Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with Proxy virus - http://xn--51haaa.ga/server.pac


  • This topic is locked This topic is locked
2 replies to this topic

#1 varang

varang

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:04:50 PM

Posted 31 August 2016 - 09:39 PM

Hi there,

 

I wasn't able to use Google maps, it said Server error, please try again later. It happened a couple of times then I realized something is not right. I found out that all my requests were being redirected and figured there was a proxy related thing. I searched online, went into safe mode, removed that proxy address from the browser settings and felt it was removed. Though the virus kept coming back. I also have disabled all services except for the Microsoft ones but the virus still keeps coming back.

 

Below is the text from the FRST file.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 31-08-2016
Ran by Rivas (administrator) on RIVAS-HP (31-08-2016 22:16:22)
Running from F:\Malware Removal
Loaded Profiles: Rivas (Available Profiles: Rivas)
Platform: Windows 10 Home Version 1511 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\root\Office16\msoia.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor Corporation) C:\Program Files (x86)\Realtek\REALTEK Bluetooth\BTServer.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\CSISYNCCLIENT.EXE
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
(Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
(Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgent.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(BitTorrent Inc.) C:\Users\varan\AppData\Roaming\uTorrent\uTorrent.exe
(BitTorrent Inc.) C:\Users\varan\AppData\Roaming\uTorrent\updates\3.4.8_42449\utorrentie.exe
(BitTorrent Inc.) C:\Users\varan\AppData\Roaming\uTorrent\updates\3.4.8_42449\utorrentie.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.10586.486_none_7640e086266ea227\TiWorker.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8843520 2016-04-13] (Realtek Semiconductor)
HKLM\...\Run: [BtServer] => C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe [229592 2015-07-09] (Realtek Semiconductor Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176952 2016-03-19] (Apple Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508240 2015-08-05] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe [654088 2015-02-17] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [23546672 2016-08-01] (Dropbox, Inc.)
HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [839648 2016-03-10] (DivX, LLC)
HKLM-x32\...\Run: [MalTray] => C:\Program Files (x86)\Glarysoft\Malware Hunter\mhtray.exe [818640 2016-07-24] (Glarysoft Ltd)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [9071752 2016-07-31] (AVAST Software)
HKU\S-1-5-21-2683352649-2200078877-494462750-1001\...\Run: [GUDelayStartup] => C:\Program Files (x86)\Glary Utilities 5\StartupManager.exe [43984 2016-07-24] (Glarysoft Ltd)
HKU\S-1-5-21-2683352649-2200078877-494462750-1001\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
HKU\S-1-5-21-2683352649-2200078877-494462750-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [29538432 2016-08-17] (Skype Technologies S.A.)
HKU\S-1-5-21-2683352649-2200078877-494462750-1001\...\RunOnce: [Uninstall C:\Users\varan\AppData\Local\Microsoft\OneDrive\17.3.6281.1202_1\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\varan\AppData\Local\Microsoft\OneDrive\17.3.6281.1202_1\amd64"
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.38.dll [2016-08-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.38.dll [2016-08-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.38.dll [2016-08-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.38.dll [2016-08-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.38.dll [2016-08-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.38.dll [2016-08-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.38.dll [2016-08-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.38.dll [2016-08-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-07-28] (AVAST Software)
ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.38.dll [2016-08-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.38.dll [2016-08-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.38.dll [2016-08-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.38.dll [2016-08-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.38.dll [2016-08-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.38.dll [2016-08-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.38.dll [2016-08-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.38.dll [2016-08-01] (Dropbox, Inc.)
Startup: C:\Users\varan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk [2015-11-27]
ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BootExecute: autocheck autochk *  
