Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Malware removal tools can't run.


  • This topic is locked This topic is locked
91 replies to this topic

#1 SILE

SILE

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Local time:07:31 AM

Posted 20 March 2017 - 11:04 AM

I have tried to run FRST.exe but due to some infection on my PC, I can't run ANY .exe file, neither "FixNCR.reg" could run when i tried to fix registry settings using it.



BC AdBot (Login to Remove)

 


#2 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 3,976 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:09:01 PM

Posted 20 March 2017 - 03:34 PM

Hello SILE, welcome to Bleeping Computer's Malware Removal forum!
 
My name is Machiavelli. I will be assisting you with your malware-related problems.
If you would allow me to call you by your first name I would prefer that. smile.png
 
======================================================
 
Please consider the following points during this process:

  • Please ensure you read through my instructions thoroughly, and carry out each step in the order specified.
  • Please do not run any tools or take any steps other than those I provide for you. 
  • Please backup important files before proceeding with my instructions. Malware removal can be unpredictable at times.   
  • If you come across an issue whilst following my instructions, please stop and inform me of the issue.
  • Topics are locked if no response is made after 4 days. Please inform me if you require additional time.
  • I will notify you when I believe your computer is free of malware. Bear in mind, absence of symptoms does not necessarily correlate to absence of malware, so please wait until the "All Clean". 

======================================================

 

I have tried to run FRST.exe but due to some infection on my PC, I can't run ANY .exe file, neither "FixNCR.reg" could run when i tried to fix registry settings using it.

 

Is there any error message when you try running an .exe file? Please don't try to fix the registry yourself. Are there any other indicators that may be interfering with your system (ransom ware | pop ups | etc.)?

 

What system do you have? (operating system | x bit)

 

MgeHyNE.png Boot into Safe Mode

  • Restart your PC.
  • As soon as the BIOS is loaded, begin repeatedly tapping the F8 key until the Advanced Options menu appears.  
  • Using the arrow keys, select Safe Mode
  • Press the Enter key.

Can you run exe files using Safe Mode?


Edited by Machiavelli, 20 March 2017 - 03:34 PM.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#3 SILE

SILE
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Local time:07:31 AM

Posted 21 March 2017 - 09:27 AM

Hey Machiavelli, I am Neha. First of all thanks for assisting me. I've been really in need.

So, let me tell you the problems i'm facing-
1. I can't run any .exe file. So, no anti-malware tools are working.Not even the command prompt.
2. The "program files" folder in C drive is filled with weird name folders. Includes "AmuleC , Winsnare(4.3.2) ,Wondershare , WinArcher and many more which are not even readable" 
3. My browsers show me pop ups and direct me to a site called "Amisites" the first time when i open it. All the settings are messed up.
4. Edge browser doesn't even open up. (Windows 10 , 64 bits)

>And the message that i receive when i try running any .exe file is "Windows can't find 'C:\Users\B\Dekstop\MSEInstall.exe' " It's similar in all cases.

>When i try opening command prompt, it shows "This file doesn't have a program associated with it for performing this action.Please install a program or if already installed, then create an association in the Default Programs Control Panel"

 

>There is a kind of pop-up (a screen like cmd, that used to flash up on the screen and disappear in a matter of seconds.) Now, it really doesn't show up now and then but it does when I turn ON the PC)
 

 

>Recently my system has lost it's voice, it says the "Diver can't be started.Try restarting it"


F8 key doesn't work to open safe mode. There are other ways, that i checked on internet i can use to boot it in other modes, but none of them has worked. I have reached till it shows me start up settings to choose, but when i choose "safe mode with networking". It restarts and shows "Diagnosing your system" and then it gives the message "Diagnosis couldn't fix problems, try restarting or boot in other mode using "Advance options" "
 


Edited by SILE, 21 March 2017 - 09:28 AM.


#4 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 3,976 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:09:01 PM

Posted 21 March 2017 - 02:46 PM

Hello Neha.

This sounds like a serious issue but I am sure that we both will be able to fix it. We will work with a tool called FRST in the so-called Recovery Environment. It may sound a bit complex, but in real it is easier than it looks.

So let's start.

 FRST Recovery Environment Scan

Note: You require access to a clean computer and USB drive

Note: Please print off these instructions, or ensure you have access to them using a different device.

  • Insert your USB drive into a clean computer.
  • Please download Farbar Recovery Scan Tool (x32) / Farbar Recovery Scan Tool (x64) using your clean computer, and save the file to your USB drive.
  • Insert the USB drive into the affected computer
  • Enter the Recovery Environment by choosing one of the options below. 
     
Option #1: Enter Recovery Environment (Windows 8/10)
  • Consult the following instructions on how to enter the Recovery Environment in Windows 8 or 10.
  • After entering the Recovery Environment and clicking Troubleshoot, click Advanced options.
  • Proceed to the Advanced Boot Options Menu instructions below.
     
Option #4: Enter Recovery Environment (Windows Installation Disc)
  • Insert your Windows installation disc into your affected computer.
  • Restart your computer.
  • Configure your computer to boot from CD/DVD. Instructions on how to do this can be found here.
  • If prompted, press any key to start Windows from the installation disc.
  • Click Repair your computer.
  • Select English as the keyboard language settings, and then click Next.
  • Select the Operating System you want to repair, and then click Next.
  • Select your user account, and then click Next.
     
Advanced Boot Options Menu
  • Select Command Prompt.
  • In the command window type notepad and press Enter on your keyboard.
  • Notepad will open. Click File followed by Open
  • Click Computer, write down your USB drive letter on a piece of paper and close Notepad.
  • Type: x:\frst.exe / x:\frst64.exe in the command window. 
    • Note: Replace letter x with the drive letter of your USB drive you wrote down earlier.
  • Press Enter on your keyboard. The tool will start to run.
  • When the tool opens click Yes to the disclaimer.
  • Click Scan.
  • A log (FRST.txt) will be saved to your USB drive. Using your clean computer, please copy the contents of the log and paste in your next reply.
     
======================================================
 STEP 2pfNZP4A.pngLogs

In your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked.
  • FRST.txt

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#5 SILE

SILE
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Local time:07:31 AM

Posted 22 March 2017 - 09:10 AM

Hey, 

I tried to follow the steps exactly as you wanted me to, but i couldn't boot it using CD or USB, then continue with the rest. Instead what i did is, i forced my computer to show me Recovery options, from there, i went into command prompt and followed as you said. I was able to run FRST.exe ( :bananas: )(downloaded by my own PC,transfered into USB from this PC itself) and it produced frst.txt, copied below- 


 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-03-2017
Ran by SYSTEM on MININT-3ON7L7L (22-03-2017 19:24:14)
Running from E:\
Platform: Windows 10 Home Single Language Version 1607 (X64) Language: English (United States)
Internet Explorer Version 11
Boot Mode: Recovery
Default: ControlSet001
ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.
 
