Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Browser keeps redirecting to Tradexhange


  • This topic is locked This topic is locked
11 replies to this topic

#1 coredump

coredump

  • Members
  • 7 posts
  • OFFLINE
  •  

Posted 29 June 2016 - 01:51 AM

My browser keeps redirecting to Tradexhange and sometimes other websites. Happens frequently, but not always when I click some link on any webpage

 

Searched the forum, found some posts. Tired various things like Zemana AntiMalware, MalwareByte. but it doesn't seem to resolve the issue. Google search of this issue gives some suspicions results from spy hunter.  Please help

 

Logs:

FRST

----------------

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 28-06-2016
Ran by NewUsername (administrator) on RAMACHANDER-PC (29-06-2016 12:03:01)
Running from C:\Users\NewUsername\Downloads
Loaded Profiles: NewUsername (Available Profiles: Maithree Venkatesan & Yamini Venkatesan & NewUsername & rames & Guest & DefaultAppPool)
Platform: Windows 10 Home Version 1511 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(Amazon Inc.) C:\Program Files (x86)\Amazon\Amazon1ButtonApp\Amazon1ButtonService64.Exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(Motorola) C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Zemana Ltd.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
(Zemana Ltd.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Google, Inc) C:\Users\NewUsername\AppData\Local\Programs\Google\Google Photos Backup\Google Photos Backup.exe
(Vimicro) C:\Program Files (x86)\USB Camera\VM331STI.EXE
(CyberLink) C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
(WinZip Computing, S.L.) C:\Program Files\WinZip\FAHWindow64.exe
() C:\Program Files (x86)\Canon\ImageBrowser EX\MFManager.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.11.334\SSScheduler.exe
(WinZip Computing, S.L.) C:\Program Files\WinZip\WZUpdateNotifier.exe
(WinZip Computing, S.L.) C:\Program Files\WinZip\WzPreloader.exe
(Wondershare) C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.30.3\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.30.3\GoogleCrashHandler64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeHost.exe
() C:\Program Files\WindowsApps\61545TimGrabinat.wAPPerforGmail_1.1.12.0_x64__rcb0qdgx4z9ca\wAPPer for Gmail.exe
() C:\Program Files (x86)\Jagannatha Hora\bin\jhora.exe
(DOSBox Team) C:\Program Files (x86)\DOSBox-0.74\DOSBox.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.ZuneVideo_3.6.17801.0_x64__8wekyb3d8bbwe\Video.UI.exe
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.526.11220.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
() C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1601.49020.0_x64__8wekyb3d8bbwe\Calculator.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_2016.29.13.0_x64__8wekyb3d8bbwe\WinStore.Mobile.exe
(Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [Lenovo EE Boot Optimizer] => C:\Program Files (x86)\Lenovo\Boot Optimizer\PopWnd.exe [114688 2012-01-12] (Lenovo)
HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [9753024 2012-01-12] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [5908928 2012-01-12] (Lenovo(beijing) Limited)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3952800 2015-08-21] (Synaptics Incorporated)
HKLM\...\Run: [ZAM] => C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [13708016 2016-06-28] (Zemana Ltd.)
HKLM-x32\...\Run: [331BigDog] => C:\Program Files (x86)\USB Camera\VM331STI.EXE [561672 2015-06-12] (Vimicro)
HKLM-x32\...\Run: [YouCam Mirage] => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [136488 2011-01-29] (CyberLink)
HKLM-x32\...\Run: [YouCam Tray] => C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe [228448 2011-01-29] (CyberLink Corp.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [UpdatePRCShortCut] => C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe [222504 2009-05-13] (CyberLink Corp.)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2072928 2014-10-31] (Wondershare)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [24105936 2016-06-14] (Dropbox, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596504 2016-04-01] (Oracle Corporation)
HKLM-x32\...\RunOnce: [Hehotefad] => C:\WINDOWS\SysWOW64\wscript.exe /E:vbscript /B "C:\Users\RAMACH~1\AppData\Local\28C17C~1\Mesogode.dat"
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3004085564-4243055889-3556216080-1005\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [23496872 2016-05-17] (Google)
HKU\S-1-5-21-3004085564-4243055889-3556216080-1005\...\Run: [Google Update] => C:\Users\NewUsername\AppData\Local\Google\Update\GoogleUpdate.exe [154440 2016-03-13] (Google Inc.)
HKU\S-1-5-21-3004085564-4243055889-3556216080-1005\...\Run: [Google Photos Backup] => C:\Users\NewUsername\AppData\Local\Programs\Google\Google Photos Backup\Google Photos Backup.exe [3790936 2016-04-09] (Google, Inc)
HKU\S-1-5-21-3004085564-4243055889-3556216080-1005\...\Run: [Spybot-S&D Cleaning] => C:\Users\NewUsername\Downloads\SpybotPortable\App\Spybot\SDCleaner.exe [4594552 2015-06-17] (Safer-Networking Ltd.)
HKU\S-1-5-21-3004085564-4243055889-3556216080-1005\...\RunOnce: [Uninstall C:\Users\NewUsername\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\NewUsername\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64"
HKU\S-1-5-21-3004085564-4243055889-3556216080-1005\...\RunOnce: [Uninstall C:\Users\NewUsername\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\NewUsername\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\amd64"
HKU\S-1-5-21-3004085564-4243055889-3556216080-1005\...\RunOnce: [Uninstall C:\Users\NewUsername\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\NewUsername\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\amd64"
HKU\S-1-5-21-3004085564-4243055889-3556216080-1005\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\Bubbles.scr [805888 2015-10-30] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-05-17] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-05-17] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-05-17] (Google)
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-06-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-06-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-06-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-06-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-06-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-06-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-06-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-06-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\NewUsername\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64\FileSyncShell64.dll [2016-05-24] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\NewUsername\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64\FileSyncShell64.dll [2016-05-24] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\NewUsername\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64\FileSyncShell64.dll [2016-05-24] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} =>  No File
ShellIconOverlayIdentifiers: [VeriFace Enc] -> {771C7324-DA80-49D3-8017-753B0AF60951} => C:\windows\system32\IcnOvrly.dll [2012-01-12] ()
ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-06-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-06-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-06-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-06-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-06-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-06-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-06-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-06-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\NewUsername\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\FileSyncShell.dll [2016-05-24] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\NewUsername\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\FileSyncShell.dll [2016-05-24] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\NewUsername\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\FileSyncShell.dll [2016-05-24] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-06-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-06-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-06-14] (Dropbox, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FAH.lnk [2016-06-12]
ShortcutTarget: FAH.lnk -> C:\Program Files\WinZip\FAHConsole.exe (WinZip Computing, S.L.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ImageBrowser EX Agent.lnk [2014-07-01]
ShortcutTarget: ImageBrowser EX Agent.lnk -> C:\Program Files (x86)\Canon\ImageBrowser EX\MFManager.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2016-06-25]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.334\SSScheduler.exe (McAfee, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Update Notifier.lnk [2016-06-12]
ShortcutTarget: Update Notifier.lnk -> C:\Program Files\WinZip\WZUpdateNotifier.exe (WinZip Computing, S.L.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Preloader.lnk [2016-06-12]
ShortcutTarget: WinZip Preloader.lnk -> C:\Program Files\WinZip\WzPreloader.exe (WinZip Computing, S.L.)
Startup: C:\Users\ramachander\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk [2014-08-04]
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
BootExecute: autocheck autochk * bootdelete
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: 0.0.0.1 mssplus.mcafee.com
Tcpip\Parameters: [DhcpNameServer] 10.0.0.1
Tcpip\..\Interfaces\{257ccb6f-a597-4325-980b-a1fdea8e4e18}: [NameServer] 10.174.81.84,10.174.81.85
Tcpip\..\Interfaces\{f1f46def-afe9-4d87-a216-e9c813f920de}: [DhcpNameServer] 10.0.0.1
 
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKU\S-1-5-21-3004085564-4243055889-3556216080-1005\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.amazon.com/gp/bit/amazonserp/ref=bit_bds-p17_serp_ie_us_display?ie=UTF8&tagbase=bds-p17&tbrId=v1_abb-channel-17_34fb1a93_1201_1403_20160504_IN_ie_sp_
SearchScopes: HKLM -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-23] (Google Inc.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\ssv.dll [2016-05-04] (Oracle Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-23] (Google Inc.)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-05-04] (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-23] (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-23] (Google Inc.)
Toolbar: HKU\S-1-5-21-3004085564-4243055889-3556216080-1005 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-23] (Google Inc.)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll [2014-09-10] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll [2014-09-10] ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-10-13] (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-05-04] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-05-04] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-10-01] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3004085564-4243055889-3556216080-1005: @tools.google.com/Google Update;version=3 -> C:\Users\NewUsername\AppData\Local\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.)
FF Plugin HKU\S-1-5-21-3004085564-4243055889-3556216080-1005: @tools.google.com/Google Update;version=9 -> C:\Users\NewUsername\AppData\Local\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.)
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-07-14] [not signed]
 
