Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Project Oreon and other random tabs open automatically on Chrome.


  • Please log in to reply
22 replies to this topic

#1 sree98

sree98

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:33 PM

Posted 03 November 2016 - 07:32 PM

Hello friends at Bleeping Computer,

 

For the past week or so, I have been having a problem with popups that opens on chrome when its open. Random website starts to open up randomly.

 

These are some of the websites it opens up:

 

 http://oziris.zerohorizon.net/

 

I have run Avast's full system scan, and boot time scan. Both of those have come up with nothing. This has been happening for quite a while now. I have also tried uninstalling suspicious software and disabled suspicious extensions on chrome.

 

Similar kind of problem has been already added by other users on the forum. But I wasn't able to solve it using some of the tips the other topics suggested.

 

The FRST log and the additional.txt file has been attached to this topic.

 

Attached File  FRST.txt   121.48KB   5 downloads

Attached File  Addition.txt   43.61KB   6 downloads


Edited by sree98, 03 November 2016 - 07:39 PM.


BC AdBot (Login to Remove)

 


#2 sree98

sree98
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:33 PM

Posted 05 November 2016 - 04:50 PM

The problem has been persistent in the last 2 days. It pops up almost every hour.

 

Any help could be very useful. 

Bump



#3 shelf life

shelf life

  • Malware Response Team
  • 2,651 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:02:33 PM

Posted 06 November 2016 - 09:00 AM

Lets get a couple of downloads for you to use:, Malwarebytes, Adwcleaner and JRT.exe. Then we will go from there:

Usually only online once or twice per day so you may not get a reply back form me until the following day.

 

MBAM:

 

Please download Malwarebytes Anti-Malware 2.0.3.1025 Final to your desktop.

http://data-cdn.mbamupdates.com/v2/mbam/consumer/data/mbam-setup-2.0.3.1025.exe
 

    Double-click mbam-setup-2.0.3.1025.exe and follow the prompts to install the program.
    At the end, be sure a checkmark is placed next to the following:
        Launch Malwarebytes Anti-Malware
        A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
    Click Finish.
    On the Settings tab > Detection and Protection subtab, Detection Options, tick the box 'Scan for rootkits'.
    Click on the Scan tab, then click on Scan Now >> . If an update is available, click the Update Now button.
    A Threat Scan will begin.
    With some infections, you may see this message box.
        'Could not load DDA driver'
    Click 'Yes' to this message, to allow the driver to load after a restart.
    Allow the computer to restart. Continue with the rest of these instructions.
    When the scan is complete, click Apply Actions.
    Wait for the prompt to restart the computer to appear, then click on Yes.
    After the restart once you are back at your desktop, open MBAM once more.
    Click on the History tab > Application Logs.
    Double click on the scan log which shows the Date and time of the scan just performed.
    Click 'Copy to Clipboard'
    Paste the contents of the clipboard into your reply.

 

JRT.exe:
 

Please download Junkware Removal Tool to your desktop.

     http://thisisudax.org/downloads/JRT.exe

    Double click the icon or Right click for Vista/W7,8 and select Run as administrator
    The tool will open and start scanning.
    Please be patient as this can take a while to complete.
    On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    Post the contents of JRT.txt into your next message
 

Adwcleaner:

 

Please download adwcleaner and save to your desktop.

    http://www.bleepingcomputer.com/download/adwcleaner/

    Right click AdwCleaner.exe and select "run as admin"
    Accept the disclaimer
    Click on the Scan button.
    Once the scan is done, Click the Clean button
    Press OK when asked to close all programs and follow the onscreen prompts.
    Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
    After rebooting, a logfile report (AdwCleaner[S#].txt) will open automatically
    Copy and paste the contents of that logfile in your next reply.
    A copy of that logfile will also be saved in the C:\AdwCleaner folder.
 


How Can I Reduce My Risk to Malware?


#4 sree98

sree98
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:33 PM

Posted 06 November 2016 - 08:15 PM

Here are the txt fies:
 
MBAM log content:
Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 11/06/2016
Scan Time: 05:09 PM
Logfile: 
Administrator: Yes
 
Version: 2.2.1.1043
Malware Database: v2016.11.06.09
Rootkit Database: v2016.10.31.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 10
CPU: x64
File System: NTFS
User: sree_
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 406294
Time Elapsed: 1 hr, 7 min, 5 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 13
PUP.Optional.SearchManager, HKLM\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\pilplloabdedfmialnfchjomjmpjcoej, Quarantined, [32dfcaf3debc79bdd56cd921ea1923dd], 
PUP.Optional.WinYahoo, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{A5EBF491-F7F9-4E23-B38D-C495E91DEA54}, Quarantined, [53be3f7e7e1c78bef1571bae17eba25e], 
PUP.Optional.WinYahoo, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{D279AD1E-73E2-4C19-8D1B-CC8DF1381A23}, Delete-on-Reboot, [63aeb904a2f893a39e2b743f1ee6926e], 
PUP.Optional.WinYahoo, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Yahoo! Powered renic, Delete-on-Reboot, [2be6f6c7f4a691a516b4c4ef8b7912ee], 
PUP.Optional.SearchManager, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\pilplloabdedfmialnfchjomjmpjcoej, Quarantined, [21f0d1ecfaa04fe759e8cb2f669dc43c], 
PUP.Optional.WinYahoo, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{A5EBF491-F7F9-4E23-B38D-C495E91DEA54}, Quarantined, [b0611e9f4852ec4ade6a11b80bf77d83], 
PUP.Optional.InstallCore, HKU\S-1-5-21-2973546267-1245024337-2511460995-1001\SOFTWARE\csastats, Quarantined, [34dd68557525be78201c38c28f7443bd], 
PUP.Optional.InstallCore, HKU\S-1-5-21-2973546267-1245024337-2511460995-1001\SOFTWARE\ICSW1.22, Quarantined, [ae63af0e9bff53e342ad0f97867ddf21], 
PUP.Optional.SearchManager, HKU\S-1-5-21-2973546267-1245024337-2511460995-1001\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\pilplloabdedfmialnfchjomjmpjcoej, Quarantined, [3ed308b58e0c20166f1d19b241c1f808], 
PUP.Optional.Spigot, HKU\S-1-5-21-2973546267-1245024337-2511460995-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{90D2D13A-801D-4FFB-8D7D-21A2519F4FD8}, Quarantined, [8a87cfeed6c4b185e624407620e3fa06], 
PUP.Optional.WinYahoo, HKU\S-1-5-21-2973546267-1245024337-2511460995-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{2F23AB71-4AC6-41F2-A955-EA576E553146}, Quarantined, [66ab9825742655e160e741885aa8f20e], 
PUP.Optional.ProductSetup, HKU\S-1-5-21-2973546267-1245024337-2511460995-1001\SOFTWARE\PRODUCTSETUP, Quarantined, [020ff6c7336710269d0740708d76ea16], 
PUP.Optional.WinYahoo, HKU\S-1-5-21-2973546267-1245024337-2511460995-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Chromium, Quarantined, [0c058d303367b482b353dbc26c9833cd], 
 
Registry Values: 12
PUP.Optional.WinYahoo, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, https://us.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_inprft_16_30&param1=1&param2=f[2be6b7063a6082b459f3685461a34ab6]D1%26b[2be6b7063a6082b459f3685461a34ab6]DIE%26cc[2be6b7063a6082b459f3685461a34ab6]Dus%26pa[2be6b7063a6082b459f3685461a34ab6]DWincy%26cd[2be6b7063a6082b459f3685461a34ab6]D2XzuyEtN2Y1L1Qzu0AyEtAyE0Dzy0CyC0B0F0FtBtCyBtAtBtN0D0Tzu0StCyCyCzytN1L2XzutAtFtBtAtFtCtFtAtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StA0F0BtCzzyE0DyBtGyD0FyD0EtG0FtA0DtAtGyDtAyByEtGyEyDtB0AtCyCyEyBzzyD0DyB2QtN1M1F1B2Z1V1N2Y1L1Qzu2Szy0BtAtAtDzz0DyEtG0CyCyEtBtGyEyBtC0AtGzyyBzzyDtGyByCyEtB0F0CzzzzyCyEyD0C2QtN0A0LzuyE%26cr[2be6b7063a6082b459f3685461a34ab6]D497893542%26a[2be6b7063a6082b459f3685461a34ab6]Dwbf_inprft_16_30%26os_ver[2be6b7063a6082b459f3685461a34ab6]D10.0%26os[2be6b7063a6082b459f3685461a34ab6]DWindowsQuarantinedB10QuarantinedBHome, %4, %5
PUP.Optional.NetRadio, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN\FEATURECONTROL\FEATURE_BROWSER_EMULATION|NetRadio.exe, 11001, Quarantined, [c54c1ca117832f07941c5e8c37cc35cb]
PUP.Optional.NetRadio, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN\FEATURECONTROL\FEATURE_BROWSER_EMULATION|NetRadio.vshost.exe, 11001, Quarantined, [e72a407df3a7b77f763bd416649f837d]
PUP.Optional.WinYahoo, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{A5EBF491-F7F9-4E23-B38D-C495E91DEA54}|URL, https://us.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_inprft_16_30&param1=1&param2=f[53be3f7e7e1c78bef1571bae17eba25e]D4%26b[53be3f7e7e1c78bef1571bae17eba25e]DIE%26cc[53be3f7e7e1c78bef1571bae17eba25e]Dus%26pa[53be3f7e7e1c78bef1571bae17eba25e]DWincy%26cd[53be3f7e7e1c78bef1571bae17eba25e]D2XzuyEtN2Y1L1Qzu0AyEtAyE0Dzy0CyC0B0F0FtBtCyBtAtBtN0D0Tzu0StCyCyCzytN1L2XzutAtFtBtAtFtCtFtAtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StA0F0BtCzzyE0DyBtGyD0FyD0EtG0FtA0DtAtGyDtAyByEtGyEyDtB0AtCyCyEyBzzyD0DyB2QtN1M1F1B2Z1V1N2Y1L1Qzu2Szy0BtAtAtDzz0DyEtG0CyCyEtBtGyEyBtC0AtGzyyBzzyDtGyByCyEtB0F0CzzzzyCyEyD0C2QtN0A0LzuyE%26cr[53be3f7e7e1c78bef1571bae17eba25e]D497893542%26a[53be3f7e7e1c78bef1571bae17eba25e]Dwbf_inprft_16_30%26os_ver[53be3f7e7e1c78bef1571bae17eba25e]D10.0%26os[53be3f7e7e1c78bef1571bae17eba25e]DWindowsQuarantinedB10QuarantinedBHome&p={searchTerms}, %4, %5
PUP.Optional.WinYahoo, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{D279AD1E-73E2-4C19-8D1B-CC8DF1381A23}|Path, \Yahoo! Powered renic, Delete-on-Reboot, [63aeb904a2f893a39e2b743f1ee6926e]
PUP.Optional.NetRadio, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN\FEATURECONTROL\FEATURE_BROWSER_EMULATION|NetRadio.exe, 11001, Quarantined, [d041ad103f5b043203addd0d996a10f0]
PUP.Optional.NetRadio, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN\FEATURECONTROL\FEATURE_BROWSER_EMULATION|NetRadio.vshost.exe, 11001, Quarantined, [c54c407d72282115763bea00d52e6c94]
PUP.Optional.WinYahoo, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{A5EBF491-F7F9-4E23-B38D-C495E91DEA54}|URL, https://us.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_inprft_16_30&param1=1&param2=f[b0611e9f4852ec4ade6a11b80bf77d83]D4%26b[b0611e9f4852ec4ade6a11b80bf77d83]DIE%26cc[b0611e9f4852ec4ade6a11b80bf77d83]Dus%26pa[b0611e9f4852ec4ade6a11b80bf77d83]DWincy%26cd[b0611e9f4852ec4ade6a11b80bf77d83]D2XzuyEtN2Y1L1Qzu0AyEtAyE0Dzy0CyC0B0F0FtBtCyBtAtBtN0D0Tzu0StCyCyCzytN1L2XzutAtFtBtAtFtCtFtAtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StA0F0BtCzzyE0DyBtGyD0FyD0EtG0FtA0DtAtGyDtAyByEtGyEyDtB0AtCyCyEyBzzyD0DyB2QtN1M1F1B2Z1V1N2Y1L1Qzu2Szy0BtAtAtDzz0DyEtG0CyCyEtBtGyEyBtC0AtGzyyBzzyDtGyByCyEtB0F0CzzzzyCyEyD0C2QtN0A0LzuyE%26cr[b0611e9f4852ec4ade6a11b80bf77d83]D497893542%26a[b0611e9f4852ec4ade6a11b80bf77d83]Dwbf_inprft_16_30%26os_ver[b0611e9f4852ec4ade6a11b80bf77d83]D10.0%26os[b0611e9f4852ec4ade6a11b80bf77d83]DWindowsQuarantinedB10QuarantinedBHome&p={searchTerms}, %4, %5
Trojan.ProjectOrion, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|wermgr, C:\ProgramData\Microsoft\Windows\WER\wermgr.exe, Quarantined, [2fe2209dafebbc7ae7cefea74db7837d]
PUP.Optional.Spigot, HKU\S-1-5-21-2973546267-1245024337-2511460995-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{90D2D13A-801D-4FFB-8D7D-21A2519F4FD8}|URL, https://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=639975&p={searchTerms}, Quarantined, [8a87cfeed6c4b185e624407620e3fa06]
PUP.Optional.WinYahoo, HKU\S-1-5-21-2973546267-1245024337-2511460995-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{2f23ab71-4ac6-41f2-a955-ea576e553146}|URL, https://us.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_inprft_16_30&param1=1&param2=f[66ab9825742655e160e741885aa8f20e]D4%26b[66ab9825742655e160e741885aa8f20e]DIE%26cc[66ab9825742655e160e741885aa8f20e]Dus%26pa[66ab9825742655e160e741885aa8f20e]DWincy%26cd[66ab9825742655e160e741885aa8f20e]D2XzuyEtN2Y1L1Qzu0AyEtAyE0Dzy0CyC0B0F0FtBtCyBtAtBtN0D0Tzu0StCyCyCzytN1L2XzutAtFtBtAtFtCtFtAtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StA0F0BtCzzyE0DyBtGyD0FyD0EtG0FtA0DtAtGyDtAyByEtGyEyDtB0AtCyCyEyBzzyD0DyB2QtN1M1F1B2Z1V1N2Y1L1Qzu2Szy0BtAtAtDzz0DyEtG0CyCyEtBtGyEyBtC0AtGzyyBzzyDtGyByCyEtB0F0CzzzzyCyEyD0C2QtN0A0LzuyE%26cr[66ab9825742655e160e741885aa8f20e]D497893542%26a[66ab9825742655e160e741885aa8f20e]Dwbf_inprft_16_30%26os_ver[66ab9825742655e160e741885aa8f20e]D10.0%26os[66ab9825742655e160e741885aa8f20e]DWindowsQuarantinedB10QuarantinedBHome&p={searchTerms}, %4, %5
PUP.Optional.ProductSetup, HKU\S-1-5-21-2973546267-1245024337-2511460995-1001\SOFTWARE\PRODUCTSETUP|tb, 0G2O2W1R0C1R1H, Quarantined, [020ff6c7336710269d0740708d76ea16]
 
Registry Data: 1
PUP.Optional.WinYahoo, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, https://us.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_inprft_16_30&param1=1&param2=fBad: (https://us.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_inprft_16_30&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0AyEtAyE0Dzy0CyC0B0F0FtBtCyBtAtBtN0D0Tzu0StCyCyCzytN1L2XzutAtFtBtAtFtCtFtAtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StA0F0BtCzzyE0DyBtGyD0FyD0EtG0FtA0DtAtGyDtAyByEtGyEyDtB0AtCyCyEyBzzyD0DyB2QtN1M1F1B2Z1V1N2Y1L1Qzu2Szy0BtAtAtDzz0DyEtG0CyCyEtBtGyEyBtC0AtGzyyBzzyDtGyByCyEtB0F0CzzzzyCyEyD0C2QtN0A0LzuyE%26cr%3D497893542%26a%3Dwbf_inprft_16_30%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome),Replaced,[858cb805a9f169cde016cdabc83c9a66]D1%26bBad: (https://us.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_inprft_16_30&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0AyEtAyE0Dzy0CyC0B0F0FtBtCyBtAtBtN0D0Tzu0StCyCyCzytN1L2XzutAtFtBtAtFtCtFtAtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StA0F0BtCzzyE0DyBtGyD0FyD0EtG0FtA0DtAtGyDtAyByEtGyEyDtB0AtCyCyEyBzzyD0DyB2QtN1M1F1B2Z1V1N2Y1L1Qzu2Szy0BtAtAtDzz0DyEtG0CyCyEtBtGyEyBtC0AtGzyyBzzyDtGyByCyEtB0F0CzzzzyCyEyD0C2QtN0A0LzuyE%26cr%3D497893542%26a%3Dwbf_inprft_16_30%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome),Replaced,[858cb805a9f169cde016cdabc83c9a66]DIE%26ccBad: (https://us.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_inprft_16_30&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0AyEtAyE0Dzy0CyC0B0F0FtBtCyBtAtBtN0D0Tzu0StCyCyCzytN1L2XzutAtFtBtAtFtCtFtAtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StA0F0BtCzzyE0DyBtGyD0FyD0EtG0FtA0DtAtGyDtAyByEtGyEyDtB0AtCyCyEyBzzyD0DyB2QtN1M1F1B2Z1V1N2Y1L1Qzu2Szy0BtAtAtDzz0DyEtG0CyCyEtBtGyEyBtC0AtGzyyBzzyDtGyByCyEtB0F0CzzzzyCyEyD0C2QtN0A0LzuyE%26cr%3D497893542%26a%3Dwbf_inprft_16_30%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome),Replaced,[858cb805a9f169cde016cdabc83c9a66]Dus%26paBad: (https://us.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_inprft_16_30&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0AyEtAyE0Dzy0CyC0B0F0FtBtCyBtAtBtN0D0Tzu0StCyCyCzytN1L2XzutAtFtBtAtFtCtFtAtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StA0F0BtCzzyE0DyBtGyD0FyD0EtG0FtA0DtAtGyDtAyByEtGyEyDtB0AtCyCyEyBzzyD0DyB2QtN1M1F1B2Z1V1N2Y1L1Qzu2Szy0BtAtAtDzz0DyEtG0CyCyEtBtGyEyBtC0AtGzyyBzzyDtGyByCyEtB0F0CzzzzyCyEyD0C2QtN0A0LzuyE%26cr%3D497893542%26a%3Dwbf_inprft_16_30%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome),Replaced,[858cb805a9f169cde016cdabc83c9a66]DWincy%26cdBad: (https://us.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_inprft_16_30&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0AyEtAyE0Dzy0CyC0B0F0FtBtCyBtAtBtN0D0Tzu0StCyCyCzytN1L2XzutAtFtBtAtFtCtFtAtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StA0F0BtCzzyE0DyBtGyD0FyD0EtG0FtA0DtAtGyDtAyByEtGyEyDtB0AtCyCyEyBzzyD0DyB2QtN1M1F1B2Z1V1N2Y1L1Qzu2Szy0BtAtAtDzz0DyEtG0CyCyEtBtGyEyBtC0AtGzyyBzzyDtGyByCyEtB0F0CzzzzyCyEyD0C2QtN0A0LzuyE%26cr%3D497893542%26a%3Dwbf_inprft_16_30%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome),Replaced,[858cb805a9f169cde016cdabc83c9a66]D2XzuyEtN2Y1L1Qzu0AyEtAyE0Dzy0CyC0B0F0FtBtCyBtAtBtN0D0Tzu0StCyCyCzytN1L2XzutAtFtBtAtFtCtFtAtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StA0F0BtCzzyE0DyBtGyD0FyD0EtG0FtA0DtAtGyDtAyByEtGyEyDtB0AtCyCyEyBzzyD0DyB2QtN1M1F1B2Z1V1N2Y1L1Qzu2Szy0BtAtAtDzz0DyEtG0CyCyEtBtGyEyBtC0AtGzyyBzzyDtGyByCyEtB0F0CzzzzyCyEyD0C2QtN0A0LzuyE%26crBad: (https://us.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_inprft_16_30&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0AyEtAyE0Dzy0CyC0B0F0FtBtCyBtAtBtN0D0Tzu0StCyCyCzytN1L2XzutAtFtBtAtFtCtFtAtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StA0F0BtCzzyE0DyBtGyD0FyD0EtG0FtA0DtAtGyDtAyByEtGyEyDtB0AtCyCyEyBzzyD0DyB2QtN1M1F1B2Z1V1N2Y1L1Qzu2Szy0BtAtAtDzz0DyEtG0CyCyEtBtGyEyBtC0AtGzyyBzzyDtGyByCyEtB0F0CzzzzyCyEyD0C2QtN0A0LzuyE%26cr%3D497893542%26a%3Dwbf_inprft_16_30%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome),Replaced,[858cb805a9f169cde016cdabc83c9a66]D497893542%26aBad: (https://us.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_inprft_16_30&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0AyEtAyE0Dzy0CyC0B0F0FtBtCyBtAtBtN0D0Tzu0StCyCyCzytN1L2XzutAtFtBtAtFtCtFtAtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StA0F0BtCzzyE0DyBtGyD0FyD0EtG0FtA0DtAtGyDtAyByEtGyEyDtB0AtCyCyEyBzzyD0DyB2QtN1M1F1B2Z1V1N2Y1L1Qzu2Szy0BtAtAtDzz0DyEtG0CyCyEtBtGyEyBtC0AtGzyyBzzyDtGyByCyEtB0F0CzzzzyCyEyD0C2QtN0A0LzuyE%26cr%3D497893542%26a%3Dwbf_inprft_16_30%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome),Replaced,[858cb805a9f169cde016cdabc83c9a66]Dwbf_inprft_16_30%26os_verBad: (https://us.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_inprft_16_30&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0AyEtAyE0Dzy0CyC0B0F0FtBtCyBtAtBtN0D0Tzu0StCyCyCzytN1L2XzutAtFtBtAtFtCtFtAtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StA0F0BtCzzyE0DyBtGyD0FyD0EtG0FtA0DtAtGyDtAyByEtGyEyDtB0AtCyCyEyBzzyD0DyB2QtN1M1F1B2Z1V1N2Y1L1Qzu2Szy0BtAtAtDzz0DyEtG0CyCyEtBtGyEyBtC0AtGzyyBzzyDtGyByCyEtB0F0CzzzzyCyEyD0C2QtN0A0LzuyE%26cr%3D497893542%26a%3Dwbf_inprft_16_30%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome),Replaced,[858cb805a9f169cde016cdabc83c9a66]D10.0%26osBad: (https://us.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_inprft_16_30&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0AyEtAyE0Dzy0CyC0B0F0FtBtCyBtAtBtN0D0Tzu0StCyCyCzytN1L2XzutAtFtBtAtFtCtFtAtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StA0F0BtCzzyE0DyBtGyD0FyD0EtG0FtA0DtAtGyDtAyByEtGyEyDtB0AtCyCyEyBzzyD0DyB2QtN1M1F1B2Z1V1N2Y1L1Qzu2Szy0BtAtAtDzz0DyEtG0CyCyEtBtGyEyBtC0AtGzyyBzzyDtGyByCyEtB0F0CzzzzyCyEyD0C2QtN0A0LzuyE%26cr%3D497893542%26a%3Dwbf_inprft_16_30%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome),Replaced,[858cb805a9f169cde016cdabc83c9a66]DWindowsGood: (www.google.com)B10Good: (www.google.com)BHome, %4, %5
 
Folders: 17
PUP.Optional.SearchManager, C:\Users\kitty\AppData\Local\Chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej, Quarantined, [7e93d6e76a30b4824b7ddfe8a260f20e], 
PUP.Optional.SearchManager, C:\Users\kitty\AppData\Local\Chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.7.102_0, Quarantined, [7e93d6e76a30b4824b7ddfe8a260f20e], 
PUP.Optional.SearchManager, C:\Users\kitty\AppData\Local\Chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.7.102_0\content, Quarantined, [7e93d6e76a30b4824b7ddfe8a260f20e], 
PUP.Optional.SearchManager, C:\Users\kitty\AppData\Local\Chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.7.102_0\content\chrome, Quarantined, [7e93d6e76a30b4824b7ddfe8a260f20e], 
PUP.Optional.SearchManager, C:\Users\kitty\AppData\Local\Chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.7.102_0\content\common, Quarantined, [7e93d6e76a30b4824b7ddfe8a260f20e], 
PUP.Optional.SearchManager, C:\Users\kitty\AppData\Local\Chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.7.102_0\content\external, Quarantined, [7e93d6e76a30b4824b7ddfe8a260f20e], 
PUP.Optional.SearchManager, C:\Users\kitty\AppData\Local\Chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.7.102_0\content\search, Quarantined, [7e93d6e76a30b4824b7ddfe8a260f20e], 
PUP.Optional.SearchManager, C:\Users\kitty\AppData\Local\Chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.7.102_0\skin, Quarantined, [7e93d6e76a30b4824b7ddfe8a260f20e], 
PUP.Optional.SearchManager, C:\Users\kitty\AppData\Local\Chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.7.102_0\skin\css, Quarantined, [7e93d6e76a30b4824b7ddfe8a260f20e], 
PUP.Optional.SearchManager, C:\Users\kitty\AppData\Local\Chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.7.102_0\skin\external, Quarantined, [7e93d6e76a30b4824b7ddfe8a260f20e], 
PUP.Optional.SearchManager, C:\Users\kitty\AppData\Local\Chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.7.102_0\skin\fonts, Quarantined, [7e93d6e76a30b4824b7ddfe8a260f20e], 
PUP.Optional.SearchManager, C:\Users\kitty\AppData\Local\Chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.7.102_0\skin\icons, Quarantined, [7e93d6e76a30b4824b7ddfe8a260f20e], 
PUP.Optional.SearchManager, C:\Users\kitty\AppData\Local\Chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.7.102_0\skin\icons\weather, Quarantined, [7e93d6e76a30b4824b7ddfe8a260f20e], 
PUP.Optional.SearchManager, C:\Users\kitty\AppData\Local\Chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.7.102_0\skin\images, Quarantined, [7e93d6e76a30b4824b7ddfe8a260f20e], 
PUP.Optional.SearchManager, C:\Users\kitty\AppData\Local\Chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.7.102_0\_metadata, Quarantined, [7e93d6e76a30b4824b7ddfe8a260f20e], 
PUP.Optional.WinYahoo, C:\Users\kitty\AppData\Local\{49987FC4-6D30-137C-00A8-369424C0CA0C}\HowToRemove, Quarantined, [0c058d303367b482b353dbc26c9833cd], 
PUP.Optional.WinYahoo, C:\Users\kitty\AppData\Local\{49987FC4-6D30-137C-00A8-369424C0CA0C}, Quarantined, [0c058d303367b482b353dbc26c9833cd], 
 