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8512760 2015-08-03] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_MAXX6] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1411320 2015-08-03] (Realtek Semiconductor)
HKLM\...\Run: [WavesSvc] => C:\Program Files\Waves\MaxxAudio\WavesSvc64.exe [610048 2015-01-13] (Waves Audio Ltd.)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2585744 2015-01-15] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [MRT] => C:\WINDOWS\system32\MRT.exe [138634176 2017-03-17] (Microsoft Corporation)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [27308304 2017-03-06] (Dropbox, Inc.)
HKLM-x32\...\Run: [FAStartup] => [X]
HKLM-x32\...\Run: [FATrayAlert] => C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe [95464 2015-08-07] (Sensible Vision )
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [597040 2015-10-06] (Oracle Corporation)
Winlogon\Notify\FastAccess: C:\Program Files (x86)\Sensible Vision\Fast Access\FALogNot.dll [2015-08-07] (Sensible Vision )
Lsa: [Notification Packages] scecli FAPassSync C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [3736776 2017-03-05] (Microsoft Corporation)
S3 ClientAnalyticsService; C:\Program Files\Common Files\McAfee\ClientAnalytics\Legacy\McClientAnalytics.exe [1747800 2017-02-15] (Intel Security)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2015-12-27] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2015-12-27] (Dropbox, Inc.)
S2 DbxSvc; C:\Windows\system32\DbxSvc.exe [46408 2017-01-20] (Dropbox, Inc.)
S2 Dell Customer Connect; C:\Program Files (x86)\Dell Customer Connect\DCCService.exe [130936 2016-12-20] (Dell Inc.)
S2 Dell Foundation Services; C:\Program Files\Dell\Dell Foundation Services\DFSSvc.exe [97616 2017-01-11] (Dell)
S2 Dell Help & Support; C:\Program Files\Dell\Dell Help & Support\MDLCSvc.exe [77648 2016-12-22] (Dell Inc.)
S3 DellProdRegManager; C:\Program Files (x86)\Dell Product Registration\regmgrsvc.exe [278568 2014-10-31] (Aviata, Inc.)
S2 DellUpdate; C:\Program Files (x86)\Dell Update\DellUpService.exe [237272 2015-08-26] (Dell Inc.)
S2 Dhcp; C:\Windows\SysWOW64\dhcpcore.dll [12 2016-07-16] ()
S3 diagnosticshub.standardcollector.service; C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe [12 2016-07-16] ()
S2 FirefoxU; C:\Program Files (x86)\Firefox\bin\FirefoxUpdate.exe [109744 2017-03-20] ()
S2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148560 2015-01-15] (NVIDIA Corporation)
S2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [641520 2016-12-08] (McAfee, Inc.)
S2 iBtSiva; C:\Program Files (x86)\Intel\Bluetooth\ibtsiva.exe [124520 2014-12-14] (Intel Corporation)
S2 igfxCUIService2.0.0.0; C:\Windows\system32\igfxCUIService.exe [382456 2017-02-27] (Intel Corporation)
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [887256 2014-05-13] (Intel® Corporation)
S2 IntelUSBoverIP; C:\Program Files\Intel Corporation\USB over IP\bin\UoipService.exe [394184 2014-10-15] (Intel)
S2 iSafeService; C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc.exe [131024 2016-12-01] (Elex do Brasil Participações Ltda)
S3 iThemes5; C:\Program Files (x86)\Common Files\Services\iThemes.dll [587264 2017-01-02] () <==== ATTENTION
S3 iumsvc; C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [177376 2016-08-12] (Intel Corporation)
S2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [158496 2014-10-10] (Intel Corporation)
S2 Kyubey; C:\Users\Bhupendra Singh\AppData\Roaming\Kyubey\Kyubey.exe [123392 2017-03-19] ()
S2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [188352 2017-02-21] (McAfee, Inc.)
S2 McAPExe; C:\Program Files\Common Files\McAfee\VSCore_15_6\McApExe.exe [989632 2017-01-18] (McAfee, Inc.)
S2 McBootDelayStartSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [641520 2016-12-08] (McAfee, Inc.)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.500\McCHSvc.exe [329480 2017-01-18] (McAfee, Inc.)
S2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\2.3.290.0\\McCSPServiceHost.exe [2054080 2017-02-03] (McAfee, Inc.)
S2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [641520 2016-12-08] (McAfee, Inc.)
S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [1342904 2016-12-15] (McAfee, Inc.)
S2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [641520 2016-12-08] (McAfee, Inc.)
S2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [641520 2016-12-08] (McAfee, Inc.)
S3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [241040 2016-11-14] (McAfee, Inc.)
S2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe [383032 2016-11-14] (McAfee, Inc.)
S3 mfevtp; C:\WINDOWS\system32\mfevtps.exe [342768 2016-11-14] (McAfee, Inc.)
S2 ModuleCoreService; C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe [1465840 2016-12-21] (McAfee, Inc.)
S2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1706128 2015-01-15] (NVIDIA Corporation)
S2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [21833360 2015-01-15] (NVIDIA Corporation)
S2 PEFService; C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe [1104304 2016-11-15] (Intel Security, Inc.)
S2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [312056 2015-08-03] (Realtek Semiconductor)
S4 SCardSvr; C:\Windows\System32\SCardSvr.dll [12 2016-07-16] ()
S2 SftService; C:\Program Files (x86)\Dell Backup and Recovery\sftservice.exe [2065808 2016-01-04] (SoftThinks SAS)
S2 Themes; C:\Windows\system32\themeservice.dll [70656 2016-07-16] (Microsoft Corporation) [DependOnService: iThemes5]<==== ATTENTION
S2 TrueKey; C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe [996824 2017-02-19] (McAfee, Inc.)
S2 TrueKeyScheduler; C:\Program Files\TrueKey\McTkSchedulerService.exe [16248 2017-02-19] (McAfee, Inc.)
S3 TrueKeyServiceHelper; C:\Program Files\TrueKey\McAfee.TrueKey.ServiceHelper.exe [86864 2017-02-19] (McAfee, Inc.)
S2 WavesSysSvc; C:\Program Files\Waves\MaxxAudio\WavesSysSvc64.exe [563456 2015-01-13] (Waves Audio Ltd.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)
S2 WinSAPSvc; C:\Users\Bhupendra Singh\AppData\Roaming\WinSAPSvc\WinSAP.dll [218624 2017-03-20] (Windows)
S2 WPDTSrv; C:\ProgramData\Microsoft\Phone Tools\CoreCon\12.0\addons\SDKFilesVer.dll [103424 2017-03-21] ()
S3 XblGameSave; C:\Windows\System32\XblGameSave.dll [12 2016-07-16] ()
S2 ed2kidle; "C:\Program Files (x86)\amuleC\ed2k.exe" -downloadwhenidle [X] <==== ATTENTION
S2 GubedZL; C:\Program Files (x86)\Gubed\GubedZL.dll [X]
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S0 atapi; C:\Windows\System32\drivers\atapi.sys [12 2016-07-16] ()
S3 cfwids; C:\Windows\System32\drivers\cfwids.sys [88456 2016-11-17] (McAfee, Inc.)
S3 DellRbtn; C:\Windows\System32\drivers\DellRbtn.sys [10752 2013-01-24] (OSR Open Systems Resources, Inc.)
S3 iaLPSS_GPIO; C:\Windows\System32\drivers\iaLPSS_GPIO.sys [35832 2014-06-10] (Intel Corporation)
S3 iaLPSS_SPI; C:\Windows\System32\drivers\iaLPSS_SPI.sys [100856 2014-06-10] (Intel Corporation)
S3 iaLPSS_UART2; C:\Windows\System32\drivers\iaLPSS_UART2.sys [143864 2014-06-10] (Intel Corporation)
S3 ibtusb; C:\Windows\system32\DRIVERS\ibtusb.sys [263952 2015-07-14] (Intel Corporation)
S0 intelide; C:\Windows\System32\drivers\intelide.sys [12 2016-07-16] ()
S1 iSafeKrnl; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnl.sys [262344 2016-05-22] (Elex do Brasil Participações Ltda)
S3 iSafeKrnlBoot; C:\Windows\System32\DRIVERS\iSafeKrnlBoot.sys [55056 2016-05-22] (Elex do Brasil Participações Ltda)
S1 iSafeKrnlKit; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlKit.sys [110112 2016-05-22] (Elex do Brasil Participações Ltda)
S1 iSafeKrnlMon; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlMon.sys [52440 2016-05-22] (Elex do Brasil Participações Ltda)
S1 iSafeKrnlR3; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlR3.sys [103904 2016-05-22] (Elex do Brasil Participações Ltda)
S1 iSafeNetFilter; C:\Windows\System32\DRIVERS\iSafeNetFilter.sys [52392 2016-05-18] (Elex do Brasil Participações Ltda)
S3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [129312 2014-10-11] (Intel Corporation)
S3 mfeaack; C:\Windows\System32\drivers\mfeaack.sys [484576 2016-11-17] (McAfee, Inc.)
S3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [366320 2016-11-17] (McAfee, Inc.)
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [85048 2016-11-17] (McAfee, Inc.)
S3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [518184 2016-11-17] (McAfee, Inc.)
S0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [916432 2016-11-17] (McAfee, Inc.)
S3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [498152 2016-10-24] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [109336 2016-10-24] (McAfee, Inc.)
S3 mfeplk; C:\Windows\System32\drivers\mfeplk.sys [110248 2016-11-17] (McAfee, Inc.)
S3 mfesapsn; C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys [46240 2016-06-06] (McAfee, Inc.)
S0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [254800 2016-11-17] (McAfee, Inc.)
S3 NdisImPlatform; C:\Windows\System32\drivers\NdisImPlatform.sys [12 2016-07-16] ()
S3 NetAdapterCx; C:\Windows\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
S3 NETwNb64; C:\Windows\System32\drivers\Netwbw02.sys [3537672 2017-02-17] (Intel Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-01-15] (NVIDIA Corporation)
S3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation)
S0 pciide; C:\Windows\System32\drivers\pciide.sys [12 2016-07-16] ()
S3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [896744 2015-08-13] (Realtek                                            )
S3 RTSUER; C:\Windows\system32\Drivers\RtsUer.sys [402960 2015-05-13] (Realsil Semiconductor Corporation)
S3 scfilter; C:\Windows\System32\DRIVERS\scfilter.sys [12 2016-07-16] ()
S3 ucdrv; C:\WINDOWS\System32\drivers:ucdrv-x64.sys [80850 ] (UC Web Inc.) <==== ATTENTION
S3 usb3Hub; C:\Windows\System32\drivers\usb3Hub.sys [213296 2014-10-15] (Windows ® Win 7 DDK provider)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
S3 dbx; system32\DRIVERS\dbx.sys [X]
S1 inqxuegd; \??\C:\WINDOWS\system32\drivers\inqxuegd.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-03-22 19:23 - 2017-03-22 19:23 - 00000000 ____D C:\FRST
2017-03-22 03:56 - 2017-03-22 03:56 - 00000000 ____D C:\Users\Bhupendra Singh\AppData\Local\Bepat
2017-03-22 03:53 - 2017-03-22 03:54 - 00000000 ____D C:\Users\Bhupendra Singh\AppData\LocalLow\Mozilla
2017-03-22 03:52 - 2017-03-22 03:52 - 00002001 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2017-03-22 03:52 - 2017-03-22 03:52 - 00000000 ____D C:\Users\Bhupendra Singh\AppData\Roaming\Firefox
2017-03-22 03:52 - 2017-03-22 03:52 - 00000000 ____D C:\Users\Bhupendra Singh\AppData\Local\Firefox
2017-03-22 03:51 - 2017-03-22 03:51 - 00000000 ____D C:\Program Files (x86)\Firefox
2017-03-22 03:51 - 2017-03-22 03:51 - 00000000 ____D C:\Program Files (x86)\Bepat
2017-03-21 05:49 - 2017-03-21 05:49 - 00004222 _____ C:\Windows\System32\Tasks\Intel Security DAT Reputation (AMCore) Post DAT update endpoint safety pulse
2017-03-19 03:00 - 2017-03-19 03:00 - 02424832 _____ (Farbar) C:\Users\Bhupendra Singh\Downloads\FRST64.exe
2017-03-18 08:21 - 2017-03-18 08:21 - 00001205 _____ C:\Users\Bhupendra Singh\Downloads\FixNCR.reg
2017-03-18 08:02 - 2017-03-18 08:02 - 00000000 ____D C:\Users\Bhupendra Singh\Documents\aMule Downloads
2017-03-17 18:36 - 2017-03-17 18:36 - 00000000 ____D C:\$WINDOWS.~BT
2017-03-17 18:35 - 2017-03-17 18:37 - 00000000 ___HD C:\$SysReset
2017-03-17 07:40 - 2017-03-22 03:21 - 00004034 _____ C:\Windows\System32\Tasks\Intel Security DAT Reputation (AMCore) periodic endpoint safety pulse
2017-03-17 06:48 - 2017-03-17 06:48 - 00000000 _SHDL C:\Users\Default\My Documents
2017-03-17 06:48 - 2017-03-17 06:48 - 00000000 _SHDL C:\Users\Default\Documents\My Videos
2017-03-17 06:48 - 2017-03-17 06:48 - 00000000 _SHDL C:\Users\Default\Documents\My Pictures
2017-03-17 06:48 - 2017-03-17 06:48 - 00000000 _SHDL C:\Users\Default\Documents\My Music
2017-03-17 06:48 - 2017-03-17 06:48 - 00000000 _SHDL C:\Users\Default User\Documents\My Videos
2017-03-17 06:48 - 2017-03-17 06:48 - 00000000 _SHDL C:\Users\Default User\Documents\My Pictures
2017-03-17 06:48 - 2017-03-17 06:48 - 00000000 _SHDL C:\Users\Default User\Documents\My Music
2017-03-16 06:11 - 2017-03-16 06:11 - 08233905 _____ C:\Users\Bhupendra Singh\Downloads\CS2.pdf
2017-03-16 04:50 - 2017-03-16 04:50 - 00000000 ____D C:\Program Files (x86)\WinSnare(4.3.2)
2017-03-16 00:20 - 2017-03-03 22:25 - 00255488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\unimdm.tsp
2017-03-16 00:19 - 2017-03-03 22:33 - 00295424 _____ (Microsoft Corporation) C:\Windows\System32\unimdm.tsp
2017-03-16 00:19 - 2017-02-21 18:17 - 00448285 _____ C:\Windows\System32\ApnDatabase.xml
2017-03-16 00:18 - 2017-03-03 23:57 - 00192352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aepic.dll
2017-03-16 00:18 - 2017-03-03 23:35 - 00315232 _____ (Microsoft Corporation) C:\Windows\System32\dcntel.dll
2017-03-16 00:18 - 2016-07-15 18:29 - 00017408 _____ (Microsoft Corporation) C:\Windows\System32\CspCellularSettings.dll
2017-03-16 00:18 - 2016-07-15 18:28 - 00125440 _____ (Microsoft Corporation) C:\Windows\System32\EnterpriseAPNCsp.dll
2017-03-16 00:18 - 2016-07-15 18:26 - 00128512 _____ (Microsoft Corporation) C:\Windows\System32\CfgSPCellular.dll
2017-03-15 05:09 - 2017-03-22 03:50 - 00000000 ____D C:\Program Files (x86)\n1
2017-03-15 05:09 - 2017-03-16 05:31 - 00000000 ____D C:\Program Files (x86)\BikaQRss
2017-03-15 05:09 - 2017-03-16 04:50 - 00003322 _____ C:\Windows\System32\Tasks\BikaQ_FetchAndUpgrade_CanBeDel
2017-03-07 05:02 - 2017-03-17 07:51 - 00000000 ____D C:\Program Files (x86)\amulell
2017-03-06 12:50 - 2017-03-06 12:50 - 00046184 _____ (Dropbox, Inc.) C:\Windows\System32\Drivers\dbx-stable.sys
2017-03-03 09:42 - 2017-03-03 09:42 - 00000000 ____D C:\ProgramData\973e2137-f0bf-4201-bf2a-57a2ec675e33
2017-03-03 09:30 - 2017-03-03 09:30 - 00000000 ____D C:\ProgramData\905ea78e-d9e7-4876-9d87-73098a928451
2017-03-03 05:02 - 2017-03-16 06:27 - 00000000 ____D C:\Program Files (x86)\amuleCexx
2017-03-03 04:58 - 2017-03-03 05:17 - 00000000 ____D C:\Windows\Minidump
2017-03-03 04:53 - 2017-03-03 04:53 - 00000000 ____D C:\Program Files (x86)\MK
2017-03-02 09:50 - 2017-03-02 09:50 - 00000000 ____D C:\Windows\System32\Tasks\Aviata
2017-03-02 05:54 - 2017-03-02 05:55 - 04031440 _____ C:\Users\Bhupendra Singh\Downloads\adwcleaner_6.044.exe
2017-03-02 05:28 - 2017-03-22 05:42 - 00000000 _____ C:\Windows\SysWOW64\1
2017-03-01 06:44 - 2017-03-16 05:32 - 00000000 _____ C:\Windows\SysWOW64\4
2017-03-01 06:44 - 2017-03-16 05:32 - 00000000 _____ C:\Windows\SysWOW64\3
2017-03-01 06:43 - 2017-03-22 03:50 - 00003674 _____ C:\Windows\System32\Tasks\Milimili
2017-03-01 06:43 - 2017-03-22 03:50 - 00000000 ____D C:\Users\Bhupendra Singh\AppData\Roaming\WinSAPSvc
2017-03-01 06:43 - 2017-03-21 05:45 - 00000000 ____D C:\Users\Bhupendra Singh\AppData\Roaming\Kyubey
2017-03-01 06:43 - 2017-03-03 05:02 - 00000000 ____D C:\Users\Bhupendra Singh\AppData\Roaming\WinSnare
2017-03-01 06:43 - 2017-03-01 09:09 - 00000000 ____D C:\Program Files (x86)\MIO
2017-02-28 20:22 - 2016-12-13 20:48 - 01631232 _____ (Microsoft Corporation) C:\Windows\System32\Windows.UI.Xaml.Resources.dll
2017-02-28 20:22 - 2016-12-13 20:38 - 17188864 _____ (Microsoft Corporation) C:\Windows\System32\Windows.UI.Xaml.dll
2017-02-28 20:21 - 2016-12-21 00:08 - 00245600 _____ (Microsoft Corporation) C:\Windows\System32\offlinesam.dll
2017-02-28 20:21 - 2016-12-21 00:08 - 00136032 _____ (Microsoft Corporation) C:\Windows\System32\ImplatSetup.dll
2017-02-28 20:21 - 2016-12-20 23:49 - 00328008 _____ (Microsoft Corporation) C:\Windows\System32\Windows.Storage.ApplicationData.dll
2017-02-28 20:21 - 2016-12-20 23:46 - 00624048 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2017-02-28 20:21 - 2016-12-20 23:43 - 04130440 _____ (Microsoft Corporation) C:\Windows\System32\mfcore.dll
2017-02-28 20:21 - 2016-12-20 23:43 - 01454504 _____ (Microsoft Corporation) C:\Windows\System32\mfnetsrc.dll
2017-02-28 20:21 - 2016-12-20 23:43 - 01071736 _____ (Microsoft Corporation) C:\Windows\System32\mfnetcore.dll
2017-02-28 20:21 - 2016-12-20 23:42 - 22224480 _____ (Microsoft Corporation) C:\Windows\System32\shell32.dll
2017-02-28 20:21 - 2016-12-20 23:42 - 01988560 _____ (Microsoft Corporation) C:\Windows\System32\mfmp4srcsnk.dll
2017-02-28 20:21 - 2016-12-20 23:42 - 01702392 _____ (Microsoft Corporation) C:\Windows\System32\mfasfsrcsnk.dll
2017-02-28 20:21 - 2016-12-20 23:42 - 01300600 _____ (Microsoft Corporation) C:\Windows\System32\mfmpeg2srcsnk.dll
2017-02-28 20:21 - 2016-12-20 23:41 - 01600632 _____ (Microsoft Corporation) C:\Windows\System32\sppobjs.dll
2017-02-28 20:21 - 2016-12-20 23:15 - 22563840 _____ (Microsoft Corporation) C:\Windows\System32\edgehtml.dll
2017-02-28 20:21 - 2016-12-20 23:08 - 00360448 _____ (Microsoft Corporation) C:\Windows\System32\rdpencom.dll
2017-02-28 20:21 - 2016-12-20 23:06 - 06285312 _____ (Microsoft Corporation) C:\Windows\System32\Windows.Media.dll
2017-02-28 20:21 - 2016-12-20 23:05 - 00425984 _____ (Microsoft Corporation) C:\Windows\System32\aadcloudap.dll
2017-02-28 20:21 - 2016-12-20 23:05 - 00261632 _____ (Microsoft Corporation) C:\Windows\System32\indexeddbserver.dll
2017-02-28 20:21 - 2016-12-20 23:01 - 09131008 _____ (Microsoft Corporation) C:\Windows\System32\twinui.dll
2017-02-28 20:21 - 2016-12-20 22:59 - 01908224 _____ (Microsoft Corporation) C:\Windows\System32\AzureSettingSyncProvider.dll
2017-02-28 20:21 - 2016-12-20 22:59 - 00883712 _____ (Microsoft Corporation) C:\Windows\System32\samsrv.dll
2017-02-28 20:21 - 2016-12-20 22:58 - 23678464 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2017-02-28 20:21 - 2016-12-20 22:56 - 00936960 _____ (Microsoft Corporation) C:\Windows\System32\MCRecvSrc.dll
2017-02-28 20:21 - 2016-12-20 22:55 - 08129536 _____ (Microsoft Corporation) C:\Windows\System32\Chakra.dll
2017-02-28 20:21 - 2016-12-20 22:55 - 04749312 _____ (Microsoft Corporation) C:\Windows\System32\SettingsHandlers_nt.dll
2017-02-28 20:21 - 2016-12-20 22:53 - 06664192 _____ (Microsoft Corporation) C:\Windows\System32\mspaint.exe
2017-02-28 20:21 - 2016-12-20 22:53 - 04474368 _____ (Microsoft Corporation) C:\Windows\System32\D3DCompiler_47.dll
2017-02-28 20:21 - 2016-12-20 22:51 - 08075776 _____ (Microsoft Corporation) C:\Windows\System32\mstscax.dll
2017-02-28 20:21 - 2016-12-20 22:51 - 05611008 _____ (Microsoft Corporation) C:\Windows\System32\d2d1.dll
2017-02-28 20:21 - 2016-12-20 22:50 - 01490432 _____ (Microsoft Corporation) C:\Windows\System32\lsasrv.dll
2017-02-28 20:21 - 2016-12-20 21:59 - 00218976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\offlinesam.dll
2017-02-28 20:21 - 2016-12-20 21:09 - 00263472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Storage.ApplicationData.dll
2017-02-28 20:21 - 2016-12-20 21:01 - 20969928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2017-02-28 20:21 - 2016-12-20 20:43 - 00285184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.BlockedShutdown.dll
2017-02-28 20:21 - 2016-12-20 20:41 - 00253952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.BioFeedback.dll
2017-02-28 20:21 - 2016-12-20 20:40 - 00557568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\StoreAgent.dll
2017-02-28 20:21 - 2016-12-20 20:40 - 00180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InstallAgent.exe
2017-02-28 20:21 - 2016-12-20 20:39 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InstallAgentUserBroker.exe
2017-02-28 20:21 - 2016-12-20 20:38 - 00866816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Cred.dll
2017-02-28 20:21 - 2016-12-20 20:35 - 00198656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\indexeddbserver.dll
2017-02-28 20:21 - 2016-12-20 20:34 - 07626752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll
2017-02-28 20:21 - 2016-12-20 20:33 - 19413504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\edgehtml.dll
2017-02-28 20:21 - 2016-12-20 20:32 - 19417600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2017-02-28 20:21 - 2016-12-20 20:30 - 05398016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aclui.dll
2017-02-28 20:21 - 2016-12-20 20:30 - 01255936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AzureSettingSyncProvider.dll
2017-02-28 20:21 - 2016-12-20 20:26 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSVP9DEC.dll
2017-02-28 20:21 - 2016-12-20 20:25 - 06474752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mspaint.exe
2017-02-28 20:21 - 2016-12-20 20:24 - 06044160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Chakra.dll
2017-02-28 20:21 - 2016-12-20 20:22 - 01883648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Logon.dll
2017-02-28 20:21 - 2016-12-13 21:41 - 01235296 _____ (Microsoft Corporation) C:\Windows\System32\aeinv.dll
2017-02-28 20:21 - 2016-12-13 21:34 - 02482280 _____ (Microsoft Corporation) C:\Windows\System32\msmpeg2vdec.dll
2017-02-28 20:21 - 2016-12-13 21:23 - 00404832 _____ (Microsoft Corporation) C:\Windows\System32\msv1_0.dll
2017-02-28 20:21 - 2016-12-13 21:21 - 02206496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2017-02-28 20:21 - 2016-12-13 21:17 - 00319288 _____ (Microsoft Corporation) C:\Windows\System32\wow64.dll
2017-02-28 20:21 - 2016-12-13 21:14 - 01694712 _____ (Microsoft Corporation) C:\Windows\System32\winmde.dll
2017-02-28 20:21 - 2016-12-13 21:01 - 01557808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winmde.dll
2017-02-28 20:21 - 2016-12-13 21:01 - 00382784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2017-02-28 20:21 - 2016-12-13 20:46 - 01631232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Xaml.Resources.dll
2017-02-28 20:21 - 2016-12-13 20:43 - 00201728 _____ (Microsoft Corporation) C:\Windows\System32\ScDeviceEnum.dll
2017-02-28 20:21 - 2016-12-13 20:42 - 00236544 _____ (Microsoft Corporation) C:\Windows\System32\WinSCard.dll
2017-02-28 20:21 - 2016-12-13 20:42 - 00167424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WinSCard.dll
2017-02-28 20:21 - 2016-12-13 20:40 - 00193536 _____ (Microsoft Corporation) C:\Windows\System32\certprop.dll
2017-02-28 20:21 - 2016-12-13 20:38 - 13869056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Xaml.dll
2017-02-28 20:21 - 2016-12-13 20:38 - 00213504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.CredDialogController.dll
2017-02-28 20:21 - 2016-12-13 20:37 - 00090112 _____ (Microsoft Corporation) C:\Windows\System32\updatepolicy.dll
2017-02-28 20:21 - 2016-12-13 20:36 - 00074752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\updatepolicy.dll
2017-02-28 20:21 - 2016-12-13 20:35 - 00755712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2017-02-28 20:21 - 2016-12-13 20:35 - 00600576 _____ (Microsoft Corporation) C:\Windows\System32\cryptui.dll
2017-02-28 20:21 - 2016-12-13 20:35 - 00553984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll
2017-02-28 20:21 - 2016-12-13 20:26 - 00932864 _____ (Microsoft Corporation) C:\Windows\System32\kerberos.dll
2017-02-28 20:21 - 2016-12-13 20:26 - 00869888 _____ (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2017-02-28 20:21 - 2016-12-13 20:24 - 01005568 _____ (Microsoft Corporation) C:\Windows\System32\D3D12.dll
2017-02-28 20:21 - 2016-12-13 20:24 - 00673792 _____ (Microsoft Corporation) C:\Windows\System32\winlogon.exe
2017-02-28 20:21 - 2016-12-13 20:23 - 03134976 _____ (Microsoft Corporation) C:\Windows\System32\rdpcore.dll
2017-02-28 20:21 - 2016-12-13 20:22 - 02317824 _____ (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2017-02-28 20:21 - 2016-12-13 20:22 - 01513472 _____ (Microsoft Corporation) C:\Windows\System32\win32kbase.sys
2017-02-28 20:21 - 2016-12-13 20:22 - 00391168 _____ (Microsoft Corporation) C:\Windows\System32\wuuhext.dll
2017-02-28 20:21 - 2016-11-02 04:01 - 00484584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2017-02-28 20:21 - 2016-11-02 02:28 - 00324608 _____ (Microsoft Corporation) C:\Windows\System32\Windows.ApplicationModel.LockScreen.dll
2017-02-28 20:21 - 2016-08-01 20:30 - 00822784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Chakradiag.dll
2017-02-28 20:20 - 2016-12-20 22:47 - 01121280 _____ (Microsoft Corporation) C:\Windows\System32\aadtb.dll
2017-02-28 20:20 - 2016-12-20 20:41 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.LockScreen.dll
2017-02-28 20:19 - 2016-12-20 23:43 - 00092512 _____ (Microsoft Corporation) C:\Windows\System32\rdpudd.dll
2017-02-28 20:19 - 2016-12-20 23:14 - 00043008 _____ (Microsoft Corporation) C:\Windows\System32\LaunchWinApp.exe
2017-02-28 20:19 - 2016-12-20 23:08 - 00289792 _____ (Microsoft Corporation) C:\Windows\System32\DeveloperOptionsSettingsHandlers.dll
2017-02-28 20:19 - 2016-12-20 22:56 - 00947712 _____ (Microsoft Corporation) C:\Windows\System32\MSVP9DEC.dll
2017-02-28 20:19 - 2016-12-20 22:49 - 04149248 _____ (Microsoft Corporation) C:\Windows\System32\rdpcorets.dll
