Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Automatic proxy script virus


  • Please log in to reply
13 replies to this topic

#1 Antariksh

Antariksh

  • Members
  • 10 posts
  • OFFLINE
  •  

Posted 02 May 2016 - 01:35 PM

For sometime now my proxy settings are automatically getting changed to this script : http://N.net/proxy.pac and only google gets problematic opening searches in old style and logs me out of the account. Please help

I ran MWB , Adw and Microsoft Security essentials they all return results as clean.
 
 
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:01-05-2016
Ran by Antariksh (administrator) on ANTARIKSH-PC (02-05-2016 23:13:30)
Running from C:\Users\Antariksh\Downloads\Programs
Loaded Profiles: Antariksh (Available Profiles: Antariksh)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(Apache Software Foundation) C:\Program Files\Apache Software Foundation\Tomcat 9.0\bin\Tomcat9.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
(Microsoft Corporation) C:\Windows\vVX1000.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IDMan.exe
(Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe
(Unified Intents AB) C:\Program Files (x86)\Unified Remote 3\RemoteServerWin.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(EventGhost Project) C:\Program Files (x86)\EventGhost\EventGhost.exe
(KORG Inc.) C:\Program Files (x86)\VOX\USB-MIDI Driver\EsHelper2.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\acrotray.exe
() C:\Program Files\Rainmeter\Rainmeter.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(Farbar) C:\Users\Antariksh\Downloads\Programs\FRST64_2.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13671640 2014-04-11] (Realtek Semiconductor)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2396096 2016-03-30] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508104 2015-10-30] (Adobe Systems Incorporated)
HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation)
HKLM\...\Run: [VX1000] => C:\Windows\vVX1000.exe [762736 2010-05-20] (Microsoft Corporation)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1340192 2016-01-29] (Microsoft Corporation)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [115048 2011-09-17] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [285240 2012-11-20] (Intel Corporation)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [595992 2016-03-20] (Oracle Corporation)
HKLM-x32\...\Run: [LifeCam] => C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe [119152 2010-05-20] (Microsoft Corporation)
HKLM-x32\...\Run: [VOX USB-MIDI Driver] => C:\Program Files (x86)\VOX\USB-MIDI Driver\EsHelper2.exe [394096 2014-05-13] (KORG Inc.)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Acrotray.exe [1867448 2016-02-27] (Adobe Systems Inc.)
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-50277338-3707354177-373787972-1000\...\Run: [IDMan] => C:\Program Files (x86)\Internet Download Manager\IDMan.exe [3919928 2016-03-12] (Tonec Inc.)
HKU\S-1-5-21-50277338-3707354177-373787972-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-50277338-3707354177-373787972-1000\...\Run: [ApacheTomcatMonitor9.0_Tomcat9] => C:\Program Files\Apache Software Foundation\Tomcat 9.0\bin\Tomcat9w.exe [110208 2016-03-12] (Apache Software Foundation)
HKU\S-1-5-21-50277338-3707354177-373787972-1000\...\Run: [Unified Remote V3] => C:\Program Files (x86)\Unified Remote 3\RemoteServerWin.exe [4340992 2016-03-22] (Unified Intents AB)
HKU\S-1-5-21-50277338-3707354177-373787972-1000\...\Run: [GoogleChromeAutoLaunch_46F7A3DA5C24983E8FAFD7B1DB2FB454] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [874648 2016-04-06] (Google Inc.)
HKU\S-1-5-21-50277338-3707354177-373787972-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8698584 2016-04-16] (Piriform Ltd)
HKU\S-1-5-21-50277338-3707354177-373787972-1000\...\MountPoints2: {86d85cc9-f77c-11e5-9d9e-806e6f6e6963} - F:\setup.exe
ShellIconOverlayIdentifiers: [   IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll [2015-08-14] (Tonec Inc.)
Startup: C:\Users\Antariksh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EventGhost.lnk [2016-04-01]
ShortcutTarget: EventGhost.lnk -> C:\Program Files (x86)\EventGhost\EventGhost.exe (EventGhost Project)
Startup: C:\Users\Antariksh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk [2016-04-01]
ShortcutTarget: Rainmeter.lnk -> C:\Program Files\Rainmeter\Rainmeter.exe ()
BootExecute: autocheck autochk * sdnclean64.exe
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings: [ProxySettingsPerUser] 0 <======= ATTENTION (Restriction - ProxySettings)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 202.83.20.101 202.83.20.12
Tcpip\..\Interfaces\{4FB5A4D5-DA58-49B4-911B-6C159843F02A}: [DhcpNameServer] 202.83.20.101 202.83.20.12
 
Internet Explorer:
==================
BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll [2015-12-08] (Internet Download Manager, Tonec Inc.)
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2013-07-10] (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_77\bin\ssv.dll [2016-04-01] (Oracle Corporation)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2016-02-27] (Adobe Systems Incorporated)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2013-07-13] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_77\bin\jp2ssv.dll [2016-04-01] (Oracle Corporation)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2016-02-27] (Adobe Systems Incorporated)
BHO-x32: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll [2015-12-08] (Internet Download Manager, Tonec Inc.)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2012-10-01] (Microsoft Corporation)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2016-02-27] (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2013-07-13] (Microsoft Corporation)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2016-02-27] (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2016-02-27] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2016-02-27] (Adobe Systems Incorporated)
Toolbar: HKU\S-1-5-21-50277338-3707354177-373787972-1000 -> Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2016-02-27] (Adobe Systems Incorporated)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2012-10-01] (Microsoft Corporation)
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Corporation)
 