Files: 103
HackTool.KMS.OL, C:\Program Files\KMSpico\AutoPico.exe, Quarantined, [00119d20198195a19fbf3ce8ab5a7987], 
CrackTool.KMSPico, C:\Program Files\KMSpico\KMSELDI.exe, Quarantined, [30e1e9d4d7c3f244e49db2f90af77b85], 
PUP.Optional.BundleInstaller, C:\$Recycle.Bin\S-1-5-21-2973546267-1245024337-2511460995-1001\$R8I1UD1.exe, Quarantined, [828f25981783ca6c365b505fe91bb64a], 
PUP.Optional.WinYahoo, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HowToRemove.html.lnk, Quarantined, [e22f0ab30b8f0f274a2b31af32d133cd], 
PUP.Optional.SearchManager, C:\Users\kitty\AppData\Local\Chromium\User Data\Default\Local Storage\chrome-extension_pilplloabdedfmialnfchjomjmpjcoej_0.localstorage, Quarantined, [af62c4f98b0f3ef858e712e8c63dc53b], 
PUP.Optional.WinYahoo, C:\Windows\Tasks\Yahoo! Powered renic.job, Quarantined, [18f937860f8bec4a16b251621ee6d030], 
PUP.Optional.WinYahoo, C:\Windows\System32\Tasks\Yahoo! Powered renic, Quarantined, [7a97e2dbbedc2214b318cbe81ce845bb], 
PUP.Optional.SearchManager, C:\Users\kitty\AppData\Local\Chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.7.102_0\manifest.json, Quarantined, [7e93d6e76a30b4824b7ddfe8a260f20e], 
PUP.Optional.SearchManager, C:\Users\kitty\AppData\Local\Chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.7.102_0\content\background.html, Quarantined, [7e93d6e76a30b4824b7ddfe8a260f20e], 
PUP.Optional.SearchManager, C:\Users\kitty\AppData\Local\Chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.7.102_0\content\favicon.ico, Quarantined, [7e93d6e76a30b4824b7ddfe8a260f20e], 
PUP.Optional.SearchManager, C:\Users\kitty\AppData\Local\Chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.7.102_0\content\newtab.html, Quarantined, [7e93d6e76a30b4824b7ddfe8a260f20e], 
PUP.Optional.SearchManager, C:\Users\kitty\AppData\Local\Chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.7.102_0\content\chrome\common.js, Quarantined, [7e93d6e76a30b4824b7ddfe8a260f20e], 
PUP.Optional.SearchManager, C:\Users\kitty\AppData\Local\Chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.7.102_0\content\chrome\lifecycle.js, Quarantined, [7e93d6e76a30b4824b7ddfe8a260f20e], 
PUP.Optional.SearchManager, C:\Users\kitty\AppData\Local\Chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.7.102_0\content\chrome\settings.js, Quarantined, [7e93d6e76a30b4824b7ddfe8a260f20e], 
PUP.Optional.SearchManager, C:\Users\kitty\AppData\Local\Chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.7.102_0\content\chrome\setup.js, Quarantined, [7e93d6e76a30b4824b7ddfe8a260f20e], 
PUP.Optional.SearchManager, C:\Users\kitty\AppData\Local\Chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.7.102_0\content\chrome\utils.js, Quarantined, [7e93d6e76a30b4824b7ddfe8a260f20e], 
PUP.Optional.SearchManager, C:\Users\kitty\AppData\Local\Chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.7.102_0\content\common\abtest.js, Quarantined, [7e93d6e76a30b4824b7ddfe8a260f20e], 
PUP.Optional.SearchManager, C:\Users\kitty\AppData\Local\Chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.7.102_0\content\common\conf-sys.js, Quarantined, [7e93d6e76a30b4824b7ddfe8a260f20e], 
PUP.Optional.SearchManager, C:\Users\kitty\AppData\Local\Chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.7.102_0\content\common\conf.js, Quarantined, [7e93d6e76a30b4824b7ddfe8a260f20e], 
PUP.Optional.SearchManager, C:\Users\kitty\AppData\Local\Chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.7.102_0\content\common\nt_ptr.js, Quarantined, [7e93d6e76a30b4824b7ddfe8a260f20e], 
PUP.Optional.SearchManager, C:\Users\kitty\AppData\Local\Chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.7.102_0\content\common\prefs-sys.js, Quarantined, [7e93d6e76a30b4824b7ddfe8a260f20e], 
PUP.Optional.SearchManager, C:\Users\kitty\AppData\Local\Chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.7.102_0\content\common\prefs.js, Quarantined, [7e93d6e76a30b4824b7ddfe8a260f20e], 
PUP.Optional.SearchManager, C:\Users\kitty\AppData\Local\Chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.7.102_0\content\common\settings-dev.js, Quarantined, [7e93d6e76a30b4824b7ddfe8a260f20e], 
PUP.Optional.SearchManager, C:\Users\kitty\AppData\Local\Chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.7.102_0\content\common\udata.js, Quarantined, [7e93d6e76a30b4824b7ddfe8a260f20e], 
PUP.Optional.SearchManager, C:\Users\kitty\AppData\Local\Chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.7.102_0\content\external\jquery-2.1.1.min.js, Quarantined, [7e93d6e76a30b4824b7ddfe8a260f20e], 
PUP.Optional.SearchManager, C:\Users\kitty\AppData\Local\Chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.7.102_0\content\external\md5.min.js, Quarantined, [7e93d6e76a30b4824b7ddfe8a260f20e], 
PUP.Optional.SearchManager, C:\Users\kitty\AppData\Local\Chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.7.102_0\content\external\string.min.js, Quarantined, [7e93d6e76a30b4824b7ddfe8a260f20e], 
PUP.Optional.SearchManager, C:\Users\kitty\AppData\Local\Chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.7.102_0\content\external\underscore-min.js, Quarantined, [7e93d6e76a30b4824b7ddfe8a260f20e], 
PUP.Optional.SearchManager, C:\Users\kitty\AppData\Local\Chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.7.102_0\content\search\AutoSuggest.js, Quarantined, [7e93d6e76a30b4824b7ddfe8a260f20e], 
PUP.Optional.SearchManager, C:\Users\kitty\AppData\Local\Chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.7.102_0\content\search\contentscript.js, Quarantined, [7e93d6e76a30b4824b7ddfe8a260f20e], 
PUP.Optional.SearchManager, C:\Users\kitty\AppData\Local\Chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.7.102_0\content\search\newtab-base.js, Quarantined, [7e93d6e76a30b4824b7ddfe8a260f20e], 
PUP.Optional.SearchManager, C:\Users\kitty\AppData\Local\Chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.7.102_0\content\search\newtab-msg.js, Quarantined, [7e93d6e76a30b4824b7ddfe8a260f20e], 
PUP.Optional.SearchManager, C:\Users\kitty\AppData\Local\Chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.7.102_0\content\search\search-engines.js, Quarantined, [7e93d6e76a30b4824b7ddfe8a260f20e], 
PUP.Optional.SearchManager, C:\Users\kitty\AppData\Local\Chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.7.102_0\content\search\search-form.js, Quarantined, [7e93d6e76a30b4824b7ddfe8a260f20e], 
PUP.Optional.SearchManager, C:\Users\kitty\AppData\Local\Chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.7.102_0\content\search\search-redirect.js, Quarantined, [7e93d6e76a30b4824b7ddfe8a260f20e], 
PUP.Optional.SearchManager, C:\Users\kitty\AppData\Local\Chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.7.102_0\skin\css\newtab.css, Quarantined, [7e93d6e76a30b4824b7ddfe8a260f20e], 
PUP.Optional.SearchManager, C:\Users\kitty\AppData\Local\Chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.7.102_0\skin\css\search.css, Quarantined, [7e93d6e76a30b4824b7ddfe8a260f20e], 
PUP.Optional.SearchManager, C:\Users\kitty\AppData\Local\Chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.7.102_0\skin\css\search2.css, Quarantined, [7e93d6e76a30b4824b7ddfe8a260f20e], 
PUP.Optional.SearchManager, C:\Users\kitty\AppData\Local\Chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.7.102_0\skin\css\styles.css, Quarantined, [7e93d6e76a30b4824b7ddfe8a260f20e], 
PUP.Optional.SearchManager, C:\Users\kitty\AppData\Local\Chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.7.102_0\skin\css\white_bg.css, Quarantined, [7e93d6e76a30b4824b7ddfe8a260f20e], 
PUP.Optional.SearchManager, C:\Users\kitty\AppData\Local\Chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.7.102_0\skin\external\normalize.css, Quarantined, [7e93d6e76a30b4824b7ddfe8a260f20e], 
PUP.Optional.SearchManager, C:\Users\kitty\AppData\Local\Chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.7.102_0\skin\fonts\HelveticaNeue-Thin.otf, Quarantined, [7e93d6e76a30b4824b7ddfe8a260f20e], 
PUP.Optional.SearchManager, C:\Users\kitty\AppData\Local\Chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.7.102_0\skin\fonts\neue-bold.woff, Quarantined, [7e93d6e76a30b4824b7ddfe8a260f20e], 
PUP.Optional.SearchManager, C:\Users\kitty\AppData\Local\Chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.7.102_0\skin\fonts\neue.woff, Quarantined, [7e93d6e76a30b4824b7ddfe8a260f20e], 
PUP.Optional.SearchManager, C:\Users\kitty\AppData\Local\Chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.7.102_0\skin\icons\128.png, Quarantined, [7e93d6e76a30b4824b7ddfe8a260f20e], 
PUP.Optional.SearchManager, C:\Users\kitty\AppData\Local\Chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.7.102_0\skin\icons\16.png, Quarantined, [7e93d6e76a30b4824b7ddfe8a260f20e], 
PUP.Optional.SearchManager, C:\Users\kitty\AppData\Local\Chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.7.102_0\skin\icons\48.png, Quarantined, [7e93d6e76a30b4824b7ddfe8a260f20e], 
PUP.Optional.SearchManager, C:\Users\kitty\AppData\Local\Chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.7.102_0\skin\icons\close.png, Quarantined, [7e93d6e76a30b4824b7ddfe8a260f20e], 
PUP.Optional.SearchManager, C:\Users\kitty\AppData\Local\Chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.7.102_0\skin\icons\weather\01d.svg, Quarantined, [7e93d6e76a30b4824b7ddfe8a260f20e], 
PUP.Optional.SearchManager, C:\Users\kitty\AppData\Local\Chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.7.102_0\skin\icons\weather\01n.svg, Quarantined, [7e93d6e76a30b4824b7ddfe8a260f20e], 
PUP.Optional.SearchManager, C:\Users\kitty\AppData\Local\Chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.7.102_0\skin\icons\weather\02d.svg, Quarantined, [7e93d6e76a30b4824b7ddfe8a260f20e], 
PUP.Optional.SearchManager, C:\Users\kitty\AppData\Local\Chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.7.102_0\skin\icons\weather\02n.svg, Quarantined, [7e93d6e76a30b4824b7ddfe8a260f20e], 
PUP.Optional.SearchManager, C:\Users\kitty\AppData\Local\Chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.7.102_0\skin\icons\weather\03d.svg, Quarantined, [7e93d6e76a30b4824b7ddfe8a260f20e], 
PUP.Optional.SearchManager, C:\Users\kitty\AppData\Local\Chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.7.102_0\skin\icons\weather\03n.svg, Quarantined, [7e93d6e76a30b4824b7ddfe8a260f20e], 
PUP.Optional.SearchManager, C:\Users\kitty\AppData\Local\Chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.7.102_0\skin\icons\weather\04d.svg, Quarantined, [7e93d6e76a30b4824b7ddfe8a260f20e], 
PUP.Optional.SearchManager, C:\Users\kitty\AppData\Local\Chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.7.102_0\skin\icons\weather\04n.svg, Quarantined, [7e93d6e76a30b4824b7ddfe8a260f20e], 
PUP.Optional.SearchManager, C:\Users\kitty\AppData\Local\Chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.7.102_0\skin\icons\weather\09d.svg, Quarantined, [7e93d6e76a30b4824b7ddfe8a260f20e], 
PUP.Optional.SearchManager, C:\Users\kitty\AppData\Local\Chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.7.102_0\skin\icons\weather\09n.svg, Quarantined, [7e93d6e76a30b4824b7ddfe8a260f20e], 
PUP.Optional.SearchManager, C:\Users\kitty\AppData\Local\Chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.7.102_0\skin\icons\weather\10d.svg, Quarantined, [7e93d6e76a30b4824b7ddfe8a260f20e], 
PUP.Optional.SearchManager, C:\Users\kitty\AppData\Local\Chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.7.102_0\skin\icons\weather\10n.svg, Quarantined, [7e93d6e76a30b4824b7ddfe8a260f20e], 
PUP.Optional.SearchManager, C:\Users\kitty\AppData\Local\Chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.7.102_0\skin\icons\weather\11d.svg, Quarantined, [7e93d6e76a30b4824b7ddfe8a260f20e], 
PUP.Optional.SearchManager, C:\Users\kitty\AppData\Local\Chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.7.102_0\skin\icons\weather\11n.svg, Quarantined, [7e93d6e76a30b4824b7ddfe8a260f20e], 
PUP.Optional.SearchManager, C:\Users\kitty\AppData\Local\Chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.7.102_0\skin\icons\weather\13d.svg, Quarantined, [7e93d6e76a30b4824b7ddfe8a260f20e], 
PUP.Optional.SearchManager, C:\Users\kitty\AppData\Local\Chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.7.102_0\skin\icons\weather\13n.svg, Quarantined, [7e93d6e76a30b4824b7ddfe8a260f20e], 
PUP.Optional.SearchManager, C:\Users\kitty\AppData\Local\Chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.7.102_0\skin\icons\weather\50d.svg, Quarantined, [7e93d6e76a30b4824b7ddfe8a260f20e], 
PUP.Optional.SearchManager, C:\Users\kitty\AppData\Local\Chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.7.102_0\skin\icons\weather\50n.svg, Quarantined, [7e93d6e76a30b4824b7ddfe8a260f20e], 
PUP.Optional.SearchManager, C:\Users\kitty\AppData\Local\Chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.7.102_0\skin\images\bg.jpg, Quarantined, [7e93d6e76a30b4824b7ddfe8a260f20e], 
PUP.Optional.SearchManager, C:\Users\kitty\AppData\Local\Chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.7.102_0\skin\images\bing.png, Quarantined, [7e93d6e76a30b4824b7ddfe8a260f20e], 
PUP.Optional.SearchManager, C:\Users\kitty\AppData\Local\Chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.7.102_0\skin\images\bluesky-bg.jpg, Quarantined, [7e93d6e76a30b4824b7ddfe8a260f20e], 
PUP.Optional.SearchManager, C:\Users\kitty\AppData\Local\Chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.7.102_0\skin\images\brush.png, Quarantined, [7e93d6e76a30b4824b7ddfe8a260f20e], 
PUP.Optional.SearchManager, C:\Users\kitty\AppData\Local\Chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.7.102_0\skin\images\clock.png, Quarantined, [7e93d6e76a30b4824b7ddfe8a260f20e], 
PUP.Optional.SearchManager, C:\Users\kitty\AppData\Local\Chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.7.102_0\skin\images\cloud.png, Quarantined, [7e93d6e76a30b4824b7ddfe8a260f20e], 
PUP.Optional.SearchManager, C:\Users\kitty\AppData\Local\Chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.7.102_0\skin\images\cupcake-bg.jpg, Quarantined, [7e93d6e76a30b4824b7ddfe8a260f20e], 
PUP.Optional.SearchManager, C:\Users\kitty\AppData\Local\Chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.7.102_0\skin\images\desk-bg.jpg, Quarantined, [7e93d6e76a30b4824b7ddfe8a260f20e], 
PUP.Optional.SearchManager, C:\Users\kitty\AppData\Local\Chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.7.102_0\skin\images\doodle.png, Quarantined, [7e93d6e76a30b4824b7ddfe8a260f20e], 
PUP.Optional.SearchManager, C:\Users\kitty\AppData\Local\Chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.7.102_0\skin\images\down.png, Quarantined, [7e93d6e76a30b4824b7ddfe8a260f20e], 
PUP.Optional.SearchManager, C:\Users\kitty\AppData\Local\Chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.7.102_0\skin\images\google.png, Quarantined, [7e93d6e76a30b4824b7ddfe8a260f20e], 
PUP.Optional.SearchManager, C:\Users\kitty\AppData\Local\Chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.7.102_0\skin\images\mountain-bg.jpg, Quarantined, [7e93d6e76a30b4824b7ddfe8a260f20e], 
PUP.Optional.SearchManager, C:\Users\kitty\AppData\Local\Chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.7.102_0\skin\images\sea-bg.jpg, Quarantined, [7e93d6e76a30b4824b7ddfe8a260f20e], 
PUP.Optional.SearchManager, C:\Users\kitty\AppData\Local\Chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.7.102_0\skin\images\yahoo.png, Quarantined, [7e93d6e76a30b4824b7ddfe8a260f20e], 
PUP.Optional.SearchManager, C:\Users\kitty\AppData\Local\Chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.7.102_0\skin\images\yahoo.svg, Quarantined, [7e93d6e76a30b4824b7ddfe8a260f20e], 
PUP.Optional.SearchManager, C:\Users\kitty\AppData\Local\Chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.7.102_0\_metadata\verified_contents.json, Quarantined, [7e93d6e76a30b4824b7ddfe8a260f20e], 
PUP.Optional.WinYahoo, C:\Users\kitty\AppData\Local\{49987FC4-6D30-137C-00A8-369424C0CA0C}\HowToRemove\HowToRemove.html, Quarantined, [0c058d303367b482b353dbc26c9833cd], 
PUP.Optional.WinYahoo, C:\Users\kitty\AppData\Local\{49987FC4-6D30-137C-00A8-369424C0CA0C}\HowToRemove\chromium-min.jpg, Quarantined, [0c058d303367b482b353dbc26c9833cd], 
PUP.Optional.WinYahoo, C:\Users\kitty\AppData\Local\{49987FC4-6D30-137C-00A8-369424C0CA0C}\HowToRemove\control panel-min-min.JPG, Quarantined, [0c058d303367b482b353dbc26c9833cd], 
PUP.Optional.WinYahoo, C:\Users\kitty\AppData\Local\{49987FC4-6D30-137C-00A8-369424C0CA0C}\HowToRemove\down.png, Quarantined, [0c058d303367b482b353dbc26c9833cd], 
PUP.Optional.WinYahoo, C:\Users\kitty\AppData\Local\{49987FC4-6D30-137C-00A8-369424C0CA0C}\HowToRemove\ff menu.JPG, Quarantined, [0c058d303367b482b353dbc26c9833cd], 
PUP.Optional.WinYahoo, C:\Users\kitty\AppData\Local\{49987FC4-6D30-137C-00A8-369424C0CA0C}\HowToRemove\ff search engine-min.png, Quarantined, [0c058d303367b482b353dbc26c9833cd], 
PUP.Optional.WinYahoo, C:\Users\kitty\AppData\Local\{49987FC4-6D30-137C-00A8-369424C0CA0C}\HowToRemove\hp-min ff.png, Quarantined, [0c058d303367b482b353dbc26c9833cd], 
PUP.Optional.WinYahoo, C:\Users\kitty\AppData\Local\{49987FC4-6D30-137C-00A8-369424C0CA0C}\HowToRemove\hp-min ie.png, Quarantined, [0c058d303367b482b353dbc26c9833cd], 
PUP.Optional.WinYahoo, C:\Users\kitty\AppData\Local\{49987FC4-6D30-137C-00A8-369424C0CA0C}\HowToRemove\search engine.gif, Quarantined, [0c058d303367b482b353dbc26c9833cd], 
PUP.Optional.WinYahoo, C:\Users\kitty\AppData\Local\{49987FC4-6D30-137C-00A8-369424C0CA0C}\HowToRemove\setup pages.gif, Quarantined, [0c058d303367b482b353dbc26c9833cd], 
PUP.Optional.WinYahoo, C:\Users\kitty\AppData\Local\{49987FC4-6D30-137C-00A8-369424C0CA0C}\HowToRemove\sp-min.png, Quarantined, [0c058d303367b482b353dbc26c9833cd], 
PUP.Optional.WinYahoo, C:\Users\kitty\AppData\Local\{49987FC4-6D30-137C-00A8-369424C0CA0C}\HowToRemove\start-min.jpg, Quarantined, [0c058d303367b482b353dbc26c9833cd], 
PUP.Optional.WinYahoo, C:\Users\kitty\AppData\Local\{49987FC4-6D30-137C-00A8-369424C0CA0C}\HowToRemove\up.png, Quarantined, [0c058d303367b482b353dbc26c9833cd], 
PUP.Optional.WinYahoo, C:\Users\kitty\AppData\Local\{49987FC4-6D30-137C-00A8-369424C0CA0C}\bapi.dat, Quarantined, [0c058d303367b482b353dbc26c9833cd], 
PUP.Optional.WinYahoo, C:\Users\kitty\AppData\Local\{49987FC4-6D30-137C-00A8-369424C0CA0C}\dido, Quarantined, [0c058d303367b482b353dbc26c9833cd], 
PUP.Optional.WinYahoo, C:\Users\kitty\AppData\Local\{49987FC4-6D30-137C-00A8-369424C0CA0C}\fani, Quarantined, [0c058d303367b482b353dbc26c9833cd], 
PUP.Optional.WinYahoo, C:\Users\kitty\AppData\Local\{49987FC4-6D30-137C-00A8-369424C0CA0C}\install.log, Quarantined, [0c058d303367b482b353dbc26c9833cd], 
PUP.Optional.WinYahoo, C:\Users\kitty\AppData\Local\{49987FC4-6D30-137C-00A8-369424C0CA0C}\Sqlite3.dll, Quarantined, [0c058d303367b482b353dbc26c9833cd], 
PUP.Optional.WinYahoo, C:\Users\kitty\AppData\Local\{49987FC4-6D30-137C-00A8-369424C0CA0C}\toso, Quarantined, [0c058d303367b482b353dbc26c9833cd], 
PUP.Optional.WinYahoo, C:\Users\kitty\AppData\Local\{49987FC4-6D30-137C-00A8-369424C0CA0C}\uninst.dat, Quarantined, [0c058d303367b482b353dbc26c9833cd], 
PUP.Optional.WinYahoo, C:\Users\kitty\AppData\Local\{49987FC4-6D30-137C-00A8-369424C0CA0C}\uninst.exe, Quarantined, [0c058d303367b482b353dbc26c9833cd], 
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 
 
The content from JRT.txt:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.9 (09.30.2016)
Operating System: Windows 10 Home x64 
Ran by sree_ (Administrator) on 11/06/2016 at 17:03:50.87
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
File System: 5 
 
Successfully deleted: C:\Users\sree_\AppData\Local\Google\Chrome\User Data\Default\Extensions\klbibkeccnjlkjkiokjodocebajanakg (Folder) 
Successfully deleted: C:\Users\sree_\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_klbibkeccnjlkjkiokjodocebajanakg_0.localstorage-journal (File) 
Successfully deleted: C:\Users\sree_\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_klbibkeccnjlkjkiokjodocebajanakg_0.localstorage (File) 
Successfully deleted: C:\Users\sree_\AppData\Local\nico mak computing (Folder) 
Successfully deleted: C:\WINDOWS\prefetch\ASKPASS.EXE-397B77FE.pf (File) 
 
 
 
Registry: 1 
 
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{A5EBF491-F7F9-4E23-B38D-C495E91DEA54} (Registry Key)
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 11/06/2016 at 17:08:32.75
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
The adwcleaner[s#].txt content is:
 
# AdwCleaner v6.030 - Logfile created 06/11/2016 at 20:05:13
# Updated on 19/10/2016 by Malwarebytes
# Database : 2016-11-05.1 [Server]
# Operating System : Windows 10 Home  (X64)
# Username : sree_ - DESKTOP-22JAIA0
# Running from : C:\Users\sree_\Downloads\AdwCleaner.exe
# Mode: Clean
# Support : hxxps://www.malwarebytes.com/support
 
 
 
***** [ Services ] *****
 
[-] Service deleted: Update service
 
 
***** [ Folders ] *****
 
[-] Folder deleted: C:\Users\kitty\AppData\Local\Host App Service
[-] Folder deleted: C:\Users\kitty\AppData\Local\StackPlayer
[-] Folder deleted: C:\Users\kitty\AppData\Roaming\RPEng
[-] Folder deleted: C:\Users\kitty\AppData\Roaming\Microsoft\Windows\Start Menu\ByteFence
 
 
***** [ Files ] *****
 
 
 
***** [ DLL ] *****
 
 
 
***** [ WMI ] *****
 
 
 
***** [ Shortcuts ] *****
 
 
 
***** [ Scheduled Tasks ] *****
 
 
 
***** [ Registry ] *****
 
[-] Key deleted: HKLM\SOFTWARE\Classes\FileTime.FileTimeShlExt
[-] Key deleted: HKLM\SOFTWARE\Classes\FileTime.FileTimeShlExt.1
[-] Key deleted: HKLM\SOFTWARE\Classes\OCComSDK.ComSDK
[-] Key deleted: HKLM\SOFTWARE\Classes\OCComSDK.ComSDK.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\FileTime.FileTimeShlExt
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\FileTime.FileTimeShlExt.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\OCComSDK.ComSDK
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\OCComSDK.ComSDK.1
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{B9D64D3B-BE75-4FA2-B94A-C4AE772A0146}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{47A1DF02-BCE4-40C3-AE47-E3EA09A65E4A}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{FA7B2795-C0C8-4A58-8672-3F8D80CC0270}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{47A1DF02-BCE4-40C3-AE47-E3EA09A65E4A}
[-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{1112F282-7099-4624-A439-DB29D6551552}
[-] Key deleted: HKU\.DEFAULT\Software\ByteFence
[-] Key deleted: HKU\S-1-5-21-2973546267-1245024337-2511460995-1001\Software\ByteFence
[-] Key deleted: HKU\S-1-5-21-2973546267-1245024337-2511460995-1001\Software\torch
[-] Key deleted: HKU\S-1-5-21-2973546267-1245024337-2511460995-1001\Software\Host App Service
[-] Key deleted: HKU\S-1-5-21-2973546267-1245024337-2511460995-1001\Software\StackPlayer
[-] Key deleted: HKU\S-1-5-21-2973546267-1245024337-2511460995-1001\Software\Microsoft\Windows\CurrentVersion\Uninstall\Host App Service
[#] Key deleted on reboot: HKU\S-1-5-18\Software\ByteFence
[-] Key deleted: HKLM\SOFTWARE\torch
[-] Data restored: HKU\S-1-5-21-2973546267-1245024337-2511460995-1001\Software\Microsoft\Internet Explorer\Main [Default_Secondary_Page_URL] 
[-] Data restored: HKU\S-1-5-21-2973546267-1245024337-2511460995-1001\Software\Microsoft\Internet Explorer\Main [Secondary Start Pages] 
[-] Data restored: HKU\S-1-5-21-2973546267-1245024337-2511460995-1002\Software\Microsoft\Internet Explorer\Main [Default_Secondary_Page_URL] 
[-] Data restored: HKCU\Software\Microsoft\Internet Explorer\Main [Default_Secondary_Page_URL] 
[-] Data restored: [x64] HKCU\Software\Microsoft\Internet Explorer\Main [Default_Secondary_Page_URL] 
[-] Value deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32 [Stack Player]
[-] Key deleted: HKLM\SOFTWARE\Classes\Applications\Torch.exe
[-] Key deleted: HKLM\SOFTWARE\Clients\StartMenuInternet\Torch
 
 
***** [ Web browsers ] *****
 
[-] [C:\Users\kitty\AppData\Local\Chromium\User Data\Default\Web data] [Search Provider] Deleted: yahoo! powered
[-] [C:\Users\kitty\AppData\Local\Chromium\User Data\Default] [startup_urls] Deleted: hxxps://us.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_inprft_16_30&param1=1&param2=f%3D7%26b%3Dchmm%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0AyEtAyE0Dzy0CyC0B0F0FtBtCyBtAtBtN0D0Tzu0StCyCyCzytN1L2XzutAtFtBtAtFtCtFtAtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StA0F0BtCzzyE0DyBtGyD0FyD0EtG0FtA0DtAtGyDtAyByEtGyEyDtB0AtCyCyEyBzzyD0DyB2QtN1M1F1B2Z1V1N2Y1L1Qzu2Szy0BtAtAtDzz0DyEtG0CyCyEtBtGyEyBtC0AtGzyyBzzyDtGyByCyEtB0F0CzzzzyCyEyD0C2QtN0A0LzuyE%26cr%3D497893542%26a%3Dwbf_inprft_16_30%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&uref=chmm
[-] [C:\Users\kitty\AppData\Local\Chromium\User Data\Default] [extension] Deleted: pilplloabdedfmialnfchjomjmpjcoej
[-] [C:\Users\kitty\AppData\Local\Chromium\User Data\Default] [homepage] Deleted: hxxps://us.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_inprft_16_30&param1=1&param2=f%3D1%26b%3Dchmm%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0AyEtAyE0Dzy0CyC0B0F0FtBtCyBtAtBtN0D0Tzu0StCyCyCzytN1L2XzutAtFtBtAtFtCtFtAtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StA0F0BtCzzyE0DyBtGyD0FyD0EtG0FtA0DtAtGyDtAyByEtGyEyDtB0AtCyCyEyBzzyD0DyB2QtN1M1F1B2Z1V1N2Y1L1Qzu2Szy0BtAtAtDzz0DyEtG0CyCyEtBtGyEyBtC0AtGzyyBzzyDtGyByCyEtB0F0CzzzzyCyEyD0C2QtN0A0LzuyE%26cr%3D497893542%26a%3Dwbf_inprft_16_30%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&uref=chmm
[-] [C:\Users\kitty\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: aol.com
[-] [C:\Users\kitty\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: the-sims-4-get-to-work.en.softonic.com
[-] [C:\Users\kitty\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: trovi.search
[-] [C:\Users\kitty\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: ask.com
[-] [C:\Users\kitty\AppData\Local\Google\Chrome\User Data\Default] [extension] Deleted: dalglnklbdkfhihfcagbcdbnmlhcdpha
[-] [C:\Users\kitty\AppData\Local\Google\Chrome\User Data\Default] [extension] Deleted: pilplloabdedfmialnfchjomjmpjcoej
[-] [C:\Users\sree_\AppData\Local\Google\Chrome\User Data\Default] [startup_urls] Deleted: hxxps://isearch.avg.com/?cid={486FDAA6-4262-48A2-8B4D-620A7059FD18}&mid=cb52840bcde547d0b28419d59a9a9dca-bc4f14982843553d8de68df8ae0a3e5af1c8c7fd&lang=en&ds=oo011&pr=sa&d=2012-08-01 09:43:31&v=12.1.0.21&sap=hp
[-] [C:\Users\sree_\AppData\Local\Google\Chrome\User Data\Default] [startup_urls] Deleted: hxxp://www.searchamong.com
[-] [C:\Users\sree_\AppData\Local\Google\Chrome\User Data\Default] [startup_urls] Deleted: hxxp://mystart.incredibar.com/mb165?a=6PQQXdhxzU&i=26
[-] [C:\Users\sree_\AppData\Local\Google\Chrome\User Data\Default] [startup_urls] Deleted: hxxp://www.delta-search.com/?affID=119776&tt=060612_5_&babsrc=HP_ss&mntrId=30017b57000000000000c89cdc7e7439
[-] [C:\Users\sree_\AppData\Local\Google\Chrome\User Data\Default] [startup_urls] Deleted: hxxp://search.conduit.com/?ctid=CT3289075&SearchSource=48&CUI=UN25651902587901581&UM=2
[-] [C:\Users\sree_\AppData\Local\Google\Chrome\User Data\Default] [startup_urls] Deleted: hxxp://search.conduit.com/?ctid=CT3291326&SearchSource=48&CUI=UN14953311982634269&UM=2
[-] [C:\Users\sree_\AppData\Local\Google\Chrome\User Data\Default] [startup_urls] Deleted: hxxps://us.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_pwrisofs_15_43&param1=1&param2=f%3D7%26b%3DChrome%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0Fzz0AzyyCtAtByD0FyD0FtD0AzyyDyDtN0D0Tzu0StCtAzytAtN1L2XzutAtFtCyEtFtDtFtBtN1L1Czu1BtAtN1L1G1B1V1N2Y1L1Qzu2SyD0BzztA0AyB0EyDtGyD0DyByEtG0C0C0D0FtGyByDyBtCtGyCyBzyyCtAzyyDzz0EtC0FtA2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0CtAyB0C0DyD0FyCtGtCyC0A0FtGyE0CyC0DtG0A0ByCyCtGtD0FyEzz0F0Bzyzy0CyB0B0E2QtN0A0LzutBtN1B2Z1V1T1S1NzutCtCtByC%26cr%3D1805982823%26a%3Dwncy_pwrisofs_15_43%26os%3DWindows%2B10%2BHome
[-] [C:\Users\sree_\AppData\Local\Google\Chrome\User Data\Default] [extension] Deleted: gjkpcnacdgdlpfejlgflolpaigoicibh
[-] [C:\Users\sree_\AppData\Local\Google\Chrome\User Data\Default] [extension] Deleted: pilplloabdedfmialnfchjomjmpjcoej
 
 
*************************
 
:: "Tracing" keys deleted
:: Winsock settings cleared
 
*************************
 
C:\AdwCleaner\AdwCleaner[C0].txt - [7815 Bytes] - [06/11/2016 20:05:13]
C:\AdwCleaner\AdwCleaner[S0].txt - [7052 Bytes] - [06/11/2016 18:21:54]
C:\AdwCleaner\AdwCleaner[S1].txt - [6819 Bytes] - [06/11/2016 19:22:34]
 
########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [8034 Bytes] ##########


#5 shelf life

shelf life

  • Malware Response Team
  • 2,651 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:02:33 PM

Posted 07 November 2016 - 05:49 PM

Ok, that was quite a load. Hows it all looking on your end now?


