Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

My system is infected with virus


  • This topic is locked This topic is locked
32 replies to this topic

#1 rnallamilli

rnallamilli

  • Members
  • 377 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:56 PM

Posted 05 July 2017 - 03:55 AM

Hello,

 

Yesterday i was trying to retrieve my deleted photos from my iPhone using 'PhoneRescue' software. Unfortunately i tried installing 'PhoneRescue_3.2.0_Crack_Download_Incl_License_Key_Free.exe'. This has infected my system. Kaspersky has restricted this virus and deleted. But from yesterday i have observed some unwanted changes to my system. I have reverted them but am not 100% sure that my system is virus free.

 

Please help me.

 

Thanks,

Raman Nallamilli.



BC AdBot (Login to Remove)

 


#2 Jo*

Jo*

  • Malware Response Team
  • 3,427 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:08:26 PM

Posted 05 July 2017 - 05:22 AM

:welcome: to BleepingComputer.

Hi there,

my name is Jo and I will help you with your computer problems.


Please follow these guidelines:
  • Read and follow the instructions in the sequence they are posted.
  • print or copy & save instructions.
  • back up all your private data / music / important files on another (external) drive before using our tools.
  • Do not install / uninstall any applications, unless otherwise instructed.
  • Use only that tools you have been instructed to use.
  • Copy and Paste the log files inside your post, unless otherwise instructed.
  • Ask for clarification, if you have any questions.
  • Stay with this topic til you get the all clean post.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

***


:step1: Please download Security Analysis by Rocket Grannie from here
  • Save it to your Desktop.
  • Close your security software to avoid potential conflicts.
  • Double click RGSA.exe
  • Click OK on the copyright-disclaimer
  • When finished, a Notepad window will open with the results of the scan.
  • The log named SALog.txt can also be found on the Desktop or in the same folder from where the tool is run if installed elsewhere.
  • Please copy and paste the contents of that log in this topic.
  • Note:
If you get a Warning from Windows about running the program, click on More info and then click Run Anyway to run it even though Windows says it might put your PC at risk.
 

***


:step2: Please download Malwarebytes Anti-Rootkit and save it to your desktop.
  • Be sure to print out and follow the instructions provided on that same page.
  • Caution: This is a beta version so please be sure to read the disclaimer and back up all your data before using.
  • Double click on downloaded file. OK self extracting prompt.
  • MBAR will start. Click in the introduction screen "next" to continue.
  • Click in the following screen "Update" to obtain the latest malware definitions.
  • Once the update is complete select "Next" and click "Scan".
With some infections, you may see two messages boxes.
  • 'Could not load protection driver'. Click 'OK'.
  • 'Could not load DDA driver'. Click 'Yes' to this message, to allow the driver to load after a restart. Allow the computer to restart. Continue with the rest of these instructions.
  • If malware is found - do not press the Clean up button, please go to the MBAR folder and then copy/paste the contents of the MBAR-log-***.txt file to your next reply.
  • If there is no malware found, please let me know as well.

***


:step3: Please download AdwCleaner by Xplode and save to your Desktop.
Double-click AdwCleaner.exe
Vista / Windows 7/8/10 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Logfile button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it.
    If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

***


:step4: Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system, download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Right-click FRST then click "Run as administrator" (XP users: click run after receipt of Windows Security Warning - Open File).
  • When the tool opens, click Yes to disclaimer.
  • Press the Scan button.
  • When finished, it will produce a log called FRST.txt in the same directory the tool was run from.
  • Please copy and paste the log in your next reply.
Note 2: The first time the tool is run it generates another log (Addition.txt - also located in the same directory the tool was run from). Please also paste that, along with the FRST.txt into your next reply.

--- ---

Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#3 rnallamilli

rnallamilli
  • Topic Starter

  • Members
  • 377 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:56 PM

Posted 05 July 2017 - 05:53 AM

Thank You Jo for your update.

 

Output for action Point # 1:

 

Result of Security Analysis by Rocket Grannie (x86) Updated: 28th June, 2017
Running from:C:\Users\Nallamilli Raman\Desktop (16:18:32 - 07/05/2017)
***---------------------------------------------------------***
Microsoft Windows 10 Home X64
UAC is Enabled
Internet Explorer 11
Default Browser: Microsoft Edge
***------------Antivirus - Antispyware - Firewall-----------***
Kaspersky Anti-Virus (Disabled - up to Date)
Windows Defender (Disabled - up to Date)
Kaspersky Anti-Virus (Disabled - up to Date)
Windows Defender (Disabled - up to Date)
Windows Firewall (Enabled)
No other Firewall Installed
***-------Security Programs - Browsers - Miscellaneous------***
Adobe Flash Player 26 NPAPI is not installed
Google Chrome (59.0.3071.115)
Java (7.0.170) ==> is out of Date
Mozilla Firefox (54.0)
 
***----------------Analysis Complete-------------------------***


#4 rnallamilli

rnallamilli
  • Topic Starter

  • Members
  • 377 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:56 PM

Posted 05 July 2017 - 06:59 AM

Point # 2: 

 

Got a message that :

 

Scan Finished.no cleanup is required.



#5 rnallamilli

rnallamilli
  • Topic Starter

  • Members
  • 377 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:56 PM

Posted 05 July 2017 - 07:14 AM

Point # 3:

 

# AdwCleaner v6.047 - Logfile created 05/07/2017 at 17:34:37
# Updated on 19/05/2017 by Malwarebytes
# Database : 2017-07-04.2 [Server]
# Operating System : Windows 10 Home  (X64)
# Username : Nallamilli Raman - RNALLAMILLI
# Running from : C:\Users\Nallamilli Raman\Desktop\AdwCleaner.exe
# Mode: Scan
 
 
 
***** [ Services ] *****
 
No malicious services found.
 
 
***** [ Folders ] *****
 
Folder Found:  C:\Users\Nallamilli Raman\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbjikboenpfhbbejgkoklgkhjpfogcam
Folder Found:  C:\Users\Nallamilli Raman\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pbjikboenpfhbbejgkoklgkhjpfogcam
Folder Found:  C:\Users\Nallamilli Raman\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfkpefbllpconnkfpdgagkifmflckkdp
 
 
***** [ Files ] *****
 
File Found:  C:\TOSTACK
File Found:  C:\Users\Nallamilli Raman\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_pbjikboenpfhbbejgkoklgkhjpfogcam_0.localstorage
File Found:  C:\Users\Nallamilli Raman\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_pbjikboenpfhbbejgkoklgkhjpfogcam_0.localstorage-journal
File Found:  C:\Users\Nallamilli Raman\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_cfkpefbllpconnkfpdgagkifmflckkdp_0.localstorage
File Found:  C:\Users\Nallamilli Raman\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_cfkpefbllpconnkfpdgagkifmflckkdp_0.localstorage-journal
 
 
***** [ DLL ] *****
 
No malicious DLLs found.
 
 
***** [ WMI ] *****
 
No malicious keys found.
 
 
***** [ Shortcuts ] *****
 
No infected shortcut found.
 
 
***** [ Scheduled Tasks ] *****
 
No malicious task found.
 
 
***** [ Registry ] *****
 
Key Found:  HKLM\SOFTWARE\Google\Chrome\Extensions\iinglghmhcgdgjjlafobajghjamdchik
 
 
***** [ Web browsers ] *****
 
No malicious Firefox based browser items found.
Chrome pref Found:  [C:\Users\Nallamilli Raman\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences ] - cfkpefbllpconnkfpdgagkifmflckkdp
Chrome pref Found:  [C:\Users\Nallamilli Raman\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences ] - iinglghmhcgdgjjlafobajghjamdchik
Chrome pref Found:  [C:\Users\Nallamilli Raman\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences ] - pbjikboenpfhbbejgkoklgkhjpfogcam
 
[!] You may need to disable the Chrome synchronization from your Google account in order to fully remove the malicious preferences. Please consult this Google help: https://support.google.com/chrome/answer/3097271?hl=en [!]
 
 
*************************
 
C:\AdwCleaner\AdwCleaner[C0].txt - [1373 Bytes] - [15/12/2016 15:57:26]
C:\AdwCleaner\AdwCleaner[S0].txt - [1395 Bytes] - [15/12/2016 15:48:01]
C:\AdwCleaner\AdwCleaner[S1].txt - [1467 Bytes] - [15/12/2016 15:52:25]
C:\AdwCleaner\AdwCleaner[S2].txt - [2959 Bytes] - [05/07/2017 17:34:37]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [3032 Bytes] ##########


#6 rnallamilli

rnallamilli
  • Topic Starter

  • Members
  • 377 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:56 PM

Posted 05 July 2017 - 07:20 AM

FRST.txt:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 04-07-2017
Ran by Nallamilli Raman (administrator) on RNALLAMILLI (05-07-2017 17:47:42)
Running from C:\Users\Nallamilli Raman\Desktop
Loaded Profiles: Nallamilli Raman (Available Profiles: Nallamilli Raman)
Platform: Windows 10 Home Version 1703 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Fortinet Inc.) F:\Al Qudra\FortiClient\scheduler.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\avp.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Fortinet Inc.) F:\Al Qudra\FortiClient\FCDBLog.exe
(Fortinet Inc.) F:\Al Qudra\FortiClient\FortiESNAC.exe
(Fortinet Inc.) F:\Al Qudra\FortiClient\FortiSSLVPNdaemon.exe
(Fortinet Inc.) F:\Al Qudra\FortiClient\FCHelper64.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler64.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Fortinet Inc.) F:\Al Qudra\FortiClient\FortiTray.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\avpui.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.18.614.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft) C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.18.614.0_x64__kzf8qxf38zg5c\SkypeApp.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_11705.1001.21.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.18062.12990.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
() C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.17042.14211.0_x64__8wekyb3d8bbwe\Video.UI.exe
() C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.17042.14111.0_x64__8wekyb3d8bbwe\Music.UI.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\ActionUriServer.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [629152 2017-03-19] (Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8497368 2016-03-10] (Realtek Semiconductor)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176440 2016-09-09] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254696 2011-06-09] (Sun Microsystems, Inc.)
HKU\S-1-5-21-2818809977-977177620-758274071-1001\...\Run: [GoogleChromeAutoLaunch_F2A35E3CEF1D0C84455300057F865D99] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [1197912 2017-06-23] (Google Inc.)
HKU\S-1-5-21-2818809977-977177620-758274071-1001\...\MountPoints2: {cc4dd60c-9ff1-11e6-82f9-d0bf9c972658} - "H:\Lenovo_Suite.exe" 
HKU\S-1-5-21-2818809977-977177620-758274071-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Bubbles.scr [804352 2017-03-19] (Microsoft Corporation)
GroupPolicy: Restriction - Chrome <==== ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: 192.168.2.11  fusapps.appsguruconsulting.com   fusapps
Tcpip\Parameters: [DhcpNameServer] 123.176.37.37 123.176.37.38 4.2.2.2
Tcpip\..\Interfaces\{d0cf6cfa-4bc3-455f-8050-c9a8030e4673}: [DhcpNameServer] 123.176.37.37 123.176.37.38 4.2.2.2
Tcpip\..\Interfaces\{f66da426-c55c-4b70-9e92-1c005947f030}: [DhcpNameServer] 123.176.37.37 123.176.37.38 4.2.2.2
 
Internet Explorer:
==================
HKU\S-1-5-21-2818809977-977177620-758274071-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/p/?LinkId=620947&OCID=AVRES000&pc=UE00
BHO: Kaspersky Protection -> {2E38825B-8815-42CF-9126-C58BC28D4591} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\x64\IEExt\ie_plugin.dll [2017-04-30] (AO Kaspersky Lab)
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2017-06-21] (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2017-05-15] (Oracle Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2017-06-21] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2017-05-15] (Oracle Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2016-07-21] (HP Inc.)
BHO-x32: Kaspersky Protection -> {2E38825B-8815-42CF-9126-C58BC28D4591} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\IEExt\ie_plugin.dll [2017-04-30] (AO Kaspersky Lab)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2017-06-21] (Microsoft Corporation)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL [2017-06-21] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2017-05-08] (Sun Microsystems, Inc.)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2016-07-21] (HP Inc.)
Toolbar: HKLM - Kaspersky Protection Toolbar - {093F479D-712E-46CD-9E06-62E734A05F68} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\x64\IEExt\ie_plugin.dll [2017-04-30] (AO Kaspersky Lab)
Toolbar: HKLM-x32 - Kaspersky Protection Toolbar - {093F479D-712E-46CD-9E06-62E734A05F68} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\IEExt\ie_plugin.dll [2017-04-30] (AO Kaspersky Lab)
Toolbar: HKU\S-1-5-21-2818809977-977177620-758274071-1001 -> Kaspersky Protection Toolbar - {093F479D-712E-46CD-9E06-62E734A05F68} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\x64\IEExt\ie_plugin.dll [2017-04-30] (AO Kaspersky Lab)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-06-21] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-06-21] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-06-21] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-06-21] (Microsoft Corporation)
 
FireFox:
========
FF ProfilePath: C:\Users\Nallamilli Raman\AppData\Roaming\Mozilla\Firefox\Profiles\nkjg35i9.default [2017-07-05]
FF Extension: (SaveFrom.net helper) - C:\Users\Nallamilli Raman\AppData\Roaming\Mozilla\Firefox\Profiles\nkjg35i9.default\Extensions\helper-sig@savefrom.net.xpi [2017-06-06]
FF Extension: (Java Console) - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} [2017-05-08] [not signed]
FF HKLM\...\Firefox\Extensions: [light_plugin_F6F079488B53499DB99380A7E11A93F6@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\FFExt\light_plugin_firefox\addon.xpi
FF Extension: (Kaspersky Protection) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\FFExt\light_plugin_firefox\addon.xpi [2017-04-30]
FF HKLM-x32\...\Firefox\Extensions: [light_plugin_F6F079488B53499DB99380A7E11A93F6@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\FFExt\light_plugin_firefox\addon.xpi
FF Plugin: @java.com/DTPlugin,version=10.17.2 -> C:\WINDOWS\system32\npDeployJava1.dll [2017-05-15] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.17.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2017-05-15] (Oracle Corporation)
FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @FortinetCacheClean -> F:\Al Qudra\FortiClient\npccplugin.dll [2017-03-08] (Fortinet Inc.)
FF Plugin-x32: @FortinetCacheCleanEx -> F:\Al Qudra\FortiClient\npccpluginex.dll [2017-03-08] (Fortinet Inc.)
FF Plugin-x32: @FortinetTunnelControl -> F:\Al Qudra\FortiClient\nptcplugin.dll [2017-03-08] (Fortinet Inc.)
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll [2017-05-08] (Sun Microsystems, Inc.)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2017-05-26] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-05-26] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
 
