\Users\Aasir\Downloads\Great Gatsby, The
2015-07-17 13:57 - 2015-07-17 13:57 - 00001476 _____ C:\Users\Public\Desktop\Norton Security Scan.LNK
2015-07-17 13:57 - 2015-07-17 13:57 - 00000000 ____D C:\Windows\System32\Drivers\NSSx64
2015-07-17 13:57 - 2015-07-17 13:57 - 00000000 ____D C:\Program Files (x86)\Norton Security Scan
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-08-16 15:10 - 2015-04-20 07:10 - 00000000 ___SD C:\Windows\System32\GWX
2015-08-16 15:10 - 2014-12-12 17:23 - 00000000 ____D C:\Windows\System32\appraiser
2015-08-16 15:10 - 2014-09-05 10:06 - 00000000 ___SD C:\Windows\System32\CompatTel
2015-08-16 15:10 - 2013-03-14 14:10 - 00000000 ____D C:\Windows\System32\Macromed
2015-08-16 15:10 - 2012-05-22 03:56 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-08-16 15:10 - 2012-05-22 03:56 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2015-08-16 15:10 - 2012-03-17 05:57 - 00000000 ____D C:\ProgramData\Norton
2015-08-16 15:10 - 2011-08-13 07:00 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2015-08-16 15:10 - 2011-08-13 06:58 - 00000000 ____D C:\ProgramData\Sony Corporation
2015-08-16 15:10 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\NDF
2015-08-16 15:10 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2015-08-16 14:46 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\registration
2015-08-16 06:32 - 2013-08-16 07:10 - 00000000 ____D C:\Program Files (x86)\Steam
2015-08-16 06:32 - 2013-03-28 16:13 - 00000000 ____D C:\Users\Aasir\AppData\Roaming\uTorrent
2015-08-16 06:32 - 2012-08-19 07:43 - 00000928 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3875845209-2866507240-2612726953-1000UA.job
2015-08-16 06:28 - 2009-07-13 21:13 - 00816250 _____ C:\Windows\System32\PerfStringBackup.INI
2015-08-16 05:26 - 2012-08-29 10:55 - 00000000 ____D C:\Users\Aasir\AppData\Roaming\Spotify
2015-08-16 05:25 - 2013-01-20 09:43 - 00000000 ____D C:\Users\Aasir\Tracing
2015-08-16 05:25 - 2009-07-13 20:45 - 00022816 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-08-16 05:25 - 2009-07-13 20:45 - 00022816 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-08-16 05:24 - 2014-11-27 07:04 - 00000000 ___RD C:\Users\Aasir\Google Drive
2015-08-16 05:24 - 2014-09-05 11:21 - 00000000 ____D C:\ProgramData\MFAData
2015-08-16 05:24 - 2013-04-05 11:25 - 00000000 ____D C:\users\TeeSupport
2015-08-16 05:22 - 2014-01-01 10:04 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2015-08-16 05:20 - 2013-12-08 09:50 - 00000366 _____ C:\Windows\Tasks\AmiUpdXp.job
2015-08-16 05:20 - 2013-02-08 05:33 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-08-16 05:20 - 2011-12-04 19:26 - 00000000 ____D C:\users\Aasir
2015-08-16 05:18 - 2013-03-24 17:19 - 00000320 _____ C:\Windows\Tasks\iuwtrew.job
2015-08-16 05:18 - 2012-08-07 14:15 - 00065536 _____ C:\Windows\System32\Ikeext.etl
2015-08-16 05:18 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-08-16 05:18 - 2009-07-13 20:45 - 00440128 _____ C:\Windows\System32\FNTCACHE.DAT
2015-08-16 05:17 - 2014-09-07 05:28 - 00118679 _____ C:\Windows\setupact.log
2015-08-13 17:00 - 2011-08-13 06:35 - 01695779 _____ C:\Windows\WindowsUpdate.log
2015-08-13 16:47 - 2011-12-05 08:27 - 00000908 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3875845209-2866507240-2612726953-1000UA.job
2015-08-13 16:44 - 2013-03-14 14:10 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-08-13 16:36 - 2013-02-08 05:33 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-08-13 09:10 - 2011-12-05 08:27 - 00003934 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{0A6A98C4-FF93-4DD8-82C9-58DC4163C356}
2015-08-13 05:16 - 2011-12-09 01:19 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-08-13 04:46 - 2009-07-13 18:34 - 00000478 _____ C:\Windows\win.ini
2015-08-13 04:37 - 2012-08-19 07:43 - 00000906 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3875845209-2866507240-2612726953-1000Core.job
2015-08-13 04:37 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\tracing
2015-08-12 23:03 - 2011-12-05 08:27 - 00000856 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3875845209-2866507240-2612726953-1000Core.job
2015-08-12 17:00 - 2013-04-06 19:16 - 00000452 ____H C:\Windows\Tasks\Norton Security Scan for TeeSupport.job
2015-08-12 16:59 - 2012-04-15 08:30 - 00000452 ____H C:\Windows\Tasks\Norton Security Scan for Aasir.job
2015-08-12 16:56 - 2013-02-11 09:29 - 00000000 ____D C:\Users\Aasir\Documents\Bluetooth Folder
2015-08-12 11:44 - 2013-03-14 14:10 - 00778440 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-08-12 11:44 - 2013-03-14 14:10 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-08-12 11:44 - 2013-03-14 14:10 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-08-12 09:43 - 2013-02-08 05:34 - 00002202 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-08-12 04:47 - 2012-03-24 14:44 - 00000292 _____ C:\Windows\Tasks\DLL-files.com Fixer_UPDATES.job
2015-08-11 10:17 - 2012-06-14 01:57 - 00000000 ____D C:\Users\Aasir\AppData\Roaming\Skype
2015-08-09 06:57 - 2013-03-06 14:40 - 00000000 ____D C:\Users\Aasir\AppData\Local\CrashDumps
2015-08-08 05:05 - 2014-11-21 09:53 - 00000984 _____ C:\Users\Public\Desktop\AVG 2014.lnk
2015-08-06 08:33 - 2014-09-07 05:28 - 00094972 _____ C:\Windows\PFRO.log
2015-08-06 06:15 - 2015-04-08 14:07 - 00001329 _____ C:\Users\Aasir\Desktop\Norton Installation Files.lnk
2015-08-03 10:56 - 2011-12-05 08:39 - 00000000 ____D C:\temp
2015-07-22 14:11 - 2012-01-10 07:07 - 00000023 _____ C:\test.xml
2015-07-19 16:17 - 2014-09-05 10:44 - 00000000 ____D C:\Users\Aasir\AppData\Local\Windows Live
2015-07-19 16:14 - 2013-04-18 07:56 - 00000000 ____D C:\Users\Aasir\AppData\Roaming\vlc
2015-07-17 14:07 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache
2015-07-17 13:57 - 2012-04-15 08:30 - 00003614 _____ C:\Windows\System32\Tasks\Norton Security Scan for Aasir
 
