Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Please Someone Help me Immediately With This Redirecting Virus


  • This topic is locked This topic is locked
12 replies to this topic

#1 ajay1998A

ajay1998A

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:08:40 PM

Posted 18 July 2017 - 06:16 AM

Today, When I tried To Download Swiftshader, I came Across A Stupid Website Which Gave Me Some Kind Of Adware Which Is So Deceiving That I Have Download And Ran That Software, Immediately There Are Three Icons With Some Games Are Created And I Have deleted Them, Then In Google Chrome, Whenever I Search Something In Google, It Gave Search results Redirecting Me To Yahoo. I Tried Every Possible Way To Solve This. I Have Installed Malwarebyte,HitmanPro, Iexplore, Avast,TDSS Killer And Still It Is Unresoved. When I Ran Hitman pro, It Showed me Something Like Googlechrome Cookie Tracker Which After Deleting Also My Problem Is not Resolved.

I Also Tried To Delete All The TEMP Files, But I Cannot Delete One File Which Is Called SafeZone Installer Which Cannot Be Deleted Although It's Size Is 0 Bytes.

So Please Some One Help Me. And Also I think There Are No Malicious Programs Installed.

Sorry If My English Is bad, I Am Not A Native English Speaker.

Expecting Immediate help. Thanks :)



BC AdBot (Login to Remove)

 


#2 satchfan

satchfan

  • Malware Response Team
  • 2,858 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:04:10 PM

Posted 18 July 2017 - 07:28 AM

Hello ajay1998A and welcome to Bleeping Computer.

My name is Satchfan and I would be glad to help you with your computer problem.

Please read the following guidelines which will help to make cleaning your machine easier:

  • please follow all instructions in the order posted
  • please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear
  • all logs/reports, etc. must be posted in Notepad. Please ensure that word wrap is unchecked. In Notepad click Format, uncheck Word wrap if it is checked
  • if you don't understand something, please don't hesitate to ask for clarification before proceeding
  • the fixes are specific to your problem and should only be used for this issue on this machine.
  • please reply within 3 days. If you do not reply within this period I will post a reminder but topics with no reply in 4 days will be closed!

IMPORTANT:

Please DO NOT install/uninstall any programs unless asked to.
Please DO NOT run any scans other than those requested

===================================================

Note: Please follow these instructions in the order given.

===================================================

Download and run AdwCleaner

Download AdwCleaner from here and save it to your desktop.

  • run AdwCleaner by clicking on Scan
  • when it has finished, leave everything that was found checked, (ticked), then click on Clean
  • if it asks to reboot, allow the reboot
  • on reboot a log will be produced; please attach the content of the log to your next reply.

===================================================

Download and run Junkware Removal Tool

Please download Junkware Removal Tool to your desktop.

  • shut down your protection software now to avoid potential conflicts.
  • run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator"
  • the tool will open and start scanning your system
  • please be patient as this can take a while to complete depending on your system's specifications
  • on completion, a log (JRT.txt) is saved to your desktop and will automatically open
  • post the contents of JRT.txt into your next message.

===================================================

Download zoek.exe to your Desktop:

Important: Disable your AntiVirus and AntiSpyware programs, so they do not interfere with the running of Zoek.exe. You can find instructions how to disable your security applications here.

  • on Windows Vista, 7/8/10, right-click Zoek.exe and select: Run as Administrator
  • give it a few seconds to appear
  • copy/paste the entire script inside the codebox below into the input field of Zoek:
    createsrpoint;
    autoclean;
    emptyclsid;
    emptyffcache;
    FFdefaults;
    emptyiecache;
    iedefaults;
    emptychrcache;
    CHRdefaults;
    emptyalltemp;
    emptyfolderscheck;delete
    ipconfig /flushdns;b
    
  • close any open programs.
  • click the Run script button, and wait. It takes a few minutes to run.
  • when the tool finishes, the zoek-results.log is opened in Notepad: the log can also be found on the systemdrive, normally C:\
  • if a reboot is needed, the log will be opened after the reboot.

Logs to include with next post:

AdwCleaner log
JRT.txt
zoek-results.log


Thanks

Satchfan

 


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#3 ajay1998A

ajay1998A
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:08:40 PM

Posted 19 July 2017 - 09:05 AM

Here Are The logs :

Adwcleaner Log :

# AdwCleaner 7.0.0.0 - Logfile created on Tue Jul 18 14:00:54 2017
# Updated on 2017/17/07 by Malwarebytes 
# Running on Windows 8.1 Pro (X64)
# Mode: clean
 
***** [ Services ] *****
 
Deleted: saferm
Deleted: safer
 
 
***** [ Folders ] *****
 
Deleted: C:\Program Files\Hola
Deleted: C:\Users\Ajay Kumar\AppData\Roaming\Hola
Deleted: C:\Users\Ajay Kumar\AppData\Roaming\Wise Euask
 
 
***** [ Files ] *****
 
No malicious files deleted.
 
***** [ DLL ] *****
 
No malicious DLLs cleaned.
 
***** [ WMI ] *****
 
No malicious WMI cleaned.
 
***** [ Shortcuts ] *****
 
No malicious shortcuts cleaned.
 
***** [ Tasks ] *****
 
Deleted: WiseCleaner
Deleted: saferupdatetaskmachinecore
 
 
***** [ Registry ] *****
 
Deleted: [Key] - HKLM\SOFTWARE\Hola
Deleted: [Key] - HKU\.DEFAULT\Software\Hola
Deleted: [Key] - HKU\S-1-5-18\Software\Hola
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\MediaPlayer\ShimInclusionList\UCBrowser.exe
Deleted: [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\hola.org
Deleted: [Value] - HKLM\SOFTWARE\Classes\.htm\OpenWithProgids|UCHTML.AssocFile.HTM
Deleted: [Value] - HKLM\SOFTWARE\Classes\.html\OpenWithProgids|UCHTML.AssocFile.HTML
Deleted: [Value] - HKLM\SOFTWARE\Classes\.mht\OpenWithProgids|UCHTML.AssocFile.MHT
Deleted: [Value] - HKLM\SOFTWARE\Classes\.shtm\OpenWithProgids|UCHTML.AssocFile.SHTM
Deleted: [Value] - HKLM\SOFTWARE\Classes\.shtml\OpenWithProgids|UCHTML.AssocFile.SHTML
Deleted: [Value] - HKLM\SOFTWARE\Classes\.webp\OpenWithProgids|UCHTML.AssocFile.WEBP
Deleted: [Value] - HKLM\SOFTWARE\Classes\.xht\OpenWithProgids|UCHTML.AssocFile.XHT
Deleted: [Value] - HKLM\SOFTWARE\Classes\.xhtml\OpenWithProgids|UCHTML.AssocFile.XHTML
Deleted: [Key] - HKLM\SOFTWARE\WISECLEANER
Deleted: [Key] - HKLM\SOFTWARE\Trymedia Systems
Deleted: [Key] - HKLM\SOFTWARE\Safer Technologies
Deleted: [Key] - HKU\S-1-5-21-2495111236-882408921-4290804203-1001\Software\Safer Technologies
Deleted: [Key] - HKCU\Software\Safer Technologies
Deleted: [Key] - HKLM\SOFTWARE\Classes\UCHTML
Deleted: [Key] - HKLM\SOFTWARE\Classes\UCHTML.AssocFile.CRX
Deleted: [Key] - HKLM\SOFTWARE\Classes\UCHTML.AssocFile.HTM
Deleted: [Key] - HKLM\SOFTWARE\Classes\UCHTML.AssocFile.HTML
Deleted: [Key] - HKLM\SOFTWARE\Classes\UCHTML.AssocFile.MHT
Deleted: [Key] - HKLM\SOFTWARE\Classes\UCHTML.AssocFile.SHTM
Deleted: [Key] - HKLM\SOFTWARE\Classes\UCHTML.AssocFile.SHTML
Deleted: [Key] - HKLM\SOFTWARE\Classes\UCHTML.AssocFile.WEBP
Deleted: [Key] - HKLM\SOFTWARE\Classes\UCHTML.AssocFile.XHT
Deleted: [Key] - HKLM\SOFTWARE\Classes\UCHTML.AssocFile.XHTML
 
 
***** [ Firefox (and derivatives) ] *****
 
No malicious Firefox entries deleted.
 
***** [ Chromium (and derivatives) ] *****
 
SearchProvider deleted: AOL - aol.com
SearchProvider deleted: Ask - ask.com
 
 
*************************
 
::Tracing keys deleted
::Winsock settings cleared
::Additional Actions: 0
 
 
 
*************************
 
C:/AdwCleaner/AdwCleaner[S0].txt - [3600 B] - [2017/7/18 13:59:46]
 
 
########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt ##########
 
JRT log : 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.4 (07.09.2017)
Operating System: Windows 8.1 Pro x64 
Ran by Ajay (Administrator) on 18-Jul-17 at 19:40:01.73
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
File System: 12 
 
Successfully deleted: C:\ProgramData\mntemp (File) 
Successfully deleted: C:\ProgramData\safer technologies (Folder) 
Successfully deleted: C:\Users\Ajay Kumar\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio (Folder) 
Successfully deleted: C:\Users\Ajay Kumar\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\gkojfkhlekighikafcpjkiklfbnlmeio (Folder) 
Successfully deleted: C:\Users\Ajay Kumar\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_gkojfkhlekighikafcpjkiklfbnlmeio_0.localstorage (File) 
Successfully deleted: C:\Users\Ajay Kumar\AppData\Local\safer technologies (Folder) 
Successfully deleted: C:\Windows\system32\Tasks\SaferUpdateTaskMachineUA (Task)
Successfully deleted: C:\Windows\Tasks\SaferUpdateTaskMachineUA.job (Task) 
Successfully deleted: C:\Windows\Tasks\Wise Care 365.job (Task) 
Successfully deleted: C:\Windows\Tasks\Wise Hotkey.job (Task) 
Successfully deleted: C:\Windows\Tasks\Wise Turbo Checker.job (Task) 
Successfully deleted: C:\Program Files (x86)\safer technologies (Folder) 
 
 
 
Registry: 0 
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 18-Jul-17 at 19:52:17.12
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Zoek Results Log :
 
 
Zoek.exe v5.0.0.1 Updated 27-09-2015
Tool run by Ajay on 18-Jul-17 at 20:14:51.75.
Microsoft Windows 8.1 Pro 6.3.9600  x64
Running in: Normal Mode No Internet Access Detected
Launched: D:\Programs\zoek.exe [Scan all users] [Script inserted] 
 
==== System Restore Info ======================
 
18-Jul-17 8:15:46 PM Zoek.exe System Restore Point Created Successfully.
 
==== Empty Folders Check ======================
 
C:\PROGRA~2\Avira deleted successfully
C:\PROGRA~2\Boris FX, Inc deleted successfully
C:\PROGRA~2\GUM83EE.tmp deleted successfully
C:\PROGRA~2\Mr DJ deleted successfully
C:\PROGRA~2\RealHideIP deleted successfully
C:\PROGRA~2\realtech VR deleted successfully
C:\PROGRA~2\SHAREit Technologies deleted successfully
C:\PROGRA~2\COMMON~1\XCPCSync.OEM deleted successfully
C:\Program Files\CyberGhost 6 deleted successfully
C:\PROGRA~3\Avira deleted successfully
C:\PROGRA~3\IDM deleted successfully
C:\PROGRA~3\PanelStation deleted successfully
C:\PROGRA~3\regid.1986-12.com.adobe deleted successfully
C:\PROGRA~3\Times SMS deleted successfully
C:\Users\Ajay Kumar\AppData\Roaming\ArrayData deleted successfully
C:\Users\Ajay Kumar\AppData\Roaming\Counter deleted successfully
C:\Users\Ajay Kumar\AppData\Roaming\HP_Data deleted successfully
C:\Users\Ajay Kumar\AppData\Roaming\Humandata deleted successfully
C:\Users\Ajay Kumar\AppData\Roaming\newone deleted successfully
C:\Users\Ajay Kumar\AppData\Roaming\NewPairSystem deleted successfully
C:\Users\Ajay Kumar\AppData\Roaming\OsVersion deleted successfully
C:\Users\Ajay Kumar\AppData\Roaming\RedMichyIntValue deleted successfully
C:\Users\Ajay Kumar\AppData\Roaming\WindowsGui deleted successfully
C:\Users\Ajay Kumar\AppData\Local\CrashDumps deleted successfully
C:\Users\Ajay Kumar\AppData\Local\CrashRpt deleted successfully
C:\Users\Ajay Kumar\AppData\Local\Research In Motion deleted successfully
 
==== Deleting CLSID Registry Keys ======================
 
HKEY_USERS\S-1-5-21-2495111236-882408921-4290804203-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8dcb7100-df86-4384-8842-8fa844297b3f} deleted successfully
HKEY_USERS\S-1-5-21-2495111236-882408921-4290804203-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{8dcb7100-df86-4384-8842-8fa844297b3f} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{8dcb7100-df86-4384-8842-8fa844297b3f} deleted successfully
 
==== Deleting CLSID Registry Values ======================
 
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{8dcb7100-df86-4384-8842-8fa844297b3f} deleted successfully
 
==== Deleting Services ======================
 
 
==== FireFox Fix ======================
 
Deleted from C:\Users\AJAYKU~1\AppData\Roaming\Mozilla\Firefox\Profiles\16o116t2.default\prefs.js:
user_pref("browser.startup.homepage", "https://www.google.co.in");
 
Added to C:\Users\AJAYKU~1\AppData\Roaming\Mozilla\Firefox\Profiles\16o116t2.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");
 
==== Batch Command(s) Run By Tool======================
 
 
==== Deleting Files \ Folders ======================
 
C:\PROGRA~2\Avira not found
C:\PROGRA~2\Boris FX, Inc not found
C:\PROGRA~2\GUM83EE.tmp not found
C:\PROGRA~2\Mr DJ not found
C:\PROGRA~2\RealHideIP not found
C:\PROGRA~2\realtech VR not found
C:\PROGRA~2\SHAREit Technologies not found
C:\PROGRA~2\Traffic BoosterT not found
C:\Users\Ajay Kumar\AppData\Roaming\HandBrake deleted
C:\Users\Ajay Kumar\AppData\Roaming\livestreamer deleted
C:\Users\Ajay Kumar\AppData\Roaming\RedMirchy deleted
C:\found.000 deleted
C:\found.001 deleted
C:\found.002 deleted
C:\found.003 deleted
C:\found.004 deleted
C:\PROGRA~3\Hotspot Shield deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search.lnk deleted
C:\windows\SysNative\GroupPolicy\Machine deleted
C:\windows\SysNative\GroupPolicy\User deleted
C:\windows\SysNative\GroupPolicy\GPT.INI deleted
C:\Windows\Syswow64\GroupPolicy\gpt.ini deleted
C:\Windows\Syswow64\Hotspot Shield deleted
C:\Users\AJAYKU~1\AppData\Roaming\Mozilla\Firefox\Profiles\16o116t2.default\jetpack deleted
"C:\Users\Ajay Kumar\AppData\Roaming\Yandex\ui" deleted
"C:\Users\Ajay Kumar\AppData\Roaming\Yandex" deleted
"C:\PROGRA~3\Package Cache" deleted
 
==== Firefox Start and Search pages ======================
 
ProfilePath: C:\Users\AJAYKU~1\AppData\Roaming\Mozilla\Firefox\Profiles\16o116t2.default
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");
 
==== Firefox Extensions Registry ======================
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"{22119944-ED35-4ab1-910B-E619EA06A115}"="C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox\roboform.xpi" [30-Jun-16 10:57 PM]
[HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions]
"{22119944-ED35-4ab1-910B-E619EA06A115}"="C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox\roboform.xpi" [30-Jun-16 10:57 PM]
 


#4 satchfan

satchfan

  • Malware Response Team
  • 2,858 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:04:10 PM

Posted 19 July 2017 - 09:54 AM

That is not the complete Zoek log: please post it again and be sure to copy/paste all of it.

 

Thanks


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#5 ajay1998A

ajay1998A
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:08:40 PM

Posted 20 July 2017 - 10:05 AM

Yeah..Sorry this is the entire file
 
Zoek.exe v5.0.0.1 Updated 27-09-2015
Tool run by Ajay on 20-Jul-17 at 19:41:23.10.
Microsoft Windows 8.1 Pro 6.3.9600  x64
Running in: Normal Mode No Internet Access Detected
Launched: D:\Programs\zoek.exe [Scan all users] [Script inserted] 
 
==== Older Logs ======================
 
C:\zoek-results2017-07-19-172020.log 468 bytes
 
==== System Restore Info ======================
 
20-Jul-17 7:45:08 PM Zoek.exe System Restore Point Created Successfully.
 