FireFox:
========
FF ProfilePath: C:\Users\Antariksh\AppData\Roaming\Mozilla\Firefox\Profiles\ug4u7f69.default
FF Plugin: @java.com/DTPlugin,version=11.77.2 -> C:\Program Files\Java\jre1.8.0_77\bin\dtplugin\npDeployJava1.dll [2016-04-01] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.77.2 -> C:\Program Files\Java\jre1.8.0_77\bin\plugin2\npjp2.dll [2016-04-01] (Oracle Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2015-07-29] (Adobe Systems)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2016-03-08] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-07] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-07] (Intel Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2013-07-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-03-22] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-03-22] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-04-01] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-04-01] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-01-21] (VideoLAN)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2016-02-27] (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-02-27] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2015-07-29] (Adobe Systems)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2013-07-10] (Microsoft Corporation)
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension.15@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat DC - Create PDF - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn [2016-04-23]
FF HKU\S-1-5-21-50277338-3707354177-373787972-1000\...\Firefox\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi
FF Extension: IDM integration - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi [2016-03-10]
FF HKU\S-1-5-21-50277338-3707354177-373787972-1000\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\Antariksh\AppData\Roaming\IDM\idmmzcc5
FF Extension: IDM CC - C:\Users\Antariksh\AppData\Roaming\IDM\idmmzcc5 [2016-05-02] [not signed]
FF HKU\S-1-5-21-50277338-3707354177-373787972-1000\...\SeaMonkey\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://in.yhs4.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_ir_15_25&param1=1&param2=f%3D1%26b%3DChrome%26cc%3Din%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzutAzzyCtDyByBtCtB0C0D0EzztDyEyC0BtN0D0Tzu0StCtByCyCtN1L2XzutAtFtCtDtFtCtDtFtBtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StB0BtBtD0F0B0FyCtGyC0ByC0FtGyDyD0B0AtGyE0CtDyEtGyByBzyyEtAtByC0ByC0B0E0B2QtN1M1F1B2Z1V1N2Y1L1Qzu2StC0C0CtDyCzz0DtDtGtD0B0FyCtGyEtCyB0EtG0ByE0C0DtG0CtCzz0AzztCyCyC0F0AtC0C2QtN0A0LzutBtN1B2Z1V1T1S1NzuyBzyzy%26cr%3D12403594%26a%3Dwncy_ir_15_25%26os%3DWindows 7 Ultimate"
CHR Profile: C:\Users\Antariksh\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Antariksh\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-04-01]
CHR Extension: (Simple Pool Game) - C:\Users\Antariksh\AppData\Local\Google\Chrome\User Data\Default\Extensions\acjijhekaonkmkedfdabbageicfhhlgo [2016-04-01]
CHR Extension: (Tank Hero: Laser Wars (Web)) - C:\Users\Antariksh\AppData\Local\Google\Chrome\User Data\Default\Extensions\ahkkneogpiampdcpgceflcjjmghppmmn [2016-04-01]
CHR Extension: (Google Docs) - C:\Users\Antariksh\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-04-01]
CHR Extension: (Google Drive) - C:\Users\Antariksh\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-04-01]
CHR Extension: (Sports Heads Football Championship) - C:\Users\Antariksh\AppData\Local\Google\Chrome\User Data\Default\Extensions\bcimfbgmgkllffdhglbgmadfkdmfeodf [2016-04-01]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Antariksh\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2016-04-01]
CHR Extension: (YouTube) - C:\Users\Antariksh\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-04-01]
CHR Extension: (Pushbullet) - C:\Users\Antariksh\AppData\Local\Google\Chrome\User Data\Default\Extensions\chlffgpmiacpedhhbkiomidkjlcfhogd [2016-04-03]
CHR Extension: (Adblock for Youtube™) - C:\Users\Antariksh\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmedhionkhpnakcndndgjdbohmhepckk [2016-05-01]
CHR Extension: (Quick Crossword) - C:\Users\Antariksh\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpnikheomofdgdngdhlhngogomjnidpf [2016-04-01]
CHR Extension: (Adobe Acrobat) - C:\Users\Antariksh\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2016-04-23]
CHR Extension: (Google Sheets) - C:\Users\Antariksh\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-04-01]
CHR Extension: (Readium) - C:\Users\Antariksh\AppData\Local\Google\Chrome\User Data\Default\Extensions\fepbnnnkkadjhjahcafoaglimekefifl [2016-04-01]
CHR Extension: (Google Docs Offline) - C:\Users\Antariksh\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-04-01]
CHR Extension: (Cyx) - C:\Users\Antariksh\AppData\Local\Google\Chrome\User Data\Default\Extensions\gppkphoaidmofdbcdnhlmanhgodbfmnj [2016-04-01]
CHR Extension: (AutoRemote) - C:\Users\Antariksh\AppData\Local\Google\Chrome\User Data\Default\Extensions\hglmpnnkhfjpnoheioijdpleijlmfcfb [2016-04-01]
CHR Extension: (Google Keep - notes and lists) - C:\Users\Antariksh\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki [2016-04-25]
CHR Extension: (YouRepeat) - C:\Users\Antariksh\AppData\Local\Google\Chrome\User Data\Default\Extensions\idpjonelgkpmoamjkigojeifadlhlbna [2016-04-01]
CHR Extension: (Google Play) - C:\Users\Antariksh\AppData\Local\Google\Chrome\User Data\Default\Extensions\komhbcfkdcgmcdoenjcjheifdiabikfi [2016-04-01]
CHR Extension: (Google Hangouts) - C:\Users\Antariksh\AppData\Local\Google\Chrome\User Data\Default\Extensions\nckgahadagoaajjgafhacjanaoiihapd [2016-04-01]
CHR Extension: (IDM Integration Module) - C:\Users\Antariksh\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngpampappnmepgilojfohadhhmbhlaek [2016-04-19]
CHR Extension: (3D Bowling Game (Powered by WebGL)) - C:\Users\Antariksh\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmldjnckdhpglpbpihecefhjbdajncjm [2016-04-01]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Antariksh\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-02]
CHR Extension: (Chrome Apps & Extensions Developer Tool) - C:\Users\Antariksh\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohmmkhmmmpcnpikjeljgnaoabkaalbgc [2016-04-01]
CHR Extension: (JSON Formatter) - C:\Users\Antariksh\AppData\Local\Google\Chrome\User Data\Default\Extensions\pblpfhfcojodgcifojnofommahgbaple [2016-04-01]
CHR Extension: (Gmail) - C:\Users\Antariksh\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-04-01]
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2016-03-11]
CHR HKU\S-1-5-21-50277338-3707354177-373787972-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bknbnapaddjdnbilpmlacdkjdkjmbjhd] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [bknbnapaddjdnbilpmlacdkjdkjmbjhd] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2016-03-11]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2021592 2016-04-05] (Adobe Systems, Incorporated)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-03-02] (Apple Inc.)
S2 CGVPNCliService; C:\Program Files\CyberGhost 5\Service.exe [65128 2016-01-11] (CyberGhost S.R.L)
S3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [1444544 2016-03-01] (Disc Soft Ltd)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1163200 2016-03-30] (NVIDIA Corporation)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [28736 2016-03-16] (Hewlett-Packard Company)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165760 2012-07-18] (Intel Corporation)
S4 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2016-01-29] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [374344 2016-01-29] (Microsoft Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1879488 2016-03-30] (NVIDIA Corporation)
R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [3632576 2016-03-30] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2521024 2016-03-30] (NVIDIA Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2120712 2016-04-27] (Electronic Arts)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 Tomcat9; C:\Program Files\Apache Software Foundation\Tomcat 9.0\bin\Tomcat9.exe [109696 2016-03-12] (Apache Software Foundation)
S3 wampapache64; C:\wamp64\bin\apache\apache2.4.17\bin\httpd.exe [29184 2015-10-11] (Apache Software Foundation) [File not signed]
S3 wampmysqld64; C:\wamp64\bin\mysql\mysql5.7.9\bin\mysqld.exe [38587904 2015-10-12] () [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [30264 2016-04-01] (Disc Soft Ltd)
R3 dtliteusbbus; C:\Windows\System32\DRIVERS\dtliteusbbus.sys [47672 2016-04-01] (Disc Soft Ltd)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-11] (Broadcom Corporation)
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2016-04-30] ()
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28216 2012-11-20] (Intel Corporation)
R2 IntelHaxm; C:\Windows\System32\DRIVERS\IntelHaxm.sys [84992 2015-01-30] (Intel  Corporation)
S3 KORGUMDS; C:\Windows\System32\Drivers\KORGUM64.SYS [34136 2014-05-13] (KORG INC.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [289120 2015-11-13] (Microsoft Corporation)
R3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133816 2015-11-13] (Microsoft Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [26560 2016-03-30] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [56384 2016-03-22] (NVIDIA Corporation)
R0 pwdrvio; C:\Windows\System32\pwdrvio.sys [19152 2013-09-30] ()
S3 pwdspio; C:\Windows\system32\pwdspio.sys [12504 2013-09-30] ()
R3 ScpVBus; C:\Windows\System32\DRIVERS\ScpVBus.sys [39168 2013-05-06] (Scarlet.Crush Productions)
S3 uvhid; C:\Windows\System32\DRIVERS\uvhid.sys [27064 2016-03-22] (Windows ® Win 7 DDK provider)
S3 ZMHFSAudioSrv; C:\Windows\System32\drivers\zmhfsau.sys [53672 2015-07-02] (ZOOM)
S3 ZMHHPAudioSrv; C:\Windows\System32\drivers\zmhhpau.sys [45056 2013-06-19] (ZOOM)
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-05-02 21:31 - 2016-05-02 21:31 - 00000374 _____ C:\Users\Antariksh\Documents\reg.txt
2016-05-02 13:54 - 2016-05-02 13:54 - 12114493 _____ C:\Users\Antariksh\Downloads\227201916-CBSE-Class-X-Interact-in-English-Workbook.pdf
2016-05-02 13:20 - 2016-05-02 13:20 - 00000085 _____ C:\Windows\wininit.ini
2016-05-01 20:32 - 2016-05-01 20:32 - 208067898 _____ C:\Users\Antariksh\Downloads\JETHTUA4ASE.rar
2016-05-01 18:21 - 2016-05-01 18:22 - 00000000 ____D C:\Users\Antariksh\AppData\LocalLow\uTorrent
2016-05-01 18:21 - 2016-05-01 18:21 - 00013470 _____ C:\Users\Antariksh\Downloads\[kat.cr]spyhunter.4.21.10.4585.portable.by.wood.torrent
2016-05-01 18:20 - 2016-05-01 18:20 - 00000000 _____ C:\autoexec.bat
2016-05-01 13:55 - 2016-05-01 13:55 - 03887383 _____ C:\Users\Antariksh\Downloads\286054361-A-Writing-Wonderland-Workbook.pdf
2016-05-01 12:34 - 2008-10-15 06:22 - 05631312 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_40.dll
2016-05-01 12:34 - 2008-10-15 06:22 - 04379984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_40.dll
2016-05-01 12:34 - 2008-10-15 06:22 - 02605920 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_40.dll
2016-05-01 12:34 - 2008-10-15 06:22 - 02036576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_40.dll
2016-05-01 12:34 - 2008-10-15 06:22 - 00519000 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_40.dll
2016-05-01 12:34 - 2008-10-15 06:22 - 00452440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_40.dll
2016-05-01 11:03 - 2016-05-01 11:03 - 00000219 _____ C:\Users\Antariksh\Desktop\Dota 2.url
2016-05-01 11:03 - 2016-05-01 11:03 - 00000000 ____D C:\Users\Antariksh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2016-04-30 20:45 - 2016-04-30 20:45 - 00022704 _____ C:\Windows\system32\Drivers\EsgScanner.sys
2016-04-30 20:44 - 2016-04-30 20:44 - 03286400 _____ (Enigma Software Group USA, LLC.) C:\Users\Antariksh\Downloads\SpyHunter-Installer.exe
2016-04-30 14:00 - 2016-04-30 14:00 - 00002247 _____ C:\Users\Chotu\Desktop\Drive Icon Changer 1.0.lnk
2016-04-30 14:00 - 2016-04-30 14:00 - 00000000 ____D C:\Users\Antariksh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Drive Icon Changer 1.0
2016-04-30 14:00 - 2016-04-30 14:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Drive Icon Changer 1.0
2016-04-30 14:00 - 2016-04-30 14:00 - 00000000 ____D C:\Program Files (x86)\The Tech Turf
2016-04-29 22:04 - 2016-04-29 22:04 - 00092482 _____ C:\Users\Antariksh\Downloads\Poetic-Analysis_2.pptx
2016-04-29 19:29 - 2016-04-29 19:29 - 00000000 ____D C:\Program Files\Common Files\AV
2016-04-29 19:25 - 2016-05-02 21:07 - 00460816 _____ C:\Windows\ntbtlog.txt
2016-04-29 19:15 - 2016-04-29 19:16 - 00000000 ____D C:\Windows\System32\Tasks\F-Secure
2016-04-29 19:15 - 2016-04-29 19:16 - 00000000 ____D C:\Users\Antariksh\AppData\Local\F-Secure
2016-04-29 19:15 - 2016-04-29 19:16 - 00000000 ____D C:\ProgramData\F-Secure
2016-04-29 19:15 - 2016-04-29 19:15 - 00867296 _____ (F-Secure Corporation) C:\Users\Antariksh\Downloads\F-Secure-Safe-Network-Installer.exe
2016-04-29 18:58 - 2016-04-29 18:58 - 00007846 _____ C:\Users\Antariksh\Documents\sds.reg
2016-04-29 18:51 - 2016-04-29 18:51 - 00000000 ____D C:\Windows\System32\Tasks\Safer-Networking
2016-04-29 18:50 - 2016-05-02 13:20 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2016-04-29 18:50 - 2016-05-02 13:20 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2016-04-29 18:43 - 2016-04-29 19:40 - 00000000 ____D C:\AdwCleaner
2016-04-29 18:22 - 2016-04-29 18:36 - 00000653 _____ C:\Windows\SysWOW64\MTB.txt
2016-04-29 18:17 - 2016-04-29 18:24 - 00000000 ____D C:\Users\Chotu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
2016-04-29 18:16 - 2016-04-29 18:16 - 00000000 ____D C:\Users\Chotu\AppData\Roaming\Intel Corporation
2016-04-29 18:16 - 2016-04-29 18:16 - 00000000 ____D C:\Users\Chotu\AppData\Local\NVIDIA Corporation
2016-04-29 09:09 - 2016-04-29 09:09 - 00115008 _____ C:\Users\Chotu\AppData\Local\GDIPFONTCACHEV1.DAT
2016-04-29 09:09 - 2016-04-29 09:09 - 00001439 _____ C:\Users\Chotu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-04-29 09:09 - 2016-04-29 09:09 - 00001405 _____ C:\Users\Chotu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2016-04-29 09:09 - 2016-04-29 09:09 - 00000020 ___SH C:\Users\Chotu\ntuser.ini
2016-04-29 09:09 - 2016-04-29 09:09 - 00000000 _SHDL C:\Users\Chotu\My Documents
2016-04-29 09:09 - 2016-04-29 09:09 - 00000000 _SHDL C:\Users\Chotu\Documents\My Videos
2016-04-29 09:09 - 2016-04-29 09:09 - 00000000 _SHDL C:\Users\Chotu\Documents\My Pictures
2016-04-29 09:09 - 2016-04-29 09:09 - 00000000 _SHDL C:\Users\Chotu\Documents\My Music
2016-04-29 09:09 - 2016-04-29 09:09 - 00000000 ____D C:\Users\Chotu\AppData\Roaming\Adobe
2016-04-29 09:09 - 2016-04-29 09:09 - 00000000 ____D C:\Users\Chotu\AppData\Local\VirtualStore
2016-04-29 09:09 - 2016-04-29 09:09 - 00000000 ____D C:\Users\Chotu\AppData\Local\NVIDIA
2016-04-29 09:09 - 2016-04-29 09:09 - 00000000 ____D C:\Users\Chotu\AppData\Local\Google
2016-04-29 09:09 - 2016-04-29 09:09 - 00000000 ____D C:\Users\Chotu\AppData\Local\Adobe
2016-04-29 09:09 - 2016-04-29 09:09 - 00000000 ____D C:\Users\Chotu
2016-04-29 09:09 - 2016-04-01 02:40 - 00000000 ____D C:\Users\Chotu\AppData\Roaming\Macromedia
2016-04-29 09:09 - 2010-11-21 12:46 - 00000000 ____D C:\Users\Chotu\AppData\Roaming\Media Center Programs
2016-04-28 22:35 - 2016-05-02 23:13 - 00000000 ____D C:\FRST
2016-04-28 22:30 - 2016-04-28 22:30 - 00122524 _____ C:\Users\Antariksh\Documents\cc_20160428_222955.reg
2016-04-28 22:29 - 2016-04-28 22:29 - 00002806 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2016-04-28 22:29 - 2016-04-28 22:29 - 00000822 _____ C:\Users\Public\Desktop\CCleaner.lnk
2016-04-28 22:29 - 2016-04-28 22:29 - 00000000 ____D C:\Program Files\CCleaner
2016-04-28 22:19 - 2016-04-28 22:19 - 00002117 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2016-04-28 22:19 - 2016-04-28 22:19 - 00000000 ____D C:\Program Files\Microsoft Security Client
2016-04-28 22:19 - 2016-04-28 22:19 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2016-04-28 20:14 - 2016-04-28 20:14 - 00000178 ____H C:\Windows\Tasks\Microsoft_Hardware_Launch_vVX1000_exe.job
