Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

logs- got infected through skype


  • This topic is locked This topic is locked
34 replies to this topic

#1 anniyan

anniyan

  • Members
  • 222 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Under your bed, mwahahahahaha!
  • Local time:01:53 PM

Posted 03 November 2016 - 10:43 AM

the following is a continuation of the thread located at:
http://www.bleepingcomputer.com/forums/t/630794/got-infected-through-skype/
 
 
POINTS TO BE NOTED:
 
1. i noticed that my web browsers dont load pages immediately. it loads the 'server not found' screen and then only after sometime loads the required page.
 
2. to be on the safer side i booted from an UBUNTU live USB and copied the entire contents of my entire internal HDD on to a folder in my external HDD. so i want to get rid of any malware that might be present in my 3 x 1 TB external hard disks also, since i had connected them once or twice to my laptop during this week. is this possible?

3. my other worry is... i use the same internet connection and modem-router for all the devices in my home (2 laptops through ethernet cable {including this infected one} and 4 android phones) is there a possibility that the infection in this laptop could have spread to the other devices through the modem-router? :(

most importantly, a big 'thank you in advance' to those who are going to help me in this process.

here is the FRST log:
 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 30-10-2016
Ran by ADMIN (administrator) on HP-DV6TQE (03-11-2016 20:10:29)
Running from C:\Users\naveen-standard\Desktop\frst
Loaded Profiles: ADMIN & naveen-standard (Available Profiles: ADMIN & naveen-standard)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Emsisoft Ltd) C:\Program Files\Emsisoft Internet Security\a2service.exe
(AMD) C:\Windows\System32\atieclxx.exe
(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
(Foxit Software Inc.) C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitConnectedPDFService.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
(Malwarebytes Corporation) C:\Program Files (x86)\MalwarebytesAnti-Exploit\mbae-svc.exe
(Malwarebytes) C:\Program Files (x86)\mbam\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\MalwarebytesAnti-Exploit\mbae64.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Seagate) C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedul2.exe
(Clarus, Inc.) C:\Program Files (x86)\seagate Drive Manager\SZDrvSvcM.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(UltimateOutsider) C:\Program Files (x86)\GWX Control Panel\GWX_control_panel.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Tonec Inc.) C:\Program Files (x86)\IDM\IDMan.exe
(Yahoo!, Inc.) C:\Users\naveen-standard\AppData\Roaming\Yahoo Messenger\YMUpdater\YMUpdater.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP 3D DriveGuard\accelerometerST.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
(Murray Hurps Software Pty Ltd) C:\Program Files (x86)\Ad Muncher\AdMunch.exe
(Tonec Inc.) C:\Program Files (x86)\IDM\IEMonitor.exe
(Malwarebytes Corporation) C:\Program Files (x86)\MalwarebytesAnti-Exploit\mbae.exe
(Windows ® Win 7 DDK provider) C:\Program Files\FrescoLogicUSB3HostController\amd64_host\FLxHCIm.exe
(QIHU 360 SOFTWARE CO. LIMITED) C:\Program Files (x86)\360\Total Security\safemon\QHSafeTray.exe
(Murray Hurps Software Pty Ltd) C:\Program Files (x86)\Ad Muncher\AdMunch64.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(QIHU 360 SOFTWARE CO. LIMITED) C:\Program Files (x86)\360\Total Security\safemon\QHWatchdog.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(QIHU 360 SOFTWARE CO. LIMITED) C:\Program Files (x86)\360\Total Security\safemon\QHActiveDefense.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2832168 2011-10-01] (Synaptics Incorporated)
HKLM\...\Run: [GwxControlPanelMonitor] => C:\Program Files (x86)\GWX Control Panel\GWX_control_panel.exe [4596296 2016-04-02] (UltimateOutsider)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1128448 2011-06-02] (IDT, Inc.)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284440 2011-05-20] (Intel Corporation)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [HPQuickWebProxy] => C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe [169528 2011-10-08] (Hewlett-Packard Company)
HKLM-x32\...\Run: [HPOSD] => C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [379960 2011-08-20] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [HP CoolSense] => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [1343904 2012-11-05] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [Ad Muncher] => C:\Program Files (x86)\Ad Muncher\AdMunch.exe [560760 2016-08-27] (Murray Hurps Software Pty Ltd)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\AMD-catalyst\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-08-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files (x86)\MalwarebytesAnti-Exploit\mbae.exe [2651088 2016-10-28] (Malwarebytes Corporation)
HKLM-x32\...\Run: [FLxHCIm64] => C:\Program Files\FrescoLogicUSB3HostController\amd64_host\FLxHCIm.exe [65672 2016-09-06] (Windows ® Win 7 DDK provider)
HKLM-x32\...\Run: [QHSafeTray] => C:\Program Files (x86)\360\Total Security\safemon\QHSafeTray.exe [1894824 2016-10-24] (QIHU 360 SOFTWARE CO. LIMITED)
HKLM-x32\...\RunOnce: [InstallShieldSetup] => C:\Program Files (x86)\InstallShield Installation Information\{C1594429-8296-4652-BF54-9DBE4932A44C}\setup.exe [379496 2010-10-15] (Macrovision Corporation)
HKLM-x32\...\RunOnce: [InstallShieldSetup1] => C:\Program Files (x86)\InstallShield Installation Information\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}\setup.exe [375992 2011-06-03] (Macrovision Corporation)
HKLM-x32\...\RunOnce: [InstallShieldSetup2] => C:\Program Files (x86)\InstallShield Installation Information\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}\setup.exe [375992 2011-06-03] (Macrovision Corporation)
HKLM-x32\...\RunOnce: [InstallShieldSetup3] => C:\Program Files (x86)\InstallShield Installation Information\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}\setup.exe [375992 2011-06-03] (Macrovision Corporation)
HKLM-x32\...\RunOnce: [InstallShieldSetup4] => C:\Program Files (x86)\InstallShield Installation Information\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}\setup.exe [375992 2011-06-03] (Macrovision Corporation)
HKLM-x32\...\RunOnce: [InstallShieldSetup5] => C:\Program Files (x86)\InstallShield Installation Information\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}\setup.exe [375992 2011-06-03] (Macrovision Corporation)
HKLM-x32\...\RunOnce: [{E5B266B3-AB90-4CCF-9529-BCCFD2BBB0AE}] => cmd.exe /C start /D "C:\Users\ADMIN\AppData\Local\Temp\{E5B266B3-AB90-4CCF-9529-BCCFD2BBB0AE}" /B {13D75F14-A66B-4F5B-A5C0-3755B062BD70}.exe -accepteula -accepteulaksn -activeimages -postboot <===== ATTENTION
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-19\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-20\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-21-606511456-1437241303-3617233354-1000\...\Run: [IDMan] => C:\Program Files (x86)\IDM\IDMan.exe [3994736 2016-10-01] (Tonec Inc.)
HKU\S-1-5-21-606511456-1437241303-3617233354-1000\...\Policies\Explorer: [HideSCAPower] 0
HKU\S-1-5-21-606511456-1437241303-3617233354-1001\...\Run: [IDMan] => C:\Program Files (x86)\IDM\IDMan.exe [3994736 2016-10-01] (Tonec Inc.)
HKU\S-1-5-21-606511456-1437241303-3617233354-1001\...\Run: [Yahoo Messenger Updater] => C:\Users\naveen-standard\AppData\Roaming\Yahoo Messenger\YMUpdater\YMUpdater.exe [115656 2016-09-16] (Yahoo!, Inc.)
HKU\S-1-5-21-606511456-1437241303-3617233354-1001\...\Run: [AccelerometerSysTrayApplet] => C:\Program Files\Hewlett-Packard\HP 3D DriveGuard\AccelerometerSt.Exe [68096 2012-04-25] (Hewlett-Packard Company)
HKU\S-1-5-21-606511456-1437241303-3617233354-1001\...\MountPoints2: G - G:\LaunchU3.exe -a
HKU\S-1-5-21-606511456-1437241303-3617233354-1001\...\MountPoints2: {4b55e614-79de-11e6-bde7-20107a3e7b0d} - G:\AutoRun.exe
HKU\S-1-5-21-606511456-1437241303-3617233354-1001\...\MountPoints2: {4b55e643-79de-11e6-bde7-20107a3e7b0d} - G:\Setup.exe /Auto
HKU\S-1-5-21-606511456-1437241303-3617233354-1001\...\MountPoints2: {cbed218b-7b59-11e6-8891-20107a3e7b0d} - G:\AutoRun.exe
ShellIconOverlayIdentifiers: [ IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\IDM\IDMShellExt64.dll [2015-08-14] (Tonec Inc.)
ShellIconOverlayIdentifiers: [AcronisSyncError] -> {934BC6C0-FEC2-4df5-A100-961DE2C8A0ED} => C:\Program Files (x86)\Seagate\DiscWizard\tishell64.dll [2014-09-09] (Acronis)
ShellIconOverlayIdentifiers: [AcronisSyncInProgress] -> {00F848DC-B1D4-4892-9C25-CAADC86A215D} => C:\Program Files (x86)\Seagate\DiscWizard\tishell64.dll [2014-09-09] (Acronis)
ShellIconOverlayIdentifiers: [AcronisSyncOk] -> {71573297-552E-46fc-BE3D-3DFAF88D47B7} => C:\Program Files (x86)\Seagate\DiscWizard\tishell64.dll [2014-09-09] (Acronis)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\BDAntiRansomware.exe [2016-05-16] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\realprotect.exe - Shortcut.lnk [2016-10-31]
ShortcutTarget: realprotect.exe - Shortcut.lnk -> C:\Program Files\McAfee\Real Protect\realprotect.exe (McAfee Inc.)
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{43176845-8E7F-4783-8952-20D79339B7E4}: [NameServer] 203.145.160.5 59.144.144.46
Tcpip\..\Interfaces\{677812B8-F532-43ED-9073-DB5042941A77}: [DhcpNameServer] 172.25.0.1
Tcpip\..\Interfaces\{7BBD033E-289A-4FC1-9641-BC50336C76F5}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{B4586FFC-1700-4C87-9651-D44A1D644B03}: [NameServer] 203.145.160.5 59.144.144.46
Tcpip\..\Interfaces\{FF63BAE8-3DEE-4A85-A4B2-504916F795D4}: [DhcpNameServer] 192.168.42.129

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-606511456-1437241303-3617233354-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:tabs
HKU\S-1-5-21-606511456-1437241303-3617233354-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.jp.msn.com/HPALL/26
HKU\S-1-5-21-606511456-1437241303-3617233354-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:Tabs
HKU\S-1-5-21-606511456-1437241303-3617233354-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.jp.msn.com/HPALL/26
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKLM -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKLM -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://in.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://in.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM-x32 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKU\S-1-5-21-606511456-1437241303-3617233354-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-606511456-1437241303-3617233354-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-606511456-1437241303-3617233354-1000 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKU\S-1-5-21-606511456-1437241303-3617233354-1000 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://in.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKU\S-1-5-21-606511456-1437241303-3617233354-1000 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKU\S-1-5-21-606511456-1437241303-3617233354-1001 -> DefaultScope {01C7460F-AD76-41C4-833E-801D16E23C7D} URL = hxxps://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
SearchScopes: HKU\S-1-5-21-606511456-1437241303-3617233354-1001 -> {01C7460F-AD76-41C4-833E-801D16E23C7D} URL = hxxps://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
SearchScopes: HKU\S-1-5-21-606511456-1437241303-3617233354-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-606511456-1437241303-3617233354-1001 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL =
SearchScopes: HKU\S-1-5-21-606511456-1437241303-3617233354-1001 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://in.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKU\S-1-5-21-606511456-1437241303-3617233354-1001 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\IDM\IDMIECC64.dll [2016-09-06] (Internet Download Manager, Tonec Inc.)
BHO: TrueSuite Website Log On -> {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} -> C:\Program Files (x86)\HP SimplePass 2012\x64\IEBHO.dll [2011-08-26] (HP)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-29] (Microsoft Corp.)
BHO: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar_x64.dll [2016-08-24] (LastPass)
BHO: SafeMon Class -> {B69F34DD-F0F9-42DC-9EDD-957187DA688D} -> C:\Program Files (x86)\360\Total Security\safemon\safemon64.dll [2016-09-28] (Qihu 360 Software Co., Ltd.)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2016-07-04] (HP Inc.)
BHO-x32: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\IDM\IDMIECC.dll [2016-09-06] (Internet Download Manager, Tonec Inc.)
BHO-x32: TrueSuite Website Log On -> {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} -> C:\Program Files (x86)\HP SimplePass 2012\IEBHO.dll [2011-08-26] (HP)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-29] (Microsoft Corp.)
BHO-x32: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar.dll [2016-08-24] (LastPass)
BHO-x32: SafeMon Class -> {B69F34DD-F0F9-42DC-9EDD-957187DA688D} -> C:\Program Files (x86)\360\Total Security\safemon\safemon.dll [2016-10-24] (Qihu 360 Software Co., Ltd.)
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll [2011-08-02] (Microsoft Corporation.)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2016-07-04] (HP Inc.)
Toolbar: HKLM - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll [2016-08-24] (LastPass)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll [2011-08-02] (Microsoft Corporation.)
Toolbar: HKLM-x32 - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll [2016-08-24] (LastPass)
DPF: HKLM-x32 {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} hxxp://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1472030556550

FireFox:
========
FF HKU\S-1-5-21-606511456-1437241303-3617233354-1000\...\SeaMonkey\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files (x86)\IDM\idmmzcc2.xpi
FF Extension: (IDM integration) - C:\Program Files (x86)\IDM\idmmzcc2.xpi [2016-09-21]
FF HKU\S-1-5-21-606511456-1437241303-3617233354-1000\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\ADMIN\AppData\Roaming\IDM\idmmzcc5
FF Extension: (IDM CC) - C:\Users\ADMIN\AppData\Roaming\IDM\idmmzcc5 [2016-10-03] [not signed]
FF HKU\S-1-5-21-606511456-1437241303-3617233354-1001\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\naveen-standard\AppData\Roaming\IDM\idmmzcc5
FF Extension: (IDM CC) - C:\Users\naveen-standard\AppData\Roaming\IDM\idmmzcc5 [2016-11-03] [not signed]
FF HKU\S-1-5-21-606511456-1437241303-3617233354-1001\...\SeaMonkey\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files (x86)\IDM\idmmzcc2.xpi
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_23_0_0_205.dll [2016-10-27] ()
FF Plugin: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll [2016-08-24] (LastPass)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2015-03-09] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_23_0_0_205.dll [2016-10-27] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll [2016-09-20] (Adobe Systems, Inc.)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2016-08-09] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2016-08-09] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2016-08-09] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2016-08-09] (Foxit Corporation)
FF Plugin-x32: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll [2016-08-24] (LastPass)
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll [2012-05-25] (Yahoo! Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-14] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-14] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-08-23] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-08-23] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2010-12-08] ()
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2015-03-09] (Adobe Systems)

Chrome:
=======
CHR DefaultSearchKeyword: Default -> lp
CHR Profile: C:\Users\ADMIN\AppData\Local\Google\Chrome\User Data\Default [2016-11-02]
CHR Extension: (Google Slides) - C:\Users\ADMIN\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-08-23]
CHR Extension: (Google Docs) - C:\Users\ADMIN\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-08-23]
CHR Extension: (Google Drive) - C:\Users\ADMIN\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-08-23]
CHR Extension: (YouTube) - C:\Users\ADMIN\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-08-23]
CHR Extension: (Website Logon) - C:\Users\ADMIN\AppData\Local\Google\Chrome\User Data\Default\Extensions\debkinhcgejcbfgjiaalomcmkedjmiaa [2016-08-23]
CHR Extension: (Google Sheets) - C:\Users\ADMIN\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-08-23]
CHR Extension: (Google Docs Offline) - C:\Users\ADMIN\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-08-23]
CHR Extension: (360 Internet Protection) - C:\Users\ADMIN\AppData\Local\Google\Chrome\User Data\Default\Extensions\glcimepnljoholdmjchkloafkggfoijh [2016-10-17]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\ADMIN\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2016-09-03]
CHR Extension: (HP Network Check Helper) - C:\Users\ADMIN\AppData\Local\Google\Chrome\User Data\Default\Extensions\jkfpchpiljkaemlpmpebnglgkomamfeo [2016-09-03]
CHR Extension: (IDM Integration Module) - C:\Users\ADMIN\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngpampappnmepgilojfohadhhmbhlaek [2016-10-05]
CHR Extension: (Chrome Web Store Payments) - C:\Users\ADMIN\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-08-23]
CHR Extension: (Gmail) - C:\Users\ADMIN\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-08-23]
CHR Extension: (Chrome Media Router) - C:\Users\ADMIN\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-10-18]
CHR HKLM\...\Chrome\Extension: [hdokiejnpimakedhajhdlcegeplioahd] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\IDM\IDMGCExt.crx [2016-10-01]
CHR HKLM-x32\...\Chrome\Extension: [debkinhcgejcbfgjiaalomcmkedjmiaa] - C:\Program Files (x86)\HP SimplePass 2012\tschrome.crx [2011-08-25]
CHR HKLM-x32\...\Chrome\Extension: [glcimepnljoholdmjchkloafkggfoijh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [hdokiejnpimakedhajhdlcegeplioahd] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [jkfpchpiljkaemlpmpebnglgkomamfeo] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\IDM\IDMGCExt.crx [2016-10-01]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 a2AntiMalware; C:\Program Files\Emsisoft Internet Security\a2service.exe [9331168 2016-07-26] (Emsisoft Ltd)
R2 AESTFilters; C:\Program Files\IDT\WDM\AESTSr64.exe [89600 2009-03-03] (Andrea Electronics Corporation) [File not signed]
S4 CLKMSVC10_38F51D56; C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [241648 2011-02-25] (CyberLink)
R2 FoxitReaderService; C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitConnectedPDFService.exe [1659592 2016-10-13] (Foxit Software Inc.)
S4 FPLService; C:\Program Files (x86)\HP SimplePass 2012\TrueSuiteService.exe [260424 2011-08-26] (HP)
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [135496 2016-10-24] (SurfRight B.V.)
S4 hmevpnsvc; C:\Program Files (x86)\hide.me VPN\vpnsvc.exe [192720 2016-07-28] (eVenture Limited)
R2 HPAuto; C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe [682040 2011-02-17] (Hewlett-Packard)
S3 hpqcaslwmiex; C:\Program Files (x86)\HP\Shared\hpqwmiex.exe [1031704 2016-06-03] (HP)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [29760 2016-07-04] (HP Inc.)
S2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [346976 2011-03-14] ()
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2413056 2011-06-29] (Realsil Microelectronics Inc.) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 MbaeSvc; C:\Program Files (x86)\MalwarebytesAnti-Exploit\mbae-svc.exe [155088 2016-10-28] (Malwarebytes Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\mbam\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
S2 MBAMService; C:\Program Files (x86)\mbam\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
S4 Mobile Partner. RunOuc; C:\Program Files (x86)\Mobile Partner\UpdateDog\ouc.exe [650240 2013-03-01] () [File not signed]
R2 QHActiveDefense; C:\Program Files (x86)\360\Total Security\safemon\QHActiveDefense.exe [926632 2016-09-28] (QIHU 360 SOFTWARE CO. LIMITED)
S4 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1570520 2016-02-02] (Secunia)
S4 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [837848 2016-02-02] (Secunia)
R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [301568 2011-06-02] (IDT, Inc.) [File not signed]
R2 SZDrvSvc_General; C:\Program Files (x86)\seagate Drive Manager\SZDrvSvcM.exe [24792 2016-05-12] (Clarus, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2016-03-26] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 360AntiHacker; C:\Windows\System32\Drivers\360AntiHacker64.sys [151784 2016-09-28] (360.cn)
R3 360AvFlt; C:\Windows\System32\DRIVERS\360AvFlt.sys [86248 2016-09-28] (360.cn)
R3 360AvFlt; C:\Windows\SysWOW64\DRIVERS\360AvFlt.sys [86248 2016-09-28] (360.cn)
R1 360Box64; C:\Windows\System32\DRIVERS\360Box64.sys [330472 2016-09-28] (360.cn)
R1 360Camera; C:\Windows\System32\Drivers\360Camera64.sys [40520 2016-09-28] (360.cn)
R1 360FsFlt; C:\Windows\System32\DRIVERS\360FsFlt.sys [391392 2016-09-28] (360.cn)
R1 BAPIDRV; C:\Windows\System32\DRIVERS\BAPIDRV64.sys [188864 2016-09-28] (360.cn)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-11] (Broadcom Corporation)
R1 epp; C:\PROGRAM FILES\EMSISOFT INTERNET SECURITY\epp.sys [115832 2016-07-21] (Emsisoft Ltd)
R1 ESProtectionDriver; C:\Program Files (x86)\MalwarebytesAnti-Exploit\mbae64.sys [77416 2016-10-28] ()
R0 file_tracker; C:\Windows\System32\DRIVERS\file_tracker.sys [296736 2016-10-12] (Acronis International GmbH)
R3 FLxHCIh; C:\Windows\System32\DRIVERS\FLxHCIh.sys [86656 2016-09-06] (Fresco Logic)
R1 FWNDIS_LWF; C:\Windows\System32\DRIVERS\fwndislwf64.sys [204688 2016-06-30] ()
R1 fwwfp; C:\Program Files\Emsisoft Internet Security\fwwfp764.sys [144392 2016-06-30] ()
S3 huawei_wwanecm; C:\Windows\System32\DRIVERS\ew_juwwanecm.sys [241152 2012-12-03] (Huawei Technologies Co., Ltd.)
R0 MB3SwissArmy; C:\Windows\System32\drivers\MB3SwissArmy.sys [228800 2016-10-23] (Malwarebytes)
R1 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [140672 2016-03-10] (Malwarebytes)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-11-02] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64896 2016-03-10] (Malwarebytes Corporation)
S3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2016-02-02] (Secunia)
U5 RTSPER; C:\Windows\System32\Drivers\RTSPER.sys [753368 2015-06-15] (Realsil Semiconductor Corporation)
U5 RTSUER; C:\Windows\System32\Drivers\RTSUER.sys [402136 2015-05-27] (Realsil Semiconductor Corporation)
S3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [27136 2016-04-21] (The OpenVPN Project) [File not signed]
R2 tib; C:\Windows\System32\DRIVERS\tib.sys [1058632 2016-10-12] (Acronis International GmbH)
R2 tib_mounter; C:\Windows\System32\DRIVERS\tib_mounter.sys [248648 2016-10-12] (Acronis International GmbH)
S3 wdm_usb; C:\Windows\System32\DRIVERS\usb2ser.sys [159936 2016-08-16] (MBB)
S3 mvdM23; \??\C:\Program Files (x86)\seagate Drive Manager\mvdM23.sys [X]

========================== Drivers MD5 =======================

C:\Windows\system32\drivers\1394ohci.sys E96ECC2315E4F7B42973CEAADC727C18
C:\Windows\System32\Drivers\360AntiHacker64.sys 9CC33FFF3AA4725CC3EE1ABDBDAA4CBC
C:\Windows\System32\DRIVERS\360AvFlt.sys 06DC8E24D1846A26FFE978A51B73BBA0
C:\Windows\SysWOW64\DRIVERS\360AvFlt.sys 06DC8E24D1846A26FFE978A51B73BBA0
C:\Windows\System32\DRIVERS\360Box64.sys 03882DAC88F6C1CAD9101A9FC426B3EF
C:\Windows\System32\Drivers\360Camera64.sys D31541708A595BCA380105D44C2C2AD5
C:\Windows\System32\DRIVERS\360FsFlt.sys A83EC46BA2414BC4150D3151DFCF7955
C:\Windows\System32\DRIVERS\Accelerometer.sys 5C368F4B04ED2A923E6AFCA2D37BAFF5
C:\Windows\System32\drivers\ACPI.sys 6ECB3791368947C1E3588062325CCBD8
C:\Windows\system32\drivers\acpipmi.sys ==> MD5 is legit
C:\Windows\system32\drivers\adp94xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\adpahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\adpu320.sys ==> MD5 is legit
C:\Windows\system32\drivers\afd.sys 6621364405B22FB2C642CDB6B6DE751C
C:\Windows\system32\drivers\agp440.sys 2823C845E4108CD74EC035E8ADB32A2B
C:\Windows\system32\drivers\aliide.sys 56F1EA3065D386173EA976E7C8403E07
C:\Windows\system32\drivers\amdide.sys 9B66BA4D578B18A3A02607A49A46ED15
C:\Windows\system32\drivers\amdk8.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\atikmdag.sys 06778049A44C316E8D016039B9D14667
C:\Windows\System32\DRIVERS\atikmpag.sys 94B4028F0EEA1F166D78186A254676B5
C:\Windows\system32\drivers\amdppm.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdsata.sys AA8663311D3E7B711710AFAEE1825A2F
C:\Windows\system32\drivers\amdsbs.sys ==> MD5 is legit
C:\Windows\System32\drivers\amdxata.sys 0B5BFDCF705BF9F462B151FC5BE428B8
C:\Windows\system32\drivers\appid.sys 8B73FEE96B60EE597CBCAA735A842A36
C:\Windows\system32\drivers\arc.sys ==> MD5 is legit
C:\Windows\system32\drivers\arcsas.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit
C:\Windows\System32\drivers\atapi.sys C8AA50005E6461D5C2C247DBABBF2008
C:\Windows\system32\drivers\bxvbda.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\b57nd60a.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\BAPIDRV64.sys 2E21AD1D7B64A7A040181A61E61A1F39
C:\Windows\System32\DRIVERS\bcmwl664.sys 9E84A931DBEE0292E38ED672F6293A99
C:\Windows\System32\Drivers\Beep.sys B688235B47E8AC299B346692F736A562
C:\Windows\system32\drivers\blbdrive.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bowser.sys 2256F9C53417855F4AB2BD2D604FEDD2
C:\Windows\system32\drivers\BrFiltLo.sys ==> MD5 is legit
C:\Windows\system32\drivers\BrFiltUp.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legit
C:\Windows\system32\drivers\bthmodem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdrom.sys 7200A15FCDDECA736E97D2815A32A54F
C:\Windows\system32\drivers\circlass.sys ==> MD5 is legit
C:\Windows\System32\CLFS.sys 4BC058AF1AA60D540D216DF3EB26F2C9
C:\Windows\System32\DRIVERS\clwvd.sys 50F92C943F18B070F166D019DFAB3D9A
C:\Windows\system32\drivers\CmBatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\cmdide.sys 4B47BBF1744551C2BE1469DAA66C1038
C:\Windows\System32\Drivers\cng.sys 3323F76352B0AF14B2CDC4DFBF3E980A
C:\Windows\System32\drivers\compbatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\CompositeBus.sys ==> MD5 is legit
C:\Windows\system32\drivers\crcdisk.sys ==> MD5 is legit
C:\Windows\System32\Drivers\dfsc.sys 9B38580063D281A99E68EF5813022A5F
C:\Windows\System32\drivers\discache.sys 3322A9E3CD6CD76729CBD1D96C1C3103
C:\Windows\System32\drivers\disk.sys 97659D0CEBCF0DB9C265D3DE1B116ECF
C:\Windows\system32\drivers\drmkaud.sys A1A42D99C70331B86B7B574598BDCA3A
C:\Windows\System32\drivers\dxgkrnl.sys 3A9D7D464BDB3B70D7ECF689ADABBD4D
C:\Windows\system32\drivers\evbda.sys ==> MD5 is legit
C:\Windows\system32\drivers\elxstor.sys ==> MD5 is legit
C:\PROGRAM FILES\EMSISOFT INTERNET SECURITY\epp.sys F25A2EBFEB9814C048DAC62D0CB8C83B
C:\Windows\system32\drivers\errdev.sys 7D8430241B482BC2BC8EACFD056C5F14
C:\Program Files (x86)\MalwarebytesAnti-Exploit\mbae64.sys C8BF715A44EBC22E6E8D8BAE72A2AA01
C:\Windows\System32\DRIVERS\ew_hwusbdev.sys 86F7951BBCEE4A86E79A97306BD14318
C:\Windows\System32\DRIVERS\ew_usbenumfilter.sys FF82FE59664304F75FC56EC0E92796F0
C:\Windows\System32\Drivers\exfat.sys ==> MD5 is legit
C:\Windows\System32\Drivers\fastfat.sys ==> MD5 is legit
C:\Windows\system32\drivers\fdc.sys ==> MD5 is legit
C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legit
C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\file_tracker.sys 72CC30F0D6DF8D3FBD5CD728259A8F69
C:\Windows\system32\drivers\flpydisk.sys ==> MD5 is legit
C:\Windows\System32\drivers\fltmgr.sys 1010630ABAA94551C88EF3F111E5DB76
C:\Windows\System32\DRIVERS\fltsrv.sys 9BD0273A5B650CC16E8A54AD9B312BEB
C:\Windows\System32\DRIVERS\FLxHCIc.sys 73A2A69CC5A0CA73D129E32D2A0CF13D
C:\Windows\System32\DRIVERS\FLxHCIh.sys FD3B4BAE2E90B9A175F29DB9B25EEFB3
C:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Fs_Rec.sys EC4F611CEB6B65672EEF06928C2CEB8C
C:\Windows\System32\DRIVERS\fvevol.sys 21B39456D89EE661F20F08082292DC9F
C:\Windows\System32\DRIVERS\fwndislwf64.sys 1480F5E5EB49487F8B040F4340561928
C:\Program Files\Emsisoft Internet Security\fwwfp764.sys 4D63610045043CD9A0BA81EA13739BB0
C:\Windows\system32\drivers\gagp30kx.sys ==> MD5 is legit
C:\Windows\system32\drivers\hcw85cir.sys ==> MD5 is legit
C:\Windows\system32\drivers\HdAudio.sys 345AC81C44BC37685725D78CB641F28F
C:\Windows\system32\drivers\HDAudBus.sys 45DAAFD1056B8942C5038EFFD285658D
C:\Windows\system32\drivers\HidBatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\hidbth.sys 387C19A65ECADEB9D27E80F27D882FCF
C:\Windows\system32\drivers\hidir.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\hidusb.sys D150C09088401493980E7A80CFA091FE
C:\Windows\System32\DRIVERS\hpdskflt.sys 4E0BEC0F78096FFD6D3314B497FC49D3
C:\Windows\system32\drivers\HpSAMD.sys ==> MD5 is legit
C:\Windows\System32\drivers\HTTP.sys 059D2AFA7C79FFDE302A4A440E9B8E55
C:\Windows\System32\DRIVERS\ew_jucdcacm.sys 4205571B46BAF3A43D43A9804810DF9A
C:\Windows\System32\DRIVERS\ew_jubusenum.sys F6C1661C55EAAD2DD9FBB37D5DF1A011
C:\Windows\System32\DRIVERS\ew_juextctrl.sys F7D991E5EA0433DBAEEE186CAD2BEBC9
C:\Windows\System32\DRIVERS\ew_juwwanecm.sys 06D9644E6BD7AD1C18B78D4D4EE87586
C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\i8042prt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\iaStor.sys 2FDAEC4B02729C48C0FD1B0B4695995B
C:\Windows\system32\drivers\iaStorV.sys 58A8CCA18210A9096B626B08EACC0B28
C:\Windows\System32\DRIVERS\idmwfp.sys E7C2076C9A9194839CEAF98904BC9A7F
C:\Windows\System32\DRIVERS\igdkmd64.sys 33FAA40B288002C89529DBD14F3AB72C
C:\Windows\system32\drivers\iirsp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\IntcDAud.sys FC727061C0F47C8059E88E05D5C8E381
C:\Windows\system32\drivers\intelide.sys 74D9B6BDA6F9CDAF7E19F5A33B63EBC9
C:\Windows\System32\DRIVERS\igdpmd64.sys 33FAA40B288002C89529DBD14F3AB72C
C:\Windows\System32\DRIVERS\intelppm.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\IPMIDrv.sys 63C9FB04EECFA385BC092D9B41E85990
C:\Windows\System32\drivers\ipnat.sys 9774AA4661A30E0ADCEA48B5A1B9F4B7
C:\Windows\System32\drivers\irenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\isapnp.sys E3DBCD75AA78937303E54E0946669959
C:\Windows\system32\drivers\msiscsi.sys 7A9C4A7DAE277FC177D60E4C75164763
C:\Windows\system32\drivers\kbdclass.sys C3CEAAF93C02A205B0712DEF98BAE544
C:\Windows\system32\drivers\kbdhid.sys 73DD773AC3F96B229AF7C6BB0D9009FE
C:\Windows\System32\Drivers\ksecdd.sys CF11CC2B73D5155533C67354F9188E09
C:\Windows\System32\Drivers\ksecpkg.sys 2E56D51B184EFB8E353B7AF446299DC8
C:\Windows\system32\drivers\ksthunk.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_fc.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_sas.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_sas2.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_scsi.sys ==> MD5 is legit
C:\Windows\system32\drivers\luafv.sys ==> MD5 is legit
C:\Windows\System32\drivers\MB3SwissArmy.sys 63A21EA86645B123AA785B67B42DF14A
C:\Windows\system32\drivers\mbamchameleon.sys 1239597BAB7EED2BB16D035AF87E65D9
C:\Windows\system32\drivers\mbam.sys 78BFF5425E044086E74E78650A359FBB
C:\Windows\system32\drivers\MBAMSwissArmy.sys 78488AF2AB2111D67B3C4044707A519B
C:\Windows\system32\drivers\mwac.sys 452ACB7A9914398D9E18CCCFFCF92208
C:\Windows\system32\drivers\megasas.sys ==> MD5 is legit
C:\Windows\system32\drivers\MegaSR.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\HECIx64.sys A6518DCC42F7A6E999BB3BEA8FD87567
C:\Windows\System32\drivers\modem.sys DFDA7308112839CE14D5F2C92B62607A
C:\Windows\System32\DRIVERS\monitor.sys 419D67778CA8B7DFFB39DF3FCE3EE351
C:\Windows\System32\DRIVERS\mouclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouhid.sys ==> MD5 is legit
C:\Windows\System32\drivers\mountmgr.sys 8ADB5445B29941CB41AF2846FD5C93C7
C:\Windows\system32\drivers\mpio.sys AE8932E3B623A75B547F8CB71D70C469
C:\Windows\System32\drivers\mpsdrv.sys 5F46B69809CE21701289300B6B668684
C:\Windows\system32\drivers\mrxdav.sys 98DB1790F0A584E0A2528B92B052417F
C:\Windows\System32\DRIVERS\mrxsmb.sys FCA01B0C70DAE9BE557577E719469D17
C:\Windows\System32\DRIVERS\mrxsmb10.sys 386BE96797C5B480AD31E8B50CEE337C
C:\Windows\System32\DRIVERS\mrxsmb20.sys 841474CF2EB14F826038FBCC7D85B857
C:\Windows\System32\drivers\msahci.sys 0C7033B1EF362F6C1F74E3E41B2306B8
C:\Windows\system32\drivers\msdsm.sys A75ADF411CF22D1C57AE40773BE51CDC
C:\Windows\System32\Drivers\Msfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legit
C:\Windows\System32\drivers\msisadrv.sys 5BDBD4F3C00E887B7FA8E416CD146855
C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legit
C:\Windows\System32\Drivers\MsRPC.sys ==> MD5 is legit
C:\Windows\system32\drivers\mssmbios.sys AEF3CB71F17CB9D8C6A3B49D3CDE5E22
C:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legit
C:\Windows\system32\drivers\MTConfig.sys ==> MD5 is legit
C:\Windows\System32\Drivers\mup.sys ADF51F0215E71361B35FA2C5D3F49D66
C:\Windows\System32\DRIVERS\nwifi.sys FC380F5585171EE88045247D12F21242
C:\Windows\System32\drivers\ndis.sys 8664770EC3CF87492AD1CDDA424FD3CB
C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndistapi.sys 8196473CCF244832109BE0F5BEFD7C4D
C:\Windows\System32\DRIVERS\ndisuio.sys A17CC85238E2D08E0C44A8FE3DC3B192
C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit
C:\Windows\System32\Drivers\NDProxy.sys 357C6186EBE2B4065080A06F740DCB34
C:\Windows\System32\DRIVERS\netbios.sys 7FA2D0AC5EA6E10013AC4B7D300BD906
C:\Windows\System32\DRIVERS\netbt.sys E47D571FEC2C76E867935109AB2A770C
C:\Windows\system32\drivers\nfrd960.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Npfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys 7D00B92D4803354BC6616A293A24C119
C:\Windows\System32\Drivers\Ntfs.sys DF54A465B6C6AA7A306D03B9B1D2B61E
C:\Windows\System32\Drivers\Null.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\nvm62x64.sys A85B4F2EF3A7304A5399EF0526423040
C:\Windows\system32\drivers\nvraid.sys C58189F39002E5E483C0B8BF728E8343
C:\Windows\system32\drivers\nvstor.sys 77497B64AEAC221A081D2EE7C80B1CF4
C:\Windows\system32\drivers\nv_agp.sys 1317382EDFDF491DA4CB3BACFF058A52
C:\Windows\system32\drivers\ohci1394.sys C1E10246E2F0436D0AFD147E8F28391F
C:\Windows\system32\drivers\parport.sys 0E75370C05A7AB23E3B05840BA9E1935
C:\Windows\System32\drivers\partmgr.sys B38E9BF9A0A43B0E84731CE83541D710
C:\Windows\System32\drivers\pci.sys E8EDD0D68FB3D1FD1B1EB410DC8E87BC
C:\Windows\system32\drivers\pciide.sys 7D7E0DC331C675B35627B9E2C4ED1B4B
C:\Windows\system32\drivers\pcmcia.sys ==> MD5 is legit
C:\Windows\System32\drivers\pcw.sys ==> MD5 is legit
C:\Windows\System32\drivers\peauth.sys EA4D67448BE493D543F1730D6CD04694
C:\Windows\System32\DRIVERS\raspptp.sys 0E13F3D32ED2C76B3485294E43040738
C:\Windows\system32\drivers\processr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\psi_mf_amd64.sys DD3FD48D69F5FBBB21D46D1514C1C2DB
C:\Windows\system32\drivers\ql2300.sys ==> MD5 is legit
C:\Windows\system32\drivers\ql40xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\qwavedrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\AgileVpn.sys FCBC6E55B7EAFEE6E26B5AF77441DD2A
C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspppoe.sys 64908FACD0C3EAE09E4FDF251A4B2792
C:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rdbss.sys 7FC7357E1FA467EB68F405B1B5FEE365
C:\Windows\system32\drivers\rdpbus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\RDPCDD.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legit
C:\Windows\System32\Drivers\RDPWD.sys 79062C89658D3E71097E0CB7A85B7E46
C:\Windows\System32\drivers\rdyboost.sys 53E15480838EB8550D80A8796982C7EE
C:\Windows\System32\DRIVERS\revoflt.sys 9C3AC71A9934B884FAC567A8807E9C4D
C:\Windows\System32\DRIVERS\RtsPStor.sys 1F5E7AF59B390261A85F5BEDB1BB88B3
C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\Rt64win7.sys ED5873F7DFB2F96D37F13322211B6BDC
C:\Windows\System32\DRIVERS\rtl8192Ce.sys F33E70E48A54A7A1BFBEEB4F3B273E4A
C:\Windows\system32\drivers\sbp2port.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\scfilter.sys 53CE84F6E4FABFC5AB47375546E1303D
C:\Windows\System32\DRIVERS\sdbus.sys 41C99EBC203B0215B9C0E3D0A4DE361C
C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\serenum.sys 38B4E056D31DF16EC0EB5884F65B1979
C:\Windows\system32\drivers\serial.sys F9DF63C7E70CBAC77EB07E454B35AB2A
C:\Windows\system32\drivers\sermouse.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffdisk.sys 5E332126E8DBAB045A21D623EA5A0488
C:\Windows\system32\drivers\sffp_mmc.sys C7CF5601AEBC0AFD053C065998E312B1
C:\Windows\system32\drivers\sffp_sd.sys 4530300DB74296B77FCC9E549E0C3752
C:\Windows\system32\drivers\sfloppy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\Sftfslh.sys 21AB491BBCC8C1B26FDC402A374AB196
C:\Windows\System32\DRIVERS\Sftplaylh.sys 3B8D43FEEFF7A187534DDDFD675FE123
C:\Windows\System32\DRIVERS\Sftredirlh.sys F1D1B1DC7A8765A09D7640FBF8D20970
C:\Windows\System32\DRIVERS\Sftvollh.sys B3B9ADE7F8C4AF0C20E712E040588543
C:\Windows\system32\drivers\SiSRaid2.sys ==> MD5 is legit
C:\Windows\system32\drivers\sisraid4.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\snapman.sys 2F7A6F88A9516EB47B0BF13024434244
C:\Windows\System32\Drivers\spldr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\srv.sys EC666682FE8344CF7E6ED69E74FA9F4F
C:\Windows\System32\DRIVERS\srv2.sys E450C0318DCE8ED28ED272C8806B8495
C:\Windows\System32\DRIVERS\VSTAZL6.SYS 0C4540311E11664B245A263E1154CEF8
C:\Windows\System32\DRIVERS\VSTDPV6.SYS 02071D207A9858FBE3A48CBFD59C4A04
C:\Windows\System32\DRIVERS\VSTCNXT6.SYS 18E40C245DBFAF36FD0134A7EF2DF396
C:\Windows\System32\DRIVERS\srvnet.sys 9C12C78AD36C23D925711A4640228225
C:\Windows\system32\drivers\stexstor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\stwrt64.sys 6374AB1C9E23F2BA68A25F1619A79E03
C:\Windows\system32\drivers\swenum.sys 5485470D82D50777757AF985776474BD
C:\Windows\System32\DRIVERS\SynTP.sys 772493A8945495F1A287BF6C4CA25B48
C:\Windows\System32\DRIVERS\tap0901.sys D765F43CBEA72D14C04AF3D2B9C8E54B
C:\Windows\System32\drivers\tcpip.sys FF92A3BBFA7E7CB71B1892BF13AB8AFF
C:\Windows\System32\DRIVERS\tcpip.sys FF92A3BBFA7E7CB71B1892BF13AB8AFF
C:\Windows\System32\drivers\tcpipreg.sys 7D5ACA08ACF6F39441C09E0C3E397138
C:\Windows\System32\drivers\tdpipe.sys 5FB705F7D93059B059900F2C6F7DE76B
C:\Windows\System32\drivers\tdtcp.sys CEB11D6BB417E3E26CD0FEFDCAD5A052
C:\Windows\System32\DRIVERS\tdx.sys 106269AB8623435C130A33DCA499A7EF
C:\Windows\system32\drivers\termdd.sys DF87E778D5EDC3F8959C6AB05A9C4E39
C:\Windows\System32\DRIVERS\tib.sys AEEEB1EE424A8D6F17B3A6461E0FC7E6
C:\Windows\System32\DRIVERS\tib_mounter.sys 3813F93D8A69EDE68913CC3050640FE3
C:\Windows\System32\DRIVERS\tssecsrv.sys 9E5A819FA3016108CED020FE621CB0AE
C:\Windows\System32\drivers\tsusbflt.sys ==> MD5 is legit
C:\Windows\system32\drivers\TsUsbGD.sys 9CC2CCAE8A84820EAECB886D477CBCB8
C:\Windows\System32\DRIVERS\tunnel.sys 06BC523D39A2E6A9FBAED812C7A5ED6B
C:\Windows\system32\drivers\uagp35.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\udfs.sys 8DE87C94A4938BF4C21C310077DB22BD
C:\Windows\system32\drivers\uliagpkx.sys F76C937416EE9A617FF5519370EEA1A1
C:\Windows\System32\DRIVERS\umbus.sys C77B614D818386596EC5540E318AE034
C:\Windows\system32\drivers\umpass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbccgp.sys 3676F1F15EC8953F05AE618A049891ED
C:\Windows\system32\drivers\usbcir.sys 710EE0EEDFF1DB5089397CCBBBD80C58
C:\Windows\System32\DRIVERS\usbehci.sys E94288914A796BD942D8FCCFEC91E34D
C:\Windows\System32\DRIVERS\usbhub.sys FEAA37A971ACA6F2AED20551E5E3E5ED
C:\Windows\system32\drivers\usbohci.sys 19317FFA87F6AD97EB56E8C520C6CC97
C:\Windows\system32\drivers\usbprint.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\USBSTOR.SYS 18C50A2277BCB1509A27F91A07377263
C:\Windows\system32\drivers\usbuhci.sys F906A62B9F67CD98761D6767964B426A
C:\Windows\System32\Drivers\usbvideo.sys F8C3A8F142473F8F66C105730756658D
C:\Windows\System32\DRIVERS\usb8023x.sys 7469672BB2A36B65FFDB794895BB62E3
C:\Windows\System32\drivers\vdrvroot.sys DB25700CE057D426102AB5A2259F275B
C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit
C:\Windows\System32\drivers\vga.sys ==> MD5 is legit
C:\Windows\system32\drivers\vhdmp.sys FF0E9994E61F7D9778DB1C4E6F3F25F5
C:\Windows\system32\drivers\viaide.sys 2B6E179E984F5A11521F8FE1EA6BAE83
C:\Windows\System32\drivers\volmgr.sys 95B852EC9A799A1FDAD33A8F8FDE8818
C:\Windows\System32\drivers\volmgrx.sys 758824D06738A437E56304FC1D400F7F
C:\Windows\System32\drivers\volsnap.sys B52F1F5F55CD773BA89E5739B82E9C34
C:\Windows\system32\drivers\vsmraid.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwifibus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwififlt.sys 97B4B3EB0CCEA0D020CC26A308921B9E
C:\Windows\System32\DRIVERS\vwifimp.sys 805E24052C59972E395BA79B4159216A
C:\Windows\system32\drivers\wacompen.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys 7AF9F1F2BAF52266096501BBBEEE62A9
C:\Windows\System32\DRIVERS\wanarp.sys 7AF9F1F2BAF52266096501BBBEEE62A9
C:\Windows\system32\drivers\wd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wdcsam64.sys ==> MD5 is legit
C:\Windows\System32\drivers\Wdf01000.sys 37CE6867FC4A6827009A713A9737262C
C:\Windows\System32\DRIVERS\usb2ser.sys 9955F303C20C4F58DB6645C6248DE1C8
C:\Windows\System32\DRIVERS\wfplwf.sys 7575DC87DF112AC0C6E95A0F87915CDC
C:\Windows\System32\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\SysWOW64\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\WinUSB.sys 6F96FDED5AFAC6151E94430F2C1EA833
C:\Windows\system32\drivers\wmiacpi.sys 241A2D103E5F63A69B130D7C344A228D
C:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legit
C:\Windows\System32\drivers\WudfPf.sys AB886378EEB55C6C75B4F2D14B6C869F
C:\Windows\System32\DRIVERS\WUDFRd.sys DDA4CAF29D8C0A297F886BFE561E6659