Chrome: 
=======
CHR HomePage: Default -> amazon.com/websearch/?ie=UTF8__PARAM__
CHR Profile: C:\Users\NewUsername\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (IRCTC Easy Book) - C:\Users\NewUsername\AppData\Local\Google\Chrome\User Data\Default\Extensions\ahdmnckpgiahccdbfhdpemiaggfcnbhe [2016-06-13]
CHR Extension: (Google Drive) - C:\Users\NewUsername\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-04-10]
CHR Extension: (Radio stations from India) - C:\Users\NewUsername\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkbpppehameilhjmdmomimmmhjomdcnp [2016-06-13]
CHR Extension: (Polarr Photo Editor 3) - C:\Users\NewUsername\AppData\Local\Google\Chrome\User Data\Default\Extensions\djonnbgfieijldcieafgjcnhmpcfpmgg [2016-06-15]
CHR Extension: (Google+) - C:\Users\NewUsername\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlppkpafhbajpcmmoheippocdidnckmm [2016-06-13]
CHR Extension: (WifiTransfer - Instant wireless file transfer) - C:\Users\NewUsername\AppData\Local\Google\Chrome\User Data\Default\Extensions\ebmnhcblgohjilfjffdkfikgpakhgajc [2016-06-13]
CHR Extension: (Kindle Cloud Reader) - C:\Users\NewUsername\AppData\Local\Google\Chrome\User Data\Default\Extensions\eidmeomeandibmjodiebnhjlnmpoenph [2016-06-13]
CHR Extension: (IRCTC Alerter) - C:\Users\NewUsername\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgmplgibbofdmkbffmpckfgodfbdgbkc [2016-06-13]
CHR Extension: (Chrome Remote Desktop) - C:\Users\NewUsername\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp [2016-06-13]
CHR Extension: (Google Docs Offline) - C:\Users\NewUsername\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-04-10]
CHR Extension: (AdBlock development build) - C:\Users\NewUsername\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-06-28]
CHR Extension: (Google Photos) - C:\Users\NewUsername\AppData\Local\Google\Chrome\User Data\Default\Extensions\hcglmfcclpfgljeaiahehebeoaiicbko [2016-06-13]
CHR Extension: (Flipkart) - C:\Users\NewUsername\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmnegdckgeaiilanmiamogoamplmohah [2016-06-13]
CHR Extension: (Google Hangouts) - C:\Users\NewUsername\AppData\Local\Google\Chrome\User Data\Default\Extensions\knipolnnllmklapflnccelgolnpehhpl [2016-06-29]
CHR Extension: (Webcam Toy) - C:\Users\NewUsername\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfbgimoladefibpklnfmkpknadbklade [2016-06-13]
CHR Extension: (Skype) - C:\Users\NewUsername\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2016-05-24]
CHR Extension: (IRCTC Tatkal Autofill plugin - Free) - C:\Users\NewUsername\AppData\Local\Google\Chrome\User Data\Default\Extensions\mddngdokajnbjjiknbjbcejmbhgmbicp [2016-06-13]
CHR Extension: (Google Hangouts) - C:\Users\NewUsername\AppData\Local\Google\Chrome\User Data\Default\Extensions\nckgahadagoaajjgafhacjanaoiihapd [2016-06-13]
CHR Extension: (OneDrive) - C:\Users\NewUsername\AppData\Local\Google\Chrome\User Data\Default\Extensions\nffchahhjecejoiigmnhhicpoabngedk [2016-06-13]
CHR Extension: (Chrome Web Store Payments) - C:\Users\NewUsername\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-10]
CHR Extension: (IRCTC Magic Autofill) - C:\Users\NewUsername\AppData\Local\Google\Chrome\User Data\Default\Extensions\nngnpeogocbffohonknibfgpdheagajk [2016-06-13]
CHR Extension: (Fotor's Collage Maker) - C:\Users\NewUsername\AppData\Local\Google\Chrome\User Data\Default\Extensions\pekoadgpkajdflcemkdbjlnpjcmcdlfj [2016-06-24]
CHR Extension: (Psykopaint) - C:\Users\NewUsername\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgjchkcfmigkkhedgjedmffdepgmpfil [2016-06-13]
CHR Extension: (Flipkart Offers) - C:\Users\NewUsername\AppData\Local\Google\Chrome\User Data\Default\Extensions\pifehdfjfopcdaoeoinohccifchpgldh [2016-06-23]
CHR HKLM\...\Chrome\Extension: [ajcmdlkeklfmbjffnlofgfkjcnpfckab] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-3004085564-4243055889-3556216080-1005\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\NEWUSE~1\AppData\Local\Google\Drive\user_default\apdfllckaahabafndbhieahigkjlhalf_live.crx [2016-04-10]
CHR HKU\S-1-5-21-3004085564-4243055889-3556216080-1005\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-3004085564-4243055889-3556216080-1005\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [ooebgdicanjhnamfmdlmlbcnkgehkkmf] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [ajcmdlkeklfmbjffnlofgfkjcnpfckab] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2015-05-01]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 Amazon 1Button App Service; C:\Program Files (x86)\Amazon\Amazon1ButtonApp\Amazon1ButtonService64.Exe [436032 2016-02-17] (Amazon Inc.)
S3 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1394816 2015-05-01] (Microsoft Corporation)
S3 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1772672 2015-05-01] (Microsoft Corporation)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2015-12-14] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2015-12-14] (Dropbox, Inc.)
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [135496 2016-06-28] (SurfRight B.V.)
S3 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [89840 2015-03-28] (Hewlett-Packard Company)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.334\McCHSvc.exe [293128 2016-05-31] (McAfee, Inc.)
S3 NETGEARGenieDaemon; C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe [232192 2015-06-02] (NETGEAR)
R2 PST Service; C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [65657 2011-09-02] (Motorola) [File not signed]
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [247968 2015-08-21] (Synaptics Incorporated)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)
R2 ZAMSvc; C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [13708016 2016-06-28] (Zemana Ltd.)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 athr; C:\Windows\System32\drivers\athwnx.sys [4207104 2015-10-30] (Qualcomm Atheros Communications, Inc.)
R1 avgtp; C:\windows\system32\drivers\avgtpx64.sys [50976 2014-08-12] (AVG Technologies)
S3 dg_ssudbus; C:\Windows\system32\DRIVERS\ssudbus.sys [129152 2016-04-25] (Samsung Electronics Co., Ltd.)
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2016-06-28] ()
S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2016-06-28] (Malwarebytes)
R1 MpKslc6be5fd1; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{E98CF9E7-1935-4943-9EB4-0D74A721EC78}\MpKslc6be5fd1.sys [44928 2016-06-29] (Microsoft Corporation)
R2 NPF; C:\windows\system32\drivers\npf.sys [35344 2015-09-13] (CACE Technologies, Inc.)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [44192 2015-08-21] (Synaptics Incorporated)
S3 ssudmdm; C:\Windows\system32\DRIVERS\ssudmdm.sys [221824 2016-04-25] (Samsung Electronics Co., Ltd.)
R3 vm331avs; C:\Windows\System32\Drivers\vm331avs.sys [802312 2015-06-12] (Vimicro Corporation)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
S3 wmbclass; C:\Windows\System32\drivers\wmbclass.sys [303104 2015-10-30] (Microsoft Corporation)
R1 ZAM; C:\WINDOWS\System32\drivers\zam64.sys [203680 2016-06-28] (Zemana Ltd.)
R1 ZAM_Guard; C:\WINDOWS\System32\drivers\zamguard64.sys [203680 2016-06-28] (Zemana Ltd.)
U3 idsvc; no ImagePath
U3 wpcsvc; no ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-06-29 12:03 - 2016-06-29 12:04 - 00031292 _____ C:\Users\NewUsername\Downloads\FRST.txt
2016-06-29 12:02 - 2016-06-29 12:03 - 00000000 ____D C:\FRST
2016-06-29 11:55 - 2016-06-29 12:02 - 02389504 _____ (Farbar) C:\Users\NewUsername\Downloads\FRST64.exe
2016-06-29 01:24 - 2016-06-29 01:24 - 00001145 _____ C:\Users\Public\Desktop\Zemana AntiMalware.lnk
2016-06-29 01:23 - 2016-06-29 01:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiMalware
2016-06-28 23:09 - 2016-06-28 23:09 - 00000000 _____ C:\autoexec.bat
2016-06-28 22:44 - 2016-06-28 22:44 - 00022704 _____ C:\WINDOWS\system32\Drivers\EsgScanner.sys
2016-06-28 22:10 - 2016-06-29 12:03 - 01223025 _____ C:\WINDOWS\ZAM.krnl.trace
2016-06-28 22:10 - 2016-06-29 12:02 - 00186306 _____ C:\WINDOWS\ZAM_Guard.krnl.trace
2016-06-28 22:10 - 2016-06-28 22:10 - 00203680 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zamguard64.sys
2016-06-28 22:10 - 2016-06-28 22:10 - 00203680 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zam64.sys
2016-06-28 22:09 - 2016-06-29 01:24 - 00000000 ____D C:\Program Files (x86)\Zemana AntiMalware
2016-06-28 22:09 - 2016-06-28 22:09 - 00000000 ____D C:\Users\NewUsername\AppData\Local\Zemana
2016-06-28 22:05 - 2016-06-28 22:09 - 05601720 _____ ( ) C:\Users\NewUsername\Downloads\Zemana.AntiMalware.Setup.exe
2016-06-28 22:04 - 2016-06-28 22:07 - 03482800 _____ (Enigma Software Group USA, LLC.) C:\Users\NewUsername\Downloads\SpyHunter-Installer.exe
2016-06-28 17:33 - 2016-06-28 22:24 - 00000000 ____D C:\AdwCleaner
2016-06-28 15:57 - 2016-06-28 15:58 - 00280396 _____ C:\WINDOWS\Minidump\062816-26328-01.dmp
2016-06-28 14:19 - 2016-06-28 14:19 - 00382250 _____ C:\WINDOWS\system32\.crusader
2016-06-28 13:10 - 2016-06-28 15:05 - 00000000 ____D C:\ProgramData\HitmanPro
2016-06-28 13:10 - 2016-06-28 13:10 - 00001966 _____ C:\Users\Public\Desktop\HitmanPro.lnk
2016-06-28 13:10 - 2016-06-28 13:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2016-06-28 13:10 - 2016-06-28 13:10 - 00000000 ____D C:\Program Files\HitmanPro
2016-06-28 13:03 - 2016-06-28 14:27 - 00079564 _____ C:\Users\NewUsername\Downloads\Zemana.AntiMalware.Setup.exe.s2vfxvz.partial
2016-06-28 12:56 - 2016-06-28 17:32 - 03703360 _____ C:\Users\NewUsername\Downloads\adwcleaner_5.200.exe
2016-06-28 12:52 - 2016-06-28 13:09 - 11438608 _____ (SurfRight B.V.) C:\Users\NewUsername\Downloads\hitmanpro_x64.exe
2016-06-28 12:47 - 2016-06-28 12:49 - 00270736 _____ C:\TDSSKiller.3.1.0.9_28.06.2016_12.47.04_log.txt
2016-06-28 12:30 - 2016-06-28 12:30 - 01106888 _____ (Bleeping Computer, LLC) C:\Users\NewUsername\Downloads\rkill64.exe
2016-06-28 12:25 - 2016-06-28 12:25 - 00000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2016-06-28 11:51 - 2016-06-28 11:51 - 00000000 _____ C:\WINDOWS\Minidump\062816-32375-01.dmp
2016-06-28 11:50 - 2016-06-28 11:50 - 00000000 _____ C:\Users\NewUsername\Downloads\Unconfirmed 355619.crdownload
2016-06-28 11:48 - 2016-06-28 11:48 - 06761451 _____ (SurfRight B.V.) C:\Users\NewUsername\Downloads\Unconfirmed 996268.crdownload
2016-06-28 10:18 - 2016-06-28 10:21 - 00272052 _____ C:\TDSSKiller.3.1.0.9_28.06.2016_10.18.34_log.txt
2016-06-28 10:03 - 2016-06-28 10:03 - 00000110 _____ C:\WINDOWS\wininit.ini
2016-06-28 08:05 - 2016-06-28 12:52 - 00002092 _____ C:\Users\NewUsername\Desktop\Rkill.txt
2016-06-28 08:04 - 2016-06-28 08:05 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\NewUsername\Downloads\rkill.exe
2016-06-28 08:01 - 2016-06-28 10:18 - 04727984 _____ (Kaspersky Lab ZAO) C:\Users\NewUsername\Downloads\tdsskiller.exe
2016-06-27 23:42 - 2016-06-27 23:43 - 00000000 ____D C:\Users\NewUsername\Downloads\SpybotPortable
2016-06-27 22:08 - 2016-06-27 23:42 - 119710544 _____ (PortableApps.com) C:\Users\NewUsername\Downloads\SpybotPortable_2.5.paf.exe
2016-06-27 20:31 - 2016-06-27 20:33 - 00037376 _____ C:\Users\NewUsername\Downloads\08 Jul Ramachander (5).xls
2016-06-27 20:27 - 2016-06-27 20:28 - 00037376 _____ C:\Users\NewUsername\Downloads\08 Jul Ramachander (4).xls
2016-06-27 20:25 - 2016-06-27 20:25 - 00037376 _____ C:\Users\NewUsername\Downloads\08 Jul Ramachander (3).xls
2016-06-27 20:25 - 2016-06-27 20:25 - 00037376 _____ C:\Users\NewUsername\Downloads\08 Jul Ramachander (2).xls
2016-06-27 20:21 - 2016-06-27 20:22 - 00037376 _____ C:\Users\NewUsername\Desktop\iyer caterer.xls
2016-06-27 20:20 - 2016-06-27 20:20 - 00037376 _____ C:\Users\NewUsername\Downloads\08 Jul Ramachander (1).xls
2016-06-27 20:19 - 2016-06-27 20:19 - 00037376 _____ C:\Users\NewUsername\Downloads\08 Jul Ramachander.xls
2016-06-27 11:36 - 2016-06-27 11:36 - 00000000 ____D C:\Users\rames\AppData\Local\CUSTPDF Writer
2016-06-27 10:40 - 2016-06-27 10:40 - 00000000 ____D C:\Users\rames\AppData\Local\MicrosoftEdge
2016-06-25 21:31 - 2016-06-25 21:31 - 02127610 _____ C:\Users\NewUsername\Desktop\apastamba__dharma_grihya_sutras.pdf
2016-06-25 19:23 - 2016-06-25 19:23 - 00002009 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2016-06-25 19:23 - 2016-06-25 19:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
2016-06-25 06:02 - 2016-06-25 06:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2016-06-24 21:36 - 2016-06-24 21:36 - 00000000 ____D C:\Users\rames\AppData\Local\NetworkTiles
2016-06-24 13:47 - 2016-06-24 13:47 - 00007601 _____ C:\Users\NewUsername\AppData\Local\Resmon.ResmonCfg
2016-06-24 09:12 - 2016-06-24 09:12 - 00000000 ____D C:\Users\rames\AppData\Local\Publishers
2016-06-24 08:59 - 2016-06-24 09:09 - 00002411 _____ C:\Users\rames\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2016-06-24 08:59 - 2016-06-24 09:09 - 00000000 ___RD C:\Users\rames\OneDrive
2016-06-24 08:57 - 2016-06-24 08:57 - 00000000 ____D C:\Users\rames\AppData\Local\Dropbox
2016-06-24 08:56 - 2016-06-24 08:56 - 00000000 ____D C:\Users\rames\AppData\Local\Wondershare
2016-06-24 08:56 - 2016-06-24 08:56 - 00000000 ____D C:\Users\rames\AppData\Local\WinZip
2016-06-24 08:56 - 2016-06-24 08:56 - 00000000 ____D C:\Users\rames\AppData\Local\Comms
2016-06-24 08:56 - 2016-06-24 08:56 - 00000000 ____D C:\Users\rames\AppData\Local\ActiveSync
2016-06-24 08:54 - 2016-06-27 11:37 - 00000000 ____D C:\Users\rames\AppData\Local\Packages
2016-06-24 08:54 - 2016-06-24 08:54 - 00000000 ____D C:\Users\rames\AppData\Roaming\Adobe
2016-06-24 08:54 - 2016-06-24 08:54 - 00000000 ____D C:\Users\rames\AppData\Local\VirtualStore
2016-06-24 08:54 - 2016-06-24 08:54 - 00000000 ____D C:\Users\rames\AppData\Local\TileDataLayer
2016-06-24 08:53 - 2016-06-28 18:56 - 00000000 ____D C:\Users\rames
2016-06-24 08:53 - 2016-06-24 22:06 - 00000000 ____D C:\Users\rames\AppData\Local\Google
2016-06-24 08:53 - 2016-06-24 08:56 - 00002046 _____ C:\Users\rames\Desktop\OneKey Recovery.lnk
2016-06-24 08:53 - 2016-06-24 08:56 - 00000000 ____D C:\Users\rames\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lenovo
2016-06-24 08:53 - 2016-06-24 08:53 - 00000020 ___SH C:\Users\rames\ntuser.ini
2016-06-24 08:53 - 2016-06-24 08:53 - 00000000 _SHDL C:\Users\rames\My Documents
2016-06-24 08:53 - 2016-06-24 08:53 - 00000000 _SHDL C:\Users\rames\Documents\My Videos
2016-06-24 08:53 - 2016-06-24 08:53 - 00000000 _SHDL C:\Users\rames\Documents\My Pictures
2016-06-24 08:53 - 2016-06-24 08:53 - 00000000 _SHDL C:\Users\rames\Documents\My Music
2016-06-24 08:53 - 2015-12-02 23:58 - 00000000 ____D C:\Users\rames\AppData\Roaming\Media Center Programs
2016-06-24 08:53 - 2015-12-02 23:58 - 00000000 ____D C:\Users\rames\AppData\LocalGoogle
2016-06-24 08:53 - 2015-12-02 23:58 - 00000000 ____D C:\Users\rames\AppData\Local\Microsoft Help
2016-06-24 08:53 - 2010-12-19 11:01 - 00000189 _____ C:\Users\rames\Desktop\Lenovo Telephony Start Now.url
2016-06-24 04:38 - 2016-06-24 04:55 - 00000000 ____D C:\Users\NewUsername\AppData\Roaming\Skype
2016-06-24 04:38 - 2016-06-24 04:38 - 00000000 ____D C:\Users\NewUsername\AppData\Local\Skype
2016-06-22 17:46 - 2016-06-22 17:47 - 00280172 _____ C:\WINDOWS\Minidump\062216-55828-01.dmp
2016-06-20 16:03 - 2016-06-20 16:03 - 00433102 _____ C:\Users\Maithree Venkatesan\Downloads\photoshop_template.psd
2016-06-20 16:02 - 2016-06-20 16:02 - 04833729 _____ C:\Users\Maithree Venkatesan\Downloads\geofilter_template.ai
2016-06-19 06:16 - 2016-06-19 06:16 - 01082049 _____ C:\Users\NewUsername\Downloads\Horoscope-LEKHA HOROSCOPE.pdf
2016-06-17 14:49 - 2016-06-17 14:49 - 00119980 _____ C:\WINDOWS\Minidump\061716-27296-01.dmp
2016-06-16 14:53 - 2016-05-28 10:27 - 01594416 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2016-06-16 14:53 - 2016-05-28 10:27 - 01372312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2016-06-16 14:53 - 2016-05-28 09:59 - 00045568 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2016-06-16 14:53 - 2016-05-28 09:57 - 00050176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosHostClient.dll
2016-06-16 14:53 - 2016-05-28 09:52 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapsBtSvc.dll
2016-06-16 14:53 - 2016-05-28 09:52 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosStorage.dll
2016-06-16 14:53 - 2016-05-28 09:49 - 24605696 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-06-16 14:53 - 2016-05-28 09:48 - 00460800 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll
2016-06-16 14:53 - 2016-05-28 09:45 - 01056256 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpMapControl.dll