==== Empty Folders Check ======================
 
C:\PROGRA~2\Traffic BoosterT
 
==== Deleting CLSID Registry Keys ======================
 
 
==== Deleting CLSID Registry Values ======================
 
 
==== Deleting Services ======================
 
 
==== FireFox Fix ======================
 
Deleted from C:\Users\AJAYKU~1\AppData\Roaming\Mozilla\Firefox\Profiles\16o116t2.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");
 
Added to C:\Users\AJAYKU~1\AppData\Roaming\Mozilla\Firefox\Profiles\16o116t2.default\prefs.js:
 
==== Batch Command(s) Run By Tool======================
 
 
==== Deleting Files \ Folders ======================
 
C:\PROGRA~2\Traffic BoosterT not found
C:\Users\AJAYKU~1\AppData\Roaming\Mozilla\Firefox\Profiles\16o116t2.default\jetpack deleted
 
==== Firefox Extensions Registry ======================
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"{22119944-ED35-4ab1-910B-E619EA06A115}"="C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox\roboform.xpi" [30-Jun-16 10:57 PM]
[HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions]
"{22119944-ED35-4ab1-910B-E619EA06A115}"="C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox\roboform.xpi" [30-Jun-16 10:57 PM]
 
==== Firefox Extensions ======================
 
ProfilePath: C:\Users\AJAYKU~1\AppData\Roaming\Mozilla\Firefox\Profiles\16o116t2.default
- Undetermined - %ProfilePath%\extensions\jid2-l8SPBzHJWBIiHQ@jetpack.xpi
- Undetermined - %ProfilePath%\extensions\sp@avast.com.xpi
- Undetermined - %ProfilePath%\extensions\wrc@avast.com.xpi
- SEOquake - %ProfilePath%\extensions\{317B5128-0B0B-49b2-B2DB-1E7560E16C74}.xpi
- iMacros for Firefox - %ProfilePath%\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}.xpi
- Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
 
AppDir: C:\Program Files (x86)\Mozilla Firefox
- Undetermined - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi
 
==== Firefox Plugins ======================
 
Profilepath: C:\Users\Ajay Kumar\AppData\Roaming\Mozilla\Firefox\Profiles\16o116t2.default
F2AE028008AD02EC3C38CA6679EE4CC6 - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_26_0_0_137.dll - Shockwave Flash
E3B4EA121F7BDEB0F6366E2BA9608CB5 - C:\Users\Ajay Kumar\AppData\Local\Citrix\Plugins\104\npappdetector.dll - Citrix Online Web Deployment Plugin 1.0.0.104
 
 
==== Chromium Look ======================
 
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
efaidnbmnnnibpcajpcglclefindmkaj - No path found[]
eofcbnmajmjmplflapaojjnihcjkigck - No path found[]
gomekmidlodglbbmalcneegieacbdmki - No path found[]
ngpampappnmepgilojfohadhhmbhlaek - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx[09-Jun-16 10:18 PM]
pnlccmojcmeohlpggmfnbbiapkmbliob - C:\Program Files (x86)\Siber Systems\AI RoboForm\Chrome\rf-chrome.crx[30-Jun-16 10:57 PM]
 
HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions
fkkcgfbgohboipdhliafmacjnhjbhmim - No path found[]
 
Comodo Drag&Drop Service - Ajay Kumar\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\aneodkojaglhnkkdbbdnmmmgimlcaogo
Comodo Web Inspector - Ajay Kumar\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\bdngekjahnmlkinegnhdmmbcfnmbclnn
Comodo Media Downloader - Ajay Kumar\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dihmnpngfonlhjmgkflpnibiaaliendo
Comodo Dragon Browser Light Theme - Ajay Kumar\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\kglppafajjeikfgmjjegogphhkjnnmgc
IDM Integration Module - Ajay Kumar\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ngpampappnmepgilojfohadhhmbhlaek
eRail.in - Ajay Kumar\AppData\Local\Google\Chrome\User Data\Default\Extensions\aopfgjfeiimeioiajeknfidlljpoebgc
Avast Online Security - Ajay Kumar\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki
myRailinfo IRCTC Tatkal Ticket Autofill - Ajay Kumar\AppData\Local\Google\Chrome\User Data\Default\Extensions\hglennijikhdiodhggelknephplffdnc
IRCTC Tatkal Autofill plugin - Free - Ajay Kumar\AppData\Local\Google\Chrome\User Data\Default\Extensions\mddngdokajnbjjiknbjbcejmbhgmbicp
IDM Integration Module - Ajay Kumar\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngpampappnmepgilojfohadhhmbhlaek
IRCTC Magic Autofill - Ajay Kumar\AppData\Local\Google\Chrome\User Data\Default\Extensions\nngnpeogocbffohonknibfgpdheagajk
Chrome Media Router - Ajay Kumar\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm
RoboForm - Ajay Kumar\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnlccmojcmeohlpggmfnbbiapkmbliob
 
==== Set IE to Default ======================
 
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
 
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
 
==== All HKCU SearchScopes ======================
 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{012E1000-F331-11DB-8314-0800200C9A66} Google  Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02"
 
==== Reset Google Chrome ======================
 
C:\Users\Ajay Kumar\AppData\Local\Comodo\Dragon\User Data\Default\Preferences was reset successfully
C:\Users\Ajay Kumar\AppData\Local\Comodo\Dragon\User Data\Default\Secure Preferences was reset successfully
C:\Users\Ajay Kumar\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\Ajay Kumar\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences was reset successfully
C:\Users\Ajay Kumar\AppData\Local\Yandex\YandexBrowser\User Data\Default\Preferences was reset successfully
C:\Users\Ajay Kumar\AppData\Local\Yandex\YandexBrowser\User Data\Default\Secure Preferences was reset successfully
C:\Users\Ajay Kumar\AppData\Local\Comodo\Dragon\User Data\Default\Web Data will be reset at reboot
C:\Users\Ajay Kumar\AppData\Local\Comodo\Dragon\User Data\Default\Web Data-journal will be reset at reboot
C:\Users\Ajay Kumar\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
C:\Users\Ajay Kumar\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal was reset successfully
C:\Users\Ajay Kumar\AppData\Local\Yandex\YandexBrowser\User Data\Default\Web Data was reset successfully
 
==== Deleting Registry Keys ======================
 
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{A71C03AF-9DBD-4C9A-BEC3-AD9C08508A2D}_is1 deleted successfully
 
==== Empty IE Cache ======================
 
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Ajay Kumar\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\Ajay Kumar\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\Ajay Kumar\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\Users\Ajay Kumar\AppData\Local\Microsoft\Windows\INetCache\Low\IE emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
 
==== Empty FireFox Cache ======================
 
C:\Users\Ajay Kumar\AppData\Roaming\Mozilla\Firefox\Profiles\16o116t2.default\storage\default\https+++twitter.com\cache emptied successfully
 
==== Empty Chrome Cache ======================
 
C:\Users\Ajay Kumar\AppData\Local\Comodo\Dragon\User Data\Default\Cache will be emptied at reboot
C:\Users\Ajay Kumar\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
C:\Users\Ajay Kumar\AppData\Local\Yandex\YandexBrowser\User Data\Default\Cache emptied successfully
 
==== Empty All Flash Cache ======================
 
Flash Cache Emptied Successfully
 
==== Empty All Java Cache ======================
 
Java Cache cleared successfully
 
==== C:\zoek_backup content ======================
 
C:\zoek_backup (files=3 folders=5 1778 bytes)
 
==== Empty Temp Folders ======================
 
C:\Users\Ajay Kumar\AppData\Local\Temp will be emptied at reboot
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot


#6 ajay1998A

ajay1998A
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:08:40 PM

Posted 20 July 2017 - 10:21 AM

Thanks sir, after running this zoek, chrome appeared just like new install and the problem has solved i think so :) but only some extensions are lost. Thanks By The Way, If any clean up process is to be done furthur, i am ready to do so.



#7 satchfan

satchfan

  • Malware Response Team
  • 2,858 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:04:10 PM

Posted 20 July 2017 - 11:07 AM

We’re not finished yet. :)

Those programs will have cleared up some mess but not all, so I need another look.

Run Farbar Recovery Scan Tool

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • press Scan button
  • it will produce a log called Frst.txt in the same directory the tool is run from
  • please copy and paste log back here.
  • the first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the Frst.txt into your reply.

Logs to include with next post:

Frst.txt
Addition.txt


Thanks

Satchfan


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#8 ajay1998A

ajay1998A
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:08:40 PM

Posted 21 July 2017 - 10:00 AM

Frst.txt : 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 18-07-2017
Ran by Ajay (administrator) on AJAY (21-07-2017 20:28:29)
Running from D:\Programs
Loaded Profiles: Ajay (Available Profiles: Ajay)
Platform: Windows 8.1 Pro (Update) (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
(Microsoft Corp.) C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe
(Comodo) C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe
(Intel) C:\Program Files (x86)\Intel Driver Update Utility\DSAService.exe
() C:\Program Files\Intel\SUR\QUEENCREEK\esrv_svc.exe
() C:\Program Files (x86)\NordVPN\nordvpn-service.exe
(Microsoft) C:\Program Files\Softland\novaPDF 8\Server\novapdfs.exe
() C:\Program Files\Intel Driver Update Utility\SUR\SurSvc.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(AVAST Software s.r.o.) C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Intel) C:\Program Files (x86)\Intel Driver Update Utility\DSATray.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
() C:\Program Files\Intel\SUR\QUEENCREEK\esrv.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.1.362.0\SeaPort.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office15\WINWORD.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IDMan.exe
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [213832 2017-07-19] (AVAST Software)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [3146704 2017-05-09] (Malwarebytes)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-09-22] (Oracle Corporation)
HKLM-x32\...\Run: [vmware-tray.exe] => C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe [112200 2016-10-21] (VMware, Inc.)
HKLM-x32\...\Run: [BingDesktop] => C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe [2368736 2014-06-03] (Microsoft Corp.)
HKLM-x32\...\Run: [DSATray] => C:\Program Files (x86)\Intel Driver Update Utility\DsaTray.exe [132856 2017-05-18] (Intel)
HKU\S-1-5-21-2495111236-882408921-4290804203-1001\...\Run: [IDMan] => C:\Program Files (x86)\Internet Download Manager\IDMan.exe [3948600 2016-06-30] (Tonec Inc.)
HKU\S-1-5-21-2495111236-882408921-4290804203-1001\...\Run: [Spotify Web Helper] => C:\Users\Ajay Kumar\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1560176 2017-06-09] (Spotify Ltd)
HKU\S-1-5-21-2495111236-882408921-4290804203-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9803992 2017-06-13] (Piriform Ltd)
HKU\S-1-5-21-2495111236-882408921-4290804203-1001\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-18\...\Run: [] => [X]
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\..\Interfaces\{2A029EFB-31AC-4CB8-9658-6A8B48866411}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{2A029EFB-31AC-4CB8-9658-6A8B48866411}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{3D5ABE48-67EA-4614-83AF-51648A79C2DF}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{517DF602-A0BC-44CC-AD50-4BCF0CE20BB6}: [DhcpNameServer] 8.8.8.8
Tcpip\..\Interfaces\{604A8EE8-89FB-43A9-8218-3D612F86DB23}: [DhcpNameServer] 78.46.223.24 162.242.211.137
 
Internet Explorer:
==================
HKU\S-1-5-21-2495111236-882408921-4290804203-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/en-in/?ocid=iehp
SearchScopes: HKU\S-1-5-21-2495111236-882408921-4290804203-1001 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll [2015-12-08] (Internet Download Manager, Tonec Inc.)
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2016-07-19] (Microsoft Corporation)
BHO: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll [2016-06-30] (Siber Systems Inc.)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2017-06-26] (AVAST Software)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2016-07-12] (Microsoft Corporation)
BHO-x32: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll [2015-12-08] (Internet Download Manager, Tonec Inc.)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2016-07-19] (Microsoft Corporation)
BHO-x32: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll [2016-06-30] (Siber Systems Inc.)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\ssv.dll [2016-10-25] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2017-06-26] (AVAST Software)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2016-07-12] (Microsoft Corporation)
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\7.1.362.0\BingExt.dll [2012-02-13] (Microsoft Corporation.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\jp2ssv.dll [2016-10-25] (Oracle Corporation)
Toolbar: HKLM - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll [2016-06-30] (Siber Systems Inc.)
Toolbar: HKLM-x32 - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll [2016-06-30] (Siber Systems Inc.)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2016-05-17] (Microsoft Corporation)
 
FireFox:
========
FF DefaultProfile: 16o116t2.default
FF ProfilePath: C:\Users\Ajay Kumar\AppData\Roaming\Mozilla\Firefox\Profiles\16o116t2.default [2017-07-21]
FF Extension: (myRailinfo IRCTC Tatkal Ticket Autofill) - C:\Users\Ajay Kumar\AppData\Roaming\Mozilla\Firefox\Profiles\16o116t2.default\Extensions\jid2-l8SPBzHJWBIiHQ@jetpack.xpi [2017-07-19]
FF Extension: (Avast SafePrice) - C:\Users\Ajay Kumar\AppData\Roaming\Mozilla\Firefox\Profiles\16o116t2.default\Extensions\sp@avast.com.xpi [2017-06-05]
FF Extension: (Avast Online Security) - C:\Users\Ajay Kumar\AppData\Roaming\Mozilla\Firefox\Profiles\16o116t2.default\Extensions\wrc@avast.com.xpi [2017-06-05]
FF Extension: (SEOquake) - C:\Users\Ajay Kumar\AppData\Roaming\Mozilla\Firefox\Profiles\16o116t2.default\Extensions\{317B5128-0B0B-49b2-B2DB-1E7560E16C74}.xpi [2017-05-31]
FF Extension: (iMacros for Firefox) - C:\Users\Ajay Kumar\AppData\Roaming\Mozilla\Firefox\Profiles\16o116t2.default\Extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}.xpi [2016-11-13]
FF Extension: (Adblock Plus) - C:\Users\Ajay Kumar\AppData\Roaming\Mozilla\Firefox\Profiles\16o116t2.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2017-06-11]
FF HKLM-x32\...\Firefox\Extensions: [{22119944-ED35-4ab1-910B-E619EA06A115}] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox\roboform.xpi
FF Extension: (RoboForm Toolbar) - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox\roboform.xpi [2016-06-30]
FF HKU\S-1-5-21-2495111236-882408921-4290804203-1001\...\Firefox\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi
FF Extension: (IDM integration) - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi [2016-06-08]
FF HKU\S-1-5-21-2495111236-882408921-4290804203-1001\...\Firefox\Extensions: [{22119944-ED35-4ab1-910B-E619EA06A115}] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox\roboform.xpi
FF HKU\S-1-5-21-2495111236-882408921-4290804203-1001\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\Ajay Kumar\AppData\Roaming\IDM\idmmzcc5
FF Extension: (IDM CC) - C:\Users\Ajay Kumar\AppData\Roaming\IDM\idmmzcc5 [2017-07-21] [not signed]
FF HKU\S-1-5-21-2495111236-882408921-4290804203-1001\...\SeaMonkey\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_26_0_0_137.dll [2017-07-11] ()
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_26_0_0_137.dll [2017-07-11] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\dtplugin\npDeployJava1.dll [2016-10-25] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\plugin2\npjp2.dll [2016-10-25] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-07-19] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-22] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-04-05] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2495111236-882408921-4290804203-1001: @citrixonline.com/appdetectorplugin -> C:\Users\Ajay Kumar\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2017-06-12] (Citrix Online)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2016-07-19] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2017-04-05] (Adobe Systems Inc.)
 
