Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Chrome is infected with Adware.


  • This topic is locked This topic is locked
19 replies to this topic

#1 azeemq

azeemq

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:09 AM

Posted 21 February 2017 - 06:09 AM

My browser randomly opens links to weird sites like watermelon-share etc...Here are the FRST and Addition logs. Please help resolve my Adware issue.
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 19-02-2017
Ran by Azeem (21-02-2017 16:11:09)
Running from C:\Users\Azeem\Downloads
Windows 8 (X64) (2015-10-12 05:17:04)
Boot Mode: Normal
=================== Accounts: =============================
Administrator (S-1-5-21-2476311930-3940443278-554749923-500 - Administrator - Disabled)
Azeem (S-1-5-21-2476311930-3940443278-554749923-1001 - Administrator - Enabled) => C:\Users\Azeem
Guest (S-1-5-21-2476311930-3940443278-554749923-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2476311930-3940443278-554749923-1003 - Limited - Enabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Flash Player 19 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 19.0.0.185 - Adobe Systems Incorporated)
Adobe Reader X (10.1.16) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.16 - Adobe Systems Incorporated)
Airtel 4G (HKLM-x32\...\Airtel 4G 07.160516.444L) (Version: 07.160516.444L - )
Alt-C (HKU\S-1-5-21-2476311930-3940443278-554749923-1001\...\Alt-C) (Version: 1.0.5.100 - Can O' Baked Beans Creations)
AutoHotkey 1.1.22.09 (HKLM-x32\...\AutoHotkey) (Version: 1.1.22.09 - Lexikos)
AutoIt v3.3.14.2 (HKLM-x32\...\AutoItv3) (Version: 3.3.14.2 - AutoIt Team)
BIG-IP Edge Client (HKLM-x32\...\{6D4839CB-28B4-4070-8CA7-612CA92CA3D0}) (Version: 71.2015.0724.2154 - F5 Networks, Inc.)
BIG-IP Edge Client Components (All Users) (HKLM-x32\...\F5 Networks Client Components) (Version: 71.2015.0724.2154 - F5 Networks, Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.27 - Piriform)
Check Point VPN (HKLM-x32\...\{66DC5D39-D14E-4227-9911-318EDF2A28B6}) (Version: 75.20.0000 - CheckPoint)
Chrome Remote Desktop Host (HKLM-x32\...\{0F4FB60A-EBD8-445B-8117-128E8351647E}) (Version: 56.0.2924.51 - Google Inc.)
Cisco Systems VPN Client 5.0.07.0290 (HKLM\...\{467D5E81-8349-4892-9E81-C3674ED8E451}) (Version: 5.0.7 - Cisco Systems, Inc.)
Cisco WebEx Meetings (HKU\S-1-5-21-2476311930-3940443278-554749923-1001\...\ActiveTouchMeetingClient) (Version:  - Cisco WebEx LLC)
Classic Shell (HKLM\...\{E289B7DD-6732-4333-A47A-75A145D23EE3}) (Version: 4.2.4 - IvoSoft)
Core Temp 1.0 RC8 (HKLM\...\{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1) (Version: 1.0 - Alcpu)
CPUID HWMonitor 1.28 (HKLM\...\CPUID HWMonitor_is1) (Version:  - )
Dropbox (HKLM-x32\...\Dropbox) (Version: 19.4.13 - Dropbox, Inc.)
Dropbox Update Helper (x32 Version: 1.3.65.1 - Dropbox, Inc.) Hidden
Evernote v. 4.5.7 (HKLM-x32\...\{0BE73D3C-B5AF-11E1-933A-984BE15F174E}) (Version: 4.5.7.7146 - Evernote Corp.)
f.lux (HKU\S-1-5-21-2476311930-3940443278-554749923-1001\...\Flux) (Version:  - )
GlassWire 1.2 (remove only) (HKLM-x32\...\GlassWire 1.2) (Version: 1.2.96 - SecureMix LLC)
Google Chrome (HKLM-x32\...\{01EF2457-B546-3A54-8F9A-065EA5221A9C}) (Version: 66.101.32869 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
Greenshot 1.2.9.112 (HKLM\...\Greenshot_is1) (Version: 1.2.9.112 - Greenshot)
GWX Control Panel (HKLM-x32\...\UltimateOutsider_GwxControlPanel) (Version:  - UltimateOutsider)
Intel AppUp(SM) center (HKLM-x32\...\Intel AppUp(SM) center 33235) (Version: 3.6.1.33235.13 - Intel)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.4425 - Intel Corporation)
Intel® PROSet/Wireless NFC Software (HKLM\...\Intel® PROSet/Wireless NFC Software) (Version: 1.0.1.003 - Intel Corporation)
Intel® Rapid Start Technology (HKLM-x32\...\3D073343-CEEB-4ce7-85AC-A69A7631B5D6) (Version: 2.1.0.1002 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.5.2.1001 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Intel® WiDi (HKLM\...\{EDBA2433-0910-4C72-8C5B-8FEDAE3EF18E}) (Version: 3.5.34.0 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{c9967fbd-e3c3-4ed0-992a-5b33260f2944}) (Version: 16.1.5 - Intel Corporation)
Java 8 Update 121 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180121F0}) (Version: 8.0.1210.13 - Oracle Corporation)
Kodi (HKU\S-1-5-21-2476311930-3940443278-554749923-1001\...\Kodi) (Version:  - XBMC-Foundation)
Malwarebytes version 3.0.6.1469 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.6.1469 - Malwarebytes)
Metric Collection SDK 35 (x32 Version: 1.2.0010.00 - Lenovo Group Limited) Hidden
Microsoft Lync Basic 2013 (HKLM-x32\...\Office15.LYNCENTRY) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft redistributable runtime DLLs VS2005 SP1(x86) (HKLM-x32\...\{CEC7A786-A9C8-4EF7-BB59-6518E3B3C878}) (Version: 8.0.50727.4053 - SAP)
Microsoft redistributable runtime DLLs VS2008 SP1(x86) (HKLM-x32\...\{A47A9101-6EB5-4314-BDA1-297880FBB908}) (Version: 9.0 - SAP AG)
Microsoft redistributable runtime DLLs VS2010 SP1 (x86) (HKLM-x32\...\{2385C070-EC26-4AB9-8718-E605C977C0ED}) (Version: 10.0.40219.1 - SAP)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24212 (HKLM-x32\...\{323dad84-0974-4d90-a1c1-e006c7fdbb7d}) (Version: 14.0.24212.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026 (HKLM-x32\...\{74d0e5db-b326-4dae-a6b2-445b9de1836e}) (Version: 14.0.23026.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 45.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 45.0.1 (x86 en-US)) (Version: 45.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 45.0.1.5918 - Mozilla)
Network Stumbler 0.4.0 (remove only) (HKLM-x32\...\Network Stumbler) (Version:  - )
Norton Anti-Theft (HKLM-x32\...\NAT) (Version: 1.10.0.9 - Symantec Corporation)
Notepad++ (32-bit x86) (HKLM-x32\...\Notepad++) (Version: 7.2.2 - Notepad++ Team)
OnePlus USB Drivers 1.00 (HKLM-x32\...\OnePlus USB Drivers 1.00) (Version: 1.00 - OnePlus, Inc)
Opera Stable 43.0.2442.806 (HKLM-x32\...\Opera 43.0.2442.806) (Version: 43.0.2442.806 - Opera Software)
Outils de vérification linguistique 2013 de Microsoft Office - Français (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
PDFlite 2.0.0.0 (HKLM-x32\...\PDFlite) (Version: 2.0.0.0 - Amnis Technology Ltd)
PDFlite Packages (HKU\S-1-5-21-2476311930-3940443278-554749923-1001\...\PDFlite Packages) (Version:  - ) <==== ATTENTION
qBittorrent 3.2.4 (HKLM-x32\...\qBittorrent) (Version: 3.2.4 - The qBittorrent project)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.14393.31231 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8051 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.2.8400.39032 - Realtek Semiconductor Corp.)
SAP Business Explorer (HKLM-x32\...\SAPBI) (Version: 7.30 - SAP AG)
SAP GUI for Windows 7.30 (HKLM-x32\...\SAPGUI710) (Version: 7.30 Compilation 1 - SAP)
SciTE4AutoIt3 15.920.938.0 (HKLM-x32\...\SciTE4AutoIt3) (Version: 15.920.938.0 - Jos van der Zande)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 32-Bit Edition (HKLM-x32\...\{90150000-012D-0000-0000-0000000FF1CE}_Office15.LYNCENTRY_{7F6C4883-A18C-459A-82C1-A2F9403F2DA6}) (Version:  - Microsoft)
SHAREit (HKLM-x32\...\SHAREit_is1) (Version: 2.5.1.1 - Lenovo Group Limited)
Shift (HKU\S-1-5-21-2476311930-3940443278-554749923-1001\...\Shift) (Version: 1.0.34 - Shift)
Skype Click to Call (HKLM-x32\...\{873F8E7C-10E6-449F-BD7E-5FBA7C8E1C9B}) (Version: 8.5.0.9167 - Microsoft Corporation)
Skype Web Plugin (HKLM-x32\...\{CD62BCB9-02D2-443F-AC7A-443377DA5B38}) (Version: 7.31.0.56 - Skype Technologies S.A.)
Skype™ 7.29 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.29.102 - Skype Technologies S.A.)
Smartflix (HKU\S-1-5-21-2476311930-3940443278-554749923-1001\...\smartflix) (Version: 1.3.1 - Smartflix)
SoundSwitch 3.12.4.34981 (HKLM\...\SoundSwitch_is1) (Version: 3.12.4.34981 - Antoine Aflalo)
SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version:  - )
SRS Premium Sound Control Panel (HKLM\...\{94F03B8E-CB73-4653-AFE9-79112C01FED2}) (Version: 1.12.4600 - SRS Labs, Inc.)
Sublime Text Build 3083 (HKLM\...\Sublime Text 3_is1) (Version:  - Sublime HQ Pty Ltd)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.6.2.13 - Synaptics Incorporated)
TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.47484 - TeamViewer)
TOSHIBA Desktop Assist (HKLM\...\{95CCACF0-010D-45F0-82BF-858643D8BC02}) (Version: 1.00.0007.00002 - Toshiba Corporation)
TOSHIBA eco Utility (HKLM\...\{5944B9D4-3C2A-48DE-931E-26B31714A2F7}) (Version: 2.0.0.6415 - Toshiba Corporation)
TOSHIBA Function Key (HKLM\...\{16562A90-71BC-41A0-B890-D91B0C267120}) (Version: 1.00.6425 - Toshiba Corporation)
TOSHIBA Password Utility (HKLM\...\{320CA1B5-9CD5-4F75-9A25-137B1EDDEB5E}) (Version: 3.00.0001.64001 - Toshiba Corporation)
TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.8.17.640104 - Toshiba Corporation)
TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.2.0.54043005 - Toshiba Corporation)
TOSHIBA Resolution+ Plug-in for Windows Media Player (HKLM-x32\...\{6CB76C9D-80C2-4CB3-A4CD-D96B239E3F94}) (Version: 1.2.2.00 - TOSHIBA Corporation)
TOSHIBA Service Station (HKLM\...\{B8C8422F-01F1-4791-B084-047AAFF9BFCC}) (Version: 2.4.4 - TOSHIBA)
TOSHIBA Sleep Utility (HKLM-x32\...\{472175F3-ACB2-4977-8CC8-EB971C24F245}) (Version: 2.0.0.3202 - Toshiba Corporation)
TOSHIBA System Driver (HKLM-x32\...\{1E6A96A1-2BAB-43EF-8087-30437593C66C}) (Version: 1.00.0012 - Toshiba Corporation)
TOSHIBA System Settings (HKLM-x32\...\{05A55927-DB9B-4E26-BA44-828EBFF829F0}) (Version: 1.00.0001.32002 - Toshiba Corporation)
TOSHIBA Tablet Easy Control (HKLM\...\{713E8F66-EE1D-453B-936B-99C4FAB810A6}) (Version: 1.0.7.64 - Toshiba Corporation)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for Skype for Business 2015 (KB3039776) 32-Bit Edition (HKLM-x32\...\{90150000-012B-0409-0000-0000000FF1CE}_Office15.LYNCENTRY_{9F6B3627-AF9E-40A5-AAD5-3497C4327616}) (Version:  - Microsoft)
Update for Skype for Business 2015 (KB3141468) 32-Bit Edition (HKLM-x32\...\{90150000-002A-0000-1000-0000000FF1CE}_Office15.LYNCENTRY_{0BA3C700-ABED-4994-BB60-2FD66DFAF674}) (Version:  - Microsoft)
Update for Skype for Business 2015 (KB3141468) 32-Bit Edition (HKLM-x32\...\{90150000-012B-0409-0000-0000000FF1CE}_Office15.LYNCENTRY_{0BA3C700-ABED-4994-BB60-2FD66DFAF674}) (Version:  - Microsoft)
Update for Skype for Business 2015 (KB3141468) 32-Bit Edition (HKLM-x32\...\{90150000-012D-0000-0000-0000000FF1CE}_Office15.LYNCENTRY_{0BA3C700-ABED-4994-BB60-2FD66DFAF674}) (Version:  - Microsoft)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.4 - VideoLAN)
VNC Server 5.2.3 (HKLM\...\{E248D9BE-834C-4BE3-BBE3-E66B2AE39886}) (Version: 5.2.3 - RealVNC Ltd)
VNC Viewer 5.2.3 (HKLM\...\{18B1E36F-0DA3-4FDA-BC57-DD815B0DF3B2}) (Version: 5.2.3 - RealVNC Ltd)
WinRAR 5.30 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.30.0 - win.rar GmbH)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-2476311930-3940443278-554749923-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)
CustomCLSID: HKU\S-1-5-21-2476311930-3940443278-554749923-1001_Classes\CLSID\{A62E09B4-6467-4E0F-9B52-E61D8BC9FC69}\localserver32 -> C:\Users\Azeem\AppData\Local\SkypePlugin\7.31.0.56\GatewayVersion-x64.exe (Skype Technologies S.A.)
CustomCLSID: HKU\S-1-5-21-2476311930-3940443278-554749923-1001_Classes\CLSID\{CBF9CD8C-2714-4F36-B76A-43E6C7547BC2}\localserver32 -> C:\Users\Azeem\AppData\Local\SkypePlugin\7.31.0.56\EdgeCalling.exe (Skype Technologies S.A.)
CustomCLSID: HKU\S-1-5-21-2476311930-3940443278-554749923-1001_Classes\CLSID\{E5A7A7B5-9D06-4DBE-BAC0-04B69FF070B5}\InprocServer32 -> C:\Users\Azeem\AppData\Local\SkypePlugin\7.31.0.56\GatewayActiveX-x64.dll (Skype Technologies S.A.)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {3E02E8AF-E80C-4B14-B849-23A4F43AEDDB} - System32\Tasks\Microsoft\Windows\Setup\EOSNotify => C:\WINDOWS\system32\EOSNotify.exe [2016-06-25] (Microsoft Corporation)
Task: {44DCBEA5-1FD7-4D21-8A65-75EDE0BAA1DD} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-10-12] (Google Inc.)
Task: {46D44772-9F95-4BF8-9F99-766E951A432C} - System32\Tasks\Remediation\AntimalwareMigrationTask => C:\Program Files\Common Files\AV\Norton Internet Security\Upgrade.exe [2015-07-28] (Symantec Corporation)
Task: {52800AFF-974A-4AD0-B6E3-F4DD390A1D56} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2013-05-22] (Synaptics Incorporated)
Task: {53223C43-E0FE-422C-AFB8-49684E5E4942} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2017-01-11] (Microsoft Corporation)
Task: {53955454-183B-4EE3-A699-C153CC34001F} - System32\Tasks\TOSHIBA\Service Station => C:\Program Files\TOSHIBA\Toshiba Service Station\ToshibaServiceStation.exe [2012-07-28] (TOSHIBA Corporation)
Task: {69859F5C-BDA5-4673-9526-84453FE7ECC2} - System32\Tasks\Norton Anti-Theft\Norton Error Processor => C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\SymErr.exe [2013-08-01] (Symantec Corporation)
Task: {78C104DB-E190-480A-B56D-747DBB50E029} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-02-08] (Piriform Ltd)
Task: {7AE61107-F36E-419E-8D20-197A5DD301D8} - System32\Tasks\Norton Anti-Theft\Norton Error Analyzer => C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\SymErr.exe [2013-08-01] (Symantec Corporation)
Task: {85A8C2BA-3D05-4FCF-AE00-C41D1E9AD0E7} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2017-01-25] (Dropbox, Inc.)
Task: {A84211FB-1959-484D-B2CF-8B5BEC4E39F4} - \DriverPack Notifier -> No File <==== ATTENTION
Task: {B21CD556-9BA1-4152-A619-E5FE24CE5C98} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-10-12] (Google Inc.)
Task: {D4F0787F-6EF6-4809-8E5D-4C4DAB715FA7} - System32\Tasks\Opera scheduled Autoupdate 1451377340 => C:\Program Files (x86)\Opera\launcher.exe [2017-02-06] (Opera Software)
Task: {F043AAA4-BD71-4B60-B215-8C73270FB597} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2017-01-25] (Dropbox, Inc.)
Task: {F812125A-D0AF-4846-BB48-F642334F89F1} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 35 => C:\Program Files (x86)\Lenovo\Customer Feedback Program 35\Lenovo.TVT.CustomerFeedback.Agent35.exe [2015-07-06] (Lenovo)
Task: {FA44B095-EDA1-4338-ADDE-B266AF86525B} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => %ProgramFiles%\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
==================== Shortcuts =============================
(The entries could be listed to be restored or removed.)
Shortcut: C:\Users\Azeem\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GWX Control Panel\GWX Control Panel User Guide.lnk -> hxxp://blog.ultimateoutsider.com/2015/08/using-gwx-stopper-to-permanently-remove.htm
Shortcut: C:\Users\Azeem\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GWX Control Panel\Ultimate Outsider Downloads.lnk -> hxxp://ultimateoutsider.com/downloads
==================== Loaded Modules (Whitelisted) ==============
2015-12-29 13:51 - 2013-08-26 17:42 - 00087040 _____ () C:\WINDOWS\System32\redmonnt.dll
2016-12-01 21:26 - 2015-10-09 09:14 - 00135168 _____ () C:\WINDOWS\SysWOW64\ChgService.exe
2017-02-20 12:37 - 2017-01-20 07:47 - 02264352 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\PoliciesControllerImpl.dll
2017-02-20 12:37 - 2017-01-20 07:47 - 02829776 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\arwlib.dll
2017-02-20 12:37 - 2017-01-20 07:47 - 02254800 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2016-06-14 13:38 - 2016-06-14 13:38 - 08909504 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2012-07-26 13:28 - 2012-07-26 13:23 - 00170864 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\ModernShared\ErrorReporting\ErrorReporting.dll
2012-07-19 07:08 - 2012-07-19 07:08 - 00020904 _____ () C:\Program Files\TOSHIBA\Hotkey\SmoothView.dll
2012-07-19 07:08 - 2012-07-19 07:08 - 00049064 _____ () C:\Program Files\TOSHIBA\Hotkey\Hotkey\FnZ.dll
2011-08-13 03:27 - 2011-08-13 03:27 - 00437632 _____ () C:\Program Files\TOSHIBA\Hotkey\Hotkey\TcrdKBB.exe
2016-05-16 13:40 - 2016-05-16 13:40 - 00319488 _____ () C:\Program Files (x86)\Airtel 4G\Main\LaunchAssistant.exe
2012-08-06 19:06 - 2012-08-06 19:06 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2017-02-07 12:50 - 2017-02-01 15:17 - 02459992 _____ () C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\libglesv2.dll
2017-02-07 12:50 - 2017-02-01 15:17 - 00099672 _____ () C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\libegl.dll
2010-03-23 13:26 - 2010-03-23 13:26 - 00201512 _____ () C:\Program Files (x86)\Cisco Systems\VPN Client\vpnapi.dll
2017-02-08 20:49 - 2017-02-08 20:49 - 00178128 _____ () C:\Program Files (x86)\GlassWire\EasyHook32.dll
2013-07-11 12:22 - 2012-06-25 23:11 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll
2013-07-11 12:35 - 2012-07-27 19:02 - 00891392 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\QtNetwork4.dll
2013-07-11 12:35 - 2012-07-27 19:02 - 02281984 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\QtCore4.dll
2013-07-11 12:35 - 2012-07-27 19:02 - 00016896 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\featureController.dll
2013-07-11 12:35 - 2012-07-27 19:02 - 00062976 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\osEvents.dll
2013-07-11 12:35 - 2012-07-27 19:02 - 00322048 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\log4cplus.dll
2013-07-11 12:35 - 2012-07-27 19:02 - 00339456 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\QtXml4.dll
2013-07-11 12:35 - 2012-07-27 19:02 - 00400384 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\sqlite3.dll
2013-07-11 12:35 - 2012-07-27 19:02 - 00195584 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\libgsoap.dll
2013-07-11 12:35 - 2012-07-27 19:02 - 00062464 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\zlib1.dll
2013-07-11 12:35 - 2012-07-27 19:02 - 00446976 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\deviceProfile.dll
2013-07-11 12:35 - 2012-07-27 19:02 - 00019456 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\eventsSender.dll
2013-07-11 12:35 - 2012-07-27 19:02 - 00062976 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\serviceManagerStarter.dll
2017-02-08 07:03 - 2017-02-07 10:18 - 00801600 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_watchdog.dll
2017-01-25 08:51 - 2017-01-14 05:23 - 00035792 _____ () C:\Program Files (x86)\Dropbox\Client\_multiprocessing.pyd
2017-01-25 08:51 - 2017-01-14 05:23 - 00100296 _____ () C:\Program Files (x86)\Dropbox\Client\_ctypes.pyd
2017-01-25 08:51 - 2017-01-14 05:23 - 00018888 _____ () C:\Program Files (x86)\Dropbox\Client\select.pyd
2017-01-25 08:51 - 2017-02-07 10:20 - 00019776 _____ () C:\Program Files (x86)\Dropbox\Client\tornado.speedups.pyd
2017-01-25 08:51 - 2017-01-14 05:23 - 00694224 _____ () C:\Program Files (x86)\Dropbox\Client\unicodedata.pyd
2017-02-08 07:03 - 2017-02-07 10:20 - 00020824 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._constant_time.pyd
2017-01-25 08:51 - 2017-01-14 05:24 - 00123856 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_backend.pyd
2017-02-08 07:03 - 2017-02-07 10:20 - 01682768 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._openssl.pyd
2017-02-08 07:03 - 2017-02-07 10:20 - 00020816 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._padding.pyd
2017-02-08 07:03 - 2017-01-14 05:23 - 00145864 _____ () C:\Program Files (x86)\Dropbox\Client\pyexpat.pyd
2017-02-08 07:03 - 2017-01-14 05:24 - 00019408 _____ () C:\Program Files (x86)\Dropbox\Client\faulthandler.pyd
2017-02-08 07:03 - 2017-01-14 05:23 - 00116688 _____ () C:\Program Files (x86)\Dropbox\Client\pywintypes27.dll
2017-01-25 08:51 - 2017-01-14 05:26 - 00105928 _____ () C:\Program Files (x86)\Dropbox\Client\win32api.pyd
2017-01-25 08:51 - 2017-02-07 10:20 - 00022864 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.crt.compiled._winffi_crt.pyd
2017-02-08 07:03 - 2017-02-07 10:20 - 00052544 _____ () C:\Program Files (x86)\Dropbox\Client\psutil._psutil_windows.pyd