2016-06-16 14:53 - 2016-05-28 09:45 - 00853504 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2016-06-16 14:53 - 2016-05-28 09:45 - 00349696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapConfiguration.dll
2016-06-16 14:53 - 2016-05-28 09:44 - 00988160 _____ (Microsoft Corporation) C:\WINDOWS\system32\NMAA.dll
2016-06-16 14:53 - 2016-05-28 09:44 - 00606208 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2016-06-16 14:53 - 2016-05-28 09:42 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JpMapControl.dll
2016-06-16 14:53 - 2016-05-28 09:41 - 00784896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NMAA.dll
2016-06-16 14:53 - 2016-05-28 09:41 - 00711680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlCore.dll
2016-06-16 14:53 - 2016-05-28 09:41 - 00504320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2016-06-16 14:53 - 2016-05-28 09:38 - 06295552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2016-06-16 14:53 - 2016-05-28 09:36 - 07200256 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2016-06-16 14:53 - 2016-05-28 09:33 - 05205504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2016-06-16 14:52 - 2016-05-28 11:43 - 01401024 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2016-06-16 14:52 - 2016-05-28 11:43 - 00046784 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2016-06-16 14:52 - 2016-05-28 10:37 - 00808288 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2016-06-16 14:52 - 2016-05-28 10:37 - 00703840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2016-06-16 14:52 - 2016-05-28 10:28 - 00379232 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2016-06-16 14:52 - 2016-05-28 10:27 - 00636304 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2016-06-16 14:52 - 2016-05-28 10:27 - 00546456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2016-06-16 14:52 - 2016-05-28 10:27 - 00316256 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2016-06-16 14:52 - 2016-05-28 10:05 - 00123392 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdlrecover.exe
2016-06-16 14:52 - 2016-05-28 10:05 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsCSP.dll
2016-06-16 14:52 - 2016-05-28 10:01 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosHostClient.dll
2016-06-16 14:52 - 2016-05-28 09:59 - 22379008 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-06-16 14:52 - 2016-05-28 09:58 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll
2016-06-16 14:52 - 2016-05-28 09:57 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\mapsupdatetask.dll
2016-06-16 14:52 - 2016-05-28 09:56 - 00120320 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsBtSvc.dll
2016-06-16 14:52 - 2016-05-28 09:56 - 00074752 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosStorage.dll
2016-06-16 14:52 - 2016-05-28 09:54 - 00072704 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshost.dll
2016-06-16 14:52 - 2016-05-28 09:52 - 00269824 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshostcore.dll
2016-06-16 14:52 - 2016-05-28 09:49 - 00567808 _____ (Microsoft Corporation) C:\WINDOWS\system32\MBMediaManager.dll
2016-06-16 14:52 - 2016-05-28 09:48 - 11545088 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2016-06-16 14:52 - 2016-05-28 09:48 - 07977472 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2016-06-16 14:52 - 2016-05-28 09:47 - 00630784 _____ (Microsoft Corporation) C:\WINDOWS\system32\MessagingDataModel2.dll
2016-06-16 14:52 - 2016-05-28 09:44 - 00499712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MessagingDataModel2.dll
2016-06-16 14:52 - 2016-05-28 09:43 - 00939520 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlCore.dll
2016-06-16 14:52 - 2016-05-28 09:38 - 13385728 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-06-16 14:52 - 2016-05-28 09:36 - 12128256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-06-16 14:52 - 2016-05-28 09:34 - 06973952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2016-06-16 14:52 - 2016-05-28 09:33 - 02609664 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2016-06-16 14:52 - 2016-05-28 09:30 - 03585536 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsThresholdAdminFlowUI.dll
2016-06-16 14:52 - 2016-05-28 09:30 - 01707520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActiveSyncProvider.dll
2016-06-16 14:52 - 2016-05-28 09:28 - 07832576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-06-16 14:52 - 2016-05-28 09:28 - 01996288 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncProvider.dll
2016-06-16 14:51 - 2016-05-28 11:43 - 00290496 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2016-06-16 14:51 - 2016-05-28 10:52 - 07474528 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-06-16 14:51 - 2016-05-28 10:38 - 00693600 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll
2016-06-16 14:51 - 2016-05-28 10:37 - 03675512 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2016-06-16 14:51 - 2016-05-28 10:37 - 02921880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2016-06-16 14:51 - 2016-05-28 10:37 - 01322248 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2016-06-16 14:51 - 2016-05-28 10:27 - 02548944 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll
2016-06-16 14:51 - 2016-05-28 10:27 - 02195632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll
2016-06-16 14:51 - 2016-05-28 10:27 - 00649792 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll
2016-06-16 14:51 - 2016-05-28 10:05 - 00031744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsdport.sys
2016-06-16 14:51 - 2016-05-28 10:01 - 00091648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdlrecover.exe
2016-06-16 14:51 - 2016-05-28 09:55 - 00037376 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2016-06-16 14:51 - 2016-05-28 09:54 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll
2016-06-16 14:51 - 2016-05-28 09:48 - 00380416 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemEventsBrokerServer.dll
2016-06-16 14:51 - 2016-05-28 09:47 - 09918976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2016-06-16 14:51 - 2016-05-28 09:47 - 00963072 _____ (Microsoft Corporation) C:\WINDOWS\system32\iphlpsvc.dll
2016-06-16 14:51 - 2016-05-28 09:46 - 19344384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-06-16 14:51 - 2016-05-28 09:46 - 00592896 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppContracts.dll
2016-06-16 14:51 - 2016-05-28 09:46 - 00503808 _____ (Microsoft Corporation) C:\WINDOWS\system32\tileobjserver.dll
2016-06-16 14:51 - 2016-05-28 09:45 - 00794624 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
2016-06-16 14:51 - 2016-05-28 09:44 - 18674176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-06-16 14:51 - 2016-05-28 09:44 - 01716736 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRHInproc.dll
2016-06-16 14:51 - 2016-05-28 09:44 - 00784384 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2016-06-16 14:51 - 2016-05-28 09:43 - 00982016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxPackaging.dll
2016-06-16 14:51 - 2016-05-28 09:42 - 00614400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
2016-06-16 14:51 - 2016-05-28 09:41 - 00890368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxPackaging.dll
2016-06-16 14:51 - 2016-05-28 09:41 - 00687616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2016-06-16 14:51 - 2016-05-28 09:36 - 01339904 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpsvc.dll
2016-06-16 14:51 - 2016-05-28 09:35 - 03994624 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2016-06-16 14:51 - 2016-05-28 09:35 - 03664896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-06-16 14:51 - 2016-05-28 09:35 - 02582016 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2016-06-16 14:51 - 2016-05-28 09:35 - 01797120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
2016-06-16 14:51 - 2016-05-28 09:33 - 05323776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2016-06-16 14:51 - 2016-05-28 09:33 - 01185280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LocationFramework.dll
2016-06-16 14:51 - 2016-05-28 09:32 - 03590144 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-06-16 14:51 - 2016-05-28 09:32 - 02061824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2016-06-16 14:51 - 2016-05-28 09:32 - 01534464 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationFramework.dll
2016-06-16 14:51 - 2016-05-28 09:31 - 01799680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2016-06-16 14:51 - 2016-05-28 09:31 - 01582080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll
2016-06-16 14:51 - 2016-05-28 09:30 - 05660160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2016-06-16 14:51 - 2016-05-28 09:30 - 02635776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2016-06-16 14:51 - 2016-05-28 09:30 - 02168320 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2016-06-16 14:51 - 2016-05-28 09:30 - 01730560 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-06-16 14:51 - 2016-05-28 09:28 - 04896256 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-06-16 14:51 - 2016-05-28 09:28 - 02066432 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2016-06-16 14:51 - 2016-05-28 09:27 - 02281472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2016-06-16 14:50 - 2016-05-28 11:43 - 01184960 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2016-06-16 14:50 - 2016-05-28 11:43 - 00514752 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2016-06-16 14:50 - 2016-05-28 11:43 - 00092352 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2016-06-16 14:50 - 2016-05-28 10:55 - 04268880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\setupapi.dll
2016-06-16 14:50 - 2016-05-28 10:53 - 00388384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ws2_32.dll
2016-06-16 14:50 - 2016-05-28 10:53 - 00312160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mswsock.dll
2016-06-16 14:50 - 2016-05-28 10:52 - 04387680 _____ (Microsoft Corporation) C:\WINDOWS\system32\setupapi.dll
2016-06-16 14:50 - 2016-05-28 10:52 - 00428896 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
2016-06-16 14:50 - 2016-05-28 10:52 - 00211296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tpm.sys
2016-06-16 14:50 - 2016-05-28 10:52 - 00118624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\partmgr.sys
2016-06-16 14:50 - 2016-05-28 10:50 - 00430312 _____ (Microsoft Corporation) C:\WINDOWS\system32\ws2_32.dll
2016-06-16 14:50 - 2016-05-28 10:48 - 00357216 _____ (Microsoft Corporation) C:\WINDOWS\system32\mswsock.dll
2016-06-16 14:50 - 2016-05-28 10:46 - 00026408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2016-06-16 14:50 - 2016-05-28 10:39 - 00501600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll
2016-06-16 14:50 - 2016-05-28 10:39 - 00170848 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkUXBroker.exe
2016-06-16 14:50 - 2016-05-28 10:39 - 00084832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupApi.dll
2016-06-16 14:50 - 2016-05-28 10:38 - 00258912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ufx01000.sys
2016-06-16 14:50 - 2016-05-28 10:38 - 00115040 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupApi.dll
2016-06-16 14:50 - 2016-05-28 10:37 - 00957608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2016-06-16 14:50 - 2016-05-28 10:37 - 00331616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2016-06-16 14:50 - 2016-05-28 10:36 - 22561256 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2016-06-16 14:50 - 2016-05-28 10:36 - 04074160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2016-06-16 14:50 - 2016-05-28 10:36 - 00730344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Shell.Broker.dll
2016-06-16 14:50 - 2016-05-28 10:36 - 00303216 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppHost.exe
2016-06-16 14:50 - 2016-05-28 10:36 - 00254656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppHost.exe
2016-06-16 14:50 - 2016-05-28 10:35 - 04515264 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2016-06-16 14:50 - 2016-05-28 10:34 - 00604928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2016-06-16 14:50 - 2016-05-28 10:34 - 00431296 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcryptprimitives.dll
2016-06-16 14:50 - 2016-05-28 10:34 - 00360480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcryptprimitives.dll
2016-06-16 14:50 - 2016-05-28 10:34 - 00161632 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2016-06-16 14:50 - 2016-05-28 10:34 - 00111064 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncryptsslp.dll
2016-06-16 14:50 - 2016-05-28 10:34 - 00097096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncryptsslp.dll
2016-06-16 14:50 - 2016-05-28 10:33 - 00131248 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpapi.dll
2016-06-16 14:50 - 2016-05-28 10:28 - 01996640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2016-06-16 14:50 - 2016-05-28 10:27 - 00577376 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2016-06-16 14:50 - 2016-05-28 10:27 - 00521664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxgi.dll
2016-06-16 14:50 - 2016-05-28 10:01 - 00088576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
2016-06-16 14:50 - 2016-05-28 09:59 - 00079360 _____ (Microsoft Corporation) C:\WINDOWS\system32\adhsvc.dll
2016-06-16 14:50 - 2016-05-28 09:59 - 00019456 _____ (Microsoft Corporation) C:\WINDOWS\system32\httpprxp.dll
2016-06-16 14:50 - 2016-05-28 09:58 - 00166400 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2016-06-16 14:50 - 2016-05-28 09:58 - 00090112 _____ (Microsoft Corporation) C:\WINDOWS\system32\FwRemoteSvr.dll
2016-06-16 14:50 - 2016-05-28 09:56 - 00199168 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2016-06-16 14:50 - 2016-05-28 09:56 - 00157184 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcertinst.exe
2016-06-16 14:50 - 2016-05-28 09:56 - 00145920 _____ (Microsoft Corporation) C:\WINDOWS\system32\omadmclient.exe
2016-06-16 14:50 - 2016-05-28 09:54 - 00218624 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdd.dll
2016-06-16 14:50 - 2016-05-28 09:54 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Ndu.sys
2016-06-16 14:50 - 2016-05-28 09:54 - 00091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2016-06-16 14:50 - 2016-05-28 09:54 - 00086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppCapture.dll
2016-06-16 14:50 - 2016-05-28 09:54 - 00067072 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcsvc6.dll
2016-06-16 14:50 - 2016-05-28 09:54 - 00053760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FwRemoteSvr.dll
2016-06-16 14:50 - 2016-05-28 09:53 - 00155136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidclass.sys
2016-06-16 14:50 - 2016-05-28 09:53 - 00086016 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcsvc.dll
2016-06-16 14:50 - 2016-05-28 09:52 - 00406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2016-06-16 14:50 - 2016-05-28 09:52 - 00368640 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2016-06-16 14:50 - 2016-05-28 09:52 - 00278528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netbt.sys
2016-06-16 14:50 - 2016-05-28 09:52 - 00163328 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringservice.dll
2016-06-16 14:50 - 2016-05-28 09:52 - 00161280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2016-06-16 14:50 - 2016-05-28 09:52 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptsvc.dll
2016-06-16 14:50 - 2016-05-28 09:51 - 00550912 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2016-06-16 14:50 - 2016-05-28 09:51 - 00239104 _____ (Microsoft Corporation) C:\WINDOWS\system32\BrokerLib.dll
2016-06-16 14:50 - 2016-05-28 09:51 - 00207360 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
2016-06-16 14:50 - 2016-05-28 09:51 - 00190464 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscsvc.dll
2016-06-16 14:50 - 2016-05-28 09:50 - 00641536 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2016-06-16 14:50 - 2016-05-28 09:50 - 00511488 _____ (Microsoft Corporation) C:\WINDOWS\system32\newdev.dll
2016-06-16 14:50 - 2016-05-28 09:50 - 00332288 _____ (Microsoft Corporation) C:\WINDOWS\system32\polstore.dll
2016-06-16 14:50 - 2016-05-28 09:50 - 00267264 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcore6.dll
2016-06-16 14:50 - 2016-05-28 09:50 - 00199168 _____ (Microsoft Corporation) C:\WINDOWS\system32\GnssAdapter.dll
2016-06-16 14:50 - 2016-05-28 09:50 - 00174080 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Privacy.dll