Chrome: 
=======
CHR Profile: C:\Users\Nallamilli Raman\AppData\Local\Google\Chrome\User Data\Default [2017-07-05]
CHR Extension: (Google Slides) - C:\Users\Nallamilli Raman\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-02-25]
CHR Extension: (Google Docs) - C:\Users\Nallamilli Raman\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-02-25]
CHR Extension: (Google Drive) - C:\Users\Nallamilli Raman\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-02-25]
CHR Extension: (YouTube) - C:\Users\Nallamilli Raman\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-02-25]
CHR Extension: (ClipCopy for Tampermonkey) - C:\Users\Nallamilli Raman\AppData\Local\Google\Chrome\User Data\Default\Extensions\cehieljejfgbjhogonapjjndllliopfg [2017-02-25]
CHR Extension: (Сookies Control) - C:\Users\Nallamilli Raman\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfkpefbllpconnkfpdgagkifmflckkdp [2017-07-05]
CHR Extension: (Tampermonkey) - C:\Users\Nallamilli Raman\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2017-06-21]
CHR Extension: (Oracle EBS R12&11i Enablement for Chrome) - C:\Users\Nallamilli Raman\AppData\Local\Google\Chrome\User Data\Default\Extensions\ekkagabmggbmpmncofhgkfigmeldifnc [2017-05-15]
CHR Extension: (Google Sheets) - C:\Users\Nallamilli Raman\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-02-25]
CHR Extension: (Kaspersky Protection) - C:\Users\Nallamilli Raman\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhoibnponjcgjgcnfacekaijdbbplhib [2017-03-03]
CHR Extension: (GoToMeeting Pro Screensharing) - C:\Users\Nallamilli Raman\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcgikpombjkodabhbdalkcdhmllafipp [2017-02-25]
CHR Extension: (Google Docs Offline) - C:\Users\Nallamilli Raman\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-02-25]
CHR Extension: (ESPNCricinfo) - C:\Users\Nallamilli Raman\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijhlikjoigjegofbedmfmlcfkmhabldh [2017-02-25]
CHR Extension: (HP Network Check Launcher) - C:\Users\Nallamilli Raman\AppData\Local\Google\Chrome\User Data\Default\Extensions\jkfpchpiljkaemlpmpebnglgkomamfeo [2017-03-02]
CHR Extension: (Cisco WebEx Extension) - C:\Users\Nallamilli Raman\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlhmfgmfgeifomenelglieieghnjghma [2017-04-19]
CHR Extension: (ThinForms - for Oracle Forms, EBS, Discoverer) - C:\Users\Nallamilli Raman\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmjefghbgfcpoobigfbalocpncklkjhk [2017-05-15]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Nallamilli Raman\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-09]
CHR Extension: (Amazon Assistant for Chrome) - C:\Users\Nallamilli Raman\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbjikboenpfhbbejgkoklgkhjpfogcam [2017-07-03]
CHR Extension: (Gmail) - C:\Users\Nallamilli Raman\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-02-25]
CHR Extension: (Chrome Media Router) - C:\Users\Nallamilli Raman\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-06-29]
CHR HKLM\...\Chrome\Extension: [fhoibnponjcgjgcnfacekaijdbbplhib] - hxxps://chrome.google.com/webstore/detail/fhoibnponjcgjgcnfacekaijdbbplhib
CHR HKLM-x32\...\Chrome\Extension: [fhoibnponjcgjgcnfacekaijdbbplhib] - hxxps://chrome.google.com/webstore/detail/fhoibnponjcgjgcnfacekaijdbbplhib
CHR HKLM-x32\...\Chrome\Extension: [iinglghmhcgdgjjlafobajghjamdchik] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [jkfpchpiljkaemlpmpebnglgkomamfeo] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-08-05] (Apple Inc.)
R2 AVP17.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\avp.exe [241544 2016-06-28] (AO Kaspersky Lab)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [4122816 2017-06-10] (Microsoft Corporation)
R2 FA_Scheduler; F:\Al Qudra\FortiClient\scheduler.exe [119826 2017-03-08] (Fortinet Inc.) [File not signed]
S4 hpqcaslwmiex; C:\Program Files (x86)\HP\Shared\hpqwmiex.exe [1031704 2016-06-03] (HP)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [321056 2017-06-01] (HP Inc.)
S4 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [359848 2015-09-09] (Intel Corporation)
S4 klvssbrigde64; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\x64\vssbridge64.exe [77328 2016-06-28] (AO Kaspersky Lab)
S4 KSDE1.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 1.0\ksde.exe [241544 2016-06-28] (AO Kaspersky Lab)
S4 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [294616 2016-03-10] (Realtek Semiconductor)
S4 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [269400 2016-10-05] (Synaptics Incorporated)
S4 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [10883824 2017-03-17] (TeamViewer GmbH)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [342264 2017-03-19] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [102816 2017-06-20] (Microsoft Corporation)
S2 ESRV_SVC_QUEENCREEK; "C:\Program Files\Intel\SUR\QUEENCREEK\esrv_svc.exe" "--AUTO_START" "--start" "--start_options_registry_key" "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\ESRV_SVC_QUEENCREEK\_start" [X]
S2 SystemUsageReportSvc_QUEENCREEK; "C:\Program Files\Intel Driver Update Utility\SUR\SurSvc.exe" [X]
S2 USER_ESRV_SVC_QUEENCREEK; "C:\Program Files\Intel\SUR\QUEENCREEK\esrv_svc.exe" "--run_as_user_process"  [X]
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R0 cm_km; C:\WINDOWS\System32\DRIVERS\cm_km.sys [238936 2016-06-10] (AO Kaspersky Lab)
S3 FlashUSB; C:\WINDOWS\System32\drivers\FlashUSB.sys [19968 2013-06-21] (Intel Mobile Communications)
S3 fortiapd; C:\WINDOWS\System32\drivers\fortiapd.sys [18000 2017-03-08] (Fortinet Inc)
R1 FortiFilter; C:\WINDOWS\system32\DRIVERS\FortiFilter.sys [45792 2015-08-26] (Fortinet Inc)
S1 FortiFW; C:\WINDOWS\System32\drivers\FortiFW2.sys [37456 2017-03-08] (Fortinet Inc)
S3 Fortips; C:\WINDOWS\System32\drivers\fortips.sys [147536 2017-03-08] (Fortinet Inc)
S3 fortisniff; C:\WINDOWS\System32\drivers\fortisniff2.sys [85072 2017-03-08] (Fortinet Inc)
R3 ft_vnic; C:\WINDOWS\System32\drivers\ftvnic.sys [71928 2015-08-26] (Fortinet Inc)
R0 kl1; C:\WINDOWS\System32\DRIVERS\kl1.sys [554416 2016-06-02] (AO Kaspersky Lab)
R0 klbackupdisk; C:\WINDOWS\System32\DRIVERS\klbackupdisk.sys [63920 2016-06-07] (AO Kaspersky Lab)
R1 klbackupflt; C:\WINDOWS\System32\DRIVERS\klbackupflt.sys [86352 2016-06-15] (AO Kaspersky Lab)
R2 kldisk; C:\WINDOWS\system32\DRIVERS\kldisk.sys [78216 2016-05-31] (AO Kaspersky Lab)
S0 klelam; C:\WINDOWS\System32\DRIVERS\klelam.sys [28792 2016-03-31] (AO Kaspersky Lab)
R3 klflt; C:\WINDOWS\system32\DRIVERS\klflt.sys [197336 2017-04-30] (AO Kaspersky Lab)
R1 klhk; C:\WINDOWS\System32\drivers\klhk.sys [421200 2016-06-20] (AO Kaspersky Lab)
R1 KLIF; C:\WINDOWS\System32\DRIVERS\klif.sys [1018592 2017-04-30] (AO Kaspersky Lab)
R1 KLIM6; C:\WINDOWS\system32\DRIVERS\klim6.sys [57424 2017-05-02] (AO Kaspersky Lab)
R3 klkbdflt; C:\WINDOWS\system32\DRIVERS\klkbdflt.sys [52136 2016-05-19] (AO Kaspersky Lab)
R3 klmouflt; C:\WINDOWS\system32\DRIVERS\klmouflt.sys [41656 2015-06-07] (Kaspersky Lab ZAO)
R1 klpd; C:\WINDOWS\System32\DRIVERS\klpd.sys [45488 2016-05-31] (AO Kaspersky Lab)
R3 kltap; C:\WINDOWS\System32\drivers\kltap.sys [52152 2016-06-07] (The OpenVPN Project)
R0 klupd_klif_arkmon; C:\WINDOWS\System32\Drivers\klupd_klif_arkmon.sys [229288 2017-06-24] (AO Kaspersky Lab)
R3 klupd_klif_kimul; C:\WINDOWS\System32\Drivers\klupd_klif_kimul.sys [87584 2017-07-02] (AO Kaspersky Lab)
R3 klupd_klif_klark; C:\WINDOWS\System32\Drivers\klupd_klif_klark.sys [251656 2017-06-06] (AO Kaspersky Lab)
R0 klupd_klif_klbg; C:\WINDOWS\System32\Drivers\klupd_klif_klbg.sys [112912 2017-06-24] (AO Kaspersky Lab)
R3 klupd_klif_mark; C:\WINDOWS\System32\Drivers\klupd_klif_mark.sys [173144 2017-05-24] (AO Kaspersky Lab)
S4 klwfp; C:\WINDOWS\system32\DRIVERS\klwfp.sys [85320 2016-06-18] (AO Kaspersky Lab)
R1 Klwtp; C:\WINDOWS\system32\DRIVERS\klwtp.sys [136416 2017-04-30] (AO Kaspersky Lab)
R1 kneps; C:\WINDOWS\system32\DRIVERS\kneps.sys [199392 2017-04-30] (AO Kaspersky Lab)
S3 leusbser; C:\WINDOWS\System32\drivers\leusbser.sys [238080 2013-08-01] (QUALCOMM Incorporated)
R3 pppop; C:\WINDOWS\System32\drivers\pppop64.sys [54344 2016-03-29] (Fortinet Inc.)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [886528 2016-03-10] (Realtek                                            )
R3 RTWlanE; C:\WINDOWS\System32\drivers\rtwlane.sys [6804480 2017-05-03] (Realtek Semiconductor Corporation                           )
S3 SDFRd; C:\WINDOWS\System32\drivers\SDFRd.sys [31128 2017-03-19] ()
S3 semav6msr64; C:\WINDOWS\system32\drivers\semav6msr64.sys [21984 2016-10-18] ()
S3 shspusb; C:\WINDOWS\System32\drivers\HSPUSB.sys [24064 2013-06-21] (MobileTop)
S3 SmbDrv; C:\WINDOWS\System32\drivers\Smb_driver_AMDASF.sys [76376 2016-10-05] (Synaptics Incorporated)
R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [79960 2016-10-05] (Synaptics Incorporated)
S3 sscdserd; C:\WINDOWS\System32\drivers\sscdserd.sys [158024 2013-06-21] (MCCI Corporation)
S3 ssceserd; C:\WINDOWS\System32\drivers\ssceserd.sys [158024 2013-06-21] (MCCI Corporation)
S3 ssdudfu; C:\WINDOWS\System32\drivers\ssdudfu.sys [101960 2013-06-21] (MCCI)
S3 ssm_bus; C:\WINDOWS\System32\drivers\ssm_bus.sys [136192 2013-06-21] (MCCI Corporation)
S3 ssm_mdm; C:\WINDOWS\System32\drivers\ssm_mdm.sys [172032 2013-06-21] (MCCI Corporation)
S3 ssuddmgr; C:\WINDOWS\System32\drivers\ssuddmgr.sys [203672 2013-06-21] (DEVGURU Co., LTD.(www.devguru.co.kr))
S3 ssudobex; C:\WINDOWS\System32\drivers\ssudobex.sys [203672 2013-06-21] (DEVGURU Co., LTD.(www.devguru.co.kr))
S3 ssudrmnet; C:\WINDOWS\System32\drivers\ssudrmnet.sys [67864 2013-06-21] (DEVGURU Co., LTD.)
S3 ssudserd; C:\WINDOWS\System32\drivers\ssudserd.sys [203672 2013-06-21] (DEVGURU Co., LTD.(www.devguru.co.kr))
S3 ss_bserd; C:\WINDOWS\System32\drivers\ss_bserd.sys [128000 2013-06-21] (MCCI Corporation)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44632 2017-03-19] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [294816 2017-03-19] (Microsoft Corporation)
S3 wdm_usb; C:\WINDOWS\system32\DRIVERS\usb2ser.sys [151184 2016-07-15] (MBB)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [121248 2017-03-19] (Microsoft Corporation)
R3 WirelessButtonDriver; C:\WINDOWS\System32\drivers\WirelessButtonDriver64.sys [20800 2013-07-23] (Hewlett-Packard Development Company, L.P.)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-07-05 17:47 - 2017-07-05 17:48 - 00024165 _____ C:\Users\Nallamilli Raman\Desktop\FRST.txt
2017-07-05 17:46 - 2017-07-05 17:46 - 02436608 _____ (Farbar) C:\Users\Nallamilli Raman\Desktop\FRST64.exe
2017-07-05 17:30 - 2017-07-05 17:31 - 04110280 _____ C:\Users\Nallamilli Raman\Desktop\AdwCleaner.exe
2017-07-05 16:51 - 2017-07-05 17:32 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2017-07-05 16:51 - 2017-07-05 16:51 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-07-05 16:51 - 2017-07-05 16:51 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-07-05 16:50 - 2017-07-05 17:28 - 00000000 ____D C:\Users\Nallamilli Raman\Desktop\mbar
2017-07-05 16:50 - 2017-07-05 16:50 - 00109272 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2017-07-05 16:48 - 2017-07-05 16:48 - 16563352 _____ (Malwarebytes Corp.) C:\Users\Nallamilli Raman\Desktop\mbar-1.09.3.1001.exe
2017-07-05 16:18 - 2017-07-05 16:18 - 00000885 _____ C:\Users\Nallamilli Raman\Desktop\SALog.txt
2017-07-05 16:15 - 2017-07-05 16:15 - 00899584 _____ C:\Users\Nallamilli Raman\Desktop\RGSA.exe
2017-07-05 14:00 - 2017-07-05 14:00 - 00000026 _____ C:\Users\Nallamilli Raman\Desktop\Traces.txt
2017-07-05 10:01 - 2017-07-05 10:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EaseUS MobiSaver
2017-07-05 10:01 - 2017-07-05 10:01 - 00000000 ____D C:\Program Files (x86)\EaseUS
2017-07-05 00:45 - 2017-07-05 00:45 - 00003392 _____ C:\WINDOWS\System32\Tasks\Kaspersky_Upgrade_Launcher_{278ADC42-419D-4547-A6CA-5B74BE0AD901}
2017-07-05 00:21 - 2017-07-05 00:21 - 00000258 __RSH C:\ProgramData\ntuser.pol
2017-07-05 00:08 - 2017-07-05 00:08 - 00000000 ____D C:\Users\Nallamilli Raman\AppData\Local\Apple Computer
2017-07-05 00:08 - 2017-07-05 00:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2017-07-05 00:07 - 2017-07-05 00:08 - 00000000 ____D C:\Program Files\iTunes
2017-07-05 00:07 - 2017-07-05 00:07 - 00000000 ____D C:\ProgramData\Apple Computer
2017-07-05 00:07 - 2017-07-05 00:07 - 00000000 ____D C:\Program Files\iPod
2017-07-05 00:06 - 2017-07-05 00:06 - 00002535 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2017-07-05 00:06 - 2017-07-05 00:06 - 00000000 ____D C:\WINDOWS\System32\Tasks\Apple
2017-07-05 00:06 - 2017-07-05 00:06 - 00000000 ____D C:\Users\Nallamilli Raman\AppData\Local\Apple
2017-07-05 00:06 - 2017-07-05 00:06 - 00000000 ____D C:\Program Files\Bonjour
2017-07-05 00:06 - 2017-07-05 00:06 - 00000000 ____D C:\Program Files (x86)\Bonjour
2017-07-05 00:06 - 2017-07-05 00:06 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2017-07-05 00:05 - 2017-07-05 00:07 - 00000000 ____D C:\Program Files\Common Files\Apple
2017-07-05 00:05 - 2017-07-05 00:06 - 00000000 ____D C:\ProgramData\Apple
2017-07-04 23:57 - 2017-07-05 00:08 - 00000000 ____D C:\Users\Nallamilli Raman\AppData\Roaming\Apple Computer
2017-07-04 23:57 - 2017-07-04 23:57 - 00001238 _____ C:\Users\Public\Desktop\PhoneRescue.lnk
2017-07-04 23:57 - 2017-07-04 23:57 - 00000000 ____D C:\Users\Nallamilli Raman\AppData\Roaming\iMobie
2017-07-04 23:57 - 2017-07-04 23:57 - 00000000 ____D C:\Users\Nallamilli Raman\AppData\Local\iMobie_Inc
2017-07-04 23:57 - 2017-07-04 23:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iMobie
2017-07-04 23:57 - 2017-07-04 23:57 - 00000000 ____D C:\Program Files (x86)\iMobie
2017-07-03 11:56 - 2017-07-03 13:03 - 00000000 ____D C:\Users\Nallamilli Raman\Desktop\Checklist
2017-07-02 11:57 - 2017-07-02 11:57 - 00087584 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klupd_klif_kimul.sys
2017-06-29 16:14 - 2017-07-03 12:45 - 00010154 _____ C:\Users\Nallamilli Raman\Desktop\July Bills Raman.xlsx
2017-06-28 15:38 - 2017-06-20 11:48 - 01564576 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2017-06-28 15:38 - 2017-06-20 11:48 - 00821664 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.exe
2017-06-28 15:38 - 2017-06-20 11:48 - 00096672 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2017-06-28 15:38 - 2017-06-20 11:47 - 00629152 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2017-06-28 15:38 - 2017-06-20 11:47 - 00544160 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2017-06-28 15:38 - 2017-06-20 11:47 - 00334240 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2017-06-28 15:38 - 2017-06-20 11:47 - 00136096 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2017-06-28 15:38 - 2017-06-20 11:47 - 00034720 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2017-06-28 15:38 - 2017-06-20 11:46 - 01214880 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2017-06-28 15:38 - 2017-06-20 11:46 - 00335776 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcntel.dll
2017-06-28 15:38 - 2017-06-20 11:45 - 01147296 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2017-06-28 15:38 - 2017-06-20 11:45 - 01024928 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2017-06-28 15:38 - 2017-06-20 11:45 - 00965024 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.efi
2017-06-28 15:38 - 2017-06-20 11:45 - 00233376 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2017-06-28 15:38 - 2017-06-20 11:44 - 01065104 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2017-06-28 15:38 - 2017-06-20 11:44 - 00899824 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2017-06-28 15:38 - 2017-06-20 11:41 - 08318880 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-06-28 15:38 - 2017-06-20 11:41 - 02399728 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2017-06-28 15:38 - 2017-06-20 11:41 - 01395152 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2017-06-28 15:38 - 2017-06-20 11:41 - 01186472 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2017-06-28 15:38 - 2017-06-20 11:41 - 00411992 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSAudDecMFT.dll
2017-06-28 15:38 - 2017-06-20 11:40 - 02327456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2017-06-28 15:38 - 2017-06-20 11:40 - 01930320 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2017-06-28 15:38 - 2017-06-20 11:40 - 00119392 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcmnutils.dll
2017-06-28 15:38 - 2017-06-20 11:39 - 02969888 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreUIComponents.dll
2017-06-28 15:38 - 2017-06-20 11:38 - 01242528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2017-06-28 15:38 - 2017-06-20 11:38 - 00923048 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2017-06-28 15:38 - 2017-06-20 11:36 - 01017760 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2017-06-28 15:38 - 2017-06-20 11:36 - 00279968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msiscsi.sys
2017-06-28 15:38 - 2017-06-20 11:35 - 01057832 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
2017-06-28 15:38 - 2017-06-20 11:34 - 04847424 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2017-06-28 15:38 - 2017-06-20 11:34 - 00472728 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanager.dll
2017-06-28 15:38 - 2017-06-20 11:33 - 07325584 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2017-06-28 15:38 - 2017-06-20 11:33 - 05477096 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneCoreUAPCommonProxyStub.dll
2017-06-28 15:38 - 2017-06-20 11:33 - 02444704 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2017-06-28 15:38 - 2017-06-20 11:33 - 00820128 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2017-06-28 15:38 - 2017-06-20 11:33 - 00179608 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHostUser.dll
2017-06-28 15:38 - 2017-06-20 11:33 - 00102312 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredentialUIBroker.exe
2017-06-28 15:38 - 2017-06-20 11:32 - 02645688 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2017-06-28 15:38 - 2017-06-20 11:32 - 01055648 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2017-06-28 15:38 - 2017-06-20 11:32 - 00426912 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHostCommon.dll
2017-06-28 15:38 - 2017-06-20 11:31 - 00872472 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll
2017-06-28 15:38 - 2017-06-20 11:31 - 00553888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2017-06-28 15:38 - 2017-06-20 11:30 - 00558920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.dll
2017-06-28 15:38 - 2017-06-20 11:30 - 00255904 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2017-06-28 15:38 - 2017-06-20 11:30 - 00142752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wcifs.sys
2017-06-28 15:38 - 2017-06-20 11:29 - 07904784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2017-06-28 15:38 - 2017-06-20 11:29 - 06554928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2017-06-28 15:38 - 2017-06-20 11:29 - 01670496 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
2017-06-28 15:38 - 2017-06-20 11:29 - 01220072 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2017-06-28 15:38 - 2017-06-20 11:29 - 01054280 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2017-06-28 15:38 - 2017-06-20 11:29 - 00583304 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2017-06-28 15:38 - 2017-06-20 11:29 - 00467504 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFCaptureEngine.dll
2017-06-28 15:38 - 2017-06-20 11:29 - 00094624 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2017-06-28 15:38 - 2017-06-20 11:28 - 21352184 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-06-28 15:38 - 2017-06-20 11:28 - 01337344 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2017-06-28 15:38 - 2017-06-20 11:28 - 00833160 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditionUpgradeManagerObj.dll
2017-06-28 15:38 - 2017-06-20 11:28 - 00406072 _____ (Microsoft Corporation) C:\WINDOWS\system32\MMDevAPI.dll
2017-06-28 15:38 - 2017-06-20 11:28 - 00371616 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHost.dll
2017-06-28 15:38 - 2017-06-20 11:28 - 00203168 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHostBroker.dll
2017-06-28 15:38 - 2017-06-20 11:27 - 02681760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2017-06-28 15:38 - 2017-06-20 11:27 - 00204192 _____ (Microsoft Corporation) C:\WINDOWS\system32\basecsp.dll
2017-06-28 15:38 - 2017-06-20 11:04 - 00192416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aepic.dll
2017-06-28 15:38 - 2017-06-20 10:58 - 23675904 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-06-28 15:38 - 2017-06-20 10:47 - 03670528 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-06-28 15:38 - 2017-06-20 10:46 - 00970752 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctfuimanager.dll
2017-06-28 15:38 - 2017-06-20 10:46 - 00417280 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleacc.dll
2017-06-28 15:38 - 2017-06-20 10:45 - 01839872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2017-06-28 15:38 - 2017-06-20 10:45 - 01620368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2017-06-28 15:38 - 2017-06-20 10:45 - 00455104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSAudDecMFT.dll
2017-06-28 15:38 - 2017-06-20 10:45 - 00096136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dmcmnutils.dll
2017-06-28 15:38 - 2017-06-20 10:44 - 17364480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2017-06-28 15:38 - 2017-06-20 10:44 - 02199552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
2017-06-28 15:38 - 2017-06-20 10:44 - 01150784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ucrtbase.dll
2017-06-28 15:38 - 2017-06-20 10:44 - 00032768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mskssrv.sys
2017-06-28 15:38 - 2017-06-20 10:43 - 02259760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2017-06-28 15:38 - 2017-06-20 10:43 - 00787712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2017-06-28 15:38 - 2017-06-20 10:43 - 00216064 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Bluetooth.Profiles.Gatt.Interface.dll
2017-06-28 15:38 - 2017-06-20 10:43 - 00081408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanprotdim.dll
2017-06-28 15:38 - 2017-06-20 10:43 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\WFDSConMgr.dll
2017-06-28 15:38 - 2017-06-20 10:43 - 00056832 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinBioDataModelOOBE.exe
2017-06-28 15:38 - 2017-06-20 10:42 - 07931392 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2017-06-28 15:38 - 2017-06-20 10:42 - 00293376 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2017-06-28 15:38 - 2017-06-20 10:42 - 00264192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbvideo.sys
2017-06-28 15:38 - 2017-06-20 10:42 - 00231936 _____ (Microsoft Corporation) C:\WINDOWS\system32\DolbyMATEnc.dll
2017-06-28 15:38 - 2017-06-20 10:42 - 00144384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.System.Profile.RetailInfo.dll
2017-06-28 15:38 - 2017-06-20 10:42 - 00115712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bridge.sys
2017-06-28 15:38 - 2017-06-20 10:42 - 00086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hdaudbus.sys
2017-06-28 15:38 - 2017-06-20 10:41 - 00518144 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2017-06-28 15:38 - 2017-06-20 10:41 - 00200192 _____ (Microsoft Corporation) C:\WINDOWS\system32\ScDeviceEnum.dll
2017-06-28 15:38 - 2017-06-20 10:41 - 00084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2017-06-28 15:38 - 2017-06-20 10:41 - 00064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2017-06-28 15:38 - 2017-06-20 10:40 - 00778240 _____ (Microsoft Corporation) C:\WINDOWS\system32\DolbyHrtfEnc.dll
2017-06-28 15:38 - 2017-06-20 10:40 - 00722432 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2017-06-28 15:38 - 2017-06-20 10:40 - 00315392 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsEnvironment.Desktop.dll
2017-06-28 15:38 - 2017-06-20 10:40 - 00189440 _____ (Microsoft Corporation) C:\WINDOWS\system32\BluetoothApis.dll
2017-06-28 15:38 - 2017-06-20 10:40 - 00188928 _____ (Microsoft Corporation) C:\WINDOWS\system32\wincredui.dll
2017-06-28 15:38 - 2017-06-20 10:40 - 00096256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2017-06-28 15:38 - 2017-06-20 10:39 - 23681536 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-06-28 15:38 - 2017-06-20 10:39 - 00555008 _____ (Microsoft Corporation) C:\WINDOWS\system32\WFDSConMgrSvc.dll
2017-06-28 15:38 - 2017-06-20 10:39 - 00551424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Payments.dll
2017-06-28 15:38 - 2017-06-20 10:39 - 00497152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Shell.BlueLightReduction.dll
2017-06-28 15:38 - 2017-06-20 10:39 - 00427008 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
2017-06-28 15:38 - 2017-06-20 10:39 - 00406032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\policymanager.dll
2017-06-28 15:38 - 2017-06-20 10:39 - 00357888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Narrator.exe
2017-06-28 15:38 - 2017-06-20 10:39 - 00250368 _____ (Microsoft Corporation) C:\WINDOWS\system32\SCardSvr.dll
2017-06-28 15:38 - 2017-06-20 10:39 - 00208384 _____ (Microsoft Corporation) C:\WINDOWS\system32\psmsrv.dll
2017-06-28 15:38 - 2017-06-20 10:39 - 00205312 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipboardServer.dll
2017-06-28 15:38 - 2017-06-20 10:39 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\system32\certprop.dll
2017-06-28 15:38 - 2017-06-20 10:39 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2017-06-28 15:38 - 2017-06-20 10:39 - 00135680 _____ (Microsoft Corporation) C:\WINDOWS\system32\sendmail.dll
2017-06-28 15:38 - 2017-06-20 10:39 - 00062464 _____ (Microsoft Corporation) C:\WINDOWS\system32\dataclen.dll
2017-06-28 15:38 - 2017-06-20 10:38 - 04469840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2017-06-28 15:38 - 2017-06-20 10:38 - 00791040 _____ (Microsoft Corporation) C:\WINDOWS\system32\certca.dll
2017-06-28 15:38 - 2017-06-20 10:38 - 00646656 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockHostingFramework.dll
2017-06-28 15:38 - 2017-06-20 10:38 - 00527360 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2017-06-28 15:38 - 2017-06-20 10:38 - 00386560 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2017-06-28 15:38 - 2017-06-20 10:38 - 00365056 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Notifications.dll
2017-06-28 15:38 - 2017-06-20 10:38 - 00328704 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2017-06-28 15:38 - 2017-06-20 10:38 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinBioDataModel.dll
2017-06-28 15:38 - 2017-06-20 10:38 - 00274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2017-06-28 15:38 - 2017-06-20 10:38 - 00256000 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll
2017-06-28 15:38 - 2017-06-20 10:38 - 00251392 _____ (Microsoft Corporation) C:\WINDOWS\system32\scksp.dll
2017-06-28 15:38 - 2017-06-20 10:37 - 12786688 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2017-06-28 15:38 - 2017-06-20 10:37 - 05820984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2017-06-28 15:38 - 2017-06-20 10:37 - 02475136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll
2017-06-28 15:38 - 2017-06-20 10:37 - 01878016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2017-06-28 15:38 - 2017-06-20 10:37 - 01517536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2017-06-28 15:38 - 2017-06-20 10:37 - 00916992 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe
2017-06-28 15:38 - 2017-06-20 10:37 - 00823296 _____ (Microsoft Corporation) C:\WINDOWS\system32\MbaeApi.dll
2017-06-28 15:38 - 2017-06-20 10:37 - 00757248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdiWiFi.sys
2017-06-28 15:38 - 2017-06-20 10:37 - 00750496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2017-06-28 15:38 - 2017-06-20 10:37 - 00632832 _____ (Microsoft Corporation) C:\WINDOWS\system32\tileobjserver.dll
2017-06-28 15:38 - 2017-06-20 10:37 - 00626176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Bluetooth.dll
2017-06-28 15:38 - 2017-06-20 10:37 - 00621056 _____ (Microsoft Corporation) C:\WINDOWS\system32\SndVolSSO.dll
2017-06-28 15:38 - 2017-06-20 10:37 - 00510976 _____ (Microsoft Corporation) C:\WINDOWS\system32\TDLMigration.dll
2017-06-28 15:38 - 2017-06-20 10:37 - 00422400 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpAXHolder.dll
2017-06-28 15:38 - 2017-06-20 10:37 - 00411136 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2017-06-28 15:38 - 2017-06-20 10:37 - 00346016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudExperienceHostCommon.dll
2017-06-28 15:38 - 2017-06-20 10:37 - 00138656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudExperienceHostUser.dll
2017-06-28 15:38 - 2017-06-20 10:37 - 00129192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2017-06-28 15:38 - 2017-06-20 10:36 - 02165752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2017-06-28 15:38 - 2017-06-20 10:36 - 00942592 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbiosrvc.dll