How Can I Reduce My Risk to Malware?


#6 sree98

sree98
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:33 PM

Posted 07 November 2016 - 05:52 PM

Sorry for all them logs.

 

There weren't any popups yesterday, but today I had several popups.

In fact, I just had one pop up a couple of minutes ago.



#7 shelf life

shelf life

  • Malware Response Team
  • 2,651 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:02:33 PM

Posted 08 November 2016 - 04:13 PM

Ok, We will use FRST to remove some items:

​Copy/paste whats in the box below into notepad, save it as fixlist.txt in the same location you have FRST. (the desktop)

​Start FRST like before except this time click on the Fix button once.

​Machine will reboot to finish. Upon reboot it will display a new log called fixlog.txt which you can copy/paste in your reply.

​And just for good measure you can rerun Malwarebytes after you get done with FRST.

HKLM-x32\...\Run: [] => [X]
GroupPolicy: Restriction <======= ATTENTION
HKLM\...\Policies\Explorer: [AllowLegacyWebView] 1
HKLM\...\Policies\Explorer: [AllowUnhashedWebView] 1
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://us.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_inprft_16_30&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0AyEtAyE0Dzy0CyC0B0F0FtBtCyBtAtBtN0D0Tzu0StCyCyCzytN1L2XzutAtFtBtAtFtCtFtAtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StA0F0BtCzzyE0DyBtGyD0FyD0EtG0FtA0DtAtGyDtAyByEtGyEyDtB0AtCyCyEyBzzyD0DyB2QtN1M1F1B2Z1V1N2Y1L1Qzu2Szy0BtAtAtDzz0DyEtG0CyCyEtBtGyEyBtC0AtGzyyBzzyDtGyByCyEtB0F0CzzzzyCyEyD0C2QtN0A0LzuyE%26cr%3D497893542%26a%3Dwbf_inprft_16_30%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome
HKU\S-1-5-21-2973546267-1245024337-2511460995-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://kashmirgarden.ddns.net:2051/#/liveView.rsp
HKU\S-1-5-21-2973546267-1245024337-2511460995-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo15.msn.com/?pc=LCTE
HKU\S-1-5-21-2973546267-1245024337-2511460995-1002\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://mystart.lenovo.com
HKU\S-1-5-21-2973546267-1245024337-2511460995-1002\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://mystart.lenovo.com
SearchScopes: HKLM -> DefaultScope {A5EBF491-F7F9-4E23-B38D-C495E91DEA54} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_inprft_16_30&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0AyEtAyE0Dzy0CyC0B0F0FtBtCyBtAtBtN0D0Tzu0StCyCyCzytN1L2XzutAtFtBtAtFtCtFtAtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StA0F0BtCzzyE0DyBtGyD0FyD0EtG0FtA0DtAtGyDtAyByEtGyEyDtB0AtCyCyEyBzzyD0DyB2QtN1M1F1B2Z1V1N2Y1L1Qzu2Szy0BtAtAtDzz0DyEtG0CyCyEtBtGyEyBtC0AtGzyyBzzyDtGyByCyEtB0F0CzzzzyCyEyD0C2QtN0A0LzuyE%26cr%3D497893542%26a%3Dwbf_inprft_16_30%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms}
SearchScopes: HKLM -> {A5EBF491-F7F9-4E23-B38D-C495E91DEA54} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_inprft_16_30&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0AyEtAyE0Dzy0CyC0B0F0FtBtCyBtAtBtN0D0Tzu0StCyCyCzytN1L2XzutAtFtBtAtFtCtFtAtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StA0F0BtCzzyE0DyBtGyD0FyD0EtG0FtA0DtAtGyDtAyByEtGyEyDtB0AtCyCyEyBzzyD0DyB2QtN1M1F1B2Z1V1N2Y1L1Qzu2Szy0BtAtAtDzz0DyEtG0CyCyEtBtGyEyBtC0AtGzyyBzzyDtGyByCyEtB0F0CzzzzyCyEyD0C2QtN0A0LzuyE%26cr%3D497893542%26a%3Dwbf_inprft_16_30%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {A5EBF491-F7F9-4E23-B38D-C495E91DEA54} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_inprft_16_30&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0AyEtAyE0Dzy0CyC0B0F0FtBtCyBtAtBtN0D0Tzu0StCyCyCzytN1L2XzutAtFtBtAtFtCtFtAtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StA0F0BtCzzyE0DyBtGyD0FyD0EtG0FtA0DtAtGyDtAyByEtGyEyDtB0AtCyCyEyBzzyD0DyB2QtN1M1F1B2Z1V1N2Y1L1Qzu2Szy0BtAtAtDzz0DyEtG0CyCyEtBtGyEyBtC0AtGzyyBzzyDtGyByCyEtB0F0CzzzzyCyEyD0C2QtN0A0LzuyE%26cr%3D497893542%26a%3Dwbf_inprft_16_30%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms}
SearchScopes: HKLM-x32 -> {A5EBF491-F7F9-4E23-B38D-C495E91DEA54} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_inprft_16_30&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0AyEtAyE0Dzy0CyC0B0F0FtBtCyBtAtBtN0D0Tzu0StCyCyCzytN1L2XzutAtFtBtAtFtCtFtAtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StA0F0BtCzzyE0DyBtGyD0FyD0EtG0FtA0DtAtGyDtAyByEtGyEyDtB0AtCyCyEyBzzyD0DyB2QtN1M1F1B2Z1V1N2Y1L1Qzu2Szy0BtAtAtDzz0DyEtG0CyCyEtBtGyEyBtC0AtGzyyBzzyDtGyByCyEtB0F0CzzzzyCyEyD0C2QtN0A0LzuyE%26cr%3D497893542%26a%3Dwbf_inprft_16_30%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2973546267-1245024337-2511460995-1002 -> DefaultScope {A5EBF491-F7F9-4E23-B38D-C495E91DEA54} URL = 
SearchScopes: HKU\S-1-5-21-2973546267-1245024337-2511460995-1002 -> {A5EBF491-F7F9-4E23-B38D-C495E91DEA54} URL = 
CHR StartupUrls: Default -> "hxxp://www.google.com/","hxxps://isearch.avg.com/?cid={486FDAA6-4262-48A2-8B4D-620A7059FD18}&mid=cb52840bcde547d0b28419d59a9a9dca-bc4f14982843553d8de68df8ae0a3e5af1c8c7fd&lang=en&ds=oo011&pr=sa&d=2012-08-01 09:43:31&v=12.1.0.21&sap=hp","hxxp://www.adoresearch.com/431","hxxp://www.searchamong.com","hxxp://mystart.incredibar.com/mb165?a=6PQQXdhxzU&i=26","hxxp://www.delta-search.com/?affID=119776&tt=060612_5_&babsrc=HP_ss&mntrId=30017b57000000000000c89cdc7e7439","hxxp://search.easylifeapp.com/?pid=34&src=ch1&r=2013/04/05&hid=3978749333&lg=EN&cc=US","hxxp://search.conduit.com/?ctid=CT3289075&SearchSource=48&CUI=UN25651902587901581&UM=2","hxxp://search.conduit.com/?ctid=CT3291326&SearchSource=48&CUI=UN14953311982634269&UM=2","","hxxp://feed.snap.do/?publisher=ShoppingHelper&dpid=ShoppingHelper&co=US&userid=e8ade0ea-6980-4d8e-ad4d-54201fb2e6b2&searchtype=hp&installDate=28/10/2013","hxxp://home.torchbrowser.com","hxxps://us.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_pwrisofs_15_43&param1=1&param2=f%3D7%26b%3DChrome%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0Fzz0AzyyCtAtByD0FyD0FtD0AzyyDyDtN0D0Tzu0StCtAzytAtN1L2XzutAtFtCyEtFtDtFtBtN1L1Czu1BtAtN1L1G1B1V1N2Y1L1Qzu2SyD0BzztA0AyB0EyDtGyD0DyByEtG0C0C0D0FtGyByDyBtCtGyCyBzyyCtAzyyDzz0EtC0FtA2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0CtAyB0C0DyD0FyCtGtCyC0A0FtGyE0CyC0DtG0A0ByCyCtGtD0FyEzz0F0Bzyzy0CyB0B0E2QtN0A0LzutBtN1B2Z1V1T1S1NzutCtCtByC%26cr%3D1805982823%26a%3Dwncy_pwrisofs_15_43%26os%3DWindows%2B10%2BHome"
CHR DefaultSearchURL: Default -> hxxp://srch.bar/{searchTerms}
CHR DefaultSuggestURL: Default -> hxxp://srch.bar/?s={searchTerms}
2016-10-05 12:23 - 2016-10-27 18:05 - 0000600 _____ () C:\Users\sree_\AppData\Local\PUTTY.RND
2016-10-25 22:03 - 2016-10-25 22:03 - 0000057 _____ () C:\ProgramData\Ament.ini
2016-09-20 04:57 - 2016-09-20 04:57 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2016-09-20 04:57 - 2016-09-20 04:57 - 0000102 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.64.bc
C:\Users\sree_\ntrights.exe
C:\Users\sree_\scp.exe
C:\Users\sree_\sftp-server.exe
C:\Users\sree_\sftp.exe
C:\Users\sree_\ssh-add.exe
C:\Users\sree_\ssh-agent.exe
C:\Users\sree_\ssh-keygen.exe
C:\Users\sree_\ssh-lsa.dll
C:\Users\sree_\ssh-shellhost.exe
C:\Users\sree_\ssh.exe
C:\Users\sree_\sshd.exe
Task: {1A35E08D-C947-4674-9088-F0FE11E81AB4} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 => C:\Program Files (x86)\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2015-07-08] (Lenovo)
Task: {C63E99B9-791B-4E04-ABA5-4BF32287118F} - \Lenovo\Lenovo Service Bridge\S-1-5-21-2973546267-1245024337-2511460995-1002 -> No File <==== ATTENTION
Task: {D279AD1E-73E2-4C19-8D1B-CC8DF1381A23} - System32\Tasks\Yahoo! Powered renic => Wscript.exe "C:\ProgramData\{20DAE5B9-AA98-6F7F-2C5E-F13DB61C7AF3}\sela.txt" "687474703a2f2f7761676e672e636f6d" "433a5c50726f6772616d446174615c7b32304441453542392d414139382d364637462d324335452d4631334442363143374146337d5c6e6166696d61" "433a5c50726f6772616d446174615c7b32304441453542392d414139382d364637462d324335 (the data entry has 78 more characters).
Task: C:\WINDOWS\Tasks\Yahoo! Powered renic.job => Wscript.exe  C:\ProgramData\{20DAE5B9-AA98-6F7F-2C5E-F13DB61C7AF3}\sela.txt <==== ATTENTION
Empty Temp:



How Can I Reduce My Risk to Malware?


#8 sree98

sree98
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:33 PM

Posted 09 November 2016 - 10:36 AM

The fixlog is bellow
 
Fix result of Farbar Recovery Scan Tool (x64) Version: 04-11-2016
Ran by sree_ (09-11-2016 10:11:00) Run:1
Running from C:\Users\sree_\Desktop\FRST
Loaded Profiles: sree_ (Available Profiles: kitty & sree_)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
HKLM-x32\...\Run: [] => [X]
GroupPolicy: Restriction <======= ATTENTION
HKLM\...\Policies\Explorer: [AllowLegacyWebView] 1
HKLM\...\Policies\Explorer: [AllowUnhashedWebView] 1
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://us.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_inprft_16_30&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0AyEtAyE0Dzy0CyC0B0F0FtBtCyBtAtBtN0D0Tzu0StCyCyCzytN1L2XzutAtFtBtAtFtCtFtAtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StA0F0BtCzzyE0DyBtGyD0FyD0EtG0FtA0DtAtGyDtAyByEtGyEyDtB0AtCyCyEyBzzyD0DyB2QtN1M1F1B2Z1V1N2Y1L1Qzu2Szy0BtAtAtDzz0DyEtG0CyCyEtBtGyEyBtC0AtGzyyBzzyDtGyByCyEtB0F0CzzzzyCyEyD0C2QtN0A0LzuyE%26cr%3D497893542%26a%3Dwbf_inprft_16_30%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome
HKU\S-1-5-21-2973546267-1245024337-2511460995-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://kashmirgarden.ddns.net:2051/#/liveView.rsp
HKU\S-1-5-21-2973546267-1245024337-2511460995-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo15.msn.com/?pc=LCTE
HKU\S-1-5-21-2973546267-1245024337-2511460995-1002\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://mystart.lenovo.com
HKU\S-1-5-21-2973546267-1245024337-2511460995-1002\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://mystart.lenovo.com
SearchScopes: HKLM -> DefaultScope {A5EBF491-F7F9-4E23-B38D-C495E91DEA54} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_inprft_16_30&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0AyEtAyE0Dzy0CyC0B0F0FtBtCyBtAtBtN0D0Tzu0StCyCyCzytN1L2XzutAtFtBtAtFtCtFtAtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StA0F0BtCzzyE0DyBtGyD0FyD0EtG0FtA0DtAtGyDtAyByEtGyEyDtB0AtCyCyEyBzzyD0DyB2QtN1M1F1B2Z1V1N2Y1L1Qzu2Szy0BtAtAtDzz0DyEtG0CyCyEtBtGyEyBtC0AtGzyyBzzyDtGyByCyEtB0F0CzzzzyCyEyD0C2QtN0A0LzuyE%26cr%3D497893542%26a%3Dwbf_inprft_16_30%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms}
SearchScopes: HKLM -> {A5EBF491-F7F9-4E23-B38D-C495E91DEA54} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_inprft_16_30&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0AyEtAyE0Dzy0CyC0B0F0FtBtCyBtAtBtN0D0Tzu0StCyCyCzytN1L2XzutAtFtBtAtFtCtFtAtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StA0F0BtCzzyE0DyBtGyD0FyD0EtG0FtA0DtAtGyDtAyByEtGyEyDtB0AtCyCyEyBzzyD0DyB2QtN1M1F1B2Z1V1N2Y1L1Qzu2Szy0BtAtAtDzz0DyEtG0CyCyEtBtGyEyBtC0AtGzyyBzzyDtGyByCyEtB0F0CzzzzyCyEyD0C2QtN0A0LzuyE%26cr%3D497893542%26a%3Dwbf_inprft_16_30%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {A5EBF491-F7F9-4E23-B38D-C495E91DEA54} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_inprft_16_30&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0AyEtAyE0Dzy0CyC0B0F0FtBtCyBtAtBtN0D0Tzu0StCyCyCzytN1L2XzutAtFtBtAtFtCtFtAtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StA0F0BtCzzyE0DyBtGyD0FyD0EtG0FtA0DtAtGyDtAyByEtGyEyDtB0AtCyCyEyBzzyD0DyB2QtN1M1F1B2Z1V1N2Y1L1Qzu2Szy0BtAtAtDzz0DyEtG0CyCyEtBtGyEyBtC0AtGzyyBzzyDtGyByCyEtB0F0CzzzzyCyEyD0C2QtN0A0LzuyE%26cr%3D497893542%26a%3Dwbf_inprft_16_30%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms}
SearchScopes: HKLM-x32 -> {A5EBF491-F7F9-4E23-B38D-C495E91DEA54} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_inprft_16_30&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0AyEtAyE0Dzy0CyC0B0F0FtBtCyBtAtBtN0D0Tzu0StCyCyCzytN1L2XzutAtFtBtAtFtCtFtAtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StA0F0BtCzzyE0DyBtGyD0FyD0EtG0FtA0DtAtGyDtAyByEtGyEyDtB0AtCyCyEyBzzyD0DyB2QtN1M1F1B2Z1V1N2Y1L1Qzu2Szy0BtAtAtDzz0DyEtG0CyCyEtBtGyEyBtC0AtGzyyBzzyDtGyByCyEtB0F0CzzzzyCyEyD0C2QtN0A0LzuyE%26cr%3D497893542%26a%3Dwbf_inprft_16_30%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2973546267-1245024337-2511460995-1002 -> DefaultScope {A5EBF491-F7F9-4E23-B38D-C495E91DEA54} URL = 
SearchScopes: HKU\S-1-5-21-2973546267-1245024337-2511460995-1002 -> {A5EBF491-F7F9-4E23-B38D-C495E91DEA54} URL = 
CHR StartupUrls: Default -> "hxxp://www.google.com/","hxxps://isearch.avg.com/?cid={486FDAA6-4262-48A2-8B4D-620A7059FD18}&mid=cb52840bcde547d0b28419d59a9a9dca-bc4f14982843553d8de68df8ae0a3e5af1c8c7fd&lang=en&ds=oo011&pr=sa&d=2012-08-01 09:43:31&v=12.1.0.21&sap=hp","hxxp://www.adoresearch.com/431","hxxp://www.searchamong.com","hxxp://mystart.incredibar.com/mb165?a=6PQQXdhxzU&i=26","hxxp://www.delta-search.com/?affID=119776&tt=060612_5_&babsrc=HP_ss&mntrId=30017b57000000000000c89cdc7e7439","hxxp://search.easylifeapp.com/?pid=34&src=ch1&r=2013/04/05&hid=3978749333&lg=EN&cc=US","hxxp://search.conduit.com/?ctid=CT3289075&SearchSource=48&CUI=UN25651902587901581&UM=2","hxxp://search.conduit.com/?ctid=CT3291326&SearchSource=48&CUI=UN14953311982634269&UM=2","","hxxp://feed.snap.do/?publisher=ShoppingHelper&dpid=ShoppingHelper&co=US&userid=e8ade0ea-6980-4d8e-ad4d-54201fb2e6b2&searchtype=hp&installDate=28/10/2013","hxxp://home.torchbrowser.com","hxxps://us.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_pwrisofs_15_43&param1=1&param2=f%3D7%26b%3DChrome%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0Fzz0AzyyCtAtByD0FyD0FtD0AzyyDyDtN0D0Tzu0StCtAzytAtN1L2XzutAtFtCyEtFtDtFtBtN1L1Czu1BtAtN1L1G1B1V1N2Y1L1Qzu2SyD0BzztA0AyB0EyDtGyD0DyByEtG0C0C0D0FtGyByDyBtCtGyCyBzyyCtAzyyDzz0EtC0FtA2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0CtAyB0C0DyD0FyCtGtCyC0A0FtGyE0CyC0DtG0A0ByCyCtGtD0FyEzz0F0Bzyzy0CyB0B0E2QtN0A0LzutBtN1B2Z1V1T1S1NzutCtCtByC%26cr%3D1805982823%26a%3Dwncy_pwrisofs_15_43%26os%3DWindows%2B10%2BHome"
CHR DefaultSearchURL: Default -> hxxp://srch.bar/{searchTerms}
CHR DefaultSuggestURL: Default -> hxxp://srch.bar/?s={searchTerms}
2016-10-05 12:23 - 2016-10-27 18:05 - 0000600 _____ () C:\Users\sree_\AppData\Local\PUTTY.RND
2016-10-25 22:03 - 2016-10-25 22:03 - 0000057 _____ () C:\ProgramData\Ament.ini
2016-09-20 04:57 - 2016-09-20 04:57 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2016-09-20 04:57 - 2016-09-20 04:57 - 0000102 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.64.bc
C:\Users\sree_\ntrights.exe
C:\Users\sree_\scp.exe
C:\Users\sree_\sftp-server.exe
C:\Users\sree_\sftp.exe
C:\Users\sree_\ssh-add.exe
C:\Users\sree_\ssh-agent.exe
C:\Users\sree_\ssh-keygen.exe
C:\Users\sree_\ssh-lsa.dll
C:\Users\sree_\ssh-shellhost.exe
C:\Users\sree_\ssh.exe
C:\Users\sree_\sshd.exe
Task: {1A35E08D-C947-4674-9088-F0FE11E81AB4} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 => C:\Program Files (x86)\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2015-07-08] (Lenovo)
Task: {C63E99B9-791B-4E04-ABA5-4BF32287118F} - \Lenovo\Lenovo Service Bridge\S-1-5-21-2973546267-1245024337-2511460995-1002 -> No File <==== ATTENTION
Task: {D279AD1E-73E2-4C19-8D1B-CC8DF1381A23} - System32\Tasks\Yahoo! Powered renic => Wscript.exe "C:\ProgramData\{20DAE5B9-AA98-6F7F-2C5E-F13DB61C7AF3}\sela.txt" "687474703a2f2f7761676e672e636f6d" "433a5c50726f6772616d446174615c7b32304441453542392d414139382d364637462d324335452d4631334442363143374146337d5c6e6166696d61" "433a5c50726f6772616d446174615c7b32304441453542392d414139382d364637462d324335 (the data entry has 78 more characters).
Task: C:\WINDOWS\Tasks\Yahoo! Powered renic.job => Wscript.exe  C:\ProgramData\{20DAE5B9-AA98-6F7F-2C5E-F13DB61C7AF3}\sela.txt <==== ATTENTION
Empty Temp:
 
*****************
 
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
C:\WINDOWS\system32\GroupPolicy\Machine => moved successfully
C:\WINDOWS\system32\GroupPolicy\GPT.ini => moved successfully
C:\WINDOWS\SysWOW64\GroupPolicy\GPT.ini => moved successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\AllowLegacyWebView => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\AllowUnhashedWebView => value removed successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKU\S-1-5-21-2973546267-1245024337-2511460995-1002\Software\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKU\S-1-5-21-2973546267-1245024337-2511460995-1002\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
HKU\S-1-5-21-2973546267-1245024337-2511460995-1002\Software\Microsoft\Internet Explorer\Main\\Default_Secondary_Page_URL => value removed successfully
HKU\S-1-5-21-2973546267-1245024337-2511460995-1002\Software\Microsoft\Internet Explorer\Main\\Secondary Start Pages => value not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{A5EBF491-F7F9-4E23-B38D-C495E91DEA54} => key not found. 
HKCR\CLSID\{A5EBF491-F7F9-4E23-B38D-C495E91DEA54} => key not found. 
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{A5EBF491-F7F9-4E23-B38D-C495E91DEA54} => key not found. 
HKCR\Wow6432Node\CLSID\{A5EBF491-F7F9-4E23-B38D-C495E91DEA54} => key not found. 
HKU\S-1-5-21-2973546267-1245024337-2511460995-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
"HKU\S-1-5-21-2973546267-1245024337-2511460995-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{A5EBF491-F7F9-4E23-B38D-C495E91DEA54}" => key removed successfully
HKCR\CLSID\{A5EBF491-F7F9-4E23-B38D-C495E91DEA54} => key not found. 
Chrome StartupUrls => removed successfully
Chrome DefaultSearchURL => removed successfully
Chrome DefaultSuggestURL => removed successfully
C:\Users\sree_\AppData\Local\PUTTY.RND => moved successfully
C:\ProgramData\Ament.ini => moved successfully
C:\ProgramData\DP45977C.lfl => moved successfully
C:\ProgramData\Microsoft.SqlServer.Compact.400.64.bc => moved successfully
C:\Users\sree_\ntrights.exe => moved successfully
C:\Users\sree_\scp.exe => moved successfully
C:\Users\sree_\sftp-server.exe => moved successfully
C:\Users\sree_\sftp.exe => moved successfully
C:\Users\sree_\ssh-add.exe => moved successfully
C:\Users\sree_\ssh-agent.exe => moved successfully
C:\Users\sree_\ssh-keygen.exe => moved successfully
C:\Users\sree_\ssh-lsa.dll => moved successfully
C:\Users\sree_\ssh-shellhost.exe => moved successfully
C:\Users\sree_\ssh.exe => moved successfully
C:\Users\sree_\sshd.exe => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1A35E08D-C947-4674-9088-F0FE11E81AB4}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1A35E08D-C947-4674-9088-F0FE11E81AB4}" => key removed successfully
C:\WINDOWS\System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Lenovo\Lenovo Customer Feedback Program 64" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{C63E99B9-791B-4E04-ABA5-4BF32287118F}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C63E99B9-791B-4E04-ABA5-4BF32287118F}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Lenovo\Lenovo Service Bridge\S-1-5-21-2973546267-1245024337-2511460995-1002" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D279AD1E-73E2-4C19-8D1B-CC8DF1381A23}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D279AD1E-73E2-4C19-8D1B-CC8DF1381A23}" => key removed successfully
C:\WINDOWS\System32\Tasks\Yahoo! Powered renic => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Yahoo! Powered renic" => key removed successfully
C:\WINDOWS\Tasks\Yahoo! Powered renic.job => moved successfully
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 577254 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 32001805 B
Java, Flash, Steam htmlcache => 1374 B
Windows/system/drivers => 439465373 B
Edge => 96766893 B
Chrome => 814667349 B
Firefox => 0 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 74790 B
NetworkService => 23108 B
kitty => 35215675 B
sree_ => 929033897 B
 
RecycleBin => 301391206 B
EmptyTemp: => 2.5 GB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 10:12:43 ====

 

 

I am scanning my pc with Malwarebytes right now.

 

Will update this post with the log from Malwarebytes log.