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-11-03 19:09 - 2016-11-03 20:10 - 00000000 ____D C:\FRST
2016-11-03 19:08 - 2016-11-03 20:10 - 00000000 ____D C:\Users\naveen-standard\Desktop\frst
2016-11-03 15:44 - 2016-11-03 15:45 - 02326600 _____ C:\Users\naveen-standard\Downloads\SharewareOnSale_Giveaway_Nov-2-2016_Corel_AfterShot_3_hub.exe
2016-11-03 15:44 - 2016-11-03 15:44 - 02366696 _____ C:\Users\naveen-standard\Downloads\SharewareOnSale_Giveaway_Nov-2-2016_EZ_Game_Booster_PRO_hub.exe
2016-11-02 23:13 - 2016-11-02 23:13 - 00195081 _____ C:\Users\naveen-standard\Desktop\choosing-anti-virus-software-784.pdf
2016-11-02 19:15 - 2016-11-02 19:15 - 00448512 _____ (OldTimer Tools) C:\Users\naveen-standard\Downloads\TFC.exe
2016-11-02 19:05 - 2016-11-02 19:06 - 04049670 _____ C:\Users\naveen-standard\Desktop\Cylance - Advanced Threat Prevention Built on Artificial Intelligence.WEBM
2016-11-02 18:52 - 2016-11-02 18:55 - 64922472 _____ (Steganos Software GmbH) C:\Users\naveen-standard\Downloads\sss17intwr.exe
2016-11-02 18:49 - 2016-11-02 18:51 - 53406617 _____ C:\Users\naveen-standard\Desktop\winx-hd-video-converter-deluxe-giveaway.zip
2016-11-02 17:18 - 2016-11-02 17:36 - 00000109 _____ C:\Users\naveen-standard\Desktop\New Text Document.txt
2016-11-02 14:55 - 2016-11-02 14:55 - 00000911 _____ C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk
2016-11-02 14:55 - 2016-11-02 14:55 - 00000000 ____D C:\Users\ADMIN\AppData\Local\VS Revo Group
2016-11-02 14:55 - 2016-11-02 14:55 - 00000000 ____D C:\ProgramData\VS Revo Group
2016-11-02 14:55 - 2016-11-02 14:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro
2016-11-02 14:55 - 2016-11-02 14:55 - 00000000 ____D C:\Program Files\Revo Uninstaller Pro
2016-11-02 14:55 - 2009-12-30 11:21 - 00031800 _____ (VS Revo Group) C:\Windows\system32\Drivers\revoflt.sys
2016-11-02 14:53 - 2016-11-02 14:54 - 11432112 _____ (VS Revo Group ) C:\Users\naveen-standard\Downloads\RevoUninProSetup.exe
2016-11-02 14:29 - 2016-11-02 14:29 - 00000000 ____D C:\Users\naveen-standard\Desktop\tdsskiller
2016-11-02 14:15 - 2016-11-02 14:15 - 00046005 _____ C:\Users\naveen-standard\Desktop\Blackoutdays2015.pdf
2016-11-01 20:24 - 2016-11-01 22:35 - 00000000 ____D C:\Users\naveen-standard\Desktop\speed maths
2016-10-31 21:08 - 2016-10-31 21:09 - 02294600 _____ C:\Users\naveen-standard\Downloads\SharewareOnSale_Giveaway_Oct-28-2016_Ashampoo_Internet_Accelerator_3_hub.exe
2016-10-31 21:07 - 2016-10-31 21:08 - 02235072 _____ C:\Users\naveen-standard\Downloads\SharewareOnSale_Giveaway_Oct-30-2016_Undelete_Wizard_hub.exe
2016-10-28 23:41 - 2016-10-28 23:41 - 00003988 _____ C:\Windows\System32\Tasks\lenovo mobile auto run
2016-10-28 23:40 - 2016-10-28 23:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mobile Assistant
2016-10-28 23:40 - 2016-10-28 23:40 - 00000000 ____D C:\Program Files (x86)\MagicPlus
2016-10-28 23:40 - 2016-10-28 23:40 - 00000000 ____D C:\MagicPlusMini
2016-10-28 19:57 - 2016-11-03 18:34 - 00000000 ____D C:\Users\naveen-standard\Desktop\copied
2016-10-28 14:38 - 2016-10-28 14:38 - 00216217 _____ C:\Users\naveen-standard\Desktop\FINAL_RESULT_JA_REGULAR_BACKLOG_2016.pdf
2016-10-28 08:47 - 2016-10-28 08:47 - 00000000 ____D C:\Users\naveen-standard\AppData\Local\Clarus
2016-10-28 08:45 - 2016-10-28 08:48 - 00000000 ____D C:\Users\naveen-standard\Desktop\kis rescue usb not booting
2016-10-28 08:12 - 2016-10-28 08:14 - 00000000 ____D C:\Users\naveen-standard\Desktop\make usb bootable
2016-10-28 07:38 - 2016-10-28 07:38 - 02774048 _____ C:\Users\naveen-standard\Downloads\SharewareOnSale_Giveaway_Oct-24-2016_AllMyNotes_Organizer_Deluxe_hub_2.exe
2016-10-28 07:31 - 2016-10-28 07:31 - 02637288 _____ C:\Users\naveen-standard\Downloads\SharewareOnSale_Giveaway_Sep-20-2016_Ashampoo_HDD_Control_2017_hub.exe
2016-10-28 07:22 - 2016-10-28 07:23 - 02284896 _____ C:\Users\naveen-standard\Downloads\SharewareOnSale_Giveaway_Aug-18-2016_Ashampoo_Burning_Studio_2016_hub.exe
2016-10-28 07:22 - 2016-10-28 07:23 - 02210104 _____ C:\Users\naveen-standard\Downloads\SharewareOnSale_Giveaway_Sep-6-2016_64-bit_Paragon_Backup__Recovery_16_hub.exe
2016-10-28 07:22 - 2016-10-28 07:22 - 02210104 _____ C:\Users\naveen-standard\Downloads\SharewareOnSale_Giveaway_Sep-6-2016_32-bit_Paragon_Backup__Recovery_16_hub.exe
2016-10-28 07:21 - 2016-10-28 07:21 - 02231848 _____ C:\Users\naveen-standard\Downloads\SharewareOnSale_Giveaway_Aug-18-2016_Ashampoo_Media_Sync_hub.exe
2016-10-28 07:20 - 2016-10-28 07:21 - 02756901 _____ C:\Users\naveen-standard\Downloads\SharewareOnSale_Giveaway_Oct-24-2016_AllMyNotes_Organizer_Deluxe_hub.exe
2016-10-28 07:19 - 2016-10-28 07:19 - 02707248 _____ C:\Users\naveen-standard\Downloads\SharewareOnSale_Giveaway_Aug-18-2016_Ashampoo_Cover_Studio_2017_hub.exe
2016-10-28 07:18 - 2016-10-28 07:19 - 02468968 _____ C:\Users\naveen-standard\Downloads\SharewareOnSale_Giveaway_Aug-18-2016_64-bit_Nektra_SpyStudio_hub.exe
2016-10-28 07:18 - 2016-10-28 07:19 - 02294648 _____ C:\Users\naveen-standard\Downloads\SharewareOnSale_Giveaway_Aug-18-2016_Ashampoo_WinOptimizer_2016_hub.exe
2016-10-28 07:18 - 2016-10-28 07:18 - 02468968 _____ C:\Users\naveen-standard\Downloads\SharewareOnSale_Giveaway_Aug-18-2016_32-bit_Nektra_SpyStudio_hub.exe
2016-10-28 07:15 - 2016-10-28 07:15 - 02190528 _____ C:\Users\naveen-standard\Downloads\SharewareOnSale_Giveaway_Aug-18-2016_Ad-Aware_Web_Companion_PRO_hub.exe
2016-10-28 07:14 - 2016-10-28 07:15 - 02642160 _____ C:\Users\naveen-standard\Downloads\SharewareOnSale_Giveaway_Aug-18-2016_Ashampoo_Backup_2016_hub.exe
2016-10-28 07:12 - 2016-10-28 07:13 - 02224776 _____ C:\Users\naveen-standard\Downloads\SharewareOnSale_Giveaway_Oct-25-2016_AlomWare_Actions_hub.exe
2016-10-28 07:10 - 2016-10-28 07:11 - 02210256 _____ C:\Users\naveen-standard\Downloads\SharewareOnSale_Giveaway_Oct-26-2016_Eassos_System_Restore_hub.exe
2016-10-28 06:45 - 2016-10-28 06:45 - 00000000 ____D C:\Users\naveen-standard\AppData\Roaming\U3
2016-10-28 06:42 - 2016-10-28 08:43 - 00000000 ____D C:\Users\naveen-standard\Desktop\kasp rescue
2016-10-28 06:36 - 2016-10-28 08:42 - 00000000 ____D C:\Users\naveen-standard\Desktop\kav-rescue
2016-10-27 13:22 - 2016-10-27 13:22 - 00000855 _____ C:\Users\Public\Desktop\Recover Keys.lnk
2016-10-27 13:22 - 2016-10-27 13:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Recover Keys
2016-10-27 13:22 - 2016-10-27 13:22 - 00000000 ____D C:\Program Files\Recover Keys
2016-10-27 13:16 - 2016-10-27 13:30 - 00000000 ____D C:\Users\naveen-standard\Desktop\Nuclear Coffee Recover Keys v9.0.3.168
2016-10-27 12:36 - 2016-10-28 06:47 - 00000000 ____D C:\Users\naveen-standard\Desktop\New folder
2016-10-27 12:11 - 2016-11-01 00:46 - 00003110 _____ C:\Windows\System32\Tasks\BDAntiCryptoWallTask
2016-10-27 11:55 - 2016-10-27 11:55 - 00001279 _____ C:\Users\Public\Desktop\Foxit Reader.lnk
2016-10-27 11:55 - 2016-10-27 11:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader
2016-10-27 11:54 - 2016-10-27 11:54 - 00000000 ____D C:\Program Files (x86)\Foxit Software
2016-10-27 11:53 - 2016-10-27 11:53 - 61860723 _____ C:\Users\naveen-standard\Desktop\Do You Know God- - YouTube.MP4
2016-10-27 11:44 - 2016-10-27 12:00 - 42095667 _____ C:\Users\naveen-standard\Desktop\You Can't Trust Science! - YouTube.MP4
2016-10-27 11:24 - 2016-10-27 11:30 - 32262960 _____ (MiniTool Solution Ltd. ) C:\Users\naveen-standard\Downloads\pwfree91.exe
2016-10-27 11:07 - 2016-10-27 11:08 - 01662516 _____ C:\Users\naveen-standard\Desktop\Kickstart-User-Manual.pdf
2016-10-27 11:02 - 2016-11-03 18:33 - 00000000 ____D C:\Users\Public\Documents\Heimdal Security
2016-10-27 10:57 - 2016-11-03 19:55 - 00000000 ____D C:\ProgramData\Heimdal Security
2016-10-27 10:50 - 2016-10-27 10:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BDAntiRansomware
2016-10-27 10:50 - 2016-10-27 10:50 - 00000000 ____D C:\Program Files\Bitdefender
2016-10-27 10:49 - 2016-10-27 10:50 - 04703248 _____ (Bitdefender ) C:\Users\naveen-standard\Downloads\BDAntiRansomwareSetup.exe
2016-10-27 10:33 - 2016-10-27 10:54 - 37892136 _____ (Malwarebytes ) C:\Users\naveen-standard\Downloads\MBARW_Setup_2.exe
2016-10-27 00:49 - 2016-11-03 16:50 - 00000527 _____ C:\Users\naveen-standard\ticket1.xml
2016-10-27 00:49 - 2016-10-27 00:49 - 00000000 ____D C:\Users\naveen-standard\.android
2016-10-25 03:36 - 2016-10-27 20:46 - 00000000 ____D C:\Users\naveen-standard\AppData\Roaming\Launchy
2016-10-25 03:08 - 2016-10-27 20:46 - 00000000 ____D C:\Users\ADMIN\AppData\Roaming\Launchy
2016-10-25 03:07 - 2016-10-27 20:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Launchy
2016-10-25 03:07 - 2016-10-27 20:46 - 00000000 ____D C:\Program Files (x86)\Launchy
2016-10-25 02:17 - 2016-10-25 02:23 - 00000000 ____D C:\Users\naveen-standard\AppData\Local\Safer Technologies
2016-10-25 02:08 - 2016-10-25 02:16 - 00000000 ____D C:\Program Files (x86)\Safer Technologies
2016-10-25 02:06 - 2016-10-27 20:46 - 00000000 __HDC C:\ProgramData\{A3A26C56-02C3-4F76-A033-12EE2FB52AE6}
2016-10-25 02:06 - 2016-10-25 02:06 - 00000000 ____D C:\Users\ADMIN\AppData\Roaming\Stardock
2016-10-25 02:06 - 2016-10-25 02:06 - 00000000 ____D C:\Users\ADMIN\AppData\Local\PackageAware
2016-10-25 02:00 - 2016-10-25 02:11 - 44521286 _____ C:\Users\naveen-standard\Downloads\nexus.zip
2016-10-25 01:57 - 2016-10-27 20:46 - 00000000 __HDC C:\Users\naveen-standard\AppData\Local\{A3A26C56-02C3-4F76-A033-12EE2FB52AE6}
2016-10-25 01:57 - 2016-10-25 01:57 - 00000000 ____D C:\Users\naveen-standard\AppData\Roaming\Stardock
2016-10-25 01:56 - 2016-10-25 01:56 - 00000000 ____D C:\Users\naveen-standard\AppData\Local\PackageAware
2016-10-25 01:56 - 2016-10-25 01:56 - 00000000 ____D C:\Program Files (x86)\Stardock
2016-10-24 11:37 - 2016-10-27 21:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2016-10-24 11:37 - 2016-10-27 07:49 - 00000000 ____D C:\Program Files\HitmanPro
2016-10-24 11:36 - 2016-10-24 11:51 - 00000000 ____D C:\ProgramData\HitmanPro
2016-10-24 11:26 - 2016-10-24 11:36 - 11579432 _____ (SurfRight B.V.) C:\Users\naveen-standard\Downloads\hitmanpro_x64.exe
2016-10-21 23:07 - 2016-10-21 23:07 - 06613872 _____ (McAfee Inc.) C:\Users\naveen-standard\Downloads\realprotect.exe
2016-10-21 06:44 - 2016-10-21 06:44 - 01255136 _____ C:\Users\naveen-standard\Downloads\SecureBrowserSetup.exe
2016-10-20 06:19 - 2016-10-20 06:19 - 00000874 _____ C:\Users\ADMIN\Desktop\PotPlayer 64 bit.lnk
2016-10-20 06:13 - 2016-10-20 06:13 - 01448809 _____ (DOSBox Team) C:\Users\naveen-standard\Downloads\DOSBox0.74-win32-installer.exe
2016-10-20 06:09 - 2016-10-20 06:12 - 21556560 _____ (Kakao) C:\Users\naveen-standard\Downloads\PotPlayerSetup64_2.exe
2016-10-19 06:20 - 2016-10-19 06:20 - 00000000 ____D C:\Users\naveen-standard\AppData\Roaming\Lenovo
2016-10-19 01:37 - 2016-10-28 23:41 - 00000527 _____ C:\Users\ADMIN\ticket1.xml
2016-10-19 01:37 - 2016-10-19 01:37 - 00000000 ____D C:\Users\ADMIN\.android
2016-10-19 01:36 - 2016-10-28 23:41 - 00000000 ____D C:\Users\ADMIN\AppData\Roaming\Lenovo
2016-10-19 01:35 - 2016-10-19 01:35 - 00000000 ____D C:\Program Files (x86)\LenovoUsbDriver
2016-10-18 18:04 - 2016-11-01 18:22 - 00000000 ____D C:\Users\naveen-standard\Downloads\completed
2016-10-18 03:21 - 2016-10-18 03:41 - 00000000 ____D C:\Users\ADMIN\AppData\Local\iWesoft
2016-10-18 03:21 - 2016-10-18 03:21 - 00001276 _____ C:\Users\ADMIN\Desktop\Instagram Downloader.lnk
2016-10-18 03:21 - 2016-10-18 03:21 - 00000000 ____D C:\Users\ADMIN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Instagram Downloader
2016-10-18 03:21 - 2016-10-18 03:21 - 00000000 ____D C:\Program Files (x86)\Instagram Downloader
2016-10-18 01:48 - 2016-10-18 01:48 - 00001782 _____ C:\Users\naveen-standard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Facebook Desktop.lnk
2016-10-18 01:48 - 2016-10-18 01:48 - 00000000 ____D C:\Program Files (x86)\fb
2016-10-18 01:44 - 2016-10-18 01:44 - 00000000 ____D C:\Users\naveen-standard\AppData\Local\FaceBookPro
2016-10-18 01:42 - 2016-10-18 01:42 - 00157184 _____ C:\Users\naveen-standard\Downloads\FaceBookPro.exe
2016-10-18 01:41 - 2016-10-18 01:48 - 36078489 _____ C:\Users\naveen-standard\Downloads\facebook_v0.0.02.exe
2016-10-18 01:41 - 2016-10-18 01:44 - 03998208 _____ (iWesoft) C:\Users\naveen-standard\Downloads\InstagramDownloader_setup.exe
2016-10-17 22:15 - 2016-07-22 20:28 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2016-10-17 22:15 - 2016-07-22 20:21 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2016-10-17 10:50 - 2016-10-01 01:43 - 00394448 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-10-17 10:50 - 2016-10-01 00:58 - 00346312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2016-10-17 10:50 - 2016-09-30 21:07 - 05548264 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-10-17 10:50 - 2016-09-30 20:50 - 04000488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2016-10-17 10:50 - 2016-09-30 20:50 - 03944680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2016-10-17 10:50 - 2016-09-30 13:25 - 25765376 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-10-17 10:50 - 2016-09-30 11:55 - 02895360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-10-17 10:50 - 2016-09-30 11:55 - 00576000 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-10-17 10:50 - 2016-09-30 11:55 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-10-17 10:50 - 2016-09-30 11:44 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-10-17 10:50 - 2016-09-30 11:42 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-10-17 10:50 - 2016-09-30 11:39 - 06048256 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-10-17 10:50 - 2016-09-30 11:35 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-10-17 10:50 - 2016-09-30 11:17 - 20306944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-10-17 10:50 - 2016-09-30 11:12 - 00498688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-10-17 10:50 - 2016-09-30 11:08 - 02286592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-10-17 10:50 - 2016-09-30 11:03 - 00724992 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-10-17 10:50 - 2016-09-30 11:02 - 00806912 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-10-17 10:50 - 2016-09-30 11:02 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-10-17 10:50 - 2016-09-30 11:01 - 02131456 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-10-17 10:50 - 2016-09-30 11:01 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-10-17 10:50 - 2016-09-30 10:51 - 15257088 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-10-17 10:50 - 2016-09-30 10:47 - 02920960 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-10-17 10:50 - 2016-09-30 10:42 - 04608512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-10-17 10:50 - 2016-09-30 10:35 - 02055680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-10-17 10:50 - 2016-09-30 10:35 - 01544192 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-10-17 10:50 - 2016-09-30 10:35 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2016-10-17 10:50 - 2016-09-30 10:35 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-10-17 10:50 - 2016-09-30 10:33 - 13653504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-10-17 10:50 - 2016-09-30 10:24 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-10-17 10:50 - 2016-09-30 10:16 - 02444288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-10-17 10:50 - 2016-09-30 10:13 - 01312768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-10-17 10:50 - 2016-09-15 21:00 - 00976896 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2016-10-17 10:50 - 2016-09-15 21:00 - 00084480 _____ (Microsoft Corporation) C:\Windows\system32\INETRES.dll
2016-10-17 10:50 - 2016-09-15 20:45 - 00741888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2016-10-17 10:50 - 2016-09-15 20:45 - 00084480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\INETRES.dll
2016-10-17 10:50 - 2016-09-13 02:43 - 00154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-10-17 10:50 - 2016-09-13 02:43 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-10-17 10:50 - 2016-09-13 02:38 - 01465344 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-10-17 10:50 - 2016-09-13 02:38 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-10-17 10:50 - 2016-09-13 02:38 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2016-10-17 10:50 - 2016-09-13 02:38 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\adsmsext.dll
2016-10-17 10:50 - 2016-09-13 02:19 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2016-10-17 10:50 - 2016-09-13 02:19 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adsmsext.dll
2016-10-17 10:50 - 2016-09-13 02:07 - 03218944 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-10-17 10:50 - 2016-09-13 00:38 - 01251328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2016-10-17 10:50 - 2016-09-13 00:13 - 01648128 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2016-10-17 10:50 - 2016-09-13 00:13 - 01180160 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2016-10-17 10:50 - 2016-09-10 21:49 - 03649536 _____ (Microsoft Corporation) C:\Windows\system32\MSVidCtl.dll
2016-10-17 10:50 - 2016-09-10 21:23 - 02291712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSVidCtl.dll
2016-10-17 10:50 - 2016-09-09 23:59 - 00631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2016-10-17 10:50 - 2016-09-09 23:56 - 00706280 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2016-10-17 10:50 - 2016-09-09 23:53 - 01732864 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-10-17 10:50 - 2016-09-09 23:31 - 01314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2016-10-17 10:50 - 2016-09-08 20:25 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2016-10-17 10:50 - 2016-09-08 20:25 - 00106496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dfsc.sys
2016-10-17 10:50 - 2016-08-12 22:32 - 14632960 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2016-10-17 10:50 - 2016-08-12 22:32 - 12574720 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2016-10-17 10:50 - 2016-08-12 22:17 - 12574208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2016-10-17 10:50 - 2016-08-12 22:17 - 11410432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2016-10-17 10:50 - 2016-08-12 21:56 - 00461312 _____ (Microsoft Corporation) C:\Windows\system32\scavengeui.dll
2016-10-17 10:50 - 2016-08-06 21:01 - 02023424 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2016-10-17 10:50 - 2016-08-06 20:45 - 01178112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll
2016-10-17 10:50 - 2016-06-14 22:51 - 00094440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2016-10-17 10:50 - 2016-06-14 22:46 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2016-10-17 10:50 - 2016-06-14 22:46 - 01573888 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2016-10-17 10:50 - 2016-06-14 22:46 - 01483264 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2016-10-17 10:50 - 2016-06-14 22:46 - 01202176 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2016-10-17 10:50 - 2016-06-14 22:46 - 00842240 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2016-10-17 10:50 - 2016-06-14 22:46 - 00782848 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2016-10-17 10:50 - 2016-06-14 22:46 - 00680448 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2016-10-17 10:50 - 2016-06-14 22:46 - 00641024 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2016-10-17 10:50 - 2016-06-14 22:46 - 00499712 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2016-10-17 10:50 - 2016-06-14 22:46 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2016-10-17 10:50 - 2016-06-14 22:46 - 00440320 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2016-10-17 10:50 - 2016-06-14 22:46 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2016-10-17 10:50 - 2016-06-14 22:46 - 00295936 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2016-10-17 10:50 - 2016-06-14 22:46 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2016-10-17 10:50 - 2016-06-14 22:46 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2016-10-17 10:50 - 2016-06-14 22:46 - 00190976 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2016-10-17 10:50 - 2016-06-14 22:46 - 00141824 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2016-10-17 10:50 - 2016-06-14 22:41 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2016-10-17 10:50 - 2016-06-14 20:51 - 03209216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2016-10-17 10:50 - 2016-06-14 20:51 - 01176064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2016-10-17 10:50 - 2016-06-14 20:51 - 00988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll
2016-10-17 10:50 - 2016-06-14 20:51 - 00744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll
2016-10-17 10:50 - 2016-06-14 20:51 - 00617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll
2016-10-17 10:50 - 2016-06-14 20:51 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll
2016-10-17 10:50 - 2016-06-14 20:51 - 00442368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2016-10-17 10:50 - 2016-06-14 20:51 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll
2016-10-17 10:50 - 2016-06-14 20:51 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2016-10-17 10:50 - 2016-06-14 20:51 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2016-10-17 10:50 - 2016-06-14 20:51 - 00106496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2016-10-17 10:49 - 2016-09-30 12:11 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-10-17 10:49 - 2016-09-30 12:10 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-10-17 10:49 - 2016-09-30 11:56 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-10-17 10:49 - 2016-09-30 11:55 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-10-17 10:49 - 2016-09-30 11:55 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-10-17 10:49 - 2016-09-30 11:48 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-10-17 10:49 - 2016-09-30 11:47 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-10-17 10:49 - 2016-09-30 11:43 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-10-17 10:49 - 2016-09-30 11:43 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-10-17 10:49 - 2016-09-30 11:42 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-10-17 10:49 - 2016-09-30 11:32 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-10-17 10:49 - 2016-09-30 11:25 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-10-17 10:49 - 2016-09-30 11:24 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2016-10-17 10:49 - 2016-09-30 11:24 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2016-10-17 10:49 - 2016-09-30 11:21 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-10-17 10:49 - 2016-09-30 11:20 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-10-17 10:49 - 2016-09-30 11:17 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-10-17 10:49 - 2016-09-30 11:16 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-10-17 10:49 - 2016-09-30 11:12 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2016-10-17 10:49 - 2016-09-30 11:12 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2016-10-17 10:49 - 2016-09-30 11:12 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2016-10-17 10:49 - 2016-09-30 11:11 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2016-10-17 10:49 - 2016-09-30 11:06 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2016-10-17 10:49 - 2016-09-30 11:05 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-10-17 10:49 - 2016-09-30 11:05 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2016-10-17 10:49 - 2016-09-30 11:03 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2016-10-17 10:49 - 2016-09-30 11:02 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2016-10-17 10:49 - 2016-09-30 11:02 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2016-10-17 10:49 - 2016-09-30 10:54 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2016-10-17 10:49 - 2016-09-30 10:49 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2016-10-17 10:49 - 2016-09-30 10:49 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2016-10-17 10:49 - 2016-09-30 10:47 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2016-10-17 10:49 - 2016-09-30 10:45 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2016-10-17 10:49 - 2016-09-30 10:44 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2016-10-17 10:49 - 2016-09-30 10:43 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2016-10-17 10:49 - 2016-09-30 10:37 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2016-10-17 10:49 - 2016-09-30 10:12 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-10-17 10:49 - 2016-09-13 02:38 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-10-17 10:49 - 2016-09-13 02:38 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-10-17 10:49 - 2016-09-13 02:38 - 00345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-10-17 10:49 - 2016-09-13 02:38 - 00316416 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-10-17 10:49 - 2016-09-13 02:38 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-10-17 10:49 - 2016-09-13 02:38 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-10-17 10:49 - 2016-09-13 02:38 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2016-10-17 10:49 - 2016-09-13 02:38 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-10-17 10:49 - 2016-09-13 02:38 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-10-17 10:49 - 2016-09-13 02:38 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-10-17 10:49 - 2016-09-13 02:38 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-10-17 10:49 - 2016-09-13 02:38 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-10-17 10:49 - 2016-09-13 02:38 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-10-17 10:49 - 2016-09-13 02:38 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-10-17 10:49 - 2016-09-13 02:38 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-10-17 10:49 - 2016-09-13 02:19 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2016-10-17 10:49 - 2016-09-13 02:19 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2016-10-17 10:49 - 2016-09-13 02:19 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-10-17 10:49 - 2016-09-13 02:19 - 00260608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2016-10-17 10:49 - 2016-09-13 02:19 - 00254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2016-10-17 10:49 - 2016-09-13 02:19 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2016-10-17 10:49 - 2016-09-13 02:19 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2016-10-17 10:49 - 2016-09-13 02:19 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2016-10-17 10:49 - 2016-09-13 02:19 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2016-10-17 10:49 - 2016-09-13 02:19 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2016-10-17 10:49 - 2016-09-13 02:19 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2016-10-17 10:49 - 2016-09-13 02:19 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2016-10-17 10:49 - 2016-09-13 02:19 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2016-10-17 10:49 - 2016-09-13 02:19 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2016-10-17 10:49 - 2016-09-13 02:09 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-10-17 10:49 - 2016-09-13 02:02 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-10-17 10:49 - 2016-09-13 02:02 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-10-17 10:49 - 2016-09-13 02:02 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-10-17 10:49 - 2016-09-13 02:01 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-10-17 10:49 - 2016-09-13 01:59 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2016-10-17 10:49 - 2016-09-13 01:55 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2016-10-17 10:49 - 2016-09-09 23:50 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2016-10-17 10:49 - 2016-09-09 23:50 - 00880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2016-10-17 10:49 - 2016-09-09 23:50 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2016-10-17 10:49 - 2016-09-09 23:50 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2016-10-17 10:49 - 2016-09-09 23:50 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2016-10-17 10:49 - 2016-09-09 23:50 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2016-10-17 10:49 - 2016-09-09 23:50 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2016-10-17 10:49 - 2016-09-09 23:50 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2016-10-17 10:49 - 2016-09-09 23:50 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2016-10-17 10:49 - 2016-09-09 23:50 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2016-10-17 10:49 - 2016-09-09 23:50 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2016-10-17 10:49 - 2016-09-09 23:50 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2016-10-17 10:49 - 2016-09-09 23:50 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2016-10-17 10:49 - 2016-09-09 23:50 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2016-10-17 10:49 - 2016-09-09 23:50 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2016-10-17 10:49 - 2016-09-09 23:50 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2016-10-17 10:49 - 2016-09-09 23:50 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2016-10-17 10:49 - 2016-09-09 23:50 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2016-10-17 10:49 - 2016-09-09 23:50 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2016-10-17 10:49 - 2016-09-09 23:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2016-10-17 10:49 - 2016-09-09 23:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2016-10-17 10:49 - 2016-09-09 23:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2016-10-17 10:49 - 2016-09-09 23:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2016-10-17 10:49 - 2016-09-09 23:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-10-17 10:49 - 2016-09-09 23:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2016-10-17 10:49 - 2016-09-09 23:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2016-10-17 10:49 - 2016-09-09 23:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2016-10-17 10:49 - 2016-09-09 23:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2016-10-17 10:49 - 2016-09-09 23:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2016-10-17 10:49 - 2016-09-09 23:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2016-10-17 10:49 - 2016-09-09 23:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2016-10-17 10:49 - 2016-09-09 23:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2016-10-17 10:49 - 2016-09-09 23:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2016-10-17 10:49 - 2016-09-09 23:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2016-10-17 10:49 - 2016-09-09 23:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2016-10-17 10:49 - 2016-09-09 23:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2016-10-17 10:49 - 2016-09-09 23:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2016-10-17 10:49 - 2016-09-09 23:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2016-10-17 10:49 - 2016-09-09 23:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2016-10-17 10:49 - 2016-09-09 23:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2016-10-17 10:49 - 2016-09-09 23:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2016-10-17 10:49 - 2016-09-09 23:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2016-10-17 10:49 - 2016-09-09 23:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2016-10-17 10:49 - 2016-09-09 23:30 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2016-10-17 10:49 - 2016-09-09 23:30 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2016-10-17 10:49 - 2016-09-09 23:30 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2016-10-17 10:49 - 2016-09-09 23:30 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2016-10-17 10:49 - 2016-09-09 23:29 - 00644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2016-10-17 10:49 - 2016-09-09 23:29 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2016-10-17 10:49 - 2016-09-09 23:29 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2016-10-17 10:49 - 2016-09-09 23:29 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2016-10-17 10:49 - 2016-09-09 23:29 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2016-10-17 10:49 - 2016-09-09 23:29 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2016-10-17 10:49 - 2016-09-09 23:29 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2016-10-17 10:49 - 2016-09-09 23:29 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2016-10-17 10:49 - 2016-09-09 23:29 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2016-10-17 10:49 - 2016-09-09 23:29 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2016-10-17 10:49 - 2016-09-09 23:29 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2016-10-17 10:49 - 2016-09-09 23:29 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2016-10-17 10:49 - 2016-09-09 23:29 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2016-10-17 10:49 - 2016-09-09 23:29 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2016-10-17 10:49 - 2016-09-09 23:29 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2016-10-17 10:49 - 2016-09-09 23:29 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2016-10-17 10:49 - 2016-09-09 23:29 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2016-10-17 10:49 - 2016-09-09 23:29 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-10-17 10:49 - 2016-09-09 23:29 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2016-10-17 10:49 - 2016-09-09 23:29 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2016-10-17 10:49 - 2016-09-09 23:29 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2016-10-17 10:49 - 2016-09-09 23:29 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2016-10-17 10:49 - 2016-09-09 23:29 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2016-10-17 10:49 - 2016-09-09 23:29 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2016-10-17 10:49 - 2016-09-09 23:29 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2016-10-17 10:49 - 2016-09-09 23:29 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2016-10-17 10:49 - 2016-09-09 23:29 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2016-10-17 10:49 - 2016-09-09 23:21 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2016-10-17 10:49 - 2016-09-09 23:21 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2016-10-17 10:49 - 2016-09-09 23:21 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2016-10-17 10:49 - 2016-09-09 23:18 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2016-10-17 10:49 - 2016-09-09 23:17 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2016-10-17 10:49 - 2016-09-09 23:13 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2016-10-17 10:49 - 2016-09-09 23:08 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2016-10-17 10:49 - 2016-09-09 23:08 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2016-10-17 10:49 - 2016-09-09 23:08 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2016-10-17 10:49 - 2016-09-09 23:08 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2016-10-17 10:49 - 2016-09-09 23:07 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2016-10-17 10:49 - 2016-09-09 23:07 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2016-10-17 10:49 - 2016-09-09 23:07 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2016-10-17 10:49 - 2016-09-09 23:07 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2016-10-17 10:49 - 2016-09-09 02:04 - 00263680 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2016-10-17 10:49 - 2016-09-09 02:04 - 00208896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2016-10-17 10:49 - 2016-09-09 02:04 - 00108544 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2016-10-17 10:49 - 2016-09-09 02:04 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
2016-10-17 10:49 - 2016-08-12 22:32 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2016-10-17 10:49 - 2016-08-12 22:32 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2016-10-17 10:49 - 2016-08-12 22:32 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2016-10-17 10:49 - 2016-08-12 22:01 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2016-10-17 10:49 - 2016-08-12 22:01 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2016-10-17 10:49 - 2016-08-12 22:01 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2016-10-17 10:49 - 2016-08-06 21:01 - 00347136 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll
2016-10-17 10:49 - 2016-08-06 21:01 - 00310784 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
2016-10-17 10:49 - 2016-08-06 21:01 - 00182272 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll
2016-10-17 10:49 - 2016-08-06 21:01 - 00054272 _____ (Microsoft Corporation) C:\Windows\system32\WsmRes.dll
2016-10-17 10:49 - 2016-08-06 21:01 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\wsmplpxy.dll
2016-10-17 10:49 - 2016-08-06 20:45 - 00249344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManMigrationPlugin.dll
2016-10-17 10:49 - 2016-08-06 20:45 - 00214016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll
2016-10-17 10:49 - 2016-08-06 20:45 - 00146944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAuto.dll
2016-10-17 10:49 - 2016-08-06 20:45 - 00054272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmRes.dll
2016-10-17 10:49 - 2016-08-06 20:31 - 00266752 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe
2016-10-17 10:49 - 2016-08-06 20:31 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\wsmprovhost.exe
2016-10-17 10:49 - 2016-08-06 20:23 - 00199168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManHTTPConfig.exe
2016-10-17 10:49 - 2016-08-06 20:23 - 00012288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wsmprovhost.exe
2016-10-17 10:49 - 2016-08-06 20:23 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wsmplpxy.dll
2016-10-17 10:49 - 2016-06-14 22:46 - 01068544 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2016-10-17 10:49 - 2016-06-14 22:46 - 00632320 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2016-10-17 10:49 - 2016-06-14 22:46 - 00433152 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2016-10-17 10:49 - 2016-06-14 22:46 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2016-10-17 10:49 - 2016-06-14 22:46 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2016-10-17 10:49 - 2016-06-14 22:46 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2016-10-17 10:49 - 2016-06-14 22:46 - 00081920 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
2016-10-17 10:49 - 2016-06-14 22:46 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\pcadm.dll
2016-10-17 10:49 - 2016-06-14 22:46 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2016-10-17 10:49 - 2016-06-14 22:46 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\pcaevts.dll
2016-10-17 10:49 - 2016-06-14 22:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2016-10-17 10:49 - 2016-06-14 20:51 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2016-10-17 10:49 - 2016-06-14 20:51 - 01005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll
2016-10-17 10:49 - 2016-06-14 20:51 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2016-10-17 10:49 - 2016-06-14 20:51 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2016-10-17 10:49 - 2016-06-14 20:51 - 00406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll
2016-10-17 10:49 - 2016-06-14 20:51 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2016-10-17 10:49 - 2016-06-14 20:51 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2016-10-17 10:49 - 2016-06-14 20:51 - 00195072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2016-10-17 10:49 - 2016-06-14 20:51 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2016-10-17 10:49 - 2016-06-14 20:51 - 00080896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll
2016-10-17 10:49 - 2016-06-14 20:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2016-10-17 10:49 - 2016-06-14 20:45 - 00125952 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2016-10-17 10:49 - 2016-06-14 20:45 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2016-10-17 10:49 - 2016-06-14 20:45 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2016-10-17 10:49 - 2016-06-14 20:35 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2016-10-17 10:49 - 2016-06-14 20:35 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2016-10-17 10:49 - 2016-06-14 20:30 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\pcawrk.exe
2016-10-17 10:49 - 2016-06-14 20:30 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\pcalua.exe
2016-10-17 10:39 - 2016-10-17 10:39 - 00000000 __SHD C:\$360Section
2016-10-16 00:26 - 2016-10-16 00:26 - 00000000 ____D C:\Users\naveen-standard\Documents\Telltale Games
2016-10-16 00:26 - 2016-10-16 00:26 - 00000000 ____D C:\Users\naveen-standard\AppData\Roaming\Steam
2016-10-16 00:24 - 2016-10-17 10:39 - 00000000 ____D C:\ProgramData\360Quarant
2016-10-16 00:02 - 2016-10-16 00:02 - 00000741 _____ C:\Users\ADMIN\Desktop\Batman Episode 1.lnk
2016-10-16 00:02 - 2016-10-16 00:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Batman Episode 1
2016-10-15 20:51 - 2016-10-15 20:55 - 00000000 ____D C:\Users\naveen-standard\AppData\Roaming\BatteryCare
2016-10-15 20:51 - 2016-10-15 20:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BatteryCare
2016-10-15 20:51 - 2016-10-15 20:55 - 00000000 ____D C:\Program Files (x86)\BatteryCare
2016-10-15 06:10 - 2016-10-15 06:10 - 00346112 _____ C:\Users\naveen-standard\Downloads\Unlocker x64 1.9.2.msi
2016-10-15 06:10 - 2016-10-15 06:10 - 00001845 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Unlocker.lnk
2016-10-15 06:10 - 2016-10-15 06:10 - 00000000 ____D C:\Program Files\Unlocker
2016-10-13 21:01 - 2016-10-13 21:01 - 00000000 ____D C:\Windows\WPDeviceManager
2016-10-13 20:59 - 2016-10-13 20:59 - 00000000 ____D C:\Users\naveen-standard\AppData\Local\Downloaded Installations
2016-10-12 22:11 - 2000-07-03 16:05 - 00048584 _____ C:\Users\naveen-standard\Downloads\Beast Machines.TTF
2016-10-12 22:10 - 2016-10-12 22:10 - 00036329 _____ C:\Users\naveen-standard\Downloads\Beast Machines Normal.ttf
2016-10-12 02:56 - 2016-10-12 02:56 - 00000000 ____D C:\Users\ADMIN\AppData\Roaming\Seagate
2016-10-12 02:50 - 2016-10-12 02:56 - 00000000 ____D C:\ProgramData\Seagate
2016-10-12 02:50 - 2016-10-12 02:50 - 01058632 _____ (Acronis International GmbH) C:\Windows\system32\Drivers\tib.sys
2016-10-12 02:50 - 2016-10-12 02:50 - 00304416 _____ (Acronis International GmbH) C:\Windows\system32\Drivers\snapman.sys
2016-10-12 02:50 - 2016-10-12 02:50 - 00296736 _____ (Acronis International GmbH) C:\Windows\system32\Drivers\file_tracker.sys
2016-10-12 02:50 - 2016-10-12 02:50 - 00248648 _____ (Acronis International GmbH) C:\Windows\system32\Drivers\tib_mounter.sys
2016-10-12 02:50 - 2016-10-12 02:50 - 00134432 _____ (Acronis International GmbH) C:\Windows\system32\Drivers\fltsrv.sys
2016-10-12 02:50 - 2016-10-12 02:50 - 00001201 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Seagate DiscWizard.lnk
2016-10-12 02:49 - 2016-10-12 02:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Seagate
2016-10-12 02:49 - 2016-10-12 02:49 - 00000000 ____D C:\Program Files (x86)\Seagate
2016-10-12 02:35 - 2016-10-12 02:47 - 287919712 _____ (Seagate) C:\Users\naveen-standard\Downloads\DiscWizardSetup-1806030.en.exe
2016-10-12 02:23 - 2016-10-12 02:23 - 00000000 ____D C:\Users\ADMIN\AppData\Local\Clarus
2016-10-12 02:19 - 2016-10-29 18:50 - 00000000 ____D C:\Program Files (x86)\seagate Drive Manager
2016-10-12 02:12 - 2016-10-12 02:12 - 00900704 _____ (Seagate Technology) C:\Users\naveen-standard\Downloads\drivedetect.exe
2016-10-11 21:09 - 2016-10-11 21:16 - 00000000 ____D C:\Users\naveen-standard\AppData\Local\Stormrise
2016-10-11 20:52 - 2009-03-06 01:30 - 00111880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\GameuxInstallHelper.dll
2016-10-11 20:51 - 2016-10-11 20:51 - 00000000 ____D C:\Windows\SysWOW64\xlive
2016-10-11 20:51 - 2016-10-11 20:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games for Windows - LIVE
2016-10-11 20:51 - 2016-10-11 20:51 - 00000000 ____D C:\Program Files (x86)\Microsoft Games for Windows - LIVE
2016-10-11 01:31 - 2016-10-27 13:51 - 00000000 ____D C:\Users\naveen-standard\Desktop\bd rescue
2016-10-09 21:45 - 2016-10-09 21:45 - 00000000 ____D C:\Users\naveen-standard\AppData\Local\Foxit Reader
2016-10-08 21:44 - 2016-10-08 21:44 - 01976995 _____ C:\Users\naveen-standard\Downloads\sherlock.epub
2016-10-08 00:55 - 2016-10-14 01:59 - 00000000 ____D C:\Users\naveen-standard\Documents\My Kindle Content
2016-10-08 00:55 - 2016-10-08 00:55 - 00000000 ____D C:\Users\naveen-standard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon
2016-10-08 00:55 - 2016-10-08 00:55 - 00000000 ____D C:\Users\naveen-standard\AppData\Local\Amazon
2016-10-08 00:54 - 2016-10-08 00:55 - 00000000 ____D C:\Program Files (x86)\Amazon
2016-10-08 00:38 - 2016-10-08 00:41 - 66693792 _____ (Amazon.com) C:\Users\naveen-standard\Downloads\KindleForPC-installer-1.17.44183.exe
2016-10-06 16:33 - 2016-11-03 15:45 - 00000000 ____D C:\Users\naveen-standard\AppData\Roaming\360Safe
2016-10-05 23:44 - 2016-10-05 23:48 - 45407816 _____ (abylonsoft ) C:\Users\naveen-standard\Downloads\wlanscanner_bdj-October2016.exe
2016-10-05 19:35 - 2016-10-05 19:38 - 48419896 _____ (Grammarly) C:\Users\naveen-standard\Downloads\GrammarlySetup.exe
2016-10-05 17:09 - 2016-10-05 17:09 - 00000000 ____D C:\Windows\Tasks\360Disabled
2016-10-05 17:08 - 2016-10-24 12:03 - 00000000 ____D C:\Users\ADMIN\AppData\LocalLow\360WD
2016-10-05 17:08 - 2016-10-05 17:08 - 00000000 ____D C:\Users\ADMIN\AppData\Roaming\360TotalSecurity
2016-10-05 16:39 - 2016-11-03 20:08 - 00000000 ____D C:\Users\naveen-standard\AppData\LocalLow\360WD
2016-10-05 16:39 - 2016-10-17 10:40 - 00000000 ____D C:\ProgramData\360safe
2016-10-05 16:39 - 2016-10-15 23:56 - 00000000 ____D C:\ProgramData\360TotalSecurity
2016-10-05 16:39 - 2016-10-05 16:39 - 00000000 ____D C:\Users\naveen-standard\AppData\Roaming\360TotalSecurity
2016-10-05 16:39 - 2016-09-28 12:22 - 00391392 _____ (360.cn) C:\Windows\system32\Drivers\360fsflt.sys
2016-10-05 16:39 - 2016-09-28 12:22 - 00086248 _____ (360.cn) C:\Windows\SysWOW64\Drivers\360AvFlt.sys
2016-10-05 16:27 - 2016-10-05 16:27 - 00000000 ____D C:\Users\ADMIN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Cyberfox
2016-10-05 16:24 - 2016-10-05 16:26 - 50598144 _____ (8pecxstudios ) C:\Users\naveen-standard\Downloads\Cyberfox-49.0.en-US.win64-x86_64.intel.exe
2016-10-05 14:55 - 2016-10-05 14:57 - 12888496 _____ C:\Users\naveen-standard\Downloads\360vpn_setup_1.1.0.1046.exe
2016-10-05 13:53 - 2016-10-27 04:08 - 00000000 _RSHD C:\360SANDBOX
2016-10-05 13:53 - 2016-10-06 02:36 - 00000000 ____D C:\Users\ADMIN\AppData\Roaming\360safe
2016-10-05 13:53 - 2016-10-05 16:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\360 Security Center
2016-10-05 13:53 - 2016-10-05 13:53 - 00000000 ____D C:\Program Files (x86)\360
2016-10-05 13:53 - 2016-09-28 12:22 - 00330472 _____ (360.cn) C:\Windows\system32\Drivers\360Box64.sys
2016-10-05 13:53 - 2016-09-28 12:22 - 00188864 _____ (360.cn) C:\Windows\system32\Drivers\BAPIDRV64.SYS
2016-10-05 13:53 - 2016-09-28 12:22 - 00151784 _____ (360.cn) C:\Windows\system32\Drivers\360AntiHacker64.sys
2016-10-05 13:53 - 2016-09-28 12:22 - 00086248 _____ (360.cn) C:\Windows\system32\Drivers\360AvFlt.sys
2016-10-05 13:53 - 2016-09-28 12:22 - 00040520 _____ (360.cn) C:\Windows\system32\Drivers\360Camera64.sys
2016-10-05 12:08 - 2016-10-05 12:10 - 44877744 _____ C:\Users\naveen-standard\Downloads\360TS_Setup_8.8.0.1080.exe
2016-10-05 00:37 - 2016-10-23 21:12 - 00228800 _____ (Malwarebytes) C:\Windows\system32\Drivers\MB3SwissArmy.sys
2016-10-04 23:26 - 2016-08-12 21:56 - 00464896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2016-10-04 23:26 - 2016-08-12 21:56 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2016-10-04 23:26 - 2016-08-12 21:56 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2016-10-04 23:26 - 2016-08-05 21:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2016-10-04 23:26 - 2016-08-05 20:43 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2016-10-04 23:25 - 2016-08-16 23:06 - 01009152 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll
2016-10-04 23:25 - 2016-08-16 08:18 - 00833024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll
2016-10-04 23:25 - 2016-08-06 21:01 - 00877056 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2016-10-04 23:25 - 2016-08-06 20:45 - 00581632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-11-03 20:08 - 2009-07-14 10:15 - 00032064 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-11-03 20:08 - 2009-07-14 10:15 - 00032064 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-11-03 20:05 - 2016-08-24 14:33 - 00003970 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{E0DDFC79-967A-4453-B98B-C1847CB993FB}
2016-11-03 20:03 - 2016-09-04 19:21 - 00000000 ____D C:\ProgramData\Malwarebytes Anti-Exploit
2016-11-03 20:03 - 2016-09-03 17:32 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-11-03 20:00 - 2016-08-23 19:38 - 00000000 ____D C:\Program Files\Emsisoft Internet Security
2016-11-03 20:00 - 2016-08-23 19:19 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-11-03 19:59 - 2009-07-14 10:38 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-11-03 19:58 - 2016-08-24 16:06 - 00000000 ____D C:\Users\naveen-standard\AppData\Roaming\DMCache
2016-11-03 19:43 - 2016-08-23 19:19 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-11-03 18:38 - 2009-07-14 08:50 - 00000000 ____D C:\Windows\system32\NDF
2016-11-03 18:18 - 2016-08-28 19:56 - 00000000 ____D C:\Users\naveen-standard\AppData\Roaming\SoftGrid Client
2016-11-03 11:56 - 2016-08-25 06:12 - 00000000 ____D C:\Users\naveen-standard\AppData\Local\Adobe
2016-11-02 23:33 - 2016-08-24 14:14 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-11-02 14:44 - 2016-09-03 16:35 - 00000000 ____D C:\Users\naveen-standard\AppData\Local\CrashDumps
2016-11-02 14:41 - 2016-09-08 19:31 - 01055674 _____ C:\Windows\ntbtlog.txt
2016-11-01 14:55 - 2016-08-24 14:33 - 00000000 ____D C:\Users\naveen-standard\AppData\Local\Google
2016-10-31 18:40 - 2016-09-03 16:22 - 00003242 _____ C:\Windows\System32\Tasks\HPCeeScheduleFornaveen-standard
2016-10-31 18:40 - 2016-09-03 16:22 - 00000372 _____ C:\Windows\Tasks\HPCeeScheduleFornaveen-standard.job
2016-10-31 13:38 - 2009-07-14 08:50 - 00000000 ____D C:\Windows\Web
2016-10-31 12:26 - 2016-08-24 14:14 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-10-30 00:17 - 2016-08-24 14:33 - 00000000 ____D C:\Users\naveen-standard
2016-10-29 18:49 - 2016-09-02 17:22 - 00000000 ____D C:\Program Files\CyberGhost 6
2016-10-29 16:28 - 2009-07-14 08:50 - 00000000 ____D C:\Windows\rescache
2016-10-29 15:39 - 2016-09-04 19:35 - 00000000 ____D C:\Program Files (x86)\MalwarebytesAnti-Exploit
2016-10-29 15:39 - 2016-09-04 19:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Exploit
2016-10-28 23:50 - 2009-07-14 10:43 - 00782228 _____ C:\Windows\system32\PerfStringBackup.INI
2016-10-28 23:50 - 2009-07-14 08:50 - 00000000 ____D C:\Windows\inf
2016-10-28 21:26 - 2016-09-03 17:32 - 00000000 ____D C:\Windows\system32\Macromed
2016-10-28 15:14 - 2016-09-17 22:46 - 00000000 ____D C:\Users\naveen-standard\AppData\Roaming\Foxit Software
2016-10-27 21:09 - 2016-09-04 19:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2016-10-27 21:09 - 2016-08-25 10:59 - 00000000 ____D C:\Users\naveen-standard\AppData\Roaming\IrfanView
2016-10-27 21:09 - 2016-08-24 16:01 - 00000000 ____D C:\Program Files (x86)\IDM
2016-10-27 21:09 - 2012-03-14 07:05 - 00000000 ____D C:\ProgramData\Intel
2016-10-27 21:09 - 2009-07-14 08:50 - 00000000 ____D C:\Windows\registration
2016-10-27 13:51 - 2016-09-02 17:32 - 00000000 ____D C:\Users\naveen-standard\Desktop\desktopp
2016-10-27 11:55 - 2016-09-17 22:46 - 00000000 ____D C:\ProgramData\Foxit Software
2016-10-27 11:54 - 2016-09-17 22:45 - 00000000 ____D C:\Program Files (x86)\FoxitReader
2016-10-27 11:29 - 2016-08-23 19:20 - 00002195 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-10-27 11:20 - 2016-09-10 02:04 - 00000000 ____D C:\Users\naveen-standard\AppData\Roaming\Skype
2016-10-27 11:18 - 2011-11-09 23:03 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2016-10-27 11:14 - 2016-09-10 23:25 - 00000000 ___RD C:\Program Files (x86)\Skype
2016-10-27 11:14 - 2011-11-09 23:14 - 00000000 ____D C:\ProgramData\Skype
2016-10-27 11:00 - 2009-07-14 11:02 - 00000000 ____D C:\Program Files\Windows Sidebar
2016-10-27 10:09 - 2016-08-24 16:06 - 00000000 ____D C:\Users\naveen-standard\Downloads\Video
2016-10-27 09:03 - 2016-09-03 17:32 - 00796352 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-10-27 09:03 - 2016-09-03 17:32 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-10-27 09:03 - 2011-11-09 23:03 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-10-27 07:48 - 2016-08-23 18:12 - 00000000 ____D C:\Users\ADMIN
2016-10-25 21:17 - 2016-08-28 18:20 - 00000000 ____D C:\Users\ADMIN\AppData\Local\CrashDumps
2016-10-25 03:15 - 2016-09-17 22:46 - 00000000 ____D C:\Users\ADMIN\AppData\Roaming\Foxit Software
2016-10-23 23:27 - 2009-07-14 10:15 - 00000000 ____D C:\Windows\Setup
2016-10-21 06:51 - 2016-09-01 22:01 - 00000000 ____D C:\Users\naveen-standard\AppData\Roaming\Yahoo Messenger
2016-10-20 06:22 - 2016-08-25 00:48 - 00000000 ____D C:\Program Files\PotPlayer
2016-10-18 01:54 - 2016-08-24 14:54 - 00000000 ____D C:\Program Files (x86)\LastPass
2016-10-17 22:08 - 2009-07-14 10:27 - 00001547 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2016-10-17 21:39 - 2009-07-14 10:15 - 00274712 _____ C:\Windows\system32\FNTCACHE.DAT
2016-10-17 12:38 - 2009-07-14 08:50 - 00000000 ____D C:\Windows\SysWOW64\Dism
2016-10-17 12:38 - 2009-07-14 08:50 - 00000000 ____D C:\Windows\system32\Dism
2016-10-17 11:08 - 2016-08-26 14:52 - 00000000 ____D C:\Windows\system32\MRT
2016-10-17 10:52 - 2016-08-26 14:52 - 143495576 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-10-17 10:52 - 2016-08-25 05:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2016-10-17 10:51 - 2016-08-25 05:17 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2016-10-17 10:51 - 2016-08-25 05:17 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2016-10-17 06:26 - 2012-03-14 06:51 - 00000000 ____D C:\ProgramData\Temp
2016-10-17 06:24 - 2016-08-23 19:19 - 00003904 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-10-17 06:24 - 2016-08-23 19:19 - 00003652 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2016-10-17 06:23 - 2016-08-23 18:13 - 00003762 _____ C:\Windows\System32\Tasks\Registration
2016-10-16 00:01 - 2016-09-14 02:23 - 00000000 ____D C:\games
2016-10-12 02:47 - 2016-08-23 18:15 - 00059648 _____ C:\Users\ADMIN\AppData\Local\GDIPFONTCACHEV1.DAT
2016-10-12 02:30 - 2016-08-24 14:34 - 00059648 _____ C:\Users\naveen-standard\AppData\Local\GDIPFONTCACHEV1.DAT
2016-10-12 02:20 - 2011-11-09 23:23 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2016-10-12 01:24 - 2009-07-14 08:50 - 00000000 __RHD C:\Users\Public\Libraries
2016-10-11 23:12 - 2016-09-03 17:31 - 00000000 ____D C:\Users\ADMIN\AppData\Local\Adobe
2016-10-11 20:55 - 2009-07-14 11:02 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2016-10-08 00:55 - 2016-09-03 00:45 - 00000184 _____ C:\Windows\wininit.ini
2016-10-05 16:27 - 2016-08-26 03:02 - 00000000 ____D C:\Program Files\Cyberfox
2016-10-05 02:27 - 2016-09-04 19:13 - 00091072 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys

==================== Files in the root of some directories =======

2016-08-24 14:55 - 2016-08-24 14:55 - 21874200 _____ (LastPass) C:\Program Files (x86)\Common Files\lpuninstall.exe

Some files in TEMP:
====================
C:\Users\naveen-standard\AppData\Local\Temp\Extract.exe
C:\Users\naveen-standard\AppData\Local\Temp\SkypeSetup.exe
C:\Users\naveen-standard\AppData\Local\Temp\SP56665.exe
C:\Users\naveen-standard\AppData\Local\Temp\SP56878.exe
C:\Users\naveen-standard\AppData\Local\Temp\SP56929.exe
C:\Users\naveen-standard\AppData\Local\Temp\SP57232.exe
C:\Users\naveen-standard\AppData\Local\Temp\SP57398.exe
C:\Users\naveen-standard\AppData\Local\Temp\SP60051.exe


==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

==================== BCD ================================

Windows Boot Manager
--------------------
identifier {bootmgr}
device partition=\Device\HarddiskVolume1
description Windows Boot Manager
locale en-US
inherit {globalsettings}
extendedinput Yes
default {current}
resumeobject {81ed0b01-699f-11e6-b9eb-9639ee485b9d}
displayorder {current}
toolsdisplayorder {memdiag}
timeout 30
customactions 0x1000085000001
0x5400000f
custom:5400000f {81ed0b05-699f-11e6-b9eb-9639ee485b9d}

Windows Boot Loader
-------------------
identifier {current}
device partition=C:
path \Windows\system32\winload.exe
description Windows 7
locale en-US
inherit {bootloadersettings}
recoverysequence {81ed0b05-699f-11e6-b9eb-9639ee485b9d}
recoveryenabled Yes
osdevice partition=C:
systemroot \Windows
resumeobject {81ed0b01-699f-11e6-b9eb-9639ee485b9d}
nx OptIn
detecthal Yes

Windows Boot Loader
-------------------
identifier {81ed0b05-699f-11e6-b9eb-9639ee485b9d}
device ramdisk=[D:]\Recovery\WindowsRE\Winre.wim,{81ed0b06-699f-11e6-b9eb-9639ee485b9d}
path \windows\system32\winload.exe
description Windows Recovery Environment
inherit {bootloadersettings}
osdevice ramdisk=[D:]\Recovery\WindowsRE\Winre.wim,{81ed0b06-699f-11e6-b9eb-9639ee485b9d}
systemroot \windows
nx OptIn
winpe Yes

Resume from Hibernate
---------------------
identifier {81ed0b01-699f-11e6-b9eb-9639ee485b9d}
device partition=C:
path \Windows\system32\winresume.exe
description Windows Resume Application
locale en-US
inherit {resumeloadersettings}
filedevice partition=C:
filepath \hiberfil.sys
debugoptionenabled No

Windows Memory Tester
---------------------
identifier {memdiag}
device partition=\Device\HarddiskVolume1
path \boot\memtest.exe
description Windows Memory Diagnostic
locale en-US
inherit {globalsettings}
badmemoryaccess Yes

EMS Settings
------------
identifier {emssettings}
bootems Yes

Debugger Settings
-----------------
identifier {dbgsettings}
debugtype Serial
debugport 1
baudrate 115200

RAM Defects
-----------
identifier {badmemory}

Global Settings
---------------
identifier {globalsettings}
inherit {dbgsettings}
{emssettings}
{badmemory}

Boot Loader Settings
--------------------
identifier {bootloadersettings}
inherit {globalsettings}
{hypervisorsettings}

Hypervisor Settings
-------------------
identifier {hypervisorsettings}
hypervisordebugtype Serial
hypervisordebugport 1
hypervisorbaudrate 115200

Resume Loader Settings
----------------------
identifier {resumeloadersettings}
inherit {globalsettings}

Device options
--------------
identifier {81ed0b06-699f-11e6-b9eb-9639ee485b9d}
description Ramdisk Options
ramdisksdidevice partition=D:
ramdisksdipath \Recovery\WindowsRE\boot.sdi



LastRegBack: 2016-10-25 00:51

==================== End of FRST.txt ============================

please find attached the Attached File  Addition.txt   47.57KB   6 downloads

Edit: removed code tags

Edited by Jo*, 04 November 2016 - 10:26 AM.