2016-06-16 14:50 - 2016-05-28 09:50 - 00057344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcsvc6.dll
2016-06-16 14:50 - 2016-05-28 09:49 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2016-06-16 14:50 - 2016-05-28 09:49 - 00414720 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe
2016-06-16 14:50 - 2016-05-28 09:49 - 00355840 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcore.dll
2016-06-16 14:50 - 2016-05-28 09:49 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcsvc.dll
2016-06-16 14:50 - 2016-05-28 09:48 - 00610816 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastls.dll
2016-06-16 14:50 - 2016-05-28 09:48 - 00591360 _____ (Microsoft Corporation) C:\WINDOWS\system32\vpnike.dll
2016-06-16 14:50 - 2016-05-28 09:48 - 00392192 _____ (Microsoft Corporation) C:\WINDOWS\system32\IPSECSVC.DLL
2016-06-16 14:50 - 2016-05-28 09:48 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEEventDispatcher.dll
2016-06-16 14:50 - 2016-05-28 09:47 - 00485888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\newdev.dll
2016-06-16 14:50 - 2016-05-28 09:47 - 00415232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll
2016-06-16 14:50 - 2016-05-28 09:47 - 00315392 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXTaskFactory.dll
2016-06-16 14:50 - 2016-05-28 09:47 - 00278016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Management.dll
2016-06-16 14:50 - 2016-05-28 09:47 - 00173056 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmmigrator.dll
2016-06-16 14:50 - 2016-05-28 09:46 - 00690176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2016-06-16 14:50 - 2016-05-28 09:46 - 00684544 _____ (Microsoft Corporation) C:\WINDOWS\system32\StructuredQuery.dll
2016-06-16 14:50 - 2016-05-28 09:46 - 00406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv.sys
2016-06-16 14:50 - 2016-05-28 09:46 - 00291328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\polstore.dll
2016-06-16 14:50 - 2016-05-28 09:46 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcore6.dll
2016-06-16 14:50 - 2016-05-28 09:45 - 00535040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastls.dll
2016-06-16 14:50 - 2016-05-28 09:45 - 00293888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcore.dll
2016-06-16 14:50 - 2016-05-28 09:45 - 00237056 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srvnet.sys
2016-06-16 14:50 - 2016-05-28 09:44 - 00965632 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2016-06-16 14:50 - 2016-05-28 09:44 - 00219136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEEventDispatcher.dll
2016-06-16 14:50 - 2016-05-28 09:44 - 00200192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Management.dll
2016-06-16 14:50 - 2016-05-28 09:43 - 01387520 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2016-06-16 14:50 - 2016-05-28 09:43 - 00990208 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedStartModel.dll
2016-06-16 14:50 - 2016-05-28 09:43 - 00587776 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2016-06-16 14:50 - 2016-05-28 09:43 - 00467456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppContracts.dll
2016-06-16 14:50 - 2016-05-28 09:42 - 00521728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StructuredQuery.dll
2016-06-16 14:50 - 2016-05-28 09:41 - 01445888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRHInproc.dll
2016-06-16 14:50 - 2016-05-28 09:41 - 00799744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRH.dll
2016-06-16 14:50 - 2016-05-28 09:41 - 00128512 _____ (Microsoft Corporation) C:\WINDOWS\system32\httpprxm.dll
2016-06-16 14:50 - 2016-05-28 09:39 - 01073152 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2016-06-16 14:50 - 2016-05-28 09:34 - 00555520 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncController.dll
2016-06-16 14:50 - 2016-05-28 09:34 - 00450560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SyncController.dll
2016-06-16 14:50 - 2016-05-28 09:33 - 00693760 _____ (Microsoft Corporation) C:\WINDOWS\system32\internetmail.dll
2016-06-16 14:50 - 2016-05-28 09:33 - 00417792 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenrollengine.dll
2016-06-16 14:50 - 2016-05-28 09:32 - 00103424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll
2016-06-16 14:50 - 2016-05-28 09:31 - 01500160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-06-16 14:50 - 2016-05-28 09:31 - 00111104 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll
2016-06-16 14:50 - 2016-05-28 09:30 - 02230272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2016-06-16 14:50 - 2016-05-28 09:30 - 00162816 _____ (Microsoft Corporation) C:\WINDOWS\system32\enrollmentapi.dll
2016-06-16 14:50 - 2016-05-28 09:30 - 00151040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mdmregistration.dll
2016-06-16 14:50 - 2016-05-28 09:30 - 00090624 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceEnroller.exe
2016-06-16 14:50 - 2016-05-28 09:29 - 00176640 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmregistration.dll
2016-06-16 14:50 - 2016-05-28 09:28 - 02755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2016-06-16 14:50 - 2016-05-28 09:25 - 01390080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll
2016-06-16 14:50 - 2016-05-28 09:23 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcpopkeysrv.dll
2016-06-16 12:40 - 2016-06-16 12:41 - 00222060 _____ C:\WINDOWS\Minidump\061616-28468-01.dmp
2016-06-15 16:08 - 2016-06-15 16:09 - 00232700 _____ C:\WINDOWS\Minidump\061516-40890-01.dmp
2016-06-15 15:34 - 2016-06-15 15:34 - 00000000 ____D C:\Users\Maithree Venkatesan\AppData\Local\WinZip
2016-06-13 16:14 - 2016-06-13 16:14 - 00000000 ____D C:\Users\Yamini Venkatesan\AppData\Local\WinZip
2016-06-13 15:56 - 2016-06-13 15:57 - 00280244 _____ C:\WINDOWS\Minidump\061316-43906-01.dmp
2016-06-13 14:53 - 2016-06-13 16:04 - 00000000 ____D C:\Users\NewUsername\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
2016-06-12 22:09 - 2016-06-16 16:30 - 00000000 ____D C:\Users\NewUsername\AppData\Local\WinZip
2016-06-12 22:09 - 2016-06-12 22:10 - 00000000 ____D C:\ProgramData\WinZip
2016-06-12 22:09 - 2016-06-12 22:09 - 00003640 _____ C:\WINDOWS\System32\Tasks\WinZipBackGroundToolsTask
2016-06-12 22:09 - 2016-06-12 22:09 - 00002248 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Update Notifier.lnk
2016-06-12 22:09 - 2016-06-12 22:09 - 00002203 _____ C:\ProgramData\Microsoft\Windows\Start Menu\WinZip BG Tools.lnk
2016-06-12 22:09 - 2016-06-12 22:09 - 00002191 _____ C:\ProgramData\Microsoft\Windows\Start Menu\WinZip.lnk
2016-06-12 22:09 - 2016-06-12 22:09 - 00002185 _____ C:\Users\Public\Desktop\WinZip.lnk
2016-06-12 22:09 - 2016-06-12 22:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip 20.5
2016-06-12 22:08 - 2016-06-12 22:09 - 00000000 ____D C:\Program Files\WinZip
2016-06-12 22:08 - 2016-06-12 22:08 - 00000000 ____D C:\Users\NewUsername\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinZip 20.5
2016-06-12 22:04 - 2016-06-12 22:04 - 00712880 _____ (WinZip Computing, S.L.) C:\Users\NewUsername\Downloads\winzip20_ipp2 (4).exe
2016-06-12 22:04 - 2016-06-12 22:04 - 00712880 _____ (WinZip Computing, S.L.) C:\Users\NewUsername\Downloads\winzip20_ipp2 (3).exe
2016-06-12 22:04 - 2016-06-12 22:04 - 00712880 _____ (WinZip Computing, S.L.) C:\Users\NewUsername\Downloads\winzip20_ipp2 (2).exe
2016-06-12 22:04 - 2016-06-12 22:04 - 00712880 _____ (WinZip Computing, S.L.) C:\Users\NewUsername\Downloads\winzip20_ipp2 (1).exe
2016-06-12 22:04 - 2016-06-12 22:04 - 00000000 ____D C:\ProgramData\UniqueId
2016-06-12 22:03 - 2016-06-12 22:04 - 00712880 _____ (WinZip Computing, S.L.) C:\Users\NewUsername\Downloads\winzip20_ipp2.exe
2016-06-12 12:41 - 2016-06-12 12:43 - 00225580 _____ C:\WINDOWS\Minidump\061216-32937-01.dmp
2016-06-12 12:07 - 2016-06-12 12:07 - 00000000 ____H C:\Users\NewUsername\Desktop\~WRL3765.tmp
2016-06-12 09:46 - 2016-06-12 10:21 - 261120376 _____ C:\Users\NewUsername\Downloads\1Apr2016 Trip Pics.zip
2016-06-11 09:06 - 2016-06-11 09:07 - 02536178 _____ C:\Users\NewUsername\Downloads\vaarahimaalai.pdf
2016-06-08 14:15 - 2016-06-08 14:15 - 05638138 _____ C:\Users\NewUsername\Desktop\stotra malayaam.pdf
2016-06-08 13:46 - 2016-06-08 13:47 - 00280260 _____ C:\WINDOWS\Minidump\060816-30359-01.dmp
2016-06-08 11:56 - 2016-06-08 11:56 - 00000000 ____H C:\Users\NewUsername\Desktop\~WRL0693.tmp
2016-06-03 09:07 - 2016-06-03 09:07 - 04256494 _____ C:\Users\NewUsername\Downloads\smriti doc.pdf
2016-06-01 19:36 - 2016-06-01 19:36 - 00400446 _____ C:\Users\NewUsername\Downloads\P R RAMACHANDER1 (4).pdf
2016-06-01 19:36 - 2016-06-01 19:36 - 00400446 _____ C:\Users\NewUsername\Downloads\P R RAMACHANDER1 (3).pdf
2016-06-01 19:36 - 2016-06-01 19:36 - 00400446 _____ C:\Users\NewUsername\Downloads\P R RAMACHANDER1 (2).pdf
2016-06-01 19:35 - 2016-06-01 19:35 - 00399721 _____ C:\Users\NewUsername\Downloads\V JAYALAKSHMI1.pdf
2016-06-01 19:34 - 2016-06-01 19:34 - 00175082 _____ C:\Users\NewUsername\Downloads\V JAYALAKSHMI.pdf
2016-06-01 19:33 - 2016-06-01 19:33 - 00400446 _____ C:\Users\NewUsername\Downloads\P R RAMACHANDER1 (1).pdf
2016-06-01 19:32 - 2016-06-01 19:33 - 00174225 _____ C:\Users\NewUsername\Downloads\P R RAMACHANDER (2).pdf
2016-06-01 19:32 - 2016-06-01 19:32 - 00400446 _____ C:\Users\NewUsername\Downloads\P R RAMACHANDER1.pdf
2016-06-01 19:31 - 2016-06-01 19:31 - 00174225 _____ C:\Users\NewUsername\Downloads\P R RAMACHANDER.pdf
2016-06-01 19:31 - 2016-06-01 19:31 - 00174225 _____ C:\Users\NewUsername\Downloads\P R RAMACHANDER (1).pdf
2016-06-01 15:32 - 2016-06-08 14:40 - 00070466 ____H C:\Users\NewUsername\Desktop\~WRL3325.tmp
2016-06-01 11:43 - 2016-06-01 11:45 - 00280324 _____ C:\WINDOWS\Minidump\060116-31234-01.dmp
2016-05-31 19:15 - 2016-05-31 21:43 - 00083046 _____ C:\Users\NewUsername\Downloads\Horoscope3.tif
2016-05-31 19:12 - 2016-05-31 19:12 - 00114303 _____ C:\Users\NewUsername\Downloads\201605301712 (1).tif
2016-05-31 15:08 - 2016-05-31 15:08 - 00000000 ____H C:\Users\NewUsername\Desktop\~WRL2760.tmp
2016-05-31 09:51 - 2016-05-31 09:51 - 00028918 _____ C:\Users\NewUsername\Downloads\InitiateSingleEntryPaymentSummary31-05-2016.pdf
2016-05-31 06:04 - 2016-05-31 06:05 - 00125930 _____ C:\Users\NewUsername\Downloads\201605301712.tif
2016-05-31 05:58 - 2016-05-31 05:59 - 00218406 _____ C:\Users\NewUsername\Downloads\Aswath- Horoscope (3).tif
2016-05-30 19:42 - 2016-05-30 19:43 - 00247796 _____ C:\WINDOWS\Minidump\053016-45937-01.dmp
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-06-29 11:50 - 2016-01-15 12:30 - 00000936 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-06-29 11:36 - 2015-12-14 16:31 - 00000948 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job
2016-06-29 11:33 - 2012-04-01 05:54 - 00000962 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3004085564-4243055889-3556216080-1000UA.job
2016-06-29 11:17 - 2016-03-13 17:01 - 00000962 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3004085564-4243055889-3556216080-1005UA.job
2016-06-29 10:09 - 2016-05-18 19:34 - 00000000 ____D C:\Users\NewUsername\Desktop\Raja photo
2016-06-29 09:52 - 2016-03-05 18:17 - 00000000 ____D C:\Users\NewUsername\Desktop\For copying
2016-06-29 07:05 - 2015-10-30 12:51 - 00000000 ____D C:\WINDOWS\INF
2016-06-29 07:01 - 2016-03-05 21:28 - 00000000 ____D C:\Users\NewUsername\Desktop\Trans folder of folders
2016-06-29 06:58 - 2016-03-13 14:31 - 00004178 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{A423537A-F5B2-4FB9-828E-26DAC65A9701}
2016-06-29 05:19 - 2016-03-13 17:01 - 00000910 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3004085564-4243055889-3556216080-1005Core.job
2016-06-29 05:09 - 2016-03-05 21:25 - 00000000 ___RD C:\Users\NewUsername\Google Drive
2016-06-29 05:07 - 2016-03-05 06:09 - 00000000 ___RD C:\Users\NewUsername\OneDrive
2016-06-29 05:07 - 2016-03-04 14:29 - 00000000 ___HD C:\OneDriveTemp
2016-06-29 05:06 - 2016-03-05 06:03 - 00000000 ____D C:\Users\NewUsername
2016-06-29 05:06 - 2012-01-12 21:52 - 00255370 _____ C:\WINDOWS\system32\fastboot.set
2016-06-29 05:03 - 2015-12-03 00:13 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-06-29 02:30 - 2015-10-30 11:58 - 01572864 ___SH C:\WINDOWS\system32\config\BBI
2016-06-28 18:56 - 2015-12-29 17:44 - 00000000 ____D C:\Users\DefaultAppPool
2016-06-28 18:56 - 2015-12-02 23:48 - 00000000 ____D C:\Users\Yamini Venkatesan
2016-06-28 18:56 - 2015-12-02 23:48 - 00000000 ____D C:\Users\ramachander
2016-06-28 18:56 - 2015-12-02 23:48 - 00000000 ____D C:\Users\Maithree Venkatesan
2016-06-28 18:56 - 2015-12-02 23:48 - 00000000 ____D C:\Users\Guest
2016-06-28 15:57 - 2015-12-03 15:38 - 437509992 _____ C:\WINDOWS\MEMORY.DMP
2016-06-28 15:57 - 2015-12-03 15:38 - 00000000 ____D C:\WINDOWS\Minidump
2016-06-28 13:01 - 2014-09-28 16:12 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-06-28 12:24 - 2013-11-28 12:37 - 00635304 _____ C:\WINDOWS\ntbtlog.txt
2016-06-28 11:48 - 2015-10-30 12:54 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-06-28 10:13 - 2015-10-30 12:56 - 00000000 ____D C:\WINDOWS\Setup
2016-06-28 06:11 - 2015-10-30 12:54 - 00000000 ___HD C:\Program Files\WindowsApps
2016-06-27 22:26 - 2014-09-28 16:11 - 00001175 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-06-27 22:26 - 2014-09-28 16:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-06-27 22:26 - 2014-09-28 16:10 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-06-27 21:33 - 2012-04-01 05:54 - 00000910 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3004085564-4243055889-3556216080-1000Core.job
2016-06-25 19:23 - 2015-11-21 15:48 - 00000000 ____D C:\Program Files\McAfee Security Scan
2016-06-25 06:02 - 2015-12-14 16:30 - 00000000 ____D C:\Program Files (x86)\Dropbox
2016-06-24 19:59 - 2015-12-02 23:47 - 01009692 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-06-24 15:35 - 2015-12-03 15:40 - 00000000 ____D C:\Users\Maithree Venkatesan\AppData\Local\Packages
2016-06-24 12:12 - 2012-05-24 08:52 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2016-06-24 12:12 - 2012-05-24 08:52 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2016-06-24 08:54 - 2015-12-03 01:48 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-06-24 04:38 - 2015-04-15 22:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2016-06-24 04:38 - 2015-04-15 22:03 - 00002640 _____ C:\Users\Public\Desktop\Skype.lnk
2016-06-24 04:38 - 2012-04-01 19:47 - 00000000 ____D C:\ProgramData\Skype
2016-06-23 19:06 - 2012-05-24 09:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2016-06-21 15:33 - 2015-12-03 14:02 - 00000000 ____D C:\Users\Yamini Venkatesan\AppData\Local\Packages
2016-06-20 13:37 - 2015-10-30 12:54 - 00000000 ____D C:\WINDOWS\rescache
2016-06-19 09:50 - 2016-03-05 06:03 - 00000000 ____D C:\Users\NewUsername\AppData\Local\Packages
2016-06-19 05:15 - 2015-10-30 12:54 - 00000000 ____D C:\WINDOWS\system32\NDF
2016-06-18 05:59 - 2016-04-10 09:30 - 00002272 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-06-18 05:59 - 2016-04-10 09:30 - 00002260 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-06-18 05:50 - 2015-10-30 12:41 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-06-17 14:58 - 2015-12-02 23:38 - 00391440 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-06-17 14:53 - 2015-10-30 12:54 - 00000000 ___SD C:\WINDOWS\system32\DiagSvcs
2016-06-17 14:53 - 2015-10-30 12:54 - 00000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2016-06-17 14:53 - 2015-10-30 12:54 - 00000000 ____D C:\WINDOWS\bcastdvr
2016-06-17 11:20 - 2016-03-08 06:09 - 00000000 ____D C:\Users\NewUsername\AppData\Local\ElevatedDiagnostics
2016-06-16 09:46 - 2013-10-27 14:37 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-06-16 08:21 - 2012-04-10 17:31 - 142482544 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-06-16 02:10 - 2010-11-21 08:57 - 00484008 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2016-06-15 00:03 - 2015-10-30 12:56 - 00828408 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-06-15 00:03 - 2015-10-30 12:56 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2016-06-09 12:18 - 2016-03-05 10:47 - 00000000 ____D C:\Users\NewUsername\Desktop\Horoscopes
2016-06-06 15:38 - 2015-12-03 15:46 - 00002453 _____ C:\Users\Maithree Venkatesan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2016-06-06 15:38 - 2015-12-03 15:46 - 00000000 ___RD C:\Users\Maithree Venkatesan\OneDrive
2016-06-02 21:44 - 2014-09-28 15:14 - 00000000 ____D C:\FRom desk top
2016-06-02 16:54 - 2013-02-11 20:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2016-06-01 19:37 - 2015-03-16 17:13 - 00000000 ____D C:\Lab reports
 