#9 sree98

sree98
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:33 PM

Posted 09 November 2016 - 05:51 PM

Here is the Malwarebytes log:

 

 

Malwarebytes Anti-Malware

www.malwarebytes.org
 
Scan Date: 11/09/2016
Scan Time: 10:34 AM
Logfile: 
Administrator: Yes
 
Version: 2.2.1.1043
Malware Database: v2016.11.09.07
Rootkit Database: v2016.10.31.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 10
CPU: x64
File System: NTFS
User: sree_
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 399095
Time Elapsed: 1 hr, 19 min, 17 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 6
PUP.Optional.InstallCore, HKU\S-1-5-21-2973546267-1245024337-2511460995-1001\SOFTWARE\csastats, Quarantined, [1a2135896d2d1d190b206e8c699a31cf], 
PUP.Optional.InstallCore, HKU\S-1-5-21-2973546267-1245024337-2511460995-1001\SOFTWARE\ICSW1.22, Quarantined, [1328ae109505bb7bffebfcaa0ff4e61a], 
PUP.Optional.SearchManager, HKU\S-1-5-21-2973546267-1245024337-2511460995-1001\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\pilplloabdedfmialnfchjomjmpjcoej, Quarantined, [8bb07d410f8b6fc76229f2d944beba46], 
PUP.Optional.Spigot, HKU\S-1-5-21-2973546267-1245024337-2511460995-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{90D2D13A-801D-4FFB-8D7D-21A2519F4FD8}, Quarantined, [65d6dce2edad20162adb1e98fb08aa56], 
PUP.Optional.WinYahoo, HKU\S-1-5-21-2973546267-1245024337-2511460995-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{2F23AB71-4AC6-41F2-A955-EA576E553146}, Quarantined, [44f7902e0d8d4cea74d29b2e5ba7f010], 
PUP.Optional.ProductSetup, HKU\S-1-5-21-2973546267-1245024337-2511460995-1001\SOFTWARE\PRODUCTSETUP, Quarantined, [50eb38864b4f52e4e8b7b3fd946f847c], 
 
Registry Values: 6
PUP.Optional.NetRadio, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN\FEATURECONTROL\FEATURE_BROWSER_EMULATION|NetRadio.exe, 11001, Quarantined, [fd3e13ab2575f541cad6b634986bde22]
PUP.Optional.NetRadio, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN\FEATURECONTROL\FEATURE_BROWSER_EMULATION|NetRadio.vshost.exe, 11001, Quarantined, [dd5e18a6e2b8270f3968d4165fa4d62a]
Trojan.ProjectOrion, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|wermgr, C:\ProgramData\Microsoft\Windows\WER\wermgr.exe, Quarantined, [e2592a94c1d970c6b9ea7035b05432ce]
PUP.Optional.Spigot, HKU\S-1-5-21-2973546267-1245024337-2511460995-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{90D2D13A-801D-4FFB-8D7D-21A2519F4FD8}|URL, https://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=639975&p={searchTerms}, Quarantined, [65d6dce2edad20162adb1e98fb08aa56]
PUP.Optional.WinYahoo, HKU\S-1-5-21-2973546267-1245024337-2511460995-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{2f23ab71-4ac6-41f2-a955-ea576e553146}|URL, https://us.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_inprft_16_30&param1=1&param2=f[44f7902e0d8d4cea74d29b2e5ba7f010]D4%26b[44f7902e0d8d4cea74d29b2e5ba7f010]DIE%26cc[44f7902e0d8d4cea74d29b2e5ba7f010]Dus%26pa[44f7902e0d8d4cea74d29b2e5ba7f010]DWincy%26cd[44f7902e0d8d4cea74d29b2e5ba7f010]D2XzuyEtN2Y1L1Qzu0AyEtAyE0Dzy0CyC0B0F0FtBtCyBtAtBtN0D0Tzu0StCyCyCzytN1L2XzutAtFtBtAtFtCtFtAtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StA0F0BtCzzyE0DyBtGyD0FyD0EtG0FtA0DtAtGyDtAyByEtGyEyDtB0AtCyCyEyBzzyD0DyB2QtN1M1F1B2Z1V1N2Y1L1Qzu2Szy0BtAtAtDzz0DyEtG0CyCyEtBtGyEyBtC0AtGzyyBzzyDtGyByCyEtB0F0CzzzzyCyEyD0C2QtN0A0LzuyE%26cr[44f7902e0d8d4cea74d29b2e5ba7f010]D497893542%26a[44f7902e0d8d4cea74d29b2e5ba7f010]Dwbf_inprft_16_30%26os_ver[44f7902e0d8d4cea74d29b2e5ba7f010]D10.0%26os[44f7902e0d8d4cea74d29b2e5ba7f010]DWindowsQuarantinedB10QuarantinedBHome&p={searchTerms}, %4, %5
PUP.Optional.ProductSetup, HKU\S-1-5-21-2973546267-1245024337-2511460995-1001\SOFTWARE\PRODUCTSETUP|tb, 0G2O2W1R0C1R1H, Quarantined, [50eb38864b4f52e4e8b7b3fd946f847c]
 
Registry Data: 0
(No malicious items detected)
 
Folders: 8
PUP.Optional.WinYahoo.Generic, C:\ProgramData\{20DAE5B9-AA98-6F7F-2C5E-F13DB61C7AF3}, Quarantined, [e35804ba6832191d6347ca6275906898], 
PUP.Optional.SearchManager, C:\Users\kitty\AppData\Local\Chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej, Quarantined, [c17adde175254de93d8a5f685da50000], 
PUP.Optional.SearchManager, C:\Users\kitty\AppData\Local\Chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.7.102_0, Quarantined, [c17adde175254de93d8a5f685da50000], 
PUP.Optional.SearchManager, C:\Users\kitty\AppData\Local\Chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.7.102_0\content, Quarantined, [c17adde175254de93d8a5f685da50000], 
PUP.Optional.SearchManager, C:\Users\kitty\AppData\Local\Chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.7.102_0\content\chrome, Quarantined, [c17adde175254de93d8a5f685da50000], 
PUP.Optional.SearchManager, C:\Users\kitty\AppData\Local\Chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.7.102_0\content\common, Quarantined, [c17adde175254de93d8a5f685da50000], 
PUP.Optional.SearchManager, C:\Users\kitty\AppData\Local\Chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.7.102_0\content\external, Quarantined, [c17adde175254de93d8a5f685da50000], 
PUP.Optional.SearchManager, C:\Users\kitty\AppData\Local\Chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.7.102_0\content\search, Quarantined, [c17adde175254de93d8a5f685da50000], 
 
Files: 32
PUP.Optional.WinYahoo.Generic, C:\ProgramData\{20DAE5B9-AA98-6F7F-2C5E-F13DB61C7AF3}\sela.txt, Quarantined, [e35804ba6832191d6347ca6275906898], 
PUP.Optional.WinYahoo.Generic, C:\ProgramData\{20DAE5B9-AA98-6F7F-2C5E-F13DB61C7AF3}\aowLC, Quarantined, [e35804ba6832191d6347ca6275906898], 
PUP.Optional.WinYahoo.Generic, C:\ProgramData\{20DAE5B9-AA98-6F7F-2C5E-F13DB61C7AF3}\cise, Quarantined, [e35804ba6832191d6347ca6275906898], 
PUP.Optional.WinYahoo.Generic, C:\ProgramData\{20DAE5B9-AA98-6F7F-2C5E-F13DB61C7AF3}\hdat1, Quarantined, [e35804ba6832191d6347ca6275906898], 
PUP.Optional.WinYahoo.Generic, C:\ProgramData\{20DAE5B9-AA98-6F7F-2C5E-F13DB61C7AF3}\hdat2, Quarantined, [e35804ba6832191d6347ca6275906898], 
PUP.Optional.WinYahoo.Generic, C:\ProgramData\{20DAE5B9-AA98-6F7F-2C5E-F13DB61C7AF3}\nafima, Quarantined, [e35804ba6832191d6347ca6275906898], 
PUP.Optional.WinYahoo.Generic, C:\ProgramData\{20DAE5B9-AA98-6F7F-2C5E-F13DB61C7AF3}\notafel, Quarantined, [e35804ba6832191d6347ca6275906898], 
PUP.Optional.SearchManager, C:\Users\kitty\AppData\Local\Chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.7.102_0\content\favicon.ico, Quarantined, [c17adde175254de93d8a5f685da50000], 
PUP.Optional.SearchManager, C:\Users\kitty\AppData\Local\Chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.7.102_0\content\chrome\common.js, Quarantined, [c17adde175254de93d8a5f685da50000], 
PUP.Optional.SearchManager, C:\Users\kitty\AppData\Local\Chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.7.102_0\content\chrome\lifecycle.js, Quarantined, [c17adde175254de93d8a5f685da50000], 
PUP.Optional.SearchManager, C:\Users\kitty\AppData\Local\Chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.7.102_0\content\chrome\settings.js, Quarantined, [c17adde175254de93d8a5f685da50000], 
PUP.Optional.SearchManager, C:\Users\kitty\AppData\Local\Chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.7.102_0\content\chrome\setup.js, Quarantined, [c17adde175254de93d8a5f685da50000], 
PUP.Optional.SearchManager, C:\Users\kitty\AppData\Local\Chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.7.102_0\content\chrome\utils.js, Quarantined, [c17adde175254de93d8a5f685da50000], 
PUP.Optional.SearchManager, C:\Users\kitty\AppData\Local\Chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.7.102_0\content\common\abtest.js, Quarantined, [c17adde175254de93d8a5f685da50000], 
PUP.Optional.SearchManager, C:\Users\kitty\AppData\Local\Chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.7.102_0\content\common\conf-sys.js, Quarantined, [c17adde175254de93d8a5f685da50000], 
PUP.Optional.SearchManager, C:\Users\kitty\AppData\Local\Chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.7.102_0\content\common\conf.js, Quarantined, [c17adde175254de93d8a5f685da50000], 
PUP.Optional.SearchManager, C:\Users\kitty\AppData\Local\Chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.7.102_0\content\common\nt_ptr.js, Quarantined, [c17adde175254de93d8a5f685da50000], 
PUP.Optional.SearchManager, C:\Users\kitty\AppData\Local\Chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.7.102_0\content\common\prefs-sys.js, Quarantined, [c17adde175254de93d8a5f685da50000], 
PUP.Optional.SearchManager, C:\Users\kitty\AppData\Local\Chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.7.102_0\content\common\prefs.js, Quarantined, [c17adde175254de93d8a5f685da50000], 
PUP.Optional.SearchManager, C:\Users\kitty\AppData\Local\Chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.7.102_0\content\common\settings-dev.js, Quarantined, [c17adde175254de93d8a5f685da50000], 
PUP.Optional.SearchManager, C:\Users\kitty\AppData\Local\Chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.7.102_0\content\common\udata.js, Quarantined, [c17adde175254de93d8a5f685da50000], 
PUP.Optional.SearchManager, C:\Users\kitty\AppData\Local\Chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.7.102_0\content\external\jquery-2.1.1.min.js, Quarantined, [c17adde175254de93d8a5f685da50000], 
PUP.Optional.SearchManager, C:\Users\kitty\AppData\Local\Chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.7.102_0\content\external\md5.min.js, Quarantined, [c17adde175254de93d8a5f685da50000], 
PUP.Optional.SearchManager, C:\Users\kitty\AppData\Local\Chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.7.102_0\content\external\string.min.js, Quarantined, [c17adde175254de93d8a5f685da50000], 
PUP.Optional.SearchManager, C:\Users\kitty\AppData\Local\Chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.7.102_0\content\external\underscore-min.js, Quarantined, [c17adde175254de93d8a5f685da50000], 
PUP.Optional.SearchManager, C:\Users\kitty\AppData\Local\Chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.7.102_0\content\search\AutoSuggest.js, Quarantined, [c17adde175254de93d8a5f685da50000], 
PUP.Optional.SearchManager, C:\Users\kitty\AppData\Local\Chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.7.102_0\content\search\contentscript.js, Quarantined, [c17adde175254de93d8a5f685da50000], 
PUP.Optional.SearchManager, C:\Users\kitty\AppData\Local\Chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.7.102_0\content\search\newtab-base.js, Quarantined, [c17adde175254de93d8a5f685da50000], 
PUP.Optional.SearchManager, C:\Users\kitty\AppData\Local\Chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.7.102_0\content\search\newtab-msg.js, Quarantined, [c17adde175254de93d8a5f685da50000], 
PUP.Optional.SearchManager, C:\Users\kitty\AppData\Local\Chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.7.102_0\content\search\search-engines.js, Quarantined, [c17adde175254de93d8a5f685da50000], 
PUP.Optional.SearchManager, C:\Users\kitty\AppData\Local\Chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.7.102_0\content\search\search-form.js, Quarantined, [c17adde175254de93d8a5f685da50000], 
PUP.Optional.SearchManager, C:\Users\kitty\AppData\Local\Chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.7.102_0\content\search\search-redirect.js, Quarantined, [c17adde175254de93d8a5f685da50000], 
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)

 

By the time i wrote the other reply and this one, i have had 5 or 6 popups total.



#10 shelf life

shelf life

  • Malware Response Team
  • 2,651 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:02:33 PM

Posted 10 November 2016 - 06:51 PM

ok so are the popups only when you use Chrome? Do you see them also in Internet Explorer?

​Can you rescan and post a new FRST log. Just like you did the first time, you can post the two logs like before. Just to see what may have changed.


How Can I Reduce My Risk to Malware?


#11 sree98

sree98
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:33 PM

Posted 10 November 2016 - 07:13 PM

I only use chrome and it happens on chrome. But i cant confirm whether or not it happens on Internet Explorer. Also one thing i noticed was that one day i was using it while i was offline and chrome was minimized, then automatically the website opened up, but because i was offline it just said check your connection.

 

The FRST log is bellow:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 04-11-2016
Ran by sree_ (administrator) on DESKTOP-22JAIA0 (10-11-2016 19:08:10)
Running from C:\Users\sree_\Desktop\FRST
Loaded Profiles: sree_ (Available Profiles: kitty & sree_)
Platform: Windows 10 Home Version 1607 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\Bluestacks\HD-LogRotatorService.exe
() C:\Program Files\Dolby\Dolby DAX2\DAX2_API\DolbyDAX2API.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\utilities\ibtsiva.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(@ByELDI) C:\Program Files\KMSpico\Service_KMS.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Lenovo) C:\ProgramData\LenovoTransition\Server\x64\ymc.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
() C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
(Microsoft Corporation) C:\Windows\System32\Speech_OneCore\Common\SpeechRuntime.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
() C:\Program Files\Realtek\Audio\HDA\FMAPP.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
() C:\Program Files\Dolby\Dolby DAX2\DAX2_APP\DolbyDAX2TrayIcon.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(VMware, Inc.) C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows\WER\wermgr.exe
(Lenovo) C:\Program Files (x86)\Lenovo\CCSDK\CCSDK.exe
(Lenovo) C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Lenovo) C:\Program Files (x86)\Lenovo\GDCAgentSetupRed\GDCAgent.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Lenovo) C:\Program Files (x86)\Lenovo\CCSDK\WinGather.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgent.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgentUserBroker.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.9.251.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
() C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe
(g10 Code GmbH) C:\Program Files (x86)\GNU\GnuPG\gpg-agent.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\ActionUriServer.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Lenovo Group Limited) C:\Program Files (x86)\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Lenovo Group Limited) C:\Program Files (x86)\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.exe
(Lenovo Group Limited) C:\Program Files (x86)\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.exe
 
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [16404224 2015-10-01] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1407744 2015-10-01] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_LENOVO_DOLBYDRAGON] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1407744 2015-10-01] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_LENOVO_MICPKEY] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1407744 2015-10-01] (Realtek Semiconductor)
HKLM\...\Run: [DAX2_APP] => C:\Program Files\Dolby\Dolby DAX2\DAX2_APP\DolbyDAX2TrayIcon.exe [628736 2015-06-16] ()
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [322472 2015-06-23] (Intel Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500936 2015-05-25] (Adobe Systems Incorporated)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176952 2016-06-01] (Apple Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3937960 2015-07-23] (Synaptics Incorporated)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\System32\LogiLDA.dll [3942864 2016-10-13] (Logitech, Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [9044392 2016-11-08] (AVAST Software)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [598552 2016-06-22] (Oracle Corporation)
HKLM-x32\...\Run: [vmware-tray.exe] => C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe [112200 2016-09-06] (VMware, Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware (cleanup)] => C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\mbamdor.exe [55264 2016-03-10] (Malwarebytes)
HKU\S-1-5-21-2973546267-1245024337-2511460995-1002\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27011712 2016-10-17] (Skype Technologies S.A.)
HKU\S-1-5-21-2973546267-1245024337-2511460995-1002\...\Run: [Spotify Web Helper] => C:\Users\sree_\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1529456 2016-09-22] (Spotify Ltd)
HKU\S-1-5-21-2973546267-1245024337-2511460995-1002\...\Run: [Spotify] => C:\Users\sree_\AppData\Roaming\Spotify\Spotify.exe [6795376 2016-09-22] (Spotify Ltd)
HKU\S-1-5-21-2973546267-1245024337-2511460995-1002\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\Bluestacks\HD-Agent.exe [986648 2016-09-29] (BlueStack Systems, Inc.)
HKU\S-1-5-21-2973546267-1245024337-2511460995-1002\...\Run: [587F142FEADB78B4A292FFFD34879C2FFFA6C001._service_run] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [1083496 2016-10-20] (Google Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-08-29] (AVAST Software)
Startup: C:\Users\sree_\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2016-10-29]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: 8
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{0b918dd2-d725-446b-b3c9-630ff98989c2}: [NameServer] 77.234.40.79
Tcpip\..\Interfaces\{47460691-95b3-4f86-bfc9-aa0a8afd3849}: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{a867de8e-8791-4533-bdc1-3f6053f5fd2a}: [DhcpNameServer] 192.168.0.1
 
Internet Explorer:
==================
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2016-10-08] (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_101\bin\ssv.dll [2016-10-12] (Oracle Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2016-10-08] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_101\bin\jp2ssv.dll [2016-10-12] (Oracle Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2016-10-08] (Microsoft Corporation)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL [2016-10-08] (Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-10-21] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-10-21] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-10-21] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-10-21] (Microsoft Corporation)
 
FireFox:
========
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: (Avast Online Security) - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-08-29]
FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: (Avast SafePrice) - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-08-29]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Plugin: @java.com/DTPlugin,version=11.101.2 -> C:\Program Files\Java\jre1.8.0_101\bin\dtplugin\npDeployJava1.dll [2016-10-12] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.101.2 -> C:\Program Files\Java\jre1.8.0_101\bin\plugin2\npjp2.dll [2016-10-12] (Oracle Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2015-03-09] (Adobe Systems)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-12-18] ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-10-13] (Google, Inc.)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-10-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2016-10-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-09-30] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2015-03-09] (Adobe Systems)
FF Plugin HKU\S-1-5-21-2973546267-1245024337-2511460995-1002: @citrixonline.com/appdetectorplugin -> C:\Users\sree_\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2016-10-17] (Citrix Online)
 