Become a BleepingComputer fan on Facebook
Have you seen.....Select Real Security

BC AdBot (Login to Remove)

 


#2 Jo*

Jo*

  • Malware Response Team
  • 3,330 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:10:23 AM

Posted 04 November 2016 - 11:04 AM

:welcome: to BleepingComputer.

Hi there,

my name is Jo and I will help you with your computer problems.


Please follow these guidelines:
  • Read and follow the instructions in the sequence they are posted.
  • print or copy & save instructions.
  • back up all your private data / music / important files on another (external) drive before using our tools.
  • Do not install / uninstall any applications, unless otherwise instructed.
  • Use only that tools you have been instructed to use.
  • Copy and Paste the log files inside your post, unless otherwise instructed.
  • Ask for clarification, if you have any questions.
  • Stay with this topic til you get the all clean post.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

***


:step1: Download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
    Vista / Windows 7/8 users right-click and select Run As Administrator.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

***


:step2: Please download Malwarebytes Anti-Rootkit and save it to your desktop.
  • Be sure to print out and follow the instructions provided on that same page.
  • Caution: This is a beta version so please be sure to read the disclaimer and back up all your data before using.
  • Double click on downloaded file. OK self extracting prompt.
  • MBAR will start. Click in the introduction screen "next" to continue.
  • Click in the following screen "Update" to obtain the latest malware definitions.
  • Once the update is complete select "Next" and click "Scan".
With some infections, you may see two messages boxes.
  • 'Could not load protection driver'. Click 'OK'.
  • 'Could not load DDA driver'. Click 'Yes' to this message, to allow the driver to load after a restart. Allow the computer to restart. Continue with the rest of these instructions.
  • If malware is found - do not press the Clean up button, please go to the MBAR folder and then copy/paste the contents of the MBAR-log-***.txt file to your next reply.
  • If there is no malware found, please let me know as well.

***


:step3: Please download AdwCleaner by Xplode and save to your Desktop.
Double-click AdwCleaner.exe
Vista / Windows 7/8/10 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
    The actual line should say "Pending. Please uncheck elements you do not want to remove" => scan is complete.
  • After the scan has finished, click on the Logfile button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it.
    If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

***


Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#3 anniyan

anniyan
  • Topic Starter

  • Members
  • 222 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Under your bed, mwahahahahaha!
  • Local time:01:53 PM

Posted 05 November 2016 - 02:23 AM

firstly, thanks a ton for the quick response.

i had emsisoft internet security trial version, which stopped running after the trial date was over. but i forgot to uninstall it, because anyway it stopped running.

i ran these tools in normal boot mode with all security software enabled by default. i did not remove anything detected by any tool, i just ran the scan and copy-pasted the logs here.

i did not connect my (3 x 1TB) external HDD's during the scan. i dont know how to clean them up, because i dont want my laptop to get re-infected again when i connect them to my laptop. please advise on this.

before seeking help here, i had created rescue USB disks with bitdefender iso and kaspersky iso downloaded from their official websites but the bitdefender one froze at the "welcome to grub!" message and the kaspersky one displayed some kind of error message and wont boot into. i doubt some kind of boot sector infection, but i am not sure.

MBAR did not pick up any rootkits. could this be a zero-day infection?


LOGS:

Results of screen317's Security Check version 1.014 --- 12/23/15
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Windows Security Center service is not running! This report may not be accurate!
Windows Firewall Enabled!
Emsisoft Internet Security
360 Total Security
Antivirus out of date! (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
Secunia PSI (3.0.0.11005)
Adobe Flash Player 23.0.0.205
Google Chrome (53.0.2785.143)
Google Chrome (54.0.2840.71)
Google Chrome (SetupMetrics...)
````````Process Check: objlist.exe by Laurent````````
MalwarebytesAnti-Exploit mbae-svc.exe
MalwarebytesAnti-Exploit mbae64.exe
MalwarebytesAnti-Exploit mbae.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 9%
````````````````````End of Log``````````````````````









Malwarebytes Anti-Rootkit BETA 1.9.3.1001
www.malwarebytes.org

Database version:
main: v2016.11.05.03
rootkit: v2016.10.31.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.18499
ADMIN :: HP-DV6TQE [administrator]

05-11-2016 11:27:49
mbar-log-2016-11-05 (11-27-49).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 382186
Time elapsed: 47 minute(s), 7 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)











---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.09.3.1001

© Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 11.0.9600.18499

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, E:\ DRIVE_FIXED, Q:\ DRIVE_FIXED
CPU speed: 2.195000 GHz
Memory total: 8534990848, free: 5484883968

Downloaded database version: v2016.11.04.09
Downloaded database version: v2016.11.04.10
Downloaded database version: v2016.11.04.11
Downloaded database version: v2016.11.04.12
Downloaded database version: v2016.11.04.13
Downloaded database version: v2016.11.04.14
Downloaded database version: v2016.11.04.15
Downloaded database version: v2016.11.04.16
Downloaded database version: v2016.11.05.01
Downloaded database version: v2016.11.05.02
Downloaded database version: v2016.11.05.03
=======================================
Initializing...
Driver version: 0.3.0.4
------------ Kernel report ------------
11/05/2016 11:27:37
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\drivers\compbatt.sys
\SystemRoot\system32\drivers\BATTC.SYS
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\DRIVERS\iaStor.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\msahci.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\system32\DRIVERS\file_tracker.sys
\SystemRoot\system32\drivers\MB3SwissArmy.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\system32\DRIVERS\snapman.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\system32\DRIVERS\hpdskflt.sys
\SystemRoot\system32\DRIVERS\fltsrv.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\??\C:\PROGRAM FILES\EMSISOFT INTERNET SECURITY\epp.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\SystemRoot\system32\DRIVERS\360Box64.sys
\SystemRoot\system32\DRIVERS\360FsFlt.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\fwndislwf64.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\termdd.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\drivers\mssmbios.sys
\??\C:\Program Files\Emsisoft Internet Security\fwwfp764.sys
\??\C:\Program Files (x86)\MalwarebytesAnti-Exploit\mbae64.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\System32\Drivers\360Camera64.sys
\SystemRoot\system32\drivers\blbdrive.sys
\SystemRoot\system32\DRIVERS\BAPIDRV64.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\atikmpag.sys
\SystemRoot\system32\DRIVERS\atikmdag.sys
\SystemRoot\system32\DRIVERS\igdpmd64.sys
\SystemRoot\System32\Drivers\fastfat.SYS
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\DRIVERS\HECIx64.sys
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\drivers\HDAudBus.sys
\SystemRoot\system32\DRIVERS\Rt64win7.sys
\SystemRoot\system32\DRIVERS\rtl8192Ce.sys
\SystemRoot\system32\DRIVERS\vwifibus.sys
\SystemRoot\system32\DRIVERS\RtsPStor.sys
\SystemRoot\system32\DRIVERS\sdbus.sys
\SystemRoot\system32\DRIVERS\FLxHCIc.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\drivers\kbdclass.sys
\SystemRoot\system32\DRIVERS\SynTP.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\drivers\CmBatt.sys
\SystemRoot\system32\DRIVERS\Accelerometer.sys
\SystemRoot\system32\drivers\wmiacpi.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\tib_mounter.sys
\SystemRoot\system32\drivers\CompositeBus.sys
\SystemRoot\system32\DRIVERS\clwvd.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\drivers\swenum.sys
\SystemRoot\system32\DRIVERS\ew_jubusenum.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\DRIVERS\stwrt64.sys
\SystemRoot\system32\DRIVERS\portcls.sys
\SystemRoot\system32\DRIVERS\drmk.sys
\SystemRoot\system32\DRIVERS\IntcDAud.sys
\SystemRoot\system32\DRIVERS\FLxHCIh.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_iaStor.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\system32\DRIVERS\WinUSB.sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\System32\Drivers\usbvideo.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\drivers\luafv.sys
\??\C:\Windows\system32\drivers\mbam.sys
\SystemRoot\system32\DRIVERS\tib.sys
\SystemRoot\system32\DRIVERS\Sftvollh.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\DRIVERS\vwifimp.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\DRIVERS\idmwfp.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\system32\DRIVERS\Sftfslh.sys
\SystemRoot\system32\DRIVERS\Sftplaylh.sys
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\DRIVERS\Sftredirlh.sys
\SystemRoot\System32\Drivers\360AntiHacker64.sys
\SystemRoot\system32\DRIVERS\360AvFlt.sys
\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\autochk.exe
\Windows\System32\user32.dll
\Windows\System32\normaliz.dll
\Windows\System32\lpk.dll
\Windows\System32\wininet.dll
\Windows\System32\psapi.dll
\Windows\System32\setupapi.dll
\Windows\System32\msctf.dll
\Windows\System32\msvcrt.dll
\Windows\System32\comdlg32.dll
\Windows\System32\imagehlp.dll
\Windows\System32\Wldap32.dll
\Windows\System32\oleaut32.dll
\Windows\System32\ole32.dll
\Windows\System32\advapi32.dll
\Windows\System32\kernel32.dll
\Windows\System32\usp10.dll
\Windows\System32\sechost.dll
\Windows\System32\urlmon.dll
\Windows\System32\shlwapi.dll
\Windows\System32\rpcrt4.dll
\Windows\System32\nsi.dll
\Windows\System32\shell32.dll
\Windows\System32\difxapi.dll
\Windows\System32\imm32.dll
\Windows\System32\gdi32.dll
\Windows\System32\iertutil.dll
\Windows\System32\clbcatq.dll
\Windows\System32\ws2_32.dll
\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
\Windows\System32\userenv.dll
\Windows\System32\comctl32.dll
\Windows\System32\wintrust.dll
\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
\Windows\System32\cfgmgr32.dll
\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
\Windows\System32\KernelBase.dll
\Windows\System32\devobj.dll
\Windows\System32\crypt32.dll
\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
\Windows\System32\profapi.dll
\Windows\System32\msasn1.dll
\Windows\SysWOW64\normaliz.dll
----------- End -----------
Done!

Scan started
Database versions:
main: v2016.11.05.03
rootkit: v2016.10.31.01

<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa8008514790, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa80085142c0, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8008514790, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa800841eb10, DeviceName: Unknown, DriverName: \Driver\hpdskflt\
DevicePointer: 0xfffffa8008248050, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
Done!
Drive 0
This is a System drive
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: F1C8D2A2

Partition information:

Partition 0 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 2048 Numsec = 407552
Partition is bootable
Partition file system is NTFS

Partition 1 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 409600 Numsec = 1900058624
Partition is bootable
Partition file system is NTFS

Partition 2 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 1900468224 Numsec = 44734464
Partition is bootable
Partition file system is NTFS

Partition 3 type is Other (0xc)
Partition is NOT ACTIVE.
Partition starts at LBA: 1945202688 Numsec = 8318976
Partition is not bootable
Partition file system is FAT32

Disk Size: 1000204886016 bytes
Sector size: 512 bytes

Done!
Scan finished
=======================================


Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-0-2048-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-1-409600-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-2-1900468224-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-3-1945202688-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
Removal finished





# AdwCleaner v6.030 - Logfile created 05/11/2016 at 11:23:10
# Updated on 19/10/2016 by Malwarebytes
# Database : 2016-10-18.1 [Local]
# Operating System : Windows 7 Home Premium Service Pack 1 (X64)
# Username : ADMIN - HP-DV6TQE
# Running from : C:\Users\naveen-standard\Desktop\adwcleaner_6.030.exe
# Mode: Scan
# Support : https://www.malwarebytes.com/support



***** [ Services ] *****

No malicious services found.


***** [ Folders ] *****

Folder Found: C:\Users\ADMIN\AppData\Local\PackageAware
Folder Found: C:\Users\naveen-standard\AppData\Local\PackageAware
Folder Found: C:\Users\Public\Documents\Downloaded Installers
Folder Found: C:\Users\naveen-standard\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbjikboenpfhbbejgkoklgkhjpfogcam
Folder Found: C:\Users\naveen-standard\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pbjikboenpfhbbejgkoklgkhjpfogcam


***** [ Files ] *****

File Found: C:\Users\naveen-standard\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_pbjikboenpfhbbejgkoklgkhjpfogcam_0.localstorage
File Found: C:\Users\naveen-standard\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_pbjikboenpfhbbejgkoklgkhjpfogcam_0.localstorage-journal
File Found: C:\Users\naveen-standard\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.funkytvtabsearch.com_0.localstorage-journal


***** [ DLL ] *****

No malicious DLLs found.


***** [ WMI ] *****

No malicious keys found.


***** [ Shortcuts ] *****

Shortcut infected: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Seagate\Seagate DiscWizard\Tools and Utilities\Mount Image.lnk ( /mount_image )
Shortcut infected: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Seagate\Seagate DiscWizard\Tools and Utilities\Unmount Image.lnk ( /unmount_image )


***** [ Scheduled Tasks ] *****

No malicious task found.


***** [ Registry ] *****

Key Found: HKLM\SOFTWARE\SLIMWARE UTILITIES, INC.
Key Found: HKU\S-1-5-21-606511456-1437241303-3617233354-1000\Software\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}
Key Found: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}
Key Found: HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}
Key Found: [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}
Key Found: [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}


***** [ Web browsers ] *****

No malicious Firefox based browser items found.
Chrome pref Found: [C:\Users\naveen-standard\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences ] - pbjikboenpfhbbejgkoklgkhjpfogcam

*************************

\AdwCleaner\AdwCleaner[S0].txt - [3115 Bytes] - [05/11/2016 11:23:10]

########## EOF - \AdwCleaner\AdwCleaner[S0].txt - [3186 Bytes] ##########

Become a BleepingComputer fan on Facebook
Have you seen.....Select Real Security

#4 Jo*

Jo*

  • Malware Response Team
  • 3,330 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:10:23 AM

Posted 05 November 2016 - 02:49 AM

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad.
Save it in the same location as / FSRT / FSRT64 (usually your desktop) as fixlist.txt

 
Start
CreateRestorePoint:
CloseProcesses:
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\RunOnce: [{E5B266B3-AB90-4CCF-9529-BCCFD2BBB0AE}] => cmd.exe start /D "C:\Users\ADMIN\AppData\Local\Temp\{E5B266B3-AB90-4CCF-9529-BCCFD2BBB0AE}" /B {13D75F14-A66B-4F5B-A5C0-3755B062BD70}.exe -accepteula -accepteulaksn -activeimages -postboot <===== ATTENTION
HKU\S-1-5-21-606511456-1437241303-3617233354-1001\...\MountPoints2: G - G:\LaunchU3.exe -a
HKU\S-1-5-21-606511456-1437241303-3617233354-1001\...\MountPoints2: {4b55e614-79de-11e6-bde7-20107a3e7b0d} - G:\AutoRun.exe
HKU\S-1-5-21-606511456-1437241303-3617233354-1001\...\MountPoints2: {4b55e643-79de-11e6-bde7-20107a3e7b0d} - G:\Setup.exe /Auto
HKU\S-1-5-21-606511456-1437241303-3617233354-1001\...\MountPoints2: {cbed218b-7b59-11e6-8891-20107a3e7b0d} - G:\AutoRun.exe
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKLM -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKLM -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://in.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://in.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM-x32 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKU\S-1-5-21-606511456-1437241303-3617233354-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-606511456-1437241303-3617233354-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-606511456-1437241303-3617233354-1000 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKU\S-1-5-21-606511456-1437241303-3617233354-1000 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://in.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKU\S-1-5-21-606511456-1437241303-3617233354-1000 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKU\S-1-5-21-606511456-1437241303-3617233354-1001 -> DefaultScope {01C7460F-AD76-41C4-833E-801D16E23C7D} URL = hxxps://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
SearchScopes: HKU\S-1-5-21-606511456-1437241303-3617233354-1001 -> {01C7460F-AD76-41C4-833E-801D16E23C7D} URL = hxxps://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
SearchScopes: HKU\S-1-5-21-606511456-1437241303-3617233354-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-606511456-1437241303-3617233354-1001 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://in.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKU\S-1-5-21-606511456-1437241303-3617233354-1001 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
S3 mvdM23; \??\C:\Program Files (x86)\seagate Drive Manager\mvdM23.sys [X]
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
WildTangent Games App (HP Games) (x32 Version: 4.0.5.32 - WildTangent) Hidden
EmptyTemp:
End

NOTICE: This script was written specifically for this user, for use on that particular machine.
Running this on another machine may cause damage to your operating system


Run FRST / FSRT64 again as Administrator like we did before but this time press the Fix button just once and wait.
The tool will make a log (Fixlog.txt) please post it to your reply.

---

Download and run Chrome Software Cleaner

---

[Uninstall-List!]

I noticed that you have Potentially Unwanted Programs (PUPs) installed on your system. I'll ask you to uninstall them since uninstalling such programs before running more malware removal tools will ensure a better clean-up.

Go to StartBtn.gif > Control Panel, double-click on Add/Remove Programs or Programs and Features in Vista / Windows 7/8/10 and remove:

- CyberLink YouCam
- Internet Download Manager
- WildTangent Games

---

How the computer is running now?



***


Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#5 anniyan

anniyan
  • Topic Starter

  • Members
  • 222 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Under your bed, mwahahahahaha!
  • Local time:01:53 PM

Posted 05 November 2016 - 05:14 AM

no offence to you, but, can i know why these:

CyberLink YouCam
Internet Download Manager

are to be considered as PUPs? these are software i use routinely for my work.CyberLink YouCam and WildTangent Games came as part of my HP OEM windows installation. i use WildTangent Games occasionally. WildTangent Games can be considered as a bit of a bloatware, but these 3 software caused me no harm. is it strictly necessary to remove them?

Become a BleepingComputer fan on Facebook
Have you seen.....Select Real Security

#6 Jo*

Jo*

  • Malware Response Team
  • 3,330 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:10:23 AM

Posted 05 November 2016 - 05:26 AM

is it strictly necessary to remove them?

No, it is your decision to keep it or not.

Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#7 anniyan

anniyan
  • Topic Starter

  • Members
  • 222 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Under your bed, mwahahahahaha!
  • Local time:01:53 PM

Posted 05 November 2016 - 12:18 PM

ok, thank you. by the way, i meant no offence.

so, is it necessary to modify the fixlist.txt, so as to not remove WILDTANGENT GAMES? or are the following lines ok to be there in fixlist.txt?

Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden
WildTangent Games App (HP Games) (x32 Version: 4.0.5.32 - WildTangent) Hidden

Become a BleepingComputer fan on Facebook
Have you seen.....Select Real Security

#8 Jo*

Jo*

  • Malware Response Team
  • 3,330 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:10:23 AM

Posted 05 November 2016 - 12:30 PM

the fixlist does not uninstall wildtangent.

These programs are hidden and not visible in Programs and Features (Vista above) and the user can't uninstall them from there.
FRST can make the program visible to the user.

Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#9 anniyan

anniyan
  • Topic Starter

  • Members
  • 222 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Under your bed, mwahahahahaha!
  • Local time:01:53 PM

Posted 05 November 2016 - 02:28 PM

thank you for the clarification.
i ran the FRST fix and i have produced the log below.
the chrome-clean-up tool ran as administrator by default and reset the chrome profile of my windows installation's ADMIN account only. it did not make any changes to my profile in my standard windows account (naveen-standard). the two CMD.EXE*32 processes that start running along with chrome, still run. the good news is that the freezing of windows during bootup has gone away. by the way, can you let me know about my doubts from post #3 of this thread? ie., can you please share your findings with me, now and then?




Fix result of Farbar Recovery Scan Tool (x64) Version: 04-11-2016
Ran by ADMIN (05-11-2016 23:24:14) Run:1
Running from C:\Users\naveen-standard\Desktop\frst
Loaded Profiles: ADMIN & naveen-standard (Available Profiles: ADMIN & naveen-standard)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
CreateRestorePoint:
CloseProcesses:
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\RunOnce: [{E5B266B3-AB90-4CCF-9529-BCCFD2BBB0AE}] => cmd.exe start /D "C:\Users\ADMIN\AppData\Local\Temp\{E5B266B3-AB90-4CCF-9529-BCCFD2BBB0AE}" /B {13D75F14-A66B-4F5B-A5C0-3755B062BD70}.exe -accepteula -accepteulaksn -activeimages -postboot <===== ATTENTION
HKU\S-1-5-21-606511456-1437241303-3617233354-1001\...\MountPoints2: G - G:\LaunchU3.exe -a
HKU\S-1-5-21-606511456-1437241303-3617233354-1001\...\MountPoints2: {4b55e614-79de-11e6-bde7-20107a3e7b0d} - G:\AutoRun.exe
HKU\S-1-5-21-606511456-1437241303-3617233354-1001\...\MountPoints2: {4b55e643-79de-11e6-bde7-20107a3e7b0d} - G:\Setup.exe /Auto
HKU\S-1-5-21-606511456-1437241303-3617233354-1001\...\MountPoints2: {cbed218b-7b59-11e6-8891-20107a3e7b0d} - G:\AutoRun.exe
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKLM -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKLM -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://in.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://in.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM-x32 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKU\S-1-5-21-606511456-1437241303-3617233354-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-606511456-1437241303-3617233354-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-606511456-1437241303-3617233354-1000 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKU\S-1-5-21-606511456-1437241303-3617233354-1000 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://in.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKU\S-1-5-21-606511456-1437241303-3617233354-1000 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKU\S-1-5-21-606511456-1437241303-3617233354-1001 -> DefaultScope {01C7460F-AD76-41C4-833E-801D16E23C7D} URL = hxxps://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
SearchScopes: HKU\S-1-5-21-606511456-1437241303-3617233354-1001 -> {01C7460F-AD76-41C4-833E-801D16E23C7D} URL = hxxps://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
SearchScopes: HKU\S-1-5-21-606511456-1437241303-3617233354-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-606511456-1437241303-3617233354-1001 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://in.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKU\S-1-5-21-606511456-1437241303-3617233354-1001 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
S3 mvdM23; \??\C:\Program Files (x86)\seagate Drive Manager\mvdM23.sys [X]
Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden
WildTangent Games App (HP Games) (x32 Version: 4.0.5.32 - WildTangent) Hidden
EmptyTemp:
End
*****************

Restore point was successfully created.
Processes closed successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\\{E5B266B3-AB90-4CCF-9529-BCCFD2BBB0AE} => value removed successfully
"HKU\S-1-5-21-606511456-1437241303-3617233354-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G" => key removed successfully
"HKU\S-1-5-21-606511456-1437241303-3617233354-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4b55e614-79de-11e6-bde7-20107a3e7b0d}" => key removed successfully
HKCR\CLSID\{4b55e614-79de-11e6-bde7-20107a3e7b0d} => key not found.
"HKU\S-1-5-21-606511456-1437241303-3617233354-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4b55e643-79de-11e6-bde7-20107a3e7b0d}" => key removed successfully
HKCR\CLSID\{4b55e643-79de-11e6-bde7-20107a3e7b0d} => key not found.
"HKU\S-1-5-21-606511456-1437241303-3617233354-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cbed218b-7b59-11e6-8891-20107a3e7b0d}" => key removed successfully
HKCR\CLSID\{cbed218b-7b59-11e6-8891-20107a3e7b0d} => key not found.
"HKLM\SOFTWARE\Policies\Google" => key removed successfully
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => key removed successfully
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}" => key removed successfully
HKCR\CLSID\{2fa28606-de77-4029-af96-b231e3b8f827} => key not found.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}" => key removed successfully
HKCR\CLSID\{b7fca997-d0fb-4fe0-8afd-255e89cf9671} => key not found.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}" => key removed successfully
HKCR\CLSID\{d43b3890-80c7-4010-a95d-1e77b5924dc3} => key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => key removed successfully
HKCR\Wow6432Node\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}" => key removed successfully
HKCR\Wow6432Node\CLSID\{2fa28606-de77-4029-af96-b231e3b8f827} => key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}" => key removed successfully
HKCR\Wow6432Node\CLSID\{b7fca997-d0fb-4fe0-8afd-255e89cf9671} => key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}" => key removed successfully
HKCR\Wow6432Node\CLSID\{d43b3890-80c7-4010-a95d-1e77b5924dc3} => key not found.
HKU\S-1-5-21-606511456-1437241303-3617233354-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
"HKU\S-1-5-21-606511456-1437241303-3617233354-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => key removed successfully
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found.
"HKU\S-1-5-21-606511456-1437241303-3617233354-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}" => key removed successfully
HKCR\CLSID\{2fa28606-de77-4029-af96-b231e3b8f827} => key not found.
"HKU\S-1-5-21-606511456-1437241303-3617233354-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}" => key removed successfully
HKCR\CLSID\{b7fca997-d0fb-4fe0-8afd-255e89cf9671} => key not found.
"HKU\S-1-5-21-606511456-1437241303-3617233354-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}" => key removed successfully
HKCR\CLSID\{d43b3890-80c7-4010-a95d-1e77b5924dc3} => key not found.
HKU\S-1-5-21-606511456-1437241303-3617233354-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
"HKU\S-1-5-21-606511456-1437241303-3617233354-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{01C7460F-AD76-41C4-833E-801D16E23C7D}" => key removed successfully
HKCR\CLSID\{01C7460F-AD76-41C4-833E-801D16E23C7D} => key not found.
"HKU\S-1-5-21-606511456-1437241303-3617233354-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => key removed successfully
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found.
"HKU\S-1-5-21-606511456-1437241303-3617233354-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}" => key removed successfully
HKCR\CLSID\{b7fca997-d0fb-4fe0-8afd-255e89cf9671} => key not found.
"HKU\S-1-5-21-606511456-1437241303-3617233354-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}" => key removed successfully
HKCR\CLSID\{d43b3890-80c7-4010-a95d-1e77b5924dc3} => key not found.
mvdM23 => service removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App\\SystemComponent => value removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp\\SystemComponent => value removed successfully

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 17863567 B
Java, Flash, Steam htmlcache => 456 B
Windows/system/drivers => 33040206 B
Edge => 0 B
Chrome => 130097412 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 66356 B
systemprofile32 => 151927 B
LocalService => 0 B
NetworkService => 0 B
ADMIN => 185528603 B
naveen-standard => 399794812 B

RecycleBin => 78036900 B
EmptyTemp: => 813.5 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 23:26:26 ====

Edited by anniyan, 05 November 2016 - 02:30 PM.


Become a BleepingComputer fan on Facebook
Have you seen.....Select Real Security

#10 Jo*

Jo*

  • Malware Response Team
  • 3,330 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:10:23 AM

Posted 05 November 2016 - 03:02 PM

Hello,

we scan the external drives later and at the moment I do not know what causes the cmd.exe running with Chrome.

:step1: Run Malwarebytes Anti-Rootkit again: Double click mbar.exe to run the tool.
Vista / Windows 7/8/10 users right-click and select Run As Administrator.
  • Scan your system for malware
  • If malware is found, click on the Cleanup
  • button to remove any threats and reboot if prompted to do so.
  • Wait while the system shuts down and the cleanup process is performed.
  • then please go to the MBAR folder and then copy/paste the contents of the MBAR-log-***.txt file to your next reply.
  • If there is no malware found, please let me know as well.

***


:step2: Double click on AdwCleaner.exe to run the tool again.
Vista / Windows 7/8/10 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin to scan your computer like it did before.
  • When the scan has finished, the actual line should say "Pending. Please uncheck elements you do not want to remove". Look through the scan results and uncheck any entries that you do not wish to remove.
  • This time, click on the Cleaning button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[C#].txt) will open automatically (where the largest value of # represents the most recent report).
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.

***


:step3: Please download Junkware Removal Tool from HERE and save it to your desktop.
Shutdown your antivirus to avoid any potential conflicts.
Double click JRT.exe to run the tool.
Vista / Windows 7/8/10 users right-click and select Run As Administrator.
  • JRT will begin to backup your registry and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, the log JRT.txt is saved on your desktop and will automatically open.
Enable your antivirus!
Post the contents of JRT.txt into your next reply.


***


:step4: FRST / FSRT64: run it again.
  • Right-click FRST / FSRT64 then click "Run as administrator" (XP users: click run after receipt of Windows Security Warning - Open File).
  • When the tool opens, click Yes to disclaimer.
  • Put a check into the box next to Addition.txt and press the Scan button.
  • When finished, it will produce logs called FRST.txt and Addition.txt in the same directory the tool was run from.
  • Please copy and paste both logs in your next reply.

***


:step5: How the computer is running now?

Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#11 anniyan

anniyan
  • Topic Starter

  • Members
  • 222 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Under your bed, mwahahahahaha!
  • Local time:01:53 PM

Posted 07 November 2016 - 11:32 AM

hi,sorry for the late response, i had been a bit busy.
one issue. apart from my primary internet connection using my modem-router, i also use my android phone's mobile-data connection (connected as MTP, and using USB tethering) on this laptop to access the internet. though i am aware that malware written for android OS won't affect windows laptops and vice versa, i have a doubt that any possible advanced rootkit that might be present in my laptop might have copied itself to my phone's internal storage. i am yet to run the MBAR scan you had asked me to run. my query is that, if i keep the phone connected to the laptop during the running of MBAR, will it scan my phone too? (i want my phone to be simultaneously cleaned of any possible malware that might have copied itself into it from my laptop). because, after MBAR removes any possible rootkit from my laptop, i don't want my laptop to be infected again from the phone, if i connect the phone to the laptop. i can refrain from connecting my external HDDs to the laptop till you permit it, but i connect my phone daily to my laptop. please advise on this. thank you :)

Edited by anniyan, 07 November 2016 - 11:35 AM.


Become a BleepingComputer fan on Facebook
Have you seen.....Select Real Security

#12 Jo*

Jo*

  • Malware Response Team
  • 3,330 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:10:23 AM

Posted 07 November 2016 - 12:05 PM

MBAR does not scan your phone.

I can do nothing for phones or mobile devices with android or other operating systems.

If you think your phone is infected you may ask at another forum section like this http://www.bleepingcomputer.com/forums/f/215/tablets-mobile-devices/
or contact your customer service for that phone.

The pc/laptop, which we clean here, does *not* show any sign of a rootkit!

Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#13 anniyan

anniyan
  • Topic Starter

  • Members
  • 222 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Under your bed, mwahahahahaha!
  • Local time:01:53 PM

Posted 08 November 2016 - 12:50 PM

JRT failed to update though it detected updates and the laptop was connected to the internet. the cmd processes continue to run with chrome, i don't know why, so i manually end them using taskmanager. links that open in the same tab don't respond most of the time. i can open links in new tabs.



Malwarebytes Anti-Rootkit BETA 1.9.3.1001
www.malwarebytes.org

Database version:
main: v2016.11.07.09
rootkit: v2016.10.31.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.18499
ADMIN :: HP-DV6TQE [administrator]

08-11-2016 02:21:53
mbar-log-2016-11-08 (02-21-53).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 382295
Time elapsed: 53 minute(s), 40 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)



# AdwCleaner v6.030 - Logfile created 08/11/2016 at 01:19:25
# Updated on 19/10/2016 by Malwarebytes
# Database : 2016-11-07.1 [Server]
# Operating System : Windows 7 Home Premium Service Pack 1 (X64)
# Username : ADMIN - HP-DV6TQE
# Running from : C:\Users\naveen-standard\Desktop\bleeping comp\adwcleaner_6.030.exe
# Mode: Clean
# Support : hxxps://www.malwarebytes.com/support



***** [ Services ] *****



***** [ Folders ] *****

[-] Folder deleted: C:\Users\ADMIN\AppData\Local\PackageAware
[-] Folder deleted: C:\Users\naveen-standard\AppData\Local\PackageAware
[-] Folder deleted: C:\Users\Public\Documents\Downloaded Installers
[-] Folder deleted: C:\Users\naveen-standard\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbjikboenpfhbbejgkoklgkhjpfogcam
[-] Folder deleted: C:\Users\naveen-standard\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pbjikboenpfhbbejgkoklgkhjpfogcam


***** [ Files ] *****

[-] File deleted: C:\Users\naveen-standard\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_pbjikboenpfhbbejgkoklgkhjpfogcam_0.localstorage
[-] File deleted: C:\Users\naveen-standard\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_pbjikboenpfhbbejgkoklgkhjpfogcam_0.localstorage-journal
[-] File deleted: C:\Users\naveen-standard\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.funkytvtabsearch.com_0.localstorage-journal


***** [ DLL ] *****



***** [ WMI ] *****



***** [ Shortcuts ] *****



***** [ Scheduled Tasks ] *****



***** [ Registry ] *****

[-] Key deleted: HKLM\SOFTWARE\SLIMWARE UTILITIES, INC.