2017-06-28 15:38 - 2017-06-20 10:36 - 00925696 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2017-06-28 15:38 - 2017-06-20 10:36 - 00847872 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2017-06-28 15:38 - 2017-06-20 10:36 - 00754592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2017-06-28 15:38 - 2017-06-20 10:36 - 00751104 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2017-06-28 15:38 - 2017-06-20 10:36 - 00455680 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2017-06-28 15:38 - 2017-06-20 10:36 - 00411648 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActivationManager.dll
2017-06-28 15:38 - 2017-06-20 10:36 - 00335872 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudDomainJoinDataModelServer.dll
2017-06-28 15:38 - 2017-06-20 10:36 - 00299520 _____ (Microsoft Corporation) C:\WINDOWS\system32\AboveLockAppHost.dll
2017-06-28 15:38 - 2017-06-20 10:36 - 00278944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\thumbcache.dll
2017-06-28 15:38 - 2017-06-20 10:36 - 00253440 _____ (Microsoft Corporation) C:\WINDOWS\system32\edputil.dll
2017-06-28 15:38 - 2017-06-20 10:36 - 00045056 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBrokerUI.dll
2017-06-28 15:38 - 2017-06-20 10:35 - 04447744 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2017-06-28 15:38 - 2017-06-20 10:35 - 02873344 _____ (Microsoft Corporation) C:\WINDOWS\system32\themeui.dll
2017-06-28 15:38 - 2017-06-20 10:35 - 01468416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2017-06-28 15:38 - 2017-06-20 10:35 - 01260544 _____ (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe
2017-06-28 15:38 - 2017-06-20 10:35 - 00873472 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmans.dll
2017-06-28 15:38 - 2017-06-20 10:35 - 00696320 _____ (Microsoft Corporation) C:\WINDOWS\system32\mmsys.cpl
2017-06-28 15:38 - 2017-06-20 10:35 - 00687616 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2017-06-28 15:38 - 2017-06-20 10:35 - 00585216 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppReadiness.dll
2017-06-28 15:38 - 2017-06-20 10:35 - 00438096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.dll
2017-06-28 15:38 - 2017-06-20 10:35 - 00417792 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgentUserBroker.exe
2017-06-28 15:38 - 2017-06-20 10:35 - 00406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputSwitch.dll
2017-06-28 15:38 - 2017-06-20 10:35 - 00374784 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2017-06-28 15:38 - 2017-06-20 10:35 - 00364032 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe
2017-06-28 15:38 - 2017-06-20 10:35 - 00056832 _____ (Microsoft Corporation) C:\WINDOWS\system32\cldapi.dll
2017-06-28 15:38 - 2017-06-20 10:34 - 08243712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-06-28 15:38 - 2017-06-20 10:34 - 08211968 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2017-06-28 15:38 - 2017-06-20 10:34 - 02330520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2017-06-28 15:38 - 2017-06-20 10:34 - 01818624 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll
2017-06-28 15:38 - 2017-06-20 10:34 - 01425920 _____ (Microsoft Corporation) C:\WINDOWS\system32\certutil.exe
2017-06-28 15:38 - 2017-06-20 10:34 - 01178528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxPackaging.dll
2017-06-28 15:38 - 2017-06-20 10:34 - 01177600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Unistore.dll
2017-06-28 15:38 - 2017-06-20 10:34 - 01077496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webservices.dll
2017-06-28 15:38 - 2017-06-20 10:34 - 00899072 _____ (Microsoft Corporation) C:\WINDOWS\system32\SmartcardCredentialProvider.dll
2017-06-28 15:38 - 2017-06-20 10:34 - 00802816 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2017-06-28 15:38 - 2017-06-20 10:34 - 00400896 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXTaskFactory.dll
2017-06-28 15:38 - 2017-06-20 10:34 - 00181656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
2017-06-28 15:38 - 2017-06-20 10:34 - 00178176 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditionUpgradeHelper.dll
2017-06-28 15:38 - 2017-06-20 10:34 - 00049656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msasn1.dll
2017-06-28 15:38 - 2017-06-20 10:33 - 20372896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2017-06-28 15:38 - 2017-06-20 10:33 - 06763648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2017-06-28 15:38 - 2017-06-20 10:33 - 05806048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2017-06-28 15:38 - 2017-06-20 10:33 - 02077184 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2017-06-28 15:38 - 2017-06-20 10:33 - 01396224 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2017-06-28 15:38 - 2017-06-20 10:33 - 00864240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2017-06-28 15:38 - 2017-06-20 10:33 - 00443728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFCaptureEngine.dll
2017-06-28 15:38 - 2017-06-20 10:32 - 03377664 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2017-06-28 15:38 - 2017-06-20 10:32 - 03204096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Bluetooth.Profiles.Gatt.dll
2017-06-28 15:38 - 2017-06-20 10:32 - 02804736 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2017-06-28 15:38 - 2017-06-20 10:32 - 01886208 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2017-06-28 15:38 - 2017-06-20 10:32 - 01194696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2017-06-28 15:38 - 2017-06-20 10:32 - 01121928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2017-06-28 15:38 - 2017-06-20 10:32 - 00988168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2017-06-28 15:38 - 2017-06-20 10:32 - 00707072 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2017-06-28 15:38 - 2017-06-20 10:32 - 00681984 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2017-06-28 15:38 - 2017-06-20 10:32 - 00354400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MMDevAPI.dll
2017-06-28 15:38 - 2017-06-20 10:32 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudDomainJoinAUG.dll
2017-06-28 15:38 - 2017-06-20 10:31 - 04536320 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2017-06-28 15:38 - 2017-06-20 10:31 - 04396032 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
2017-06-28 15:38 - 2017-06-20 10:31 - 03803136 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsThresholdAdminFlowUI.dll
2017-06-28 15:38 - 2017-06-20 10:31 - 03332096 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2017-06-28 15:38 - 2017-06-20 10:31 - 03307008 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2017-06-28 15:38 - 2017-06-20 10:31 - 03059200 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2017-06-28 15:38 - 2017-06-20 10:31 - 02499584 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
2017-06-28 15:38 - 2017-06-20 10:31 - 01713664 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncProvider.dll
2017-06-28 15:38 - 2017-06-20 10:31 - 01305088 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2017-06-28 15:38 - 2017-06-20 10:31 - 01142272 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2017-06-28 15:38 - 2017-06-20 10:31 - 01076736 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
2017-06-28 15:38 - 2017-06-20 10:31 - 00809984 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasapi32.dll
2017-06-28 15:38 - 2017-06-20 10:31 - 00397312 _____ (Microsoft Corporation) C:\WINDOWS\system32\rascustom.dll
2017-06-28 15:38 - 2017-06-20 10:31 - 00176032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\basecsp.dll
2017-06-28 15:38 - 2017-06-20 10:30 - 05557760 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2017-06-28 15:38 - 2017-06-20 10:30 - 03139584 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll
2017-06-28 15:38 - 2017-06-20 10:30 - 03057664 _____ (Microsoft Corporation) C:\WINDOWS\system32\CertEnroll.dll
2017-06-28 15:38 - 2017-06-20 10:30 - 02649600 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2017-06-28 15:38 - 2017-06-20 10:30 - 02597888 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2017-06-28 15:38 - 2017-06-20 10:30 - 02443776 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-06-28 15:38 - 2017-06-20 10:30 - 02171392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Bluetooth.dll
2017-06-28 15:38 - 2017-06-20 10:30 - 01802752 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2017-06-28 15:38 - 2017-06-20 10:30 - 00986112 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2017-06-28 15:38 - 2017-06-20 10:30 - 00406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2017-06-28 15:38 - 2017-06-20 10:29 - 02938880 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2017-06-28 15:38 - 2017-06-20 10:29 - 01674240 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll
2017-06-28 15:38 - 2017-06-20 10:29 - 01357824 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2017-06-28 15:38 - 2017-06-20 10:29 - 00583160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2017-06-28 15:38 - 2017-06-20 10:28 - 00625152 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2017-06-28 15:38 - 2017-06-20 10:27 - 00290816 _____ (Microsoft Corporation) C:\WINDOWS\system32\omadmclient.exe
2017-06-28 15:38 - 2017-06-20 10:27 - 00138752 _____ (Microsoft Corporation) C:\WINDOWS\system32\DMPushRouterCore.dll
2017-06-28 15:38 - 2017-06-20 10:26 - 00985600 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWorkspace.dll
2017-06-28 15:38 - 2017-06-20 10:26 - 00600064 _____ (Microsoft Corporation) C:\WINDOWS\system32\FrameServer.dll
2017-06-28 15:38 - 2017-06-20 10:26 - 00430080 _____ (Microsoft Corporation) C:\WINDOWS\system32\PlayToDevice.dll
2017-06-28 15:38 - 2017-06-20 10:26 - 00241152 _____ (Microsoft Corporation) C:\WINDOWS\system32\wdmaud.drv
2017-06-28 15:38 - 2017-06-20 10:24 - 00059392 _____ (Microsoft Corporation) C:\WINDOWS\system32\DmApiSetExtImplDesktop.dll
2017-06-28 15:38 - 2017-06-20 10:20 - 02957312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2017-06-28 15:38 - 2017-06-20 10:19 - 13839872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2017-06-28 15:38 - 2017-06-20 10:19 - 00899072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctfuimanager.dll
2017-06-28 15:38 - 2017-06-20 10:19 - 00331776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleacc.dll
2017-06-28 15:38 - 2017-06-20 10:17 - 02199552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll
2017-06-28 15:38 - 2017-06-20 10:16 - 00132096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Microsoft.Bluetooth.Profiles.Gatt.Interface.dll
2017-06-28 15:38 - 2017-06-20 10:15 - 20505088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-06-28 15:38 - 2017-06-20 10:15 - 00111104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.System.Profile.RetailInfo.dll
2017-06-28 15:38 - 2017-06-20 10:15 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2017-06-28 15:38 - 2017-06-20 10:14 - 00362496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2017-06-28 15:38 - 2017-06-20 10:13 - 06728192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2017-06-28 15:38 - 2017-06-20 10:13 - 00329728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2017-06-28 15:38 - 2017-06-20 10:13 - 00173568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ClipboardServer.dll
2017-06-28 15:38 - 2017-06-20 10:13 - 00151552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wincredui.dll
2017-06-28 15:38 - 2017-06-20 10:13 - 00139776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BluetoothApis.dll
2017-06-28 15:38 - 2017-06-20 10:13 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2017-06-28 15:38 - 2017-06-20 10:13 - 00080384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2017-06-28 15:38 - 2017-06-20 10:13 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dataclen.dll
2017-06-28 15:38 - 2017-06-20 10:12 - 19336192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-06-28 15:38 - 2017-06-20 10:12 - 00641024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certca.dll
2017-06-28 15:38 - 2017-06-20 10:12 - 00387584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Payments.dll
2017-06-28 15:38 - 2017-06-20 10:12 - 00338432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2017-06-28 15:38 - 2017-06-20 10:12 - 00266240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2017-06-28 15:38 - 2017-06-20 10:12 - 00226304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scksp.dll
2017-06-28 15:38 - 2017-06-20 10:12 - 00121856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sendmail.dll
2017-06-28 15:38 - 2017-06-20 10:11 - 00734208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcastdvr.exe
2017-06-28 15:38 - 2017-06-20 10:11 - 00646656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MbaeApi.dll
2017-06-28 15:38 - 2017-06-20 10:11 - 00601088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SndVolSSO.dll
2017-06-28 15:38 - 2017-06-20 10:11 - 00433152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Bluetooth.dll
2017-06-28 15:38 - 2017-06-20 10:11 - 00241152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecsExt.dll
2017-06-28 15:38 - 2017-06-20 10:11 - 00201216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\credprovhost.dll
2017-06-28 15:38 - 2017-06-20 10:10 - 00636416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2017-06-28 15:38 - 2017-06-20 10:10 - 00368128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgentUserBroker.exe
2017-06-28 15:38 - 2017-06-20 10:10 - 00356864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActivationManager.dll
2017-06-28 15:38 - 2017-06-20 10:10 - 00342016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2017-06-28 15:38 - 2017-06-20 10:10 - 00247808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AboveLockAppHost.dll
2017-06-28 15:38 - 2017-06-20 10:10 - 00230912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edputil.dll
2017-06-28 15:38 - 2017-06-20 10:10 - 00038400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBrokerUI.dll
2017-06-28 15:38 - 2017-06-20 10:09 - 02814464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\themeui.dll
2017-06-28 15:38 - 2017-06-20 10:09 - 02671616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2017-06-28 15:38 - 2017-06-20 10:09 - 00969728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Unistore.dll
2017-06-28 15:38 - 2017-06-20 10:09 - 00646144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mmsys.cpl
2017-06-28 15:38 - 2017-06-20 10:09 - 00471040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VAN.dll
2017-06-28 15:38 - 2017-06-20 10:09 - 00312320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchProtocolHost.exe
2017-06-28 15:38 - 2017-06-20 10:08 - 01451008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll
2017-06-28 15:38 - 2017-06-20 10:08 - 01285120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbghelp.dll
2017-06-28 15:38 - 2017-06-20 10:08 - 01171968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certutil.exe
2017-06-28 15:38 - 2017-06-20 10:08 - 00663040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2017-06-28 15:38 - 2017-06-20 10:08 - 00648192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SmartcardCredentialProvider.dll
2017-06-28 15:38 - 2017-06-20 10:08 - 00329728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2017-06-28 15:38 - 2017-06-20 10:07 - 11870720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2017-06-28 15:38 - 2017-06-20 10:07 - 02859520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2017-06-28 15:38 - 2017-06-20 10:07 - 02008576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2017-06-28 15:38 - 2017-06-20 10:06 - 07596544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2017-06-28 15:38 - 2017-06-20 10:06 - 06291456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-06-28 15:38 - 2017-06-20 10:06 - 03667456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll
2017-06-28 15:38 - 2017-06-20 10:06 - 01494528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActiveSyncProvider.dll
2017-06-28 15:38 - 2017-06-20 10:06 - 01248768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2017-06-28 15:38 - 2017-06-20 10:06 - 00787456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2017-06-28 15:38 - 2017-06-20 10:05 - 05225984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2017-06-28 15:38 - 2017-06-20 10:05 - 02679296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRH.dll
2017-06-28 15:38 - 2017-06-20 10:05 - 02132480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
2017-06-28 15:38 - 2017-06-20 10:05 - 00050176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cldapi.dll
2017-06-28 15:38 - 2017-06-20 10:04 - 04559360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2017-06-28 15:38 - 2017-06-20 10:04 - 04056576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2017-06-28 15:38 - 2017-06-20 10:04 - 02782720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll
2017-06-28 15:38 - 2017-06-20 10:04 - 02750464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CertEnroll.dll
2017-06-28 15:38 - 2017-06-20 10:04 - 02298368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2017-06-28 15:38 - 2017-06-20 10:04 - 02211328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
2017-06-28 15:38 - 2017-06-20 10:04 - 01626624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2017-06-28 15:38 - 2017-06-20 10:04 - 01492480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Bluetooth.dll
2017-06-28 15:38 - 2017-06-20 10:04 - 00760832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasapi32.dll
2017-06-28 15:38 - 2017-06-20 10:01 - 00334848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PlayToDevice.dll
2017-06-28 15:38 - 2017-06-20 10:00 - 00209920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wdmaud.drv
2017-06-28 15:38 - 2017-06-20 10:00 - 00157696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpchttp.dll
2017-06-28 15:38 - 2017-06-20 10:00 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
2017-06-28 15:38 - 2017-06-20 09:58 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\apphelp.dll
2017-06-24 19:45 - 2017-06-24 19:45 - 00229288 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klupd_klif_arkmon.sys
2017-06-24 19:45 - 2017-06-24 19:45 - 00112912 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klupd_klif_klbg.sys
2017-06-22 09:31 - 2017-06-22 09:31 - 00000000 ___HD C:\OneDriveTemp
2017-06-17 13:05 - 2017-06-03 12:02 - 00835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-06-17 13:05 - 2017-06-03 12:02 - 00177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2017-06-17 12:08 - 2017-06-03 15:45 - 01596600 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2017-06-17 12:08 - 2017-06-03 15:45 - 00750560 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2017-06-17 12:08 - 2017-06-03 15:45 - 00382368 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2017-06-17 12:08 - 2017-06-03 15:40 - 00130464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tm.sys
2017-06-17 12:08 - 2017-06-03 15:39 - 01003624 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase.dll
2017-06-17 12:08 - 2017-06-03 15:37 - 00119712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tdx.sys
2017-06-17 12:08 - 2017-06-03 15:30 - 00321376 _____ (Microsoft Corporation) C:\WINDOWS\system32\capauthz.dll
2017-06-17 12:08 - 2017-06-03 15:30 - 00219040 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tpm.sys
2017-06-17 12:08 - 2017-06-03 15:29 - 01409048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2017-06-17 12:08 - 2017-06-03 15:29 - 00626528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2017-06-17 12:08 - 2017-06-03 15:29 - 00311200 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2017-06-17 12:08 - 2017-06-03 15:29 - 00259400 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotifyIcon.exe
2017-06-17 12:08 - 2017-06-03 15:28 - 00660384 _____ (Microsoft Corporation) C:\WINDOWS\system32\comctl32.dll
2017-06-17 12:08 - 2017-06-03 15:28 - 00254176 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2017-06-17 12:08 - 2017-06-03 14:56 - 00266640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\capauthz.dll
2017-06-17 12:08 - 2017-06-03 14:53 - 00573856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comctl32.dll
2017-06-17 12:08 - 2017-06-03 14:44 - 00443392 _____ (Microsoft Corporation) C:\WINDOWS\system32\PerceptionSimulationExtensions.dll
2017-06-17 12:08 - 2017-06-03 14:44 - 00142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmredir.dll
2017-06-17 12:08 - 2017-06-03 14:44 - 00099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\utcutil.dll
2017-06-17 12:08 - 2017-06-03 14:44 - 00047104 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2017-06-17 12:08 - 2017-06-03 14:42 - 00119296 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTimeUtil.dll
2017-06-17 12:08 - 2017-06-03 14:41 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2017-06-17 12:08 - 2017-06-03 14:41 - 00052736 _____ (Microsoft Corporation) C:\WINDOWS\system32\musdialoghandlers.dll
2017-06-17 12:08 - 2017-06-03 14:41 - 00038912 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2017-06-17 12:08 - 2017-06-03 14:41 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BasicRender.sys
2017-06-17 12:08 - 2017-06-03 14:41 - 00002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll
2017-06-17 12:08 - 2017-06-03 14:40 - 00102400 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2017-06-17 12:08 - 2017-06-03 14:40 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCredentialDeployment.exe
2017-06-17 12:08 - 2017-06-03 14:39 - 00271872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Identity.Provider.dll
2017-06-17 12:08 - 2017-06-03 14:39 - 00221184 _____ (Microsoft Corporation) C:\WINDOWS\system32\devicengccredprov.dll
2017-06-17 12:08 - 2017-06-03 14:39 - 00094720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTimeUtil.dll
2017-06-17 12:08 - 2017-06-03 14:37 - 00778240 _____ C:\WINDOWS\system32\MBR2GPT.EXE
2017-06-17 12:08 - 2017-06-03 14:37 - 00197120 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcdboot.exe
2017-06-17 12:08 - 2017-06-03 14:37 - 00002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll
2017-06-17 12:08 - 2017-06-03 14:36 - 00551936 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmCoreProvisioning.dll
2017-06-17 12:08 - 2017-06-03 14:35 - 07336448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2017-06-17 12:08 - 2017-06-03 14:35 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Identity.Provider.dll
2017-06-17 12:08 - 2017-06-03 14:35 - 00169984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\devicengccredprov.dll
2017-06-17 12:08 - 2017-06-03 14:34 - 00805888 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2017-06-17 12:08 - 2017-06-03 14:33 - 00467456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TpmCoreProvisioning.dll
2017-06-17 12:08 - 2017-06-03 14:31 - 06726656 _____ (Microsoft Corporation) C:\WINDOWS\system32\mspaint.exe
2017-06-17 12:08 - 2017-06-03 14:30 - 00933376 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe
2017-06-17 12:08 - 2017-06-03 14:30 - 00358400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2017-06-17 12:08 - 2017-06-03 14:29 - 04730368 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2017-06-17 12:08 - 2017-06-03 14:29 - 02625024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2017-06-17 12:08 - 2017-06-03 14:29 - 02056192 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2017-06-17 12:08 - 2017-06-03 14:29 - 01293824 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2017-06-17 12:08 - 2017-06-03 14:29 - 00975360 _____ (Microsoft Corporation) C:\WINDOWS\HelpPane.exe
2017-06-17 12:08 - 2017-06-03 14:28 - 05961216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2017-06-17 12:08 - 2017-06-03 14:28 - 02516480 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2017-06-17 12:08 - 2017-06-03 14:28 - 01888256 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2017-06-17 12:08 - 2017-06-03 14:28 - 01046016 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcsvc.dll
2017-06-17 12:08 - 2017-06-03 14:28 - 00827392 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2017-06-17 12:08 - 2017-06-03 14:27 - 06535168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mspaint.exe
2017-06-17 12:08 - 2017-06-03 14:27 - 02829824 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2017-06-17 12:08 - 2017-06-03 14:27 - 00797184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe
2017-06-17 12:08 - 2017-06-03 14:25 - 03656192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2017-06-17 12:08 - 2017-06-03 14:25 - 01019904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2017-06-17 12:08 - 2017-06-03 14:24 - 02341376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
2017-06-17 12:08 - 2017-06-03 14:21 - 00064512 _____ (Microsoft Corporation) C:\WINDOWS\bfsvc.exe
2017-06-12 16:51 - 2017-06-12 16:51 - 00014379 _____ C:\Users\Nallamilli Raman\Desktop\UPVT OU.xlsx
2017-06-08 14:35 - 2017-06-08 14:35 - 00149085 _____ C:\Users\Nallamilli Raman\Desktop\Period Close Status - UPLB.xlsx
2017-06-08 14:35 - 2017-06-08 14:35 - 00005008 _____ C:\Users\Nallamilli Raman\Desktop\Cancel_invoices.sql
2017-06-08 14:35 - 2017-06-08 14:35 - 00001674 _____ C:\Users\Nallamilli Raman\Desktop\Never_Validated_Invoices_list.sql
2017-06-06 14:46 - 2017-06-06 14:46 - 00251656 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klupd_klif_klark.sys
2017-06-06 12:42 - 2017-06-06 17:12 - 00013392 _____ C:\Users\Nallamilli Raman\Desktop\Qube -GL Templates.xlsx
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-07-05 17:47 - 2016-12-14 20:23 - 00000000 ____D C:\FRST
2017-07-05 17:34 - 2016-12-15 15:45 - 00000000 ____D C:\AdwCleaner
2017-07-05 17:33 - 2016-11-28 12:18 - 00000000 ____D C:\Users\Nallamilli Raman\AppData\LocalLow\Mozilla
2017-07-05 16:55 - 2017-05-02 07:46 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-07-05 16:29 - 2017-02-25 08:34 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2017-07-05 12:38 - 2017-02-23 04:48 - 00000000 ____D C:\Users\Nallamilli Raman\AppData\Local\Packages
2017-07-05 12:36 - 2017-05-08 16:13 - 00004178 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{8CFDDA11-BC24-4757-8420-97476F82733A}
2017-07-05 09:28 - 2017-03-19 02:33 - 00000000 ___HD C:\Program Files\WindowsApps
2017-07-05 09:28 - 2017-03-19 02:33 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-07-05 00:45 - 2017-02-25 08:35 - 00000000 ____D C:\Program Files\Common Files\AV
2017-07-05 00:35 - 2017-05-02 08:06 - 01095646 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-07-05 00:29 - 2017-05-02 08:06 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-07-05 00:28 - 2017-03-18 17:10 - 01048576 _____ C:\WINDOWS\system32\config\BBI
2017-07-05 00:21 - 2017-03-19 02:33 - 00000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy
2017-07-05 00:21 - 2017-02-23 17:35 - 00000000 ___HD C:\WINDOWS\system32\GroupPolicy
2017-07-05 00:06 - 2017-03-19 02:31 - 00000000 ____D C:\WINDOWS\INF
2017-07-04 10:29 - 2017-02-28 02:29 - 00000000 ____D C:\Users\Nallamilli Raman\AppData\Roaming\vlc
2017-07-04 10:29 - 2017-02-25 10:01 - 00000000 ____D C:\Users\Nallamilli Raman\AppData\Roaming\uTorrent
2017-06-30 11:48 - 2017-05-25 23:38 - 00000400 _____ C:\WINDOWS\Tasks\HPCeeScheduleForNallamilli Raman.job
2017-06-29 12:44 - 2017-03-19 02:33 - 00000000 ____D C:\WINDOWS\rescache
2017-06-29 11:53 - 2017-05-25 23:38 - 00003336 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForNallamilli Raman
2017-06-29 11:44 - 2017-02-25 09:57 - 00002279 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-06-28 16:58 - 2015-04-28 10:09 - 00000000 __RHD C:\Users\Public\AccountPictures
2017-06-28 16:54 - 2017-05-02 07:46 - 00386488 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-06-28 16:52 - 2017-03-19 02:33 - 00000000 ___SD C:\WINDOWS\SysWOW64\F12
2017-06-28 16:51 - 2017-03-19 02:33 - 00000000 ___SD C:\WINDOWS\system32\F12
2017-06-28 16:51 - 2017-03-19 02:33 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2017-06-28 16:51 - 2017-03-19 02:33 - 00000000 ___RD C:\Program Files\Windows Defender
2017-06-28 16:51 - 2017-03-19 02:33 - 00000000 ____D C:\WINDOWS\system32\oobe
2017-06-28 16:51 - 2017-03-19 02:33 - 00000000 ____D C:\WINDOWS\system32\migwiz
2017-06-28 16:51 - 2017-03-19 02:33 - 00000000 ____D C:\WINDOWS\system32\appraiser
2017-06-28 16:51 - 2017-03-19 02:33 - 00000000 ____D C:\WINDOWS\ShellExperiences
2017-06-28 16:51 - 2017-03-19 02:33 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2017-06-28 16:49 - 2017-05-02 07:51 - 00000000 ____D C:\Users\Nallamilli Raman
2017-06-28 15:42 - 2017-03-19 02:21 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-06-25 01:40 - 2015-05-25 14:33 - 00000000 ___RD C:\Users\Nallamilli Raman\OneDrive
2017-06-23 19:08 - 2017-02-25 09:27 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2017-06-22 09:31 - 2017-05-02 08:06 - 00003304 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2
2017-06-22 09:31 - 2017-02-23 06:50 - 00002403 _____ C:\Users\Nallamilli Raman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-06-21 09:45 - 2017-03-19 02:33 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-06-17 12:22 - 2017-02-25 05:46 - 00000000 ____D C:\WINDOWS\system32\MRT
2017-06-17 12:13 - 2017-02-25 05:46 - 133627792 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-06-17 11:40 - 2017-03-19 02:33 - 00000000 ____D C:\WINDOWS\system32\NDF
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2017-06-30 13:06
 