Some files in TEMP:
====================
C:\Users\Aasir\AppData\Local\Temp\htmlayout.dll
C:\Users\Aasir\AppData\Local\Temp\MouseKeyboardCenterx64_1033.exe
C:\Users\Aasir\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Aasir\AppData\Local\Temp\sqlite3.dll
C:\Users\Aasir\AppData\Local\Temp\uninstall6923230.exe
C:\Users\Aasir\AppData\Local\Temp\uninstall6941748.exe
C:\Users\Aasir\AppData\Local\Temp\utt5DD9.tmp.exe
C:\Users\Aasir\AppData\Local\Temp\utt8670.tmp.exe
 
==================== Known DLLs (Whitelisted) =========================
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\dnsapi.dll => MD5 is legit
C:\Windows\SysWOW64\dnsapi.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
==================== Restore Points =========================
 
Restore point made on: 2015-08-08 14:10:10
Restore point made on: 2015-08-13 04:36:26
Restore point made on: 2015-08-13 17:05:32
 
==================== Memory info =========================== 
 
Percentage of memory in use: 18%
Total physical RAM: 4043.86 MB
Available physical RAM: 3278.1 MB
Total Virtual: 4042.01 MB
Available Virtual: 3276.93 MB
 
==================== Drives ================================
 
Drive c: (AASIRS LOCAL DISK!!) (Fixed) (Total:286.04 GB) (Free:131.15 GB) NTFS
Drive e: (Recovery) (Fixed) (Total:11.95 GB) (Free:0.82 GB) NTFS ==>[system with boot components (obtained from reading drive)]
Drive g: (AHMED OSMAN) (Removable) (Total:3.92 GB) (Free:3.92 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[system with boot components (obtained from reading drive)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: D5F9D4F6)
Partition 1: (Not Active) - (Size=11.9 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=286 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (Size: 3.9 GB) (Disk ID: 2476153F)
Partition 1: (Not Active) - (Size=3.9 GB) - (Type=0B)
 
 
LastRegBack: 2015-08-07 11:47
 
==================== End of log ============================

Edited by Aasir42, 16 August 2015 - 09:44 AM.