Chrome: 
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> msn.com
CHR Profile: C:\Users\Ajay Kumar\AppData\Local\Google\Chrome\User Data\Default [2017-07-21]
CHR Extension: (Google Slides) - C:\Users\Ajay Kumar\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-07-20]
CHR Extension: (Google Docs) - C:\Users\Ajay Kumar\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-07-20]
CHR Extension: (Google Drive) - C:\Users\Ajay Kumar\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-07-20]
CHR Extension: (YouTube) - C:\Users\Ajay Kumar\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-07-20]
CHR Extension: (Adobe Acrobat) - C:\Users\Ajay Kumar\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-07-20]
CHR Extension: (Avast SafePrice) - C:\Users\Ajay Kumar\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2017-07-20]
CHR Extension: (Google Sheets) - C:\Users\Ajay Kumar\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-07-20]
CHR Extension: (Google Docs Offline) - C:\Users\Ajay Kumar\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-07-20]
CHR Extension: (AdBlock) - C:\Users\Ajay Kumar\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2017-07-20]
CHR Extension: (Avast Online Security) - C:\Users\Ajay Kumar\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2017-07-20]
CHR Extension: (IDM Integration Module) - C:\Users\Ajay Kumar\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngpampappnmepgilojfohadhhmbhlaek [2017-07-20]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Ajay Kumar\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-07-20]
CHR Extension: (Gmail) - C:\Users\Ajay Kumar\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-07-20]
CHR Extension: (Chrome Media Router) - C:\Users\Ajay Kumar\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-07-20]
CHR Extension: (RoboForm Password Manager) - C:\Users\Ajay Kumar\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnlccmojcmeohlpggmfnbbiapkmbliob [2017-07-20]
CHR Profile: C:\Users\Ajay Kumar\AppData\Local\Google\Chrome\User Data\Guest Profile [2017-07-21]
CHR Profile: C:\Users\Ajay Kumar\AppData\Local\Google\Chrome\User Data\System Profile [2017-07-21]
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2016-06-09]
CHR HKLM\...\Chrome\Extension: [pnlccmojcmeohlpggmfnbbiapkmbliob] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Chrome\rf-chrome.crx [2016-06-30]
CHR HKU\S-1-5-21-2495111236-882408921-4290804203-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fkkcgfbgohboipdhliafmacjnhjbhmim] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2016-06-09]
CHR HKLM-x32\...\Chrome\Extension: [pnlccmojcmeohlpggmfnbbiapkmbliob] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Chrome\rf-chrome.crx [2016-06-30]
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7430992 2017-07-19] (AVAST Software s.r.o.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [263312 2017-07-19] (AVAST Software)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [311592 2017-07-19] (AVAST Software)
R2 BingDesktopUpdate; C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [173792 2014-06-03] (Microsoft Corp.)
R2 DragonUpdater; C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe [2273432 2017-04-28] (Comodo)
R2 DSAService; C:\Program Files (x86)\Intel Driver Update Utility\DSAService.exe [21240 2017-05-18] (Intel)
R2 ESRV_SVC_QUEENCREEK; C:\Program Files\Intel\SUR\QUEENCREEK\esrv_svc.exe [824592 2017-03-07] ()
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4470736 2017-05-09] (Malwarebytes)
R2 nordvpn-service; C:\Program Files (x86)\NordVPN\nordvpn-service.exe [416432 2017-06-20] ()
R2 NovaPdfServer; C:\Program Files\Softland\novaPDF 8\Server\novapdfs.exe [51112 2016-06-17] (Microsoft)
R2 SystemUsageReportSvc_QUEENCREEK; C:\Program Files\Intel Driver Update Utility\SUR\SurSvc.exe [157456 2017-03-07] ()
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [10885360 2017-05-31] (TeamViewer GmbH)
S2 USER_ESRV_SVC_QUEENCREEK; C:\Program Files\Intel\SUR\QUEENCREEK\esrv_svc.exe [824592 2017-03-07] ()
S2 VMwareHostd; C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe [12472904 2016-10-21] ()
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [346872 2013-08-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23840 2013-08-22] (Microsoft Corporation)
S2 WiseBootAssistant; C:\Program Files (x86)\Wise\Wise Care 365\BootTime.exe [579832 2016-01-19] (WiseCleaner.com) [File not signed]
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 aswbidsdriver; C:\Windows\system32\drivers\aswbidsdrivera.sys [320008 2017-07-19] (AVAST Software s.r.o.)
R0 aswbidsh; C:\Windows\system32\drivers\aswbidsha.sys [198976 2017-07-19] (AVAST Software s.r.o.)
R0 aswblog; C:\Windows\system32\drivers\aswbloga.sys [343288 2017-07-19] (AVAST Software s.r.o.)
R0 aswbuniv; C:\Windows\system32\drivers\aswbuniva.sys [57728 2017-07-19] (AVAST Software s.r.o.)
S3 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [46984 2017-06-26] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [41800 2017-06-26] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [146696 2017-07-19] (AVAST Software)
R1 aswNetSec; C:\Windows\system32\drivers\aswNetSec.sys [554528 2017-06-26] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [110352 2017-06-26] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\drivers\aswRvrt.sys [84392 2017-06-26] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1015848 2017-06-26] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [585608 2017-06-26] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [198768 2017-06-26] (AVAST Software)
S3 aswTap; C:\Windows\system32\DRIVERS\aswTap.sys [53904 2017-03-01] (The OpenVPN Project)
R0 aswVmm; C:\Windows\system32\drivers\aswVmm.sys [361336 2017-06-30] (AVAST Software)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [77376 2017-07-18] ()
R2 MBAMChameleon; C:\Windows\system32\drivers\MBAMChameleon.sys [188352 2017-07-21] (Malwarebytes)
R3 MBAMFarflt; C:\Windows\system32\drivers\farflt.sys [101784 2017-07-21] (Malwarebytes)
R3 MBAMProtection; C:\Windows\system32\drivers\mbam.sys [45472 2017-07-21] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [253856 2017-07-21] (Malwarebytes)
R3 MBAMWebProtection; C:\Windows\system32\drivers\mwac.sys [93600 2017-07-21] (Malwarebytes)
R0 pwdrvio; C:\Windows\System32\pwdrvio.sys [19152 2013-09-30] ()
S3 pwdspio; C:\Windows\system32\pwdspio.sys [12504 2013-09-30] ()
S3 RimVSerPort; C:\Windows\system32\DRIVERS\RimSerial_AMD64.sys [44544 2012-12-10] (Research in Motion Ltd)
S3 RTL8023x64; C:\Windows\system32\DRIVERS\Rtnic64.sys [51712 2013-06-18] (Realtek Semiconductor Corporation                           )
R3 semav6msr64; C:\Windows\system32\drivers\semav6msr64.sys [21984 2016-10-18] ()
R3 taphss6; C:\Windows\system32\DRIVERS\taphss6.sys [42064 2016-04-19] (Anchorfree Inc.)
R3 tapnordvpn; C:\Windows\system32\DRIVERS\tapnordvpn.sys [75088 2017-03-29] (The OpenVPN Project)
S1 VBoxNetAdp; C:\Windows\system32\DRIVERS\VBoxNetAdp6.sys [121824 2016-07-21] (Oracle Corporation)
R0 vsock; C:\Windows\system32\DRIVERS\vsock.sys [91712 2016-09-30] (VMware, Inc.)
R2 vstor2-mntapi20-shared; C:\Windows\SysWow64\drivers\vstor2-mntapi20-shared.sys [34520 2015-07-09] (VMware, Inc.)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [34760 2013-08-22] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [265056 2013-08-22] (Microsoft Corporation)
S3 wdm_usb; C:\Windows\system32\DRIVERS\usb2ser.sys [159936 2016-08-16] (MBB)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [124256 2013-08-22] (Microsoft Corporation)
S3 WiseHDInfo; C:\Windows\WiseHDInfo64.dll [14800 2016-11-16] (wisecleaner.com) [File not signed]
S3 WiseRegNotify; C:\Windows\WiseRegNotify.sys [29616 2016-07-09] (WiseCleaner.com) [File not signed]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-07-21 20:14 - 2017-07-21 20:14 - 00047078 _____ C:\Users\Ajay Kumar\Desktop\basic 1.pdf
2017-07-21 19:30 - 2017-07-21 19:30 - 00002426 _____ C:\Windows\system32\default_error_stack-000000-000000.txt
2017-07-20 22:39 - 2017-07-20 22:39 - 00907946 _____ C:\Users\Ajay Kumar\Downloads\AVIAddXSub.zip
2017-07-20 22:22 - 2013-12-02 21:28 - 00039626 ____N C:\Users\Ajay Kumar\Downloads\wrong-turn-yify-english.srt
2017-07-20 21:37 - 2017-07-20 21:37 - 00000859 _____ C:\Users\Ajay Kumar\Downloads\Comodo_Internet_Security_2017_Crack_License_Key.zip
2017-07-20 21:07 - 2017-07-20 21:07 - 00000000 ____D C:\Users\Ajay Kumar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Advanced BAT to EXE Converter v4.09
2017-07-20 21:07 - 2017-07-20 21:07 - 00000000 ____D C:\ProgramData\IDM
2017-07-20 21:07 - 2017-07-20 21:07 - 00000000 ____D C:\Program Files (x86)\Advanced BAT to EXE Converter v4.09
2017-07-20 21:04 - 2017-07-20 21:04 - 00000000 ____D C:\Users\Ajay Kumar\AppData\Roaming\livestreamer
2017-07-20 20:33 - 2017-07-20 20:36 - 00000000 ____D C:\Users\Ajay Kumar\Downloads\Wrong Turn UNRATED (2003)
2017-07-20 20:14 - 2017-07-20 20:29 - 00000000 ____D C:\zoek
2017-07-19 22:45 - 2017-07-20 20:16 - 00000000 ____D C:\zoek_backup
2017-07-19 22:24 - 2017-07-21 20:26 - 00021696 _____ C:\Windows\ntbtlog.txt
2017-07-19 07:48 - 2017-07-19 07:48 - 00400464 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2017-07-19 07:47 - 2017-07-19 07:47 - 00343288 ____C (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbloga.sys
2017-07-18 21:48 - 2017-07-18 21:49 - 20609536 _____ (Adobe Systems Incorporated) C:\Users\Ajay Kumar\Downloads\install_flash_player_ppapi (1).exe
2017-07-18 21:47 - 2017-07-18 21:47 - 00004464 _____ C:\Windows\System32\Tasks\Adobe Flash Player PPAPI Notifier
2017-07-18 21:46 - 2017-07-18 21:47 - 20609536 _____ (Adobe Systems Incorporated) C:\Users\Ajay Kumar\Downloads\install_flash_player_ppapi.exe
2017-07-18 20:51 - 2017-07-18 20:51 - 00018287 _____ C:\Users\Ajay Kumar\Downloads\Independence Day- Resurgence (2016) [720p] [YTS.PE].torrent
2017-07-18 20:19 - 2017-07-18 20:19 - 00000000 ____D C:\Program Files (x86)\Comodo
2017-07-18 20:11 - 2017-07-18 20:11 - 00002126 _____ C:\Users\Public\Desktop\Comodo Dragon.lnk
2017-07-18 20:11 - 2017-07-18 20:11 - 00000000 ____D C:\Users\Ajay Kumar\AppData\Local\Comodo
2017-07-18 20:11 - 2017-07-18 20:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Comodo
2017-07-18 20:10 - 2017-07-18 20:10 - 01060864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc71.dll
2017-07-18 20:10 - 2017-07-18 20:10 - 00348160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr71.dll
2017-07-18 20:07 - 2017-07-18 20:09 - 69135768 _____ (Comodo) C:\Users\Ajay Kumar\Downloads\dragonsetup.exe
2017-07-18 20:07 - 2017-07-18 20:07 - 00000000 ____D C:\Users\Ajay Kumar\AppData\LocalLow\Yandex
2017-07-18 20:05 - 2017-07-18 20:06 - 00000000 ____D C:\Users\Ajay Kumar\AppData\Local\Yandex
2017-07-18 20:01 - 2017-07-18 20:05 - 00000000 ____D C:\Program Files (x86)\Safer Technologies
2017-07-18 20:01 - 2017-07-18 20:01 - 00000000 ____D C:\ProgramData\Safer Technologies
2017-07-18 19:52 - 2017-07-18 19:52 - 00001661 _____ C:\Users\Ajay Kumar\Desktop\JRT.txt
2017-07-18 19:39 - 2017-07-18 19:39 - 00000000 ____D C:\ProgramData\SWCUTemp
2017-07-18 19:37 - 2017-07-18 19:37 - 01790024 _____ (Malwarebytes) C:\Users\Ajay Kumar\Downloads\JRT.exe
2017-07-18 19:28 - 2017-07-18 19:30 - 00000000 ____D C:\AdwCleaner
2017-07-18 19:27 - 2017-07-18 19:27 - 08162248 _____ (Malwarebytes) C:\Users\Ajay Kumar\Downloads\adwcleaner_7.0.0.0.exe
2017-07-18 19:20 - 2017-03-23 10:04 - 03547136 _____ C:\Windows\system32\pwNative.exe
2017-07-18 19:20 - 2013-09-30 16:26 - 00019152 _____ C:\Windows\system32\pwdrvio.sys
2017-07-18 19:20 - 2013-09-30 16:26 - 00012504 _____ C:\Windows\system32\pwdspio.sys
2017-07-18 19:19 - 2017-07-18 19:19 - 46932040 _____ (MiniTool Solution Ltd. ) C:\Users\Ajay Kumar\Downloads\pw10-free.exe
2017-07-18 17:00 - 2017-04-19 13:35 - 00095656 _____ (Microsoft Corporation) C:\Windows\system32\vcruntime140.dll
2017-07-18 16:59 - 2017-07-18 16:59 - 00053272 _____ C:\Users\Ajay Kumar\Downloads\vcruntime140.zip
2017-07-18 16:58 - 2017-07-18 05:27 - 00639808 _____ (Microsoft Corporation) C:\Windows\system32\msvcp140.dll
2017-07-18 16:57 - 2017-07-18 16:57 - 00206216 _____ C:\Users\Ajay Kumar\Downloads\msvcp140.zip
2017-07-18 16:56 - 2017-07-18 16:56 - 02786824 _____ (DLL-Files.com Client ) C:\Users\Ajay Kumar\Downloads\clientsetup_d-0.exe
2017-07-18 16:29 - 2017-07-18 16:30 - 00045603 _____ C:\Users\Ajay Kumar\Downloads\Addition.txt
2017-07-18 16:28 - 2017-07-21 20:28 - 00000000 ____D C:\FRST
2017-07-18 16:28 - 2017-07-18 16:30 - 00046693 _____ C:\Users\Ajay Kumar\Downloads\FRST.txt
2017-07-18 16:27 - 2017-07-18 16:27 - 02435584 _____ (Farbar) C:\Users\Ajay Kumar\Downloads\FRST64.exe
2017-07-18 16:13 - 2017-07-18 16:13 - 00000000 ____D C:\Windows\pss
2017-07-18 14:45 - 2017-07-18 14:45 - 00717400 _____ C:\Windows\system32\FNTCACHE.DAT
2017-07-18 14:22 - 2017-07-18 14:22 - 00002574 _____ C:\Windows\system32\.crusader
2017-07-18 13:28 - 2017-07-18 14:22 - 00000000 ____D C:\ProgramData\HitmanPro
2017-07-18 13:26 - 2017-07-18 13:33 - 00001624 _____ C:\Users\Ajay Kumar\Desktop\Rkill.txt
2017-07-18 13:09 - 2017-07-21 19:35 - 00093600 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2017-07-18 13:09 - 2017-07-21 19:31 - 00253856 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-07-18 13:09 - 2017-07-21 19:31 - 00101784 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2017-07-18 13:09 - 2017-07-21 19:31 - 00045472 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2017-07-18 13:09 - 2017-07-21 09:18 - 00188352 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMChameleon.sys