==================== End of FRST.txt ============================


#7 rnallamilli

rnallamilli
  • Topic Starter

  • Members
  • 377 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:56 PM

Posted 05 July 2017 - 07:21 AM

Addition.txt

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 04-07-2017
Ran by Nallamilli Raman (05-07-2017 17:48:51)
Running from C:\Users\Nallamilli Raman\Desktop
Windows 10 Home Version 1703 (X64) (2017-05-02 03:52:56)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-2818809977-977177620-758274071-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2818809977-977177620-758274071-503 - Limited - Disabled)
Guest (S-1-5-21-2818809977-977177620-758274071-501 - Limited - Disabled)
nalla (S-1-5-21-2818809977-977177620-758274071-1004 - Administrator - Enabled)
Nallamilli Raman (S-1-5-21-2818809977-977177620-758274071-1001 - Administrator - Enabled) => C:\Users\Nallamilli Raman
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Kaspersky Anti-Virus (Disabled - Up to date) {86367591-4BE4-AE08-2FD9-7FCB8259CD98}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Kaspersky Anti-Virus (Disabled - Up to date) {3D579475-6DDE-A186-1569-44B9F9DE8725}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
. . (HKLM\...\{12B07FF1-29CB-45AC-B493-1DB88BE717BD}) (Version: 7.1 - Intel) Hidden
µTorrent (HKU\S-1-5-21-2818809977-977177620-758274071-1001\...\uTorrent) (Version: 3.5.0.43916 - BitTorrent Inc.)
Apple Application Support (32-bit) (HKLM-x32\...\{29DB9165-5FC1-48F0-9188-26123F526848}) (Version: 5.0.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{5905C8CF-1C88-4478-A48E-4E458AD1BC7E}) (Version: 5.0.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{D4D86CB2-2370-4691-8272-3869EDED6C64}) (Version: 10.0.0.18 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
EaseUS MobiSaver (HKLM-x32\...\EaseUS MobiSaver_is1) (Version:  - EaseUS)
FortiClient (HKLM\...\{C8080F10-F9D9-42C8-81AF-C6DB77E66BFD}) (Version: 5.4.3.0870 - Fortinet Inc)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 59.0.3071.115 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
HP Support Assistant (HKLM-x32\...\{4780AF24-213D-4187-86F2-0014A6D6077B}) (Version: 8.4.19.3 - HP Inc.)
HP Support Solutions Framework (HKLM-x32\...\{00612F78-52C4-46C0-97F0-F50B6036B5E2}) (Version: 12.7.22.13 - HP Inc.)
Intel® Chipset Device Software (HKLM-x32\...\{60c073df-e736-4210-9c3a-5fc2b651cef3}) (Version: 10.1.1.7 - Intel® Corporation) Hidden
Intel® Driver Update Utility (HKLM-x32\...\{954190cd-c66c-4650-bd15-f3dd85f2ae15}) (Version: 2.7.2.4 - Intel)
iTunes (HKLM\...\{9946A4F7-E0FD-4A33-82D1-06CBFFBBB9F9}) (Version: 12.5.1.21 - Apple Inc.)
Java 7 Update 17 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417017FF}) (Version: 7.0.170 - Oracle)
Java™ 6 Update 27 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216027FF}) (Version: 6.0.270 - Oracle)
Kaspersky Anti-Virus (HKLM-x32\...\{E27B1D7B-3B34-43A2-9FC0-9828D5DF46E2}) (Version: 17.0.0.611 - Kaspersky Lab) Hidden
Kaspersky Anti-Virus (HKLM-x32\...\InstallWIX_{E27B1D7B-3B34-43A2-9FC0-9828D5DF46E2}) (Version: 17.0.0.611 - Kaspersky Lab)
Kaspersky Secure Connection (HKLM-x32\...\{1CF84962-50F8-48CA-9082-B70F3A02C686}) (Version: 17.0.0.611 - Kaspersky Lab) Hidden
Kaspersky Secure Connection (HKLM-x32\...\InstallWIX_{1CF84962-50F8-48CA-9082-B70F3A02C686}) (Version: 17.0.0.611 - Kaspersky Lab)
Microsoft Office 365 Business - en-us (HKLM\...\O365BusinessRetail - en-us) (Version: 16.0.8201.2102 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2818809977-977177620-758274071-1001\...\OneDriveSetup.exe) (Version: 17.3.6917.0607 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Mozilla Firefox 54.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 54.0 (x86 en-US)) (Version: 54.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 54.0.0.6330 - Mozilla)
Notepad++ (32-bit x86) (HKLM-x32\...\Notepad++) (Version: 7.3.2 - Notepad++ Team)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.8201.2102 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.8201.2102 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.8201.2102 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.8201.2075 - Microsoft Corporation) Hidden
Oracle VM VirtualBox 4.2.16 (HKLM\...\{4CC3444D-7279-4E83-984F-18E9A7B2E803}) (Version: 4.2.16 - Oracle Corporation)
PhoneRescue (HKLM-x32\...\PhoneRescue) (Version: 3.4.0.0 - iMobie Inc.)
Popcorn-Time (HKU\S-1-5-21-2818809977-977177620-758274071-1001\...\Popcorn-Time) (Version: 0.3.10 - Popcorn Time)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7553 - Realtek Semiconductor Corp.)
Synaptics ClickPad Driver (HKLM\...\SynTPDeinstKey) (Version: 19.2.4.10 - Synaptics Incorporated)
TeamViewer 12 (HKLM-x32\...\TeamViewer) (Version: 12.0.75813 - TeamViewer)
TeraCopy 2.3 (HKLM\...\TeraCopy_is1) (Version:  - Code Sector)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.4 - VideoLAN)
Windows 10 Upgrade Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.17387 - Microsoft Corporation)
WinRAR 5.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.20.0 - win.rar GmbH)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
ContextMenuHandlers01: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files (x86)\Notepad++\NppShell_06.dll [2017-02-13] ()
ContextMenuHandlers01: [Kaspersky Anti-Virus 17.0.0] -> {39C9FA89-7012-4573-A92D-BFD1F8CA542D} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\x64\shellex.dll [2017-04-30] (AO Kaspersky Lab)
ContextMenuHandlers01: [TeraCopy] -> {A8005AF0-D6E8-48AF-8DFA-023B1CF660A7} => C:\Program Files\TeraCopy\TeraCopyExt64.dll [2012-01-20] ()
ContextMenuHandlers01: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2014-12-02] (Alexander Roshal)
ContextMenuHandlers01: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} =>  -> No File
ContextMenuHandlers02: [Kaspersky Anti-Virus 17.0.0] -> {39C9FA89-7012-4573-A92D-BFD1F8CA542D} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\x64\shellex.dll [2017-04-30] (AO Kaspersky Lab)
ContextMenuHandlers02: [TeraCopy] -> {A8005AF0-D6E8-48AF-8DFA-023B1CF660A7} => C:\Program Files\TeraCopy\TeraCopyExt64.dll [2012-01-20] ()
ContextMenuHandlers04: [Kaspersky Anti-Virus 17.0.0] -> {39C9FA89-7012-4573-A92D-BFD1F8CA542D} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\x64\shellex.dll [2017-04-30] (AO Kaspersky Lab)
ContextMenuHandlers04: [TeraCopy] -> {A8005AF0-D6E8-48AF-8DFA-023B1CF660A7} => C:\Program Files\TeraCopy\TeraCopyExt64.dll [2012-01-20] ()
ContextMenuHandlers05: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers05: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2015-09-09] (Intel Corporation)
ContextMenuHandlers06: [Kaspersky Anti-Virus 17.0.0] -> {39C9FA89-7012-4573-A92D-BFD1F8CA542D} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\x64\shellex.dll [2017-04-30] (AO Kaspersky Lab)
ContextMenuHandlers06: [TeraCopy] -> {A8005AF0-D6E8-48AF-8DFA-023B1CF660A7} => C:\Program Files\TeraCopy\TeraCopyExt64.dll [2012-01-20] ()
ContextMenuHandlers06: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2014-12-02] (Alexander Roshal)
ContextMenuHandlers06: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} =>  -> No File
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {13DE1A46-ED3E-4BA2-BA2A-41306A9764FE} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-06-10] (Microsoft Corporation)
Task: {14C14D4D-1A42-47B8-91F7-F57B1094B6CA} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
Task: {1A3F786F-4162-4569-B681-50F10A016B3F} - System32\Tasks\Kaspersky_Upgrade_Launcher_{278ADC42-419D-4547-A6CA-5B74BE0AD901} => C:\Program Files\Common Files\AV\Kaspersky Lab\upgrade_launcher.exe [2016-07-11] (AO Kaspersky Lab)
Task: {26ED872F-6C13-4D52-9A39-2FC97D9277F6} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2017-06-22] (HP Inc.)
Task: {377A5920-68D8-430A-91C8-ECC59E678689} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-12-06] (HP Inc.)
Task: {4AB01EF0-D420-4663-8ECE-20316BF922EA} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2017-04-07] (HP Inc.)
Task: {59DD599E-DB48-40FF-8FBE-D240DF7845B3} - \Intel\Intel Telemetry 2 -> No File <==== ATTENTION
Task: {5F0C40E6-1035-44F1-A10E-743839D14564} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2017-06-21] ()
Task: {5F865338-2CAC-4BF0-872E-F3354C966EE0} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2017-04-06] (HP Inc.)
Task: {7D261B58-AA97-4A6E-87CA-26F06175896F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-02-25] (Google Inc.)
Task: {877EB63B-8CA0-4C0C-87F6-061142C5A47D} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2017-06-21] ()
Task: {9D3FC351-107C-45BD-A3F6-913C3FC9D46C} - \USER_ESRV_SVC_QUEENCREEK -> No File <==== ATTENTION
Task: {AA03AA43-FAFF-4DD1-8F23-74B04BD4C103} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater - Resources => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-12-06] (HP Inc.)
Task: {B322C66B-724C-43C2-9334-2AA22574088A} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2017-06-21] (Microsoft Corporation)
Task: {BCA04C3D-C562-4C00-888F-56C86AAC618A} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2017-04-07] (HP Inc.)
Task: {CBA1F806-6EA6-4CD1-86C4-797CC4F37EA6} - System32\Tasks\HPCeeScheduleForNallamilli Raman => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2016-05-12] (HP Development Company, L.P.)
Task: {D12CB0DC-3735-4B8C-A288-EBB455735359} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-06-10] (Microsoft Corporation)
Task: {F42A3400-6914-4DC6-9E60-C363FF7D71BE} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe [2017-05-25] (HP Inc.)
Task: {F494147B-A2B7-47D7-B360-7D85B31BB6CC} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2016-11-07] (HP Inc.)
Task: {F65E0A25-9F64-415E-A6C3-8C251067728E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-02-25] (Google Inc.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\HPCeeScheduleForNallamilli Raman.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
ShortcutWithArgument: C:\Users\Nallamilli Raman\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\76f9e4d33b60b312\Popcorn-Time.lnk -> C:\Users\Nallamilli Raman\AppData\Local\Popcorn-Time\Popcorn-Time.exe (The NWJS Community) -> --user-data-dir="C:\Users\Nallamilli Raman\AppData\Local\Popcorn-Time\User Data" --profile-directory=Default --app-id=hecfofbbdfadifpemejbbdcjmfmboohj
 
==================== Loaded Modules (Whitelisted) ==============
 
2016-09-01 18:12 - 2016-09-01 18:12 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2016-09-01 18:12 - 2016-09-01 18:12 - 01353528 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2017-03-19 02:28 - 2017-03-19 02:28 - 00138000 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2017-02-25 09:42 - 2017-06-21 09:41 - 08931008 _____ () C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\1033\GrooveIntlResource.dll
2017-02-25 10:29 - 2012-01-29 16:55 - 00657920 _____ () C:\Program Files\TeraCopy\TeraCopy64.dll
2017-02-25 10:29 - 2012-01-20 14:55 - 00678400 _____ () C:\Program Files\TeraCopy\TeraCopyExt64.dll
2017-02-13 04:01 - 2017-02-13 04:01 - 00230064 _____ () C:\Program Files (x86)\Notepad++\NppShell_06.dll
2017-03-19 02:29 - 2017-03-19 08:01 - 01731072 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-06-21 09:37 - 2017-06-21 09:40 - 00074752 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.18.614.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2017-06-21 09:37 - 2017-06-21 09:40 - 00203264 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.18.614.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2017-06-21 09:37 - 2017-06-21 09:41 - 43454464 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.18.614.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2017-06-21 09:37 - 2017-06-21 09:40 - 02437120 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.18.614.0_x64__kzf8qxf38zg5c\skypert.dll
2017-06-21 09:37 - 2017-06-21 09:40 - 00138240 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.18.614.0_x64__kzf8qxf38zg5c\SkypeHost.Proxies.dll
2017-06-29 11:44 - 2017-06-23 08:51 - 03807064 _____ () C:\Program Files (x86)\Google\Chrome\Application\59.0.3071.115\libglesv2.dll
2017-06-29 11:44 - 2017-06-23 08:51 - 00100184 _____ () C:\Program Files (x86)\Google\Chrome\Application\59.0.3071.115\libegl.dll
2017-06-21 09:37 - 2017-06-21 09:39 - 00181248 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.18.614.0_x64__kzf8qxf38zg5c\Microsoft.Skype.ImageTool.dll
2017-06-21 09:37 - 2017-06-21 09:41 - 00041472 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.18.614.0_x64__kzf8qxf38zg5c\TraceProvider.dll
2017-06-21 09:37 - 2017-06-21 09:41 - 00922624 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.18.614.0_x64__kzf8qxf38zg5c\VideoN.dll
2017-05-23 20:13 - 2017-05-23 20:13 - 03139496 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11705.1001.21.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2017-06-22 09:28 - 2017-06-22 09:30 - 10628608 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11705.1001.21.0_x64__8wekyb3d8bbwe\WinStore.Entertainment.Mobile.dll
2017-06-22 09:28 - 2017-06-22 09:29 - 02640384 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11705.1001.21.0_x64__8wekyb3d8bbwe\MS.Entertainment.Common.Mobile.dll
2017-06-22 09:28 - 2017-06-22 09:30 - 00766464 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11705.1001.21.0_x64__8wekyb3d8bbwe\WinStore.Vui.dll
2017-06-20 09:41 - 2017-06-21 09:28 - 00020480 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.18062.12990.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
2017-06-20 09:41 - 2017-06-21 09:28 - 27430400 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.18062.12990.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll
2017-06-17 12:15 - 2017-06-17 12:18 - 00460288 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.18062.12990.0_x64__8wekyb3d8bbwe\Microsoft.Photos.AGM.Native.Windows.dll
2017-06-17 12:15 - 2017-06-17 12:18 - 02275328 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.18062.12990.0_x64__8wekyb3d8bbwe\MediaEngine.dll
2017-05-23 20:13 - 2017-05-23 20:13 - 03139496 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.18062.12990.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2017-06-17 12:15 - 2017-06-17 12:18 - 00046080 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.18062.12990.0_x64__8wekyb3d8bbwe\Microsoft.Photos.Edit.Services.dll
2017-02-23 22:25 - 2017-02-23 22:25 - 00680448 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.18062.12990.0_x64__8wekyb3d8bbwe\Microsoft.DesignCore.dll
2017-06-17 12:15 - 2017-06-17 12:18 - 00900096 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.18062.12990.0_x64__8wekyb3d8bbwe\Microsoft.RichMedia.Ink.Controls.dll
2017-05-05 09:09 - 2017-05-05 09:09 - 01062400 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.18062.12990.0_x64__8wekyb3d8bbwe\Microsoft.Sharing.dll
2016-07-16 20:04 - 2016-07-16 20:04 - 00291328 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.18062.12990.0_x64__8wekyb3d8bbwe\StoreRatingPromotion.dll
2017-06-02 11:44 - 2017-06-02 11:44 - 23661056 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.17042.14211.0_x64__8wekyb3d8bbwe\Video.UI.exe
2017-06-02 11:44 - 2017-06-02 11:44 - 09016320 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.17042.14211.0_x64__8wekyb3d8bbwe\EntCommon.dll
2017-05-26 21:58 - 2017-05-26 22:00 - 03140520 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.17042.14211.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2017-06-02 11:44 - 2017-06-02 11:44 - 30965760 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.17042.14111.0_x64__8wekyb3d8bbwe\Music.UI.exe
2017-06-02 11:44 - 2017-06-02 11:44 - 09016320 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.17042.14111.0_x64__8wekyb3d8bbwe\EntCommon.dll
2017-05-26 21:58 - 2017-05-26 22:00 - 03140520 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.17042.14111.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2016-06-28 00:19 - 2016-06-28 00:19 - 00865232 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\kpcengine.2.3.dll
2017-03-08 16:07 - 2017-03-08 16:07 - 00548882 _____ () F:\Al Qudra\FortiClient\sqlite3.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\S-1-5-21-2818809977-977177620-758274071-1001\...\sharepoint.com -> hxxps://netorg529623-files.sharepoint.com
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2017-02-23 17:35 - 2017-05-15 14:35 - 00000884 _____ C:\WINDOWS\system32\Drivers\etc\hosts
 
192.168.2.11  fusapps.appsguruconsulting.com   fusapps
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-2818809977-977177620-758274071-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Nallamilli Raman\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\wall paper saibaba1.jpg
DNS Servers: 123.176.37.37 - 123.176.37.38
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
MSCONFIG\Services: cphs => 3
MSCONFIG\Services: ESRV_SVC_QUEENCREEK => 2
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: hpqcaslwmiex => 3
MSCONFIG\Services: hpsrv => 2
MSCONFIG\Services: HPSupportSolutionsFrameworkService => 2
MSCONFIG\Services: igfxCUIService2.0.0.0 => 2
MSCONFIG\Services: klvssbrigde64 => 3
MSCONFIG\Services: KSDE1.0.0 => 2
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: RtkAudioService => 2
MSCONFIG\Services: SynTPEnhService => 2
MSCONFIG\Services: SystemUsageReportSvc_QUEENCREEK => 2
MSCONFIG\Services: TeamViewer => 2
MSCONFIG\Services: USER_ESRV_SVC_QUEENCREEK => 2
HKLM\...\StartupApproved\Run: => "SecurityHealth"
HKLM\...\StartupApproved\Run: => "RTHDVCPL"
HKU\S-1-5-21-2818809977-977177620-758274071-1001\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_F2A35E3CEF1D0C84455300057F865D99"
HKU\S-1-5-21-2818809977-977177620-758274071-1001\...\StartupApproved\Run: => "OneDrive"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{BF405060-7C49-4CE9-8EC9-C430B1FF5AE3}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{920A0AA3-2BCF-4D62-8CB1-425899FFBF88}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{B2DD2B63-93D6-4AC9-8E4C-1DA27A7DD5EC}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{07C9B39D-856F-4D3E-B0A5-EA371ABD0C85}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [UDP Query User{DC5B8749-D149-4AAF-A578-6EBD836A3C58}C:\users\nallamilli raman\appdata\local\popcorn-time\popcorn-time.exe] => (Block) C:\users\nallamilli raman\appdata\local\popcorn-time\popcorn-time.exe
FirewallRules: [TCP Query User{CFD22FC9-60BA-403C-A3F1-40A418696C16}C:\users\nallamilli raman\appdata\local\popcorn-time\popcorn-time.exe] => (Block) C:\users\nallamilli raman\appdata\local\popcorn-time\popcorn-time.exe
FirewallRules: [{55A816CF-7465-40FA-A8DC-1C5F4291BD32}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{D891CEB8-B795-4F9F-B66B-8B897DD00CA9}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{87B798F5-7149-4CA7-A67A-676E8772C014}] => (Allow) C:\Users\Nallamilli Raman\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{C01FC9AC-DCC1-4537-BA83-040B5FC85E47}] => (Allow) C:\Users\Nallamilli Raman\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{B39396FE-73C6-4792-B369-4FA40189EAFB}] => (Allow) C:\Users\Nallamilli Raman\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{2D2E3B91-60B1-4C96-937E-5239606C121A}] => (Allow) C:\Users\Nallamilli Raman\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{DA7EBA86-79ED-46B5-B663-CEFE4B2F7B4C}] => (Allow) C:\Users\Nallamilli Raman\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{29854BC7-33EF-4222-BEC3-E7ADB8C551E5}] => (Allow) C:\Users\Nallamilli Raman\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{7BA28C2D-2ED1-4B8C-92E7-EEF0AD183BDF}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{C8F45676-3A0C-4067-A019-AC6B0F04914C}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{09E4610F-BB43-4B7C-B93B-3ABEBBE809B5}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{A9EE8912-D6D0-4D54-B3A5-CAF9CA93C8FB}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{C38896DC-6D18-4472-827F-641DE3A7ED8C}] => (Allow) F:\Al Qudra\FortiClient\FortiProxy.exe
FirewallRules: [{916421CE-34E5-415A-B0F0-09220552BC73}] => (Allow) F:\Al Qudra\FortiClient\ipsec.exe
FirewallRules: [{F8A26344-C5C2-4F9E-A2A5-ED5A95548F5E}] => (Allow) F:\Al Qudra\FortiClient\FortiWad.exe
FirewallRules: [{30DBAD5A-7361-4837-896A-73A603AA981B}] => (Allow) F:\Al Qudra\FortiClient\fortiesnac.exe
FirewallRules: [{AAAEA484-03E3-416C-8B17-89AF55AF49DC}] => (Allow) F:\Al Qudra\FortiClient\fortifws.exe
FirewallRules: [TCP Query User{24759EC4-C8D3-482E-B3E7-61494AD1E7FB}C:\program files (x86)\java\jre6\bin\java.exe] => (Allow) C:\program files (x86)\java\jre6\bin\java.exe
FirewallRules: [UDP Query User{B87583F1-1EAA-48FA-BBA7-68CC50461DF5}C:\program files (x86)\java\jre6\bin\java.exe] => (Allow) C:\program files (x86)\java\jre6\bin\java.exe
FirewallRules: [TCP Query User{9C10A76B-A224-4560-A56E-C9FBA6F5AA0A}C:\program files\java\jre7\bin\java.exe] => (Allow) C:\program files\java\jre7\bin\java.exe
FirewallRules: [UDP Query User{D378156C-E710-4EF0-814F-D1EAC4A19245}C:\program files\java\jre7\bin\java.exe] => (Allow) C:\program files\java\jre7\bin\java.exe
FirewallRules: [{0F310C5E-3897-4D41-BFBE-C3C5D4CBE3A1}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{EC1EB6FC-4796-4BBB-92C2-C57BD60EA726}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{98F6259C-CDAE-4B6E-A0DD-088AE87D3566}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{DB315A4E-D491-4838-8B0C-5A5D9788DCDF}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{63E457F7-D795-40A3-8A24-8B85DFF6BAAD}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{56A937DE-FB37-4E17-AC02-43F66BCDC432}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{2B8B69AF-EC29-45D4-A77F-BD3150F03D59}] => (Allow) C:\Program Files\iTunes\iTunes.exe
 
==================== Restore Points =========================
 
23-06-2017 20:23:55 Windows Update
28-06-2017 15:39:17 Windows Update
05-07-2017 00:06:30 Installed iTunes
 
==================== Faulty Device Manager Devices =============
 
Name: HP Mobile Data Protection Sensor
Description: HP Mobile Data Protection Sensor
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Hewlett-Packard
Service: Accelerometer
Problem: : The software for this device has been blocked from starting because it is known to have problems with Windows. Contact the hardware vendor for a new driver. (Code 48)
Resolution: Download the latest drivers from the manufacturer, uninstall the current driver, and then install the latest drivers.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (07/05/2017 05:43:45 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: RNALLAMILLI)
Description: Activation of app Microsoft.BingWeather_8wekyb3d8bbwe!App failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (07/05/2017 05:13:45 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: RNALLAMILLI)
Description: Activation of app Microsoft.BingWeather_8wekyb3d8bbwe!App failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (07/05/2017 04:43:45 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: RNALLAMILLI)
Description: Activation of app Microsoft.BingWeather_8wekyb3d8bbwe!App failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (07/05/2017 04:03:49 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: RNALLAMILLI)
Description: Activation of app Microsoft.BingWeather_8wekyb3d8bbwe!App failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (07/05/2017 03:37:46 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: RNALLAMILLI)
Description: Activation of app Microsoft.BingWeather_8wekyb3d8bbwe!App failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (07/05/2017 03:05:25 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: RNALLAMILLI)
Description: Activation of app Microsoft.BingWeather_8wekyb3d8bbwe!App failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (07/05/2017 02:34:50 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: RNALLAMILLI)
Description: Activation of app Microsoft.BingWeather_8wekyb3d8bbwe!App failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (07/05/2017 02:04:28 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: RNALLAMILLI)
Description: Activation of app Microsoft.BingWeather_8wekyb3d8bbwe!App failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (07/05/2017 01:37:52 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: RNALLAMILLI)
Description: Activation of app Microsoft.BingWeather_8wekyb3d8bbwe!App failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (07/05/2017 01:07:52 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: RNALLAMILLI)
Description: Activation of app Microsoft.BingWeather_8wekyb3d8bbwe!App failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
 
System errors:
=============
Error: (07/05/2017 04:46:40 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (07/05/2017 03:22:12 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (07/05/2017 01:55:20 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (07/05/2017 12:57:28 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (07/05/2017 11:51:51 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (07/05/2017 09:23:26 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (07/05/2017 07:00:23 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (07/05/2017 06:02:57 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (07/05/2017 04:38:50 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (07/05/2017 12:29:16 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The USER_ESRV_SVC_QUEENCREEK service failed to start due to the following error: 
The system cannot find the file specified.
 