#8 Aasir42

Aasir42
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  

Posted 16 August 2015 - 10:30 AM

ive completed the adwcleaner cleaning and restarted my computer? Is that it all cleaned and solved now?



#9 Aasir42

Aasir42
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  

Posted 16 August 2015 - 10:52 AM

heres the adwcleaner log 

 

# AdwCleaner v5.000 - Logfile created 16/08/2015 at 17:19:14
# Updated 14/08/2015 by Xplode
# Database : 2015-08-16.2 [Server]
# Operating system : Windows 7 Home Basic Service Pack 1 (x64)
# Username : Aasir - AASIR-VAIO
# Running from : C:\Users\Aasir\Downloads\adwcleaner_5.000 (1).exe
# Option : Cleaning
 
***** [ Services ] *****
 
 
***** [ Folders ] *****
 
[-] Folder Deleted : C:\SearchProtect
[-] Folder Deleted : C:\Program Files (x86)\BabylonToolbar
[-] Folder Deleted : C:\Program Files (x86)\Conduit
[-] Folder Deleted : C:\Program Files (x86)\MyPC Backup
[-] Folder Deleted : C:\Program Files (x86)\SweetIM
[-] Folder Deleted : C:\Program Files (x86)\LuckyTab
[-] Folder Deleted : C:\Program Files (x86)\XTab
[-] Folder Deleted : C:\Program Files (x86)\Picexa
[-] Folder Deleted : C:\Program Files (x86)\miuitab
[-] Folder Deleted : C:\Program Files (x86)\WebexpEnhancedV1
[-] Folder Deleted : C:\Program Files (x86)\Optimizer Pro
[-] Folder Deleted : C:\ProgramData\apn
[-] Folder Deleted : C:\ProgramData\Ask
[-] Folder Deleted : C:\ProgramData\Premium
[-] Folder Deleted : C:\ProgramData\RightClick
[-] Folder Deleted : C:\ProgramData\SweetIM
[-] Folder Deleted : C:\ProgramData\Tarma Installer
[-] Folder Deleted : C:\ProgramData\IHProtectUpDate
[-] Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PriceGong
[-] Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picexa
[-] Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Optimizer Pro
[-] Folder Deleted : C:\Users\Aasir\AppData\Local\Conduit
[-] Folder Deleted : C:\Users\Aasir\AppData\Local\DownloadTerms
[-] Folder Deleted : C:\Users\Aasir\AppData\Local\genienext
[-] Folder Deleted : C:\Users\Aasir\AppData\Local\Mobogenie
[-] Folder Deleted : C:\Users\Aasir\AppData\Local\Smartbar
[-] Folder Deleted : C:\Users\Aasir\AppData\Local\SwvUpdater
[-] Folder Deleted : C:\Users\Aasir\AppData\Local\Temp\apn
[-] Folder Deleted : C:\Users\Aasir\AppData\Local\Temp\Smartbar
[-] Folder Deleted : C:\Users\Aasir\AppData\LocalLow\BabylonToolbar
[-] Folder Deleted : C:\Users\Aasir\AppData\LocalLow\Conduit
[-] Folder Deleted : C:\Users\Aasir\AppData\LocalLow\PriceGong
[-] Folder Deleted : C:\Users\Aasir\AppData\LocalLow\SweetIM
[-] Folder Deleted : C:\Users\Aasir\AppData\Roaming\ExpressFiles
[-] Folder Deleted : C:\Users\Aasir\AppData\Roaming\newnext.me
[-] Folder Deleted : C:\Users\Aasir\AppData\Roaming\Picexa Viewer
[-] Folder Deleted : C:\Users\Aasir\AppData\Roaming\Optimizer Pro
[-] Folder Deleted : C:\Users\Aasir\AppData\Roaming\Microsoft\Windows\Start Menu\LuckyTab
[-] Folder Deleted : C:\Users\Aasir\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup
[-] Folder Deleted : C:\Users\Aasir\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wajam
[-] Folder Deleted : C:\Users\Aasir\Documents\Mobogenie
[-] Folder Deleted : C:\Users\TeeSupport\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiokahphinmbmakkehgelkmpolmnbkdh
[-] Folder Deleted : C:\Users\TeeSupport\AppData\LocalLow\AskToolbar
[-] Folder Deleted : C:\Users\TeeSupport\AppData\LocalLow\BabylonToolbar
[-] Folder Deleted : C:\Users\wangjihua\AppData\Local\Mobogenie
[-] Folder Deleted : C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Fighters
 