2017-02-08 07:03 - 2017-02-07 10:20 - 00038712 _____ () C:\Program Files (x86)\Dropbox\Client\fastpath.pyd
2017-02-08 07:03 - 2017-01-14 05:23 - 00392144 _____ () C:\Program Files (x86)\Dropbox\Client\pythoncom27.dll
2017-02-08 07:03 - 2017-01-14 05:26 - 00020936 _____ () C:\Program Files (x86)\Dropbox\Client\mmapfile.pyd
2017-01-25 08:51 - 2017-01-14 05:26 - 00024528 _____ () C:\Program Files (x86)\Dropbox\Client\win32event.pyd
2017-01-25 08:51 - 2017-01-14 05:27 - 00116176 _____ () C:\Program Files (x86)\Dropbox\Client\win32security.pyd
2017-01-25 08:51 - 2017-02-07 10:20 - 00381760 _____ () C:\Program Files (x86)\Dropbox\Client\win32com.shell.shell.pyd
2017-01-25 08:51 - 2017-01-14 05:26 - 00124880 _____ () C:\Program Files (x86)\Dropbox\Client\win32file.pyd
2017-01-25 08:51 - 2017-02-07 10:20 - 00026456 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.kernel32.compiled._winffi_kernel32.pyd
2017-01-25 08:51 - 2017-01-14 05:26 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32clipboard.pyd
2017-01-25 08:51 - 2017-01-14 05:26 - 00175560 _____ () C:\Program Files (x86)\Dropbox\Client\win32gui.pyd
2017-01-25 08:51 - 2017-01-14 05:27 - 00030160 _____ () C:\Program Files (x86)\Dropbox\Client\win32pipe.pyd
2017-01-25 08:51 - 2017-01-14 05:27 - 00043472 _____ () C:\Program Files (x86)\Dropbox\Client\win32process.pyd
2017-01-25 08:51 - 2017-01-14 05:27 - 00048592 _____ () C:\Program Files (x86)\Dropbox\Client\win32service.pyd
2017-01-25 08:51 - 2017-01-14 05:26 - 00057808 _____ () C:\Program Files (x86)\Dropbox\Client\win32evtlog.pyd
2017-01-25 08:51 - 2017-01-14 05:27 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32profile.pyd
2017-02-08 07:03 - 2017-02-07 10:20 - 00246608 _____ () C:\Program Files (x86)\Dropbox\Client\breakpad.client.windows.handler.pyd
2017-02-08 07:03 - 2017-02-07 10:20 - 00027488 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox.infinite.win.compiled._driverinstallation.pyd
2017-01-25 08:51 - 2017-01-14 05:25 - 00241104 _____ () C:\Program Files (x86)\Dropbox\Client\_jpegtran.pyd
2017-02-08 07:03 - 2017-02-07 10:20 - 00022336 _____ () C:\Program Files (x86)\Dropbox\Client\cpuid.compiled._cpuid.pyd
2017-01-25 08:51 - 2017-01-14 05:27 - 00028616 _____ () C:\Program Files (x86)\Dropbox\Client\win32ts.pyd
2017-02-08 07:03 - 2017-02-07 10:20 - 01826104 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtCore.pyd
2017-01-25 08:51 - 2017-01-14 05:24 - 00083912 _____ () C:\Program Files (x86)\Dropbox\Client\sip.pyd
2017-02-08 07:03 - 2017-02-07 10:20 - 01972536 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtGui.pyd
2017-02-08 07:03 - 2017-02-07 10:20 - 03928896 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWidgets.pyd
2017-02-08 07:03 - 2017-02-07 10:20 - 00531264 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtNetwork.pyd
2017-01-25 08:51 - 2017-02-07 10:20 - 00025432 _____ () C:\Program Files (x86)\Dropbox\Client\winscreenshot.compiled._CaptureScreenshot.pyd
2017-02-08 07:03 - 2017-02-07 10:20 - 00133432 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKit.pyd
2017-02-08 07:03 - 2017-02-07 10:20 - 00224064 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKitWidgets.pyd
2017-02-08 07:03 - 2017-02-07 10:20 - 00207680 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtPrintSupport.pyd
2017-01-25 08:51 - 2017-02-07 10:20 - 00021840 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.user32.compiled._winffi_user32.pyd
2017-01-25 08:51 - 2017-02-07 10:20 - 00022872 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.iphlpapi.compiled._winffi_iphlpapi.pyd
2017-01-25 08:51 - 2017-02-07 10:20 - 00021848 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winerror.compiled._winffi_winerror.pyd
2017-01-25 08:51 - 2017-02-07 10:20 - 00022872 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.wininet.compiled._winffi_wininet.pyd
2017-01-25 08:51 - 2017-01-14 05:27 - 00350152 _____ () C:\Program Files (x86)\Dropbox\Client\winxpgui.pyd
2017-02-08 07:03 - 2017-02-07 10:20 - 00103232 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWinExtras.pyd
2017-01-25 08:51 - 2017-02-07 10:20 - 00023896 _____ () C:\Program Files (x86)\Dropbox\Client\winverifysignature.compiled._VerifySignature.pyd
2017-02-08 07:03 - 2017-02-07 10:20 - 00025936 _____ () C:\Program Files (x86)\Dropbox\Client\librsyncffi.compiled._librsyncffi.pyd
2017-02-08 07:03 - 2017-01-14 05:21 - 00036296 _____ () C:\Program Files (x86)\Dropbox\Client\librsync.dll
2017-02-08 07:03 - 2017-02-07 10:20 - 00084288 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_sqlite_ext.DLL
2017-02-08 07:03 - 2017-01-14 05:32 - 00017864 _____ () C:\Program Files (x86)\Dropbox\Client\libEGL.dll
2017-02-08 07:03 - 2017-01-14 05:32 - 01631184 _____ () C:\Program Files (x86)\Dropbox\Client\libGLESv2.dll
2017-02-08 07:03 - 2017-02-07 10:20 - 00042816 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebChannel.pyd
2017-02-08 07:03 - 2017-02-07 10:20 - 00171336 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngineWidgets.pyd
2017-02-08 07:03 - 2017-02-07 10:20 - 00357688 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQml.pyd
2017-01-25 08:51 - 2017-01-14 05:27 - 00060880 _____ () C:\Program Files (x86)\Dropbox\Client\win32print.pyd
2017-01-25 08:51 - 2017-02-07 10:20 - 00026456 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winhttp.compiled._winffi_winhttp.pyd
2017-02-08 07:03 - 2017-02-07 10:20 - 00546104 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQuick.pyd
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2012-07-26 10:56 - 2017-02-16 10:17 - 00002048 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1       localhost
122.175.43.121 EHP7.TRAINING.COM127.0.0.1 3dns.adobe.com 3dns-1.adobe.com 3dns-2.adobe.com 3dns-3.adobe.com 3dns-4.adobe.com activate.adobe.com activate-sea.adobe.com activate-sjc0.adobe.com activate.wip.adobe.com
127.0.0.1 activate.wip1.adobe.com activate.wip2.adobe.com activate.wip3.adobe.com activate.wip4.adobe.com adobe-dns.adobe.com adobe-dns-1.adobe.com adobe-dns-2.adobe.com adobe-dns-3.adobe.com adobe-dns-4.adobe.com
127.0.0.1 adobeereg.com practivate.adobe practivate.adobe.com practivate.adobe.newoa practivate.adobe.ntp practivate.adobe.ipp ereg.adobe.com ereg.wip.adobe.com ereg.wip1.adobe.com
127.0.0.1 ereg.wip2.adobe.com ereg.wip3.adobe.com ereg.wip4.adobe.com hl2rcv.adobe.com wip.adobe.com wip1.adobe.com wip2.adobe.com wip3.adobe.com wip4.adobe.com
127.0.0.1 www.adobeereg.com wwis-dubc1-vip60.adobe.com www.wip.adobe.com www.wip1.adobe.com
127.0.0.1 www.wip2.adobe.com www.wip3.adobe.com www.wip4.adobe.com wwis-dubc1-vip60.adobe.com crl.verisign.net CRL.VERISIGN.NET ood.opsource.net
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-2476311930-3940443278-554749923-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Azeem\Desktop\__YFVGXjARQxbkPbLO6byS7i_u12jVb7AxSoVIZL_K4.png
DNS Servers: 192.168.31.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
HKLM\...\StartupApproved\StartupFolder: => "McAfee Security Scan Plus.lnk"
HKLM\...\StartupApproved\StartupFolder: => "vpngui.exe.lnk"
HKLM\...\StartupApproved\Run: => "TecoResident"
HKLM\...\StartupApproved\Run: => "TODDMain"
HKLM\...\StartupApproved\Run32: => "Adobe Reader Speed Launcher"
HKLM\...\StartupApproved\Run32: => "Adobe ARM"
HKLM\...\StartupApproved\Run32: => "Check Point Endpoint Security"
HKLM\...\StartupApproved\Run32: => "MiWiFi"
HKLM\...\StartupApproved\Run32: => "F5_SAM_Client"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "DriverPack Notifier"
HKU\S-1-5-21-2476311930-3940443278-554749923-1001\...\StartupApproved\StartupFolder: => "Alt-C.lnk"
HKU\S-1-5-21-2476311930-3940443278-554749923-1001\...\StartupApproved\Run: => "Messenger (Yahoo!)"
HKU\S-1-5-21-2476311930-3940443278-554749923-1001\...\StartupApproved\Run: => "Lync"
HKU\S-1-5-21-2476311930-3940443278-554749923-1001\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_0DAFDFF6BEFED6D753FA3AD5E1AA6291"
HKU\S-1-5-21-2476311930-3940443278-554749923-1001\...\StartupApproved\Run: => "Skype"
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{B67A9801-775F-4B22-9A6C-B585D9BD0825}] => (Allow) C:\Program Files\Intel Corporation\Intel WiDi\WiDiApp.exe
FirewallRules: [{07D8C63D-1132-4D07-8E09-1B958FE42F94}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{B4A41B18-7095-494E-96E4-929FF60F50DE}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{7CA5CB20-A567-4742-8F5D-6E2691328451}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{F29FB7E4-9201-49D9-8893-A9A966761F56}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{8D5CB6DB-5037-4B12-809F-56AB12DD3E73}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{4F2DC90E-84C3-4044-95F7-9938ADA45F87}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{68E3610B-A377-445C-8567-6F9EC44CD2D0}] => (Allow) C:\Program Files\RealVNC\VNC Server\vncserver.exe
FirewallRules: [{E956CAB7-8E3F-424C-A8A1-880E02564B81}] => (Allow) C:\Program Files\RealVNC\VNC Server\vncserver.exe
FirewallRules: [{0CA96650-9F23-4388-9683-4FF4D26FEB5F}] => (Allow) C:\Program Files (x86)\qBittorrent\qbittorrent.exe
FirewallRules: [{932EF75A-9591-4706-A67D-13650E87DBAE}] => (Allow) C:\Program Files (x86)\qBittorrent\qbittorrent.exe
FirewallRules: [{705AAB4B-9D99-4989-A127-CC347212E5C3}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [{371B6F00-923E-4FD5-A5AC-72EBEDB09E6C}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [{E457C32E-86DD-4809-A40F-1CDEB46126E1}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{624AF197-5BF2-4EAB-9F4C-E12E73CBFEA7}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe
FirewallRules: [{E78D42A1-0FFB-4FBC-8910-1E2DD45EDA17}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe
FirewallRules: [{3C697617-CD17-4686-92F0-ED0890DFDD55}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{0396D980-CFA2-42FC-9391-B6AD735983F9}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{66E6C4C8-BA25-4C73-B000-E60BF078F872}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{036ED2F1-A81B-46D8-9DE9-CDDC41F5D170}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{1F682BC5-188A-4F88-A7F2-7D21D0B3B29C}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe
FirewallRules: [{CA7FF435-BB6D-462F-93FF-248AE848CDC8}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe
FirewallRules: [{D1999CDC-7DA2-47CD-8697-C912D126626E}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{B787B8CD-96B0-41B5-BDF4-12E0143D13EA}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [TCP Query User{20A58D79-CF93-493D-8BC1-8D622B37F6DA}C:\program files (x86)\intel\intelappstore\bin\ismagent.exe] => (Allow) C:\program files (x86)\intel\intelappstore\bin\ismagent.exe
FirewallRules: [UDP Query User{008597DE-0E30-4358-92E8-2C9695E5D6D1}C:\program files (x86)\intel\intelappstore\bin\ismagent.exe] => (Allow) C:\program files (x86)\intel\intelappstore\bin\ismagent.exe
FirewallRules: [{734C22A0-BC25-4AD9-BA94-E59393872CCE}] => (Allow) C:\Program Files (x86)\CheckPoint\Endpoint Connect\TracSrvWrapper.exe
FirewallRules: [{2A84E9CE-0C08-4B36-9D93-0C67565E6676}] => (Allow) C:\Program Files (x86)\CheckPoint\Endpoint Connect\TrGUI.exe
FirewallRules: [TCP Query User{A3B7B03B-666D-4AA0-9005-94D4AE9CF6E2}C:\program files (x86)\intel\intelappstore\bin\ismagent.exe] => (Allow) C:\program files (x86)\intel\intelappstore\bin\ismagent.exe
FirewallRules: [UDP Query User{9EA54EF9-F2A3-4B34-A066-95017C58E2D8}C:\program files (x86)\intel\intelappstore\bin\ismagent.exe] => (Allow) C:\program files (x86)\intel\intelappstore\bin\ismagent.exe
FirewallRules: [{2CA0548F-3CE6-4DA5-89BC-ED3280BC62E3}] => (Allow) C:\Program Files (x86)\Lenovo\SHAREit\SHAREit.exe
FirewallRules: [{74232D79-BBA2-4DC8-8C14-74EE672240C3}] => (Allow) C:\Program Files (x86)\Lenovo\SHAREit\SHAREit.exe
FirewallRules: [TCP Query User{17EE408B-A93B-4FAB-AD3A-793F8D8E70DC}C:\users\azeem\downloads\pdfedit.exe] => (Allow) C:\users\azeem\downloads\pdfedit.exe
FirewallRules: [UDP Query User{341CDD76-18B0-46A7-987D-CC86EA3D8334}C:\users\azeem\downloads\pdfedit.exe] => (Allow) C:\users\azeem\downloads\pdfedit.exe
FirewallRules: [TCP Query User{20662931-0D0B-4A97-8448-EB1C2A1C6552}E:\it 2016\pdfedit.exe] => (Allow) E:\it 2016\pdfedit.exe
FirewallRules: [UDP Query User{6336C695-B2B2-4D30-8F28-453EFE0201EF}E:\it 2016\pdfedit.exe] => (Allow) E:\it 2016\pdfedit.exe
FirewallRules: [TCP Query User{CABF0D4F-2A23-4671-A46C-F8424C92E277}C:\users\azeem\appdata\local\skypeplugin\7.14.0.184\pluginhost.exe] => (Allow) C:\users\azeem\appdata\local\skypeplugin\7.14.0.184\pluginhost.exe
FirewallRules: [UDP Query User{C64850E1-2A83-4C2D-A5A1-437CCF59B7C0}C:\users\azeem\appdata\local\skypeplugin\7.14.0.184\pluginhost.exe] => (Allow) C:\users\azeem\appdata\local\skypeplugin\7.14.0.184\pluginhost.exe
FirewallRules: [{8DC35AF6-6067-4B25-9D96-620367307FE0}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{1A914338-AF88-4432-8995-5DD409BE2EEB}C:\program files (x86)\sap\frontend\sapgui\saplpd\saplpd.exe] => (Allow) C:\program files (x86)\sap\frontend\sapgui\saplpd\saplpd.exe
FirewallRules: [UDP Query User{FAE29B7B-6E8C-4E09-8B47-A42D477B71EC}C:\program files (x86)\sap\frontend\sapgui\saplpd\saplpd.exe] => (Allow) C:\program files (x86)\sap\frontend\sapgui\saplpd\saplpd.exe
FirewallRules: [TCP Query User{3125D95E-4156-499E-8ACD-7795729074FD}C:\resolver\properties\phantomjs.exe] => (Allow) C:\resolver\properties\phantomjs.exe
FirewallRules: [UDP Query User{FEFC425B-1D34-4482-9FCE-C428495D3C02}C:\resolver\properties\phantomjs.exe] => (Allow) C:\resolver\properties\phantomjs.exe
FirewallRules: [TCP Query User{5D5AA4F6-65AA-4D42-97FB-57A479BF6A2A}C:\resolver\properties\phantomjs.exe] => (Allow) C:\resolver\properties\phantomjs.exe
FirewallRules: [UDP Query User{089E2768-058E-479B-BDB6-F92F7AE2A0DD}C:\resolver\properties\phantomjs.exe] => (Allow) C:\resolver\properties\phantomjs.exe
FirewallRules: [TCP Query User{B74D5BE3-2CB1-4514-8789-F7BD112FD515}C:\users\azeem\appdata\local\skypeplugin\pluginhost.exe] => (Block) C:\users\azeem\appdata\local\skypeplugin\pluginhost.exe
FirewallRules: [UDP Query User{CCC2E67C-A2E7-44ED-B753-A705F50F13EA}C:\users\azeem\appdata\local\skypeplugin\pluginhost.exe] => (Block) C:\users\azeem\appdata\local\skypeplugin\pluginhost.exe
FirewallRules: [TCP Query User{5E0AF88F-9C19-4DDC-9424-D714C048BC72}C:\users\azeem\appdata\local\skypeplugin\pluginhost.exe] => (Block) C:\users\azeem\appdata\local\skypeplugin\pluginhost.exe
FirewallRules: [UDP Query User{DA9466AC-A071-4F9B-A633-440542C02173}C:\users\azeem\appdata\local\skypeplugin\pluginhost.exe] => (Block) C:\users\azeem\appdata\local\skypeplugin\pluginhost.exe
FirewallRules: [TCP Query User{FA416FE2-4E18-4FA6-A02D-FCA592B4E279}C:\users\azeem\desktop\it\it 2016\templates\pdfedit.exe] => (Allow) C:\users\azeem\desktop\it\it 2016\templates\pdfedit.exe
FirewallRules: [UDP Query User{5DF94E11-4862-46C6-BC15-605F69B4CCED}C:\users\azeem\desktop\it\it 2016\templates\pdfedit.exe] => (Allow) C:\users\azeem\desktop\it\it 2016\templates\pdfedit.exe
FirewallRules: [TCP Query User{49CBFB27-2095-4744-A6F0-ACC467DE8DA9}C:\program files (x86)\kodi\kodi.exe] => (Allow) C:\program files (x86)\kodi\kodi.exe
FirewallRules: [UDP Query User{08E9F24D-AD62-4D8E-BC96-8BC257AABE24}C:\program files (x86)\kodi\kodi.exe] => (Allow) C:\program files (x86)\kodi\kodi.exe
FirewallRules: [{55A85557-2508-47CA-9736-5B8EFFAA4CC6}] => (Allow) C:\Program Files (x86)\Opera\42.0.2393.517\opera.exe
FirewallRules: [{3FF44C9C-1A4E-4B1F-AC68-2BD9ED91B3E3}] => (Allow) C:\Program Files (x86)\Google\Chrome Remote Desktop\56.0.2924.51\remoting_host.exe
FirewallRules: [{CA5C0FBD-2A53-40A2-BBBC-11F3B6F96914}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{2469842A-998A-45D2-AD0F-4896DAB280B0}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
FirewallRules: [{2E9CC70E-9CD8-44AD-B16B-FC9C72DB4951}] => (Allow) C:\Program Files (x86)\Opera\43.0.2442.806\opera.exe
FirewallRules: [{E853E6F0-E5BA-4C5F-B1BA-C6DA66B98A74}] => (Allow) C:\Program Files (x86)\GlassWire\GWCtlSrv.exe
FirewallRules: [{A3D6AC7A-95CC-4125-BFF6-6BC8070D23B0}] => (Allow) C:\Program Files (x86)\GlassWire\GWCtlSrv.exe
==================== Restore Points =========================
16-02-2017 11:35:33 Installed Adobe LiveCycle Designer ES2.
==================== Faulty Device Manager Devices =============
Name: Cisco Systems VPN Adapter for 64-bit Windows
Description: Cisco Systems VPN Adapter for 64-bit Windows
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: CVirtA
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Event log errors: =========================
Application errors:
==================
Error: (02/21/2017 08:04:52 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.
Error: (02/21/2017 08:04:52 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.
Error: (02/20/2017 11:56:54 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.
Error: (02/20/2017 11:56:54 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.
Error: (02/20/2017 10:54:21 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.
Error: (02/20/2017 10:54:21 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.
Error: (02/20/2017 10:49:03 PM) (Source: DbxSvc) (EventID: 320) (User: )
Description: Failed to connect to the driver: (-2147024894) The system cannot find the file specified.
Error: (02/20/2017 12:52:06 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.
Error: (02/20/2017 12:52:06 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.
Error: (02/20/2017 12:46:13 PM) (Source: DbxSvc) (EventID: 320) (User: )
Description: Failed to connect to the driver: (-2147024894) The system cannot find the file specified.
System errors:
=============
Error: (02/21/2017 08:50:51 AM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 4
Error: (02/20/2017 11:45:57 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 4
Error: (02/20/2017 10:48:19 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.
Module Path: C:\WINDOWS\System32\IWMSSvc.dll
Error: (02/20/2017 10:48:19 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.
Module Path: C:\WINDOWS\System32\IWMSSvc.dll
Error: (02/20/2017 10:48:19 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.
Module Path: C:\WINDOWS\System32\IWMSSvc.dll
Error: (02/20/2017 10:47:01 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error: 
An instance of the service is already running.
Error: (02/20/2017 10:46:31 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The TMachInfo service terminated unexpectedly.  It has done this 1 time(s).
Error: (02/20/2017 10:46:31 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The TPCH Service service terminated unexpectedly.  It has done this 1 time(s).
Error: (02/20/2017 10:46:31 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Media Player Network Sharing Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
Error: (02/20/2017 10:46:31 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel® Management and Security Application User Notification Service service terminated unexpectedly.  It has done this 1 time(s).
==================== Memory info =========================== 
Processor: Intel® Core™ i5-3317U CPU @ 1.70GHz
Percentage of memory in use: 38%
Total physical RAM: 8086.14 MB
Available physical RAM: 4947.89 MB
Total Virtual: 9302.14 MB
Available Virtual: 6118.86 MB
==================== Drives ================================
Drive c: (TI80130700G) (Fixed) (Total:99.83 GB) (Free:30.74 GB) NTFS
Drive d: (My Passport) (Fixed) (Total:931.48 GB) (Free:796.81 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 119.2 GB) (Disk ID: 00000000)
Partition: GPT.
========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 931.5 GB) (Disk ID: 6C35EE3D)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)
==================== End of Addition.txt ============================
 