==================== Files in the root of some directories =======
 
2016-06-24 13:47 - 2016-06-24 13:47 - 0007601 _____ () C:\Users\NewUsername\AppData\Local\Resmon.ResmonCfg
2013-05-23 13:23 - 2013-05-23 13:23 - 0000057 _____ () C:\ProgramData\Ament.ini
 
Some files in TEMP:
====================
C:\Users\NewUsername\AppData\Local\Temp\jre-8u91-windows-au.exe
C:\Users\NewUsername\AppData\Local\Temp\libeay32.dll
C:\Users\NewUsername\AppData\Local\Temp\msvcr120.dll
C:\Users\NewUsername\AppData\Local\Temp\sqlite3.dll
C:\Users\NewUsername\AppData\Local\Temp\{0784D234-434A-446B-8804-E4512DE347AD}-gpbackup_1.1.2.13_yvl7awwt6qaqrrrmlg-bz-h2oyw.exe
C:\Users\ramachander\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpmpu2jv.dll
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-06-27 11:24
 
==================== End of FRST.txt ============================

---------------

 

 

Logs: Addition.txt

---------------------------------

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 28-06-2016
Ran by NewUsername (2016-06-29 12:06:49)
Running from C:\Users\NewUsername\Downloads
Windows 10 Home Version 1511 (X64) (2015-12-02 20:17:43)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-3004085564-4243055889-3556216080-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3004085564-4243055889-3556216080-503 - Limited - Disabled)
Guest (S-1-5-21-3004085564-4243055889-3556216080-501 - Limited - Disabled) => C:\Users\Guest
HomeGroupUser$ (S-1-5-21-3004085564-4243055889-3556216080-1002 - Limited - Enabled)
Maithree Venkatesan (S-1-5-21-3004085564-4243055889-3556216080-1003 - Limited - Enabled) => C:\Users\Maithree Venkatesan
NewUsername (S-1-5-21-3004085564-4243055889-3556216080-1005 - Administrator - Enabled) => C:\Users\NewUsername
rames (S-1-5-21-3004085564-4243055889-3556216080-1006 - Limited - Enabled) => C:\Users\rames
Yamini Venkatesan (S-1-5-21-3004085564-4243055889-3556216080-1004 - Limited - Enabled) => C:\Users\Yamini Venkatesan
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
8GadgetPack (HKLM-x32\...\{57C14300-FD42-4D51-A9F1-9C1C84F93C36}) (Version: 16.0.0 - Helmut Buhler)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.009.20069 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Advertising Center (x32 Version: 0.0.0.1 - Nero AG) Hidden
Amazon 1Button App (x32 Version: 2.3.4 - Amazon) Hidden <==== ATTENTION
Atheros Client Installation Program (HKLM-x32\...\{D3694B69-6F8C-42D3-8A0A-EB2AB528C02C}) (Version: 7.0 - Atheros)
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.36 - Atheros Communications Inc.)
Canon Utilities CameraWindow DC 8 (HKLM-x32\...\CameraWindowDC) (Version: 8.10.2.21 - Canon Inc.)
Canon Utilities ImageBrowser EX (HKLM-x32\...\ImageBrowser EX) (Version: 1.5.2.8 - Canon Inc.)
Canon Utilities PhotoStitch (HKLM-x32\...\PhotoStitch) (Version: 3.1.23.47 - Canon Inc.)
Classic FTP (HKLM-x32\...\ClassicFTP) (Version: 2.38 - NCH Software)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.54.4.51 - Conexant)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dropbox (HKLM-x32\...\Dropbox) (Version: 5.4.24 - Dropbox, Inc.)
Dropbox Update Helper (x32 Version: 1.3.27.77 - Dropbox, Inc.) Hidden
Energy Management (HKLM-x32\...\InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}) (Version: 6.0.2.0 - Lenovo)
Energy Management (x32 Version: 6.0.2.0 - Lenovo) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 51.0.2704.103 - Google Inc.)
Google Drive (HKLM-x32\...\{709316AD-161C-4D5C-9AE7-0B3A822DA271}) (Version: 1.30.2170.0459 - Google, Inc.)
Google Photos Backup (HKU\S-1-5-21-3004085564-4243055889-3556216080-1005\...\Google Photos Backup) (Version: 1.1.2.13 - Google, Inc.)
Google Talk Plugin (HKLM-x32\...\{F9B579C2-D854-300A-BE62-A09EB9D722E4}) (Version: 5.41.3.0 - Google)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.7619.1252 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.30.3 - Google Inc.) Hidden
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.14.265 - SurfRight B.V.)
HP Deskjet 1000 J110 series Basic Device Software (HKLM\...\{A3E89C5B-BB3A-433A-A878-D1310BB13EAD}) (Version: 28.0.1313.0 - Hewlett-Packard Co.)
HP Deskjet 1000 J110 series Help (HKLM-x32\...\{DDDFCC77-7F9C-45E9-B38E-721BA599BA0C}) (Version: 140.0.65.65 - Hewlett Packard)
HP Deskjet 1000 J110 series Product Improvement Study (HKLM\...\{EEC82191-E879-4906-9D6B-D9665CF030CD}) (Version: 28.0.1313.0 - Hewlett-Packard Co.)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
HP Support Solutions Framework (HKLM-x32\...\{FC3C2B77-6800-48C6-A15D-9D1031130C16}) (Version: 11.51.0049 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0000 - Microsoft) Hidden
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.4229 - Intel Corporation)
Jagannatha Hora 7.5 (HKLM-x32\...\Jagannatha Hora_is1) (Version: 7.5 - PVR Narasimha Rao)
Java 8 Update 91 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218091F0}) (Version: 8.0.910.14 - Oracle Corporation)
Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Lenovo EasyCamera (HKLM-x32\...\{ADE16A9D-FBDC-4ecc-B6BD-9C31E51D0332}) (Version: 3.15.0414.1 - Vimicro)
Lenovo EE Boot Optimizer (HKLM\...\Lenovo EE Boot Optimizer) (Version: 0.0.1.6 - Lenovo)
Lenovo Games Console (HKLM-x32\...\Lenovo Games Console) (Version: 1.2.6.436 - Oberon Media Inc.)
Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 7.0.1628 - CyberLink Corp.)
Lenovo OneKey Recovery (Version: 7.0.1628 - CyberLink Corp.) Hidden
Lenovo YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.1.3728 - CyberLink Corp.)
Lenovo YouCam (x32 Version: 3.1.3728 - CyberLink Corp.) Hidden
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.11.334.1 - McAfee, Inc.)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-007A-0409-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50428.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Motorola Device Manager (HKLM-x32\...\{28DB8373-C1BB-444F-A427-A55585A12ED7}) (Version: 2.5.4 - Motorola Mobility)
Motorola Device Software Update (x32 Version: 13.09.3001 - Motorola Mobility) Hidden
Motorola Mobile Drivers Installation 6.4.0 (HKLM\...\{27986EDD-C9EC-4B52-B92F-06D073F0AA52}) (Version: 6.4.0 - Motorola Mobility LLC)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
MSVC90_x64 (Version: 1.0.1.2 - Nokia) Hidden
MSVC90_x86 (x32 Version: 1.0.1.2 - Nokia) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Nero 9 Essentials (HKLM-x32\...\{4363ae55-db18-4474-b01a-631676ab4a55}) (Version:  - Nero AG)
NETGEAR Genie (HKLM-x32\...\NETGEAR Genie) (Version: 2.4.12.00 - NETGEAR Inc.)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.1 - )
OpenOffice.org 3.3 (HKLM-x32\...\{3E171899-0175-47CC-84C4-562ACDD4C021}) (Version: 3.3.9567 - OpenOffice.org)
PC Connectivity Solution (HKLM-x32\...\{644F4910-E812-49AD-93EC-86828CB81A0D}) (Version: 12.0.27.0 - Nokia)
PDF Creator (HKLM\...\PDF Creator) (Version:  - )
Photo Crop Editor 2.03 (HKLM-x32\...\{53D11164-C10F-4B66-9FB1-260C141C5F25}) (Version:  - )
Photo to Sketch 4.0 (HKLM-x32\...\{42CC40A6-332E-4F53-8FB8-BD6D77D764FB}_is1) (Version:  - Thinker Software, Inc.)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9.141.259 - Google, Inc.)
Quick Jyotish 1.1 (HKLM-x32\...\Quick Jyotish_is1) (Version:  - JyotishTools.com)
Realtek USB 2.0 Reader Driver (HKLM-x32\...\{62BBB2F0-E220-4821-A564-730807D2C34D}) (Version: 6.1.7600.10003 - Realtek Semiconductor Corp.)
Revo Uninstaller Pro 2.5.7 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 2.5.7 - VS Revo Group, Ltd.)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.4.0.9058 - Microsoft Corporation)
Skype™ 7.5 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.5.102 - Skype Technologies S.A.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.19.1 - Synaptics Incorporated)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
UserGuide (HKLM-x32\...\InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 1.0.0.6 - Lenovo)
UserGuide (x32 Version: 1.0.0.6 - Lenovo) Hidden
VeriFace (HKLM-x32\...\VeriFace) (Version: 4.0.0.1224 - Lenovo)
Windows Driver Package - Lenovo (ACPIVPC) System  (12/02/2010 6.1.0.1) (HKLM\...\EA12B1FB53CE4E387C31A85236C41EF559B5E392) (Version: 12/02/2010 6.1.0.1 - Lenovo)
Windows Driver Package - Nokia pccsmcfd LegacyDriver  (05/31/2012 7.1.2.0) (HKLM\...\62BBD193ADFDBB228C7E1ADB56463F5732FF7F6F) (Version: 05/31/2012 7.1.2.0 - Nokia)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinZip 20.5 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C24105}) (Version: 20.5.12118 - WinZip Computing, S.L. )
Zemana AntiMalware (HKLM-x32\...\{8F0CD7D1-42F3-4195-95CD-833578D45057}_is1) (Version: 2.21.94 - Zemana Ltd.)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-3004085564-4243055889-3556216080-1005_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\NewUsername\AppData\Local\Google\Update\1.3.30.3\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3004085564-4243055889-3556216080-1005_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\NewUsername\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\FileCoAuth.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3004085564-4243055889-3556216080-1005_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\NewUsername\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3004085564-4243055889-3556216080-1005_Classes\CLSID\{CB2B673F-D441-4CD4-AFBE-DC4037CA4220}\InprocServer32 -> C:\Program Files\WinZip\adxloader64.dll ()
CustomCLSID: HKU\S-1-5-21-3004085564-4243055889-3556216080-1005_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\NewUsername\AppData\Local\Google\Update\1.3.30.3\psuser_64.dll (Google Inc.)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {04442B4A-3AB8-4DE2-BAE8-588DDEB889C2} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {05A6A25F-6431-4B0D-A58F-85E6E27E3CFB} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\Windows\ehome\mcupdate.exe
Task: {0F880D05-1FB3-49D4-BE4C-5BFB8EEEAF5F} - System32\Tasks\Motorola Device Manager Initial Update => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2014-10-31] ()
Task: {10D5F6D6-F062-4FE0-B5E4-672103570215} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {121AB04A-9A51-4BA4-AFB4-F0D5CFB46186} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {12B1C5DC-8FB3-4105-81EA-DF9D818A5F78} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {1549A3CA-73E5-4FE1-AB5C-A0A52FB6990B} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {188840AB-6877-4232-BB00-618946BDA4C6} - System32\Tasks\{B8B450B2-399F-4A9C-9EBA-4C2E59F3B140} => pcalua.exe -a "C:\Program Files (x86)\Quick Jyotish\unins000.exe"
Task: {1E71358A-8B63-4372-BF64-EAB8FB01D5A2} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3004085564-4243055889-3556216080-1000UA => C:\Users\ramachander\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {1F337115-EB0E-41B6-BC5B-8690DA77EEA1} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {3275C933-CDF7-4E51-8D2A-A901A47C6B6F} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-12-14] (Dropbox, Inc.)
Task: {32F81626-D52F-4D1E-8B20-BB955096F079} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {34DEBB0B-4146-4378-9089-AB8B0DFAD837} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\Windows\ehome\ehPrivJob.exe
Task: {34E30BC8-44A6-4757-A1B3-0401F1EFB626} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {36F6EB20-4340-4713-A78B-2288581651FF} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\Windows\ehome\ehPrivJob.exe
Task: {4B1A0088-B420-4107-9BE5-9BDFB8C2BDD0} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {552531D4-AF5F-4CF9-933B-E20D0583D632} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\Windows\ehome\ehPrivJob.exe
Task: {5626FE11-B276-4E12-911D-49D1719418EF} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3004085564-4243055889-3556216080-1000Core => C:\Users\ramachander\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {62D2FC81-1223-408D-94D7-D98C4F5C891A} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\Windows\ehome\ehPrivJob.exe
Task: {69D4DFA0-E166-4C1B-879C-9C965479802D} - no filepath
Task: {6AD2A3D1-63E2-4BA6-801E-592A819784AF} - System32\Tasks\HPCustParticipation HP Deskjet 1000 J110 series => C:\Program Files\HP\HP Deskjet 1000 J110 series\Bin\HPCustPartic.exe [2012-10-02] (Hewlett-Packard Co.)
Task: {71FF77B1-DBF0-40B6-8852-1C41140C90D9} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {74F8C234-FD29-4F42-8036-AF03A4014ED8} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {76355338-EDC7-4E89-B2B9-6487219AA11C} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\Windows\ehome\ehPrivJob.exe
Task: {77A733C2-2B5D-41FC-97BB-58F1BCA2E2F1} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\Windows\ehome\ehrec.exe
Task: {78AB276B-0053-4F19-8E79-3FB74FF62BAB} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\MpCmdRun.exe
Task: {8F82FF51-1898-40CF-BC44-562687136B93} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\Windows\ehome\mcupdate.exe
Task: {914D5BD1-6894-4945-BFD7-D829B1E8AF1D} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {91EA4918-B95C-46A5-B149-4B5A085E7528} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {93D18110-A7BD-433F-A54E-25DB5EC221E2} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\Windows\ehome\MCUpdate.exe
Task: {9A79E852-66B2-4764-A637-517BBF437C6C} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\Windows\ehome\ehrec.exe
Task: {9AB7D202-1079-40FD-9078-3452B5C8E4AC} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe
Task: {9B173B57-BA24-4641-9ABD-F165ABF01CAF} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\Windows\ehome\ehPrivJob.exe
Task: {9D39687C-A8EC-4800-B874-228E5F589707} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\Windows\ehome\ehPrivJob.exe
Task: {9F191690-5F74-4F06-B8FA-F78ABF4CADB2} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\Windows\ehome\ehPrivJob.exe
Task: {A17E19DB-66C4-4230-89AF-0B674D06C68B} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {A30029F3-88F3-4E17-94B8-5AB0E7080B54} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {A878AD15-1DB6-4C69-919E-50B3BE28D975} - System32\Tasks\{0DCD84CA-90A0-4FF8-A1B2-2515276579FA} => pcalua.exe -a "C:\Users\ramachander\Downloads\wlsetup-web (3).exe" -d C:\Users\ramachander\Downloads
Task: {B47D34B5-3D89-428E-82AF-FFC51B454C8C} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-06-16] (Microsoft Corporation)
Task: {B6E3DEA2-3B5B-4959-83C0-72D56295F421} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-10-25] (Google Inc.)
Task: {BD786BC0-D983-4463-8DB6-2C5394981E03} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-12-14] (Dropbox, Inc.)
Task: {CACAE043-200F-470C-B15D-3FE1FF0C587F} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3004085564-4243055889-3556216080-1005UA => C:\Users\NewUsername\AppData\Local\Google\Update\GoogleUpdate.exe [2016-03-13] (Google Inc.)
Task: {CAE0E88F-BD66-4E4E-8A4E-6E5B86BD3C0D} - System32\Tasks\Motorola Device Manager Update => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2014-10-31] ()
Task: {D063607B-7CFA-4FA1-AD85-632FE9CEE842} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-10-25] (Google Inc.)
Task: {D491D0B1-4C85-471D-8321-744ADDFB0400} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {D8608A8A-ED87-4CB2-9147-88B9DF617806} - System32\Tasks\MirageAgent => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [2011-01-29] (CyberLink)
Task: {D8801459-4921-43EE-A008-51CF8EAF9A1C} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3004085564-4243055889-3556216080-1005Core => C:\Users\NewUsername\AppData\Local\Google\Update\GoogleUpdate.exe [2016-03-13] (Google Inc.)
Task: {E0082C77-8356-4125-B564-003C675258F9} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {EB8BB73B-AF9A-4655-8891-4783273AAF93} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\Windows\ehome\ehPrivJob.exe
Task: {F033035C-0DC6-4FB7-B50E-2C2AF3A52A2C} - System32\Tasks\{4DB6F8CA-497C-476F-9E77-057995FD9F2D} => C:\Program Files (x86)\Windows Live\Mail\wlmail.exe [2015-09-19] (Microsoft Corporation)
Task: {F1618F1D-5B01-49AA-B2D8-5B2C75C523EB} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {F3109C42-8AC3-436F-8E1D-14DD55920309} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-10-28] (Adobe Systems Incorporated)
Task: {FCEBE564-0013-4CF2-A639-951E0CC46E37} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-10] (Adobe Systems Incorporated)
Task: {FDBA9AA9-DEB9-4835-9274-5F4AF2397D6C} - System32\Tasks\WinZipBackGroundToolsTask => C:\Program Files\WinZip\WzBGTools.exe [2016-05-26] (WinZip Computing, S.L.)
Task: {FF5B88F5-70A7-4C0D-A31D-851C0BD3074A} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\Windows\ehome\ehPrivJob.exe
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3004085564-4243055889-3556216080-1000Core.job => C:\Users\ramachander\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3004085564-4243055889-3556216080-1000UA.job => C:\Users\ramachander\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3004085564-4243055889-3556216080-1005Core.job => C:\Users\NewUsername\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3004085564-4243055889-3556216080-1005UA.job => C:\Users\NewUsername\AppData\Local\Google\Update\GoogleUpdate.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
==================== Loaded Modules (Whitelisted) ==============
 