***** [ Files ] *****
 
[-] File Deleted : C:\END
[-] File Deleted : C:\Users\Aasir\daemonprocess.txt
[-] File Deleted : C:\Users\Aasir\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_licjnkifamhpbaefhdpacpmihicfbomb_0.localstorage
[-] File Deleted : C:\Users\Aasir\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ambjmeohlajelahhhniggkkceagdlcgj_0.localstorage
[-] File Deleted : C:\Users\Aasir\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ambjmeohlajelahhhniggkkceagdlcgj
[-] File Deleted : C:\Users\Aasir\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_licjnkifamhpbaefhdpacpmihicfbomb_0.localstorage
[-] File Deleted : C:\Users\Aasir\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_istart.webssearches.com_0.localstorage
[-] File Deleted : C:\Users\Aasir\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_istart.webssearches.com_0.localstorage-journal
[-] File Deleted : C:\Users\Aasir\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_st.chatango.com_0.localstorage
[-] File Deleted : C:\Users\Aasir\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_st.chatango.com_0.localstorage-journal
[-] File Deleted : C:\Users\Aasir\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.delta-homes.com_0.localstorage
[-] File Deleted : C:\Users\Aasir\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.delta-homes.com_0.localstorage-journal
[-] File Deleted : C:\Users\Aasir\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Picexa.lnk
[-] File Deleted : C:\Users\Aasir\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp\MyPC Backup.lnk
[-] File Deleted : C:\Users\Aasir\Desktop\Optimizer Pro.lnk
[-] File Deleted : C:\Users\Public\Desktop\Picexa.lnk
[-] File Deleted : C:\Users\TeeSupport\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ambjmeohlajelahhhniggkkceagdlcgj_0.localstorage
 
***** [ Shortcuts ] *****
 
 
***** [ Scheduled tasks ] *****
 
[-] Task Deleted : AmiUpdXp
[-] Task Deleted : Express FilesUpdate
[-] Task Deleted : LuckyTab
[-] Task Deleted : RDReminder
 