BC AdBot (Login to Remove)

 


#2 azeemq

azeemq
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:09 AM

Posted 21 February 2017 - 06:12 AM

Sorry how to attach files here so here is the rest of the scan:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 19-02-2017
Ran by Azeem (administrator) on A (21-02-2017 16:10:17)
Running from C:\Users\Azeem\Downloads
Loaded Profiles: Azeem (Available Profiles: Azeem)
Platform: Windows 8 (X64) Language: English (United States)
Internet Explorer Version 10 (Default browser: Chrome)
Boot Mode: Normal
==================== Processes (All) =========================
(Microsoft Corporation) C:\Windows\System32\smss.exe
(Microsoft Corporation) C:\Windows\System32\csrss.exe
(Microsoft Corporation) C:\Windows\System32\wininit.exe
(Microsoft Corporation) C:\Windows\System32\services.exe
(Microsoft Corporation) C:\Windows\System32\lsass.exe
(Microsoft Corporation) C:\Windows\System32\svchost.exe
(Microsoft Corporation) C:\Windows\System32\svchost.exe
(Microsoft Corporation) C:\Windows\System32\svchost.exe
(Microsoft Corporation) C:\Windows\System32\svchost.exe
(Microsoft Corporation) C:\Windows\System32\svchost.exe
(Microsoft Corporation) C:\Windows\System32\svchost.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE64.EXE
(Microsoft Corporation) C:\Windows\System32\svchost.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Corporation) C:\Windows\System32\conhost.exe
(Microsoft Corporation) C:\Windows\System32\spoolsv.exe
(Microsoft Corporation) C:\Windows\System32\svchost.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
() C:\Windows\SysWOW64\ChgService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome Remote Desktop\56.0.2924.51\remoting_host.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome Remote Desktop\56.0.2924.51\remoting_host.exe
(Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(F5 Networks, Inc.) C:\Windows\SysWOW64\F5InstallerService.exe
(F5 Networks, Inc.) C:\Windows\SysWOW64\F5FltSrv.exe
(F5 Networks, Inc.) C:\Windows\SysWOW64\F5TrafficSrv.exe
(SecureMix LLC) C:\Program Files (x86)\GlassWire\GWCtlSrv.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Windows\SysWOW64\irstrtsv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\NAT.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Microsoft Corporation) C:\Windows\System32\svchost.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\TabletUtilities\TOSSWKBS.exe
(Check Point Software Technologies) C:\Program Files (x86)\CheckPoint\Endpoint Connect\TracSrvWrapper.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Teco\TecoService.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WmiPrvSE.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WmiPrvSE.exe
(Microsoft Corporation) C:\Windows\System32\svchost.exe
(Microsoft Corporation) C:\Windows\System32\WUDFHost.exe
(Microsoft Corporation) C:\Windows\System32\svchost.exe
(Microsoft Corporation) C:\Windows\System32\SearchIndexer.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnetwk.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
(Microsoft Corporation) C:\Windows\System32\taskhost.exe
(Microsoft Corporation) C:\Windows\System32\csrss.exe
(Microsoft Corporation) C:\Windows\System32\winlogon.exe
(Microsoft Corporation) C:\Windows\System32\LogonUI.exe
(Microsoft Corporation) C:\Windows\System32\dwm.exe
(Microsoft Corporation) C:\Windows\System32\csrss.exe
(Microsoft Corporation) C:\Windows\System32\winlogon.exe
(Microsoft Corporation) C:\Windows\System32\dwm.exe
(Microsoft Corporation) C:\Windows\System32\WUDFHost.exe
(Microsoft Corporation) C:\Windows\System32\taskhostex.exe
(Microsoft Corporation) C:\Windows\System32\taskhost.exe
(Microsoft Corporation) C:\Windows\explorer.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\NAT.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\LiveComm.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\System32\RuntimeBroker.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(SRS Labs, Inc.) C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe
() C:\Program Files\TOSHIBA\Hotkey\Hotkey\TCrdKBB.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
() C:\Program Files (x86)\Airtel 4G\Main\LaunchAssistant.exe
(Greenshot) C:\Program Files\Greenshot\Greenshot.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Flux Software LLC) C:\Users\Azeem\AppData\Local\FluxSoftware\Flux\flux.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Toshiba Corporation) C:\Program Files (x86)\TOSHIBA\TabletUtilities\toswndctlman.exe
(Intel Corporation) C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(SecureMix LLC) C:\Program Files (x86)\GlassWire\GWIdlMon.exe
(Microsoft Corporation) C:\Windows\System32\conhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\mmc.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\audiodg.exe
(Microsoft Corporation) C:\Windows\System32\SearchProtocolHost.exe
(Microsoft Corporation) C:\Windows\System32\SearchFilterHost.exe
(Farbar) C:\Users\Azeem\Downloads\FRST64.exe
==================== Registry (All) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12936848 2012-08-02] (Realtek Semiconductor)
HKLM\...\Run: [SRS Premium Sound 3D] => C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe [2170784 2012-07-28] (SRS Labs, Inc.)
HKLM\...\Run: [TecoResident] => C:\Program Files\TOSHIBA\Teco\TecoResident.exe [169896 2012-08-14] (TOSHIBA Corporation)
HKLM\...\Run: [TOSDCR] => C:\Program Files\TOSHIBA\PasswordUtility\TOSDCR.exe [169296 2007-08-28] ()
HKLM\...\Run: [TSleepSrv] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe [1500240 2013-04-16] (TOSHIBA)
HKLM\...\Run: [TODDMain] => C:\Program Files (x86)\TOSHIBA\System Setting\TODDMain.exe [213136 2012-08-05] ()
HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe [2608040 2012-08-14] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [356776 2012-07-12] (TOSHIBA Corporation)
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [161728 2015-08-09] (IvoSoft)
HKLM\...\Run: [Airtel 4G] => C:\Program Files (x86)\Airtel 4G\Main\LaunchAssistant.exe [319488 2016-05-16] ()
HKLM\...\Run: [Greenshot] => C:\Program Files\Greenshot\Greenshot.exe [552368 2016-12-30] (Greenshot)
HKLM\...\Run: [IgfxTray] => C:\windows\system32\igfxtray.exe [170304 2012-08-08] (Intel Corporation)
HKLM\...\Run: [HotKeysCmds] => C:\windows\system32\hkcmd.exe [398656 2012-08-08] (Intel Corporation)
HKLM\...\Run: [Persistence] => C:\windows\system32\igfxpers.exe [440640 2012-08-08] (Intel Corporation)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2780112 2017-01-20] (Malwarebytes)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [40336 2015-09-24] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [TOSDCR] => %ProgramFiles%\TOSHIBA\PasswordUtility\TOSDCR.exe
HKLM-x32\...\Run: [Toswndctl] => C:\Program Files (x86)\TOSHIBA\TabletUtilities\toswndctlrun.exe [66464 2012-08-09] (Toshiba Corporation)
HKLM-x32\...\Run: [Intel AppUp(SM) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-07-27] (Intel Corporation)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [Check Point Endpoint Security] => C:\Program Files (x86)\CheckPoint\Endpoint Connect\TrGUI.exe [801968 2011-09-14] (Check Point Software Technologies)
HKLM-x32\...\Run: [F5_SAM_Client] => C:\Program Files (x86)\F5 VPN\f5fpclientW.exe [4276752 2015-09-18] (F5 Networks, Inc.)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [26220296 2017-02-07] (Dropbox, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-12-12] (Oracle Corporation)
HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe, [25088 2012-07-26] (Microsoft Corporation)
HKLM-x32\...\Winlogon: [Userinit] C:\Windows\sysWOW64\userinit.exe [21504 2012-07-26] (Microsoft Corporation)
HKLM\...\Winlogon: [Shell] explorer.exe [2391280 2013-06-01] (Microsoft Corporation)
HKLM-x32\...\Winlogon: [Shell] explorer.exe [2106176 2013-06-01] (Microsoft Corporation)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [ForceActiveDesktopOn] 0
HKLM\...\Policies\Explorer: [NoActiveDesktopChanges] 1
HKLM\...\Policies\Explorer: [NoActiveDesktop] 1
HKU\S-1-5-21-2476311930-3940443278-554749923-1001\...\Run: [Lync] => C:\Program Files (x86)\Microsoft Office\Office15\lync.exe [24168656 2016-12-13] (Microsoft Corporation)
HKU\S-1-5-21-2476311930-3940443278-554749923-1001\...\Run: [f.lux] => C:\Users\Azeem\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-24] (Flux Software LLC)
HKU\S-1-5-21-2476311930-3940443278-554749923-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27021952 2016-10-17] (Skype Technologies S.A.)
HKU\S-1-5-21-2476311930-3940443278-554749923-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9363672 2017-02-08] (Piriform Ltd)
HKU\S-1-5-21-2476311930-3940443278-554749923-1001\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [405504 2012-07-26] (Microsoft Corporation)
HKU\S-1-5-21-2476311930-3940443278-554749923-1001\...\MountPoints2: {66e72138-b716-11e6-bee4-ebc1c7cf2493} - "D:\AutoRun.exe" 
HKU\S-1-5-21-2476311930-3940443278-554749923-1001\...\MountPoints2: {66e72145-b716-11e6-bee4-ebc1c7cf2493} - "D:\.\Airtel_4G.exe" 
HKU\S-1-5-21-2476311930-3940443278-554749923-1001\...\MountPoints2: {6fcbe678-b5cc-11e6-bee2-a001f90ae135} - "D:\OnePlus_setup.exe" /s
HKU\S-1-5-21-2476311930-3940443278-554749923-1001\...\MountPoints2: {948fc74a-958e-11e5-be77-68172981ebe1} - "D:\OnePlus_setup.exe" /s
HKLM\...\Providers\Internet Print Provider: C:\WINDOWS\system32\inetpp.dll [159232 2013-01-10] (Microsoft Corporation)
HKLM\...\Providers\LanMan Print Services: C:\WINDOWS\system32\win32spl.dll [733184 2014-11-05] (Microsoft Corporation)
Lsa: [Authentication Packages] msv1_0
Lsa: [Notification Packages] scecli
SecurityProviders: credssp.dll
SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} -  No File
SSODL-x32: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} -  No File
ShellExecuteHooks-x32: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2217832 2009-02-26] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2016-11-15] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2016-11-15] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2016-11-15] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [EnhancedStorageShell] -> {D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D} => C:\Windows\System32\EhStorShell.dll [2012-07-26] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 1 (GFS Unread Stub)] -> {99FD978C-D287-4F50-827F-B2C658EDA8E7} => C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 2 (GFS Stub)] -> {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} => C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)] -> {920E6DB1-9907-4370-B3A0-BAFC03D81399} => C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 3 (GFS Folder)] -> {16F3DD56-1AF5-4347-846D-7C10C4192619} => C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 4 (GFS Unread Mark)] -> {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} => C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
Startup: C:\Users\Azeem\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Alt-C.lnk [2016-08-02]
ShortcutTarget: Alt-C.lnk -> C:\Program Files (x86)\Alt-C\AltC.exe (Can O' Baked Beans Creations)
BootExecute: autocheck autochk * 
AlternateShell: cmd.exe
==================== Internet (All) ===========================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
AutoConfigURL: [S-1-5-21-2476311930-3940443278-554749923-1001] => hxxp://notstop.biz/wpad.dat?5001c4a6092f9b836b9303764bb8fe8625523743
Winsock: Catalog5 01 C:\WINDOWS\SysWOW64\napinsp.dll [52224 2012-07-26] (Microsoft Corporation)
Winsock: Catalog5 02 C:\WINDOWS\SysWOW64\pnrpnsp.dll [67584 2012-07-26] (Microsoft Corporation)
Winsock: Catalog5 03 C:\WINDOWS\SysWOW64\pnrpnsp.dll [67584 2012-07-26] (Microsoft Corporation)
Winsock: Catalog5 04 C:\WINDOWS\SysWOW64\NLAapi.dll [55296 2014-12-06] (Microsoft Corporation)
Winsock: Catalog5 05 C:\WINDOWS\SysWOW64\mswsock.dll [289280 2012-10-11] (Microsoft Corporation)
Winsock: Catalog5 06 C:\WINDOWS\SysWOW64\winrnr.dll [21504 2012-07-26] (Microsoft Corporation)
Winsock: Catalog5 07 C:\WINDOWS\SysWOW64\wshbth.dll [50688 2012-07-26] (Microsoft Corporation)
Winsock: Catalog9 01 C:\WINDOWS\SysWOW64\mswsock.dll [289280 2012-10-11] (Microsoft Corporation)
Winsock: Catalog9 02 C:\WINDOWS\SysWOW64\mswsock.dll [289280 2012-10-11] (Microsoft Corporation)
Winsock: Catalog9 03 C:\WINDOWS\SysWOW64\mswsock.dll [289280 2012-10-11] (Microsoft Corporation)
Winsock: Catalog9 04 C:\WINDOWS\SysWOW64\mswsock.dll [289280 2012-10-11] (Microsoft Corporation)
Winsock: Catalog9 05 C:\WINDOWS\SysWOW64\mswsock.dll [289280 2012-10-11] (Microsoft Corporation)
Winsock: Catalog9 06 C:\WINDOWS\SysWOW64\mswsock.dll [289280 2012-10-11] (Microsoft Corporation)
Winsock: Catalog9 07 C:\WINDOWS\SysWOW64\mswsock.dll [289280 2012-10-11] (Microsoft Corporation)
Winsock: Catalog9 08 C:\WINDOWS\SysWOW64\mswsock.dll [289280 2012-10-11] (Microsoft Corporation)
Winsock: Catalog9 09 C:\WINDOWS\SysWOW64\mswsock.dll [289280 2012-10-11] (Microsoft Corporation)
Winsock: Catalog9 10 C:\WINDOWS\SysWOW64\mswsock.dll [289280 2012-10-11] (Microsoft Corporation)
Winsock: Catalog9 11 C:\WINDOWS\SysWOW64\mswsock.dll [289280 2012-10-11] (Microsoft Corporation)
Winsock: Catalog5-x64 01 C:\Windows\system32\napinsp.dll [66560 2012-07-26] (Microsoft Corporation)
Winsock: Catalog5-x64 02 C:\Windows\system32\pnrpnsp.dll [85504 2012-07-26] (Microsoft Corporation)
Winsock: Catalog5-x64 03 C:\Windows\system32\pnrpnsp.dll [85504 2012-07-26] (Microsoft Corporation)
Winsock: Catalog5-x64 04 C:\Windows\system32\NLAapi.dll [72192 2014-12-06] (Microsoft Corporation)
Winsock: Catalog5-x64 05 C:\Windows\System32\mswsock.dll [355328 2012-10-11] (Microsoft Corporation)
Winsock: Catalog5-x64 06 C:\Windows\System32\winrnr.dll [53760 2012-07-26] (Microsoft Corporation)
Winsock: Catalog5-x64 07 C:\Windows\system32\wshbth.dll [64000 2012-07-26] (Microsoft Corporation)
Winsock: Catalog9-x64 01 C:\Windows\system32\mswsock.dll [355328 2012-10-11] (Microsoft Corporation)
Winsock: Catalog9-x64 02 C:\Windows\system32\mswsock.dll [355328 2012-10-11] (Microsoft Corporation)
Winsock: Catalog9-x64 03 C:\Windows\system32\mswsock.dll [355328 2012-10-11] (Microsoft Corporation)
Winsock: Catalog9-x64 04 C:\Windows\system32\mswsock.dll [355328 2012-10-11] (Microsoft Corporation)
Winsock: Catalog9-x64 05 C:\Windows\system32\mswsock.dll [355328 2012-10-11] (Microsoft Corporation)
Winsock: Catalog9-x64 06 C:\Windows\system32\mswsock.dll [355328 2012-10-11] (Microsoft Corporation)
Winsock: Catalog9-x64 07 C:\Windows\system32\mswsock.dll [355328 2012-10-11] (Microsoft Corporation)
Winsock: Catalog9-x64 08 C:\Windows\system32\mswsock.dll [355328 2012-10-11] (Microsoft Corporation)
Winsock: Catalog9-x64 09 C:\Windows\system32\mswsock.dll [355328 2012-10-11] (Microsoft Corporation)
Winsock: Catalog9-x64 10 C:\Windows\system32\mswsock.dll [355328 2012-10-11] (Microsoft Corporation)
Winsock: Catalog9-x64 11 C:\Windows\system32\mswsock.dll [355328 2012-10-11] (Microsoft Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.31.1
Tcpip\..\Interfaces\{9BD8941A-19EA-4868-B531-0ADB23594968}: [DhcpNameServer] 192.168.31.1
ManualProxies: 0hxxp://notstop.biz/wpad.dat?5001c4a6092f9b836b9303764bb8fe8625523743
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/p/?LinkId=255141
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/p/?LinkId=255141
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/p/?LinkId=255141
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/p/?LinkId=255141
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
HKU\S-1-5-21-2476311930-3940443278-554749923-1001\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
HKU\S-1-5-21-2476311930-3940443278-554749923-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
HKU\S-1-5-21-2476311930-3940443278-554749923-1001\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKU\S-1-5-21-2476311930-3940443278-554749923-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://toshiba13.msn.com
URLSearchHook: HKU\S-1-5-21-2476311930-3940443278-554749923-1001 - Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)
URLSearchHook: HKU\S-1-5-21-2476311930-3940443278-554749923-1001 - Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
SearchScopes: HKLM -> DefaultScope {F4ED0519-C584-4DDA-BE93-FA0B93D040F6} URL = 
SearchScopes: HKLM -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MATPJS
SearchScopes: HKLM -> {3EA656F4-E8E5-4E8F-8DF0-B7B82299939F} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MATPJS
SearchScopes: HKLM-x32 -> DefaultScope {F4ED0519-C584-4DDA-BE93-FA0B93D040F6} URL = 
SearchScopes: HKLM-x32 -> {3EA656F4-E8E5-4E8F-8DF0-B7B82299939F} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MATPJS
SearchScopes: HKU\S-1-5-21-2476311930-3940443278-554749923-1001 -> DefaultScope {F4ED0519-C584-4DDA-BE93-FA0B93D040F6} URL = 
SearchScopes: HKU\S-1-5-21-2476311930-3940443278-554749923-1001 -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MATPJS
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2016-12-13] (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_121\bin\ssv.dll [2017-02-15] (Oracle Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2016-11-15] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-02-15] (Oracle Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2016-12-13] (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
DPF: HKLM-x32 {00627E89-A19D-4A2B-938B-059CB7B1B493} file://C:/Program Files (x86)/F5 VPN/F5_TMP/f5certchk.cab
DPF: HKLM-x32 {2A0B9B82-D5C8-4D3D-8338-AD55B23662B1} file://C:/Program Files (x86)/F5 VPN/F5_TMP/cachecleaner.cab
DPF: HKLM-x32 {2BCDB465-81F9-41CB-832C-8037A4064446} file://C:/Program Files (x86)/F5 VPN/F5_TMP/urxvpn.cab
DPF: HKLM-x32 {2c8ffa64-e3f7-49ae-87c2-49018fde3aea} file://C:/Program Files (x86)/F5 VPN/F5_TMP/OesisInspector.cab
DPF: HKLM-x32 {41EF3CD2-D8CC-4438-84B1-280BB4E77C8E} file://C:/Program Files (x86)/F5 VPN/F5_TMP/f5tunsrv.cab
DPF: HKLM-x32 {45B69029-F3AB-4204-92DE-D5140C3E8E74} file://C:/Program Files (x86)/F5 VPN/F5_TMP/InstallerControl.cab
DPF: HKLM-x32 {57C76689-F052-487B-A19F-855AFDDF28EE} file://C:/Program Files (x86)/F5 VPN/F5_TMP/f5InspectionHost.cab 
DPF: HKLM-x32 {7E73BE8F-FD87-44EC-8E22-023D5FF960FF} file://C:/Program Files (x86)/F5 VPN/F5_TMP/vdeskctrl.cab
DPF: HKLM-x32 {8F6AFB67-F834-4227-94A7-A51377E0678E} file://C:/Program Files (x86)/F5 VPN/F5_TMP/f5GroupPolicyAgent.cab
DPF: HKLM-x32 {CC85ACDF-B277-486F-8C70-2C9B2ED2A4E7} file://C:/Program Files (x86)/F5 VPN/F5_TMP/urxshost.cab
DPF: HKLM-x32 {E0FF21FA-B857-45C5-8621-F120A0C17FF2} file://C:/Program Files (x86)/F5 VPN/F5_TMP/urxhost.cab
DPF: HKLM-x32 {E615C9EA-AD69-4AE9-83C9-9D906A0ACA6D} file://C:/Program Files (x86)/F5 VPN/F5_TMP/f5syschk.cab
Handler: about - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll [2015-12-15] (Microsoft Corporation)
Handler-x32: about - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll [2015-12-15] (Microsoft Corporation)
Handler: cdl - {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\System32\urlmon.dll [2015-12-15] (Microsoft Corporation)
Handler-x32: cdl - {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysWOW64\urlmon.dll [2015-12-15] (Microsoft Corporation)
Handler: dvd - {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\System32\msvidctl.dll [2012-07-26] (Microsoft Corporation)
Handler-x32: dvd - {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysWOW64\msvidctl.dll [2012-07-26] (Microsoft Corporation)
Handler: file - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll [2015-12-15] (Microsoft Corporation)
Handler-x32: file - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll [2015-12-15] (Microsoft Corporation)
Handler: ftp - {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll [2015-12-15] (Microsoft Corporation)
Handler-x32: ftp - {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll [2015-12-15] (Microsoft Corporation)
Handler-x32: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll [2009-02-26] (Microsoft Corporation)
Handler: http - {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll [2015-12-15] (Microsoft Corporation)
Handler-x32: http - {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll [2015-12-15] (Microsoft Corporation)
Handler: https - {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll [2015-12-15] (Microsoft Corporation)
Handler-x32: https - {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll [2015-12-15] (Microsoft Corporation)
Handler: its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll [2012-07-26] (Microsoft Corporation)
Handler-x32: its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll [2012-07-26] (Microsoft Corporation)
Handler: javascript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll [2015-12-15] (Microsoft Corporation)
Handler-x32: javascript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll [2015-12-15] (Microsoft Corporation)
Handler: local - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll [2015-12-15] (Microsoft Corporation)
Handler-x32: local - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll [2015-12-15] (Microsoft Corporation)
Handler: mailto - {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll [2015-12-15] (Microsoft Corporation)
Handler-x32: mailto - {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll [2015-12-15] (Microsoft Corporation)
Handler: mhtml - {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\System32\inetcomm.dll [2015-12-15] (Microsoft Corporation)
Handler-x32: mhtml - {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysWOW64\inetcomm.dll [2015-12-15] (Microsoft Corporation)
Handler: mk - {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll [2015-12-15] (Microsoft Corporation)
Handler-x32: mk - {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll [2015-12-15] (Microsoft Corporation)
Handler-x32: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files (x86)\Common Files\Microsoft Shared\Help\hxds.dll [2012-10-01] (Microsoft Corporation)
Handler: ms-its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll [2012-07-26] (Microsoft Corporation)
Handler-x32: ms-its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll [2012-07-26] (Microsoft Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL [2016-05-17] (Microsoft Corporation)
Handler: res - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll [2015-12-15] (Microsoft Corporation)
Handler-x32: res - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll [2015-12-15] (Microsoft Corporation)
Handler-x32: saphtmlp - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\program files (x86)\sap\frontend\sapgui\saphtmlp.dll [2012-06-20] (SAP, Walldorf)
Handler-x32: sapr3 - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\program files (x86)\sap\frontend\sapgui\saphtmlp.dll [2012-06-20] (SAP, Walldorf)
Handler: tv - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\System32\msvidctl.dll [2012-07-26] (Microsoft Corporation)
Handler-x32: tv - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysWOW64\msvidctl.dll [2012-07-26] (Microsoft Corporation)
Handler: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll [2015-12-15] (Microsoft Corporation)
Handler-x32: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll [2015-12-15] (Microsoft Corporation)
Filter: application/octet-stream - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll [2012-06-03] (Microsoft Corporation)
Filter-x32: application/octet-stream - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWOW64\mscoree.dll [2012-06-03] (Microsoft Corporation)
Filter: application/x-complus - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll [2012-06-03] (Microsoft Corporation)
Filter-x32: application/x-complus - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWOW64\mscoree.dll [2012-06-03] (Microsoft Corporation)
Filter: application/x-msdownload - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll [2012-06-03] (Microsoft Corporation)