2016-04-28 00:51 - 2016-04-28 00:51 - 00100616 _____ C:\Users\Antariksh\Documents\backup.reg
2016-04-28 00:47 - 2016-04-28 00:47 - 00000000 ____D C:\Program Files (x86)\Tweaking.com
2016-04-27 23:38 - 2016-05-01 14:14 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-04-27 23:38 - 2016-04-27 23:38 - 00001098 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-04-27 23:38 - 2016-04-27 23:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-04-27 23:38 - 2016-04-27 23:38 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-04-27 23:38 - 2016-04-27 23:38 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-04-27 23:38 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-04-27 23:38 - 2015-10-05 09:50 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2016-04-27 23:38 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-04-27 23:33 - 2016-04-27 23:33 - 00140019 _____ C:\Users\Antariksh\Downloads\MicrosoftEasyFix20163.mini.diagcab
2016-04-27 23:08 - 2016-04-28 22:19 - 00001945 _____ C:\Windows\epplauncher.mif
2016-04-27 23:07 - 2016-04-27 23:07 - 14324408 _____ (Microsoft Corporation) C:\Users\Antariksh\Downloads\mseinstall.exe
2016-04-27 21:57 - 2016-04-27 23:27 - 00000000 ____D C:\Users\Antariksh\AppData\Local\Mozilla
2016-04-27 21:57 - 2016-04-27 21:57 - 00001155 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2016-04-27 21:57 - 2016-04-27 21:57 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-04-26 00:23 - 2016-04-26 15:03 - 00000000 ____D C:\ProgramData\boost_interprocess
2016-04-25 19:18 - 2016-04-25 19:18 - 00000000 ____D C:\Windows\System32\Tasks\Games
2016-04-25 11:42 - 2016-04-25 13:58 - 00000000 ____D C:\Users\Antariksh\.android
2016-04-25 11:41 - 2015-01-30 10:02 - 00084992 _____ (Intel Corporation) C:\Windows\system32\Drivers\IntelHaxm.sys
2016-04-25 11:20 - 2016-04-25 11:20 - 00000000 ____D C:\Users\Antariksh\.AndroidStudio2.1
2016-04-25 10:08 - 2016-04-25 10:08 - 00000000 ____D C:\Users\Antariksh\AppData\Local\Steam
2016-04-25 10:06 - 2016-05-02 16:47 - 00000000 ____D C:\Program Files (x86)\Steam
2016-04-25 10:06 - 2016-04-25 10:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2016-04-23 20:49 - 2016-05-02 11:07 - 00000000 ____D C:\ProgramData\Unified Remote
2016-04-23 20:49 - 2016-04-23 20:49 - 00000000 ____D C:\Users\Antariksh\AppData\Roaming\Unified Remote
2016-04-23 20:49 - 2016-04-23 20:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Unified Remote 3
2016-04-23 20:49 - 2016-04-23 20:49 - 00000000 ____D C:\Program Files (x86)\Unified Remote 3
2016-04-23 20:49 - 2016-03-22 10:43 - 00027064 _____ (Windows ® Win 7 DDK provider) C:\Windows\system32\Drivers\uvhid.sys
2016-04-23 20:49 - 2016-03-22 10:43 - 00007680 _____ (Windows ® Win 7 DDK provider) C:\Windows\system32\Drivers\hidkmdf.sys
2016-04-23 12:08 - 2016-04-23 12:14 - 00002453 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat DC.lnk
2016-04-23 12:08 - 2016-04-23 12:14 - 00002037 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller DC.lnk
2016-04-23 11:59 - 2016-04-23 12:15 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2016-04-23 11:51 - 2016-04-23 11:52 - 00003438 _____ C:\Windows\System32\Tasks\InstallShield® Update Service Scheduler
2016-04-23 10:33 - 2016-04-23 18:20 - 00000000 ____D C:\Users\Antariksh\AppData\Local\Spotify
2016-04-23 10:33 - 2016-04-23 10:33 - 00019526 _____ C:\Users\Antariksh\Downloads\[kat.cr]karaoke.air.guitar.favorites.torrent
2016-04-23 10:33 - 2016-04-23 10:33 - 00001829 _____ C:\Users\Antariksh\Desktop\Spotify.lnk
2016-04-23 10:33 - 2016-04-23 10:33 - 00001815 _____ C:\Users\Antariksh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
2016-04-23 10:31 - 2016-04-23 21:18 - 00000000 ____D C:\Users\Antariksh\AppData\Roaming\Spotify
2016-04-23 10:16 - 2016-04-23 10:18 - 00000000 ____D C:\Users\Antariksh\AppData\Roaming\Apple Computer
2016-04-23 10:16 - 2016-04-23 10:16 - 00000000 ____D C:\Users\Antariksh\AppData\Local\Apple Computer
2016-04-23 10:15 - 2016-04-23 10:15 - 00002519 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2016-04-23 10:15 - 2016-04-23 10:15 - 00000000 ____D C:\Windows\System32\Tasks\Apple
2016-04-23 10:15 - 2016-04-23 10:15 - 00000000 ____D C:\Users\Antariksh\AppData\Local\Apple
2016-04-23 10:15 - 2016-04-23 10:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2016-04-23 10:15 - 2016-04-23 10:15 - 00000000 ____D C:\ProgramData\Apple Computer
2016-04-23 10:15 - 2016-04-23 10:15 - 00000000 ____D C:\Program Files\iTunes
2016-04-23 10:15 - 2016-04-23 10:15 - 00000000 ____D C:\Program Files\iPod
2016-04-23 10:15 - 2016-04-23 10:15 - 00000000 ____D C:\Program Files\Bonjour
2016-04-23 10:15 - 2016-04-23 10:15 - 00000000 ____D C:\Program Files (x86)\iTunes
2016-04-23 10:15 - 2016-04-23 10:15 - 00000000 ____D C:\Program Files (x86)\Bonjour
2016-04-23 10:15 - 2016-04-23 10:15 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2016-04-23 10:14 - 2016-04-23 10:15 - 00000000 ____D C:\ProgramData\Apple
2016-04-23 10:14 - 2016-04-23 10:15 - 00000000 ____D C:\Program Files\Common Files\Apple
2016-04-23 01:27 - 2016-04-23 02:55 - 02524054 _____ C:\Users\Antariksh\Downloads\Standard Size (US) Business Cards Landscape.psd
2016-04-22 20:41 - 2016-04-22 20:41 - 00014486 _____ C:\Users\Antariksh\Downloads\[kat.cr]adobe.acrobat.pro.dc.2015.010.20060.multilingual.xforce.crack.torrent
2016-04-22 13:39 - 2016-04-22 13:39 - 830116148 _____ C:\Users\Antariksh\Downloads\Nguyen Quang Teo - Ultimate Oil and Water Collection.avi
2016-04-22 13:17 - 2016-04-22 13:17 - 129666905 _____ C:\Users\Antariksh\Downloads\CWFPG.avi
2016-04-22 13:04 - 2016-04-22 13:04 - 10116879 _____ C:\Users\Antariksh\Downloads\TBHMRM.pdf
2016-04-22 10:22 - 2016-04-22 10:22 - 00000000 ____D C:\Windows\SysWOW64\Properties
2016-04-22 10:22 - 2016-04-22 10:22 - 00000000 ____D C:\Windows\SysWOW64\msv
2016-04-22 10:22 - 2016-04-22 10:22 - 00000000 ____D C:\Windows\SysWOW64\BCF
2016-04-22 10:22 - 2016-04-22 10:22 - 00000000 ____D C:\Windows\system32\Properties
2016-04-22 10:22 - 2016-04-22 10:22 - 00000000 ____D C:\Windows\system32\msv
2016-04-22 10:22 - 2016-04-22 10:22 - 00000000 ____D C:\Windows\system32\BCF
2016-04-22 10:22 - 2016-04-22 10:22 - 00000000 ____D C:\Resolver
2016-04-22 10:22 - 2013-11-19 11:36 - 03115385 _____ (Red Hat) C:\Windows\SysWOW64\cygwin1.dll
2016-04-22 10:22 - 2013-11-19 11:36 - 03115385 _____ (Red Hat) C:\Windows\system32\cygwin1.dll
2016-04-22 10:22 - 2012-05-27 15:04 - 00185976 _____ (Open Source Software community LGPL) C:\Windows\SysWOW64\pthreadGC2.dll
2016-04-22 10:22 - 2012-05-27 15:04 - 00185976 _____ (Open Source Software community LGPL) C:\Windows\system32\pthreadGC2.dll
2016-04-22 10:22 - 2012-05-27 14:44 - 00082944 _____ (Open Source Software community LGPL) C:\Windows\SysWOW64\pthreadVC2.dll
2016-04-22 10:22 - 2012-05-27 14:44 - 00082944 _____ (Open Source Software community LGPL) C:\Windows\system32\pthreadVC2.dll
2016-04-19 18:41 - 2016-04-19 18:41 - 00118275 _____ C:\Users\Antariksh\Downloads\[kat.cr]my.karaoke.collection.part.12.uvwxyz.torrent
2016-04-19 18:40 - 2016-04-19 18:40 - 00046294 _____ C:\Users\Antariksh\Downloads\[kat.cr]heavy.metal.nr.4.karaoke.cdg.torrent
2016-04-19 18:39 - 2016-04-19 18:39 - 00281381 _____ C:\Users\Antariksh\Downloads\[kat.cr]karaoke.torrent
2016-04-19 18:04 - 2016-04-19 18:04 - 00000000 ____D C:\Users\Antariksh\Desktop\psp
2016-04-19 16:35 - 2016-04-19 16:35 - 00000000 ____D C:\Users\Antariksh\Tracing
2016-04-19 16:27 - 2016-04-28 10:20 - 00000000 ____D C:\Users\Antariksh\AppData\Roaming\Skype
2016-04-19 16:27 - 2016-04-19 16:27 - 00002697 _____ C:\Users\Public\Desktop\Skype.lnk
2016-04-19 16:27 - 2016-04-19 16:27 - 00000000 ___RD C:\Program Files (x86)\Skype
2016-04-19 16:27 - 2016-04-19 16:27 - 00000000 ____D C:\ProgramData\Skype
2016-04-19 16:27 - 2016-04-19 16:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2016-04-19 16:16 - 2016-04-19 16:16 - 00001004 _____ C:\Users\Antariksh\Desktop\Total Video Converter.lnk
2016-04-19 16:16 - 2016-04-19 16:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Total Video Converter
2016-04-19 16:16 - 2016-04-19 16:16 - 00000000 ____D C:\Program Files (x86)\Total Video Converter
2016-04-19 16:15 - 2016-04-19 16:15 - 00000000 ____D C:\Users\Public\Documents\Adobe
2016-04-19 11:11 - 2016-04-19 11:11 - 00002238 _____ C:\Users\Antariksh\Desktop\TriDef 3D Display Setup.lnk
2016-04-19 01:30 - 2016-04-19 01:30 - 00001456 _____ C:\Users\Antariksh\AppData\Local\Adobe Save for Web 13.0 Prefs
2016-04-18 02:54 - 2016-04-18 02:54 - 00615350 _____ C:\Users\Antariksh\Downloads\html5up-hyperspace.zip
2016-04-17 22:14 - 2016-04-17 22:14 - 00049740 _____ C:\Users\Antariksh\Downloads\pure-layout-marketing.zip
2016-04-17 21:55 - 2016-04-17 21:55 - 00000000 ____D C:\Users\Antariksh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Apache Tomcat 9.0 Tomcat9
2016-04-17 21:55 - 2016-04-17 21:55 - 00000000 ____D C:\Program Files\Apache Software Foundation
2016-04-17 12:00 - 2015-06-07 04:43 - 00961192 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2016-04-17 12:00 - 2015-06-07 04:43 - 00062304 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll
2016-04-17 12:00 - 2015-06-07 04:43 - 00020832 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll
2016-04-17 12:00 - 2015-06-07 04:43 - 00019808 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2016-04-17 12:00 - 2015-06-07 04:43 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll
2016-04-17 12:00 - 2015-06-07 04:43 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
2016-04-17 12:00 - 2015-06-07 04:43 - 00016224 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
2016-04-17 12:00 - 2015-06-07 04:43 - 00015712 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll
2016-04-17 12:00 - 2015-06-07 04:43 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll
2016-04-17 12:00 - 2015-06-07 04:43 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll
2016-04-17 12:00 - 2015-06-07 04:43 - 00013664 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2016-04-17 12:00 - 2015-06-07 04:43 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll
2016-04-17 12:00 - 2015-06-07 04:43 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll
2016-04-17 12:00 - 2015-06-07 04:43 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll
2016-04-17 12:00 - 2015-06-07 04:43 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll
2016-04-17 12:00 - 2015-06-07 04:43 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll
2016-04-17 12:00 - 2015-06-07 04:43 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll
2016-04-17 12:00 - 2015-06-07 04:43 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll
2016-04-17 12:00 - 2015-06-07 04:43 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
2016-04-17 12:00 - 2015-06-07 04:43 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-eventing-provider-l1-1-0.dll
2016-04-17 12:00 - 2015-06-07 04:43 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll
2016-04-17 12:00 - 2015-06-07 04:43 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll
2016-04-17 12:00 - 2015-06-07 04:43 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll
2016-04-17 12:00 - 2015-06-07 04:43 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll
2016-04-17 12:00 - 2015-06-07 04:38 - 00883712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll
2016-04-17 12:00 - 2015-06-07 04:38 - 00064352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-private-l1-1-0.dll
2016-04-17 12:00 - 2015-06-07 04:38 - 00022368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-math-l1-1-0.dll
2016-04-17 12:00 - 2015-06-07 04:38 - 00019808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll
2016-04-17 12:00 - 2015-06-07 04:38 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dll
2016-04-17 12:00 - 2015-06-07 04:38 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll
2016-04-17 12:00 - 2015-06-07 04:38 - 00016224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll
2016-04-17 12:00 - 2015-06-07 04:38 - 00015712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll
2016-04-17 12:00 - 2015-06-07 04:38 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-time-l1-1-0.dll
2016-04-17 12:00 - 2015-06-07 04:38 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-2-0.dll
2016-04-17 12:00 - 2015-06-07 04:38 - 00013664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll
2016-04-17 12:00 - 2015-06-07 04:38 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-process-l1-1-0.dll
2016-04-17 12:00 - 2015-06-07 04:38 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll
2016-04-17 12:00 - 2015-06-07 04:38 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll
2016-04-17 12:00 - 2015-06-07 04:38 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll
2016-04-17 12:00 - 2015-06-07 04:38 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll
2016-04-17 12:00 - 2015-06-07 04:38 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll
2016-04-17 12:00 - 2015-06-07 04:38 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-2-0.dll
2016-04-17 12:00 - 2015-06-07 04:38 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-1.dll
2016-04-17 12:00 - 2015-06-07 04:38 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-eventing-provider-l1-1-0.dll
2016-04-17 12:00 - 2015-06-07 04:38 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l2-1-0.dll
2016-04-17 12:00 - 2015-06-07 04:38 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-timezone-l1-1-0.dll
2016-04-17 12:00 - 2015-06-07 04:38 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l2-1-0.dll
2016-04-17 12:00 - 2015-06-07 04:38 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-2-0.dll
2016-04-17 11:52 - 2016-04-17 11:54 - 00001445 _____ C:\Users\Public\Desktop\Wampserver64.lnk
2016-04-17 11:52 - 2016-04-17 11:52 - 00000000 ____D C:\wamp64
2016-04-17 11:52 - 2016-04-17 11:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wampserver64
2016-04-17 00:43 - 2016-04-17 00:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VOX
2016-04-17 00:43 - 2016-04-17 00:43 - 00000000 ____D C:\Program Files (x86)\VOX
2016-04-17 00:41 - 2016-04-17 00:41 - 00000000 ____D C:\Users\Antariksh\AppData\Roaming\ToneLabST
2016-04-17 00:40 - 2016-04-17 00:42 - 00131116 _____ C:\Windows\SysWOW64\TLSTUnin.exe
2016-04-17 00:40 - 2016-04-17 00:40 - 00000966 _____ C:\Users\Antariksh\Desktop\ToneLabST Sound Librarian.lnk
2016-04-17 00:40 - 2016-04-17 00:40 - 00000000 ____D C:\Users\Antariksh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ToneLabST
2016-04-17 00:40 - 2016-04-17 00:40 - 00000000 ____D C:\Program Files (x86)\ToneLabST
2016-04-16 12:10 - 2016-04-16 12:10 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_WinUsb_01009.Wdf
2016-04-16 12:09 - 2012-11-14 15:08 - 01002728 _____ (Microsoft Corporation) C:\Windows\system32\WinUSBCoInstaller2.dll
2016-04-16 12:01 - 2016-04-16 12:01 - 00001328 _____ C:\Users\Antariksh\Desktop\Nexus Root Toolkit.lnk
2016-04-16 12:01 - 2016-04-16 12:01 - 00000000 ____D C:\Users\Antariksh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WugFresh Development
2016-04-16 12:01 - 2016-04-16 12:01 - 00000000 ____D C:\Program Files (x86)\WugFresh Development
2016-04-16 11:22 - 2016-04-16 11:21 - 00351511 ____N C:\Users\Antariksh\Documents\sms-20160416112042.xml
2016-04-16 11:22 - 2016-04-16 11:21 - 00071079 ____N C:\Users\Antariksh\Documents\calls-20160416112042.xml
2016-04-16 01:18 - 2016-04-16 01:18 - 00000000 ____D C:\Program Files\ZOOM
2016-04-16 01:18 - 2016-04-16 01:18 - 00000000 ____D C:\Program Files (x86)\ZOOM
2016-04-14 22:44 - 2016-04-14 22:44 - 81264005 _____ C:\Users\Antariksh\Downloads\Fixed Fate by Cameron Francis.rmvb
2016-04-14 15:51 - 2016-04-14 15:51 - 14851549 _____ C:\Users\Antariksh\Downloads\CamScanner.zip
2016-04-14 10:42 - 2016-04-22 22:01 - 00000000 ____D C:\Users\Antariksh\AppData\Roaming\FileZilla
2016-04-14 10:42 - 2016-04-14 10:42 - 06516656 _____ (Tim Kosse) C:\Users\Antariksh\Downloads\FileZilla_3.16.1_win64-setup.exe