2017-02-28 20:19 - 2016-12-20 20:46 - 00034304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\LaunchWinApp.exe
2017-02-28 20:19 - 2016-12-20 20:40 - 00318976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpencom.dll
2017-02-28 20:19 - 2016-12-20 20:40 - 00237056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SyncSettings.dll
2017-02-28 20:19 - 2016-12-20 20:25 - 07469056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2017-02-28 20:19 - 2016-12-13 21:01 - 00076984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\remoteaudioendpoint.dll
2017-02-28 20:19 - 2016-12-13 20:42 - 00208896 _____ (Microsoft Corporation) C:\Windows\System32\Windows.Internal.UI.Logon.ProxyStub.dll
2017-02-28 20:19 - 2016-12-13 20:39 - 00290816 _____ (Microsoft Corporation) C:\Windows\System32\updatehandlers.dll
2017-02-28 20:19 - 2016-12-13 20:36 - 00539648 _____ (Microsoft Corporation) C:\Windows\System32\usocore.dll
2017-02-28 20:19 - 2016-12-13 20:22 - 02748416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpcore.dll
2017-02-28 20:18 - 2016-12-21 00:04 - 07816032 _____ (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2017-02-28 20:18 - 2016-12-20 23:42 - 00241504 _____ (Microsoft Corporation) C:\Windows\System32\CloudExperienceHost.dll
2017-02-28 20:18 - 2016-12-20 23:37 - 00455520 _____ (Microsoft Corporation) C:\Windows\System32\securekernel.exe
2017-02-28 20:18 - 2016-12-20 23:13 - 00119808 _____ (Microsoft Corporation) C:\Windows\System32\KnobsCsp.dll
2017-02-28 20:18 - 2016-12-20 23:12 - 00083968 _____ (Microsoft Corporation) C:\Windows\System32\ProvPluginEng.dll
2017-02-28 20:18 - 2016-12-20 23:10 - 00234496 _____ (Microsoft Corporation) C:\Windows\System32\KnobsCore.dll
2017-02-28 20:18 - 2016-12-20 23:09 - 00368640 _____ (Microsoft Corporation) C:\Windows\System32\OneBackupHandler.dll
2017-02-28 20:18 - 2016-12-20 23:09 - 00363520 _____ (Microsoft Corporation) C:\Windows\System32\Windows.UI.BioFeedback.dll
2017-02-28 20:18 - 2016-12-20 23:08 - 01292288 _____ (Microsoft Corporation) C:\Windows\System32\MSVPXENC.dll
2017-02-28 20:18 - 2016-12-20 23:08 - 00418304 _____ (Microsoft Corporation) C:\Windows\System32\Windows.UI.BlockedShutdown.dll
2017-02-28 20:18 - 2016-12-20 23:08 - 00349184 _____ (Microsoft Corporation) C:\Windows\System32\provengine.dll
2017-02-28 20:18 - 2016-12-20 23:08 - 00211968 _____ (Microsoft Corporation) C:\Windows\System32\InstallAgent.exe
2017-02-28 20:18 - 2016-12-20 23:07 - 00748544 _____ (Microsoft Corporation) C:\Windows\System32\StoreAgent.dll
2017-02-28 20:18 - 2016-12-20 23:06 - 00310784 _____ (Microsoft Corporation) C:\Windows\System32\SyncSettings.dll
2017-02-28 20:18 - 2016-12-20 23:06 - 00260608 _____ (Microsoft Corporation) C:\Windows\System32\InstallAgentUserBroker.exe
2017-02-28 20:18 - 2016-12-20 23:06 - 00147456 _____ (Microsoft Corporation) C:\Windows\System32\winsrv.dll
2017-02-28 20:18 - 2016-12-20 23:05 - 00049152 _____ (Microsoft Corporation) C:\Windows\System32\Windows.UI.Shell.dll
2017-02-28 20:18 - 2016-12-20 23:00 - 00440320 _____ (Microsoft Corporation) C:\Windows\System32\fhcfg.dll
2017-02-28 20:18 - 2016-12-20 22:57 - 00462336 _____ (Microsoft Corporation) C:\Windows\System32\fhsettingsprovider.dll
2017-02-28 20:18 - 2016-12-20 22:54 - 05511680 _____ (Microsoft Corporation) C:\Windows\System32\aclui.dll
2017-02-28 20:18 - 2016-12-20 22:53 - 01690112 _____ (Microsoft Corporation) C:\Windows\System32\AppXDeploymentExtensions.onecore.dll
2017-02-28 20:18 - 2016-12-20 22:51 - 02275840 _____ (Microsoft Corporation) C:\Windows\System32\AppXDeploymentServer.dll
2017-02-28 20:18 - 2016-12-20 22:49 - 02691072 _____ (Microsoft Corporation) C:\Windows\System32\Windows.UI.Logon.dll
2017-02-28 20:18 - 2016-12-20 22:49 - 01062912 _____ (Microsoft Corporation) C:\Windows\System32\SettingSyncCore.dll
2017-02-28 20:18 - 2016-12-20 21:02 - 03892864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfcore.dll
2017-02-28 20:18 - 2016-12-20 21:02 - 01852720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfmp4srcsnk.dll
2017-02-28 20:18 - 2016-12-20 21:02 - 01360464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfnetsrc.dll
2017-02-28 20:18 - 2016-12-20 21:02 - 01277344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfasfsrcsnk.dll
2017-02-28 20:18 - 2016-12-20 21:02 - 01201872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfmpeg2srcsnk.dll
2017-02-28 20:18 - 2016-12-20 21:02 - 00980832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfnetcore.dll
2017-02-28 20:18 - 2016-12-20 20:39 - 01300480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSVPXENC.dll
2017-02-28 20:18 - 2016-12-20 20:35 - 04612608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.dll
2017-02-28 20:18 - 2016-12-20 20:27 - 00640000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MCRecvSrc.dll
2017-02-28 20:18 - 2016-12-20 20:24 - 05061120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2017-02-28 20:18 - 2016-12-20 20:24 - 03733504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_47.dll
2017-02-28 20:18 - 2016-12-20 20:24 - 00886272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aadtb.dll
2017-02-28 20:18 - 2016-12-20 20:22 - 00860672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SettingSyncCore.dll
2017-02-28 20:18 - 2016-12-13 21:41 - 00590960 _____ (Microsoft Corporation) C:\Windows\System32\AudioSes.dll
2017-02-28 20:18 - 2016-12-13 21:33 - 01356864 _____ (Microsoft Corporation) C:\Windows\System32\ClipUp.exe
2017-02-28 20:18 - 2016-12-13 21:19 - 00584544 _____ (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
2017-02-28 20:18 - 2016-12-13 21:18 - 00715104 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\vhdmp.sys
2017-02-28 20:18 - 2016-12-13 21:18 - 00335712 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\pci.sys
2017-02-28 20:18 - 2016-12-13 21:14 - 00418952 _____ (Microsoft Corporation) C:\Windows\System32\AUDIOKSE.dll
2017-02-28 20:18 - 2016-12-13 21:14 - 00089416 _____ (Microsoft Corporation) C:\Windows\System32\remoteaudioendpoint.dll
2017-02-28 20:18 - 2016-12-13 21:08 - 00341344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2017-02-28 20:18 - 2016-12-13 21:06 - 00509792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SettingSyncHost.exe
2017-02-28 20:18 - 2016-12-13 20:46 - 00206848 _____ (Microsoft Corporation) C:\Windows\System32\win32k.sys
2017-02-28 20:18 - 2016-12-13 20:45 - 00147968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32k.sys
2017-02-28 20:18 - 2016-12-13 20:42 - 00352768 _____ (Microsoft Corporation) C:\Windows\System32\cloudAP.dll
2017-02-28 20:18 - 2016-12-13 20:41 - 00223744 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2017-02-28 20:18 - 2016-12-13 20:40 - 00324096 _____ (Microsoft Corporation) C:\Windows\System32\domgmt.dll
2017-02-28 20:18 - 2016-12-13 20:40 - 00266752 _____ (Microsoft Corporation) C:\Windows\System32\ConsoleLogon.dll
2017-02-28 20:18 - 2016-12-13 20:40 - 00231424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CloudBackupSettings.dll
2017-02-28 20:18 - 2016-12-13 20:40 - 00104448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Internal.UI.Logon.ProxyStub.dll
2017-02-28 20:18 - 2016-12-13 20:39 - 00837632 _____ (Microsoft Corporation) C:\Windows\System32\wbiosrvc.dll
2017-02-28 20:18 - 2016-12-13 20:39 - 00257024 _____ (Microsoft Corporation) C:\Windows\System32\Windows.UI.CredDialogController.dll
2017-02-28 20:18 - 2016-12-13 20:38 - 00295424 _____ (Microsoft Corporation) C:\Windows\System32\CloudBackupSettings.dll
2017-02-28 20:18 - 2016-12-13 20:36 - 01002496 _____ (Microsoft Corporation) C:\Windows\System32\SRH.dll
2017-02-28 20:18 - 2016-12-13 20:35 - 00712192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2017-02-28 20:18 - 2016-12-13 20:32 - 00806400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3D12.dll
2017-02-28 20:18 - 2016-12-13 20:32 - 00497152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\LogonController.dll
2017-02-28 20:18 - 2016-12-13 20:25 - 02009600 _____ (Microsoft Corporation) C:\Windows\System32\SRHInproc.dll
2017-02-28 20:18 - 2016-12-13 20:23 - 01231872 _____ (Microsoft Corporation) C:\Windows\System32\dosvc.dll
2017-02-28 20:18 - 2016-12-13 20:22 - 02999808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32kfull.sys
2017-02-28 20:18 - 2016-12-13 20:22 - 00707584 _____ (Microsoft Corporation) C:\Windows\System32\LogonController.dll
2017-02-28 20:18 - 2016-12-13 20:21 - 03616768 _____ (Microsoft Corporation) C:\Windows\System32\win32kfull.sys
2017-02-28 20:18 - 2016-11-02 03:00 - 00534096 _____ (Microsoft Corporation) C:\Windows\System32\AudioEng.dll
2017-02-28 20:18 - 2016-11-02 02:22 - 00337920 _____ (Microsoft Corporation) C:\Windows\System32\AudioEndpointBuilder.dll
2017-02-28 20:18 - 2016-11-02 02:21 - 00942080 _____ (Microsoft Corporation) C:\Windows\System32\audiosrv.dll
2017-02-28 20:01 - 2016-12-20 23:08 - 00142848 _____ (Microsoft Corporation) C:\Windows\System32\poqexec.exe
2017-02-28 20:01 - 2016-12-20 20:44 - 00120320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2017-02-28 09:39 - 2017-02-28 09:39 - 00000000 ____D C:\Windows\SysWOW64\Dell
2017-02-28 09:39 - 2017-02-28 09:39 - 00000000 ____D C:\Program Files (x86)\Dell Customer Connect
2017-02-28 09:29 - 2016-05-22 18:41 - 00055056 _____ (Elex do Brasil Participações Ltda) C:\Windows\System32\Drivers\iSafeKrnlBoot.sys
2017-02-27 10:47 - 2017-02-27 10:47 - 40213960 _____ (Intel Corporation) C:\Windows\System32\igdumdim64.dll
2017-02-27 10:46 - 2017-02-27 10:46 - 15630704 _____ (Intel Corporation) C:\Windows\System32\igc64.dll
2017-02-27 10:46 - 2017-02-27 10:46 - 13607808 _____ (Intel Corporation) C:\Windows\SysWOW64\igc32.dll
2017-02-27 10:46 - 2017-02-27 10:46 - 04316136 _____ (Intel Corporation) C:\Windows\System32\igd12umd64.dll
2017-02-27 10:46 - 2017-02-27 10:46 - 04284872 _____ (Intel Corporation) C:\Windows\SysWOW64\igd12umd32.dll
2017-02-27 10:46 - 2017-02-27 10:46 - 02422504 _____ (Intel Corporation) C:\Windows\System32\igdmd64.dll
2017-02-27 10:46 - 2017-02-27 10:46 - 01883368 _____ (Intel Corporation) C:\Windows\SysWOW64\igdmd32.dll
2017-02-27 10:46 - 2017-02-27 10:46 - 01841088 _____ (Intel Corporation) C:\Windows\System32\iglhsip64.dll
2017-02-27 10:46 - 2017-02-27 10:46 - 01838392 _____ (Intel Corporation) C:\Windows\SysWOW64\iglhsip32.dll
2017-02-27 10:46 - 2017-02-27 10:46 - 00323744 _____ (Intel Corporation) C:\Windows\System32\igd10idpp64.dll
2017-02-27 10:46 - 2017-02-27 10:46 - 00308496 _____ (Intel Corporation) C:\Windows\SysWOW64\igd10idpp32.dll
2017-02-27 10:46 - 2017-02-27 10:46 - 00253016 _____ (Intel Corporation) C:\Windows\System32\iglhcp64.dll
2017-02-27 10:46 - 2017-02-27 10:46 - 00233920 _____ (Intel Corporation) C:\Windows\System32\igdde64.dll
2017-02-27 10:46 - 2017-02-27 10:46 - 00215864 _____ (Intel Corporation) C:\Windows\SysWOW64\iglhcp32.dll
2017-02-27 10:46 - 2017-02-27 10:46 - 00194336 _____ (Intel Corporation) C:\Windows\System32\igfxcmrt64.dll
2017-02-27 10:46 - 2017-02-27 10:46 - 00193304 _____ (Intel Corporation) C:\Windows\System32\igfx11cmrt64.dll
2017-02-27 10:46 - 2017-02-27 10:46 - 00192160 _____ (Intel Corporation) C:\Windows\SysWOW64\igdde32.dll
2017-02-27 10:46 - 2017-02-27 10:46 - 00170376 _____ (Intel Corporation) C:\Windows\SysWOW64\igfxcmrt32.dll
2017-02-27 10:46 - 2017-02-27 10:46 - 00170376 _____ (Intel Corporation) C:\Windows\SysWOW64\igfx11cmrt32.dll
2017-02-27 10:46 - 2017-02-27 10:46 - 00064560 _____ (Intel Corporation) C:\Windows\System32\igfxexps.dll
2017-02-27 10:44 - 2017-02-27 10:44 - 29110288 _____ (Intel Corporation) C:\Windows\System32\common_clang64.dll
2017-02-27 10:44 - 2017-02-27 10:44 - 19870224 _____ (Intel Corporation) C:\Windows\SysWOW64\common_clang32.dll
2017-02-27 10:44 - 2017-02-27 10:44 - 11750912 _____ (Intel Corporation) C:\Windows\System32\ig75icd64.dll
2017-02-27 10:44 - 2017-02-27 10:44 - 08740880 _____ (Intel Corporation) C:\Windows\SysWOW64\ig75icd32.dll
2017-02-27 10:44 - 2017-02-27 10:44 - 05697552 _____ (Intel Corporation) C:\Windows\System32\igdmcl64.dll
2017-02-27 10:44 - 2017-02-27 10:44 - 05271560 _____ (Intel Corporation) C:\Windows\System32\GfxResources.dll
2017-02-27 10:44 - 2017-02-27 10:44 - 04937232 _____ (Intel Corporation) C:\Windows\System32\igdrcl64.dll
2017-02-27 10:44 - 2017-02-27 10:44 - 04372496 _____ (Intel Corporation) C:\Windows\SysWOW64\igdrcl32.dll
2017-02-27 10:44 - 2017-02-27 10:44 - 03980304 _____ (Intel Corporation) C:\Windows\SysWOW64\igdmcl32.dll
2017-02-27 10:44 - 2017-02-27 10:44 - 01599504 _____ (Intel Corporation) C:\Windows\System32\igfxcmjit64.dll
2017-02-27 10:44 - 2017-02-27 10:44 - 01187344 _____ (Intel Corporation) C:\Windows\SysWOW64\igfxcmjit32.dll
2017-02-27 10:44 - 2017-02-27 10:44 - 01035760 _____ C:\Windows\System32\igfxSDK.exe
2017-02-27 10:44 - 2017-02-27 10:44 - 00976880 _____ (Intel Corporation) C:\Windows\System32\Gfxv4_0.exe
2017-02-27 10:44 - 2017-02-27 10:44 - 00973304 _____ (Intel Corporation) C:\Windows\System32\Gfxv2_0.exe
2017-02-27 10:44 - 2017-02-27 10:44 - 00713744 _____ (Intel Corporation) C:\Windows\System32\MetroIntelGenericUIFramework.dll
2017-02-27 10:44 - 2017-02-27 10:44 - 00545264 _____ (Intel Corporation) C:\Windows\System32\IntelWiDiUMS64.exe
2017-02-27 10:44 - 2017-02-27 10:44 - 00475632 _____ (Intel Corporation) C:\Windows\System32\GfxUIEx.exe
2017-02-27 10:44 - 2017-02-27 10:44 - 00457200 _____ (Intel Corporation) C:\Windows\System32\IntelCpHDCPSvc.exe
2017-02-27 10:44 - 2017-02-27 10:44 - 00448008 _____ (Intel Corporation) C:\Windows\System32\igdbcl64.dll
2017-02-27 10:44 - 2017-02-27 10:44 - 00424968 _____ (Intel Corporation) C:\Windows\System32\IntelOpenCL64.dll
2017-02-27 10:44 - 2017-02-27 10:44 - 00398864 _____ (Intel Corporation) C:\Windows\System32\igfxOSP.dll
2017-02-27 10:44 - 2017-02-27 10:44 - 00397328 _____ (Intel Corporation) C:\Windows\SysWOW64\igdbcl32.dll
2017-02-27 10:44 - 2017-02-27 10:44 - 00358896 _____ (Intel Corporation) C:\Windows\System32\IntelWiDiMCComp64.dll
2017-02-27 10:44 - 2017-02-27 10:44 - 00327184 _____ (Intel Corporation) C:\Windows\SysWOW64\IntelOpenCL32.dll
2017-02-27 10:44 - 2017-02-27 10:44 - 00310256 _____ (Intel Corporation) C:\Windows\SysWOW64\IntelCpHeciSvc.exe
2017-02-27 10:44 - 2017-02-27 10:44 - 00282120 _____ C:\Windows\System32\igfxCPL.cpl
2017-02-27 10:44 - 2017-02-27 10:44 - 00274952 _____ (Intel Corporation) C:\Windows\System32\igdfcl64.dll
2017-02-27 10:44 - 2017-02-27 10:44 - 00263688 _____ (Intel Corporation) C:\Windows\System32\igfxDTCM.dll
2017-02-27 10:44 - 2017-02-27 10:44 - 00245744 _____ (Intel Corporation) C:\Windows\System32\igfxext.exe
2017-02-27 10:44 - 2017-02-27 10:44 - 00241136 _____ (Intel Corporation) C:\Windows\System32\DPTopologyApp.exe
2017-02-27 10:44 - 2017-02-27 10:44 - 00240632 _____ (Intel Corporation) C:\Windows\System32\DPTopologyAppv2_0.exe
2017-02-27 10:44 - 2017-02-27 10:44 - 00234000 _____ (Intel Corporation) C:\Windows\SysWOW64\igdfcl32.dll
2017-02-27 10:44 - 2017-02-27 10:44 - 00201736 _____ (Intel Corporation) C:\Windows\System32\igdail64.dll
2017-02-27 10:44 - 2017-02-27 10:44 - 00183792 _____ (Intel Corporation) C:\Windows\System32\difx64.exe
2017-02-27 10:44 - 2017-02-27 10:44 - 00182800 _____ (Intel Corporation) C:\Windows\SysWOW64\igdail32.dll
2017-02-27 10:44 - 2017-02-27 10:44 - 00120336 _____ ( ) C:\Windows\System32\igfxSDKLibv2_0.dll
2017-02-27 10:44 - 2017-02-27 10:44 - 00112656 _____ (Khronos Group) C:\Windows\SysWOW64\Intel_OpenCL_ICD32.dll
2017-02-27 10:44 - 2017-02-27 10:44 - 00112136 _____ C:\Windows\System32\igfxCUIServicePS.dll
2017-02-27 10:44 - 2017-02-27 10:44 - 00109584 _____ ( ) C:\Windows\System32\igfxSDKLib.dll
2017-02-27 10:44 - 2017-02-27 10:44 - 00108560 _____ (Khronos Group) C:\Windows\System32\Intel_OpenCL_ICD64.dll
2017-02-27 10:44 - 2017-02-27 10:44 - 00103952 _____ ( ) C:\Windows\System32\igfxDHLibv2_0.dll
2017-02-27 10:44 - 2017-02-27 10:44 - 00093200 _____ ( ) C:\Windows\System32\igfxDHLib.dll
2017-02-27 10:44 - 2017-02-27 10:44 - 00061448 _____ (Intel Corporation) C:\Windows\SysWOW64\igfxexps32.dll
2017-02-27 10:44 - 2017-02-27 10:44 - 00037904 _____ ( ) C:\Windows\System32\igfxDILibv2_0.dll
2017-02-27 10:44 - 2017-02-27 10:44 - 00037904 _____ ( ) C:\Windows\System32\igfxDILib.dll
2017-02-27 10:44 - 2017-02-27 10:44 - 00036368 _____ ( ) C:\Windows\System32\igfxEMLibv2_0.dll
2017-02-27 10:44 - 2017-02-27 10:44 - 00036368 _____ ( ) C:\Windows\System32\igfxEMLib.dll
2017-02-27 10:44 - 2017-02-27 10:44 - 00031248 _____ ( ) C:\Windows\System32\igfxLHMLibv2_0.dll
2017-02-27 10:44 - 2017-02-27 10:44 - 00031240 _____ ( ) C:\Windows\System32\igfxLHMLib.dll
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-03-22 05:44 - 2016-11-16 07:49 - 00000000 _____ C:\Users\Public\Documents\temp.dat
2017-03-22 05:44 - 2015-08-25 16:04 - 00000000 ____D C:\Program Files (x86)\Dell Backup and Recovery
2017-03-22 05:43 - 2016-11-16 07:53 - 00000000 _____ C:\Users\Public\Documents\report.dat
2017-03-22 05:43 - 2015-12-27 11:28 - 00000000 ___RD C:\Users\Bhupendra Singh\Dropbox
2017-03-22 05:40 - 2016-09-02 22:18 - 00000180 _____ C:\Windows\System32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2017-03-22 05:40 - 2016-07-16 03:47 - 00000000 ____D C:\Windows\AppReadiness
2017-03-22 05:40 - 2015-12-27 07:20 - 00000000 __SHD C:\Users\Bhupendra Singh\IntelGraphicsProfiles
2017-03-22 05:39 - 2016-09-02 22:42 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-03-22 05:38 - 2016-09-02 22:24 - 00000000 ____D C:\users\Bhupendra Singh
2017-03-22 05:38 - 2016-07-15 22:04 - 01048576 _____ C:\Windows\System32\config\BBI
2017-03-22 05:24 - 2016-09-02 22:15 - 00000000 ____D C:\Windows\System32\SleepStudy
2017-03-22 03:56 - 2016-11-23 04:11 - 00002454 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-03-22 03:53 - 2016-08-17 08:51 - 00000000 ____D C:\Users\Bhupendra Singh\AppData\Roaming\Mozilla
2017-03-22 03:32 - 2016-07-16 03:47 - 00000000 ___HD C:\Program Files\WindowsApps
2017-03-21 08:29 - 2016-07-16 03:47 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-03-21 08:26 - 2015-08-25 16:13 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2017-03-19 00:16 - 2016-04-12 06:52 - 00000000 ____D C:\Program Files\TrueKey
2017-03-18 23:45 - 2016-09-02 22:42 - 00003126 _____ C:\Windows\System32\Tasks\McAfeeLogon
2017-03-18 23:45 - 2016-09-02 22:42 - 00000000 ____D C:\Windows\System32\Tasks\McAfee
2017-03-18 08:03 - 2016-11-28 03:20 - 00000000 ____D C:\Users\Bhupendra Singh\AppData\Roaming\aMule
2017-03-18 07:54 - 2016-12-27 02:54 - 00000000 ____D C:\Program Files (x86)\Gubed
2017-03-17 19:01 - 2016-07-16 03:47 - 00000000 ____D C:\Windows\System
2017-03-17 07:39 - 2016-01-13 04:58 - 138634176 ____C (Microsoft Corporation) C:\Windows\System32\MRT.exe
2017-03-17 07:29 - 2015-08-25 18:01 - 00000000 ____D C:\ProgramData\Dell
2017-03-17 07:27 - 2016-07-16 03:45 - 00000000 ____D C:\Windows\INF
2017-03-17 07:27 - 2016-07-15 22:04 - 00008192 _____ C:\Windows\System32\config\ELAM
2017-03-17 07:14 - 2016-12-03 22:53 - 00000000 _____ C:\Program Files (x86)\Dell Backup and RecoveryINSTANT_RESTORE
2017-03-17 07:10 - 2016-07-16 03:47 - 00000000 ____D C:\Windows\Web
2017-03-17 06:45 - 2016-09-02 22:27 - 00000000 ____D C:\Windows\System32\config\bbimigrate
2017-03-16 10:54 - 2016-07-16 03:47 - 00000000 ___SD C:\Windows\SysWOW64\F12
2017-03-16 10:54 - 2016-07-16 03:47 - 00000000 ___SD C:\Windows\System32\F12
2017-03-16 10:54 - 2016-07-16 03:47 - 00000000 ____D C:\Windows\SysWOW64\setup
2017-03-16 10:54 - 2016-07-16 03:47 - 00000000 ____D C:\Windows\System32\setup
2017-03-16 10:54 - 2016-07-16 03:47 - 00000000 ____D C:\Windows\System32\oobe
2017-03-16 10:54 - 2016-07-16 03:47 - 00000000 ____D C:\Windows\System32\appraiser
2017-03-16 10:53 - 2016-07-16 03:47 - 00000000 ___RD C:\Windows\PrintDialog
2017-03-16 10:53 - 2016-07-16 03:47 - 00000000 ___RD C:\Windows\ImmersiveControlPanel
2017-03-16 10:53 - 2016-07-16 03:47 - 00000000 ___RD C:\Program Files\Windows Defender
2017-03-16 10:53 - 2016-07-16 03:47 - 00000000 ____D C:\Windows\ShellExperiences
2017-03-16 10:53 - 2016-07-16 03:47 - 00000000 ____D C:\Windows\bcastdvr
2017-03-16 10:53 - 2016-07-16 03:47 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2017-03-16 10:53 - 2016-07-16 03:47 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2017-03-16 10:53 - 2016-07-16 03:47 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2017-03-16 04:26 - 2016-07-16 03:36 - 00000000 ____D C:\Windows\CbsTemp
2017-03-16 02:34 - 2016-07-16 03:47 - 00000000 ____D C:\Windows\System32\NDF
2017-03-12 02:31 - 2015-12-27 07:20 - 00000000 ____D C:\Users\Bhupendra Singh\AppData\Local\Packages
2017-03-09 19:33 - 2015-08-25 16:11 - 00000000 ____D C:\Program Files (x86)\Dropbox
2017-03-08 04:18 - 2015-12-27 11:14 - 00000000 ____D C:\Users\Bhupendra Singh\AppData\Local\Dropbox
2017-03-05 05:37 - 2016-07-16 03:47 - 00000000 ____D C:\Windows\rescache
2017-03-03 12:17 - 2016-09-02 22:42 - 00004562 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2017-03-03 09:42 - 2015-08-25 16:04 - 00000000 ____D C:\Program Files\Dell
2017-03-03 09:38 - 2016-02-29 05:53 - 00000473 _____ C:\Windows\SysWOW64\DLC_Debug_log.txt
2017-03-03 09:38 - 2015-08-25 15:55 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2017-03-03 04:58 - 2016-01-03 06:03 - 802235731 _____ C:\Windows\MEMORY.DMP
2017-03-02 09:11 - 2015-12-27 07:19 - 00000000 __RHD C:\Users\Public\AccountPictures
2017-03-02 09:09 - 2016-12-27 02:54 - 00000000 ____D C:\Program Files (x86)\WinArcher
2017-03-02 09:04 - 2016-09-02 22:15 - 00337832 _____ C:\Windows\System32\FNTCACHE.DAT
2017-03-02 09:01 - 2016-07-16 03:47 - 00000000 ____D C:\Windows\System32\WinBioPlugIns
2017-03-02 09:00 - 2016-07-16 03:47 - 00000000 ____D C:\Windows\Provisioning
2017-03-02 07:01 - 2016-09-02 22:18 - 00000200 _____ C:\Windows\System32\{EC94D02F-D200-4428-9531-05AF7F9799CB}.bat
2017-03-02 06:52 - 2015-08-25 15:55 - 00000000 ____D C:\ProgramData\Intel
2017-03-02 06:52 - 2015-08-25 15:54 - 00000000 ____D C:\ProgramData\Package Cache
2017-03-02 06:51 - 2015-12-27 21:48 - 01114902 _____ C:\Windows\System32\PerfStringBackup.INI
2017-03-02 06:50 - 2015-12-30 04:32 - 00000000 ____D C:\users\nehad
2017-03-02 06:50 - 2015-10-29 22:28 - 00000000 ____D C:\users\Default.migrated
2017-03-02 06:49 - 2015-08-25 15:56 - 00000000 ____D C:\Program Files\Common Files\Intel
2017-03-02 06:48 - 2016-09-02 22:18 - 00000000 ____D C:\Program Files\Intel
2017-03-02 06:48 - 2015-08-25 15:56 - 00000000 ____D C:\Program Files (x86)\Cisco
2017-03-02 06:47 - 2015-08-25 15:58 - 00000000 ____D C:\Intel
2017-03-02 06:27 - 2016-09-02 22:42 - 00000000 ____D C:\Windows\System32\Tasks\Dell
2017-03-02 06:27 - 2015-08-25 16:10 - 00000000 ____D C:\Program Files (x86)\Dell Product Registration
2017-02-28 19:13 - 2016-11-28 03:20 - 00000000 ____D C:\Program Files (x86)\amuleC1
2017-02-28 00:41 - 2015-08-25 16:07 - 00000000 ____D C:\ProgramData\McAfee
2017-02-27 10:47 - 2015-12-18 11:40 - 39246776 _____ (Intel Corporation) C:\Windows\SysWOW64\igdumdim32.dll
2017-02-27 10:46 - 2016-11-01 09:36 - 35131640 _____ (Intel Corporation) C:\Windows\SysWOW64\igd11dxva32.dll
2017-02-27 10:46 - 2015-12-18 11:40 - 33775608 _____ (Intel Corporation) C:\Windows\System32\igd11dxva64.dll
2017-02-27 10:46 - 2015-12-18 11:40 - 15982776 _____ (Intel Corporation) C:\Windows\System32\igd10iumd64.dll
2017-02-27 10:46 - 2015-12-18 11:40 - 12798456 _____ (Intel Corporation) C:\Windows\SysWOW64\igd10iumd32.dll
2017-02-27 10:46 - 2015-12-18 11:40 - 06763136 _____ (Intel Corporation) C:\Windows\System32\igdusc64.dll
2017-02-27 10:46 - 2015-12-18 11:40 - 05193384 _____ (Intel Corporation) C:\Windows\SysWOW64\igdusc32.dll
2017-02-27 10:44 - 2016-09-02 22:18 - 00112656 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.DLL
2017-02-27 10:44 - 2016-09-02 22:18 - 00108560 _____ (Khronos Group) C:\Windows\System32\OpenCL.DLL
2017-02-27 10:44 - 2015-12-18 11:38 - 07974904 _____ (Intel Corporation) C:\Windows\System32\Drivers\igdkmd64.sys
2017-02-27 10:44 - 2015-12-18 11:38 - 02150928 _____ (Intel Corporation) C:\Windows\System32\igfxLHM.dll
2017-02-27 10:44 - 2015-12-18 11:38 - 00765448 _____ (Intel Corporation) C:\Windows\System32\igfxDH.dll
2017-02-27 10:44 - 2015-12-18 11:38 - 00410608 _____ C:\Windows\System32\igfxTray.exe
2017-02-27 10:44 - 2015-12-18 11:38 - 00407568 _____ (Intel Corporation) C:\Windows\System32\igfxDI.dll
2017-02-27 10:44 - 2015-12-18 11:38 - 00382456 _____ (Intel Corporation) C:\Windows\System32\igfxCUIService.exe
2017-02-27 10:44 - 2015-12-18 11:38 - 00363512 _____ (Intel Corporation) C:\Windows\System32\igfxEM.exe
2017-02-27 10:44 - 2015-12-18 11:38 - 00277496 _____ (Intel Corporation) C:\Windows\System32\igfxHK.exe
2017-02-21 02:05 - 2016-11-22 08:07 - 00000000 ____D C:\Users\Bhupendra Singh\AppData\Roaming\vlc
 