Filter-x32: application/x-msdownload - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWOW64\mscoree.dll [2012-06-03] (Microsoft Corporation)
Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL [2014-01-22] (Microsoft Corporation)
Filter-x32: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL [2014-01-23] (Microsoft Corporation)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
FireFox:
========
FF ProfilePath: C:\Users\Azeem\AppData\Roaming\Mozilla\Firefox\Profiles\4a4omi90.default-1477385493032 [2017-02-21]
FF Extension: (Firefox Hotfix) - C:\Users\Azeem\AppData\Roaming\Mozilla\Firefox\Profiles\4a4omi90.default-1477385493032\Extensions\firefox-hotfix@mozilla.org.xpi [2016-10-25]
FF Extension: (Firefox Hello) - C:\Users\Azeem\AppData\Roaming\Mozilla\Firefox\Profiles\4a4omi90.default-1477385493032\features\{55367445-7078-454e-b264-6327b5fe6835}\loop@mozilla.org.xpi [2016-10-25]
FF Extension: (Youtube Unblocker Remediation) - C:\Users\Azeem\AppData\Roaming\Mozilla\Firefox\Profiles\4a4omi90.default-1477385493032\features\{55367445-7078-454e-b264-6327b5fe6835}\malware-remediation@mozilla.org.xpi [2016-10-25]
FF Extension: (Default) - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi [2016-03-28] [not signed]
FF Extension: (Firefox Hello Beta) - C:\Program Files (x86)\Mozilla Firefox\browser\features\loop@mozilla.org.xpi [2016-03-28] [not signed]
FF HKLM-x32\...\Mozilla Firefox 45.0.1\Extensions: [Components] - C:\Program Files (x86)\Mozilla Firefox\components => not found
FF HKLM-x32\...\Mozilla Firefox 45.0.1\Extensions: [Plugins] - C:\Program Files (x86)\Mozilla Firefox\plugins
FF Extension: (No Name) - C:\Program Files (x86)\Mozilla Firefox\plugins [2016-08-10] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_19_0_0_185.dll [2015-10-12] ()
FF Plugin: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-02-15] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-02-15] (Oracle Corporation)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_185.dll [2015-10-12] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-07] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-07] (Intel Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-07-19] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin-x32: @mozilla.zeniko.ch/PDFlite_Browser_Plugin -> C:\Program Files (x86)\PDFlite\npPdfViewer.dll [2014-02-26] (Simon Bünzli)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-19] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-19] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-09-24] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2476311930-3940443278-554749923-1001: SkypePlugin -> C:\Users\Azeem\AppData\Local\SkypePlugin\7.31.0.56\npGatewayNpapi.dll [2017-02-03] (Skype Technologies S.A.)
FF Plugin HKU\S-1-5-21-2476311930-3940443278-554749923-1001: SkypePlugin64 -> C:\Users\Azeem\AppData\Local\SkypePlugin\7.31.0.56\npGatewayNpapi-x64.dll [2017-02-03] (Skype Technologies S.A.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2016-07-19] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-09-24] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Azeem\AppData\Roaming\mozilla\plugins\npatgpc.dll [2016-02-17] (Cisco WebEx LLC)
StartMenuInternet: FIREFOX.EXE - "C:\Program Files (x86)\Mozilla Firefox\firefox.exe"
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\defaults\pref\channel-prefs.js [2015-10-30]
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxps://mail.google.com/mail/u/0/"
CHR DefaultSearchKeyword: Default -> gml
CHR Profile: C:\Users\Azeem\AppData\Local\Google\Chrome\User Data\Backup Default [2017-02-20]
CHR Extension: (Reddit Enhancement Suite) - C:\Users\Azeem\AppData\Local\Google\Chrome\User Data\Backup Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb [2016-07-06]
CHR Extension: (Momentum) - C:\Users\Azeem\AppData\Local\Google\Chrome\User Data\Backup Default\Extensions\laookkfknpbbblfpciffpaejjkokdgca [2016-07-06]
CHR Profile: C:\Users\Azeem\AppData\Local\Google\Chrome\User Data\Default [2017-02-21]
CHR Extension: (Google Slides) - C:\Users\Azeem\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-07-06]
CHR Extension: (Magic Actions for YouTube™) - C:\Users\Azeem\AppData\Local\Google\Chrome\User Data\Default\Extensions\abjcfabbhafbcdfjoecdgepllmpfceif [2017-02-14]
CHR Extension: (Radio) - C:\Users\Azeem\AppData\Local\Google\Chrome\User Data\Default\Extensions\agljkoinmcdnopnlbhhjibjiablccgoh [2016-07-06]
CHR Extension: (BIODIGITAL HUMAN) - C:\Users\Azeem\AppData\Local\Google\Chrome\User Data\Default\Extensions\agoenciogemlojlhccbcpcfflicgnaak [2016-07-06]
CHR Extension: (Google Docs) - C:\Users\Azeem\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-07-06]
CHR Extension: (Google Drive) - C:\Users\Azeem\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-07-06]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Azeem\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2016-07-06]
CHR Extension: (HoverReader) - C:\Users\Azeem\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgchppjofckmmlfpegeinpegcjmejnlk [2016-07-06]
CHR Extension: (NiftySplit) - C:\Users\Azeem\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkmjnlfillpnkgmjnhgklpjjlpjnfeil [2016-07-06]
CHR Extension: (Tab Resize - split screen layouts) - C:\Users\Azeem\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkpenclhmiealbebdopglffmfdiilejc [2016-07-06]
CHR Extension: (Skype Calling) - C:\Users\Azeem\AppData\Local\Google\Chrome\User Data\Default\Extensions\blakpkgjpemejpbmfiglncklihnhjkij [2016-07-06]
CHR Extension: (YouTube) - C:\Users\Azeem\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-07-06]
CHR Extension: (SysInfo) - C:\Users\Azeem\AppData\Local\Google\Chrome\User Data\Default\Extensions\cbflinmmjjkdnojoeignjbclkjhijdei [2016-07-06]
CHR Extension: (Adblock Plus) - C:\Users\Azeem\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-10-27]
CHR Extension: (OneTab) - C:\Users\Azeem\AppData\Local\Google\Chrome\User Data\Default\Extensions\chphlpgkkbolifaimnlloiipkdnihall [2017-02-20]
CHR Extension: (uBlock Origin) - C:\Users\Azeem\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2017-02-09]
CHR Extension: (Vote Detective) - C:\Users\Azeem\AppData\Local\Google\Chrome\User Data\Default\Extensions\clgcajodlpbennaccfnccmgplkhpioko [2016-07-06]
CHR Extension: (wasavi) - C:\Users\Azeem\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgogifpkoilgiofhhhodbodcfgomelhe [2017-02-13]
CHR Extension: (Tampermonkey) - C:\Users\Azeem\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2017-01-02]
CHR Extension: (Gmelius for Gmail) - C:\Users\Azeem\AppData\Local\Google\Chrome\User Data\Default\Extensions\dheionainndbbpoacpnopgmnihkcmnkl [2016-12-19]
CHR Extension: (Lucidchart Diagrams - Desktop) - C:\Users\Azeem\AppData\Local\Google\Chrome\User Data\Default\Extensions\djejicklhojeokkfmdelnempiecmdomj [2017-02-17]
CHR Extension: (Secure Profile) - C:\Users\Azeem\AppData\Local\Google\Chrome\User Data\Default\Extensions\eddeeogaiodnhfkingpegpmhpdiifbgh [2016-07-06]
CHR Extension: (Tabs Outliner) - C:\Users\Azeem\AppData\Local\Google\Chrome\User Data\Default\Extensions\eggkanocgddhmamlbiijnphhppkpkmkl [2016-07-06]
CHR Extension: (Alarm) - C:\Users\Azeem\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdjkdjnaajdmnminlhhhcicfnokdhjfg [2016-07-06]
CHR Extension: (Google Sheets) - C:\Users\Azeem\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-07-06]
CHR Extension: (Replies and more for Google+) - C:\Users\Azeem\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgmhgfecnmeljhchgcjlfldjiepcfpea [2016-07-06]
CHR Extension: (Chrome Remote Desktop) - C:\Users\Azeem\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp [2017-02-08]
CHR Extension: (Google Docs Offline) - C:\Users\Azeem\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-07-06]
CHR Extension: (Unlimited Free VPN - Hola) - C:\Users\Azeem\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio [2017-02-06]
CHR Extension: (Bookmark Manager) - C:\Users\Azeem\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2016-07-06]
CHR Extension: (Hover Free) - C:\Users\Azeem\AppData\Local\Google\Chrome\User Data\Default\Extensions\hcmnnggnaofmhflgomfjfbndngdoogkj [2016-07-06]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\Azeem\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2017-02-10]
CHR Extension: (Advanced REST client) - C:\Users\Azeem\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgmloofddffdnphfgcellkdfbfbjeloo [2017-02-02]
CHR Extension: (feedly) - C:\Users\Azeem\AppData\Local\Google\Chrome\User Data\Default\Extensions\hipbfijinpcgfogaopmgehiegacbhmob [2016-08-22]
CHR Extension: (Reddit PGN viewer.) - C:\Users\Azeem\AppData\Local\Google\Chrome\User Data\Default\Extensions\hplecpnihkigeaiobbmfnfblepiadjdh [2016-07-06]
CHR Extension: (Kindle Cloud Reader) - C:\Users\Azeem\AppData\Local\Google\Chrome\User Data\Default\Extensions\icdipabjmbhpdkjaihfjoikhjjeneebd [2016-07-06]
CHR Extension: (The Top Inbox for Gmail) - C:\Users\Azeem\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijhapcklhkanndjbdnhichfmolhiaekg [2017-02-14]
CHR Extension: (Reddit Hover Craft) - C:\Users\Azeem\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilfijghjjdfgnblnkemkhknmdphchnmk [2016-07-06]
CHR Extension: (Imagus) - C:\Users\Azeem\AppData\Local\Google\Chrome\User Data\Default\Extensions\immpkjjlgappgfkkfieppnmlhakdmaab [2017-02-17]
CHR Extension: (Disconnect) - C:\Users\Azeem\AppData\Local\Google\Chrome\User Data\Default\Extensions\jeoacafpbcihiomhlakheieifhpjdfeo [2016-07-06]
CHR Extension: (Cisco WebEx Extension) - C:\Users\Azeem\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlhmfgmfgeifomenelglieieghnjghma [2017-01-29]
CHR Extension: (Cache Killer) - C:\Users\Azeem\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpfbieopdmepaolggioebjmedmclkbap [2016-11-14]
CHR Extension: (Reddit Enhancement Suite) - C:\Users\Azeem\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb [2017-02-16]
CHR Extension: (The Great Suspender) - C:\Users\Azeem\AppData\Local\Google\Chrome\User Data\Default\Extensions\klbibkeccnjlkjkiokjodocebajanakg [2016-07-06]
CHR Extension: (Momentum) - C:\Users\Azeem\AppData\Local\Google\Chrome\User Data\Default\Extensions\laookkfknpbbblfpciffpaejjkokdgca [2017-01-02]
CHR Extension: (Webcam Toy) - C:\Users\Azeem\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfbgimoladefibpklnfmkpknadbklade [2016-07-06]
CHR Extension: (Skype) - C:\Users\Azeem\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2016-10-25]
CHR Extension: (Extensions Manager (aka Switcher)) - C:\Users\Azeem\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpleipinonnoibneeejgjnoeekmbopbc [2016-07-06]
CHR Extension: (LINE) - C:\Users\Azeem\AppData\Local\Google\Chrome\User Data\Default\Extensions\menkifleemblimdogmoihpfopnplikde [2017-01-18]
CHR Extension: (Google Dictionary (by Google)) - C:\Users\Azeem\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgijmajocgfcbeboacabfgobmjgjcoja [2016-07-06]
CHR Extension: (CloudCodes Insertable) - C:\Users\Azeem\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkdocgdpmmbciijbekodlgliknfiegbb [2016-07-06]
CHR Extension: (Ghostery) - C:\Users\Azeem\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2017-02-14]
CHR Extension: (Compare Hatke) - C:\Users\Azeem\AppData\Local\Google\Chrome\User Data\Default\Extensions\nbeifcmllbkkjebeahalgcadeblbbfbe [2016-07-06]
CHR Extension: (Autofill) - C:\Users\Azeem\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlmmgnhgdeffjkdckmikfpnddkbbfkkk [2017-02-11]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Azeem\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-19]
CHR Extension: (Hover Zoom) - C:\Users\Azeem\AppData\Local\Google\Chrome\User Data\Default\Extensions\nonjdcjchghhkdoolnlbekcfllmednbl [2017-02-20]
CHR Extension: (TabCloud) - C:\Users\Azeem\AppData\Local\Google\Chrome\User Data\Default\Extensions\npecfdijgoblfcgagoijgmgejmcpnhof [2016-07-06]
CHR Extension: (Link Preview) - C:\Users\Azeem\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohmamcbkcmfalompaelgoepcnbnpiioe [2016-07-06]
CHR Extension: (Simple Startup Password) - C:\Users\Azeem\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojoalkffommhmdmbohjphohoejjmgepc [2016-07-06]
CHR Extension: (Click&Clean App) - C:\Users\Azeem\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdabfienifkbhoihedcgeogidfmibmhp [2017-01-09]
CHR Extension: (Gmail) - C:\Users\Azeem\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-07-06]
CHR Extension: (Chrome Media Router) - C:\Users\Azeem\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-07]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx
StartMenuInternet: Google Chrome - "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"
Opera: 
=======
StartMenuInternet: (HKLM) OperaStable - "C:\Program Files (x86)\Opera\Launcher.exe"
==================== Services (All) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [81088 2015-09-24] (Adobe Systems Incorporated)
R3 AeLookupSvc; C:\WINDOWS\System32\aelupsvc.dll [204288 2015-03-04] (Microsoft Corporation)
S3 ALG; C:\WINDOWS\System32\alg.exe [94208 2012-07-26] (Microsoft Corporation)
S3 AllUserInstallAgent; C:\WINDOWS\system32\AUInstallAgent.dll [122368 2012-07-26] (Microsoft Corporation)
S3 AppIDSvc; C:\WINDOWS\System32\appidsvc.dll [39424 2015-08-01] (Microsoft Corporation)
R3 Appinfo; C:\WINDOWS\System32\appinfo.dll [70144 2013-03-06] (Microsoft Corporation)
R2 AudioEndpointBuilder; C:\WINDOWS\System32\AudioEndpointBuilder.dll [169472 2015-12-04] (Microsoft Corporation)
R2 Audiosrv; C:\WINDOWS\System32\Audiosrv.dll [783872 2015-12-04] (Microsoft Corporation)
S3 AxInstSV; C:\WINDOWS\System32\AxInstSV.dll [112128 2012-07-26] (Microsoft Corporation)
S3 BDESVC; C:\WINDOWS\System32\bdesvc.dll [190976 2012-10-11] (Microsoft Corporation)
R2 BFE; C:\WINDOWS\System32\bfe.dll [723968 2015-10-11] (Microsoft Corporation)
R2 BITS; C:\WINDOWS\System32\qmgr.dll [826368 2012-07-26] (Microsoft Corporation)
R2 BrokerInfrastructure; C:\WINDOWS\System32\bisrv.dll [179712 2013-05-04] (Microsoft Corporation)
R3 Browser; C:\WINDOWS\System32\browser.dll [134144 2012-07-26] (Microsoft Corporation)
S3 BthHFSrv; C:\WINDOWS\System32\BthHFSrv.dll [331776 2012-07-26] (Microsoft Corporation)
R3 bthserv; C:\WINDOWS\system32\bthserv.dll [89088 2012-07-26] (Microsoft Corporation)
S3 CertPropSvc; C:\WINDOWS\System32\certprop.dll [149504 2012-07-26] (Microsoft Corporation)
R2 Change Modem Device Service; C:\WINDOWS\SysWOW64\ChgService.exe [135168 2015-10-09] () [File not signed]
R2 chromoting; C:\Program Files (x86)\Google\Chrome Remote Desktop\56.0.2924.51\remoting_host.exe [72024 2017-01-03] (Google Inc.)
S3 cphs; C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe [276288 2012-08-08] (Intel Corporation)
R2 CryptSvc; C:\WINDOWS\system32\cryptsvc.dll [68096 2013-07-13] (Microsoft Corporation)
R2 CVPND; C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe [1528616 2010-03-23] (Cisco Systems, Inc.)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2017-01-25] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2017-01-25] (Dropbox, Inc.)
R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [46400 2017-02-07] (Dropbox, Inc.)
R2 DcomLaunch; C:\WINDOWS\system32\rpcss.dll [817152 2012-07-26] (Microsoft Corporation)
S3 defragsvc; C:\WINDOWS\System32\defragsvc.dll [340480 2014-07-09] (Microsoft Corporation)
R2 DeviceAssociationService; C:\WINDOWS\system32\das.dll [342016 2012-07-26] (Microsoft Corporation)
S3 DeviceInstall; C:\WINDOWS\system32\umpnpmgr.dll [107008 2012-09-20] (Microsoft Corporation)
R2 Dhcp; C:\WINDOWS\system32\dhcpcore.dll [331776 2012-10-11] (Microsoft Corporation)
R2 Dhcp; C:\WINDOWS\SysWOW64\dhcpcore.dll [270336 2012-10-11] (Microsoft Corporation)
R2 Dnscache; C:\WINDOWS\System32\dnsrslvr.dll [212992 2014-10-09] (Microsoft Corporation)
S3 dot3svc; C:\WINDOWS\System32\dot3svc.dll [252928 2012-07-26] (Microsoft Corporation)
R2 DPS; C:\WINDOWS\system32\dps.dll [197120 2012-07-26] (Microsoft Corporation)
S3 DsmSvc; C:\WINDOWS\System32\DeviceSetupManager.dll [207872 2013-06-01] (Microsoft Corporation)
S3 Eaphost; C:\WINDOWS\System32\eapsvc.dll [105472 2012-07-26] (Microsoft Corporation)
S3 EFS; C:\WINDOWS\system32\efssvc.dll [37376 2012-07-26] (Microsoft Corporation)
R2 EventLog; C:\WINDOWS\System32\wevtsvc.dll [1688576 2015-03-12] (Microsoft Corporation)
R2 EventSystem; C:\WINDOWS\system32\es.dll [507904 2012-07-26] (Microsoft Corporation)
R2 EventSystem; C:\WINDOWS\SysWOW64\es.dll [394240 2012-07-26] (Microsoft Corporation)
R2 EvtEng; C:\Program Files\Intel\WiFi\bin\EvtEng.exe [626416 2013-08-28] (Intel® Corporation)
R2 F5 Networks Component Installer; C:\WINDOWS\SysWOW64\F5InstallerService.exe [402960 2015-09-18] (F5 Networks, Inc.)
R2 F5FltSrv; C:\WINDOWS\SysWOW64\F5FltSrv.exe [345104 2015-09-18] (F5 Networks, Inc.)
R2 F5TrafficSrv; C:\WINDOWS\SysWOW64\F5TrafficSrv.exe [217104 2015-09-18] (F5 Networks, Inc.)
S3 Fax; C:\WINDOWS\system32\fxssvc.exe [669696 2012-07-26] (Microsoft Corporation)
R3 fdPHost; C:\WINDOWS\system32\fdPHost.dll [21504 2012-07-26] (Microsoft Corporation)
R3 FDResPub; C:\WINDOWS\system32\fdrespub.dll [33280 2012-07-26] (Microsoft Corporation)
S3 fhsvc; C:\WINDOWS\system32\fhsvc.dll [116736 2012-09-20] (Microsoft Corporation)
R2 FontCache; C:\WINDOWS\system32\FntCache.dll [1280000 2015-11-07] (Microsoft Corporation)
S3 FontCache3.0.0.0; C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe [43616 2012-07-26] (Microsoft Corporation)
R2 GlassWire; C:\Program Files (x86)\GlassWire\GWCtlSrv.exe [4346320 2017-02-08] (SecureMix LLC)
R2 gpsvc; C:\WINDOWS\System32\gpsvc.dll [1366016 2012-07-26] (Microsoft Corporation)
S2 gupdate; C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-10-12] (Google Inc.)
S3 gupdatem; C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-10-12] (Google Inc.)
R3 hidserv; C:\WINDOWS\system32\hidserv.dll [36352 2012-07-26] (Microsoft Corporation)
R3 hidserv; C:\WINDOWS\SysWOW64\hidserv.dll [49152 2012-07-26] (Microsoft Corporation)
S3 hkmsvc; C:\WINDOWS\system32\kmsvc.dll [97792 2012-07-26] (Microsoft Corporation)
R3 HomeGroupListener; C:\WINDOWS\system32\ListSvc.dll [264704 2012-10-11] (Microsoft Corporation)
R3 HomeGroupProvider; C:\WINDOWS\system32\provsvc.dll [394752 2012-07-26] (Microsoft Corporation)
R3 HomeGroupProvider; C:\WINDOWS\SysWOW64\provsvc.dll [304128 2012-07-26] (Microsoft Corporation)
S2 igfxCUIService1.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [319096 2016-05-12] (Intel Corporation)
R2 IKEEXT; C:\WINDOWS\System32\ikeext.dll [1160192 2015-10-11] (Microsoft Corporation)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [635104 2012-04-21] (Intel® Corporation)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-06-28] (Intel Corporation)
R2 iphlpsvc; C:\WINDOWS\System32\iphlpsvc.dll [894464 2013-01-10] (Microsoft Corporation)
R2 irstrtsv; C:\windows\SysWOW64\irstrtsv.exe [193576 2012-07-20] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
R3 KeyIso; C:\WINDOWS\system32\keyiso.dll [59904 2012-07-26] (Microsoft Corporation)
R3 KeyIso; C:\WINDOWS\SysWOW64\keyiso.dll [43520 2012-07-26] (Microsoft Corporation)
S3 KtmRm; C:\WINDOWS\system32\msdtckrm.dll [358912 2012-07-26] (Microsoft Corporation)
R2 LanmanServer; C:\WINDOWS\system32\srvsvc.dll [305664 2014-07-17] (Microsoft Corporation)
R2 LanmanWorkstation; C:\WINDOWS\System32\wkssvc.dll [191488 2012-07-26] (Microsoft Corporation)
S3 Lenovo EasyPlus Hotspot; C:\Program Files (x86)\Common Files\LENOVO\easyplussdk\bin\EPHotspot64.exe [625648 2015-06-08] (Lenovo)
S3 lltdsvc; C:\WINDOWS\System32\lltdsvc.dll [274944 2012-07-26] (Microsoft Corporation)
R2 lmhosts; C:\WINDOWS\System32\lmhsvc.dll [23040 2012-07-26] (Microsoft Corporation)
R2 LMS; C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe [277824 2012-07-18] (Intel Corporation)
R2 LSM; C:\WINDOWS\System32\lsm.dll [439808 2015-11-16] (Microsoft Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4355024 2017-01-20] (Malwarebytes)
S3 Microsoft Office Groove Audit Service; C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe [64856 2009-02-26] (Microsoft Corporation)
R2 MMCSS; C:\WINDOWS\system32\mmcss.dll [80896 2012-09-20] (Microsoft Corporation)
S3 MozillaMaintenance; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [146888 2016-03-28] (Mozilla Foundation)
R2 MpsSvc; C:\WINDOWS\system32\mpssvc.dll [915968 2013-10-31] (Microsoft Corporation)
S3 MSDTC; C:\WINDOWS\System32\msdtc.exe [144384 2012-07-26] (Microsoft Corporation)
S3 MSiSCSI; C:\WINDOWS\system32\iscsiexe.dll [151552 2012-07-26] (Microsoft Corporation)
S3 msiserver; C:\WINDOWS\System32\msiexec.exe [124416 2015-06-15] (Microsoft Corporation)
S3 msiserver; C:\WINDOWS\SysWOW64\msiexec.exe [62976 2015-06-15] (Microsoft Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273136 2013-08-28] ()
S3 napagent; C:\WINDOWS\system32\qagentRT.dll [428544 2012-07-26] (Microsoft Corporation)
R2 NAT; C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\NAT.exe [232424 2013-10-12] (Symantec Corporation)
S3 NcaSvc; C:\WINDOWS\System32\ncasvc.dll [161792 2012-07-26] (Microsoft Corporation)
R3 NcdAutoSetup; C:\WINDOWS\System32\NcdAutoSetup.dll [73728 2012-07-26] (Microsoft Corporation)
S3 Netlogon; C:\WINDOWS\system32\netlogon.dll [743936 2012-07-26] (Microsoft Corporation)
S3 Netlogon; C:\WINDOWS\SysWOW64\netlogon.dll [634368 2012-07-26] (Microsoft Corporation)
R3 Netman; C:\WINDOWS\System32\netman.dll [255488 2012-07-26] (Microsoft Corporation)
R3 netprofm; C:\WINDOWS\System32\netprofmsvc.dll [470528 2013-05-04] (Microsoft Corporation)
S4 NetTcpPortSharing; C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [136360 2016-12-16] (Microsoft Corporation)
R2 NlaSvc; C:\WINDOWS\System32\nlasvc.dll [357376 2014-12-06] (Microsoft Corporation)
R2 nsi; C:\WINDOWS\system32\nsisvc.dll [25600 2012-07-26] (Microsoft Corporation)
S3 odserv; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [440696 2011-07-20] (Microsoft Corporation)
S3 ose; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [150600 2014-01-23] (Microsoft Corporation)
R3 p2pimsvc; C:\WINDOWS\system32\pnrpsvc.dll [329728 2012-07-26] (Microsoft Corporation)
R3 p2psvc; C:\WINDOWS\system32\p2psvc.dll [435712 2012-07-26] (Microsoft Corporation)
R2 PcaSvc; C:\WINDOWS\System32\pcasvc.dll [405504 2016-06-04] (Microsoft Corporation)
S3 PerfHost; C:\WINDOWS\SysWow64\perfhost.exe [20992 2012-07-26] (Microsoft Corporation)
S3 pla; C:\WINDOWS\system32\pla.dll [1379840 2012-07-26] (Microsoft Corporation)
S3 pla; C:\WINDOWS\SysWOW64\pla.dll [1421824 2012-07-26] (Microsoft Corporation)
R3 PlugPlay; C:\WINDOWS\system32\umpnpmgr.dll [107008 2012-09-20] (Microsoft Corporation)
S3 PNRPAutoReg; C:\WINDOWS\system32\pnrpauto.dll [26624 2012-07-26] (Microsoft Corporation)
R3 PNRPsvc; C:\WINDOWS\system32\pnrpsvc.dll [329728 2012-07-26] (Microsoft Corporation)
S3 PolicyAgent; C:\WINDOWS\System32\ipsecsvc.dll [474624 2012-07-26] (Microsoft Corporation)
R2 Power; C:\WINDOWS\system32\umpo.dll [89600 2012-09-20] (Microsoft Corporation)
S3 PrintNotify; C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll [2675200 2012-07-26] (Microsoft Corporation)
R2 ProfSvc; C:\WINDOWS\system32\profsvc.dll [210432 2014-12-19] (Microsoft Corporation)
S3 QWAVE; C:\WINDOWS\system32\qwave.dll [268800 2012-07-26] (Microsoft Corporation)
S3 QWAVE; C:\WINDOWS\SysWOW64\qwave.dll [230400 2012-07-26] (Microsoft Corporation)
S3 RasAuto; C:\WINDOWS\System32\rasauto.dll [99840 2012-07-26] (Microsoft Corporation)
R3 RasMan; C:\WINDOWS\System32\rasmans.dll [358400 2012-07-26] (Microsoft Corporation)
R2 RegSrvc; C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe [149744 2013-08-28] (Intel® Corporation)
S4 RemoteAccess; C:\WINDOWS\System32\mprdim.dll [107520 2012-07-26] (Microsoft Corporation)
S4 RemoteAccess; C:\WINDOWS\SysWOW64\mprdim.dll [81920 2012-07-26] (Microsoft Corporation)