2017-07-18 13:09 - 2017-07-18 13:12 - 00077376 _____ C:\Windows\system32\Drivers\mbae64.sys
2017-07-18 13:09 - 2017-07-18 13:09 - 00001883 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-07-18 13:09 - 2017-07-18 13:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-07-18 13:08 - 2017-07-18 13:08 - 00000000 ____D C:\Program Files\Malwarebytes
2017-07-18 12:38 - 2017-07-18 12:38 - 00000004 _____ C:\ProgramData\_lg.3sap
2017-07-17 11:45 - 2017-07-17 11:45 - 00000000 ____D C:\Users\Ajay Kumar\Documents\EA Games
2017-07-17 11:35 - 2017-07-17 11:35 - 00000000 ____D C:\Windows\SysWOW64\AGEIA
2017-07-17 11:35 - 2017-07-17 11:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AGEIA
2017-07-17 11:35 - 2017-07-17 11:35 - 00000000 ____D C:\Program Files (x86)\AGEIA Technologies
2017-07-16 21:29 - 2017-07-16 21:29 - 00003084 _____ C:\Windows\System32\Tasks\{0B2CB605-DA63-4EB5-92C9-ABA649CDFAFF}
2017-07-16 21:13 - 2004-12-10 21:50 - 00000000 ____D C:\Users\Ajay Kumar\AppData\Roaming\images
2017-07-16 21:08 - 2017-07-16 21:08 - 00000000 ____D C:\Users\Ajay Kumar\AppData\Local\Activision
2017-07-16 20:05 - 2017-07-16 20:05 - 00013292 _____ C:\Users\Ajay Kumar\Downloads\498FE29CDE1018A2F6E94233E8AF617C542647A8 (1).torrent
2017-07-16 20:00 - 2017-07-16 20:00 - 00036111 _____ C:\Users\Ajay Kumar\Downloads\Call Of Duty World At War-RELOADED-[rarbg.to].torrent
2017-07-16 19:59 - 2017-07-16 19:59 - 00016698 _____ C:\Users\Ajay Kumar\Downloads\Call.Of.Duty.World.At.War - RELOADED.torrent
2017-07-14 21:22 - 2017-07-14 21:22 - 03798282 _____ C:\Users\Ajay Kumar\Downloads\113k+.txt
2017-07-13 22:37 - 2017-07-13 22:37 - 00026855 _____ C:\Users\Ajay Kumar\Downloads\The Belko Experiment (2016) [720p] [YTS.AG].torrent
2017-07-10 20:16 - 2017-07-10 20:16 - 60833124 _____ C:\Users\Ajay Kumar\Downloads\google-chrome-stable_current_amd64.deb
2017-07-10 07:44 - 2017-07-10 07:44 - 00000000 ____D C:\Users\Ajay Kumar\AppData\Local\GoToMeeting
2017-07-09 20:41 - 2017-07-20 23:27 - 00000000 ____D C:\Users\Ajay Kumar\AppData\Roaming\uTorrent
2017-07-08 13:46 - 2017-07-08 13:46 - 00044936 _____ C:\Users\Ajay Kumar\genymotion-log.zip
2017-07-08 13:45 - 2017-07-09 12:48 - 00000000 ____D C:\Users\Ajay Kumar\AppData\Local\Genymobile
2017-07-07 21:46 - 2017-07-07 21:46 - 00000000 ____D C:\Users\Ajay Kumar\AppData\Local\SmartFTP
2017-07-07 21:42 - 2017-07-07 21:42 - 00000000 ____D C:\Windows\System32\Tasks\SmartFTP
2017-07-07 21:40 - 2017-07-07 21:40 - 00000000 ____D C:\Users\Ajay Kumar\AppData\Roaming\SmartFTP
2017-07-07 21:40 - 2017-07-07 21:40 - 00000000 ____D C:\ProgramData\regid.2006-08.com.smartftp
2017-07-07 21:40 - 2017-07-07 21:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SmartFTP Client
2017-07-07 21:40 - 2017-07-07 21:40 - 00000000 ____D C:\Program Files\SmartFTP Client
2017-07-07 20:02 - 2017-07-07 20:02 - 00098357 _____ C:\Users\Ajay Kumar\Desktop\college fees.pdf
2017-07-07 19:58 - 2017-07-07 19:58 - 00098236 _____ C:\Users\Ajay Kumar\Desktop\bus fees.pdf
2017-07-05 19:44 - 2017-07-05 19:45 - 02712821 _____ C:\Users\Ajay Kumar\Downloads\158k+.txt
2017-07-03 20:20 - 2017-07-03 20:21 - 03156216 _____ C:\Users\Ajay Kumar\Downloads\92k+.txt
2017-07-03 19:58 - 2017-07-03 19:58 - 00000000 ____D C:\Users\Ajay Kumar\AppData\Roaming\Macromedia
2017-07-02 14:10 - 2017-07-02 14:10 - 04594648 _____ C:\Users\Ajay Kumar\Downloads\156k+.txt
2017-07-01 20:20 - 2017-07-01 20:20 - 00000000 ____D C:\Users\Ajay Kumar\AppData\Local\Chromium
2017-07-01 20:19 - 2017-07-01 20:19 - 03299313 _____ C:\Users\Ajay Kumar\Downloads\96k+.txt
2017-06-30 13:35 - 2017-06-30 13:35 - 04069418 _____ C:\Users\Ajay Kumar\Downloads\132k+.txt
2017-06-30 13:15 - 2017-06-30 13:15 - 03112230 _____ C:\Users\Ajay Kumar\Downloads\104k+.txt
2017-06-30 10:55 - 2017-06-30 10:56 - 03223818 _____ C:\Users\Ajay Kumar\Downloads\114k+.txt
2017-06-26 12:22 - 2017-06-26 12:22 - 02042795 _____ C:\Users\Ajay Kumar\Downloads\60k+ High Quality Yahoo Email Combo List HQ.txt
2017-06-26 12:20 - 2017-06-26 12:20 - 06054230 _____ C:\Users\Ajay Kumar\Downloads\178k+ HQ Combo (IPTV, Spotify, Hulu, Minecraft, Steam, Netflix, Origin, WWE).txt
2017-06-25 13:20 - 2017-06-25 13:20 - 01371529 _____ C:\Users\Ajay Kumar\Downloads\47+ Twitter UserPass Combo List.txt
2017-06-24 10:25 - 2017-06-24 10:25 - 00000000 ____D C:\Users\Ajay Kumar\Downloads\SLAYER Leecher
2017-06-24 10:00 - 2017-07-04 20:32 - 00000000 ____D C:\Users\Ajay Kumar\AppData\Local\SLAYER_Combo_Searcher_v_0
2017-06-24 09:59 - 2017-06-24 09:59 - 00778823 _____ C:\Users\Ajay Kumar\Downloads\SLAYER Leecher.rar
2017-06-24 09:55 - 2017-07-15 20:26 - 00000000 ____D C:\Program Files (x86)\Intel Driver Update Utility
2017-06-24 09:55 - 2017-06-24 09:55 - 00003210 _____ C:\Windows\System32\Tasks\USER_ESRV_SVC_QUEENCREEK
2017-06-24 09:55 - 2017-06-24 09:55 - 00000000 ____D C:\Windows\System32\Tasks\Intel
2017-06-24 09:55 - 2017-06-24 09:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel Driver Update Utility
2017-06-24 09:55 - 2017-06-24 09:55 - 00000000 ____D C:\ProgramData\Intel
2017-06-24 09:55 - 2016-10-18 17:14 - 00021984 _____ C:\Windows\system32\Drivers\semav6msr64.sys
2017-06-24 09:54 - 2017-06-24 09:55 - 00000000 ____D C:\Program Files\Intel
2017-06-24 09:54 - 2017-06-24 09:54 - 00000000 ____D C:\Program Files\Intel Driver Update Utility
2017-06-24 09:50 - 2017-06-24 09:50 - 00000000 ____D C:\Users\Ajay Kumar\AppData\Local\realtech_VR
2017-06-24 09:48 - 2017-06-24 09:48 - 00000000 ____D C:\ProgramData\realtech VR
2017-06-21 20:54 - 2017-06-21 20:54 - 18650636 _____ C:\Users\Ajay Kumar\Downloads\chemistry unit-2.pdf
2017-06-21 20:54 - 2017-06-21 20:54 - 18642611 _____ C:\Users\Ajay Kumar\Downloads\polymers chem.pdf
2017-06-21 20:52 - 2017-06-21 20:52 - 16503875 _____ C:\Users\Ajay Kumar\Downloads\unit 5 Engg chem-1.pdf
2017-06-21 20:52 - 2017-06-21 20:52 - 14786932 _____ C:\Users\Ajay Kumar\Downloads\chemistry unit 1.pdf
2017-06-21 20:52 - 2017-06-21 20:52 - 12391837 _____ C:\Users\Ajay Kumar\Downloads\corrosion chem_1492701384853.pdf
2017-06-21 20:31 - 2017-06-21 20:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NordVPN
2017-06-21 20:31 - 2017-06-21 20:31 - 00000000 ____D C:\Program Files (x86)\NordVPN
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-07-21 20:21 - 2017-06-12 08:48 - 00000562 _____ C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-2495111236-882408921-4290804203-1001.job
2017-07-21 19:32 - 2016-06-30 21:29 - 00000000 ____D C:\Users\Ajay Kumar
2017-07-21 19:31 - 2013-08-22 19:06 - 00000000 ____D C:\Windows\Inf
2017-07-21 19:30 - 2017-03-21 20:16 - 00000008 __RSH C:\ProgramData\ntuser.pol
2017-07-21 19:30 - 2016-10-30 16:31 - 00000000 ____D C:\ProgramData\VMware
2017-07-21 19:30 - 2013-08-22 20:15 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-07-21 11:09 - 2017-06-12 08:48 - 00000658 _____ C:\Windows\Tasks\G2MUploadTask-S-1-5-21-2495111236-882408921-4290804203-1001.job
2017-07-20 23:27 - 2016-06-30 22:38 - 00000000 ____D C:\Users\Ajay Kumar\AppData\Roaming\DMCache
2017-07-20 22:55 - 2016-07-07 19:37 - 00000000 ____D C:\Users\Ajay Kumar\AppData\Roaming\vlc
2017-07-20 21:51 - 2016-06-30 21:37 - 00003598 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2495111236-882408921-4290804203-1001
2017-07-20 21:25 - 2017-06-13 10:35 - 00000000 ____D C:\hotstarsportslivestreamer-master
2017-07-20 21:25 - 2016-06-30 21:30 - 00000000 ____D C:\Users\Ajay Kumar\AppData\Local\VirtualStore
2017-07-20 20:39 - 2013-08-22 21:06 - 00000000 ___HD C:\Program Files\WindowsApps
2017-07-20 20:39 - 2013-08-22 21:06 - 00000000 ____D C:\Windows\AppReadiness
2017-07-20 20:26 - 2016-07-03 05:55 - 00000000 ____D C:\Users\Ajay Kumar\AppData\LocalLow\Adobe
2017-07-20 20:26 - 2016-07-01 19:54 - 00000000 ____D C:\Users\Ajay Kumar\AppData\Local\Adobe
2017-07-20 20:26 - 2016-06-30 21:30 - 00000000 ____D C:\Users\Ajay Kumar\AppData\Roaming\Adobe
2017-07-20 09:31 - 2017-06-13 13:40 - 00091781 _____ C:\Users\Ajay Kumar\Documents\NETGEEKS DUES NEW (Autosaved).xlsx
2017-07-19 22:45 - 2016-06-30 22:38 - 00000000 ____D C:\Users\Ajay Kumar\AppData\Roaming\IDM
2017-07-19 20:02 - 2016-11-19 20:47 - 00000000 ____D C:\Users\Ajay Kumar\AppData\LocalLow\Mozilla
2017-07-19 20:02 - 2016-07-09 17:04 - 00000000 ____D C:\Program Files (x86)\Wise
2017-07-19 20:01 - 2017-04-28 11:45 - 00000000 ____D C:\Perl64
2017-07-19 19:53 - 2016-10-30 16:38 - 00000000 ____D C:\Users\Ajay Kumar\AppData\Roaming\VMware
2017-07-19 19:53 - 2016-10-30 16:38 - 00000000 ____D C:\Users\Ajay Kumar\AppData\Local\VMware
2017-07-19 19:48 - 2016-10-30 16:39 - 00000000 ____D C:\Users\Ajay Kumar\Documents\Virtual Machines
2017-07-19 07:49 - 2017-04-02 20:36 - 00003884 _____ C:\Windows\System32\Tasks\SafeZone scheduled Autoupdate 1488379810
2017-07-19 07:49 - 2017-03-01 20:20 - 00001059 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk
2017-07-19 07:49 - 2017-03-01 20:19 - 00146696 _____ (AVAST Software) C:\Windows\system32\Drivers\aswmonflt.sys
2017-07-19 07:48 - 2017-03-01 20:19 - 00146664 _____ (AVAST Software) C:\Windows\system32\Drivers\aswmonflt.sys.150043074714003
2017-07-19 07:48 - 2017-03-01 20:19 - 00003914 _____ C:\Windows\System32\Tasks\Avast Emergency Update
2017-07-19 07:47 - 2017-03-01 20:19 - 00320008 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbidsdrivera.sys
2017-07-19 07:47 - 2017-03-01 20:19 - 00198976 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbidsha.sys
2017-07-19 07:47 - 2017-03-01 20:19 - 00057728 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbuniva.sys
2017-07-18 21:47 - 2016-07-19 20:44 - 00004288 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2017-07-18 21:47 - 2013-08-22 21:06 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2017-07-18 21:47 - 2013-08-22 21:06 - 00000000 ____D C:\Windows\system32\Macromed
2017-07-18 20:44 - 2013-08-22 21:06 - 00000000 ___HD C:\Windows\system32\GroupPolicy
2017-07-18 20:44 - 2013-08-22 21:06 - 00000000 ____D C:\Windows\SysWOW64\GroupPolicy
2017-07-18 14:49 - 2016-08-07 21:04 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2017-07-18 14:49 - 2016-07-09 17:04 - 00000000 ____D C:\Users\Ajay Kumar\AppData\Roaming\Wise Care 365
2017-07-18 14:44 - 2013-08-22 18:55 - 00262144 ___SH C:\Windows\system32\config\BBI
2017-07-18 13:08 - 2016-06-30 22:04 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-07-18 12:49 - 2016-06-30 21:34 - 00000000 __RHD C:\MSOCache
2017-07-17 16:39 - 2016-08-02 09:38 - 00012284 _____ C:\Users\Ajay Kumar\Documents\MONTHLY SAVINGS.xlsx
2017-07-16 20:57 - 2016-07-24 14:06 - 00000000 ____D C:\Windows\SysWOW64\directx
2017-07-12 08:04 - 2013-08-22 21:06 - 00000000 ____D C:\Windows\LiveKernelReports
2017-07-10 07:44 - 2017-06-12 08:48 - 00003648 _____ C:\Windows\System32\Tasks\G2MUploadTask-S-1-5-21-2495111236-882408921-4290804203-1001
2017-07-10 07:44 - 2017-06-12 08:48 - 00003552 _____ C:\Windows\System32\Tasks\G2MUpdateTask-S-1-5-21-2495111236-882408921-4290804203-1001
2017-07-05 07:21 - 2017-04-14 10:51 - 00000983 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 12.lnk
2017-07-05 07:14 - 2016-12-16 19:54 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-07-05 07:14 - 2016-06-30 22:04 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-07-03 20:17 - 2017-06-09 21:07 - 00000000 ____D C:\Users\Ajay Kumar\AppData\Local\Spotify
2017-07-03 20:17 - 2017-06-09 21:06 - 00000000 ____D C:\Users\Ajay Kumar\AppData\Roaming\Spotify
2017-06-30 22:18 - 2017-03-01 20:19 - 00361336 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2017-06-30 15:29 - 2016-06-30 22:05 - 00002215 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-06-30 10:20 - 2016-09-26 01:23 - 00000000 ____D C:\Program Files (x86)\UCBrowser
2017-06-27 00:00 - 2017-03-30 20:31 - 00000000 ____D C:\Users\Ajay Kumar\AppData\Local\ElevatedDiagnostics
2017-06-27 00:00 - 2013-08-22 21:06 - 00000000 ____D C:\Windows\system32\NDF
2017-06-26 22:17 - 2017-03-01 20:19 - 01015848 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2017-06-26 22:17 - 2017-03-01 20:19 - 00585608 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2017-06-26 22:17 - 2017-03-01 20:19 - 00554528 _____ (AVAST Software) C:\Windows\system32\Drivers\aswNetSec.sys
2017-06-26 22:17 - 2017-03-01 20:19 - 00198768 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2017-06-26 22:17 - 2017-03-01 20:19 - 00110352 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2017-06-26 22:17 - 2017-03-01 20:19 - 00084392 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2017-06-26 22:17 - 2017-03-01 20:19 - 00046984 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2017-06-26 22:17 - 2017-03-01 20:19 - 00041800 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2017-06-26 21:39 - 2016-11-27 11:10 - 00000000 ___RD C:\Users\Ajay Kumar\Documents\MAGIX
2017-06-26 20:36 - 2016-07-08 20:56 - 00000000 ____D C:\Users\Ajay Kumar\Documents\Camtasia Studio
2017-06-24 10:26 - 2017-06-12 20:48 - 01292370 _____ C:\Users\Ajay Kumar\Documents\copmb.txt
2017-06-22 22:33 - 2017-06-12 08:48 - 00000000 ____D C:\Users\Ajay Kumar\AppData\Local\Citrix
2017-06-21 22:22 - 2016-06-30 22:22 - 00000000 ____D C:\Windows\Panther
2017-06-21 22:12 - 2017-06-06 19:19 - 00000000 ____D C:\Program Files\CCleaner
2017-06-21 20:31 - 2017-06-08 23:43 - 00001925 _____ C:\Users\Public\Desktop\NordVPN.lnk
2017-06-21 20:31 - 2017-06-08 23:42 - 00000000 ____D C:\Users\Ajay Kumar\AppData\Roaming\NordVPN
2017-06-21 20:28 - 2017-06-11 13:00 - 11360636 _____ C:\Users\Ajay Kumar\Documents\sss.txt
 