***** [ Registry ] *****
 
[-] Key Deleted : HKCU\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\BabylonToolbar
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\conduit.com
[-] Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [NextLive]
[-] Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Optimizer Pro]
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\PriceGongIE.DLL
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL
[-] Key Deleted : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc
[-] Key Deleted : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.bandobjectattribute
[-] Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.bho
[-] Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.dockingpanel
[-] Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.iesmartbar
[-] Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.iesmartbarbandobject
[-] Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.smartbardisplaystate
[-] Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.smartbarmenuform
[-] Key Deleted : HKLM\SOFTWARE\Classes\MediaPlayer.GraphicsUtils
[-] Key Deleted : HKLM\SOFTWARE\Classes\MediaPlayer.GraphicsUtils.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\MgMediaPlayer.GifAnimator
[-] Key Deleted : HKLM\SOFTWARE\Classes\MgMediaPlayer.GifAnimator.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\sim-packages
[-] Key Deleted : HKLM\SOFTWARE\Classes\SWEETIE.IEToolbar
[-] Key Deleted : HKLM\SOFTWARE\Classes\SWEETIE.IEToolbar.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\sweetim_urlsearchhook.toolbarurlsearchhook
[-] Key Deleted : HKLM\SOFTWARE\Classes\sweetim_urlsearchhook.toolbarurlsearchhook.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.sweetie
[-] Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.sweetie.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\Updater.AmiUpd
[-] Key Deleted : HKLM\SOFTWARE\Classes\Updater.AmiUpd.1
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\mypc backup
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\SweetIM.exe
[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [BabylonToolbar]
[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [mobilegeni daemon]
[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [SweetIM]
[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [Sweetpacks Communicator]
[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs [C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgHelperApp.exe]
[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs [C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarProxy.dll]
[-] Key Deleted : HKLM\SOFTWARE\Classes\PicexaViewer.bmp
[-] Key Deleted : HKLM\SOFTWARE\Classes\PicexaViewer.gif
[-] Key Deleted : HKLM\SOFTWARE\Classes\PicexaViewer.jpeg
[-] Key Deleted : HKLM\SOFTWARE\Classes\PicexaViewer.jpg
[-] Key Deleted : HKLM\SOFTWARE\Classes\PicexaViewer.png
[-] Key Deleted : HKLM\SOFTWARE\Classes\PicexaViewer.tif
[-] Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3298573
[-] Value Deleted : HKCU\Software\Mozilla\Firefox\Extensions [{8A9386B4-E958-4C4C-ADF4-8F26DB3E4829}]
[-] Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [ext@WebexpEnhancedV1alpha2772.net]
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{72D89EBF-0C5D-4190-91FD-398E45F1D007}
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{835315FC-1BF6-4CA9-80CD-F6C158D40692}
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{AD25754E-D76C-42B3-A335-2F81478B722F}
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{291BCCC1-6890-484A-89D3-318C928DAC1B}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2C4BA31C-0C15-11E2-90C7-9BFCBEB168B3}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{67BD9EEB-AA06-4329-A940-D250019300C9}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{82AC53B4-164C-4B07-A016-437A8388B81A}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A4A0CB15-8465-4F58-A7E5-73084EA2A064}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D77AA852-DEF3-43CB-A3F5-BD679DE72F32}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EEE6C35C-6118-11DC-9C72-001320C79847}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EEE6C35D-6118-11DC-9C72-001320C79847}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7D86A08B-0A8F-4BE0-B693-F05E6947E780}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8B8558F6-DC26-4F39-8417-34B8934AA459}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A3A2A5C0-1306-4D1A-A093-9CECA4230002}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A439801C-961D-452C-AB42-7848E9CBD289}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BFE569F7-646C-4512-969B-9BE3E580D393}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C8D424EF-CB21-49A0-8659-476FBAB0F8E8}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F4EBB1E2-21F3-4786-8CF4-16EC5925867F}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4D3B167E-5FD8-4276-8FD7-9DF19C1E4D19}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{6E8BF012-2C85-4834-B10A-1B31AF173D70}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A0EE0278-2986-4E5A-884E-A3BF0357E476}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{AD25754E-D76C-42B3-A335-2F81478B722F}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{B8BFA10F-6FFD-44B5-9DBB-E17CBAA107FF}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{DCABB943-792E-44C4-9029-ECBEE6265AF9}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E69D4A59-73DE-4E38-9FB3-740EC4D9060D}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{99E29823-2F67-41C3-8AA5-6425097A771F}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1631550F-191D-4826-B069-D9439253D926}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2C4BA31C-0C15-11E2-90C7-9BFCBEB168B3}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4A99-B4B6-146BF802613B}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D77AA852-DEF3-43CB-A3F5-BD679DE72F32}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C95A4E8E-816D-4655-8C79-D736DA1ADB6D}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2C4BA31C-0C15-11E2-90C7-9BFCBEB168B3}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE07101B-46D4-4A98-AF68-0333EA26E113}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D77AA852-DEF3-43CB-A3F5-BD679DE72F32}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35B-6118-11DC-9C72-001320C79847}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35C-6118-11DC-9C72-001320C79847}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2C4BA31C-0C15-11E2-90C7-9BFCBEB168B3}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE07101B-46D4-4A98-AF68-0333EA26E113}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D77AA852-DEF3-43CB-A3F5-BD679DE72F32}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35B-6118-11DC-9C72-001320C79847}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35C-6118-11DC-9C72-001320C79847}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{87EAB409-97D7-4889-ACFA-C548FC6F3ECF}
[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{51D26BB4-4D2C-4AE4-9873-5FF41B6DED1F}]
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EEE6C367-6118-11DC-9C72-001320C79847}
[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EEE6C35B-6118-11DC-9C72-001320C79847}]
[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{C95A4E8E-816D-4655-8C79-D736DA1ADB6D}]
[-] Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{EEE6C35B-6118-11DC-9C72-001320C79847}]
[-] Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{C95A4E8E-816D-4655-8C79-D736DA1ADB6D}]