S4 RemoteRegistry; C:\WINDOWS\system32\regsvc.dll [159744 2012-07-26] (Microsoft Corporation)
R2 RpcEptMapper; C:\WINDOWS\System32\RpcEpMap.dll [76288 2012-09-20] (Microsoft Corporation)
S3 RpcLocator; C:\WINDOWS\system32\locator.exe [9728 2012-07-26] (Microsoft Corporation)
R2 RpcSs; C:\WINDOWS\system32\rpcss.dll [817152 2012-07-26] (Microsoft Corporation)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [320512 2017-01-25] (Realtek Semiconductor)
R2 SamSs; C:\WINDOWS\system32\lsass.exe [35840 2014-03-11] (Microsoft Corporation)
S4 SCardSvr; C:\WINDOWS\System32\SCardSvr.dll [196608 2012-07-26] (Microsoft Corporation)
R2 Schedule; C:\WINDOWS\system32\schedsvc.dll [1287680 2015-08-05] (Microsoft Corporation)
S3 SCPolicySvc; C:\WINDOWS\System32\certprop.dll [149504 2012-07-26] (Microsoft Corporation)
S3 SDRSVC; C:\WINDOWS\System32\SDRSVC.dll [148480 2012-07-26] (Microsoft Corporation)
S3 seclogon; C:\WINDOWS\system32\seclogon.dll [30720 2012-07-26] (Microsoft Corporation)
R2 SENS; C:\WINDOWS\System32\sens.dll [62976 2012-07-26] (Microsoft Corporation)
R3 SensrSvc; C:\WINDOWS\system32\sensrsvc.dll [161792 2012-07-26] (Microsoft Corporation)
S3 SessionEnv; C:\WINDOWS\system32\sessenv.dll [291328 2012-07-26] (Microsoft Corporation)
S3 SessionEnv; C:\WINDOWS\SysWOW64\sessenv.dll [249344 2012-07-26] (Microsoft Corporation)
S3 SharedAccess; C:\WINDOWS\System32\ipnathlp.dll [438784 2012-07-26] (Microsoft Corporation)
R2 ShellHWDetection; C:\WINDOWS\System32\shsvcs.dll [565760 2012-07-26] (Microsoft Corporation)
R2 ShellHWDetection; C:\WINDOWS\SysWOW64\shsvcs.dll [506368 2012-07-26] (Microsoft Corporation)
S2 SkypeUpdate; C:\Program Files (x86)\Skype\Updater\Updater.exe [324224 2016-09-20] (Skype Technologies)
S3 SNMPTRAP; C:\WINDOWS\System32\snmptrap.exe [14848 2012-07-26] (Microsoft Corporation)
R2 Spooler; C:\WINDOWS\System32\spoolsv.exe [769024 2012-07-26] (Microsoft Corporation)
S2 sppsvc; C:\WINDOWS\system32\sppsvc.exe [4917760 2013-08-16] (Microsoft Corporation)
R3 SSDPSRV; C:\WINDOWS\System32\ssdpsrv.dll [266240 2012-07-26] (Microsoft Corporation)
R3 SstpSvc; C:\WINDOWS\system32\sstpsvc.dll [81920 2012-07-26] (Microsoft Corporation)
R2 stisvc; C:\WINDOWS\System32\wiaservc.dll [570880 2012-07-26] (Microsoft Corporation)
S3 StorSvc; C:\WINDOWS\system32\storsvc.dll [20992 2012-07-26] (Microsoft Corporation)
S3 StorSvc; C:\WINDOWS\SysWOW64\storsvc.dll [18432 2012-07-26] (Microsoft Corporation)
S3 svsvc; C:\WINDOWS\system32\svsvc.dll [12800 2012-07-26] (Microsoft Corporation)
S3 swprv; C:\WINDOWS\System32\swprv.dll [502784 2012-07-26] (Microsoft Corporation)
R2 SysMain; C:\WINDOWS\system32\sysmain.dll [1333248 2015-07-15] (Microsoft Corporation)
R3 SystemEventsBroker; C:\WINDOWS\System32\SystemEventsBrokerServer.dll [180224 2013-03-02] (Microsoft Corporation)
S3 TabletInputService; C:\WINDOWS\System32\TabSvc.dll [84480 2012-07-26] (Microsoft Corporation)
R3 TapiSrv; C:\WINDOWS\System32\tapisrv.dll [305664 2012-07-26] (Microsoft Corporation)
R3 TapiSrv; C:\WINDOWS\SysWOW64\tapisrv.dll [245760 2012-07-26] (Microsoft Corporation)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5702416 2015-09-11] (TeamViewer GmbH)
S3 TermService; C:\WINDOWS\System32\termsrv.dll [724992 2014-07-07] (Microsoft Corporation)
R2 Themes; C:\WINDOWS\system32\themeservice.dll [47104 2012-07-26] (Microsoft Corporation)
S3 THREADORDER; C:\WINDOWS\system32\mmcss.dll [80896 2012-09-20] (Microsoft Corporation)
R3 TimeBroker; C:\WINDOWS\System32\TimeBrokerServer.dll [171008 2013-03-02] (Microsoft Corporation)
R3 TMachInfo; C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [53384 2012-07-28] (TOSHIBA Corporation)
R2 TODDSrv; C:\Windows\system32\TODDSrv.exe [140632 2009-07-29] (TOSHIBA Corporation)
R2 TOSHIBA eco Utility Service; C:\Program Files\TOSHIBA\Teco\TecoService.exe [291240 2012-08-25] (TOSHIBA Corporation)
R2 TOSHIBA Tablet Utilities Service; C:\Program Files (x86)\TOSHIBA\TabletUtilities\TOSSWKBS.exe [401776 2012-03-22] (TOSHIBA CORPORATION)
R3 TPCHSrv; C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [458152 2012-07-28] (TOSHIBA Corporation)
R2 TracSrvWrapper; C:\Program Files (x86)\CheckPoint\Endpoint Connect\TracSrvWrapper.exe [4512952 2011-09-14] (Check Point Software Technologies)
R2 TrkWks; C:\WINDOWS\System32\trkwks.dll [119808 2012-07-26] (Microsoft Corporation)
S3 TrustedInstaller; C:\WINDOWS\servicing\TrustedInstaller.exe [98304 2013-05-16] (Microsoft Corporation)
S3 UI0Detect; C:\WINDOWS\system32\UI0Detect.exe [40960 2012-07-26] (Microsoft Corporation)
S3 UmRdpService; C:\WINDOWS\System32\umrdp.dll [250880 2012-07-26] (Microsoft Corporation)
R2 UNS; C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [365376 2012-07-18] (Intel Corporation)
R3 upnphost; C:\WINDOWS\System32\upnphost.dll [520704 2012-07-26] (Microsoft Corporation)
R3 upnphost; C:\WINDOWS\SysWOW64\upnphost.dll [409600 2012-07-26] (Microsoft Corporation)
S3 VaultSvc; C:\Windows\System32\vaultsvc.dll [283648 2012-07-26] (Microsoft Corporation)
S3 vds; C:\WINDOWS\System32\vds.exe [680960 2013-06-01] (Microsoft Corporation)
S3 vmicheartbeat; C:\WINDOWS\System32\ICSvc.dll [336384 2012-07-26] (Microsoft Corporation)
S3 vmickvpexchange; C:\WINDOWS\System32\ICSvc.dll [336384 2012-07-26] (Microsoft Corporation)
S3 vmicrdv; C:\WINDOWS\System32\ICSvc.dll [336384 2012-07-26] (Microsoft Corporation)
S3 vmicshutdown; C:\WINDOWS\System32\ICSvc.dll [336384 2012-07-26] (Microsoft Corporation)
S3 vmictimesync; C:\WINDOWS\System32\ICSvc.dll [336384 2012-07-26] (Microsoft Corporation)
S3 vmicvss; C:\WINDOWS\System32\ICSvc.dll [336384 2012-07-26] (Microsoft Corporation)
S3 vncserver; C:\Program Files\RealVNC\VNC Server\vncservice.exe [639808 2015-01-29] (RealVNC Ltd)
S3 VSS; C:\WINDOWS\system32\vssvc.exe [1484288 2014-10-09] (Microsoft Corporation)
S3 W32Time; C:\WINDOWS\system32\w32time.dll [358400 2012-07-26] (Microsoft Corporation)
S3 wbengine; C:\WINDOWS\system32\wbengine.exe [1616896 2012-07-26] (Microsoft Corporation)
S3 WbioSrvc; C:\WINDOWS\System32\wbiosrvc.dll [335872 2012-07-26] (Microsoft Corporation)
R2 Wcmsvc; C:\WINDOWS\System32\wcmsvc.dll [263680 2014-07-07] (Microsoft Corporation)
R3 wcncsvc; C:\WINDOWS\System32\wcncsvc.dll [466944 2012-11-06] (Microsoft Corporation)
S3 WcsPlugInService; C:\WINDOWS\System32\WcsPlugInService.dll [41472 2012-07-26] (Microsoft Corporation)
S3 WcsPlugInService; C:\WINDOWS\SysWOW64\WcsPlugInService.dll [32256 2012-07-26] (Microsoft Corporation)
R3 WdiServiceHost; C:\WINDOWS\system32\wdi.dll [109568 2012-07-26] (Microsoft Corporation)
R3 WdiServiceHost; C:\WINDOWS\SysWOW64\wdi.dll [96768 2012-07-26] (Microsoft Corporation)
R3 WdiSystemHost; C:\WINDOWS\system32\wdi.dll [109568 2012-07-26] (Microsoft Corporation)
R3 WdiSystemHost; C:\WINDOWS\SysWOW64\wdi.dll [96768 2012-07-26] (Microsoft Corporation)
S3 WebClient; C:\WINDOWS\System32\webclnt.dll [227328 2015-07-01] (Microsoft Corporation)
S3 WebClient; C:\WINDOWS\SysWOW64\webclnt.dll [198656 2015-07-01] (Microsoft Corporation)
S3 Wecsvc; C:\WINDOWS\system32\wecsvc.dll [218112 2012-07-26] (Microsoft Corporation)
S3 wercplsupport; C:\WINDOWS\System32\wercplsupport.dll [84992 2012-07-26] (Microsoft Corporation)
S3 WerSvc; C:\WINDOWS\System32\WerSvc.dll [87552 2013-02-02] (Microsoft Corporation)
S3 WiaRpc; C:\WINDOWS\System32\wiarpc.dll [65536 2012-07-26] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16056 2015-07-06] (Microsoft Corporation)
R3 WinHttpAutoProxySvc; C:\WINDOWS\system32\winhttp.dll [710656 2012-11-06] (Microsoft Corporation)
R3 WinHttpAutoProxySvc; C:\WINDOWS\SysWOW64\winhttp.dll [516608 2012-11-06] (Microsoft Corporation)
R2 Winmgmt; C:\WINDOWS\system32\wbem\WMIsvc.dll [219648 2012-07-26] (Microsoft Corporation)
S3 WinRM; C:\WINDOWS\system32\WsmSvc.dll [2837504 2014-08-29] (Microsoft Corporation)
S3 WinRM; C:\WINDOWS\SysWOW64\WsmSvc.dll [2043392 2014-08-29] (Microsoft Corporation)
R2 WlanSvc; C:\WINDOWS\System32\wlansvc.dll [1386496 2012-11-06] (Microsoft Corporation)
S3 wlidsvc; C:\WINDOWS\system32\wlidsvc.dll [1964544 2013-01-10] (Microsoft Corporation)
S3 wmiApSrv; C:\WINDOWS\system32\wbem\WmiApSrv.exe [198144 2012-07-26] (Microsoft Corporation)
R2 WMPNetworkSvc; C:\Program Files\Windows Media Player\wmpnetwk.exe [1314816 2012-09-20] (Microsoft Corporation)
S3 WPCSvc; C:\WINDOWS\System32\wpcsvc.dll [11776 2012-07-26] (Microsoft Corporation)
S3 WPCSvc; C:\WINDOWS\SysWOW64\wpcsvc.dll [10240 2012-07-26] (Microsoft Corporation)
R3 WPDBusEnum; C:\WINDOWS\system32\wpdbusenum.dll [103936 2013-03-02] (Microsoft Corporation)
R2 wscsvc; C:\WINDOWS\System32\wscsvc.dll [99840 2013-04-09] (Microsoft Corporation)
R2 WSearch; C:\WINDOWS\system32\SearchIndexer.exe [816128 2013-04-09] (Microsoft Corporation)
R2 WSearch; C:\WINDOWS\SysWOW64\SearchIndexer.exe [670208 2013-04-09] (Microsoft Corporation)
S3 WSService; C:\WINDOWS\System32\WSService.dll [2371728 2013-08-16] (Microsoft Corporation)
S3 wuauserv; C:\WINDOWS\system32\wuaueng.dll [3286016 2014-11-15] (Microsoft Corporation)
R3 wudfsvc; C:\WINDOWS\System32\WUDFSvc.dll [84992 2012-07-26] (Microsoft Corporation)
S3 WwanSvc; C:\WINDOWS\System32\wwansvc.dll [447488 2013-06-25] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3378416 2013-08-28] (Intel® Corporation)
S3 COMSysApp; %SystemRoot%\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
==================== Drivers (All) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 1394ohci; C:\WINDOWS\System32\drivers\1394ohci.sys [226304 2012-07-26] (Microsoft Corporation)
S0 3ware; C:\WINDOWS\System32\drivers\3ware.sys [106736 2012-07-26] (LSI)
R0 ACPI; C:\WINDOWS\System32\drivers\ACPI.sys [425192 2012-09-20] (Microsoft Corporation)
R0 acpiex; C:\WINDOWS\System32\Drivers\acpiex.sys [77040 2012-07-26] (Microsoft Corporation)
S3 acpipagr; C:\WINDOWS\System32\drivers\acpipagr.sys [10240 2012-07-26] (Microsoft Corporation)
S3 AcpiPmi; C:\WINDOWS\System32\drivers\acpipmi.sys [12288 2012-07-26] (Microsoft Corporation)
S3 acpitime; C:\WINDOWS\System32\drivers\acpitime.sys [10752 2012-07-26] (Microsoft Corporation)
S0 adp94xx; C:\WINDOWS\System32\drivers\adp94xx.sys [492272 2012-07-26] (Adaptec, Inc.)
S0 adpahci; C:\WINDOWS\System32\drivers\adpahci.sys [340720 2012-07-26] (Adaptec, Inc.)
S0 adpu320; C:\WINDOWS\System32\drivers\adpu320.sys [184048 2012-07-26] (Adaptec, Inc.)
R1 AFD; C:\WINDOWS\system32\drivers\afd.sys [576512 2015-10-13] (Microsoft Corporation)
S0 agp440; C:\WINDOWS\System32\drivers\agp440.sys [63216 2012-07-26] (Microsoft Corporation)
S3 AmdK8; C:\WINDOWS\System32\drivers\amdk8.sys [90624 2012-11-06] (Microsoft Corporation)
S3 AmdPPM; C:\WINDOWS\System32\drivers\amdppm.sys [88064 2012-11-06] (Microsoft Corporation)
S0 amdsata; C:\WINDOWS\System32\drivers\amdsata.sys [76016 2012-07-26] (Advanced Micro Devices)
S0 amdsbs; C:\WINDOWS\System32\drivers\amdsbs.sys [258288 2012-07-26] (AMD Technologies Inc.)
S0 amdxata; C:\WINDOWS\System32\drivers\amdxata.sys [26352 2012-07-26] (Advanced Micro Devices)
S3 AppID; C:\WINDOWS\system32\drivers\appid.sys [79360 2012-07-26] (Microsoft Corporation)
S0 arc; C:\WINDOWS\System32\drivers\arc.sys [104688 2012-07-26] (PMC-Sierra, Inc.)
S0 arcsas; C:\WINDOWS\System32\drivers\arcsas.sys [108272 2012-07-26] (PMC-Sierra, Inc.)
S3 AsyncMac; C:\WINDOWS\system32\DRIVERS\asyncmac.sys [26624 2012-07-26] (Microsoft Corporation)
S0 atapi; C:\WINDOWS\System32\drivers\atapi.sys [25840 2012-07-26] (Microsoft Corporation)
S0 b06bdrv; C:\WINDOWS\System32\drivers\bxvbda.sys [533224 2012-09-20] (Broadcom Corporation)
R1 BasicDisplay; C:\WINDOWS\System32\drivers\BasicDisplay.sys [48640 2012-07-26] (Microsoft Corporation)
R1 BasicRender; C:\WINDOWS\System32\drivers\BasicRender.sys [29696 2012-07-26] (Microsoft Corporation)
U5 BattC; C:\Windows\System32\Drivers\BattC.sys [33512 2012-10-11] (Microsoft Corporation)
R1 Beep; C:\Windows\System32\Drivers\Beep.sys [7680 2012-07-26] (Microsoft Corporation)
R3 bowser; C:\WINDOWS\System32\DRIVERS\bowser.sys [101888 2012-07-26] (Microsoft Corporation)
R3 BthA2DP; C:\WINDOWS\system32\drivers\BthA2DP.sys [117632 2013-06-01] (Microsoft Corporation)
R3 BthAvrcpTg; C:\WINDOWS\System32\drivers\BthAvrcpTg.sys [37632 2013-06-01] (Microsoft Corporation)
R3 BthEnum; C:\WINDOWS\System32\drivers\BthEnum.sys [51712 2013-01-09] (Microsoft Corporation)
S3 BthHFAud; C:\WINDOWS\system32\DRIVERS\BthHfAud.sys [30720 2013-02-02] (Microsoft Corporation)
S3 BthHFEnum; C:\WINDOWS\System32\drivers\bthhfenum.sys [51200 2012-07-26] (Microsoft Corporation)
S3 bthhfhid; C:\WINDOWS\System32\drivers\BthHFHid.sys [29952 2012-11-27] (Microsoft Corporation)
R3 BthLEEnum; C:\WINDOWS\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-26] (Microsoft Corporation)
R3 BTHMODEM; C:\WINDOWS\System32\drivers\bthmodem.sys [66048 2013-03-01] (Microsoft Corporation)
R3 BthPan; C:\WINDOWS\system32\DRIVERS\bthpan.sys [119808 2012-07-26] (Microsoft Corporation)
S3 BTHPORT; C:\WINDOWS\System32\Drivers\BTHport.sys [1175040 2013-03-01] (Microsoft Corporation)
R3 BTHUSB; C:\WINDOWS\System32\Drivers\BTHUSB.sys [74752 2013-01-09] (Microsoft Corporation)
R3 btmhsf; C:\WINDOWS\system32\DRIVERS\btmhsf.sys [1366328 2013-03-28] (Motorola Solutions, Inc.)
R1 ccSet_NAT; C:\WINDOWS\system32\drivers\NATx64\010A000.009\ccSetx64.sys [150104 2013-07-29] (Symantec Corporation)
S4 cdfs; C:\WINDOWS\System32\DRIVERS\cdfs.sys [108544 2012-07-26] (Microsoft Corporation)
S1 cdrom; C:\WINDOWS\System32\drivers\cdrom.sys [174080 2012-07-26] (Microsoft Corporation)
S3 circlass; C:\WINDOWS\System32\drivers\circlass.sys [45056 2012-07-26] (Microsoft Corporation)
R0 CLFS; C:\WINDOWS\System32\drivers\CLFS.sys [361280 2015-03-04] (Microsoft Corporation)
R3 CmBatt; C:\WINDOWS\System32\drivers\CmBatt.sys [25600 2012-07-26] (Microsoft Corporation)
S3 cmnuusbser14; C:\WINDOWS\system32\DRIVERS\cmnuusbser14.sys [123776 2016-05-16] (Wireless Device)
R0 CNG; C:\WINDOWS\System32\Drivers\cng.sys [570256 2015-09-23] (Microsoft Corporation)
R3 CompositeBus; C:\WINDOWS\System32\drivers\CompositeBus.sys [36352 2012-07-26] (Microsoft Corporation)
R3 condrv; C:\WINDOWS\System32\drivers\condrv.sys [33792 2012-07-26] (Microsoft Corporation)
S3 CVirtA; C:\WINDOWS\system32\DRIVERS\CVirtA64.sys [14992 2010-02-08] (Cisco Systems, Inc.)
R3 CVPNDRVA; C:\WINDOWS\system32\Drivers\CVPNDRVA.sys [304784 2010-03-23] ()
S1 dam; C:\WINDOWS\System32\drivers\dam.sys [58200 2013-08-16] (Microsoft Corporation)
R1 Dfsc; C:\WINDOWS\System32\Drivers\dfsc.sys [118784 2014-01-16] (Microsoft Corporation)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [122160 2015-12-08] (DEVGURU Co., LTD.(www.devguru.co.kr))
R1 discache; C:\WINDOWS\System32\drivers\discache.sys [50688 2012-07-26] (Microsoft Corporation)
R0 disk; C:\WINDOWS\System32\drivers\disk.sys [100696 2013-10-14] (Microsoft Corporation)
S3 dmvsc; C:\WINDOWS\System32\drivers\dmvsc.sys [33280 2012-07-26] (Microsoft Corporation)
R3 DNE; C:\WINDOWS\system32\DRIVERS\dne64x.sys [157968 2008-11-16] (Deterministic Networks, Inc.)
S3 drmkaud; C:\WINDOWS\system32\drivers\drmkaud.sys [5632 2012-10-11] (Microsoft Corporation)
R3 DXGKrnl; C:\WINDOWS\System32\drivers\dxgkrnl.sys [1453400 2014-06-13] (Microsoft Corporation)
S0 ebdrv; C:\WINDOWS\System32\drivers\evbda.sys [3265256 2012-09-20] (Broadcom Corporation)
S0 EhStorClass; C:\WINDOWS\System32\drivers\EhStorClass.sys [81136 2012-07-26] (Microsoft Corporation)
S0 EhStorTcgDrv; C:\WINDOWS\System32\drivers\EhStorTcgDrv.sys [113904 2012-07-26] (Microsoft Corporation)
S3 ErrDev; C:\WINDOWS\System32\drivers\errdev.sys [10240 2012-07-26] (Microsoft Corporation)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [77416 2017-01-20] ()
S3 exfat; C:\Windows\System32\Drivers\exfat.sys [194560 2012-07-26] (Microsoft Corporation)
S3 F5FltDrv; C:\WINDOWS\SysWOW64\drivers\F5FltDrv.sys [47848 2015-09-18] (F5 Networks, Inc.)
S3 f5ipfw; C:\WINDOWS\system32\drivers\urfltv64.sys [34536 2015-07-24] (F5 Networks, Inc.)
R3 fastfat; C:\Windows\System32\Drivers\fastfat.sys [210672 2012-07-26] (Microsoft Corporation)
S3 fdc; C:\WINDOWS\System32\drivers\fdc.sys [30720 2012-07-26] (Microsoft Corporation)
R0 FileInfo; C:\WINDOWS\System32\drivers\fileinfo.sys [71920 2012-07-26] (Microsoft Corporation)
S3 Filetrace; C:\WINDOWS\System32\drivers\filetrace.sys [34816 2012-07-26] (Microsoft Corporation)
S3 flpydisk; C:\WINDOWS\System32\drivers\flpydisk.sys [24576 2012-07-26] (Microsoft Corporation)
R0 FltMgr; C:\WINDOWS\System32\drivers\fltmgr.sys [374512 2012-07-26] (Microsoft Corporation)
S3 FsDepends; C:\WINDOWS\System32\drivers\FsDepends.sys [57584 2012-07-26] (Microsoft Corporation)
U0 Fs_Rec; C:\Windows\System32\Drivers\Fs_Rec.sys [25328 2012-07-26] (Microsoft Corporation)
R0 fvevol; C:\WINDOWS\System32\DRIVERS\fvevol.sys [465240 2013-08-21] (Microsoft Corporation)
S3 FxPPM; C:\WINDOWS\System32\drivers\fxppm.sys [22528 2012-11-06] (Microsoft Corporation)
S0 gagp30kx; C:\WINDOWS\System32\drivers\gagp30kx.sys [66800 2012-07-26] (Microsoft Corporation)
S3 gencounter; C:\WINDOWS\System32\drivers\vmgencounter.sys [12288 2012-07-26] (Microsoft Corporation)
S3 GPIOClx0101; C:\WINDOWS\System32\Drivers\msgpioclx.sys [120144 2013-07-09] (Microsoft Corporation)
R1 gwdrv; C:\WINDOWS\system32\DRIVERS\gwdrv.sys [33152 2015-05-29] (SecureMix LLC)
S3 HdAudAddService; C:\WINDOWS\system32\drivers\HdAudio.sys [341504 2013-06-26] (Microsoft Corporation)
R3 HDAudBus; C:\WINDOWS\System32\drivers\HDAudBus.sys [71168 2014-07-16] (Microsoft Corporation)
S3 HidBatt; C:\WINDOWS\System32\drivers\HidBatt.sys [27136 2012-07-26] (Microsoft Corporation)
S3 HidBth; C:\WINDOWS\System32\drivers\hidbth.sys [95744 2013-04-09] (Microsoft Corporation)
S3 hidi2c; C:\WINDOWS\System32\drivers\hidi2c.sys [39936 2012-11-20] (Microsoft Corporation)
S3 HidIr; C:\WINDOWS\System32\drivers\hidir.sys [46080 2012-07-26] (Microsoft Corporation)
R3 HidUsb; C:\WINDOWS\System32\drivers\hidusb.sys [27648 2013-05-04] (Microsoft Corporation)
S0 HpSAMD; C:\WINDOWS\System32\drivers\HpSAMD.sys [64752 2012-07-26] (Hewlett-Packard Company)
R3 HTTP; C:\WINDOWS\System32\drivers\HTTP.sys [861696 2015-02-24] (Microsoft Corporation)
S0 hwpolicy; C:\WINDOWS\System32\drivers\hwpolicy.sys [24816 2012-07-26] (Microsoft Corporation)
S3 hyperkbd; C:\WINDOWS\System32\drivers\hyperkbd.sys [11776 2012-07-26] (Microsoft Corporation)
S3 HyperVideo; C:\WINDOWS\system32\DRIVERS\HyperVideo.sys [24576 2012-07-26] (Microsoft Corporation)
R3 i8042prt; C:\WINDOWS\System32\drivers\i8042prt.sys [112640 2012-07-26] (Microsoft Corporation)
R0 iaStorA; C:\WINDOWS\System32\drivers\iaStorA.sys [646408 2015-05-29] (Intel Corporation)
S0 iaStorV; C:\WINDOWS\System32\drivers\iaStorV.sys [411888 2012-07-26] (Intel Corporation)
R3 iBtFltCoex; C:\WINDOWS\system32\DRIVERS\iBtFltCoex.sys [69240 2013-01-15] (Intel Corporation)
R3 igfx; C:\WINDOWS\system32\DRIVERS\igdkmd64.sys [8987456 2012-08-06] (Intel Corporation)
S0 iirsp; C:\WINDOWS\System32\drivers\iirsp.sys [45296 2012-07-26] (Intel Corp./ICP vortex GmbH)
S3 intaud_WaveExtensible; C:\WINDOWS\system32\drivers\intelaud.sys [35296 2012-08-10] (Intel Corporation)
R3 IntcAzAudAddService; C:\WINDOWS\system32\drivers\RTKVHD64.sys [5596160 2017-01-25] (Realtek Semiconductor Corp.)
R3 IntcDAud; C:\WINDOWS\system32\DRIVERS\IntcDAud.sys [463112 2015-09-17] (Intel® Corporation)
S0 intelide; C:\WINDOWS\System32\drivers\intelide.sys [18672 2012-07-26] (Microsoft Corporation)
R3 intelppm; C:\WINDOWS\System32\drivers\intelppm.sys [89088 2012-11-06] (Microsoft Corporation)
R3 IntelSensorSolutionAcpi; C:\WINDOWS\System32\drivers\IntelSensorSolutionAcpi.sys [23320 2012-11-02] (Intel® Corporation)
S3 IpFilterDriver; C:\WINDOWS\System32\DRIVERS\ipfltdrv.sys [89088 2012-07-26] (Microsoft Corporation)
S3 IPMIDRV; C:\WINDOWS\System32\drivers\IPMIDrv.sys [78336 2014-02-15] (Microsoft Corporation)
S3 IPNAT; C:\WINDOWS\System32\drivers\ipnat.sys [145920 2012-07-26] (Microsoft Corporation)
S3 IRENUM; C:\WINDOWS\System32\drivers\irenum.sys [17920 2012-07-26] (Microsoft Corporation)
R3 irstrtdv; C:\WINDOWS\System32\drivers\irstrtdv.sys [20192 2013-11-25] (Intel Corporation)
S0 isapnp; C:\WINDOWS\System32\drivers\isapnp.sys [22256 2012-07-26] (Microsoft Corporation)
S3 iScsiPrt; C:\WINDOWS\System32\drivers\msiscsi.sys [278872 2014-02-04] (Microsoft Corporation)
R3 iwdbus; C:\WINDOWS\System32\drivers\iwdbus.sys [25568 2012-08-10] (Intel Corporation)
R3 kbdclass; C:\WINDOWS\System32\drivers\kbdclass.sys [48368 2012-07-26] (Microsoft Corporation)
R3 kbdhid; C:\WINDOWS\System32\drivers\kbdhid.sys [29184 2012-07-26] (Microsoft Corporation)
R3 kdnic; C:\WINDOWS\system32\DRIVERS\kdnic.sys [18432 2012-07-26] (Microsoft Corporation)
R0 KSecDD; C:\WINDOWS\System32\Drivers\ksecdd.sys [100184 2015-05-02] (Microsoft Corporation)
R0 KSecPkg; C:\WINDOWS\System32\Drivers\ksecpkg.sys [171864 2015-11-16] (Microsoft Corporation)
R3 ksthunk; C:\WINDOWS\system32\drivers\ksthunk.sys [21376 2012-07-26] (Microsoft Corporation)
R2 lltdio; C:\WINDOWS\system32\DRIVERS\lltdio.sys [60416 2012-07-26] (Microsoft Corporation)
S0 LSI_SAS; C:\WINDOWS\System32\drivers\lsi_sas.sys [108784 2012-07-26] (LSI Corporation)
S0 LSI_SAS2; C:\WINDOWS\System32\drivers\lsi_sas2.sys [92400 2012-07-26] (LSI Corporation)
S0 LSI_SCSI; C:\WINDOWS\System32\drivers\lsi_scsi.sys [116976 2012-07-26] (LSI Corporation)
S0 LSI_SSS; C:\WINDOWS\System32\drivers\lsi_sss.sys [81136 2012-07-26] (LSI Corporation)
R2 luafv; C:\WINDOWS\system32\drivers\luafv.sys [134144 2012-07-26] (Microsoft Corporation)
R2 MBAMChameleon; C:\WINDOWS\system32\drivers\MBAMChameleon.sys [176584 2017-02-20] (Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\system32\drivers\farflt.sys [110536 2017-02-20] (Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\drivers\mbam.sys [43968 2017-02-20] (Malwarebytes)
R0 MBAMSwissArmy; C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys [251848 2017-02-20] (Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\drivers\mwac.sys [91584 2017-02-21] (Malwarebytes)
S0 megasas; C:\WINDOWS\System32\drivers\megasas.sys [51952 2012-07-26] (LSI Corporation)
S0 MegaSR; C:\WINDOWS\System32\drivers\MegaSR.sys [353008 2012-07-26] (LSI Corporation, Inc.)
R3 MEIx64; C:\WINDOWS\System32\drivers\TeeDriverW8x64.sys [186424 2016-03-29] (Intel Corporation)
S3 mmx_cmnxnet; C:\WINDOWS\system32\DRIVERS\mmx_cmnxnet.sys [161792 2015-10-09] (Wireless Data Device)
S3 mmx_cmnxusbser; C:\WINDOWS\system32\DRIVERS\mmx_cmnxusbser.sys [126208 2015-10-09] (Wireless Data Device)
R3 Modem; C:\WINDOWS\System32\drivers\modem.sys [40448 2012-07-26] (Microsoft Corporation)
R3 monitor; C:\WINDOWS\System32\drivers\monitor.sys [30720 2013-03-01] (Microsoft Corporation)
R3 mouclass; C:\WINDOWS\System32\drivers\mouclass.sys [45808 2012-07-26] (Microsoft Corporation)
R3 mouhid; C:\WINDOWS\System32\drivers\mouhid.sys [26112 2013-03-02] (Microsoft Corporation)
R0 mountmgr; C:\WINDOWS\System32\drivers\mountmgr.sys [95064 2015-07-15] (Microsoft Corporation)
R3 mpsdrv; C:\WINDOWS\System32\drivers\mpsdrv.sys [74752 2013-10-31] (Microsoft Corporation)
S3 MRxDAV; C:\WINDOWS\system32\drivers\mrxdav.sys [142336 2014-12-19] (Microsoft Corporation)
R3 mrxsmb; C:\WINDOWS\System32\DRIVERS\mrxsmb.sys [403456 2015-01-07] (Microsoft Corporation)
R3 mrxsmb10; C:\WINDOWS\System32\DRIVERS\mrxsmb10.sys [281600 2015-06-25] (Microsoft Corporation)
R3 mrxsmb20; C:\WINDOWS\System32\DRIVERS\mrxsmb20.sys [210432 2015-06-25] (Microsoft Corporation)
S3 MsBridge; C:\WINDOWS\system32\DRIVERS\bridge.sys [129536 2012-07-26] (Microsoft Corporation)
R1 Msfs; C:\Windows\System32\Drivers\Msfs.sys [26112 2012-07-26] (Microsoft Corporation)
S3 msgpiowin32; C:\WINDOWS\System32\drivers\msgpiowin32.sys [28904 2013-01-10] (Microsoft Corporation)
R3 mshidkmdf; C:\WINDOWS\System32\drivers\mshidkmdf.sys [8704 2012-07-26] (Microsoft Corporation)
S3 mshidumdf; C:\WINDOWS\System32\drivers\mshidumdf.sys [10752 2012-07-26] (Microsoft Corporation)
R0 msisadrv; C:\WINDOWS\System32\drivers\msisadrv.sys [17136 2012-07-26] (Microsoft Corporation)