 
CodeIntegrity:
===================================
  Date: 2017-07-05 16:18:30.119
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-07-05 16:18:30.115
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-07-05 00:21:41.010
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-07-05 00:21:40.976
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i7-5500U CPU @ 2.40GHz
Percentage of memory in use: 52%
Total physical RAM: 6066.27 MB
Available physical RAM: 2857.52 MB
Total Virtual: 7026.27 MB
Available Virtual: 3380.42 MB
 
==================== Drives ================================
 
Drive c: (Windows) (Fixed) (Total:171.02 GB) (Free:100.68 GB) NTFS
Drive d: (RECOVERY) (Fixed) (Total:25.75 GB) (Free:2.88 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive f: (New Volume) (Fixed) (Total:500 GB) (Free:452.46 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 698.6 GB) (Disk ID: A5D1162D)
 
Partition: GPT.
 
==================== End of Addition.txt ============================


#8 Jo*

Jo*

  • Malware Response Team
  • 3,427 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:08:26 PM

Posted 05 July 2017 - 08:03 AM

Hello,

:step1: Run Malwarebytes Anti-Rootkit again: Double click mbar.exe to run the tool.
Vista / Windows 7/8/10 users right-click and select Run As Administrator.
  • Scan your system for malware
  • If malware is found, click on the Cleanup button to remove any threats and reboot if prompted to do so.
  • Wait while the system shuts down and the cleanup process is performed.
  • then please go to the MBAR folder and then copy/paste the contents of the MBAR-log-***.txt file to your next reply.
  • If there is no malware found, please let me know as well.

***


:step2: Double click on AdwCleaner.exe to run the tool again.
Vista / Windows 7/8/10 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[C#].txt) will open automatically (where the largest value of # represents the most recent report).
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.

***


:step3: Please download Junkware Removal Tool from HERE and save it to your desktop.
Shutdown your antivirus to avoid any potential conflicts.
Double click JRT.exe to run the tool.
Vista / Windows 7/8/10 users right-click and select Run As Administrator.
  • JRT will begin to backup your registry and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, the log JRT.txt is saved on your desktop and will automatically open.
Enable your antivirus!
Post the contents of JRT.txt into your next reply.


***


:step4: How the computer is running now?


***


:step5: FRST / FSRT64: run it again.
  • Right-click FRST / FSRT64 then click "Run as administrator" (XP users: click run after receipt of Windows Security Warning - Open File).
  • When the tool opens, click Yes to disclaimer.
  • Put a check into the boxes next to Addition.txt and Shortcut.txt. Then press the Scan button.
  • When finished, it will produce logs called FRST.txt, Shortcut.txt and Addition.txt in the same directory the tool was run from.
  • Please copy and paste both logs in your next reply.
-----------------------------------------------------------

Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#9 rnallamilli

rnallamilli
  • Topic Starter

  • Members
  • 377 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:56 PM

Posted 06 July 2017 - 02:43 AM

MBAR Screen Shot attached. No Malware Found



#10 rnallamilli

rnallamilli
  • Topic Starter

  • Members
  • 377 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:56 PM

Posted 06 July 2017 - 03:43 AM

AdwCleaner Log File:

 

# AdwCleaner v6.047 - Logfile created 06/07/2017 at 13:57:43
# Updated on 19/05/2017 by Malwarebytes
# Database : 2017-07-06.1 [Server]
# Operating System : Windows 10 Home  (X64)
# Username : Nallamilli Raman - RNALLAMILLI
# Running from : C:\Users\Nallamilli Raman\Desktop\AdwCleaner.exe
# Mode: Clean
 
 
 
***** [ Services ] *****
 
 
 
***** [ Folders ] *****
 
[-] Folder deleted: C:\Users\Nallamilli Raman\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbjikboenpfhbbejgkoklgkhjpfogcam
[-] Folder deleted: C:\Users\Nallamilli Raman\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pbjikboenpfhbbejgkoklgkhjpfogcam
[-] Folder deleted: C:\Users\Nallamilli Raman\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfkpefbllpconnkfpdgagkifmflckkdp
 
 
***** [ Files ] *****
 
[-] File deleted: C:\TOSTACK
[-] File deleted: C:\Users\Nallamilli Raman\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_pbjikboenpfhbbejgkoklgkhjpfogcam_0.localstorage
[-] File deleted: C:\Users\Nallamilli Raman\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_pbjikboenpfhbbejgkoklgkhjpfogcam_0.localstorage-journal
[-] File deleted: C:\Users\Nallamilli Raman\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_cfkpefbllpconnkfpdgagkifmflckkdp_0.localstorage
[-] File deleted: C:\Users\Nallamilli Raman\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_cfkpefbllpconnkfpdgagkifmflckkdp_0.localstorage-journal
 
 
***** [ DLL ] *****
 
 
 
***** [ WMI ] *****
 
 
 
***** [ Shortcuts ] *****
 
 
 
***** [ Scheduled Tasks ] *****
 
 
 
***** [ Registry ] *****
 
[-] Key deleted: HKLM\SOFTWARE\Google\Chrome\Extensions\iinglghmhcgdgjjlafobajghjamdchik
 
 
***** [ Web browsers ] *****
 
[-] [C:\Users\Nallamilli Raman\AppData\Local\Google\Chrome\User Data\Default] [extension] Deleted: cfkpefbllpconnkfpdgagkifmflckkdp
[-] [C:\Users\Nallamilli Raman\AppData\Local\Google\Chrome\User Data\Default] [extension] Deleted: iinglghmhcgdgjjlafobajghjamdchik
[-] [C:\Users\Nallamilli Raman\AppData\Local\Google\Chrome\User Data\Default] [extension] Deleted: pbjikboenpfhbbejgkoklgkhjpfogcam
 
 
*************************
 
:: "Tracing" keys deleted
:: Winsock settings cleared
 
*************************
 
C:\AdwCleaner\AdwCleaner[C0].txt - [1373 Bytes] - [15/12/2016 15:57:26]
C:\AdwCleaner\AdwCleaner[C2].txt - [2482 Bytes] - [06/07/2017 13:57:43]
C:\AdwCleaner\AdwCleaner[S0].txt - [1395 Bytes] - [15/12/2016 15:48:01]
C:\AdwCleaner\AdwCleaner[S1].txt - [1467 Bytes] - [15/12/2016 15:52:25]
C:\AdwCleaner\AdwCleaner[S2].txt - [3111 Bytes] - [05/07/2017 17:34:37]
C:\AdwCleaner\AdwCleaner[S3].txt - [3184 Bytes] - [06/07/2017 13:57:01]
 
########## EOF - C:\AdwCleaner\AdwCleaner[C2].txt - [2847 Bytes] ##########


#11 rnallamilli

rnallamilli
  • Topic Starter

  • Members
  • 377 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:56 PM

Posted 06 July 2017 - 03:50 AM

JRT Text:

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.3 (04.10.2017)
Operating System: Windows 10 Home x64 
Ran by Nallamilli Raman (Administrator) on Thu 07/06/2017 at 14:15:13.69
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
File System: 2 
 
Successfully deleted: C:\Users\Nallamilli Raman\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbjikboenpfhbbejgkoklgkhjpfogcam (Folder) 
Successfully deleted: C:\Users\Nallamilli Raman\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pbjikboenpfhbbejgkoklgkhjpfogcam (Folder) 
 
 
 
Registry: 1 
 
Successfully deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\GoogleChromeAutoLaunch_F2A35E3CEF1D0C84455300057F865D99 (Registry Value) 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 07/06/2017 at 14:18:22.05
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


#12 rnallamilli

rnallamilli
  • Topic Starter

  • Members
  • 377 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:56 PM

Posted 06 July 2017 - 03:57 AM

I ran JRT for the second time as i was seeing an extension to chrome which i did not add. log file:

After running this for the second time.. i still see this extension in Chrome. I am seeing all togather different tab page of Chrome which i did not see earlier. 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.3 (04.10.2017)
Operating System: Windows 10 Home x64 
Ran by Nallamilli Raman (Administrator) on Thu 07/06/2017 at 14:22:17.01
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
File System: 1 
 
Successfully deleted: C:\Users\Nallamilli Raman\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbjikboenpfhbbejgkoklgkhjpfogcam (Folder) 
 
 
 
Registry: 1 
 
Successfully deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\GoogleChromeAutoLaunch_F2A35E3CEF1D0C84455300057F865D99 (Registry Value) 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 07/06/2017 at 14:24:18.78
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


#13 rnallamilli

rnallamilli
  • Topic Starter

  • Members
  • 377 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:56 PM

Posted 06 July 2017 - 04:01 AM

Looks like there is problem with my Chrome.. Should i uninstall and reinstall the chrome??

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.3 (04.10.2017)
Operating System: Windows 10 Home x64 
Ran by Nallamilli Raman (Administrator) on Thu 07/06/2017 at 14:28:18.15
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
File System: 0 
 
 
 
 
Registry: 1 
 
Successfully deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\GoogleChromeAutoLaunch_F2A35E3CEF1D0C84455300057F865D99 (Registry Value) 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 07/06/2017 at 14:30:03.11
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


#14 rnallamilli

rnallamilli
  • Topic Starter

  • Members
  • 377 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:56 PM

Posted 06 July 2017 - 04:05 AM

Attached screen shot of Chrome.. This is not the correct one.



#15 rnallamilli

rnallamilli
  • Topic Starter

  • Members
  • 377 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:56 PM

Posted 06 July 2017 - 04:13 AM

FRST Text:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 05-07-2017
Ran by Nallamilli Raman (administrator) on RNALLAMILLI (06-07-2017 14:40:26)
Running from C:\Users\Nallamilli Raman\Desktop
Loaded Profiles: Nallamilli Raman (Available Profiles: Nallamilli Raman)
Platform: Windows 10 Home Version 1703 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Fortinet Inc.) F:\Al Qudra\FortiClient\scheduler.exe
(Fortinet Inc.) F:\Al Qudra\FortiClient\FCDBLog.exe
(Fortinet Inc.) F:\Al Qudra\FortiClient\FortiESNAC.exe
(Fortinet Inc.) F:\Al Qudra\FortiClient\FortiSSLVPNdaemon.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\avp.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Fortinet Inc.) F:\Al Qudra\FortiClient\FCHelper64.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\avpui.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.18.614.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Fortinet Inc.) F:\Al Qudra\FortiClient\FortiTray.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [629152 2017-03-19] (Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8497368 2016-03-10] (Realtek Semiconductor)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176440 2016-09-09] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254696 2011-06-09] (Sun Microsystems, Inc.)
HKU\S-1-5-21-2818809977-977177620-758274071-1001\...\Run: [GoogleChromeAutoLaunch_F2A35E3CEF1D0C84455300057F865D99] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [1197912 2017-06-23] (Google Inc.)
HKU\S-1-5-21-2818809977-977177620-758274071-1001\...\MountPoints2: {cc4dd60c-9ff1-11e6-82f9-d0bf9c972658} - "H:\Lenovo_Suite.exe" 
HKU\S-1-5-21-2818809977-977177620-758274071-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Bubbles.scr [804352 2017-03-19] (Microsoft Corporation)
GroupPolicy: Restriction - Chrome <==== ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: 192.168.2.11  fusapps.appsguruconsulting.com   fusapps
Tcpip\Parameters: [DhcpNameServer] 123.176.37.37 123.176.37.38 4.2.2.2
Tcpip\..\Interfaces\{d0cf6cfa-4bc3-455f-8050-c9a8030e4673}: [DhcpNameServer] 123.176.37.37 123.176.37.38 4.2.2.2
Tcpip\..\Interfaces\{f66da426-c55c-4b70-9e92-1c005947f030}: [DhcpNameServer] 123.176.37.37 123.176.37.38 4.2.2.2
 
Internet Explorer:
==================
HKU\S-1-5-21-2818809977-977177620-758274071-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/p/?LinkId=620947&OCID=AVRES000&pc=UE00
BHO: Kaspersky Protection -> {2E38825B-8815-42CF-9126-C58BC28D4591} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\x64\IEExt\ie_plugin.dll [2017-04-30] (AO Kaspersky Lab)
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2017-07-06] (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2017-05-15] (Oracle Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2017-07-06] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2017-05-15] (Oracle Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2016-07-21] (HP Inc.)
BHO-x32: Kaspersky Protection -> {2E38825B-8815-42CF-9126-C58BC28D4591} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\IEExt\ie_plugin.dll [2017-04-30] (AO Kaspersky Lab)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2017-06-21] (Microsoft Corporation)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL [2017-07-06] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2017-05-08] (Sun Microsystems, Inc.)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2016-07-21] (HP Inc.)
Toolbar: HKLM - Kaspersky Protection Toolbar - {093F479D-712E-46CD-9E06-62E734A05F68} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\x64\IEExt\ie_plugin.dll [2017-04-30] (AO Kaspersky Lab)
Toolbar: HKLM-x32 - Kaspersky Protection Toolbar - {093F479D-712E-46CD-9E06-62E734A05F68} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\IEExt\ie_plugin.dll [2017-04-30] (AO Kaspersky Lab)
Toolbar: HKU\S-1-5-21-2818809977-977177620-758274071-1001 -> Kaspersky Protection Toolbar - {093F479D-712E-46CD-9E06-62E734A05F68} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\x64\IEExt\ie_plugin.dll [2017-04-30] (AO Kaspersky Lab)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-07-06] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-07-06] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-07-06] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-07-06] (Microsoft Corporation)
 
FireFox:
========
FF ProfilePath: C:\Users\Nallamilli Raman\AppData\Roaming\Mozilla\Firefox\Profiles\nkjg35i9.default [2017-07-05]
FF Extension: (SaveFrom.net helper) - C:\Users\Nallamilli Raman\AppData\Roaming\Mozilla\Firefox\Profiles\nkjg35i9.default\Extensions\helper-sig@savefrom.net.xpi [2017-06-06]
FF Extension: (Java Console) - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} [2017-05-08] [not signed]
FF HKLM\...\Firefox\Extensions: [light_plugin_F6F079488B53499DB99380A7E11A93F6@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\FFExt\light_plugin_firefox\addon.xpi
FF Extension: (Kaspersky Protection) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\FFExt\light_plugin_firefox\addon.xpi [2017-04-30]
FF HKLM-x32\...\Firefox\Extensions: [light_plugin_F6F079488B53499DB99380A7E11A93F6@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\FFExt\light_plugin_firefox\addon.xpi
FF Plugin: @java.com/DTPlugin,version=10.17.2 -> C:\WINDOWS\system32\npDeployJava1.dll [2017-05-15] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.17.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2017-05-15] (Oracle Corporation)
FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @FortinetCacheClean -> F:\Al Qudra\FortiClient\npccplugin.dll [2017-03-08] (Fortinet Inc.)
FF Plugin-x32: @FortinetCacheCleanEx -> F:\Al Qudra\FortiClient\npccpluginex.dll [2017-03-08] (Fortinet Inc.)
FF Plugin-x32: @FortinetTunnelControl -> F:\Al Qudra\FortiClient\nptcplugin.dll [2017-03-08] (Fortinet Inc.)
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll [2017-05-08] (Sun Microsystems, Inc.)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2017-05-26] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-05-26] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
 