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings: [ProxySettingsPerUser] 0 <======= ATTENTION (Restriction - ProxySettings)
AutoConfigURL: [HKLM-x32] => hxxp://xn--51haaa.ga/server.pac
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{b6ef08a6-cf05-4c90-86c1-cd7153034d69}: [DhcpNameServer] 192.168.0.1
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp15-comm.msn.com/?pc=HRTE
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> {9B1518E6-D4E7-4424-A1EE-463351C9233F} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-2683352649-2200078877-494462750-1001 -> {9B1518E6-D4E7-4424-A1EE-463351C9233F} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll [2016-08-24] (Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\root\Office16\GROOVEEX.DLL [2016-08-24] (Microsoft Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2016-07-21] (HP Inc.)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2016-08-24] (Microsoft Corporation)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2016-04-27] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\GROOVEEX.DLL [2016-08-24] (Microsoft Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2016-07-21] (HP Inc.)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2016-08-24] (Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2016-08-24] (Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2016-08-24] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2016-08-24] (Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2016-08-24] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2016-08-24] (Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2016-08-24] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2016-08-24] (Microsoft Corporation)
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_21_0_0_242.dll [2016-05-13] ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2016-08-24] (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.2.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2015-08-06] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_242.dll [2016-05-13] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1223183.dll [2015-12-22] (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2016-03-08] ()
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll [2016-03-04] (DivX, LLC)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.68 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-04-21] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2015-04-21] (Intel Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-08-24] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2016-08-24] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2015-06-25] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-06-30] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2015-08-06] (Adobe Systems)
FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: (Avast SafePrice) - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-07-28]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: (Avast Online Security) - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-07-28]
FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.co.in/
CHR StartupUrls: Default -> "hxxp://timesofindia.indiatimes.com/","hxxp://gmail.com/","hxxp://www.xperteleven.com/","hxxp://www.bbc.co.uk/sport/0/","hxxp://goal.com/en-gb","hxxp://www.espncricinfo.com/"
CHR DefaultSearchURL: Default -> hxxp://www.bing.com/search?q={searchTerms}&pc=Z131&form=ZGACDF&install_date=20110928
CHR DefaultSearchKeyword: Default -> bing.com_
CHR DefaultSuggestURL: Default -> hxxp://api.bing.com/osjson.aspx?query=%s
CHR Profile: C:\Users\varan\AppData\Local\Google\Chrome\User Data\Backup Default
CHR Extension: (Google Slides) - C:\Users\varan\AppData\Local\Google\Chrome\User Data\Backup Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-11-28]
CHR Extension: (Google Docs) - C:\Users\varan\AppData\Local\Google\Chrome\User Data\Backup Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-11-28]
CHR Extension: (Google Drive) - C:\Users\varan\AppData\Local\Google\Chrome\User Data\Backup Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-28]
CHR Extension: (YouTube) - C:\Users\varan\AppData\Local\Google\Chrome\User Data\Backup Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-11-28]
CHR Extension: (Adblock Plus) - C:\Users\varan\AppData\Local\Google\Chrome\User Data\Backup Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-07-10]
CHR Extension: (Ebates Cash Back) - C:\Users\varan\AppData\Local\Google\Chrome\User Data\Backup Default\Extensions\chhjbpecpncaggjpdakmflnfcopglcmi [2016-07-21]
CHR Extension: (Google Search) - C:\Users\varan\AppData\Local\Google\Chrome\User Data\Backup Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-28]
CHR Extension: (Dropbox for Gmail) - C:\Users\varan\AppData\Local\Google\Chrome\User Data\Backup Default\Extensions\dpdmhfocilnekecfjgimjdeckachfbec [2016-03-27]
CHR Extension: (Google Sheets) - C:\Users\varan\AppData\Local\Google\Chrome\User Data\Backup Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-11-28]