Chrome: 
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/","hxxps://isearch.avg.com/?cid={486FDAA6-4262-48A2-8B4D-620A7059FD18}&mid=cb52840bcde547d0b28419d59a9a9dca-bc4f14982843553d8de68df8ae0a3e5af1c8c7fd&lang=en&ds=oo011&pr=sa&d=2012-08-01 09:43:31&v=12.1.0.21&sap=hp","hxxp://www.adoresearch.com/431","hxxp://www.searchamong.com","hxxp://mystart.incredibar.com/mb165?a=6PQQXdhxzU&i=26","hxxp://www.delta-search.com/?affID=119776&tt=060612_5_&babsrc=HP_ss&mntrId=30017b57000000000000c89cdc7e7439","hxxp://search.easylifeapp.com/?pid=34&src=ch1&r=2013/04/05&hid=3978749333&lg=EN&cc=US","hxxp://search.conduit.com/?ctid=CT3289075&SearchSource=48&CUI=UN25651902587901581&UM=2","hxxp://search.conduit.com/?ctid=CT3291326&SearchSource=48&CUI=UN14953311982634269&UM=2","","hxxp://feed.snap.do/?publisher=ShoppingHelper&dpid=ShoppingHelper&co=US&userid=e8ade0ea-6980-4d8e-ad4d-54201fb2e6b2&searchtype=hp&installDate=28/10/2013","hxxp://home.torchbrowser.com","hxxps://us.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_pwrisofs_15_43&param1=1&param2=f%3D7%26b%3DChrome%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0Fzz0AzyyCtAtByD0FyD0FtD0AzyyDyDtN0D0Tzu0StCtAzytAtN1L2XzutAtFtCyEtFtDtFtBtN1L1Czu1BtAtN1L1G1B1V1N2Y1L1Qzu2SyD0BzztA0AyB0EyDtGyD0DyByEtG0C0C0D0FtGyByDyBtCtGyCyBzyyCtAzyyDzz0EtC0FtA2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0CtAyB0C0DyD0FyCtGtCyC0A0FtGyE0CyC0DtG0A0ByCyCtGtD0FyEzz0F0Bzyzy0CyB0B0E2QtN0A0LzutBtN1B2Z1V1T1S1NzutCtCtByC%26cr%3D1805982823%26a%3Dwncy_pwrisofs_15_43%26os%3DWindows%2B10%2BHome"
CHR Session Restore: Default -> is enabled.
CHR Profile: C:\Users\sree_\AppData\Local\Google\Chrome\User Data\Default [2016-11-10]
CHR Extension: (Google Translate) - C:\Users\sree_\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2016-11-09]
CHR Extension: (Magic Actions for YouTube™) - C:\Users\sree_\AppData\Local\Google\Chrome\User Data\Default\Extensions\abjcfabbhafbcdfjoecdgepllmpfceif [2016-11-10]
CHR Extension: (Authenticator) - C:\Users\sree_\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhghoamapcdpbohphigoooaddinpkbai [2016-11-09]
CHR Extension: (Nimbus Screenshot and Screencast) - C:\Users\sree_\AppData\Local\Google\Chrome\User Data\Default\Extensions\bpconcjcammlapcogcnnelfmaeghhagj [2016-11-09]
CHR Extension: (OneTab) - C:\Users\sree_\AppData\Local\Google\Chrome\User Data\Default\Extensions\chphlpgkkbolifaimnlloiipkdnihall [2016-11-09]
CHR Extension: (Raindrops(Non-Aero)) - C:\Users\sree_\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpagcfbbmlebfnkeogkigellbgmfkjfg [2016-11-09]
CHR Extension: (Wikiwand: Wikipedia Modernized) - C:\Users\sree_\AppData\Local\Google\Chrome\User Data\Default\Extensions\emffkefkbkpkgpdeeooapgaicgmcbolj [2016-11-09]
CHR Extension: (uBlock) - C:\Users\sree_\AppData\Local\Google\Chrome\User Data\Default\Extensions\epcnnfbjfcgphgdmggkamkmgojdagdnn [2016-11-09]
CHR Extension: (Grammarly for Chrome) - C:\Users\sree_\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbfnbcaeplbcioakkpcpgfkobkghlhen [2016-11-10]
CHR Extension: (The Great Suspender) - C:\Users\sree_\AppData\Local\Google\Chrome\User Data\Default\Extensions\klbibkeccnjlkjkiokjodocebajanakg [2016-11-09]
CHR Extension: (Noisli) - C:\Users\sree_\AppData\Local\Google\Chrome\User Data\Default\Extensions\klejemegaoblahjdpcajmpcnjjmkmkkf [2016-11-09]
CHR Extension: (DotVPN — a better way to VPN) - C:\Users\sree_\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpiecbcckbofpmkkkdibbllpinceiihk [2016-11-09]
CHR Extension: (Momentum) - C:\Users\sree_\AppData\Local\Google\Chrome\User Data\Default\Extensions\laookkfknpbbblfpciffpaejjkokdgca [2016-11-09]
CHR Extension: (Mailtrack for Gmail) - C:\Users\sree_\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndnaehgpjlnokgebbaldlmgkapkpjkkb [2016-11-09]
CHR Extension: (TextNow) - C:\Users\sree_\AppData\Local\Google\Chrome\User Data\Default\Extensions\nkjdngkmnogclafejjgbgjjegoaahihg [2016-11-09]
CHR Extension: (Chrome Web Store Payments) - C:\Users\sree_\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-11-09]
CHR Extension: (Chrome Media Router) - C:\Users\sree_\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-11-09]
CHR Profile: C:\Users\sree_\AppData\Local\Google\Chrome\User Data\Profile 1 [2016-11-09]
CHR Profile: C:\Users\sree_\AppData\Local\Google\Chrome\User Data\System Profile [2016-11-09]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-03-02] (Apple Inc.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [197128 2016-08-29] (AVAST Software)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [223600 2016-08-29] (AVAST Software)
S3 BstHdAndroidSvc; C:\Program Files (x86)\Bluestacks\HD-Service.exe [445976 2016-09-29] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files (x86)\Bluestacks\HD-LogRotatorService.exe [425496 2016-09-29] (BlueStack Systems, Inc.)
S3 BstHdPlusAndroidSvc; C:\Program Files (x86)\Bluestacks\HD-Plus-Service.exe [466456 2016-09-29] (BlueStack Systems, Inc.)
R2 CCSDK; C:\Program Files (x86)\Lenovo\CCSDK\CCSDK.exe [650680 2015-07-29] (Lenovo)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [3291848 2016-10-08] (Microsoft Corporation)
S3 cplspcon; C:\WINDOWS\system32\IntelCpHDCPSvc.exe [623072 2016-03-09] (Intel Corporation)
R2 DAX2API; C:\Program Files\Dolby\Dolby DAX2\DAX2_API\DolbyDAX2API.exe [176640 2015-09-15] () [File not signed]
R2 DirMngr; C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe [216576 2016-08-18] () [File not signed]
R2 GDCAgent; C:\Program Files (x86)\Lenovo\GDCAgentSetupRed\GDCAgent.exe [1155512 2015-07-29] (Lenovo)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [18856 2015-06-23] (Intel Corporation)
R2 ibtsiva.exe; C:\Program Files (x86)\Intel\Bluetooth\utilities\ibtsiva.exe [135408 2015-07-01] (Intel Corporation)
R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [373728 2016-03-09] (Intel Corporation)
R2 ImControllerService; C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [61256 2016-10-05] (Lenovo Group Limited)
S3 LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [271328 2015-12-10] (Lenovo)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [268192 2015-06-12] ()
R2 Service KMSELDI; C:\Program Files\KMSpico\Service_KMS.exe [740544 2015-10-31] (@ByELDI) [File not signed]
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [237736 2015-07-23] (Synaptics Incorporated)
S3 vmicguestinterface; C:\WINDOWS\System32\icsvc.dll [305152 2016-09-15] (Microsoft Corporation)
S3 vmicheartbeat; C:\WINDOWS\System32\icsvc.dll [305152 2016-09-15] (Microsoft Corporation)
S3 vmickvpexchange; C:\WINDOWS\System32\icsvc.dll [305152 2016-09-15] (Microsoft Corporation)
S3 vmicshutdown; C:\WINDOWS\System32\icsvc.dll [305152 2016-09-15] (Microsoft Corporation)
S3 vmictimesync; C:\WINDOWS\System32\icsvc.dll [305152 2016-09-15] (Microsoft Corporation)
S3 vmicvmsession; C:\WINDOWS\System32\icsvc.dll [305152 2016-09-15] (Microsoft Corporation)
R2 VMwareHostd; C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe [12472904 2016-09-06] ()
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)
R2 ymc; C:\ProgramData\LenovoTransition\Server\x64\ymc.exe [38328 2015-12-02] (Lenovo)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3831200 2015-06-12] (Intel® Corporation)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [37656 2016-08-29] (AVAST Software)
R1 aswKbd; C:\WINDOWS\system32\drivers\aswKbd.sys [37144 2016-08-29] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [108816 2016-08-29] (AVAST Software)
R1 aswNetSec; C:\WINDOWS\system32\drivers\aswNetSec.sys [453192 2016-08-29] (AVAST Software)
R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr2.sys [103064 2016-08-29] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2016-08-29] (AVAST Software)
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [969184 2016-09-14] (AVAST Software)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [513632 2016-09-22] (AVAST Software)
R2 aswStm; C:\WINDOWS\system32\drivers\aswStm.sys [163416 2016-08-29] (AVAST Software)
S3 aswTap; C:\WINDOWS\System32\drivers\aswTap.sys [44640 2016-03-20] (The OpenVPN Project)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [293352 2016-10-17] (AVAST Software)
S3 BstHdDrv; C:\Program Files (x86)\Bluestacks\HD-Hypervisor-amd64.sys [152672 2016-09-29] (BlueStack Systems)
S3 BstkDrv; C:\Program Files (x86)\Bluestacks\BstkDrv.sys [270904 2016-09-27] (Bluestack System Inc. )
S3 GeneStor; C:\WINDOWS\system32\DRIVERS\GeneStor.sys [115704 2015-07-15] (GenesysLogic)
R3 ibtusb; C:\WINDOWS\system32\DRIVERS\ibtusb.sys [250096 2015-07-01] (Intel Corporation)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
S3 NETwNe64; C:\WINDOWS\System32\drivers\NETwew01.sys [3343872 2015-10-30] (Intel Corporation)
R3 Netwtw04; C:\WINDOWS\System32\drivers\Netwtw04.sys [7116288 2016-07-16] (Intel Corporation)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [895256 2015-06-18] (Realtek                                            )
R3 rtsuvc; C:\WINDOWS\system32\DRIVERS\rtsuvc.sys [3059416 2015-06-11] (Realtek Semiconductor Corp.)
R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [33960 2015-07-23] (Synaptics Incorporated)
R1 VBoxUSBMon; C:\WINDOWS\system32\DRIVERS\VBoxUSBMon.sys [127432 2015-09-16] (BigNox Corporation)
R1 vmkbd3; C:\WINDOWS\system32\DRIVERS\vmkbd.sys [52288 2016-09-06] (VMware, Inc.)
R0 vsock; C:\WINDOWS\system32\DRIVERS\vsock.sys [91712 2016-09-02] (VMware, Inc.)
R2 vstor2-mntapi20-shared; C:\Windows\SysWow64\drivers\vstor2-mntapi20-shared.sys [34520 2015-07-09] (VMware, Inc.)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
R2 WinisoCDBus; C:\WINDOWS\System32\drivers\WinisoCDBus.sys [204032 2014-02-26] (WinISO.com)
S3 wsvd; C:\WINDOWS\system32\DRIVERS\wsvd.sys [102376 2012-06-13] ("CyberLink)
R1 XQHDrv; C:\WINDOWS\system32\DRIVERS\XQHDrv.sys [253384 2015-09-15] (BigNox Corporation)
R1 XQHDrv; C:\Windows\SysWOW64\DRIVERS\XQHDrv.sys [253384 2015-09-15] (BigNox Corporation)
U0 xqjoo; C:\WINDOWS\System32\drivers\vpbhgwn.sys [79064 2016-11-09] (Malwarebytes)
R3 XtuAcpiDriver; C:\WINDOWS\System32\drivers\XtuAcpiDriver.sys [63840 2015-06-06] (Intel Corporation)
S3 vpnva; \SystemRoot\System32\drivers\vpnva64-6.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-11-10 17:08 - 2016-11-10 17:08 - 00111952 _____ C:\Users\sree_\Desktop\Pennsylvania Access To Criminal History - Record Check Certification.pdf
2016-11-10 17:03 - 2016-11-10 17:03 - 00449975 _____ C:\Users\sree_\Desktop\CW001_CLR_ENG_21_22818239_1.PDF
2016-11-10 11:46 - 2016-11-10 11:46 - 00001741 _____ C:\Users\sree_\AppData\Local\recently-used.xbel
2016-11-10 11:33 - 2016-11-10 11:33 - 00001740 _____ C:\Users\sree_\Desktop\trump2016
2016-11-10 11:26 - 2016-11-10 11:26 - 00001736 _____ C:\Users\sree_\Desktop\key
2016-11-10 11:23 - 2016-11-10 11:33 - 00000000 ____D C:\Users\sree_\AppData\Local\gtk-2.0
2016-11-10 11:22 - 2016-11-10 11:22 - 00000000 ____D C:\Users\sree_\AppData\Local\GNU
2016-11-10 11:16 - 2016-11-10 11:37 - 00000000 ____D C:\Users\sree_\AppData\Roaming\gnupg
2016-11-10 11:16 - 2016-11-10 11:16 - 00000022 _____ C:\WINDOWS\S.dirmngr
2016-11-10 11:16 - 2016-11-10 11:16 - 00000000 ____D C:\ProgramData\GNU
2016-11-10 11:16 - 2016-11-10 11:16 - 00000000 ____D C:\Program Files (x86)\GNU
2016-11-09 20:32 - 2016-11-09 20:32 - 00128789 _____ C:\Users\sree_\Desktop\vzbill_paper_4992_102816_110916203234.pdf
2016-11-09 11:54 - 2016-11-09 11:54 - 00079064 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\vpbhgwn.sys
2016-11-09 11:22 - 2016-11-09 11:28 - 00000600 _____ C:\Users\sree_\AppData\Local\PUTTY.RND
2016-11-09 10:24 - 2016-11-09 10:24 - 00000000 ___HD C:\OneDriveTemp
2016-11-09 10:21 - 2016-11-09 10:21 - 00000102 _____ C:\ProgramData\Microsoft.SqlServer.Compact.400.64.bc
2016-11-07 12:16 - 2016-11-07 12:16 - 06668096 _____ (Tim Kosse) C:\Users\sree_\Downloads\FileZilla_3.22.2.2_win64-setup.exe
2016-11-06 23:03 - 2016-11-06 23:03 - 03910208 _____ C:\Users\sree_\Downloads\AdwCleaner.exe
2016-11-06 20:39 - 2016-11-06 21:20 - 00000000 ____D C:\$SysReset
2016-11-06 18:19 - 2016-11-06 23:26 - 00000000 ____D C:\AdwCleaner
2016-11-06 17:03 - 2016-11-06 17:03 - 01631928 _____ (Malwarebytes) C:\Users\sree_\Downloads\JRT.exe
2016-11-06 16:55 - 2016-11-09 17:49 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-11-06 16:55 - 2016-11-06 16:57 - 00001182 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-11-06 16:55 - 2016-11-06 16:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-11-06 16:55 - 2016-11-06 16:57 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-11-06 16:55 - 2016-11-06 16:55 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-11-06 16:55 - 2016-03-10 14:09 - 00065408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2016-11-06 16:55 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2016-11-06 16:55 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2016-11-06 16:54 - 2016-11-06 16:54 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\sree_\Downloads\mbam-setup-2.0.3.1025.exe
2016-11-03 19:31 - 2016-11-09 10:12 - 00000000 ____D C:\Users\sree_\Desktop\FRST
2016-11-03 19:10 - 2016-11-10 19:08 - 00000000 ____D C:\FRST
2016-11-01 21:30 - 2016-11-01 21:32 - 00231760 _____ C:\Users\sree_\Downloads\CrucialScan.exe
2016-10-30 19:14 - 2016-11-01 21:24 - 00000000 ____D C:\Users\sree_\Documents\material-resume
2016-10-28 20:47 - 2016-10-28 20:47 - 00000000 ____D C:\Users\sree_\Documents\Rockstar Games
2016-10-28 20:47 - 2016-10-28 20:47 - 00000000 ____D C:\Users\sree_\AppData\Local\Rockstar Games
2016-10-28 20:46 - 2016-10-28 20:46 - 00000000 ____D C:\ProgramData\Steam
2016-10-28 20:46 - 2016-10-28 20:46 - 00000000 ____D C:\ProgramData\Socialclub
2016-10-28 20:42 - 2016-10-28 20:42 - 00000000 ____D C:\Program Files\Rockstar Games
2016-10-28 20:42 - 2016-10-28 20:42 - 00000000 ____D C:\Program Files (x86)\Rockstar Games
2016-10-28 19:43 - 2010-06-02 03:55 - 00239960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine3_7.dll
2016-10-28 19:43 - 2010-06-02 03:55 - 00176984 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_7.dll
2016-10-28 19:43 - 2010-05-26 10:41 - 02401112 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_43.dll
2016-10-28 19:43 - 2010-05-26 10:41 - 01998168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DX9_43.dll
2016-10-28 19:43 - 2010-05-26 10:41 - 01907552 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dcsx_43.dll
2016-10-28 19:43 - 2010-05-26 10:41 - 01868128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dcsx_43.dll
2016-10-28 19:43 - 2010-05-26 10:41 - 00511328 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_43.dll
2016-10-28 19:43 - 2010-05-26 10:41 - 00470880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_43.dll
2016-10-28 19:43 - 2010-02-04 09:01 - 00530776 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_6.dll
2016-10-28 19:43 - 2010-02-04 09:01 - 00528216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_6.dll
2016-10-28 19:43 - 2010-02-04 09:01 - 00238936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine3_6.dll
2016-10-28 19:43 - 2010-02-04 09:01 - 00176984 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_6.dll
2016-10-28 19:43 - 2010-02-04 09:01 - 00078680 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAPOFX1_4.dll
2016-10-28 19:43 - 2010-02-04 09:01 - 00074072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAPOFX1_4.dll
2016-10-28 19:43 - 2010-02-04 09:01 - 00024920 _____ (Microsoft Corporation) C:\WINDOWS\system32\X3DAudio1_7.dll
2016-10-28 19:43 - 2010-02-04 09:01 - 00022360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\X3DAudio1_7.dll
2016-10-28 19:43 - 2009-09-04 16:44 - 00517960 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_5.dll
2016-10-28 19:43 - 2009-09-04 16:44 - 00515416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_5.dll
2016-10-28 19:43 - 2009-09-04 16:44 - 00238936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine3_5.dll
2016-10-28 19:43 - 2009-09-04 16:44 - 00176968 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_5.dll
2016-10-28 19:43 - 2009-09-04 16:44 - 00073544 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAPOFX1_3.dll
2016-10-28 19:43 - 2009-09-04 16:44 - 00069464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAPOFX1_3.dll
2016-10-28 19:43 - 2009-09-04 16:29 - 05554512 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dcsx_42.dll
2016-10-28 19:43 - 2009-09-04 16:29 - 05501792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dcsx_42.dll
2016-10-28 19:43 - 2009-09-04 16:29 - 02582888 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_42.dll
2016-10-28 19:43 - 2009-09-04 16:29 - 02475352 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_42.dll
2016-10-28 19:43 - 2009-09-04 16:29 - 01974616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_42.dll
2016-10-28 19:43 - 2009-09-04 16:29 - 01892184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DX9_42.dll
2016-10-28 19:43 - 2009-09-04 16:29 - 00285024 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx11_42.dll
2016-10-28 19:43 - 2009-09-04 16:29 - 00235344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx11_42.dll
2016-10-28 19:43 - 2009-03-16 13:18 - 00521560 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_4.dll
2016-10-28 19:43 - 2009-03-16 13:18 - 00517448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_4.dll
2016-10-28 19:43 - 2009-03-16 13:18 - 00235352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine3_4.dll
2016-10-28 19:43 - 2009-03-16 13:18 - 00174936 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_4.dll
2016-10-28 19:43 - 2009-03-16 13:18 - 00024920 _____ (Microsoft Corporation) C:\WINDOWS\system32\X3DAudio1_6.dll
2016-10-28 19:43 - 2009-03-16 13:18 - 00022360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\X3DAudio1_6.dll
2016-10-28 19:43 - 2009-03-09 14:27 - 05425496 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_41.dll
2016-10-28 19:43 - 2009-03-09 14:27 - 04178264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DX9_41.dll
2016-10-28 19:43 - 2009-03-09 14:27 - 02430312 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_41.dll
2016-10-28 19:43 - 2009-03-09 14:27 - 00520544 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_41.dll
2016-10-28 19:43 - 2008-10-27 09:04 - 00518480 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_3.dll
2016-10-28 19:43 - 2008-10-27 09:04 - 00514384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_3.dll
2016-10-28 19:43 - 2008-10-27 09:04 - 00235856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine3_3.dll
2016-10-28 19:43 - 2008-10-27 09:04 - 00175440 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_3.dll
2016-10-28 19:43 - 2008-10-27 09:04 - 00074576 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAPOFX1_2.dll
2016-10-28 19:43 - 2008-10-27 09:04 - 00070992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAPOFX1_2.dll
2016-10-28 19:43 - 2008-10-27 09:04 - 00025936 _____ (Microsoft Corporation) C:\WINDOWS\system32\X3DAudio1_5.dll
2016-10-28 19:43 - 2008-10-27 09:04 - 00023376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\X3DAudio1_5.dll
2016-10-28 19:43 - 2008-10-10 03:52 - 05631312 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_40.dll
2016-10-28 19:43 - 2008-10-10 03:52 - 04379984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DX9_40.dll
2016-10-28 19:43 - 2008-10-10 03:52 - 02605920 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_40.dll
2016-10-28 19:43 - 2008-10-10 03:52 - 02036576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_40.dll
2016-10-28 19:43 - 2008-10-10 03:52 - 00519000 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_40.dll
2016-10-28 19:43 - 2008-10-10 03:52 - 00452440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_40.dll
2016-10-28 19:43 - 2008-07-31 09:41 - 00238088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine3_2.dll
2016-10-28 19:43 - 2008-07-31 09:41 - 00177672 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_2.dll
2016-10-28 19:43 - 2008-07-31 09:41 - 00072200 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAPOFX1_1.dll
2016-10-28 19:43 - 2008-07-31 09:41 - 00068616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAPOFX1_1.dll
2016-10-28 19:43 - 2008-07-31 09:40 - 00513544 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_2.dll
2016-10-28 19:43 - 2008-07-31 09:40 - 00509448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_2.dll
2016-10-28 19:43 - 2008-07-10 10:01 - 00467984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_39.dll
2016-10-28 19:43 - 2008-07-10 10:00 - 04992520 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_39.dll
2016-10-28 19:43 - 2008-07-10 10:00 - 03851784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DX9_39.dll
2016-10-28 19:43 - 2008-07-10 10:00 - 01942552 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_39.dll
2016-10-28 19:43 - 2008-07-10 10:00 - 01493528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_39.dll
2016-10-28 19:43 - 2008-07-10 10:00 - 00540688 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_39.dll
2016-10-28 19:43 - 2008-05-30 13:19 - 00511496 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_1.dll
2016-10-28 19:43 - 2008-05-30 13:19 - 00507400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_1.dll
2016-10-28 19:43 - 2008-05-30 13:18 - 00238088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine3_1.dll
2016-10-28 19:43 - 2008-05-30 13:18 - 00177672 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_1.dll
2016-10-28 19:43 - 2008-05-30 13:17 - 00068104 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAPOFX1_0.dll
2016-10-28 19:43 - 2008-05-30 13:17 - 00065032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAPOFX1_0.dll
2016-10-28 19:43 - 2008-05-30 13:17 - 00025608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\X3DAudio1_4.dll
2016-10-28 19:43 - 2008-05-30 13:16 - 00028168 _____ (Microsoft Corporation) C:\WINDOWS\system32\X3DAudio1_4.dll
2016-10-28 19:43 - 2008-05-30 13:11 - 04991496 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_38.dll
2016-10-28 19:43 - 2008-05-30 13:11 - 03850760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DX9_38.dll
2016-10-28 19:43 - 2008-05-30 13:11 - 01941528 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_38.dll
2016-10-28 19:43 - 2008-05-30 13:11 - 01491992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_38.dll
2016-10-28 19:43 - 2008-05-30 13:11 - 00540688 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_38.dll
2016-10-28 19:43 - 2008-05-30 13:11 - 00467984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_38.dll
2016-10-28 19:43 - 2008-03-05 15:04 - 00489480 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_0.dll
2016-10-28 19:43 - 2008-03-05 15:03 - 00479752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_0.dll
2016-10-28 19:43 - 2008-03-05 15:03 - 00238088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine3_0.dll
2016-10-28 19:43 - 2008-03-05 15:03 - 00177672 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_0.dll
2016-10-28 19:43 - 2008-03-05 15:00 - 00028168 _____ (Microsoft Corporation) C:\WINDOWS\system32\X3DAudio1_3.dll
2016-10-28 19:43 - 2008-03-05 15:00 - 00025608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\X3DAudio1_3.dll
2016-10-28 19:43 - 2008-03-05 14:56 - 04910088 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_37.dll
2016-10-28 19:43 - 2008-03-05 14:56 - 03786760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DX9_37.dll
2016-10-28 19:43 - 2008-03-05 14:56 - 01860120 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_37.dll
2016-10-28 19:43 - 2008-03-05 14:56 - 01420824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_37.dll
2016-10-28 19:43 - 2008-02-05 22:07 - 00529424 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_37.dll
2016-10-28 19:43 - 2008-02-05 22:07 - 00462864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_37.dll
2016-10-28 19:43 - 2007-10-22 02:40 - 00411656 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_10.dll
2016-10-28 19:43 - 2007-10-22 02:39 - 00267272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_10.dll
2016-10-28 19:43 - 2007-10-22 02:37 - 00021000 _____ (Microsoft Corporation) C:\WINDOWS\system32\X3DAudio1_2.dll
2016-10-28 19:43 - 2007-10-22 02:37 - 00017928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\X3DAudio1_2.dll
2016-10-28 19:43 - 2007-10-12 14:14 - 05081608 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_36.dll
2016-10-28 19:43 - 2007-10-12 14:14 - 03734536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_36.dll
2016-10-28 19:43 - 2007-10-12 14:14 - 02006552 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_36.dll
2016-10-28 19:43 - 2007-10-12 14:14 - 01374232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_36.dll
2016-10-28 19:43 - 2007-10-02 08:56 - 00508264 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_36.dll
2016-10-28 19:43 - 2007-10-02 08:56 - 00444776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_36.dll
2016-10-28 19:43 - 2007-07-19 23:57 - 00411496 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_9.dll
2016-10-28 19:43 - 2007-07-19 23:57 - 00267112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_9.dll
2016-10-28 19:43 - 2007-07-19 17:14 - 05073256 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_35.dll
2016-10-28 19:43 - 2007-07-19 17:14 - 03727720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_35.dll
2016-10-28 19:43 - 2007-07-19 17:14 - 01985904 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_35.dll
2016-10-28 19:43 - 2007-07-19 17:14 - 01358192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_35.dll
2016-10-28 19:43 - 2007-07-19 17:14 - 00508264 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_35.dll
2016-10-28 19:43 - 2007-07-19 17:14 - 00444776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_35.dll
2016-10-28 19:43 - 2007-06-20 19:49 - 00409960 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_8.dll
2016-10-28 19:43 - 2007-06-20 19:46 - 00266088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_8.dll
2016-10-28 19:43 - 2007-05-16 15:45 - 04496232 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_34.dll
2016-10-28 19:43 - 2007-05-16 15:45 - 03497832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_34.dll
2016-10-28 19:43 - 2007-05-16 15:45 - 01401200 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_34.dll
2016-10-28 19:43 - 2007-05-16 15:45 - 01124720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_34.dll
2016-10-28 19:43 - 2007-05-16 15:45 - 00506728 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_34.dll
2016-10-28 19:43 - 2007-05-16 15:45 - 00443752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_34.dll
2016-10-28 19:43 - 2007-04-04 17:54 - 00107368 _____ (Microsoft Corporation) C:\WINDOWS\system32\xinput1_3.dll
2016-10-28 19:43 - 2007-04-04 17:53 - 00081768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xinput1_3.dll
2016-10-28 19:42 - 2007-04-04 17:55 - 00403304 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_7.dll
2016-10-28 19:42 - 2007-04-04 17:55 - 00261480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_7.dll
2016-10-28 19:42 - 2007-03-15 15:57 - 00506728 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_33.dll
2016-10-28 19:42 - 2007-03-15 15:57 - 00443752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_33.dll
2016-10-28 19:42 - 2007-03-12 15:42 - 04494184 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_33.dll
2016-10-28 19:42 - 2007-03-12 15:42 - 03495784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_33.dll
2016-10-28 19:42 - 2007-03-12 15:42 - 01400176 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_33.dll
2016-10-28 19:42 - 2007-03-12 15:42 - 01123696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_33.dll
2016-10-28 19:42 - 2007-03-05 11:42 - 00017688 _____ (Microsoft Corporation) C:\WINDOWS\system32\x3daudio1_1.dll
2016-10-28 19:42 - 2007-03-05 11:42 - 00015128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\x3daudio1_1.dll
2016-10-28 19:42 - 2007-01-24 14:27 - 00393576 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_6.dll
2016-10-28 19:42 - 2007-01-24 14:27 - 00255848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_6.dll
2016-10-28 19:42 - 2006-12-08 11:02 - 00251672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_5.dll
2016-10-28 19:42 - 2006-12-08 11:00 - 00390424 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_5.dll
2016-10-28 19:42 - 2006-11-29 12:06 - 00469264 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10.dll
2016-10-28 19:42 - 2006-11-29 12:06 - 00440080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10.dll
2016-10-28 19:42 - 2006-09-28 15:05 - 03977496 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_31.dll
2016-10-28 19:42 - 2006-09-28 15:05 - 02414360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_31.dll
2016-10-28 19:42 - 2006-09-28 15:05 - 00237848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_4.dll
2016-10-28 19:42 - 2006-09-28 15:04 - 00364824 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_4.dll
2016-10-28 19:42 - 2006-07-28 08:31 - 00083736 _____ (Microsoft Corporation) C:\WINDOWS\system32\xinput1_2.dll
2016-10-28 19:42 - 2006-07-28 08:30 - 00363288 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_3.dll
2016-10-28 19:42 - 2006-07-28 08:30 - 00236824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_3.dll
2016-10-28 19:42 - 2006-07-28 08:30 - 00062744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xinput1_2.dll
2016-10-28 19:42 - 2006-05-31 06:24 - 00230168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_2.dll
2016-10-28 19:42 - 2006-05-31 06:22 - 00354072 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_2.dll
2016-10-28 19:42 - 2006-03-31 11:41 - 03927248 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_30.dll
2016-10-28 19:42 - 2006-03-31 11:40 - 02388176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_30.dll
2016-10-28 19:42 - 2006-03-31 11:40 - 00352464 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_1.dll
2016-10-28 19:42 - 2006-03-31 11:39 - 00229584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_1.dll
2016-10-28 19:42 - 2006-03-31 11:39 - 00083664 _____ (Microsoft Corporation) C:\WINDOWS\system32\xinput1_1.dll
2016-10-28 19:42 - 2006-03-31 11:39 - 00062672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xinput1_1.dll
2016-10-28 19:42 - 2006-02-03 07:43 - 03830992 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_29.dll
2016-10-28 19:42 - 2006-02-03 07:43 - 02332368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_29.dll
2016-10-28 19:42 - 2006-02-03 07:42 - 00355536 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_0.dll
2016-10-28 19:42 - 2006-02-03 07:42 - 00230096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_0.dll
2016-10-28 19:42 - 2006-02-03 07:41 - 00016592 _____ (Microsoft Corporation) C:\WINDOWS\system32\x3daudio1_0.dll
2016-10-28 19:42 - 2006-02-03 07:41 - 00014032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\x3daudio1_0.dll
2016-10-28 19:42 - 2005-12-05 17:09 - 03815120 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_28.dll
2016-10-28 19:42 - 2005-12-05 17:09 - 02323664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_28.dll
2016-10-28 19:42 - 2005-07-22 18:59 - 03807440 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_27.dll
2016-10-28 19:42 - 2005-07-22 18:59 - 02319568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_27.dll
2016-10-28 19:42 - 2005-05-26 14:34 - 03767504 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_26.dll
2016-10-28 19:42 - 2005-05-26 14:34 - 02297552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_26.dll
2016-10-28 19:42 - 2005-03-18 16:19 - 03823312 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_25.dll
2016-10-28 19:42 - 2005-03-18 16:19 - 02337488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_25.dll
2016-10-28 19:42 - 2005-02-05 18:45 - 03544272 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_24.dll
2016-10-28 19:42 - 2005-02-05 18:45 - 02222800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_24.dll
2016-10-28 19:35 - 2016-10-28 19:43 - 00000000 ____D C:\WINDOWS\SysWOW64\directx
2016-10-28 19:35 - 2016-10-28 19:40 - 00000000 ___HD C:\WINDOWS\msdownld.tmp
2016-10-28 19:35 - 2016-10-28 19:35 - 00000910 _____ C:\Users\sree_\Desktop\Grand Theft Auto V.lnk
2016-10-28 16:07 - 2016-10-28 16:07 - 00000000 ____D C:\Games
2016-10-28 11:45 - 2016-10-14 23:51 - 01051112 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2016-10-28 11:45 - 2016-10-14 23:51 - 00894088 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2016-10-28 11:45 - 2016-10-14 23:48 - 07817568 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-10-28 11:45 - 2016-10-14 23:48 - 01354320 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2016-10-28 11:45 - 2016-10-14 23:48 - 01173496 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2016-10-28 11:45 - 2016-10-14 23:48 - 00773712 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2016-10-28 11:45 - 2016-10-14 23:48 - 00498952 _____ (Microsoft Corporation) C:\WINDOWS\system32\DolbyDecMFT.dll
2016-10-28 11:45 - 2016-10-14 23:47 - 01883784 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2016-10-28 11:45 - 2016-10-14 23:37 - 00063328 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dam.sys
2016-10-28 11:45 - 2016-10-14 23:33 - 00455040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DolbyDecMFT.dll
2016-10-28 11:45 - 2016-10-14 23:26 - 22224480 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2016-10-28 11:45 - 2016-10-14 23:26 - 04673304 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2016-10-28 11:45 - 2016-10-14 23:26 - 04129928 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2016-10-28 11:45 - 2016-10-14 23:26 - 01990648 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2016-10-28 11:45 - 2016-10-14 23:26 - 01472536 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2016-10-28 11:45 - 2016-10-14 23:26 - 01274712 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2016-10-28 11:45 - 2016-10-14 23:26 - 01062480 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2016-10-28 11:45 - 2016-10-14 23:26 - 00811416 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFCaptureEngine.dll
2016-10-28 11:45 - 2016-10-14 23:26 - 00691080 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
2016-10-28 11:45 - 2016-10-14 23:22 - 01608896 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d9.dll
2016-10-28 11:45 - 2016-10-14 23:22 - 01461200 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2016-10-28 11:45 - 2016-10-14 23:22 - 01418312 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2016-10-28 11:45 - 2016-10-14 23:22 - 00628040 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2016-10-28 11:45 - 2016-10-14 23:18 - 00749920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\drvstore.dll
2016-10-28 11:45 - 2016-10-14 23:18 - 00576400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2016-10-28 11:45 - 2016-10-14 23:18 - 00186424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\weretw.dll
2016-10-28 11:45 - 2016-10-14 23:15 - 20969928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2016-10-28 11:45 - 2016-10-14 23:15 - 01557808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmde.dll
2016-10-28 11:45 - 2016-10-14 23:11 - 01424488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d9.dll
2016-10-28 11:45 - 2016-10-14 23:11 - 01263848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2016-10-28 11:45 - 2016-10-14 23:01 - 01631232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
2016-10-28 11:45 - 2016-10-14 23:00 - 00018432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\stdole2.tlb
2016-10-28 11:45 - 2016-10-14 22:59 - 00272384 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfksproxy.dll
2016-10-28 11:45 - 2016-10-14 22:58 - 00258560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\xboxgip.sys
2016-10-28 11:45 - 2016-10-14 22:57 - 00186880 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2016-10-28 11:45 - 2016-10-14 22:56 - 00095232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BluetoothApis.dll
2016-10-28 11:45 - 2016-10-14 22:56 - 00081408 _____ (Microsoft Corporation) C:\WINDOWS\system32\HttpsDataSource.dll
2016-10-28 11:45 - 2016-10-14 22:56 - 00065024 _____ (Microsoft Corporation) C:\WINDOWS\system32\OnDemandConnRouteHelper.dll
2016-10-28 11:45 - 2016-10-14 22:55 - 00567296 _____ (Microsoft Corporation) C:\WINDOWS\system32\DevicePairing.dll
2016-10-28 11:45 - 2016-10-14 22:55 - 00236544 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Flights.dll
2016-10-28 11:45 - 2016-10-14 22:55 - 00182784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsensorgroup.dll
2016-10-28 11:45 - 2016-10-14 22:54 - 00717312 _____ (Microsoft Corporation) C:\WINDOWS\system32\taskbarcpl.dll
2016-10-28 11:45 - 2016-10-14 22:54 - 00555008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll
2016-10-28 11:45 - 2016-10-14 22:54 - 00217088 _____ (Microsoft Corporation) C:\WINDOWS\system32\DevicePairingFolder.dll
2016-10-28 11:45 - 2016-10-14 22:54 - 00211456 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2016-10-28 11:45 - 2016-10-14 22:54 - 00179712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2016-10-28 11:45 - 2016-10-14 22:54 - 00043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmTasks.dll
2016-10-28 11:45 - 2016-10-14 22:53 - 00744448 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2016-10-28 11:45 - 2016-10-14 22:53 - 00240640 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkDesktopSettings.dll
2016-10-28 11:45 - 2016-10-14 22:53 - 00222720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgentUserBroker.exe
2016-10-28 11:45 - 2016-10-14 22:53 - 00198144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FSClient.dll
2016-10-28 11:45 - 2016-10-14 22:53 - 00147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2016-10-28 11:45 - 2016-10-14 22:52 - 06285312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2016-10-28 11:45 - 2016-10-14 22:52 - 00274432 _____ (Microsoft Corporation) C:\WINDOWS\system32\ListSvc.dll
2016-10-28 11:45 - 2016-10-14 22:52 - 00163328 _____ (Microsoft Corporation) C:\WINDOWS\system32\autoplay.dll
2016-10-28 11:45 - 2016-10-14 22:52 - 00115200 _____ (Microsoft Corporation) C:\WINDOWS\system32\IdCtrls.dll
2016-10-28 11:45 - 2016-10-14 22:50 - 17188352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2016-10-28 11:45 - 2016-10-14 22:50 - 00967168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2016-10-28 11:45 - 2016-10-14 22:50 - 00509440 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Bluetooth.dll
2016-10-28 11:45 - 2016-10-14 22:50 - 00074752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll
2016-10-28 11:45 - 2016-10-14 22:49 - 09131008 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2016-10-28 11:45 - 2016-10-14 22:49 - 00495104 _____ (Microsoft Corporation) C:\WINDOWS\system32\DataSenseHandlers.dll
2016-10-28 11:45 - 2016-10-14 22:49 - 00187904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscsvc.dll
2016-10-28 11:45 - 2016-10-14 22:49 - 00032256 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSManHTTPConfig.exe
2016-10-28 11:45 - 2016-10-14 22:48 - 03778560 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2016-10-28 11:45 - 2016-10-14 22:48 - 01323008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsp_fs.dll
2016-10-28 11:45 - 2016-10-14 22:48 - 01054208 _____ (Microsoft Corporation) C:\WINDOWS\system32\qmgr.dll
2016-10-28 11:45 - 2016-10-14 22:47 - 01113600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsp_health.dll
2016-10-28 11:45 - 2016-10-14 22:47 - 00558080 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnprv.dll
2016-10-28 11:45 - 2016-10-14 22:46 - 00471552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.BackgroundMediaPlayback.dll
2016-10-28 11:45 - 2016-10-14 22:45 - 00406016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2016-10-28 11:45 - 2016-10-14 22:44 - 00747008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RemoteNaturalLanguage.dll
2016-10-28 11:45 - 2016-10-14 22:44 - 00470016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Playback.BackgroundMediaPlayer.dll
2016-10-28 11:45 - 2016-10-14 22:44 - 00465920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppBroker.dll
2016-10-28 11:45 - 2016-10-14 22:44 - 00090112 _____ (Microsoft Corporation) C:\WINDOWS\system32\powercfg.exe
2016-10-28 11:45 - 2016-10-14 22:43 - 00574976 _____ (Microsoft Corporation) C:\WINDOWS\system32\energy.dll
2016-10-28 11:45 - 2016-10-14 22:42 - 00539136 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2016-10-28 11:45 - 2016-10-14 22:42 - 00459776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Playback.MediaPlayer.dll
2016-10-28 11:45 - 2016-10-14 22:42 - 00090624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
2016-10-28 11:45 - 2016-10-14 22:42 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\system32\asycfilt.dll
2016-10-28 11:45 - 2016-10-14 22:41 - 12174848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-10-28 11:45 - 2016-10-14 22:41 - 00940032 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontext.dll
2016-10-28 11:45 - 2016-10-14 22:41 - 00655872 _____ (Microsoft Corporation) C:\WINDOWS\system32\sud.dll
2016-10-28 11:45 - 2016-10-14 22:41 - 00496128 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.UserAccountsHandlers.dll
2016-10-28 11:45 - 2016-10-14 22:41 - 00067584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iscsiwmi.dll
2016-10-28 11:45 - 2016-10-14 22:40 - 13081600 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-10-28 11:45 - 2016-10-14 22:39 - 04749312 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2016-10-28 11:45 - 2016-10-14 22:39 - 03400192 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncCenter.dll
2016-10-28 11:45 - 2016-10-14 22:39 - 01228288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usercpl.dll
2016-10-28 11:45 - 2016-10-14 22:39 - 00982528 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2016-10-28 11:45 - 2016-10-14 22:39 - 00079360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\asycfilt.dll
2016-10-28 11:45 - 2016-10-14 22:38 - 07468032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2016-10-28 11:45 - 2016-10-14 22:38 - 01993216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2016-10-28 11:45 - 2016-10-14 22:38 - 00913920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.dll
2016-10-28 11:45 - 2016-10-14 22:38 - 00828416 _____ (Microsoft Corporation) C:\WINDOWS\system32\appwiz.cpl
2016-10-28 11:45 - 2016-10-14 22:37 - 08075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2016-10-28 11:45 - 2016-10-14 22:37 - 02611200 _____ (Microsoft Corporation) C:\WINDOWS\system32\gameux.dll
2016-10-28 11:45 - 2016-10-14 22:37 - 01643008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Speech.dll
2016-10-28 11:45 - 2016-10-14 22:36 - 03617792 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-10-28 11:45 - 2016-10-14 22:36 - 02512384 _____ (Microsoft Corporation) C:\WINDOWS\system32\themecpl.dll
2016-10-28 11:45 - 2016-10-14 22:36 - 02290176 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2016-10-28 11:45 - 2016-10-14 22:36 - 01880576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2016-10-28 11:45 - 2016-10-14 22:36 - 00629248 _____ (Microsoft Corporation) C:\WINDOWS\system32\hgcpl.dll
2016-10-28 11:45 - 2016-10-14 22:36 - 00347136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Display.dll
2016-10-28 11:45 - 2016-10-14 22:36 - 00338944 _____ (Microsoft Corporation) C:\WINDOWS\system32\fhcpl.dll
2016-10-28 11:45 - 2016-10-14 22:36 - 00081408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cmifw.dll
2016-10-28 11:45 - 2016-10-14 22:35 - 00772608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntshrui.dll
2016-10-28 11:45 - 2016-10-14 22:35 - 00701952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.Connectivity.dll
2016-10-28 11:45 - 2016-10-14 22:35 - 00391168 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2016-10-28 11:45 - 2016-10-14 22:35 - 00389632 _____ (Microsoft Corporation) C:\WINDOWS\system32\stobject.dll
2016-10-28 11:45 - 2016-10-14 22:34 - 00842240 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntshrui.dll
2016-10-28 11:45 - 2016-10-14 22:31 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ahcache.sys
2016-10-28 11:45 - 2016-09-10 08:21 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\capimg.sys
2016-10-28 11:45 - 2016-08-27 00:12 - 00244816 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2016-10-28 11:44 - 2016-10-15 00:11 - 00484584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2016-10-28 11:44 - 2016-10-14 23:51 - 02186896 _____ (Microsoft Corporation) C:\WINDOWS\system32\hevcdecoder.dll
2016-10-28 11:44 - 2016-10-14 23:51 - 01637728 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2016-10-28 11:44 - 2016-10-14 23:51 - 01235296 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2016-10-28 11:44 - 2016-10-14 23:51 - 00595296 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2016-10-28 11:44 - 2016-10-14 23:51 - 00590960 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2016-10-28 11:44 - 2016-10-14 23:51 - 00584032 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2016-10-28 11:44 - 2016-10-14 23:51 - 00322912 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2016-10-28 11:44 - 2016-10-14 23:51 - 00283488 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2016-10-28 11:44 - 2016-10-14 23:51 - 00232800 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2016-10-28 11:44 - 2016-10-14 23:51 - 00137568 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2016-10-28 11:44 - 2016-10-14 23:51 - 00078688 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2016-10-28 11:44 - 2016-10-14 23:43 - 01356352 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipUp.exe
2016-10-28 11:44 - 2016-10-14 23:41 - 05622088 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
2016-10-28 11:44 - 2016-10-14 23:38 - 00500064 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcasvc.dll
2016-10-28 11:44 - 2016-10-14 23:38 - 00409952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS
2016-10-28 11:44 - 2016-10-14 23:34 - 01969912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hevcdecoder.dll
2016-10-28 11:44 - 2016-10-14 23:32 - 01570680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2016-10-28 11:44 - 2016-10-14 23:32 - 00601712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2016-10-28 11:44 - 2016-10-14 23:31 - 02827864 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d11.dll
2016-10-28 11:44 - 2016-10-14 23:31 - 02750384 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2016-10-28 11:44 - 2016-10-14 23:31 - 02190688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2016-10-28 11:44 - 2016-10-14 23:31 - 00658272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2016-10-28 11:44 - 2016-10-14 23:31 - 00402272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2016-10-28 11:44 - 2016-10-14 23:30 - 01851696 _____ (Microsoft Corporation) C:\WINDOWS\system32\crypt32.dll
2016-10-28 11:44 - 2016-10-14 23:30 - 00682816 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2016-10-28 11:44 - 2016-10-14 23:30 - 00557408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
2016-10-28 11:44 - 2016-10-14 23:30 - 00509280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2016-10-28 11:44 - 2016-10-14 23:30 - 00341936 _____ (Microsoft Corporation) C:\WINDOWS\system32\wintrust.dll