Some files in TEMP:
====================
2016-11-13 19:30 - 2016-11-13 19:30 - 1588219 _____ (                                                            ) C:\Users\Bhupendra Singh\AppData\Local\Temp\5f912555-d880-4197-9917-d50b49e604f5.exe
2016-11-05 02:52 - 2016-11-05 02:52 - 51574616 _____ (UCWeb Inc.) C:\Users\Bhupendra Singh\AppData\Local\Temp\Browser_V5.7.15319.5_r_4670_(Build1608291541).exe
2016-11-05 02:48 - 2016-11-05 02:49 - 8783983 _____ (                                                            ) C:\Users\Bhupendra Singh\AppData\Local\Temp\jg3.6.0.exe
2016-11-05 02:49 - 2016-11-05 02:49 - 1468764 _____ (YTB Music Box                                               ) C:\Users\Bhupendra Singh\AppData\Local\Temp\MusicBox.exe
2016-12-13 05:49 - 2016-12-13 05:49 - 0515584 _____ () C:\Users\Bhupendra Singh\AppData\Local\Temp\sqlite-3.7.2-sqlitejdbc.dll
2016-11-05 02:48 - 2016-11-05 02:48 - 0427232 _____ () C:\Users\Bhupendra Singh\AppData\Local\Temp\trotux.exe
2016-11-05 02:49 - 2016-11-05 02:49 - 1199825 _____ () C:\Users\Bhupendra Singh\AppData\Local\Temp\unins000.exe
2016-11-05 02:49 - 2016-11-05 02:49 - 10013312 _____ () C:\Users\Bhupendra Singh\AppData\Local\Temp\wajam_install.exe
2016-11-05 02:49 - 2016-11-05 02:49 - 0065700 _____ () C:\Users\Bhupendra Singh\AppData\Local\Temp\WeatherChicknInstaller.exe
2016-12-30 05:00 - 2016-12-30 05:00 - 0461824 _____ () C:\Users\Bhupendra Singh\AppData\Local\Temp\~ct683A.tmp.dll
2017-01-03 08:12 - 2017-01-03 08:12 - 0471552 _____ () C:\Users\Bhupendra Singh\AppData\Local\Temp\~ct7ED6.tmp.dll
2017-01-03 04:59 - 2017-01-03 04:59 - 0471552 _____ () C:\Users\Bhupendra Singh\AppData\Local\Temp\~ctA864.tmp.dll
2017-01-05 07:45 - 2017-01-05 07:45 - 0361472 _____ (update) C:\Users\Bhupendra Singh\AppData\Local\Temp\~ctB4F9.tmp.dll
2016-12-28 00:42 - 2016-12-28 00:42 - 0792064 _____ (Fun Dw) C:\Users\Bhupendra Singh\AppData\Local\Temp\~ctC357.tmp.dll
2016-12-19 01:25 - 2016-12-19 01:25 - 0782848 _____ (Fun Dw) C:\Users\Bhupendra Singh\AppData\Local\Temp\~ctD4FD.tmp.dll
 
==================== Known DLLs (Whitelisted) =========================
 
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe
[2017-02-28 20:21] - [2016-12-13 20:24] - 0673792 ____A (Microsoft Corporation) 917F081E2AB667C44F7D96DE1D16DFAE
 
C:\Windows\System32\wininit.exe
[2016-07-16 03:42] - [2016-07-16 03:42] - 0304240 ____A (Microsoft Corporation) 99A19C9A74E2F9820E501DCE77F84F70
 
C:\Windows\explorer.exe
[2016-12-22 21:10] - [2016-11-11 01:56] - 4673304 ____A (Microsoft Corporation) 4E10FB1A015B49AC68F76C1A3F4D9C0F
 
C:\Windows\SysWOW64\explorer.exe
[2016-12-22 21:11] - [2016-11-10 23:41] - 4311736 ____A (Microsoft Corporation) AF46710DDB8B0E304AA4FD2B940CABD8
 
C:\Windows\System32\svchost.exe
[2016-07-16 03:42] - [2016-07-16 03:42] - 0044496 ____A (Microsoft Corporation) 36F670D89040709013F6A460176767EC
 
C:\Windows\SysWOW64\svchost.exe
[2016-07-16 03:42] - [2016-07-16 03:42] - 0038792 ____A (Microsoft Corporation) 1F8434DD4907C832E6E90D6298EAB85B
 
C:\Windows\System32\services.exe
[2016-12-22 21:12] - [2016-11-11 01:51] - 0454592 ____A (Microsoft Corporation) 3C69CC28665854F1AAB4B4005005FA31
 
C:\Windows\System32\User32.dll
[2016-12-22 21:10] - [2016-12-09 02:10] - 1461200 ____A (Microsoft Corporation) C46EA86BF0E7C96235E9064CBAD6ED26
 
C:\Windows\SysWOW64\User32.dll
[2016-12-22 21:11] - [2016-12-09 01:52] - 1435896 ____A (Microsoft Corporation) 4BEC594A3D4AEAFAC400D88F7E328C7B
 
C:\Windows\System32\userinit.exe
[2016-07-16 03:42] - [2016-07-16 03:42] - 0033280 ____A (Microsoft Corporation) C1B1FFC800BE2F31EB2CF8CB40629C69
 
C:\Windows\SysWOW64\userinit.exe
[2016-07-16 03:42] - [2016-07-16 03:42] - 0027648 ____A (Microsoft Corporation) FA900E6CCCF0A429D5B720C6F0E2274B
 
C:\Windows\System32\rpcss.dll
[2016-07-16 03:42] - [2016-07-16 03:42] - 0888320 ____A (Microsoft Corporation) 7BD259FC59CF9C2AE1B979564B374CC6
 
C:\Windows\System32\dnsapi.dll
[2016-09-30 04:40] - [2016-09-15 09:30] - 0646136 ____A (Microsoft Corporation) 96B8A433F6407DE34850927C96C6CE9B
 
C:\Windows\SysWOW64\dnsapi.dll
[2016-09-30 04:45] - [2016-09-15 09:37] - 0496872 ____A (Microsoft Corporation) 227CFE3EDA82029AAC1C088A16297CD7
 
C:\Windows\System32\Drivers\volsnap.sys
[2016-07-16 03:42] - [2016-07-16 03:42] - 0391520 ____A (Microsoft Corporation) BF2546583BB75F01DDA60A7921DFB230
 
 
==================== Association (Whitelisted) =============
 
 
==================== Restore Points =========================
 
Restore point date: 2017-03-21 08:37
Restore point date: 2017-03-22 03:41
 
==================== Memory info =========================== 
 
Percentage of memory in use: 21%
Total physical RAM: 4012.48 MB
Available physical RAM: 3133.46 MB
Total Virtual: 4012.48 MB
Available Virtual: 3181.13 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:235.95 GB) (Free:139.27 GB) NTFS
Drive d: (New Volume) (Fixed) (Total:220.1 GB) (Free:131.96 GB) NTFS
Drive e: (KINGSTON) (Removable) (Total:3.72 GB) (Free:0.42 GB) FAT32
Drive f: (SYSRECOVERY) (Removable) (Total:14.84 GB) (Free:7.07 GB) FAT32
Drive h: () (Fixed) (Total:0.45 GB) (Free:0.08 GB) NTFS
Drive x: (Boot) (Fixed) (Total:0.5 GB) (Free:0.5 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 640F8E3C)
 
Partition: GPT.
 
========================================================
Disk: 1 (Size: 3.7 GB) (Disk ID: 59E22FF9)
Partition 1: (Active) - (Size=3.7 GB) - (Type=0B)
 
========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 14.9 GB) (Disk ID: 00000000)
 
Partition: GPT.
 
LastRegBack: 2017-03-17 07:38
 
==================== End of FRST.txt ============================

Edited by SILE, 22 March 2017 - 09:11 AM.


#6 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 3,976 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:09:01 PM

Posted 22 March 2017 - 10:05 AM

Hello Neha. Nice to hear that everything went well. 

 

There is really old malware running on your system, that is quite weird. One of the malware pieces existed around 2008. 

 

 

2017-03-22 03:56 - 2017-03-22 03:56 - 00000000 ____D C:\Users\Bhupendra Singh\AppData\Local\Bepat

2017-03-22 03:51 - 2017-03-22 03:51 - 00000000 ____D C:\Program Files (x86)\Bepat
2017-03-02 09:50 - 2017-03-02 09:50 - 00000000 ____D C:\Windows\System32\Tasks\Aviata

Do you know these files?

 

 

STEP 1


xlK5Hdb.png Farbar Recovery Scan Tool (FRST) Recovery Environment Script

  • Using your clean computer, press the Windows Key pdKOQKY.png + R on your keyboard at the same time. Type Notepad and click OK.
  • Copy the entire contents of the codebox below and paste into the Notepad document.
Start
S2 iSafeService; C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc.exe [131024 2016-12-01] (Elex do Brasil Participações Ltda)
S3 iThemes5; C:\Program Files (x86)\Common Files\Services\iThemes.dll [587264 2017-01-02] () <==== ATTENTION
S2 Kyubey; C:\Users\Bhupendra Singh\AppData\Roaming\Kyubey\Kyubey.exe [123392 2017-03-19] ()
S2 Themes; C:\Windows\system32\themeservice.dll [70656 2016-07-16] (Microsoft Corporation) [DependOnService: iThemes5]<==== ATTENTION
S2 WinSAPSvc; C:\Users\Bhupendra Singh\AppData\Roaming\WinSAPSvc\WinSAP.dll [218624 2017-03-20] (Windows)
S2 ed2kidle; "C:\Program Files (x86)\amuleC\ed2k.exe" -downloadwhenidle [X] <==== ATTENTION
S2 GubedZL; C:\Program Files (x86)\Gubed\GubedZL.dll [X]
S1 iSafeKrnl; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnl.sys [262344 2016-05-22] (Elex do Brasil Participações Ltda)
S3 iSafeKrnlBoot; C:\Windows\System32\DRIVERS\iSafeKrnlBoot.sys [55056 2016-05-22] (Elex do Brasil Participações Ltda)
S1 iSafeKrnlKit; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlKit.sys [110112 2016-05-22] (Elex do Brasil Participações Ltda)
S1 iSafeKrnlMon; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlMon.sys [52440 2016-05-22] (Elex do Brasil Participações Ltda)
S1 iSafeKrnlR3; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlR3.sys [103904 2016-05-22] (Elex do Brasil Participações Ltda)
S1 iSafeNetFilter; C:\Windows\System32\DRIVERS\iSafeNetFilter.sys [52392 2016-05-18] (Elex do Brasil Participações Ltda)
S3 ucdrv; C:\WINDOWS\System32\drivers:ucdrv-x64.sys [80850 ] (UC Web Inc.) <==== ATTENTION
S1 inqxuegd; \??\C:\WINDOWS\system32\drivers\inqxuegd.sys [X]
C:\Program Files (x86)\WinSnare(4.3.2)
Folder: C:\Program Files (x86)\MK
2017-03-15 05:09 - 2017-03-22 03:50 - 00000000 ____D C:\Program Files (x86)\n1
2017-03-15 05:09 - 2017-03-16 05:31 - 00000000 ____D C:\Program Files (x86)\BikaQRss
2017-03-15 05:09 - 2017-03-16 04:50 - 00003322 _____ C:\Windows\System32\Tasks\BikaQ_FetchAndUpgrade_CanBeDel
2017-03-07 05:02 - 2017-03-17 07:51 - 00000000 ____D C:\Program Files (x86)\amulell
2017-03-03 05:02 - 2017-03-16 06:27 - 00000000 ____D C:\Program Files (x86)\amuleCexx
2017-03-02 05:28 - 2017-03-22 05:42 - 00000000 _____ C:\Windows\SysWOW64\1
2017-03-01 06:44 - 2017-03-16 05:32 - 00000000 _____ C:\Windows\SysWOW64\4
2017-03-01 06:44 - 2017-03-16 05:32 - 00000000 _____ C:\Windows\SysWOW64\3
2017-03-01 06:43 - 2017-03-22 03:50 - 00003674 _____ C:\Windows\System32\Tasks\Milimili
2017-03-01 06:43 - 2017-03-22 03:50 - 00000000 ____D C:\Users\Bhupendra Singh\AppData\Roaming\WinSAPSvc
2017-03-01 06:43 - 2017-03-21 05:45 - 00000000 ____D C:\Users\Bhupendra Singh\AppData\Roaming\Kyubey
2017-03-01 06:43 - 2017-03-03 05:02 - 00000000 ____D C:\Users\Bhupendra Singh\AppData\Roaming\WinSnare
2017-03-01 06:43 - 2017-03-01 09:09 - 00000000 ____D C:\Program Files (x86)\MIO
EmptyTemp:
End
  •  
  • Click FileSave As and type fixlist.txt as the File Name.
  • Save the file to your USB drive.

NOTICE: This script is intended for use on this particular machine. Do not use this script on any other machine; doing so may cause damage to your Operating System.

  • Enter the Recovery Environment just as you did before.
  • Run FRST just as you did before.
  • Click Fix.
  • A log (Fixlog.txt) will be saved to your USB drive.
  • Attempt to boot normally into Windows. Does the computer boot normally?
  • Copy the contents of Fixlog.txt and paste in your next reply (using either the affected computer or clean computer).

 

Please restart the PC and please tell me if you can open files now. If not, please do a new FRST RE scan (as you managed it before) and post the logs.


~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#7 SILE

SILE
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Local time:07:31 AM

Posted 23 March 2017 - 09:59 AM

Hey, I know i'm a bit late. 

 

About those three files, i have no idea from where they came. I couldn't even reach "aviata" . It restricted me.

So, i couldn't save that script you sent using my system, it showed error "insufficient memory......"

But i did save it using clean PC, I did as you asked, but still i can't run .exe files. Symptoms are still there. 

Fixlog.txt -
 

Fix result of Farbar Recovery Scan Tool (x64) Version: 15-03-2017
Ran by SYSTEM (23-03-2017 20:04:13) Run:1
Running from E:\
Boot Mode: Recovery
==============================================
 
fixlist content:
*****************
Start
S2 iSafeService; C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc.exe [131024 2016-12-01] (Elex do Brasil Participações Ltda)
S3 iThemes5; C:\Program Files (x86)\Common Files\Services\iThemes.dll [587264 2017-01-02] () <==== ATTENTION
S2 Kyubey; C:\Users\Bhupendra Singh\AppData\Roaming\Kyubey\Kyubey.exe [123392 2017-03-19] ()
S2 Themes; C:\Windows\system32\themeservice.dll [70656 2016-07-16] (Microsoft Corporation) [DependOnService: iThemes5]<==== ATTENTION
S2 WinSAPSvc; C:\Users\Bhupendra Singh\AppData\Roaming\WinSAPSvc\WinSAP.dll [218624 2017-03-20] (Windows)
S2 ed2kidle; "C:\Program Files (x86)\amuleC\ed2k.exe" -downloadwhenidle [X] <==== ATTENTION
S2 GubedZL; C:\Program Files (x86)\Gubed\GubedZL.dll [X]
S1 iSafeKrnl; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnl.sys [262344 2016-05-22] (Elex do Brasil Participações Ltda)
S3 iSafeKrnlBoot; C:\Windows\System32\DRIVERS\iSafeKrnlBoot.sys [55056 2016-05-22] (Elex do Brasil Participações Ltda)
S1 iSafeKrnlKit; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlKit.sys [110112 2016-05-22] (Elex do Brasil Participações Ltda)
S1 iSafeKrnlMon; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlMon.sys [52440 2016-05-22] (Elex do Brasil Participações Ltda)
S1 iSafeKrnlR3; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlR3.sys [103904 2016-05-22] (Elex do Brasil Participações Ltda)
S1 iSafeNetFilter; C:\Windows\System32\DRIVERS\iSafeNetFilter.sys [52392 2016-05-18] (Elex do Brasil Participações Ltda)
S3 ucdrv; C:\WINDOWS\System32\drivers:ucdrv-x64.sys [80850 ] (UC Web Inc.) <==== ATTENTION
S1 inqxuegd; \??\C:\WINDOWS\system32\drivers\inqxuegd.sys [X]
C:\Program Files (x86)\WinSnare(4.3.2)
Folder: C:\Program Files (x86)\MK
2017-03-15 05:09 - 2017-03-22 03:50 - 00000000 ____D C:\Program Files (x86)\n1
2017-03-15 05:09 - 2017-03-16 05:31 - 00000000 ____D C:\Program Files (x86)\BikaQRss
2017-03-15 05:09 - 2017-03-16 04:50 - 00003322 _____ C:\Windows\System32\Tasks\BikaQ_FetchAndUpgrade_CanBeDel
2017-03-07 05:02 - 2017-03-17 07:51 - 00000000 ____D C:\Program Files (x86)\amulell
2017-03-03 05:02 - 2017-03-16 06:27 - 00000000 ____D C:\Program Files (x86)\amuleCexx
2017-03-02 05:28 - 2017-03-22 05:42 - 00000000 _____ C:\Windows\SysWOW64\1
2017-03-01 06:44 - 2017-03-16 05:32 - 00000000 _____ C:\Windows\SysWOW64\4
2017-03-01 06:44 - 2017-03-16 05:32 - 00000000 _____ C:\Windows\SysWOW64\3
2017-03-01 06:43 - 2017-03-22 03:50 - 00003674 _____ C:\Windows\System32\Tasks\Milimili
2017-03-01 06:43 - 2017-03-22 03:50 - 00000000 ____D C:\Users\Bhupendra Singh\AppData\Roaming\WinSAPSvc
2017-03-01 06:43 - 2017-03-21 05:45 - 00000000 ____D C:\Users\Bhupendra Singh\AppData\Roaming\Kyubey
2017-03-01 06:43 - 2017-03-03 05:02 - 00000000 ____D C:\Users\Bhupendra Singh\AppData\Roaming\WinSnare
2017-03-01 06:43 - 2017-03-01 09:09 - 00000000 ____D C:\Program Files (x86)\MIO
EmptyTemp:
End
*****************
 
HKLM\System\ControlSet001\Services\iSafeService => key removed successfully
iSafeService => service removed successfully
HKLM\System\ControlSet001\Services\iThemes5 => key removed successfully
iThemes5 => service removed successfully
HKLM\System\ControlSet001\Services\Themes\\DependOnService => value removed successfully
HKLM\System\ControlSet001\Services\Kyubey => key removed successfully
Kyubey => service removed successfully
HKLM\System\ControlSet001\Services\Themes\\DependOnService => value not found.
HKLM\System\ControlSet001\Services\WinSAPSvc => key removed successfully
WinSAPSvc => service removed successfully
HKLM\System\ControlSet001\Services\ed2kidle => key removed successfully
ed2kidle => service removed successfully
HKLM\System\ControlSet001\Services\GubedZL => key removed successfully
GubedZL => service removed successfully
HKLM\System\ControlSet001\Services\iSafeKrnl => key removed successfully
iSafeKrnl => service removed successfully
HKLM\System\ControlSet001\Services\iSafeKrnlBoot => key removed successfully
iSafeKrnlBoot => service removed successfully
HKLM\System\ControlSet001\Services\iSafeKrnlKit => key removed successfully
iSafeKrnlKit => service removed successfully
HKLM\System\ControlSet001\Services\iSafeKrnlMon => key removed successfully
iSafeKrnlMon => service removed successfully
HKLM\System\ControlSet001\Services\iSafeKrnlR3 => key removed successfully
iSafeKrnlR3 => service removed successfully
HKLM\System\ControlSet001\Services\iSafeNetFilter => key removed successfully
iSafeNetFilter => service removed successfully
HKLM\System\ControlSet001\Services\ucdrv => key removed successfully
ucdrv => service removed successfully
HKLM\System\ControlSet001\Services\inqxuegd => key removed successfully
inqxuegd => service removed successfully
C:\Program Files (x86)\WinSnare(4.3.2) => moved successfully
 
========================= Folder: C:\Program Files (x86)\MK ========================
 
2017-03-03 04:53 - 2017-03-03 04:53 - 0000000 ____D () C:\Program Files (x86)\MK\HL
 
====== End of Folder: ======
 
C:\Program Files (x86)\n1 => moved successfully
C:\Program Files (x86)\BikaQRss => moved successfully
C:\Windows\System32\Tasks\BikaQ_FetchAndUpgrade_CanBeDel => moved successfully
C:\Program Files (x86)\amulell => moved successfully
C:\Program Files (x86)\amuleCexx => moved successfully
C:\Windows\SysWOW64\1 => moved successfully
C:\Windows\SysWOW64\4 => moved successfully
C:\Windows\SysWOW64\3 => moved successfully
C:\Windows\System32\Tasks\Milimili => moved successfully
C:\Users\Bhupendra Singh\AppData\Roaming\WinSAPSvc => moved successfully
C:\Users\Bhupendra Singh\AppData\Roaming\Kyubey => moved successfully
C:\Users\Bhupendra Singh\AppData\Roaming\WinSnare => moved successfully
C:\Program Files (x86)\MIO => moved successfully
EmptyTemp: => Error: This directive works only outside recovery mode.
 