CHR Extension: (Google Docs Offline) - C:\Users\varan\AppData\Local\Google\Chrome\User Data\Backup Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-16]
CHR Extension: (AdBlock) - C:\Users\varan\AppData\Local\Google\Chrome\User Data\Backup Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-07-09]
CHR Extension: (Live HTTP Headers) - C:\Users\varan\AppData\Local\Google\Chrome\User Data\Backup Default\Extensions\iaiioopjkcekapmldfgbebdclcnpgnlo [2015-11-28]
CHR Extension: (Cisco WebEx Extension) - C:\Users\varan\AppData\Local\Google\Chrome\User Data\Backup Default\Extensions\jlhmfgmfgeifomenelglieieghnjghma [2015-11-28]
CHR Extension: (Chrome Web Store Payments) - C:\Users\varan\AppData\Local\Google\Chrome\User Data\Backup Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-05]
CHR Extension: (Bing) - C:\Users\varan\AppData\Local\Google\Chrome\User Data\Backup Default\Extensions\ofgaflfnfknmefgjhlgkohmpekighhdi [2016-04-24]
CHR Extension: (Gmail) - C:\Users\varan\AppData\Local\Google\Chrome\User Data\Backup Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-11-28]
CHR Extension: (Chrome Media Router) - C:\Users\varan\AppData\Local\Google\Chrome\User Data\Backup Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-07-27]
CHR Profile: C:\Users\varan\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\varan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-07-27]
CHR Extension: (Google Drive) - C:\Users\varan\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-07-27]
CHR Extension: (YouTube) - C:\Users\varan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-07-27]
CHR Extension: (Adblock Plus) - C:\Users\varan\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-08-23]
CHR Extension: (Ebates Cash Back) - C:\Users\varan\AppData\Local\Google\Chrome\User Data\Default\Extensions\chhjbpecpncaggjpdakmflnfcopglcmi [2016-08-31]
CHR Extension: (Avast Online Security) - C:\Users\varan\AppData\Local\Google\Chrome\User Data\Default\Extensions\daanglpcpkjjlkhcbladppjphglbigam [2016-08-08]
CHR Extension: (Dropbox for Gmail) - C:\Users\varan\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpdmhfocilnekecfjgimjdeckachfbec [2016-07-31]
CHR Extension: (Avast SafePrice) - C:\Users\varan\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcoadmpfijfcmokecmkgolhbaeclfage [2016-08-10]
CHR Extension: (Google Sheets) - C:\Users\varan\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-07-27]
CHR Extension: (Google Docs Offline) - C:\Users\varan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-07-27]
CHR Extension: (AdBlock) - C:\Users\varan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-08-23]
CHR Extension: (Avast Online Security) - C:\Users\varan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-07-28]
CHR Extension: (Live HTTP Headers) - C:\Users\varan\AppData\Local\Google\Chrome\User Data\Default\Extensions\iaiioopjkcekapmldfgbebdclcnpgnlo [2016-07-31]
CHR Extension: (Cisco WebEx Extension) - C:\Users\varan\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlhmfgmfgeifomenelglieieghnjghma [2016-07-31]
CHR Extension: (Chrome Web Store Payments) - C:\Users\varan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-07-27]
CHR Extension: (Bing) - C:\Users\varan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofgaflfnfknmefgjhlgkohmpekighhdi [2016-07-31]
CHR Extension: (Gmail) - C:\Users\varan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-07-27]
CHR Extension: (Chrome Media Router) - C:\Users\varan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-08-25]
CHR Profile: C:\Users\varan\AppData\Local\Google\Chrome\User Data\Profile 1
CHR HKLM-x32\...\Chrome\Extension: [daanglpcpkjjlkhcbladppjphglbigam] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [fcoadmpfijfcmokecmkgolhbaeclfage] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S4 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2021592 2016-04-05] (Adobe Systems, Incorporated)
S4 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-03-02] (Apple Inc.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [197640 2016-07-28] (AVAST Software)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [224112 2016-07-31] (AVAST Software)
S4 BTDevManager; C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe [125656 2015-09-18] ()
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2981056 2016-08-11] (Microsoft Corporation)
S4 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-02-01] (Dropbox, Inc.)
S4 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-02-01] (Dropbox, Inc.)
S4 esifsvc; C:\Windows\SysWOW64\esif_uf.exe [1385640 2015-08-18] (Intel Corporation)
S4 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [135496 2016-07-29] (SurfRight B.V.)
R2 HPSupportSolutionsFrameworkService; c:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [29760 2016-07-04] (HP Inc.)