[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{C95A4E8E-816D-4655-8C79-D736DA1ADB6D}]
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{78888F8B-D5E4-43CE-89F5-C8C18223AF64}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{8B8558F6-DC26-4F39-8417-34B8934AA459}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E393F82-2644-4AB6-B994-1AD39D6C59EE}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A3A2A5C0-1306-4D1A-A093-9CECA4230002}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{BFE569F7-646C-4512-969B-9BE3E580D393}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C8D424EF-CB21-49A0-8659-476FBAB0F8E8}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
[-] Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
[-] Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0}
[-] Key Deleted : HKU\.DEFAULT\Software\AVG Secure Search
[-] Key Deleted : HKU\.DEFAULT\Software\DefaultTab
[-] Key Deleted : HKU\.DEFAULT\Software\Avg Secure Update
[-] Key Deleted : HKU\.DEFAULT\Software\AppDataLow\Software\DefaultTab
[-] Key Deleted : HKCU\Software\1ClickDownload
[-] Key Deleted : HKCU\Software\APN PIP
[-] Key Deleted : HKCU\Software\BabylonToolbar
[-] Key Deleted : HKCU\Software\Conduit
[-] Key Deleted : HKCU\Software\DataMngr
[-] Key Deleted : HKCU\Software\ExpressFiles
[-] Key Deleted : HKCU\Software\Optimizer Pro
[-] Key Deleted : HKCU\Software\smartbarbackup
[-] Key Deleted : HKCU\Software\smartbarlog
[-] Key Deleted : HKCU\Software\Softonic
[-] Key Deleted : HKCU\Software\SweetIM
[-] Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
[-] Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
[-] Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
[-] Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
[-] Key Deleted : HKLM\SOFTWARE\BabylonToolbar
[-] Key Deleted : HKLM\SOFTWARE\Conduit
[-] Key Deleted : HKLM\SOFTWARE\DeviceVM
[-] Key Deleted : HKLM\SOFTWARE\ExpressFiles
[-] Key Deleted : HKLM\SOFTWARE\hdcode
[-] Key Deleted : HKLM\SOFTWARE\Iminent
[-] Key Deleted : HKLM\SOFTWARE\PIP
[-] Key Deleted : HKLM\SOFTWARE\SupDp
[-] Key Deleted : HKLM\SOFTWARE\SupTab
[-] Key Deleted : HKLM\SOFTWARE\SweetIM
[-] Key Deleted : HKLM\SOFTWARE\systweak
[-] Key Deleted : HKLM\SOFTWARE\webssearchesSoftware
[-] Key Deleted : HKLM\SOFTWARE\YourFileDownloader
[-] Key Deleted : HKLM\SOFTWARE\LuckyTab
[-] Key Deleted : HKLM\SOFTWARE\Webexp Enhanced
[-] Key Deleted : HKLM\SOFTWARE\IHProtect
[-] Key Deleted : HKLM\SOFTWARE\Fighters
[-] Key Deleted : HKLM\SOFTWARE\PicexaSvc
[-] Key Deleted : HKLM\SOFTWARE\Picexa
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{0965F857-DAAD-4F93-8054-0E2EC3C8C5B0}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4183178B-4D4E-48A7-9257-454BA90A760E}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A7BC02AF-1128-4A31-BCF8-1A3EE803D3B3}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A81A974F-8A22-43E6-9243-5198FF758DA1}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{FB697452-8CA4-46B4-98B1-165C922A2EF3}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BabylonToolbar
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Optimizer Pro_is1
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Webexp Enhanced
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Picexa
[!] Key Not Deleted : [x64] HKCU\Software\1ClickDownload
[!] Key Not Deleted : [x64] HKCU\Software\APN PIP
[!] Key Not Deleted : [x64] HKCU\Software\BabylonToolbar
[!] Key Not Deleted : [x64] HKCU\Software\Conduit
[!] Key Not Deleted : [x64] HKCU\Software\DataMngr
[!] Key Not Deleted : [x64] HKCU\Software\ExpressFiles
[!] Key Not Deleted : [x64] HKCU\Software\Optimizer Pro
[!] Key Not Deleted : [x64] HKCU\Software\smartbarbackup
[!] Key Not Deleted : [x64] HKCU\Software\smartbarlog
[!] Key Not Deleted : [x64] HKCU\Software\Softonic
[!] Key Not Deleted : [x64] HKCU\Software\SweetIM
[-] Key Deleted : [x64] HKLM\SOFTWARE\DataMngr
[-] Key Deleted : [x64] HKLM\SOFTWARE\DeviceVM
[-] Key Deleted : [x64] HKLM\SOFTWARE\Tarma Installer
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A7BC02AF-1128-4A31-BCF8-1A3EE803D3B3}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A81A974F-8A22-43E6-9243-5198FF758DA1}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyPC Backup
[-] Key Deleted : HKLM\SOFTWARE\Classes\Installer\Features\254796BF4AC84B64891B61C529A2E23F
[-] Key Deleted : HKLM\SOFTWARE\Classes\Installer\Features\758F5690DAAD39F40845E0E23C8C5C0B
[-] Key Deleted : HKLM\SOFTWARE\Classes\Installer\Features\B8713814E4D47A84297554B49AA067E0
[-] Key Deleted : HKLM\SOFTWARE\Classes\Installer\Products\254796BF4AC84B64891B61C529A2E23F
[-] Key Deleted : HKLM\SOFTWARE\Classes\Installer\Products\758F5690DAAD39F40845E0E23C8C5C0B
[-] Key Deleted : HKLM\SOFTWARE\Classes\Installer\Products\B8713814E4D47A84297554B49AA067E0
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\02F47BF73B948514FAACADD8CBBDF37D
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\07D5290CDBDAE4242926B8E6CA650501
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\080D9F5E1E95FEE4794CE438E635239E
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08E33F7B61DEFF24BB9673ED7D467636
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E3D8A5B48622A445A7DF73FEFF32C3F
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\12BF94BD06C95F343A77631402B9556A
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1E264E0A5959A1C46BA9175A878B12EA
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2124D8A8CF720FD44866190AF560228E
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\27A325ACED8CA4743A30127638591ADB
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2E6768B6932D112438F047C54D180635
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3152E1F19977892449DC968802CE8964
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\34EDDB1BFB3A2D448845F3EFD0F15A43
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\350D17402BD84234EAF7D32F08172D7C
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\351716A953E21214898904032EAE2E81
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\397C771A7BCAC904697C3EC629ED33ED
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3EE8C5F419057E1478A654868CEE60B5
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\427EA997C413D1D47907CBFC7B2DB432
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4318DF19719275242801CBE292063A4C
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\45FC115D1FEAEF849A4E1610D6EC8BF0
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\46A5861A389ADB844AF89E31BC9DF0A1
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4735D908D66E1BA46B6C2D7185A12B2B
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49B0E1A6FF50BBE4289E4E23DE6EA0C7
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4CCCAC049F34D0540AAC13011398BEDB
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5C4389D0BFB302C479DE4178BD5D9EBA
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5D2B09BDEF4FE54418E6F3373CDBC7AC
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\61B65D3397A1FBF4CB1571B5E4F6B5B0
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\68E8A05C60DD9254591DBD16C94EDDBF
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\697E782CF574CC34CBB9566440BA12BC
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\69D6A6B2ED56AF24EA6335EAD6E91CA4
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AE27A8613CF7EA4782F2886F67295E5
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\75D5168E5E176C24981B4E5DBD991078
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\76D8378E2DDAED3428720A631F6E3BF0
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7CE172051F585E04187BCB97570BFA74