2016-04-14 10:42 - 2016-04-14 10:42 - 06420600 _____ (Tim Kosse) C:\Users\Antariksh\Downloads\FileZilla_3.10.3_win64-setup [1].exe
2016-04-14 10:42 - 2016-04-14 10:42 - 00001858 _____ C:\Users\Public\Desktop\FileZilla Client.lnk
2016-04-14 10:42 - 2016-04-14 10:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
2016-04-14 10:42 - 2016-04-14 10:42 - 00000000 ____D C:\Program Files\FileZilla FTP Client
2016-04-12 12:27 - 2016-04-12 12:27 - 00002374 _____ C:\Users\Public\Desktop\TriDef 3D.lnk
2016-04-12 12:26 - 2016-04-12 12:27 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TriDef
2016-04-12 12:26 - 2016-04-12 12:26 - 00000000 ____D C:\ProgramData\TriDef 3D
2016-04-12 12:26 - 2016-04-12 12:26 - 00000000 ____D C:\ProgramData\DDD
2016-04-12 12:26 - 2016-04-12 12:26 - 00000000 ____D C:\Program Files (x86)\TriDef
2016-04-12 11:32 - 2016-04-12 12:00 - 99379357 _____ C:\Users\Antariksh\Downloads\Same.TriDef.3D.6.7.0.Build.12940.rar
2016-04-11 14:07 - 2016-04-11 14:07 - 00023472 _____ C:\Users\Antariksh\Downloads\MODERNE SANS.ttf
2016-04-11 04:54 - 2016-04-11 04:54 - 00001106 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Premiere Pro CC 2015.lnk
2016-04-11 04:15 - 2016-04-11 04:15 - 00001040 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CC 2015.lnk
2016-04-11 04:12 - 2016-04-23 12:14 - 00001458 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Application Manager.lnk
2016-04-11 04:03 - 2016-04-11 04:03 - 00037959 _____ C:\Users\Antariksh\Downloads\[kat.cr]adobe.premiere.pro.cc.2015.v9.0.multilingual.patch.keygen.appzdam (1).torrent
2016-04-11 03:57 - 2016-04-11 03:57 - 00095485 _____ C:\Users\Antariksh\Downloads\89EBCCD43FA8F75F8439896EA5211EA60E041A4F.torrent
2016-04-11 03:30 - 2016-04-11 03:30 - 00016368 _____ C:\Users\Antariksh\Downloads\[kat.cr]adobe.photoshop.cc.2015.z86.64bit.full.installer.torrent
2016-04-11 03:27 - 2016-04-11 03:27 - 00000000 ____D C:\Users\Antariksh\Downloads\Adobe Photoshop CS6 LS6
2016-04-11 03:25 - 2016-04-11 03:33 - 00000000 ____D C:\Users\Antariksh\AppData\Local\Adobe Tool
2016-04-11 03:04 - 2016-04-28 22:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2016-04-11 02:59 - 2016-04-11 03:42 - 00000000 ____D C:\Windows\SysWOW64\Adobe Photoshop CS6 Extended
2016-04-11 02:54 - 2016-04-11 02:54 - 00000000 ____D C:\ProgramData\ALM
2016-04-11 02:51 - 2016-04-11 02:51 - 00000000 ____D C:\Users\Antariksh\Adobe Flash Builder 4.6
2016-04-11 02:25 - 2016-04-11 02:25 - 00001053 _____ C:\Users\Antariksh\Downloads\[kat.cr]adobe.cs6.master.collection.patch.x86x64.torrent
2016-04-11 02:25 - 2016-04-11 02:25 - 00001053 _____ C:\Users\Antariksh\Downloads\[kat.cr]adobe.cs6.master.collection.patch.x86x64 (1).torrent
2016-04-11 00:46 - 2016-04-11 00:47 - 00355894 _____ C:\Users\Antariksh\Downloads\vsco_cam_5_filters___photoshop_psd_by_friabrisa-d6v49v0.psd
2016-04-10 02:50 - 2016-04-10 02:50 - 31682856 _____ C:\Users\Antariksh\Downloads\A.C.A.A.N_by_Dani_DaOrtiz.flv
2016-04-10 02:30 - 2016-04-10 02:30 - 77373603 _____ C:\Users\Antariksh\Downloads\MYSTIC CARD by Ali Nouira2.mp4
2016-04-10 02:29 - 2016-04-10 02:29 - 19939162 _____ C:\Users\Antariksh\Downloads\MYSTIC CARD by Ali Nouira1.mp4
2016-04-10 02:25 - 2016-04-10 02:25 - 00000000 ____D C:\Users\Antariksh\Downloads\2005
2016-04-10 02:21 - 2016-04-10 02:21 - 21708998 _____ C:\Users\Antariksh\Downloads\2005.7z
2016-04-10 02:20 - 2016-04-10 02:20 - 51313814 _____ C:\Users\Antariksh\Downloads\Move by Gianni Vox.rmvb
2016-04-10 02:08 - 2016-04-10 02:08 - 31682856 _____ C:\Users\Antariksh\Downloads\A.C.A.A.N by Dani DaOrtiz.flv
2016-04-09 13:13 - 2016-04-09 13:13 - 00798632 _____ C:\Users\Antariksh\Downloads\201384405-sat (1).pdf
2016-04-09 10:48 - 2016-04-09 10:48 - 01292411 _____ C:\Users\Antariksh\Downloads\240026942-IX-and-X-ICSE-English-02.unlocked.pdf
2016-04-09 03:01 - 2016-04-09 03:01 - 00002963 _____ C:\Users\Antariksh\Downloads\icon.eps
2016-04-09 02:31 - 2016-04-09 03:07 - 01167396 _____ C:\Users\Antariksh\Documents\logo mw.ai
2016-04-09 02:08 - 2016-04-09 02:08 - 01720322 _____ C:\Users\Antariksh\Downloads\GEOM_download.ai
2016-04-08 23:28 - 2016-04-08 23:28 - 01301065 _____ C:\Users\Antariksh\Downloads\240026942-IX-and-X-ICSE-English-02.pdf
2016-04-08 16:50 - 2016-04-08 16:50 - 00000000 ____D C:\ProgramData\Hewlett-Packard
2016-04-08 15:17 - 2016-04-08 15:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZOOM
2016-04-07 17:13 - 2016-04-08 15:04 - 00000000 ____D C:\Program Files\MiniTool Partition Wizard Free 9.1
2016-04-07 17:13 - 2015-08-11 12:22 - 03067392 _____ C:\Windows\system32\pwNative.exe
2016-04-07 17:13 - 2013-09-30 15:26 - 00019152 ____N C:\Windows\system32\pwdrvio.sys
2016-04-07 17:13 - 2013-09-30 15:26 - 00012504 ____N C:\Windows\system32\pwdspio.sys
2016-04-07 16:25 - 2016-04-07 16:26 - 00000000 ____D C:\Users\Antariksh\Documents\clapton
2016-04-07 15:57 - 2016-04-07 15:57 - 00000057 _____ C:\ProgramData\Ament.ini
2016-04-07 15:57 - 2016-04-07 15:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2016-04-07 15:57 - 2016-04-07 15:57 - 00000000 ____D C:\ProgramData\HP
2016-04-07 15:57 - 2016-04-07 15:57 - 00000000 ____D C:\Program Files\HP
2016-04-07 15:57 - 2016-04-07 15:57 - 00000000 ____D C:\Program Files (x86)\HP
2016-04-07 15:56 - 2016-04-07 15:57 - 00000000 ____D C:\Users\Antariksh\AppData\Local\HP
2016-04-07 15:54 - 2016-04-07 15:54 - 00000000 ____D C:\Users\Antariksh\AppData\Local\Hewlett-Packard
2016-04-07 15:51 - 2016-04-07 15:51 - 00000000 ____D C:\Windows\System32\Tasks\Hewlett-Packard
2016-04-07 15:51 - 2016-04-07 15:51 - 00000000 ____D C:\Program Files (x86)\Hewlett-Packard
2016-04-07 14:30 - 2016-04-27 22:50 - 00000000 ____D C:\Users\Antariksh\AppData\Local\ElevatedDiagnostics
2016-04-07 14:24 - 2013-08-21 15:16 - 00053248 _____ (Windows XP Bundled build C-Centric Single User) C:\Windows\SysWOW64\CSVer.dll
2016-04-07 11:31 - 2016-04-07 11:32 - 00000000 ____D C:\Program Files (x86)\iCare Data Recovery Pro
2016-04-06 11:26 - 2016-04-06 11:26 - 00531512 _____ C:\Users\Antariksh\Downloads\lesson_2_-_organisation_skills.pptx
2016-04-06 11:21 - 2016-04-06 11:22 - 01735269 _____ C:\Users\Antariksh\Downloads\Lesson_7__Revision_and_review.pptx
2016-04-06 11:20 - 2016-04-06 11:20 - 00277203 _____ C:\Users\Antariksh\Downloads\Lesson_4_-_Skills_Audit.pptx
2016-04-06 01:59 - 2016-04-06 01:59 - 00000000 ____D C:\Program Files (x86)\Red Giant Link
2016-04-06 00:57 - 2016-04-06 00:57 - 00037959 _____ C:\Users\Antariksh\Downloads\[kat.cr]adobe.premiere.pro.cc.2015.v9.0.multilingual.patch.keygen.appzdam.torrent
2016-04-06 00:18 - 2016-04-26 17:00 - 14728739 _____ C:\Users\Antariksh\Documents\CIII_LogFile.txt
2016-04-06 00:18 - 2016-04-06 01:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Red Giant
2016-04-06 00:18 - 2016-04-06 00:18 - 00000000 ____D C:\Users\Antariksh\AppData\Roaming\Red Giant
2016-04-06 00:18 - 2016-04-06 00:18 - 00000000 ____D C:\ProgramData\Red Giant
2016-04-06 00:17 - 2016-04-06 01:59 - 00000000 ____D C:\Program Files (x86)\Red Giant
2016-04-06 00:17 - 2016-04-06 00:17 - 00000000 ____D C:\ProgramData\RedGiant
2016-04-06 00:17 - 2016-04-06 00:17 - 00000000 ____D C:\Program Files\Red Giant
2016-04-06 00:17 - 2015-12-03 12:25 - 13005824 _____ (Red Giant Software) C:\Windows\system32\Gpu_Shader_Engine_x64.dll
2016-04-06 00:17 - 2015-12-03 12:25 - 05640704 _____ (Noesis Technologies) C:\Windows\system32\Noesis.dll
2016-04-06 00:04 - 2016-04-06 00:04 - 00011494 _____ C:\Users\Antariksh\Downloads\[kat.cr]red.giant.magic.bullet.suite.12.1.4.serials.torrent
2016-04-05 14:18 - 2016-04-28 10:46 - 00000000 ____D C:\Users\Antariksh\AppData\Local\Lenovo
2016-04-05 14:18 - 2016-04-28 10:46 - 00000000 ____D C:\ProgramData\Lenovo
2016-04-05 14:18 - 2016-04-05 14:18 - 00000000 ____D C:\Users\Antariksh\Downloads\SHAREit
2016-04-05 10:31 - 2016-04-05 10:31 - 03073612 _____ C:\Users\Antariksh\Downloads\PPPSE.pdf
2016-04-05 10:29 - 2016-04-05 10:29 - 00501738 _____ C:\Users\Antariksh\Downloads\The Aura_effect_Devin Knight.pdf
2016-04-05 08:42 - 2016-04-05 08:42 - 00533664 _____ C:\Users\Antariksh\Downloads\Untangle By Seamus Maguire.pdf
2016-04-05 01:43 - 2016-04-16 01:46 - 00000016 _____ C:\Users\Antariksh\AppData\Roaming\msregsvv.dll
2016-04-05 01:43 - 2016-04-16 01:46 - 00000016 _____ C:\ProgramData\autobk.inc
2016-04-05 01:43 - 2016-04-05 01:43 - 00000000 ____D C:\Users\Antariksh\AppData\Roaming\IK Multimedia
2016-04-05 01:42 - 2016-04-05 01:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IK Multimedia
2016-04-05 01:42 - 2016-04-05 01:43 - 00000000 ____D C:\Program Files (x86)\IK Multimedia
2016-04-05 01:42 - 2016-04-05 01:42 - 00000000 ____D C:\Program Files\VstPlugIns
2016-04-05 01:42 - 2016-04-05 01:42 - 00000000 ____D C:\Program Files\IK Multimedia
2016-04-05 01:42 - 2016-04-05 01:42 - 00000000 ____D C:\Program Files\Common Files\VST3
2016-04-05 01:42 - 2016-04-05 01:42 - 00000000 ____D C:\Program Files\Common Files\Avid
2016-04-05 01:42 - 2012-08-29 12:23 - 12708016 _____ (Intel Corporation) C:\Windows\system32\mkl_def.dll
2016-04-05 01:42 - 2012-08-29 12:23 - 12474544 _____ (Intel Corporation) C:\Windows\system32\mkl_core.dll
2016-04-05 01:42 - 2012-08-29 12:23 - 09917616 _____ (Intel Corporation) C:\Windows\system32\mkl_intel_thread.dll
2016-04-05 01:42 - 2012-08-29 12:23 - 00529072 _____ (Intel Corporation) C:\Windows\system32\libiomp5md.dll
2016-04-05 01:42 - 2012-08-29 12:23 - 00499712 _____ (Microsoft Corporation) C:\Windows\msvcp71.dll
2016-04-05 01:42 - 2012-08-29 12:23 - 00348160 _____ (Microsoft Corporation) C:\Windows\msvcr71.dll
2016-04-04 18:48 - 2016-04-04 18:49 - 00000000 ____D C:\Users\Antariksh\Documents\Dolphin Emulator
2016-04-03 19:42 - 2016-04-03 19:42 - 00002029 _____ C:\Users\Public\Desktop\Microsoft LifeCam.lnk
2016-04-03 19:42 - 2016-04-03 19:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft LifeCam
2016-04-03 19:41 - 2016-04-03 19:41 - 00000000 ____D C:\Program Files\Microsoft LifeCam
2016-04-03 19:41 - 2016-04-03 19:41 - 00000000 ____D C:\Program Files (x86)\Microsoft LifeCam
2016-04-03 16:37 - 2016-04-11 16:19 - 00000000 ____D C:\Windows\Minidump
2016-04-02 01:21 - 2016-04-02 01:21 - 00667325 _____ C:\Users\Antariksh\Downloads\[kat.cr]ultimate.magic.video.collection.vol.4.by.aznh.torrent
2016-04-02 01:21 - 2016-04-02 01:21 - 00667325 _____ C:\Users\Antariksh\Downloads\[kat.cr]ultimate.magic.video.collection.vol.4.by.aznh (1).torrent
2016-04-02 01:15 - 2016-04-02 01:15 - 00011947 _____ C:\Users\Antariksh\Downloads\488984EC4C327C2DF4EB6ACAAA19EC2561B45029.torrent
2016-04-02 00:18 - 2016-04-02 00:18 - 00019874 _____ C:\Users\Antariksh\Downloads\CC52DE48F4A1F9DE9B025A2269561ED761B45A95.torrent
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-05-02 22:31 - 2016-04-01 01:48 - 00000000 ____D C:\Users\Antariksh\AppData\Roaming\IDM
2016-05-02 21:16 - 2009-07-14 10:15 - 00023680 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-05-02 21:16 - 2009-07-14 10:15 - 00023680 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-05-02 21:08 - 2016-04-01 10:55 - 00000091 _____ C:\HaxLogs.txt
2016-05-02 21:08 - 2016-04-01 01:10 - 00000000 ____D C:\ProgramData\NVIDIA
2016-05-02 21:08 - 2009-07-14 10:38 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-05-02 21:04 - 2016-04-01 09:33 - 00000000 ____D C:\ProgramData\Origin
2016-05-02 21:04 - 2016-04-01 01:48 - 00000000 ____D C:\Users\Antariksh\AppData\Roaming\DMCache
2016-05-02 13:37 - 2009-07-14 10:43 - 00779966 _____ C:\Windows\system32\PerfStringBackup.INI
2016-05-02 13:37 - 2009-07-14 08:50 - 00000000 ____D C:\Windows\inf
2016-05-02 13:17 - 2016-04-01 09:29 - 00000000 ____D C:\Users\Antariksh\AppData\Local\CrashDumps
2016-05-01 18:38 - 2016-04-01 01:44 - 00000000 ____D C:\Users\Antariksh\AppData\Roaming\uTorrent
2016-05-01 18:04 - 2016-04-01 01:48 - 00000000 ____D C:\Users\Antariksh\Downloads\Video
2016-04-29 23:54 - 2016-04-01 22:02 - 00000000 ____D C:\Users\Antariksh\Desktop\Adobe CS6 Master Collection
2016-04-29 20:12 - 2016-04-01 09:23 - 00000000 ____D C:\Users\Antariksh\Documents\SP
2016-04-29 17:36 - 2009-07-14 08:50 - 00000000 ____D C:\Windows\PLA
2016-04-29 11:54 - 2016-04-01 01:48 - 00000000 ____D C:\Users\Antariksh\Downloads\Compressed
2016-04-28 11:06 - 2016-04-01 11:45 - 00002075 _____ C:\Users\Antariksh\Documents\autoremote.xml
2016-04-28 10:49 - 2016-04-01 01:22 - 00000000 ____D C:\Users\Antariksh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
2016-04-27 21:58 - 2016-04-01 11:03 - 00000000 ____D C:\Users\Antariksh\AppData\Roaming\Mozilla
2016-04-27 21:57 - 2016-04-01 09:20 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-04-27 16:47 - 2016-04-01 09:22 - 00000000 ____D C:\Users\Antariksh\Documents\FIFA 16
2016-04-27 14:09 - 2016-04-01 09:32 - 00000000 ____D C:\Program Files (x86)\Origin
2016-04-25 11:42 - 2016-04-01 12:23 - 00000000 ____D C:\Users\Antariksh
2016-04-25 11:41 - 2016-04-01 13:25 - 00000000 ____D C:\Program Files\Intel
2016-04-25 11:38 - 2016-04-01 10:52 - 00000000 ____D C:\Users\Antariksh\AppData\Local\Android
2016-04-25 11:36 - 2016-04-01 10:52 - 00000000 ____D C:\Program Files\Android
2016-04-23 18:18 - 2009-07-14 10:15 - 05218024 _____ C:\Windows\system32\FNTCACHE.DAT
2016-04-23 12:25 - 2016-04-01 01:20 - 00115008 _____ C:\Users\Antariksh\AppData\Local\GDIPFONTCACHEV1.DAT
2016-04-23 12:12 - 2016-04-01 09:02 - 00000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2016-04-23 12:07 - 2016-04-01 02:37 - 00000000 ____D C:\Program Files (x86)\Adobe
2016-04-23 11:55 - 2016-04-01 02:31 - 00000000 ____D C:\ProgramData\Adobe
2016-04-23 10:28 - 2016-04-01 11:11 - 00000000 ____D C:\Users\Antariksh\AppData\Local\CyberGhost
2016-04-23 10:09 - 2016-04-01 01:46 - 00000000 ___SD C:\Users\Antariksh\AppData\LocalLow\Temp
2016-04-23 02:00 - 2016-04-01 02:31 - 00000000 ____D C:\Users\Antariksh\AppData\Local\Adobe
2016-04-22 15:26 - 2016-04-01 02:31 - 00000000 ____D C:\Users\Antariksh\AppData\Roaming\Adobe
2016-04-22 13:27 - 2010-11-21 08:57 - 00453288 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2016-04-21 16:49 - 2016-04-01 23:10 - 00000000 ____D C:\Users\Antariksh\AppData\Roaming\vlc
2016-04-19 18:04 - 2016-04-01 12:23 - 00000000 ____D C:\Users\Antariksh\AppData\Local\VirtualStore
2016-04-17 11:59 - 2016-04-01 01:09 - 00000000 ____D C:\ProgramData\Package Cache
2016-04-17 11:00 - 2016-04-01 09:34 - 00000000 ____D C:\Users\Antariksh\AppData\Roaming\Origin
2016-04-14 10:42 - 2016-04-01 09:33 - 00000000 ____D C:\ProgramData\Electronic Arts
2016-04-11 10:57 - 2016-04-01 01:21 - 00002195 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-04-11 10:57 - 2016-04-01 01:21 - 00002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-04-11 04:53 - 2016-04-01 02:36 - 00000000 ____D C:\Program Files\Common Files\Adobe
2016-04-11 04:53 - 2016-04-01 02:36 - 00000000 ____D C:\Program Files\Adobe
2016-04-11 04:15 - 2016-04-01 09:04 - 00000000 ____D C:\Users\Antariksh\Documents\Adobe
2016-04-11 03:59 - 2016-04-01 02:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Master Collection CS6
2016-04-11 03:44 - 2016-04-01 09:19 - 00000000 ____D C:\Windows\System32\Tasks\OfficeSoftwareProtectionPlatform
2016-04-11 03:44 - 2016-04-01 09:19 - 00000000 ____D C:\Users\Antariksh\AppData\Roaming\Rainmeter
2016-04-11 03:44 - 2016-04-01 02:47 - 00000000 ____D C:\Windows\system32\Macromed
2016-04-11 03:44 - 2016-04-01 02:37 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2016-04-11 03:44 - 2009-07-14 08:50 - 00000000 ____D C:\Windows\AppCompat
2016-04-11 03:42 - 2010-11-21 12:46 - 00000000 ___RD C:\Users\Public\Recorded TV
2016-04-11 03:42 - 2009-07-14 08:50 - 00000000 ____D C:\Windows\registration
2016-04-11 03:41 - 2016-04-01 09:14 - 00000000 ____D C:\Users\Antariksh\AppData\Roaming\DAEMON Tools Lite
2016-04-11 03:10 - 2016-04-01 13:13 - 00000000 ____D C:\Windows\Panther
2016-04-10 00:43 - 2016-04-01 09:34 - 00000000 ____D C:\Users\Antariksh\AppData\Local\Origin
2016-04-07 14:24 - 2016-04-01 13:25 - 00000000 ____D C:\Program Files (x86)\Intel
 