Chrome: 
=======
CHR Profile: C:\Users\Nallamilli Raman\AppData\Local\Google\Chrome\User Data\Default [2017-07-06]
CHR Extension: (Google Slides) - C:\Users\Nallamilli Raman\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-02-25]
CHR Extension: (Google Docs) - C:\Users\Nallamilli Raman\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-02-25]
CHR Extension: (Google Drive) - C:\Users\Nallamilli Raman\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-02-25]
CHR Extension: (YouTube) - C:\Users\Nallamilli Raman\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-02-25]
CHR Extension: (ClipCopy for Tampermonkey) - C:\Users\Nallamilli Raman\AppData\Local\Google\Chrome\User Data\Default\Extensions\cehieljejfgbjhogonapjjndllliopfg [2017-02-25]
CHR Extension: (Сookies Control) - C:\Users\Nallamilli Raman\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfkpefbllpconnkfpdgagkifmflckkdp [2017-07-06]
CHR Extension: (Tampermonkey) - C:\Users\Nallamilli Raman\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2017-06-21]
CHR Extension: (Oracle EBS R12&11i Enablement for Chrome) - C:\Users\Nallamilli Raman\AppData\Local\Google\Chrome\User Data\Default\Extensions\ekkagabmggbmpmncofhgkfigmeldifnc [2017-05-15]
CHR Extension: (Google Sheets) - C:\Users\Nallamilli Raman\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-02-25]
CHR Extension: (Kaspersky Protection) - C:\Users\Nallamilli Raman\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhoibnponjcgjgcnfacekaijdbbplhib [2017-03-03]
CHR Extension: (GoToMeeting Pro Screensharing) - C:\Users\Nallamilli Raman\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcgikpombjkodabhbdalkcdhmllafipp [2017-02-25]
CHR Extension: (Google Docs Offline) - C:\Users\Nallamilli Raman\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-02-25]
CHR Extension: (ESPNCricinfo) - C:\Users\Nallamilli Raman\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijhlikjoigjegofbedmfmlcfkmhabldh [2017-02-25]
CHR Extension: (HP Network Check Launcher) - C:\Users\Nallamilli Raman\AppData\Local\Google\Chrome\User Data\Default\Extensions\jkfpchpiljkaemlpmpebnglgkomamfeo [2017-03-02]
CHR Extension: (Cisco WebEx Extension) - C:\Users\Nallamilli Raman\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlhmfgmfgeifomenelglieieghnjghma [2017-04-19]
CHR Extension: (ThinForms - for Oracle Forms, EBS, Discoverer) - C:\Users\Nallamilli Raman\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmjefghbgfcpoobigfbalocpncklkjhk [2017-05-15]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Nallamilli Raman\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-09]
CHR Extension: (Gmail) - C:\Users\Nallamilli Raman\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-02-25]
CHR Extension: (Chrome Media Router) - C:\Users\Nallamilli Raman\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-06-29]
CHR HKLM\...\Chrome\Extension: [fhoibnponjcgjgcnfacekaijdbbplhib] - hxxps://chrome.google.com/webstore/detail/fhoibnponjcgjgcnfacekaijdbbplhib
CHR HKLM-x32\...\Chrome\Extension: [fhoibnponjcgjgcnfacekaijdbbplhib] - hxxps://chrome.google.com/webstore/detail/fhoibnponjcgjgcnfacekaijdbbplhib
CHR HKLM-x32\...\Chrome\Extension: [jkfpchpiljkaemlpmpebnglgkomamfeo] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-08-05] (Apple Inc.)
R2 AVP17.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\avp.exe [241544 2016-06-28] (AO Kaspersky Lab)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [4411592 2017-06-23] (Microsoft Corporation)
R2 FA_Scheduler; F:\Al Qudra\FortiClient\scheduler.exe [119826 2017-03-08] (Fortinet Inc.) [File not signed]
S4 hpqcaslwmiex; C:\Program Files (x86)\HP\Shared\hpqwmiex.exe [1031704 2016-06-03] (HP)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [321056 2017-06-01] (HP Inc.)
S4 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [359848 2015-09-09] (Intel Corporation)
S4 klvssbrigde64; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\x64\vssbridge64.exe [77328 2016-06-28] (AO Kaspersky Lab)
S4 KSDE1.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 1.0\ksde.exe [241544 2016-06-28] (AO Kaspersky Lab)
S4 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [294616 2016-03-10] (Realtek Semiconductor)
S4 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [269400 2016-10-05] (Synaptics Incorporated)
S4 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [10883824 2017-03-17] (TeamViewer GmbH)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [342264 2017-03-19] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [102816 2017-06-20] (Microsoft Corporation)
S2 ESRV_SVC_QUEENCREEK; "C:\Program Files\Intel\SUR\QUEENCREEK\esrv_svc.exe" "--AUTO_START" "--start" "--start_options_registry_key" "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\ESRV_SVC_QUEENCREEK\_start" [X]
S2 SystemUsageReportSvc_QUEENCREEK; "C:\Program Files\Intel Driver Update Utility\SUR\SurSvc.exe" [X]
S2 USER_ESRV_SVC_QUEENCREEK; "C:\Program Files\Intel\SUR\QUEENCREEK\esrv_svc.exe" "--run_as_user_process"  [X]
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R0 cm_km; C:\WINDOWS\System32\DRIVERS\cm_km.sys [238936 2016-06-10] (AO Kaspersky Lab)
S3 FlashUSB; C:\WINDOWS\System32\drivers\FlashUSB.sys [19968 2013-06-21] (Intel Mobile Communications)
S3 fortiapd; C:\WINDOWS\System32\drivers\fortiapd.sys [18000 2017-03-08] (Fortinet Inc)
R1 FortiFilter; C:\WINDOWS\system32\DRIVERS\FortiFilter.sys [45792 2015-08-26] (Fortinet Inc)
S1 FortiFW; C:\WINDOWS\System32\drivers\FortiFW2.sys [37456 2017-03-08] (Fortinet Inc)
S3 Fortips; C:\WINDOWS\System32\drivers\fortips.sys [147536 2017-03-08] (Fortinet Inc)
S3 fortisniff; C:\WINDOWS\System32\drivers\fortisniff2.sys [85072 2017-03-08] (Fortinet Inc)
R3 ft_vnic; C:\WINDOWS\System32\drivers\ftvnic.sys [71928 2015-08-26] (Fortinet Inc)
R0 kl1; C:\WINDOWS\System32\DRIVERS\kl1.sys [554416 2016-06-02] (AO Kaspersky Lab)
R0 klbackupdisk; C:\WINDOWS\System32\DRIVERS\klbackupdisk.sys [63920 2016-06-07] (AO Kaspersky Lab)
R1 klbackupflt; C:\WINDOWS\System32\DRIVERS\klbackupflt.sys [86352 2016-06-15] (AO Kaspersky Lab)
R2 kldisk; C:\WINDOWS\system32\DRIVERS\kldisk.sys [78216 2016-05-31] (AO Kaspersky Lab)
S0 klelam; C:\WINDOWS\System32\DRIVERS\klelam.sys [28792 2016-03-31] (AO Kaspersky Lab)
R3 klflt; C:\WINDOWS\system32\DRIVERS\klflt.sys [197336 2017-04-30] (AO Kaspersky Lab)
R1 klhk; C:\WINDOWS\System32\drivers\klhk.sys [421200 2016-06-20] (AO Kaspersky Lab)
R1 KLIF; C:\WINDOWS\System32\DRIVERS\klif.sys [1018592 2017-04-30] (AO Kaspersky Lab)
R1 KLIM6; C:\WINDOWS\system32\DRIVERS\klim6.sys [57424 2017-05-02] (AO Kaspersky Lab)
R3 klkbdflt; C:\WINDOWS\system32\DRIVERS\klkbdflt.sys [52136 2016-05-19] (AO Kaspersky Lab)
R3 klmouflt; C:\WINDOWS\system32\DRIVERS\klmouflt.sys [41656 2015-06-07] (Kaspersky Lab ZAO)
R1 klpd; C:\WINDOWS\System32\DRIVERS\klpd.sys [45488 2016-05-31] (AO Kaspersky Lab)
R3 kltap; C:\WINDOWS\System32\drivers\kltap.sys [52152 2016-06-07] (The OpenVPN Project)
R0 klupd_klif_arkmon; C:\WINDOWS\System32\Drivers\klupd_klif_arkmon.sys [229288 2017-06-24] (AO Kaspersky Lab)
R3 klupd_klif_kimul; C:\WINDOWS\System32\Drivers\klupd_klif_kimul.sys [87584 2017-07-06] (AO Kaspersky Lab)
R3 klupd_klif_klark; C:\WINDOWS\System32\Drivers\klupd_klif_klark.sys [251656 2017-06-06] (AO Kaspersky Lab)
R0 klupd_klif_klbg; C:\WINDOWS\System32\Drivers\klupd_klif_klbg.sys [112912 2017-06-24] (AO Kaspersky Lab)
R3 klupd_klif_mark; C:\WINDOWS\System32\Drivers\klupd_klif_mark.sys [173144 2017-05-24] (AO Kaspersky Lab)
S4 klwfp; C:\WINDOWS\system32\DRIVERS\klwfp.sys [85320 2016-06-18] (AO Kaspersky Lab)
R1 Klwtp; C:\WINDOWS\system32\DRIVERS\klwtp.sys [136416 2017-04-30] (AO Kaspersky Lab)
R1 kneps; C:\WINDOWS\system32\DRIVERS\kneps.sys [199392 2017-04-30] (AO Kaspersky Lab)
S3 leusbser; C:\WINDOWS\System32\drivers\leusbser.sys [238080 2013-08-01] (QUALCOMM Incorporated)
R3 pppop; C:\WINDOWS\System32\drivers\pppop64.sys [54344 2016-03-29] (Fortinet Inc.)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [886528 2016-03-10] (Realtek                                            )
R3 RTWlanE; C:\WINDOWS\System32\drivers\rtwlane.sys [6804480 2017-05-03] (Realtek Semiconductor Corporation                           )
S3 SDFRd; C:\WINDOWS\System32\drivers\SDFRd.sys [31128 2017-03-19] ()
S3 semav6msr64; C:\WINDOWS\system32\drivers\semav6msr64.sys [21984 2016-10-18] ()
S3 shspusb; C:\WINDOWS\System32\drivers\HSPUSB.sys [24064 2013-06-21] (MobileTop)
S3 SmbDrv; C:\WINDOWS\System32\drivers\Smb_driver_AMDASF.sys [76376 2016-10-05] (Synaptics Incorporated)
R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [79960 2016-10-05] (Synaptics Incorporated)
S3 sscdserd; C:\WINDOWS\System32\drivers\sscdserd.sys [158024 2013-06-21] (MCCI Corporation)
S3 ssceserd; C:\WINDOWS\System32\drivers\ssceserd.sys [158024 2013-06-21] (MCCI Corporation)
S3 ssdudfu; C:\WINDOWS\System32\drivers\ssdudfu.sys [101960 2013-06-21] (MCCI)
S3 ssm_bus; C:\WINDOWS\System32\drivers\ssm_bus.sys [136192 2013-06-21] (MCCI Corporation)
S3 ssm_mdm; C:\WINDOWS\System32\drivers\ssm_mdm.sys [172032 2013-06-21] (MCCI Corporation)
S3 ssuddmgr; C:\WINDOWS\System32\drivers\ssuddmgr.sys [203672 2013-06-21] (DEVGURU Co., LTD.(www.devguru.co.kr))
S3 ssudobex; C:\WINDOWS\System32\drivers\ssudobex.sys [203672 2013-06-21] (DEVGURU Co., LTD.(www.devguru.co.kr))
S3 ssudrmnet; C:\WINDOWS\System32\drivers\ssudrmnet.sys [67864 2013-06-21] (DEVGURU Co., LTD.)
S3 ssudserd; C:\WINDOWS\System32\drivers\ssudserd.sys [203672 2013-06-21] (DEVGURU Co., LTD.(www.devguru.co.kr))
S3 ss_bserd; C:\WINDOWS\System32\drivers\ss_bserd.sys [128000 2013-06-21] (MCCI Corporation)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44632 2017-03-19] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [294816 2017-03-19] (Microsoft Corporation)
S3 wdm_usb; C:\WINDOWS\system32\DRIVERS\usb2ser.sys [151184 2016-07-15] (MBB)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [121248 2017-03-19] (Microsoft Corporation)
R3 WirelessButtonDriver; C:\WINDOWS\System32\drivers\WirelessButtonDriver64.sys [20800 2013-07-23] (Hewlett-Packard Development Company, L.P.)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-07-06 14:39 - 2017-07-06 14:40 - 00022697 _____ C:\Users\Nallamilli Raman\Desktop\FRST.txt
2017-07-06 14:39 - 2017-07-06 14:39 - 00034762 _____ C:\Users\Nallamilli Raman\Desktop\Ad1dition.txt
2017-07-06 14:39 - 2017-07-06 14:39 - 00000100 _____ C:\Users\Nallamilli Raman\Desktop\FR1ST.txt
2017-07-06 14:37 - 2017-07-06 14:38 - 00034764 _____ C:\Users\Nallamilli Raman\Desktop\1Addition.txt
2017-07-06 14:36 - 2017-07-06 14:39 - 00076641 _____ C:\Users\Nallamilli Raman\Desktop\F1RST.txt
2017-07-06 14:36 - 2017-07-06 14:36 - 00000000 ____D C:\Users\Nallamilli Raman\Desktop\FRST-OlderVersion
2017-07-06 14:18 - 2017-07-06 14:30 - 00000715 _____ C:\Users\Nallamilli Raman\Desktop\JRT.txt
2017-07-06 14:14 - 2017-07-06 14:14 - 01663672 _____ (Malwarebytes) C:\Users\Nallamilli Raman\Desktop\JRT.exe
2017-07-06 11:48 - 2017-07-06 11:48 - 00087584 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klupd_klif_kimul.sys
2017-07-05 17:48 - 2017-07-05 17:49 - 00039885 _____ C:\Users\Nallamilli Raman\Desktop\A1ddition.txt
2017-07-05 17:47 - 2017-07-05 17:49 - 00077419 _____ C:\Users\Nallamilli Raman\Desktop\1FRST.txt
2017-07-05 17:46 - 2017-07-06 14:36 - 02436608 _____ (Farbar) C:\Users\Nallamilli Raman\Desktop\FRST64.exe
2017-07-05 17:30 - 2017-07-05 17:31 - 04110280 _____ C:\Users\Nallamilli Raman\Desktop\AdwCleaner.exe
2017-07-05 16:51 - 2017-07-06 13:55 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2017-07-05 16:51 - 2017-07-06 12:17 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-07-05 16:51 - 2017-07-05 16:51 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-07-05 16:50 - 2017-07-06 13:55 - 00000000 ____D C:\Users\Nallamilli Raman\Desktop\mbar
2017-07-05 16:50 - 2017-07-06 12:17 - 00109272 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2017-07-05 16:48 - 2017-07-05 16:48 - 16563352 _____ (Malwarebytes Corp.) C:\Users\Nallamilli Raman\Desktop\mbar-1.09.3.1001.exe
2017-07-05 16:18 - 2017-07-05 16:18 - 00000885 _____ C:\Users\Nallamilli Raman\Desktop\SALog.txt
2017-07-05 16:15 - 2017-07-05 16:15 - 00899584 _____ C:\Users\Nallamilli Raman\Desktop\RGSA.exe
2017-07-05 14:00 - 2017-07-05 14:00 - 00000026 _____ C:\Users\Nallamilli Raman\Desktop\Traces.txt
2017-07-05 10:01 - 2017-07-05 10:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EaseUS MobiSaver
2017-07-05 10:01 - 2017-07-05 10:01 - 00000000 ____D C:\Program Files (x86)\EaseUS
2017-07-05 00:45 - 2017-07-06 14:16 - 00003392 _____ C:\WINDOWS\System32\Tasks\Kaspersky_Upgrade_Launcher_{278ADC42-419D-4547-A6CA-5B74BE0AD901}
2017-07-05 00:21 - 2017-07-05 00:21 - 00000258 __RSH C:\ProgramData\ntuser.pol
2017-07-05 00:08 - 2017-07-05 00:08 - 00000000 ____D C:\Users\Nallamilli Raman\AppData\Local\Apple Computer
2017-07-05 00:08 - 2017-07-05 00:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2017-07-05 00:07 - 2017-07-05 00:08 - 00000000 ____D C:\Program Files\iTunes
2017-07-05 00:07 - 2017-07-05 00:07 - 00000000 ____D C:\ProgramData\Apple Computer
2017-07-05 00:07 - 2017-07-05 00:07 - 00000000 ____D C:\Program Files\iPod
2017-07-05 00:06 - 2017-07-05 00:06 - 00002535 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2017-07-05 00:06 - 2017-07-05 00:06 - 00000000 ____D C:\WINDOWS\System32\Tasks\Apple
2017-07-05 00:06 - 2017-07-05 00:06 - 00000000 ____D C:\Users\Nallamilli Raman\AppData\Local\Apple
2017-07-05 00:06 - 2017-07-05 00:06 - 00000000 ____D C:\Program Files\Bonjour
2017-07-05 00:06 - 2017-07-05 00:06 - 00000000 ____D C:\Program Files (x86)\Bonjour
2017-07-05 00:06 - 2017-07-05 00:06 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2017-07-05 00:05 - 2017-07-05 00:07 - 00000000 ____D C:\Program Files\Common Files\Apple
2017-07-05 00:05 - 2017-07-05 00:06 - 00000000 ____D C:\ProgramData\Apple
2017-07-04 23:57 - 2017-07-05 00:08 - 00000000 ____D C:\Users\Nallamilli Raman\AppData\Roaming\Apple Computer
2017-07-04 23:57 - 2017-07-04 23:57 - 00001238 _____ C:\Users\Public\Desktop\PhoneRescue.lnk
2017-07-04 23:57 - 2017-07-04 23:57 - 00000000 ____D C:\Users\Nallamilli Raman\AppData\Roaming\iMobie
2017-07-04 23:57 - 2017-07-04 23:57 - 00000000 ____D C:\Users\Nallamilli Raman\AppData\Local\iMobie_Inc
2017-07-04 23:57 - 2017-07-04 23:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iMobie
2017-07-04 23:57 - 2017-07-04 23:57 - 00000000 ____D C:\Program Files (x86)\iMobie
2017-07-03 11:56 - 2017-07-03 13:03 - 00000000 ____D C:\Users\Nallamilli Raman\Desktop\Checklist
2017-06-29 16:14 - 2017-07-06 12:39 - 00010199 _____ C:\Users\Nallamilli Raman\Desktop\July Bills Raman.xlsx
2017-06-28 15:38 - 2017-06-20 11:48 - 01564576 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2017-06-28 15:38 - 2017-06-20 11:48 - 00821664 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.exe
2017-06-28 15:38 - 2017-06-20 11:48 - 00096672 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2017-06-28 15:38 - 2017-06-20 11:47 - 00629152 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2017-06-28 15:38 - 2017-06-20 11:47 - 00544160 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2017-06-28 15:38 - 2017-06-20 11:47 - 00334240 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2017-06-28 15:38 - 2017-06-20 11:47 - 00136096 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2017-06-28 15:38 - 2017-06-20 11:47 - 00034720 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2017-06-28 15:38 - 2017-06-20 11:46 - 01214880 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2017-06-28 15:38 - 2017-06-20 11:46 - 00335776 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcntel.dll
2017-06-28 15:38 - 2017-06-20 11:45 - 01147296 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2017-06-28 15:38 - 2017-06-20 11:45 - 01024928 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2017-06-28 15:38 - 2017-06-20 11:45 - 00965024 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.efi
2017-06-28 15:38 - 2017-06-20 11:45 - 00233376 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2017-06-28 15:38 - 2017-06-20 11:44 - 01065104 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2017-06-28 15:38 - 2017-06-20 11:44 - 00899824 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2017-06-28 15:38 - 2017-06-20 11:41 - 08318880 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-06-28 15:38 - 2017-06-20 11:41 - 02399728 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2017-06-28 15:38 - 2017-06-20 11:41 - 01395152 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2017-06-28 15:38 - 2017-06-20 11:41 - 01186472 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2017-06-28 15:38 - 2017-06-20 11:41 - 00411992 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSAudDecMFT.dll
2017-06-28 15:38 - 2017-06-20 11:40 - 02327456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2017-06-28 15:38 - 2017-06-20 11:40 - 01930320 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2017-06-28 15:38 - 2017-06-20 11:40 - 00119392 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcmnutils.dll
2017-06-28 15:38 - 2017-06-20 11:39 - 02969888 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreUIComponents.dll
2017-06-28 15:38 - 2017-06-20 11:38 - 01242528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2017-06-28 15:38 - 2017-06-20 11:38 - 00923048 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2017-06-28 15:38 - 2017-06-20 11:36 - 01017760 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2017-06-28 15:38 - 2017-06-20 11:36 - 00279968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msiscsi.sys
2017-06-28 15:38 - 2017-06-20 11:35 - 01057832 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
2017-06-28 15:38 - 2017-06-20 11:34 - 04847424 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2017-06-28 15:38 - 2017-06-20 11:34 - 00472728 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanager.dll
2017-06-28 15:38 - 2017-06-20 11:33 - 07325584 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2017-06-28 15:38 - 2017-06-20 11:33 - 05477096 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneCoreUAPCommonProxyStub.dll
2017-06-28 15:38 - 2017-06-20 11:33 - 02444704 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2017-06-28 15:38 - 2017-06-20 11:33 - 00820128 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2017-06-28 15:38 - 2017-06-20 11:33 - 00179608 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHostUser.dll
2017-06-28 15:38 - 2017-06-20 11:33 - 00102312 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredentialUIBroker.exe
2017-06-28 15:38 - 2017-06-20 11:32 - 02645688 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2017-06-28 15:38 - 2017-06-20 11:32 - 01055648 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2017-06-28 15:38 - 2017-06-20 11:32 - 00426912 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHostCommon.dll
2017-06-28 15:38 - 2017-06-20 11:31 - 00872472 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll
2017-06-28 15:38 - 2017-06-20 11:31 - 00553888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2017-06-28 15:38 - 2017-06-20 11:30 - 00558920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.dll
2017-06-28 15:38 - 2017-06-20 11:30 - 00255904 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2017-06-28 15:38 - 2017-06-20 11:30 - 00142752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wcifs.sys
2017-06-28 15:38 - 2017-06-20 11:29 - 07904784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2017-06-28 15:38 - 2017-06-20 11:29 - 06554928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2017-06-28 15:38 - 2017-06-20 11:29 - 01670496 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
2017-06-28 15:38 - 2017-06-20 11:29 - 01220072 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2017-06-28 15:38 - 2017-06-20 11:29 - 01054280 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2017-06-28 15:38 - 2017-06-20 11:29 - 00583304 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2017-06-28 15:38 - 2017-06-20 11:29 - 00467504 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFCaptureEngine.dll
2017-06-28 15:38 - 2017-06-20 11:29 - 00094624 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2017-06-28 15:38 - 2017-06-20 11:28 - 21352184 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-06-28 15:38 - 2017-06-20 11:28 - 01337344 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2017-06-28 15:38 - 2017-06-20 11:28 - 00833160 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditionUpgradeManagerObj.dll
2017-06-28 15:38 - 2017-06-20 11:28 - 00406072 _____ (Microsoft Corporation) C:\WINDOWS\system32\MMDevAPI.dll
2017-06-28 15:38 - 2017-06-20 11:28 - 00371616 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHost.dll
2017-06-28 15:38 - 2017-06-20 11:28 - 00203168 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHostBroker.dll
2017-06-28 15:38 - 2017-06-20 11:27 - 02681760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2017-06-28 15:38 - 2017-06-20 11:27 - 00204192 _____ (Microsoft Corporation) C:\WINDOWS\system32\basecsp.dll
2017-06-28 15:38 - 2017-06-20 11:04 - 00192416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aepic.dll
2017-06-28 15:38 - 2017-06-20 10:58 - 23675904 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-06-28 15:38 - 2017-06-20 10:47 - 03670528 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-06-28 15:38 - 2017-06-20 10:46 - 00970752 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctfuimanager.dll
2017-06-28 15:38 - 2017-06-20 10:46 - 00417280 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleacc.dll
2017-06-28 15:38 - 2017-06-20 10:45 - 01839872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2017-06-28 15:38 - 2017-06-20 10:45 - 01620368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2017-06-28 15:38 - 2017-06-20 10:45 - 00455104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSAudDecMFT.dll
2017-06-28 15:38 - 2017-06-20 10:45 - 00096136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dmcmnutils.dll
2017-06-28 15:38 - 2017-06-20 10:44 - 17364480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2017-06-28 15:38 - 2017-06-20 10:44 - 02199552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
2017-06-28 15:38 - 2017-06-20 10:44 - 01150784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ucrtbase.dll
2017-06-28 15:38 - 2017-06-20 10:44 - 00032768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mskssrv.sys
2017-06-28 15:38 - 2017-06-20 10:43 - 02259760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2017-06-28 15:38 - 2017-06-20 10:43 - 00787712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2017-06-28 15:38 - 2017-06-20 10:43 - 00216064 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Bluetooth.Profiles.Gatt.Interface.dll
2017-06-28 15:38 - 2017-06-20 10:43 - 00081408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanprotdim.dll
2017-06-28 15:38 - 2017-06-20 10:43 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\WFDSConMgr.dll
2017-06-28 15:38 - 2017-06-20 10:43 - 00056832 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinBioDataModelOOBE.exe
2017-06-28 15:38 - 2017-06-20 10:42 - 07931392 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2017-06-28 15:38 - 2017-06-20 10:42 - 00293376 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2017-06-28 15:38 - 2017-06-20 10:42 - 00264192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbvideo.sys
2017-06-28 15:38 - 2017-06-20 10:42 - 00231936 _____ (Microsoft Corporation) C:\WINDOWS\system32\DolbyMATEnc.dll
2017-06-28 15:38 - 2017-06-20 10:42 - 00144384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.System.Profile.RetailInfo.dll
2017-06-28 15:38 - 2017-06-20 10:42 - 00115712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bridge.sys
2017-06-28 15:38 - 2017-06-20 10:42 - 00086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hdaudbus.sys
2017-06-28 15:38 - 2017-06-20 10:41 - 00518144 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2017-06-28 15:38 - 2017-06-20 10:41 - 00200192 _____ (Microsoft Corporation) C:\WINDOWS\system32\ScDeviceEnum.dll
2017-06-28 15:38 - 2017-06-20 10:41 - 00084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2017-06-28 15:38 - 2017-06-20 10:41 - 00064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2017-06-28 15:38 - 2017-06-20 10:40 - 00778240 _____ (Microsoft Corporation) C:\WINDOWS\system32\DolbyHrtfEnc.dll
2017-06-28 15:38 - 2017-06-20 10:40 - 00722432 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2017-06-28 15:38 - 2017-06-20 10:40 - 00315392 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsEnvironment.Desktop.dll
2017-06-28 15:38 - 2017-06-20 10:40 - 00189440 _____ (Microsoft Corporation) C:\WINDOWS\system32\BluetoothApis.dll
2017-06-28 15:38 - 2017-06-20 10:40 - 00188928 _____ (Microsoft Corporation) C:\WINDOWS\system32\wincredui.dll
2017-06-28 15:38 - 2017-06-20 10:40 - 00096256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2017-06-28 15:38 - 2017-06-20 10:39 - 23681536 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-06-28 15:38 - 2017-06-20 10:39 - 00555008 _____ (Microsoft Corporation) C:\WINDOWS\system32\WFDSConMgrSvc.dll
2017-06-28 15:38 - 2017-06-20 10:39 - 00551424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Payments.dll
2017-06-28 15:38 - 2017-06-20 10:39 - 00497152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Shell.BlueLightReduction.dll
2017-06-28 15:38 - 2017-06-20 10:39 - 00427008 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
2017-06-28 15:38 - 2017-06-20 10:39 - 00406032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\policymanager.dll
2017-06-28 15:38 - 2017-06-20 10:39 - 00357888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Narrator.exe
2017-06-28 15:38 - 2017-06-20 10:39 - 00250368 _____ (Microsoft Corporation) C:\WINDOWS\system32\SCardSvr.dll
2017-06-28 15:38 - 2017-06-20 10:39 - 00208384 _____ (Microsoft Corporation) C:\WINDOWS\system32\psmsrv.dll
2017-06-28 15:38 - 2017-06-20 10:39 - 00205312 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipboardServer.dll
2017-06-28 15:38 - 2017-06-20 10:39 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\system32\certprop.dll
2017-06-28 15:38 - 2017-06-20 10:39 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2017-06-28 15:38 - 2017-06-20 10:39 - 00135680 _____ (Microsoft Corporation) C:\WINDOWS\system32\sendmail.dll
2017-06-28 15:38 - 2017-06-20 10:39 - 00062464 _____ (Microsoft Corporation) C:\WINDOWS\system32\dataclen.dll
2017-06-28 15:38 - 2017-06-20 10:38 - 04469840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2017-06-28 15:38 - 2017-06-20 10:38 - 00791040 _____ (Microsoft Corporation) C:\WINDOWS\system32\certca.dll
2017-06-28 15:38 - 2017-06-20 10:38 - 00646656 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockHostingFramework.dll
2017-06-28 15:38 - 2017-06-20 10:38 - 00527360 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2017-06-28 15:38 - 2017-06-20 10:38 - 00386560 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2017-06-28 15:38 - 2017-06-20 10:38 - 00365056 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Notifications.dll
2017-06-28 15:38 - 2017-06-20 10:38 - 00328704 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2017-06-28 15:38 - 2017-06-20 10:38 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinBioDataModel.dll
2017-06-28 15:38 - 2017-06-20 10:38 - 00274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2017-06-28 15:38 - 2017-06-20 10:38 - 00256000 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll
2017-06-28 15:38 - 2017-06-20 10:38 - 00251392 _____ (Microsoft Corporation) C:\WINDOWS\system32\scksp.dll
2017-06-28 15:38 - 2017-06-20 10:37 - 12786688 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2017-06-28 15:38 - 2017-06-20 10:37 - 05820984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2017-06-28 15:38 - 2017-06-20 10:37 - 02475136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll
2017-06-28 15:38 - 2017-06-20 10:37 - 01878016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2017-06-28 15:38 - 2017-06-20 10:37 - 01517536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2017-06-28 15:38 - 2017-06-20 10:37 - 00916992 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe
2017-06-28 15:38 - 2017-06-20 10:37 - 00823296 _____ (Microsoft Corporation) C:\WINDOWS\system32\MbaeApi.dll
2017-06-28 15:38 - 2017-06-20 10:37 - 00757248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdiWiFi.sys
2017-06-28 15:38 - 2017-06-20 10:37 - 00750496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2017-06-28 15:38 - 2017-06-20 10:37 - 00632832 _____ (Microsoft Corporation) C:\WINDOWS\system32\tileobjserver.dll
2017-06-28 15:38 - 2017-06-20 10:37 - 00626176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Bluetooth.dll
2017-06-28 15:38 - 2017-06-20 10:37 - 00621056 _____ (Microsoft Corporation) C:\WINDOWS\system32\SndVolSSO.dll
2017-06-28 15:38 - 2017-06-20 10:37 - 00510976 _____ (Microsoft Corporation) C:\WINDOWS\system32\TDLMigration.dll
2017-06-28 15:38 - 2017-06-20 10:37 - 00422400 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpAXHolder.dll
2017-06-28 15:38 - 2017-06-20 10:37 - 00411136 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2017-06-28 15:38 - 2017-06-20 10:37 - 00346016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudExperienceHostCommon.dll
2017-06-28 15:38 - 2017-06-20 10:37 - 00138656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudExperienceHostUser.dll
2017-06-28 15:38 - 2017-06-20 10:37 - 00129192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2017-06-28 15:38 - 2017-06-20 10:36 - 02165752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2017-06-28 15:38 - 2017-06-20 10:36 - 00942592 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbiosrvc.dll