S3 MSKSSRV; C:\WINDOWS\system32\drivers\MSKSSRV.sys [11008 2012-07-26] (Microsoft Corporation)
S3 MsLldp; C:\WINDOWS\system32\DRIVERS\mslldp.sys [68608 2012-07-26] (Microsoft Corporation)
S3 MSPCLOCK; C:\WINDOWS\system32\drivers\MSPCLOCK.sys [7168 2012-07-26] (Microsoft Corporation)
S3 MSPQM; C:\WINDOWS\system32\drivers\MSPQM.sys [6912 2012-07-26] (Microsoft Corporation)
S3 MsRPC; C:\Windows\System32\Drivers\MsRPC.sys [390896 2012-07-26] (Microsoft Corporation)
R1 mssmbios; C:\WINDOWS\System32\drivers\mssmbios.sys [37616 2012-07-26] (Microsoft Corporation)
S3 MSTEE; C:\WINDOWS\system32\drivers\MSTEE.sys [8192 2012-07-26] (Microsoft Corporation)
S3 MTConfig; C:\WINDOWS\System32\drivers\MTConfig.sys [14848 2012-07-26] (Microsoft Corporation)
R0 Mup; C:\WINDOWS\System32\Drivers\mup.sys [83696 2012-07-26] (Microsoft Corporation)
S0 mvumis; C:\WINDOWS\System32\drivers\mvumis.sys [64240 2012-07-26] (Marvell Semiconductor, Inc.)
R2 NativeWifiP; C:\WINDOWS\system32\DRIVERS\nwifi.sys [427520 2012-07-26] (Microsoft Corporation)
R0 NDIS; C:\WINDOWS\System32\drivers\ndis.sys [997632 2013-06-17] (Microsoft Corporation)
S3 NdisCap; C:\WINDOWS\system32\DRIVERS\ndiscap.sys [46592 2012-07-26] (Microsoft Corporation)
S3 NdisImPlatform; C:\WINDOWS\system32\DRIVERS\NdisImPlatform.sys [126464 2012-07-26] (Microsoft Corporation)
R3 NdisTapi; C:\WINDOWS\system32\DRIVERS\ndistapi.sys [25088 2012-09-20] (Microsoft Corporation)
R3 Ndisuio; C:\WINDOWS\system32\DRIVERS\ndisuio.sys [58880 2012-07-26] (Microsoft Corporation)
R3 NdisWan; C:\WINDOWS\system32\DRIVERS\ndiswan.sys [174080 2012-07-26] (Microsoft Corporation)
S3 NDISWANLEGACY; C:\WINDOWS\system32\DRIVERS\ndiswan.sys [174080 2012-07-26] (Microsoft Corporation)
R3 NDProxy; C:\Windows\System32\Drivers\NDProxy.sys [60416 2013-04-09] (Microsoft Corporation)
R2 Ndu; C:\WINDOWS\System32\drivers\Ndu.sys [97792 2012-07-26] (Microsoft Corporation)
R1 NetBIOS; C:\WINDOWS\System32\DRIVERS\netbios.sys [46080 2012-07-26] (Microsoft Corporation)
R1 NetBT; C:\WINDOWS\System32\DRIVERS\netbt.sys [331776 2012-07-26] (Microsoft Corporation)
R3 NETwNe64; C:\WINDOWS\system32\DRIVERS\NETwew00.sys [3345376 2013-10-08] (Intel Corporation)
S0 nfrd960; C:\WINDOWS\System32\drivers\nfrd960.sys [52464 2012-07-26] (IBM Corporation)
R1 Npfs; C:\Windows\System32\Drivers\Npfs.sys [49152 2012-07-26] (Microsoft Corporation)
R1 npsvctrig; C:\WINDOWS\System32\drivers\npsvctrig.sys [23552 2012-07-26] (Microsoft Corporation)
R1 nsiproxy; C:\WINDOWS\System32\drivers\nsiproxy.sys [34304 2012-07-26] (Microsoft Corporation)
R3 Ntfs; C:\Windows\System32\Drivers\Ntfs.sys [1939288 2014-01-27] (Microsoft Corporation)
R1 Null; C:\Windows\System32\Drivers\Null.sys [5632 2012-07-26] (Microsoft Corporation)
S0 nvraid; C:\WINDOWS\System32\drivers\nvraid.sys [150256 2012-07-26] (NVIDIA Corporation)
S0 nvstor; C:\WINDOWS\System32\drivers\nvstor.sys [168176 2012-07-26] (NVIDIA Corporation)
S0 nv_agp; C:\WINDOWS\System32\drivers\nv_agp.sys [125168 2012-07-26] (Microsoft Corporation)
S3 Parport; C:\WINDOWS\System32\drivers\parport.sys [105984 2012-07-26] (Microsoft Corporation)
R0 partmgr; C:\WINDOWS\System32\drivers\partmgr.sys [91880 2013-01-10] (Microsoft Corporation)
R0 pci; C:\WINDOWS\System32\drivers\pci.sys [234224 2012-07-26] (Microsoft Corporation)
S0 pciide; C:\WINDOWS\System32\drivers\pciide.sys [14064 2012-07-26] (Microsoft Corporation)
S0 pcmcia; C:\WINDOWS\System32\drivers\pcmcia.sys [237808 2012-07-26] (Microsoft Corporation)
R0 pcw; C:\WINDOWS\System32\drivers\pcw.sys [52464 2012-07-26] (Microsoft Corporation)
R0 pdc; C:\WINDOWS\System32\drivers\pdc.sys [69864 2013-03-02] (Microsoft Corporation)
R2 PEAUTH; C:\WINDOWS\System32\drivers\peauth.sys [805376 2013-04-09] (Microsoft Corporation)
R3 PptpMiniport; C:\WINDOWS\system32\DRIVERS\raspptp.sys [114176 2012-07-26] (Microsoft Corporation)
S3 Processor; C:\WINDOWS\System32\drivers\processr.sys [87552 2012-11-06] (Microsoft Corporation)
R1 Psched; C:\WINDOWS\system32\DRIVERS\pacer.sys [145408 2012-07-26] (Microsoft Corporation)
S3 QWAVEdrv; C:\WINDOWS\system32\drivers\qwavedrv.sys [46592 2012-07-26] (Microsoft Corporation)
S3 RasAcd; C:\WINDOWS\System32\DRIVERS\rasacd.sys [16384 2012-07-26] (Microsoft Corporation)
R3 RasAgileVpn; C:\WINDOWS\system32\DRIVERS\AgileVpn.sys [68608 2012-07-26] (Microsoft Corporation)
R3 Rasl2tp; C:\WINDOWS\system32\DRIVERS\rasl2tp.sys [124928 2012-07-26] (Microsoft Corporation)
R3 RasPppoe; C:\WINDOWS\system32\DRIVERS\raspppoe.sys [81920 2012-07-26] (Microsoft Corporation)
R3 RasSstp; C:\WINDOWS\system32\DRIVERS\rassstp.sys [92672 2012-07-26] (Microsoft Corporation)
R1 rdbss; C:\WINDOWS\System32\DRIVERS\rdbss.sys [427520 2013-05-04] (Microsoft Corporation)
R3 rdpbus; C:\WINDOWS\System32\drivers\rdpbus.sys [22528 2012-07-26] (Microsoft Corporation)
S3 RDPDR; C:\WINDOWS\System32\drivers\rdpdr.sys [179712 2012-07-26] (Microsoft Corporation)
R3 RdpVideoMiniport; C:\WINDOWS\System32\drivers\rdpvideominiport.sys [27880 2012-10-12] (Microsoft Corporation)
S3 RDPWD; C:\Windows\System32\Drivers\RDPWD.sys [208384 2012-07-26] (Microsoft Corporation)
R0 rdyboost; C:\WINDOWS\System32\drivers\rdyboost.sys [217328 2012-07-26] (Microsoft Corporation)
R3 RFCOMM; C:\WINDOWS\System32\drivers\rfcomm.sys [156672 2013-03-01] (Microsoft Corporation)
R2 rspndr; C:\WINDOWS\system32\DRIVERS\rspndr.sys [78848 2012-07-26] (Microsoft Corporation)
S3 RSUSBVSTOR; C:\WINDOWS\System32\Drivers\RtsUVStor.sys [316560 2012-07-24] (Realtek Semiconductor Corp.)
R0 rtcrfilt64; C:\WINDOWS\System32\DRIVERS\rtcrfilt64.sys [19600 2012-07-24] (Realtek Semiconductor Corp.)
R3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [427520 2016-11-02] (Realsil Semiconductor Corporation)
S3 s3cap; C:\WINDOWS\System32\drivers\vms3cap.sys [7168 2012-07-26] (Microsoft Corporation)
S0 sbp2port; C:\WINDOWS\System32\drivers\sbp2port.sys [107760 2012-07-26] (Microsoft Corporation)
S3 scfilter; C:\WINDOWS\System32\DRIVERS\scfilter.sys [36864 2012-07-26] (Microsoft Corporation)
S3 sdbus; C:\WINDOWS\System32\drivers\sdbus.sys [195416 2013-06-29] (Microsoft Corporation)
S3 sdstor; C:\WINDOWS\System32\drivers\sdstor.sys [56552 2012-10-11] (Microsoft Corporation)
S4 secdrv; C:\Windows\System32\Drivers\secdrv.sys [23040 2012-07-26] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
R3 SensorsHIDClassDriver; C:\WINDOWS\System32\drivers\WUDFRd.sys [198656 2012-07-26] (Microsoft Corporation)
R3 SensorsServiceDriver; C:\WINDOWS\system32\DRIVERS\WUDFRd.sys [198656 2012-07-26] (Microsoft Corporation)
S3 SerCx; C:\WINDOWS\System32\drivers\SerCx.sys [62976 2012-07-26] (Microsoft Corporation)
S3 Serenum; C:\WINDOWS\System32\drivers\serenum.sys [23040 2012-07-26] (Microsoft Corporation)
S3 Serial; C:\WINDOWS\System32\drivers\serial.sys [76800 2012-07-26] (Microsoft Corporation)
S3 sermouse; C:\WINDOWS\System32\drivers\sermouse.sys [27136 2012-07-26] (Microsoft Corporation)
S3 sfloppy; C:\WINDOWS\System32\drivers\sfloppy.sys [16896 2012-07-26] (Microsoft Corporation)
S0 SiSRaid2; C:\WINDOWS\System32\drivers\SiSRaid2.sys [44784 2012-07-26] (Silicon Integrated Systems Corp.)
S0 SiSRaid4; C:\WINDOWS\System32\drivers\sisraid4.sys [81648 2012-07-26] (Silicon Integrated Systems)
R0 spaceport; C:\WINDOWS\System32\drivers\spaceport.sys [285016 2013-10-05] (Microsoft Corporation)
S3 SpbCx; C:\WINDOWS\System32\drivers\SpbCx.sys [59392 2012-07-26] (Microsoft Corporation)
R2 speedfan; C:\WINDOWS\SysWOW64\speedfan.sys [28664 2012-12-30] (Almico Software)
R3 srv; C:\WINDOWS\System32\DRIVERS\srv.sys [416768 2012-07-26] (Microsoft Corporation)
R3 srv2; C:\WINDOWS\System32\DRIVERS\srv2.sys [674304 2014-07-12] (Microsoft Corporation)
R3 srvnet; C:\WINDOWS\System32\DRIVERS\srvnet.sys [250368 2014-07-12] (Microsoft Corporation)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [214832 2015-12-08] (DEVGURU Co., LTD.(www.devguru.co.kr))
S3 ssudserd; C:\WINDOWS\system32\DRIVERS\ssudserd.sys [214832 2015-12-08] (DEVGURU Co., LTD.(www.devguru.co.kr))
S0 stexstor; C:\WINDOWS\System32\drivers\stexstor.sys [30960 2012-07-26] (Promise Technology, Inc.)
S0 storahci; C:\WINDOWS\System32\drivers\storahci.sys [77544 2013-03-02] (Microsoft Corporation)
S0 storflt; C:\WINDOWS\System32\DRIVERS\vmstorfl.sys [45160 2012-07-26] (Microsoft Corporation)
S0 storvsc; C:\WINDOWS\System32\drivers\storvsc.sys [37992 2012-07-26] (Microsoft Corporation)
R3 swenum; C:\WINDOWS\System32\drivers\swenum.sys [13680 2012-07-26] (Microsoft Corporation)
R3 SynTP; C:\WINDOWS\system32\DRIVERS\SynTP.sys [524016 2013-05-22] (Synaptics Incorporated)
R0 Tcpip; C:\WINDOWS\System32\drivers\tcpip.sys [2233152 2014-09-13] (Microsoft Corporation)
S3 TCPIP6; C:\WINDOWS\system32\DRIVERS\tcpip.sys [2233152 2014-09-13] (Microsoft Corporation)
R2 tcpipreg; C:\WINDOWS\System32\drivers\tcpipreg.sys [45056 2012-07-26] (Microsoft Corporation)
S3 tdcmdpst; C:\WINDOWS\system32\DRIVERS\tdcmdpst.sys [31184 2012-07-25] (TOSHIBA Corporation.)
R1 tdx; C:\WINDOWS\system32\DRIVERS\tdx.sys [129024 2015-10-13] (Microsoft Corporation)
S3 terminpt; C:\WINDOWS\System32\drivers\terminpt.sys [36592 2012-07-26] (Microsoft Corporation)
R3 Thotkey; C:\WINDOWS\System32\drivers\Thotkey.sys [28632 2012-08-01] (Windows ® Win 7 DDK provider)
R3 tosrfec; C:\WINDOWS\System32\drivers\tosrfec.sys [27032 2013-11-01] (TOSHIBA Corporation)
R0 tos_sps64; C:\WINDOWS\System32\drivers\tos_sps64.sys [499096 2012-06-18] (TOSHIBA Corporation)
R3 TPM; C:\WINDOWS\system32\drivers\tpm.sys [151896 2013-08-10] (Microsoft Corporation)
S3 TsUsbFlt; C:\WINDOWS\System32\drivers\tsusbflt.sys [57344 2012-07-26] (Microsoft Corporation)
S3 TsUsbGD; C:\WINDOWS\System32\drivers\TsUsbGD.sys [30208 2012-07-26] (Microsoft Corporation)
R3 tunnel; C:\WINDOWS\system32\DRIVERS\tunnel.sys [149504 2012-07-26] (Microsoft Corporation)
R0 TVALZ; C:\WINDOWS\System32\drivers\TVALZ.SYS [32832 2012-07-26] (TOSHIBA Corporation)
R2 TVALZFL; C:\WINDOWS\system32\DRIVERS\TVALZFL.sys [16768 2012-07-22] (TOSHIBA Corporation)
S0 uagp35; C:\WINDOWS\System32\drivers\uagp35.sys [65776 2012-07-26] (Microsoft Corporation)
S3 UASPStor; C:\WINDOWS\System32\drivers\uaspstor.sys [97008 2012-07-26] (Microsoft Corporation)
R3 UCX01000; C:\WINDOWS\System32\drivers\ucx01000.sys [213336 2013-07-02] (Microsoft Corporation)
S4 udfs; C:\WINDOWS\System32\DRIVERS\udfs.sys [321536 2013-06-26] (Microsoft Corporation)
S0 uliagpkx; C:\WINDOWS\System32\drivers\uliagpkx.sys [66800 2012-07-26] (Microsoft Corporation)
R3 umbus; C:\WINDOWS\System32\drivers\umbus.sys [48128 2012-07-26] (Microsoft Corporation)
S3 UmPass; C:\WINDOWS\System32\drivers\umpass.sys [11776 2012-07-26] (Microsoft Corporation)
R3 urvpndrv; C:\WINDOWS\system32\DRIVERS\covpnv64.sys [45776 2015-07-24] (F5 Networks, Inc.)
S3 usbaudio; C:\WINDOWS\system32\drivers\usbaudio.sys [121984 2013-07-06] (Microsoft Corporation)
R3 usbccgp; C:\WINDOWS\System32\drivers\usbccgp.sys [120832 2013-06-29] (Microsoft Corporation)
S3 usbcir; C:\WINDOWS\System32\drivers\usbcir.sys [99328 2013-07-06] (Microsoft Corporation)
R3 usbehci; C:\WINDOWS\System32\drivers\usbehci.sys [79192 2013-07-01] (Microsoft Corporation)
R3 usbhub; C:\WINDOWS\System32\drivers\usbhub.sys [623448 2013-07-01] (Microsoft Corporation)
R3 USBHUB3; C:\WINDOWS\System32\drivers\UsbHub3.sys [447296 2014-07-24] (Microsoft Corporation)
S3 usbohci; C:\WINDOWS\System32\drivers\usbohci.sys [27136 2012-11-20] (Microsoft Corporation)
S3 usbprint; C:\WINDOWS\System32\drivers\usbprint.sys [25600 2013-07-02] (Microsoft Corporation)
R3 USBSTOR; C:\WINDOWS\System32\drivers\USBSTOR.SYS [119040 2013-06-06] (Microsoft Corporation)
S3 usbuhci; C:\WINDOWS\System32\drivers\usbuhci.sys [32256 2013-06-29] (Microsoft Corporation)
S3 usbvideo; C:\WINDOWS\System32\Drivers\usbvideo.sys [210560 2013-07-06] (Microsoft Corporation)
R3 USBXHCI; C:\WINDOWS\System32\drivers\USBXHCI.SYS [337752 2013-07-02] (Microsoft Corporation)
S3 USB_Ethernet_Adaptor; C:\WINDOWS\system32\DRIVERS\USB_Ethernet_Adaptor.sys [21504 2013-01-22] (Corechip Semiconductor, Inc. Co Ltd.)
R0 vdrvroot; C:\WINDOWS\System32\drivers\vdrvroot.sys [36080 2012-07-26] (Microsoft Corporation)
S3 VerifierExt; C:\WINDOWS\System32\drivers\VerifierExt.sys [106224 2012-07-26] (Microsoft Corporation)
S3 vhdmp; C:\WINDOWS\System32\drivers\vhdmp.sys [499008 2014-10-29] (Microsoft Corporation)
S0 viaide; C:\WINDOWS\System32\drivers\viaide.sys [19184 2012-07-26] (VIA Technologies, Inc.)
S0 vmbus; C:\WINDOWS\System32\drivers\vmbus.sys [137832 2012-07-26] (Microsoft Corporation)
S3 VMBusHID; C:\WINDOWS\System32\drivers\VMBusHID.sys [22144 2012-07-26] (Microsoft Corporation)
R3 vna_ap; C:\WINDOWS\system32\DRIVERS\vnaap.sys [161256 2011-09-14] (Check Point Software Technologies)
R0 volmgr; C:\WINDOWS\System32\drivers\volmgr.sys [83184 2012-07-26] (Microsoft Corporation)
R0 volmgrx; C:\WINDOWS\System32\drivers\volmgrx.sys [378608 2012-07-26] (Microsoft Corporation)
R0 volsnap; C:\WINDOWS\System32\drivers\volsnap.sys [328000 2014-07-04] (Microsoft Corporation)
S3 vpci; C:\WINDOWS\System32\drivers\vpci.sys [67824 2012-07-26] (Microsoft Corporation)
S0 vsmraid; C:\WINDOWS\System32\drivers\vsmraid.sys [164080 2012-07-26] (VIA Technologies Inc.,Ltd)
S0 VSTXRAID; C:\WINDOWS\System32\drivers\vstxraid.sys [322800 2012-07-26] (VIA Corporation)
R3 vwifibus; C:\WINDOWS\System32\drivers\vwifibus.sys [24064 2012-07-26] (Microsoft Corporation)
R1 vwififlt; C:\WINDOWS\system32\DRIVERS\vwififlt.sys [64000 2012-07-26] (Microsoft Corporation)
R3 vwifimp; C:\WINDOWS\system32\DRIVERS\vwifimp.sys [17920 2012-07-26] (Microsoft Corporation)
S3 WacomPen; C:\WINDOWS\System32\drivers\wacompen.sys [27008 2012-07-26] (Microsoft Corporation)
S3 Wanarp; C:\WINDOWS\system32\DRIVERS\wanarp.sys [83456 2013-04-09] (Microsoft Corporation)
R1 Wanarpv6; C:\WINDOWS\system32\DRIVERS\wanarp.sys [83456 2013-04-09] (Microsoft Corporation)
S0 Wd; C:\WINDOWS\System32\drivers\wd.sys [23792 2012-07-26] (Microsoft Corporation)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44560 2015-07-06] (Microsoft Corporation)
R3 WDC_SAM; C:\WINDOWS\System32\drivers\wdcsam64.sys [26880 2015-11-12] (Western Digital Technologies, Inc.)
R0 Wdf01000; C:\WINDOWS\System32\drivers\Wdf01000.sys [785624 2013-06-22] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [281944 2015-07-06] (Microsoft Corporation)
R0 WFPLWFS; C:\WINDOWS\System32\DRIVERS\wfplwfs.sys [96576 2014-12-18] (Microsoft Corporation)
S3 WIMMount; C:\WINDOWS\System32\drivers\wimmount.sys [33520 2012-07-26] (Microsoft Corporation)
S3 WinUsb; C:\WINDOWS\system32\DRIVERS\WinUsb.sys [57344 2012-07-26] (Microsoft Corporation)
S3 WmiAcpi; C:\WINDOWS\System32\drivers\wmiacpi.sys [17408 2012-07-26] (Microsoft Corporation)
S3 wpcfltr; C:\WINDOWS\System32\DRIVERS\wpcfltr.sys [45056 2012-07-26] (Microsoft Corporation)
R3 WpdUpFltr; C:\WINDOWS\System32\drivers\WpdUpFltr.sys [19968 2012-07-26] (Microsoft Corporation)
S4 ws2ifsl; C:\WINDOWS\system32\drivers\ws2ifsl.sys [22528 2012-09-20] (Microsoft Corporation)
R3 WudfPf; C:\WINDOWS\System32\drivers\WudfPf.sys [87040 2012-07-26] (Microsoft Corporation)
R3 WUDFRd; C:\WINDOWS\System32\drivers\WUDFRd.sys [198656 2012-07-26] (Microsoft Corporation)
R3 WUDFWpdFs; C:\WINDOWS\system32\DRIVERS\WUDFRd.sys [198656 2012-07-26] (Microsoft Corporation)
R3 WUDFWpdMtp; C:\WINDOWS\system32\DRIVERS\WUDFRd.sys [198656 2012-07-26] (Microsoft Corporation)
S3 XHCIPort; C:\WINDOWS\System32\drivers\XHCIPort.sys [188384 2012-08-10] (Windows ® Win 7 DDK provider)
S3 dbx; system32\DRIVERS\dbx.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-02-21 16:10 - 2017-02-21 16:10 - 00103563 _____ C:\Users\Azeem\Downloads\FRST.txt
2017-02-21 16:10 - 2017-02-21 16:10 - 00000000 ____D C:\FRST
2017-02-21 16:09 - 2017-02-21 16:09 - 02422784 _____ (Farbar) C:\Users\Azeem\Downloads\FRST64.exe
2017-02-21 15:48 - 2017-02-21 15:48 - 00001583 _____ C:\Users\Azeem\Downloads\ckfiles.txt
2017-02-21 15:47 - 2017-02-21 15:47 - 00468480 _____ () C:\Users\Azeem\Downloads\CKScanner.exe
2017-02-20 22:47 - 2017-02-20 22:47 - 00001305 _____ C:\Users\Azeem\AppData\Local\CPAUTO.tmp.qacdit
2017-02-20 22:46 - 2017-02-20 22:46 - 00000054 _____ C:\Users\Azeem\AppData\Local\CPLOCAL.tmp
2017-02-20 22:41 - 2017-02-20 22:47 - 00000000 ____D C:\AdwCleaner
2017-02-20 22:41 - 2017-02-20 22:41 - 04015056 _____ C:\Users\Azeem\Downloads\AdwCleaner.exe
2017-02-20 12:44 - 2017-02-20 12:47 - 00000258 __RSH C:\ProgramData\ntuser.pol
2017-02-20 12:38 - 2017-02-21 15:54 - 00091584 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2017-02-20 12:38 - 2017-02-20 22:49 - 00110536 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2017-02-20 12:38 - 2017-02-20 22:49 - 00043968 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2017-02-20 12:38 - 2017-02-20 12:38 - 00176584 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMChameleon.sys
2017-02-20 12:37 - 2017-02-20 22:49 - 00251848 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-02-20 12:37 - 2017-02-20 12:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-02-20 12:37 - 2017-02-20 12:37 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-02-20 12:37 - 2017-02-20 12:37 - 00000000 ____D C:\Program Files\Malwarebytes
2017-02-20 12:37 - 2017-01-20 07:47 - 00077416 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2017-02-20 12:31 - 2017-02-20 12:31 - 55566792 _____ (Malwarebytes ) C:\Users\Azeem\Downloads\mb3-setup-1878.1878-3.0.6.1469.exe
2017-02-20 12:01 - 2017-02-20 12:01 - 09261616 _____ (Piriform Ltd) C:\Users\Azeem\Downloads\ccsetup527.exe
2017-02-20 10:36 - 2017-02-20 10:36 - 00002259 _____ C:\WINDOWS\epplauncher.mif
2017-02-20 10:32 - 2017-02-20 10:32 - 15065792 _____ (Microsoft Corporation) C:\Users\Azeem\Downloads\MSEInstall.exe
2017-02-17 22:26 - 2017-02-17 22:26 - 00000000 ____D C:\Users\Azeem\AppData\Roaming\UiPath
2017-02-17 22:26 - 2017-02-17 22:26 - 00000000 ____D C:\Users\Azeem\AppData\Roaming\NuGet
2017-02-17 22:26 - 2017-02-17 22:26 - 00000000 ____D C:\Users\Azeem\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\UiPath
2017-02-17 22:26 - 2017-02-17 22:26 - 00000000 ____D C:\Users\Azeem\AppData\Local\IsolatedStorage
2017-02-17 12:09 - 2017-02-17 12:13 - 913457045 _____ C:\Users\Azeem\Downloads\50132986_6.zip
2017-02-16 18:49 - 2017-02-16 18:49 - 00000000 ____D C:\Users\Azeem\AppData\Local\GlassWire
2017-02-16 18:47 - 2017-02-16 18:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GlassWire
2017-02-16 18:47 - 2017-02-16 18:47 - 00000000 ____D C:\ProgramData\GlassWire
2017-02-16 18:47 - 2017-02-16 18:47 - 00000000 ____D C:\Program Files (x86)\GlassWire
2017-02-16 18:47 - 2015-05-29 10:00 - 00008392 _____ C:\WINDOWS\system32\Drivers\gwdrv.cat
2017-02-16 18:47 - 2015-05-29 09:45 - 00033152 _____ (SecureMix LLC) C:\WINDOWS\system32\Drivers\gwdrv.sys
2017-02-16 18:45 - 2017-02-16 18:45 - 30715264 _____ (SecureMix LLC) C:\Users\Azeem\Downloads\GlassWireSetup.exe
2017-02-16 18:42 - 2017-02-16 18:42 - 00129426 _____ C:\Users\Azeem\Desktop\odata-response_20170216141228.html
2017-02-16 09:57 - 2017-02-16 09:59 - 419174267 _____ C:\Users\Azeem\Downloads\Adobe LiveCycle Designer ES2.exe
2017-02-15 20:00 - 2017-02-17 10:39 - 00000000 ____D C:\Users\Azeem\workspace
2017-02-15 20:00 - 2017-02-17 10:37 - 00000000 ____D C:\Users\Azeem\AppData\Local\Eclipse
2017-02-15 20:00 - 2017-02-15 20:00 - 00000000 ____D C:\Users\Azeem\.tooling
2017-02-15 19:58 - 2017-02-15 19:58 - 00001007 _____ C:\Users\Azeem\Desktop\Eclipse Java Neon.lnk
2017-02-15 19:58 - 2017-02-15 19:58 - 00000000 ____D C:\Users\Azeem\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Eclipse
2017-02-15 19:56 - 2017-02-15 19:56 - 00000000 ____D C:\Users\Azeem\eclipse
2017-02-15 19:44 - 2017-02-17 10:37 - 00000000 ____D C:\Users\Azeem\.p2
2017-02-15 19:44 - 2017-02-15 20:00 - 00000000 ____D C:\Users\Azeem\.eclipse
2017-02-15 19:39 - 2017-02-15 19:39 - 64153152 _____ (Oracle Corporation) C:\Users\Azeem\Downloads\jre-8u121-windows-x64.exe
2017-02-15 19:39 - 2017-02-15 19:39 - 00000000 ____D C:\Users\Azeem\AppData\Roaming\Sun
2017-02-15 19:39 - 2017-02-15 19:39 - 00000000 ____D C:\ProgramData\Oracle
2017-02-15 19:34 - 2017-02-15 19:34 - 47754208 _____ C:\Users\Azeem\Downloads\eclipse-inst-win64.exe
2017-02-14 22:03 - 2017-02-14 22:03 - 00000000 ____D C:\WINDOWS\LastGood
2017-02-14 21:37 - 2017-02-14 21:37 - 00000451 _____ C:\WINDOWS\system32\{F33C3B9B-72AF-418A-B3FD-560646F7CDA2}.bat
2017-02-14 21:36 - 2017-02-14 21:36 - 00004862 _____ C:\WINDOWS\system32\Drivers\rtkhdasetting.zip
2017-02-14 16:32 - 2017-02-14 16:32 - 00000000 ____D C:\Users\Azeem\AppData\Roaming\DRPNPS
2017-02-14 16:31 - 2017-02-14 21:37 - 00000000 __SHD C:\Users\Azeem\IntelGraphicsProfiles
2017-02-14 15:48 - 2013-11-25 18:57 - 00253080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msdatlst.ocx
2017-02-14 15:48 - 2013-11-25 18:57 - 00218776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dblist32.ocx
2017-02-14 15:48 - 2013-11-25 18:57 - 00212112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mci32.ocx
2017-02-14 15:48 - 2013-11-25 18:57 - 00179352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmask32.ocx
2017-02-14 15:48 - 2013-11-25 18:57 - 00131728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msinet.ocx
2017-02-14 15:48 - 2013-11-25 18:57 - 00127640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mswinsck.ocx
2017-02-14 15:48 - 2013-11-25 18:57 - 00119960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mscomm32.ocx
2017-02-14 15:48 - 2013-11-25 18:57 - 00104088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\picclp32.ocx
2017-02-14 15:48 - 2011-01-13 01:06 - 01054208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFC71u.dll
2017-02-14 15:48 - 2011-01-13 00:55 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFC71DEU.DLL
2017-02-14 15:48 - 2011-01-13 00:55 - 00061440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFC71ITA.DLL
2017-02-14 15:48 - 2011-01-13 00:55 - 00061440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFC71FRA.DLL
2017-02-14 15:48 - 2011-01-13 00:55 - 00061440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFC71ESP.DLL
2017-02-14 15:48 - 2011-01-13 00:55 - 00057344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFC71ENU.DLL
2017-02-14 15:48 - 2011-01-13 00:55 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFC71KOR.DLL
2017-02-14 15:48 - 2011-01-13 00:55 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFC71JPN.DLL
2017-02-14 15:48 - 2011-01-13 00:55 - 00045056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFC71CHT.DLL
2017-02-14 15:48 - 2011-01-13 00:55 - 00040960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFC71CHS.DLL
2017-02-14 15:48 - 2007-01-30 21:34 - 00339968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcr70.dll
2017-02-14 15:48 - 2006-08-26 01:58 - 01017344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfc70u.dll
2017-02-14 15:48 - 2006-08-26 01:45 - 00061440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfc70ita.dll
2017-02-14 15:48 - 2006-08-26 01:45 - 00061440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfc70fra.dll
2017-02-14 15:48 - 2006-08-26 01:45 - 00061440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfc70esp.dll
2017-02-14 15:48 - 2006-08-26 01:45 - 00061440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfc70deu.dll
2017-02-14 15:48 - 2006-08-26 01:45 - 00057344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfc70enu.dll
2017-02-14 15:48 - 2006-08-26 01:45 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfc70kor.dll
2017-02-14 15:48 - 2006-08-26 01:45 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfc70jpn.dll
2017-02-14 15:48 - 2006-08-26 01:45 - 00045056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfc70cht.dll
2017-02-14 15:48 - 2006-08-26 01:45 - 00040960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfc70chs.dll
2017-02-14 15:48 - 2006-08-26 01:37 - 01024000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfc70.dll
2017-02-14 15:48 - 2006-08-26 00:47 - 00086016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\atl70.dll