==================== Files in the root of some directories =======
 
2016-04-05 01:43 - 2016-04-16 01:46 - 0000016 _____ () C:\Users\Antariksh\AppData\Roaming\msregsvv.dll
2016-04-19 01:30 - 2016-04-19 01:30 - 0001456 _____ () C:\Users\Antariksh\AppData\Local\Adobe Save for Web 13.0 Prefs
2016-04-07 15:57 - 2016-04-07 15:57 - 0000057 _____ () C:\ProgramData\Ament.ini
2016-04-05 01:43 - 2016-04-16 01:46 - 0000016 _____ () C:\ProgramData\autobk.inc
2016-04-01 13:27 - 2016-04-01 13:27 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
 
Some files in TEMP:
====================
C:\Users\Antariksh\AppData\Local\Temp\libeay32.dll
C:\Users\Antariksh\AppData\Local\Temp\msvcr120.dll
C:\Users\Antariksh\AppData\Local\Temp\sqlite3.dll
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-04-28 00:29
 
==================== End of FRST.txt ============================




This is the addition
Additional scan result of Farbar Recovery Scan Tool (x64) Version:01-05-2016
Ran by Antariksh (2016-05-02 23:13:47)
Running from C:\Users\Antariksh\Downloads\Programs
Windows 7 Ultimate Service Pack 1 (X64) (2016-04-01 06:53:05)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-50277338-3707354177-373787972-500 - Administrator - Disabled)
Antariksh (S-1-5-21-50277338-3707354177-373787972-1000 - Administrator - Enabled) => C:\Users\Antariksh
Guest (S-1-5-21-50277338-3707354177-373787972-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-50277338-3707354177-373787972-1002 - Limited - Enabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Microsoft Security Essentials (Enabled - Up to date) {768124D7-F5F7-6D2F-DDC2-94DFA4017C95}
AS: Microsoft Security Essentials (Enabled - Up to date) {CDE0C533-D3CD-62A1-E772-AFADDF863628}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKU\S-1-5-21-50277338-3707354177-373787972-1000\...\uTorrent) (Version: 3.4.6.42094 - BitTorrent Inc.)
Adobe Acrobat DC (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-0C0F074E4100}) (Version: 15.010.20060 - Adobe Systems Incorporated)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.010.20060 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated)
Adobe Creative Suite 6 Master Collection (HKLM-x32\...\{E8AD3069-9EB7-4BA8-8BFE-83F4E69355C0}) (Version: 6 - Adobe Systems Incorporated)
Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)
Adobe Photoshop CC 2015 (HKLM-x32\...\{793C2BF7-A4FE-4608-91C9-9282C5801C21}) (Version: 16.0 - Adobe Systems Incorporated)
Adobe Premiere Pro CC 2015 (HKLM-x32\...\{38C72D42-0672-43B1-9E05-E7631684F9A1}) (Version: 9.0.0 - Adobe Systems Incorporated)
Adobe Widget Browser (HKLM-x32\...\com.adobe.WidgetBrowser) (Version: 2.0 Build 348 - Adobe Systems Incorporated.)
AmpliTube 4 version 4.0.2 (HKLM\...\{21B0C8E0-7EB7-4832-B764-20A7DAE86E02}_is1) (Version: 4.0.2 - IK Multimedia)
Android Studio (HKLM\...\Android Studio) (Version: 1.0 - Google Inc.)
Apache Tomcat 9.0 Tomcat9 (remove only) (HKLM\...\Apache Tomcat 9.0 Tomcat9) (Version: 9.0.0.M4 - )
Apple Application Support (32-bit) (HKLM-x32\...\{FE5C2FAA-118D-4509-B51D-3F71CC9E1B3E}) (Version: 4.3 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{2937FD88-C9D6-4B82-B539-37CD0A572F42}) (Version: 4.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2E4AF2A6-50EA-4260-9BA4-5E582D11879A}) (Version: 9.3.0.15 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
bl (x32 Version: 1.0.0 - Your Company Name) Hidden
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.17 - Piriform)
Custom Shop version 1.7.0 (HKLM-x32\...\{21BAD046-50EC-49E2-BE7B-F9729704F2C3}_is1) (Version: 1.7.0 - IK Multimedia)
CyberGhost 5 (HKLM\...\CyberGhost 5_is1) (Version:  - CyberGhost S.R.L.)
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.3.0.0152 - Disc Soft Ltd)
Dota 2 (HKLM\...\Steam App 570) (Version:  - Valve)
Drive Icon Changer 1.0 (HKLM-x32\...\Drive Icon Changer 1.0) (Version:  - )
EventGhost 0.4.1.r1722 (HKLM-x32\...\EventGhost_is1) (Version: 0.4.1.r1722 - EventGhost Project)
FIFA 16 (HKLM-x32\...\{28FA2805-7992-4A28-844B-040C57204718}) (Version: 1.4.64673.4 - Electronic Arts)
FileZilla Client 3.16.1 (HKLM-x32\...\FileZilla Client) (Version: 3.16.1 - Tim Kosse)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 49.0.2623.112 - Google Inc.)
Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden
Guitar Pro 6 (HKLM-x32\...\{14A487F2-1259-4E6C-AE3C-3C888DDBCB60}_is1) (Version:  - Arobas Music)
HP Deskjet 1000 J110 series Basic Device Software (HKLM\...\{A3E89C5B-BB3A-433A-A878-D1310BB13EAD}) (Version: 28.0.1313.0 - Hewlett-Packard Co.)
HP Support Solutions Framework (HKLM-x32\...\{CE7447C2-EF12-4EF3-BE51-BFC3B049C0F6}) (Version: 12.3.11.29 - HP)
H-Series_ASIO64 (HKLM\...\{5ACDFB68-D994-48E0-A579-2AFA6B851710}) (Version: 2.0.0.3 - ZOOM)
IDM Crack 6.25 build 14 (HKLM-x32\...\IDM Crack 6.25 build 14) (Version: build 14 - SandySeedings Team)
IK Multimedia Authorization Manager version 1.0.15 (HKLM\...\{85BC0DCB-69E5-4279-AA25-F108EF896588}_is1) (Version: 1.0.15 - IK Multimedia)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel® Network Connections 19.1.51.0 (HKLM\...\PROSetDX) (Version: 19.1.51.0 - Intel)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.7.0.1013 - Intel Corporation)
Intel® Hardware Accelerated Execution Manager (HKLM\...\{ECCB31F5-435D-4F37-A98D-5854D3C62718}) (Version: 1.1.1 - Intel Corporation)
Internet Download Manager (HKLM-x32\...\Internet Download Manager) (Version:  - Tonec Inc.)
iTunes (HKLM\...\{A31C5565-90D9-4615-AE13-94D86C3836C7}) (Version: 12.3.3.17 - Apple Inc.)
Java 8 Update 77 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418077F0}) (Version: 8.0.770.3 - Oracle Corporation)
Java SE Development Kit 8 Update 77 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180770}) (Version: 8.0.770.3 - Oracle Corporation)
K-Lite Codec Pack 12.0.5 Basic (HKLM-x32\...\KLiteCodecPack_is1) (Version: 12.0.5 - KLCP)
Magic Bullet Suite v12.1.4 (HKLM-x32\...\{99487911-8011-42BC-B594-8B02BFD32B1D}_is1) (Version: 12.1.4 - Red Giant, LLC)
Malwarebytes Anti-Malware v2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes Anti-Malware)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Camera Codec Pack (HKLM\...\{D553E8CC-5C56-4B06-AC1A-A443DFF31092}) (Version: 6.3.9723.0 - Microsoft Corporation)
Microsoft LifeCam (HKLM\...\{6965A8D2-465D-4F98-9FAA-0E9E2348F329}) (Version: 3.22.270.0 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4420.1017 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.9.218.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23026 (HKLM-x32\...\{e46eca4f-393b-40df-9f49-076faf788d83}) (Version: 14.0.23026.0 - Microsoft Corporation)
Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{D9C50188-12D5-4D3E-8F00-682346C2AA5F}) (Version: 1.20.146.0 - Microsoft)
MotioninJoy Gamepad tool 0.7.1001 (HKLM\...\{330DAC67-5B62-452A-A0E4-6B4A5923940F}_is1) (Version: 0.7.1001 - www.motioninjoy.com)
Mozilla Firefox 46.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 46.0 (x86 en-US)) (Version: 46.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 46.0 - Mozilla)
Nexus Root Toolkit (HKLM-x32\...\Nexus Root Toolkit) (Version: 2.1.4 - WugFresh)
NVIDIA 3D Vision Controller Driver 364.44 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 364.44 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 364.72 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 364.72 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.11.2.55 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.11.2.55 - NVIDIA Corporation)
NVIDIA Graphics Driver 364.72 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 364.72 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.4 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
Origin (HKLM-x32\...\Origin) (Version: 9.11.6.18139 - Electronic Arts, Inc.)
Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
ph (x32 Version: 1.0.0 - Your Company Name) Hidden
Rainmeter (HKLM-x32\...\Rainmeter) (Version: 3.3.1 r2602 - )
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7240 - Realtek Semiconductor Corp.)
Red Giant Link (HKLM-x32\...\{10F82E5B-B611-4C65-8F29-666A9EC5680A}_is1) (Version: 1.9.8.1 - Red Giant, LLC)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.1.28.1 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.1.28.1 - Renesas Electronics Corporation) Hidden
Riffstation (HKU\S-1-5-21-50277338-3707354177-373787972-1000\...\{6f68aaf6-9006-47c0-8627-fa3faeb60f7a}) (Version: 1.6 - Sonic Ladder Ltd.)
SHIELD Streaming (Version: 7.1.0280 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.11.2.55 - NVIDIA Corporation) Hidden
Skype™ 7.21 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.21.100 - Skype Technologies S.A.)
Sleeping Dogs version 1.4 (HKLM-x32\...\Sleeping Dogs_is1) (Version: 1.4 - )
Spotify (HKU\S-1-5-21-50277338-3707354177-373787972-1000\...\Spotify) (Version: 1.0.27.75.gdc223232 - Spotify AB)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
ToneLabST Sound Librarian (HKLM-x32\...\{60470F9B-980C-4557-A2ED-43EEB38FA201}) (Version: 1.1.0 - KORG Inc.)
ToneLabST USB-ASIO Driver (HKLM-x32\...\ToneLabST USB-ASIO Driver) (Version:  - )
Total Video Converter 3.71 100812 (HKLM-x32\...\Total Video Converter 3.71_is1) (Version:  - EffectMatrix Inc.)
TriDef 3D 6.7 (HKLM-x32\...\essentials-bundle) (Version: 6.7 - Dynamic Digital Depth Australia Pty Ltd)
Unified Remote (HKLM-x32\...\{415B4714-4F8C-49C6-B310-881EAF892CFB}_is1) (Version: 3.3.5 - Unified Intents AB)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.2 - VideoLAN)
VOX USB-MIDI Driver Tools for Windows (HKLM-x32\...\{8D189E7A-54E3-406A-8807-080C5251B7F0}) (Version: 1.15.0501 - Korg Inc.)
Vulkan Run Time Libraries 1.0.5.1 (HKLM\...\VulkanRT1.0.5.1) (Version: 1.0.5.1 - LunarG, Inc.)
Wampserver64 3.0.0 (HKLM\...\{5C1D66DE-19D8-487B-860D-2BDB4F19B0D3}_is1) (Version: 3.0.0 - Dominique Ottello aka Otomatic)
WinRAR 5.31 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.31.0 - win.rar GmbH)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {23D38261-E1A6-46A2-8134-93DBE6B3975D} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-14] (Adobe Systems Incorporated)
Task: {4514FA17-37BD-47FB-8BAB-FC407D74CA15} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-04-16] (Piriform Ltd)
Task: {4EB3CB0B-C220-417E-B355-867033CA714E} - System32\Tasks\Games\UpdateCheck_S-1-5-21-50277338-3707354177-373787972-1000
Task: {53B3ABEB-C9D9-4FDC-8ED0-F499E428B7BF} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2012-10-01] (Microsoft Corporation)
Task: {5A9F3D47-F9EB-4BEF-9DC8-806B28B9631E} - System32\Tasks\InstallShield® Update Service Scheduler => C:\Program Files (x86)\Common Files\InstallShield\updateservice\ISUSPM.exe [2016-04-20] (InstallShield®)
Task: {8409AE6F-C0C9-40F9-8EE2-46169B9C841B} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
Task: {8E30DC06-0ACB-4984-9BB6-26577EA1BF21} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)
Task: {D738360A-CD50-4BD3-9D51-EC86DE48CE9D} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2016-04-06] (Hewlett-Packard)
Task: {F17AD624-E5A7-4683-ACCB-9655EB35B8E6} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-03-16] (Hewlett-Packard)
Task: {FAD216F6-C8BD-44F3-8CA8-27E7053438A8} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\Microsoft_Hardware_Launch_vVX1000_exe.job => C:\Windows\vVX1000.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
==================== Loaded Modules (Whitelisted) ==============
 