2015-10-30 12:47 - 2015-10-30 12:47 - 00028672 _____ () C:\WINDOWS\SYSTEM32\efsext.dll
2013-12-31 20:38 - 2011-10-04 22:43 - 00087552 _____ () C:\WINDOWS\System32\custmon64i.dll
2016-04-13 13:21 - 2016-03-29 15:50 - 02656952 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-04-13 13:21 - 2016-03-29 15:50 - 02656952 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2016-05-24 19:40 - 2016-05-24 19:40 - 00959168 _____ () C:\Users\NewUsername\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64\ClientTelemetry.dll
2012-01-12 21:44 - 2012-01-12 21:44 - 01508192 _____ () C:\windows\system32\IcnOvrly.dll
2012-01-12 21:44 - 2012-01-12 21:44 - 00628064 _____ () C:\windows\system32\SimpleExt.dll
2016-06-28 22:10 - 2016-06-28 22:10 - 00121200 _____ () C:\Program Files (x86)\Zemana AntiMalware\ZAMShellExt64.dll
2016-06-16 14:50 - 2016-05-28 09:23 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2015-12-18 09:41 - 2015-12-07 09:44 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2016-05-11 12:17 - 2016-04-23 09:55 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2015-06-01 21:00 - 2015-06-01 21:00 - 00102912 _____ () C:\Windows\System32\IccLibDll_x64.dll
2008-12-20 08:50 - 2012-01-12 21:55 - 00054088 _____ () C:\Program Files (x86)\Lenovo\Energy Management\HookLib.dll
2008-12-20 08:50 - 2012-01-12 21:55 - 00054088 _____ () C:\Program Files (x86)\Lenovo\Energy Management\kbdhook.dll
2014-07-01 10:30 - 2015-02-10 15:08 - 00069120 _____ () C:\Program Files (x86)\Canon\ImageBrowser EX\MFManager.exe
2016-01-22 05:13 - 2016-01-22 05:14 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeHost.exe
2016-04-07 15:09 - 2016-04-07 15:09 - 00015360 _____ () C:\Program Files\WindowsApps\61545TimGrabinat.wAPPerforGmail_1.1.12.0_x64__rcb0qdgx4z9ca\wAPPer for Gmail.exe
2016-04-07 15:09 - 2016-04-07 15:09 - 04101120 _____ () C:\Program Files\WindowsApps\61545TimGrabinat.wAPPerforGmail_1.1.12.0_x64__rcb0qdgx4z9ca\wAPPer for Gmail.dll
2016-04-07 15:10 - 2016-04-07 15:10 - 03841944 _____ () C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.0.1603.0_x64__8wekyb3d8bbwe\Microsoft.Advertising.dll
2012-04-01 05:15 - 2011-02-22 06:02 - 02269184 _____ () C:\Program Files (x86)\Jagannatha Hora\bin\jhora.exe
2015-10-30 12:48 - 2015-10-30 12:48 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-06-16 14:51 - 2016-05-28 09:29 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-06-16 14:52 - 2016-05-28 09:25 - 00936960 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2016-06-16 14:52 - 2016-05-28 09:24 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-06-16 14:52 - 2016-05-28 09:26 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2016-06-16 14:52 - 2016-05-28 09:23 - 00529408 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.NodeWinrtWrap.dll
2015-10-30 12:48 - 2015-10-30 14:37 - 00037888 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\dss_service\node_modules\winrt-projections\bin\Winrt_Projections.node
2015-10-30 12:48 - 2015-10-30 14:36 - 00796160 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\dss_service\node_modules\windows.web.http\bin\NodeRT_Windows_Web_Http.node
2015-10-30 12:48 - 2015-10-30 14:37 - 00961024 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\dss_service\node_modules\windows.web.http.headers\bin\NodeRT_Windows_Web_Http_Headers.node
2015-10-30 12:48 - 2015-10-30 14:36 - 00206336 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\dss_service\node_modules\windows.web.http.filters\bin\NodeRT_Windows_Web_Http_Filters.node
2015-10-30 12:48 - 2015-10-30 14:36 - 00558592 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\dss_service\node_modules\windows.storage.streams\bin\NodeRT_Windows_Storage_Streams.node
2015-10-30 12:48 - 2015-10-30 14:37 - 00397824 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\dss_service\node_modules\windows.foundation\bin\NodeRT_Windows_Foundation.node
2015-10-30 12:48 - 2015-10-30 14:36 - 00181248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\dss_service\node_modules\nodert-buffer-utils\bin\NodeRT_Buffer_Utils.node
2015-10-30 12:48 - 2015-10-30 14:36 - 00093696 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\dss_service\node_modules\windows.security.cryptography\bin\NodeRT_Windows_Security_Cryptography.node
2015-10-30 12:48 - 2015-10-30 14:36 - 00200192 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\dss_service\node_modules\windows.cortana.pal\bin\NodeRT_Windows_Cortana_PAL.node
2016-06-19 09:49 - 2016-06-19 09:49 - 00017920 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.526.11220.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
2016-06-19 09:49 - 2016-06-19 09:49 - 13105152 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.526.11220.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll
2016-06-19 09:49 - 2016-06-19 09:49 - 00680448 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.526.11220.0_x64__8wekyb3d8bbwe\Microsoft.DesignCore.dll
2016-01-21 05:25 - 2016-01-21 05:25 - 03746816 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1601.49020.0_x64__8wekyb3d8bbwe\Calculator.exe
2015-12-15 05:12 - 2015-12-15 05:14 - 00258560 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1601.49020.0_x64__8wekyb3d8bbwe\StoreRatingPromotion.dll
2016-03-10 05:14 - 2016-03-10 05:16 - 10244608 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_2016.29.13.0_x64__8wekyb3d8bbwe\WinStore.Entertainment.Mobile.dll
2016-05-24 19:40 - 2016-05-24 19:40 - 00679624 _____ () C:\Users\NewUsername\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\ClientTelemetry.dll
2016-04-09 04:05 - 2016-04-09 04:05 - 03481600 _____ () C:\Users\NewUsername\AppData\Local\Programs\Google\Google Photos Backup\gpuploader_i18n.dll
2014-07-01 10:30 - 2015-02-18 14:11 - 00112128 _____ () C:\Program Files (x86)\Canon\ImageBrowser EX\MFMFileSystemWatcher.dll
2015-12-10 21:10 - 2014-05-19 17:19 - 00137728 _____ () C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\CBSCreateVC.dll
2015-12-10 21:10 - 2014-10-31 16:37 - 01498112 _____ () C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\DAQExp.dll
2016-06-25 06:02 - 2016-05-25 22:33 - 00034768 _____ () C:\Program Files (x86)\Dropbox\Client\_multiprocessing.pyd
2016-06-25 06:01 - 2016-05-25 22:33 - 00134088 _____ () C:\Program Files (x86)\Dropbox\Client\pyexpat.pyd
2016-06-25 06:01 - 2016-05-25 22:34 - 00019408 _____ () C:\Program Files (x86)\Dropbox\Client\faulthandler.pyd
2016-06-25 06:01 - 2016-05-25 22:33 - 00116688 _____ () C:\Program Files (x86)\Dropbox\Client\pywintypes27.dll
2016-06-25 06:02 - 2016-05-25 22:33 - 00093640 _____ () C:\Program Files (x86)\Dropbox\Client\_ctypes.pyd
2015-12-14 20:39 - 2016-05-25 22:33 - 00018376 _____ () C:\Program Files (x86)\Dropbox\Client\select.pyd
2015-12-14 20:39 - 2016-06-14 01:43 - 00019760 _____ () C:\Program Files (x86)\Dropbox\Client\tornado.speedups.pyd
2015-12-14 20:39 - 2016-05-25 22:35 - 00105928 _____ () C:\Program Files (x86)\Dropbox\Client\win32api.pyd
2016-06-25 06:01 - 2016-05-25 22:33 - 00392144 _____ () C:\Program Files (x86)\Dropbox\Client\pythoncom27.dll
2015-12-14 20:39 - 2016-06-14 01:43 - 00381752 _____ () C:\Program Files (x86)\Dropbox\Client\win32com.shell.shell.pyd
2015-12-14 20:39 - 2016-05-25 22:33 - 00692688 _____ () C:\Program Files (x86)\Dropbox\Client\unicodedata.pyd
2016-06-25 06:01 - 2016-06-14 01:43 - 00020816 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._constant_time.pyd
2015-12-14 20:39 - 2016-05-25 22:34 - 00123856 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_backend.pyd
2016-06-25 06:01 - 2016-06-14 01:43 - 01682760 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._openssl.pyd
2016-06-25 06:01 - 2016-06-14 01:43 - 00020808 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._padding.pyd
2016-06-25 06:02 - 2016-06-14 01:43 - 00021840 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_unicode_environ_win32_x8bf8e68bx9968e850.pyd
2016-06-25 06:01 - 2016-06-14 01:43 - 00052024 _____ () C:\Program Files (x86)\Dropbox\Client\psutil._psutil_windows.pyd
2016-06-25 06:01 - 2016-06-14 01:43 - 00038696 _____ () C:\Program Files (x86)\Dropbox\Client\fastpath.pyd
2016-06-25 06:01 - 2016-05-25 22:35 - 00020936 _____ () C:\Program Files (x86)\Dropbox\Client\mmapfile.pyd
2015-12-14 20:39 - 2016-05-25 22:35 - 00024528 _____ () C:\Program Files (x86)\Dropbox\Client\win32event.pyd
2015-12-14 20:39 - 2016-05-25 22:35 - 00114640 _____ () C:\Program Files (x86)\Dropbox\Client\win32security.pyd
2015-12-14 20:39 - 2016-05-25 22:35 - 00124880 _____ () C:\Program Files (x86)\Dropbox\Client\win32file.pyd
2016-02-20 17:49 - 2016-06-14 01:43 - 00021832 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_pywin_kernel32_x64d8f881xc8c369be.pyd
2015-12-14 20:39 - 2016-05-25 22:35 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32clipboard.pyd
2015-12-14 20:39 - 2016-05-25 22:35 - 00175560 _____ () C:\Program Files (x86)\Dropbox\Client\win32gui.pyd
2015-12-14 20:39 - 2016-05-25 22:35 - 00030160 _____ () C:\Program Files (x86)\Dropbox\Client\win32pipe.pyd
2015-12-14 20:39 - 2016-05-25 22:35 - 00043472 _____ () C:\Program Files (x86)\Dropbox\Client\win32process.pyd
2015-12-14 20:39 - 2016-05-25 22:35 - 00048592 _____ () C:\Program Files (x86)\Dropbox\Client\win32service.pyd
2016-02-20 17:49 - 2016-06-14 01:43 - 00023872 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.kernel32._winffi_kernel32.pyd
2016-06-25 06:01 - 2016-06-14 01:43 - 00026456 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox.infinite.win.compiled._driverinstallation.pyd
2015-12-14 20:39 - 2016-05-25 22:35 - 00057808 _____ () C:\Program Files (x86)\Dropbox\Client\win32evtlog.pyd
2015-12-14 20:39 - 2016-05-25 22:35 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32profile.pyd
2016-06-25 06:01 - 2016-06-14 01:43 - 00246592 _____ () C:\Program Files (x86)\Dropbox\Client\breakpad.client.windows.handler.pyd
2015-12-14 20:39 - 2016-05-25 22:35 - 00028616 _____ () C:\Program Files (x86)\Dropbox\Client\win32ts.pyd
2016-02-20 17:49 - 2016-06-14 01:43 - 00020800 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.iphlpapi._winffi_iphlpapi.pyd
2016-02-20 17:49 - 2016-06-14 01:43 - 00019776 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winerror._winffi_winerror.pyd
2016-02-20 17:49 - 2016-06-14 01:43 - 00020800 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.wininet._winffi_wininet.pyd
2016-06-25 06:02 - 2016-05-25 22:33 - 00134608 _____ () C:\Program Files (x86)\Dropbox\Client\_elementtree.pyd
2016-06-25 06:01 - 2016-05-25 22:34 - 00240584 _____ () C:\Program Files (x86)\Dropbox\Client\jpegtran.pyd
2016-06-25 06:01 - 2016-06-14 01:43 - 00020280 _____ () C:\Program Files (x86)\Dropbox\Client\cpuid.compiled._cpuid.pyd
2015-12-14 20:39 - 2016-06-14 01:43 - 00023376 _____ () C:\Program Files (x86)\Dropbox\Client\winscreenshot.compiled._CaptureScreenshot.pyd
2015-12-14 20:39 - 2016-05-25 22:35 - 00350152 _____ () C:\Program Files (x86)\Dropbox\Client\winxpgui.pyd
2016-02-20 17:49 - 2016-06-14 01:43 - 00022352 _____ () C:\Program Files (x86)\Dropbox\Client\winverifysignature.compiled._VerifySignature.pyd
2016-06-25 06:01 - 2016-06-14 01:43 - 00024392 _____ () C:\Program Files (x86)\Dropbox\Client\librsyncffi.compiled._librsyncffi.pyd
2016-06-25 06:01 - 2016-05-25 22:35 - 00036296 _____ () C:\Program Files (x86)\Dropbox\Client\librsync.dll
2016-06-25 06:01 - 2016-06-14 01:43 - 00031568 _____ () C:\Program Files (x86)\Dropbox\Client\enterprise_data.compiled._enterprise_data.pyd
2016-06-25 06:01 - 2016-03-12 06:16 - 00293392 _____ () C:\Program Files (x86)\Dropbox\Client\EnterpriseDataAdapter.dll
2016-06-25 06:01 - 2016-06-14 01:43 - 00084280 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_sqlite_ext.DLL
2016-06-25 06:01 - 2016-06-14 01:43 - 01826096 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtCore.pyd
2015-12-14 20:39 - 2016-05-25 22:34 - 00083912 _____ () C:\Program Files (x86)\Dropbox\Client\sip.pyd
2016-06-25 06:01 - 2016-06-14 01:43 - 03928880 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWidgets.pyd
2016-06-25 06:01 - 2016-06-14 01:43 - 01971504 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtGui.pyd
2016-06-25 06:01 - 2016-06-14 01:43 - 00531248 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtNetwork.pyd
2016-06-25 06:01 - 2016-06-14 01:43 - 00132912 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKit.pyd
2016-06-25 06:01 - 2016-06-14 01:43 - 00223544 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKitWidgets.pyd
2016-06-25 06:01 - 2016-06-14 01:43 - 00207672 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtPrintSupport.pyd
2016-04-16 10:42 - 2016-06-14 01:43 - 00025928 _____ () C:\Program Files (x86)\Dropbox\Client\windisplaytoast.compiled._DisplayToast.pyd
2015-12-14 20:39 - 2016-05-25 22:35 - 00060880 _____ () C:\Program Files (x86)\Dropbox\Client\win32print.pyd
2016-06-25 06:02 - 2016-06-14 01:43 - 00024904 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_wpad_proxy_win_x752e3d61xdcfdcc84.pyd
2016-06-29 05:06 - 2016-06-29 05:06 - 00098816 ____R () C:\Users\NewUsername\AppData\Local\Temp\_MEI69562\win32api.pyd
2016-06-29 05:06 - 2016-06-29 05:06 - 00110080 ____R () C:\Users\NewUsername\AppData\Local\Temp\_MEI69562\pywintypes27.dll
2016-06-29 05:06 - 2016-06-29 05:06 - 00364544 ____R () C:\Users\NewUsername\AppData\Local\Temp\_MEI69562\pythoncom27.dll
2016-06-29 05:06 - 2016-06-29 05:06 - 00320512 ____R () C:\Users\NewUsername\AppData\Local\Temp\_MEI69562\win32com.shell.shell.pyd
2016-06-29 05:06 - 2016-06-29 05:06 - 00776704 ____R () C:\Users\NewUsername\AppData\Local\Temp\_MEI69562\_hashlib.pyd
2016-06-29 05:06 - 2016-06-29 05:06 - 01176576 ____R () C:\Users\NewUsername\AppData\Local\Temp\_MEI69562\wx._core_.pyd
2016-06-29 05:06 - 2016-06-29 05:06 - 00806400 ____R () C:\Users\NewUsername\AppData\Local\Temp\_MEI69562\wx._gdi_.pyd
2016-06-29 05:06 - 2016-06-29 05:06 - 00816128 ____R () C:\Users\NewUsername\AppData\Local\Temp\_MEI69562\wx._windows_.pyd
2016-06-29 05:06 - 2016-06-29 05:06 - 01067008 ____R () C:\Users\NewUsername\AppData\Local\Temp\_MEI69562\wx._controls_.pyd
2016-06-29 05:06 - 2016-06-29 05:06 - 00733184 ____R () C:\Users\NewUsername\AppData\Local\Temp\_MEI69562\wx._misc_.pyd
2016-06-29 05:06 - 2016-06-29 05:06 - 00682496 ____R () C:\Users\NewUsername\AppData\Local\Temp\_MEI69562\pysqlite2._sqlite.pyd
2016-06-29 05:06 - 2016-06-29 05:06 - 00088064 ____R () C:\Users\NewUsername\AppData\Local\Temp\_MEI69562\_ctypes.pyd
2016-06-29 05:06 - 2016-06-29 05:06 - 00119808 ____R () C:\Users\NewUsername\AppData\Local\Temp\_MEI69562\win32file.pyd
2016-06-29 05:06 - 2016-06-29 05:06 - 00108544 ____R () C:\Users\NewUsername\AppData\Local\Temp\_MEI69562\win32security.pyd
2016-06-29 05:06 - 2016-06-29 05:06 - 00007168 ____R () C:\Users\NewUsername\AppData\Local\Temp\_MEI69562\hashobjs_ext.pyd
2016-06-29 05:06 - 2016-06-29 05:06 - 00017920 ____R () C:\Users\NewUsername\AppData\Local\Temp\_MEI69562\thumbnails_ext.pyd
2016-06-29 05:06 - 2016-06-29 05:06 - 00088064 ____R () C:\Users\NewUsername\AppData\Local\Temp\_MEI69562\usb_ext.pyd
2016-06-29 05:06 - 2016-06-29 05:06 - 00012288 ____R () C:\Users\NewUsername\AppData\Local\Temp\_MEI69562\common.time34.pyd
2016-06-29 05:06 - 2016-06-29 05:06 - 00018432 ____R () C:\Users\NewUsername\AppData\Local\Temp\_MEI69562\win32event.pyd
2016-06-29 05:06 - 2016-06-29 05:06 - 00167936 ____R () C:\Users\NewUsername\AppData\Local\Temp\_MEI69562\win32gui.pyd
2016-06-29 05:06 - 2016-06-29 05:06 - 00046080 ____R () C:\Users\NewUsername\AppData\Local\Temp\_MEI69562\_socket.pyd
2016-06-29 05:06 - 2016-06-29 05:06 - 01208320 ____R () C:\Users\NewUsername\AppData\Local\Temp\_MEI69562\_ssl.pyd
2016-06-29 05:06 - 2016-06-29 05:06 - 00128512 ____R () C:\Users\NewUsername\AppData\Local\Temp\_MEI69562\_elementtree.pyd
2016-06-29 05:06 - 2016-06-29 05:06 - 00127488 ____R () C:\Users\NewUsername\AppData\Local\Temp\_MEI69562\pyexpat.pyd
2016-06-29 05:06 - 2016-06-29 05:06 - 00038912 ____R () C:\Users\NewUsername\AppData\Local\Temp\_MEI69562\win32inet.pyd
2016-06-29 05:06 - 2016-06-29 05:06 - 00036864 ____R () C:\Users\NewUsername\AppData\Local\Temp\_MEI69562\_psutil_windows.pyd
2016-06-29 05:06 - 2016-06-29 05:06 - 00525208 ____R () C:\Users\NewUsername\AppData\Local\Temp\_MEI69562\windows._lib_cacheinvalidation.pyd
2016-06-29 05:06 - 2016-06-29 05:06 - 00011264 ____R () C:\Users\NewUsername\AppData\Local\Temp\_MEI69562\win32crypt.pyd
2016-06-29 05:06 - 2016-06-29 05:06 - 00077312 ____R () C:\Users\NewUsername\AppData\Local\Temp\_MEI69562\wx._html2.pyd
2016-06-29 05:06 - 2016-06-29 05:06 - 00027136 ____R () C:\Users\NewUsername\AppData\Local\Temp\_MEI69562\_multiprocessing.pyd
2016-06-29 05:06 - 2016-06-29 05:06 - 00020480 ____R () C:\Users\NewUsername\AppData\Local\Temp\_MEI69562\_yappi.pyd
2016-06-29 05:06 - 2016-06-29 05:06 - 00035840 ____R () C:\Users\NewUsername\AppData\Local\Temp\_MEI69562\win32process.pyd
2016-06-29 05:06 - 2016-06-29 05:06 - 00686080 ____R () C:\Users\NewUsername\AppData\Local\Temp\_MEI69562\unicodedata.pyd
2016-06-29 05:06 - 2016-06-29 05:06 - 00078848 ____R () C:\Users\NewUsername\AppData\Local\Temp\_MEI69562\wx._animate.pyd
2016-06-29 05:06 - 2016-06-29 05:06 - 00123392 ____R () C:\Users\NewUsername\AppData\Local\Temp\_MEI69562\wx._wizard.pyd
2016-06-29 05:06 - 2016-06-29 05:06 - 00024064 ____R () C:\Users\NewUsername\AppData\Local\Temp\_MEI69562\win32pipe.pyd
2016-06-29 05:06 - 2016-06-29 05:06 - 00010240 ____R () C:\Users\NewUsername\AppData\Local\Temp\_MEI69562\select.pyd
2016-06-29 05:06 - 2016-06-29 05:06 - 00025600 ____R () C:\Users\NewUsername\AppData\Local\Temp\_MEI69562\win32pdh.pyd
2016-06-29 05:06 - 2016-06-29 05:06 - 00017408 ____R () C:\Users\NewUsername\AppData\Local\Temp\_MEI69562\win32profile.pyd
2016-06-29 05:06 - 2016-06-29 05:06 - 00022528 ____R () C:\Users\NewUsername\AppData\Local\Temp\_MEI69562\win32ts.pyd
2016-01-22 05:13 - 2016-01-22 05:14 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll
2016-01-22 05:13 - 2016-01-22 05:14 - 22330368 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkyWrap.dll
2012-04-01 05:16 - 2009-04-07 18:47 - 00479232 _____ () C:\Program Files (x86)\Jagannatha Hora\bin\swedll32.dll
2010-04-10 00:34 - 2010-04-10 00:34 - 00448231 _____ () C:\Program Files (x86)\DOSBox-0.74\SDL.dll
2010-04-10 00:34 - 2010-04-10 00:34 - 00013312 _____ () C:\Program Files (x86)\DOSBox-0.74\SDL_net.dll
2016-06-18 05:58 - 2016-06-15 14:45 - 01745560 _____ () C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.103\libglesv2.dll
2016-06-18 05:58 - 2016-06-15 14:45 - 00091288 _____ () C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.103\libegl.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\S-1-5-21-3004085564-4243055889-3556216080-1005\...\amazon.in -> hxxps://amazon.in
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-14 08:04 - 2016-06-25 19:23 - 00000867 ____N C:\WINDOWS\system32\Drivers\etc\hosts
 