S4 HPWMISVC; c:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe [608520 2015-02-17] (Hewlett-Packard Development Company, L.P.)
S4 igfxCUIService2.0.0.0; C:\Windows\system32\igfxCUIService.exe [354936 2016-03-12] (Intel Corporation)
S4 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [881152 2015-05-22] (Intel® Corporation)
S4 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [223008 2015-07-06] (Intel Corporation)
S4 Kingsoft_WPS_UpdateService; C:\Program Files (x86)\Kingsoft\WPS Office\9.1.0.5113\wtoolex\wpsupdatesvr.exe [133480 2015-10-14] (Zhuhai Kingsoft Office Software Co.,Ltd)
S4 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [389896 2014-04-14] ()
S4 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [310016 2016-04-13] (Realtek Semiconductor)
S4 SecureLine; C:\Program Files\AVAST Software\SecureLine\VpnSvc.exe [592392 2016-05-25] ()
S4 SpyHunter 4 Service; C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe [1072296 2016-07-27] (Enigma Software Group USA, LLC.)
S4 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [260216 2015-12-09] (Synaptics Incorporated)
S4 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [7032080 2016-05-12] (TeamViewer GmbH)
S3 vmicvss; C:\Windows\System32\ICSvc.dll [511488 2015-10-30] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2016-07-01] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [37656 2016-07-28] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [37144 2016-07-28] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [108816 2016-07-28] (AVAST Software)
R1 aswNetSec; C:\Windows\system32\drivers\aswNetSec.sys [453192 2016-07-31] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [103064 2016-07-28] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2016-07-28] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [968536 2016-07-28] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [513496 2016-07-28] (AVAST Software)
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [163416 2016-07-28] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [292704 2016-08-04] (AVAST Software)
R3 clwvd6; C:\Windows\system32\DRIVERS\clwvd6.sys [41704 2013-10-29] (CyberLink Corporation)
S3 dg_ssudbus; C:\Windows\system32\DRIVERS\ssudbus.sys [129152 2016-04-25] (Samsung Electronics Co., Ltd.)
R3 dptf_cpu; C:\Windows\System32\drivers\dptf_cpu.sys [53752 2015-08-18] (Intel Corporation)
R3 dptf_pch; C:\Windows\System32\drivers\dptf_pch.sys [50696 2015-08-18] (Intel Corporation)
R1 dtsoftbus01; C:\Windows\System32\drivers\dtsoftbus01.sys [283064 2016-02-01] (Disc Soft Ltd)
S3 esgiguard; C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [15920 2016-07-27] (Enigma Software Group USA, LLC.)
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2016-07-27] ()
R3 esif_lf; C:\Windows\system32\DRIVERS\esif_lf.sys [261624 2015-08-18] (Intel Corporation)
R1 GUBootStartup; C:\Windows\System32\drivers\GUBootStartup.sys [20160 2015-11-28] (Glarysoft Ltd)
R1 GUSBootStartup; C:\WINDOWS\System32\drivers\GUSBootStartup.sys [20160 2016-07-28] (Glarysoft Ltd)
S3 hitmanpro37; C:\WINDOWS\system32\drivers\hitmanpro37.sys [46960 2016-07-29] ()
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [895256 2015-06-18] (Realtek                                            )
R3 RtkBtFilter; C:\Windows\system32\DRIVERS\RtkBtfilter.sys [602352 2015-08-11] (Realtek Semiconductor Corporation)
S3 RTSUER; C:\Windows\system32\Drivers\RtsUer.sys [411712 2015-05-21] (Realsil Semiconductor Corporation)
R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [4738672 2015-12-07] (Realtek Semiconductor Corporation                           )
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [33448 2015-07-13] (Synaptics Incorporated)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [71288 2015-12-09] (Synaptics Incorporated)
S3 ssudmdm; C:\Windows\system32\DRIVERS\ssudmdm.sys [221824 2016-04-25] (Samsung Electronics Co., Ltd.)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
R3 WirelessButtonDriver64; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [30384 2015-06-24] (HP Inc.)
U4 Service Mgr SplendorSearch; no ImagePath
U4 Update Mgr SplendorSearch; no ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-08-31 22:16 - 2016-08-31 22:16 - 00000000 ____D C:\FRST
2016-08-31 21:52 - 2016-08-31 21:52 - 00000000 ___HD C:\OneDriveTemp
2016-08-30 22:05 - 2016-08-30 22:05 - 00016600 _____ C:\Users\varan\Downloads\3BEDF14A75612147330FBFC25F0054FEFB663C6D.torrent
2016-08-30 22:02 - 2016-08-31 21:58 - 00000000 ____D C:\Users\varan\AppData\LocalLow\uTorrent
2016-08-30 22:02 - 2016-08-30 22:02 - 00015391 _____ C:\Users\varan\Downloads\4F0769A17F570BFF9AB9F59D1E7C9E331282E329.torrent
2016-08-25 19:09 - 2016-08-25 19:09 - 00016907 _____ C:\Users\varan\Downloads\673F5BF5AB9E8517F1031AC74F8D55AFA5446DBC.torrent
2016-08-24 16:57 - 2016-08-24 16:57 - 00000000 ____D C:\Program Files\Common Files\DESIGNER