2016-04-01 01:09 - 2016-03-22 07:55 - 00133056 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2016-03-18 22:56 - 2016-03-18 22:56 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2016-03-18 22:56 - 2016-03-18 22:56 - 01329936 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2013-07-10 19:31 - 2013-07-10 19:31 - 08865448 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2016-03-16 15:47 - 2016-03-16 15:47 - 00052912 _____ () C:\Program Files\FileZilla FTP Client\fzshellext_64.dll
2016-04-01 01:10 - 2016-03-30 06:51 - 00366528 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\MessageBus.dll
2016-04-01 01:10 - 2016-03-30 06:51 - 01147328 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\libprotobuf.dll
2016-04-01 01:10 - 2016-03-30 06:52 - 03611584 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Poco.dll
2016-04-01 01:10 - 2016-03-30 06:51 - 00288192 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamBase.dll
2016-03-19 01:40 - 2016-03-19 01:40 - 00037008 _____ () C:\Program Files\Rainmeter\Rainmeter.exe
2016-03-19 01:40 - 2016-03-19 01:40 - 01410192 _____ () C:\Program Files\Rainmeter\Rainmeter.dll
2016-03-19 01:38 - 2016-03-19 01:38 - 00233472 _____ () C:\Program Files\Rainmeter\Plugins\WebParser.dll
2016-04-01 01:10 - 2016-03-30 06:51 - 01988544 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\NvPortForwardPlugin.dll
2016-04-01 01:10 - 2016-03-30 06:51 - 02665920 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\NvMdnsPlugin.dll
2016-04-01 01:10 - 2016-03-30 06:52 - 01840576 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\RtspPlugin.dll
2016-04-01 01:10 - 2016-03-30 06:52 - 00207296 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\RtspServer.dll
2016-04-01 01:10 - 2016-03-30 06:50 - 00034240 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\boost_system-vc120-mt-1_58.dll
2016-04-01 01:10 - 2016-03-30 06:50 - 00920000 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\boost_regex-vc120-mt-1_58.dll
2016-04-01 01:10 - 2016-03-30 06:58 - 00018880 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2013-07-10 19:31 - 2013-07-10 19:31 - 08865448 _____ () C:\Program Files (x86)\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2016-04-01 11:17 - 2010-03-20 15:32 - 00027648 _____ () C:\Program Files (x86)\EventGhost\lib26\_multiprocessing.pyd
2016-04-01 11:17 - 2012-02-07 17:09 - 00110080 _____ () C:\Program Files (x86)\EventGhost\lib26\pywintypes26.dll
2016-04-01 11:17 - 2012-02-07 17:13 - 00358912 _____ () C:\Program Files (x86)\EventGhost\lib26\pythoncom26.dll
2016-04-01 11:17 - 2012-02-07 17:11 - 00098816 _____ () C:\Program Files (x86)\EventGhost\lib26\win32api.pyd
2016-04-01 11:17 - 2010-03-20 15:30 - 00093184 _____ () C:\Program Files (x86)\EventGhost\lib26\_ctypes.pyd
2016-04-01 11:17 - 2016-02-03 09:22 - 00980480 _____ () C:\Program Files (x86)\EventGhost\lib26\wx._core_.pyd
2016-04-01 11:17 - 2016-02-03 09:22 - 00745984 _____ () C:\Program Files (x86)\EventGhost\lib26\wx._gdi_.pyd
2016-04-01 11:17 - 2016-02-03 09:22 - 00670208 _____ () C:\Program Files (x86)\EventGhost\lib26\wx._windows_.pyd
2016-04-01 11:17 - 2016-02-03 09:22 - 00965632 _____ () C:\Program Files (x86)\EventGhost\lib26\wx._controls_.pyd
2016-04-01 11:17 - 2016-02-03 09:22 - 00675328 _____ () C:\Program Files (x86)\EventGhost\lib26\wx._misc_.pyd
2016-04-01 11:17 - 2010-03-20 15:28 - 00584192 _____ () C:\Program Files (x86)\EventGhost\lib26\unicodedata.pyd
2016-04-01 11:17 - 2016-02-03 09:22 - 00324096 _____ () C:\Program Files (x86)\EventGhost\lib26\_imaging.pyd
2016-04-01 11:17 - 2010-03-20 15:32 - 00010240 _____ () C:\Program Files (x86)\EventGhost\lib26\select.pyd
2016-04-01 11:17 - 2010-03-20 15:27 - 00043008 _____ () C:\Program Files (x86)\EventGhost\lib26\_socket.pyd
2016-04-01 11:17 - 2014-11-18 15:22 - 01153024 _____ () C:\Program Files (x86)\EventGhost\lib26\_ssl.pyd
2016-04-01 11:17 - 2016-02-03 07:08 - 00083968 _____ () C:\Program Files (x86)\EventGhost\lib26\site-packages\cFunctions.pyd
2016-04-01 11:17 - 2016-02-03 09:22 - 00324096 _____ () C:\Program Files (x86)\EventGhost\lib26\PIL._imaging.pyd
2016-04-01 11:17 - 2010-03-20 15:29 - 00125952 _____ () C:\Program Files (x86)\EventGhost\lib26\_elementtree.pyd
2016-04-01 11:17 - 2010-03-20 15:31 - 00127488 _____ () C:\Program Files (x86)\EventGhost\lib26\pyexpat.pyd
2016-04-01 11:17 - 2012-02-07 17:11 - 00167424 _____ () C:\Program Files (x86)\EventGhost\lib26\win32gui.pyd
2016-04-01 11:17 - 2012-02-07 17:10 - 00035840 _____ () C:\Program Files (x86)\EventGhost\lib26\win32process.pyd
2016-04-01 11:17 - 2010-03-20 15:31 - 00357376 _____ () C:\Program Files (x86)\EventGhost\lib26\_hashlib.pyd
2016-04-01 11:17 - 2012-02-07 17:11 - 00015872 _____ () C:\Program Files (x86)\EventGhost\lib26\win32trace.pyd
2016-04-01 11:17 - 2010-03-20 15:30 - 00009216 _____ () C:\Program Files (x86)\EventGhost\lib26\winsound.pyd
2016-04-01 11:17 - 2012-02-07 17:10 - 00111616 _____ () C:\Program Files (x86)\EventGhost\lib26\win32file.pyd
2016-04-01 11:17 - 2014-03-19 11:59 - 00082432 _____ () C:\Program Files (x86)\EventGhost\plugins\System\VistaVolEvents.pyd
2016-04-01 11:17 - 2016-02-03 09:22 - 00031232 _____ () C:\Program Files (x86)\EventGhost\lib26\Crypto.Cipher.AES.pyd
2016-04-11 10:57 - 2016-04-06 15:34 - 01675928 _____ () C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.112\libglesv2.dll
2016-04-11 10:57 - 2016-04-06 15:34 - 00086168 _____ () C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.112\libegl.dll
2016-04-01 01:31 - 2016-04-01 01:31 - 00017408 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\PSIClient\1a2c675b5074a22c05b2269643730767\PSIClient.ni.dll
2016-04-01 13:25 - 2012-06-25 23:11 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\Users\Antariksh\Cookies:N99w3FPsODtT2Drrqq2c89auH0T [2124]
AlternateDataStreams: C:\Users\Antariksh\AppData\Local\zC6PgZh9yPtpH:EpwgiPRjcm2Haj4i0oQScSPes [1992]
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com
 
There are 7896 more sites.
 
IE restricted site: HKU\S-1-5-21-50277338-3707354177-373787972-1000\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-50277338-3707354177-373787972-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-50277338-3707354177-373787972-1000\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-50277338-3707354177-373787972-1000\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-50277338-3707354177-373787972-1000\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-50277338-3707354177-373787972-1000\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-50277338-3707354177-373787972-1000\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-50277338-3707354177-373787972-1000\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-50277338-3707354177-373787972-1000\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-50277338-3707354177-373787972-1000\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-50277338-3707354177-373787972-1000\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-50277338-3707354177-373787972-1000\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-50277338-3707354177-373787972-1000\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-50277338-3707354177-373787972-1000\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-50277338-3707354177-373787972-1000\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-50277338-3707354177-373787972-1000\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-50277338-3707354177-373787972-1000\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-50277338-3707354177-373787972-1000\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-50277338-3707354177-373787972-1000\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-50277338-3707354177-373787972-1000\...\123simsen.com -> www.123simsen.com
 
There are 7896 more sites.
 
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-14 08:04 - 2016-04-27 23:38 - 00001203 ____N C:\Windows\system32\Drivers\etc\hosts
 
127.0.0.1 validation.sls.microsoft.com
127.0.0.1                   activate.adobe.com
127.0.0.1                   practivate.adobe.com
127.0.0.1                   na1r.services.adobe.com
127.0.0.1                   hlrcv.stage.adobe.com
127.0.0.1                   lmlicenses.wip4.adobe.com
127.0.0.1                   lm.licenses.adobe.com
0.0.0.0 keystone.mwbsys.com
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-50277338-3707354177-373787972-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Antariksh\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 202.83.20.101 - 202.83.20.12
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
MSCONFIG\startupreg: DAEMON Tools Lite Automount => "C:\Program Files\DAEMON Tools Lite\DTAgent.exe" -autorun
MSCONFIG\startupreg: EADM => "C:\Program Files (x86)\Origin\Origin.exe" -AutoStart
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: MSC => "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
MSCONFIG\startupreg: SDTray => "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\Antariksh\AppData\Roaming\Spotify\SpotifyWebHelper.exe"
MSCONFIG\startupreg: SpybotPostWindows10UpgradeReInstall => "C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe"
MSCONFIG\startupreg: Steam => "C:\Program Files (x86)\Steam\steam.exe" -silent
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{C1DFDC98-E77B-4446-A96A-ACD3F58D2B97}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{34E4C78F-7344-41E0-ACEF-66046FC54DEE}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{3EEB7D49-2A84-4406-B8D3-8AE8A5548611}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{127E1E42-40A2-4378-B506-F976D4943515}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{57647A38-ACBB-4BFB-A302-0E537463A540}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{B944C0CC-3F4E-4EBA-B962-B18BC5FA14E3}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{6E4A5634-2B48-400D-8856-A946512BB797}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{1CD8E321-6D48-400F-8D22-1FF5E43B2C4C}] => (Allow) C:\Users\Antariksh\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{4C1636BA-E6F4-41F2-AF76-57A9C4C15705}] => (Allow) C:\Users\Antariksh\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{32C46282-C92E-4B3E-813F-2A9183583D6A}] => (Allow) C:\Users\Antariksh\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{4E2C3D82-6C52-4E57-889B-6357CDFFF43F}] => (Allow) C:\Users\Antariksh\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{EE5E0C5D-9918-4974-95E9-46876D4DC304}] => (Allow) C:\Users\Antariksh\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{1A9263FF-0BD5-4DFF-AE5C-9D11A79ADE41}] => (Allow) C:\Users\Antariksh\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{2F541CE7-AB06-4975-B5FF-84A8C910CC20}] => (Allow) C:\Program Files (x86)\Adobe\Adobe Flash Builder 4.6\FlashBuilder.exe
FirewallRules: [{FDB3AA39-66A4-4741-BD07-F30817A2B291}] => (Allow) C:\Program Files (x86)\Adobe\Adobe Flash Builder 4.6\FlashBuilder.exe
FirewallRules: [{5A45E3CF-91DA-4D0F-A3B1-569D91201573}] => (Allow) LPort=7935
FirewallRules: [{24926F47-4CFF-4C54-8B01-5985C8CA488D}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{1E6FD55F-763C-4D8A-B85B-FB33F00B743B}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{448246FA-C802-4937-AE76-25E0A0D792FE}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{BB7CCE0E-62C9-4BC1-9459-8BBA53209EEB}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{BBDA847A-7188-42F3-9A56-FF9442F19E05}] => (Allow) C:\Program Files (x86)\Origin Games\FIFA 16\fifasetup\fifaconfig.exe
FirewallRules: [{E1373663-F361-400A-BA07-B60B0171AC4E}] => (Allow) C:\Program Files (x86)\Origin Games\FIFA 16\fifasetup\fifaconfig.exe
FirewallRules: [TCP Query User{812B7AC7-6F38-49B0-BBE1-4B11008E3AE4}C:\program files\android\android studio\bin\studio64.exe] => (Allow) C:\program files\android\android studio\bin\studio64.exe
FirewallRules: [UDP Query User{EA405218-6F2E-41CB-8947-DF6D3F6DF9AA}C:\program files\android\android studio\bin\studio64.exe] => (Allow) C:\program files\android\android studio\bin\studio64.exe
FirewallRules: [TCP Query User{2C8B5289-99A0-4927-A206-02EFD8E7A343}C:\program files (x86)\eventghost\eventghost.exe] => (Allow) C:\program files (x86)\eventghost\eventghost.exe
FirewallRules: [UDP Query User{F551167D-68AD-45F4-8AD6-560C17B7DE4F}C:\program files (x86)\eventghost\eventghost.exe] => (Allow) C:\program files (x86)\eventghost\eventghost.exe
FirewallRules: [{E2B482C0-81D6-41BE-9D33-EF3346B53F2D}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeCam.exe
FirewallRules: [{BD6FC134-A9A1-43E6-ACAA-16CD9A050415}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeCam.exe
FirewallRules: [{C4E97957-48D4-4E17-A207-C3C8D226B0E8}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeEnC2.exe
FirewallRules: [{8E03ABD5-56A8-4733-8CC8-8BD24B919C62}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeEnC2.exe
FirewallRules: [{4A14231D-146D-4F5A-8B0A-1378F81E82B6}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe
FirewallRules: [{5FEDBE51-0614-4C75-9662-6D7F5F75ECE1}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe
FirewallRules: [{AF49AEC1-EEE9-4789-93CB-5981F802BDA0}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeTray.exe
FirewallRules: [{F26B0519-C937-4CAB-845A-67DDDCF89C4E}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeTray.exe
FirewallRules: [TCP Query User{DE933880-755D-49A5-847F-F1839BED97A9}C:\program files\adobe\adobe premiere pro cs6\adobe premiere pro.exe] => (Block) C:\program files\adobe\adobe premiere pro cs6\adobe premiere pro.exe
FirewallRules: [UDP Query User{8D40B5F0-57C0-45B8-A40C-F0A444522BB5}C:\program files\adobe\adobe premiere pro cs6\adobe premiere pro.exe] => (Block) C:\program files\adobe\adobe premiere pro cs6\adobe premiere pro.exe
FirewallRules: [TCP Query User{45632754-0F66-4633-B692-B1856DDB7828}C:\program files\adobe\adobe after effects cs6\support files\afterfx.exe] => (Block) C:\program files\adobe\adobe after effects cs6\support files\afterfx.exe
FirewallRules: [UDP Query User{B7A54410-1A33-4889-A4C1-1ACAD7AB44C2}C:\program files\adobe\adobe after effects cs6\support files\afterfx.exe] => (Block) C:\program files\adobe\adobe after effects cs6\support files\afterfx.exe
FirewallRules: [TCP Query User{505C7021-E110-4C91-B51A-42BF113E0B41}C:\program files\adobe\adobe premiere pro cc 2015\adobe premiere pro.exe] => (Block) C:\program files\adobe\adobe premiere pro cc 2015\adobe premiere pro.exe
FirewallRules: [UDP Query User{DC9A230F-B634-46D7-83EC-A7EF2AFE53B6}C:\program files\adobe\adobe premiere pro cc 2015\adobe premiere pro.exe] => (Block) C:\program files\adobe\adobe premiere pro cc 2015\adobe premiere pro.exe
FirewallRules: [{E176D687-9754-41D1-8462-A17B463205C3}] => (Allow) C:\Program Files\HP\HP Deskjet 1000 J110 series\Bin\USBSetup.exe
FirewallRules: [{348F1034-C2AB-4D0E-91FB-6D884BA7F411}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [TCP Query User{EA907FAE-6A54-4FD9-BF49-EA9A414DEDE8}C:\program files (x86)\origin games\fifa 16\fifa16.exe] => (Allow) C:\program files (x86)\origin games\fifa 16\fifa16.exe
FirewallRules: [UDP Query User{3B22863B-4EDE-44AC-9BDA-2CF0165AA689}C:\program files (x86)\origin games\fifa 16\fifa16.exe] => (Allow) C:\program files (x86)\origin games\fifa 16\fifa16.exe
FirewallRules: [{70338178-375F-4048-BA75-1EC41FA47D8B}] => (Block) C:\program files (x86)\origin games\fifa 16\fifa16.exe
FirewallRules: [{220CBB30-237B-4C68-978A-C67BAB293F66}] => (Block) C:\program files (x86)\origin games\fifa 16\fifa16.exe
FirewallRules: [TCP Query User{8741296E-E87A-43DC-B1E9-548781D32AD2}C:\wamp64\bin\apache\apache2.4.17\bin\httpd.exe] => (Allow) C:\wamp64\bin\apache\apache2.4.17\bin\httpd.exe
FirewallRules: [UDP Query User{BE3E3BEC-BFE0-4AC0-938C-81750CCBE966}C:\wamp64\bin\apache\apache2.4.17\bin\httpd.exe] => (Allow) C:\wamp64\bin\apache\apache2.4.17\bin\httpd.exe
FirewallRules: [{7933C579-11BD-48F1-9885-958E70A8BE95}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{22B3F03A-8ED7-437A-80E4-40FCFB527154}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{89CBB5FB-FDA5-4D44-9951-0876E2858C3C}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{AC3109DE-46A8-407C-93FF-8C89D7AFF3CD}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{AC0B4CB7-0DA8-47EC-864E-AE85471A0418}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{0B65C3DA-C033-4005-B11B-A750169B850D}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [TCP Query User{43C15FFE-1A57-4522-9A09-4C9F155B3951}C:\users\antariksh\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\antariksh\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{44B3A419-AB0D-475F-9814-A08CDFF0AC68}C:\users\antariksh\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\antariksh\appdata\roaming\spotify\spotify.exe
FirewallRules: [{0A611FDC-E90B-43D1-BFDD-5C9A2E2F1589}] => (Block) C:\users\antariksh\appdata\roaming\spotify\spotify.exe
FirewallRules: [{1CDCE9BE-29AB-4D13-832D-7ACFB3BBC0F8}] => (Block) C:\users\antariksh\appdata\roaming\spotify\spotify.exe
FirewallRules: [{360FF1ED-C62B-4AC1-8F4B-406AF2F884E3}] => (Allow) C:\Program Files (x86)\Unified Remote 3\RemoteServerWin.exe
FirewallRules: [{1094971A-3C27-4309-9D92-2E9BE806E077}] => (Allow) C:\Program Files (x86)\Unified Remote 3\RemoteServerWin.exe
FirewallRules: [{EC2919A9-635D-46C6-81CE-4E387F10453E}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{A2767A7F-AD45-48A8-835E-FDEDFB09CA5F}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{8D28BA05-F0B3-47EF-B56A-972C1A1F9ADC}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{99DDB121-E168-44A8-808F-FA36A1A99750}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{60DB5C33-8B58-4703-BED6-5B9A6C2173B1}] => (Allow) C:\Program Files\KMSpico\KMSELDI.exe
FirewallRules: [{382D9525-763F-418A-8D29-B0FC70B42E02}] => (Allow) C:\Program Files\KMSpico\KMSELDI.exe
FirewallRules: [{22909AF5-C0DB-4333-AF55-4D8A8B888096}] => (Allow) C:\Program Files\KMSpico\AutoPico.exe
FirewallRules: [{E0F4CA62-DF7E-4355-971B-DFE0AC689922}] => (Allow) C:\Program Files\KMSpico\AutoPico.exe
FirewallRules: [{2B501D17-53E3-41CB-BD04-6BA00102DD1C}] => (Allow) C:\Program Files\KMSpico\Service_KMS.exe
FirewallRules: [{73037774-233E-4B63-9EF1-9B82012E74DC}] => (Allow) C:\Program Files\KMSpico\Service_KMS.exe
FirewallRules: [{915E4F65-3D17-42CC-BF44-4F20BE53750D}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{10B49D04-1B1D-4F60-9541-B5CCA8DA178C}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{5DD16661-2C3E-4249-ACD4-B8414BD52C2E}] => (Allow) LPort=1688
FirewallRules: [{DE48180E-F237-447C-817C-B48087A5BD94}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{34EC57C8-4BD4-4C90-8274-3D62E886312E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\TriDef\TriDef\TriDefMediaPlayer\TriDefMediaPlayer.exe] => Enabled:TriDef 3D Media Player
 