***** [ Web browsers ] *****

[-] [C:\Users\naveen-standard\AppData\Local\Google\Chrome\User Data\Default] [extension] Deleted: pbjikboenpfhbbejgkoklgkhjpfogcam


*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

\AdwCleaner\AdwCleaner[C0].txt - [1982 Bytes] - [08/11/2016 01:19:25]
\AdwCleaner\AdwCleaner[S0].txt - [3058 Bytes] - [05/11/2016 02:23:29]
\AdwCleaner\AdwCleaner[S1].txt - [2551 Bytes] - [08/11/2016 01:15:31]

########## EOF - \AdwCleaner\AdwCleaner[C0].txt - [2266 Bytes] ##########


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.9 (09.30.2016)
Operating System: Windows 7 Home Premium x64
Ran by ADMIN (Administrator) on 08-11-2016 at 1:34:11.90
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 10

Successfully deleted: C:\Windows\wininit.ini (File)
Successfully deleted: C:\Program Files (x86)\safer technologies (Folder)
Successfully deleted: C:\Users\ADMIN\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1CG9YW3W (Temporary Internet Files Folder)
Successfully deleted: C:\Users\ADMIN\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9N8SSJF6 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\ADMIN\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RLJS9CJN (Temporary Internet Files Folder)
Successfully deleted: C:\Users\ADMIN\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Y98P1ABI (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1CG9YW3W (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9N8SSJF6 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RLJS9CJN (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Y98P1ABI (Temporary Internet Files Folder)

Registry: 0

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 08-11-2016 at 1:38:47.75
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 04-11-2016
Ran by ADMIN (administrator) on HP-DV6TQE (08-11-2016 22:38:25)
Running from C:\Users\naveen-standard\Desktop\bleeping comp\frst
Loaded Profiles: ADMIN & naveen-standard (Available Profiles: ADMIN & naveen-standard)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Emsisoft Ltd) C:\Program Files\Emsisoft Internet Security\a2service.exe
(AMD) C:\Windows\System32\atieclxx.exe
(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(QIHU 360 SOFTWARE CO. LIMITED) C:\Program Files (x86)\360\Total Security\safemon\QHActiveDefense.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
(Foxit Software Inc.) C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitConnectedPDFService.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
(Malwarebytes Corporation) C:\Program Files (x86)\MalwarebytesAnti-Exploit\mbae-svc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\MalwarebytesAnti-Exploit\mbae64.exe
(Malwarebytes) C:\Program Files (x86)\mbam\mbamscheduler.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(UltimateOutsider) C:\Program Files (x86)\GWX Control Panel\GWX_control_panel.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Tonec Inc.) C:\Program Files (x86)\IDM\IDMan.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP 3D DriveGuard\accelerometerST.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
(Murray Hurps Software Pty Ltd) C:\Program Files (x86)\Ad Muncher\AdMunch.exe
(Murray Hurps Software Pty Ltd) C:\Program Files (x86)\Ad Muncher\AdMunch64.exe
(Malwarebytes Corporation) C:\Program Files (x86)\MalwarebytesAnti-Exploit\mbae.exe
(Windows ® Win 7 DDK provider) C:\Program Files\FrescoLogicUSB3HostController\amd64_host\FLxHCIm.exe
(QIHU 360 SOFTWARE CO. LIMITED) C:\Program Files (x86)\360\Total Security\safemon\QHSafeTray.exe
(Tonec Inc.) C:\Program Files (x86)\IDM\IEMonitor.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Seagate) C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedul2.exe
(Clarus, Inc.) C:\Program Files (x86)\seagate Drive Manager\SZDrvSvcM.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(QIHU 360 SOFTWARE CO. LIMITED) C:\Program Files (x86)\360\Total Security\safemon\QHWatchdog.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2832168 2011-10-01] (Synaptics Incorporated)
HKLM\...\Run: [GwxControlPanelMonitor] => C:\Program Files (x86)\GWX Control Panel\GWX_control_panel.exe [4596296 2016-04-02] (UltimateOutsider)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1128448 2011-06-02] (IDT, Inc.)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284440 2011-05-20] (Intel Corporation)
HKLM-x32\...\Run: [HPQuickWebProxy] => C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe [169528 2011-10-08] (Hewlett-Packard Company)
HKLM-x32\...\Run: [HPOSD] => C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [379960 2011-08-20] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [HP CoolSense] => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [1343904 2012-11-05] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [Ad Muncher] => C:\Program Files (x86)\Ad Muncher\AdMunch.exe [560760 2016-08-27] (Murray Hurps Software Pty Ltd)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\AMD-catalyst\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-08-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files (x86)\MalwarebytesAnti-Exploit\mbae.exe [2651088 2016-10-28] (Malwarebytes Corporation)
HKLM-x32\...\Run: [FLxHCIm64] => C:\Program Files\FrescoLogicUSB3HostController\amd64_host\FLxHCIm.exe [65672 2016-09-06] (Windows ® Win 7 DDK provider)
HKLM-x32\...\Run: [QHSafeTray] => C:\Program Files (x86)\360\Total Security\safemon\QHSafeTray.exe [1894824 2016-10-24] (QIHU 360 SOFTWARE CO. LIMITED)
HKLM\...\RunOnce: [*EmptyTemp] => cmd /c rd /q/s C:\FRST\Temp
HKLM-x32\...\RunOnce: [InstallShieldSetup] => C:\Program Files (x86)\InstallShield Installation Information\{C1594429-8296-4652-BF54-9DBE4932A44C}\setup.exe [379496 2010-10-15] (Macrovision Corporation)
HKLM-x32\...\RunOnce: [InstallShieldSetup1] => C:\Program Files (x86)\InstallShield Installation Information\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}\setup.exe [375992 2011-06-03] (Macrovision Corporation)
HKLM-x32\...\RunOnce: [InstallShieldSetup2] => C:\Program Files (x86)\InstallShield Installation Information\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}\setup.exe [375992 2011-06-03] (Macrovision Corporation)
HKLM-x32\...\RunOnce: [InstallShieldSetup3] => C:\Program Files (x86)\InstallShield Installation Information\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}\setup.exe [375992 2011-06-03] (Macrovision Corporation)
HKLM-x32\...\RunOnce: [InstallShieldSetup4] => C:\Program Files (x86)\InstallShield Installation Information\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}\setup.exe [375992 2011-06-03] (Macrovision Corporation)
HKLM-x32\...\RunOnce: [InstallShieldSetup5] => C:\Program Files (x86)\InstallShield Installation Information\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}\setup.exe [375992 2011-06-03] (Macrovision Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-19\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-20\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-21-606511456-1437241303-3617233354-1000\...\Run: [IDMan] => C:\Program Files (x86)\IDM\IDMan.exe [3994736 2016-10-01] (Tonec Inc.)
HKU\S-1-5-21-606511456-1437241303-3617233354-1000\...\RunOnce: [Report] => \AdwCleaner\AdwCleaner[C0].txt
HKU\S-1-5-21-606511456-1437241303-3617233354-1000\...\Policies\Explorer: [HideSCAPower] 0
HKU\S-1-5-21-606511456-1437241303-3617233354-1001\...\Run: [IDMan] => C:\Program Files (x86)\IDM\IDMan.exe [3994736 2016-10-01] (Tonec Inc.)
HKU\S-1-5-21-606511456-1437241303-3617233354-1001\...\Run: [Yahoo Messenger Updater] => C:\Users\naveen-standard\AppData\Roaming\Yahoo Messenger\YMUpdater\YMUpdater.exe [115656 2016-09-16] (Yahoo!, Inc.)
HKU\S-1-5-21-606511456-1437241303-3617233354-1001\...\Run: [AccelerometerSysTrayApplet] => C:\Program Files\Hewlett-Packard\HP 3D DriveGuard\AccelerometerSt.Exe [68096 2012-04-25] (Hewlett-Packard Company)
HKU\S-1-5-21-606511456-1437241303-3617233354-1001\...\MountPoints2: {8b7491f8-9569-11e6-a986-082e5f89d0e8} - G:\Lenovo_Suite.exe
ShellIconOverlayIdentifiers: [ IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\IDM\IDMShellExt64.dll [2015-08-14] (Tonec Inc.)
ShellIconOverlayIdentifiers: [AcronisSyncError] -> {934BC6C0-FEC2-4df5-A100-961DE2C8A0ED} => C:\Program Files (x86)\Seagate\DiscWizard\tishell64.dll [2014-09-09] (Acronis)
ShellIconOverlayIdentifiers: [AcronisSyncInProgress] -> {00F848DC-B1D4-4892-9C25-CAADC86A215D} => C:\Program Files (x86)\Seagate\DiscWizard\tishell64.dll [2014-09-09] (Acronis)
ShellIconOverlayIdentifiers: [AcronisSyncOk] -> {71573297-552E-46fc-BE3D-3DFAF88D47B7} => C:\Program Files (x86)\Seagate\DiscWizard\tishell64.dll [2014-09-09] (Acronis)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\BDAntiRansomware.exe [2016-05-16] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\realprotect.exe - Shortcut.lnk [2016-10-31]
ShortcutTarget: realprotect.exe - Shortcut.lnk -> C:\Program Files\McAfee\Real Protect\realprotect.exe (McAfee Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{1376B6A5-FE63-43EF-8349-D2B963A8F1A9}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{43176845-8E7F-4783-8952-20D79339B7E4}: [NameServer] 203.145.160.5 59.144.144.46
Tcpip\..\Interfaces\{677812B8-F532-43ED-9073-DB5042941A77}: [DhcpNameServer] 172.25.0.1
Tcpip\..\Interfaces\{7BBD033E-289A-4FC1-9641-BC50336C76F5}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{B4586FFC-1700-4C87-9651-D44A1D644B03}: [NameServer] 203.145.160.5 59.144.144.46
Tcpip\..\Interfaces\{FF63BAE8-3DEE-4A85-A4B2-504916F795D4}: [DhcpNameServer] 192.168.42.129

Internet Explorer:
==================
HKU\S-1-5-21-606511456-1437241303-3617233354-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:tabs
HKU\S-1-5-21-606511456-1437241303-3617233354-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.jp.msn.com/HPALL/26
HKU\S-1-5-21-606511456-1437241303-3617233354-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:Tabs
HKU\S-1-5-21-606511456-1437241303-3617233354-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.jp.msn.com/HPALL/26
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-606511456-1437241303-3617233354-1001 -> DefaultScope {01C7460F-AD76-41C4-833E-801D16E23C7D} URL = hxxps://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
SearchScopes: HKU\S-1-5-21-606511456-1437241303-3617233354-1001 -> {01C7460F-AD76-41C4-833E-801D16E23C7D} URL = hxxps://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
SearchScopes: HKU\S-1-5-21-606511456-1437241303-3617233354-1001 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL =
BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\IDM\IDMIECC64.dll [2016-09-06] (Internet Download Manager, Tonec Inc.)
BHO: TrueSuite Website Log On -> {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} -> C:\Program Files (x86)\HP SimplePass 2012\x64\IEBHO.dll [2011-08-26] (HP)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-29] (Microsoft Corp.)
BHO: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar_x64.dll [2016-08-24] (LastPass)
BHO: SafeMon Class -> {B69F34DD-F0F9-42DC-9EDD-957187DA688D} -> C:\Program Files (x86)\360\Total Security\safemon\safemon64.dll [2016-09-28] (Qihu 360 Software Co., Ltd.)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2016-07-04] (HP Inc.)
BHO-x32: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\IDM\IDMIECC.dll [2016-09-06] (Internet Download Manager, Tonec Inc.)
BHO-x32: TrueSuite Website Log On -> {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} -> C:\Program Files (x86)\HP SimplePass 2012\IEBHO.dll [2011-08-26] (HP)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-29] (Microsoft Corp.)
BHO-x32: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar.dll [2016-08-24] (LastPass)
BHO-x32: SafeMon Class -> {B69F34DD-F0F9-42DC-9EDD-957187DA688D} -> C:\Program Files (x86)\360\Total Security\safemon\safemon.dll [2016-10-24] (Qihu 360 Software Co., Ltd.)
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll [2011-08-02] (Microsoft Corporation.)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2016-07-04] (HP Inc.)
Toolbar: HKLM - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll [2016-08-24] (LastPass)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll [2011-08-02] (Microsoft Corporation.)
Toolbar: HKLM-x32 - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll [2016-08-24] (LastPass)
DPF: HKLM-x32 {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} hxxp://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1472030556550

FireFox:
========
FF HKU\S-1-5-21-606511456-1437241303-3617233354-1000\...\SeaMonkey\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files (x86)\IDM\idmmzcc2.xpi
FF Extension: (IDM integration) - C:\Program Files (x86)\IDM\idmmzcc2.xpi [2016-09-21]
FF HKU\S-1-5-21-606511456-1437241303-3617233354-1000\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\ADMIN\AppData\Roaming\IDM\idmmzcc5
FF Extension: (IDM CC) - C:\Users\ADMIN\AppData\Roaming\IDM\idmmzcc5 [2016-10-03] [not signed]
FF HKU\S-1-5-21-606511456-1437241303-3617233354-1001\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\naveen-standard\AppData\Roaming\IDM\idmmzcc5
FF Extension: (IDM CC) - C:\Users\naveen-standard\AppData\Roaming\IDM\idmmzcc5 [2016-11-08] [not signed]
FF HKU\S-1-5-21-606511456-1437241303-3617233354-1001\...\SeaMonkey\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files (x86)\IDM\idmmzcc2.xpi
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_23_0_0_205.dll [2016-10-27] ()
FF Plugin: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll [2016-08-24] (LastPass)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2015-03-09] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_23_0_0_205.dll [2016-10-27] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll [2016-09-20] (Adobe Systems, Inc.)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2016-08-09] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2016-08-09] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2016-08-09] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2016-08-09] (Foxit Corporation)
FF Plugin-x32: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll [2016-08-24] (LastPass)
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll [2012-05-25] (Yahoo! Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-14] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-14] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-08-23] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-08-23] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2010-12-08] ()
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2015-03-09] (Adobe Systems)

Chrome:
=======
CHR DefaultSearchKeyword: Default -> lp
CHR Profile: C:\Users\ADMIN\AppData\Local\Google\Chrome\User Data\Default [2016-11-06]
CHR Extension: (Google Slides) - C:\Users\ADMIN\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-08-23]
CHR Extension: (Google Docs) - C:\Users\ADMIN\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-08-23]
CHR Extension: (Google Drive) - C:\Users\ADMIN\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-08-23]
CHR Extension: (YouTube) - C:\Users\ADMIN\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-08-23]
CHR Extension: (Website Logon) - C:\Users\ADMIN\AppData\Local\Google\Chrome\User Data\Default\Extensions\debkinhcgejcbfgjiaalomcmkedjmiaa [2016-08-23]
CHR Extension: (Google Sheets) - C:\Users\ADMIN\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-08-23]
CHR Extension: (Google Docs Offline) - C:\Users\ADMIN\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-08-23]
CHR Extension: (360 Internet Protection) - C:\Users\ADMIN\AppData\Local\Google\Chrome\User Data\Default\Extensions\glcimepnljoholdmjchkloafkggfoijh [2016-10-17]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\ADMIN\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2016-11-06]
CHR Extension: (HP Network Check Launcher) - C:\Users\ADMIN\AppData\Local\Google\Chrome\User Data\Default\Extensions\jkfpchpiljkaemlpmpebnglgkomamfeo [2016-11-06]
CHR Extension: (IDM Integration Module) - C:\Users\ADMIN\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngpampappnmepgilojfohadhhmbhlaek [2016-10-05]
CHR Extension: (Chrome Web Store Payments) - C:\Users\ADMIN\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-08-23]
CHR Extension: (Gmail) - C:\Users\ADMIN\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-08-23]
CHR Extension: (Chrome Media Router) - C:\Users\ADMIN\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-11-06]
CHR HKLM\...\Chrome\Extension: [hdokiejnpimakedhajhdlcegeplioahd] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\IDM\IDMGCExt.crx [2016-10-01]
CHR HKLM-x32\...\Chrome\Extension: [debkinhcgejcbfgjiaalomcmkedjmiaa] - C:\Program Files (x86)\HP SimplePass 2012\tschrome.crx [2011-08-25]
CHR HKLM-x32\...\Chrome\Extension: [glcimepnljoholdmjchkloafkggfoijh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [hdokiejnpimakedhajhdlcegeplioahd] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [jkfpchpiljkaemlpmpebnglgkomamfeo] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\IDM\IDMGCExt.crx [2016-10-01]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 a2AntiMalware; C:\Program Files\Emsisoft Internet Security\a2service.exe [9331168 2016-07-26] (Emsisoft Ltd)
R2 AESTFilters; C:\Program Files\IDT\WDM\AESTSr64.exe [89600 2009-03-03] (Andrea Electronics Corporation) [File not signed]
S4 CLKMSVC10_38F51D56; C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [241648 2011-02-25] (CyberLink)
R2 FoxitReaderService; C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitConnectedPDFService.exe [1659592 2016-10-13] (Foxit Software Inc.)
S4 FPLService; C:\Program Files (x86)\HP SimplePass 2012\TrueSuiteService.exe [260424 2011-08-26] (HP)
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [135496 2016-10-24] (SurfRight B.V.)
S4 hmevpnsvc; C:\Program Files (x86)\hide.me VPN\vpnsvc.exe [192720 2016-07-28] (eVenture Limited)
R2 HPAuto; C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe [682040 2011-02-17] (Hewlett-Packard)
S3 hpqcaslwmiex; C:\Program Files (x86)\HP\Shared\hpqwmiex.exe [1031704 2016-06-03] (HP)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [29760 2016-07-04] (HP Inc.)
S2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [346976 2011-03-14] ()
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2413056 2011-06-29] (Realsil Microelectronics Inc.) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 MbaeSvc; C:\Program Files (x86)\MalwarebytesAnti-Exploit\mbae-svc.exe [155088 2016-10-28] (Malwarebytes Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\mbam\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
S2 MBAMService; C:\Program Files (x86)\mbam\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
S4 Mobile Partner. RunOuc; C:\Program Files (x86)\Mobile Partner\UpdateDog\ouc.exe [650240 2013-03-01] () [File not signed]
R2 QHActiveDefense; C:\Program Files (x86)\360\Total Security\safemon\QHActiveDefense.exe [926632 2016-09-28] (QIHU 360 SOFTWARE CO. LIMITED)
S4 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1570520 2016-02-02] (Secunia)
S4 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [837848 2016-02-02] (Secunia)
R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [301568 2011-06-02] (IDT, Inc.) [File not signed]
R2 SZDrvSvc_General; C:\Program Files (x86)\seagate Drive Manager\SZDrvSvcM.exe [24792 2016-05-12] (Clarus, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2016-03-26] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 360AntiHacker; C:\Windows\System32\Drivers\360AntiHacker64.sys [151784 2016-09-28] (360.cn)
R3 360AvFlt; C:\Windows\System32\DRIVERS\360AvFlt.sys [86248 2016-09-28] (360.cn)
R3 360AvFlt; C:\Windows\SysWOW64\DRIVERS\360AvFlt.sys [86248 2016-09-28] (360.cn)
R1 360Box64; C:\Windows\System32\DRIVERS\360Box64.sys [330472 2016-09-28] (360.cn)
R1 360Camera; C:\Windows\System32\Drivers\360Camera64.sys [40520 2016-09-28] (360.cn)
R1 360FsFlt; C:\Windows\System32\DRIVERS\360FsFlt.sys [391392 2016-09-28] (360.cn)
R1 BAPIDRV; C:\Windows\System32\DRIVERS\BAPIDRV64.sys [188864 2016-09-28] (360.cn)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-11] (Broadcom Corporation)
R1 epp; C:\PROGRAM FILES\EMSISOFT INTERNET SECURITY\epp.sys [115832 2016-07-21] (Emsisoft Ltd)
R1 ESProtectionDriver; C:\Program Files (x86)\MalwarebytesAnti-Exploit\mbae64.sys [77416 2016-10-28] ()
R0 file_tracker; C:\Windows\System32\DRIVERS\file_tracker.sys [296736 2016-10-12] (Acronis International GmbH)
R3 FLxHCIh; C:\Windows\System32\DRIVERS\FLxHCIh.sys [86656 2016-09-06] (Fresco Logic)
R1 FWNDIS_LWF; C:\Windows\System32\DRIVERS\fwndislwf64.sys [204688 2016-06-30] ()
R1 fwwfp; C:\Program Files\Emsisoft Internet Security\fwwfp764.sys [144392 2016-06-30] ()
S3 huawei_wwanecm; C:\Windows\System32\DRIVERS\ew_juwwanecm.sys [241152 2012-12-03] (Huawei Technologies Co., Ltd.)
R0 MB3SwissArmy; C:\Windows\System32\drivers\MB3SwissArmy.sys [228800 2016-10-23] (Malwarebytes)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64896 2016-03-10] (Malwarebytes Corporation)
S3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2016-02-02] (Secunia)
U5 RTSPER; C:\Windows\System32\Drivers\RTSPER.sys [753368 2015-06-15] (Realsil Semiconductor Corporation)
U5 RTSUER; C:\Windows\System32\Drivers\RTSUER.sys [402136 2015-05-27] (Realsil Semiconductor Corporation)
S3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [27136 2016-04-21] (The OpenVPN Project) [File not signed]
R2 tib; C:\Windows\System32\DRIVERS\tib.sys [1058632 2016-10-12] (Acronis International GmbH)
R2 tib_mounter; C:\Windows\System32\DRIVERS\tib_mounter.sys [248648 2016-10-12] (Acronis International GmbH)
S3 wdm_usb; C:\Windows\System32\DRIVERS\usb2ser.sys [159936 2016-08-16] (MBB)
S3 mvdM23; \??\C:\Program Files (x86)\seagate Drive Manager\mvdM23.sys [X]

========================== Drivers MD5 =======================

C:\Windows\system32\drivers\1394ohci.sys E96ECC2315E4F7B42973CEAADC727C18
C:\Windows\System32\Drivers\360AntiHacker64.sys 9CC33FFF3AA4725CC3EE1ABDBDAA4CBC
C:\Windows\System32\DRIVERS\360AvFlt.sys 06DC8E24D1846A26FFE978A51B73BBA0
C:\Windows\SysWOW64\DRIVERS\360AvFlt.sys 06DC8E24D1846A26FFE978A51B73BBA0
C:\Windows\System32\DRIVERS\360Box64.sys 03882DAC88F6C1CAD9101A9FC426B3EF
C:\Windows\System32\Drivers\360Camera64.sys D31541708A595BCA380105D44C2C2AD5
C:\Windows\System32\DRIVERS\360FsFlt.sys A83EC46BA2414BC4150D3151DFCF7955
C:\Windows\System32\DRIVERS\Accelerometer.sys 5C368F4B04ED2A923E6AFCA2D37BAFF5
C:\Windows\System32\drivers\ACPI.sys 6ECB3791368947C1E3588062325CCBD8
C:\Windows\system32\drivers\acpipmi.sys ==> MD5 is legit
C:\Windows\system32\drivers\adp94xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\adpahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\adpu320.sys ==> MD5 is legit
C:\Windows\system32\drivers\afd.sys 6621364405B22FB2C642CDB6B6DE751C
C:\Windows\system32\drivers\agp440.sys 2823C845E4108CD74EC035E8ADB32A2B
C:\Windows\system32\drivers\aliide.sys 56F1EA3065D386173EA976E7C8403E07
C:\Windows\system32\drivers\amdide.sys 9B66BA4D578B18A3A02607A49A46ED15
C:\Windows\system32\drivers\amdk8.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\atikmdag.sys 06778049A44C316E8D016039B9D14667
C:\Windows\System32\DRIVERS\atikmpag.sys 94B4028F0EEA1F166D78186A254676B5
C:\Windows\system32\drivers\amdppm.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdsata.sys AA8663311D3E7B711710AFAEE1825A2F
C:\Windows\system32\drivers\amdsbs.sys ==> MD5 is legit
C:\Windows\System32\drivers\amdxata.sys 0B5BFDCF705BF9F462B151FC5BE428B8
C:\Windows\system32\drivers\appid.sys 8B73FEE96B60EE597CBCAA735A842A36
C:\Windows\system32\drivers\arc.sys ==> MD5 is legit
C:\Windows\system32\drivers\arcsas.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit
C:\Windows\System32\drivers\atapi.sys C8AA50005E6461D5C2C247DBABBF2008
C:\Windows\system32\drivers\bxvbda.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\b57nd60a.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\BAPIDRV64.sys 2E21AD1D7B64A7A040181A61E61A1F39
C:\Windows\System32\DRIVERS\bcmwl664.sys 9E84A931DBEE0292E38ED672F6293A99
C:\Windows\System32\Drivers\Beep.sys B688235B47E8AC299B346692F736A562
C:\Windows\system32\drivers\blbdrive.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bowser.sys 2256F9C53417855F4AB2BD2D604FEDD2
C:\Windows\system32\drivers\BrFiltLo.sys ==> MD5 is legit
C:\Windows\system32\drivers\BrFiltUp.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legit
C:\Windows\system32\drivers\bthmodem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdrom.sys 7200A15FCDDECA736E97D2815A32A54F
C:\Windows\system32\drivers\circlass.sys ==> MD5 is legit
C:\Windows\System32\CLFS.sys 4BC058AF1AA60D540D216DF3EB26F2C9
C:\Windows\System32\DRIVERS\clwvd.sys 50F92C943F18B070F166D019DFAB3D9A
C:\Windows\system32\drivers\CmBatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\cmdide.sys 4B47BBF1744551C2BE1469DAA66C1038
C:\Windows\System32\Drivers\cng.sys 3323F76352B0AF14B2CDC4DFBF3E980A
C:\Windows\System32\drivers\compbatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\CompositeBus.sys ==> MD5 is legit
C:\Windows\system32\drivers\crcdisk.sys ==> MD5 is legit
C:\Windows\System32\Drivers\dfsc.sys 9B38580063D281A99E68EF5813022A5F
C:\Windows\System32\drivers\discache.sys 3322A9E3CD6CD76729CBD1D96C1C3103
C:\Windows\System32\drivers\disk.sys 97659D0CEBCF0DB9C265D3DE1B116ECF
C:\Windows\system32\drivers\drmkaud.sys A1A42D99C70331B86B7B574598BDCA3A
C:\Windows\System32\drivers\dxgkrnl.sys 3A9D7D464BDB3B70D7ECF689ADABBD4D
C:\Windows\system32\drivers\evbda.sys ==> MD5 is legit
C:\Windows\system32\drivers\elxstor.sys ==> MD5 is legit
C:\PROGRAM FILES\EMSISOFT INTERNET SECURITY\epp.sys F25A2EBFEB9814C048DAC62D0CB8C83B
C:\Windows\system32\drivers\errdev.sys 7D8430241B482BC2BC8EACFD056C5F14
C:\Program Files (x86)\MalwarebytesAnti-Exploit\mbae64.sys C8BF715A44EBC22E6E8D8BAE72A2AA01
C:\Windows\System32\DRIVERS\ew_hwusbdev.sys 86F7951BBCEE4A86E79A97306BD14318
C:\Windows\System32\DRIVERS\ew_usbenumfilter.sys FF82FE59664304F75FC56EC0E92796F0
C:\Windows\System32\Drivers\exfat.sys ==> MD5 is legit
C:\Windows\System32\Drivers\fastfat.sys ==> MD5 is legit
C:\Windows\system32\drivers\fdc.sys ==> MD5 is legit
C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legit
C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\file_tracker.sys 72CC30F0D6DF8D3FBD5CD728259A8F69
C:\Windows\system32\drivers\flpydisk.sys ==> MD5 is legit
C:\Windows\System32\drivers\fltmgr.sys 1010630ABAA94551C88EF3F111E5DB76
C:\Windows\System32\DRIVERS\fltsrv.sys 9BD0273A5B650CC16E8A54AD9B312BEB
C:\Windows\System32\DRIVERS\FLxHCIc.sys 73A2A69CC5A0CA73D129E32D2A0CF13D
C:\Windows\System32\DRIVERS\FLxHCIh.sys FD3B4BAE2E90B9A175F29DB9B25EEFB3
C:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Fs_Rec.sys EC4F611CEB6B65672EEF06928C2CEB8C
C:\Windows\System32\DRIVERS\fvevol.sys 21B39456D89EE661F20F08082292DC9F
C:\Windows\System32\DRIVERS\fwndislwf64.sys 1480F5E5EB49487F8B040F4340561928
C:\Program Files\Emsisoft Internet Security\fwwfp764.sys 4D63610045043CD9A0BA81EA13739BB0
C:\Windows\system32\drivers\gagp30kx.sys ==> MD5 is legit
C:\Windows\system32\drivers\hcw85cir.sys ==> MD5 is legit
C:\Windows\system32\drivers\HdAudio.sys 345AC81C44BC37685725D78CB641F28F
C:\Windows\system32\drivers\HDAudBus.sys 45DAAFD1056B8942C5038EFFD285658D
C:\Windows\system32\drivers\HidBatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\hidbth.sys 387C19A65ECADEB9D27E80F27D882FCF
C:\Windows\system32\drivers\hidir.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\hidusb.sys D150C09088401493980E7A80CFA091FE
C:\Windows\System32\DRIVERS\hpdskflt.sys 4E0BEC0F78096FFD6D3314B497FC49D3
C:\Windows\system32\drivers\HpSAMD.sys ==> MD5 is legit
C:\Windows\System32\drivers\HTTP.sys 059D2AFA7C79FFDE302A4A440E9B8E55
C:\Windows\System32\DRIVERS\ew_jucdcacm.sys 4205571B46BAF3A43D43A9804810DF9A
C:\Windows\System32\DRIVERS\ew_jubusenum.sys F6C1661C55EAAD2DD9FBB37D5DF1A011
C:\Windows\System32\DRIVERS\ew_juextctrl.sys F7D991E5EA0433DBAEEE186CAD2BEBC9
C:\Windows\System32\DRIVERS\ew_juwwanecm.sys 06D9644E6BD7AD1C18B78D4D4EE87586
C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\i8042prt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\iaStor.sys 2FDAEC4B02729C48C0FD1B0B4695995B
C:\Windows\system32\drivers\iaStorV.sys 58A8CCA18210A9096B626B08EACC0B28
C:\Windows\System32\DRIVERS\idmwfp.sys E7C2076C9A9194839CEAF98904BC9A7F
C:\Windows\System32\DRIVERS\igdkmd64.sys 33FAA40B288002C89529DBD14F3AB72C
C:\Windows\system32\drivers\iirsp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\IntcDAud.sys FC727061C0F47C8059E88E05D5C8E381
C:\Windows\system32\drivers\intelide.sys 74D9B6BDA6F9CDAF7E19F5A33B63EBC9
C:\Windows\System32\DRIVERS\igdpmd64.sys 33FAA40B288002C89529DBD14F3AB72C
C:\Windows\System32\DRIVERS\intelppm.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\IPMIDrv.sys 63C9FB04EECFA385BC092D9B41E85990
C:\Windows\System32\drivers\ipnat.sys 9774AA4661A30E0ADCEA48B5A1B9F4B7
C:\Windows\System32\drivers\irenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\isapnp.sys E3DBCD75AA78937303E54E0946669959
C:\Windows\system32\drivers\msiscsi.sys 7A9C4A7DAE277FC177D60E4C75164763
C:\Windows\system32\drivers\kbdclass.sys C3CEAAF93C02A205B0712DEF98BAE544
C:\Windows\system32\drivers\kbdhid.sys 73DD773AC3F96B229AF7C6BB0D9009FE
C:\Windows\System32\Drivers\ksecdd.sys CF11CC2B73D5155533C67354F9188E09
C:\Windows\System32\Drivers\ksecpkg.sys 2E56D51B184EFB8E353B7AF446299DC8
C:\Windows\system32\drivers\ksthunk.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_fc.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_sas.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_sas2.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_scsi.sys ==> MD5 is legit
C:\Windows\system32\drivers\luafv.sys ==> MD5 is legit
C:\Windows\System32\drivers\MB3SwissArmy.sys 63A21EA86645B123AA785B67B42DF14A
C:\Windows\system32\drivers\mbam.sys 78BFF5425E044086E74E78650A359FBB
C:\Windows\system32\drivers\mwac.sys 452ACB7A9914398D9E18CCCFFCF92208
C:\Windows\system32\drivers\megasas.sys ==> MD5 is legit
C:\Windows\system32\drivers\MegaSR.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\HECIx64.sys A6518DCC42F7A6E999BB3BEA8FD87567
C:\Windows\System32\drivers\modem.sys DFDA7308112839CE14D5F2C92B62607A
C:\Windows\System32\DRIVERS\monitor.sys 419D67778CA8B7DFFB39DF3FCE3EE351
C:\Windows\System32\DRIVERS\mouclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouhid.sys ==> MD5 is legit
C:\Windows\System32\drivers\mountmgr.sys 8ADB5445B29941CB41AF2846FD5C93C7
C:\Windows\system32\drivers\mpio.sys AE8932E3B623A75B547F8CB71D70C469
C:\Windows\System32\drivers\mpsdrv.sys 5F46B69809CE21701289300B6B668684
C:\Windows\system32\drivers\mrxdav.sys 98DB1790F0A584E0A2528B92B052417F
C:\Windows\System32\DRIVERS\mrxsmb.sys FCA01B0C70DAE9BE557577E719469D17
C:\Windows\System32\DRIVERS\mrxsmb10.sys 386BE96797C5B480AD31E8B50CEE337C
C:\Windows\System32\DRIVERS\mrxsmb20.sys 841474CF2EB14F826038FBCC7D85B857
C:\Windows\System32\drivers\msahci.sys 0C7033B1EF362F6C1F74E3E41B2306B8
C:\Windows\system32\drivers\msdsm.sys A75ADF411CF22D1C57AE40773BE51CDC
C:\Windows\System32\Drivers\Msfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legit
C:\Windows\System32\drivers\msisadrv.sys 5BDBD4F3C00E887B7FA8E416CD146855
C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legit
C:\Windows\System32\Drivers\MsRPC.sys ==> MD5 is legit
C:\Windows\system32\drivers\mssmbios.sys AEF3CB71F17CB9D8C6A3B49D3CDE5E22
C:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legit
C:\Windows\system32\drivers\MTConfig.sys ==> MD5 is legit
C:\Windows\System32\Drivers\mup.sys ADF51F0215E71361B35FA2C5D3F49D66
C:\Windows\System32\DRIVERS\nwifi.sys FC380F5585171EE88045247D12F21242
C:\Windows\System32\drivers\ndis.sys 8664770EC3CF87492AD1CDDA424FD3CB
C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndistapi.sys 8196473CCF244832109BE0F5BEFD7C4D
C:\Windows\System32\DRIVERS\ndisuio.sys A17CC85238E2D08E0C44A8FE3DC3B192
C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit
C:\Windows\System32\Drivers\NDProxy.sys 357C6186EBE2B4065080A06F740DCB34
C:\Windows\System32\DRIVERS\netbios.sys 7FA2D0AC5EA6E10013AC4B7D300BD906
C:\Windows\System32\DRIVERS\netbt.sys E47D571FEC2C76E867935109AB2A770C
C:\Windows\system32\drivers\nfrd960.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Npfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys 7D00B92D4803354BC6616A293A24C119
C:\Windows\System32\Drivers\Ntfs.sys DF54A465B6C6AA7A306D03B9B1D2B61E
C:\Windows\System32\Drivers\Null.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\nvm62x64.sys A85B4F2EF3A7304A5399EF0526423040
C:\Windows\system32\drivers\nvraid.sys C58189F39002E5E483C0B8BF728E8343
C:\Windows\system32\drivers\nvstor.sys 77497B64AEAC221A081D2EE7C80B1CF4
C:\Windows\system32\drivers\nv_agp.sys 1317382EDFDF491DA4CB3BACFF058A52
C:\Windows\system32\drivers\ohci1394.sys C1E10246E2F0436D0AFD147E8F28391F
C:\Windows\system32\drivers\parport.sys 0E75370C05A7AB23E3B05840BA9E1935
C:\Windows\System32\drivers\partmgr.sys B38E9BF9A0A43B0E84731CE83541D710
C:\Windows\System32\drivers\pci.sys E8EDD0D68FB3D1FD1B1EB410DC8E87BC
C:\Windows\system32\drivers\pciide.sys 7D7E0DC331C675B35627B9E2C4ED1B4B
C:\Windows\system32\drivers\pcmcia.sys ==> MD5 is legit
C:\Windows\System32\drivers\pcw.sys ==> MD5 is legit
C:\Windows\System32\drivers\peauth.sys EA4D67448BE493D543F1730D6CD04694
C:\Windows\System32\DRIVERS\raspptp.sys 0E13F3D32ED2C76B3485294E43040738
C:\Windows\system32\drivers\processr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\psi_mf_amd64.sys DD3FD48D69F5FBBB21D46D1514C1C2DB
C:\Windows\system32\drivers\ql2300.sys ==> MD5 is legit
C:\Windows\system32\drivers\ql40xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\qwavedrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\AgileVpn.sys FCBC6E55B7EAFEE6E26B5AF77441DD2A
C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspppoe.sys 64908FACD0C3EAE09E4FDF251A4B2792
C:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rdbss.sys 7FC7357E1FA467EB68F405B1B5FEE365
C:\Windows\system32\drivers\rdpbus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\RDPCDD.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legit
C:\Windows\System32\Drivers\RDPWD.sys 79062C89658D3E71097E0CB7A85B7E46
C:\Windows\System32\drivers\rdyboost.sys 53E15480838EB8550D80A8796982C7EE
C:\Windows\System32\DRIVERS\revoflt.sys 9C3AC71A9934B884FAC567A8807E9C4D
C:\Windows\System32\DRIVERS\RtsPStor.sys 1F5E7AF59B390261A85F5BEDB1BB88B3
C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\Rt64win7.sys ED5873F7DFB2F96D37F13322211B6BDC
C:\Windows\System32\DRIVERS\rtl8192Ce.sys F33E70E48A54A7A1BFBEEB4F3B273E4A
C:\Windows\system32\drivers\sbp2port.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\scfilter.sys 53CE84F6E4FABFC5AB47375546E1303D
C:\Windows\System32\DRIVERS\sdbus.sys 41C99EBC203B0215B9C0E3D0A4DE361C
C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\serenum.sys 38B4E056D31DF16EC0EB5884F65B1979
C:\Windows\system32\drivers\serial.sys F9DF63C7E70CBAC77EB07E454B35AB2A
C:\Windows\system32\drivers\sermouse.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffdisk.sys 5E332126E8DBAB045A21D623EA5A0488
C:\Windows\system32\drivers\sffp_mmc.sys C7CF5601AEBC0AFD053C065998E312B1
C:\Windows\system32\drivers\sffp_sd.sys 4530300DB74296B77FCC9E549E0C3752
C:\Windows\system32\drivers\sfloppy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\Sftfslh.sys 21AB491BBCC8C1B26FDC402A374AB196
C:\Windows\System32\DRIVERS\Sftplaylh.sys 3B8D43FEEFF7A187534DDDFD675FE123
C:\Windows\System32\DRIVERS\Sftredirlh.sys F1D1B1DC7A8765A09D7640FBF8D20970
C:\Windows\System32\DRIVERS\Sftvollh.sys B3B9ADE7F8C4AF0C20E712E040588543
C:\Windows\system32\drivers\SiSRaid2.sys ==> MD5 is legit
C:\Windows\system32\drivers\sisraid4.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\snapman.sys 2F7A6F88A9516EB47B0BF13024434244
C:\Windows\System32\Drivers\spldr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\srv.sys EC666682FE8344CF7E6ED69E74FA9F4F
C:\Windows\System32\DRIVERS\srv2.sys E450C0318DCE8ED28ED272C8806B8495
C:\Windows\System32\DRIVERS\VSTAZL6.SYS 0C4540311E11664B245A263E1154CEF8
C:\Windows\System32\DRIVERS\VSTDPV6.SYS 02071D207A9858FBE3A48CBFD59C4A04
C:\Windows\System32\DRIVERS\VSTCNXT6.SYS 18E40C245DBFAF36FD0134A7EF2DF396
C:\Windows\System32\DRIVERS\srvnet.sys 9C12C78AD36C23D925711A4640228225
C:\Windows\system32\drivers\stexstor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\stwrt64.sys 6374AB1C9E23F2BA68A25F1619A79E03
C:\Windows\system32\drivers\swenum.sys 5485470D82D50777757AF985776474BD
C:\Windows\System32\DRIVERS\SynTP.sys 772493A8945495F1A287BF6C4CA25B48
C:\Windows\System32\DRIVERS\tap0901.sys D765F43CBEA72D14C04AF3D2B9C8E54B
C:\Windows\System32\drivers\tcpip.sys FF92A3BBFA7E7CB71B1892BF13AB8AFF
C:\Windows\System32\DRIVERS\tcpip.sys FF92A3BBFA7E7CB71B1892BF13AB8AFF
C:\Windows\System32\drivers\tcpipreg.sys 7D5ACA08ACF6F39441C09E0C3E397138
C:\Windows\System32\drivers\tdpipe.sys 5FB705F7D93059B059900F2C6F7DE76B
C:\Windows\System32\drivers\tdtcp.sys CEB11D6BB417E3E26CD0FEFDCAD5A052
C:\Windows\System32\DRIVERS\tdx.sys 106269AB8623435C130A33DCA499A7EF
C:\Windows\system32\drivers\termdd.sys DF87E778D5EDC3F8959C6AB05A9C4E39
C:\Windows\System32\DRIVERS\tib.sys AEEEB1EE424A8D6F17B3A6461E0FC7E6
C:\Windows\System32\DRIVERS\tib_mounter.sys 3813F93D8A69EDE68913CC3050640FE3
C:\Windows\System32\DRIVERS\tssecsrv.sys 9E5A819FA3016108CED020FE621CB0AE
C:\Windows\System32\drivers\tsusbflt.sys ==> MD5 is legit
C:\Windows\system32\drivers\TsUsbGD.sys 9CC2CCAE8A84820EAECB886D477CBCB8
C:\Windows\System32\DRIVERS\tunnel.sys 06BC523D39A2E6A9FBAED812C7A5ED6B
C:\Windows\system32\drivers\uagp35.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\udfs.sys 8DE87C94A4938BF4C21C310077DB22BD
C:\Windows\system32\drivers\uliagpkx.sys F76C937416EE9A617FF5519370EEA1A1
C:\Windows\System32\DRIVERS\umbus.sys C77B614D818386596EC5540E318AE034
C:\Windows\system32\drivers\umpass.sys ==> MD5 is legit
C:\Windows\System32\drivers\usbaudio.sys 18CE87DAF00AF7BA0DC7FAC2A532C170
C:\Windows\System32\DRIVERS\usbccgp.sys 3676F1F15EC8953F05AE618A049891ED
C:\Windows\system32\drivers\usbcir.sys 710EE0EEDFF1DB5089397CCBBBD80C58
C:\Windows\System32\DRIVERS\usbehci.sys E94288914A796BD942D8FCCFEC91E34D
C:\Windows\System32\DRIVERS\usbhub.sys FEAA37A971ACA6F2AED20551E5E3E5ED
C:\Windows\system32\drivers\usbohci.sys 19317FFA87F6AD97EB56E8C520C6CC97
C:\Windows\system32\drivers\usbprint.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\USBSTOR.SYS 18C50A2277BCB1509A27F91A07377263
C:\Windows\system32\drivers\usbuhci.sys F906A62B9F67CD98761D6767964B426A
C:\Windows\System32\Drivers\usbvideo.sys F8C3A8F142473F8F66C105730756658D
C:\Windows\System32\DRIVERS\usb8023x.sys 7469672BB2A36B65FFDB794895BB62E3
C:\Windows\System32\drivers\vdrvroot.sys DB25700CE057D426102AB5A2259F275B
C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit
C:\Windows\System32\drivers\vga.sys ==> MD5 is legit
C:\Windows\system32\drivers\vhdmp.sys FF0E9994E61F7D9778DB1C4E6F3F25F5
C:\Windows\system32\drivers\viaide.sys 2B6E179E984F5A11521F8FE1EA6BAE83
C:\Windows\System32\drivers\volmgr.sys 95B852EC9A799A1FDAD33A8F8FDE8818
C:\Windows\System32\drivers\volmgrx.sys 758824D06738A437E56304FC1D400F7F
C:\Windows\System32\drivers\volsnap.sys B52F1F5F55CD773BA89E5739B82E9C34
C:\Windows\system32\drivers\vsmraid.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwifibus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwififlt.sys 97B4B3EB0CCEA0D020CC26A308921B9E
C:\Windows\System32\DRIVERS\vwifimp.sys 805E24052C59972E395BA79B4159216A
C:\Windows\system32\drivers\wacompen.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys 7AF9F1F2BAF52266096501BBBEEE62A9
C:\Windows\System32\DRIVERS\wanarp.sys 7AF9F1F2BAF52266096501BBBEEE62A9
C:\Windows\system32\drivers\wd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wdcsam64.sys ==> MD5 is legit
C:\Windows\System32\drivers\Wdf01000.sys 37CE6867FC4A6827009A713A9737262C
C:\Windows\System32\DRIVERS\usb2ser.sys 9955F303C20C4F58DB6645C6248DE1C8
C:\Windows\System32\DRIVERS\wfplwf.sys 7575DC87DF112AC0C6E95A0F87915CDC
C:\Windows\System32\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\SysWOW64\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\WinUSB.sys 6F96FDED5AFAC6151E94430F2C1EA833
C:\Windows\system32\drivers\wmiacpi.sys 241A2D103E5F63A69B130D7C344A228D
C:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legit
C:\Windows\System32\drivers\WudfPf.sys AB886378EEB55C6C75B4F2D14B6C869F
C:\Windows\System32\DRIVERS\WUDFRd.sys DDA4CAF29D8C0A297F886BFE561E6659