2016-08-23 18:09 - 2016-08-23 18:09 - 00003328 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task
2016-08-18 18:55 - 2016-08-18 18:55 - 00003928 _____ C:\Users\varan\Downloads\[kickass.cd].torrent
2016-08-15 20:04 - 2016-08-15 20:04 - 00002304 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink Power Media Player 14.lnk
2016-08-11 20:01 - 2016-08-11 20:01 - 00003988 _____ C:\Users\varan\Downloads\[kickass.unblocked.live]Suits.S06E05.HDTV.x264-KILLERS[ettv].torrent
2016-08-09 21:17 - 2016-08-03 07:14 - 01505984 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2016-08-09 21:17 - 2016-08-03 07:14 - 00092352 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2016-08-09 21:17 - 2016-08-03 07:14 - 00050368 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2016-08-09 21:17 - 2016-08-03 06:36 - 07469408 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-08-09 21:17 - 2016-08-03 06:36 - 00099680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys
2016-08-09 21:17 - 2016-08-03 06:36 - 00037744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wldp.dll
2016-08-09 21:17 - 2016-08-03 06:30 - 00026408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2016-08-09 21:17 - 2016-08-03 06:23 - 00693600 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll
2016-08-09 21:17 - 2016-08-03 06:23 - 00115040 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupApi.dll
2016-08-09 21:17 - 2016-08-03 06:22 - 00808288 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2016-08-09 21:17 - 2016-08-03 06:22 - 00465248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2016-08-09 21:17 - 2016-08-03 06:22 - 00331616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2016-08-09 21:17 - 2016-08-03 06:21 - 03675512 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2016-08-09 21:17 - 2016-08-03 06:21 - 00566112 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2016-08-09 21:17 - 2016-08-03 06:21 - 00303216 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppHost.exe
2016-08-09 21:17 - 2016-08-03 06:20 - 01540224 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2016-08-09 21:17 - 2016-08-03 06:20 - 00692136 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppwinob.dll
2016-08-09 21:17 - 2016-08-03 06:19 - 00604928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2016-08-09 21:17 - 2016-08-03 06:19 - 00161632 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2016-08-09 21:17 - 2016-08-03 06:13 - 01988448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2016-08-09 21:17 - 2016-08-03 06:13 - 00576864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2016-08-09 21:17 - 2016-08-03 06:13 - 00393056 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2016-08-09 21:17 - 2016-08-03 05:51 - 00123392 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdlrecover.exe
2016-08-09 21:17 - 2016-08-03 05:51 - 00084480 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2016-08-09 21:17 - 2016-08-03 05:44 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2016-08-09 21:17 - 2016-08-03 05:44 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\system32\wshbth.dll
2016-08-09 21:17 - 2016-08-03 05:44 - 00044544 _____ (Microsoft Corporation) C:\WINDOWS\system32\musdialoghandlers.dll
2016-08-09 21:17 - 2016-08-03 05:43 - 16985088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2016-08-09 21:17 - 2016-08-03 05:41 - 00128512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthpan.sys
2016-08-09 21:17 - 2016-08-03 05:41 - 00112640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthenum.sys
2016-08-09 21:17 - 2016-08-03 05:41 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryClient.dll
2016-08-09 21:17 - 2016-08-03 05:41 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryBroker.dll
2016-08-09 21:17 - 2016-08-03 05:40 - 00181248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rfcomm.sys
2016-08-09 21:17 - 2016-08-03 05:40 - 00127488 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEDataLayerHelpers.dll
2016-08-09 21:17 - 2016-08-03 05:40 - 00058880 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2016-08-09 21:17 - 2016-08-03 05:40 - 00047616 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmTasks.dll
2016-08-09 21:17 - 2016-08-03 05:39 - 00218624 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdd.dll
2016-08-09 21:17 - 2016-08-03 05:39 - 00104448 _____ (Microsoft Corporation) C:\WINDOWS\system32\BluetoothApis.dll
2016-08-09 21:17 - 2016-08-03 05:38 - 00379392 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2016-08-09 21:17 - 2016-08-03 05:37 - 00110080 _____ (Microsoft Corporation) C:\WINDOWS\system32\IdCtrls.dll
2016-08-09 21:17 - 2016-08-03 05:36 - 00211456 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
2016-08-09 21:17 - 2016-08-03 05:36 - 00198144 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2016-08-09 21:17 - 2016-08-03 05:35 - 00200192 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUDFPlatform.dll