2016-10-28 11:44 - 2016-10-14 23:30 - 00238056 _____ (Microsoft Corporation) C:\WINDOWS\system32\weretw.dll
2016-10-28 11:44 - 2016-10-14 23:29 - 02913104 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2016-10-28 11:44 - 2016-10-14 23:29 - 01267504 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll
2016-10-28 11:44 - 2016-10-14 23:29 - 00908640 _____ (Microsoft Corporation) C:\WINDOWS\system32\drvstore.dll
2016-10-28 11:44 - 2016-10-14 23:29 - 00335712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2016-10-28 11:44 - 2016-10-14 23:29 - 00079200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\crashdmp.sys
2016-10-28 11:44 - 2016-10-14 23:26 - 01694712 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
2016-10-28 11:44 - 2016-10-14 23:26 - 01600632 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2016-10-28 11:44 - 2016-10-14 23:26 - 00534096 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2016-10-28 11:44 - 2016-10-14 23:26 - 00160096 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHostBroker.dll
2016-10-28 11:44 - 2016-10-14 23:25 - 00882680 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditionUpgradeManagerObj.dll
2016-10-28 11:44 - 2016-10-14 23:25 - 00742704 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppwinob.dll
2016-10-28 11:44 - 2016-10-14 23:21 - 02537824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2016-10-28 11:44 - 2016-10-14 23:21 - 01100128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2016-10-28 11:44 - 2016-10-14 23:21 - 00584032 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys
2016-10-28 11:44 - 2016-10-14 23:21 - 00292872 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpeffects.dll
2016-10-28 11:44 - 2016-10-14 23:20 - 02276736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d11.dll
2016-10-28 11:44 - 2016-10-14 23:19 - 02256592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2016-10-28 11:44 - 2016-10-14 23:19 - 00272720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wintrust.dll
2016-10-28 11:44 - 2016-10-14 23:18 - 02166232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2016-10-28 11:44 - 2016-10-14 23:18 - 01556712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\crypt32.dll
2016-10-28 11:44 - 2016-10-14 23:18 - 00846560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinTypes.dll
2016-10-28 11:44 - 2016-10-14 23:15 - 03892352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2016-10-28 11:44 - 2016-10-14 23:15 - 01853776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2016-10-28 11:44 - 2016-10-14 23:15 - 01123368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2016-10-28 11:44 - 2016-10-14 23:15 - 00959112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2016-10-28 11:44 - 2016-10-14 23:15 - 00952416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2016-10-28 11:44 - 2016-10-14 23:15 - 00687936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll
2016-10-28 11:44 - 2016-10-14 23:14 - 04311736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2016-10-28 11:44 - 2016-10-14 23:11 - 01435896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2016-10-28 11:44 - 2016-10-14 23:11 - 00545944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2016-10-28 11:44 - 2016-10-14 23:10 - 00254656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmpeffects.dll
2016-10-28 11:44 - 2016-10-14 23:06 - 05685760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2016-10-28 11:44 - 2016-10-14 23:05 - 07216640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2016-10-28 11:44 - 2016-10-14 23:02 - 22568960 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-10-28 11:44 - 2016-10-14 23:00 - 01631232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll
2016-10-28 11:44 - 2016-10-14 23:00 - 00323584 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
2016-10-28 11:44 - 2016-10-14 23:00 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2016-10-28 11:44 - 2016-10-14 22:59 - 00187904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfksproxy.dll
2016-10-28 11:44 - 2016-10-14 22:59 - 00130560 _____ (Microsoft Corporation) C:\WINDOWS\splwow64.exe
2016-10-28 11:44 - 2016-10-14 22:58 - 00040448 _____ (Microsoft Corporation) C:\WINDOWS\system32\efsext.dll
2016-10-28 11:44 - 2016-10-14 22:58 - 00032768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\efsext.dll
2016-10-28 11:44 - 2016-10-14 22:57 - 00217600 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpdxm.dll
2016-10-28 11:44 - 2016-10-14 22:57 - 00175104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmpdxm.dll
2016-10-28 11:44 - 2016-10-14 22:57 - 00039424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dtdump.exe
2016-10-28 11:44 - 2016-10-14 22:56 - 00339968 _____ (Microsoft Corporation) C:\WINDOWS\system32\esentutl.exe
2016-10-28 11:44 - 2016-10-14 22:56 - 00327680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2016-10-28 11:44 - 2016-10-14 22:56 - 00306688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\esentutl.exe
2016-10-28 11:44 - 2016-10-14 22:56 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdd.dll
2016-10-28 11:44 - 2016-10-14 22:56 - 00219648 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSrvPolicyManager.dll
2016-10-28 11:44 - 2016-10-14 22:56 - 00193536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.WiFi.dll
2016-10-28 11:44 - 2016-10-14 22:56 - 00120832 _____ (Microsoft Corporation) C:\WINDOWS\system32\BluetoothApis.dll
2016-10-28 11:44 - 2016-10-14 22:56 - 00098816 _____ (Microsoft Corporation) C:\WINDOWS\system32\BthRadioMedia.dll
2016-10-28 11:44 - 2016-10-14 22:55 - 00635904 _____ (Microsoft Corporation) C:\WINDOWS\system32\FlightSettings.dll
2016-10-28 11:44 - 2016-10-14 22:55 - 00329216 _____ (Microsoft Corporation) C:\WINDOWS\system32\wc_storage.dll
2016-10-28 11:44 - 2016-10-14 22:55 - 00265728 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcore6.dll
2016-10-28 11:44 - 2016-10-14 22:55 - 00156672 _____ (Microsoft Corporation) C:\WINDOWS\system32\hidclass.sys
2016-10-28 11:44 - 2016-10-14 22:55 - 00156672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidclass.sys
2016-10-28 11:44 - 2016-10-14 22:55 - 00142336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.WiFi.dll
2016-10-28 11:44 - 2016-10-14 22:55 - 00126464 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpshell.dll
2016-10-28 11:44 - 2016-10-14 22:54 - 00463872 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2016-10-28 11:44 - 2016-10-14 22:54 - 00410112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SndVolSSO.dll
2016-10-28 11:44 - 2016-10-14 22:54 - 00296960 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsensorgroup.dll
2016-10-28 11:44 - 2016-10-14 22:54 - 00241152 _____ (Microsoft Corporation) C:\WINDOWS\system32\dafBth.dll
2016-10-28 11:44 - 2016-10-14 22:54 - 00152064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\autoplay.dll
2016-10-28 11:44 - 2016-10-14 22:54 - 00102912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmpshell.dll
2016-10-28 11:44 - 2016-10-14 22:53 - 00566784 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActionCenterCPL.dll
2016-10-28 11:44 - 2016-10-14 22:53 - 00549376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActionCenterCPL.dll
2016-10-28 11:44 - 2016-10-14 22:53 - 00313856 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshostcore.dll
2016-10-28 11:44 - 2016-10-14 22:52 - 00690176 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2016-10-28 11:44 - 2016-10-14 22:52 - 00632832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sud.dll
2016-10-28 11:44 - 2016-10-14 22:52 - 00523776 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2016-10-28 11:44 - 2016-10-14 22:52 - 00506880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DevicePairing.dll
2016-10-28 11:44 - 2016-10-14 22:52 - 00432128 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpAXHolder.dll
2016-10-28 11:44 - 2016-10-14 22:52 - 00410624 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdpsvc.dll
2016-10-28 11:44 - 2016-10-14 22:52 - 00339456 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdpusersvc.dll
2016-10-28 11:44 - 2016-10-14 22:52 - 00306176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2016-10-28 11:44 - 2016-10-14 22:52 - 00288256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\systemcpl.dll
2016-10-28 11:44 - 2016-10-14 22:51 - 13868544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2016-10-28 11:44 - 2016-10-14 22:51 - 00429568 _____ (Microsoft Corporation) C:\WINDOWS\system32\SndVolSSO.dll
2016-10-28 11:44 - 2016-10-14 22:51 - 00261632 _____ (Microsoft Corporation) C:\WINDOWS\system32\indexeddbserver.dll
2016-10-28 11:44 - 2016-10-14 22:50 - 02716672 _____ (Microsoft Corporation) C:\WINDOWS\system32\WsmSvc.dll
2016-10-28 11:44 - 2016-10-14 22:50 - 02333184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WsmSvc.dll
2016-10-28 11:44 - 2016-10-14 22:50 - 00896512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontext.dll
2016-10-28 11:44 - 2016-10-14 22:50 - 00438784 _____ (Microsoft Corporation) C:\WINDOWS\system32\EncDec.dll
2016-10-28 11:44 - 2016-10-14 22:50 - 00310272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2016-10-28 11:44 - 2016-10-14 22:50 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\indexeddbserver.dll
2016-10-28 11:44 - 2016-10-14 22:50 - 00090112 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll
2016-10-28 11:44 - 2016-10-14 22:49 - 01913344 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_fs.dll
2016-10-28 11:44 - 2016-10-14 22:49 - 00838144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JpMapControl.dll
2016-10-28 11:44 - 2016-10-14 22:49 - 00388608 _____ (Microsoft Corporation) C:\WINDOWS\system32\zipfldr.dll
2016-10-28 11:44 - 2016-10-14 22:49 - 00348672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\zipfldr.dll
2016-10-28 11:44 - 2016-10-14 22:49 - 00111616 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAppInstaller.exe
2016-10-28 11:44 - 2016-10-14 22:49 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSManHTTPConfig.exe
2016-10-28 11:44 - 2016-10-14 22:48 - 23680000 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-10-28 11:44 - 2016-10-14 22:48 - 01554944 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_health.dll
2016-10-28 11:44 - 2016-10-14 22:47 - 07792640 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2016-10-28 11:44 - 2016-10-14 22:47 - 07626752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2016-10-28 11:44 - 2016-10-14 22:47 - 04612608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2016-10-28 11:44 - 2016-10-14 22:47 - 00720896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.BackgroundMediaPlayback.dll
2016-10-28 11:44 - 2016-10-14 22:47 - 00369664 _____ (Microsoft Corporation) C:\WINDOWS\system32\msinfo32.exe
2016-10-28 11:44 - 2016-10-14 22:46 - 19418112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-10-28 11:44 - 2016-10-14 22:46 - 19416576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-10-28 11:44 - 2016-10-14 22:46 - 03287552 _____ (Microsoft Corporation) C:\WINDOWS\system32\mispace.dll
2016-10-28 11:44 - 2016-10-14 22:46 - 00718848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Playback.BackgroundMediaPlayer.dll
2016-10-28 11:44 - 2016-10-14 22:46 - 00336896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msinfo32.exe
2016-10-28 11:44 - 2016-10-14 22:45 - 01790464 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationFramework.dll
2016-10-28 11:44 - 2016-10-14 22:45 - 00942080 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2016-10-28 11:44 - 2016-10-14 22:45 - 00702464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Playback.MediaPlayer.dll
2016-10-28 11:44 - 2016-10-14 22:45 - 00337920 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2016-10-28 11:44 - 2016-10-14 22:44 - 03307520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2016-10-28 11:44 - 2016-10-14 22:44 - 00636928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
2016-10-28 11:44 - 2016-10-14 22:43 - 02748928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mispace.dll
2016-10-28 11:44 - 2016-10-14 22:43 - 01365504 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll
2016-10-28 11:44 - 2016-10-14 22:43 - 00078336 _____ (Microsoft Corporation) C:\WINDOWS\system32\iscsiwmi.dll
2016-10-28 11:44 - 2016-10-14 22:42 - 12349440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2016-10-28 11:44 - 2016-10-14 22:42 - 06108672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2016-10-28 11:44 - 2016-10-14 22:42 - 00956416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2016-10-28 11:44 - 2016-10-14 22:42 - 00805376 _____ (Microsoft Corporation) C:\WINDOWS\system32\FrameServer.dll
2016-10-28 11:44 - 2016-10-14 22:42 - 00467968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Geolocation.dll
2016-10-28 11:44 - 2016-10-14 22:42 - 00130560 _____ (Microsoft Corporation) C:\WINDOWS\system32\chartv.dll
2016-10-28 11:44 - 2016-10-14 22:41 - 07654912 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2016-10-28 11:44 - 2016-10-14 22:41 - 05376000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2016-10-28 11:44 - 2016-10-14 22:41 - 00945664 _____ (Microsoft Corporation) C:\WINDOWS\system32\iphlpsvc.dll
2016-10-28 11:44 - 2016-10-14 22:41 - 00161792 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditionUpgradeHelper.dll
2016-10-28 11:44 - 2016-10-14 22:40 - 01690112 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2016-10-28 11:44 - 2016-10-14 22:39 - 04474368 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
2016-10-28 11:44 - 2016-10-14 22:39 - 02266624 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2016-10-28 11:44 - 2016-10-14 22:39 - 01060864 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpMapControl.dll
2016-10-28 11:44 - 2016-10-14 22:39 - 01005568 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3D12.dll
2016-10-28 11:44 - 2016-10-14 22:39 - 00869888 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2016-10-28 11:44 - 2016-10-14 22:39 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
2016-10-28 11:44 - 2016-10-14 22:39 - 00806400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3D12.dll
2016-10-28 11:44 - 2016-10-14 22:39 - 00631296 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationController.dll
2016-10-28 11:44 - 2016-10-14 22:39 - 00357376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Geolocation.dll
2016-10-28 11:44 - 2016-10-14 22:39 - 00243712 _____ (Microsoft Corporation) C:\WINDOWS\system32\shdocvw.dll
2016-10-28 11:44 - 2016-10-14 22:39 - 00109568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\chartv.dll
2016-10-28 11:44 - 2016-10-14 22:38 - 13441024 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2016-10-28 11:44 - 2016-10-14 22:38 - 02458112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\themecpl.dll
2016-10-28 11:44 - 2016-10-14 22:38 - 00675840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.dll
2016-10-28 11:44 - 2016-10-14 22:38 - 00579072 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppBroker.dll
2016-10-28 11:44 - 2016-10-14 22:37 - 04708864 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
2016-10-28 11:44 - 2016-10-14 22:37 - 03733504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll
2016-10-28 11:44 - 2016-10-14 22:37 - 02256896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2016-10-28 11:44 - 2016-10-14 22:37 - 01980416 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2016-10-28 11:44 - 2016-10-14 22:37 - 01029632 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2016-10-28 11:44 - 2016-10-14 22:37 - 00884224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2016-10-28 11:44 - 2016-10-14 22:37 - 00715264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlCore.dll
2016-10-28 11:44 - 2016-10-14 22:37 - 00712192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Search.dll
2016-10-28 11:44 - 2016-10-14 22:37 - 00709120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CPFilters.dll
2016-10-28 11:44 - 2016-10-14 22:37 - 00093184 _____ (Microsoft Corporation) C:\WINDOWS\system32\cmifw.dll
2016-10-28 11:44 - 2016-10-14 22:36 - 04423680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll
2016-10-28 11:44 - 2016-10-14 22:36 - 02484736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gameux.dll
2016-10-28 11:44 - 2016-10-14 22:36 - 01637888 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2016-10-28 11:44 - 2016-10-14 22:36 - 01595392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-10-28 11:44 - 2016-10-14 22:36 - 01556992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll
2016-10-28 11:44 - 2016-10-14 22:36 - 01492480 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2016-10-28 11:44 - 2016-10-14 22:36 - 01359360 _____ (Microsoft Corporation) C:\WINDOWS\system32\usercpl.dll
2016-10-28 11:44 - 2016-10-14 22:36 - 01170944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Speech.dll
2016-10-28 11:44 - 2016-10-14 22:36 - 00983040 _____ (Microsoft Corporation) C:\WINDOWS\system32\RemoteNaturalLanguage.dll
2016-10-28 11:44 - 2016-10-14 22:36 - 00909824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Search.dll
2016-10-28 11:44 - 2016-10-14 22:36 - 00881664 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2016-10-28 11:44 - 2016-10-14 22:36 - 00792064 _____ (Microsoft Corporation) C:\WINDOWS\system32\spoolsv.exe
2016-10-28 11:44 - 2016-10-14 22:36 - 00673792 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2016-10-28 11:44 - 2016-10-14 22:36 - 00580608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hgcpl.dll
2016-10-28 11:44 - 2016-10-14 22:36 - 00542208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.Connectivity.dll
2016-10-28 11:44 - 2016-10-14 22:36 - 00358912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\stobject.dll
2016-10-28 11:44 - 2016-10-14 22:35 - 03054080 _____ (Microsoft Corporation) C:\WINDOWS\system32\esent.dll
2016-10-28 11:44 - 2016-10-14 22:35 - 02999808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2016-10-28 11:44 - 2016-10-14 22:35 - 02708992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\esent.dll
2016-10-28 11:44 - 2016-10-14 22:35 - 02670592 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2016-10-28 11:44 - 2016-10-14 22:35 - 02315264 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2016-10-28 11:44 - 2016-10-14 22:35 - 02005504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
2016-10-28 11:44 - 2016-10-14 22:35 - 01779712 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-10-28 11:44 - 2016-10-14 22:35 - 01512960 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2016-10-28 11:44 - 2016-10-14 22:35 - 01509376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2016-10-28 11:44 - 2016-10-14 22:35 - 00905216 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlCore.dll
2016-10-28 11:44 - 2016-10-14 22:35 - 00798208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2016-10-28 11:44 - 2016-10-14 22:35 - 00760832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NMAA.dll
2016-10-28 11:44 - 2016-10-14 22:35 - 00483328 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.dll
2016-10-28 11:44 - 2016-10-14 22:35 - 00422400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.dll
2016-10-28 11:44 - 2016-10-14 22:34 - 02688512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2016-10-28 11:44 - 2016-10-14 22:34 - 02476544 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2016-10-28 11:44 - 2016-10-14 22:34 - 01840640 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2016-10-28 11:44 - 2016-10-14 22:34 - 01726976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
2016-10-28 11:44 - 2016-10-14 22:34 - 00936448 _____ (Microsoft Corporation) C:\WINDOWS\system32\NMAA.dll
2016-10-28 11:44 - 2016-10-14 22:32 - 00886784 _____ (Microsoft Corporation) C:\WINDOWS\system32\CPFilters.dll
2016-10-28 11:44 - 2016-08-05 23:17 - 00619368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2016-10-28 11:43 - 2016-10-14 22:59 - 00018432 _____ (Microsoft Corporation) C:\WINDOWS\system32\stdole2.tlb
2016-10-28 11:43 - 2016-10-14 22:57 - 00081408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2016-10-28 11:43 - 2016-10-14 22:54 - 00314880 _____ (Microsoft Corporation) C:\WINDOWS\system32\FSClient.dll
2016-10-28 11:43 - 2016-10-14 22:53 - 00270336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2016-10-28 11:43 - 2016-10-14 22:52 - 00088576 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2016-10-28 11:43 - 2016-10-14 22:51 - 00226304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcore6.dll
2016-10-28 11:43 - 2016-10-14 22:42 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\powercfg.exe
2016-10-28 11:27 - 2016-10-28 11:27 - 00034949 _____ C:\Users\sree_\Desktop\SEPTA-plan.pdf
2016-10-25 21:23 - 2016-10-25 21:24 - 00000000 ____D C:\Users\sree_\AppData\Local\Deployment
2016-10-25 21:04 - 2016-11-01 22:03 - 00000000 ____D C:\Users\sree_\AppData\Roaming\HpUpdate
2016-10-25 21:04 - 2016-10-25 21:04 - 00002284 _____ C:\Users\Public\Desktop\HP Officejet Pro 8600.lnk
2016-10-25 21:04 - 2016-10-25 21:04 - 00000982 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\I.R.I.S. OCR Registration.lnk
2016-10-25 21:04 - 2016-10-25 21:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2016-10-25 21:04 - 2012-10-17 03:31 - 00741480 ____N (Hewlett-Packard Co.) C:\WINDOWS\system32\HPDiscoPM5912.dll
2016-10-25 21:03 - 2016-10-25 21:04 - 00000000 ____D C:\Program Files (x86)\HP
2016-10-25 21:03 - 2016-10-25 21:03 - 00000000 ____D C:\ProgramData\HP
2016-10-25 21:03 - 2016-10-25 21:03 - 00000000 ____D C:\Program Files\HP
2016-10-25 21:02 - 2016-10-25 21:02 - 00000000 ____D C:\Users\sree_\AppData\Local\HP
2016-10-25 20:59 - 2016-10-25 21:00 - 123809984 _____ C:\Users\sree_\Downloads\OJ8600_1315-1.exe
2016-10-24 22:50 - 2016-10-24 22:50 - 00084080 _____ C:\Users\sree_\Desktop\DxDiag.txt
2016-10-24 20:18 - 2016-09-06 18:25 - 00088128 _____ (VMware, Inc.) C:\WINDOWS\system32\Drivers\vmx86.sys
2016-10-24 20:18 - 2016-09-06 18:25 - 00052288 _____ (VMware, Inc.) C:\WINDOWS\system32\Drivers\vmkbd.sys
2016-10-24 20:18 - 2016-09-02 20:27 - 00091712 _____ (VMware, Inc.) C:\WINDOWS\system32\Drivers\vsock.sys
2016-10-24 20:18 - 2016-09-02 20:27 - 00069104 _____ (VMware, Inc.) C:\WINDOWS\system32\vsocklib.dll
2016-10-24 20:18 - 2016-09-02 20:27 - 00065016 _____ (VMware, Inc.) C:\WINDOWS\SysWOW64\vsocklib.dll
2016-10-24 20:17 - 2016-10-24 20:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VMware
2016-10-24 20:17 - 2016-09-06 18:31 - 00400968 _____ (VMware, Inc.) C:\WINDOWS\SysWOW64\vmnat.exe
2016-10-24 20:17 - 2016-09-06 18:30 - 01148488 _____ (VMware, Inc.) C:\WINDOWS\system32\vnetlib64.dll
2016-10-24 20:17 - 2016-09-06 18:30 - 00366664 _____ (VMware, Inc.) C:\WINDOWS\SysWOW64\vmnetdhcp.exe
2016-10-24 20:17 - 2016-09-06 18:13 - 00066624 _____ (VMware, Inc.) C:\WINDOWS\system32\vnetinst.dll
2016-10-24 20:17 - 2016-09-06 18:13 - 00044096 _____ (VMware, Inc.) C:\WINDOWS\system32\Drivers\vmnetuserif.sys
2016-10-24 20:17 - 2016-09-06 17:48 - 00083008 _____ (VMware, Inc.) C:\WINDOWS\system32\Drivers\hcmon.sys
2016-10-24 20:16 - 2016-10-24 20:16 - 00000000 ____D C:\Users\Public\Documents\Shared Virtual Machines
2016-10-24 20:16 - 2016-10-24 20:16 - 00000000 ____D C:\Program Files\Common Files\VMware
2016-10-24 20:16 - 2016-10-24 20:16 - 00000000 ____D C:\Program Files (x86)\VMware
2016-10-24 20:14 - 2016-10-24 20:15 - 318391336 _____ (VMware, Inc.) C:\Users\sree_\Downloads\VMware-workstation-full-12.5.0-4352439.exe
2016-10-24 18:38 - 2016-10-25 09:08 - 00000000 ____D C:\Users\sree_\AppData\Roaming\VMware
2016-10-24 18:38 - 2016-10-25 09:08 - 00000000 ____D C:\Users\sree_\AppData\Local\VMware
2016-10-24 16:42 - 2016-11-09 10:21 - 00000000 ____D C:\ProgramData\VMware
2016-10-24 16:42 - 2016-10-24 16:42 - 00001024 _____ C:\WINDOWS\SysWOW64\%TMP%
2016-10-24 16:39 - 2016-10-24 16:40 - 515132968 _____ (VMware, Inc.) C:\Users\sree_\Downloads\VMware-workstation-full-10.0.3-1895310.exe
2016-10-23 20:21 - 2016-11-01 21:25 - 00000000 ____D C:\Users\sree_\Documents\ReadyResponder
2016-10-23 20:01 - 2016-11-01 21:25 - 00000000 ____D C:\Users\sree_\Documents\emoji-cheat-sheet.com
2016-10-20 09:51 - 2016-10-20 09:51 - 02365296 _____ (Microsoft Corporation) C:\WINDOWS\system32\WudfUpdate_01011.dll
2016-10-17 13:38 - 2016-10-17 13:38 - 02403774 _____ C:\Users\sree_\Desktop\AttendeeViewerImage000.bmp
2016-10-17 12:29 - 2016-10-31 14:59 - 00000000 ____D C:\Users\sree_\AppData\Local\Citrix
2016-10-17 11:04 - 2016-10-19 12:45 - 00000000 ____D C:\Users\sree_\AppData\LocalLow\Lenovo
2016-10-16 14:24 - 2016-10-16 14:24 - 00007763 _____ C:\Users\sree_\Desktop\CCI Sample.pdf
2016-10-13 20:55 - 2016-10-13 20:55 - 02468304 _____ (Logitech, Inc.) C:\WINDOWS\system32\LdaCx2.dll
2016-10-13 10:20 - 2016-11-01 21:25 - 00000000 ____D C:\Users\sree_\Documents\lab4-repository
2016-10-12 06:51 - 2016-10-12 06:51 - 62041152 _____ (Oracle Corporation) C:\Users\sree_\Downloads\jre-8u101-windows-x64.exe
2016-10-12 06:51 - 2016-10-12 06:51 - 00110144 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge-64.dll
2016-10-12 06:51 - 2016-10-12 06:51 - 00000000 ____D C:\Users\sree_\AppData\Roaming\Sun
2016-10-12 06:51 - 2016-10-12 06:51 - 00000000 ____D C:\Users\sree_\AppData\LocalLow\Sun
2016-10-12 06:51 - 2016-10-12 06:51 - 00000000 ____D C:\Users\sree_\.oracle_jre_usage
2016-10-12 06:51 - 2016-10-12 06:51 - 00000000 ____D C:\ProgramData\Oracle
2016-10-12 06:51 - 2016-10-12 06:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-10-12 06:51 - 2016-10-12 06:51 - 00000000 ____D C:\Program Files\Java
2016-10-11 16:40 - 2016-10-30 18:21 - 00000000 ____D C:\Users\sree_\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Brave Inc
2016-10-11 16:40 - 2016-10-30 18:21 - 00000000 ____D C:\Users\sree_\AppData\Local\brave
2016-10-11 16:40 - 2016-10-11 16:44 - 00000000 ____D C:\Users\sree_\AppData\Roaming\brave
2016-10-11 16:40 - 2016-10-11 16:40 - 00000000 ____D C:\Users\sree_\AppData\Local\SquirrelTemp
2016-10-11 16:39 - 2016-10-11 16:39 - 91369984 _____ (Brave Software) C:\Users\sree_\Downloads\BraveSetup-x64.exe
2016-10-11 14:08 - 2016-10-05 05:17 - 01322848 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpx.dll
2016-10-11 14:08 - 2016-10-05 05:13 - 01859264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
2016-10-11 14:08 - 2016-10-05 05:13 - 00146784 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHostCommon.dll
2016-10-11 14:08 - 2016-10-05 05:12 - 02446696 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2016-10-11 14:08 - 2016-10-05 05:09 - 00064352 _____ (Avago Technologies) C:\WINDOWS\system32\Drivers\MegaSas2i.sys
2016-10-11 14:08 - 2016-10-05 04:51 - 01430720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll
2016-10-11 14:08 - 2016-10-05 04:38 - 00237568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.Diagnostics.dll
2016-10-11 14:08 - 2016-10-05 04:36 - 00113664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.ServiceDiscovery.Dnssd.dll
2016-10-11 14:08 - 2016-10-05 04:35 - 00196096 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDeviceRegistration.dll
2016-10-11 14:08 - 2016-10-05 04:35 - 00101888 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDeviceRegistration.Ngc.dll
2016-10-11 14:08 - 2016-10-05 04:33 - 00651264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.AllJoyn.dll
2016-10-11 14:08 - 2016-10-05 04:33 - 00268800 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserMgrProxy.dll
2016-10-11 14:08 - 2016-10-05 04:33 - 00157696 _____ (Microsoft Corporation) C:\WINDOWS\system32\credprovs.dll
2016-10-11 14:08 - 2016-10-05 04:32 - 00590336 _____ (Microsoft Corporation) C:\WINDOWS\system32\efswrt.dll
2016-10-11 14:08 - 2016-10-05 04:32 - 00146432 _____ (Microsoft Corporation) C:\WINDOWS\system32\AuthBroker.dll
2016-10-11 14:08 - 2016-10-05 04:31 - 00480768 _____ (Microsoft Corporation) C:\WINDOWS\system32\dsreg.dll
2016-10-11 14:08 - 2016-10-05 04:31 - 00425472 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcdedit.exe
2016-10-11 14:08 - 2016-10-05 04:30 - 00396800 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncsi.dll
2016-10-11 14:08 - 2016-10-05 04:29 - 00368640 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlasvc.dll
2016-10-11 14:08 - 2016-10-05 04:28 - 00156672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDeviceRegistration.dll
2016-10-11 14:08 - 2016-10-05 04:27 - 00945664 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2016-10-11 14:08 - 2016-10-05 04:26 - 00590848 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2016-10-11 14:08 - 2016-10-05 04:26 - 00184320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserMgrProxy.dll
2016-10-11 14:08 - 2016-10-05 04:26 - 00137216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\credprovs.dll
2016-10-11 14:08 - 2016-10-05 04:26 - 00088576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDeviceRegistration.Ngc.dll
2016-10-11 14:08 - 2016-10-05 04:25 - 01589248 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdtctm.dll
2016-10-11 14:08 - 2016-10-05 04:25 - 00822784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2016-10-11 14:08 - 2016-10-05 04:25 - 00404992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dsreg.dll
2016-10-11 14:08 - 2016-10-05 04:25 - 00299520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataAccountApis.dll
2016-10-11 14:08 - 2016-10-05 04:25 - 00117760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AuthBroker.dll
2016-10-11 14:08 - 2016-10-05 04:24 - 00483840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.AllJoyn.dll
2016-10-11 14:08 - 2016-10-05 04:24 - 00099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\adsmsext.dll
2016-10-11 14:08 - 2016-10-05 04:23 - 00431616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\efswrt.dll
2016-10-11 14:08 - 2016-10-05 04:23 - 00426496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Wallet.dll
2016-10-11 14:08 - 2016-10-05 04:23 - 00284672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\apprepsync.dll
2016-10-11 14:08 - 2016-10-05 04:23 - 00187904 _____ (Microsoft Corporation) C:\WINDOWS\system32\dialclient.dll
2016-10-11 14:08 - 2016-10-05 04:23 - 00125952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\apprepapi.dll
2016-10-11 14:08 - 2016-10-05 04:21 - 03689984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2016-10-11 14:08 - 2016-10-05 04:21 - 00567808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ChatApis.dll
2016-10-11 14:08 - 2016-10-05 04:20 - 00661504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2016-10-11 14:08 - 2016-10-05 04:20 - 00143872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxdav.sys
2016-10-11 14:08 - 2016-10-05 04:19 - 02390016 _____ (Microsoft Corporation) C:\WINDOWS\system32\smartscreen.exe
2016-10-11 14:08 - 2016-10-05 04:18 - 00983040 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcsvc.dll
2016-10-11 14:08 - 2016-10-05 04:18 - 00858112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EmailApis.dll
2016-10-11 14:08 - 2016-10-05 04:18 - 00759296 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2016-10-11 14:08 - 2016-10-05 04:17 - 08126464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-10-11 14:08 - 2016-10-05 04:17 - 02914304 _____ (Microsoft Corporation) C:\WINDOWS\system32\CertEnroll.dll
2016-10-11 14:08 - 2016-10-05 04:16 - 04747776 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-10-11 14:08 - 2016-10-05 04:16 - 00765440 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Sensors.dll
2016-10-11 14:08 - 2016-10-05 04:15 - 02800128 _____ (Microsoft Corporation) C:\WINDOWS\system32\netshell.dll
2016-10-11 14:08 - 2016-10-05 04:15 - 00141312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dialclient.dll
2016-10-11 14:08 - 2016-10-05 04:14 - 01255936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2016-10-11 14:08 - 2016-10-05 04:13 - 00055808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offreg.dll
2016-10-11 14:08 - 2016-10-05 04:12 - 01107456 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2016-10-11 14:08 - 2016-10-05 04:11 - 06043136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2016-10-11 14:08 - 2016-10-05 04:11 - 00640000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MCRecvSrc.dll
2016-10-11 14:08 - 2016-10-05 04:10 - 06474752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mspaint.exe
2016-10-11 14:08 - 2016-10-05 04:09 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppointmentApis.dll
2016-10-11 14:08 - 2016-10-05 04:09 - 00691712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2016-10-11 14:08 - 2016-10-05 04:08 - 00873472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2016-10-11 14:08 - 2016-10-05 04:07 - 03667456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-10-11 14:08 - 2016-10-05 04:07 - 02682880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netshell.dll
2016-10-11 14:08 - 2016-10-05 04:07 - 02646016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CertEnroll.dll
2016-10-11 14:08 - 2016-10-05 04:07 - 00566784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ShareHost.dll
2016-10-11 14:08 - 2016-10-05 04:06 - 00850944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ContactApis.dll
2016-10-11 14:08 - 2016-10-05 04:05 - 03105792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstsc.exe
2016-10-11 14:08 - 2016-09-07 00:34 - 00360040 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlows.exe
2016-10-11 14:07 - 2016-10-05 05:35 - 00279904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2016-10-11 14:07 - 2016-10-05 05:33 - 00128864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tm.sys
2016-10-11 14:07 - 2016-10-05 05:31 - 02213248 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2016-10-11 14:07 - 2016-10-05 05:22 - 01181536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2016-10-11 14:07 - 2016-10-05 05:16 - 00187232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2016-10-11 14:07 - 2016-10-05 05:12 - 01112928 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxPackaging.dll
2016-10-11 14:07 - 2016-10-05 05:09 - 01071728 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetcore.dll
2016-10-11 14:07 - 2016-10-05 05:08 - 00241504 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHost.dll
2016-10-11 14:07 - 2016-10-05 05:03 - 01705976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2016-10-11 14:07 - 2016-10-05 04:50 - 00116576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudExperienceHostCommon.dll
2016-10-11 14:07 - 2016-10-05 04:49 - 01980768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2016-10-11 14:07 - 2016-10-05 04:48 - 01022304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxPackaging.dll
2016-10-11 14:07 - 2016-10-05 04:46 - 01360456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetsrc.dll
2016-10-11 14:07 - 2016-10-05 04:46 - 00980824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetcore.dll
2016-10-11 14:07 - 2016-10-05 04:38 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbonRes.dll
2016-10-11 14:07 - 2016-10-05 04:36 - 00073216 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryBroker.dll
2016-10-11 14:07 - 2016-10-05 04:35 - 00352768 _____ (Microsoft Corporation) C:\WINDOWS\system32\cloudAP.dll
2016-10-11 14:07 - 2016-10-05 04:35 - 00122880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryClient.dll
2016-10-11 14:07 - 2016-10-05 04:34 - 00144896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dfsc.sys
2016-10-11 14:07 - 2016-10-05 04:32 - 00379904 _____ (Microsoft Corporation) C:\WINDOWS\system32\apprepsync.dll
2016-10-11 14:07 - 2016-10-05 04:32 - 00223744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.HostName.dll
2016-10-11 14:07 - 2016-10-05 04:31 - 00837632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbiosrvc.dll
2016-10-11 14:07 - 2016-10-05 04:31 - 00748544 _____ (Microsoft Corporation) C:\WINDOWS\system32\ChatApis.dll
2016-10-11 14:07 - 2016-10-05 04:31 - 00561664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Wallet.dll
2016-10-11 14:07 - 2016-10-05 04:31 - 00176128 _____ (Microsoft Corporation) C:\WINDOWS\system32\apprepapi.dll
2016-10-11 14:07 - 2016-10-05 04:31 - 00058880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ConfigureExpandedStorage.dll
2016-10-11 14:07 - 2016-10-05 04:29 - 01145856 _____ (Microsoft Corporation) C:\WINDOWS\system32\EmailApis.dll
2016-10-11 14:07 - 2016-10-05 04:28 - 03059200 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2016-10-11 14:07 - 2016-10-05 04:28 - 00775168 _____ (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe
2016-10-11 14:07 - 2016-10-05 04:28 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIRibbonRes.dll
2016-10-11 14:07 - 2016-10-05 04:28 - 00123904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.HostName.dll
2016-10-11 14:07 - 2016-10-05 04:27 - 00094208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryClient.dll
2016-10-11 14:07 - 2016-10-05 04:27 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.ServiceDiscovery.Dnssd.dll
2016-10-11 14:07 - 2016-10-05 04:23 - 01908224 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2016-10-11 14:07 - 2016-10-05 04:22 - 00073216 _____ (Microsoft Corporation) C:\WINDOWS\system32\offreg.dll
2016-10-11 14:07 - 2016-10-05 04:21 - 00167936 _____ (Microsoft Corporation) C:\WINDOWS\system32\ErrorDetails.dll
2016-10-11 14:07 - 2016-10-05 04:20 - 00936960 _____ (Microsoft Corporation) C:\WINDOWS\system32\MCRecvSrc.dll
2016-10-11 14:07 - 2016-10-05 04:18 - 01656832 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2016-10-11 14:07 - 2016-10-05 04:17 - 04136960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepository.dll
2016-10-11 14:07 - 2016-10-05 04:17 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\adsmsext.dll
2016-10-11 14:07 - 2016-10-05 04:16 - 06664192 _____ (Microsoft Corporation) C:\WINDOWS\system32\mspaint.exe
2016-10-11 14:07 - 2016-10-05 04:16 - 00771072 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppointmentApis.dll
2016-10-11 14:07 - 2016-10-05 04:16 - 00508416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2016-10-11 14:07 - 2016-10-05 04:15 - 00833024 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2016-10-11 14:07 - 2016-10-05 04:15 - 00774656 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.dll
2016-10-11 14:07 - 2016-10-05 04:15 - 00716800 _____ (Microsoft Corporation) C:\WINDOWS\system32\ShareHost.dll
2016-10-11 14:07 - 2016-10-05 04:14 - 01456640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2016-10-11 14:07 - 2016-10-05 04:14 - 01013760 _____ (Microsoft Corporation) C:\WINDOWS\system32\ContactApis.dll
2016-10-11 14:07 - 2016-10-05 04:13 - 01328128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.Http.dll
2016-10-11 14:07 - 2016-10-05 04:12 - 00998912 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWorkspace.dll
2016-10-11 14:07 - 2016-10-05 04:12 - 00924672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.BackgroundTransfer.dll
2016-10-11 14:07 - 2016-10-05 04:11 - 03496960 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVidCtl.dll
2016-10-11 14:07 - 2016-10-05 04:09 - 03369984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepository.dll
2016-10-11 14:07 - 2016-10-05 04:08 - 02356736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVidCtl.dll
2016-10-11 14:07 - 2016-10-05 04:08 - 00598528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.dll
2016-10-11 14:07 - 2016-10-05 04:07 - 00589312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Sensors.dll
2016-10-11 14:07 - 2016-10-05 04:06 - 01013248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.Http.dll
2016-10-11 14:07 - 2016-10-05 04:05 - 00751104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.BackgroundTransfer.dll
2016-10-11 14:07 - 2016-10-04 19:01 - 00446124 _____ C:\WINDOWS\system32\ApnDatabase.xml
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-11-10 16:48 - 2016-10-05 15:29 - 00000000 ____D C:\Users\sree_\AppData\Local\CrashDumps
2016-11-10 13:18 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-11-10 13:17 - 2016-07-16 06:47 - 00000000 ___HD C:\Program Files\WindowsApps
2016-11-10 11:55 - 2016-09-20 03:53 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2016-11-10 10:55 - 2016-03-18 07:24 - 00000000 ____D C:\Users\sree_\AppData\Local\Adobe
2016-11-09 21:43 - 2016-09-20 04:41 - 00004562 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2016-11-09 17:52 - 2016-07-16 06:36 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-11-09 17:17 - 2016-03-06 22:24 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-11-09 17:11 - 2016-03-06 22:24 - 141011376 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-11-09 11:28 - 2016-10-05 11:15 - 00000000 ____D C:\Users\sree_\AppData\Roaming\FileZilla
2016-11-09 10:28 - 2015-11-03 14:28 - 01218720 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-11-09 10:24 - 2016-03-06 19:53 - 00000000 ___RD C:\Users\sree_\OneDrive
2016-11-09 10:22 - 2016-09-20 03:56 - 00000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2016-11-09 10:22 - 2016-03-06 14:19 - 00000000 __SHD C:\Users\sree_\IntelGraphicsProfiles
2016-11-09 10:21 - 2016-09-20 04:41 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-11-09 10:21 - 2016-07-27 20:03 - 00000008 __RSH C:\ProgramData\ntuser.pol
2016-11-09 10:13 - 2016-09-20 04:02 - 00000000 ____D C:\Users\sree_
2016-11-09 10:11 - 2016-09-20 04:41 - 00000000 ____D C:\WINDOWS\System32\Tasks\Lenovo
2016-11-09 10:11 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy
2016-11-09 10:11 - 2015-10-30 02:24 - 00000000 ___HD C:\WINDOWS\system32\GroupPolicy
2016-11-08 09:59 - 2016-07-16 01:04 - 01310720 _____ C:\WINDOWS\system32\config\BBI
2016-11-07 12:44 - 2016-10-05 11:10 - 00001934 _____ C:\Users\sree_\Desktop\FileZilla Client.lnk
2016-11-07 12:44 - 2016-10-05 11:10 - 00000000 ____D C:\Users\sree_\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
2016-11-07 12:44 - 2016-10-05 11:10 - 00000000 ____D C:\Program Files\FileZilla FTP Client
2016-11-06 21:20 - 2016-09-20 04:02 - 00000000 ____D C:\Users\kitty
2016-11-06 21:20 - 2016-07-27 20:03 - 00000000 ____D C:\Users\kitty\AppData\Local\{49987FC4-6D30-137C-00A8-369424C0CA0C}
2016-11-06 21:20 - 2016-07-16 06:45 - 00000000 ____D C:\WINDOWS\INF
2016-11-06 21:20 - 2016-03-20 22:35 - 00000000 ____D C:\Program Files\KMSpico
2016-11-06 21:20 - 2016-01-30 02:06 - 00000000 ___HD C:\WINDOWS\system32\WLANProfiles
2016-11-06 21:20 - 2016-01-30 01:26 - 00000000 ____D C:\ProgramData\Lenovo
2016-11-06 20:47 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\registration
2016-11-04 20:25 - 2016-03-06 14:19 - 00000000 ____D C:\Users\sree_\AppData\Local\Google
2016-11-04 12:55 - 2016-03-06 14:19 - 00000000 ____D C:\Users\sree_\AppData\Roaming\Adobe
2016-11-03 16:58 - 2016-03-18 07:25 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-11-02 21:49 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\rescache
2016-11-02 20:05 - 2016-03-06 14:19 - 00000000 ____D C:\Users\sree_\AppData\Local\Packages
2016-11-02 19:16 - 2016-10-03 20:26 - 00000000 ____D C:\Users\sree_\AppData\Roaming\Kodi
2016-11-01 21:04 - 2016-09-22 10:35 - 00000000 ____D C:\Users\sree_\Documents\ss4337-ci101
2016-10-31 17:02 - 2016-09-20 04:41 - 00004278 _____ C:\WINDOWS\System32\Tasks\avast! Emergency Update
2016-10-30 07:55 - 2016-03-06 11:43 - 00000000 ___RD C:\Users\kitty\OneDrive
2016-10-30 07:26 - 2016-03-06 11:40 - 00000000 __SHD C:\Users\kitty\IntelGraphicsProfiles
2016-10-30 07:26 - 2015-11-03 14:24 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-10-29 18:48 - 2016-09-20 03:53 - 00346792 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-10-29 18:43 - 2016-07-16 06:47 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2016-10-29 18:43 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2016-10-29 18:43 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\system32\oobe
2016-10-29 18:43 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-10-29 18:39 - 2016-07-16 06:47 - 00015425 _____ C:\WINDOWS\system32\OEMDefaultAssociations.xml
2016-10-28 18:56 - 2016-07-16 06:49 - 00828408 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-10-28 18:56 - 2016-07-16 06:49 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2016-10-27 10:11 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\system32\FxsTmp
2016-10-26 22:31 - 2016-10-08 21:33 - 00000000 ____D C:\Users\sree_\AppData\Local\Nox
2016-10-26 22:24 - 2016-10-06 12:12 - 00000000 ____D C:\Users\sree_\.android
2016-10-26 22:22 - 2016-10-08 21:33 - 00000000 ____D C:\Users\sree_\vmlogs
2016-10-26 22:22 - 2016-10-08 21:33 - 00000000 ____D C:\Users\sree_\.BigNox
2016-10-26 22:20 - 2016-08-17 16:26 - 00000000 ____D C:\ProgramData\BlueStacksSetup
2016-10-26 21:22 - 2016-04-01 11:22 - 00000000 ____D C:\Users\sree_\AppData\Roaming\vlc
2016-10-25 21:22 - 2016-04-05 17:00 - 00000000 ____D C:\Users\sree_\AppData\Roaming\Apple Computer
2016-10-24 20:17 - 2016-01-30 02:04 - 01097338 _____ C:\WINDOWS\SysWOW64\PerfStringBackup.INI
2016-10-24 20:02 - 2016-10-08 18:43 - 00000000 ____D C:\ProgramData\Cisco
2016-10-24 20:02 - 2016-01-30 02:06 - 00000000 ____D C:\Program Files (x86)\Cisco
2016-10-21 13:42 - 2016-07-16 06:47 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-10-21 13:39 - 2016-01-30 01:21 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2016-10-21 12:49 - 2016-03-08 12:54 - 00000000 ____D C:\Users\sree_\AppData\Roaming\Skype
2016-10-21 12:46 - 2016-03-08 12:54 - 00000000 ____D C:\ProgramData\Skype
2016-10-20 21:44 - 2016-06-03 19:14 - 00002279 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-10-20 21:44 - 2016-06-03 19:14 - 00002267 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-10-17 11:04 - 2016-03-06 14:21 - 00000000 ____D C:\Users\sree_\AppData\Local\Lenovo
2016-10-17 10:59 - 2016-03-08 12:54 - 00000000 ___RD C:\Program Files (x86)\Skype
2016-10-17 07:49 - 2016-03-20 21:50 - 00293352 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswvmm.sys
2016-10-13 20:55 - 2012-11-05 22:26 - 00838224 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcr110.dll
2016-10-13 20:55 - 2012-11-05 22:26 - 00670800 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcp110.dll
2016-10-13 20:55 - 2012-11-05 22:26 - 00363616 _____ (Microsoft Corporation) C:\WINDOWS\system32\vccorlib110.dll
2016-10-13 20:55 - 2012-09-20 15:02 - 03942864 _____ (Logitech, Inc.) C:\WINDOWS\system32\LogiLDA.DLL
2016-10-12 11:25 - 2016-09-21 10:57 - 00000000 ____D C:\Users\sree_\AppData\Roaming\SSH
2016-10-12 06:44 - 2016-09-22 18:54 - 00000000 ____D C:\Users\sree_\AppData\Local\Spotify
2016-10-12 06:44 - 2016-09-22 18:52 - 00000000 ____D C:\Users\sree_\AppData\Roaming\Spotify
2016-10-11 22:21 - 2016-07-16 06:47 - 00000000 ___SD C:\WINDOWS\system32\DiagSvcs
2016-10-11 22:21 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\system32\migwiz
2016-10-11 22:21 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\ShellExperiences
2016-10-11 22:21 - 2016-07-16 06:47 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2016-10-11 22:21 - 2016-07-16 06:47 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2016-10-11 13:51 - 2016-07-16 06:43 - 00783360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TSWorkspace.dll
2016-10-11 13:51 - 2016-07-16 06:42 - 00177664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.Diagnostics.dll
 