2017-02-14 15:48 - 2006-04-11 02:11 - 01066176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSCOMCTL32.OCX
2017-02-14 15:48 - 2005-01-20 20:55 - 00054784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvci70.dll
2017-02-14 15:48 - 2002-01-05 07:10 - 00487424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVCP70.DLL
2017-02-14 15:48 - 1996-01-12 05:30 - 00935632 _____ (Microsoft Corporation) C:\WINDOWS\system\Vb40016.dll
2017-02-14 15:48 - 1996-01-12 05:30 - 00722192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Vb40032.dll
2017-02-14 15:48 - 1994-11-18 02:30 - 00210944 _____ C:\WINDOWS\SysWOW64\msvcrt10.dll
2017-02-14 15:48 - 1993-05-11 22:30 - 00398416 _____ (Microsoft Corporation) C:\WINDOWS\system\Vbrun300.dll
2017-02-14 15:48 - 1992-10-21 03:30 - 00356992 _____ (Microsoft Corporation) C:\WINDOWS\system\vbrun200.dll
2017-02-14 15:48 - 1991-05-10 04:30 - 00271264 _____ C:\WINDOWS\system\vbrun100.dll
2017-02-14 15:40 - 2017-02-14 21:36 - 00000000 ____D C:\WINDOWS\LastGood.Tmp
2017-02-14 15:40 - 2017-02-14 21:36 - 00000000 ____D C:\Users\Azeem\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2017-02-14 15:40 - 2017-02-14 21:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2017-02-14 15:40 - 2017-02-14 15:40 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_iBtFltCoex_01009.Wdf
2017-02-14 15:40 - 2017-02-14 15:40 - 00000000 ____D C:\Program Files (x86)\WinRAR
2017-02-10 15:53 - 2017-02-10 15:53 - 00130378 _____ C:\Users\Azeem\Downloads\Lateral India Application form
2017-02-10 11:54 - 2017-02-10 11:54 - 00753186 _____ C:\Users\Azeem\Downloads\New Doc 44 (1).pdf
2017-02-09 15:48 - 2017-02-09 16:38 - 00000000 ____D C:\Users\Azeem\AppData\Roaming\Shift
2017-02-09 15:48 - 2017-02-09 16:34 - 00000318 _____ C:\Users\Azeem\Documents\properties
2017-02-09 15:48 - 2017-02-09 15:48 - 69781968 _____ (Shift) C:\Users\Azeem\Downloads\shift-windows.exe
2017-02-09 15:48 - 2017-02-09 15:48 - 00002101 _____ C:\Users\Azeem\Desktop\Shift.lnk
2017-02-09 15:48 - 2017-02-09 15:48 - 00000000 ____D C:\Users\Azeem\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Shift
2017-02-09 15:48 - 2017-02-09 15:48 - 00000000 ____D C:\Users\Azeem\AppData\Local\Shift
2017-02-08 07:03 - 2017-02-08 07:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2017-02-07 10:08 - 2017-02-07 10:08 - 00046400 _____ (Dropbox, Inc.) C:\WINDOWS\system32\DbxSvc.exe
2017-02-07 10:08 - 2017-02-07 10:08 - 00046192 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-stable.sys
2017-02-07 10:08 - 2017-02-07 10:08 - 00046192 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-dev.sys
2017-02-07 10:08 - 2017-02-07 10:08 - 00046192 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-canary.sys
2017-02-05 02:46 - 2017-02-05 02:46 - 03867242 _____ C:\Users\Azeem\Downloads\Hubbell_party_20Feb08_zip01.zip
2017-02-05 02:46 - 2017-02-05 02:46 - 01064679 _____ C:\Users\Azeem\Downloads\New Folder (2).zip
2017-02-04 20:26 - 2017-02-04 20:26 - 00003415 _____ C:\Users\Azeem\Downloads\openSAP_s4h5_iCalendar.ics
2017-02-03 17:04 - 2013-05-22 20:22 - 00524016 _____ (Synaptics Incorporated) C:\WINDOWS\system32\Drivers\SynTP.sys
2017-02-03 17:04 - 2009-08-07 13:19 - 01721576 _____ (Microsoft Corporation) C:\WINDOWS\system32\SET2D4D.tmp
2017-02-03 17:03 - 2013-05-22 20:22 - 00351984 _____ (Synaptics Incorporated) C:\WINDOWS\SysWOW64\SynCom.dll
2017-02-03 17:03 - 2013-05-22 20:22 - 00258800 _____ (Synaptics Incorporated) C:\WINDOWS\system32\SET21E5.tmp
2017-02-03 17:03 - 2013-05-22 20:22 - 00187120 _____ (Synaptics Incorporated) C:\WINDOWS\system32\SynTPCo19.dll
2017-02-03 17:03 - 2013-05-22 20:22 - 00151280 _____ (Synaptics Incorporated) C:\WINDOWS\SysWOW64\SynTPCom.dll
2017-02-03 16:21 - 2016-05-12 19:19 - 00609280 _____ (Intel Corporation) C:\WINDOWS\system32\MetroIntelGenericUIFramework.dll
2017-02-03 16:21 - 2016-05-12 19:19 - 00371712 _____ (Intel Corporation) C:\WINDOWS\system32\igfxOSP.dll
2017-02-03 16:21 - 2016-05-12 19:19 - 00252416 _____ (Intel Corporation) C:\WINDOWS\system32\igfxLHM.dll
2017-02-03 16:21 - 2016-05-12 19:19 - 00191476 _____ C:\WINDOWS\system32\resTHA.cui
2017-02-03 16:21 - 2016-05-12 19:19 - 00190464 _____ (Intel Corporation) C:\WINDOWS\system32\igfxCoIn_v4425.dll
2017-02-03 16:21 - 2016-05-12 19:19 - 00184036 _____ C:\WINDOWS\system32\resELL.cui
2017-02-03 16:21 - 2016-05-12 19:19 - 00179828 _____ C:\WINDOWS\system32\resRUS.cui
2017-02-03 16:21 - 2016-05-12 19:19 - 00165460 _____ C:\WINDOWS\system32\resARA.cui
2017-02-03 16:21 - 2016-05-12 19:19 - 00164948 _____ C:\WINDOWS\system32\resJPN.cui
2017-02-03 16:21 - 2016-05-12 19:19 - 00164884 _____ C:\WINDOWS\system32\resHEB.cui
2017-02-03 16:21 - 2016-05-12 19:19 - 00160260 _____ C:\WINDOWS\system32\resHUN.cui
2017-02-03 16:21 - 2016-05-12 19:19 - 00160196 _____ C:\WINDOWS\system32\resFRA.cui
2017-02-03 16:21 - 2016-05-12 19:19 - 00158532 _____ C:\WINDOWS\system32\resKOR.cui
2017-02-03 16:21 - 2016-05-12 19:19 - 00158388 _____ C:\WINDOWS\system32\resDEU.cui
2017-02-03 16:21 - 2016-05-12 19:19 - 00158356 _____ C:\WINDOWS\system32\resITA.cui
2017-02-03 16:21 - 2016-05-12 19:19 - 00158148 _____ C:\WINDOWS\system32\resROM.cui
2017-02-03 16:21 - 2016-05-12 19:19 - 00158052 _____ C:\WINDOWS\system32\resESN.cui
2017-02-03 16:21 - 2016-05-12 19:19 - 00157652 _____ C:\WINDOWS\system32\resPLK.cui
2017-02-03 16:21 - 2016-05-12 19:19 - 00157492 _____ C:\WINDOWS\system32\resSKY.cui
2017-02-03 16:21 - 2016-05-12 19:19 - 00157332 _____ C:\WINDOWS\system32\resNLD.cui
2017-02-03 16:21 - 2016-05-12 19:19 - 00156708 _____ C:\WINDOWS\system32\resPTB.cui
2017-02-03 16:21 - 2016-05-12 19:19 - 00156628 _____ C:\WINDOWS\system32\resCSY.cui
2017-02-03 16:21 - 2016-05-12 19:19 - 00156596 _____ C:\WINDOWS\system32\resTRK.cui
2017-02-03 16:21 - 2016-05-12 19:19 - 00156420 _____ C:\WINDOWS\system32\resPTG.cui
2017-02-03 16:21 - 2016-05-12 19:19 - 00155972 _____ C:\WINDOWS\system32\resFIN.cui
2017-02-03 16:21 - 2016-05-12 19:19 - 00155540 _____ C:\WINDOWS\system32\resHRV.cui
2017-02-03 16:21 - 2016-05-12 19:19 - 00155124 _____ C:\WINDOWS\system32\resSVE.cui
2017-02-03 16:21 - 2016-05-12 19:19 - 00154964 _____ C:\WINDOWS\system32\resSLV.cui
2017-02-03 16:21 - 2016-05-12 19:19 - 00154004 _____ C:\WINDOWS\system32\resNOR.cui
2017-02-03 16:21 - 2016-05-12 19:19 - 00153508 _____ C:\WINDOWS\system32\resDAN.cui
2017-02-03 16:21 - 2016-05-12 19:19 - 00152164 _____ C:\WINDOWS\system32\resENU.cui
2017-02-03 16:21 - 2016-05-12 19:19 - 00150404 _____ C:\WINDOWS\system32\resCHT.cui
2017-02-03 16:21 - 2016-05-12 19:19 - 00149524 _____ C:\WINDOWS\system32\resCHS.cui
2017-02-03 16:21 - 2016-05-12 19:19 - 00005120 _____ ( ) C:\WINDOWS\system32\igfxLHMLibv2_0.dll
2017-02-03 16:21 - 2016-05-12 19:19 - 00005120 _____ ( ) C:\WINDOWS\system32\igfxLHMLib.dll
2017-02-03 16:21 - 2016-05-12 19:19 - 00000895 _____ C:\WINDOWS\system32\Gfxv2_0.exe.config
2017-02-03 16:21 - 2016-05-12 19:19 - 00000895 _____ C:\WINDOWS\system32\DPTopologyAppv2_0.exe.config
2017-02-03 16:21 - 2016-05-12 19:19 - 00000895 _____ C:\WINDOWS\system32\CustomModeAppv2_0.exe.config
2017-02-03 16:21 - 2016-05-12 19:19 - 00000889 _____ C:\WINDOWS\system32\Gfxv4_0.exe.config
2017-02-03 16:21 - 2016-05-12 19:19 - 00000889 _____ C:\WINDOWS\system32\DPTopologyApp.exe.config
2017-02-03 16:21 - 2016-05-12 19:19 - 00000889 _____ C:\WINDOWS\system32\CustomModeApp.exe.config
2017-02-03 16:20 - 2016-05-12 19:19 - 10946840 _____ (Intel Corporation) C:\WINDOWS\system32\igdumdim64.dll
2017-02-03 16:20 - 2016-05-12 19:19 - 04611816 _____ (Intel Corporation) C:\WINDOWS\system32\igdusc64.dll
2017-02-03 16:20 - 2016-05-12 19:19 - 03650832 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igdusc32.dll
2017-02-03 16:20 - 2016-05-12 19:19 - 00672256 _____ (Intel Corporation) C:\WINDOWS\system32\igfxDH.dll
2017-02-03 16:20 - 2016-05-12 19:19 - 00284672 _____ (Intel Corporation) C:\WINDOWS\system32\igfxDI.dll
2017-02-03 16:20 - 2016-05-12 19:19 - 00209408 _____ (Intel Corporation) C:\WINDOWS\system32\igfxDTCM.dll
2017-02-03 16:20 - 2016-05-12 19:19 - 00086528 _____ C:\WINDOWS\system32\igfxCUIServicePS.dll
2017-02-03 16:20 - 2016-05-12 19:19 - 00069632 _____ ( ) C:\WINDOWS\system32\igfxDHLibv2_0.dll
2017-02-03 16:20 - 2016-05-12 19:19 - 00059904 _____ ( ) C:\WINDOWS\system32\igfxDHLib.dll
2017-02-03 16:20 - 2016-05-12 19:19 - 00010752 _____ ( ) C:\WINDOWS\system32\igfxDILibv2_0.dll
2017-02-03 16:20 - 2016-05-12 19:19 - 00010752 _____ ( ) C:\WINDOWS\system32\igfxDILib.dll
2017-02-03 16:20 - 2016-05-12 19:19 - 00010240 _____ ( ) C:\WINDOWS\system32\igfxEMLibv2_0.dll
2017-02-03 16:20 - 2016-05-12 19:19 - 00010240 _____ ( ) C:\WINDOWS\system32\igfxEMLib.dll
2017-02-03 16:19 - 2016-05-12 19:19 - 10474040 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igdumdim32.dll
2017-02-03 16:18 - 2016-05-12 19:19 - 00454760 _____ (Intel Corporation) C:\WINDOWS\system32\igdmd64.dll
2017-02-03 16:18 - 2016-05-12 19:19 - 00366680 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igdmd32.dll
2017-02-03 16:17 - 2016-05-12 19:19 - 12211184 _____ (Intel Corporation) C:\WINDOWS\system32\igd10iumd64.dll
2017-02-03 16:17 - 2016-05-12 19:19 - 11783680 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igd10iumd32.dll
2017-02-03 16:17 - 2016-05-12 19:19 - 00162304 _____ C:\WINDOWS\system32\igdail64.dll
2017-02-03 16:17 - 2016-05-12 19:19 - 00143872 _____ C:\WINDOWS\SysWOW64\igdail32.dll
2017-02-03 16:16 - 2016-05-12 19:19 - 04382840 _____ (Intel Corporation) C:\WINDOWS\system32\Gfxv4_0.exe
2017-02-03 16:16 - 2016-05-12 19:19 - 04379256 _____ (Intel Corporation) C:\WINDOWS\system32\Gfxv2_0.exe
2017-02-03 16:16 - 2016-05-12 19:19 - 00959608 _____ (Intel Corporation) C:\WINDOWS\system32\GfxUIEx.exe
2017-02-03 16:16 - 2016-05-12 19:19 - 00545912 _____ (Intel Corporation) C:\WINDOWS\system32\DPTopologyApp.exe
2017-02-03 16:16 - 2016-05-12 19:19 - 00545400 _____ (Intel Corporation) C:\WINDOWS\system32\DPTopologyAppv2_0.exe
2017-02-03 16:16 - 2016-05-12 19:19 - 00530552 _____ (Intel Corporation) C:\WINDOWS\system32\igfxEM.exe
2017-02-03 16:16 - 2016-05-12 19:19 - 00399992 _____ (Intel Corporation) C:\WINDOWS\system32\CustomModeApp.exe
2017-02-03 16:16 - 2016-05-12 19:19 - 00399480 _____ (Intel Corporation) C:\WINDOWS\system32\CustomModeAppv2_0.exe
2017-02-03 16:16 - 2016-05-12 19:19 - 00319096 _____ (Intel Corporation) C:\WINDOWS\system32\igfxCUIService.exe
2017-02-03 16:16 - 2016-05-12 19:19 - 00316245 _____ C:\WINDOWS\system32\DisplayAudiox64.cab
2017-02-03 16:16 - 2016-05-12 19:19 - 00247416 _____ (Intel Corporation) C:\WINDOWS\system32\igfxHK.exe
2017-02-03 16:16 - 2012-08-08 16:28 - 00276288 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\IntelCpHeciSvc.exe
2017-02-03 14:17 - 2017-01-25 17:40 - 10187206 _____ C:\WINDOWS\system32\Drivers\RTAIODAT.DAT
2017-02-03 14:17 - 2017-01-25 17:40 - 05596160 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\Drivers\RTKVHD64.sys
2017-02-03 14:17 - 2017-01-25 17:40 - 03503048 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtkApi64.dll
2017-02-03 14:17 - 2017-01-25 17:40 - 03410832 _____ (DTS, Inc.) C:\WINDOWS\system32\slcnt64.dll
2017-02-03 14:17 - 2017-01-25 17:40 - 03203584 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtPgEx64.dll
2017-02-03 14:17 - 2017-01-25 17:40 - 03203424 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RltkAPO64.dll
2017-02-03 14:17 - 2017-01-25 17:40 - 03122656 _____ (DTS, Inc.) C:\WINDOWS\system32\sltech64.dll
2017-02-03 14:17 - 2017-01-25 17:40 - 03014656 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RTSnMg64.cpl
2017-02-03 14:17 - 2017-01-25 17:40 - 02202624 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RCoInstII64.dll
2017-02-03 14:17 - 2017-01-25 17:40 - 01382232 _____ (TOSHIBA Corporation) C:\WINDOWS\system32\tosade.dll
2017-02-03 14:17 - 2017-01-25 17:40 - 01353816 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RTCOM64.dll
2017-02-03 14:17 - 2017-01-25 17:40 - 00984904 _____ (DTS, Inc.) C:\WINDOWS\system32\sl3apo64.dll
2017-02-03 14:17 - 2017-01-25 17:40 - 00873456 _____ (TOSHIBA Corporation) C:\WINDOWS\system32\tadefxapo264.dll
2017-02-03 14:17 - 2017-01-25 17:40 - 00689880 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtDataProc64.dll
2017-02-03 14:17 - 2017-01-25 17:40 - 00387312 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEEP64A.dll
2017-02-03 14:17 - 2017-01-25 17:40 - 00343704 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtlCPAPI64.dll
2017-02-03 14:17 - 2017-01-25 17:40 - 00321712 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RP3DHT64.dll
2017-02-03 14:17 - 2017-01-25 17:40 - 00321712 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RP3DAA64.dll
2017-02-03 14:17 - 2017-01-25 17:40 - 00214824 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEED64A.dll
2017-02-03 14:17 - 2017-01-25 17:40 - 00192976 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\SET30F8.tmp
2017-02-03 14:17 - 2017-01-25 17:40 - 00158688 _____ (TOSHIBA Corporation) C:\WINDOWS\system32\tadefxapo.dll
2017-02-03 14:17 - 2017-01-25 17:40 - 00122312 _____ (Real Sound Lab SIA) C:\WINDOWS\system32\SET2DAD.tmp
2017-02-03 14:17 - 2017-01-25 17:40 - 00110976 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEEL64A.dll
2017-02-03 14:17 - 2017-01-25 17:40 - 00088344 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEEG64A.dll
2017-02-03 14:17 - 2017-01-25 17:40 - 00075536 _____ (TOSHIBA CORPORATION.) C:\WINDOWS\system32\tepeqapo64.dll
2017-02-03 14:17 - 2017-01-25 17:40 - 00023688 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\SET338A.tmp
2017-02-03 14:17 - 2015-09-17 15:12 - 00463112 _____ (Intel® Corporation) C:\WINDOWS\system32\Drivers\IntcDAud.sys
2017-02-03 14:13 - 2015-05-29 19:35 - 00646408 _____ (Intel Corporation) C:\WINDOWS\system32\Drivers\iaStorA.sys
2017-02-03 14:13 - 2013-11-25 15:55 - 00020192 _____ (Intel Corporation) C:\WINDOWS\system32\Drivers\irstrtdv.sys
2017-02-03 14:02 - 2016-11-02 13:32 - 04340784 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\RtCRU64.exe
2017-02-03 14:02 - 2016-11-02 13:32 - 00427520 _____ (Realsil Semiconductor Corporation) C:\WINDOWS\system32\Drivers\RtsUer.sys
2017-02-03 14:02 - 2016-11-02 13:32 - 00093232 _____ (Realtek Semiconductor.) C:\WINDOWS\system32\RtCRX64.dll
2017-02-03 14:02 - 2016-11-02 13:31 - 09900072 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\SysWOW64\RsCRIcon.dll
2017-02-03 14:02 - 2016-03-29 10:31 - 00186424 _____ (Intel Corporation) C:\WINDOWS\system32\Drivers\TeeDriverW8x64.sys
2017-02-03 14:02 - 2013-03-28 16:17 - 01366328 _____ (Motorola Solutions, Inc.) C:\WINDOWS\system32\Drivers\btmhsf.sys
2017-02-03 14:02 - 2013-01-15 18:14 - 00069240 _____ (Intel Corporation) C:\WINDOWS\system32\Drivers\iBtFltCoex.sys
2017-02-03 14:02 - 2012-11-21 22:01 - 00086832 _____ (Intel Corporation Pvt Ltd.) C:\WINDOWS\system32\Intel®ProSetWirelessRM.dll
2017-02-03 14:02 - 2012-11-21 22:01 - 00009008 _____ C:\WINDOWS\system32\NFCHEC64.dll
2017-02-03 14:02 - 2012-11-21 17:06 - 02356592 _____ (Microsoft Corporation) C:\WINDOWS\system32\WudfUpdate_01011.dll
2017-02-03 14:02 - 2012-11-02 16:31 - 01138544 _____ (Microsoft Corporation) C:\WINDOWS\system32\WdfCoInstaller01011.dll
2017-02-03 14:02 - 2012-11-02 16:31 - 00023320 _____ (Intel® Corporation) C:\WINDOWS\system32\Drivers\IntelSensorSolutionAcpi.sys
2017-02-03 14:02 - 2012-08-15 13:53 - 01721216 _____ (Microsoft Corporation) C:\WINDOWS\system32\WdfCoInstaller01009.dll
2017-01-30 14:28 - 2017-02-15 20:54 - 02350232 _____ C:\Users\Azeem\Downloads\Wipro_CAM_Form_6573333.pdf
2017-01-30 14:28 - 2017-01-30 14:29 - 02332485 _____ C:\Users\Azeem\Downloads\Wipro_CAM_Form_6573333 (1).pdf
2017-01-30 07:57 - 2017-01-23 07:27 - 00000822 _____ C:\WINDOWS\system32\Drivers\etc\hosts.bak
2017-01-28 01:37 - 2017-01-28 22:32 - 00000000 ____D C:\Users\Azeem\AppData\Roaming\Kodi
2017-01-28 01:36 - 2017-01-28 01:36 - 00000000 ____D C:\Users\Azeem\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Kodi
2017-01-28 01:35 - 2017-01-28 01:36 - 00000000 ____D C:\Program Files (x86)\Kodi
2017-01-25 08:54 - 2017-02-21 15:19 - 00000000 ___RD C:\Users\Azeem\Dropbox
2017-01-25 08:54 - 2017-01-25 08:54 - 00001237 _____ C:\Users\Azeem\Desktop\Dropbox.lnk
2017-01-25 08:51 - 2017-01-25 08:51 - 00000000 ____D C:\Users\Azeem\AppData\Roaming\Dropbox
2017-01-25 08:47 - 2017-02-21 15:52 - 00000910 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job
2017-01-25 08:47 - 2017-02-21 15:18 - 00000906 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job
2017-01-25 08:47 - 2017-02-08 07:03 - 00000000 ____D C:\Program Files (x86)\Dropbox
2017-01-25 08:47 - 2017-01-25 08:54 - 00000000 ____D C:\Users\Azeem\AppData\Local\Dropbox
2017-01-25 08:47 - 2017-01-25 08:47 - 00690080 _____ (Dropbox, Inc.) C:\Users\Azeem\Downloads\DropboxInstaller.exe
2017-01-25 08:47 - 2017-01-25 08:47 - 00003882 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskMachineUA
2017-01-25 08:47 - 2017-01-25 08:47 - 00003646 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskMachineCore
2017-01-25 08:47 - 2017-01-25 08:47 - 00000000 ____D C:\ProgramData\Dropbox
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-02-21 16:03 - 2015-10-12 11:39 - 00000000 ____D C:\Users\Azeem\AppData\Local\ClassicShell
2017-02-21 11:45 - 2012-07-26 13:42 - 00000000 ___HD C:\Program Files\WindowsApps
2017-02-21 11:45 - 2012-07-26 13:42 - 00000000 ____D C:\WINDOWS\AUInstallAgent
2017-02-21 08:04 - 2012-07-26 12:58 - 00005604 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-02-20 22:49 - 2012-07-26 12:52 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-02-20 22:48 - 2012-07-26 10:56 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2017-02-20 13:14 - 2016-06-12 13:20 - 00000000 ____D C:\Users\Azeem\Desktop\oakridge ayesha 34072
2017-02-20 12:50 - 2012-07-26 11:07 - 00000000 ____D C:\WINDOWS\Inf
2017-02-20 12:49 - 2016-07-20 13:28 - 00000000 ____D C:\Program Files (x86)\SpeedFan
2017-02-20 12:44 - 2015-10-12 11:36 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-02-20 12:15 - 2015-12-29 13:56 - 00452608 ___SH C:\Users\Azeem\Desktop\Thumbs.db
2017-02-20 12:08 - 2016-07-09 11:25 - 00000000 ____D C:\WINDOWS\Minidump
2017-02-20 12:08 - 2015-11-27 16:35 - 00000000 ____D C:\Users\Azeem\AppData\Local\CrashDumps
2017-02-20 12:08 - 2012-07-26 13:42 - 00000000 ____D C:\WINDOWS\ModemLogs
2017-02-18 00:25 - 2016-07-14 18:13 - 00002194 _____ C:\Users\Azeem\Desktop\Google Chrome.lnk
2017-02-18 00:21 - 2015-10-12 11:36 - 00002251 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-02-18 00:17 - 2015-10-13 00:14 - 00000000 ____D C:\Users\Azeem\AppData\Roaming\vlc
2017-02-17 22:36 - 2016-02-13 22:54 - 00000000 ____D C:\Users\Azeem\Desktop\IT
2017-02-17 22:26 - 2016-11-25 10:17 - 00000000 ____D C:\Users\Azeem\AppData\Local\UiPath
2017-02-17 17:30 - 2015-11-28 11:10 - 00113880 _____ C:\Users\Azeem\AppData\Local\GDIPFONTCACHEV1.DAT
2017-02-17 12:10 - 2015-11-27 08:06 - 00000000 ____D C:\Users\Azeem\AppData\Local\SAP
2017-02-17 11:08 - 2015-11-27 08:08 - 00000000 ____D C:\Users\Azeem\AppData\Roaming\SAP
2017-02-16 16:45 - 2012-08-17 16:09 - 00000000 ____D C:\Program Files (x86)\Adobe
2017-02-16 13:39 - 2015-10-12 10:47 - 00000000 ____D C:\Users\Azeem\AppData\Roaming\Adobe
2017-02-16 12:09 - 2016-01-06 15:55 - 00431976 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-02-16 12:07 - 2015-10-12 20:04 - 00000000 ____D C:\Users\Azeem\AppData\Roaming\qBittorrent
2017-02-16 08:56 - 2015-12-29 13:52 - 00001232 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
2017-02-16 08:56 - 2015-10-12 21:54 - 00001012 _____ C:\Users\Azeem\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Start Tor Browser.lnk
2017-02-16 08:56 - 2015-10-12 21:54 - 00000964 _____ C:\Users\Azeem\Desktop\Start Tor Browser.lnk
2017-02-16 08:56 - 2015-10-12 11:36 - 00001380 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2017-02-16 08:56 - 2015-10-12 10:47 - 00001651 _____ C:\Users\Azeem\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2017-02-15 21:51 - 2016-10-28 23:30 - 00000000 ____D C:\Users\Azeem\Downloads\Westworld.S01E04.WEBRip.x264-FUM[ettv]
2017-02-15 21:51 - 2016-10-11 23:45 - 00000000 ____D C:\Users\Azeem\Downloads\canada
2017-02-15 21:47 - 2016-10-28 21:23 - 00000000 ____D C:\Users\Azeem\Downloads\Westworld.S01E01.HDTV.x264-FUM[ettv]
2017-02-15 21:44 - 2016-02-12 22:11 - 00000000 ____D C:\Users\Azeem\Downloads\The.Revenant.2015.DVDScr.XviD.AC3-ETRG
2017-02-15 20:27 - 2016-02-09 09:08 - 00000000 ____D C:\Users\Azeem\Downloads\IT proofs 2016
2017-02-15 20:26 - 2016-02-12 20:28 - 00188928 ___SH C:\Users\Azeem\Downloads\Thumbs.db
2017-02-15 20:00 - 2015-10-12 10:46 - 00000000 ____D C:\Users\Azeem
2017-02-15 19:40 - 2016-06-09 12:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2017-02-15 19:40 - 2016-06-09 12:47 - 00000000 ____D C:\Program Files\Java
2017-02-15 19:39 - 2016-06-09 12:47 - 00318528 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe
2017-02-15 19:39 - 2016-06-09 12:47 - 00110144 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge-64.dll
2017-02-14 21:36 - 2015-10-12 11:37 - 00000000 ____D C:\Users\Azeem\AppData\Roaming\Greenshot
2017-02-14 21:36 - 2013-07-11 12:43 - 00000000 ___HD C:\WINDOWS\system32\WLANProfiles
2017-02-14 21:36 - 2012-07-26 13:42 - 00000000 __RHD C:\Users\Public\Libraries
2017-02-14 21:35 - 2013-07-11 12:22 - 00000000 ____D C:\Program Files (x86)\Intel
2017-02-14 21:35 - 2012-07-26 13:42 - 00000000 ____D C:\WINDOWS\registration
2017-02-14 16:28 - 2016-01-06 08:18 - 00000000 ____D C:\Users\Azeem\AppData\Local\ElevatedDiagnostics
2017-02-14 15:48 - 2012-07-26 13:42 - 00000000 ____D C:\WINDOWS\System
2017-02-14 15:46 - 2013-07-11 12:22 - 00000000 ____D C:\Program Files\Intel
2017-02-14 15:44 - 2013-07-11 12:30 - 00002990 _____ C:\WINDOWS\System32\Tasks\Synaptics TouchPad Enhancements
2017-02-14 15:43 - 2013-07-11 12:26 - 00000000 ____D C:\WINDOWS\SysWOW64\RTCOM
2017-02-14 15:41 - 2013-07-11 12:30 - 00000000 ____D C:\WINDOWS\SysWOW64\sda
2017-02-09 15:49 - 2016-01-10 02:11 - 00000000 ____D C:\Users\Azeem\AppData\Local\SquirrelTemp
2017-02-09 12:40 - 2015-12-03 11:18 - 00000000 ____D C:\Users\Azeem\Documents\My Received Files
2017-02-08 22:35 - 2015-12-29 13:52 - 00003832 _____ C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1451377340
2017-02-08 22:35 - 2015-12-29 13:51 - 00000000 ____D C:\Program Files (x86)\Opera
2017-02-08 19:24 - 2016-02-17 10:50 - 00000000 ____D C:\Users\Azeem\AppData\Local\SkypePlugin
2017-02-02 12:54 - 2015-10-12 11:40 - 00000000 ____D C:\Users\Azeem\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
2017-01-31 12:50 - 2015-10-12 11:36 - 00000000 ____D C:\Program Files (x86)\Google
2017-01-28 01:36 - 2015-10-18 00:02 - 00000000 ____D C:\ProgramData\Package Cache
2017-01-25 11:16 - 2015-11-30 13:46 - 00000000 ____D C:\Users\Azeem\Desktop\kohler china
2017-01-25 10:10 - 2016-09-22 11:15 - 00000000 ____D C:\Users\Azeem\Downloads\Resume
==================== Files in the root of some directories =======
2015-12-28 07:53 - 2015-12-30 08:41 - 0002182 _____ () C:\Users\Azeem\AppData\Roaming\lua_setup_log.txt
2015-12-29 14:53 - 2016-01-07 06:53 - 0000140 _____ () C:\Users\Azeem\AppData\Roaming\WB.CFG
2017-02-20 22:47 - 2017-02-20 22:47 - 0001305 _____ () C:\Users\Azeem\AppData\Local\CPAUTO.tmp.qacdit
2017-02-20 22:46 - 2017-02-20 22:46 - 0000054 _____ () C:\Users\Azeem\AppData\Local\CPLOCAL.tmp
2015-11-30 20:10 - 2015-11-30 20:10 - 0000799 _____ () C:\Users\Azeem\AppData\Local\CPLOCAL.tmp.b3ytun
2016-01-28 19:41 - 2016-02-08 13:10 - 0007597 _____ () C:\Users\Azeem\AppData\Local\Resmon.ResmonCfg
2015-12-09 06:42 - 2015-12-09 06:42 - 0000000 _____ () C:\Users\Azeem\AppData\Local\{20EE1AA4-9F71-47E5-BFE7-67D3A0367CF3}
Some files in TEMP:
====================
2017-02-20 12:49 - 2017-02-20 12:49 - 0192512 _____ () C:\Users\Azeem\AppData\Local\Temp\sfamcc00001.dll
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2017-02-15 10:04
==================== End of FRST.txt ==