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7FFA128C2B0FF414D805FC5627883401
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\86A901BA5265452499DCBF719C378EE3
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\86EDC790504E1834DBC20C9A04328FD2
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8724E58E6C7D00C48A0D4F3345EB2C26
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\88ABD1CD5C40EC84789A7F6EF86DAC5E
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\97C3D0F82E712E241A2F969F45E3351C
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\980289C22F80A7C4BB9323DC61255E4E
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\98CC8BF5A4A6E6C4ABF7051DDAB8B058
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9A001B259DB7D694E818BE29B973992C
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9A4B7EF3789F871419D9302583B20C15
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9E7F556BF224D804D96A96F0F6344789
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A189D17A469616C4688D23E192996267
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A6C53B0F76C44004A8F36716213017DB
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AB676B0E1B9EFA049B9F7DDDA9645734
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B31BBB0B825EDEF45AB0FE7099C68C81
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B471D8D7319336B4CA89374ED0D7B806
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B59F2D8189784CC46A4597F2842480B0
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BAE2EC163C6A68A48921573E0E7E199D
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BC30043663AA2CA4DA1DAA9CA5FDCC75
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BD746FB95FB8E5B45BF66BE54D5FD91F
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BF4F885EDEE45644EB1E0C99E0162399
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C06C6662FA5B04646829E4A460857770
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CCF399FCD6D2D3F46BF02A1378654FC9
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CE21F3FD57B244142880EF15A165A156
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CEEB3E14ABE8270419B0FD762E18F7C6
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D149C1355C98DE24E82CEFBD996FE06A
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D15DAF33C220F91468A1D7D57C31ACD7
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D3BA76A44C779424889063D5098ED2D6
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D6D0EB9FDBD90C04D92A7E729058F10D
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DB59FDB786388EA4D897F3EE715683AC
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DB8DAD19CFBCC2049A4477183787E8C5
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E1C820A74ED67374BA048B52CB3C3804
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E4748F9A4181FCE46A23C13B517B9420
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EC65F200D112357449C8B1BC3CFA03D0
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ED1B5E9A3BDB51349BF96E842C062D98
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F327D0C73C0973644A21E8CC852267A0
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F754C503375A13344B22388E18DFE87E
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FA96423FE2B98E248A3B23548D1E22D9
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FDC83385E6C239F4C876A77A37DF581D
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FECBC2BC14DA6CD459BD59A041709836
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\254796BF4AC84B64891B61C529A2E23F
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\758F5690DAAD39F40845E0E23C8C5C0B
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\B8713814E4D47A84297554B49AA067E0
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\5E8031606EB60A64C882918F8FF38DD4
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\789034A89BAC50E4782F0A7BDBF75632
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\A97CEC23332751B47BA4B95BAA50C9D0
[-] Data Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Search Page]
[-] Data Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
[-] Data Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL]
[-] Data Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Search Bar]
[-] Data Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
[-] Data Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
[-] Data Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
[-] Data Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
[-] Data Restored : HKCU\Software\Microsoft\Internet Explorer\Search [SearchAssistant]
[-] Data Restored : HKCU\Software\Microsoft\Internet Explorer\Search [Default_Search_URL]
[-] Data Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Search [SearchAssistant]
[-] Data Restored : HKCU\Software\Microsoft\Internet Explorer\SearchUrl [Default]
[-] Data Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl [Default]
[-] Data Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
[-] Data Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
[-] Data Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
[-] Data Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
[-] Data Restored : HKU\S-1-5-21-3875845209-2866507240-2612726953-1000\Software\Microsoft\Internet Explorer\Main [Search Page]
[-] Data Restored : HKU\S-1-5-21-3875845209-2866507240-2612726953-1000\Software\Microsoft\Internet Explorer\Main [Start Page]
[-] Data Restored : HKU\S-1-5-21-3875845209-2866507240-2612726953-1000\Software\Microsoft\Internet Explorer\Main [Default_Page_URL]
[-] Data Restored : HKU\S-1-5-21-3875845209-2866507240-2612726953-1000\Software\Microsoft\Internet Explorer\Main [Search Bar]
[-] Data Restored : HKU\S-1-5-21-3875845209-2866507240-2612726953-1000\Software\Microsoft\Internet Explorer\Search [SearchAssistant]
[-] Data Restored : HKU\S-1-5-21-3875845209-2866507240-2612726953-1000\Software\Microsoft\Internet Explorer\Search [Default_Search_URL]
[-] Data Restored : HKU\S-1-5-21-3875845209-2866507240-2612726953-1000\Software\Microsoft\Internet Explorer\SearchUrl [Default]
[!] Key Not Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[!] Key Not Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0}
[-] Data Restored : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope]
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{4F894A9A-95EF-45B7-B99F-47647BEACDD2}
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2455}
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{E733165D-CBCF-4FDA-883E-ADEF965B476C}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
[-] Data Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes [DefaultScope]
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
[!] Key Not Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}
[!] Key Not Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[!] Key Not Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0}
[-] Data Restored : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope]
[!] Key Not Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
[!] Key Not Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{4F894A9A-95EF-45B7-B99F-47647BEACDD2}
[!] Key Not Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2455}
[!] Key Not Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{E733165D-CBCF-4FDA-883E-ADEF965B476C}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
[-] Data Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes [DefaultScope]
[-] Data Restored : HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command []
 