2017-06-28 15:38 - 2017-06-20 10:36 - 00925696 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2017-06-28 15:38 - 2017-06-20 10:36 - 00847872 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2017-06-28 15:38 - 2017-06-20 10:36 - 00754592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2017-06-28 15:38 - 2017-06-20 10:36 - 00751104 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2017-06-28 15:38 - 2017-06-20 10:36 - 00455680 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2017-06-28 15:38 - 2017-06-20 10:36 - 00411648 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActivationManager.dll
2017-06-28 15:38 - 2017-06-20 10:36 - 00335872 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudDomainJoinDataModelServer.dll
2017-06-28 15:38 - 2017-06-20 10:36 - 00299520 _____ (Microsoft Corporation) C:\WINDOWS\system32\AboveLockAppHost.dll
2017-06-28 15:38 - 2017-06-20 10:36 - 00278944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\thumbcache.dll
2017-06-28 15:38 - 2017-06-20 10:36 - 00253440 _____ (Microsoft Corporation) C:\WINDOWS\system32\edputil.dll
2017-06-28 15:38 - 2017-06-20 10:36 - 00045056 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBrokerUI.dll
2017-06-28 15:38 - 2017-06-20 10:35 - 04447744 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2017-06-28 15:38 - 2017-06-20 10:35 - 02873344 _____ (Microsoft Corporation) C:\WINDOWS\system32\themeui.dll
2017-06-28 15:38 - 2017-06-20 10:35 - 01468416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2017-06-28 15:38 - 2017-06-20 10:35 - 01260544 _____ (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe
2017-06-28 15:38 - 2017-06-20 10:35 - 00873472 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmans.dll
2017-06-28 15:38 - 2017-06-20 10:35 - 00696320 _____ (Microsoft Corporation) C:\WINDOWS\system32\mmsys.cpl
2017-06-28 15:38 - 2017-06-20 10:35 - 00687616 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2017-06-28 15:38 - 2017-06-20 10:35 - 00585216 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppReadiness.dll
2017-06-28 15:38 - 2017-06-20 10:35 - 00438096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.dll
2017-06-28 15:38 - 2017-06-20 10:35 - 00417792 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgentUserBroker.exe
2017-06-28 15:38 - 2017-06-20 10:35 - 00406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputSwitch.dll
2017-06-28 15:38 - 2017-06-20 10:35 - 00374784 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2017-06-28 15:38 - 2017-06-20 10:35 - 00364032 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe
2017-06-28 15:38 - 2017-06-20 10:35 - 00056832 _____ (Microsoft Corporation) C:\WINDOWS\system32\cldapi.dll
2017-06-28 15:38 - 2017-06-20 10:34 - 08243712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-06-28 15:38 - 2017-06-20 10:34 - 08211968 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2017-06-28 15:38 - 2017-06-20 10:34 - 02330520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2017-06-28 15:38 - 2017-06-20 10:34 - 01818624 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll
2017-06-28 15:38 - 2017-06-20 10:34 - 01425920 _____ (Microsoft Corporation) C:\WINDOWS\system32\certutil.exe
2017-06-28 15:38 - 2017-06-20 10:34 - 01178528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxPackaging.dll
2017-06-28 15:38 - 2017-06-20 10:34 - 01177600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Unistore.dll
2017-06-28 15:38 - 2017-06-20 10:34 - 01077496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webservices.dll
2017-06-28 15:38 - 2017-06-20 10:34 - 00899072 _____ (Microsoft Corporation) C:\WINDOWS\system32\SmartcardCredentialProvider.dll
2017-06-28 15:38 - 2017-06-20 10:34 - 00802816 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2017-06-28 15:38 - 2017-06-20 10:34 - 00400896 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXTaskFactory.dll
2017-06-28 15:38 - 2017-06-20 10:34 - 00181656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
2017-06-28 15:38 - 2017-06-20 10:34 - 00178176 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditionUpgradeHelper.dll
2017-06-28 15:38 - 2017-06-20 10:34 - 00049656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msasn1.dll
2017-06-28 15:38 - 2017-06-20 10:33 - 20372896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2017-06-28 15:38 - 2017-06-20 10:33 - 06763648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2017-06-28 15:38 - 2017-06-20 10:33 - 05806048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2017-06-28 15:38 - 2017-06-20 10:33 - 02077184 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2017-06-28 15:38 - 2017-06-20 10:33 - 01396224 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2017-06-28 15:38 - 2017-06-20 10:33 - 00864240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2017-06-28 15:38 - 2017-06-20 10:33 - 00443728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFCaptureEngine.dll
2017-06-28 15:38 - 2017-06-20 10:32 - 03377664 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2017-06-28 15:38 - 2017-06-20 10:32 - 03204096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Bluetooth.Profiles.Gatt.dll
2017-06-28 15:38 - 2017-06-20 10:32 - 02804736 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2017-06-28 15:38 - 2017-06-20 10:32 - 01886208 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2017-06-28 15:38 - 2017-06-20 10:32 - 01194696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2017-06-28 15:38 - 2017-06-20 10:32 - 01121928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2017-06-28 15:38 - 2017-06-20 10:32 - 00988168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2017-06-28 15:38 - 2017-06-20 10:32 - 00707072 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2017-06-28 15:38 - 2017-06-20 10:32 - 00681984 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2017-06-28 15:38 - 2017-06-20 10:32 - 00354400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MMDevAPI.dll
2017-06-28 15:38 - 2017-06-20 10:32 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudDomainJoinAUG.dll
2017-06-28 15:38 - 2017-06-20 10:31 - 04536320 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2017-06-28 15:38 - 2017-06-20 10:31 - 04396032 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
2017-06-28 15:38 - 2017-06-20 10:31 - 03803136 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsThresholdAdminFlowUI.dll
2017-06-28 15:38 - 2017-06-20 10:31 - 03332096 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2017-06-28 15:38 - 2017-06-20 10:31 - 03307008 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2017-06-28 15:38 - 2017-06-20 10:31 - 03059200 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2017-06-28 15:38 - 2017-06-20 10:31 - 02499584 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
2017-06-28 15:38 - 2017-06-20 10:31 - 01713664 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncProvider.dll
2017-06-28 15:38 - 2017-06-20 10:31 - 01305088 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2017-06-28 15:38 - 2017-06-20 10:31 - 01142272 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2017-06-28 15:38 - 2017-06-20 10:31 - 01076736 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
2017-06-28 15:38 - 2017-06-20 10:31 - 00809984 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasapi32.dll
2017-06-28 15:38 - 2017-06-20 10:31 - 00397312 _____ (Microsoft Corporation) C:\WINDOWS\system32\rascustom.dll
2017-06-28 15:38 - 2017-06-20 10:31 - 00176032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\basecsp.dll
2017-06-28 15:38 - 2017-06-20 10:30 - 05557760 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2017-06-28 15:38 - 2017-06-20 10:30 - 03139584 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll
2017-06-28 15:38 - 2017-06-20 10:30 - 03057664 _____ (Microsoft Corporation) C:\WINDOWS\system32\CertEnroll.dll
2017-06-28 15:38 - 2017-06-20 10:30 - 02649600 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2017-06-28 15:38 - 2017-06-20 10:30 - 02597888 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2017-06-28 15:38 - 2017-06-20 10:30 - 02443776 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-06-28 15:38 - 2017-06-20 10:30 - 02171392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Bluetooth.dll
2017-06-28 15:38 - 2017-06-20 10:30 - 01802752 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2017-06-28 15:38 - 2017-06-20 10:30 - 00986112 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2017-06-28 15:38 - 2017-06-20 10:30 - 00406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2017-06-28 15:38 - 2017-06-20 10:29 - 02938880 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2017-06-28 15:38 - 2017-06-20 10:29 - 01674240 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll
2017-06-28 15:38 - 2017-06-20 10:29 - 01357824 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2017-06-28 15:38 - 2017-06-20 10:29 - 00583160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2017-06-28 15:38 - 2017-06-20 10:28 - 00625152 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2017-06-28 15:38 - 2017-06-20 10:27 - 00290816 _____ (Microsoft Corporation) C:\WINDOWS\system32\omadmclient.exe
2017-06-28 15:38 - 2017-06-20 10:27 - 00138752 _____ (Microsoft Corporation) C:\WINDOWS\system32\DMPushRouterCore.dll
2017-06-28 15:38 - 2017-06-20 10:26 - 00985600 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWorkspace.dll
2017-06-28 15:38 - 2017-06-20 10:26 - 00600064 _____ (Microsoft Corporation) C:\WINDOWS\system32\FrameServer.dll
2017-06-28 15:38 - 2017-06-20 10:26 - 00430080 _____ (Microsoft Corporation) C:\WINDOWS\system32\PlayToDevice.dll
2017-06-28 15:38 - 2017-06-20 10:26 - 00241152 _____ (Microsoft Corporation) C:\WINDOWS\system32\wdmaud.drv
2017-06-28 15:38 - 2017-06-20 10:24 - 00059392 _____ (Microsoft Corporation) C:\WINDOWS\system32\DmApiSetExtImplDesktop.dll
2017-06-28 15:38 - 2017-06-20 10:20 - 02957312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2017-06-28 15:38 - 2017-06-20 10:19 - 13839872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2017-06-28 15:38 - 2017-06-20 10:19 - 00899072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctfuimanager.dll
2017-06-28 15:38 - 2017-06-20 10:19 - 00331776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleacc.dll
2017-06-28 15:38 - 2017-06-20 10:17 - 02199552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll
2017-06-28 15:38 - 2017-06-20 10:16 - 00132096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Microsoft.Bluetooth.Profiles.Gatt.Interface.dll
2017-06-28 15:38 - 2017-06-20 10:15 - 20505088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-06-28 15:38 - 2017-06-20 10:15 - 00111104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.System.Profile.RetailInfo.dll
2017-06-28 15:38 - 2017-06-20 10:15 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2017-06-28 15:38 - 2017-06-20 10:14 - 00362496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2017-06-28 15:38 - 2017-06-20 10:13 - 06728192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2017-06-28 15:38 - 2017-06-20 10:13 - 00329728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2017-06-28 15:38 - 2017-06-20 10:13 - 00173568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ClipboardServer.dll
2017-06-28 15:38 - 2017-06-20 10:13 - 00151552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wincredui.dll
2017-06-28 15:38 - 2017-06-20 10:13 - 00139776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BluetoothApis.dll
2017-06-28 15:38 - 2017-06-20 10:13 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2017-06-28 15:38 - 2017-06-20 10:13 - 00080384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2017-06-28 15:38 - 2017-06-20 10:13 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dataclen.dll
2017-06-28 15:38 - 2017-06-20 10:12 - 19336192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-06-28 15:38 - 2017-06-20 10:12 - 00641024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certca.dll
2017-06-28 15:38 - 2017-06-20 10:12 - 00387584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Payments.dll
2017-06-28 15:38 - 2017-06-20 10:12 - 00338432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2017-06-28 15:38 - 2017-06-20 10:12 - 00266240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2017-06-28 15:38 - 2017-06-20 10:12 - 00226304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scksp.dll
2017-06-28 15:38 - 2017-06-20 10:12 - 00121856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sendmail.dll
2017-06-28 15:38 - 2017-06-20 10:11 - 00734208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcastdvr.exe
2017-06-28 15:38 - 2017-06-20 10:11 - 00646656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MbaeApi.dll
2017-06-28 15:38 - 2017-06-20 10:11 - 00601088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SndVolSSO.dll
2017-06-28 15:38 - 2017-06-20 10:11 - 00433152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Bluetooth.dll
2017-06-28 15:38 - 2017-06-20 10:11 - 00241152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecsExt.dll
2017-06-28 15:38 - 2017-06-20 10:11 - 00201216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\credprovhost.dll
2017-06-28 15:38 - 2017-06-20 10:10 - 00636416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2017-06-28 15:38 - 2017-06-20 10:10 - 00368128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgentUserBroker.exe
2017-06-28 15:38 - 2017-06-20 10:10 - 00356864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActivationManager.dll
2017-06-28 15:38 - 2017-06-20 10:10 - 00342016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2017-06-28 15:38 - 2017-06-20 10:10 - 00247808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AboveLockAppHost.dll
2017-06-28 15:38 - 2017-06-20 10:10 - 00230912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edputil.dll
2017-06-28 15:38 - 2017-06-20 10:10 - 00038400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBrokerUI.dll
2017-06-28 15:38 - 2017-06-20 10:09 - 02814464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\themeui.dll
2017-06-28 15:38 - 2017-06-20 10:09 - 02671616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2017-06-28 15:38 - 2017-06-20 10:09 - 00969728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Unistore.dll
2017-06-28 15:38 - 2017-06-20 10:09 - 00646144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mmsys.cpl
2017-06-28 15:38 - 2017-06-20 10:09 - 00471040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VAN.dll
2017-06-28 15:38 - 2017-06-20 10:09 - 00312320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchProtocolHost.exe
2017-06-28 15:38 - 2017-06-20 10:08 - 01451008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll
2017-06-28 15:38 - 2017-06-20 10:08 - 01285120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbghelp.dll
2017-06-28 15:38 - 2017-06-20 10:08 - 01171968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certutil.exe
2017-06-28 15:38 - 2017-06-20 10:08 - 00663040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2017-06-28 15:38 - 2017-06-20 10:08 - 00648192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SmartcardCredentialProvider.dll
2017-06-28 15:38 - 2017-06-20 10:08 - 00329728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2017-06-28 15:38 - 2017-06-20 10:07 - 11870720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2017-06-28 15:38 - 2017-06-20 10:07 - 02859520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2017-06-28 15:38 - 2017-06-20 10:07 - 02008576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2017-06-28 15:38 - 2017-06-20 10:06 - 07596544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2017-06-28 15:38 - 2017-06-20 10:06 - 06291456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-06-28 15:38 - 2017-06-20 10:06 - 03667456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll
2017-06-28 15:38 - 2017-06-20 10:06 - 01494528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActiveSyncProvider.dll
2017-06-28 15:38 - 2017-06-20 10:06 - 01248768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2017-06-28 15:38 - 2017-06-20 10:06 - 00787456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2017-06-28 15:38 - 2017-06-20 10:05 - 05225984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2017-06-28 15:38 - 2017-06-20 10:05 - 02679296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRH.dll
2017-06-28 15:38 - 2017-06-20 10:05 - 02132480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
2017-06-28 15:38 - 2017-06-20 10:05 - 00050176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cldapi.dll
2017-06-28 15:38 - 2017-06-20 10:04 - 04559360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2017-06-28 15:38 - 2017-06-20 10:04 - 04056576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2017-06-28 15:38 - 2017-06-20 10:04 - 02782720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll
2017-06-28 15:38 - 2017-06-20 10:04 - 02750464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CertEnroll.dll
2017-06-28 15:38 - 2017-06-20 10:04 - 02298368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2017-06-28 15:38 - 2017-06-20 10:04 - 02211328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
2017-06-28 15:38 - 2017-06-20 10:04 - 01626624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2017-06-28 15:38 - 2017-06-20 10:04 - 01492480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Bluetooth.dll
2017-06-28 15:38 - 2017-06-20 10:04 - 00760832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasapi32.dll
2017-06-28 15:38 - 2017-06-20 10:01 - 00334848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PlayToDevice.dll
2017-06-28 15:38 - 2017-06-20 10:00 - 00209920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wdmaud.drv
2017-06-28 15:38 - 2017-06-20 10:00 - 00157696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpchttp.dll
2017-06-28 15:38 - 2017-06-20 10:00 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
2017-06-28 15:38 - 2017-06-20 09:58 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\apphelp.dll
2017-06-24 19:45 - 2017-06-24 19:45 - 00229288 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klupd_klif_arkmon.sys
2017-06-24 19:45 - 2017-06-24 19:45 - 00112912 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klupd_klif_klbg.sys
2017-06-22 09:31 - 2017-06-22 09:31 - 00000000 ___HD C:\OneDriveTemp
2017-06-17 13:05 - 2017-06-03 12:02 - 00835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-06-17 13:05 - 2017-06-03 12:02 - 00177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2017-06-17 12:08 - 2017-06-03 15:45 - 01596600 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2017-06-17 12:08 - 2017-06-03 15:45 - 00750560 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2017-06-17 12:08 - 2017-06-03 15:45 - 00382368 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2017-06-17 12:08 - 2017-06-03 15:40 - 00130464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tm.sys
2017-06-17 12:08 - 2017-06-03 15:39 - 01003624 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase.dll
2017-06-17 12:08 - 2017-06-03 15:37 - 00119712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tdx.sys
2017-06-17 12:08 - 2017-06-03 15:30 - 00321376 _____ (Microsoft Corporation) C:\WINDOWS\system32\capauthz.dll
2017-06-17 12:08 - 2017-06-03 15:30 - 00219040 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tpm.sys
2017-06-17 12:08 - 2017-06-03 15:29 - 01409048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2017-06-17 12:08 - 2017-06-03 15:29 - 00626528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2017-06-17 12:08 - 2017-06-03 15:29 - 00311200 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2017-06-17 12:08 - 2017-06-03 15:29 - 00259400 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotifyIcon.exe
2017-06-17 12:08 - 2017-06-03 15:28 - 00660384 _____ (Microsoft Corporation) C:\WINDOWS\system32\comctl32.dll
2017-06-17 12:08 - 2017-06-03 15:28 - 00254176 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2017-06-17 12:08 - 2017-06-03 14:56 - 00266640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\capauthz.dll
2017-06-17 12:08 - 2017-06-03 14:53 - 00573856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comctl32.dll
2017-06-17 12:08 - 2017-06-03 14:44 - 00443392 _____ (Microsoft Corporation) C:\WINDOWS\system32\PerceptionSimulationExtensions.dll
2017-06-17 12:08 - 2017-06-03 14:44 - 00142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmredir.dll
2017-06-17 12:08 - 2017-06-03 14:44 - 00099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\utcutil.dll
2017-06-17 12:08 - 2017-06-03 14:44 - 00047104 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2017-06-17 12:08 - 2017-06-03 14:42 - 00119296 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTimeUtil.dll
2017-06-17 12:08 - 2017-06-03 14:41 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2017-06-17 12:08 - 2017-06-03 14:41 - 00052736 _____ (Microsoft Corporation) C:\WINDOWS\system32\musdialoghandlers.dll
2017-06-17 12:08 - 2017-06-03 14:41 - 00038912 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2017-06-17 12:08 - 2017-06-03 14:41 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BasicRender.sys
2017-06-17 12:08 - 2017-06-03 14:41 - 00002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll
2017-06-17 12:08 - 2017-06-03 14:40 - 00102400 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2017-06-17 12:08 - 2017-06-03 14:40 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCredentialDeployment.exe
2017-06-17 12:08 - 2017-06-03 14:39 - 00271872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Identity.Provider.dll
2017-06-17 12:08 - 2017-06-03 14:39 - 00221184 _____ (Microsoft Corporation) C:\WINDOWS\system32\devicengccredprov.dll
2017-06-17 12:08 - 2017-06-03 14:39 - 00094720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTimeUtil.dll
2017-06-17 12:08 - 2017-06-03 14:37 - 00778240 _____ C:\WINDOWS\system32\MBR2GPT.EXE
2017-06-17 12:08 - 2017-06-03 14:37 - 00197120 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcdboot.exe
2017-06-17 12:08 - 2017-06-03 14:37 - 00002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll
2017-06-17 12:08 - 2017-06-03 14:36 - 00551936 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmCoreProvisioning.dll
2017-06-17 12:08 - 2017-06-03 14:35 - 07336448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2017-06-17 12:08 - 2017-06-03 14:35 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Identity.Provider.dll
2017-06-17 12:08 - 2017-06-03 14:35 - 00169984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\devicengccredprov.dll
2017-06-17 12:08 - 2017-06-03 14:34 - 00805888 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2017-06-17 12:08 - 2017-06-03 14:33 - 00467456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TpmCoreProvisioning.dll
2017-06-17 12:08 - 2017-06-03 14:31 - 06726656 _____ (Microsoft Corporation) C:\WINDOWS\system32\mspaint.exe
2017-06-17 12:08 - 2017-06-03 14:30 - 00933376 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe
2017-06-17 12:08 - 2017-06-03 14:30 - 00358400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2017-06-17 12:08 - 2017-06-03 14:29 - 04730368 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2017-06-17 12:08 - 2017-06-03 14:29 - 02625024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2017-06-17 12:08 - 2017-06-03 14:29 - 02056192 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2017-06-17 12:08 - 2017-06-03 14:29 - 01293824 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2017-06-17 12:08 - 2017-06-03 14:29 - 00975360 _____ (Microsoft Corporation) C:\WINDOWS\HelpPane.exe
2017-06-17 12:08 - 2017-06-03 14:28 - 05961216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2017-06-17 12:08 - 2017-06-03 14:28 - 02516480 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2017-06-17 12:08 - 2017-06-03 14:28 - 01888256 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2017-06-17 12:08 - 2017-06-03 14:28 - 01046016 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcsvc.dll
2017-06-17 12:08 - 2017-06-03 14:28 - 00827392 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2017-06-17 12:08 - 2017-06-03 14:27 - 06535168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mspaint.exe
2017-06-17 12:08 - 2017-06-03 14:27 - 02829824 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2017-06-17 12:08 - 2017-06-03 14:27 - 00797184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe
2017-06-17 12:08 - 2017-06-03 14:25 - 03656192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2017-06-17 12:08 - 2017-06-03 14:25 - 01019904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2017-06-17 12:08 - 2017-06-03 14:24 - 02341376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
2017-06-17 12:08 - 2017-06-03 14:21 - 00064512 _____ (Microsoft Corporation) C:\WINDOWS\bfsvc.exe
2017-06-12 16:51 - 2017-06-12 16:51 - 00014379 _____ C:\Users\Nallamilli Raman\Desktop\UPVT OU.xlsx
2017-06-08 14:35 - 2017-06-08 14:35 - 00149085 _____ C:\Users\Nallamilli Raman\Desktop\Period Close Status - UPLB.xlsx
2017-06-08 14:35 - 2017-06-08 14:35 - 00005008 _____ C:\Users\Nallamilli Raman\Desktop\Cancel_invoices.sql
2017-06-08 14:35 - 2017-06-08 14:35 - 00001674 _____ C:\Users\Nallamilli Raman\Desktop\Never_Validated_Invoices_list.sql
2017-06-06 14:46 - 2017-06-06 14:46 - 00251656 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klupd_klif_klark.sys
2017-06-06 12:42 - 2017-06-06 17:12 - 00013392 _____ C:\Users\Nallamilli Raman\Desktop\Qube -GL Templates.xlsx
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-07-06 14:40 - 2016-12-14 20:23 - 00000000 ____D C:\FRST
2017-07-06 14:23 - 2017-02-25 09:27 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2017-07-06 14:07 - 2017-05-02 08:06 - 01104738 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-07-06 14:05 - 2017-02-25 08:34 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2017-07-06 14:03 - 2017-03-19 02:33 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-07-06 14:00 - 2017-05-25 23:38 - 00000400 _____ C:\WINDOWS\Tasks\HPCeeScheduleForNallamilli Raman.job
2017-07-06 14:00 - 2017-05-02 08:06 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-07-06 13:59 - 2017-03-18 17:10 - 01048576 _____ C:\WINDOWS\system32\config\BBI
2017-07-06 13:57 - 2016-12-15 15:45 - 00000000 ____D C:\AdwCleaner
2017-07-06 13:54 - 2017-05-02 07:46 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-07-06 11:25 - 2017-05-25 23:38 - 00003336 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForNallamilli Raman
2017-07-06 11:23 - 2017-03-19 02:33 - 00000000 ___HD C:\Program Files\WindowsApps
2017-07-06 11:23 - 2017-03-19 02:33 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-07-06 11:22 - 2017-05-08 16:13 - 00004178 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{8CFDDA11-BC24-4757-8420-97476F82733A}
2017-07-05 17:33 - 2016-11-28 12:18 - 00000000 ____D C:\Users\Nallamilli Raman\AppData\LocalLow\Mozilla
2017-07-05 12:38 - 2017-02-23 04:48 - 00000000 ____D C:\Users\Nallamilli Raman\AppData\Local\Packages
2017-07-05 00:45 - 2017-02-25 08:35 - 00000000 ____D C:\Program Files\Common Files\AV
2017-07-05 00:21 - 2017-03-19 02:33 - 00000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy
2017-07-05 00:21 - 2017-02-23 17:35 - 00000000 ___HD C:\WINDOWS\system32\GroupPolicy
2017-07-05 00:06 - 2017-03-19 02:31 - 00000000 ____D C:\WINDOWS\INF
2017-07-04 10:29 - 2017-02-28 02:29 - 00000000 ____D C:\Users\Nallamilli Raman\AppData\Roaming\vlc
2017-07-04 10:29 - 2017-02-25 10:01 - 00000000 ____D C:\Users\Nallamilli Raman\AppData\Roaming\uTorrent
2017-06-29 12:44 - 2017-03-19 02:33 - 00000000 ____D C:\WINDOWS\rescache
2017-06-29 11:44 - 2017-02-25 09:57 - 00002279 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-06-28 16:58 - 2015-04-28 10:09 - 00000000 __RHD C:\Users\Public\AccountPictures
2017-06-28 16:54 - 2017-05-02 07:46 - 00386488 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-06-28 16:52 - 2017-03-19 02:33 - 00000000 ___SD C:\WINDOWS\SysWOW64\F12
2017-06-28 16:51 - 2017-03-19 02:33 - 00000000 ___SD C:\WINDOWS\system32\F12
2017-06-28 16:51 - 2017-03-19 02:33 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2017-06-28 16:51 - 2017-03-19 02:33 - 00000000 ___RD C:\Program Files\Windows Defender
2017-06-28 16:51 - 2017-03-19 02:33 - 00000000 ____D C:\WINDOWS\system32\oobe
2017-06-28 16:51 - 2017-03-19 02:33 - 00000000 ____D C:\WINDOWS\system32\migwiz
2017-06-28 16:51 - 2017-03-19 02:33 - 00000000 ____D C:\WINDOWS\system32\appraiser
2017-06-28 16:51 - 2017-03-19 02:33 - 00000000 ____D C:\WINDOWS\ShellExperiences
2017-06-28 16:51 - 2017-03-19 02:33 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2017-06-28 16:49 - 2017-05-02 07:51 - 00000000 ____D C:\Users\Nallamilli Raman
2017-06-28 15:42 - 2017-03-19 02:21 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-06-25 01:40 - 2015-05-25 14:33 - 00000000 ___RD C:\Users\Nallamilli Raman\OneDrive
2017-06-22 09:31 - 2017-05-02 08:06 - 00003304 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2
2017-06-22 09:31 - 2017-02-23 06:50 - 00002403 _____ C:\Users\Nallamilli Raman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-06-17 12:22 - 2017-02-25 05:46 - 00000000 ____D C:\WINDOWS\system32\MRT
2017-06-17 12:13 - 2017-02-25 05:46 - 133627792 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-06-17 11:40 - 2017-03-19 02:33 - 00000000 ____D C:\WINDOWS\system32\NDF
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2017-06-30 13:06
 