==================== Files in the root of some directories =======
 
2016-11-09 11:22 - 2016-11-09 11:28 - 0000600 _____ () C:\Users\sree_\AppData\Local\PUTTY.RND
2016-11-10 11:46 - 2016-11-10 11:46 - 0001741 _____ () C:\Users\sree_\AppData\Local\recently-used.xbel
2016-11-09 10:21 - 2016-11-09 10:21 - 0000102 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.64.bc
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-11-08 14:25
 
==================== End of FRST.txt ============================
 
THe additional log is this:
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 04-11-2016
Ran by sree_ (10-11-2016 19:10:27)
Running from C:\Users\sree_\Desktop\FRST
Windows 10 Home Version 1607 (X64) (2016-09-20 09:47:26)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-2973546267-1245024337-2511460995-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2973546267-1245024337-2511460995-503 - Limited - Disabled)
Guest (S-1-5-21-2973546267-1245024337-2511460995-501 - Limited - Disabled)
kitty (S-1-5-21-2973546267-1245024337-2511460995-1001 - Administrator - Enabled) => C:\Users\kitty
sree_ (S-1-5-21-2973546267-1245024337-2511460995-1002 - Administrator - Enabled) => C:\Users\sree_
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Avast Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: Avast Antivirus (Enabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.020.20042 - Adobe Systems Incorporated)
Adobe Lightroom (HKLM-x32\...\{8048A5DF-8A70-5BE1-954B-E0FDE1BD0D0D}) (Version: 6.5 - Adobe Systems Incorporated)
Adobe Photoshop CC 2015 (HKLM-x32\...\{793C2BF7-A4FE-4608-91C9-9282C5801C21}) (Version: 16.1 - Adobe Systems Incorporated)
Apple Application Support (32-bit) (HKLM-x32\...\{26356515-5821-40FA-9C3D-9785052A1062}) (Version: 4.3.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{C2651553-6CA3-4822-B2E6-BC4ACA6E0EA2}) (Version: 4.3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2E4AF2A6-50EA-4260-9BA4-5E582D11879A}) (Version: 9.3.0.15 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
Avast Premier (HKLM-x32\...\Avast) (Version: 12.3.2280 - AVAST Software)
BlueStacks App Player (HKLM-x32\...\BlueStacks) (Version: 2.5.61.6289 - BlueStack Systems, Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
CopyTrans Control Center Uninstall Only (HKU\S-1-5-21-2973546267-1245024337-2511460995-1002\...\CopyTrans Suite) (Version: 4.008 - WindSolutions)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Decrap my Computer (HKLM-x32\...\Decrap my Computer) (Version:  - Macecraft Software)
Dolby Audio X2 Windows API SDK (HKLM\...\{6A478BF2-F67F-4ABC-A7F1-B6B5BA862371}) (Version: 0.5.2.32 - Dolby Laboratories, Inc.)
Dolby Audio X2 Windows APP (HKLM\...\{7DA57EF8-9D20-4126-AF15-D0CC97D0C017}) (Version: 0.4.0.22 - Dolby Laboratories, Inc.)
FileZilla Client 3.22.2.2 (HKU\S-1-5-21-2973546267-1245024337-2511460995-1002\...\FileZilla Client) (Version: 3.22.2.2 - Tim Kosse)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 54.0.2840.71 - Google Inc.)
Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
Gpg4win (2.3.3) (HKLM-x32\...\GPG4Win) (Version: 2.3.3 - The Gpg4win Project)
Grammarly for Microsoft® Office Suite (HKU\S-1-5-21-2973546267-1245024337-2511460995-1002\...\{b1eb8775-bc01-49f5-9885-9ff3c9b4a7a3}) (Version: 6.5.57 - Grammarly)
Grammarly for Microsoft® Office Suite (Version: 6.5.57 - Grammarly) Hidden
Grand Theft Auto V v.1.0.350.1 (HKLM-x32\...\Grand Theft Auto V_is1) (Version:  - )
HP Officejet Pro 8600 Basic Device Software (HKLM\...\{791A06E2-340F-43B0-8FAB-62D151339362}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
Intel® Chipset Device Software (x32 Version: 10.1.1.9 - Intel® Corporation) Hidden
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.0.1158 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4364 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 14.5.0.1081 - Intel Corporation)
Intel® Serial IO (HKLM\...\{9FD91C5C-44AE-4D9D-85BE-AE52816B0294}) (Version: 30.100.1519.7 - Intel Corporation)
Intel® Wireless Bluetooth® (HKLM-x32\...\{588DA478-D4FF-48E3-8290-49F8C4B21283}) (Version: 18.1.1527.1551 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{e6f0207e-ac43-48a9-bfff-3d879b45694d}) (Version: 18.12.1 - Intel Corporation)
iTunes (HKLM\...\{9F4BF859-C3A4-4AB6-BDD1-9C5D58188598}) (Version: 12.4.1.6 - Apple Inc.)
Java 8 Update 101 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180101F0}) (Version: 8.0.1010.13 - Oracle Corporation)
Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
KMSpico (HKLM\...\{8B29D47F-92E2-4C20-9EE0-F710991F5D7C}_is1) (Version:  - )
Kodi (HKU\S-1-5-21-2973546267-1245024337-2511460995-1002\...\Kodi) (Version:  - XBMC-Foundation)
Lenovo EasyCamera (HKLM-x32\...\{E399A5B3-ED53-4DEA-AF04-8011E1EB1EAC}) (Version: 6.3.9600.11105 - Realtek Semiconductor Corp.)
Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.1.0.4501 - CyberLink Corp.)
Lenovo OneKey Recovery (Version: 8.1.0.4501 - CyberLink Corp.) Hidden
Lenovo QuickOptimizer (HKLM\...\{8D2C871B-1B9F-45AC-9C43-2BB18089CDFA}) (Version: 1.0.022.00 - Lenovo)
Lenovo Service Bridge (HKU\S-1-5-21-2973546267-1245024337-2511460995-1002\...\dda9ca0b023f4c56) (Version: 1.6.3.5 - Lenovo)
Lenovo Solution Center (HKLM\...\{52753916-613B-4455-8022-A146CC17B1F6}) (Version: 3.2.002.00 - Lenovo)
Lenovo System Interface Foundation (HKLM\...\{C2E5CA37-C862-4A69-AC6D-24F450A20C16}) (Version: 1.0.067.00 - Lenovo)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Metric Collection SDK (x32 Version: 1.1.0012.00 - Lenovo Group Limited) Hidden
Metric Collection SDK 35 (x32 Version: 1.2.0010.00 - Lenovo Group Limited) Hidden
Microsoft Office 365 ProPlus - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 16.0.7369.2038 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Nik Collection (HKLM-x32\...\Nik Collection) (Version: 1.2.11 - Google)
Nox APP Player (HKLM-x32\...\Nox) (Version: 3.7.1.0 - Duodian Technology Co. Ltd.)
Office 16 Click-to-Run Extensibility Component (x32 Version: 16.0.7369.2038 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (Version: 16.0.7369.2038 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (Version: 16.0.7369.2038 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (x32 Version: 16.0.7369.2038 - Microsoft Corporation) Hidden
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9.141.259 - Google, Inc.)
Qualcomm Atheros Setup (HKLM\...\{18373B57-4FC3-4B1A-95B3-A7E5DCA577F7}) (Version: 1.00.0000 - Qualcomm Atheros)
REACHit (HKLM-x32\...\{4532E4C5-C84D-4040-A044-ECFCC5C6995B}) (Version: 2.5.005.12 - Lenovo)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.1.505.2015 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7624 - Realtek Semiconductor Corp.)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.1.5.8 - Rockstar Games)
SafeZone Stable 1.51.2220.62 (x32 Version: 1.51.2220.62 - Avast Software) Hidden
Skype™ 7.29 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.29.102 - Skype Technologies S.A.)
SourceTree (HKLM-x32\...\SourceTree 1.9.6.1) (Version: 1.9.6.1 - Atlassian)
SourceTree (x32 Version: 1.9.6.1 - Atlassian) Hidden
Spotify (HKU\S-1-5-21-2973546267-1245024337-2511460995-1002\...\Spotify) (Version: 1.0.38.171.g5e1cd7b2 - Spotify AB)
SSH Secure Shell (HKLM-x32\...\{74E2CD0C-D4A2-11D3-95A6-0000E86CFDE5}) (Version:  - )
Sublime Text Build 3124 (HKLM\...\Sublime Text 3_is1) (Version:  - Sublime HQ Pty Ltd)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.18.0 - Synaptics Incorporated)
TI Connect™ (HKLM-x32\...\{D06BA64C-4447-49B4-B99D-E85BEA9E1035}) (Version: 4.0.0.218 - Texas Instruments Inc.)
User Manuals (HKLM-x32\...\InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 4.0.0.1 - Lenovo)
User Manuals (x32 Version: 4.0.0.1 - Lenovo) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
VMware Workstation (HKLM\...\{5FCB317B-2ABC-4AB1-871D-1675492F9A68}) (Version: 12.5.0 - VMware, Inc.)
Windows Driver Package - BigNox Corporation VBoxUSBMon System  (09/16/2015 4.3.12) (HKLM\...\39F54A37125643D2E1E90FA7D81F36ACC9441510) (Version: 09/16/2015 4.3.12 - BigNox Corporation)
Windows Driver Package - BigNox Corporation XQHDrv System  (09/16/2015 4.3.12) (HKLM\...\0147813640F7AF69F569581EE672B6BE1E71798E) (Version: 09/16/2015 4.3.12 - BigNox Corporation)
Windows Driver Package - Texas Instruments Inc. (SilvrLnk) USB  (06/11/2009 1.0.0.0) (HKLM\...\EC3E466026556D3EB760B01C4772277614354E11) (Version: 06/11/2009 1.0.0.0 - Texas Instruments Inc.)
Windows Driver Package - Texas Instruments Inc. (TIEHDUSB) USB  (09/02/2009 1.0.0.1) (HKLM\...\7511B29C86C398B4D11A0B0E4176CAD68D1B7057) (Version: 09/02/2009 1.0.0.1 - Texas Instruments Inc.)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinISO (HKLM-x32\...\WinISO) (Version: 6.4.0.5170 - WinISO Computing Inc.)
WinZip 20.0 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240EF}) (Version: 20.0.11659 - WinZip Computing, S.L. )
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-2973546267-1245024337-2511460995-1002_Classes\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2973546267-1245024337-2511460995-1002_Classes\CLSID\{00020421-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2973546267-1245024337-2511460995-1002_Classes\CLSID\{00020422-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2973546267-1245024337-2511460995-1002_Classes\CLSID\{00020423-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2973546267-1245024337-2511460995-1002_Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2973546267-1245024337-2511460995-1002_Classes\CLSID\{00020425-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2973546267-1245024337-2511460995-1002_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\InprocServer32 -> C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2973546267-1245024337-2511460995-1002_Classes\CLSID\{2AD206F1-152C-4F9D-A24E-6F93FE7A4AFC}\InprocServer32 -> C:\Users\sree_\AppData\Local\Grammarly\Grammarly for Microsoft Office Suite\6.5.57\952819D4BE8C4FC2BE570DB5532964D6\GrammarlyShim64.dll (CompanyName)
CustomCLSID: HKU\S-1-5-21-2973546267-1245024337-2511460995-1002_Classes\CLSID\{4BE56754-B616-4998-B825-D16983AEE1B2}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2973546267-1245024337-2511460995-1002_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\sree_\AppData\Local\Microsoft\OneDrive\17.3.6517.0809_1\FileCoAuth.exe (Microsoft Corporation)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {0440C278-CF1B-44E7-8C8C-159C3703CE99} - System32\Tasks\Shelbee_BackupReminder_global => C:\Users\sree_\AppData\Roaming\WindSolutions\CopyTransControlCenter\Applications\CopyTransShelbee.exe [2016-07-07] (WindSolutions)
Task: {25399318-E996-4948-8C0F-1523E811ABA7} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-10-08] (Microsoft Corporation)
Task: {33B171F4-811D-4FED-84E8-454DFCACB45D} - System32\Tasks\AdobeAAMUpdater-1.0-MicrosoftAccount-sree_ib_98@hotmail.com => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2015-05-25] (Adobe Systems Incorporated)
Task: {494C832D-0AFD-4895-BDC0-C84508C34D86} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-03-06] (Google Inc.)
Task: {56276904-6934-466E-B4C1-0E49FB3D2026} - System32\Tasks\Lenovo\LSC\LSCHardwareScanPostpone => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2015-12-10] (Lenovo)
Task: {5BD8C21A-2D55-4A82-B43E-CBF6E7012F9E} - System32\Tasks\AutoPico Daily Restart => C:\Program Files\KMSpico\AutoPico.exe [2015-10-31] ()
Task: {5D198856-B6BA-4856-BB80-E8067ED007C1} - System32\Tasks\SafeZone scheduled Autoupdate 1458528686 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2016-09-06] (Avast Software)
Task: {6A4A4AE9-8569-413B-B048-E1E938A7A100} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2016-10-09] (Microsoft Corporation)
Task: {6B11BB10-680C-4F68-A070-1D94B4409F08} - System32\Tasks\Lenovo\Lenovo Solution Center Launcher => C:\Program Files\lenovo\lenovo solution center\App\LSCService.exe [2015-12-10] (Lenovo)
Task: {7750666D-62D7-49DB-8B17-74FDF79E98B0} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2016-10-09] (Microsoft Corporation)
Task: {7C3F4DA2-6DCB-43F9-927A-22ACD4CFBB34} - System32\Tasks\Shelbee_BackupReminder_MissedTasksChecker => C:\Users\sree_\AppData\Roaming\WindSolutions\CopyTransControlCenter\Applications\CopyTransShelbee.exe [2016-07-07] (WindSolutions)
Task: {7CA949FF-F01D-4BAB-BC64-BAFCA20F355A} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
Task: {812C435A-98C4-42BF-9DE2-CD09D61F12D0} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2016-08-29] (AVAST Software)
Task: {85E40E18-2B08-4FFF-B7E4-5DD8802F4F05} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2016-11-09] (Microsoft Corporation)
Task: {86550862-D0A1-4829-8B85-AEBF89B263E3} - System32\Tasks\Lenovo\REACHit Agent Update => C:\Program Files (x86)\Lenovo\REACHit\REACHitAgent.exe [2016-05-18] (Lenovo)
Task: {87947B09-BD23-4986-884C-3838879BE202} - System32\Tasks\Lenovo\REACHit Agent Startup => C:\Program Files (x86)\Lenovo\REACHit\REACHitAgent.exe [2016-05-18] (Lenovo)
Task: {A84343A3-C76D-4178-AE0B-05F87F1CD578} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-03-06] (Google Inc.)
Task: {B2206D09-4722-486A-ACAC-C44F1E84826E} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-10-08] (Microsoft Corporation)
Task: {E9CBFD9D-7F65-46E8-AE48-AEEE7F718E40} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2016-10-09] (Microsoft Corporation)
Task: {EA5567DF-2027-44BE-BBEA-A3645F018DF2} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Scheduled Maintenance => Sc.exe START ImControllerService
Task: {ECEC7F41-8980-41F5-BDA6-97FE752CD64A} - System32\Tasks\Microsoft\Windows\PLA\LSC Memory => Rundll32.exe C:\Windows\system32\pla.dll,PlaHost "LSC Memory" "$(Arg0)"
Task: {ED3C6388-21DD-4C10-BD2E-F5B82D056AF6} - System32\Tasks\Lenovo\LSC\LSCHardwareScan => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2015-12-10] (Lenovo)
Task: {F56BA7E0-836F-4080-96DA-E00A0C62EA0D} - System32\Tasks\Lenovo\ImController\Plugins\LenovoSystemUpdatePlugin_TVSUUpdateTask => reg.exe add hklm\SOFTWARE\Lenovo\SystemUpdatePlugin\scheduler  /v start /t reg_dword /d 1 /f /reg:32
Task: {F6728F17-4D51-4E87-B6F2-3EAD90728194} - System32\Tasks\Lenovo\LSC\Lenovo Solution Center Notifications => C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe [2015-12-10] (Lenovo)
Task: {FE92C587-4384-4AF3-9EA7-CC44BD377221} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-10-21] (Adobe Systems Incorporated)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
==================== Loaded Modules (Whitelisted) ==============
 