2016-08-09 21:17 - 2016-08-03 05:33 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEEventDispatcher.dll
2016-08-09 21:17 - 2016-08-03 05:31 - 00506880 _____ (Microsoft Corporation) C:\WINDOWS\system32\tileobjserver.dll
2016-08-09 21:17 - 2016-08-03 05:31 - 00247296 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtutil.exe
2016-08-09 21:17 - 2016-08-03 05:30 - 00515072 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneDriveSettingSyncProvider.dll
2016-08-09 21:17 - 2016-08-03 05:29 - 14252544 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2016-08-09 21:17 - 2016-08-03 05:29 - 01500160 _____ (Microsoft Corporation) C:\WINDOWS\system32\RecoveryDrive.exe
2016-08-09 21:17 - 2016-08-03 05:29 - 01387520 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2016-08-09 21:17 - 2016-08-03 05:29 - 00954368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2016-08-09 21:17 - 2016-08-03 05:29 - 00784384 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2016-08-09 21:17 - 2016-08-03 05:29 - 00084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BTHUSB.SYS
2016-08-09 21:17 - 2016-08-03 05:28 - 01213440 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2016-08-09 21:17 - 2016-08-03 05:28 - 00848896 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2016-08-09 21:17 - 2016-08-03 05:27 - 07536640 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2016-08-09 21:17 - 2016-08-03 05:27 - 01717760 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2016-08-09 21:17 - 2016-08-03 05:18 - 06974464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2016-08-09 21:17 - 2016-08-03 05:18 - 02067968 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2016-08-09 21:17 - 2016-08-03 05:18 - 01388032 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2016-08-09 21:17 - 2016-08-03 05:17 - 02175488 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2016-08-09 21:17 - 2016-08-03 05:16 - 05123072 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2016-08-09 21:17 - 2016-08-03 05:16 - 03589120 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-08-09 21:17 - 2016-08-03 05:16 - 02635776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2016-08-09 21:17 - 2016-08-03 05:16 - 01732096 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-08-09 21:17 - 2016-08-03 05:14 - 01997824 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncProvider.dll
2016-08-09 21:17 - 2016-08-03 05:13 - 03025920 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2016-08-09 21:17 - 2016-08-03 05:13 - 02280960 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2016-08-09 21:17 - 2016-08-03 05:12 - 02746368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepository.dll
2016-08-09 21:17 - 2016-08-03 05:11 - 04171264 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2016-08-09 21:17 - 2016-08-03 01:52 - 00034088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wldp.dll
2016-08-09 21:17 - 2016-08-03 01:34 - 00501592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll
2016-08-09 21:17 - 2016-08-03 01:34 - 00084832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupApi.dll
2016-08-09 21:17 - 2016-08-03 01:33 - 00051128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsNativeApi.dll
2016-08-09 21:17 - 2016-08-03 01:31 - 02921368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2016-08-09 21:17 - 2016-08-03 01:31 - 00957608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2016-08-09 21:17 - 2016-08-03 01:31 - 00703840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2016-08-09 21:17 - 2016-08-03 01:30 - 21123320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2016-08-09 21:17 - 2016-08-03 01:30 - 00465760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2016-08-09 21:17 - 2016-08-03 01:30 - 00255168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppHost.exe
2016-08-09 21:17 - 2016-08-03 00:57 - 00091648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdlrecover.exe
2016-08-09 21:17 - 2016-08-03 00:48 - 00051712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wshbth.dll
2016-08-09 21:17 - 2016-08-03 00:47 - 13018112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2016-08-09 21:17 - 2016-08-03 00:44 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryClient.dll
2016-08-09 21:17 - 2016-08-03 00:44 - 00048128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryBroker.dll
2016-08-09 21:17 - 2016-08-03 00:42 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BluetoothApis.dll
2016-08-09 21:17 - 2016-08-03 00:40 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\IdCtrls.dll
2016-08-09 21:17 - 2016-08-03 00:39 - 19351040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-08-09 21:17 - 2016-08-03 00:37 - 00219136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEEventDispatcher.dll
2016-08-09 21:17 - 2016-08-03 00:35 - 00178688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wevtutil.exe