==== End of Fixlog 20:04:16 ====


P.s. I don't know how there can be a file since 2008, because this laptop is not more than an year old.

Edited by SILE, 23 March 2017 - 10:01 AM.


#8 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 3,976 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:09:01 PM

Posted 23 March 2017 - 03:48 PM

Could you please run FRST again in RE mode and give me a new FRST log as you did before?


~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#9 SILE

SILE
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Local time:07:31 AM

Posted 24 March 2017 - 08:39 AM

Oops, you asked me to do the same last time also. Excuse me please  :whistle: 

Here is the report ---- 
 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-03-2017
Ran by SYSTEM on MININT-D8TDK1B (24-03-2017 18:57:00)
Running from E:\
Platform: Windows 10 Home Single Language Version 1607 (X64) Language: English (United States)
Internet Explorer Version 11
Boot Mode: Recovery
Default: ControlSet001
ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.
 
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8512760 2015-08-03] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_MAXX6] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1411320 2015-08-03] (Realtek Semiconductor)
HKLM\...\Run: [WavesSvc] => C:\Program Files\Waves\MaxxAudio\WavesSvc64.exe [610048 2015-01-13] (Waves Audio Ltd.)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2585744 2015-01-15] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [MRT] => C:\WINDOWS\system32\MRT.exe [138634176 2017-03-17] (Microsoft Corporation)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [27308304 2017-03-06] (Dropbox, Inc.)
HKLM-x32\...\Run: [FAStartup] => [X]
HKLM-x32\...\Run: [FATrayAlert] => C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe [95464 2015-08-07] (Sensible Vision )
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [597040 2015-10-06] (Oracle Corporation)
Winlogon\Notify\FastAccess: C:\Program Files (x86)\Sensible Vision\Fast Access\FALogNot.dll [2015-08-07] (Sensible Vision )
Lsa: [Notification Packages] scecli FAPassSync C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [3736776 2017-03-05] (Microsoft Corporation)
S3 ClientAnalyticsService; C:\Program Files\Common Files\McAfee\ClientAnalytics\Legacy\McClientAnalytics.exe [1747800 2017-02-15] (Intel Security)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2015-12-27] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2015-12-27] (Dropbox, Inc.)
S2 DbxSvc; C:\Windows\system32\DbxSvc.exe [46408 2017-01-20] (Dropbox, Inc.)
S2 Dell Customer Connect; C:\Program Files (x86)\Dell Customer Connect\DCCService.exe [130936 2016-12-20] (Dell Inc.)
S2 Dell Foundation Services; C:\Program Files\Dell\Dell Foundation Services\DFSSvc.exe [97616 2017-01-11] (Dell)
S2 Dell Help & Support; C:\Program Files\Dell\Dell Help & Support\MDLCSvc.exe [77648 2016-12-22] (Dell Inc.)
S3 DellProdRegManager; C:\Program Files (x86)\Dell Product Registration\regmgrsvc.exe [278568 2014-10-31] (Aviata, Inc.)
S2 DellUpdate; C:\Program Files (x86)\Dell Update\DellUpService.exe [237272 2015-08-26] (Dell Inc.)
S2 Dhcp; C:\Windows\SysWOW64\dhcpcore.dll [12 2016-07-16] ()
S3 diagnosticshub.standardcollector.service; C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe [12 2016-07-16] ()
S2 FirefoxU; C:\Program Files (x86)\Firefox\bin\FirefoxUpdate.exe [109744 2017-03-20] ()
S2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148560 2015-01-15] (NVIDIA Corporation)
S2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [641520 2016-12-08] (McAfee, Inc.)
S2 iBtSiva; C:\Program Files (x86)\Intel\Bluetooth\ibtsiva.exe [124520 2014-12-14] (Intel Corporation)
S2 igfxCUIService2.0.0.0; C:\Windows\system32\igfxCUIService.exe [382456 2017-02-27] (Intel Corporation)
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [887256 2014-05-13] (Intel® Corporation)
S2 IntelUSBoverIP; C:\Program Files\Intel Corporation\USB over IP\bin\UoipService.exe [394184 2014-10-15] (Intel)
S3 iumsvc; C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [177376 2016-08-12] (Intel Corporation)
S2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [158496 2014-10-10] (Intel Corporation)
S2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [188352 2017-02-21] (McAfee, Inc.)
S2 McAPExe; C:\Program Files\Common Files\McAfee\VSCore_15_6\McApExe.exe [989632 2017-01-18] (McAfee, Inc.)
S2 McBootDelayStartSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [641520 2016-12-08] (McAfee, Inc.)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.500\McCHSvc.exe [329480 2017-01-18] (McAfee, Inc.)
S2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\2.3.290.0\\McCSPServiceHost.exe [2054080 2017-02-03] (McAfee, Inc.)
S2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [641520 2016-12-08] (McAfee, Inc.)
S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [1342904 2016-12-15] (McAfee, Inc.)
S2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [641520 2016-12-08] (McAfee, Inc.)
S2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [641520 2016-12-08] (McAfee, Inc.)
S3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [241040 2016-11-14] (McAfee, Inc.)
S2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe [383032 2016-11-14] (McAfee, Inc.)
S3 mfevtp; C:\WINDOWS\system32\mfevtps.exe [342768 2016-11-14] (McAfee, Inc.)
S2 ModuleCoreService; C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe [1465840 2016-12-21] (McAfee, Inc.)
S2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1706128 2015-01-15] (NVIDIA Corporation)
S2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [21833360 2015-01-15] (NVIDIA Corporation)
S2 PEFService; C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe [1104304 2016-11-15] (Intel Security, Inc.)
S2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [312056 2015-08-03] (Realtek Semiconductor)
S4 SCardSvr; C:\Windows\System32\SCardSvr.dll [12 2016-07-16] ()
S2 SftService; C:\Program Files (x86)\Dell Backup and Recovery\sftservice.exe [2065808 2016-01-04] (SoftThinks SAS)
S2 TrueKey; C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe [996824 2017-02-19] (McAfee, Inc.)
S2 TrueKeyScheduler; C:\Program Files\TrueKey\McTkSchedulerService.exe [16248 2017-02-19] (McAfee, Inc.)
S3 TrueKeyServiceHelper; C:\Program Files\TrueKey\McAfee.TrueKey.ServiceHelper.exe [86864 2017-02-19] (McAfee, Inc.)
S2 WavesSysSvc; C:\Program Files\Waves\MaxxAudio\WavesSysSvc64.exe [563456 2015-01-13] (Waves Audio Ltd.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)
S2 WPDTSrv; C:\ProgramData\Microsoft\Phone Tools\CoreCon\12.0\addons\SDKFilesVer.dll [103424 2017-03-21] ()
S3 XblGameSave; C:\Windows\System32\XblGameSave.dll [12 2016-07-16] ()
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S0 atapi; C:\Windows\System32\drivers\atapi.sys [12 2016-07-16] ()
S3 cfwids; C:\Windows\System32\drivers\cfwids.sys [88456 2016-11-17] (McAfee, Inc.)
S3 DellRbtn; C:\Windows\System32\drivers\DellRbtn.sys [10752 2013-01-24] (OSR Open Systems Resources, Inc.)
S3 iaLPSS_GPIO; C:\Windows\System32\drivers\iaLPSS_GPIO.sys [35832 2014-06-10] (Intel Corporation)
S3 iaLPSS_SPI; C:\Windows\System32\drivers\iaLPSS_SPI.sys [100856 2014-06-10] (Intel Corporation)
S3 iaLPSS_UART2; C:\Windows\System32\drivers\iaLPSS_UART2.sys [143864 2014-06-10] (Intel Corporation)
S3 ibtusb; C:\Windows\system32\DRIVERS\ibtusb.sys [263952 2015-07-14] (Intel Corporation)
S0 intelide; C:\Windows\System32\drivers\intelide.sys [12 2016-07-16] ()
S3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [129312 2014-10-11] (Intel Corporation)
S3 mfeaack; C:\Windows\System32\drivers\mfeaack.sys [484576 2016-11-17] (McAfee, Inc.)
S3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [366320 2016-11-17] (McAfee, Inc.)
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [85048 2016-11-17] (McAfee, Inc.)
S3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [518184 2016-11-17] (McAfee, Inc.)
S0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [916432 2016-11-17] (McAfee, Inc.)
S3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [498152 2016-10-24] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [109336 2016-10-24] (McAfee, Inc.)
S3 mfeplk; C:\Windows\System32\drivers\mfeplk.sys [110248 2016-11-17] (McAfee, Inc.)
S3 mfesapsn; C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys [46240 2016-06-06] (McAfee, Inc.)
S0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [254800 2016-11-17] (McAfee, Inc.)
S3 NdisImPlatform; C:\Windows\System32\drivers\NdisImPlatform.sys [12 2016-07-16] ()
S3 NetAdapterCx; C:\Windows\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
S3 NETwNb64; C:\Windows\System32\drivers\Netwbw02.sys [3537672 2017-02-17] (Intel Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-01-15] (NVIDIA Corporation)
S3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation)
S0 pciide; C:\Windows\System32\drivers\pciide.sys [12 2016-07-16] ()
S3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [896744 2015-08-13] (Realtek                                            )
S3 RTSUER; C:\Windows\system32\Drivers\RtsUer.sys [402960 2015-05-13] (Realsil Semiconductor Corporation)
S3 scfilter; C:\Windows\System32\DRIVERS\scfilter.sys [12 2016-07-16] ()
S3 usb3Hub; C:\Windows\System32\drivers\usb3Hub.sys [213296 2014-10-15] (Windows ® Win 7 DDK provider)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
S3 dbx; system32\DRIVERS\dbx.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-03-23 06:03 - 2017-03-23 06:03 - 00000000 ____D C:\Program Files (x86)\temp
2017-03-23 05:50 - 2017-03-23 05:50 - 00004222 _____ C:\Windows\System32\Tasks\Intel Security DAT Reputation (AMCore) Post DAT update endpoint safety pulse
2017-03-22 19:23 - 2017-03-23 20:04 - 00000000 ____D C:\FRST
2017-03-22 03:56 - 2017-03-22 03:56 - 00000000 ____D C:\Users\Bhupendra Singh\AppData\Local\Bepat
2017-03-22 03:53 - 2017-03-22 04:01 - 00000000 ____D C:\Users\Bhupendra Singh\AppData\LocalLow\Mozilla
2017-03-22 03:52 - 2017-03-22 03:52 - 00002001 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2017-03-22 03:52 - 2017-03-22 03:52 - 00002001 _____ C:\ProgramData\Desktop\Mozilla Firefox.lnk
2017-03-22 03:52 - 2017-03-22 03:52 - 00000000 ____D C:\Users\Bhupendra Singh\AppData\Roaming\Firefox
2017-03-22 03:52 - 2017-03-22 03:52 - 00000000 ____D C:\Users\Bhupendra Singh\AppData\Local\Firefox
2017-03-22 03:51 - 2017-03-22 03:51 - 00000000 ____D C:\Program Files (x86)\Firefox
2017-03-22 03:51 - 2017-03-22 03:51 - 00000000 ____D C:\Program Files (x86)\Bepat
2017-03-19 03:00 - 2017-03-19 03:00 - 02424832 _____ (Farbar) C:\Users\Bhupendra Singh\Downloads\FRST64.exe
2017-03-18 08:21 - 2017-03-18 08:21 - 00001205 _____ C:\Users\Bhupendra Singh\Downloads\FixNCR.reg
2017-03-18 08:02 - 2017-03-18 08:02 - 00000000 ____D C:\Users\Bhupendra Singh\Documents\aMule Downloads
2017-03-17 18:36 - 2017-03-17 18:36 - 00000000 ____D C:\$WINDOWS.~BT
2017-03-17 18:35 - 2017-03-17 18:37 - 00000000 ___HD C:\$SysReset
2017-03-17 07:40 - 2017-03-23 08:06 - 00004034 _____ C:\Windows\System32\Tasks\Intel Security DAT Reputation (AMCore) periodic endpoint safety pulse
2017-03-17 06:48 - 2017-03-17 06:48 - 00000000 _SHDL C:\Users\Default\My Documents
2017-03-17 06:48 - 2017-03-17 06:48 - 00000000 _SHDL C:\Users\Default\Documents\My Videos
2017-03-17 06:48 - 2017-03-17 06:48 - 00000000 _SHDL C:\Users\Default\Documents\My Pictures
2017-03-17 06:48 - 2017-03-17 06:48 - 00000000 _SHDL C:\Users\Default\Documents\My Music
2017-03-17 06:48 - 2017-03-17 06:48 - 00000000 _SHDL C:\Users\Default User\My Documents
2017-03-17 06:48 - 2017-03-17 06:48 - 00000000 _SHDL C:\Users\Default User\Documents\My Videos
2017-03-17 06:48 - 2017-03-17 06:48 - 00000000 _SHDL C:\Users\Default User\Documents\My Pictures
2017-03-17 06:48 - 2017-03-17 06:48 - 00000000 _SHDL C:\Users\Default User\Documents\My Music
2017-03-16 06:11 - 2017-03-16 06:11 - 08233905 _____ C:\Users\Bhupendra Singh\Downloads\CS2.pdf
2017-03-16 00:20 - 2017-03-03 22:25 - 00255488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\unimdm.tsp
2017-03-16 00:19 - 2017-03-03 22:33 - 00295424 _____ (Microsoft Corporation) C:\Windows\System32\unimdm.tsp
2017-03-16 00:19 - 2017-02-21 18:17 - 00448285 _____ C:\Windows\System32\ApnDatabase.xml
2017-03-16 00:18 - 2017-03-03 23:57 - 00192352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aepic.dll
2017-03-16 00:18 - 2017-03-03 23:35 - 00315232 _____ (Microsoft Corporation) C:\Windows\System32\dcntel.dll
2017-03-16 00:18 - 2016-07-15 18:29 - 00017408 _____ (Microsoft Corporation) C:\Windows\System32\CspCellularSettings.dll
2017-03-16 00:18 - 2016-07-15 18:28 - 00125440 _____ (Microsoft Corporation) C:\Windows\System32\EnterpriseAPNCsp.dll
2017-03-16 00:18 - 2016-07-15 18:26 - 00128512 _____ (Microsoft Corporation) C:\Windows\System32\CfgSPCellular.dll
2017-03-06 12:50 - 2017-03-06 12:50 - 00046184 _____ (Dropbox, Inc.) C:\Windows\System32\Drivers\dbx-stable.sys
2017-03-03 09:42 - 2017-03-03 09:42 - 00000000 ____D C:\ProgramData\973e2137-f0bf-4201-bf2a-57a2ec675e33
2017-03-03 09:30 - 2017-03-03 09:30 - 00000000 ____D C:\ProgramData\905ea78e-d9e7-4876-9d87-73098a928451
2017-03-03 04:58 - 2017-03-03 05:17 - 00000000 ____D C:\Windows\Minidump
2017-03-03 04:53 - 2017-03-03 04:53 - 00000000 ____D C:\Program Files (x86)\MK
2017-03-02 09:50 - 2017-03-02 09:50 - 00000000 ____D C:\Windows\System32\Tasks\Aviata
2017-03-02 05:54 - 2017-03-02 05:55 - 04031440 _____ C:\Users\Bhupendra Singh\Downloads\adwcleaner_6.044.exe
2017-02-28 20:22 - 2016-12-13 20:48 - 01631232 _____ (Microsoft Corporation) C:\Windows\System32\Windows.UI.Xaml.Resources.dll
2017-02-28 20:22 - 2016-12-13 20:38 - 17188864 _____ (Microsoft Corporation) C:\Windows\System32\Windows.UI.Xaml.dll
2017-02-28 20:21 - 2016-12-21 00:08 - 00245600 _____ (Microsoft Corporation) C:\Windows\System32\offlinesam.dll
2017-02-28 20:21 - 2016-12-21 00:08 - 00136032 _____ (Microsoft Corporation) C:\Windows\System32\ImplatSetup.dll
2017-02-28 20:21 - 2016-12-20 23:49 - 00328008 _____ (Microsoft Corporation) C:\Windows\System32\Windows.Storage.ApplicationData.dll
2017-02-28 20:21 - 2016-12-20 23:46 - 00624048 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2017-02-28 20:21 - 2016-12-20 23:43 - 04130440 _____ (Microsoft Corporation) C:\Windows\System32\mfcore.dll
2017-02-28 20:21 - 2016-12-20 23:43 - 01454504 _____ (Microsoft Corporation) C:\Windows\System32\mfnetsrc.dll
2017-02-28 20:21 - 2016-12-20 23:43 - 01071736 _____ (Microsoft Corporation) C:\Windows\System32\mfnetcore.dll
2017-02-28 20:21 - 2016-12-20 23:42 - 22224480 _____ (Microsoft Corporation) C:\Windows\System32\shell32.dll
2017-02-28 20:21 - 2016-12-20 23:42 - 01988560 _____ (Microsoft Corporation) C:\Windows\System32\mfmp4srcsnk.dll
2017-02-28 20:21 - 2016-12-20 23:42 - 01702392 _____ (Microsoft Corporation) C:\Windows\System32\mfasfsrcsnk.dll
2017-02-28 20:21 - 2016-12-20 23:42 - 01300600 _____ (Microsoft Corporation) C:\Windows\System32\mfmpeg2srcsnk.dll
2017-02-28 20:21 - 2016-12-20 23:41 - 01600632 _____ (Microsoft Corporation) C:\Windows\System32\sppobjs.dll
2017-02-28 20:21 - 2016-12-20 23:15 - 22563840 _____ (Microsoft Corporation) C:\Windows\System32\edgehtml.dll
2017-02-28 20:21 - 2016-12-20 23:08 - 00360448 _____ (Microsoft Corporation) C:\Windows\System32\rdpencom.dll
2017-02-28 20:21 - 2016-12-20 23:06 - 06285312 _____ (Microsoft Corporation) C:\Windows\System32\Windows.Media.dll
2017-02-28 20:21 - 2016-12-20 23:05 - 00425984 _____ (Microsoft Corporation) C:\Windows\System32\aadcloudap.dll
2017-02-28 20:21 - 2016-12-20 23:05 - 00261632 _____ (Microsoft Corporation) C:\Windows\System32\indexeddbserver.dll
2017-02-28 20:21 - 2016-12-20 23:01 - 09131008 _____ (Microsoft Corporation) C:\Windows\System32\twinui.dll
2017-02-28 20:21 - 2016-12-20 22:59 - 01908224 _____ (Microsoft Corporation) C:\Windows\System32\AzureSettingSyncProvider.dll
2017-02-28 20:21 - 2016-12-20 22:59 - 00883712 _____ (Microsoft Corporation) C:\Windows\System32\samsrv.dll
2017-02-28 20:21 - 2016-12-20 22:58 - 23678464 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2017-02-28 20:21 - 2016-12-20 22:56 - 00936960 _____ (Microsoft Corporation) C:\Windows\System32\MCRecvSrc.dll
2017-02-28 20:21 - 2016-12-20 22:55 - 08129536 _____ (Microsoft Corporation) C:\Windows\System32\Chakra.dll
2017-02-28 20:21 - 2016-12-20 22:55 - 04749312 _____ (Microsoft Corporation) C:\Windows\System32\SettingsHandlers_nt.dll
2017-02-28 20:21 - 2016-12-20 22:53 - 06664192 _____ (Microsoft Corporation) C:\Windows\System32\mspaint.exe
2017-02-28 20:21 - 2016-12-20 22:53 - 04474368 _____ (Microsoft Corporation) C:\Windows\System32\D3DCompiler_47.dll
2017-02-28 20:21 - 2016-12-20 22:51 - 08075776 _____ (Microsoft Corporation) C:\Windows\System32\mstscax.dll
2017-02-28 20:21 - 2016-12-20 22:51 - 05611008 _____ (Microsoft Corporation) C:\Windows\System32\d2d1.dll
2017-02-28 20:21 - 2016-12-20 22:50 - 01490432 _____ (Microsoft Corporation) C:\Windows\System32\lsasrv.dll
2017-02-28 20:21 - 2016-12-20 21:59 - 00218976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\offlinesam.dll
2017-02-28 20:21 - 2016-12-20 21:09 - 00263472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Storage.ApplicationData.dll
2017-02-28 20:21 - 2016-12-20 21:01 - 20969928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2017-02-28 20:21 - 2016-12-20 20:43 - 00285184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.BlockedShutdown.dll
2017-02-28 20:21 - 2016-12-20 20:41 - 00253952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.BioFeedback.dll
2017-02-28 20:21 - 2016-12-20 20:40 - 00557568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\StoreAgent.dll
2017-02-28 20:21 - 2016-12-20 20:40 - 00180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InstallAgent.exe
2017-02-28 20:21 - 2016-12-20 20:39 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InstallAgentUserBroker.exe
2017-02-28 20:21 - 2016-12-20 20:38 - 00866816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Cred.dll
2017-02-28 20:21 - 2016-12-20 20:35 - 00198656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\indexeddbserver.dll
2017-02-28 20:21 - 2016-12-20 20:34 - 07626752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll
2017-02-28 20:21 - 2016-12-20 20:33 - 19413504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\edgehtml.dll
2017-02-28 20:21 - 2016-12-20 20:32 - 19417600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2017-02-28 20:21 - 2016-12-20 20:30 - 05398016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aclui.dll
2017-02-28 20:21 - 2016-12-20 20:30 - 01255936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AzureSettingSyncProvider.dll
2017-02-28 20:21 - 2016-12-20 20:26 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSVP9DEC.dll
2017-02-28 20:21 - 2016-12-20 20:25 - 06474752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mspaint.exe
2017-02-28 20:21 - 2016-12-20 20:24 - 06044160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Chakra.dll
2017-02-28 20:21 - 2016-12-20 20:22 - 01883648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Logon.dll
2017-02-28 20:21 - 2016-12-13 21:41 - 01235296 _____ (Microsoft Corporation) C:\Windows\System32\aeinv.dll
2017-02-28 20:21 - 2016-12-13 21:34 - 02482280 _____ (Microsoft Corporation) C:\Windows\System32\msmpeg2vdec.dll
2017-02-28 20:21 - 2016-12-13 21:23 - 00404832 _____ (Microsoft Corporation) C:\Windows\System32\msv1_0.dll
2017-02-28 20:21 - 2016-12-13 21:21 - 02206496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2017-02-28 20:21 - 2016-12-13 21:17 - 00319288 _____ (Microsoft Corporation) C:\Windows\System32\wow64.dll
2017-02-28 20:21 - 2016-12-13 21:14 - 01694712 _____ (Microsoft Corporation) C:\Windows\System32\winmde.dll
2017-02-28 20:21 - 2016-12-13 21:01 - 01557808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winmde.dll
2017-02-28 20:21 - 2016-12-13 21:01 - 00382784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2017-02-28 20:21 - 2016-12-13 20:46 - 01631232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Xaml.Resources.dll
2017-02-28 20:21 - 2016-12-13 20:43 - 00201728 _____ (Microsoft Corporation) C:\Windows\System32\ScDeviceEnum.dll
2017-02-28 20:21 - 2016-12-13 20:42 - 00236544 _____ (Microsoft Corporation) C:\Windows\System32\WinSCard.dll
2017-02-28 20:21 - 2016-12-13 20:42 - 00167424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WinSCard.dll
2017-02-28 20:21 - 2016-12-13 20:40 - 00193536 _____ (Microsoft Corporation) C:\Windows\System32\certprop.dll
2017-02-28 20:21 - 2016-12-13 20:38 - 13869056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Xaml.dll
2017-02-28 20:21 - 2016-12-13 20:38 - 00213504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.CredDialogController.dll
2017-02-28 20:21 - 2016-12-13 20:37 - 00090112 _____ (Microsoft Corporation) C:\Windows\System32\updatepolicy.dll
2017-02-28 20:21 - 2016-12-13 20:36 - 00074752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\updatepolicy.dll
2017-02-28 20:21 - 2016-12-13 20:35 - 00755712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2017-02-28 20:21 - 2016-12-13 20:35 - 00600576 _____ (Microsoft Corporation) C:\Windows\System32\cryptui.dll
2017-02-28 20:21 - 2016-12-13 20:35 - 00553984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll
2017-02-28 20:21 - 2016-12-13 20:26 - 00932864 _____ (Microsoft Corporation) C:\Windows\System32\kerberos.dll
2017-02-28 20:21 - 2016-12-13 20:26 - 00869888 _____ (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2017-02-28 20:21 - 2016-12-13 20:24 - 01005568 _____ (Microsoft Corporation) C:\Windows\System32\D3D12.dll
2017-02-28 20:21 - 2016-12-13 20:24 - 00673792 _____ (Microsoft Corporation) C:\Windows\System32\winlogon.exe
2017-02-28 20:21 - 2016-12-13 20:23 - 03134976 _____ (Microsoft Corporation) C:\Windows\System32\rdpcore.dll
2017-02-28 20:21 - 2016-12-13 20:22 - 02317824 _____ (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2017-02-28 20:21 - 2016-12-13 20:22 - 01513472 _____ (Microsoft Corporation) C:\Windows\System32\win32kbase.sys
2017-02-28 20:21 - 2016-12-13 20:22 - 00391168 _____ (Microsoft Corporation) C:\Windows\System32\wuuhext.dll
2017-02-28 20:21 - 2016-11-02 04:01 - 00484584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2017-02-28 20:21 - 2016-11-02 02:28 - 00324608 _____ (Microsoft Corporation) C:\Windows\System32\Windows.ApplicationModel.LockScreen.dll
2017-02-28 20:21 - 2016-08-01 20:30 - 00822784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Chakradiag.dll
2017-02-28 20:20 - 2016-12-20 22:47 - 01121280 _____ (Microsoft Corporation) C:\Windows\System32\aadtb.dll
2017-02-28 20:20 - 2016-12-20 20:41 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.LockScreen.dll
2017-02-28 20:19 - 2016-12-20 23:43 - 00092512 _____ (Microsoft Corporation) C:\Windows\System32\rdpudd.dll
2017-02-28 20:19 - 2016-12-20 23:14 - 00043008 _____ (Microsoft Corporation) C:\Windows\System32\LaunchWinApp.exe
2017-02-28 20:19 - 2016-12-20 23:08 - 00289792 _____ (Microsoft Corporation) C:\Windows\System32\DeveloperOptionsSettingsHandlers.dll
2017-02-28 20:19 - 2016-12-20 22:56 - 00947712 _____ (Microsoft Corporation) C:\Windows\System32\MSVP9DEC.dll
2017-02-28 20:19 - 2016-12-20 22:49 - 04149248 _____ (Microsoft Corporation) C:\Windows\System32\rdpcorets.dll
2017-02-28 20:19 - 2016-12-20 20:46 - 00034304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\LaunchWinApp.exe
2017-02-28 20:19 - 2016-12-20 20:40 - 00318976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpencom.dll
2017-02-28 20:19 - 2016-12-20 20:40 - 00237056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SyncSettings.dll
2017-02-28 20:19 - 2016-12-20 20:25 - 07469056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2017-02-28 20:19 - 2016-12-13 21:01 - 00076984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\remoteaudioendpoint.dll
2017-02-28 20:19 - 2016-12-13 20:42 - 00208896 _____ (Microsoft Corporation) C:\Windows\System32\Windows.Internal.UI.Logon.ProxyStub.dll
2017-02-28 20:19 - 2016-12-13 20:39 - 00290816 _____ (Microsoft Corporation) C:\Windows\System32\updatehandlers.dll
2017-02-28 20:19 - 2016-12-13 20:36 - 00539648 _____ (Microsoft Corporation) C:\Windows\System32\usocore.dll
2017-02-28 20:19 - 2016-12-13 20:22 - 02748416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpcore.dll
2017-02-28 20:18 - 2016-12-21 00:04 - 07816032 _____ (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2017-02-28 20:18 - 2016-12-20 23:42 - 00241504 _____ (Microsoft Corporation) C:\Windows\System32\CloudExperienceHost.dll
2017-02-28 20:18 - 2016-12-20 23:37 - 00455520 _____ (Microsoft Corporation) C:\Windows\System32\securekernel.exe
2017-02-28 20:18 - 2016-12-20 23:13 - 00119808 _____ (Microsoft Corporation) C:\Windows\System32\KnobsCsp.dll
2017-02-28 20:18 - 2016-12-20 23:12 - 00083968 _____ (Microsoft Corporation) C:\Windows\System32\ProvPluginEng.dll
2017-02-28 20:18 - 2016-12-20 23:10 - 00234496 _____ (Microsoft Corporation) C:\Windows\System32\KnobsCore.dll
2017-02-28 20:18 - 2016-12-20 23:09 - 00368640 _____ (Microsoft Corporation) C:\Windows\System32\OneBackupHandler.dll
2017-02-28 20:18 - 2016-12-20 23:09 - 00363520 _____ (Microsoft Corporation) C:\Windows\System32\Windows.UI.BioFeedback.dll
2017-02-28 20:18 - 2016-12-20 23:08 - 01292288 _____ (Microsoft Corporation) C:\Windows\System32\MSVPXENC.dll
2017-02-28 20:18 - 2016-12-20 23:08 - 00418304 _____ (Microsoft Corporation) C:\Windows\System32\Windows.UI.BlockedShutdown.dll
2017-02-28 20:18 - 2016-12-20 23:08 - 00349184 _____ (Microsoft Corporation) C:\Windows\System32\provengine.dll
2017-02-28 20:18 - 2016-12-20 23:08 - 00211968 _____ (Microsoft Corporation) C:\Windows\System32\InstallAgent.exe
2017-02-28 20:18 - 2016-12-20 23:07 - 00748544 _____ (Microsoft Corporation) C:\Windows\System32\StoreAgent.dll
2017-02-28 20:18 - 2016-12-20 23:06 - 00310784 _____ (Microsoft Corporation) C:\Windows\System32\SyncSettings.dll
2017-02-28 20:18 - 2016-12-20 23:06 - 00260608 _____ (Microsoft Corporation) C:\Windows\System32\InstallAgentUserBroker.exe
2017-02-28 20:18 - 2016-12-20 23:06 - 00147456 _____ (Microsoft Corporation) C:\Windows\System32\winsrv.dll
2017-02-28 20:18 - 2016-12-20 23:05 - 00049152 _____ (Microsoft Corporation) C:\Windows\System32\Windows.UI.Shell.dll
2017-02-28 20:18 - 2016-12-20 23:00 - 00440320 _____ (Microsoft Corporation) C:\Windows\System32\fhcfg.dll
2017-02-28 20:18 - 2016-12-20 22:57 - 00462336 _____ (Microsoft Corporation) C:\Windows\System32\fhsettingsprovider.dll
2017-02-28 20:18 - 2016-12-20 22:54 - 05511680 _____ (Microsoft Corporation) C:\Windows\System32\aclui.dll
2017-02-28 20:18 - 2016-12-20 22:53 - 01690112 _____ (Microsoft Corporation) C:\Windows\System32\AppXDeploymentExtensions.onecore.dll
2017-02-28 20:18 - 2016-12-20 22:51 - 02275840 _____ (Microsoft Corporation) C:\Windows\System32\AppXDeploymentServer.dll
2017-02-28 20:18 - 2016-12-20 22:49 - 02691072 _____ (Microsoft Corporation) C:\Windows\System32\Windows.UI.Logon.dll
2017-02-28 20:18 - 2016-12-20 22:49 - 01062912 _____ (Microsoft Corporation) C:\Windows\System32\SettingSyncCore.dll
2017-02-28 20:18 - 2016-12-20 21:02 - 03892864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfcore.dll
2017-02-28 20:18 - 2016-12-20 21:02 - 01852720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfmp4srcsnk.dll
2017-02-28 20:18 - 2016-12-20 21:02 - 01360464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfnetsrc.dll
2017-02-28 20:18 - 2016-12-20 21:02 - 01277344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfasfsrcsnk.dll
2017-02-28 20:18 - 2016-12-20 21:02 - 01201872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfmpeg2srcsnk.dll
2017-02-28 20:18 - 2016-12-20 21:02 - 00980832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfnetcore.dll
2017-02-28 20:18 - 2016-12-20 20:39 - 01300480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSVPXENC.dll
2017-02-28 20:18 - 2016-12-20 20:35 - 04612608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.dll
2017-02-28 20:18 - 2016-12-20 20:27 - 00640000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MCRecvSrc.dll
2017-02-28 20:18 - 2016-12-20 20:24 - 05061120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2017-02-28 20:18 - 2016-12-20 20:24 - 03733504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_47.dll
2017-02-28 20:18 - 2016-12-20 20:24 - 00886272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aadtb.dll
2017-02-28 20:18 - 2016-12-20 20:22 - 00860672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SettingSyncCore.dll
2017-02-28 20:18 - 2016-12-13 21:41 - 00590960 _____ (Microsoft Corporation) C:\Windows\System32\AudioSes.dll
2017-02-28 20:18 - 2016-12-13 21:33 - 01356864 _____ (Microsoft Corporation) C:\Windows\System32\ClipUp.exe
2017-02-28 20:18 - 2016-12-13 21:19 - 00584544 _____ (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
2017-02-28 20:18 - 2016-12-13 21:18 - 00715104 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\vhdmp.sys
2017-02-28 20:18 - 2016-12-13 21:18 - 00335712 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\pci.sys
2017-02-28 20:18 - 2016-12-13 21:14 - 00418952 _____ (Microsoft Corporation) C:\Windows\System32\AUDIOKSE.dll
2017-02-28 20:18 - 2016-12-13 21:14 - 00089416 _____ (Microsoft Corporation) C:\Windows\System32\remoteaudioendpoint.dll
2017-02-28 20:18 - 2016-12-13 21:08 - 00341344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2017-02-28 20:18 - 2016-12-13 21:06 - 00509792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SettingSyncHost.exe
2017-02-28 20:18 - 2016-12-13 20:46 - 00206848 _____ (Microsoft Corporation) C:\Windows\System32\win32k.sys
2017-02-28 20:18 - 2016-12-13 20:45 - 00147968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32k.sys
2017-02-28 20:18 - 2016-12-13 20:42 - 00352768 _____ (Microsoft Corporation) C:\Windows\System32\cloudAP.dll
2017-02-28 20:18 - 2016-12-13 20:41 - 00223744 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2017-02-28 20:18 - 2016-12-13 20:40 - 00324096 _____ (Microsoft Corporation) C:\Windows\System32\domgmt.dll
2017-02-28 20:18 - 2016-12-13 20:40 - 00266752 _____ (Microsoft Corporation) C:\Windows\System32\ConsoleLogon.dll
2017-02-28 20:18 - 2016-12-13 20:40 - 00231424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CloudBackupSettings.dll
2017-02-28 20:18 - 2016-12-13 20:40 - 00104448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Internal.UI.Logon.ProxyStub.dll
2017-02-28 20:18 - 2016-12-13 20:39 - 00837632 _____ (Microsoft Corporation) C:\Windows\System32\wbiosrvc.dll
2017-02-28 20:18 - 2016-12-13 20:39 - 00257024 _____ (Microsoft Corporation) C:\Windows\System32\Windows.UI.CredDialogController.dll
2017-02-28 20:18 - 2016-12-13 20:38 - 00295424 _____ (Microsoft Corporation) C:\Windows\System32\CloudBackupSettings.dll
2017-02-28 20:18 - 2016-12-13 20:36 - 01002496 _____ (Microsoft Corporation) C:\Windows\System32\SRH.dll
2017-02-28 20:18 - 2016-12-13 20:35 - 00712192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2017-02-28 20:18 - 2016-12-13 20:32 - 00806400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3D12.dll
2017-02-28 20:18 - 2016-12-13 20:32 - 00497152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\LogonController.dll
2017-02-28 20:18 - 2016-12-13 20:25 - 02009600 _____ (Microsoft Corporation) C:\Windows\System32\SRHInproc.dll
2017-02-28 20:18 - 2016-12-13 20:23 - 01231872 _____ (Microsoft Corporation) C:\Windows\System32\dosvc.dll
2017-02-28 20:18 - 2016-12-13 20:22 - 02999808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32kfull.sys
2017-02-28 20:18 - 2016-12-13 20:22 - 00707584 _____ (Microsoft Corporation) C:\Windows\System32\LogonController.dll
2017-02-28 20:18 - 2016-12-13 20:21 - 03616768 _____ (Microsoft Corporation) C:\Windows\System32\win32kfull.sys
2017-02-28 20:18 - 2016-11-02 03:00 - 00534096 _____ (Microsoft Corporation) C:\Windows\System32\AudioEng.dll
2017-02-28 20:18 - 2016-11-02 02:22 - 00337920 _____ (Microsoft Corporation) C:\Windows\System32\AudioEndpointBuilder.dll
2017-02-28 20:18 - 2016-11-02 02:21 - 00942080 _____ (Microsoft Corporation) C:\Windows\System32\audiosrv.dll
2017-02-28 20:01 - 2016-12-20 23:08 - 00142848 _____ (Microsoft Corporation) C:\Windows\System32\poqexec.exe
2017-02-28 20:01 - 2016-12-20 20:44 - 00120320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2017-02-28 09:39 - 2017-02-28 09:39 - 00000000 ____D C:\Windows\SysWOW64\Dell
2017-02-28 09:39 - 2017-02-28 09:39 - 00000000 ____D C:\Program Files (x86)\Dell Customer Connect
2017-02-28 09:29 - 2016-05-22 18:41 - 00055056 _____ (Elex do Brasil Participações Ltda) C:\Windows\System32\Drivers\iSafeKrnlBoot.sys
2017-02-27 10:47 - 2017-02-27 10:47 - 40213960 _____ (Intel Corporation) C:\Windows\System32\igdumdim64.dll
2017-02-27 10:46 - 2017-02-27 10:46 - 15630704 _____ (Intel Corporation) C:\Windows\System32\igc64.dll
2017-02-27 10:46 - 2017-02-27 10:46 - 13607808 _____ (Intel Corporation) C:\Windows\SysWOW64\igc32.dll
2017-02-27 10:46 - 2017-02-27 10:46 - 04316136 _____ (Intel Corporation) C:\Windows\System32\igd12umd64.dll
2017-02-27 10:46 - 2017-02-27 10:46 - 04284872 _____ (Intel Corporation) C:\Windows\SysWOW64\igd12umd32.dll
2017-02-27 10:46 - 2017-02-27 10:46 - 02422504 _____ (Intel Corporation) C:\Windows\System32\igdmd64.dll
2017-02-27 10:46 - 2017-02-27 10:46 - 01883368 _____ (Intel Corporation) C:\Windows\SysWOW64\igdmd32.dll
2017-02-27 10:46 - 2017-02-27 10:46 - 01841088 _____ (Intel Corporation) C:\Windows\System32\iglhsip64.dll
2017-02-27 10:46 - 2017-02-27 10:46 - 01838392 _____ (Intel Corporation) C:\Windows\SysWOW64\iglhsip32.dll
2017-02-27 10:46 - 2017-02-27 10:46 - 00323744 _____ (Intel Corporation) C:\Windows\System32\igd10idpp64.dll
2017-02-27 10:46 - 2017-02-27 10:46 - 00308496 _____ (Intel Corporation) C:\Windows\SysWOW64\igd10idpp32.dll
2017-02-27 10:46 - 2017-02-27 10:46 - 00253016 _____ (Intel Corporation) C:\Windows\System32\iglhcp64.dll
2017-02-27 10:46 - 2017-02-27 10:46 - 00233920 _____ (Intel Corporation) C:\Windows\System32\igdde64.dll
2017-02-27 10:46 - 2017-02-27 10:46 - 00215864 _____ (Intel Corporation) C:\Windows\SysWOW64\iglhcp32.dll
2017-02-27 10:46 - 2017-02-27 10:46 - 00194336 _____ (Intel Corporation) C:\Windows\System32\igfxcmrt64.dll
2017-02-27 10:46 - 2017-02-27 10:46 - 00193304 _____ (Intel Corporation) C:\Windows\System32\igfx11cmrt64.dll
2017-02-27 10:46 - 2017-02-27 10:46 - 00192160 _____ (Intel Corporation) C:\Windows\SysWOW64\igdde32.dll
2017-02-27 10:46 - 2017-02-27 10:46 - 00170376 _____ (Intel Corporation) C:\Windows\SysWOW64\igfxcmrt32.dll
2017-02-27 10:46 - 2017-02-27 10:46 - 00170376 _____ (Intel Corporation) C:\Windows\SysWOW64\igfx11cmrt32.dll
2017-02-27 10:46 - 2017-02-27 10:46 - 00064560 _____ (Intel Corporation) C:\Windows\System32\igfxexps.dll
2017-02-27 10:44 - 2017-02-27 10:44 - 29110288 _____ (Intel Corporation) C:\Windows\System32\common_clang64.dll
2017-02-27 10:44 - 2017-02-27 10:44 - 19870224 _____ (Intel Corporation) C:\Windows\SysWOW64\common_clang32.dll
2017-02-27 10:44 - 2017-02-27 10:44 - 11750912 _____ (Intel Corporation) C:\Windows\System32\ig75icd64.dll
2017-02-27 10:44 - 2017-02-27 10:44 - 08740880 _____ (Intel Corporation) C:\Windows\SysWOW64\ig75icd32.dll
2017-02-27 10:44 - 2017-02-27 10:44 - 05697552 _____ (Intel Corporation) C:\Windows\System32\igdmcl64.dll
2017-02-27 10:44 - 2017-02-27 10:44 - 05271560 _____ (Intel Corporation) C:\Windows\System32\GfxResources.dll
2017-02-27 10:44 - 2017-02-27 10:44 - 04937232 _____ (Intel Corporation) C:\Windows\System32\igdrcl64.dll
2017-02-27 10:44 - 2017-02-27 10:44 - 04372496 _____ (Intel Corporation) C:\Windows\SysWOW64\igdrcl32.dll
2017-02-27 10:44 - 2017-02-27 10:44 - 03980304 _____ (Intel Corporation) C:\Windows\SysWOW64\igdmcl32.dll
2017-02-27 10:44 - 2017-02-27 10:44 - 01599504 _____ (Intel Corporation) C:\Windows\System32\igfxcmjit64.dll
2017-02-27 10:44 - 2017-02-27 10:44 - 01187344 _____ (Intel Corporation) C:\Windows\SysWOW64\igfxcmjit32.dll
2017-02-27 10:44 - 2017-02-27 10:44 - 01035760 _____ C:\Windows\System32\igfxSDK.exe
2017-02-27 10:44 - 2017-02-27 10:44 - 00976880 _____ (Intel Corporation) C:\Windows\System32\Gfxv4_0.exe
2017-02-27 10:44 - 2017-02-27 10:44 - 00973304 _____ (Intel Corporation) C:\Windows\System32\Gfxv2_0.exe
2017-02-27 10:44 - 2017-02-27 10:44 - 00713744 _____ (Intel Corporation) C:\Windows\System32\MetroIntelGenericUIFramework.dll
2017-02-27 10:44 - 2017-02-27 10:44 - 00545264 _____ (Intel Corporation) C:\Windows\System32\IntelWiDiUMS64.exe
2017-02-27 10:44 - 2017-02-27 10:44 - 00475632 _____ (Intel Corporation) C:\Windows\System32\GfxUIEx.exe
2017-02-27 10:44 - 2017-02-27 10:44 - 00457200 _____ (Intel Corporation) C:\Windows\System32\IntelCpHDCPSvc.exe
2017-02-27 10:44 - 2017-02-27 10:44 - 00448008 _____ (Intel Corporation) C:\Windows\System32\igdbcl64.dll
2017-02-27 10:44 - 2017-02-27 10:44 - 00424968 _____ (Intel Corporation) C:\Windows\System32\IntelOpenCL64.dll
2017-02-27 10:44 - 2017-02-27 10:44 - 00398864 _____ (Intel Corporation) C:\Windows\System32\igfxOSP.dll
2017-02-27 10:44 - 2017-02-27 10:44 - 00397328 _____ (Intel Corporation) C:\Windows\SysWOW64\igdbcl32.dll
2017-02-27 10:44 - 2017-02-27 10:44 - 00358896 _____ (Intel Corporation) C:\Windows\System32\IntelWiDiMCComp64.dll
2017-02-27 10:44 - 2017-02-27 10:44 - 00327184 _____ (Intel Corporation) C:\Windows\SysWOW64\IntelOpenCL32.dll
2017-02-27 10:44 - 2017-02-27 10:44 - 00310256 _____ (Intel Corporation) C:\Windows\SysWOW64\IntelCpHeciSvc.exe
2017-02-27 10:44 - 2017-02-27 10:44 - 00282120 _____ C:\Windows\System32\igfxCPL.cpl
2017-02-27 10:44 - 2017-02-27 10:44 - 00274952 _____ (Intel Corporation) C:\Windows\System32\igdfcl64.dll
2017-02-27 10:44 - 2017-02-27 10:44 - 00263688 _____ (Intel Corporation) C:\Windows\System32\igfxDTCM.dll
2017-02-27 10:44 - 2017-02-27 10:44 - 00245744 _____ (Intel Corporation) C:\Windows\System32\igfxext.exe
2017-02-27 10:44 - 2017-02-27 10:44 - 00241136 _____ (Intel Corporation) C:\Windows\System32\DPTopologyApp.exe
2017-02-27 10:44 - 2017-02-27 10:44 - 00240632 _____ (Intel Corporation) C:\Windows\System32\DPTopologyAppv2_0.exe
2017-02-27 10:44 - 2017-02-27 10:44 - 00234000 _____ (Intel Corporation) C:\Windows\SysWOW64\igdfcl32.dll
2017-02-27 10:44 - 2017-02-27 10:44 - 00201736 _____ (Intel Corporation) C:\Windows\System32\igdail64.dll
2017-02-27 10:44 - 2017-02-27 10:44 - 00183792 _____ (Intel Corporation) C:\Windows\System32\difx64.exe
2017-02-27 10:44 - 2017-02-27 10:44 - 00182800 _____ (Intel Corporation) C:\Windows\SysWOW64\igdail32.dll
2017-02-27 10:44 - 2017-02-27 10:44 - 00120336 _____ ( ) C:\Windows\System32\igfxSDKLibv2_0.dll
2017-02-27 10:44 - 2017-02-27 10:44 - 00112656 _____ (Khronos Group) C:\Windows\SysWOW64\Intel_OpenCL_ICD32.dll
2017-02-27 10:44 - 2017-02-27 10:44 - 00112136 _____ C:\Windows\System32\igfxCUIServicePS.dll
2017-02-27 10:44 - 2017-02-27 10:44 - 00109584 _____ ( ) C:\Windows\System32\igfxSDKLib.dll
2017-02-27 10:44 - 2017-02-27 10:44 - 00108560 _____ (Khronos Group) C:\Windows\System32\Intel_OpenCL_ICD64.dll
2017-02-27 10:44 - 2017-02-27 10:44 - 00103952 _____ ( ) C:\Windows\System32\igfxDHLibv2_0.dll
2017-02-27 10:44 - 2017-02-27 10:44 - 00093200 _____ ( ) C:\Windows\System32\igfxDHLib.dll
2017-02-27 10:44 - 2017-02-27 10:44 - 00061448 _____ (Intel Corporation) C:\Windows\SysWOW64\igfxexps32.dll
2017-02-27 10:44 - 2017-02-27 10:44 - 00037904 _____ ( ) C:\Windows\System32\igfxDILibv2_0.dll
2017-02-27 10:44 - 2017-02-27 10:44 - 00037904 _____ ( ) C:\Windows\System32\igfxDILib.dll
2017-02-27 10:44 - 2017-02-27 10:44 - 00036368 _____ ( ) C:\Windows\System32\igfxEMLibv2_0.dll
2017-02-27 10:44 - 2017-02-27 10:44 - 00036368 _____ ( ) C:\Windows\System32\igfxEMLib.dll
2017-02-27 10:44 - 2017-02-27 10:44 - 00031248 _____ ( ) C:\Windows\System32\igfxLHMLibv2_0.dll
2017-02-27 10:44 - 2017-02-27 10:44 - 00031240 _____ ( ) C:\Windows\System32\igfxLHMLib.dll
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-03-24 05:25 - 2016-09-02 22:15 - 00000000 ____D C:\Windows\System32\SleepStudy
2017-03-24 05:17 - 2015-08-25 16:04 - 00000000 ____D C:\Program Files (x86)\Dell Backup and Recovery
2017-03-24 05:12 - 2015-12-27 11:28 - 00000000 ___RD C:\Users\Bhupendra Singh\Dropbox
2017-03-24 05:11 - 2016-09-02 22:18 - 00000180 _____ C:\Windows\System32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2017-03-24 05:11 - 2015-12-27 07:20 - 00000000 __SHD C:\Users\Bhupendra Singh\IntelGraphicsProfiles
2017-03-23 18:52 - 2016-11-16 07:49 - 00000038 _____ C:\Users\Public\Documents\temp.dat
2017-03-23 18:52 - 2016-11-16 07:49 - 00000038 _____ C:\ProgramData\Documents\temp.dat
2017-03-23 07:25 - 2016-07-16 03:47 - 00000000 ____D C:\Windows\AppReadiness
2017-03-23 07:17 - 2016-11-16 07:53 - 00000000 _____ C:\Users\Public\Documents\report.dat
2017-03-23 07:17 - 2016-11-16 07:53 - 00000000 _____ C:\ProgramData\Documents\report.dat
2017-03-23 07:15 - 2016-09-02 22:24 - 00000000 ____D C:\users\Bhupendra Singh
2017-03-23 07:04 - 2016-09-02 22:42 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-03-23 05:55 - 2016-07-16 03:47 - 00000000 ___HD C:\Program Files\WindowsApps
2017-03-22 05:38 - 2016-07-15 22:04 - 01048576 _____ C:\Windows\System32\config\BBI
2017-03-22 03:56 - 2016-11-23 04:11 - 00002454 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-03-22 03:56 - 2016-11-23 04:11 - 00002454 _____ C:\ProgramData\Desktop\Google Chrome.lnk
2017-03-22 03:53 - 2016-08-17 08:51 - 00000000 ____D C:\Users\Bhupendra Singh\AppData\Roaming\Mozilla
2017-03-21 08:29 - 2016-07-16 03:47 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-03-21 08:26 - 2015-08-25 16:13 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2017-03-19 00:16 - 2016-04-12 06:52 - 00000000 ____D C:\Program Files\TrueKey
2017-03-18 23:45 - 2016-09-02 22:42 - 00003126 _____ C:\Windows\System32\Tasks\McAfeeLogon
2017-03-18 23:45 - 2016-09-02 22:42 - 00000000 ____D C:\Windows\System32\Tasks\McAfee
2017-03-18 08:03 - 2016-11-28 03:20 - 00000000 ____D C:\Users\Bhupendra Singh\AppData\Roaming\aMule
2017-03-18 07:54 - 2016-12-27 02:54 - 00000000 ____D C:\Program Files (x86)\Gubed
2017-03-17 19:01 - 2016-07-16 03:47 - 00000000 ____D C:\Windows\System
2017-03-17 07:39 - 2016-01-13 04:58 - 138634176 ____C (Microsoft Corporation) C:\Windows\System32\MRT.exe
2017-03-17 07:29 - 2015-08-25 18:01 - 00000000 ____D C:\ProgramData\Dell
2017-03-17 07:27 - 2016-07-16 03:45 - 00000000 ____D C:\Windows\INF
2017-03-17 07:27 - 2016-07-15 22:04 - 00008192 _____ C:\Windows\System32\config\ELAM
2017-03-17 07:14 - 2016-12-03 22:53 - 00000000 _____ C:\Program Files (x86)\Dell Backup and RecoveryINSTANT_RESTORE
2017-03-17 07:10 - 2016-07-16 03:47 - 00000000 ____D C:\Windows\Web
2017-03-17 06:45 - 2016-09-02 22:27 - 00000000 ____D C:\Windows\System32\config\bbimigrate
2017-03-16 10:54 - 2016-07-16 03:47 - 00000000 ___SD C:\Windows\SysWOW64\F12
2017-03-16 10:54 - 2016-07-16 03:47 - 00000000 ___SD C:\Windows\System32\F12
2017-03-16 10:54 - 2016-07-16 03:47 - 00000000 ____D C:\Windows\SysWOW64\setup
2017-03-16 10:54 - 2016-07-16 03:47 - 00000000 ____D C:\Windows\System32\setup
2017-03-16 10:54 - 2016-07-16 03:47 - 00000000 ____D C:\Windows\System32\oobe
2017-03-16 10:54 - 2016-07-16 03:47 - 00000000 ____D C:\Windows\System32\appraiser
2017-03-16 10:53 - 2016-07-16 03:47 - 00000000 ___RD C:\Windows\PrintDialog
2017-03-16 10:53 - 2016-07-16 03:47 - 00000000 ___RD C:\Windows\ImmersiveControlPanel
2017-03-16 10:53 - 2016-07-16 03:47 - 00000000 ___RD C:\Program Files\Windows Defender
2017-03-16 10:53 - 2016-07-16 03:47 - 00000000 ____D C:\Windows\ShellExperiences
2017-03-16 10:53 - 2016-07-16 03:47 - 00000000 ____D C:\Windows\bcastdvr
2017-03-16 10:53 - 2016-07-16 03:47 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2017-03-16 10:53 - 2016-07-16 03:47 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2017-03-16 10:53 - 2016-07-16 03:47 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2017-03-16 04:26 - 2016-07-16 03:36 - 00000000 ____D C:\Windows\CbsTemp
2017-03-16 02:34 - 2016-07-16 03:47 - 00000000 ____D C:\Windows\System32\NDF
2017-03-12 02:31 - 2015-12-27 07:20 - 00000000 ____D C:\Users\Bhupendra Singh\AppData\Local\Packages
2017-03-09 19:33 - 2015-08-25 16:11 - 00000000 ____D C:\Program Files (x86)\Dropbox
2017-03-08 04:18 - 2015-12-27 11:14 - 00000000 ____D C:\Users\Bhupendra Singh\AppData\Local\Dropbox
2017-03-05 05:37 - 2016-07-16 03:47 - 00000000 ____D C:\Windows\rescache
2017-03-03 12:17 - 2016-09-02 22:42 - 00004562 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2017-03-03 09:42 - 2015-08-25 16:04 - 00000000 ____D C:\Program Files\Dell
2017-03-03 09:38 - 2016-02-29 05:53 - 00000473 _____ C:\Windows\SysWOW64\DLC_Debug_log.txt
2017-03-03 09:38 - 2015-08-25 15:55 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2017-03-03 04:58 - 2016-01-03 06:03 - 802235731 _____ C:\Windows\MEMORY.DMP
2017-03-02 09:11 - 2015-12-27 07:19 - 00000000 __RHD C:\Users\Public\AccountPictures
2017-03-02 09:09 - 2016-12-27 02:54 - 00000000 ____D C:\Program Files (x86)\WinArcher
2017-03-02 09:04 - 2016-09-02 22:15 - 00337832 _____ C:\Windows\System32\FNTCACHE.DAT
2017-03-02 09:01 - 2016-07-16 03:47 - 00000000 ____D C:\Windows\System32\WinBioPlugIns
2017-03-02 09:00 - 2016-07-16 03:47 - 00000000 ____D C:\Windows\Provisioning
2017-03-02 07:01 - 2016-09-02 22:18 - 00000200 _____ C:\Windows\System32\{EC94D02F-D200-4428-9531-05AF7F9799CB}.bat
2017-03-02 06:52 - 2015-08-25 15:55 - 00000000 ____D C:\ProgramData\Intel
2017-03-02 06:52 - 2015-08-25 15:54 - 00000000 ____D C:\ProgramData\Package Cache
2017-03-02 06:51 - 2015-12-27 21:48 - 01114902 _____ C:\Windows\System32\PerfStringBackup.INI
2017-03-02 06:50 - 2015-12-30 04:32 - 00000000 ____D C:\users\nehad
2017-03-02 06:50 - 2015-10-29 22:28 - 00000000 ____D C:\users\Default.migrated
2017-03-02 06:49 - 2015-08-25 15:56 - 00000000 ____D C:\Program Files\Common Files\Intel
2017-03-02 06:48 - 2016-09-02 22:18 - 00000000 ____D C:\Program Files\Intel
2017-03-02 06:48 - 2015-08-25 15:56 - 00000000 ____D C:\Program Files (x86)\Cisco
2017-03-02 06:47 - 2015-08-25 15:58 - 00000000 ____D C:\Intel
2017-03-02 06:27 - 2016-09-02 22:42 - 00000000 ____D C:\Windows\System32\Tasks\Dell
2017-03-02 06:27 - 2015-08-25 16:10 - 00000000 ____D C:\Program Files (x86)\Dell Product Registration
2017-02-28 19:13 - 2016-11-28 03:20 - 00000000 ____D C:\Program Files (x86)\amuleC1
2017-02-28 00:41 - 2015-08-25 16:07 - 00000000 ____D C:\ProgramData\McAfee
2017-02-27 10:47 - 2015-12-18 11:40 - 39246776 _____ (Intel Corporation) C:\Windows\SysWOW64\igdumdim32.dll
2017-02-27 10:46 - 2016-11-01 09:36 - 35131640 _____ (Intel Corporation) C:\Windows\SysWOW64\igd11dxva32.dll
2017-02-27 10:46 - 2015-12-18 11:40 - 33775608 _____ (Intel Corporation) C:\Windows\System32\igd11dxva64.dll
2017-02-27 10:46 - 2015-12-18 11:40 - 15982776 _____ (Intel Corporation) C:\Windows\System32\igd10iumd64.dll
2017-02-27 10:46 - 2015-12-18 11:40 - 12798456 _____ (Intel Corporation) C:\Windows\SysWOW64\igd10iumd32.dll
2017-02-27 10:46 - 2015-12-18 11:40 - 06763136 _____ (Intel Corporation) C:\Windows\System32\igdusc64.dll
2017-02-27 10:46 - 2015-12-18 11:40 - 05193384 _____ (Intel Corporation) C:\Windows\SysWOW64\igdusc32.dll
2017-02-27 10:44 - 2016-09-02 22:18 - 00112656 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.DLL
2017-02-27 10:44 - 2016-09-02 22:18 - 00108560 _____ (Khronos Group) C:\Windows\System32\OpenCL.DLL
2017-02-27 10:44 - 2015-12-18 11:38 - 07974904 _____ (Intel Corporation) C:\Windows\System32\Drivers\igdkmd64.sys
2017-02-27 10:44 - 2015-12-18 11:38 - 02150928 _____ (Intel Corporation) C:\Windows\System32\igfxLHM.dll
2017-02-27 10:44 - 2015-12-18 11:38 - 00765448 _____ (Intel Corporation) C:\Windows\System32\igfxDH.dll
2017-02-27 10:44 - 2015-12-18 11:38 - 00410608 _____ C:\Windows\System32\igfxTray.exe
2017-02-27 10:44 - 2015-12-18 11:38 - 00407568 _____ (Intel Corporation) C:\Windows\System32\igfxDI.dll
2017-02-27 10:44 - 2015-12-18 11:38 - 00382456 _____ (Intel Corporation) C:\Windows\System32\igfxCUIService.exe
2017-02-27 10:44 - 2015-12-18 11:38 - 00363512 _____ (Intel Corporation) C:\Windows\System32\igfxEM.exe
2017-02-27 10:44 - 2015-12-18 11:38 - 00277496 _____ (Intel Corporation) C:\Windows\System32\igfxHK.exe
 