 
0.0.0.1 mssplus.mcafee.com
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-3004085564-4243055889-3556216080-1005\Control Panel\Desktop\\Wallpaper -> C:\Users\NewUsername\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 10.0.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\startupfolder: C:^Users^ramachander^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.3.lnk => C:\windows\pss\OpenOffice.org 3.3.lnk.Startup
MSCONFIG\startupreg: 331BigDog => C:\Program Files (x86)\USB Camera\VM331_STI.EXE
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Google Update => "C:\Users\ramachander\AppData\Local\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: googletalk => C:\Users\ramachander\AppData\Roaming\Google\Google Talk\googletalk.exe /autostart
MSCONFIG\startupreg: GrooveMonitor => "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
MSCONFIG\startupreg: IAStorIcon => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
MSCONFIG\startupreg: Persistence => C:\windows\system32\igfxpers.exe
MSCONFIG\startupreg: Sidebar => C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
MSCONFIG\startupreg: SynTPEnh => %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
MSCONFIG\startupreg: VeriFaceManager => C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe
MSCONFIG\startupreg: Video Performer63615.exe => "C:\Users\RAMACH~1\AppData\Local\Temp\Video Performer63615.exe" /XML="C:\Users\RAMACH~1\AppData\Local\Temp\8EA8.tmp" /STP=0:2
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [MSMQ-In-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-In-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [WCF-NetTcpActivator-In-TCP-64bit] => (Allow) LPort=808
FirewallRules: [{88197160-C0C0-49C0-AE10-FD0F290262AD}] => (Allow) C:\Program Files (x86)\360\Total Security\safemon\QHSafeTray.exe
FirewallRules: [{0E8537A8-8490-48A2-992D-36C8DA53CB37}] => (Allow) C:\Program Files (x86)\360\Total Security\safemon\QHSafeTray.exe
FirewallRules: [{8A456151-FEF1-40A8-839F-EC20CAD05432}] => (Allow) C:\Program Files (x86)\BitComet\BitComet.exe
FirewallRules: [{C7DC7D72-88D4-44A8-A18F-6B1671073FAF}] => (Allow) C:\Program Files (x86)\BitComet\BitComet.exe
FirewallRules: [UDP Query User{C9D07676-D5B5-463E-A271-19F341A5DFFE}C:\program files (x86)\netgear genie\bin\netgeargenie.exe] => (Allow) C:\program files (x86)\netgear genie\bin\netgeargenie.exe
FirewallRules: [TCP Query User{9E4A114C-6410-41DF-A4CA-1074342AC272}C:\program files (x86)\netgear genie\bin\netgeargenie.exe] => (Allow) C:\program files (x86)\netgear genie\bin\netgeargenie.exe
FirewallRules: [UDP Query User{0587565A-0C39-485F-9AC3-A95A2728C2EB}C:\program files (x86)\picblock\picblock.exe] => (Allow) C:\program files (x86)\picblock\picblock.exe
FirewallRules: [TCP Query User{D0AD2F84-03C3-43BA-BFC1-3C79E5C3247F}C:\program files (x86)\picblock\picblock.exe] => (Allow) C:\program files (x86)\picblock\picblock.exe
FirewallRules: [{CE63904E-2BD9-4EB8-BE9D-E4604FC9AFBA}] => (Allow) C:\Program Files (x86)\360\Total Security\LiveUpdate360.exe
FirewallRules: [{6374DA26-850D-4845-900B-F6014FEAB71D}] => (Allow) C:\Program Files (x86)\360\Total Security\LiveUpdate360.exe
FirewallRules: [UDP Query User{7D7F6BA6-BE57-46E8-8363-8D5A75871A4B}C:\windows\system32\ftp.exe] => (Allow) C:\windows\system32\ftp.exe
FirewallRules: [TCP Query User{5366C6E0-9590-49D0-9165-62E5C8EF4D7A}C:\windows\system32\ftp.exe] => (Allow) C:\windows\system32\ftp.exe
FirewallRules: [UDP Query User{BD67E247-052C-4222-854D-D5D5521C4F1D}C:\program files (x86)\internet explorer\iexplore.exe] => (Allow) C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [TCP Query User{67E199EF-9B18-4AE9-9AD6-7861822A1D0A}C:\program files (x86)\internet explorer\iexplore.exe] => (Allow) C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [{0FEC3254-81AF-4B99-BA91-87A0D08052F2}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{1B2FA3FD-2A6F-4B40-8A7A-A79FB97AAB01}] => (Allow) LPort=1900
FirewallRules: [{22423A4F-638D-4E23-A6FF-77D5D70CFC45}] => (Allow) LPort=2869
FirewallRules: [{5D86D2F8-EA70-48CC-9F82-8DED92D782D5}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{954A7466-1C35-427F-B45D-51A993E5FDA4}] => (Allow) C:\Program Files\HP\HP Deskjet 1000 J110 series\Bin\USBSetup.exe
FirewallRules: [{CD195C23-3986-4138-AE14-717ABC9A3D32}] => (Allow) C:\Users\ramachander\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [UDP Query User{C1E67807-2F36-48A9-93C3-D621C68CD57F}C:\program files (x86)\oovoo\oovoo.exe] => (Block) C:\program files (x86)\oovoo\oovoo.exe
FirewallRules: [TCP Query User{38948E8D-B45D-45A2-A2B2-270C5C56DAAA}C:\program files (x86)\oovoo\oovoo.exe] => (Block) C:\program files (x86)\oovoo\oovoo.exe
FirewallRules: [{CAE18316-A036-412D-9CF3-6DA6A7BA2C48}] => (Allow) C:\Users\ramachander\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
FirewallRules: [{94835CF5-C106-4497-A263-BC6714FB7899}] => (Allow) C:\Users\ramachander\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
FirewallRules: [UDP Query User{09FB61C6-2499-4109-9AAD-22C8B726CA89}C:\users\ramachander\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\ramachander\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [TCP Query User{70F8E5B8-C954-4C2D-BABC-A58024F75A6C}C:\users\ramachander\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\ramachander\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{0017FDDF-C213-49B9-9B8F-1AE0EAADE407}C:\program files (x86)\oovoo\oovoo.exe] => (Block) C:\program files (x86)\oovoo\oovoo.exe
FirewallRules: [TCP Query User{91D499F0-8D3C-404C-8AB6-812BF83AD833}C:\program files (x86)\oovoo\oovoo.exe] => (Block) C:\program files (x86)\oovoo\oovoo.exe
FirewallRules: [{50AE3745-5410-40FD-A9FE-73F6E755E3C2}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{F33800C9-6B30-4B85-AF2D-487706A38971}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
FirewallRules: [{1D09191A-5D04-4C24-8347-7B22C2E8C372}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
FirewallRules: [TCP Query User{46A831B9-7F7B-4D34-BBEF-938466A52EED}C:\program files (x86)\wondershare\mobilego for android\mobilegoservice.exe] => (Allow) C:\program files (x86)\wondershare\mobilego for android\mobilegoservice.exe
FirewallRules: [UDP Query User{8EF6C815-9D0A-42F3-B4EF-A2F61FAD97E4}C:\program files (x86)\wondershare\mobilego for android\mobilegoservice.exe] => (Allow) C:\program files (x86)\wondershare\mobilego for android\mobilegoservice.exe
FirewallRules: [{BDB298B3-141E-4392-9212-8D9123403C4E}] => (Allow) C:\Users\ramachander\AppData\Local\Chromium\Application\chrome.exe
FirewallRules: [{44073E46-4B4F-4210-8119-5A81A5A67ED4}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{1866890D-8ED5-4DDC-8915-8C3755577B39}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
 
==================== Restore Points =========================
 
03-06-2016 11:01:18 Scheduled Checkpoint
16-06-2016 08:16:10 Windows Update
23-06-2016 15:34:37 Scheduled Checkpoint
27-06-2016 22:26:33 AA11
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (06/29/2016 08:18:42 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: WzBGTools.exe, version: 20.5.12146.0, time stamp: 0x5745b076
Faulting module name: KERNELBASE.dll, version: 10.0.10586.306, time stamp: 0x571af331
Exception code: 0xe0434352
Fault offset: 0x0000000000071f28
Faulting process id: 0x2b50
Faulting application start time: 0xWzBGTools.exe0
Faulting application path: WzBGTools.exe1
Faulting module path: WzBGTools.exe2
Report Id: WzBGTools.exe3
Faulting package full name: WzBGTools.exe4
Faulting package-relative application ID: WzBGTools.exe5
 
Error: (06/29/2016 08:18:40 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: WzBGTools.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.UnauthorizedAccessException
   at System.IO.__Error.WinIOError(Int32, System.String)
   at System.IO.FileSystemEnumerableIterator`1[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]].CommonInit()
   at System.IO.FileSystemEnumerableIterator`1[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]]..ctor(System.String, System.String, System.String, System.IO.SearchOption, System.IO.SearchResultHandler`1<System.__Canon>, Boolean)
   at System.IO.DirectoryInfo.InternalGetFileSystemInfos(System.String, System.IO.SearchOption)
   at ew.ah(WzBGTool.BGTListRule)
   at ew.ah(WzBGTool.BGTListRule)
   at ev.ah(WzBGTool.BGTListRule)
   at WzBGTool.WzBGToolTemporary.s()
   at WzBGTool.WzBGToolCommon.a(WzBGTool.INotificationCallback)
   at WzBGTool.WzBGToolCommon.ac(WzBGTool.INotificationCallback)
   at e0.c()
   at e1.b()
   at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
   at System.Threading.ThreadHelper.ThreadStart()
 
Error: (06/29/2016 05:08:25 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: RAMACHANDER-PC)
Description: Package 61545TimGrabinat.wAPPerforGmail_1.1.12.0_x64__rcb0qdgx4z9ca+App was terminated because it took too long to suspend.
 
Error: (06/29/2016 12:06:59 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: RAMACHANDER-PC)
Description: Activation of app Microsoft.Windows.Photos_8wekyb3d8bbwe!App failed with error: -2147023170 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (06/28/2016 10:24:33 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: ramachander-PC)
Description: Activation of app Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy!App failed with error: -2147023728 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (06/28/2016 10:03:19 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: RAMACHANDER-PC)
Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (06/28/2016 10:03:19 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: RAMACHANDER-PC)
Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2147023170 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (06/28/2016 08:55:43 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe_BITS, version: 10.0.10586.0, time stamp: 0x5632d7ba
Faulting module name: upnp.dll, version: 10.0.10586.0, time stamp: 0x5632d646
Exception code: 0xc0000005
Fault offset: 0x000000000002b080
Faulting process id: 0xc10
Faulting application start time: 0xsvchost.exe_BITS0
Faulting application path: svchost.exe_BITS1
Faulting module path: svchost.exe_BITS2
Report Id: svchost.exe_BITS3
Faulting package full name: svchost.exe_BITS4
Faulting package-relative application ID: svchost.exe_BITS5
 
Error: (06/28/2016 08:55:35 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe_BITS, version: 10.0.10586.0, time stamp: 0x5632d7ba
Faulting module name: upnp.dll, version: 10.0.10586.0, time stamp: 0x5632d646
Exception code: 0xc0000005
Fault offset: 0x000000000002b080
Faulting process id: 0x29c4
Faulting application start time: 0xsvchost.exe_BITS0
Faulting application path: svchost.exe_BITS1
Faulting module path: svchost.exe_BITS2
Report Id: svchost.exe_BITS3
Faulting package full name: svchost.exe_BITS4
Faulting package-relative application ID: svchost.exe_BITS5
 
Error: (06/28/2016 08:43:50 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe_BITS, version: 10.0.10586.0, time stamp: 0x5632d7ba
Faulting module name: upnp.dll, version: 10.0.10586.0, time stamp: 0x5632d646
Exception code: 0xc0000005
Fault offset: 0x000000000002b080
Faulting process id: 0x1790
Faulting application start time: 0xsvchost.exe_BITS0
Faulting application path: svchost.exe_BITS1
Faulting module path: svchost.exe_BITS2
Report Id: svchost.exe_BITS3
Faulting package full name: svchost.exe_BITS4
Faulting package-relative application ID: svchost.exe_BITS5
 
 
System errors:
=============
Error: (06/29/2016 05:37:45 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{3185A766-B338-11E4-A71E-12E3F512A338}{7006698D-2974-4091-A424-85DD0B909E23}NT AUTHORITYNETWORK SERVICES-1-5-20LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (06/29/2016 05:35:37 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{3185A766-B338-11E4-A71E-12E3F512A338}{7006698D-2974-4091-A424-85DD0B909E23}NT AUTHORITYNETWORK SERVICES-1-5-20LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (06/29/2016 05:27:41 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{3185A766-B338-11E4-A71E-12E3F512A338}{7006698D-2974-4091-A424-85DD0B909E23}NT AUTHORITYNETWORK SERVICES-1-5-20LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (06/29/2016 05:14:57 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Intel® Management and Security Application User Notification Service service hung on starting.
 
Error: (06/29/2016 05:12:19 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Downloaded Maps Manager service hung on starting.
 
Error: (06/29/2016 05:09:24 AM) (Source: DCOM) (EventID: 10016) (User: RAMACHANDER-PC)
Description: machine-defaultLocalActivation{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}ramachander-PCNewUsernameS-1-5-21-3004085564-4243055889-3556216080-1005LocalHost (Using LRPC)Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewyS-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742
 
Error: (06/29/2016 05:03:12 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The NetTcpActivator service depends on the NetTcpPortSharing service which failed to start because of the following error: 
%%1058 = The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
 
 
Error: (06/29/2016 05:03:08 AM) (Source: Microsoft-Windows-TaskScheduler) (EventID: 413) (User: NT AUTHORITY)
Description: Task Scheduler service failed to load tasks at service startup. Additional Data: Error Value: 2147942402.
 
Error: (06/29/2016 02:29:50 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The WWAN AutoConfig service terminated with the following error: 
%%997 = Overlapped I/O operation is in progress.
 
 
Error: (06/29/2016 02:29:42 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Access_bf0b4 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
 
CodeIntegrity:
===================================
  Date: 2016-06-29 11:08:50.840
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-06-29 09:58:05.449
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-06-29 09:58:05.425
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-06-29 09:58:05.399
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-06-29 09:58:05.324
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-06-29 09:58:05.301
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-06-29 09:58:05.264
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-06-29 09:58:05.215
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-06-29 09:58:05.193
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-06-29 09:58:05.136
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i3-2350M CPU @ 2.30GHz
Percentage of memory in use: 76%
Total physical RAM: 4039.86 MB
Available physical RAM: 968.61 MB
Total Virtual: 5575.86 MB
Available Virtual: 1228.53 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:421.81 GB) (Free:318.35 GB) NTFS
Drive d: (LENOVO) (Fixed) (Total:29 GB) (Free:19.41 GB) NTFS
Drive e: () (Removable) (Total:7.44 GB) (Free:1.02 GB) FAT32
Drive g: (USB20FD) (Removable) (Total:14.92 GB) (Free:8.27 GB) FAT32
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: F7AB16B9)
Partition 1: (Active) - (Size=200 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=421.8 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=29 GB) - (Type=OF Extended)
Partition 4: (Not Active) - (Size=14.8 GB) - (Type=12)
 
========================================================
Disk: 1 (Size: 14.9 GB) (Disk ID: 04030201)
Partition 1: (Not Active) - (Size=14.9 GB) - (Type=0C)
 
========================================================
Disk: 2 (Size: 7.5 GB) (Disk ID: 6F20736B)
No partition Table on disk 2.
Disk 2 is a removable device.
 