***** [ Web browsers ] *****
 
[-] [C:\Users\Aasir\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : search.conduit.com
[-] [C:\Users\Aasir\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : webssearches
[-] [C:\Users\Aasir\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : delta-homes
 
*************************
 
:: Proxy settings cleared
:: Winsock settings cleared
 
*************************
 
C:\AdwCleaner[C1].txt - [43038 octets] - [16/08/2015 17:19:19]
C:\AdwCleaner[S1].txt - [310 octets] - [16/08/2015 16:33:57]
C:\AdwCleaner[S2].txt - [44511 octets] - [16/08/2015 17:09:02]
 
########## EOF - C:\AdwCleaner[C1].txt - [43228 octets] ##########


#10 nasdaq

nasdaq

  • Malware Response Team
  • 38,958 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:54 AM

Posted 17 August 2015 - 07:10 AM

heres the FRST log for review but once again, the system restore did not run successfully but my computer starts normally now, >>>>

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:14-08-2015 01
Ran by SYSTEM on MININT-0P59M9Q (16-08-2015 16:38:19)
Running from g:\
Platform: Windows 7 Home Basic (X64) Language: English (United States)
Internet Explorer Version 11
Boot Mode: Recovery

Default: ControlSet001
ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.


If all is well can you start the computer in normal mode and post a fresh FRST LOG?

#11 nasdaq

nasdaq

  • Malware Response Team
  • 38,958 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:54 AM

Posted 23 August 2015 - 07:10 AM

Are you still with me?

#12 nasdaq

nasdaq

  • Malware Response Team
  • 38,958 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:54 AM

Posted 29 August 2015 - 07:26 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users