==================== Files in the root of some directories =======
 
2017-03-01 20:53 - 2017-03-01 20:53 - 0017408 _____ () C:\Users\Ajay Kumar\AppData\Local\WebpageIcons.db
2016-09-15 23:13 - 2016-09-15 23:13 - 0004932 _____ () C:\ProgramData\pgatahac.zmz
2017-07-18 12:38 - 2017-07-18 12:38 - 0000004 _____ () C:\ProgramData\_lg.3sap
 
Files to move or delete:
====================
C:\ProgramData\C__Program Files (x86)_RealHideIP_RealHideIP.exe
 
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2017-07-18 15:04
 
==================== End of FRST.txt ============================
 
Addition.txt :
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 18-07-2017
Ran by Ajay (21-07-2017 20:29:25)
Running from D:\Programs
Windows 8.1 Pro (Update) (X64) (2016-06-30 15:59:54)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-2495111236-882408921-4290804203-500 - Administrator - Disabled)
Ajay (S-1-5-21-2495111236-882408921-4290804203-1001 - Administrator - Enabled) => C:\Users\Ajay Kumar
Guest (S-1-5-21-2495111236-882408921-4290804203-501 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
FW: Avast Antivirus (Enabled) {B693136B-F6EE-DD1C-A0EF-229B8B0B29C4}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
. . (HKLM\...\{7565710A-C97D-44A4-A030-768957F9F2C1}) (Version: 7.1 - Intel) Hidden
. . . (HKLM-x32\...\{F3B4320C-C72B-46B3-96D7-0C38E37388B8}) (Version: 2.8.0.7 - Intel) Hidden
µTorrent (HKU\S-1-5-21-2495111236-882408921-4290804203-1001\...\uTorrent) (Version: 3.4.9.43295 - BitTorrent Inc.)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 17.009.20044 - Adobe Systems Incorporated)
Adobe Flash Player 26 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 26.0.0.137 - Adobe Systems Incorporated)
Adobe Flash Player 26 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 26.0.0.137 - Adobe Systems Incorporated)
Advanced BAT to EXE Converter v4.09 (HKLM-x32\...\Advanced BAT to EXE Converter v4.09) (Version:  - )
AGEIA PhysX v7.07.09 (HKLM-x32\...\{65F1CF63-31E0-450B-96F3-4A88BE7361A6}) (Version: 7.07.09 - AGEIA Technologies, Inc.)
Avast Premier (HKLM-x32\...\Avast Antivirus) (Version: 17.5.2303 - AVAST Software)
Bandisoft MPEG-1 Decoder (HKLM-x32\...\BandiMPEG1) (Version:  - Bandisoft.com)
Battlefield 2™ (HKLM-x32\...\{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}) (Version:  - )
BBSAK (HKLM-x32\...\{B23F12D4-17DE-453A-B1F4-55E501FE0EBF}) (Version: 1.9.2 - JMT Labs)
Bing Bar (HKLM-x32\...\{16793295-2366-40F7-A045-A3E42A81365E}) (Version: 7.1.362.0 - Microsoft Corporation)
Bing Desktop (HKLM-x32\...\{7D095455-D971-4D4C-9EFD-9AF6A6584F3A}) (Version: 1.3.470.0 - Microsoft Corporation)
CCleaner (HKLM\...\CCleaner) (Version: 5.31 - Piriform)
Comodo Dragon (HKLM-x32\...\Comodo Dragon) (Version: 57.0.2987.93 - Comodo)
doPDF (HKLM\...\{F64C9051-AF79-4416-9522-EDBE765F062C}) (Version: 8.6.942 - Softland) Hidden
doPDF 8 (HKLM-x32\...\{413fb852-4e7d-4e52-bcaa-6270ff9a9347}) (Version: 8.6.942 - Softland)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 59.0.3071.115 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
GoToMeeting 8.8.0.7297 (HKU\S-1-5-21-2495111236-882408921-4290804203-1001\...\GoToMeeting) (Version: 8.8.0.7297 - LogMeIn, Inc.)
HandBrake 1.0.3 (HKLM-x32\...\HandBrake) (Version: 1.0.3 - )
ImagePrinter Pro 6.1 (HKLM\...\ImagePrinter Pro 6.1_is1) (Version:  - Code Industry Ltd.)
Intel® Driver Update Utility (HKLM-x32\...\{b480f6cc-fa56-482b-b0a3-49d69a32db6d}) (Version: 2.8.0.7 - Intel)
Internet Download Manager (HKLM-x32\...\Internet Download Manager) (Version:  - Tonec Inc.)
Java 8 Update 101 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180101F0}) (Version: 8.0.1010.13 - Oracle Corporation)
Java 8 Update 111 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180111F0}) (Version: 8.0.1110.14 - Oracle Corporation)
Java 8 Update 91 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218091F0}) (Version: 8.0.910.15 - Oracle Corporation)
KMSpico v9.0.5.20131111 (HKLM\...\KMSpico_is1) (Version: 9.0.5.20131111 - )
MAGIX Movie Edit Pro 2016 Premium (HKLM\...\{0E64129B-4258-44B9-8034-464C6E28878D}) (Version: 15.0.0.73 - MAGIX Software GmbH) Hidden
MAGIX Movie Edit Pro 2016 Premium (HKLM\...\MX.{0E64129B-4258-44B9-8034-464C6E28878D}) (Version: 15.0.0.73 - MAGIX Software GmbH)
MAGIX Speed burnR (MSI) (HKLM\...\{EFF38464-ED43-451C-9117-F910728B3FF8}) (Version: 7.0.1.27 - MAGIX Software GmbH) Hidden
MAGIX Speed burnR (MSI) (HKLM-x32\...\MX.{EFF38464-ED43-451C-9117-F910728B3FF8}) (Version: 7.0.1.27 - MAGIX Software GmbH)
MAGIX Video deluxe 2016 Premium Update (HKLM\...\{AA6874A6-C7EB-42D5-B434-A86B75E00F32}) (Version: 15.0.0.77 - MAGIX Software GmbH) Hidden
Malwarebytes version 3.1.2.1733 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.1.2.1733 - Malwarebytes)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUSR) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Server Speech Platform Runtime (x86) (HKLM-x32\...\{22CB8ED7-DF57-4864-BD04-F63B9CE4B494}) (Version: 11.0.7400.345 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 54.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 54.0.1 (x86 en-US)) (Version: 54.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 54.0.1.6388 - Mozilla)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
NordVPN (HKLM-x32\...\{E3B2A8B4-D5F6-42D8-BE94-57ACC29EE70B}) (Version: 6.3.3 - NordVPN) Hidden
NordVPN (HKLM-x32\...\NordVPN 6.3.3) (Version: 6.3.3 - NordVPN)
novaPDF 8 add-in for Microsoft Office (x64) (HKLM\...\{A53F3DB0-ECBA-4CA0-A4AC-518FA7347A02}) (Version: 8.6.942 - Softland)
novaPDF 8 add-in for Microsoft Office (x86) (HKLM-x32\...\{A0B71772-5AC4-47D5-A175-99238C057B37}) (Version: 8.6.942 - Softland)
novaPDF 8 Printer Driver (HKLM\...\{1A9E9E77-B29B-47C6-ADEB-9E7D6F7A08CE}) (Version: 8.6.942 - Softland)
Outils de vérification linguistique 2013 de Microsoft Office - Français (HKLM\...\{90150000-001F-040C-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
PhishBait Maker 2.1.0 (HKLM-x32\...\PhishBait Maker 2.1.0) (Version:  - )
PowerISO (HKLM-x32\...\PowerISO) (Version: 6.8 - Power Software Ltd)
RoboForm 7-9-19-7 (All Users) (HKLM-x32\...\AI RoboForm) (Version: 7-9-19-7 - Siber Systems)
SafeZone Stable 3.55.2393.609 (HKLM-x32\...\SafeZone 3.55.2393.609) (Version: 3.55.2393.609 - Avast Software) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version:  - Microsoft)
Simple Port Tester (HKLM-x32\...\Simple Port Tester3.0.0) (Version: 3.0.0 - PcWinTech.com)
SmartFTP Client (HKLM\...\{73724E56-E50A-4DE0-B05A-DF50216E5B30}) (Version: 9.0.2456.0 - SmartSoft Ltd.)
Spotify (HKU\S-1-5-21-2495111236-882408921-4290804203-1001\...\Spotify) (Version: 1.0.56.451.gb2f539fc - Spotify AB)
TAP-NordVPN 9.21.2 (HKLM\...\TAP-NordVPN) (Version: 9.21.2 - NordVPN.com)
TeamViewer 12 (HKLM-x32\...\TeamViewer) (Version: 12.0.78716 - TeamViewer)
Turbo C++ 3.2 (HKLM-x32\...\{16FEECA3-A0BF-44ED-A894-C0E7B29FAA2B}) (Version: 3.2.2.0 - Turbo C++)
Update for Skype for Business 2015 (KB3039776) 64-Bit Edition (HKLM\...\{90150000-012B-0409-1000-0000000FF1CE}_Office15.PROPLUSR_{0FA8AE0C-69AE-4F60-A1AB-F79C6BA5A999}) (Version:  - Microsoft)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.6 - VideoLAN)
VMware Workstation (HKLM\...\{389F7934-61F4-40DF-B983-331614BB4686}) (Version: 12.5.1 - VMware, Inc.)
WinRAR 5.40 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)
Wise Care 365 4.22 (HKLM-x32\...\Wise Care 365_is1) (Version: 4.22 - WiseCleaner.com, Inc.)
Wise Hotkey 1.14 (HKLM\...\Wise Hotkey_is1) (Version: 1.14 - WiseCleaner.com, Inc.)
ZD Soft Screen Recorder (HKLM-x32\...\{D893898C-2FFB-41F9-ADA5-80A3C1FC8F86}) (Version: 9.1.0 - ZD Soft)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-2495111236-882408921-4290804203-1001_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\Ajay Kumar\AppData\Local\Citrix\GoToMeeting\6956\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)
ShellIconOverlayIdentifiers: [   IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll [2015-08-14] (Tonec Inc.)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-07-19] (AVAST Software)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-07-19] (AVAST Software)
ShellIconOverlayIdentifiers: [SmartFTP Drop] -> {EA5A76F7-8138-4B53-B0F5-ADCC730CAFBD} => C:\Program Files\SmartFTP Client\ShellTools.dll [2017-07-05] (SmartSoft Ltd.)
ContextMenuHandlers01: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-07-19] (AVAST Software)
ContextMenuHandlers01: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\Program Files\PowerISO\PWRISOSH.DLL [2017-02-02] (Power Software Ltd)
ContextMenuHandlers01: [SmartFTP] -> {F87DED31-303F-4ED1-9BCE-D360FBC74E0A} => C:\Program Files\SmartFTP Client\ShellTools.dll [2017-07-05] (SmartSoft Ltd.)
ContextMenuHandlers01: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-15] (Alexander Roshal)
ContextMenuHandlers01: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} =>  -> No File
ContextMenuHandlers02: [VMDiskMenuHandler] -> {271DC252-6FE1-4D59-9053-E4CF50AB99DE} =>  -> No File
ContextMenuHandlers02: [VMDiskMenuHandler64] -> {E4D28EDC-8C0B-43EE-9E7D-C8A8682334DC} => C:\Program Files (x86)\VMware\VMware Workstation\x64\vmdkShellExt64.dll [2016-10-21] (VMware, Inc.)
ContextMenuHandlers03: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-07-19] (AVAST Software)
ContextMenuHandlers03: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-05-09] (Malwarebytes)
ContextMenuHandlers04: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\Program Files\PowerISO\PWRISOSH.DLL [2017-02-02] (Power Software Ltd)
ContextMenuHandlers04: [SmartFTP] -> {F87DED31-303F-4ED1-9BCE-D360FBC74E0A} => C:\Program Files\SmartFTP Client\ShellTools.dll [2017-07-05] (SmartSoft Ltd.)
ContextMenuHandlers06: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-07-19] (AVAST Software)
ContextMenuHandlers06: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-05-09] (Malwarebytes)
ContextMenuHandlers06: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\Program Files\PowerISO\PWRISOSH.DLL [2017-02-02] (Power Software Ltd)
ContextMenuHandlers06: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-15] (Alexander Roshal)
ContextMenuHandlers06: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} =>  -> No File
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {02F28430-43E5-4801-BDC7-258A742FB791} - System32\Tasks\doPDF Update => C:\Program Files\Softland\novaPDF 8\Driver\UpdateApplication.exe [2016-06-17] ()
Task: {1A6B32D3-5638-4940-AB57-BC929E0C682A} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2017-07-19] (AVAST Software)
Task: {2305124F-9261-4EE9-B0B3-883E43B72E65} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {28792C66-8F36-413E-BC28-6431947907CE} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-06-13] (Piriform Ltd)
Task: {327635E8-6162-422D-B7B4-7CCD3FCA5AC3} - \WiseCleaner\WDRSkipUAC -> No File <==== ATTENTION
Task: {3845C103-0727-4AF5-87E2-AB7E737E92A6} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {4591E491-44BA-45BD-BB6E-0E679D3A6B37} - System32\Tasks\Run RoboForm TaskBar Icon => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [2016-06-30] (Siber Systems)
Task: {4CB8BE34-8A33-4686-B41F-2EDBE7755184} - System32\Tasks\SafeZone scheduled Autoupdate 1488379810 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2017-06-13] (Avast Software)
Task: {6AC2D611-289E-4CF0-B527-18008435BCAC} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-07-18] (Adobe Systems Incorporated)
Task: {6E589B41-AAEA-4401-B7E3-B0F708C37BD8} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_26_0_0_137_pepper.exe [2017-07-18] (Adobe Systems Incorporated)
Task: {7C710134-A323-4C7E-A452-8D5A4B578BC9} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2017-07-12] (AVAST Software)
Task: {7ED597D9-D258-413A-BF57-9C7435EEC661} - System32\Tasks\G2MUploadTask-S-1-5-21-2495111236-882408921-4290804203-1001 => C:\Users\Ajay Kumar\AppData\Local\GoToMeeting\7297\g2mupload.exe [2017-07-10] (LogMeIn, Inc.)
Task: {80DA16BF-CE7E-442E-8B3D-6A41583E7691} - System32\Tasks\{0B2CB605-DA63-4EB5-92C9-ABA649CDFAFF} => C:\Windows\system32\pcalua.exe -a "D:\3d analyzer\3DAnalyze.exe" -d "D:\3d analyzer"
Task: {84E956A2-A14C-4F2B-85B4-03E7F7A393E5} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-06-30] (Google Inc.)
Task: {86157B65-E121-4ED4-8869-A204313DE2BF} - System32\Tasks\USER_ESRV_SVC_QUEENCREEK => "C:\Windows\System32\Wscript.exe" //B //NoLogo "C:\Program Files\Intel\SUR\QUEENCREEK\task.vbs"
Task: {9C704E6A-D1F8-4704-8B31-34CAF502D70E} - System32\Tasks\Open URL by RoboForm => C:\Windows\system32\rundll32.exe url.dll,FileProtocolHandler "hxxp://www.roboform.com/test-pass.html?aaa=KICMHMNMJMOMKJLJNMJJCNLMNMKMLJCNLMKMJJMMCNHMOMKJOJCNNJIMLMOJPMMJNMOMNJGMNJNJJNJICMIMCNGMCNOMGMFMOMOMCNPMCNGMJMPMPMFMJMCNMMCNGMJMPMPMCNNMJNPICMLMFMEKMICNJJCKFMPMJNHICMEKMICNJJCKJNBJCMOLFJOJGIPNELKICJOJNIJNKJCMJNNICMJNDJCMKJBJJNMJ (the data entry has 49 more characters).
Task: {CED87036-1493-4B43-884F-68B25D6AB605} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-06-30] (Google Inc.)
Task: {D4E8B631-02DB-468E-A147-0E4E2435FBBD} - System32\Tasks\Intel\Intel Telemetry 2 => C:\Program Files\Intel\Telemetry 2.0\lrio.exe [2016-03-17] (Intel Corporation)
Task: {F07832F9-DEF8-43BB-BE88-1DDED4420420} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {FD1E1C9D-2F6E-4800-8481-0CD2B9D947A0} - System32\Tasks\AutoPico Daily Restart => C:\Program Files\KMSpico\AutoPico.exe [2013-11-12] ()
Task: {FEF66B24-6CE0-4F6C-89A1-85BD7F69657A} - System32\Tasks\G2MUpdateTask-S-1-5-21-2495111236-882408921-4290804203-1001 => C:\Users\Ajay Kumar\AppData\Local\GoToMeeting\7297\g2mupdate.exe [2017-07-10] (LogMeIn, Inc.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-2495111236-882408921-4290804203-1001.job => C:\Users\Ajay Kumar\AppData\Local\GoToMeeting\7297\g2mupdate.exe
Task: C:\Windows\Tasks\G2MUploadTask-S-1-5-21-2495111236-882408921-4290804203-1001.job => C:\Users\Ajay Kumar\AppData\Local\GoToMeeting\7297\g2mupload.exe
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
==================== Loaded Modules (Whitelisted) ==============
 
2017-06-24 09:55 - 2017-03-07 19:15 - 00824592 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\esrv_svc.exe
2017-06-24 09:55 - 2017-03-07 19:18 - 01981712 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\intel_modeler.dll
2017-06-24 09:55 - 2017-03-07 19:10 - 00248080 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\acpi_battery_input.dll
2017-06-24 09:55 - 2017-03-07 19:09 - 00213776 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\wifi_input.dll
2017-06-24 09:55 - 2017-03-07 19:10 - 00175376 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\devices_use_input.dll
2017-06-24 09:55 - 2017-03-07 19:09 - 00204048 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\intel_system_power_state_input.dll
2017-06-24 09:55 - 2017-03-07 19:08 - 00337680 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\intel_process_input.dll
2017-06-24 09:55 - 2017-03-07 19:05 - 00148240 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\intel_winstat_input.dll
2017-06-24 09:55 - 2017-03-07 19:05 - 00178448 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\intel_acdc_setting_input.dll
2017-06-24 09:55 - 2017-03-07 19:10 - 00213776 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\sema_thermal_input.dll
2017-06-24 09:55 - 2017-03-07 19:06 - 00229648 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\intel_quality_and_reliability_input.dll
2017-06-24 09:55 - 2017-03-07 19:07 - 00225040 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\intel_sampler_input.dll
2017-06-24 09:55 - 2017-03-07 19:05 - 00212752 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\intel_stress_odometer_input.dll
2017-06-24 09:55 - 2017-03-07 19:07 - 00220432 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\intel_turbo_input.dll
2017-06-20 13:30 - 2017-06-20 13:30 - 00416432 _____ () C:\Program Files (x86)\NordVPN\nordvpn-service.exe
2016-06-17 12:43 - 2016-06-17 12:43 - 00145696 _____ () C:\Program Files\Softland\novaPDF 8\Server\AgileDotNetRT64.dll
2017-03-07 19:04 - 2017-03-07 19:04 - 00157456 _____ () C:\Program Files\Intel Driver Update Utility\SUR\SurSvc.exe
2017-07-18 13:09 - 2017-07-18 13:12 - 02260432 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2016-06-14 13:37 - 2016-06-14 13:37 - 08909504 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2017-06-29 00:05 - 2017-06-29 00:05 - 00001024 _____ () C:\Program Files\SmartFTP Client\api-ms-win-core-libraryloader-l1-2-2.dll
2017-06-29 00:05 - 2017-06-29 00:05 - 00001024 _____ () C:\Program Files\SmartFTP Client\api-ms-win-core-heap-l2-1-0.dll
2017-04-07 13:11 - 2017-04-07 13:11 - 00054488 _____ () C:\Program Files\CCleaner\branding.dll
2017-06-24 09:55 - 2017-03-07 19:13 - 00747792 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\esrv.exe
2017-06-24 09:55 - 2017-03-07 19:11 - 00238864 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\foreground_window_input.dll
2017-06-24 09:55 - 2017-03-07 19:08 - 00218384 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\intel_user_waiting_input.dll
2017-06-30 15:29 - 2017-06-23 08:51 - 02692440 _____ () C:\Program Files (x86)\Google\Chrome\Application\59.0.3071.115\swiftshader\libglesv2.dll
2017-06-30 15:29 - 2017-06-23 08:51 - 00137048 _____ () C:\Program Files (x86)\Google\Chrome\Application\59.0.3071.115\swiftshader\libegl.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 18:55 - 2017-07-18 19:16 - 00001308 _____ C:\Windows\system32\Drivers\etc\hosts
 