2016-08-09 21:17 - 2016-08-03 00:34 - 00792064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2016-08-09 21:17 - 2016-08-03 00:34 - 00400896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneDriveSettingSyncProvider.dll
2016-08-09 21:17 - 2016-08-03 00:33 - 18677760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-08-09 21:17 - 2016-08-03 00:33 - 02050048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2016-08-09 21:17 - 2016-08-03 00:33 - 00687616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2016-08-09 21:17 - 2016-08-03 00:32 - 12585984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2016-08-09 21:17 - 2016-08-03 00:32 - 01467392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2016-08-09 21:17 - 2016-08-03 00:32 - 00434688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LogonController.dll
2016-08-09 21:17 - 2016-08-03 00:31 - 06743040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2016-08-09 21:17 - 2016-08-03 00:31 - 00705536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2016-08-09 21:17 - 2016-08-03 00:28 - 03663360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-08-09 21:17 - 2016-08-03 00:25 - 05323776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2016-08-09 21:17 - 2016-08-03 00:25 - 04078080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2016-08-09 21:17 - 2016-08-03 00:23 - 01799680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2016-08-09 21:17 - 2016-08-03 00:22 - 02501120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2016-08-09 21:17 - 2016-08-03 00:22 - 01502208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-08-09 21:17 - 2016-08-03 00:21 - 01708032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActiveSyncProvider.dll
2016-08-09 21:17 - 2016-08-03 00:19 - 02180096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepository.dll
2016-08-09 21:16 - 2016-08-03 06:22 - 01322760 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2016-08-09 21:16 - 2016-08-03 06:22 - 00058408 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsNativeApi.dll
2016-08-09 21:16 - 2016-08-03 06:21 - 22561256 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2016-08-09 21:16 - 2016-08-03 06:11 - 00422744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
2016-08-09 21:16 - 2016-08-03 05:46 - 22384128 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-08-09 21:16 - 2016-08-03 05:40 - 00091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\bthserv.dll
2016-08-09 21:16 - 2016-08-03 05:38 - 00412160 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2016-08-09 21:16 - 2016-08-03 05:36 - 00221696 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2016-08-09 21:16 - 2016-08-03 05:35 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2016-08-09 21:16 - 2016-08-03 05:34 - 00383488 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2016-08-09 21:16 - 2016-08-03 05:33 - 00339968 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorService.dll
2016-08-09 21:16 - 2016-08-03 05:31 - 00359936 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsApi.dll
2016-08-09 21:16 - 2016-08-03 05:30 - 24613888 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-08-09 21:16 - 2016-08-03 05:30 - 00970752 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2016-08-09 21:16 - 2016-08-03 05:29 - 02127360 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2016-08-09 21:16 - 2016-08-03 05:28 - 00529920 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2016-08-09 21:16 - 2016-08-03 05:27 - 01752576 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2016-08-09 21:16 - 2016-08-03 05:27 - 00381952 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2016-08-09 21:16 - 2016-08-03 05:20 - 13390336 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-08-09 21:16 - 2016-08-03 05:15 - 07833088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-08-09 21:16 - 2016-08-03 05:14 - 04895232 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-08-09 21:16 - 2016-08-03 00:37 - 00335872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2016-08-09 21:16 - 2016-08-03 00:35 - 00286208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsApi.dll
2016-08-09 21:16 - 2016-08-03 00:32 - 01526272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2016-08-09 21:16 - 2016-08-03 00:29 - 12133376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-08-09 21:16 - 2016-08-03 00:23 - 05660672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2016-08-08 20:21 - 2016-08-08 20:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2016-08-04 18:45 - 2016-08-04 18:45 - 00004008 _____ C:\Users\varan\Downloads\[kickass.unblocked.live].torrent
2016-08-03 20:32 - 2016-08-03 20:32 - 00000000 ___HD C:\$WINDOWS.~BT
2016-08-01 23:36 - 2016-08-03 18:36 - 00021824 ____H C:\Users\varan\AppData\Local\IconCache.db.backup
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-08-31 22:18 - 2015-11-28 16:14 - 00000000 ____D C:\Users\varan\AppData\Roaming\uTorrent