Edited by hamluis, 21 February 2017 - 06:35 AM.
Moved from AII to MRL - Hamluis.


#3 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,795 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:10:39 PM

Posted 21 February 2017 - 08:53 AM

azeemq:

:welcome: to the Bleeping Computer Virus, Trojans, Spyware, and Malware Removal Logs Forum. My name is Phil and I would like to address you by your first name, if that is alright with you since we will be working together.

I will be assisting you with your computer issues. I will endeavor to respond within a reasonable time, normally 48 hours after your last post.

I would like you to re-run the FRST scan. Please ensure that all five of the checkboxes under the "Whitelist" section of FRST are checked! In the "Optional Scan" section of FRST, ensure that "Addition.txt" is checked (it should be checked by default).

Please copy and paste both the contents of the "FRST.txt" file and the "Addition.txt" file into your next reply.

Once I have received the new logs, it will take me some time to analyze them, possibly a day or two.

PLEASE DO NOT RUN ANY ADDITIONAL SCANS OR ANTI-MALWARE REMOVAL TOOLS UNTIL YOU HAVE RECEIVED A RESPONSE FROM ME.
Doing so would complicate the situation and it would cause further delays in resolving your issues. It could also potentially result in harm to your computer because my "fix" will be based on the FRST scan logs you have already submitted.

Thank you and have a great day.

Regards,
-Phil

Graduate of the Bleeping Computer Malware Removal Study Hall


#4 Jo*

Jo*

  • Malware Response Team
  • 3,428 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:03:39 AM

Posted 21 February 2017 - 08:55 AM

edit:

removed my post, because another helper was faster...

Edited by Jo*, 21 February 2017 - 08:56 AM.

Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#5 azeemq

azeemq
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:09 AM

Posted 22 February 2017 - 03:13 AM

Hi Phil,

 

Please find both attachments as you requested.

 

I also tried with

  1. Hitman Pro
  2. adwcleaner
  3. rkill

Nothing seems to work for me . Any help is much appreciated. Many thanks Azeem

Attached Files



#6 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,795 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:10:39 PM

Posted 22 February 2017 - 07:14 AM

Azeem:

 

Thank you for the fresh logs.  I have several other clients that I am helping right now, but I do hope to be able to analyze your logs today and respond back later this afternoon.

 

Thank you for your patience.  Have a great day.

 

Regards,

-Phil


Graduate of the Bleeping Computer Malware Removal Study Hall


#7 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,795 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:10:39 PM

Posted 22 February 2017 - 03:40 PM

Azeem:

Thank you for your patience while I analyzed your FRST logs.

 

In the future, would you please copy and paste all the scan and fix logs that I request, into your replies, rather than attaching them? It makes it much easier and faster for me to analyze the results. Thank you for your cooperation. :)

Before we start dealing with the problems you are experiencing, I would ask that you to take note of the following points:

  • I am a Bleeping Computer volunteer, so I ask you to be patient. I know it is frustrating when your computer is not working properly, but malware removal takes time.
  • Please also remember that I only dedicate a limited number of hours a day to helping people. We may live in different time zones, which may cause delays in responding.
  • If I have not responded to you within 48 hours, please send me a personal message. Likewise, I expect you to respond within 48 hours, and sooner is better because we can fix your computer faster.
  • If I have not heard from you in three days, I will "bump" your post. After five days of no response, I will consider that you no longer need my assistance and this thread will be closed.
  • Logs can take a while to research, so please be patient.
  • Some issues just cannot be solved so you must be prepared for this.
  • Please read and follow the instructions in the exact sequence that they are posted to avoid making a bad situation worse.
  • Please print or copy and save the instructions.
  • Back up all your data and important files on another (external) drive before starting to run malware removal tools.
  • You should try to limit your browsing with this computer until you are given the "All Clear." Some malware applications steal passwords.
  • Please do not install or uninstall any applications, unless directed. Don't run any scripts or tools on your own because unsupervised usage may cause more harm than good.
  • Please use only the tools you have been instructed to use.
  • If you are using CD/DVD emulation software, this should be uninstalled or disabled as it can interfere with the removal of some malware. It can be turned off with Defogger and then turned back on when you get the "All Clear."
  • Please copy and paste the requested log files inside your post, unless otherwise instructed.
  • There are no silly questions. Ask for clarification, if you have any questions or concerns.
  • Bleeping Computer does not support any piracy. Evidence of illegal OS, software, cracks/keygens, etc., will be revealed by scan logs, and if found, further assistance may be suspended. Uninstall such software before proceeding!
  • Any P2P software such as uTorrent, BitTorrent, Kazaa, etc. must be uninstalled or completely disabled. P2P software is a major security risk to your computer and may have been the route the malware used to infect your computer.
  • Failure to follow these guidelines may result in assistance being withdrawn and your thread being closed.
  • I am volunteering my time to help you, and I will need you to help me. Together, we can, hopefully, disinfect your computer and get if functioning properly again. That is my only aim.

.

OK, let's get started ...

.

:step1: I see in the logs that the Internet is configured to use: hxxp://notstop.biz. Did you set that up to bypass geographic restrictions?

I also see in the logs that you have PDFlite installed. You might want to consider uninstalling that program. See this link for more information about PDFlite program.

.

:step2: In going over your logs I noticed that you have qBittorrent installed. Please consider the following advice to reduce the possibility of being infected when surfing the web.

  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a wide variety of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.

It is pretty much certain that if you continue to use P2P programs, you will get infected.
I would recommend that you uninstall qBittorrent, however that choice is up to you. If you choose to remove these programs, you can do so via Start > Control Panel > Add/Remove Programs.
If you wish to keep it, please do not use it until your computer is cleaned.

.

:step3: Please run a FRST "Fix" for me.

Copy and paste the text in the code box below into Notepad and save the file as fixlist.txt to the folder: C:\Users\Derrick\Downloads.

NOTE: It is important that both files, FRST64.exe and fixlist.txt are both in the same folder or the fix will not work.

NOTICE: This script was written specifically for this user, for use on this individual computer. Running this on another computer may cause damage to your operating system.
 

CreateRestorePoint:
CloseProcesses:

SearchScopes: HKLM -> DefaultScope {F4ED0519-C584-4DDA-BE93-FA0B93D040F6} URL =
SearchScopes: HKLM-x32 -> DefaultScope {F4ED0519-C584-4DDA-BE93-FA0B93D040F6} URL =
SearchScopes: HKU\S-1-5-21-2476311930-3940443278-554749923-1001 -> DefaultScope {F4ED0519-C584-4DDA-BE93-FA0B93D040F6} URL =
File: C:\WINDOWS\system32\DRIVERS\cmnuusbser14.sys
File: C:\WINDOWS\system32\DRIVERS\mmx_cmnxnet.sys
File: C:\WINDOWS\system32\DRIVERS\mmx_cmnxusbser.sys
S3 dbx; system32\DRIVERS\dbx.sys [X]
File: C:\Users\Azeem\Downloads\shift-windows.exe
File: C:\WINDOWS\system32\javaws.exe
Task: {A84211FB-1959-484D-B2CF-8B5BEC4E39F4} - \DriverPack Notifier -> No File <==== ATTENTION
  • Right click FRST64.exe, and select "Run as Administrator".
  • Then press the Fix button just once and wait.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finished FRST will generate a log in the folder C:\Users\Derrick\Downloads (Fixlog.txt). Please copy and paste the contents into your reply.

.


Thank you and have a great day.

Regards,
-Phil

 

PS: I hope to get back to you tomorrow, but I have to be away from home most of the day.  If not tomorrow, I will post on Friday.  Thank you for your patience and understanding.


Graduate of the Bleeping Computer Malware Removal Study Hall


#8 azeemq

azeemq
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:09 AM

Posted 23 February 2017 - 06:14 AM

Hi Phil,

You are a genius.

 

 

 

:step1: I see in the logs that the Internet is configured to use: hxxp://notstop.biz. Did you set that up to bypass geographic restrictions?

 

I removed the notstop.biz from internet settings and have not faced this issue after that.

 

If the issue persists I will run the FRST64.EXE and post the results here. 

 

I really appreciate the professional help.



#9 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,795 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:10:39 PM

Posted 23 February 2017 - 06:50 AM

Azeem:

 

Thank you for your post.  Glad to hear that your problem is solved. :thumbup2:

 

I would still suggest that you run the "fixlist.txt" and then that we run some more standard anti-malware scans to ensure that your computer is malware-free.

 

It is up to you, because it is YOUR computer.

 

Let me know.  Thank you and have a great day.

 

Regards,

-Phil


Graduate of the Bleeping Computer Malware Removal Study Hall


#10 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,795 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:10:39 PM

Posted 26 February 2017 - 07:31 AM

Azeem:

 

Are you still there?  Do you still require assistance?  It has been three days since I last posted to you.
 
According to Forum policy, topics must be concluded after five days of non-response from the Topic Starter.
 
If I have not heard from you in another two days, I will conclude your topic.  You can always reopen it by sending a Personal Message to a Moderator.
 
Thank you and have a great day.
 
Regards,
-Phil

Graduate of the Bleeping Computer Malware Removal Study Hall


#11 azeemq

azeemq
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:09 AM

Posted 26 February 2017 - 11:19 AM

Hi Phil Please close this topic. I am really satisfied with the help that you gave me . Thank you very much. I owe you one here.



#12 azeemq

azeemq
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:09 AM

Posted 26 February 2017 - 11:28 AM

Hi Phil here is the FIXLOG.TXT contents:

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 25-02-2017
Ran by Azeem (26-02-2017 21:53:44) Run:2
Running from C:\Users\Azeem\Downloads
Loaded Profiles: Azeem (Available Profiles: Azeem)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
 
SearchScopes: HKLM -> DefaultScope {F4ED0519-C584-4DDA-BE93-FA0B93D040F6} URL =
SearchScopes: HKLM-x32 -> DefaultScope {F4ED0519-C584-4DDA-BE93-FA0B93D040F6} URL =
SearchScopes: HKU\S-1-5-21-2476311930-3940443278-554749923-1001 -> DefaultScope {F4ED0519-C584-4DDA-BE93-FA0B93D040F6} URL =
File: C:\WINDOWS\system32\DRIVERS\cmnuusbser14.sys
File: C:\WINDOWS\system32\DRIVERS\mmx_cmnxnet.sys
File: C:\WINDOWS\system32\DRIVERS\mmx_cmnxusbser.sys
S3 dbx; system32\DRIVERS\dbx.sys [X]
File: C:\Users\Azeem\Downloads\shift-windows.exe
File: C:\WINDOWS\system32\javaws.exe
Task: {A84211FB-1959-484D-B2CF-8B5BEC4E39F4} - \DriverPack Notifier -> No File <==== ATTENTION
*****************
 
Restore point was successfully created.
Processes closed successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKU\S-1-5-21-2476311930-3940443278-554749923-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value not found.
 
========================= File: C:\WINDOWS\system32\DRIVERS\cmnuusbser14.sys ========================
 
File is digitally signed
MD5: FC681C6712B19BB88333008FEAAD8229
Creation and modification date: 2016-05-16 13:40 - 2016-05-16 13:40
Size: 0123776
Attributes: ----A
Company Name: Wireless Device
Internal Name: qcusbser
Original Name: qcusbser.sys
Product: Wireless Device USB Modem/Serial Device Driver
Description: USB Modem/Serial Device Driver
File Version: 2. 0. 6. 7
Product Version: 2. 0. 6. 7
Copyright: Copyright © 2001-2009
 
====== End of File: ======
 
 
========================= File: C:\WINDOWS\system32\DRIVERS\mmx_cmnxnet.sys ========================
 
File is digitally signed
MD5: 63F2F74B56438BBE805D62D184E5995A
Creation and modification date: 2015-10-09 09:15 - 2015-10-09 09:15
Size: 0161792
Attributes: ----A
Company Name: Wireless Data Device
Internal Name: cmnxnet
Original Name: cmnxnet.sys
Product: USB NDIS Miniport Driver
Description: USB NDIS Miniport Driver
File Version: 1. 0. 7. 9
Product Version: 1. 0. 7. 9
Copyright: Copyright from 2013. All rights reserved.
 
====== End of File: ======
 
 
========================= File: C:\WINDOWS\system32\DRIVERS\mmx_cmnxusbser.sys ========================
 
File is digitally signed
MD5: 380EC846D81C90FE8A859797AF218094
Creation and modification date: 2015-10-09 09:15 - 2015-10-09 09:15
Size: 0126208
Attributes: ----A
Company Name: Wireless Data Device
Internal Name: cmnxusbser
Original Name: cmnxusbser.sys
Product: USB Modem/Serial Device Driver
Description: USB Modem/Serial Device Driver
File Version: 2. 1. 0. 3
Product Version: 2. 1. 0. 3
Copyright: Copyright from 2013. All rights reserved.
 
====== End of File: ======
 
dbx => service not found.
 
========================= File: C:\Users\Azeem\Downloads\shift-windows.exe ========================
 
File is digitally signed
MD5: 
Creation and modification date: 2017-02-09 15:48 - 2017-02-09 15:48
Size: 69781968
Attributes: ----A
Company Name: Shift
Internal Name: Setup.exe
Original Name: Setup.exe
Product: Shift
Description: Shift
File Version: 1.0.34
Product Version: 1.0.34
Copyright: Copyright 2016 by Redbrick Technologies Inc.
 
====== End of File: ======
 
 
========================= File: C:\WINDOWS\system32\javaws.exe ========================
 
File is digitally signed
MD5: 135592B076CE53BC24AA251E1B89A9F1
Creation and modification date: 2016-06-09 12:47 - 2017-02-15 19:39
Size: 0318528
Attributes: ----A
Company Name: Oracle Corporation
Internal Name: Java™ Web Start Launcher
Original Name: javaws.exe
Product: Java™ Platform SE 8 U121
Description: Java™ Web Start Launcher
File Version: 11.121.2.13
Product Version: 8.0.1210.13
Copyright: Copyright © 2016
 
====== End of File: ======
 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A84211FB-1959-484D-B2CF-8B5BEC4E39F4} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A84211FB-1959-484D-B2CF-8B5BEC4E39F4} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DriverPack Notifier => key not found. 
 
 
The system needed a reboot.
 
==== End of Fixlog 21:54:00 ====


#13 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,795 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:10:39 PM

Posted 26 February 2017 - 12:08 PM

Azeem:

Thank you for your posts and the fixlog.txt file.

Just one question: Do you know about this file?

 

C:\Users\Azeem\Downloads\shift-windows.exe

 

There is no MD5 hash for that file, and I am not getting much in the way of hits when I search the file name. Please let me know if you did download this file. If not, you should delete it.

Since you do not want to continue with some standard scans, that is fine with me. Let me clean up for you.

 

.

:step1: We will now remove the tools we used during this fix using Delfix.

bwebb7v.jpgDownload Delfix from here and save it to your desktop.

  • Ensure Remove disinfection tools is checked.
  • Also place a checkmark next to:
    • Create registry backup
    • Purge system restore
    delfix.jpg
  • Click the Run button.

When the tool is finished, a log will open in notepad. Please copy and paste the log in your next reply.

.

:step2: . . . Some Final Advice . . .

The most common cause of an infected machine is the Trojan Horse, or programs which appear to be legitimate but which contain malicious payloads, or which are simply malicious in and of themselves. No antivirus, firewall, host-based intrusion prevention system (HIPS), or other security software can fully protect you against this kind of attack. The best way to project yourself is not to run email attachments from untrusted sources, and avoid software downloaded from the internet wherever possible. Remember, when you run an application, you are giving that application permission to do to your machine anything you can do to the machine, including create, modify, or destroy files or other data. In the Windows (and most other systems' such as Unix) security model, applications don't have privileges, users do.

The second most common cause of infection is out of date software. Leaving your system unpatched leaves holes through which attackers can execute code on your behalf without your consent. This goes for far more than common targets such as Windows and Internet Explorer. Most recent threats target other third party software, such as Adobe's Adobe Reader, Shockwave Player, or Flash Player, or Oracle's Java browser plugins. You can check your system for out of date software manually, or by using automated tools such as Secunia's Personal Software Inspector. This goes doubly for security applications such as antivirus and other antimalware products based on definition lists, where out-of-date lists mean no detection of newer malware.

Finally, occasionally you will be forced to run some potentially infected binary, or attackers will use a hole which is unpatched by software vendors, so a last line of defense is needed. That means turning on a firewall (Windows Firewall included with Windows Vista or later is fine) and leaving it on, and using and keeping up-to-date an antivirus solution such as Bitdefender. Antiviral solutions don't even have to cost money; for instance Microsoft Security Essentials provides perfectly acceptable protection for free. If for some reason you don't like MSE, there are other free products available as well:

  • Avira (shows nag screen to purchase full product when updating, home use only)
  • Bitdefender Free (home use only)

That should be fine for the majority of users. However, if you absolutely want additional protection, consider one or more of the following products:

If you want more information on methods malware uses to infect your computer, consider browsing our How did I get infected? topic.

.

It has been a pleasure assisting you and I hope that you will avoid any further infections in the future. Your most important protection step is to ALWAYS HAVE MORE THAN ONE RECENT BACKUP OF YOUR ENTIRE SYSTEM on an external drive that is only connected to your computer long enough to backup or restore. I do system images weekly. With the free backup software out there (Easeus ToDo Backup Home, Macrium Reflect, etc.), and the very reasonable prices for external USB hard drives, there is no reason to not have a backup.

On behalf of the Bleeping Computer Community, thank you for choosing BC to assist you with your computer issues, stay safe out there in cyberspace, and have a great day.

 

I will await the Delfix log before concluding this topic.

Regards,
-Phil

 


Graduate of the Bleeping Computer Malware Removal Study Hall


#14 azeemq

azeemq
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:09 AM

Posted 27 February 2017 - 03:58 AM

Hi Phil,

Please see the DELFIX log below. Please let me know if you prefer a few more cleanups before we close this thread.

 

# DelFix v1.013 - Logfile created 27/02/2017 at 14:26:25
# Updated 17/04/2016 by Xplode
# Username : Azeem - A
# Operating System : Windows 8  (64 bits)
 
~ Removing disinfection tools ...
 
Deleted : C:\FRST
Deleted : C:\AdwCleaner
Deleted : C:\Users\Azeem\Downloads\FRST-OlderVersion
Deleted : C:\Users\Azeem\Desktop\Rkill.txt
Deleted : C:\Users\Azeem\Downloads\Addition.txt
Deleted : C:\Users\Azeem\Downloads\AdwCleaner.exe
Deleted : C:\Users\Azeem\Downloads\adwcleaner_6.043.exe
Deleted : C:\Users\Azeem\Downloads\CKScanner.exe
Deleted : C:\Users\Azeem\Downloads\Fixlog.txt
Deleted : C:\Users\Azeem\Downloads\FRST.txt
Deleted : C:\Users\Azeem\Downloads\FRST64.exe
Deleted : C:\Users\Azeem\Downloads\rkill.com
 
~ Creating registry backup ... OK
 
~ Cleaning system restore ...
 
Deleted : RP #92 [Installed Adobe LiveCycle Designer ES2. | 02/16/2017 06:05:33]
Deleted : RP #93 [Checkpoint by HitmanPro | 02/21/2017 15:28:03]
Deleted : RP #95 [Restore Point Created by FRST | 02/23/2017 17:21:01]
Deleted : RP #97 [Restore Point Created by FRST | 02/26/2017 16:23:46]
 
New restore point created !
 
########## - EOF - ##########


#15 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,795 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:10:39 PM

Posted 27 February 2017 - 12:36 PM

Azeem:

 

Thank for the Delfix log.  Yes, I would recommend doing further scans.  Each of our tools targets different classes of malware.  Since you are here already, it would be wise to run all of our standard scans to ensure that your computer is clean.  I recommended that course of action to you in this post.

 

It is YOUR computer, so it is your decision.  We can conclude your topic now; or, we can run some more standard scans.  If it was my computer, I would opt for the "full meal deal" and run the supplementary anti-malware scans :)  They don't take that long.

 

Please let me know what you want to do.  I am here to assist YOU!

 

Thank you and have a great day.

 

Regards,

-Phil


Graduate of the Bleeping Computer Malware Removal Study Hall





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users