==================== Restore Points =========================
 
27-04-2016 18:54:42 Scheduled Checkpoint
27-04-2016 23:16:56 Windows Update
01-05-2016 12:33:33 Installed DirectX
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (05/02/2016 11:04:31 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 10031
 
Error: (05/02/2016 11:04:31 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 10031
 
Error: (05/02/2016 11:04:31 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (05/02/2016 11:04:30 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 9032
 
Error: (05/02/2016 11:04:30 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 9032
 
Error: (05/02/2016 11:04:30 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (05/02/2016 11:04:29 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 8034
 
Error: (05/02/2016 11:04:29 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 8034
 
Error: (05/02/2016 11:04:29 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (05/02/2016 11:04:28 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 7036
 
 
System errors:
=============
Error: (05/02/2016 09:09:06 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The CyberGhost 5 Client Service service failed to start due to the following error: 
%%1053
 
Error: (05/02/2016 09:09:06 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the CyberGhost 5 Client Service service to connect.
 
Error: (05/02/2016 09:06:08 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: 
%%1068
 
Error: (05/02/2016 09:06:08 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: 
%%1068
 
Error: (05/02/2016 09:06:08 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: 
%%1068
 
Error: (05/02/2016 09:06:08 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: 
%%1068
 
Error: (05/02/2016 09:06:08 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: 
%%1068
 
Error: (05/02/2016 09:06:08 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: 
%%1068
 
Error: (05/02/2016 09:06:07 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: 
%%1068
 
Error: (05/02/2016 09:06:07 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: 
%%1068
 
 
CodeIntegrity:
===================================
  Date: 2016-05-02 21:08:21.807
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\uvhid.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2016-05-02 21:08:21.807
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\uvhid.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2016-05-02 21:05:45.542
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\uvhid.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2016-05-02 21:05:45.542
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\uvhid.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2016-05-02 13:20:53.010
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\uvhid.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2016-05-02 13:20:53.010
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\uvhid.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2016-05-02 11:07:12.916
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\uvhid.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2016-05-02 11:07:12.916
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\uvhid.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2016-05-01 18:39:03.963
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\uvhid.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2016-05-01 18:39:03.963
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\uvhid.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5-2500K CPU @ 3.30GHz
Percentage of memory in use: 40%
Total physical RAM: 8169.43 MB
Available physical RAM: 4826.51 MB
Total Virtual: 16337.05 MB
Available Virtual: 11510.8 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:399.9 GB) (Free:184.2 GB) NTFS
Drive d: () (Fixed) (Total:300 GB) (Free:77.35 GB) NTFS
Drive e: () (Fixed) (Total:231.51 GB) (Free:112.02 GB) NTFS
Drive f: (DVD) (CDROM) (Total:3.82 GB) (Free:0 GB) UDF
Drive g: (Seagate Backup Plus Drive) (Fixed) (Total:931.51 GB) (Free:185.68 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: CC93D320)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=399.9 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=300 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=231.5 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (Size: 931.5 GB) (Disk ID: 13C726E0)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================

 



BC AdBot (Login to Remove)

 


#2 shelf life

shelf life

  • Malware Response Team
  • 2,680 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:12:34 PM

Posted 07 May 2016 - 09:40 AM

Hi,

 

We can try this first. Go to each of these locations below:

 

1) C:\Users\Antariksh\Documents\sds.reg

2) C:\Users\Antariksh\Documents\reg.txt

3) C:\Users\Antariksh\Documents\cc_20160428_222955.reg

 

1) Right click on the sds.reg and rename it to sds.txt

Open it in notepad and copy paste what you find in your reply. Leave it as .txt for now.

 

2) this one should open in notepad without renaming

3) right click rename as cc_20160428_222955.txt

copy/paste in your reply. You can leave them all as .txt for now.

​just want to make sure they are not legit before we remove them.

Last you can go here: C:\Users\Antariksh\AppData\Roaming\msregsvv.dll

​and delete msregsvv.dll if you can, if not we will use FRST.

The msregsvv.dll needs to go though.

 

Usually Iam only online once or twice per day so you may not get a reply back form me until the following day.


How Can I Reduce My Risk to Malware?


#3 Antariksh

Antariksh
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  

Posted 07 May 2016 - 10:46 AM

sds.reg, reg.txt, cc_20160428_222955.reg these were created by me as backups.  I have removed the msregsvv.dll as you instructed.



#4 shelf life

shelf life

  • Malware Response Team
  • 2,680 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:12:34 PM

Posted 07 May 2016 - 07:32 PM

Ok, wanted to make sure first. Lets use FRST to remove some items:

 

Copy/paste whats below into notepad. Save it as fixlist.txt in the same location you have FRST. Start FRST like before except this time click on the fix button once. Machine may reboot to finish the process. On reobot it will display a fixlog.txt which you can copy paste in your reply.

HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-50277338-3707354177-373787972-1000\...\Run: [AdobeBridge] => [X]
HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings: [ProxySettingsPerUser] 0 <======= ATTENTION (Restriction - ProxySettings)
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
C:\Users\Antariksh\AppData\Roaming\msregsvv.dll
2016-04-05 01:43 - 2016-04-16 01:46 - 0000016 _____ () C:\Users\Antariksh\AppData\Roaming\msregsvv.dll
Empty Temp:


How Can I Reduce My Risk to Malware?


#5 Antariksh

Antariksh
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  

Posted 07 May 2016 - 10:23 PM

Fix result of Farbar Recovery Scan Tool (x64) Version:07-05-2016
Ran by Antariksh (2016-05-08 08:45:43) Run:1
Running from C:\Users\Antariksh\Downloads\Programs
Loaded Profiles: Antariksh (Available Profiles: Antariksh)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-50277338-3707354177-373787972-1000\...\Run: [AdobeBridge] => [X]
HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings: [ProxySettingsPerUser] 0 <======= ATTENTION (Restriction - ProxySettings)
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
C:\Users\Antariksh\AppData\Roaming\msregsvv.dll
2016-04-05 01:43 - 2016-04-16 01:46 - 0000016 _____ () C:\Users\Antariksh\AppData\Roaming\msregsvv.dll
Empty Temp:
*****************
 
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
HKU\S-1-5-21-50277338-3707354177-373787972-1000\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge => value removed successfully
HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxySettingsPerUser => value removed successfully
VGPU => service removed successfully
"C:\Users\Antariksh\AppData\Roaming\msregsvv.dll" => not found.
"C:\Users\Antariksh\AppData\Roaming\msregsvv.dll" => not found.
EmptyTemp: => 1.1 GB temporary data Removed.
 
 
The system needed a reboot.
 
==== End of Fixlog 08:46:03 ====
 
 
 
Update
For a while the proxy wasn't there but it came back suddenly again

Edited by Antariksh, 08 May 2016 - 09:46 AM.


#6 shelf life

shelf life

  • Malware Response Team
  • 2,680 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:12:34 PM

Posted 08 May 2016 - 11:26 AM

Ok so when you say it came back suddenly, how are you noticing its back. You see a popup or you get redirected or your checking proxy settings? Could be helpful information.

 

You can also run two more tools and see if they dig up anything:

 

1) Please download adwcleaner and save to your desktop.

    http://www.bleepingcomputer.com/download/adwcleaner/

    Right click AdwCleaner.exe and select "run as admin"
    Accept the disclaimer
    Click on the Scan button.
    Once the scan is done, Click the Clean button
    Press OK when asked to close all programs and follow the onscreen prompts.
    Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
    After rebooting, a logfile report (AdwCleaner[S#].txt) will open automatically
    Copy and paste the contents of that logfile in your next reply.
    A copy of that logfile will also be saved in the C:\AdwCleaner folder.

 

2) Please download Junkware Removal Tool to your desktop.

     http://thisisudax.org/downloads/JRT.exe

    Double click the icon or Right click for Vista/W7,8 and select Run as administrator
    The tool will open and start scanning.
    Please be patient as this can take a while to complete.
    On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    Post the contents of JRT.txt into your next message


How Can I Reduce My Risk to Malware?


#7 Antariksh

Antariksh
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  

Posted 08 May 2016 - 01:16 PM

The google page when I search takes longer than usual and they open in old style of google. None of the google apps work and chrome writes waiting for proxy tunnel. That's the indication for the virus.