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-11-08 01:38 - 2016-11-08 01:38 - 00001996 _____ C:\Users\ADMIN\Desktop\JRT.txt
2016-11-07 22:35 - 2016-11-07 23:01 - 00000000 ____D C:\Users\naveen-standard\Desktop\appln
2016-11-06 00:20 - 2016-11-08 01:40 - 00000000 ____D C:\Users\naveen-standard\Desktop\bleeping comp
2016-11-05 23:56 - 2016-11-05 23:56 - 00000000 ____D C:\Program Files\DIFX
2016-11-05 02:17 - 2016-11-08 01:31 - 00000000 ____D C:\AdwCleaner
2016-11-05 01:21 - 2016-11-08 03:18 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2016-11-05 00:53 - 2016-11-05 00:53 - 00000000 _____ C:\Users\ADMIN\defogger_reenable
2016-11-04 19:03 - 2016-11-07 22:59 - 00000000 ____D C:\Users\naveen-standard\Desktop\to migrate this
2016-11-03 19:09 - 2016-11-08 22:38 - 00000000 ____D C:\FRST
2016-11-03 15:44 - 2016-11-03 15:45 - 02326600 _____ C:\Users\naveen-standard\Downloads\SharewareOnSale_Giveaway_Nov-2-2016_Corel_AfterShot_3_hub.exe
2016-11-03 15:44 - 2016-11-03 15:44 - 02366696 _____ C:\Users\naveen-standard\Downloads\SharewareOnSale_Giveaway_Nov-2-2016_EZ_Game_Booster_PRO_hub.exe
2016-11-02 23:13 - 2016-11-02 23:13 - 00195081 _____ C:\Users\naveen-standard\Desktop\choosing-anti-virus-software-784.pdf
2016-11-02 19:15 - 2016-11-02 19:15 - 00448512 _____ (OldTimer Tools) C:\Users\naveen-standard\Downloads\TFC.exe
2016-11-02 19:05 - 2016-11-02 19:06 - 04049670 _____ C:\Users\naveen-standard\Desktop\Cylance - Advanced Threat Prevention Built on Artificial Intelligence.WEBM
2016-11-02 18:52 - 2016-11-02 18:55 - 64922472 _____ (Steganos Software GmbH) C:\Users\naveen-standard\Downloads\sss17intwr.exe
2016-11-02 18:49 - 2016-11-02 18:51 - 53406617 _____ C:\Users\naveen-standard\Desktop\winx-hd-video-converter-deluxe-giveaway.zip
2016-11-02 17:18 - 2016-11-02 17:36 - 00000109 _____ C:\Users\naveen-standard\Desktop\New Text Document.txt
2016-11-02 14:55 - 2016-11-02 14:55 - 00000911 _____ C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk
2016-11-02 14:55 - 2016-11-02 14:55 - 00000000 ____D C:\Users\ADMIN\AppData\Local\VS Revo Group
2016-11-02 14:55 - 2016-11-02 14:55 - 00000000 ____D C:\ProgramData\VS Revo Group
2016-11-02 14:55 - 2016-11-02 14:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro
2016-11-02 14:55 - 2016-11-02 14:55 - 00000000 ____D C:\Program Files\Revo Uninstaller Pro
2016-11-02 14:55 - 2009-12-30 11:21 - 00031800 _____ (VS Revo Group) C:\Windows\system32\Drivers\revoflt.sys
2016-11-02 14:53 - 2016-11-02 14:54 - 11432112 _____ (VS Revo Group ) C:\Users\naveen-standard\Downloads\RevoUninProSetup.exe
2016-11-02 14:29 - 2016-11-02 14:29 - 00000000 ____D C:\Users\naveen-standard\Desktop\tdsskiller
2016-11-02 14:15 - 2016-11-02 14:15 - 00046005 _____ C:\Users\naveen-standard\Desktop\Blackoutdays2015.pdf
2016-10-31 21:08 - 2016-10-31 21:09 - 02294600 _____ C:\Users\naveen-standard\Downloads\SharewareOnSale_Giveaway_Oct-28-2016_Ashampoo_Internet_Accelerator_3_hub.exe
2016-10-31 21:07 - 2016-10-31 21:08 - 02235072 _____ C:\Users\naveen-standard\Downloads\SharewareOnSale_Giveaway_Oct-30-2016_Undelete_Wizard_hub.exe
2016-10-28 23:41 - 2016-10-28 23:41 - 00003988 _____ C:\Windows\System32\Tasks\lenovo mobile auto run
2016-10-28 23:40 - 2016-10-28 23:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mobile Assistant
2016-10-28 23:40 - 2016-10-28 23:40 - 00000000 ____D C:\Program Files (x86)\MagicPlus
2016-10-28 23:40 - 2016-10-28 23:40 - 00000000 ____D C:\MagicPlusMini
2016-10-28 19:57 - 2016-11-03 18:34 - 00000000 ____D C:\Users\naveen-standard\Desktop\copied
2016-10-28 08:47 - 2016-10-28 08:47 - 00000000 ____D C:\Users\naveen-standard\AppData\Local\Clarus
2016-10-28 08:45 - 2016-10-28 08:48 - 00000000 ____D C:\Users\naveen-standard\Desktop\kis rescue usb not booting
2016-10-28 08:12 - 2016-10-28 08:14 - 00000000 ____D C:\Users\naveen-standard\Desktop\make usb bootable
2016-10-28 07:38 - 2016-10-28 07:38 - 02774048 _____ C:\Users\naveen-standard\Downloads\SharewareOnSale_Giveaway_Oct-24-2016_AllMyNotes_Organizer_Deluxe_hub_2.exe
2016-10-28 07:31 - 2016-10-28 07:31 - 02637288 _____ C:\Users\naveen-standard\Downloads\SharewareOnSale_Giveaway_Sep-20-2016_Ashampoo_HDD_Control_2017_hub.exe
2016-10-28 07:22 - 2016-10-28 07:23 - 02284896 _____ C:\Users\naveen-standard\Downloads\SharewareOnSale_Giveaway_Aug-18-2016_Ashampoo_Burning_Studio_2016_hub.exe
2016-10-28 07:22 - 2016-10-28 07:23 - 02210104 _____ C:\Users\naveen-standard\Downloads\SharewareOnSale_Giveaway_Sep-6-2016_64-bit_Paragon_Backup__Recovery_16_hub.exe
2016-10-28 07:22 - 2016-10-28 07:22 - 02210104 _____ C:\Users\naveen-standard\Downloads\SharewareOnSale_Giveaway_Sep-6-2016_32-bit_Paragon_Backup__Recovery_16_hub.exe
2016-10-28 07:21 - 2016-10-28 07:21 - 02231848 _____ C:\Users\naveen-standard\Downloads\SharewareOnSale_Giveaway_Aug-18-2016_Ashampoo_Media_Sync_hub.exe
2016-10-28 07:20 - 2016-10-28 07:21 - 02756901 _____ C:\Users\naveen-standard\Downloads\SharewareOnSale_Giveaway_Oct-24-2016_AllMyNotes_Organizer_Deluxe_hub.exe
2016-10-28 07:19 - 2016-10-28 07:19 - 02707248 _____ C:\Users\naveen-standard\Downloads\SharewareOnSale_Giveaway_Aug-18-2016_Ashampoo_Cover_Studio_2017_hub.exe
2016-10-28 07:18 - 2016-10-28 07:19 - 02468968 _____ C:\Users\naveen-standard\Downloads\SharewareOnSale_Giveaway_Aug-18-2016_64-bit_Nektra_SpyStudio_hub.exe
2016-10-28 07:18 - 2016-10-28 07:19 - 02294648 _____ C:\Users\naveen-standard\Downloads\SharewareOnSale_Giveaway_Aug-18-2016_Ashampoo_WinOptimizer_2016_hub.exe
2016-10-28 07:18 - 2016-10-28 07:18 - 02468968 _____ C:\Users\naveen-standard\Downloads\SharewareOnSale_Giveaway_Aug-18-2016_32-bit_Nektra_SpyStudio_hub.exe
2016-10-28 07:15 - 2016-10-28 07:15 - 02190528 _____ C:\Users\naveen-standard\Downloads\SharewareOnSale_Giveaway_Aug-18-2016_Ad-Aware_Web_Companion_PRO_hub.exe
2016-10-28 07:14 - 2016-10-28 07:15 - 02642160 _____ C:\Users\naveen-standard\Downloads\SharewareOnSale_Giveaway_Aug-18-2016_Ashampoo_Backup_2016_hub.exe
2016-10-28 07:12 - 2016-10-28 07:13 - 02224776 _____ C:\Users\naveen-standard\Downloads\SharewareOnSale_Giveaway_Oct-25-2016_AlomWare_Actions_hub.exe
2016-10-28 07:10 - 2016-10-28 07:11 - 02210256 _____ C:\Users\naveen-standard\Downloads\SharewareOnSale_Giveaway_Oct-26-2016_Eassos_System_Restore_hub.exe
2016-10-28 06:45 - 2016-10-28 06:45 - 00000000 ____D C:\Users\naveen-standard\AppData\Roaming\U3
2016-10-28 06:42 - 2016-10-28 08:43 - 00000000 ____D C:\Users\naveen-standard\Desktop\kasp rescue
2016-10-28 06:36 - 2016-10-28 08:42 - 00000000 ____D C:\Users\naveen-standard\Desktop\kav-rescue
2016-10-27 13:22 - 2016-10-27 13:22 - 00000855 _____ C:\Users\Public\Desktop\Recover Keys.lnk
2016-10-27 13:22 - 2016-10-27 13:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Recover Keys
2016-10-27 13:22 - 2016-10-27 13:22 - 00000000 ____D C:\Program Files\Recover Keys
2016-10-27 13:16 - 2016-10-27 13:30 - 00000000 ____D C:\Users\naveen-standard\Desktop\Nuclear Coffee Recover Keys v9.0.3.168
2016-10-27 12:36 - 2016-10-28 06:47 - 00000000 ____D C:\Users\naveen-standard\Desktop\New folder
2016-10-27 12:11 - 2016-11-01 00:46 - 00003110 _____ C:\Windows\System32\Tasks\BDAntiCryptoWallTask
2016-10-27 11:55 - 2016-10-27 11:55 - 00001279 _____ C:\Users\Public\Desktop\Foxit Reader.lnk
2016-10-27 11:55 - 2016-10-27 11:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader
2016-10-27 11:54 - 2016-10-27 11:54 - 00000000 ____D C:\Program Files (x86)\Foxit Software
2016-10-27 11:53 - 2016-10-27 11:53 - 61860723 _____ C:\Users\naveen-standard\Desktop\Do You Know God- - YouTube.MP4
2016-10-27 11:44 - 2016-10-27 12:00 - 42095667 _____ C:\Users\naveen-standard\Desktop\You Can't Trust Science! - YouTube.MP4
2016-10-27 11:24 - 2016-10-27 11:30 - 32262960 _____ (MiniTool Solution Ltd. ) C:\Users\naveen-standard\Downloads\pwfree91.exe
2016-10-27 11:07 - 2016-10-27 11:08 - 01662516 _____ C:\Users\naveen-standard\Desktop\Kickstart-User-Manual.pdf
2016-10-27 11:02 - 2016-11-03 18:33 - 00000000 ____D C:\Users\Public\Documents\Heimdal Security
2016-10-27 10:57 - 2016-11-03 19:55 - 00000000 ____D C:\ProgramData\Heimdal Security
2016-10-27 10:50 - 2016-10-27 10:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BDAntiRansomware
2016-10-27 10:50 - 2016-10-27 10:50 - 00000000 ____D C:\Program Files\Bitdefender
2016-10-27 10:49 - 2016-10-27 10:50 - 04703248 _____ (Bitdefender ) C:\Users\naveen-standard\Downloads\BDAntiRansomwareSetup.exe
2016-10-27 10:33 - 2016-10-27 10:54 - 37892136 _____ (Malwarebytes ) C:\Users\naveen-standard\Downloads\MBARW_Setup_2.exe
2016-10-27 00:49 - 2016-11-06 20:22 - 00000527 _____ C:\Users\naveen-standard\ticket1.xml
2016-10-27 00:49 - 2016-10-27 00:49 - 00000000 ____D C:\Users\naveen-standard\.android
2016-10-25 03:36 - 2016-10-27 20:46 - 00000000 ____D C:\Users\naveen-standard\AppData\Roaming\Launchy
2016-10-25 03:08 - 2016-10-27 20:46 - 00000000 ____D C:\Users\ADMIN\AppData\Roaming\Launchy
2016-10-25 03:07 - 2016-10-27 20:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Launchy
2016-10-25 03:07 - 2016-10-27 20:46 - 00000000 ____D C:\Program Files (x86)\Launchy
2016-10-25 02:17 - 2016-10-25 02:23 - 00000000 ____D C:\Users\naveen-standard\AppData\Local\Safer Technologies
2016-10-25 02:06 - 2016-10-27 20:46 - 00000000 __HDC C:\ProgramData\{A3A26C56-02C3-4F76-A033-12EE2FB52AE6}
2016-10-25 02:06 - 2016-10-25 02:06 - 00000000 ____D C:\Users\ADMIN\AppData\Roaming\Stardock
2016-10-25 02:00 - 2016-10-25 02:11 - 44521286 _____ C:\Users\naveen-standard\Downloads\nexus.zip
2016-10-25 01:57 - 2016-10-27 20:46 - 00000000 __HDC C:\Users\naveen-standard\AppData\Local\{A3A26C56-02C3-4F76-A033-12EE2FB52AE6}
2016-10-25 01:57 - 2016-10-25 01:57 - 00000000 ____D C:\Users\naveen-standard\AppData\Roaming\Stardock
2016-10-25 01:56 - 2016-10-25 01:56 - 00000000 ____D C:\Program Files (x86)\Stardock
2016-10-24 11:37 - 2016-10-27 21:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2016-10-24 11:37 - 2016-10-27 07:49 - 00000000 ____D C:\Program Files\HitmanPro
2016-10-24 11:36 - 2016-10-24 11:51 - 00000000 ____D C:\ProgramData\HitmanPro
2016-10-24 11:26 - 2016-10-24 11:36 - 11579432 _____ (SurfRight B.V.) C:\Users\naveen-standard\Downloads\hitmanpro_x64.exe
2016-10-24 11:24 - 2016-11-03 22:37 - 30425024 _____ (SecureMix LLC) C:\Users\naveen-standard\Downloads\GlassWireSetup.exe
2016-10-21 23:07 - 2016-10-21 23:07 - 06613872 _____ (McAfee Inc.) C:\Users\naveen-standard\Downloads\realprotect.exe
2016-10-21 06:44 - 2016-10-21 06:44 - 01255136 _____ C:\Users\naveen-standard\Downloads\SecureBrowserSetup.exe
2016-10-20 06:13 - 2016-10-20 06:13 - 01448809 _____ (DOSBox Team) C:\Users\naveen-standard\Downloads\DOSBox0.74-win32-installer.exe
2016-10-20 06:09 - 2016-10-20 06:12 - 21556560 _____ (Kakao) C:\Users\naveen-standard\Downloads\PotPlayerSetup64_2.exe
2016-10-19 06:20 - 2016-10-19 06:20 - 00000000 ____D C:\Users\naveen-standard\AppData\Roaming\Lenovo
2016-10-19 01:37 - 2016-10-28 23:41 - 00000527 _____ C:\Users\ADMIN\ticket1.xml
2016-10-19 01:37 - 2016-10-19 01:37 - 00000000 ____D C:\Users\ADMIN\.android
2016-10-19 01:36 - 2016-10-28 23:41 - 00000000 ____D C:\Users\ADMIN\AppData\Roaming\Lenovo
2016-10-19 01:35 - 2016-11-08 00:20 - 00000000 ____D C:\Program Files (x86)\LenovoUsbDriver
2016-10-18 18:04 - 2016-11-01 18:22 - 00000000 ____D C:\Users\naveen-standard\Downloads\completed
2016-10-18 03:21 - 2016-10-18 03:41 - 00000000 ____D C:\Users\ADMIN\AppData\Local\iWesoft
2016-10-18 03:21 - 2016-10-18 03:21 - 00000000 ____D C:\Users\ADMIN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Instagram Downloader
2016-10-18 03:21 - 2016-10-18 03:21 - 00000000 ____D C:\Program Files (x86)\Instagram Downloader
2016-10-18 01:48 - 2016-10-18 01:48 - 00001782 _____ C:\Users\naveen-standard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Facebook Desktop.lnk
2016-10-18 01:48 - 2016-10-18 01:48 - 00000000 ____D C:\Program Files (x86)\fb
2016-10-18 01:44 - 2016-10-18 01:44 - 00000000 ____D C:\Users\naveen-standard\AppData\Local\FaceBookPro
2016-10-18 01:42 - 2016-10-18 01:42 - 00157184 _____ C:\Users\naveen-standard\Downloads\FaceBookPro.exe
2016-10-18 01:41 - 2016-10-18 01:48 - 36078489 _____ C:\Users\naveen-standard\Downloads\facebook_v0.0.02.exe
2016-10-18 01:41 - 2016-10-18 01:44 - 03998208 _____ (iWesoft) C:\Users\naveen-standard\Downloads\InstagramDownloader_setup.exe
2016-10-17 22:15 - 2016-07-22 20:28 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2016-10-17 22:15 - 2016-07-22 20:21 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2016-10-17 10:50 - 2016-10-01 01:43 - 00394448 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-10-17 10:50 - 2016-10-01 00:58 - 00346312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2016-10-17 10:50 - 2016-09-30 21:07 - 05548264 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-10-17 10:50 - 2016-09-30 20:50 - 04000488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2016-10-17 10:50 - 2016-09-30 20:50 - 03944680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2016-10-17 10:50 - 2016-09-30 13:25 - 25765376 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-10-17 10:50 - 2016-09-30 11:55 - 02895360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-10-17 10:50 - 2016-09-30 11:55 - 00576000 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-10-17 10:50 - 2016-09-30 11:55 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-10-17 10:50 - 2016-09-30 11:44 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-10-17 10:50 - 2016-09-30 11:42 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-10-17 10:50 - 2016-09-30 11:39 - 06048256 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-10-17 10:50 - 2016-09-30 11:35 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-10-17 10:50 - 2016-09-30 11:17 - 20306944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-10-17 10:50 - 2016-09-30 11:12 - 00498688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-10-17 10:50 - 2016-09-30 11:08 - 02286592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-10-17 10:50 - 2016-09-30 11:03 - 00724992 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-10-17 10:50 - 2016-09-30 11:02 - 00806912 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-10-17 10:50 - 2016-09-30 11:02 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-10-17 10:50 - 2016-09-30 11:01 - 02131456 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-10-17 10:50 - 2016-09-30 11:01 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-10-17 10:50 - 2016-09-30 10:51 - 15257088 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-10-17 10:50 - 2016-09-30 10:47 - 02920960 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-10-17 10:50 - 2016-09-30 10:42 - 04608512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-10-17 10:50 - 2016-09-30 10:35 - 02055680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-10-17 10:50 - 2016-09-30 10:35 - 01544192 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-10-17 10:50 - 2016-09-30 10:35 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2016-10-17 10:50 - 2016-09-30 10:35 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-10-17 10:50 - 2016-09-30 10:33 - 13653504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-10-17 10:50 - 2016-09-30 10:24 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-10-17 10:50 - 2016-09-30 10:16 - 02444288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-10-17 10:50 - 2016-09-30 10:13 - 01312768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-10-17 10:50 - 2016-09-15 21:00 - 00976896 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2016-10-17 10:50 - 2016-09-15 21:00 - 00084480 _____ (Microsoft Corporation) C:\Windows\system32\INETRES.dll
2016-10-17 10:50 - 2016-09-15 20:45 - 00741888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2016-10-17 10:50 - 2016-09-15 20:45 - 00084480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\INETRES.dll
2016-10-17 10:50 - 2016-09-13 02:43 - 00154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-10-17 10:50 - 2016-09-13 02:43 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-10-17 10:50 - 2016-09-13 02:38 - 01465344 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-10-17 10:50 - 2016-09-13 02:38 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-10-17 10:50 - 2016-09-13 02:38 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2016-10-17 10:50 - 2016-09-13 02:38 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\adsmsext.dll
2016-10-17 10:50 - 2016-09-13 02:19 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2016-10-17 10:50 - 2016-09-13 02:19 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adsmsext.dll
2016-10-17 10:50 - 2016-09-13 02:07 - 03218944 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-10-17 10:50 - 2016-09-13 00:38 - 01251328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2016-10-17 10:50 - 2016-09-13 00:13 - 01648128 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2016-10-17 10:50 - 2016-09-13 00:13 - 01180160 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2016-10-17 10:50 - 2016-09-10 21:49 - 03649536 _____ (Microsoft Corporation) C:\Windows\system32\MSVidCtl.dll
2016-10-17 10:50 - 2016-09-10 21:23 - 02291712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSVidCtl.dll
2016-10-17 10:50 - 2016-09-09 23:59 - 00631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2016-10-17 10:50 - 2016-09-09 23:56 - 00706280 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2016-10-17 10:50 - 2016-09-09 23:53 - 01732864 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-10-17 10:50 - 2016-09-09 23:31 - 01314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2016-10-17 10:50 - 2016-09-08 20:25 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2016-10-17 10:50 - 2016-09-08 20:25 - 00106496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dfsc.sys
2016-10-17 10:50 - 2016-08-12 22:32 - 14632960 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2016-10-17 10:50 - 2016-08-12 22:32 - 12574720 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2016-10-17 10:50 - 2016-08-12 22:17 - 12574208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2016-10-17 10:50 - 2016-08-12 22:17 - 11410432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2016-10-17 10:50 - 2016-08-12 21:56 - 00461312 _____ (Microsoft Corporation) C:\Windows\system32\scavengeui.dll
2016-10-17 10:50 - 2016-08-06 21:01 - 02023424 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2016-10-17 10:50 - 2016-08-06 20:45 - 01178112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll
2016-10-17 10:50 - 2016-06-14 22:51 - 00094440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2016-10-17 10:50 - 2016-06-14 22:46 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2016-10-17 10:50 - 2016-06-14 22:46 - 01573888 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2016-10-17 10:50 - 2016-06-14 22:46 - 01483264 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2016-10-17 10:50 - 2016-06-14 22:46 - 01202176 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2016-10-17 10:50 - 2016-06-14 22:46 - 00842240 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2016-10-17 10:50 - 2016-06-14 22:46 - 00782848 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2016-10-17 10:50 - 2016-06-14 22:46 - 00680448 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2016-10-17 10:50 - 2016-06-14 22:46 - 00641024 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2016-10-17 10:50 - 2016-06-14 22:46 - 00499712 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2016-10-17 10:50 - 2016-06-14 22:46 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2016-10-17 10:50 - 2016-06-14 22:46 - 00440320 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2016-10-17 10:50 - 2016-06-14 22:46 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2016-10-17 10:50 - 2016-06-14 22:46 - 00295936 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2016-10-17 10:50 - 2016-06-14 22:46 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2016-10-17 10:50 - 2016-06-14 22:46 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2016-10-17 10:50 - 2016-06-14 22:46 - 00190976 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2016-10-17 10:50 - 2016-06-14 22:46 - 00141824 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2016-10-17 10:50 - 2016-06-14 22:41 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2016-10-17 10:50 - 2016-06-14 20:51 - 03209216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2016-10-17 10:50 - 2016-06-14 20:51 - 01176064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2016-10-17 10:50 - 2016-06-14 20:51 - 00988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll
2016-10-17 10:50 - 2016-06-14 20:51 - 00744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll
2016-10-17 10:50 - 2016-06-14 20:51 - 00617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll
2016-10-17 10:50 - 2016-06-14 20:51 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll
2016-10-17 10:50 - 2016-06-14 20:51 - 00442368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2016-10-17 10:50 - 2016-06-14 20:51 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll
2016-10-17 10:50 - 2016-06-14 20:51 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2016-10-17 10:50 - 2016-06-14 20:51 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2016-10-17 10:50 - 2016-06-14 20:51 - 00106496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2016-10-17 10:49 - 2016-09-30 12:11 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-10-17 10:49 - 2016-09-30 12:10 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-10-17 10:49 - 2016-09-30 11:56 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-10-17 10:49 - 2016-09-30 11:55 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-10-17 10:49 - 2016-09-30 11:55 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-10-17 10:49 - 2016-09-30 11:48 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-10-17 10:49 - 2016-09-30 11:47 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-10-17 10:49 - 2016-09-30 11:43 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-10-17 10:49 - 2016-09-30 11:43 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-10-17 10:49 - 2016-09-30 11:42 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-10-17 10:49 - 2016-09-30 11:32 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-10-17 10:49 - 2016-09-30 11:25 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-10-17 10:49 - 2016-09-30 11:24 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2016-10-17 10:49 - 2016-09-30 11:24 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2016-10-17 10:49 - 2016-09-30 11:21 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-10-17 10:49 - 2016-09-30 11:20 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-10-17 10:49 - 2016-09-30 11:17 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-10-17 10:49 - 2016-09-30 11:16 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-10-17 10:49 - 2016-09-30 11:12 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2016-10-17 10:49 - 2016-09-30 11:12 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2016-10-17 10:49 - 2016-09-30 11:12 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2016-10-17 10:49 - 2016-09-30 11:11 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2016-10-17 10:49 - 2016-09-30 11:06 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2016-10-17 10:49 - 2016-09-30 11:05 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-10-17 10:49 - 2016-09-30 11:05 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2016-10-17 10:49 - 2016-09-30 11:03 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2016-10-17 10:49 - 2016-09-30 11:02 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2016-10-17 10:49 - 2016-09-30 11:02 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2016-10-17 10:49 - 2016-09-30 10:54 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2016-10-17 10:49 - 2016-09-30 10:49 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2016-10-17 10:49 - 2016-09-30 10:49 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2016-10-17 10:49 - 2016-09-30 10:47 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2016-10-17 10:49 - 2016-09-30 10:45 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2016-10-17 10:49 - 2016-09-30 10:44 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2016-10-17 10:49 - 2016-09-30 10:43 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2016-10-17 10:49 - 2016-09-30 10:37 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2016-10-17 10:49 - 2016-09-30 10:12 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-10-17 10:49 - 2016-09-13 02:38 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-10-17 10:49 - 2016-09-13 02:38 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-10-17 10:49 - 2016-09-13 02:38 - 00345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-10-17 10:49 - 2016-09-13 02:38 - 00316416 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-10-17 10:49 - 2016-09-13 02:38 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-10-17 10:49 - 2016-09-13 02:38 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-10-17 10:49 - 2016-09-13 02:38 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2016-10-17 10:49 - 2016-09-13 02:38 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-10-17 10:49 - 2016-09-13 02:38 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-10-17 10:49 - 2016-09-13 02:38 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-10-17 10:49 - 2016-09-13 02:38 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-10-17 10:49 - 2016-09-13 02:38 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-10-17 10:49 - 2016-09-13 02:38 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-10-17 10:49 - 2016-09-13 02:38 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-10-17 10:49 - 2016-09-13 02:38 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-10-17 10:49 - 2016-09-13 02:19 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2016-10-17 10:49 - 2016-09-13 02:19 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2016-10-17 10:49 - 2016-09-13 02:19 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-10-17 10:49 - 2016-09-13 02:19 - 00260608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2016-10-17 10:49 - 2016-09-13 02:19 - 00254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2016-10-17 10:49 - 2016-09-13 02:19 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2016-10-17 10:49 - 2016-09-13 02:19 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2016-10-17 10:49 - 2016-09-13 02:19 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2016-10-17 10:49 - 2016-09-13 02:19 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2016-10-17 10:49 - 2016-09-13 02:19 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2016-10-17 10:49 - 2016-09-13 02:19 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2016-10-17 10:49 - 2016-09-13 02:19 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2016-10-17 10:49 - 2016-09-13 02:19 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2016-10-17 10:49 - 2016-09-13 02:19 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2016-10-17 10:49 - 2016-09-13 02:09 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-10-17 10:49 - 2016-09-13 02:02 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-10-17 10:49 - 2016-09-13 02:02 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-10-17 10:49 - 2016-09-13 02:02 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-10-17 10:49 - 2016-09-13 02:01 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-10-17 10:49 - 2016-09-13 01:59 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2016-10-17 10:49 - 2016-09-13 01:55 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2016-10-17 10:49 - 2016-09-09 23:50 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2016-10-17 10:49 - 2016-09-09 23:50 - 00880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2016-10-17 10:49 - 2016-09-09 23:50 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2016-10-17 10:49 - 2016-09-09 23:50 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2016-10-17 10:49 - 2016-09-09 23:50 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2016-10-17 10:49 - 2016-09-09 23:50 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2016-10-17 10:49 - 2016-09-09 23:50 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2016-10-17 10:49 - 2016-09-09 23:50 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2016-10-17 10:49 - 2016-09-09 23:50 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2016-10-17 10:49 - 2016-09-09 23:50 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2016-10-17 10:49 - 2016-09-09 23:50 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2016-10-17 10:49 - 2016-09-09 23:50 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2016-10-17 10:49 - 2016-09-09 23:50 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2016-10-17 10:49 - 2016-09-09 23:50 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2016-10-17 10:49 - 2016-09-09 23:50 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2016-10-17 10:49 - 2016-09-09 23:50 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2016-10-17 10:49 - 2016-09-09 23:50 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2016-10-17 10:49 - 2016-09-09 23:50 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2016-10-17 10:49 - 2016-09-09 23:50 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2016-10-17 10:49 - 2016-09-09 23:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2016-10-17 10:49 - 2016-09-09 23:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2016-10-17 10:49 - 2016-09-09 23:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2016-10-17 10:49 - 2016-09-09 23:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2016-10-17 10:49 - 2016-09-09 23:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-10-17 10:49 - 2016-09-09 23:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2016-10-17 10:49 - 2016-09-09 23:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2016-10-17 10:49 - 2016-09-09 23:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2016-10-17 10:49 - 2016-09-09 23:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2016-10-17 10:49 - 2016-09-09 23:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2016-10-17 10:49 - 2016-09-09 23:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2016-10-17 10:49 - 2016-09-09 23:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2016-10-17 10:49 - 2016-09-09 23:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2016-10-17 10:49 - 2016-09-09 23:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2016-10-17 10:49 - 2016-09-09 23:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2016-10-17 10:49 - 2016-09-09 23:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2016-10-17 10:49 - 2016-09-09 23:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2016-10-17 10:49 - 2016-09-09 23:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2016-10-17 10:49 - 2016-09-09 23:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2016-10-17 10:49 - 2016-09-09 23:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2016-10-17 10:49 - 2016-09-09 23:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2016-10-17 10:49 - 2016-09-09 23:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2016-10-17 10:49 - 2016-09-09 23:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2016-10-17 10:49 - 2016-09-09 23:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2016-10-17 10:49 - 2016-09-09 23:30 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2016-10-17 10:49 - 2016-09-09 23:30 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2016-10-17 10:49 - 2016-09-09 23:30 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2016-10-17 10:49 - 2016-09-09 23:30 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2016-10-17 10:49 - 2016-09-09 23:29 - 00644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2016-10-17 10:49 - 2016-09-09 23:29 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2016-10-17 10:49 - 2016-09-09 23:29 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2016-10-17 10:49 - 2016-09-09 23:29 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2016-10-17 10:49 - 2016-09-09 23:29 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2016-10-17 10:49 - 2016-09-09 23:29 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2016-10-17 10:49 - 2016-09-09 23:29 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2016-10-17 10:49 - 2016-09-09 23:29 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2016-10-17 10:49 - 2016-09-09 23:29 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2016-10-17 10:49 - 2016-09-09 23:29 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2016-10-17 10:49 - 2016-09-09 23:29 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2016-10-17 10:49 - 2016-09-09 23:29 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2016-10-17 10:49 - 2016-09-09 23:29 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2016-10-17 10:49 - 2016-09-09 23:29 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2016-10-17 10:49 - 2016-09-09 23:29 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2016-10-17 10:49 - 2016-09-09 23:29 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2016-10-17 10:49 - 2016-09-09 23:29 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2016-10-17 10:49 - 2016-09-09 23:29 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-10-17 10:49 - 2016-09-09 23:29 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2016-10-17 10:49 - 2016-09-09 23:29 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2016-10-17 10:49 - 2016-09-09 23:29 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2016-10-17 10:49 - 2016-09-09 23:29 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2016-10-17 10:49 - 2016-09-09 23:29 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2016-10-17 10:49 - 2016-09-09 23:29 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2016-10-17 10:49 - 2016-09-09 23:29 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2016-10-17 10:49 - 2016-09-09 23:29 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2016-10-17 10:49 - 2016-09-09 23:29 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2016-10-17 10:49 - 2016-09-09 23:21 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2016-10-17 10:49 - 2016-09-09 23:21 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2016-10-17 10:49 - 2016-09-09 23:21 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2016-10-17 10:49 - 2016-09-09 23:18 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2016-10-17 10:49 - 2016-09-09 23:17 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2016-10-17 10:49 - 2016-09-09 23:13 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2016-10-17 10:49 - 2016-09-09 23:08 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2016-10-17 10:49 - 2016-09-09 23:08 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2016-10-17 10:49 - 2016-09-09 23:08 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2016-10-17 10:49 - 2016-09-09 23:08 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2016-10-17 10:49 - 2016-09-09 23:07 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2016-10-17 10:49 - 2016-09-09 23:07 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2016-10-17 10:49 - 2016-09-09 23:07 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2016-10-17 10:49 - 2016-09-09 23:07 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2016-10-17 10:49 - 2016-09-09 02:04 - 00263680 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2016-10-17 10:49 - 2016-09-09 02:04 - 00208896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2016-10-17 10:49 - 2016-09-09 02:04 - 00108544 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2016-10-17 10:49 - 2016-09-09 02:04 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
2016-10-17 10:49 - 2016-08-12 22:32 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2016-10-17 10:49 - 2016-08-12 22:32 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2016-10-17 10:49 - 2016-08-12 22:32 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2016-10-17 10:49 - 2016-08-12 22:01 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2016-10-17 10:49 - 2016-08-12 22:01 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2016-10-17 10:49 - 2016-08-12 22:01 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2016-10-17 10:49 - 2016-08-06 21:01 - 00347136 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll
2016-10-17 10:49 - 2016-08-06 21:01 - 00310784 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
2016-10-17 10:49 - 2016-08-06 21:01 - 00182272 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll
2016-10-17 10:49 - 2016-08-06 21:01 - 00054272 _____ (Microsoft Corporation) C:\Windows\system32\WsmRes.dll
2016-10-17 10:49 - 2016-08-06 21:01 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\wsmplpxy.dll
2016-10-17 10:49 - 2016-08-06 20:45 - 00249344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManMigrationPlugin.dll
2016-10-17 10:49 - 2016-08-06 20:45 - 00214016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll
2016-10-17 10:49 - 2016-08-06 20:45 - 00146944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAuto.dll
2016-10-17 10:49 - 2016-08-06 20:45 - 00054272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmRes.dll
2016-10-17 10:49 - 2016-08-06 20:31 - 00266752 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe
2016-10-17 10:49 - 2016-08-06 20:31 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\wsmprovhost.exe
2016-10-17 10:49 - 2016-08-06 20:23 - 00199168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManHTTPConfig.exe
2016-10-17 10:49 - 2016-08-06 20:23 - 00012288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wsmprovhost.exe
2016-10-17 10:49 - 2016-08-06 20:23 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wsmplpxy.dll
2016-10-17 10:49 - 2016-06-14 22:46 - 01068544 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2016-10-17 10:49 - 2016-06-14 22:46 - 00632320 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2016-10-17 10:49 - 2016-06-14 22:46 - 00433152 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2016-10-17 10:49 - 2016-06-14 22:46 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2016-10-17 10:49 - 2016-06-14 22:46 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2016-10-17 10:49 - 2016-06-14 22:46 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2016-10-17 10:49 - 2016-06-14 22:46 - 00081920 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
2016-10-17 10:49 - 2016-06-14 22:46 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\pcadm.dll
2016-10-17 10:49 - 2016-06-14 22:46 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2016-10-17 10:49 - 2016-06-14 22:46 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\pcaevts.dll
2016-10-17 10:49 - 2016-06-14 22:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2016-10-17 10:49 - 2016-06-14 20:51 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2016-10-17 10:49 - 2016-06-14 20:51 - 01005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll
2016-10-17 10:49 - 2016-06-14 20:51 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2016-10-17 10:49 - 2016-06-14 20:51 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2016-10-17 10:49 - 2016-06-14 20:51 - 00406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll
2016-10-17 10:49 - 2016-06-14 20:51 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2016-10-17 10:49 - 2016-06-14 20:51 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2016-10-17 10:49 - 2016-06-14 20:51 - 00195072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2016-10-17 10:49 - 2016-06-14 20:51 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2016-10-17 10:49 - 2016-06-14 20:51 - 00080896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll
2016-10-17 10:49 - 2016-06-14 20:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2016-10-17 10:49 - 2016-06-14 20:45 - 00125952 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2016-10-17 10:49 - 2016-06-14 20:45 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2016-10-17 10:49 - 2016-06-14 20:45 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2016-10-17 10:49 - 2016-06-14 20:35 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2016-10-17 10:49 - 2016-06-14 20:35 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2016-10-17 10:49 - 2016-06-14 20:30 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\pcawrk.exe
2016-10-17 10:49 - 2016-06-14 20:30 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\pcalua.exe
2016-10-17 10:39 - 2016-10-17 10:39 - 00000000 __SHD C:\$360Section
2016-10-16 00:26 - 2016-10-16 00:26 - 00000000 ____D C:\Users\naveen-standard\Documents\Telltale Games
2016-10-16 00:26 - 2016-10-16 00:26 - 00000000 ____D C:\Users\naveen-standard\AppData\Roaming\Steam
2016-10-16 00:24 - 2016-10-17 10:39 - 00000000 ____D C:\ProgramData\360Quarant
2016-10-16 00:02 - 2016-10-16 00:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Batman Episode 1
2016-10-15 20:51 - 2016-10-15 20:55 - 00000000 ____D C:\Users\naveen-standard\AppData\Roaming\BatteryCare
2016-10-15 20:51 - 2016-10-15 20:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BatteryCare
2016-10-15 20:51 - 2016-10-15 20:55 - 00000000 ____D C:\Program Files (x86)\BatteryCare
2016-10-15 06:10 - 2016-10-15 06:10 - 00346112 _____ C:\Users\naveen-standard\Downloads\Unlocker x64 1.9.2.msi
2016-10-15 06:10 - 2016-10-15 06:10 - 00001845 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Unlocker.lnk
2016-10-15 06:10 - 2016-10-15 06:10 - 00000000 ____D C:\Program Files\Unlocker
2016-10-13 21:01 - 2016-10-13 21:01 - 00000000 ____D C:\Windows\WPDeviceManager
2016-10-13 20:59 - 2016-10-13 20:59 - 00000000 ____D C:\Users\naveen-standard\AppData\Local\Downloaded Installations
2016-10-12 22:11 - 2000-07-03 16:05 - 00048584 _____ C:\Users\naveen-standard\Downloads\Beast Machines.TTF
2016-10-12 22:10 - 2016-10-12 22:10 - 00036329 _____ C:\Users\naveen-standard\Downloads\Beast Machines Normal.ttf
2016-10-12 02:56 - 2016-10-12 02:56 - 00000000 ____D C:\Users\ADMIN\AppData\Roaming\Seagate
2016-10-12 02:50 - 2016-10-12 02:56 - 00000000 ____D C:\ProgramData\Seagate
2016-10-12 02:50 - 2016-10-12 02:50 - 01058632 _____ (Acronis International GmbH) C:\Windows\system32\Drivers\tib.sys
2016-10-12 02:50 - 2016-10-12 02:50 - 00304416 _____ (Acronis International GmbH) C:\Windows\system32\Drivers\snapman.sys
2016-10-12 02:50 - 2016-10-12 02:50 - 00296736 _____ (Acronis International GmbH) C:\Windows\system32\Drivers\file_tracker.sys
2016-10-12 02:50 - 2016-10-12 02:50 - 00248648 _____ (Acronis International GmbH) C:\Windows\system32\Drivers\tib_mounter.sys
2016-10-12 02:50 - 2016-10-12 02:50 - 00134432 _____ (Acronis International GmbH) C:\Windows\system32\Drivers\fltsrv.sys
2016-10-12 02:50 - 2016-10-12 02:50 - 00001201 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Seagate DiscWizard.lnk
2016-10-12 02:49 - 2016-10-12 02:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Seagate
2016-10-12 02:49 - 2016-10-12 02:49 - 00000000 ____D C:\Program Files (x86)\Seagate
2016-10-12 02:35 - 2016-10-12 02:47 - 287919712 _____ (Seagate) C:\Users\naveen-standard\Downloads\DiscWizardSetup-1806030.en.exe
2016-10-12 02:23 - 2016-10-12 02:23 - 00000000 ____D C:\Users\ADMIN\AppData\Local\Clarus
2016-10-12 02:19 - 2016-10-29 18:50 - 00000000 ____D C:\Program Files (x86)\seagate Drive Manager
2016-10-12 02:12 - 2016-10-12 02:12 - 00900704 _____ (Seagate Technology) C:\Users\naveen-standard\Downloads\drivedetect.exe
2016-10-11 21:09 - 2016-10-11 21:16 - 00000000 ____D C:\Users\naveen-standard\AppData\Local\Stormrise
2016-10-11 20:52 - 2009-03-06 01:30 - 00111880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\GameuxInstallHelper.dll
2016-10-11 20:51 - 2016-10-11 20:51 - 00000000 ____D C:\Windows\SysWOW64\xlive
2016-10-11 20:51 - 2016-10-11 20:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games for Windows - LIVE
2016-10-11 20:51 - 2016-10-11 20:51 - 00000000 ____D C:\Program Files (x86)\Microsoft Games for Windows - LIVE
2016-10-11 01:31 - 2016-10-27 13:51 - 00000000 ____D C:\Users\naveen-standard\Desktop\bd rescue
2016-10-09 21:45 - 2016-10-09 21:45 - 00000000 ____D C:\Users\naveen-standard\AppData\Local\Foxit Reader