127.0.0.1 activate.adobe.com
127.0.0.1 practivate.adobe.com
127.0.0.1 ereg.adobe.com
127.0.0.1 activate.wip3.adobe.com
127.0.0.1 wip3.adobe.com
127.0.0.1 3dns-3.adobe.com
127.0.0.1 3dns-2.adobe.com
127.0.0.1 adobe-dns.adobe.com
127.0.0.1 adobe-dns-2.adobe.com
127.0.0.1 adobe-dns-3.adobe.com
127.0.0.1 ereg.wip3.adobe.com
127.0.0.1 activate-sea.adobe.com
127.0.0.1 wwis-dubc1-vip60.adobe.com
127.0.0.1 activate-sjc0.adobe.com
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-2495111236-882408921-4290804203-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Ajay Kumar\AppData\Local\Microsoft\BingDesktop\en-US\Apps\Wallpaper_5386c77076d04cf9a8b5d619b4cba48e\VersionIndependent\images\58968.jpg
DNS Servers: 8.8.8.8 - 8.8.4.4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
HKLM\...\StartupApproved\Run: => "AvastUI.exe"
HKLM\...\StartupApproved\Run32: => "BingDesktop"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "vmware-tray.exe"
HKU\S-1-5-21-2495111236-882408921-4290804203-1001\...\StartupApproved\Run: => "IDMan"
HKU\S-1-5-21-2495111236-882408921-4290804203-1001\...\StartupApproved\Run: => "RoboForm"
HKU\S-1-5-21-2495111236-882408921-4290804203-1001\...\StartupApproved\Run: => "SecureBrowserAutoLaunch_4A9037BD31FE9505D46E53ABE3CC686C"
HKU\S-1-5-21-2495111236-882408921-4290804203-1001\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_B7F1EC60451F30C5A745B3E33A731F83"
HKU\S-1-5-21-2495111236-882408921-4290804203-1001\...\StartupApproved\Run: => "Spotify Web Helper"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{259928AB-1340-4569-B30D-17BA5351FAB2}] => (Allow) C:\Program Files\KMSpico\KMSELDI.exe
FirewallRules: [{ABEA0FE3-6B11-4135-8871-64872F9079B6}] => (Allow) C:\Program Files\KMSpico\KMSELDI.exe
FirewallRules: [{10E2D20C-5551-49C0-A770-7E00B70A2C43}] => (Allow) C:\Program Files\KMSpico\KMSELDI.exe
FirewallRules: [{C4FCF7D1-78D7-410F-8356-0D05A15CEB4C}] => (Allow) C:\Program Files\KMSpico\KMSELDI.exe
FirewallRules: [{5BC09A1E-F06E-4393-926C-E5BFBF1D01CF}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{833902A4-F765-4F81-BCA3-461F5D0AC70F}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{E4F2A935-B814-4168-815F-20EE7BED76FD}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{00AE5E9B-8C0B-4DBA-89DB-BA9B14CFF8FD}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{98FDA97A-B523-43BC-82DF-A84D609D37FA}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{CD4E003E-9662-42E6-8305-4915A2B84E1D}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{04B2CFB5-4D9A-418D-A20D-0C70B475157E}] => (Allow) C:\Users\Ajay Kumar\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{07AFE6FB-2364-40A8-A16B-B414C39405E7}] => (Allow) C:\Users\Ajay Kumar\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{B6FD2779-351D-4AE2-8832-D7571C52EF32}] => (Allow) C:\Users\Ajay Kumar\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{53530430-E332-46E1-8CFA-425634CD3C46}] => (Allow) C:\Users\Ajay Kumar\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{C7EB1E63-CF01-422C-92E9-75689C10B064}] => (Allow) C:\Program Files\KMSpico\AutoPico.exe
FirewallRules: [{F34C7A07-0E58-4481-821F-BC6AA4CFAF54}] => (Allow) C:\Program Files\KMSpico\AutoPico.exe
FirewallRules: [{FC38D25F-EC0E-476D-8598-E9DE2EA68B86}] => (Allow) LPort=8501
FirewallRules: [{15890D53-9686-43DE-BCA4-945382B5FE68}] => (Allow) LPort=8501
FirewallRules: [{F040CA0E-BBE0-40FB-B4F5-AED4B4D84D79}] => (Allow) C:\Program Files\KMSpico\AutoPico.exe
FirewallRules: [{1C280F80-88FB-4912-BAAE-55201B623DB0}] => (Allow) C:\Program Files\KMSpico\AutoPico.exe
FirewallRules: [{CF39396A-1B3C-4B5F-98E8-B9C2994CF5D9}] => (Allow) C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
FirewallRules: [{E8B30553-5D47-41C5-95FA-3EF8A2E77705}] => (Allow) C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
FirewallRules: [{F2597B71-6B03-4EE9-9B4A-3BB07D9F402F}] => (Allow) C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe
FirewallRules: [{FE0DA5F2-39B8-4C32-B0B7-3A38BB0BC09D}] => (Allow) C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe
FirewallRules: [{24D9D325-C7D6-4F41-BC14-523A3585C726}] => (Allow) LPort=8317
FirewallRules: [{F3CBF496-ABFC-4AED-8017-326628DD1845}] => (Allow) C:\Program Files\MAGIX\Movie Edit Pro 2016 Premium\Videodeluxe.exe
FirewallRules: [{B228A3C8-2D45-48C7-A599-3FA898D683B3}] => (Allow) D:\Battlefield 2\BF2.exe
FirewallRules: [{8C881FD4-4345-43BA-B88E-3F8A0450D49E}] => (Allow) D:\Battlefield 2\BF2.exe
FirewallRules: [{E6046EDA-10AA-4131-9C3C-07061F326F5D}] => (Allow) C:\Program Files (x86)\Simple Port Tester\spt.exe
FirewallRules: [{9249C14F-294F-4557-8A29-A191FD258817}] => (Allow) C:\Program Files (x86)\Simple Port Tester\spt.exe
FirewallRules: [{028880DA-B2C0-402B-86F3-56BDB841F290}] => (Allow) LPort=8080
FirewallRules: [{37474FE3-1E63-4F9F-8856-A5029048DE17}] => (Allow) LPort=4481
FirewallRules: [{89B0CD08-2616-4885-9428-4A7CC9CF9A3F}] => (Allow) LPort=4481
FirewallRules: [{1A63159B-9470-42D0-BD38-EAD2BE21BE2E}] => (Allow) LPort=4482
FirewallRules: [{78098966-073E-4A46-852C-123183E36E00}] => (Allow) LPort=4482
FirewallRules: [{C75016A7-F948-479A-840A-E57F36935A7B}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{09F1B502-E7A6-404A-B6E0-BD3661E667B5}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{6B8613A3-6A47-4D97-B824-02CCB7024610}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{FDA1811C-F0C5-4100-A388-81C9B6F4AFE0}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{2C9D1492-1ED8-4106-AEB1-D7991026F7FB}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\3.55.2393.607\SZBrowser.exe
FirewallRules: [{F0AF8406-EF44-4504-85F4-1430F6B5987E}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{4DDD6DC4-2508-4E94-9256-6CAFDDC96FD9}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{81AEE7DE-DAE8-4CE5-A558-774811052539}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{4620A280-1B42-443C-9F01-0CDD8564BD49}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{6C70BCD6-9307-4F93-BC7B-04E652401F4D}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{EBF61AD2-9DDB-48F8-9B73-14A8D6EC5E37}] => (Allow) C:\Program Files\SmartFTP Client\SmartFTP.exe
FirewallRules: [{B360693E-6543-47A9-B3B4-A36C614ADFED}] => (Allow) C:\Windows\System32\KMSServer.exe
FirewallRules: [{35B815F1-BAB7-4542-BF0F-671F47DFEE0B}] => (Allow) C:\Windows\System32\KMSServer.exe
FirewallRules: [{59A4039F-112A-4326-9DB0-801267A02B21}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\3.55.2393.609\SZBrowser.exe
 
==================== Restore Points =========================
 
20-07-2017 19:44:45 zoek.exe restore point
 
==================== Faulty Device Manager Devices =============
 
Name: avast! SecureLine TAP Adapter v3
Description: avast! SecureLine TAP Adapter v3
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: TAP-Windows Provider V9
Service: aswTap
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (07/21/2017 07:34:00 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xC004F074
Command-line arguments:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=UserLogon;SessionId=1
 
Error: (07/21/2017 07:34:00 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xC004F074
Command-line arguments:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=NetworkAvailable
 
Error: (07/21/2017 07:32:51 PM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: The index cannot be initialized.
 
Details:
The specified object cannot be found. Specify the name of an existing object.  (HRESULT : 0x80040d06) (0x80040d06)
 
Error: (07/21/2017 07:32:51 PM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: The application cannot be initialized.
 
Context: Windows Application
 
Details:
The specified object cannot be found. Specify the name of an existing object.  (HRESULT : 0x80040d06) (0x80040d06)
 
Error: (07/21/2017 07:32:51 PM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: The gatherer object cannot be initialized.
 
Context: Windows Application, SystemIndex Catalog
 
Details:
The specified object cannot be found. Specify the name of an existing object.  (HRESULT : 0x80040d06) (0x80040d06)
 
Error: (07/21/2017 07:32:51 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: The plug-in in <Search.TripoliIndexer> cannot be initialized.
 
Context: Windows Application, SystemIndex Catalog
 
Details:
The specified object cannot be found. Specify the name of an existing object.  (HRESULT : 0x80040d06) (0x80040d06)
 
Error: (07/21/2017 07:32:50 PM) (Source: Windows Search Service) (EventID: 3057) (User: )
Description: The plug-in manager <Search.TripoliIndexer> cannot be initialized.
 
Context: Windows Application
 
Details:
(HRESULT : 0x8e5e0210) (0x8e5e0210)
 
Error: (07/21/2017 07:32:50 PM) (Source: Windows Search Service) (EventID: 7042) (User: )
Description: The Windows Search Service is being stopped because there is a problem with the indexer: The catalog is corrupt.
 
Details:
The content index catalog is corrupt.   0xc0041801 (0xc0041801)
 
Error: (07/21/2017 07:32:50 PM) (Source: Windows Search Service) (EventID: 7040) (User: )
Description: The search service has detected corrupted data files in the index {id=4810 - enduser\mssearch2\search\ytrip\common\util\jetutil.cpp (167)}. The service will attempt to automatically correct this problem by rebuilding the index.
 
Details:
0x8e5e0210 (0x8e5e0210)
 
Error: (07/21/2017 07:32:50 PM) (Source: ESENT) (EventID: 455) (User: )
Description: SearchIndexer (4416) Windows: Error -1811 (0xfffff8ed) occurred while opening logfile C:\ProgramData\Microsoft\Search\Data\Applications\Windows\edb000D2.log.
 
 
System errors:
=============
Error: (07/21/2017 07:43:38 PM) (Source: DCOM) (EventID: 10010) (User: Ajay)
Description: The server {1B1F472E-3221-4826-97DB-2C2324D389AE} did not register with DCOM within the required timeout.
 
Error: (07/21/2017 07:43:08 PM) (Source: DCOM) (EventID: 10010) (User: Ajay)
Description: The server {BF6C1E47-86EC-4194-9CE5-13C15DCB2001} did not register with DCOM within the required timeout.
 
Error: (07/21/2017 07:33:00 PM) (Source: DCOM) (EventID: 10005) (User: Ajay)
Description: DCOM got error "1053" attempting to start the service WSearch with arguments "Unavailable" in order to run the server:
{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}
 
Error: (07/21/2017 07:33:00 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Search service failed to start due to the following error: 
The service did not respond to the start or control request in a timely fashion.
 
Error: (07/21/2017 07:33:00 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
 
Error: (07/21/2017 07:33:00 PM) (Source: DCOM) (EventID: 10005) (User: Ajay)
Description: DCOM got error "1053" attempting to start the service WSearch with arguments "Unavailable" in order to run the server:
{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}
 
Error: (07/21/2017 07:33:00 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Search service failed to start due to the following error: 
The service did not respond to the start or control request in a timely fashion.
 
Error: (07/21/2017 07:33:00 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
 
Error: (07/21/2017 07:33:00 PM) (Source: DCOM) (EventID: 10005) (User: Ajay)
Description: DCOM got error "1053" attempting to start the service WSearch with arguments "Unavailable" in order to run the server:
{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}
 
Error: (07/21/2017 07:33:00 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Search service failed to start due to the following error: 
The service did not respond to the start or control request in a timely fashion.
 
 
CodeIntegrity:
===================================
  Date: 2017-07-20 21:26:10.178
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2017-07-20 21:26:09.991
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2017-07-20 21:26:09.835
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2017-07-20 21:26:09.678
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2017-07-20 21:26:09.538
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2017-07-20 21:26:09.366
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2017-07-20 21:26:09.210
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2017-07-20 21:26:09.053
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2017-07-20 21:26:08.881
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2017-07-20 21:26:08.710
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Processor: Pentium® Dual-Core CPU E5700 @ 3.00GHz
Percentage of memory in use: 38%
Total physical RAM: 7836.49 MB
Available physical RAM: 4821.31 MB
Total Virtual: 16476.49 MB
Available Virtual: 13509.47 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:97.65 GB) (Free:11.98 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: () (Fixed) (Total:135.22 GB) (Free:38.85 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: A46CA46C)
Partition 1: (Active) - (Size=97.7 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=135.2 GB) - (Type=OF Extended)
 
==================== End of Addition.txt ============================


#9 satchfan

satchfan

  • Malware Response Team
  • 2,858 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:04:10 PM

Posted 21 July 2017 - 11:00 AM

Disable Team Viewer and LogMeIn

Team Viewer is on the machine and is running. When set to run at startup, if another person has the password they can gain access to your machine. Although it’s not malware, it does have the potential for mis-use depending on how the program is installed.

I think it is wise to disable Team Viewer and LogMeIn from starting at boot up, this way nothing can be captured and sent through remote connections.

  • open TeamViewer and when the window opens, from the ‘Extras’ menu, choose Options
  • remove the checkmark next to ‘Start TeamViewer with Windows’ and then click OK.

LogMeIn

  • right-click on the ‘This PC’ icon on the Desktop and select Manage
  • in the window that appears select Services > Services and Applications
  • on the right hand side find ‘LogMeIn’
  • right click and select Properties
  • from ‘Startup Type’ select Manual and click OK.

===================================================

Registry cleaners

Wise Care 365 , is a utility which offers a number of cleaning and tune up services. However, it's not a good idea to use registry cleaners/boosters.

The usefulness of cleaning the registry is highly overrated and can be dangerous. In most cases, using a cleaner to remove obsolete, invalid and erroneous entries does not affect system performance but it can result in "unpredictable results". Unless you have a particular problem that requires a registry edit to correct it, (and you are expert in the registry), I would suggest you leave the registry alone.

I strongly advise you to uninstal Wise Care 365 and any other cleaner/optimizer/booster/tuneup/tweak type utilities that you have on this or any other  computer.

One of the malware experts, miekiemoes, has an excellent write-up here

Another from quietman7 here

===================================================

P2P - I see you have P2P software, (uTorrent ), installed on your machine.

We are not here to pass judgment on file-sharing as a concept but we will warn you that engaging in this activity will always make your computer very susceptible to infection and re-infection.

It almost certainly contributed to your current situation.

Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are more often than not, infected. Those who write malware use P2P file-sharing as a major vehicle to spread their wares.

Please see this topic for more information:

P2P File Sharing Risks.

I would strongly recommend that you uninstall it now. Should you decide to keep it, please don’t use it until we have finished up here.

===================================================

You have illegal software installed on your computer, (as well as illegal software that has been downloaded but not installed).

Continuing to help you could be viewed as supporting/condoning this so if you want to continue, I need you to uninstall all the illegal software that you have downloaded or installed. When you have done that, do the following:

Run CKScanner

Download CKScanner by askey127 from here & save it to your Desktop.

  • double-click CKScanner.exe then click Search For Files
  • when the cursor hourglass disappears, click Save List To File
  • a message box will verify the file saved
  • double-click the CKFiles.txt icon on your desktop then copy/paste the contents in your next reply.