2016-08-31 22:13 - 2016-07-28 19:08 - 00000924 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-08-31 22:11 - 2016-02-11 20:17 - 00004152 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{5ED09FF5-C421-45E6-82A7-816D23E0535B}
2016-08-31 22:10 - 2016-02-11 20:02 - 00000000 ____D C:\Program Files\Microsoft Office
2016-08-31 21:56 - 2015-10-14 15:07 - 00004252 _____ C:\WINDOWS\System32\Tasks\avast! SL Update
2016-08-31 21:55 - 2015-10-30 03:11 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-08-31 21:54 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-08-31 21:53 - 2016-07-28 19:08 - 00000920 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-08-31 21:52 - 2015-11-27 23:41 - 00000000 ___RD C:\Users\varan\OneDrive
2016-08-30 19:42 - 2015-10-30 03:24 - 00000000 ___HD C:\Program Files\WindowsApps
2016-08-29 20:08 - 2016-04-16 00:29 - 00000000 ____D C:\Users\varan\AppData\Roaming\Skype
2016-08-29 20:04 - 2016-04-16 00:29 - 00000000 ___RD C:\Program Files (x86)\Skype
2016-08-29 20:04 - 2016-04-16 00:29 - 00000000 ____D C:\ProgramData\Skype
2016-08-29 19:59 - 2015-10-30 03:21 - 00000000 ____D C:\WINDOWS\INF
2016-08-28 10:23 - 2016-06-18 12:16 - 00003242 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForRivas
2016-08-28 10:23 - 2016-06-18 12:16 - 00000350 _____ C:\WINDOWS\Tasks\HPCeeScheduleForRivas.job
2016-08-25 20:19 - 2015-12-07 20:26 - 00000000 ____D C:\Users\varan\AppData\Roaming\vlc
2016-08-24 16:57 - 2015-10-30 03:24 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-08-24 16:57 - 2015-10-30 03:24 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2016-08-23 18:08 - 2015-11-27 23:41 - 00002370 _____ C:\Users\varan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2016-08-22 22:20 - 2015-12-19 03:59 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-08-22 22:20 - 2015-12-19 03:41 - 00350616 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-08-22 22:20 - 2015-10-30 02:28 - 00786432 ___SH C:\WINDOWS\system32\config\BBI
2016-08-22 22:19 - 2015-12-19 03:50 - 00000000 ____D C:\Users\varan
2016-08-15 20:04 - 2015-10-14 14:47 - 00000000 ____D C:\ProgramData\SUPPORTDIR
2016-08-15 20:04 - 2015-10-14 14:42 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2016-08-15 20:02 - 2015-10-14 14:48 - 00000000 ____D C:\Program Files (x86)\CyberLink
2016-08-15 20:01 - 2015-10-14 14:47 - 00000000 ____D C:\ProgramData\CyberLink
2016-08-15 20:01 - 2015-08-06 11:21 - 00000000 ____D C:\SWSetup
2016-08-15 19:00 - 2015-12-19 03:49 - 00972168 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-08-14 22:09 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\rescache
2016-08-11 18:42 - 2015-07-16 02:05 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-08-11 16:16 - 2015-10-30 05:07 - 00000000 ____D C:\Program Files\Windows Journal
2016-08-11 16:16 - 2015-10-30 03:24 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2016-08-11 16:16 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-08-10 13:17 - 2015-11-29 23:04 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-08-10 13:17 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\system32\SecureBootUpdates
2016-08-10 13:03 - 2015-11-29 23:04 - 147640136 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-08-08 21:14 - 2015-11-28 15:59 - 00002279 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-08-08 21:14 - 2015-11-28 15:59 - 00002267 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-08-08 20:22 - 2015-11-27 23:45 - 00000000 ___RD C:\Users\varan\Dropbox
2016-08-08 20:21 - 2015-10-14 15:18 - 00000000 ____D C:\Program Files (x86)\Dropbox
2016-08-06 17:06 - 2015-11-28 17:57 - 00000000 ____D C:\Users\varan\AppData\Local\Adobe
2016-08-06 17:02 - 2016-03-29 19:04 - 00000000 ____D C:\Program Files (x86)\Adobe
2016-08-04 21:08 - 2016-07-28 21:08 - 00292704 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswvmm.sys
2016-08-03 20:32 - 2015-12-19 06:40 - 00000000 ___DC C:\WINDOWS\Panther
2016-08-03 18:31 - 2016-03-29 19:04 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
 
==================== Files in the root of some directories =======
 
2015-11-27 23:38 - 2016-08-31 21:52 - 0570786 _____ () C:\Users\varan\AppData\Local\BTServer.log
 
Some files in TEMP:
====================
C:\Users\varan\AppData\Local\Temp\AdobeApplicationManager.exe
C:\Users\varan\AppData\Local\Temp\mhsetup.exe
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-08-24 16:30
 
==================== End of FRST.txt ============================
 
 


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,592 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:50 PM

Posted 01 September 2016 - 10:19 AM

Duplicate.
The topic will be closed.

#3 nasdaq

nasdaq

  • Malware Response Team
  • 38,592 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:50 PM

Posted 07 September 2016 - 08:39 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users