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-11-08 22:37 - 2016-10-05 16:39 - 00000000 ____D C:\Users\naveen-standard\AppData\LocalLow\360WD
2016-11-08 22:03 - 2016-09-03 17:32 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-11-08 21:52 - 2009-07-14 10:15 - 00032064 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-11-08 21:52 - 2009-07-14 10:15 - 00032064 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-11-08 21:44 - 2016-08-23 19:38 - 00000000 ____D C:\Program Files\Emsisoft Internet Security
2016-11-08 21:44 - 2016-08-23 19:19 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-11-08 21:44 - 2009-07-14 10:38 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-11-08 18:43 - 2016-08-24 16:06 - 00000000 ____D C:\Users\naveen-standard\AppData\Roaming\DMCache
2016-11-08 18:43 - 2016-08-23 19:19 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-11-08 18:40 - 2016-09-03 16:22 - 00003242 _____ C:\Windows\System32\Tasks\HPCeeScheduleFornaveen-standard
2016-11-08 18:40 - 2016-09-03 16:22 - 00000372 _____ C:\Windows\Tasks\HPCeeScheduleFornaveen-standard.job
2016-11-08 18:31 - 2016-08-24 14:33 - 00003970 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{E0DDFC79-967A-4453-B98B-C1847CB993FB}
2016-11-08 18:28 - 2016-09-04 19:21 - 00000000 ____D C:\ProgramData\Malwarebytes Anti-Exploit
2016-11-08 02:21 - 2016-08-24 14:14 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-11-08 02:20 - 2016-08-24 14:14 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-11-08 02:00 - 2016-08-25 06:12 - 00000000 ____D C:\Users\naveen-standard\AppData\Local\Adobe
2016-11-08 01:21 - 2016-09-08 19:31 - 01398846 _____ C:\Windows\ntbtlog.txt
2016-11-08 00:21 - 2009-07-14 08:50 - 00000000 ____D C:\Windows\inf
2016-11-07 22:32 - 2009-07-14 10:43 - 00782228 _____ C:\Windows\system32\PerfStringBackup.INI
2016-11-06 20:44 - 2016-08-23 19:20 - 00002195 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-11-06 19:49 - 2016-10-06 16:33 - 00000000 ____D C:\Users\naveen-standard\AppData\Roaming\360Safe
2016-11-05 12:58 - 2016-10-05 17:08 - 00000000 ____D C:\Users\ADMIN\AppData\LocalLow\360WD
2016-11-05 11:18 - 2016-08-23 20:16 - 00000000 ____D C:\Users\ADMIN\Desktop\pgm shortcuts
2016-11-05 00:53 - 2016-08-24 16:06 - 00000000 ____D C:\Users\naveen-standard\AppData\Roaming\IDM
2016-11-05 00:53 - 2016-08-23 18:12 - 00000000 ____D C:\Users\ADMIN
2016-11-03 18:38 - 2009-07-14 08:50 - 00000000 ____D C:\Windows\system32\NDF
2016-11-03 18:18 - 2016-08-28 19:56 - 00000000 ____D C:\Users\naveen-standard\AppData\Roaming\SoftGrid Client
2016-11-02 14:44 - 2016-09-03 16:35 - 00000000 ____D C:\Users\naveen-standard\AppData\Local\CrashDumps
2016-11-01 14:55 - 2016-08-24 14:33 - 00000000 ____D C:\Users\naveen-standard\AppData\Local\Google
2016-10-31 13:38 - 2009-07-14 08:50 - 00000000 ____D C:\Windows\Web
2016-10-31 12:26 - 2016-08-24 14:14 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-10-30 00:17 - 2016-08-24 14:33 - 00000000 ____D C:\Users\naveen-standard
2016-10-29 18:49 - 2016-09-02 17:22 - 00000000 ____D C:\Program Files\CyberGhost 6
2016-10-29 16:28 - 2009-07-14 08:50 - 00000000 ____D C:\Windows\rescache
2016-10-29 15:39 - 2016-09-04 19:35 - 00000000 ____D C:\Program Files (x86)\MalwarebytesAnti-Exploit
2016-10-29 15:39 - 2016-09-04 19:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Exploit
2016-10-28 21:26 - 2016-09-03 17:32 - 00000000 ____D C:\Windows\system32\Macromed
2016-10-28 15:14 - 2016-09-17 22:46 - 00000000 ____D C:\Users\naveen-standard\AppData\Roaming\Foxit Software
2016-10-27 21:09 - 2016-09-04 19:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2016-10-27 21:09 - 2016-08-25 10:59 - 00000000 ____D C:\Users\naveen-standard\AppData\Roaming\IrfanView
2016-10-27 21:09 - 2016-08-24 16:01 - 00000000 ____D C:\Program Files (x86)\IDM
2016-10-27 21:09 - 2012-03-14 07:05 - 00000000 ____D C:\ProgramData\Intel
2016-10-27 21:09 - 2009-07-14 08:50 - 00000000 ____D C:\Windows\registration
2016-10-27 13:51 - 2016-09-02 17:32 - 00000000 ____D C:\Users\naveen-standard\Desktop\desktopp
2016-10-27 11:55 - 2016-09-17 22:46 - 00000000 ____D C:\ProgramData\Foxit Software
2016-10-27 11:54 - 2016-09-17 22:45 - 00000000 ____D C:\Program Files (x86)\FoxitReader
2016-10-27 11:20 - 2016-09-10 02:04 - 00000000 ____D C:\Users\naveen-standard\AppData\Roaming\Skype
2016-10-27 11:18 - 2011-11-09 23:03 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2016-10-27 11:14 - 2016-09-10 23:25 - 00000000 ___RD C:\Program Files (x86)\Skype
2016-10-27 11:14 - 2011-11-09 23:14 - 00000000 ____D C:\ProgramData\Skype
2016-10-27 11:00 - 2009-07-14 11:02 - 00000000 ____D C:\Program Files\Windows Sidebar
2016-10-27 10:09 - 2016-08-24 16:06 - 00000000 ____D C:\Users\naveen-standard\Downloads\Video
2016-10-27 09:03 - 2016-09-03 17:32 - 00796352 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-10-27 09:03 - 2016-09-03 17:32 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-10-27 09:03 - 2011-11-09 23:03 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-10-27 04:08 - 2016-10-05 13:53 - 00000000 _RSHD C:\360SANDBOX
2016-10-25 21:17 - 2016-08-28 18:20 - 00000000 ____D C:\Users\ADMIN\AppData\Local\CrashDumps
2016-10-25 03:15 - 2016-09-17 22:46 - 00000000 ____D C:\Users\ADMIN\AppData\Roaming\Foxit Software
2016-10-23 23:27 - 2009-07-14 10:15 - 00000000 ____D C:\Windows\Setup
2016-10-23 21:12 - 2016-10-05 00:37 - 00228800 _____ (Malwarebytes) C:\Windows\system32\Drivers\MB3SwissArmy.sys
2016-10-21 06:51 - 2016-09-01 22:01 - 00000000 ____D C:\Users\naveen-standard\AppData\Roaming\Yahoo Messenger
2016-10-20 06:22 - 2016-08-25 00:48 - 00000000 ____D C:\Program Files\PotPlayer
2016-10-18 01:54 - 2016-08-24 14:54 - 00000000 ____D C:\Program Files (x86)\LastPass
2016-10-17 22:08 - 2009-07-14 10:27 - 00001547 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2016-10-17 21:39 - 2009-07-14 10:15 - 00274712 _____ C:\Windows\system32\FNTCACHE.DAT
2016-10-17 12:38 - 2009-07-14 08:50 - 00000000 ____D C:\Windows\SysWOW64\Dism
2016-10-17 12:38 - 2009-07-14 08:50 - 00000000 ____D C:\Windows\system32\Dism
2016-10-17 11:08 - 2016-08-26 14:52 - 00000000 ____D C:\Windows\system32\MRT
2016-10-17 10:52 - 2016-08-26 14:52 - 143495576 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-10-17 10:52 - 2016-08-25 05:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2016-10-17 10:51 - 2016-08-25 05:17 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2016-10-17 10:51 - 2016-08-25 05:17 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2016-10-17 10:40 - 2016-10-05 16:39 - 00000000 ____D C:\ProgramData\360safe
2016-10-17 06:26 - 2012-03-14 06:51 - 00000000 ____D C:\ProgramData\Temp
2016-10-17 06:24 - 2016-08-23 19:19 - 00003904 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-10-17 06:24 - 2016-08-23 19:19 - 00003652 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2016-10-17 06:23 - 2016-08-23 18:13 - 00003762 _____ C:\Windows\System32\Tasks\Registration
2016-10-16 00:01 - 2016-09-14 02:23 - 00000000 ____D C:\games
2016-10-15 23:56 - 2016-10-05 16:39 - 00000000 ____D C:\ProgramData\360TotalSecurity
2016-10-14 01:59 - 2016-10-08 00:55 - 00000000 ____D C:\Users\naveen-standard\Documents\My Kindle Content
2016-10-12 02:47 - 2016-08-23 18:15 - 00059648 _____ C:\Users\ADMIN\AppData\Local\GDIPFONTCACHEV1.DAT
2016-10-12 02:30 - 2016-08-24 14:34 - 00059648 _____ C:\Users\naveen-standard\AppData\Local\GDIPFONTCACHEV1.DAT
2016-10-12 02:20 - 2011-11-09 23:23 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2016-10-12 01:24 - 2009-07-14 08:50 - 00000000 __RHD C:\Users\Public\Libraries
2016-10-11 23:12 - 2016-09-03 17:31 - 00000000 ____D C:\Users\ADMIN\AppData\Local\Adobe
2016-10-11 20:55 - 2009-07-14 11:02 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games

==================== Files in the root of some directories =======

2016-08-24 14:55 - 2016-08-24 14:55 - 21874200 _____ (LastPass) C:\Program Files (x86)\Common Files\lpuninstall.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

==================== BCD ================================

Windows Boot Manager
--------------------
identifier {bootmgr}
device partition=\Device\HarddiskVolume1
description Windows Boot Manager
locale en-US
inherit {globalsettings}
extendedinput Yes
default {current}
resumeobject {81ed0b01-699f-11e6-b9eb-9639ee485b9d}
displayorder {current}
toolsdisplayorder {memdiag}
timeout 30
customactions 0x1000085000001
0x5400000f
custom:5400000f {81ed0b05-699f-11e6-b9eb-9639ee485b9d}

Windows Boot Loader
-------------------
identifier {current}
device partition=C:
path \Windows\system32\winload.exe
description Windows 7
locale en-US
inherit {bootloadersettings}
recoverysequence {81ed0b05-699f-11e6-b9eb-9639ee485b9d}
recoveryenabled Yes
osdevice partition=C:
systemroot \Windows
resumeobject {81ed0b01-699f-11e6-b9eb-9639ee485b9d}
nx OptIn
detecthal Yes

Windows Boot Loader
-------------------
identifier {81ed0b05-699f-11e6-b9eb-9639ee485b9d}
device ramdisk=[D:]\Recovery\WindowsRE\Winre.wim,{81ed0b06-699f-11e6-b9eb-9639ee485b9d}
path \windows\system32\winload.exe
description Windows Recovery Environment
inherit {bootloadersettings}
osdevice ramdisk=[D:]\Recovery\WindowsRE\Winre.wim,{81ed0b06-699f-11e6-b9eb-9639ee485b9d}
systemroot \windows
nx OptIn
winpe Yes

Resume from Hibernate
---------------------
identifier {81ed0b01-699f-11e6-b9eb-9639ee485b9d}
device partition=C:
path \Windows\system32\winresume.exe
description Windows Resume Application
locale en-US
inherit {resumeloadersettings}
filedevice partition=C:
filepath \hiberfil.sys
debugoptionenabled No

Windows Memory Tester
---------------------
identifier {memdiag}
device partition=\Device\HarddiskVolume1
path \boot\memtest.exe
description Windows Memory Diagnostic
locale en-US
inherit {globalsettings}
badmemoryaccess Yes

EMS Settings
------------
identifier {emssettings}
bootems Yes

Debugger Settings
-----------------
identifier {dbgsettings}
debugtype Serial
debugport 1
baudrate 115200

RAM Defects
-----------
identifier {badmemory}

Global Settings
---------------
identifier {globalsettings}
inherit {dbgsettings}
{emssettings}
{badmemory}

Boot Loader Settings
--------------------
identifier {bootloadersettings}
inherit {globalsettings}
{hypervisorsettings}

Hypervisor Settings
-------------------
identifier {hypervisorsettings}
hypervisordebugtype Serial
hypervisordebugport 1
hypervisorbaudrate 115200

Resume Loader Settings
----------------------
identifier {resumeloadersettings}
inherit {globalsettings}

Device options
--------------
identifier {81ed0b06-699f-11e6-b9eb-9639ee485b9d}
description Ramdisk Options
ramdisksdidevice partition=D:
ramdisksdipath \Recovery\WindowsRE\boot.sdi



LastRegBack: 2016-11-04 17:52

==================== End of FRST.txt ============================


Additional scan result of Farbar Recovery Scan Tool (x64) Version: 04-11-2016
Ran by ADMIN (08-11-2016 22:38:49)
Running from C:\Users\naveen-standard\Desktop\bleeping comp\frst
Windows 7 Home Premium Service Pack 1 (X64) (2016-08-23 12:42:17)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

ADMIN (S-1-5-21-606511456-1437241303-3617233354-1000 - Administrator - Enabled) => C:\Users\ADMIN
Administrator (S-1-5-21-606511456-1437241303-3617233354-500 - Administrator - Disabled)
Guest (S-1-5-21-606511456-1437241303-3617233354-501 - Limited - Disabled)
naveen-standard (S-1-5-21-606511456-1437241303-3617233354-1001 - Limited - Enabled) => C:\Users\naveen-standard

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Emsisoft Internet Security (Disabled - Out of date) {D1196F3E-3487-585D-3681-0661BD157EC3}
AV: 360 Total Security (Enabled - Up to date) {0371CA44-3F80-A1D3-BECE-910620B58D50}
AS: Emsisoft Internet Security (Disabled - Out of date) {6A788EDA-12BD-57D3-0C31-3D13C692347E}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: 360 Total Security (Enabled - Up to date) {B8102BA0-19BA-AE5D-847E-AA745B32C7ED}
FW: Emsisoft Internet Security (Disabled) {E922EE1B-7EE8-5905-1DDE-AF5443C639B8}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