================================================

Please run FRST again and make sure there is a checkmark next to "Addition.txt" before you hit “Scan”.

Logs to include with next post:

CKFiles.txt
New Frst.txt
New Addition.txt


Thanks

Satchfan

 


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#10 ajay1998A

ajay1998A
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:08:40 PM

Posted 21 July 2017 - 12:04 PM

New Frst.txt :

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 18-07-2017
Ran by Ajay (administrator) on AJAY (21-07-2017 22:26:42)
Running from D:\Programs
Loaded Profiles: Ajay (Available Profiles: Ajay)
Platform: Windows 8.1 Pro (Update) (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
(Microsoft Corp.) C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe
(Comodo) C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe
(Intel) C:\Program Files (x86)\Intel Driver Update Utility\DSAService.exe
() C:\Program Files\Intel\SUR\QUEENCREEK\esrv_svc.exe
() C:\Program Files (x86)\NordVPN\nordvpn-service.exe
(Microsoft) C:\Program Files\Softland\novaPDF 8\Server\novapdfs.exe
() C:\Program Files\Intel Driver Update Utility\SUR\SurSvc.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(AVAST Software s.r.o.) C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Intel) C:\Program Files (x86)\Intel Driver Update Utility\DSATray.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
() C:\Program Files\Intel\SUR\QUEENCREEK\esrv.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.1.362.0\SeaPort.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office15\WINWORD.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IDMan.exe
(VideoLAN) C:\Program Files (x86)\VideoLAN\VLC\vlc.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [213832 2017-07-19] (AVAST Software)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [3146704 2017-05-09] (Malwarebytes)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-09-22] (Oracle Corporation)
HKLM-x32\...\Run: [vmware-tray.exe] => C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe [112200 2016-10-21] (VMware, Inc.)
HKLM-x32\...\Run: [BingDesktop] => C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe [2368736 2014-06-03] (Microsoft Corp.)
HKLM-x32\...\Run: [DSATray] => C:\Program Files (x86)\Intel Driver Update Utility\DsaTray.exe [132856 2017-05-18] (Intel)
HKU\S-1-5-21-2495111236-882408921-4290804203-1001\...\Run: [IDMan] => C:\Program Files (x86)\Internet Download Manager\IDMan.exe [3948600 2016-06-30] (Tonec Inc.)
HKU\S-1-5-21-2495111236-882408921-4290804203-1001\...\Run: [Spotify Web Helper] => C:\Users\Ajay Kumar\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1560176 2017-06-09] (Spotify Ltd)
HKU\S-1-5-21-2495111236-882408921-4290804203-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9803992 2017-06-13] (Piriform Ltd)
HKU\S-1-5-21-2495111236-882408921-4290804203-1001\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-18\...\Run: [] => [X]
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\..\Interfaces\{2A029EFB-31AC-4CB8-9658-6A8B48866411}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{2A029EFB-31AC-4CB8-9658-6A8B48866411}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{3D5ABE48-67EA-4614-83AF-51648A79C2DF}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{517DF602-A0BC-44CC-AD50-4BCF0CE20BB6}: [DhcpNameServer] 8.8.8.8
Tcpip\..\Interfaces\{604A8EE8-89FB-43A9-8218-3D612F86DB23}: [DhcpNameServer] 78.46.223.24 162.242.211.137
 
Internet Explorer:
==================
HKU\S-1-5-21-2495111236-882408921-4290804203-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/en-in/?ocid=iehp
SearchScopes: HKU\S-1-5-21-2495111236-882408921-4290804203-1001 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll [2015-12-08] (Internet Download Manager, Tonec Inc.)
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2016-07-19] (Microsoft Corporation)
BHO: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll [2016-06-30] (Siber Systems Inc.)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2017-06-26] (AVAST Software)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2016-07-12] (Microsoft Corporation)
BHO-x32: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll [2015-12-08] (Internet Download Manager, Tonec Inc.)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2016-07-19] (Microsoft Corporation)
BHO-x32: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll [2016-06-30] (Siber Systems Inc.)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\ssv.dll [2016-10-25] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2017-06-26] (AVAST Software)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2016-07-12] (Microsoft Corporation)
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\7.1.362.0\BingExt.dll [2012-02-13] (Microsoft Corporation.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\jp2ssv.dll [2016-10-25] (Oracle Corporation)
Toolbar: HKLM - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll [2016-06-30] (Siber Systems Inc.)
Toolbar: HKLM-x32 - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll [2016-06-30] (Siber Systems Inc.)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2016-05-17] (Microsoft Corporation)
 
FireFox:
========
FF DefaultProfile: 16o116t2.default
FF ProfilePath: C:\Users\Ajay Kumar\AppData\Roaming\Mozilla\Firefox\Profiles\16o116t2.default [2017-07-21]
FF Extension: (myRailinfo IRCTC Tatkal Ticket Autofill) - C:\Users\Ajay Kumar\AppData\Roaming\Mozilla\Firefox\Profiles\16o116t2.default\Extensions\jid2-l8SPBzHJWBIiHQ@jetpack.xpi [2017-07-19]
FF Extension: (Avast SafePrice) - C:\Users\Ajay Kumar\AppData\Roaming\Mozilla\Firefox\Profiles\16o116t2.default\Extensions\sp@avast.com.xpi [2017-06-05]
FF Extension: (Avast Online Security) - C:\Users\Ajay Kumar\AppData\Roaming\Mozilla\Firefox\Profiles\16o116t2.default\Extensions\wrc@avast.com.xpi [2017-06-05]
FF Extension: (SEOquake) - C:\Users\Ajay Kumar\AppData\Roaming\Mozilla\Firefox\Profiles\16o116t2.default\Extensions\{317B5128-0B0B-49b2-B2DB-1E7560E16C74}.xpi [2017-05-31]
FF Extension: (iMacros for Firefox) - C:\Users\Ajay Kumar\AppData\Roaming\Mozilla\Firefox\Profiles\16o116t2.default\Extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}.xpi [2016-11-13]
FF Extension: (Adblock Plus) - C:\Users\Ajay Kumar\AppData\Roaming\Mozilla\Firefox\Profiles\16o116t2.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2017-06-11]
FF HKLM-x32\...\Firefox\Extensions: [{22119944-ED35-4ab1-910B-E619EA06A115}] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox\roboform.xpi
FF Extension: (RoboForm Toolbar) - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox\roboform.xpi [2016-06-30]
FF HKU\S-1-5-21-2495111236-882408921-4290804203-1001\...\Firefox\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi
FF Extension: (IDM integration) - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi [2016-06-08]
FF HKU\S-1-5-21-2495111236-882408921-4290804203-1001\...\Firefox\Extensions: [{22119944-ED35-4ab1-910B-E619EA06A115}] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox\roboform.xpi
FF HKU\S-1-5-21-2495111236-882408921-4290804203-1001\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\Ajay Kumar\AppData\Roaming\IDM\idmmzcc5
FF Extension: (IDM CC) - C:\Users\Ajay Kumar\AppData\Roaming\IDM\idmmzcc5 [2017-07-21] [not signed]
FF HKU\S-1-5-21-2495111236-882408921-4290804203-1001\...\SeaMonkey\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_26_0_0_137.dll [2017-07-11] ()
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_26_0_0_137.dll [2017-07-11] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\dtplugin\npDeployJava1.dll [2016-10-25] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\plugin2\npjp2.dll [2016-10-25] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-07-19] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-22] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-04-05] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2495111236-882408921-4290804203-1001: @citrixonline.com/appdetectorplugin -> C:\Users\Ajay Kumar\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2017-06-12] (Citrix Online)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2016-07-19] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2017-04-05] (Adobe Systems Inc.)
 