Some files in TEMP:
====================
2016-11-13 19:30 - 2016-11-13 19:30 - 1588219 _____ (                                                            ) C:\Users\Bhupendra Singh\AppData\Local\Temp\5f912555-d880-4197-9917-d50b49e604f5.exe
2016-11-05 02:52 - 2016-11-05 02:52 - 51574616 _____ (UCWeb Inc.) C:\Users\Bhupendra Singh\AppData\Local\Temp\Browser_V5.7.15319.5_r_4670_(Build1608291541).exe
2016-11-05 02:48 - 2016-11-05 02:49 - 8783983 _____ (                                                            ) C:\Users\Bhupendra Singh\AppData\Local\Temp\jg3.6.0.exe
2016-11-05 02:49 - 2016-11-05 02:49 - 1468764 _____ (YTB Music Box                                               ) C:\Users\Bhupendra Singh\AppData\Local\Temp\MusicBox.exe
2016-12-13 05:49 - 2016-12-13 05:49 - 0515584 _____ () C:\Users\Bhupendra Singh\AppData\Local\Temp\sqlite-3.7.2-sqlitejdbc.dll
2016-11-05 02:48 - 2016-11-05 02:48 - 0427232 _____ () C:\Users\Bhupendra Singh\AppData\Local\Temp\trotux.exe
2016-11-05 02:49 - 2016-11-05 02:49 - 1199825 _____ () C:\Users\Bhupendra Singh\AppData\Local\Temp\unins000.exe
2016-11-05 02:49 - 2016-11-05 02:49 - 10013312 _____ () C:\Users\Bhupendra Singh\AppData\Local\Temp\wajam_install.exe
2016-11-05 02:49 - 2016-11-05 02:49 - 0065700 _____ () C:\Users\Bhupendra Singh\AppData\Local\Temp\WeatherChicknInstaller.exe
2016-12-30 05:00 - 2016-12-30 05:00 - 0461824 _____ () C:\Users\Bhupendra Singh\AppData\Local\Temp\~ct683A.tmp.dll
2017-01-03 08:12 - 2017-01-03 08:12 - 0471552 _____ () C:\Users\Bhupendra Singh\AppData\Local\Temp\~ct7ED6.tmp.dll
2017-01-03 04:59 - 2017-01-03 04:59 - 0471552 _____ () C:\Users\Bhupendra Singh\AppData\Local\Temp\~ctA864.tmp.dll
2017-01-05 07:45 - 2017-01-05 07:45 - 0361472 _____ (update) C:\Users\Bhupendra Singh\AppData\Local\Temp\~ctB4F9.tmp.dll
2016-12-28 00:42 - 2016-12-28 00:42 - 0792064 _____ (Fun Dw) C:\Users\Bhupendra Singh\AppData\Local\Temp\~ctC357.tmp.dll
2016-12-19 01:25 - 2016-12-19 01:25 - 0782848 _____ (Fun Dw) C:\Users\Bhupendra Singh\AppData\Local\Temp\~ctD4FD.tmp.dll
 
==================== Known DLLs (Whitelisted) =========================
 
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe
[2017-02-28 20:21] - [2016-12-13 20:24] - 0673792 ____A (Microsoft Corporation) 917F081E2AB667C44F7D96DE1D16DFAE
 
C:\Windows\System32\wininit.exe
[2016-07-16 03:42] - [2016-07-16 03:42] - 0304240 ____A (Microsoft Corporation) 99A19C9A74E2F9820E501DCE77F84F70
 
C:\Windows\explorer.exe
[2016-12-22 21:10] - [2016-11-11 01:56] - 4673304 ____A (Microsoft Corporation) 4E10FB1A015B49AC68F76C1A3F4D9C0F
 
C:\Windows\SysWOW64\explorer.exe
[2016-12-22 21:11] - [2016-11-10 23:41] - 4311736 ____A (Microsoft Corporation) AF46710DDB8B0E304AA4FD2B940CABD8
 
C:\Windows\System32\svchost.exe
[2016-07-16 03:42] - [2016-07-16 03:42] - 0044496 ____A (Microsoft Corporation) 36F670D89040709013F6A460176767EC
 
C:\Windows\SysWOW64\svchost.exe
[2016-07-16 03:42] - [2016-07-16 03:42] - 0038792 ____A (Microsoft Corporation) 1F8434DD4907C832E6E90D6298EAB85B
 
C:\Windows\System32\services.exe
[2016-12-22 21:12] - [2016-11-11 01:51] - 0454592 ____A (Microsoft Corporation) 3C69CC28665854F1AAB4B4005005FA31
 
C:\Windows\System32\User32.dll
[2016-12-22 21:10] - [2016-12-09 02:10] - 1461200 ____A (Microsoft Corporation) C46EA86BF0E7C96235E9064CBAD6ED26
 
C:\Windows\SysWOW64\User32.dll
[2016-12-22 21:11] - [2016-12-09 01:52] - 1435896 ____A (Microsoft Corporation) 4BEC594A3D4AEAFAC400D88F7E328C7B
 
C:\Windows\System32\userinit.exe
[2016-07-16 03:42] - [2016-07-16 03:42] - 0033280 ____A (Microsoft Corporation) C1B1FFC800BE2F31EB2CF8CB40629C69
 
C:\Windows\SysWOW64\userinit.exe
[2016-07-16 03:42] - [2016-07-16 03:42] - 0027648 ____A (Microsoft Corporation) FA900E6CCCF0A429D5B720C6F0E2274B
 
C:\Windows\System32\rpcss.dll
[2016-07-16 03:42] - [2016-07-16 03:42] - 0888320 ____A (Microsoft Corporation) 7BD259FC59CF9C2AE1B979564B374CC6
 
C:\Windows\System32\dnsapi.dll
[2016-09-30 04:40] - [2016-09-15 09:30] - 0646136 ____A (Microsoft Corporation) 96B8A433F6407DE34850927C96C6CE9B
 
C:\Windows\SysWOW64\dnsapi.dll
[2016-09-30 04:45] - [2016-09-15 09:37] - 0496872 ____A (Microsoft Corporation) 227CFE3EDA82029AAC1C088A16297CD7
 
C:\Windows\System32\Drivers\volsnap.sys
[2016-07-16 03:42] - [2016-07-16 03:42] - 0391520 ____A (Microsoft Corporation) BF2546583BB75F01DDA60A7921DFB230
 
 
==================== Association (Whitelisted) =============
 
 
==================== Restore Points =========================
 
Restore point date: 2017-03-21 08:37
Restore point date: 2017-03-24 18:56
 
==================== Memory info =========================== 
 
Percentage of memory in use: 21%
Total physical RAM: 4012.48 MB
Available physical RAM: 3143.22 MB
Total Virtual: 4012.48 MB
Available Virtual: 3184.2 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:235.95 GB) (Free:156.8 GB) NTFS
Drive d: (New Volume) (Fixed) (Total:220.1 GB) (Free:131.96 GB) NTFS
Drive e: (KINGSTON) (Removable) (Total:3.72 GB) (Free:0.42 GB) FAT32
Drive g: () (Fixed) (Total:0.45 GB) (Free:0.08 GB) NTFS
Drive x: (Boot) (Fixed) (Total:0.5 GB) (Free:0.5 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 640F8E3C)
 
Partition: GPT.
 
========================================================
Disk: 1 (Size: 3.7 GB) (Disk ID: 59E22FF9)
Partition 1: (Active) - (Size=3.7 GB) - (Type=0B)
 
LastRegBack: 2017-03-17 07:38
 
==================== End of FRST.txt ============================Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-03-2017
Ran by SYSTEM on MININT-D8TDK1B (24-03-2017 18:57:00)
Running from E:\
Platform: Windows 10 Home Single Language Version 1607 (X64) Language: English (United States)
Internet Explorer Version 11
Boot Mode: Recovery
Default: ControlSet001
ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.
 