==================== End of Addition.txt ============================

---------------------------------

 

 

 

 

 

 



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,580 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:48 PM

Posted 01 July 2016 - 08:42 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Remove this button via the Control Panel > Programs > Programs and Features applet.
Amazon 1Button App (x32 Version: 2.3.4 - Amazon) Hidden <==== ATTENTION

===

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start


CreateRestorePoint:
EmptyTemp:
CloseProcesses:

HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\RunOnce: [Hehotefad] => C:\WINDOWS\SysWOW64\wscript.exe /E:vbscript /B "C:\Users\RAMACH~1\AppData\Local\28C17C~1\Mesogode.dat"
ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} =>  No File
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
SearchScopes: HKLM -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
CHR Extension: (Chrome Web Store Payments) - C:\Users\NewUsername\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-10]
R2 Amazon 1Button App Service; C:\Program Files (x86)\Amazon\Amazon1ButtonApp\Amazon1ButtonService64.Exe [436032 2016-02-17] (Amazon Inc.)
U3 idsvc; no ImagePath
U3 wpcsvc; no ImagePath
C:\Users\RAMACH~1\AppData\Local\28C17C~1
C:\Users\NewUsername\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
C:\Program Files (x86)\Amazon\Amazon1ButtonApp\Amazon1ButtonService64.Exe
CustomCLSID: HKU\S-1-5-21-3004085564-4243055889-3556216080-1005_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\NewUsername\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll => No File
Task: {10D5F6D6-F062-4FE0-B5E4-672103570215} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {1549A3CA-73E5-4FE1-AB5C-A0A52FB6990B} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {32F81626-D52F-4D1E-8B20-BB955096F079} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {4B1A0088-B420-4107-9BE5-9BDFB8C2BDD0} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {69D4DFA0-E166-4C1B-879C-9C965479802D} - no filepath
Task: {71FF77B1-DBF0-40B6-8852-1C41140C90D9} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {74F8C234-FD29-4F42-8036-AF03A4014ED8} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {914D5BD1-6894-4945-BFD7-D829B1E8AF1D} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {91EA4918-B95C-46A5-B149-4B5A085E7528} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {D491D0B1-4C85-471D-8321-744ADDFB0400} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {E0082C77-8356-4125-B564-003C675258F9} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {F1618F1D-5B01-49AA-B2D8-5B2C75C523EB} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION


End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Download to your Desktop the Junkware Removal Tool Download from this link.
http://www.bleepingcomputer.com/download/junkware-removal-tool/

Shutdown your antivirus to avoid any conflicts.
Right click the icon - disable for say 20 mins.
Right-mouse click JRT.exe and select Run as administrator (If using XP just double click on the icon to run it.)
The tool will open and start scanning your system.
Please be patient as this can take a while to complete.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.
======

Reset Chrome...
Open Google Chrome, click on menu icon google-chrome-setting-icon.png which is located right side top of the google chrome.
 
Click "Settings" then "Show advanced settings" at the bottom of the screen.
 
Click "Reset browser settings" button.
 
Clear your cache and cookies
https://support.google.com/chromebook/answer/183083?hl=en

Restart Chrome.

Please post the logs and let me know what problem persists.

#3 coredump

coredump
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  

Posted 01 July 2016 - 09:54 AM

Thanks a lot for replying nasdaq...i don't see Amazon 1 button app in control panel... Though I do see a directory called Amazon 1 button app in program files. Shall I just delete the files in that directory?

Also note it looks like at least one of my Android phones has the same issue in its chrome browser...I think it was connected to the laptop having the issue and developed a similar problem..
For whatever reason i am not able to reply to this topic from my computer... It keeps redirecting me and sometimes the reply field is read only... Replying from my cell phone.... Wonder if it is related to the same malware...

 

Update: I ran the rest of the steps (except the removal of 1 Button App). The problem persists. Here are the results

 

-----------------Fixlog.txt---------------------------------------------

Fix result of Farbar Recovery Scan Tool (x64) Version: 29-06-2016
Ran by NewUsername (2016-07-02 07:53:38) Run:1
Running from C:\Users\NewUsername\Downloads
Loaded Profiles: NewUsername (Available Profiles: Maithree Venkatesan & Yamini Venkatesan & NewUsername & rames & Guest & DefaultAppPool)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
start
 
 
CreateRestorePoint:
EmptyTemp:
CloseProcesses:
 
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\RunOnce: [Hehotefad] => C:\WINDOWS\SysWOW64\wscript.exe /E:vbscript /B "C:\Users\RAMACH~1\AppData\Local\28C17C~1\Mesogode.dat"
ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} =>  No File
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
SearchScopes: HKLM -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
CHR Extension: (Chrome Web Store Payments) - C:\Users\NewUsername\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-10]
R2 Amazon 1Button App Service; C:\Program Files (x86)\Amazon\Amazon1ButtonApp\Amazon1ButtonService64.Exe [436032 2016-02-17] (Amazon Inc.)
U3 idsvc; no ImagePath
U3 wpcsvc; no ImagePath
C:\Users\RAMACH~1\AppData\Local\28C17C~1
C:\Users\NewUsername\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
C:\Program Files (x86)\Amazon\Amazon1ButtonApp\Amazon1ButtonService64.Exe
CustomCLSID: HKU\S-1-5-21-3004085564-4243055889-3556216080-1005_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\NewUsername\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll => No File
Task: {10D5F6D6-F062-4FE0-B5E4-672103570215} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {1549A3CA-73E5-4FE1-AB5C-A0A52FB6990B} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {32F81626-D52F-4D1E-8B20-BB955096F079} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {4B1A0088-B420-4107-9BE5-9BDFB8C2BDD0} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {69D4DFA0-E166-4C1B-879C-9C965479802D} - no filepath
Task: {71FF77B1-DBF0-40B6-8852-1C41140C90D9} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {74F8C234-FD29-4F42-8036-AF03A4014ED8} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {914D5BD1-6894-4945-BFD7-D829B1E8AF1D} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {91EA4918-B95C-46A5-B149-4B5A085E7528} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {D491D0B1-4C85-471D-8321-744ADDFB0400} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {E0082C77-8356-4125-B564-003C675258F9} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {F1618F1D-5B01-49AA-B2D8-5B2C75C523EB} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
 
 
End
*****************
 
Restore point was successfully created.
Processes closed successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\\Hehotefad => value removed successfully
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\GDriveSharedOverlay" => key removed successfully
HKCR\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => key not found. 
HKLM\SOFTWARE\Policies\Google => key not found. 
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
C:\Users\NewUsername\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda => moved successfully
Amazon 1Button App Service => Unable to stop service.
Amazon 1Button App Service => service removed successfully
idsvc => service removed successfully
wpcsvc => service removed successfully
C:\Users\RAMACH~1\AppData\Local\28C17C~1 => moved successfully
"C:\Users\NewUsername\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda" => not found.
C:\Program Files (x86)\Amazon\Amazon1ButtonApp\Amazon1ButtonService64.Exe => moved successfully
"HKU\S-1-5-21-3004085564-4243055889-3556216080-1005_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{10D5F6D6-F062-4FE0-B5E4-672103570215}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{10D5F6D6-F062-4FE0-B5E4-672103570215}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1549A3CA-73E5-4FE1-AB5C-A0A52FB6990B}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1549A3CA-73E5-4FE1-AB5C-A0A52FB6990B}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{32F81626-D52F-4D1E-8B20-BB955096F079}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{32F81626-D52F-4D1E-8B20-BB955096F079}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4B1A0088-B420-4107-9BE5-9BDFB8C2BDD0}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4B1A0088-B420-4107-9BE5-9BDFB8C2BDD0}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{69D4DFA0-E166-4C1B-879C-9C965479802D}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{69D4DFA0-E166-4C1B-879C-9C965479802D}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{71FF77B1-DBF0-40B6-8852-1C41140C90D9}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{71FF77B1-DBF0-40B6-8852-1C41140C90D9}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{74F8C234-FD29-4F42-8036-AF03A4014ED8}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{74F8C234-FD29-4F42-8036-AF03A4014ED8}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{914D5BD1-6894-4945-BFD7-D829B1E8AF1D}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{914D5BD1-6894-4945-BFD7-D829B1E8AF1D}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{91EA4918-B95C-46A5-B149-4B5A085E7528}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{91EA4918-B95C-46A5-B149-4B5A085E7528}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D491D0B1-4C85-471D-8321-744ADDFB0400}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D491D0B1-4C85-471D-8321-744ADDFB0400}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E0082C77-8356-4125-B564-003C675258F9}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E0082C77-8356-4125-B564-003C675258F9}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F1618F1D-5B01-49AA-B2D8-5B2C75C523EB}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F1618F1D-5B01-49AA-B2D8-5B2C75C523EB}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d" => key removed successfully
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 26621001 B
Java, Flash, Steam htmlcache => 602 B
Windows/system/drivers => 12607000 B
Edge => 38697573 B
Chrome => 199505714 B
Firefox => 0 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 128 B
LocalService => 34618 B
NetworkService => 18618522 B
ramachander => 915144868 B
Maithree Venkatesan => 53112759 B
Yamini Venkatesan => 81109898 B
NewUsername => 63033146 B
rames => 31356590 B
Guest => 37823 B
DefaultAppPool => 0 B
 
RecycleBin => 0 B
EmptyTemp: => 1.3 GB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 07:56:31 ====
-----------------Fixlog.txt---------------------------------------------
 
 
Rebooted system as instructed. Ran JRT. Here are the results
 

-----------------JRT.txt---------------------------------------------

 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.6 (04.25.2016)
Operating System: Windows 10 Home x64 
Ran by NewUsername (Administrator) on Sat 07/02/2016 at  8:19:28.96
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
File System: 1 
 
Successfully deleted: C:\WINDOWS\s.bat (File) 
 
 
 
Registry: 0 
 
-----------------JRT.txt---------------------------------------------

Edited by coredump, 01 July 2016 - 10:10 PM.


#4 nasdaq

nasdaq

  • Malware Response Team
  • 38,580 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:48 PM

Posted 02 July 2016 - 07:15 AM

I suggest your remove chrome and the Syncing.

Remove Chrome using the the instructions on this page.
https://support.google.com/chrome/answer/95319?hl=en

Before you do Export your Bookmarks
Chrome will export your bookmarks as a HTML file, which you can then import into another browser.

Re-install Chrome and the Bookmarks.

If you want to save all your settings refer to this page.
Follow the instructions before removing Chrome.
http://juan2geek.com/how-to-backup-and-restore-entire-google-chrome-setting/
<<<>>>



How To Delete Your Google Chrome Browser Sync Data
http://www.howtogeek.com/103655/how-to-delete-your-google-chrome-browser-sync-data/
<<<>>>

Keep me posted.

#5 coredump

coredump
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  

Posted 03 July 2016 - 04:05 AM

Thanks for the reply nasdaq. The first link for removing chrome does not lead to any page. Is there an updated URL? Tried to manually uninstall and reinstall through control panel. Issue persists. I am a little hesitant to remove all Google data... please note that the issue occurs in IE/edge browser too

#6 nasdaq

nasdaq

  • Malware Response Team
  • 38,580 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:48 PM

Posted 03 July 2016 - 08:23 AM

If using a router it's possible that it's compromised.

Run this tool.

--RogueKiller--
  • Download & SAVE to your Desktop Download RogueKiller
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or above, right-click the program file and select "Run as Administrator"
  • Accept the user agreements.
  • Execute the scan and wait until it has finished.
  • If a Windows opens to explain what [PUM's] are, read about it.
  • Click the RoguKiller icon on your taksbar to return to the report.
  • Click open the Report
  • Click Export TXT button
  • Save the file as ReportRogue.txt
  • Click the Remove button to delete the items in RED
  • Click Finish and close the program.
  • Locate the ReportRogue.txt file on your Desktop and copy/paste the contents in your next.
=======

#7 coredump

coredump
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  

Posted 03 July 2016 - 10:50 AM

Thanks a lot nasdaq. I think it resolved the issue (I am now actually able to post in the forum from my laptop, which itself is a great step forward)...But sometimes the redirect doesn't happen for some time and then occurs....So not ready to declare victory yet.

 

Yes, it makes sense that it is a router compromise. As I posted I observed the issue in one of my android phones. After that I have observed the issue in two more andorid phones connected to the router wi-fi. I saw some recommendation of resetting the router to factory default in case of router issue. Do you advise me to do that? If so are there any good writeup of the steps I should follow to reset my router (Or should I just see the router manual)?

 

Attached is the report from RogueKiller

 

-----------------------

RogueKiller V12.3.6.0 [Jun 27 2016] (Free) by Adlice Software
 
Operating System : Windows 10 (10.0.10586) 64 bits version
Started in : Normal mode
User : NewUsername [Administrator]
Started from : C:\Users\NewUsername\Downloads\RogueKiller.exe
Mode : Scan -- Date : 07/03/2016 20:11:06
 
¤¤¤ Processes : 0 ¤¤¤
 
¤¤¤ Registry : 8 ¤¤¤
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-3004085564-4243055889-3556216080-1005\Software\Microsoft\Internet Explorer\Main | Start Page : https://www.amazon.com/gp/bit/amazonserp/ref=bit_bds-p17_serp_ie_us_display?ie=UTF8&tagbase=bds-p17&tbrId=v1_abb-channel-17_34fb1a93_1201_1403_20160504_IN_ie_sp_  -> Found
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-3004085564-4243055889-3556216080-1005\Software\Microsoft\Internet Explorer\Main | Start Page : https://www.amazon.com/gp/bit/amazonserp/ref=bit_bds-p17_serp_ie_us_display?ie=UTF8&tagbase=bds-p17&tbrId=v1_abb-channel-17_34fb1a93_1201_1403_20160504_IN_ie_sp_  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 10.0.0.1 ([])  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 10.0.0.1 ([])  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{257ccb6f-a597-4325-980b-a1fdea8e4e18} | NameServer : 10.174.81.84,10.174.81.85 ([][])  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{f1f46def-afe9-4d87-a216-e9c813f920de} | DhcpNameServer : 10.0.0.1 ([])  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{257ccb6f-a597-4325-980b-a1fdea8e4e18} | NameServer : 10.174.81.84,10.174.81.85 ([][])  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{f1f46def-afe9-4d87-a216-e9c813f920de} | DhcpNameServer : 10.0.0.1 ([])  -> Found
 
¤¤¤ Tasks : 1 ¤¤¤
[Suspicious.Path] \Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan -- c:\Program Files\Microsoft Security Client\MpCmdRun.exe (Scan -ScheduleJob -RestrictPrivileges) -> Found
 
¤¤¤ Files : 0 ¤¤¤
 
¤¤¤ Hosts File : 0 ¤¤¤
 
¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000036b]) ¤¤¤
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: ST9500325AS +++++
--- User ---
[MBR] 95ccad8471b081c02feea304822029ff
[BSP] aa167382a0869b14021b48290ddf6d51 : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 200 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 411648 | Size: 431938 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] EXTEN-LBA (0xf) [VISIBLE] Offset (sectors): 885020672 | Size: 29692 MB
3 - [XXXXXX] COMPAQ (0x12) [VISIBLE] Offset (sectors): 945829888 | Size: 15109 MB
User = LL1 ... OK
User = LL2 ... OK
 

-----------------------

 



#8 nasdaq

nasdaq

  • Malware Response Team
  • 38,580 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:48 PM

Posted 03 July 2016 - 12:17 PM

This should help.

How to Reset a Router Back to the Factory Default Settings
http://www.ehow.com/how_2110924_reset-back-factory-default-settings.html

Then, please reconfigure it back to your preferred setting.. Below is the list of default username and password, should you don't know it ;)

http://www.routerpasswords.com/
http://www.phenoelit-us.org/dpl/dpl.html
===

Reset for Linksys, Netgear, D-Link and Belkin Routers
http://www.techsupportforum.com/2763-reset-for-linksys-netgear-d-link-and-belkin-routers/

====
How to tell if my Wireless is secure.
http://www.ehow.com/how_6775466_tell-wireless-secure_.html

#9 coredump

coredump
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  

Posted 03 July 2016 - 01:45 PM

I reset my router, just to be safe. No redirections over the past few hours..websites seem to be loading noticeably faster..and some unexplained behavior like some websites not loading properly and not being able to post in this forum are gone. So Thank u... Thank u ... Thank u.



#10 nasdaq

nasdaq

  • Malware Response Team
  • 38,580 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:48 PM

Posted 04 July 2016 - 06:57 AM

Glad we could help.

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/

#11 coredump

coredump
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  

Posted 04 July 2016 - 07:15 AM

Yes. The issue is completely resolved now. I am not getting the redirection in my computer or in my mobile phones connected to my home wi-fi.

 

Thanks again!!



#12 nasdaq

nasdaq

  • Malware Response Team
  • 38,580 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:48 PM

Posted 10 July 2016 - 07:27 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users