360 Total Security (HKLM-x32\...\360TotalSecurity) (Version: 8.8.0.1080 - 360 Security Center)
Ad Muncher v4.94.34121 (Free) (HKLM-x32\...\Ad Muncher) (Version: - )
Adobe Flash Player 23 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 23.0.0.205 - Adobe Systems Incorporated)
Adobe Flash Player 23 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 23.0.0.205 - Adobe Systems Incorporated)
Adobe Photoshop CC 2015 (HKLM-x32\...\{793C2BF7-A4FE-4608-91C9-9282C5801C21}) (Version: 16.0 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.2 (HKLM-x32\...\{A2116AF9-FA9D-41EA-9874-1E40B227D4DE}) (Version: 12.2.5.195 - Adobe Systems, Inc)
Adobe Shockwave Player 12.2 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.2.1.171 - Adobe Systems, Inc.)
Age of Empires III - The WarChiefs (HKLM-x32\...\InstallShield_{1C08A24C-B168-407E-A826-68FAF5F20710}) (Version: 1.00.0000 - Microsoft Game Studios)
Age of Empires III - The WarChiefs (x32 Version: 1.00.0000 - Microsoft Game Studios) Hidden
Age of Empires III (HKLM-x32\...\InstallShield_{7B9CC60A-9B81-46A3-A953-76B6BF9EEC97}) (Version: 1.00.0000 - Microsoft Game Studios)
Age of Empires III (x32 Version: 1.00.0000 - Microsoft Game Studios) Hidden
Amazon Kindle (HKU\S-1-5-21-606511456-1437241303-3617233354-1001\...\Amazon Kindle) (Version: 1.17.1.44183 - Amazon)
AMD Catalyst Install Manager (HKLM\...\{7E5DC2C5-115A-322B-976C-219237FAED66}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
Astroburn Pro (HKLM\...\Astroburn Pro) (Version: 4.0.0.0233 - Disc Soft Ltd)
AuthenTec TrueAPI (Version: 1.3.0.144 - AuthenTec, Inc.) Hidden
Batman Episode 1 (HKLM-x32\...\Batman Episode 1_is1) (Version: - )
BatteryCare 0.9.27.0 (HKLM-x32\...\{C6A6036D-FBD0-4324-BEAA-C0845257160C}_is1) (Version: 0.9.27.0 - Filipe Lourenço)
BDAntiRansomware (HKLM\...\{BE40AB1F-558F-4434-B72F-461EF97E7796}_is1) (Version: 1.0.12.1 - Bitdefender)
Bejeweled 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden
Bing Bar (HKLM-x32\...\{9FA13759-5C2B-4177-9DDC-0038F8B5BEFD}) (Version: 7.0.826.0 - Microsoft Corporation)
Blackhawk Striker 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Blio (HKLM-x32\...\{741006D1-7B2B-4E33-B2B0-831F282EEF64}) (Version: 2.2.8188 - K-NFB Reading Technology, Inc.)
BotRevolt Free 1.4.3 (HKLM\...\{41BB8B6E-3337-4655-8FBB-2295A460619C}_is1) (Version: 1.4.3 - BotRevolt)
CDBurnerXP (HKLM\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.7.6321 - CDBurnerXP)
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Cradle of Rome 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Cyberfox Web Browser (HKLM\...\{5EFB52C0-4EC9-46B4-80EB-8432C6599641}_is1) (Version: 49.0.0.0 - 8pecxstudios)
CyberLink PowerDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.3.3222 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.5.0.4528 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DARK (HKLM-x32\...\DARK_is1) (Version: - Kalypso Media)
Dora's World Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden
Emsisoft Internet Security (HKLM\...\{5502032C-88C1-4303-99FE-B5CBD7684CEA}_is1) (Version: 11.10 - Emsisoft Ltd.)
ESU for Microsoft Windows 7 SP1 (HKLM-x32\...\{E96CAA2A-0244-4A2A-8403-0C3C9534778B}) (Version: 2.1.1 - Hewlett-Packard)
Evernote v. 4.2.3 (HKLM-x32\...\{F761359C-9CED-45AE-9A51-9D6605CD55C4}) (Version: 4.2.3.22 - Evernote Corp.)
Everything 1.3.4.686 (x64) (HKLM\...\Everything) (Version: - )
ExamDiff Pro 8.0 (8.0.1.8, 64-bit) (HKLM\...\ExamDiff Pro 8.0_is1) (Version: 8.0.1.8 - PrestoSoft LLC)
Farm Frenzy (x32 Version: 2.2.0.98 - WildTangent) Hidden
Farmscapes (x32 Version: 2.2.0.98 - WildTangent) Hidden
FATE (x32 Version: 2.2.0.97 - WildTangent) Hidden
FileASSASSIN (HKLM-x32\...\FileASSASSIN) (Version: 1.06 - Malwarebytes)
Final Drive Fury (x32 Version: 2.2.0.95 - WildTangent) Hidden
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 8.1.0.1013 - Foxit Software Inc.)
Fresco Logic USB3.0 Host Controller (HKLM\...\{151481F9-271C-47B2-83D0-E08AC820E359}) (Version: 3.6.9.0 - Fresco Logic)
Google Chrome (HKLM-x32\...\{9D6AB405-DDC3-330B-9D65-8C1C83E8B4C6}) (Version: 54.0.2840.87 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
GWX Control Panel (HKLM-x32\...\UltimateOutsider_GwxControlPanel) (Version: - UltimateOutsider)
Halo Spartan Assault (HKLM-x32\...\Halo Spartan Assault_is1) (Version: - )
herdProtect Anti-Malware Scanner (HKLM-x32\...\herdProtectScan) (Version: 1.0 - Reason Company Software Inc.)
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
hide.me VPN 1.2.6 (HKLM-x32\...\{0E00BDA5-7998-4889-BE4B-39A4BBD2EDFB}_is1) (Version: 1.2.6 - eVenture Limited)
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.14.280 - SurfRight B.V.)
Hoyle Card Games (x32 Version: 2.2.0.95 - WildTangent) Hidden
HP 3D DriveGuard (HKLM\...\{DFB497E0-CE3F-40FC-9596-FC7A48775DE4}) (Version: 4.1.16.1 - Hewlett-Packard Company)
HP Application Assistant (HKLM\...\{0CE7EBAF-157D-4111-9146-057CB2A4023E}) (Version: 1.1.466.3970 - Hewlett-Packard)
HP CoolSense (HKLM-x32\...\{11AF9A96-6D83-4C3B-8DCB-16EA2A358E3F}) (Version: 2.10.51 - Hewlett-Packard Company)
HP Documentation (HKLM-x32\...\{9BCA64E3-D180-4F13-8014-5E62947150C1}) (Version: 1.1.0.0 - Hewlett-Packard)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.2.5 - WildTangent)
HP Launch Box (HKLM\...\{BF1E75D0-E7AF-4BEA-9FBC-567F0C54BDF9}) (Version: 1.0.12 - Hewlett-Packard Company)
HP MovieStore (HKLM-x32\...\{9008D736-35CA-40DB-A2BE-5F32D954E5AA}) (Version: 2.1.21091.0 - Hewlett-Packard Company)
HP On Screen Display (HKLM-x32\...\{ED1BD69A-07E3-418C-91F1-D856582581BF}) (Version: 1.3.5 - Hewlett-Packard Company)
HP Power Manager (HKLM-x32\...\{7E799992-5DA0-4A1A-9443-B1836B063FEC}) (Version: 1.4.8 - Hewlett-Packard Company)
HP Quick Launch (HKLM-x32\...\{53B17A98-5BF0-40BC-AAFF-850A357975AC}) (Version: 2.7.2 - Hewlett-Packard Company)
HP QuickWeb (HKLM-x32\...\{BB4FC2AD-DF12-4EE1-8AA7-2C0A26B5E2FB}) (Version: 3.1.1.10197 - Hewlett-Packard Company)
HP Security Assistant (HKLM\...\{0576788F-2993-455F-80CD-980114095103}) (Version: 1.0.11 - Hewlett-Packard)
HP Setup (HKLM-x32\...\{F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1}) (Version: 9.0.15076.3891 - Hewlett-Packard Company)
HP Setup Manager (HKLM-x32\...\{AE856388-AFAD-4753-81DF-D96B19D0A17C}) (Version: 1.2.14901.3869 - Hewlett-Packard Company)
HP SimplePass 2012 (HKLM-x32\...\{423FBEB8-21C6-4720-A8DA-B19B06FDB607}) (Version: 5.3.1.7 - Hewlett-Packard)
HP Software Framework (HKLM-x32\...\{962CB079-85E6-405F-8704-1C62365AE46F}) (Version: 4.5.10.1 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{39C8BE76-CF6A-466F-8618-0B52CC4CA0FC}) (Version: 8.3.27.17 - HP Inc.)
HP Support Solutions Framework (HKLM-x32\...\{2B5A1E68-6617-406D-B797-5DAB5B4630B8}) (Version: 12.5.26.37 - HP Inc.)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6345.0 - IDT)
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
InfraRecorder 0.53 (x64 edition) (HKLM\...\{2C22EA92-CB30-4932-0053-000001000000}) (Version: 0.53.00.00 - Christian Kindahl)
Instagram Downloader (HKLM-x32\...\{9DFA525A-6D12-444B-8F5A-63E2947FFC5D}) (Version: 2.3.0.0 - iWesoft)
Intel® Chipset Device Software (x32 Version: 10.1.1.13 - Intel® Corporation) Hidden
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Display Audio Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 6.14.00.3074 - Intel Corporation)
Intel® Identity Protection Technology 1.1.2.0 (HKLM-x32\...\{C01A86F5-56E7-101F-9BC9-E3F1025EB779}) (Version: 1.1.2.0 - Intel Corporation)
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.0.1177 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.6.0.1002 - Intel Corporation)
Internet Download Manager (HKLM-x32\...\Internet Download Manager) (Version: - Tonec Inc.)
IrfanView (uninstall) (HKLM\...\IrfanView) (Version: - )
Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Jewel Quest Mysteries: The Seventh Gate Collector's Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden
John Deere Drive Green (x32 Version: 2.2.0.95 - WildTangent) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
KC Softwares SUMo (HKLM-x32\...\KC Softwares SUMo_is1) (Version: 4.5.1.326 - KC Softwares)
LastPass (uninstall only) (HKLM-x32\...\LastPass) (Version: - LastPass)
LenovoUsbDriver 1.1.23 (HKLM-x32\...\LenovoUsbDriver) (Version: 1.1.23 - Lenovo)
Letters from Nowhere 2 (x32 Version: 2.2.0.97 - WildTangent) Hidden
Luxor HD (x32 Version: 2.2.0.98 - WildTangent) Hidden
Mah Jong Medley (x32 Version: 2.2.0.95 - WildTangent) Hidden
Malwarebytes Anti-Exploit version 1.9.1.1235 (HKLM\...\Malwarebytes Anti-Exploit_is1) (Version: 1.9.1.1235 - Malwarebytes)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Games for Windows - LIVE (HKLM-x32\...\{4AA3D64E-9EC3-4B0F-AB91-5885AC55641F}) (Version: 2.0.675.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{FD052FB9-FE90-4438-B355-15EDC89D8FB1}) (Version: 2.0.673.0 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.5139.5005 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50901.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Mobile Assistant (HKLM-x32\...\{AEF3BF36-8B82-4E43-8291-81EF9E01C65B}) (Version: 1.4.1.10123 - Lenovo)
Mobile Partner (HKLM-x32\...\Mobile Partner) (Version: 23.009.09.02.910 - Huawei Technologies Co.,Ltd)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
opensource (x32 Version: 1.0.14960.3876 - Your Company Name) Hidden
Penguins! (x32 Version: 2.2.0.98 - WildTangent) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
PlaysTV (HKLM-x32\...\PlaysTV) (Version: 1.13.3-r115627-release - Plays.tv, LLC)
Poker Superstars III (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.98 - WildTangent) Hidden
Potplayer-64 bit (HKLM\...\PotPlayer64) (Version: - Kakao Corp.)
PX Profile Update (x32 Version: 1.00.1. - AMD) Hidden
Raptr (HKLM-x32\...\Raptr) (Version: 5.2.6-r115593-release - Raptr, Inc)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.370.95 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.41.216.2011 - Realtek)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.7601.83 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\{9D3D8C60-A55F-4123-B2B9-173F09590E16}) (Version: 1.00.11.0706 - REALTEK Semiconductor Corp.)
Recover Keys (HKLM\...\Recover Keys_is1) (Version: 9.0.3.168 - Recover Keys)
Revo Uninstaller Pro 3.1.7 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.1.7 - VS Revo Group, Ltd.)
RollerCoaster Tycoon 3: Platinum (x32 Version: 2.2.0.98 - WildTangent) Hidden
Seagate DiscWizard (HKLM-x32\...\{746CB7B0-0BA2-4445-84EE-A4ABBAD7905E}) (Version: 18.0.6030 - Seagate)
Secunia PSI (3.0.0.11005) (HKLM-x32\...\Secunia PSI) (Version: 3.0.0.11005 - Secunia)
Skype™ 7.29 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.29.102 - Skype Technologies S.A.)
Stormrise ™ (HKLM-x32\...\InstallShield_{50253BA3-12BC-43CD-9C88-E79987822420}) (Version: 1.00.0000 - SEGA)
Stormrise ™ (x32 Version: 1.00.0000 - SEGA) Hidden
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics TouchPad Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.27.1 - Synaptics Incorporated)
The Treasures of Mystery Island: The Ghost Ship (x32 Version: 2.2.0.98 - WildTangent) Hidden
Torchlight (x32 Version: 2.2.0.98 - WildTangent) Hidden
UltraSearch V2.1.2 (64 bit) (HKU\S-1-5-21-606511456-1437241303-3617233354-1001\...\UltraSearch_is1) (Version: 2.1.2 - JAM Software)
Unlocker (HKLM\...\{5993C960-4E90-4A00-A2F3-D0C4020A6992}) (Version: 1.9.2 - ajua Custom Installers)
Update Installer for WildTangent Games App (HKLM-x32\...\{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App) (Version: - WildTangent)
Validity Sensors DDK (HKLM\...\{40BEDF44-88CF-4FF6-8790-882484452003}) (Version: 4.4.231.0 - Validity Sensors, Inc.)
Validity WBF DDK (HKLM\...\{79174AF2-6CB1-42F5-981E-66DCA49391D0}) (Version: 4.3.205.0 - Validity Sensors, Inc.)
VIP Access SDK (1.0.1.2) (HKLM-x32\...\VIP Access SDK) (Version: 1.0.1.2 - Symantec Inc.)
Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.98 - WildTangent) Hidden
WildTangent Games App (HP Games) (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp) (Version: 4.0.5.32 - WildTangent)
Windows Driver Package - MediaTek Inc. (wdm_usb) Ports (01/22/2015 3.0.1504.0) (HKLM\...\BD5E2A628C2263FAEC66A4BFF2E88B897427E4C3) (Version: 01/22/2015 3.0.1504.0 - MediaTek Inc.)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Phone Device Manager (HKLM-x32\...\{3959E064-5785-4DA1-9799-5A841F6B9DA5}) (Version: 1.10.0.0 - Julien Schapman)
WinRAR 5.40 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)
Yahoo Messenger (HKU\S-1-5-21-606511456-1437241303-3617233354-1001\...\yahoomessenger) (Version: 0.8.231 - Yahoo! Inc)
Yahoo! Messenger (HKLM-x32\...\Yahoo! Messenger) (Version: - Yahoo! Inc.)
Zuma's Revenge (x32 Version: 2.2.0.98 - WildTangent) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0A13CB83-F230-4480-A53D-32F9574314F8} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2011-09-29] (CyberLink)
Task: {1CACCE68-0CE2-4328-BF5E-093942DCCB29} - System32\Tasks\lenovo mobile auto run => C:\Program Files (x86)\MagicPlus\MagicPlus_helper.exe [2015-06-11] (Lenovo)
Task: {2BB39E9E-34D1-457B-A84F-97F204E29712} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2016-07-04] (HP Inc.)
Task: {2F8CC0B2-63ED-41A8-B0D0-C48E09B7CB16} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2016-07-04] (HP Inc.)
Task: {44283EAC-B9DD-460B-BD00-781DA8C7960C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2016-07-04] (HP Inc.)
Task: {4F80F9C0-BFA5-44EC-A8C7-1F69CB6071E6} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-07-04] (HP Inc.)
Task: {6DF5DA65-527F-4A54-9F9C-D3A0C386FD5F} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-10-27] (Adobe Systems Incorporated)
Task: {8102426B-3888-4448-91A5-486985704CD2} - System32\Tasks\HPCeeScheduleFornaveen-standard => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2016-05-12] (HP Development Company, L.P.)
Task: {8D4CE5AB-AAE2-4353-9C84-4E048074B1EB} - System32\Tasks\Registration => C:\Program Files (x86)\Hewlett-Packard\HP Setup\Dependencies\RemEngine.exe [2011-09-29] ()
Task: {915D2A44-69C9-405C-82B7-7ED91BAEAAC6} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater - Resources => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-07-04] (HP Inc.)
Task: {AF87BB88-1CD9-4D48-8EC0-917C028C8A50} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2016-07-04] (HP Inc.)
Task: {B2A764FE-43F1-4F44-9BF1-92B255343D24} - System32\Tasks\SetupManager => C:\Program Files (x86)\Hewlett-Packard\Setup Manager\toaster.exe [2011-09-07] (Microsoft)
Task: {B2ABEE78-166E-4FC1-864C-1810F68B74C0} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-08-23] (Google Inc.)
Task: {BA868FB3-63D7-42EB-B6F8-45913339FF04} - System32\Tasks\BDAntiCryptoWallTask => C:\Program Files\Bitdefender\Tools\BDAntiRansomware\BDAntiRansomware.exe [2016-05-16] ()
Task: {C6461B75-3EE5-4C7A-AA20-1CAFCC189866} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-08-23] (Google Inc.)
Task: {E8471CAD-6C60-465A-B62E-64AFDD999FE1} - System32\Tasks\AdobeAAMUpdater-1.0-HP-dv6tqe-naveen-standard => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2015-05-26] (Adobe Systems Incorporated)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleFornaveen-standard.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

Shortcut: C:\Users\ADMIN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Instagram Downloader\Instagram Downloader Website.lnk -> hxxp://www.iwesoft.com/productinfo.php?id=35

==================== Loaded Modules (Whitelisted) ==============

2016-08-23 19:38 - 2016-06-30 16:49 - 01043568 _____ () C:\Program Files\Emsisoft Internet Security\fw64.dll
2016-10-05 13:53 - 2016-09-28 12:22 - 00782248 _____ () C:\Program Files (x86)\360\Total Security\MenuEx64.dll
2015-06-01 21:00 - 2015-06-01 21:00 - 00102912 _____ () C:\Windows\System32\IccLibDll_x64.dll
2016-10-05 13:53 - 2016-09-28 12:22 - 00099240 _____ () C:\Program Files (x86)\360\Total Security\deepscan\qutmload.dll
2016-10-16 00:24 - 2014-04-17 14:26 - 00441672 _____ () C:\ProgramData\360Safe\savapi\savapi3.dll
2016-10-16 00:24 - 2016-07-19 16:19 - 00247720 _____ () C:\ProgramData\360Safe\savapi\aecore.dll
2016-10-16 00:24 - 2016-02-04 15:58 - 00059296 _____ () C:\ProgramData\360Safe\savapi\aebb.dll
2016-10-16 00:24 - 2016-07-19 16:19 - 00128936 _____ () C:\ProgramData\360Safe\savapi\aecrypto.dll
2016-10-16 00:24 - 2016-07-19 16:19 - 02717608 _____ () C:\ProgramData\360Safe\savapi\aedroid.dll
2016-10-16 00:24 - 2016-07-19 16:19 - 00404328 _____ () C:\ProgramData\360Safe\savapi\aeemu.dll
2016-10-16 00:24 - 2016-07-19 16:19 - 00306032 _____ () C:\ProgramData\360Safe\savapi\aeexp.dll
2016-10-16 00:24 - 2016-07-19 16:19 - 00551792 _____ () C:\ProgramData\360Safe\savapi\aegen.dll
2016-10-16 00:24 - 2016-07-19 16:19 - 00284584 _____ () C:\ProgramData\360Safe\savapi\aehelp.dll
2016-10-16 00:24 - 2016-07-19 16:19 - 10394480 _____ () C:\ProgramData\360Safe\savapi\aeheur.dll
2016-10-16 00:24 - 2016-07-19 16:19 - 00068464 _____ () C:\ProgramData\360Safe\savapi\aelibinf.dll
2016-10-16 00:24 - 2016-02-04 15:58 - 00301936 _____ () C:\ProgramData\360Safe\savapi\aemobile.dll
2016-10-16 00:24 - 2016-07-19 16:19 - 00481192 _____ () C:\ProgramData\360Safe\savapi\aeoffice.dll
2016-10-16 00:24 - 2016-07-19 16:19 - 00804776 _____ () C:\ProgramData\360Safe\savapi\aepack.dll
2016-10-16 00:24 - 2016-07-19 16:19 - 00812960 _____ () C:\ProgramData\360Safe\savapi\aerdl.dll
2016-10-16 00:24 - 2016-07-19 16:19 - 01633128 _____ () C:\ProgramData\360Safe\savapi\aesbx.dll
2016-10-16 00:24 - 2016-07-19 16:19 - 00141216 _____ () C:\ProgramData\360Safe\savapi\aescn.dll
2016-10-16 00:24 - 2016-07-19 16:19 - 00633712 _____ () C:\ProgramData\360Safe\savapi\aescript.dll
2016-10-16 00:24 - 2016-07-19 16:19 - 00142184 _____ () C:\ProgramData\360Safe\savapi\aevdf.dll
2016-10-05 16:53 - 2014-02-28 14:20 - 00335432 _____ () C:\PROGRA~3\360Safe\bd\scan.dll
2016-10-05 16:53 - 2016-10-05 17:10 - 00126624 _____ () C:\PROGRA~3\360Safe\bd\bdcore.dll
2016-10-05 13:53 - 2016-09-28 12:22 - 00584616 _____ () C:\Program Files (x86)\360\Total Security\safemon\wdui2.dll
2016-09-07 01:34 - 2016-09-07 01:34 - 00172544 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\ec5f7ad8acea5d03e5467e8b980e34fb\IsdiInterop.ni.dll
2012-03-14 06:38 - 2011-05-20 10:05 - 00059904 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
2014-09-09 11:00 - 2014-09-09 11:00 - 00023576 _____ () C:\Program Files (x86)\Seagate\DiscWizard\ti_managers_proxy_stub.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\43812957.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\43812957.sys => ""="Driver"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 08:04 - 2016-11-02 23:32 - 00000822 ____A C:\Windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-606511456-1437241303-3617233354-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\ADMIN\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-606511456-1437241303-3617233354-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\naveen-standard\AppData\Roaming\IrfanView\IrfanView_Wallpaper.bmp
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\Services: BBSvc => 3
MSCONFIG\Services: BBUpdate => 2
MSCONFIG\Services: CG6Service => 2
MSCONFIG\Services: CLKMSVC10_38F51D56 => 2
MSCONFIG\Services: FoxitReaderService => 2
MSCONFIG\Services: FPLService => 2
MSCONFIG\Services: GamesAppService => 3
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: hmevpnsvc => 2
MSCONFIG\Services: Mobile Partner. RunOuc => 2
MSCONFIG\Services: Secunia PSI Agent => 2
MSCONFIG\Services: Secunia Update Agent => 2
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: vcsFPService => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Install LastPass IE RunOnce.lnk => C:\Windows\pss\Install LastPass IE RunOnce.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Secunia PSI Tray.lnk => C:\Windows\pss\Secunia PSI Tray.lnk.CommonStartup
MSCONFIG\startupreg: BDRegion => C:\Program Files (x86)\Cyberlink\Shared files\brs.exe
MSCONFIG\startupreg: HP Quick Launch => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
MSCONFIG\startupreg: IDMan => C:\Program Files (x86)\IDM\IDMan.exe /onboot
MSCONFIG\startupreg: Messenger (Yahoo!) => "C:\Program Files (x86)\YahooMessenger-old\YahooMessenger.exe" -quiet
MSCONFIG\startupreg: Raptr => "C:\Program Files (x86)\Raptr Inc\Raptr\raptrstub.exe" --startup
MSCONFIG\startupreg: RemoteControl10 => "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
MSCONFIG\startupreg: SetDefault => C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe
MSCONFIG\startupreg: WheelMouse => C:\Program Files\Mouse\Amoumain.exe

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{58588614-3D34-4ACD-A188-EF6E27AD47FA}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\MediaSmart\RoxioNow\RNow.exe
FirewallRules: [{F05B6A5A-0551-4BB8-9BAF-B27C3891136D}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\MediaSmart\RoxioNow\RNow.exe
FirewallRules: [{DAA3EB62-96A2-44F8-82D7-30C39A8CB1A2}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\MediaSmart\RoxioNow\IndivDRM.exe
FirewallRules: [{4C1E284E-185B-45CC-957D-780D429C49A0}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\MediaSmart\RoxioNow\IndivDRM.exe
FirewallRules: [{ED103F12-841C-411B-A433-9536CF46A6E5}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{47179299-CA49-4A3F-945C-65047D98E6FB}] => (Allow) LPort=2869
FirewallRules: [{092B99D3-6919-403C-BE0E-BAFEE91E085C}] => (Allow) LPort=1900
FirewallRules: [{3981FD87-E182-4B1B-BF2F-5E9BBEFA269D}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{FD237E27-BA0C-42B8-9EC5-793786C8F551}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{93E31856-A99E-40E8-B416-135AB2AD8196}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD Cinema\PowerDVDCinema10.exe
FirewallRules: [{5F15B9D8-6A44-4064-BC52-3EDC32CCF263}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD10.EXE
FirewallRules: [{6F6E26E5-7ABE-488B-9D26-A90DC846A3C0}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{B79D1B03-6B4B-48AE-BACE-673BE1E54B0B}] => (Allow) C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv.exe
FirewallRules: [{A520DEA2-D640-4B8D-B4B0-A58F8ABD5D68}] => (Allow) C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv.exe
FirewallRules: [{6233C8BC-2DC0-4D90-8259-4087DA8A6E84}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr.exe
FirewallRules: [{AE3FC3BA-4F5E-4FC1-9F33-8D4644F406E6}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr.exe
FirewallRules: [{B47FAAEA-0BB6-4535-ACC8-FA5DC70E64EE}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_im.exe
FirewallRules: [{64E34944-80F3-4200-9D28-2BCADE61F0C3}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_im.exe
FirewallRules: [{6805EC14-CFB1-4CCF-91D6-2C4927394070}] => (Allow) C:\Program Files (x86)\YahooMessenger-old\YahooMessenger.exe
FirewallRules: [{CF32E9C3-700C-4C5C-8EDB-DD95D2F01E14}] => (Allow) C:\Program Files (x86)\YahooMessenger-old\YahooMessenger.exe
FirewallRules: [{052607D4-44BE-46EB-BE79-7B34F0855F5B}] => (Allow) C:\games\aoe3\age3x.exe
FirewallRules: [{F67A35FE-9FC6-4393-86D2-8F700F14AF39}] => (Allow) C:\games\aoe3\age3x.exe
FirewallRules: [{4D7D0198-9459-4F1B-95EB-1D8376574A07}] => (Allow) C:\Program Files (x86)\360\Total Security\softmgr\360InstantSetup.exe
FirewallRules: [{AF46450E-8832-43DB-8BA3-17CF4CBECC81}] => (Allow) C:\Program Files (x86)\360\Total Security\softmgr\360InstantSetup.exe
FirewallRules: [{61994673-C7D2-42AC-BF81-91AE3A8C760A}] => (Allow) C:\Program Files (x86)\360\Total Security\LiveUpdate360.exe
FirewallRules: [{999439FD-AA0D-44A5-9241-48AD7AE500FD}] => (Allow) C:\Program Files (x86)\360\Total Security\LiveUpdate360.exe
FirewallRules: [TCP Query User{EC4AEAFA-2A37-4F3D-8B24-6D4C1A468536}C:\games\stormrise\stormrise.exe] => (Block) C:\games\stormrise\stormrise.exe
FirewallRules: [UDP Query User{3ABB0F40-60C3-4CF8-A55C-4C426708613B}C:\games\stormrise\stormrise.exe] => (Block) C:\games\stormrise\stormrise.exe
FirewallRules: [TCP Query User{BA4437FC-1E02-4E15-BDD1-A22939DB2F9A}C:\users\naveen-standard\appdata\roaming\bittorrent\bittorrent.exe] => (Block) C:\users\naveen-standard\appdata\roaming\bittorrent\bittorrent.exe
FirewallRules: [UDP Query User{22C8FC21-A0E4-45C1-B0F9-7E98972F11A3}C:\users\naveen-standard\appdata\roaming\bittorrent\bittorrent.exe] => (Block) C:\users\naveen-standard\appdata\roaming\bittorrent\bittorrent.exe
FirewallRules: [TCP Query User{91CD874E-4D2B-41F8-BDEB-B5DCEEC8022A}C:\program files (x86)\lenovo-magicplus\magicplus.exe] => (Block) C:\program files (x86)\lenovo-magicplus\magicplus.exe
FirewallRules: [UDP Query User{D1EE8708-7D43-4D0E-8C48-073C5BDB6D95}C:\program files (x86)\lenovo-magicplus\magicplus.exe] => (Block) C:\program files (x86)\lenovo-magicplus\magicplus.exe
FirewallRules: [TCP Query User{A594C3ED-642C-46C8-ABCA-BA71CC1891F8}C:\program files (x86)\magicplus\magicplus.exe] => (Block) C:\program files (x86)\magicplus\magicplus.exe
FirewallRules: [UDP Query User{3E7149FC-5730-4B44-A8F1-E33F0C9DA2A7}C:\program files (x86)\magicplus\magicplus.exe] => (Block) C:\program files (x86)\magicplus\magicplus.exe
FirewallRules: [{2CFEF203-F4A8-434F-B777-5A3C0E7553C4}] => (Allow) C:\Program Files (x86)\360\Total Security\safemon\QHSafeTray.exe
FirewallRules: [{E2E06A15-25E0-42C0-A8EE-27F65CAE850B}] => (Allow) C:\Program Files (x86)\360\Total Security\safemon\QHSafeTray.exe
FirewallRules: [{02504A25-20D5-4020-BC97-FA611C80E0FB}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

03-11-2016 19:46:40 Revo Uninstaller Pro's restore point - SlimDrivers
03-11-2016 19:47:01 Removed SlimDrivers
03-11-2016 19:53:55 Revo Uninstaller Pro's restore point - Heimdal Agent
03-11-2016 19:54:14 Removed Heimdal Agent
03-11-2016 19:56:02 Revo Uninstaller Pro's restore point - Malwarebytes Anti-Ransomware version 0.9.17.661
05-11-2016 23:24:17 Restore Point Created by FRST
05-11-2016 23:55:38 Device Driver Package Install: Lenovo Inc. Lenovo ADB Device
06-11-2016 20:31:44 Device Driver Package Install: Lenovo Inc. Lenovo ADB Device
08-11-2016 00:20:42 Device Driver Package Install: Lenovo Inc. Lenovo ADB Device
08-11-2016 01:34:16 JRT Pre-Junkware Removal

==================== Faulty Device Manager Devices =============

Name: MTP
Description: MTP
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Microsoft ISATAP Adapter #2
Description: Microsoft ISATAP Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: mvdM23
Description: mvdM23
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: mvdM23
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (11/08/2016 10:37:26 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\MagicPlus\MagicPlus.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.23403_none_e36ad4593102f066.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.23403_none_2b180b30457f196c.manifest.

Error: (11/08/2016 09:54:46 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
(Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed:

Error: (11/08/2016 09:44:42 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (11/08/2016 06:43:50 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\MagicPlus\MagicPlus.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.23403_none_e36ad4593102f066.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.23403_none_2b180b30457f196c.manifest.

Error: (11/08/2016 06:38:22 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
(Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed:

Error: (11/08/2016 06:28:04 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (11/08/2016 01:39:28 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\MagicPlus\MagicPlus.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.23403_none_e36ad4593102f066.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.23403_none_2b180b30457f196c.manifest.

Error: (11/08/2016 01:39:28 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\MagicPlus\MagicPlus.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.23403_none_e36ad4593102f066.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.23403_none_2b180b30457f196c.manifest.

Error: (11/08/2016 01:35:56 AM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
(Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed:

Error: (11/08/2016 01:34:37 AM) (Source: VSS) (EventID: 12305) (User: )
Description: Volume Shadow Copy Service error: Volume/disk not connected or not found.
Error context: DeviceIoControl(\\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy1 - 00000000000001CC,0x00530194,0000000000000000,0,000000000038BFF0,4096,[0]).


Operation:
Query Shadow Copies


System errors:
=============
Error: (11/08/2016 09:44:46 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The mvdM23 service failed to start due to the following error:
The system cannot find the file specified.

Error: (11/08/2016 09:44:46 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The mvdM23 service failed to start due to the following error:
The system cannot find the file specified.

Error: (11/08/2016 09:44:46 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The HWDeviceService64.exe service terminated unexpectedly. It has done this 1 time(s).

Error: (11/08/2016 06:28:10 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The mvdM23 service failed to start due to the following error:
The system cannot find the file specified.

Error: (11/08/2016 06:28:10 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The mvdM23 service failed to start due to the following error:
The system cannot find the file specified.

Error: (11/08/2016 06:28:10 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The HWDeviceService64.exe service terminated unexpectedly. It has done this 1 time(s).

Error: (11/08/2016 03:18:36 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The UPnP Device Host service failed to start due to the following error:
The service did not start due to a logon failure.

Error: (11/08/2016 03:18:36 AM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: The upnphost service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error:
The request is not supported.


To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

Error: (11/08/2016 03:18:36 AM) (Source: DCOM) (EventID: 10005) (User: )
Description: DCOM got error "1069" attempting to start the service upnphost with arguments "" in order to run the server:
{204810B9-73B2-11D4-BF42-00B0D0118B56}

Error: (11/08/2016 01:25:56 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The mvdM23 service failed to start due to the following error:
The system cannot find the file specified.


CodeIntegrity:
===================================
Date: 2016-11-08 22:34:47.616
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Emsisoft Internet Security\a2hooks64.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-11-08 22:15:23.507
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Emsisoft Internet Security\a2hooks64.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-11-08 18:40:28.235
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Emsisoft Internet Security\a2hooks64.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-11-08 03:18:29.764
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Emsisoft Internet Security\a2hooks64.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-11-08 02:03:04.445
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Emsisoft Internet Security\a2hooks64.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-11-08 01:39:31.781
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Emsisoft Internet Security\a2hooks64.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-11-08 00:38:20.793
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Emsisoft Internet Security\a2hooks64.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-11-08 00:18:15.271
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Emsisoft Internet Security\a2hooks64.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-11-07 22:58:16.367
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Emsisoft Internet Security\a2hooks64.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-11-07 22:27:22.949
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Emsisoft Internet Security\a2hooks64.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel® Core™ i7-2670QM CPU @ 2.20GHz
Percentage of memory in use: 29%
Total physical RAM: 8139.6 MB
Available physical RAM: 5769.74 MB
Total Virtual: 16277.39 MB
Available Virtual: 13073.12 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:906.02 GB) (Free:726.1 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (Recovery) (Fixed) (Total:21.33 GB) (Free:2.3 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive e: (HP_TOOLS) (Fixed) (Total:3.96 GB) (Free:1.07 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: F1C8D2A2)
Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=906 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=21.3 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=4 GB) - (Type=0C)

==================== End of Addition.txt ============================

Edited by anniyan, 08 November 2016 - 01:11 PM.


Become a BleepingComputer fan on Facebook
Have you seen.....Select Real Security

#14 Jo*

Jo*

  • Malware Response Team
  • 3,330 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:10:23 AM

Posted 09 November 2016 - 04:31 AM

Hello,

:step1: Please download and run the following tool to help allow other programs to run. (courtesy of BleepingComputer.com)
There are 5 different versions. If one of them won't run then download and try to run the other one.
Vista and Win7/8/10 users need to right click and choose Run as Administrator
You only need to get one of them to run, not all of them.Do not reboot your computer after running rkill as the malware programs will start again.


---


:step2: Malwarebytes' Anti-Malware
If this program is already installed: Skip the installation and run only the scan!
Download and install: Please download Malwarebytes Anti-Malware to your desktop.
  • Double-click mb3-setup-1878.1878-3.5.1.2522.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
    • Launch Malwarebytes Anti-Malware
    • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish.
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.
How to get logs: (Export log to save as txt)
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Export'.
  • Click 'Text file (*.txt)'
  • In the Save File dialog box which appears, click on Desktop.
  • In the File name: box type a name for your scan log.
  • A message box named 'File Saved' should appear stating "Your file has been successfully exported".
  • Click Ok
  • Attach that saved log to your next reply.
(Copy to clipboard for pasting into forum replies or tickets)
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply.

---


:step3: Please download Farbar Service Scanner and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

---


:step4: How the computer is running now?


---


Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#15 anniyan

anniyan
  • Topic Starter

  • Members
  • 222 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Under your bed, mwahahahahaha!
  • Local time:01:53 PM

Posted 09 November 2016 - 04:43 PM

Rkill 2.8.4 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2016 BleepingComputer.com
More Information about Rkill can be found at this link:
 http://www.bleepingcomputer.com/forums/topic308364.html
 
Program started at: 11/10/2016 02:18:08 AM in x64 mode.
Windows Version: Windows 7 Home Premium Service Pack 1
 
Checking for Windows services to stop:
 
 * No malware services found to stop.
 
Checking for processes to terminate:
 
 * No malware processes found to kill.
 
Checking Registry for malware related settings:
 
 * No issues found in the Registry.
 
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
 
Performing miscellaneous checks:
 
 * Windows Defender Disabled
 
   [HKLM\SOFTWARE\Microsoft\Windows Defender]
   "DisableAntiSpyware" = dword:00000001
 
Checking Windows Service Integrity: 
 
 * Windows Defender (WinDefend) is not Running.
   Startup Type set to: Manual
 
 * TBS [Missing Service]
 
Searching for Missing Digital Signatures: 
 
 * No issues found.
 
Checking HOSTS File: 
 
 * No issues found.
 
Program finished at: 11/10/2016 02:18:16 AM
Execution time: 0 hours(s), 0 minute(s), and 7 seconds(s)

 

 

 

 

 

 

Farbar Service Scanner Version: 27-01-2016

Ran by ADMIN (administrator) on 10-11-2016 at 02:48:15

Running from "C:\Users\naveen-standard\Desktop\bleep comp"

Microsoft Windows 7 Home Premium  Service Pack 1 (X64)

Boot Mode: Normal

****************************************************************

 

Internet Services:

============

 

Connection Status:

==============

Localhost is accessible.

LAN connected.

Attempt to access Google IP returned error. Google IP is unreachable

Attempt to access Google.com returned error: Google.com is unreachable

Attempt to access Yahoo.com returned error: Yahoo.com is unreachable

 

 

Windows Firewall:

=============

 

Firewall Disabled Policy: 

==================

 

 

System Restore:

============

 

System Restore Policy: 

========================

 

 

Action Center:

============

 

 

Windows Update:

============

 

Windows Autoupdate Disabled Policy: 

============================

 

 

Windows Defender:

==============

WinDefend Service is not running. Checking service configuration:

The start type of WinDefend service is set to Demand. The default start type is Auto.

The ImagePath of WinDefend service is OK.

The ServiceDll of WinDefend service is OK.

 

 

Windows Defender Disabled Policy: 

==========================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]

"DisableAntiSpyware"=DWORD:1

 

 

Other Services:

==============

 

 

File Check:

========

C:\Windows\System32\nsisvc.dll => File is digitally signed

C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed

C:\Windows\System32\dhcpcore.dll => File is digitally signed

C:\Windows\System32\drivers\afd.sys => File is digitally signed

C:\Windows\System32\drivers\tdx.sys => File is digitally signed

C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed

C:\Windows\System32\dnsrslvr.dll => File is digitally signed

C:\Windows\System32\dnsapi.dll => File is digitally signed

C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed

C:\Windows\System32\mpssvc.dll => File is digitally signed

C:\Windows\System32\bfe.dll => File is digitally signed

C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed

C:\Windows\System32\SDRSVC.dll => File is digitally signed

C:\Windows\System32\vssvc.exe => File is digitally signed

C:\Windows\System32\wscsvc.dll => File is digitally signed

C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed

C:\Windows\System32\wuaueng.dll => File is digitally signed

C:\Windows\System32\qmgr.dll => File is digitally signed

C:\Windows\System32\es.dll => File is digitally signed

C:\Windows\System32\cryptsvc.dll => File is digitally signed

C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed

C:\Windows\System32\svchost.exe => File is digitally signed

C:\Windows\System32\rpcss.dll => File is digitally signed

 

 

**** End of log ****

 

 

 

 

attached the MBAM log as per your instruction - Attached File  mbam.txt   1.03KB   2 downloads

 

OBSERVATIONS AS OF NOW:

1. i ran these scans when connected to the internet.

 

2. i noticed that my web browsers dont load pages immediately. it loads the 'server not found' screen and then only after sometime loads the required page as i have mentioned in the start of this thread. please find attached the screenshot - Attached File  Untitled.png   9.79KB   0 downloads

 

3. chrome is always accompanied by 2 cmd.exe*32 processes still.

 

4. my other worry is... i use the same internet connection and modem-router for all the devices in my home (2 laptops through ethernet cable {including this infected one} and 4 android phones) is there a possibility that the infection in this laptop could have spread to the other devices through the modem-router? :(



Become a BleepingComputer fan on Facebook
Have you seen.....Select Real Security




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users