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8512760 2015-08-03] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_MAXX6] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1411320 2015-08-03] (Realtek Semiconductor)
HKLM\...\Run: [WavesSvc] => C:\Program Files\Waves\MaxxAudio\WavesSvc64.exe [610048 2015-01-13] (Waves Audio Ltd.)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2585744 2015-01-15] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [MRT] => C:\WINDOWS\system32\MRT.exe [138634176 2017-03-17] (Microsoft Corporation)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [27308304 2017-03-06] (Dropbox, Inc.)
HKLM-x32\...\Run: [FAStartup] => [X]
HKLM-x32\...\Run: [FATrayAlert] => C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe [95464 2015-08-07] (Sensible Vision )
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [597040 2015-10-06] (Oracle Corporation)
Winlogon\Notify\FastAccess: C:\Program Files (x86)\Sensible Vision\Fast Access\FALogNot.dll [2015-08-07] (Sensible Vision )
Lsa: [Notification Packages] scecli FAPassSync C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [3736776 2017-03-05] (Microsoft Corporation)
S3 ClientAnalyticsService; C:\Program Files\Common Files\McAfee\ClientAnalytics\Legacy\McClientAnalytics.exe [1747800 2017-02-15] (Intel Security)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2015-12-27] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2015-12-27] (Dropbox, Inc.)
S2 DbxSvc; C:\Windows\system32\DbxSvc.exe [46408 2017-01-20] (Dropbox, Inc.)
S2 Dell Customer Connect; C:\Program Files (x86)\Dell Customer Connect\DCCService.exe [130936 2016-12-20] (Dell Inc.)
S2 Dell Foundation Services; C:\Program Files\Dell\Dell Foundation Services\DFSSvc.exe [97616 2017-01-11] (Dell)
S2 Dell Help & Support; C:\Program Files\Dell\Dell Help & Support\MDLCSvc.exe [77648 2016-12-22] (Dell Inc.)
S3 DellProdRegManager; C:\Program Files (x86)\Dell Product Registration\regmgrsvc.exe [278568 2014-10-31] (Aviata, Inc.)
S2 DellUpdate; C:\Program Files (x86)\Dell Update\DellUpService.exe [237272 2015-08-26] (Dell Inc.)
S2 Dhcp; C:\Windows\SysWOW64\dhcpcore.dll [12 2016-07-16] ()
S3 diagnosticshub.standardcollector.service; C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe [12 2016-07-16] ()
S2 FirefoxU; C:\Program Files (x86)\Firefox\bin\FirefoxUpdate.exe [109744 2017-03-20] ()
S2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148560 2015-01-15] (NVIDIA Corporation)
S2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [641520 2016-12-08] (McAfee, Inc.)
S2 iBtSiva; C:\Program Files (x86)\Intel\Bluetooth\ibtsiva.exe [124520 2014-12-14] (Intel Corporation)
S2 igfxCUIService2.0.0.0; C:\Windows\system32\igfxCUIService.exe [382456 2017-02-27] (Intel Corporation)
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [887256 2014-05-13] (Intel® Corporation)
S2 IntelUSBoverIP; C:\Program Files\Intel Corporation\USB over IP\bin\UoipService.exe [394184 2014-10-15] (Intel)
S3 iumsvc; C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [177376 2016-08-12] (Intel Corporation)
S2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [158496 2014-10-10] (Intel Corporation)
S2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [188352 2017-02-21] (McAfee, Inc.)
S2 McAPExe; C:\Program Files\Common Files\McAfee\VSCore_15_6\McApExe.exe [989632 2017-01-18] (McAfee, Inc.)
S2 McBootDelayStartSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [641520 2016-12-08] (McAfee, Inc.)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.500\McCHSvc.exe [329480 2017-01-18] (McAfee, Inc.)
S2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\2.3.290.0\\McCSPServiceHost.exe [2054080 2017-02-03] (McAfee, Inc.)
S2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [641520 2016-12-08] (McAfee, Inc.)
S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [1342904 2016-12-15] (McAfee, Inc.)
S2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [641520 2016-12-08] (McAfee, Inc.)
S2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [641520 2016-12-08] (McAfee, Inc.)
S3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [241040 2016-11-14] (McAfee, Inc.)
S2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe [383032 2016-11-14] (McAfee, Inc.)
S3 mfevtp; C:\WINDOWS\system32\mfevtps.exe [342768 2016-11-14] (McAfee, Inc.)
S2 ModuleCoreService; C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe [1465840 2016-12-21] (McAfee, Inc.)
S2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1706128 2015-01-15] (NVIDIA Corporation)
S2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [21833360 2015-01-15] (NVIDIA Corporation)
S2 PEFService; C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe [1104304 2016-11-15] (Intel Security, Inc.)
S2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [312056 2015-08-03] (Realtek Semiconductor)
S4 SCardSvr; C:\Windows\System32\SCardSvr.dll [12 2016-07-16] ()
S2 SftService; C:\Program Files (x86)\Dell Backup and Recovery\sftservice.exe [2065808 2016-01-04] (SoftThinks SAS)
S2 TrueKey; C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe [996824 2017-02-19] (McAfee, Inc.)
S2 TrueKeyScheduler; C:\Program Files\TrueKey\McTkSchedulerService.exe [16248 2017-02-19] (McAfee, Inc.)
S3 TrueKeyServiceHelper; C:\Program Files\TrueKey\McAfee.TrueKey.ServiceHelper.exe [86864 2017-02-19] (McAfee, Inc.)
S2 WavesSysSvc; C:\Program Files\Waves\MaxxAudio\WavesSysSvc64.exe [563456 2015-01-13] (Waves Audio Ltd.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)
S2 WPDTSrv; C:\ProgramData\Microsoft\Phone Tools\CoreCon\12.0\addons\SDKFilesVer.dll [103424 2017-03-21] ()
S3 XblGameSave; C:\Windows\System32\XblGameSave.dll [12 2016-07-16] ()
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S0 atapi; C:\Windows\System32\drivers\atapi.sys [12 2016-07-16] ()
S3 cfwids; C:\Windows\System32\drivers\cfwids.sys [88456 2016-11-17] (McAfee, Inc.)
S3 DellRbtn; C:\Windows\System32\drivers\DellRbtn.sys [10752 2013-01-24] (OSR Open Systems Resources, Inc.)
S3 iaLPSS_GPIO; C:\Windows\System32\drivers\iaLPSS_GPIO.sys [35832 2014-06-10] (Intel Corporation)
S3 iaLPSS_SPI; C:\Windows\System32\drivers\iaLPSS_SPI.sys [100856 2014-06-10] (Intel Corporation)
S3 iaLPSS_UART2; C:\Windows\System32\drivers\iaLPSS_UART2.sys [143864 2014-06-10] (Intel Corporation)
S3 ibtusb; C:\Windows\system32\DRIVERS\ibtusb.sys [263952 2015-07-14] (Intel Corporation)
S0 intelide; C:\Windows\System32\drivers\intelide.sys [12 2016-07-16] ()
S3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [129312 2014-10-11] (Intel Corporation)
S3 mfeaack; C:\Windows\System32\drivers\mfeaack.sys [484576 2016-11-17] (McAfee, Inc.)
S3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [366320 2016-11-17] (McAfee, Inc.)
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [85048 2016-11-17] (McAfee, Inc.)
S3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [518184 2016-11-17] (McAfee, Inc.)
S0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [916432 2016-11-17] (McAfee, Inc.)
S3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [498152 2016-10-24] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [109336 2016-10-24] (McAfee, Inc.)
S3 mfeplk; C:\Windows\System32\drivers\mfeplk.sys [110248 2016-11-17] (McAfee, Inc.)
S3 mfesapsn; C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys [46240 2016-06-06] (McAfee, Inc.)
S0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [254800 2016-11-17] (McAfee, Inc.)
S3 NdisImPlatform; C:\Windows\System32\drivers\NdisImPlatform.sys [12 2016-07-16] ()
S3 NetAdapterCx; C:\Windows\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
S3 NETwNb64; C:\Windows\System32\drivers\Netwbw02.sys [3537672 2017-02-17] (Intel Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-01-15] (NVIDIA Corporation)
S3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation)
S0 pciide; C:\Windows\System32\drivers\pciide.sys [12 2016-07-16] ()
S3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [896744 2015-08-13] (Realtek                                            )
S3 RTSUER; C:\Windows\system32\Drivers\RtsUer.sys [402960 2015-05-13] (Realsil Semiconductor Corporation)
S3 scfilter; C:\Windows\System32\DRIVERS\scfilter.sys [12 2016-07-16] ()
S3 usb3Hub; C:\Windows\System32\drivers\usb3Hub.sys [213296 2014-10-15] (Windows ® Win 7 DDK provider)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
S3 dbx; system32\DRIVERS\dbx.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-03-23 06:03 - 2017-03-23 06:03 - 00000000 ____D C:\Program Files (x86)\temp
2017-03-23 05:50 - 2017-03-23 05:50 - 00004222 _____ C:\Windows\System32\Tasks\Intel Security DAT Reputation (AMCore) Post DAT update endpoint safety pulse
2017-03-22 19:23 - 2017-03-23 20:04 - 00000000 ____D C:\FRST
2017-03-22 03:56 - 2017-03-22 03:56 - 00000000 ____D C:\Users\Bhupendra Singh\AppData\Local\Bepat
2017-03-22 03:53 - 2017-03-22 04:01 - 00000000 ____D C:\Users\Bhupendra Singh\AppData\LocalLow\Mozilla
2017-03-22 03:52 - 2017-03-22 03:52 - 00002001 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2017-03-22 03:52 - 2017-03-22 03:52 - 00002001 _____ C:\ProgramData\Desktop\Mozilla Firefox.lnk
2017-03-22 03:52 - 2017-03-22 03:52 - 00000000 ____D C:\Users\Bhupendra Singh\AppData\Roaming\Firefox
2017-03-22 03:52 - 2017-03-22 03:52 - 00000000 ____D C:\Users\Bhupendra Singh\AppData\Local\Firefox
2017-03-22 03:51 - 2017-03-22 03:51 - 00000000 ____D C:\Program Files (x86)\Firefox
2017-03-22 03:51 - 2017-03-22 03:51 - 00000000 ____D C:\Program Files (x86)\Bepat
2017-03-19 03:00 - 2017-03-19 03:00 - 02424832 _____ (Farbar) C:\Users\Bhupendra Singh\Downloads\FRST64.exe
2017-03-18 08:21 - 2017-03-18 08:21 - 00001205 _____ C:\Users\Bhupendra Singh\Downloads\FixNCR.reg
2017-03-18 08:02 - 2017-03-18 08:02 - 00000000 ____D C:\Users\Bhupendra Singh\Documents\aMule Downloads
2017-03-17 18:36 - 2017-03-17 18:36 - 00000000 ____D C:\$WINDOWS.~BT
2017-03-17 18:35 - 2017-03-17 18:37 - 00000000 ___HD C:\$SysReset
2017-03-17 07:40 - 2017-03-23 08:06 - 00004034 _____ C:\Windows\System32\Tasks\Intel Security DAT Reputation (AMCore) periodic endpoint safety pulse
2017-03-17 06:48 - 2017-03-17 06:48 - 00000000 _SHDL C:\Users\Default\My Documents
2017-03-17 06:48 - 2017-03-17 06:48 - 00000000 _SHDL C:\Users\Default\Documents\My Videos
2017-03-17 06:48 - 2017-03-17 06:48 - 00000000 _SHDL C:\Users\Default\Documents\My Pictures
2017-03-17 06:48 - 2017-03-17 06:48 - 00000000 _SHDL C:\Users\Default\Documents\My Music
2017-03-17 06:48 - 2017-03-17 06:48 - 00000000 _SHDL C:\Users\Default User\My Documents
2017-03-17 06:48 - 2017-03-17 06:48 - 00000000 _SHDL C:\Users\Default User\Documents\My Videos
2017-03-17 06:48 - 2017-03-17 06:48 - 00000000 _SHDL C:\Users\Default User\Documents\My Pictures
2017-03-17 06:48 - 2017-03-17 06:48 - 00000000 _SHDL C:\Users\Default User\Documents\My Music
2017-03-16 06:11 - 2017-03-16 06:11 - 08233905 _____ C:\Users\Bhupendra Singh\Downloads\CS2.pdf
2017-03-16 00:20 - 2017-03-03 22:25 - 00255488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\unimdm.tsp
2017-03-16 00:19 - 2017-03-03 22:33 - 00295424 _____ (Microsoft Corporation) C:\Windows\System32\unimdm.tsp
2017-03-16 00:19 - 2017-02-21 18:17 - 00448285 _____ C:\Windows\System32\ApnDatabase.xml
2017-03-16 00:18 - 2017-03-03 23:57 - 00192352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aepic.dll
2017-03-16 00:18 - 2017-03-03 23:35 - 00315232 _____ (Microsoft Corporation) C:\Windows\System32\dcntel.dll
2017-03-16 00:18 - 2016-07-15 18:29 - 00017408 _____ (Microsoft Corporation) C:\Windows\System32\CspCellularSettings.dll
2017-03-16 00:18 - 2016-07-15 18:28 - 00125440 _____ (Microsoft Corporation) C:\Windows\System32\EnterpriseAPNCsp.dll
2017-03-16 00:18 - 2016-07-15 18:26 - 00128512 _____ (Microsoft Corporation) C:\Windows\System32\CfgSPCellular.dll
2017-03-06 12:50 - 2017-03-06 12:50 - 00046184 _____ (Dropbox, Inc.) C:\Windows\System32\Drivers\dbx-stable.sys
2017-03-03 09:42 - 2017-03-03 09:42 - 00000000 ____D C:\ProgramData\973e2137-f0bf-4201-bf2a-57a2ec675e33
2017-03-03 09:30 - 2017-03-03 09:30 - 00000000 ____D C:\ProgramData\905ea78e-d9e7-4876-9d87-73098a928451
2017-03-03 04:58 - 2017-03-03 05:17 - 00000000 ____D C:\Windows\Minidump
2017-03-03 04:53 - 2017-03-03 04:53 - 00000000 ____D C:\Program Files (x86)\MK
2017-03-02 09:50 - 2017-03-02 09:50 - 00000000 ____D C:\Windows\System32\Tasks\Aviata
2017-03-02 05:54 - 2017-03-02 05:55 - 04031440 _____ C:\Users\Bhupendra Singh\Downloads\adwcleaner_6.044.exe
2017-02-28 20:22 - 2016-12-13 20:48 - 01631232 _____ (Microsoft Corporation) C:\Windows\System32\Windows.UI.Xaml.Resources.dll
2017-02-28 20:22 - 2016-12-13 20:38 - 17188864 _____ (Microsoft Corporation) C:\Windows\System32\Windows.UI.Xaml.dll
2017-02-28 20:21 - 2016-12-21 00:08 - 00245600 _____ (Microsoft Corporation) C:\Windows\System32\offlinesam.dll
2017-02-28 20:21 - 2016-12-21 00:08 - 00136032 _____ (Microsoft Corporation) C:\Windows\System32\ImplatSetup.dll
2017-02-28 20:21 - 2016-12-20 23:49 - 00328008 _____ (Microsoft Corporation) C:\Windows\System32\Windows.Storage.ApplicationData.dll
2017-02-28 20:21 - 2016-12-20 23:46 - 00624048 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2017-02-28 20:21 - 2016-12-20 23:43 - 04130440 _____ (Microsoft Corporation) C:\Windows\System32\mfcore.dll
2017-02-28 20:21 - 2016-12-20 23:43 - 01454504 _____ (Microsoft Corporation) C:\Windows\System32\mfnetsrc.dll
2017-02-28 20:21 - 2016-12-20 23:43 - 01071736 _____ (Microsoft Corporation) C:\Windows\System32\mfnetcore.dll
2017-02-28 20:21 - 2016-12-20 23:42 - 22224480 _____ (Microsoft Corporation) C:\Windows\System32\shell32.dll
2017-02-28 20:21 - 2016-12-20 23:42 - 01988560 _____ (Microsoft Corporation) C:\Windows\System32\mfmp4srcsnk.dll
2017-02-28 20:21 - 2016-12-20 23:42 - 01702392 _____ (Microsoft Corporation) C:\Windows\System32\mfasfsrcsnk.dll
2017-02-28 20:21 - 2016-12-20 23:42 - 01300600 _____ (Microsoft Corporation) C:\Windows\System32\mfmpeg2srcsnk.dll
2017-02-28 20:21 - 2016-12-20 23:41 - 01600632 _____ (Microsoft Corporation) C:\Windows\System32\sppobjs.dll
2017-02-28 20:21 - 2016-12-20 23:15 - 22563840 _____ (Microsoft Corporation) C:\Windows\System32\edgehtml.dll
2017-02-28 20:21 - 2016-12-20 23:08 - 00360448 _____ (Microsoft Corporation) C:\Windows\System32\rdpencom.dll
2017-02-28 20:21 - 2016-12-20 23:06 - 06285312 _____ (Microsoft Corporation) C:\Windows\System32\Windows.Media.dll
2017-02-28 20:21 - 2016-12-20 23:05 - 00425984 _____ (Microsoft Corporation) C:\Windows\System32\aadcloudap.dll
2017-02-28 20:21 - 2016-12-20 23:05 - 00261632 _____ (Microsoft Corporation) C:\Windows\System32\indexeddbserver.dll
2017-02-28 20:21 - 2016-12-20 23:01 - 09131008 _____ (Microsoft Corporation) C:\Windows\System32\twinui.dll
2017-02-28 20:21 - 2016-12-20 22:59 - 01908224 _____ (Microsoft Corporation) C:\Windows\System32\AzureSettingSyncProvider.dll
2017-02-28 20:21 - 2016-12-20 22:59 - 00883712 _____ (Microsoft Corporation) C:\Windows\System32\samsrv.dll
2017-02-28 20:21 - 2016-12-20 22:58 - 23678464 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2017-02-28 20:21 - 2016-12-20 22:56 - 00936960 _____ (Microsoft Corporation) C:\Windows\System32\MCRecvSrc.dll
2017-02-28 20:21 - 2016-12-20 22:55 - 08129536 _____ (Microsoft Corporation) C:\Windows\System32\Chakra.dll
2017-02-28 20:21 - 2016-12-20 22:55 - 04749312 _____ (Microsoft Corporation) C:\Windows\System32\SettingsHandlers_nt.dll
2017-02-28 20:21 - 2016-12-20 22:53 - 06664192 _____ (Microsoft Corporation) C:\Windows\System32\mspaint.exe
2017-02-28 20:21 - 2016-12-20 22:53 - 04474368 _____ (Microsoft Corporation) C:\Windows\System32\D3DCompiler_47.dll
2017-02-28 20:21 - 2016-12-20 22:51 - 08075776 _____ (Microsoft Corporation) C:\Windows\System32\mstscax.dll
2017-02-28 20:21 - 2016-12-20 22:51 - 05611008 _____ (Microsoft Corporation) C:\Windows\System32\d2d1.dll
2017-02-28 20:21 - 2016-12-20 22:50 - 01490432 _____ (Microsoft Corporation) C:\Windows\System32\lsasrv.dll
2017-02-28 20:21 - 2016-12-20 21:59 - 00218976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\offlinesam.dll
2017-02-28 20:21 - 2016-12-20 21:09 - 00263472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Storage.ApplicationData.dll
2017-02-28 20:21 - 2016-12-20 21:01 - 20969928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2017-02-28 20:21 - 2016-12-20 20:43 - 00285184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.BlockedShutdown.dll
2017-02-28 20:21 - 2016-12-20 20:41 - 00253952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.BioFeedback.dll
2017-02-28 20:21 - 2016-12-20 20:40 - 00557568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\StoreAgent.dll
2017-02-28 20:21 - 2016-12-20 20:40 - 00180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InstallAgent.exe
2017-02-28 20:21 - 2016-12-20 20:39 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InstallAgentUserBroker.exe
2017-02-28 20:21 - 2016-12-20 20:38 - 00866816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Cred.dll
2017-02-28 20:21 - 2016-12-20 20:35 - 00198656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\indexeddbserver.dll
2017-02-28 20:21 - 2016-12-20 20:34 - 07626752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll
2017-02-28 20:21 - 2016-12-20 20:33 - 19413504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\edgehtml.dll
2017-02-28 20:21 - 2016-12-20 20:32 - 19417600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2017-02-28 20:21 - 2016-12-20 20:30 - 05398016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aclui.dll
2017-02-28 20:21 - 2016-12-20 20:30 - 01255936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AzureSettingSyncProvider.dll
2017-02-28 20:21 - 2016-12-20 20:26 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSVP9DEC.dll
2017-02-28 20:21 - 2016-12-20 20:25 - 06474752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mspaint.exe
2017-02-28 20:21 - 2016-12-20 20:24 - 06044160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Chakra.dll
2017-02-28 20:21 - 2016-12-20 20:22 - 01883648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Logon.dll
2017-02-28 20:21 - 2016-12-13 21:41 - 01235296 _____ (Microsoft Corporation) C:\Windows\System32\aeinv.dll
2017-02-28 20:21 - 2016-12-13 21:34 - 02482280 _____ (Microsoft Corporation) C:\Windows\System32\msmpeg2vdec.dll
2017-02-28 20:21 - 2016-12-13 21:23 - 00404832 _____ (Microsoft Corporation) C:\Windows\System32\msv1_0.dll
2017-02-28 20:21 - 2016-12-13 21:21 - 02206496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2017-02-28 20:21 - 2016-12-13 21:17 - 00319288 _____ (Microsoft Corporation) C:\Windows\System32\wow64.dll
2017-02-28 20:21 - 2016-12-13 21:14 - 01694712 _____ (Microsoft Corporation) C:\Windows\System32\winmde.dll
2017-02-28 20:21 - 2016-12-13 21:01 - 01557808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winmde.dll
2017-02-28 20:21 - 2016-12-13 21:01 - 00382784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2017-02-28 20:21 - 2016-12-13 20:46 - 01631232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Xaml.Resources.dll
2017-02-28 20:21 - 2016-12-13 20:43 - 00201728 _____ (Microsoft Corporation) C:\Windows\System32\ScDeviceEnum.dll
2017-02-28 20:21 - 2016-12-13 20:42 - 00236544 _____ (Microsoft Corporation) C:\Windows\System32\WinSCard.dll
2017-02-28 20:21 - 2016-12-13 20:42 - 00167424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WinSCard.dll
2017-02-28 20:21 - 2016-12-13 20:40 - 00193536 _____ (Microsoft Corporation) C:\Windows\System32\certprop.dll
2017-02-28 20:21 - 2016-12-13 20:38 - 13869056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Xaml.dll
2017-02-28 20:21 - 2016-12-13 20:38 - 00213504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.CredDialogController.dll
2017-02-28 20:21 - 2016-12-13 20:37 - 00090112 _____ (Microsoft Corporation) C:\Windows\System32\updatepolicy.dll
2017-02-28 20:21 - 2016-12-13 20:36 - 00074752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\updatepolicy.dll
2017-02-28 20:21 - 2016-12-13 20:35 - 00755712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2017-02-28 20:21 - 2016-12-13 20:35 - 00600576 _____ (Microsoft Corporation) C:\Windows\System32\cryptui.dll
2017-02-28 20:21 - 2016-12-13 20:35 - 00553984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll
2017-02-28 20:21 - 2016-12-13 20:26 - 00932864 _____ (Microsoft Corporation) C:\Windows\System32\kerberos.dll
2017-02-28 20:21 - 2016-12-13 20:26 - 00869888 _____ (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2017-02-28 20:21 - 2016-12-13 20:24 - 01005568 _____ (Microsoft Corporation) C:\Windows\System32\D3D12.dll
2017-02-28 20:21 - 2016-12-13 20:24 - 00673792 _____ (Microsoft Corporation) C:\Windows\System32\winlogon.exe
2017-02-28 20:21 - 2016-12-13 20:23 - 03134976 _____ (Microsoft Corporation) C:\Windows\System32\rdpcore.dll
2017-02-28 20:21 - 2016-12-13 20:22 - 02317824 _____ (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2017-02-28 20:21 - 2016-12-13 20:22 - 01513472 _____ (Microsoft Corporation) C:\Windows\System32\win32kbase.sys
2017-02-28 20:21 - 2016-12-13 20:22 - 00391168 _____ (Microsoft Corporation) C:\Windows\System32\wuuhext.dll
2017-02-28 20:21 - 2016-11-02 04:01 - 00484584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2017-02-28 20:21 - 2016-11-02 02:28 - 00324608 _____ (Microsoft Corporation) C:\Windows\System32\Windows.ApplicationModel.LockScreen.dll
2017-02-28 20:21 - 2016-08-01 20:30 - 00822784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Chakradiag.dll
2017-02-28 20:20 - 2016-12-20 22:47 - 01121280 _____ (Microsoft Corporation) C:\Windows\System32\aadtb.dll
2017-02-28 20:20 - 2016-12-20 20:41 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.LockScreen.dll
2017-02-28 20:19 - 2016-12-20 23:43 - 00092512 _____ (Microsoft Corporation) C:\Windows\System32\rdpudd.dll
2017-02-28 20:19 - 2016-12-20 23:14 - 00043008 _____ (Microsoft Corporation) C:\Windows\System32\LaunchWinApp.exe
2017-02-28 20:19 - 2016-12-20 23:08 - 00289792 _____ (Microsoft Corporation) C:\Windows\System32\DeveloperOptionsSettingsHandlers.dll
2017-02-28 20:19 - 2016-12-20 22:56 - 00947712 _____ (Microsoft Corporation) C:\Windows\System32\MSVP9DEC.dll
2017-02-28 20:19 - 2016-12-20 22:49 - 04149248 _____ (Microsoft Corporation) C:\Windows\System32\rdpcorets.dll
2017-02-28 20:19 - 2016-12-20 20:46 - 00034304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\LaunchWinApp.exe
2017-02-28 20:19 - 2016-12-20 20:40 - 00318976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpencom.dll
2017-02-28 20:19 - 2016-12-20 20:40 - 00237056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SyncSettings.dll
2017-02-28 20:19 - 2016-12-20 20:25 - 07469056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2017-02-28 20:19 - 2016-12-13 21:01 - 00076984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\remoteaudioendpoint.dll
2017-02-28 20:19 - 2016-12-13 20:42 - 00208896 _____ (Microsoft Corporation) C:\Windows\System32\Windows.Internal.UI.Logon.ProxyStub.dll
2017-02-28 20:19 - 2016-12-13 20:39 - 00290816 _____ (Microsoft Corporation) C:\Windows\System32\updatehandlers.dll
2017-02-28 20:19 - 2016-12-13 20:36 - 00539648 _____ (Microsoft Corporation) C:\Windows\System32\usocore.dll
2017-02-28 20:19 - 2016-12-13 20:22 - 02748416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpcore.dll
2017-02-28 20:18 - 2016-12-21 00:04 - 07816032 _____ (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2017-02-28 20:18 - 2016-12-20 23:42 - 00241504 _____ (Microsoft Corporation) C:\Windows\System32\CloudExperienceHost.dll
2017-02-28 20:18 - 2016-12-20 23:37 - 00455520 _____ (Microsoft Corporation) C:\Windows\System32\securekernel.exe
2017-02-28 20:18 - 2016-12-20 23:13 - 00119808 _____ (Microsoft Corporation) C:\Windows\System32\KnobsCsp.dll
2017-02-28 20:18 - 2016-12-20 23:12 - 00083968 _____ (Microsoft Corporation) C:\Windows\System32\ProvPluginEng.dll
2017-02-28 20:18 - 2016-12-20 23:10 - 00234496 _____ (Microsoft Corporation) C:\Windows\System32\KnobsCore.dll
2017-02-28 20:18 - 2016-12-20 23:09 - 00368640 _____ (Microsoft Corporation) C:\Windows\System32\OneBackupHandler.dll
2017-02-28 20:18 - 2016-12-20 23:09 - 00363520 _____ (Microsoft Corporation) C:\Windows\System32\Windows.UI.BioFeedback.dll
2017-02-28 20:18 - 2016-12-20 23:08 - 01292288 _____ (Microsoft Corporation) C:\Windows\System32\MSVPXENC.dll
2017-02-28 20:18 - 2016-12-20 23:08 - 00418304 _____ (Microsoft Corporation) C:\Windows\System32\Windows.UI.BlockedShutdown.dll
2017-02-28 20:18 - 2016-12-20 23:08 - 00349184 _____ (Microsoft Corporation) C:\Windows\System32\provengine.dll
2017-02-28 20:18 - 2016-12-20 23:08 - 00211968 _____ (Microsoft Corporation) C:\Windows\System32\InstallAgent.exe
2017-02-28 20:18 - 2016-12-20 23:07 - 00748544 _____ (Microsoft Corporation) C:\Windows\System32\StoreAgent.dll
2017-02-28 20:18 - 2016-12-20 23:06 - 00310784 _____ (Microsoft Corporation) C:\Windows\System32\SyncSettings.dll
2017-02-28 20:18 - 2016-12-20 23:06 - 00260608 _____ (Microsoft Corporation) C:\Windows\System32\InstallAgentUserBroker.exe
2017-02-28 20:18 - 2016-12-20 23:06 - 00147456 _____ (Microsoft Corporation) C:\Windows\System32\winsrv.dll
2017-02-28 20:18 - 2016-12-20 23:05 - 00049152 _____ (Microsoft Corporation) C:\Windows\System32\Windows.UI.Shell.dll
2017-02-28 20:18 - 2016-12-20 23:00 - 00440320 _____ (Microsoft Corporation) C:\Windows\System32\fhcfg.dll
2017-02-28 20:18 - 2016-12-20 22:57 - 00462336 _____ (Microsoft Corporation) C:\Windows\System32\fhsettingsprovider.dll
2017-02-28 20:18 - 2016-12-20 22:54 - 05511680 _____ (Microsoft Corporation) C:\Windows\System32\aclui.dll
2017-02-28 20:18 - 2016-12-20 22:53 - 01690112 _____ (Microsoft Corporation) C:\Windows\System32\AppXDeploymentExtensions.onecore.dll
2017-02-28 20:18 - 2016-12-20 22:51 - 02275840 _____ (Microsoft Corporation) C:\Windows\System32\AppXDeploymentServer.dll
2017-02-28 20:18 - 2016-12-20 22:49 - 02691072 _____ (Microsoft Corporation) C:\Windows\System32\Windows.UI.Logon.dll
2017-02-28 20:18 - 2016-12-20 22:49 - 01062912 _____ (Microsoft Corporation) C:\Windows\System32\SettingSyncCore.dll
2017-02-28 20:18 - 2016-12-20 21:02 - 03892864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfcore.dll
2017-02-28 20:18 - 2016-12-20 21:02 - 01852720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfmp4srcsnk.dll
2017-02-28 20:18 - 2016-12-20 21:02 - 01360464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfnetsrc.dll
2017-02-28 20:18 - 2016-12-20 21:02 - 01277344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfasfsrcsnk.dll
2017-02-28 20:18 - 2016-12-20 21:02 - 01201872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfmpeg2srcsnk.dll
2017-02-28 20:18 - 2016-12-20 21:02 - 00980832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfnetcore.dll
2017-02-28 20:18 - 2016-12-20 20:39 - 01300480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSVPXENC.dll
2017-02-28 20:18 - 2016-12-20 20:35 - 04612608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.dll
2017-02-28 20:18 - 2016-12-20 20:27 - 00640000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MCRecvSrc.dll
2017-02-28 20:18 - 2016-12-20 20:24 - 05061120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2017-02-28 20:18 - 2016-12-20 20:24 - 03733504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_47.dll
2017-02-28 20:18 - 2016-12-20 20:24 - 00886272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aadtb.dll
2017-02-28 20:18 - 2016-12-20 20:22 - 00860672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SettingSyncCore.dll
2017-02-28 20:18 - 2016-12-13 21:41 - 00590960 _____ (Microsoft Corporation) C:\Windows\System32\AudioSes.dll
2017-02-28 20:18 - 2016-12-13 21:33 - 01356864 _____ (Microsoft Corporation) C:\Windows\System32\ClipUp.exe
2017-02-28 20:18 - 2016-12-13 21:19 - 00584544 _____ (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
2017-02-28 20:18 - 2016-12-13 21:18 - 00715104 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\vhdmp.sys
2017-02-28 20:18 - 2016-12-13 21:18 - 00335712 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\pci.sys
2017-02-28 20:18 - 2016-12-13 21:14 - 00418952 _____ (Microsoft Corporation) C:\Windows\System32\AUDIOKSE.dll
2017-02-28 20:18 - 2016-12-13 21:14 - 00089416 _____ (Microsoft Corporation) C:\Windows\System32\remoteaudioendpoint.dll
2017-02-28 20:18 - 2016-12-13 21:08 - 00341344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2017-02-28 20:18 - 2016-12-13 21:06 - 00509792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SettingSyncHost.exe
2017-02-28 20:18 - 2016-12-13 20:46 - 00206848 _____ (Microsoft Corporation) C:\Windows\System32\win32k.sys
2017-02-28 20:18 - 2016-12-13 20:45 - 00147968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32k.sys
2017-02-28 20:18 - 2016-12-13 20:42 - 00352768 _____ (Microsoft Corporation) C:\Windows\System32\cloudAP.dll
2017-02-28 20:18 - 2016-12-13 20:41 - 00223744 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2017-02-28 20:18 - 2016-12-13 20:40 - 00324096 _____ (Microsoft Corporation) C:\Windows\System32\domgmt.dll
2017-02-28 20:18 - 2016-12-13 20:40 - 00266752 _____ (Microsoft Corporation) C:\Windows\System32\ConsoleLogon.dll
2017-02-28 20:18 - 2016-12-13 20:40 - 00231424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CloudBackupSettings.dll
2017-02-28 20:18 - 2016-12-13 20:40 - 00104448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Internal.UI.Logon.ProxyStub.dll
2017-02-28 20:18 - 2016-12-13 20:39 - 00837632 _____ (Microsoft Corporation) C:\Windows\System32\wbiosrvc.dll
2017-02-28 20:18 - 2016-12-13 20:39 - 00257024 _____ (Microsoft Corporation) C:\Windows\System32\Windows.UI.CredDialogController.dll
2017-02-28 20:18 - 2016-12-13 20:38 - 00295424 _____ (Microsoft Corporation) C:\Windows\System32\CloudBackupSettings.dll
2017-02-28 20:18 - 2016-12-13 20:36 - 01002496 _____ (Microsoft Corporation) C:\Windows\System32\SRH.dll
2017-02-28 20:18 - 2016-12-13 20:35 - 00712192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2017-02-28 20:18 - 2016-12-13 20:32 - 00806400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3D12.dll
2017-02-28 20:18 - 2016-12-13 20:32 - 00497152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\LogonController.dll
2017-02-28 20:18 - 2016-12-13 20:25 - 02009600 _____ (Microsoft Corporation) C:\Windows\System32\SRHInproc.dll
2017-02-28 20:18 - 2016-12-13 20:23 - 01231872 _____ (Microsoft Corporation) C:\Windows\System32\dosvc.dll
2017-02-28 20:18 - 2016-12-13 20:22 - 02999808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32kfull.sys
2017-02-28 20:18 - 2016-12-13 20:22 - 00707584 _____ (Microsoft Corporation) C:\Windows\System32\LogonController.dll
2017-02-28 20:18 - 2016-12-13 20:21 - 03616768 _____ (Microsoft Corporation) C:\Windows\System32\win32kfull.sys
2017-02-28 20:18 - 2016-11-02 03:00 - 00534096 _____ (Microsoft Corporation) C:\Windows\System32\AudioEng.dll
2017-02-28 20:18 - 2016-11-02 02:22 - 00337920 _____ (Microsoft Corporation) C:\Windows\System32\AudioEndpointBuilder.dll
2017-02-28 20:18 - 2016-11-02 02:21 - 00942080 _____ (Microsoft Corporation) C:\Windows\System32\audiosrv.dll
2017-02-28 20:01 - 2016-12-20 23:08 - 00142848 _____ (Microsoft Corporation) C:\Windows\System32\poqexec.exe
2017-02-28 20:01 - 2016-12-20 20:44 - 00120320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2017-02-28 09:39 - 2017-02-28 09:39 - 00000000 ____D C:\Windows\SysWOW64\Dell
2017-02-28 09:39 - 2017-02-28 09:39 - 00000000 ____D C:\Program Files (x86)\Dell Customer Connect
2017-02-28 09:29 - 2016-05-22 18:41 - 00055056 _____ (Elex do Brasil Participações Ltda) C:\Windows\System32\Drivers\iSafeKrnlBoot.sys
2017-02-27 10:47 - 2017-02-27 10:47 - 40213960 _____ (Intel Corporation) C:\Windows\System32\igdumdim64.dll
2017-02-27 10:46 - 2017-02-27 10:46 - 15630704 _____ (Intel Corporation) C:\Windows\System32\igc64.dll
2017-02-27 10:46 - 2017-02-27 10:46 - 13607808 _____ (Intel Corporation) C:\Windows\SysWOW64\igc32.dll
2017-02-27 10:46 - 2017-02-27 10:46 - 04316136 _____ (Intel Corporation) C:\Windows\System32\igd12umd64.dll
2017-02-27 10:46 - 2017-02-27 10:46 - 04284872 _____ (Intel Corporation) C:\Windows\SysWOW64\igd12umd32.dll
2017-02-27 10:46 - 2017-02-27 10:46 - 02422504 _____ (Intel Corporation) C:\Windows\System32\igdmd64.dll
2017-02-27 10:46 - 2017-02-27 10:46 - 01883368 _____ (Intel Corporation) C:\Windows\SysWOW64\igdmd32.dll
2017-02-27 10:46 - 2017-02-27 10:46 - 01841088 _____ (Intel Corporation) C:\Windows\System32\iglhsip64.dll
2017-02-27 10:46 - 2017-02-27 10:46 - 01838392 _____ (Intel Corporation) C:\Windows\SysWOW64\iglhsip32.dll
2017-02-27 10:46 - 2017-02-27 10:46 - 00323744 _____ (Intel Corporation) C:\Windows\System32\igd10idpp64.dll
2017-02-27 10:46 - 2017-02-27 10:46 - 00308496 _____ (Intel Corporation) C:\Windows\SysWOW64\igd10idpp32.dll
2017-02-27 10:46 - 2017-02-27 10:46 - 00253016 _____ (Intel Corporation) C:\Windows\System32\iglhcp64.dll
2017-02-27 10:46 - 2017-02-27 10:46 - 00233920 _____ (Intel Corporation) C:\Windows\System32\igdde64.dll
2017-02-27 10:46 - 2017-02-27 10:46 - 00215864 _____ (Intel Corporation) C:\Windows\SysWOW64\iglhcp32.dll
2017-02-27 10:46 - 2017-02-27 10:46 - 00194336 _____ (Intel Corporation) C:\Windows\System32\igfxcmrt64.dll
2017-02-27 10:46 - 2017-02-27 10:46 - 00193304 _____ (Intel Corporation) C:\Windows\System32\igfx11cmrt64.dll
2017-02-27 10:46 - 2017-02-27 10:46 - 00192160 _____ (Intel Corporation) C:\Windows\SysWOW64\igdde32.dll
2017-02-27 10:46 - 2017-02-27 10:46 - 00170376 _____ (Intel Corporation) C:\Windows\SysWOW64\igfxcmrt32.dll
2017-02-27 10:46 - 2017-02-27 10:46 - 00170376 _____ (Intel Corporation) C:\Windows\SysWOW64\igfx11cmrt32.dll
2017-02-27 10:46 - 2017-02-27 10:46 - 00064560 _____ (Intel Corporation) C:\Windows\System32\igfxexps.dll
2017-02-27 10:44 - 2017-02-27 10:44 - 29110288 _____ (Intel Corporation) C:\Windows\System32\common_clang64.dll
2017-02-27 10:44 - 2017-02-27 10:44 - 19870224 _____ (Intel Corporation) C:\Windows\SysWOW64\common_clang32.dll
2017-02-27 10:44 - 2017-02-27 10:44 - 11750912 _____ (Intel Corporation) C:\Windows\System32\ig75icd64.dll
2017-02-27 10:44 - 2017-02-27 10:44 - 08740880 _____ (Intel Corporation) C:\Windows\SysWOW64\ig75icd32.dll
2017-02-27 10:44 - 2017-02-27 10:44 - 05697552 _____ (Intel Corporation) C:\Windows\System32\igdmcl64.dll
2017-02-27 10:44 - 2017-02-27 10:44 - 05271560 _____ (Intel Corporation) C:\Windows\System32\GfxResources.dll
2017-02-27 10:44 - 2017-02-27 10:44 - 04937232 _____ (Intel Corporation) C:\Windows\System32\igdrcl64.dll
2017-02-27 10:44 - 2017-02-27 10:44 - 04372496 _____ (Intel Corporation) C:\Windows\SysWOW64\igdrcl32.dll
2017-02-27 10:44 - 2017-02-27 10:44 - 03980304 _____ (Intel Corporation) C:\Windows\SysWOW64\igdmcl32.dll
2017-02-27 10:44 - 2017-02-27 10:44 - 01599504 _____ (Intel Corporation) C:\Windows\System32\igfxcmjit64.dll
2017-02-27 10:44 - 2017-02-27 10:44 - 01187344 _____ (Intel Corporation) C:\Windows\SysWOW64\igfxcmjit32.dll
2017-02-27 10:44 - 2017-02-27 10:44 - 01035760 _____ C:\Windows\System32\igfxSDK.exe
2017-02-27 10:44 - 2017-02-27 10:44 - 00976880 _____ (Intel Corporation) C:\Windows\System32\Gfxv4_0.exe
2017-02-27 10:44 - 2017-02-27 10:44 - 00973304 _____ (Intel Corporation) C:\Windows\System32\Gfxv2_0.exe
2017-02-27 10:44 - 2017-02-27 10:44 - 00713744 _____ (Intel Corporation) C:\Windows\System32\MetroIntelGenericUIFramework.dll
2017-02-27 10:44 - 2017-02-27 10:44 - 00545264 _____ (Intel Corporation) C:\Windows\System32\IntelWiDiUMS64.exe
2017-02-27 10:44 - 2017-02-27 10:44 - 00475632 _____ (Intel Corporation) C:\Windows\System32\GfxUIEx.exe
2017-02-27 10:44 - 2017-02-27 10:44 - 00457200 _____ (Intel Corporation) C:\Windows\System32\IntelCpHDCPSvc.exe
2017-02-27 10:44 - 2017-02-27 10:44 - 00448008 _____ (Intel Corporation) C:\Windows\System32\igdbcl64.dll
2017-02-27 10:44 - 2017-02-27 10:44 - 00424968 _____ (Intel Corporation) C:\Windows\System32\IntelOpenCL64.dll
2017-02-27 10:44 - 2017-02-27 10:44 - 00398864 _____ (Intel Corporation) C:\Windows\System32\igfxOSP.dll
2017-02-27 10:44 - 2017-02-27 10:44 - 00397328 _____ (Intel Corporation) C:\Windows\SysWOW64\igdbcl32.dll
2017-02-27 10:44 - 2017-02-27 10:44 - 00358896 _____ (Intel Corporation) C:\Windows\System32\IntelWiDiMCComp64.dll
2017-02-27 10:44 - 2017-02-27 10:44 - 00327184 _____ (Intel Corporation) C:\Windows\SysWOW64\IntelOpenCL32.dll
2017-02-27 10:44 - 2017-02-27 10:44 - 00310256 _____ (Intel Corporation) C:\Windows\SysWOW64\IntelCpHeciSvc.exe
2017-02-27 10:44 - 2017-02-27 10:44 - 00282120 _____ C:\Windows\System32\igfxCPL.cpl
2017-02-27 10:44 - 2017-02-27 10:44 - 00274952 _____ (Intel Corporation) C:\Windows\System32\igdfcl64.dll
2017-02-27 10:44 - 2017-02-27 10:44 - 00263688 _____ (Intel Corporation) C:\Windows\System32\igfxDTCM.dll
2017-02-27 10:44 - 2017-02-27 10:44 - 00245744 _____ (Intel Corporation) C:\Windows\System32\igfxext.exe
2017-02-27 10:44 - 2017-02-27 10:44 - 00241136 _____ (Intel Corporation) C:\Windows\System32\DPTopologyApp.exe
2017-02-27 10:44 - 2017-02-27 10:44 - 00240632 _____ (Intel Corporation) C:\Windows\System32\DPTopologyAppv2_0.exe
2017-02-27 10:44 - 2017-02-27 10:44 - 00234000 _____ (Intel Corporation) C:\Windows\SysWOW64\igdfcl32.dll
2017-02-27 10:44 - 2017-02-27 10:44 - 00201736 _____ (Intel Corporation) C:\Windows\System32\igdail64.dll
2017-02-27 10:44 - 2017-02-27 10:44 - 00183792 _____ (Intel Corporation) C:\Windows\System32\difx64.exe
2017-02-27 10:44 - 2017-02-27 10:44 - 00182800 _____ (Intel Corporation) C:\Windows\SysWOW64\igdail32.dll
2017-02-27 10:44 - 2017-02-27 10:44 - 00120336 _____ ( ) C:\Windows\System32\igfxSDKLibv2_0.dll
2017-02-27 10:44 - 2017-02-27 10:44 - 00112656 _____ (Khronos Group) C:\Windows\SysWOW64\Intel_OpenCL_ICD32.dll
2017-02-27 10:44 - 2017-02-27 10:44 - 00112136 _____ C:\Windows\System32\igfxCUIServicePS.dll
2017-02-27 10:44 - 2017-02-27 10:44 - 00109584 _____ ( ) C:\Windows\System32\igfxSDKLib.dll
2017-02-27 10:44 - 2017-02-27 10:44 - 00108560 _____ (Khronos Group) C:\Windows\System32\Intel_OpenCL_ICD64.dll
2017-02-27 10:44 - 2017-02-27 10:44 - 00103952 _____ ( ) C:\Windows\System32\igfxDHLibv2_0.dll
2017-02-27 10:44 - 2017-02-27 10:44 - 00093200 _____ ( ) C:\Windows\System32\igfxDHLib.dll
2017-02-27 10:44 - 2017-02-27 10:44 - 00061448 _____ (Intel Corporation) C:\Windows\SysWOW64\igfxexps32.dll
2017-02-27 10:44 - 2017-02-27 10:44 - 00037904 _____ ( ) C:\Windows\System32\igfxDILibv2_0.dll
2017-02-27 10:44 - 2017-02-27 10:44 - 00037904 _____ ( ) C:\Windows\System32\igfxDILib.dll
2017-02-27 10:44 - 2017-02-27 10:44 - 00036368 _____ ( ) C:\Windows\System32\igfxEMLibv2_0.dll
2017-02-27 10:44 - 2017-02-27 10:44 - 00036368 _____ ( ) C:\Windows\System32\igfxEMLib.dll
2017-02-27 10:44 - 2017-02-27 10:44 - 00031248 _____ ( ) C:\Windows\System32\igfxLHMLibv2_0.dll
2017-02-27 10:44 - 2017-02-27 10:44 - 00031240 _____ ( ) C:\Windows\System32\igfxLHMLib.dll
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-03-24 05:25 - 2016-09-02 22:15 - 00000000 ____D C:\Windows\System32\SleepStudy
2017-03-24 05:17 - 2015-08-25 16:04 - 00000000 ____D C:\Program Files (x86)\Dell Backup and Recovery
2017-03-24 05:12 - 2015-12-27 11:28 - 00000000 ___RD C:\Users\Bhupendra Singh\Dropbox
2017-03-24 05:11 - 2016-09-02 22:18 - 00000180 _____ C:\Windows\System32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2017-03-24 05:11 - 2015-12-27 07:20 - 00000000 __SHD C:\Users\Bhupendra Singh\IntelGraphicsProfiles
2017-03-23 18:52 - 2016-11-16 07:49 - 00000038 _____ C:\Users\Public\Documents\temp.dat
2017-03-23 18:52 - 2016-11-16 07:49 - 00000038 _____ C:\ProgramData\Documents\temp.dat
2017-03-23 07:25 - 2016-07-16 03:47 - 00000000 ____D C:\Windows\AppReadiness
2017-03-23 07:17 - 2016-11-16 07:53 - 00000000 _____ C:\Users\Public\Documents\report.dat
2017-03-23 07:17 - 2016-11-16 07:53 - 00000000 _____ C:\ProgramData\Documents\report.dat
2017-03-23 07:15 - 2016-09-02 22:24 - 00000000 ____D C:\users\Bhupendra Singh
2017-03-23 07:04 - 2016-09-02 22:42 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-03-23 05:55 - 2016-07-16 03:47 - 00000000 ___HD C:\Program Files\WindowsApps
2017-03-22 05:38 - 2016-07-15 22:04 - 01048576 _____ C:\Windows\System32\config\BBI
2017-03-22 03:56 - 2016-11-23 04:11 - 00002454 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-03-22 03:56 - 2016-11-23 04:11 - 00002454 _____ C:\ProgramData\Desktop\Google Chrome.lnk
2017-03-22 03:53 - 2016-08-17 08:51 - 00000000 ____D C:\Users\Bhupendra Singh\AppData\Roaming\Mozilla
2017-03-21 08:29 - 2016-07-16 03:47 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-03-21 08:26 - 2015-08-25 16:13 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2017-03-19 00:16 - 2016-04-12 06:52 - 00000000 ____D C:\Program Files\TrueKey
2017-03-18 23:45 - 2016-09-02 22:42 - 00003126 _____ C:\Windows\System32\Tasks\McAfeeLogon
2017-03-18 23:45 - 2016-09-02 22:42 - 00000000 ____D C:\Windows\System32\Tasks\McAfee
2017-03-18 08:03 - 2016-11-28 03:20 - 00000000 ____D C:\Users\Bhupendra Singh\AppData\Roaming\aMule
2017-03-18 07:54 - 2016-12-27 02:54 - 00000000 ____D C:\Program Files (x86)\Gubed
2017-03-17 19:01 - 2016-07-16 03:47 - 00000000 ____D C:\Windows\System
2017-03-17 07:39 - 2016-01-13 04:58 - 138634176 ____C (Microsoft Corporation) C:\Windows\System32\MRT.exe
2017-03-17 07:29 - 2015-08-25 18:01 - 00000000 ____D C:\ProgramData\Dell
2017-03-17 07:27 - 2016-07-16 03:45 - 00000000 ____D C:\Windows\INF
2017-03-17 07:27 - 2016-07-15 22:04 - 00008192 _____ C:\Windows\System32\config\ELAM
2017-03-17 07:14 - 2016-12-03 22:53 - 00000000 _____ C:\Program Files (x86)\Dell Backup and RecoveryINSTANT_RESTORE
2017-03-17 07:10 - 2016-07-16 03:47 - 00000000 ____D C:\Windows\Web
2017-03-17 06:45 - 2016-09-02 22:27 - 00000000 ____D C:\Windows\System32\config\bbimigrate
2017-03-16 10:54 - 2016-07-16 03:47 - 00000000 ___SD C:\Windows\SysWOW64\F12
2017-03-16 10:54 - 2016-07-16 03:47 - 00000000 ___SD C:\Windows\System32\F12
2017-03-16 10:54 - 2016-07-16 03:47 - 00000000 ____D C:\Windows\SysWOW64\setup
2017-03-16 10:54 - 2016-07-16 03:47 - 00000000 ____D C:\Windows\System32\setup
2017-03-16 10:54 - 2016-07-16 03:47 - 00000000 ____D C:\Windows\System32\oobe
2017-03-16 10:54 - 2016-07-16 03:47 - 00000000 ____D C:\Windows\System32\appraiser
2017-03-16 10:53 - 2016-07-16 03:47 - 00000000 ___RD C:\Windows\PrintDialog
2017-03-16 10:53 - 2016-07-16 03:47 - 00000000 ___RD C:\Windows\ImmersiveControlPanel
2017-03-16 10:53 - 2016-07-16 03:47 - 00000000 ___RD C:\Program Files\Windows Defender
2017-03-16 10:53 - 2016-07-16 03:47 - 00000000 ____D C:\Windows\ShellExperiences
2017-03-16 10:53 - 2016-07-16 03:47 - 00000000 ____D C:\Windows\bcastdvr
2017-03-16 10:53 - 2016-07-16 03:47 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2017-03-16 10:53 - 2016-07-16 03:47 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2017-03-16 10:53 - 2016-07-16 03:47 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2017-03-16 04:26 - 2016-07-16 03:36 - 00000000 ____D C:\Windows\CbsTemp
2017-03-16 02:34 - 2016-07-16 03:47 - 00000000 ____D C:\Windows\System32\NDF
2017-03-12 02:31 - 2015-12-27 07:20 - 00000000 ____D C:\Users\Bhupendra Singh\AppData\Local\Packages
2017-03-09 19:33 - 2015-08-25 16:11 - 00000000 ____D C:\Program Files (x86)\Dropbox
2017-03-08 04:18 - 2015-12-27 11:14 - 00000000 ____D C:\Users\Bhupendra Singh\AppData\Local\Dropbox
2017-03-05 05:37 - 2016-07-16 03:47 - 00000000 ____D C:\Windows\rescache
2017-03-03 12:17 - 2016-09-02 22:42 - 00004562 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2017-03-03 09:42 - 2015-08-25 16:04 - 00000000 ____D C:\Program Files\Dell
2017-03-03 09:38 - 2016-02-29 05:53 - 00000473 _____ C:\Windows\SysWOW64\DLC_Debug_log.txt
2017-03-03 09:38 - 2015-08-25 15:55 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2017-03-03 04:58 - 2016-01-03 06:03 - 802235731 _____ C:\Windows\MEMORY.DMP
2017-03-02 09:11 - 2015-12-27 07:19 - 00000000 __RHD C:\Users\Public\AccountPictures
2017-03-02 09:09 - 2016-12-27 02:54 - 00000000 ____D C:\Program Files (x86)\WinArcher
2017-03-02 09:04 - 2016-09-02 22:15 - 00337832 _____ C:\Windows\System32\FNTCACHE.DAT
2017-03-02 09:01 - 2016-07-16 03:47 - 00000000 ____D C:\Windows\System32\WinBioPlugIns
2017-03-02 09:00 - 2016-07-16 03:47 - 00000000 ____D C:\Windows\Provisioning
2017-03-02 07:01 - 2016-09-02 22:18 - 00000200 _____ C:\Windows\System32\{EC94D02F-D200-4428-9531-05AF7F9799CB}.bat
2017-03-02 06:52 - 2015-08-25 15:55 - 00000000 ____D C:\ProgramData\Intel
2017-03-02 06:52 - 2015-08-25 15:54 - 00000000 ____D C:\ProgramData\Package Cache
2017-03-02 06:51 - 2015-12-27 21:48 - 01114902 _____ C:\Windows\System32\PerfStringBackup.INI
2017-03-02 06:50 - 2015-12-30 04:32 - 00000000 ____D C:\users\nehad
2017-03-02 06:50 - 2015-10-29 22:28 - 00000000 ____D C:\users\Default.migrated
2017-03-02 06:49 - 2015-08-25 15:56 - 00000000 ____D C:\Program Files\Common Files\Intel
2017-03-02 06:48 - 2016-09-02 22:18 - 00000000 ____D C:\Program Files\Intel
2017-03-02 06:48 - 2015-08-25 15:56 - 00000000 ____D C:\Program Files (x86)\Cisco
2017-03-02 06:47 - 2015-08-25 15:58 - 00000000 ____D C:\Intel
2017-03-02 06:27 - 2016-09-02 22:42 - 00000000 ____D C:\Windows\System32\Tasks\Dell
2017-03-02 06:27 - 2015-08-25 16:10 - 00000000 ____D C:\Program Files (x86)\Dell Product Registration
2017-02-28 19:13 - 2016-11-28 03:20 - 00000000 ____D C:\Program Files (x86)\amuleC1
2017-02-28 00:41 - 2015-08-25 16:07 - 00000000 ____D C:\ProgramData\McAfee
2017-02-27 10:47 - 2015-12-18 11:40 - 39246776 _____ (Intel Corporation) C:\Windows\SysWOW64\igdumdim32.dll
2017-02-27 10:46 - 2016-11-01 09:36 - 35131640 _____ (Intel Corporation) C:\Windows\SysWOW64\igd11dxva32.dll
2017-02-27 10:46 - 2015-12-18 11:40 - 33775608 _____ (Intel Corporation) C:\Windows\System32\igd11dxva64.dll
2017-02-27 10:46 - 2015-12-18 11:40 - 15982776 _____ (Intel Corporation) C:\Windows\System32\igd10iumd64.dll
2017-02-27 10:46 - 2015-12-18 11:40 - 12798456 _____ (Intel Corporation) C:\Windows\SysWOW64\igd10iumd32.dll
2017-02-27 10:46 - 2015-12-18 11:40 - 06763136 _____ (Intel Corporation) C:\Windows\System32\igdusc64.dll
2017-02-27 10:46 - 2015-12-18 11:40 - 05193384 _____ (Intel Corporation) C:\Windows\SysWOW64\igdusc32.dll
2017-02-27 10:44 - 2016-09-02 22:18 - 00112656 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.DLL
2017-02-27 10:44 - 2016-09-02 22:18 - 00108560 _____ (Khronos Group) C:\Windows\System32\OpenCL.DLL
2017-02-27 10:44 - 2015-12-18 11:38 - 07974904 _____ (Intel Corporation) C:\Windows\System32\Drivers\igdkmd64.sys
2017-02-27 10:44 - 2015-12-18 11:38 - 02150928 _____ (Intel Corporation) C:\Windows\System32\igfxLHM.dll
2017-02-27 10:44 - 2015-12-18 11:38 - 00765448 _____ (Intel Corporation) C:\Windows\System32\igfxDH.dll
2017-02-27 10:44 - 2015-12-18 11:38 - 00410608 _____ C:\Windows\System32\igfxTray.exe
2017-02-27 10:44 - 2015-12-18 11:38 - 00407568 _____ (Intel Corporation) C:\Windows\System32\igfxDI.dll
2017-02-27 10:44 - 2015-12-18 11:38 - 00382456 _____ (Intel Corporation) C:\Windows\System32\igfxCUIService.exe
2017-02-27 10:44 - 2015-12-18 11:38 - 00363512 _____ (Intel Corporation) C:\Windows\System32\igfxEM.exe
2017-02-27 10:44 - 2015-12-18 11:38 - 00277496 _____ (Intel Corporation) C:\Windows\System32\igfxHK.exe
 