==================== End of FRST.txt ============================

Additions Text:

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 05-07-2017
Ran by Nallamilli Raman (06-07-2017 14:40:52)
Running from C:\Users\Nallamilli Raman\Desktop
Windows 10 Home Version 1703 (X64) (2017-05-02 03:52:56)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-2818809977-977177620-758274071-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2818809977-977177620-758274071-503 - Limited - Disabled)
Guest (S-1-5-21-2818809977-977177620-758274071-501 - Limited - Disabled)
nalla (S-1-5-21-2818809977-977177620-758274071-1004 - Administrator - Enabled)
Nallamilli Raman (S-1-5-21-2818809977-977177620-758274071-1001 - Administrator - Enabled) => C:\Users\Nallamilli Raman
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Kaspersky Anti-Virus (Enabled - Up to date) {86367591-4BE4-AE08-2FD9-7FCB8259CD98}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Kaspersky Anti-Virus (Enabled - Up to date) {3D579475-6DDE-A186-1569-44B9F9DE8725}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
. . (HKLM\...\{12B07FF1-29CB-45AC-B493-1DB88BE717BD}) (Version: 7.1 - Intel) Hidden
µTorrent (HKU\S-1-5-21-2818809977-977177620-758274071-1001\...\uTorrent) (Version: 3.5.0.43916 - BitTorrent Inc.)
Apple Application Support (32-bit) (HKLM-x32\...\{29DB9165-5FC1-48F0-9188-26123F526848}) (Version: 5.0.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{5905C8CF-1C88-4478-A48E-4E458AD1BC7E}) (Version: 5.0.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{D4D86CB2-2370-4691-8272-3869EDED6C64}) (Version: 10.0.0.18 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
EaseUS MobiSaver (HKLM-x32\...\EaseUS MobiSaver_is1) (Version:  - EaseUS)
FortiClient (HKLM\...\{C8080F10-F9D9-42C8-81AF-C6DB77E66BFD}) (Version: 5.4.3.0870 - Fortinet Inc)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 59.0.3071.115 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
HP Support Assistant (HKLM-x32\...\{4780AF24-213D-4187-86F2-0014A6D6077B}) (Version: 8.4.19.3 - HP Inc.)
HP Support Solutions Framework (HKLM-x32\...\{00612F78-52C4-46C0-97F0-F50B6036B5E2}) (Version: 12.7.22.13 - HP Inc.)
Intel® Chipset Device Software (HKLM-x32\...\{60c073df-e736-4210-9c3a-5fc2b651cef3}) (Version: 10.1.1.7 - Intel® Corporation) Hidden
Intel® Driver Update Utility (HKLM-x32\...\{954190cd-c66c-4650-bd15-f3dd85f2ae15}) (Version: 2.7.2.4 - Intel)
iTunes (HKLM\...\{9946A4F7-E0FD-4A33-82D1-06CBFFBBB9F9}) (Version: 12.5.1.21 - Apple Inc.)
Java 7 Update 17 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417017FF}) (Version: 7.0.170 - Oracle)
Java™ 6 Update 27 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216027FF}) (Version: 6.0.270 - Oracle)
Kaspersky Anti-Virus (HKLM-x32\...\{E27B1D7B-3B34-43A2-9FC0-9828D5DF46E2}) (Version: 17.0.0.611 - Kaspersky Lab) Hidden
Kaspersky Anti-Virus (HKLM-x32\...\InstallWIX_{E27B1D7B-3B34-43A2-9FC0-9828D5DF46E2}) (Version: 17.0.0.611 - Kaspersky Lab)
Kaspersky Secure Connection (HKLM-x32\...\{1CF84962-50F8-48CA-9082-B70F3A02C686}) (Version: 17.0.0.611 - Kaspersky Lab) Hidden
Kaspersky Secure Connection (HKLM-x32\...\InstallWIX_{1CF84962-50F8-48CA-9082-B70F3A02C686}) (Version: 17.0.0.611 - Kaspersky Lab)
Microsoft Office 365 Business - en-us (HKLM\...\O365BusinessRetail - en-us) (Version: 16.0.8229.2073 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2818809977-977177620-758274071-1001\...\OneDriveSetup.exe) (Version: 17.3.6917.0607 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Mozilla Firefox 54.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 54.0 (x86 en-US)) (Version: 54.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 54.0.0.6330 - Mozilla)
Notepad++ (32-bit x86) (HKLM-x32\...\Notepad++) (Version: 7.3.2 - Notepad++ Team)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.8229.2073 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.8229.2073 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.8229.2073 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.8201.2075 - Microsoft Corporation) Hidden
Oracle VM VirtualBox 4.2.16 (HKLM\...\{4CC3444D-7279-4E83-984F-18E9A7B2E803}) (Version: 4.2.16 - Oracle Corporation)
PhoneRescue (HKLM-x32\...\PhoneRescue) (Version: 3.4.0.0 - iMobie Inc.)
Popcorn-Time (HKU\S-1-5-21-2818809977-977177620-758274071-1001\...\Popcorn-Time) (Version: 0.3.10 - Popcorn Time)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7553 - Realtek Semiconductor Corp.)
Synaptics ClickPad Driver (HKLM\...\SynTPDeinstKey) (Version: 19.2.4.10 - Synaptics Incorporated)
TeamViewer 12 (HKLM-x32\...\TeamViewer) (Version: 12.0.75813 - TeamViewer)
TeraCopy 2.3 (HKLM\...\TeraCopy_is1) (Version:  - Code Sector)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.4 - VideoLAN)
Windows 10 Upgrade Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.17387 - Microsoft Corporation)
WinRAR 5.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.20.0 - win.rar GmbH)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
ContextMenuHandlers01: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files (x86)\Notepad++\NppShell_06.dll [2017-02-13] ()
ContextMenuHandlers01: [Kaspersky Anti-Virus 17.0.0] -> {39C9FA89-7012-4573-A92D-BFD1F8CA542D} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\x64\shellex.dll [2017-04-30] (AO Kaspersky Lab)
ContextMenuHandlers01: [TeraCopy] -> {A8005AF0-D6E8-48AF-8DFA-023B1CF660A7} => C:\Program Files\TeraCopy\TeraCopyExt64.dll [2012-01-20] ()
ContextMenuHandlers01: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2014-12-02] (Alexander Roshal)
ContextMenuHandlers01: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} =>  -> No File
ContextMenuHandlers02: [Kaspersky Anti-Virus 17.0.0] -> {39C9FA89-7012-4573-A92D-BFD1F8CA542D} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\x64\shellex.dll [2017-04-30] (AO Kaspersky Lab)
ContextMenuHandlers02: [TeraCopy] -> {A8005AF0-D6E8-48AF-8DFA-023B1CF660A7} => C:\Program Files\TeraCopy\TeraCopyExt64.dll [2012-01-20] ()
ContextMenuHandlers04: [Kaspersky Anti-Virus 17.0.0] -> {39C9FA89-7012-4573-A92D-BFD1F8CA542D} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\x64\shellex.dll [2017-04-30] (AO Kaspersky Lab)
ContextMenuHandlers04: [TeraCopy] -> {A8005AF0-D6E8-48AF-8DFA-023B1CF660A7} => C:\Program Files\TeraCopy\TeraCopyExt64.dll [2012-01-20] ()
ContextMenuHandlers05: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers05: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2015-09-09] (Intel Corporation)
ContextMenuHandlers06: [Kaspersky Anti-Virus 17.0.0] -> {39C9FA89-7012-4573-A92D-BFD1F8CA542D} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\x64\shellex.dll [2017-04-30] (AO Kaspersky Lab)
ContextMenuHandlers06: [TeraCopy] -> {A8005AF0-D6E8-48AF-8DFA-023B1CF660A7} => C:\Program Files\TeraCopy\TeraCopyExt64.dll [2012-01-20] ()
ContextMenuHandlers06: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2014-12-02] (Alexander Roshal)
ContextMenuHandlers06: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} =>  -> No File
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {14C14D4D-1A42-47B8-91F7-F57B1094B6CA} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
Task: {180D0B73-7DED-4129-9146-7264D322499E} - System32\Tasks\Kaspersky_Upgrade_Launcher_{278ADC42-419D-4547-A6CA-5B74BE0AD901} => C:\Program Files\Common Files\AV\Kaspersky Lab\upgrade_launcher.exe [2016-07-11] (AO Kaspersky Lab)
Task: {2395292B-DB60-44CB-B356-4DEBB17DF93E} - System32\Tasks\HPCeeScheduleForNallamilli Raman => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2016-05-12] (HP Development Company, L.P.)
Task: {26ED872F-6C13-4D52-9A39-2FC97D9277F6} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2017-06-22] (HP Inc.)
Task: {377A5920-68D8-430A-91C8-ECC59E678689} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-12-06] (HP Inc.)
Task: {465EF082-D462-4684-8E90-859F4D94EE2C} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2017-07-06] ()
Task: {4AB01EF0-D420-4663-8ECE-20316BF922EA} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2017-04-07] (HP Inc.)
Task: {584CD506-CFE6-457F-AD23-D2DA7C4076EF} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-06-23] (Microsoft Corporation)
Task: {59DD599E-DB48-40FF-8FBE-D240DF7845B3} - \Intel\Intel Telemetry 2 -> No File <==== ATTENTION
Task: {5F865338-2CAC-4BF0-872E-F3354C966EE0} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2017-04-06] (HP Inc.)
Task: {63A63E0D-E18A-416F-90AD-B984AA780B30} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-06-23] (Microsoft Corporation)
Task: {7D261B58-AA97-4A6E-87CA-26F06175896F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-02-25] (Google Inc.)
Task: {83311743-BD37-44BB-A1CE-465C5AC5CEAA} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2017-07-06] ()
Task: {9D3FC351-107C-45BD-A3F6-913C3FC9D46C} - \USER_ESRV_SVC_QUEENCREEK -> No File <==== ATTENTION
Task: {AA03AA43-FAFF-4DD1-8F23-74B04BD4C103} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater - Resources => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-12-06] (HP Inc.)
Task: {B322C66B-724C-43C2-9334-2AA22574088A} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2017-07-06] (Microsoft Corporation)
Task: {BCA04C3D-C562-4C00-888F-56C86AAC618A} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2017-04-07] (HP Inc.)
Task: {F42A3400-6914-4DC6-9E60-C363FF7D71BE} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe [2017-05-25] (HP Inc.)
Task: {F494147B-A2B7-47D7-B360-7D85B31BB6CC} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2016-11-07] (HP Inc.)
Task: {F65E0A25-9F64-415E-A6C3-8C251067728E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-02-25] (Google Inc.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\HPCeeScheduleForNallamilli Raman.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
ShortcutWithArgument: C:\Users\Nallamilli Raman\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\76f9e4d33b60b312\Popcorn-Time.lnk -> C:\Users\Nallamilli Raman\AppData\Local\Popcorn-Time\Popcorn-Time.exe (The NWJS Community) -> --user-data-dir="C:\Users\Nallamilli Raman\AppData\Local\Popcorn-Time\User Data" --profile-directory=Default --app-id=hecfofbbdfadifpemejbbdcjmfmboohj
 
==================== Loaded Modules (Whitelisted) ==============
 
2016-09-01 18:12 - 2016-09-01 18:12 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2016-09-01 18:12 - 2016-09-01 18:12 - 01353528 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2017-03-19 02:28 - 2017-03-19 02:28 - 00138000 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2017-02-25 09:42 - 2017-07-06 11:39 - 08932040 _____ () C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\1033\GrooveIntlResource.dll
2017-02-25 10:29 - 2012-01-29 16:55 - 00657920 _____ () C:\Program Files\TeraCopy\TeraCopy64.dll
2017-02-25 10:29 - 2012-01-20 14:55 - 00678400 _____ () C:\Program Files\TeraCopy\TeraCopyExt64.dll
2017-02-13 04:01 - 2017-02-13 04:01 - 00230064 _____ () C:\Program Files (x86)\Notepad++\NppShell_06.dll
2017-03-19 02:29 - 2017-03-19 08:01 - 01731072 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-06-21 09:37 - 2017-06-21 09:40 - 00074752 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.18.614.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2017-06-21 09:37 - 2017-06-21 09:40 - 00203264 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.18.614.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2017-06-21 09:37 - 2017-06-21 09:41 - 43454464 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.18.614.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2017-06-21 09:37 - 2017-06-21 09:40 - 02437120 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.18.614.0_x64__kzf8qxf38zg5c\skypert.dll
2017-06-21 09:37 - 2017-06-21 09:40 - 00138240 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.18.614.0_x64__kzf8qxf38zg5c\SkypeHost.Proxies.dll
2017-06-29 11:44 - 2017-06-23 08:51 - 03807064 _____ () C:\Program Files (x86)\Google\Chrome\Application\59.0.3071.115\libglesv2.dll
2017-06-29 11:44 - 2017-06-23 08:51 - 00100184 _____ () C:\Program Files (x86)\Google\Chrome\Application\59.0.3071.115\libegl.dll
2017-03-08 16:07 - 2017-03-08 16:07 - 00548882 _____ () F:\Al Qudra\FortiClient\sqlite3.dll
2016-06-28 00:19 - 2016-06-28 00:19 - 00865232 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\kpcengine.2.3.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\S-1-5-21-2818809977-977177620-758274071-1001\...\sharepoint.com -> hxxps://netorg529623-files.sharepoint.com
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2017-02-23 17:35 - 2017-05-15 14:35 - 00000884 _____ C:\WINDOWS\system32\Drivers\etc\hosts
 
192.168.2.11  fusapps.appsguruconsulting.com   fusapps
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-2818809977-977177620-758274071-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Nallamilli Raman\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\wall paper saibaba1.jpg
DNS Servers: 123.176.37.37 - 123.176.37.38
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
MSCONFIG\Services: cphs => 3
MSCONFIG\Services: ESRV_SVC_QUEENCREEK => 2
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: hpqcaslwmiex => 3
MSCONFIG\Services: hpsrv => 2
MSCONFIG\Services: HPSupportSolutionsFrameworkService => 2
MSCONFIG\Services: igfxCUIService2.0.0.0 => 2
MSCONFIG\Services: klvssbrigde64 => 3
MSCONFIG\Services: KSDE1.0.0 => 2
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: RtkAudioService => 2
MSCONFIG\Services: SynTPEnhService => 2
MSCONFIG\Services: SystemUsageReportSvc_QUEENCREEK => 2
MSCONFIG\Services: TeamViewer => 2
MSCONFIG\Services: USER_ESRV_SVC_QUEENCREEK => 2
HKLM\...\StartupApproved\Run: => "SecurityHealth"
HKLM\...\StartupApproved\Run: => "RTHDVCPL"
HKU\S-1-5-21-2818809977-977177620-758274071-1001\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_F2A35E3CEF1D0C84455300057F865D99"
HKU\S-1-5-21-2818809977-977177620-758274071-1001\...\StartupApproved\Run: => "OneDrive"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{BF405060-7C49-4CE9-8EC9-C430B1FF5AE3}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{920A0AA3-2BCF-4D62-8CB1-425899FFBF88}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{B2DD2B63-93D6-4AC9-8E4C-1DA27A7DD5EC}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{07C9B39D-856F-4D3E-B0A5-EA371ABD0C85}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [UDP Query User{DC5B8749-D149-4AAF-A578-6EBD836A3C58}C:\users\nallamilli raman\appdata\local\popcorn-time\popcorn-time.exe] => (Block) C:\users\nallamilli raman\appdata\local\popcorn-time\popcorn-time.exe
FirewallRules: [TCP Query User{CFD22FC9-60BA-403C-A3F1-40A418696C16}C:\users\nallamilli raman\appdata\local\popcorn-time\popcorn-time.exe] => (Block) C:\users\nallamilli raman\appdata\local\popcorn-time\popcorn-time.exe
FirewallRules: [{55A816CF-7465-40FA-A8DC-1C5F4291BD32}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{D891CEB8-B795-4F9F-B66B-8B897DD00CA9}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{87B798F5-7149-4CA7-A67A-676E8772C014}] => (Allow) C:\Users\Nallamilli Raman\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{C01FC9AC-DCC1-4537-BA83-040B5FC85E47}] => (Allow) C:\Users\Nallamilli Raman\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{B39396FE-73C6-4792-B369-4FA40189EAFB}] => (Allow) C:\Users\Nallamilli Raman\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{2D2E3B91-60B1-4C96-937E-5239606C121A}] => (Allow) C:\Users\Nallamilli Raman\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{DA7EBA86-79ED-46B5-B663-CEFE4B2F7B4C}] => (Allow) C:\Users\Nallamilli Raman\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{29854BC7-33EF-4222-BEC3-E7ADB8C551E5}] => (Allow) C:\Users\Nallamilli Raman\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{7BA28C2D-2ED1-4B8C-92E7-EEF0AD183BDF}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{C8F45676-3A0C-4067-A019-AC6B0F04914C}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{09E4610F-BB43-4B7C-B93B-3ABEBBE809B5}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{A9EE8912-D6D0-4D54-B3A5-CAF9CA93C8FB}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{C38896DC-6D18-4472-827F-641DE3A7ED8C}] => (Allow) F:\Al Qudra\FortiClient\FortiProxy.exe
FirewallRules: [{916421CE-34E5-415A-B0F0-09220552BC73}] => (Allow) F:\Al Qudra\FortiClient\ipsec.exe
FirewallRules: [{F8A26344-C5C2-4F9E-A2A5-ED5A95548F5E}] => (Allow) F:\Al Qudra\FortiClient\FortiWad.exe
FirewallRules: [{30DBAD5A-7361-4837-896A-73A603AA981B}] => (Allow) F:\Al Qudra\FortiClient\fortiesnac.exe
FirewallRules: [{AAAEA484-03E3-416C-8B17-89AF55AF49DC}] => (Allow) F:\Al Qudra\FortiClient\fortifws.exe
FirewallRules: [TCP Query User{24759EC4-C8D3-482E-B3E7-61494AD1E7FB}C:\program files (x86)\java\jre6\bin\java.exe] => (Allow) C:\program files (x86)\java\jre6\bin\java.exe
FirewallRules: [UDP Query User{B87583F1-1EAA-48FA-BBA7-68CC50461DF5}C:\program files (x86)\java\jre6\bin\java.exe] => (Allow) C:\program files (x86)\java\jre6\bin\java.exe
FirewallRules: [TCP Query User{9C10A76B-A224-4560-A56E-C9FBA6F5AA0A}C:\program files\java\jre7\bin\java.exe] => (Allow) C:\program files\java\jre7\bin\java.exe
FirewallRules: [UDP Query User{D378156C-E710-4EF0-814F-D1EAC4A19245}C:\program files\java\jre7\bin\java.exe] => (Allow) C:\program files\java\jre7\bin\java.exe
FirewallRules: [{0F310C5E-3897-4D41-BFBE-C3C5D4CBE3A1}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{EC1EB6FC-4796-4BBB-92C2-C57BD60EA726}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{98F6259C-CDAE-4B6E-A0DD-088AE87D3566}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{DB315A4E-D491-4838-8B0C-5A5D9788DCDF}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{63E457F7-D795-40A3-8A24-8B85DFF6BAAD}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{56A937DE-FB37-4E17-AC02-43F66BCDC432}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{2B8B69AF-EC29-45D4-A77F-BD3150F03D59}] => (Allow) C:\Program Files\iTunes\iTunes.exe
 
==================== Restore Points =========================
 
23-06-2017 20:23:55 Windows Update
28-06-2017 15:39:17 Windows Update
05-07-2017 00:06:30 Installed iTunes
06-07-2017 14:15:16 JRT Pre-Junkware Removal
06-07-2017 14:22:17 JRT Pre-Junkware Removal
06-07-2017 14:28:18 JRT Pre-Junkware Removal
 
==================== Faulty Device Manager Devices =============
 
Name: HP Mobile Data Protection Sensor
Description: HP Mobile Data Protection Sensor
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Hewlett-Packard
Service: Accelerometer
Problem: : The software for this device has been blocked from starting because it is known to have problems with Windows. Contact the hardware vendor for a new driver. (Code 48)
Resolution: Download the latest drivers from the manufacturer, uninstall the current driver, and then install the latest drivers.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (07/06/2017 02:33:17 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: RNALLAMILLI)
Description: Activation of app Microsoft.BingWeather_8wekyb3d8bbwe!App failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (07/06/2017 02:06:02 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: RNALLAMILLI)
Description: Activation of app Microsoft.BingWeather_8wekyb3d8bbwe!App failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (07/06/2017 01:37:36 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: RNALLAMILLI)
Description: Activation of app Microsoft.BingWeather_8wekyb3d8bbwe!App failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (07/06/2017 01:04:40 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: RNALLAMILLI)
Description: Activation of app Microsoft.BingWeather_8wekyb3d8bbwe!App failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (07/06/2017 12:34:40 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: RNALLAMILLI)
Description: Activation of app Microsoft.BingWeather_8wekyb3d8bbwe!App failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (07/06/2017 12:04:40 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: RNALLAMILLI)
Description: Activation of app Microsoft.BingWeather_8wekyb3d8bbwe!App failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (07/06/2017 11:33:06 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: RNALLAMILLI)
Description: Activation of app Microsoft.BingWeather_8wekyb3d8bbwe!App failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (07/06/2017 11:25:35 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "BITS" in DLL "C:\Windows\System32\bitsperf.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.
 
Error: (07/06/2017 11:23:09 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe.Manifest".Error in manifest or policy file "C:\Program Files (x86)\Microsoft Office\root\Office16\UccApi.DLL" on line 1.
Component identity found in manifest does not match the identity of the component requested.
Reference is UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0".
Definition is UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0".
Please use sxstrace.exe for detailed diagnosis.
 
Error: (07/06/2017 11:19:52 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: RNALLAMILLI)
Description: Activation of app Microsoft.BingWeather_8wekyb3d8bbwe!App failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
 
System errors:
=============
Error: (07/06/2017 02:00:31 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The USER_ESRV_SVC_QUEENCREEK service failed to start due to the following error: 
The system cannot find the file specified.
 
Error: (07/06/2017 02:00:31 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The ESRV_SVC_QUEENCREEK service failed to start due to the following error: 
The system cannot find the file specified.
 
Error: (07/06/2017 02:00:31 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The SystemUsageReportSvc_QUEENCREEK service failed to start due to the following error: 
The system cannot find the file specified.
 
Error: (07/06/2017 02:00:22 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The CldFlt service failed to start due to the following error: 
The request is not supported.
 
Error: (07/06/2017 02:00:15 PM) (Source: Application Popup) (EventID: 876) (User: )
Description: Accelerometer.sys
 
Error: (07/06/2017 01:59:32 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.
 
Module Path: C:\WINDOWS\system32\Rtlihvs.dll
 
Error: (07/06/2017 01:59:32 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.
 
Module Path: C:\WINDOWS\system32\Rtlihvs.dll
 
Error: (07/06/2017 01:59:29 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.
 
Module Path: C:\WINDOWS\system32\Rtlihvs.dll
 
Error: (07/06/2017 01:57:46 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error: 
An instance of the service is already running.
 
Error: (07/06/2017 01:57:16 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The HP Support Solutions Framework Service service terminated unexpectedly.  It has done this 1 time(s).
 
 
CodeIntegrity:
===================================
  Date: 2017-07-06 14:36:04.027
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-07-06 14:36:04.022
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-07-06 11:28:56.284
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-07-06 11:28:56.282
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-07-05 16:18:30.119
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-07-05 16:18:30.115
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-07-05 00:21:41.010
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-07-05 00:21:40.976
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i7-5500U CPU @ 2.40GHz
Percentage of memory in use: 44%
Total physical RAM: 6066.27 MB
Available physical RAM: 3360.73 MB
Total Virtual: 7026.27 MB
Available Virtual: 4336.82 MB
 
==================== Drives ================================
 
Drive c: (Windows) (Fixed) (Total:171.02 GB) (Free:100.47 GB) NTFS
Drive d: (RECOVERY) (Fixed) (Total:25.75 GB) (Free:2.88 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive f: (New Volume) (Fixed) (Total:500 GB) (Free:452.47 GB) NTFS
Drive h: (Lenovo_Suite) (CDROM) (Total:0.04 GB) (Free:0 GB) CDFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 698.6 GB) (Disk ID: A5D1162D)
 
Partition: GPT.
 
==================== End of Addition.txt ============================





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users