JRT LOG

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.6 (04.25.2016)
Operating System: Windows 7 Ultimate x64 
Ran by Antariksh (Administrator) on 08-May-16 at 23:42:00.76
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
File System: 17 
 
Failed to delete: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4NORRV2A (Temporary Internet Files Folder) 
Failed to delete: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\78M7OPL5 (Temporary Internet Files Folder) 
Failed to delete: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7LVA7CYW (Temporary Internet Files Folder) 
Failed to delete: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EEUYRY3B (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\wininit.ini (File) 
Successfully deleted: C:\Users\Antariksh\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4NORRV2A (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Antariksh\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\78M7OPL5 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Antariksh\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7LVA7CYW (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Antariksh\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9OZXQQJY (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Antariksh\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EEUYRY3B (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Antariksh\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JWZJEF51 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Antariksh\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RCW859Z0 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Antariksh\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TMZIY5AQ (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9OZXQQJY (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JWZJEF51 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RCW859Z0 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TMZIY5AQ (Temporary Internet Files Folder) 
 
 
 
Registry: 1 
 
Successfully deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\GoogleChromeAutoLaunch_46F7A3DA5C24983E8FAFD7B1DB2FB454 (Registry Value) 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 08-May-16 at 23:43:26.79
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
 
ADW LOG
# AdwCleaner v5.115 - Logfile created 08/05/2016 at 20:52:41
# Updated 01/05/2016 by Xplode
# Database : 2016-05-08.4 [Server]
# Operating system : Windows 7 Ultimate Service Pack 1 (X64)
# Username : Antariksh - ANTARIKSH-PC
# Running from : C:\Users\Antariksh\Downloads\Programs\adwcleaner_5.115.exe
# Option : Scan
 
***** [ Services ] *****
 
 
***** [ Folders ] *****
 
 
***** [ Files ] *****
 
 
***** [ DLL ] *****
 
 
***** [ WMI ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Scheduled tasks ] *****
 
 
***** [ Registry ] *****
 
 
***** [ Web browsers ] *****
 
[C:\Users\Antariksh\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Startup_URLs] Found : hxxp://in.yhs4.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_ir_15_25&param1=1&param2=f%3D1%26b%3DChrome%26cc%3Din%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzutAzzyCtDyByBtCtB0C0D0EzztDyEyC0BtN0D0Tzu0StCtByCyCtN1L2XzutAtFtCtDtFtCtDtFtBtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StB0BtBtD0F0B0FyCtGyC0ByC0FtGyDyD0B0AtGyE0CtDyEtGyByBzyyEtAtByC0ByC0B0E0B2QtN1M1F1B2Z1V1N2Y1L1Qzu2StC0C0CtDyCzz0DtDtGtD0B0FyCtGyEtCyB0EtG0ByE0C0DtG0CtCzz0AzztCyCyC0F0AtC0C2QtN0A0LzutBtN1B2Z1V1T1S1NzuyBzyzy%26cr%3D12403594%26a%3Dwncy_ir_15_25%26os%3DWindows 7 Ultimate
 
*************************
 
C:\AdwCleaner\AdwCleaner[S1].txt - [813 bytes] - [29/04/2016 18:44:01]
C:\AdwCleaner\AdwCleaner[S2].txt - [885 bytes] - [29/04/2016 19:06:00]
C:\AdwCleaner\AdwCleaner[S3].txt - [957 bytes] - [29/04/2016 19:40:15]
C:\AdwCleaner\AdwCleaner[S4].txt - [1961 bytes] - [03/05/2016 21:42:08]
C:\AdwCleaner\AdwCleaner[S5].txt - [2034 bytes] - [04/05/2016 20:29:50]
C:\AdwCleaner\AdwCleaner[S6].txt - [1687 bytes] - [08/05/2016 20:52:41]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S6].txt - [1760 bytes] ##########


#8 shelf life

shelf life

  • Malware Response Team
  • 2,680 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:12:34 PM

Posted 08 May 2016 - 06:12 PM

​Have you checked the proxy settings in Chrome and disabled them?

https://www.expressvpn.com/support/troubleshooting/google-chrome-no-proxy/


How Can I Reduce My Risk to Malware?


#9 Antariksh

Antariksh
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  

Posted 08 May 2016 - 11:42 PM

Everytime I disable the proxy settings it comes back in a day or so. Everytime it comes back around 8.30pm IST

UPDATE

It happened again same time I checked in the reg. In the AutoUrl this is automatically written : http://xn--koa.net/proxy.pac


Edited by Antariksh, 09 May 2016 - 10:18 AM.


#10 shelf life

shelf life

  • Malware Response Team
  • 2,680 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:12:34 PM

Posted 09 May 2016 - 04:58 PM

Ok so we will use FRST again, so like before:

 

Copy/paste whats below into notepad. Save it as fixlist.txt in the same location you have FRST. Start FRST like before except this time click on the fix button once. Machine may reboot to finish the process. On reobot it will display a fixlog.txt which you can copy paste in your reply.

HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings: [ProxySettingsPerUser] 0 <======= ATTENTION (Restriction - ProxySettings)
CHR StartupUrls: Default -> "hxxp://in.yhs4.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_ir_15_25&param1=1&param2=f%3D1%26b%3DChrome%26cc%3Din%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzutAzzyCtDyByBtCtB0C0D0EzztDyEyC0BtN0D0Tzu0StCtByCyCtN1L2XzutAtFtCtDtFtCtDtFtBtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StB0BtBtD0F0B0FyCtGyC0ByC0FtGyDyD0B0AtGyE0CtDyEtGyByBzyyEtAtByC0ByC0B0E0B2QtN1M1F1B2Z1V1N2Y1L1Qzu2StC0C0CtDyCzz0DtDtGtD0B0FyCtGyEtCyB0EtG0ByE0C0DtG0CtCzz0AzztCyCyC0F0AtC0C2QtN0A0LzutBtN1B2Z1V1T1S1NzuyBzyzy%26cr%3D12403594%26a%3Dwncy_ir_15_25%26os%3DWindows 7 Ultimate"
2016-05-02 13:20 - 2016-05-02 13:20 - 00000085 _____ C:\Windows\wininit.ini
2016-05-01 20:32 - 2016-05-01 20:32 - 208067898 _____ C:\Users\Antariksh\Downloads\JETHTUA4ASE.rar
2016-04-29 09:09 - 2016-04-29 09:09 - 00000020 ___SH C:\Users\Chotu\ntuser.ini
2016-04-07 15:57 - 2016-04-07 15:57 - 00000057 _____ C:\ProgramData\Ament.ini
2016-04-05 01:43 - 2016-04-16 01:46 - 00000016 _____ C:\Users\Antariksh\AppData\Roaming\msregsvv.dll
2016-04-05 01:43 - 2016-04-16 01:46 - 0000016 _____ () C:\Users\Antariksh\AppData\Roaming\msregsvv.dll
2016-04-19 01:30 - 2016-04-19 01:30 - 0001456 _____ () C:\Users\Antariksh\AppData\Local\Adobe Save for Web 13.0 Prefs
2016-04-07 15:57 - 2016-04-07 15:57 - 0000057 _____ () C:\ProgramData\Ament.ini
2016-04-05 01:43 - 2016-04-16 01:46 - 0000016 _____ () C:\ProgramData\autobk.inc
2016-04-01 13:27 - 2016-04-01 13:27 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
C:\Users\Antariksh\AppData\Local\Temp\libeay32.dll
C:\Users\Antariksh\AppData\Local\Temp\msvcr120.dll
C:\Users\Antariksh\AppData\Local\Temp\sqlite3.dll
AlternateDataStreams: C:\Users\Antariksh\Cookies:N99w3FPsODtT2Drrqq2c89auH0T [2124]
AlternateDataStreams: C:\Users\Antariksh\AppData\Local\zC6PgZh9yPtpH:EpwgiPRjcm2Haj4i0oQScSPes [1992]
Empty Temp:
Remove Proxy:

Also have you updated and run Malwarebytes lately?


How Can I Reduce My Risk to Malware?


#11 Antariksh

Antariksh
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  

Posted 10 May 2016 - 12:52 AM

Yes I have updated MWB and ran it also yesterday.
 

Fix result of Farbar Recovery Scan Tool (x64) Version:09-05-2016
Ran by Antariksh (2016-05-10 11:17:54) Run:2
Running from C:\Users\Antariksh\Downloads\Programs
Loaded Profiles: Antariksh (Available Profiles: Antariksh)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings: [ProxySettingsPerUser] 0 <======= ATTENTION (Restriction - ProxySettings)
CHR StartupUrls: Default -> "hxxp://in.yhs4.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_ir_15_25&param1=1&param2=f%3D1%26b%3DChrome%26cc%3Din%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzutAzzyCtDyByBtCtB0C0D0EzztDyEyC0BtN0D0Tzu0StCtByCyCtN1L2XzutAtFtCtDtFtCtDtFtBtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StB0BtBtD0F0B0FyCtGyC0ByC0FtGyDyD0B0AtGyE0CtDyEtGyByBzyyEtAtByC0ByC0B0E0B2QtN1M1F1B2Z1V1N2Y1L1Qzu2StC0C0CtDyCzz0DtDtGtD0B0FyCtGyEtCyB0EtG0ByE0C0DtG0CtCzz0AzztCyCyC0F0AtC0C2QtN0A0LzutBtN1B2Z1V1T1S1NzuyBzyzy%26cr%3D12403594%26a%3Dwncy_ir_15_25%26os%3DWindows 7 Ultimate"
2016-05-02 13:20 - 2016-05-02 13:20 - 00000085 _____ C:\Windows\wininit.ini
2016-05-01 20:32 - 2016-05-01 20:32 - 208067898 _____ C:\Users\Antariksh\Downloads\JETHTUA4ASE.rar
2016-04-29 09:09 - 2016-04-29 09:09 - 00000020 ___SH C:\Users\Chotu\ntuser.ini
2016-04-07 15:57 - 2016-04-07 15:57 - 00000057 _____ C:\ProgramData\Ament.ini
2016-04-05 01:43 - 2016-04-16 01:46 - 00000016 _____ C:\Users\Antariksh\AppData\Roaming\msregsvv.dll
2016-04-05 01:43 - 2016-04-16 01:46 - 0000016 _____ () C:\Users\Antariksh\AppData\Roaming\msregsvv.dll
2016-04-19 01:30 - 2016-04-19 01:30 - 0001456 _____ () C:\Users\Antariksh\AppData\Local\Adobe Save for Web 13.0 Prefs
2016-04-07 15:57 - 2016-04-07 15:57 - 0000057 _____ () C:\ProgramData\Ament.ini
2016-04-05 01:43 - 2016-04-16 01:46 - 0000016 _____ () C:\ProgramData\autobk.inc
2016-04-01 13:27 - 2016-04-01 13:27 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
C:\Users\Antariksh\AppData\Local\Temp\libeay32.dll
C:\Users\Antariksh\AppData\Local\Temp\msvcr120.dll
C:\Users\Antariksh\AppData\Local\Temp\sqlite3.dll
AlternateDataStreams: C:\Users\Antariksh\Cookies:N99w3FPsODtT2Drrqq2c89auH0T [2124]
AlternateDataStreams: C:\Users\Antariksh\AppData\Local\zC6PgZh9yPtpH:EpwgiPRjcm2Haj4i0oQScSPes [1992]
Empty Temp:
Remove Proxy:
*****************
 
HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxySettingsPerUser => value not found.
Chrome StartupUrls => removed successfully
"C:\Windows\wininit.ini" => not found.
C:\Users\Antariksh\Downloads\JETHTUA4ASE.rar => moved successfully
C:\Users\Chotu\ntuser.ini => moved successfully
C:\ProgramData\Ament.ini => moved successfully
C:\Users\Antariksh\AppData\Roaming\msregsvv.dll => moved successfully
"C:\Users\Antariksh\AppData\Roaming\msregsvv.dll" => not found.
C:\Users\Antariksh\AppData\Local\Adobe Save for Web 13.0 Prefs => moved successfully
"C:\ProgramData\Ament.ini" => not found.
C:\ProgramData\autobk.inc => moved successfully
C:\ProgramData\DP45977C.lfl => moved successfully
C:\Users\Antariksh\AppData\Local\Temp\libeay32.dll => moved successfully
C:\Users\Antariksh\AppData\Local\Temp\msvcr120.dll => moved successfully
C:\Users\Antariksh\AppData\Local\Temp\sqlite3.dll => moved successfully
"C:\Users\Antariksh\Cookies" => ":N99w3FPsODtT2Drrqq2c89auH0T" ADS not found.
C:\Users\Antariksh\AppData\Local\zC6PgZh9yPtpH => ":EpwgiPRjcm2Haj4i0oQScSPes" ADS removed successfully.
Remove Proxy: => Error: No automatic fix found for this entry.
EmptyTemp: => 508.6 MB temporary data Removed.
 
 
The system needed a reboot.
 
==== End of Fixlog 11:18:20 ====


#12 shelf life

shelf life

  • Malware Response Team
  • 2,680 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:12:34 PM

Posted 10 May 2016 - 05:54 PM

Please download RogueKillerX64.exe and save to the desktop.


    http://www.bleepingcomputer.com/download/roguekiller/dl/121/

    Close all windows and browsers
    double-click and accept the EULA
    click the Scan button in each new window. The Scan will start
    When the scan is done press the Open Report button.
    Next click the Open Txt button and copy paste the scan results in your reply
    Dont check anything to remove yet, not all shown may be malware.
    Exit RougeKiller by clicking on the red door icon at the top right of the Window.


How Can I Reduce My Risk to Malware?


#13 Antariksh

Antariksh
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  

Posted 11 May 2016 - 02:39 AM

RogueKiller V12.2.0.0 [May 10 2016] (Free) by Adlice Software
 
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Antariksh [Administrator]
Started from : C:\Users\Antariksh\Downloads\Programs\RogueKiller_2.exe
Mode : Scan -- Date : 05/11/2016 13:07:52
 
¤¤¤ Processes : 0 ¤¤¤
 
¤¤¤ Registry : 7 ¤¤¤
[PUM.Proxy] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 202.83.20.101 202.83.20.12 ([-][India])  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 202.83.20.101 202.83.20.12 ([-][India])  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters | DhcpNameServer : 202.83.20.101 202.83.20.12 ([-][India])  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{4FB5A4D5-DA58-49B4-911B-6C159843F02A} | DhcpNameServer : 202.83.20.101 202.83.20.12 ([-][India])  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{4FB5A4D5-DA58-49B4-911B-6C159843F02A} | DhcpNameServer : 202.83.20.101 202.83.20.12 ([-][India])  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{4FB5A4D5-DA58-49B4-911B-6C159843F02A} | DhcpNameServer : 202.83.20.101 202.83.20.12 ([-][India])  -> Found
 
¤¤¤ Tasks : 0 ¤¤¤
 
¤¤¤ Files : 0 ¤¤¤
 
¤¤¤ Hosts File : 0 ¤¤¤
 
¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000036b]) ¤¤¤
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: ATA ST1000DM003-1ER1 SCSI Disk Device +++++
--- User ---
[MBR] 5fd06eaf274e0055cc6fafa55a046f1a
[BSP] 23aca99e9966b91f3d722d0d4bd7a1dc : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 409499 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 838860800 | Size: 307200 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
3 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 1468006400 | Size: 237068 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK
 
+++++ PhysicalDrive1: Seagate Backup+ BK USB Device +++++
--- User ---
[MBR] f5179d78a8ba956924a56aa625a8464d
[BSP] 9ba1cfa52994ef9331e75953979debfa : Empty|VT.Unknown MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 953868 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
Error reading LL2 MBR! ([32] The request is not supported. )


#14 shelf life

shelf life

  • Malware Response Team
  • 2,680 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:12:34 PM

Posted 11 May 2016 - 04:56 PM

Those DNS setting from Roguekiller look ok. Maybe something is downloading and reinstalliing the script. You said it happens at a certain time. Maybe you could add the URL to your host file: xn--koa.net

 

You know cracks and kegens etc are popular for carrying malware payloads. Also software installs can carry unwanted add ons.

 

Go to start and type in regedit in the search field. When registry editor opens at the top go to: Edit> Find and copy/paste in: DefaultConnectionSettings

In the right hand window click on DefaultConnectionSettings. Do you see a proxy in the data? You can also use regedit to search for koa--.net.

 

Lets also use FRST once more, so like before:

 

Copy/paste whats below into notepad. Save it as fixlist.txt in the same location you have FRST. Start FRST like before except this time click on the fix button once. Machine may reboot to finish the process. On reobot it will display a fixlog.txt which you can copy paste in your reply

Task: {4EB3CB0B-C220-417E-B355-867033CA714E} - System32\Tasks\Games\UpdateCheck_S-1-5-21-50277338-3707354177-373787972-1000

How Can I Reduce My Risk to Malware?





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users