Some files in TEMP:
====================
2016-11-13 19:30 - 2016-11-13 19:30 - 1588219 _____ (                                                            ) C:\Users\Bhupendra Singh\AppData\Local\Temp\5f912555-d880-4197-9917-d50b49e604f5.exe
2016-11-05 02:52 - 2016-11-05 02:52 - 51574616 _____ (UCWeb Inc.) C:\Users\Bhupendra Singh\AppData\Local\Temp\Browser_V5.7.15319.5_r_4670_(Build1608291541).exe
2016-11-05 02:48 - 2016-11-05 02:49 - 8783983 _____ (                                                            ) C:\Users\Bhupendra Singh\AppData\Local\Temp\jg3.6.0.exe
2016-11-05 02:49 - 2016-11-05 02:49 - 1468764 _____ (YTB Music Box                                               ) C:\Users\Bhupendra Singh\AppData\Local\Temp\MusicBox.exe
2016-12-13 05:49 - 2016-12-13 05:49 - 0515584 _____ () C:\Users\Bhupendra Singh\AppData\Local\Temp\sqlite-3.7.2-sqlitejdbc.dll
2016-11-05 02:48 - 2016-11-05 02:48 - 0427232 _____ () C:\Users\Bhupendra Singh\AppData\Local\Temp\trotux.exe
2016-11-05 02:49 - 2016-11-05 02:49 - 1199825 _____ () C:\Users\Bhupendra Singh\AppData\Local\Temp\unins000.exe
2016-11-05 02:49 - 2016-11-05 02:49 - 10013312 _____ () C:\Users\Bhupendra Singh\AppData\Local\Temp\wajam_install.exe
2016-11-05 02:49 - 2016-11-05 02:49 - 0065700 _____ () C:\Users\Bhupendra Singh\AppData\Local\Temp\WeatherChicknInstaller.exe
2016-12-30 05:00 - 2016-12-30 05:00 - 0461824 _____ () C:\Users\Bhupendra Singh\AppData\Local\Temp\~ct683A.tmp.dll
2017-01-03 08:12 - 2017-01-03 08:12 - 0471552 _____ () C:\Users\Bhupendra Singh\AppData\Local\Temp\~ct7ED6.tmp.dll
2017-01-03 04:59 - 2017-01-03 04:59 - 0471552 _____ () C:\Users\Bhupendra Singh\AppData\Local\Temp\~ctA864.tmp.dll
2017-01-05 07:45 - 2017-01-05 07:45 - 0361472 _____ (update) C:\Users\Bhupendra Singh\AppData\Local\Temp\~ctB4F9.tmp.dll
2016-12-28 00:42 - 2016-12-28 00:42 - 0792064 _____ (Fun Dw) C:\Users\Bhupendra Singh\AppData\Local\Temp\~ctC357.tmp.dll
2016-12-19 01:25 - 2016-12-19 01:25 - 0782848 _____ (Fun Dw) C:\Users\Bhupendra Singh\AppData\Local\Temp\~ctD4FD.tmp.dll
 
==================== Known DLLs (Whitelisted) =========================
 
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe
[2017-02-28 20:21] - [2016-12-13 20:24] - 0673792 ____A (Microsoft Corporation) 917F081E2AB667C44F7D96DE1D16DFAE
 
C:\Windows\System32\wininit.exe
[2016-07-16 03:42] - [2016-07-16 03:42] - 0304240 ____A (Microsoft Corporation) 99A19C9A74E2F9820E501DCE77F84F70
 
C:\Windows\explorer.exe
[2016-12-22 21:10] - [2016-11-11 01:56] - 4673304 ____A (Microsoft Corporation) 4E10FB1A015B49AC68F76C1A3F4D9C0F
 
C:\Windows\SysWOW64\explorer.exe
[2016-12-22 21:11] - [2016-11-10 23:41] - 4311736 ____A (Microsoft Corporation) AF46710DDB8B0E304AA4FD2B940CABD8
 
C:\Windows\System32\svchost.exe
[2016-07-16 03:42] - [2016-07-16 03:42] - 0044496 ____A (Microsoft Corporation) 36F670D89040709013F6A460176767EC
 
C:\Windows\SysWOW64\svchost.exe
[2016-07-16 03:42] - [2016-07-16 03:42] - 0038792 ____A (Microsoft Corporation) 1F8434DD4907C832E6E90D6298EAB85B
 
C:\Windows\System32\services.exe
[2016-12-22 21:12] - [2016-11-11 01:51] - 0454592 ____A (Microsoft Corporation) 3C69CC28665854F1AAB4B4005005FA31
 
C:\Windows\System32\User32.dll
[2016-12-22 21:10] - [2016-12-09 02:10] - 1461200 ____A (Microsoft Corporation) C46EA86BF0E7C96235E9064CBAD6ED26
 
C:\Windows\SysWOW64\User32.dll
[2016-12-22 21:11] - [2016-12-09 01:52] - 1435896 ____A (Microsoft Corporation) 4BEC594A3D4AEAFAC400D88F7E328C7B
 
C:\Windows\System32\userinit.exe
[2016-07-16 03:42] - [2016-07-16 03:42] - 0033280 ____A (Microsoft Corporation) C1B1FFC800BE2F31EB2CF8CB40629C69
 
C:\Windows\SysWOW64\userinit.exe
[2016-07-16 03:42] - [2016-07-16 03:42] - 0027648 ____A (Microsoft Corporation) FA900E6CCCF0A429D5B720C6F0E2274B
 
C:\Windows\System32\rpcss.dll
[2016-07-16 03:42] - [2016-07-16 03:42] - 0888320 ____A (Microsoft Corporation) 7BD259FC59CF9C2AE1B979564B374CC6
 
C:\Windows\System32\dnsapi.dll
[2016-09-30 04:40] - [2016-09-15 09:30] - 0646136 ____A (Microsoft Corporation) 96B8A433F6407DE34850927C96C6CE9B
 
C:\Windows\SysWOW64\dnsapi.dll
[2016-09-30 04:45] - [2016-09-15 09:37] - 0496872 ____A (Microsoft Corporation) 227CFE3EDA82029AAC1C088A16297CD7
 
C:\Windows\System32\Drivers\volsnap.sys
[2016-07-16 03:42] - [2016-07-16 03:42] - 0391520 ____A (Microsoft Corporation) BF2546583BB75F01DDA60A7921DFB230
 
 
==================== Association (Whitelisted) =============
 
 
==================== Restore Points =========================
 
Restore point date: 2017-03-21 08:37
Restore point date: 2017-03-24 18:56
 
==================== Memory info =========================== 
 
Percentage of memory in use: 21%
Total physical RAM: 4012.48 MB
Available physical RAM: 3143.22 MB
Total Virtual: 4012.48 MB
Available Virtual: 3184.2 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:235.95 GB) (Free:156.8 GB) NTFS
Drive d: (New Volume) (Fixed) (Total:220.1 GB) (Free:131.96 GB) NTFS
Drive e: (KINGSTON) (Removable) (Total:3.72 GB) (Free:0.42 GB) FAT32
Drive g: () (Fixed) (Total:0.45 GB) (Free:0.08 GB) NTFS
Drive x: (Boot) (Fixed) (Total:0.5 GB) (Free:0.5 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 640F8E3C)
 
Partition: GPT.
 
========================================================
Disk: 1 (Size: 3.7 GB) (Disk ID: 59E22FF9)
Partition 1: (Active) - (Size=3.7 GB) - (Type=0B)
 
LastRegBack: 2017-03-17 07:38
 
==================== End of FRST.txt ============================


#10 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 3,976 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:09:01 PM

Posted 24 March 2017 - 10:51 AM

Hello Neha. Really well done. :-)

 

STEP 1


xlK5Hdb.png Farbar Recovery Scan Tool (FRST) Recovery Environment Script

  • Using your clean computer, press the Windows Key pdKOQKY.png + R on your keyboard at the same time. Type Notepad and click OK.
  • Copy the entire contents of the codebox below and paste into the Notepad document.
Start 
File: C:\Windows\System32\drivers\atapi.sys
Folder: C:\Program Files (x86)\temp
Folder: C:\Users\Bhupendra Singh\AppData\Local\Bepat
Folder: C:\Program Files (x86)\Bepat
Folder: C:\Program Files (x86)\MK
2017-02-28 09:29 - 2016-05-22 18:41 - 00055056 _____ (Elex do Brasil Participações Ltda) C:\Windows\System32\Drivers\iSafeKrnlBoot.sys
2016-11-13 19:30 - 2016-11-13 19:30 - 1588219 _____ (                                                            ) C:\Users\Bhupendra Singh\AppData\Local\Temp\5f912555-d880-4197-9917-d50b49e604f5.exe
2016-11-05 02:52 - 2016-11-05 02:52 - 51574616 _____ (UCWeb Inc.) C:\Users\Bhupendra Singh\AppData\Local\Temp\Browser_V5.7.15319.5_r_4670_(Build1608291541).exe
2016-11-05 02:48 - 2016-11-05 02:49 - 8783983 _____ (                                                            ) C:\Users\Bhupendra Singh\AppData\Local\Temp\jg3.6.0.exe
2016-11-05 02:49 - 2016-11-05 02:49 - 1468764 _____ (YTB Music Box                                               ) C:\Users\Bhupendra Singh\AppData\Local\Temp\MusicBox.exe
2016-12-13 05:49 - 2016-12-13 05:49 - 0515584 _____ () C:\Users\Bhupendra Singh\AppData\Local\Temp\sqlite-3.7.2-sqlitejdbc.dll
2016-11-05 02:48 - 2016-11-05 02:48 - 0427232 _____ () C:\Users\Bhupendra Singh\AppData\Local\Temp\trotux.exe
2016-11-05 02:49 - 2016-11-05 02:49 - 1199825 _____ () C:\Users\Bhupendra Singh\AppData\Local\Temp\unins000.exe
2016-11-05 02:49 - 2016-11-05 02:49 - 10013312 _____ () C:\Users\Bhupendra Singh\AppData\Local\Temp\wajam_install.exe
2016-11-05 02:49 - 2016-11-05 02:49 - 0065700 _____ () C:\Users\Bhupendra Singh\AppData\Local\Temp\WeatherChicknInstaller.exe
2016-12-30 05:00 - 2016-12-30 05:00 - 0461824 _____ () C:\Users\Bhupendra Singh\AppData\Local\Temp\~ct683A.tmp.dll
2017-01-03 08:12 - 2017-01-03 08:12 - 0471552 _____ () C:\Users\Bhupendra Singh\AppData\Local\Temp\~ct7ED6.tmp.dll
2017-01-03 04:59 - 2017-01-03 04:59 - 0471552 _____ () C:\Users\Bhupendra Singh\AppData\Local\Temp\~ctA864.tmp.dll
2017-01-05 07:45 - 2017-01-05 07:45 - 0361472 _____ (update) C:\Users\Bhupendra Singh\AppData\Local\Temp\~ctB4F9.tmp.dll
2016-12-28 00:42 - 2016-12-28 00:42 - 0792064 _____ (Fun Dw) C:\Users\Bhupendra Singh\AppData\Local\Temp\~ctC357.tmp.dll
2016-12-19 01:25 - 2016-12-19 01:25 - 0782848 _____ (Fun Dw) C:\Users\Bhupendra Singh\AppData\Local\Temp\~ctD4FD.tmp.dll
End
  •  
  • Click FileSave As and type fixlist.txt as the File Name.
  • Save the file to your USB drive.

NOTICE: This script is intended for use on this particular machine. Do not use this script on any other machine; doing so may cause damage to your Operating System.

  • Enter the Recovery Environment just as you did before.
  • Run FRST just as you did before.
  • Click Fix.
  • A log (Fixlog.txt) will be saved to your USB drive.
  • Attempt to boot normally into Windows. Does the computer boot normally?
  • Copy the contents of Fixlog.txt and paste in your next reply (using either the affected computer or clean computer).

 

Please restart the PC and please tell me if you can open files now. If not, please do a new FRST RE scan (as you managed it before) and post the logs.


~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#11 SILE

SILE
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Local time:07:31 AM

Posted 25 March 2017 - 05:33 AM

I can't send you anything



#12 SILE

SILE
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Local time:07:31 AM

Posted 25 March 2017 - 07:59 AM

I've been trying to send you this file since forever. :(

Hope it reaches you this time. 

Here is your fixlog attached. Attached File  Fixlog.txt   1.23MB   4 downloads 
 



#13 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 3,976 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:09:01 PM

Posted 25 March 2017 - 11:49 AM

Hello Neha. Are you able to run any programs now?

 

If not ,please do this:

 

Start FRST again in RE mode, type following into the search box: atapi.sys and click on Search Files. Then post the Search.txt.


~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#14 SILE

SILE
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Local time:07:31 AM

Posted 26 March 2017 - 02:08 AM

Hey Machiavelli, I don't know what's so wrong with it. No .exe file is runnning even now. 

I did search, it's the search.txt :
 

Farbar Recovery Scan Tool (x64) Version: 15-03-2017
Ran by SYSTEM (26-03-2017 09:03:44)
Running from E:\
Boot Mode: Recovery
 
================== Search Files: "atapi.sys" =============
 
C:\Windows\WinSxS\amd64_mshdc.inf_31bf3856ad364e35_10.0.14393.953_none_170361fcbf7e14a8\atapi.sys
[2016-07-16 03:41][2016-07-16 03:41] 0000012 ____A () 71CEAB07D94C8DE1EB4663C0ED3D50B8
 
C:\Windows\WinSxS\amd64_mshdc.inf_31bf3856ad364e35_10.0.14393.206_none_173c652cbf52e8e7\atapi.sys
[2016-07-16 03:41][2016-07-16 03:41] 0000012 ____A () 71CEAB07D94C8DE1EB4663C0ED3D50B8
 
C:\Windows\WinSxS\amd64_mshdc.inf_31bf3856ad364e35_10.0.14393.0_none_0aac9395383c7303\atapi.sys
[2016-07-16 03:41][2016-10-21 07:48] 0000012 ____A () 71CEAB07D94C8DE1EB4663C0ED3D50B8
 
C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_amd64_2e8db38129bb3260\atapi.sys
[2016-07-16 03:41][2016-07-16 03:41] 0000012 ____A () 71CEAB07D94C8DE1EB4663C0ED3D50B8
 
C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_amd64_1f12e6cb61874561\atapi.sys
[2016-07-16 03:41][2016-07-16 03:41] 0000012 ____A () 71CEAB07D94C8DE1EB4663C0ED3D50B8
 
C:\Windows\System32\drivers\atapi.sys
[2016-07-16 03:41][2016-07-16 03:41] 0000012 ____A () 71CEAB07D94C8DE1EB4663C0ED3D50B8
 
C:\$WINDOWS.~BT\NewOS\Windows\WinSxS\amd64_mshdc.inf_31bf3856ad364e35_10.0.14393.953_none_170361fcbf7e14a8\atapi.sys
[2016-07-16 03:41][2016-07-16 03:41] 0000012 ____A () 71CEAB07D94C8DE1EB4663C0ED3D50B8
 
C:\$WINDOWS.~BT\NewOS\Windows\WinSxS\amd64_mshdc.inf_31bf3856ad364e35_10.0.14393.206_none_173c652cbf52e8e7\atapi.sys
[2016-07-16 03:41][2016-07-16 03:41] 0000012 ____A () 71CEAB07D94C8DE1EB4663C0ED3D50B8
 
C:\$WINDOWS.~BT\NewOS\Windows\WinSxS\amd64_mshdc.inf_31bf3856ad364e35_10.0.14393.0_none_0aac9395383c7303\atapi.sys
[2016-07-16 03:41][2016-07-16 03:41] 0000012 ____A () 71CEAB07D94C8DE1EB4663C0ED3D50B8
 
X:\windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_10.0.14393.0_none_0aac9395383c7303\atapi.sys
[2016-07-16 04:10][2016-07-16 04:10] 0028512 ____A (Microsoft Corporation) A10F989A812B57B9695F6C305907C9C6
 
X:\windows\system32\DriverStore\FileRepository\mshdc.inf_amd64_67bad2c7196330b6\atapi.sys
[2016-07-16 04:10][2016-07-16 04:10] 0028512 ____A (Microsoft Corporation) A10F989A812B57B9695F6C305907C9C6
 
X:\windows\system32\drivers\atapi.sys
[2016-07-16 04:10][2016-07-16 04:10] 0028512 ____A (Microsoft Corporation) A10F989A812B57B9695F6C305907C9C6
 
====== End of Search ======


#15 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 3,976 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:09:01 PM

Posted 26 March 2017 - 02:04 PM

Hello Neha. It seems to be that a system file (atapi.sys) is patched ... that means that some malware may has overwritten the legit file with their bad file. That could be the cause of all problems, but I am not sure about that. 

 

Indicators for my assumption is that the MD5 of the file belongs to other files (reference: Google) and these system files of your system aren't signed. It seems that more than one atapi.sys is overwritten, I will now just replace the important one and then, if nothing changes, replace all.

 

You can see atapi.sys on my system:

 

 

Farbar Recovery Scan Tool (x64) Version: 15-03-2017

durchgeführt von Machiavelli (26-03-2017 20:56:38)

Gestartet von C:\Users\Machiavelli\Downloads

Start-Modus: Normal

 

================== Datei-Suche: "atapi.sys" =============

 

C:\Windows\WinSxS\amd64_mshdc.inf_31bf3856ad364e35_10.0.14393.953_none_170361fcbf7e14a8\atapi.sys

[2016-07-16 13:41][2016-07-16 13:41] 0028512 ____A (Microsoft Corporation) A10F989A812B57B9695F6C305907C9C6 [Datei ist digital signiert]

 

C:\Windows\WinSxS\amd64_mshdc.inf_31bf3856ad364e35_10.0.14393.0_none_0aac9395383c7303\atapi.sys

[2016-07-16 13:41][2016-07-16 13:41] 0028512 ____A (Microsoft Corporation) A10F989A812B57B9695F6C305907C9C6 [Datei ist digital signiert]

 

C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_amd64_67bad2c7196330b6\atapi.sys

[2016-07-16 13:41][2016-07-16 13:41] 0028512 ____A (Microsoft Corporation) A10F989A812B57B9695F6C305907C9C6 [Datei ist digital signiert]

 

C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_amd64_2e8db38129bb3260\atapi.sys

[2016-07-16 13:41][2016-07-16 13:41] 0028512 ____A (Microsoft Corporation) A10F989A812B57B9695F6C305907C9C6 [Datei ist digital signiert]

 

C:\Windows\System32\drivers\atapi.sys

[2016-07-16 13:41][2016-07-16 13:41] 0028512 ____A (Microsoft Corporation) A10F989A812B57B9695F6C305907C9C6 [Datei ist digital signiert]

 

====== Ende von Suche ======

 

I marked the important things ... you can compare it to your system. You have also the same update from Windows 10:

 

Your system:

C:\Windows\WinSxS\amd64_mshdc.inf_31bf3856ad364e35_10.0.14393.953_none_170361fcbf7e14a8\atapi.sys
[2016-07-16 03:41][2016-07-16 03:41] 0000012 ____A () 71CEAB07D94C8DE1EB4663C0ED3D50B8
 
My system:

C:\Windows\WinSxS\amd64_mshdc.inf_31bf3856ad364e35_10.0.14393.953_none_170361fcbf7e14a8\atapi.sys

[2016-07-16 13:41][2016-07-16 13:41] 0028512 ____A (Microsoft Corporation) A10F989A812B57B9695F6C305907C9C6 [Datei ist digital signiert]

 

 

STEP 1


xlK5Hdb.png Farbar Recovery Scan Tool (FRST) Recovery Environment Script

  • Using your clean computer, press the Windows Key pdKOQKY.png + R on your keyboard at the same time. Type Notepad and click OK.
  • Copy the entire contents of the codebox below and paste into the Notepad document.
Start 
Replace: C:\$WINDOWS.~BT\NewOS\Windows\WinSxS\amd64_mshdc.inf_31bf3856ad364e35_10.0.14393.953_none_170361fcbf7e14a8\atapi.sys C:\Windows\System32\drivers\atapi.sys
End
  •  
  • Click FileSave As and type fixlist.txt as the File Name.
  • Save the file to your USB drive.

NOTICE: This script is intended for use on this particular machine. Do not use this script on any other machine; doing so may cause damage to your Operating System.

  • Enter the Recovery Environment just as you did before.
  • Run FRST just as you did before.
  • Click Fix.
  • A log (Fixlog.txt) will be saved to your USB drive.
  • Attempt to boot normally into Windows. Does the computer boot normally?
  • Copy the contents of Fixlog.txt and paste in your next reply (using either the affected computer or clean computer).

 

Please restart the PC and please tell me if you can open files now. If not, please do a new FRST RE scan (as you managed it before) and post the logs.


Edited by Machiavelli, 26 March 2017 - 02:05 PM.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users