2016-07-16 06:42 - 2016-07-16 06:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-09-30 19:43 - 2016-09-15 12:25 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-03-18 21:56 - 2016-03-18 21:56 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2016-04-22 00:07 - 2016-04-22 00:07 - 01337144 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2015-09-15 00:58 - 2015-09-15 00:58 - 00176640 _____ () C:\Program Files\Dolby\Dolby DAX2\DAX2_API\DolbyDAX2API.exe
2016-01-30 01:21 - 2015-08-18 21:59 - 00058296 _____ () C:\ProgramData\LenovoTransition\Server\x64\dptf.dll
2016-09-06 18:29 - 2016-09-06 18:29 - 12472904 _____ () C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe
2016-01-30 01:21 - 2015-12-02 03:24 - 00043960 _____ () C:\ProgramData\LenovoTransition\Server\x64\EnableAutoRotation.dll
2016-09-30 19:43 - 2016-09-15 12:25 - 02681200 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll
2016-09-20 09:02 - 2016-09-20 09:02 - 01864384 _____ () C:\Users\sree_\AppData\Local\Microsoft\OneDrive\17.3.6517.0809_1\amd64\ClientTelemetry.dll
2016-09-29 15:41 - 2016-10-08 02:52 - 08923840 _____ () C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\1033\GrooveIntlResource.dll
2016-11-01 13:10 - 2016-11-01 13:10 - 00052400 _____ () C:\Program Files\FileZilla FTP Client\fzshellext_64.dll
2016-03-09 21:44 - 2016-03-09 21:44 - 00402912 _____ () C:\WINDOWS\system32\igfxTray.exe
2016-10-28 11:45 - 2016-10-14 22:34 - 01401344 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-01-30 02:02 - 2015-10-01 20:44 - 00134208 _____ () C:\Program Files\Realtek\Audio\HDA\FMAPP.exe
2015-06-16 06:53 - 2015-06-16 06:53 - 00628736 _____ () C:\Program Files\Dolby\Dolby DAX2\DAX2_APP\DolbyDAX2TrayIcon.exe
2016-10-20 21:44 - 2016-10-20 03:56 - 02367080 _____ () C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.71\libglesv2.dll
2016-10-20 21:44 - 2016-10-20 03:56 - 00107112 _____ () C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.71\libegl.dll
2016-11-04 18:04 - 2016-11-04 18:04 - 00072192 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.9.251.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2016-11-04 18:04 - 2016-11-04 18:04 - 00178688 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.9.251.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2016-11-04 18:04 - 2016-11-04 18:04 - 41608704 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.9.251.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2016-10-28 11:45 - 2016-10-14 22:41 - 09760256 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-10-28 11:45 - 2016-10-14 22:34 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2016-10-28 11:45 - 2016-10-14 22:34 - 01033216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2016-10-28 11:45 - 2016-10-14 22:34 - 02424832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-10-28 11:45 - 2016-10-14 22:38 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2016-08-18 03:27 - 2016-08-18 03:27 - 00216576 _____ () C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe
2016-09-20 07:47 - 2016-09-20 07:47 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2016-10-11 14:07 - 2016-10-05 04:35 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2016-11-09 10:31 - 2016-11-09 10:31 - 31067840 _____ () C:\Users\sree_\AppData\Local\Google\Chrome\User Data\PepperFlash\23.0.0.207\pepflashplayer.dll
2016-08-29 19:48 - 2016-08-29 19:48 - 00169064 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2016-08-29 19:48 - 2016-08-29 19:48 - 00482928 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2016-11-10 10:54 - 2016-11-10 10:54 - 03072000 _____ () C:\Program Files\AVAST Software\Avast\defs\16111000\algo.dll
2016-09-06 18:29 - 2016-09-06 18:29 - 00173128 _____ () C:\Program Files (x86)\VMware\VMware Workstation\nfc-types.dll
2016-09-06 18:29 - 2016-09-06 18:29 - 00199752 _____ () C:\Program Files (x86)\VMware\VMware Workstation\LIBEXPAT.dll
2016-09-06 18:29 - 2016-09-06 18:29 - 00396872 _____ () C:\Program Files (x86)\VMware\VMware Workstation\ssoClient.dll
2016-09-20 09:02 - 2016-09-20 09:02 - 01383616 _____ () C:\Users\sree_\AppData\Local\Microsoft\OneDrive\17.3.6517.0809_1\ClientTelemetry.dll
2016-09-20 09:02 - 2016-09-20 09:02 - 00118976 _____ () C:\Users\sree_\AppData\Local\Microsoft\OneDrive\17.3.6517.0809_1\FileSyncViews.dll
2016-07-11 11:06 - 2016-07-11 11:06 - 48936448 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2012-06-14 20:11 - 2012-06-14 20:11 - 00325968 _____ () C:\ProgramData\Microsoft\Windows\WER\lua5.1.dll
2016-01-30 01:22 - 2015-02-12 19:02 - 00224696 _____ () C:\Program Files (x86)\Lenovo\CCSDK\SDKClient.dll
2016-11-01 13:10 - 2016-11-01 13:10 - 00048304 _____ () C:\Program Files\FileZilla FTP Client\fzshellext.dll
2016-08-18 03:03 - 2016-08-18 03:03 - 00050176 _____ () C:\Program Files (x86)\GNU\GnuPG\libw32pth-0.dll
2016-08-18 03:14 - 2016-08-18 03:14 - 00222720 _____ () C:\Program Files (x86)\GNU\GnuPG\libksba-8.dll
2016-08-18 03:14 - 2016-08-18 03:14 - 00073728 _____ () C:\Program Files (x86)\GNU\GnuPG\libassuan-0.dll
2016-08-18 03:17 - 2016-08-18 03:17 - 00751104 _____ () C:\Program Files (x86)\GNU\GnuPG\libgcrypt-20.dll
2016-08-18 03:09 - 2016-08-18 03:09 - 00103424 _____ () C:\Program Files (x86)\GNU\GnuPG\libgpg-error-0.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2015-10-30 02:24 - 2016-09-29 20:04 - 00001069 ____A C:\WINDOWS\system32\Drivers\etc\hosts
 
127.0.0.1 lm.licenses.adobe.com127.0.0.1 activate.adobe.com
8
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-2973546267-1245024337-2511460995-1002\Control Panel\Desktop\\Wallpaper -> c:\users\sree_\appdata\local\microsoft\windows\themes\roamedthemefiles\desktopbackground\du54ff9 - imgur.jpg
DNS Servers: 75.75.75.75 - 75.75.76.76
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
HKLM\...\StartupApproved\Run: => "LenovoUtility"
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run: => "UMonit"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run: => "Logitech Download Assistant"
HKLM\...\StartupApproved\Run32: => "Cisco AnyConnect Secure Mobility Agent for Windows"
HKU\S-1-5-21-2973546267-1245024337-2511460995-1002\...\StartupApproved\Run: => "Skype"
HKU\S-1-5-21-2973546267-1245024337-2511460995-1002\...\StartupApproved\Run: => "BlueStacks Agent"
HKU\S-1-5-21-2973546267-1245024337-2511460995-1002\...\StartupApproved\Run: => "Spotify"
HKU\S-1-5-21-2973546267-1245024337-2511460995-1002\...\StartupApproved\Run: => "Spotify Web Helper"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{4D4BE6AB-D678-4936-97F5-F46F645BA209}] => (Allow) C:\Program Files\Bignox\BigNoxVM\RTNoxVMHandle.exe
FirewallRules: [{EF386CB7-34FA-4B53-8BAD-D7912FF83246}] => (Allow) C:\Users\kitty\AppData\Roaming\Nox\bin\Nox.exe
FirewallRules: [{A44FFF7F-B0AA-486A-9EB6-C021F4AD6906}] => (Allow) C:\Users\kitty\AppData\Local\Chromium\Application\chrome.exe
FirewallRules: [{9CA4791B-277E-4388-906B-9A58053DA848}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{96BE6822-931B-429C-9D5D-D04094C014E1}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office16\UcMapi.exe
FirewallRules: [{57AAAA11-07AB-433F-9802-894ECDBF8AC3}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office16\UcMapi.exe
FirewallRules: [{71A455F5-8C85-44D3-89F6-C68A7731822A}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office16\lync.exe
FirewallRules: [{EEF05601-6C13-4C0E-8ED5-0EBE40F9B075}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office16\lync.exe
FirewallRules: [UDP Query User{C05558DD-BFEA-4454-A847-39D98F8DC741}C:\users\kitty\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\kitty\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{80ACD3CF-640F-4292-B466-336DEDDE5443}C:\users\kitty\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\kitty\appdata\roaming\spotify\spotify.exe
FirewallRules: [{19C759E2-A65E-46D6-AAA6-880E6304A538}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{5F908721-D225-4F21-87AF-7607164E3545}] => (Allow) LPort=1900
FirewallRules: [{BAAACB54-E42F-424D-A144-E858030D2021}] => (Allow) LPort=2869
FirewallRules: [{7E325A8D-996D-49C4-980F-E057739F356A}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{39009EC5-44F2-40F4-BFE5-3BFB1F668622}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{D4590B1C-7762-4218-804C-AC56EA5CFEEB}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{8C22AF34-5F4D-4D42-BD49-C2918F65A5C3}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{0BA3D9C0-088F-4143-BC57-B8083E2DC35C}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{1FAF6096-85F6-488A-AEF5-E5F4A434FAC0}] => (Allow) C:\Users\kitty\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{8468E362-429C-4C3E-B63D-A7110F857E57}] => (Allow) C:\Users\kitty\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{9639B689-0F26-4769-AD9F-96EB3A88CA72}] => (Allow) C:\Users\kitty\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{1BFDE260-548F-4D9C-8546-049D240C2A57}] => (Allow) C:\Users\kitty\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{CF1703F6-27EA-4C1A-B6FC-48676EFBABC9}] => (Allow) C:\Users\kitty\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{18B72AD1-A183-4965-8C3B-646BED096A53}] => (Allow) C:\Users\kitty\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{2CEF3DCC-A005-409E-BEFE-2F6693FE8CBD}] => (Allow) C:\Users\sree_\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{D3CA97EA-2357-4271-AD3B-380C30B0359A}] => (Allow) C:\Users\sree_\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{04AB3E87-413B-43B7-AA4A-E969E0A818DA}] => (Allow) C:\Program Files (x86)\Popcorn Time\Updater.exe
FirewallRules: [{F6CA8DB6-38C6-4E4B-937C-649CAB0EFAE3}] => (Allow) C:\Program Files (x86)\Popcorn Time\Updater.exe
FirewallRules: [{9F9D3E21-CB85-4AF4-98E9-351CBBE7722F}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{924E58FA-362B-4160-BC87-F816FB7E6E81}] => (Allow) C:\Program Files (x86)\Lenovo\SHAREit\SHAREit.exe
FirewallRules: [{AE136088-45BF-4B55-B1BF-21C4B50305D2}] => (Allow) C:\Program Files (x86)\Lenovo\SHAREit\SHAREit.exe
FirewallRules: [{9BEA9AAC-589D-4B1E-94C0-0347451CB029}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{2DC1A885-41E6-4443-BA09-56386BD88CD7}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{FFA21455-68DC-4284-ADBD-D9FC79F8FA06}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{29F170B3-24BE-43BE-9780-2AF3DF48DBF4}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{EB8A522F-0286-4BD7-A907-000825493FE0}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{7CA0F744-C601-469E-8E78-9BA24F082828}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{57465AF7-AE75-4E27-8932-355561F8EF68}] => (Allow) C:\Program Files (x86)\X-Mirage\x-mirage.exe
FirewallRules: [{9C001D5B-DACA-4334-B247-63D0029DFF0D}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{144BE4CC-977B-4974-A7BA-12F0D09F8593}] => (Allow) C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
FirewallRules: [{298C727D-1273-49E1-990B-280091B622D1}] => (Allow) C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
FirewallRules: [{2F32E3D3-72F2-49E0-9014-52059B032828}] => (Allow) C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe
FirewallRules: [{5238DC72-A3C8-4D93-8BA4-035368D12E65}] => (Allow) C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe
FirewallRules: [{4FE27439-8F0B-45C0-A786-48F91D0850F9}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\bin\FaxApplications.exe
FirewallRules: [{972389D9-C9D7-458D-AA8B-1015DDEFF0E8}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\bin\DigitalWizards.exe
FirewallRules: [{CC9DB310-D003-42CF-99D2-2E277AB73941}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\bin\SendAFax.exe
FirewallRules: [{8E5FE5E5-9308-47EB-9D33-C898C4856DF5}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\Bin\DeviceSetup.exe
FirewallRules: [{EE7E6EE9-066D-4535-9B56-58E887E13B5B}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe
FirewallRules: [{7528CD95-FD79-4701-BEF1-0F606219738B}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicatorCom.exe
 
==================== Restore Points =========================
 
05-11-2016 15:57:26 Scheduled Checkpoint
06-11-2016 17:03:52 JRT Pre-Junkware Removal
06-11-2016 20:43:13 Restore Operation
 
==================== Faulty Device Manager Devices =============
 
Name: avast! SecureLine TAP Adapter v3
Description: avast! SecureLine TAP Adapter v3
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: TAP-Windows Provider V9
Service: aswTap
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (11/10/2016 04:48:17 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: ShellExperienceHost.exe, version: 10.0.14393.187, time stamp: 0x57cf9d73
Faulting module name: twinapi.appcore.dll, version: 10.0.14393.206, time stamp: 0x57daca78
Exception code: 0xc000027b
Fault offset: 0x000000000006d1c4
Faulting process id: 0x14ec
Faulting application start time: 0x01d23a9d29af7385
Faulting application path: C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
Faulting module path: C:\Windows\System32\twinapi.appcore.dll
Report Id: 5f663db6-719a-494a-9ee3-40762647fe74
Faulting package full name: Microsoft.Windows.ShellExperienceHost_10.0.14393.206_neutral_neutral_cw5n1h2txyewy
Faulting package-relative application ID: App
 
Error: (11/10/2016 02:20:01 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 3468
 
Error: (11/10/2016 02:20:01 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 3468
 
Error: (11/10/2016 02:20:01 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (11/10/2016 01:58:04 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 3828
 
Error: (11/10/2016 01:58:04 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 3828
 
Error: (11/10/2016 01:58:04 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (11/10/2016 11:44:44 AM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0
 
Error: (11/10/2016 11:17:14 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe.Manifest".Error in manifest or policy file "C:\Program Files (x86)\Microsoft Office\root\Office16\UccApi.DLL" on line 1.
Component identity found in manifest does not match the identity of the component requested.
Reference is UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0".
Definition is UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0".
Please use sxstrace.exe for detailed diagnosis.
 
Error: (11/10/2016 09:59:15 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-22JAIA0)
Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2147023174 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
 
System errors:
=============
Error: (11/10/2016 06:54:21 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (11/10/2016 05:13:25 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (11/10/2016 05:11:45 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (11/10/2016 02:19:57 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (11/10/2016 01:53:12 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (11/10/2016 12:40:27 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (11/10/2016 11:55:36 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (11/10/2016 10:47:00 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (11/10/2016 10:32:58 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (11/10/2016 08:49:58 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
 
CodeIntegrity:
===================================
  Date: 2016-11-09 11:24:39.433
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\MicrosoftAccountCloudAP(1737).dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2016-11-09 11:24:39.420
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\MicrosoftAccountCloudAP(1737).dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2016-11-09 11:24:39.413
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\MicrosoftAccountCloudAP(1737).dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2016-11-09 11:24:39.403
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\MicrosoftAccountCloudAP(1737).dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2016-11-09 11:24:39.357
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\MicrosoftAccountCloudAP(1737).dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2016-11-09 11:24:39.351
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\MicrosoftAccountCloudAP(1737).dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2016-11-09 11:24:37.137
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\edpauditapi(1735).dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2016-11-09 11:24:37.132
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\edpauditapi(1735).dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2016-11-09 11:24:37.129
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\edpauditapi(1735).dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2016-11-09 11:24:37.106
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\edpauditapi(1735).dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5-6200U CPU @ 2.30GHz
Percentage of memory in use: 61%
Total physical RAM: 7986.05 MB
Available physical RAM: 3064.39 MB
Total Virtual: 10162.05 MB
Available Virtual: 4142.93 MB
 
==================== Drives ================================
 
Drive c: (Windows) (Fixed) (Total:452.84 GB) (Free:257.91 GB) NTFS
Drive d: (LENOVO) (Fixed) (Total:25 GB) (Free:22.47 GB) NTFS
Drive e: (Other things) (Fixed) (Total:433.86 GB) (Free:385.56 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 0215328C)
 
Partition: GPT.
 
==================== End of Addition.txt ============================
 
Thanks a lot for the help.


#12 sree98

sree98
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:33 PM

Posted 11 November 2016 - 09:13 AM

Also one more thing. I let my PC run with chrome overnight, and when I woke up, there were 14 different tabs open.



#13 shelf life

shelf life

  • Malware Response Team
  • 2,651 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:02:33 PM

Posted 11 November 2016 - 01:18 PM

Ok lets use FRST once more like you did before, Then you can reset Chrome back to its defaults.

​So copy/paste whats below into notepad, save as fixlist.txt in same location you have FRST. Start FRST and click the fix button. Post new log

CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/","hxxps://isearch.avg.com/?cid={486FDAA6-4262-48A2-8B4D-620A7059FD18}&mid=cb52840bcde547d0b28419d59a9a9dca-bc4f14982843553d8de68df8ae0a3e5af1c8c7fd&lang=en&ds=oo011&pr=sa&d=2012-08-01 09:43:31&v=12.1.0.21&sap=hp","hxxp://www.adoresearch.com/431","hxxp://www.searchamong.com","hxxp://mystart.incredibar.com/mb165?a=6PQQXdhxzU&i=26","hxxp://www.delta-search.com/?affID=119776&tt=060612_5_&babsrc=HP_ss&mntrId=30017b57000000000000c89cdc7e7439","hxxp://search.easylifeapp.com/?pid=34&src=ch1&r=2013/04/05&hid=3978749333&lg=EN&cc=US","hxxp://search.conduit.com/?ctid=CT3289075&SearchSource=48&CUI=UN25651902587901581&UM=2","hxxp://search.conduit.com/?ctid=CT3291326&SearchSource=48&CUI=UN14953311982634269&UM=2","","hxxp://feed.snap.do/?publisher=ShoppingHelper&dpid=ShoppingHelper&co=US&userid=e8ade0ea-6980-4d8e-ad4d-54201fb2e6b2&searchtype=hp&installDate=28/10/2013","hxxp://home.torchbrowser.com","hxxps://us.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_pwrisofs_15_43&param1=1&param2=f%3D7%26b%3DChrome%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0Fzz0AzyyCtAtByD0FyD0FtD0AzyyDyDtN0D0Tzu0StCtAzytAtN1L2XzutAtFtCyEtFtDtFtBtN1L1Czu1BtAtN1L1G1B1V1N2Y1L1Qzu2SyD0BzztA0AyB0EyDtGyD0DyByEtG0C0C0D0FtGyByDyBtCtGyCyBzyyCtAzyyDzz0EtC0FtA2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0CtAyB0C0DyD0FyCtGtCyC0A0FtGyE0CyC0DtG0A0ByCyCtGtD0FyEzz0F0Bzyzy0CyB0B0E2QtN0A0LzutBtN1B2Z1V1T1S1NzutCtCtByC%26cr%3D1805982823%26a%3Dwncy_pwrisofs_15_43%26os%3DWindows%2B10%2BHome"
CHR Session Restore: Default -> is enabled.

​Last reset chrome back to its defaults, Link:

https://support.google.com/chrome/answer/3296214?hl=en


How Can I Reduce My Risk to Malware?


#14 sree98

sree98
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:33 PM

Posted 11 November 2016 - 01:57 PM

Here is the fixlog:
 
Fix result of Farbar Recovery Scan Tool (x64) Version: 04-11-2016
Ran by sree_ (11-11-2016 13:49:27) Run:3
Running from C:\Users\sree_\Desktop\FRST
Loaded Profiles: sree_ (Available Profiles: kitty & sree_)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/","hxxps://isearch.avg.com/?cid={486FDAA6-4262-48A2-8B4D-620A7059FD18}&mid=cb52840bcde547d0b28419d59a9a9dca-bc4f14982843553d8de68df8ae0a3e5af1c8c7fd&lang=en&ds=oo011&pr=sa&d=2012-08-01 09:43:31&v=12.1.0.21&sap=hp","hxxp://www.adoresearch.com/431","hxxp://www.searchamong.com","hxxp://mystart.incredibar.com/mb165?a=6PQQXdhxzU&i=26","hxxp://www.delta-search.com/?affID=119776&tt=060612_5_&babsrc=HP_ss&mntrId=30017b57000000000000c89cdc7e7439","hxxp://search.easylifeapp.com/?pid=34&src=ch1&r=2013/04/05&hid=3978749333&lg=EN&cc=US","hxxp://search.conduit.com/?ctid=CT3289075&SearchSource=48&CUI=UN25651902587901581&UM=2","hxxp://search.conduit.com/?ctid=CT3291326&SearchSource=48&CUI=UN14953311982634269&UM=2","","hxxp://feed.snap.do/?publisher=ShoppingHelper&dpid=ShoppingHelper&co=US&userid=e8ade0ea-6980-4d8e-ad4d-54201fb2e6b2&searchtype=hp&installDate=28/10/2013","hxxp://home.torchbrowser.com","hxxps://us.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_pwrisofs_15_43&param1=1&param2=f%3D7%26b%3DChrome%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0Fzz0AzyyCtAtByD0FyD0FtD0AzyyDyDtN0D0Tzu0StCtAzytAtN1L2XzutAtFtCyEtFtDtFtBtN1L1Czu1BtAtN1L1G1B1V1N2Y1L1Qzu2SyD0BzztA0AyB0EyDtGyD0DyByEtG0C0C0D0FtGyByDyBtCtGyCyBzyyCtAzyyDzz0EtC0FtA2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0CtAyB0C0DyD0FyCtGtCyC0A0FtGyE0CyC0DtG0A0ByCyCtGtD0FyEzz0F0Bzyzy0CyB0B0E2QtN0A0LzutBtN1B2Z1V1T1S1NzutCtCtByC%26cr%3D1805982823%26a%3Dwncy_pwrisofs_15_43%26os%3DWindows%2B10%2BHome"
CHR Session Restore: Default -> is enabled.
*****************
 
CHR DefaultProfile: Default => Error: No automatic fix found for this entry.
Chrome HomePage => removed successfully
Chrome StartupUrls => removed successfully
Chrome Session Restore: => not found.
 
==== End of Fixlog 13:49:28 ====
 
I also reseted chrome, i'll wait a couple of hours to let you know if anything is opening up like before.
 
Thanks


#15 sree98

sree98
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:33 PM

Posted 11 November 2016 - 04:57 PM

Just now a popup opened with this link:

 

http://www.onclicktop.com/a/display.php?r=419588&sub1=2080&sub2=0

 

Just an update.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users