Chrome: 
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> msn.com
CHR Profile: C:\Users\Ajay Kumar\AppData\Local\Google\Chrome\User Data\Default [2017-07-21]
CHR Extension: (Google Slides) - C:\Users\Ajay Kumar\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-07-20]
CHR Extension: (Google Docs) - C:\Users\Ajay Kumar\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-07-20]
CHR Extension: (Google Drive) - C:\Users\Ajay Kumar\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-07-20]
CHR Extension: (YouTube) - C:\Users\Ajay Kumar\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-07-20]
CHR Extension: (Adobe Acrobat) - C:\Users\Ajay Kumar\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-07-20]
CHR Extension: (Avast SafePrice) - C:\Users\Ajay Kumar\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2017-07-20]
CHR Extension: (Google Sheets) - C:\Users\Ajay Kumar\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-07-20]
CHR Extension: (Google Docs Offline) - C:\Users\Ajay Kumar\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-07-20]
CHR Extension: (AdBlock) - C:\Users\Ajay Kumar\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2017-07-20]
CHR Extension: (Avast Online Security) - C:\Users\Ajay Kumar\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2017-07-20]
CHR Extension: (IDM Integration Module) - C:\Users\Ajay Kumar\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngpampappnmepgilojfohadhhmbhlaek [2017-07-20]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Ajay Kumar\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-07-20]
CHR Extension: (Gmail) - C:\Users\Ajay Kumar\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-07-20]
CHR Extension: (Chrome Media Router) - C:\Users\Ajay Kumar\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-07-20]
CHR Extension: (RoboForm Password Manager) - C:\Users\Ajay Kumar\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnlccmojcmeohlpggmfnbbiapkmbliob [2017-07-20]
CHR Profile: C:\Users\Ajay Kumar\AppData\Local\Google\Chrome\User Data\Guest Profile [2017-07-21]
CHR Profile: C:\Users\Ajay Kumar\AppData\Local\Google\Chrome\User Data\System Profile [2017-07-21]
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2016-06-09]
CHR HKLM\...\Chrome\Extension: [pnlccmojcmeohlpggmfnbbiapkmbliob] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Chrome\rf-chrome.crx [2016-06-30]
CHR HKU\S-1-5-21-2495111236-882408921-4290804203-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fkkcgfbgohboipdhliafmacjnhjbhmim] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2016-06-09]
CHR HKLM-x32\...\Chrome\Extension: [pnlccmojcmeohlpggmfnbbiapkmbliob] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Chrome\rf-chrome.crx [2016-06-30]
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7430992 2017-07-19] (AVAST Software s.r.o.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [263312 2017-07-19] (AVAST Software)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [311592 2017-07-19] (AVAST Software)
R2 BingDesktopUpdate; C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [173792 2014-06-03] (Microsoft Corp.)
R2 DragonUpdater; C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe [2273432 2017-04-28] (Comodo)
R2 DSAService; C:\Program Files (x86)\Intel Driver Update Utility\DSAService.exe [21240 2017-05-18] (Intel)
R2 ESRV_SVC_QUEENCREEK; C:\Program Files\Intel\SUR\QUEENCREEK\esrv_svc.exe [824592 2017-03-07] ()
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4470736 2017-05-09] (Malwarebytes)
R2 nordvpn-service; C:\Program Files (x86)\NordVPN\nordvpn-service.exe [416432 2017-06-20] ()
R2 NovaPdfServer; C:\Program Files\Softland\novaPDF 8\Server\novapdfs.exe [51112 2016-06-17] (Microsoft)
R2 SystemUsageReportSvc_QUEENCREEK; C:\Program Files\Intel Driver Update Utility\SUR\SurSvc.exe [157456 2017-03-07] ()
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [10885360 2017-05-31] (TeamViewer GmbH)
S2 USER_ESRV_SVC_QUEENCREEK; C:\Program Files\Intel\SUR\QUEENCREEK\esrv_svc.exe [824592 2017-03-07] ()
S2 VMwareHostd; C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe [12472904 2016-10-21] ()
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [346872 2013-08-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23840 2013-08-22] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 aswbidsdriver; C:\Windows\system32\drivers\aswbidsdrivera.sys [320008 2017-07-19] (AVAST Software s.r.o.)
R0 aswbidsh; C:\Windows\system32\drivers\aswbidsha.sys [198976 2017-07-19] (AVAST Software s.r.o.)
R0 aswblog; C:\Windows\system32\drivers\aswbloga.sys [343288 2017-07-19] (AVAST Software s.r.o.)
R0 aswbuniv; C:\Windows\system32\drivers\aswbuniva.sys [57728 2017-07-19] (AVAST Software s.r.o.)
S3 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [46984 2017-06-26] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [41800 2017-06-26] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [146696 2017-07-19] (AVAST Software)
R1 aswNetSec; C:\Windows\system32\drivers\aswNetSec.sys [554528 2017-06-26] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [110352 2017-06-26] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\drivers\aswRvrt.sys [84392 2017-06-26] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1015848 2017-06-26] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [585608 2017-06-26] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [198768 2017-06-26] (AVAST Software)
S3 aswTap; C:\Windows\system32\DRIVERS\aswTap.sys [53904 2017-03-01] (The OpenVPN Project)
R0 aswVmm; C:\Windows\system32\drivers\aswVmm.sys [361336 2017-06-30] (AVAST Software)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [77376 2017-07-18] ()
R2 MBAMChameleon; C:\Windows\system32\drivers\MBAMChameleon.sys [188352 2017-07-21] (Malwarebytes)
R3 MBAMFarflt; C:\Windows\system32\drivers\farflt.sys [101784 2017-07-21] (Malwarebytes)
R3 MBAMProtection; C:\Windows\system32\drivers\mbam.sys [45472 2017-07-21] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [253856 2017-07-21] (Malwarebytes)
R3 MBAMWebProtection; C:\Windows\system32\drivers\mwac.sys [93600 2017-07-21] (Malwarebytes)
R0 pwdrvio; C:\Windows\System32\pwdrvio.sys [19152 2013-09-30] ()
S3 pwdspio; C:\Windows\system32\pwdspio.sys [12504 2013-09-30] ()
S3 RimVSerPort; C:\Windows\system32\DRIVERS\RimSerial_AMD64.sys [44544 2012-12-10] (Research in Motion Ltd)
S3 RTL8023x64; C:\Windows\system32\DRIVERS\Rtnic64.sys [51712 2013-06-18] (Realtek Semiconductor Corporation                           )
R3 semav6msr64; C:\Windows\system32\drivers\semav6msr64.sys [21984 2016-10-18] ()
R3 taphss6; C:\Windows\system32\DRIVERS\taphss6.sys [42064 2016-04-19] (Anchorfree Inc.)
R3 tapnordvpn; C:\Windows\system32\DRIVERS\tapnordvpn.sys [75088 2017-03-29] (The OpenVPN Project)
S1 VBoxNetAdp; C:\Windows\system32\DRIVERS\VBoxNetAdp6.sys [121824 2016-07-21] (Oracle Corporation)
R0 vsock; C:\Windows\system32\DRIVERS\vsock.sys [91712 2016-09-30] (VMware, Inc.)
R2 vstor2-mntapi20-shared; C:\Windows\SysWow64\drivers\vstor2-mntapi20-shared.sys [34520 2015-07-09] (VMware, Inc.)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [34760 2013-08-22] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [265056 2013-08-22] (Microsoft Corporation)
S3 wdm_usb; C:\Windows\system32\DRIVERS\usb2ser.sys [159936 2016-08-16] (MBB)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [124256 2013-08-22] (Microsoft Corporation)
S3 WiseHDInfo; C:\Windows\WiseHDInfo64.dll [14800 2016-11-16] (wisecleaner.com) [File not signed]
S3 WiseRegNotify; C:\Windows\WiseRegNotify.sys [29616 2016-07-09] (WiseCleaner.com) [File not signed]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-07-21 20:14 - 2017-07-21 20:14 - 00047078 _____ C:\Users\Ajay Kumar\Desktop\basic 1.pdf
2017-07-20 22:39 - 2017-07-20 22:39 - 00907946 _____ C:\Users\Ajay Kumar\Downloads\AVIAddXSub.zip
2017-07-20 22:22 - 2013-12-02 21:28 - 00039626 ____N C:\Users\Ajay Kumar\Downloads\wrong-turn-yify-english.srt
2017-07-20 21:37 - 2017-07-20 21:37 - 00000859 _____ C:\Users\Ajay Kumar\Downloads\Comodo_Internet_Security_2017_Crack_License_Key.zip
2017-07-20 21:07 - 2017-07-20 21:07 - 00000000 ____D C:\Users\Ajay Kumar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Advanced BAT to EXE Converter v4.09
2017-07-20 21:07 - 2017-07-20 21:07 - 00000000 ____D C:\ProgramData\IDM
2017-07-20 21:07 - 2017-07-20 21:07 - 00000000 ____D C:\Program Files (x86)\Advanced BAT to EXE Converter v4.09
2017-07-20 21:04 - 2017-07-20 21:04 - 00000000 ____D C:\Users\Ajay Kumar\AppData\Roaming\livestreamer
2017-07-20 20:33 - 2017-07-20 20:36 - 00000000 ____D C:\Users\Ajay Kumar\Downloads\Wrong Turn UNRATED (2003)
2017-07-20 20:14 - 2017-07-20 20:29 - 00000000 ____D C:\zoek
2017-07-19 22:45 - 2017-07-20 20:16 - 00000000 ____D C:\zoek_backup
2017-07-19 22:24 - 2017-07-21 22:22 - 00022258 _____ C:\Windows\ntbtlog.txt
2017-07-19 07:48 - 2017-07-19 07:48 - 00400464 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2017-07-19 07:47 - 2017-07-19 07:47 - 00343288 ____C (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbloga.sys
2017-07-18 21:48 - 2017-07-18 21:49 - 20609536 _____ (Adobe Systems Incorporated) C:\Users\Ajay Kumar\Downloads\install_flash_player_ppapi (1).exe
2017-07-18 21:47 - 2017-07-18 21:47 - 00004464 _____ C:\Windows\System32\Tasks\Adobe Flash Player PPAPI Notifier
2017-07-18 21:46 - 2017-07-18 21:47 - 20609536 _____ (Adobe Systems Incorporated) C:\Users\Ajay Kumar\Downloads\install_flash_player_ppapi.exe
2017-07-18 20:51 - 2017-07-18 20:51 - 00018287 _____ C:\Users\Ajay Kumar\Downloads\Independence Day- Resurgence (2016) [720p] [YTS.PE].torrent
2017-07-18 20:19 - 2017-07-18 20:19 - 00000000 ____D C:\Program Files (x86)\Comodo
2017-07-18 20:11 - 2017-07-18 20:11 - 00002126 _____ C:\Users\Public\Desktop\Comodo Dragon.lnk
2017-07-18 20:11 - 2017-07-18 20:11 - 00000000 ____D C:\Users\Ajay Kumar\AppData\Local\Comodo
2017-07-18 20:11 - 2017-07-18 20:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Comodo
2017-07-18 20:10 - 2017-07-18 20:10 - 01060864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc71.dll
2017-07-18 20:10 - 2017-07-18 20:10 - 00348160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr71.dll
2017-07-18 20:07 - 2017-07-18 20:09 - 69135768 _____ (Comodo) C:\Users\Ajay Kumar\Downloads\dragonsetup.exe
2017-07-18 20:07 - 2017-07-18 20:07 - 00000000 ____D C:\Users\Ajay Kumar\AppData\LocalLow\Yandex
2017-07-18 20:05 - 2017-07-18 20:06 - 00000000 ____D C:\Users\Ajay Kumar\AppData\Local\Yandex
2017-07-18 20:01 - 2017-07-18 20:05 - 00000000 ____D C:\Program Files (x86)\Safer Technologies
2017-07-18 20:01 - 2017-07-18 20:01 - 00000000 ____D C:\ProgramData\Safer Technologies
2017-07-18 19:52 - 2017-07-18 19:52 - 00001661 _____ C:\Users\Ajay Kumar\Desktop\JRT.txt
2017-07-18 19:39 - 2017-07-18 19:39 - 00000000 ____D C:\ProgramData\SWCUTemp
2017-07-18 19:37 - 2017-07-18 19:37 - 01790024 _____ (Malwarebytes) C:\Users\Ajay Kumar\Downloads\JRT.exe
2017-07-18 19:28 - 2017-07-18 19:30 - 00000000 ____D C:\AdwCleaner
2017-07-18 19:27 - 2017-07-18 19:27 - 08162248 _____ (Malwarebytes) C:\Users\Ajay Kumar\Downloads\adwcleaner_7.0.0.0.exe
2017-07-18 19:20 - 2017-03-23 10:04 - 03547136 _____ C:\Windows\system32\pwNative.exe
2017-07-18 19:20 - 2013-09-30 16:26 - 00019152 _____ C:\Windows\system32\pwdrvio.sys
2017-07-18 19:20 - 2013-09-30 16:26 - 00012504 _____ C:\Windows\system32\pwdspio.sys
2017-07-18 19:19 - 2017-07-18 19:19 - 46932040 _____ (MiniTool Solution Ltd. ) C:\Users\Ajay Kumar\Downloads\pw10-free.exe
2017-07-18 17:00 - 2017-04-19 13:35 - 00095656 _____ (Microsoft Corporation) C:\Windows\system32\vcruntime140.dll
2017-07-18 16:59 - 2017-07-18 16:59 - 00053272 _____ C:\Users\Ajay Kumar\Downloads\vcruntime140.zip
2017-07-18 16:58 - 2017-07-18 05:27 - 00639808 _____ (Microsoft Corporation) C:\Windows\system32\msvcp140.dll
2017-07-18 16:57 - 2017-07-18 16:57 - 00206216 _____ C:\Users\Ajay Kumar\Downloads\msvcp140.zip
2017-07-18 16:56 - 2017-07-18 16:56 - 02786824 _____ (DLL-Files.com Client ) C:\Users\Ajay Kumar\Downloads\clientsetup_d-0.exe
2017-07-18 16:29 - 2017-07-18 16:30 - 00045603 _____ C:\Users\Ajay Kumar\Downloads\Addition.txt
2017-07-18 16:28 - 2017-07-21 22:26 - 00000000 ____D C:\FRST
2017-07-18 16:28 - 2017-07-18 16:30 - 00046693 _____ C:\Users\Ajay Kumar\Downloads\FRST.txt
2017-07-18 16:27 - 2017-07-18 16:27 - 02435584 _____ (Farbar) C:\Users\Ajay Kumar\Downloads\FRST64.exe
2017-07-18 16:13 - 2017-07-18 16:13 - 00000000 ____D C:\Windows\pss
2017-07-18 14:45 - 2017-07-18 14:45 - 00717400 _____ C:\Windows\system32\FNTCACHE.DAT
2017-07-18 14:22 - 2017-07-18 14:22 - 00002574 _____ C:\Windows\system32\.crusader
2017-07-18 13:28 - 2017-07-18 14:22 - 00000000 ____D C:\ProgramData\HitmanPro
2017-07-18 13:26 - 2017-07-18 13:33 - 00001624 _____ C:\Users\Ajay Kumar\Desktop\Rkill.txt
2017-07-18 13:09 - 2017-07-21 20:34 - 00093600 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2017-07-18 13:09 - 2017-07-21 19:31 - 00253856 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-07-18 13:09 - 2017-07-21 19:31 - 00101784 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2017-07-18 13:09 - 2017-07-21 19:31 - 00045472 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2017-07-18 13:09 - 2017-07-21 09:18 - 00188352 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMChameleon.sys
2017-07-18 13:09 - 2017-07-18 13:12 - 00077376 _____ C:\Windows\system32\Drivers\mbae64.sys
2017-07-18 13:09 - 2017-07-18 13:09 - 00001883 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-07-18 13:09 - 2017-07-18 13:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-07-18 13:08 - 2017-07-18 13:08 - 00000000 ____D C:\Program Files\Malwarebytes
2017-07-18 12:38 - 2017-07-18 12:38 - 00000004 _____ C:\ProgramData\_lg.3sap
2017-07-17 11:45 - 2017-07-17 11:45 - 00000000 ____D C:\Users\Ajay Kumar\Documents\EA Games
2017-07-17 11:35 - 2017-07-17 11:35 - 00000000 ____D C:\Windows\SysWOW64\AGEIA
2017-07-17 11:35 - 2017-07-17 11:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AGEIA
2017-07-17 11:35 - 2017-07-17 11:35 - 00000000 ____D C:\Program Files (x86)\AGEIA Technologies
2017-07-16 21:29 - 2017-07-16 21:29 - 00003084 _____ C:\Windows\System32\Tasks\{0B2CB605-DA63-4EB5-92C9-ABA649CDFAFF}
2017-07-16 21:13 - 2004-12-10 21:50 - 00000000 ____D C:\Users\Ajay Kumar\AppData\Roaming\images
2017-07-16 21:08 - 2017-07-16 21:08 - 00000000 ____D C:\Users\Ajay Kumar\AppData\Local\Activision
2017-07-16 20:05 - 2017-07-16 20:05 - 00013292 _____ C:\Users\Ajay Kumar\Downloads\498FE29CDE1018A2F6E94233E8AF617C542647A8 (1).torrent
2017-07-16 20:00 - 2017-07-16 20:00 - 00036111 _____ C:\Users\Ajay Kumar\Downloads\Call Of Duty World At War-RELOADED-[rarbg.to].torrent
2017-07-16 19:59 - 2017-07-16 19:59 - 00016698 _____ C:\Users\Ajay Kumar\Downloads\Call.Of.Duty.World.At.War - RELOADED.torrent
2017-07-14 21:22 - 2017-07-14 21:22 - 03798282 _____ C:\Users\Ajay Kumar\Downloads\113k+.txt
2017-07-13 22:37 - 2017-07-13 22:37 - 00026855 _____ C:\Users\Ajay Kumar\Downloads\The Belko Experiment (2016) [720p] [YTS.AG].torrent
2017-07-10 20:16 - 2017-07-10 20:16 - 60833124 _____ C:\Users\Ajay Kumar\Downloads\google-chrome-stable_current_amd64.deb
2017-07-10 07:44 - 2017-07-10 07:44 - 00000000 ____D C:\Users\Ajay Kumar\AppData\Local\GoToMeeting
2017-07-09 20:41 - 2017-07-20 23:27 - 00000000 ____D C:\Users\Ajay Kumar\AppData\Roaming\uTorrent
2017-07-08 13:46 - 2017-07-08 13:46 - 00044936 _____ C:\Users\Ajay Kumar\genymotion-log.zip
2017-07-08 13:45 - 2017-07-09 12:48 - 00000000 ____D C:\Users\Ajay Kumar\AppData\Local\Genymobile
2017-07-07 21:46 - 2017-07-07 21:46 - 00000000 ____D C:\Users\Ajay Kumar\AppData\Local\SmartFTP
2017-07-07 21:42 - 2017-07-07 21:42 - 00000000 ____D C:\Windows\System32\Tasks\SmartFTP
2017-07-07 21:40 - 2017-07-07 21:40 - 00000000 ____D C:\Users\Ajay Kumar\AppData\Roaming\SmartFTP
2017-07-07 21:40 - 2017-07-07 21:40 - 00000000 ____D C:\ProgramData\regid.2006-08.com.smartftp
2017-07-07 21:40 - 2017-07-07 21:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SmartFTP Client
2017-07-07 21:40 - 2017-07-07 21:40 - 00000000 ____D C:\Program Files\SmartFTP Client
2017-07-07 20:02 - 2017-07-07 20:02 - 00098357 _____ C:\Users\Ajay Kumar\Desktop\college fees.pdf
2017-07-07 19:58 - 2017-07-07 19:58 - 00098236 _____ C:\Users\Ajay Kumar\Desktop\bus fees.pdf
2017-07-05 19:44 - 2017-07-05 19:45 - 02712821 _____ C:\Users\Ajay Kumar\Downloads\158k+.txt
2017-07-03 20:20 - 2017-07-03 20:21 - 03156216 _____ C:\Users\Ajay Kumar\Downloads\92k+.txt
2017-07-03 19:58 - 2017-07-03 19:58 - 00000000 ____D C:\Users\Ajay Kumar\AppData\Roaming\Macromedia
2017-07-02 14:10 - 2017-07-02 14:10 - 04594648 _____ C:\Users\Ajay Kumar\Downloads\156k+.txt
2017-07-01 20:20 - 2017-07-01 20:20 - 00000000 ____D C:\Users\Ajay Kumar\AppData\Local\Chromium
2017-07-01 20:19 - 2017-07-01 20:19 - 03299313 _____ C:\Users\Ajay Kumar\Downloads\96k+.txt
2017-06-30 13:35 - 2017-06-30 13:35 - 04069418 _____ C:\Users\Ajay Kumar\Downloads\132k+.txt
2017-06-30 13:15 - 2017-06-30 13:15 - 03112230 _____ C:\Users\Ajay Kumar\Downloads\104k+.txt
2017-06-30 10:55 - 2017-06-30 10:56 - 03223818 _____ C:\Users\Ajay Kumar\Downloads\114k+.txt
2017-06-26 12:22 - 2017-06-26 12:22 - 02042795 _____ C:\Users\Ajay Kumar\Downloads\60k+ High Quality Yahoo Email Combo List HQ.txt
2017-06-26 12:20 - 2017-06-26 12:20 - 06054230 _____ C:\Users\Ajay Kumar\Downloads\178k+ HQ Combo (IPTV, Spotify, Hulu, Minecraft, Steam, Netflix, Origin, WWE).txt
2017-06-25 13:20 - 2017-06-25 13:20 - 01371529 _____ C:\Users\Ajay Kumar\Downloads\47+ Twitter UserPass Combo List.txt
2017-06-24 10:25 - 2017-06-24 10:25 - 00000000 ____D C:\Users\Ajay Kumar\Downloads\SLAYER Leecher
2017-06-24 10:00 - 2017-07-04 20:32 - 00000000 ____D C:\Users\Ajay Kumar\AppData\Local\SLAYER_Combo_Searcher_v_0
2017-06-24 09:59 - 2017-06-24 09:59 - 00778823 _____ C:\Users\Ajay Kumar\Downloads\SLAYER Leecher.rar
2017-06-24 09:55 - 2017-07-15 20:26 - 00000000 ____D C:\Program Files (x86)\Intel Driver Update Utility
2017-06-24 09:55 - 2017-06-24 09:55 - 00003210 _____ C:\Windows\System32\Tasks\USER_ESRV_SVC_QUEENCREEK
2017-06-24 09:55 - 2017-06-24 09:55 - 00000000 ____D C:\Windows\System32\Tasks\Intel
2017-06-24 09:55 - 2017-06-24 09:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel Driver Update Utility
2017-06-24 09:55 - 2017-06-24 09:55 - 00000000 ____D C:\ProgramData\Intel
2017-06-24 09:55 - 2016-10-18 17:14 - 00021984 _____ C:\Windows\system32\Drivers\semav6msr64.sys
2017-06-24 09:54 - 2017-06-24 09:55 - 00000000 ____D C:\Program Files\Intel
2017-06-24 09:54 - 2017-06-24 09:54 - 00000000 ____D C:\Program Files\Intel Driver Update Utility
2017-06-24 09:50 - 2017-06-24 09:50 - 00000000 ____D C:\Users\Ajay Kumar\AppData\Local\realtech_VR
2017-06-24 09:48 - 2017-06-24 09:48 - 00000000 ____D C:\ProgramData\realtech VR
2017-06-21 20:54 - 2017-06-21 20:54 - 18650636 _____ C:\Users\Ajay Kumar\Downloads\chemistry unit-2.pdf
2017-06-21 20:54 - 2017-06-21 20:54 - 18642611 _____ C:\Users\Ajay Kumar\Downloads\polymers chem.pdf
2017-06-21 20:52 - 2017-06-21 20:52 - 16503875 _____ C:\Users\Ajay Kumar\Downloads\unit 5 Engg chem-1.pdf
2017-06-21 20:52 - 2017-06-21 20:52 - 14786932 _____ C:\Users\Ajay Kumar\Downloads\chemistry unit 1.pdf
2017-06-21 20:52 - 2017-06-21 20:52 - 12391837 _____ C:\Users\Ajay Kumar\Downloads\corrosion chem_1492701384853.pdf
2017-06-21 20:31 - 2017-06-21 20:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NordVPN
2017-06-21 20:31 - 2017-06-21 20:31 - 00000000 ____D C:\Program Files (x86)\NordVPN
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-07-21 22:26 - 2016-06-30 22:38 - 00000000 ____D C:\Users\Ajay Kumar\AppData\Roaming\IDM
2017-07-21 22:23 - 2016-11-19 20:47 - 00000000 ____D C:\Users\Ajay Kumar\AppData\LocalLow\Mozilla
2017-07-21 22:21 - 2017-06-12 08:48 - 00000562 _____ C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-2495111236-882408921-4290804203-1001.job
2017-07-21 21:36 - 2016-07-07 19:37 - 00000000 ____D C:\Users\Ajay Kumar\AppData\Roaming\vlc
2017-07-21 21:09 - 2017-06-12 08:48 - 00000658 _____ C:\Windows\Tasks\G2MUploadTask-S-1-5-21-2495111236-882408921-4290804203-1001.job
2017-07-21 19:32 - 2016-06-30 21:29 - 00000000 ____D C:\Users\Ajay Kumar
2017-07-21 19:31 - 2013-08-22 19:06 - 00000000 ____D C:\Windows\Inf
2017-07-21 19:30 - 2017-03-21 20:16 - 00000008 __RSH C:\ProgramData\ntuser.pol
2017-07-21 19:30 - 2016-10-30 16:31 - 00000000 ____D C:\ProgramData\VMware
2017-07-21 19:30 - 2013-08-22 20:15 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-07-20 23:27 - 2016-06-30 22:38 - 00000000 ____D C:\Users\Ajay Kumar\AppData\Roaming\DMCache
2017-07-20 21:51 - 2016-06-30 21:37 - 00003598 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2495111236-882408921-4290804203-1001
2017-07-20 21:25 - 2017-06-13 10:35 - 00000000 ____D C:\hotstarsportslivestreamer-master
2017-07-20 21:25 - 2016-06-30 21:30 - 00000000 ____D C:\Users\Ajay Kumar\AppData\Local\VirtualStore
2017-07-20 20:39 - 2013-08-22 21:06 - 00000000 ___HD C:\Program Files\WindowsApps
2017-07-20 20:39 - 2013-08-22 21:06 - 00000000 ____D C:\Windows\AppReadiness
2017-07-20 20:26 - 2016-07-03 05:55 - 00000000 ____D C:\Users\Ajay Kumar\AppData\LocalLow\Adobe
2017-07-20 20:26 - 2016-07-01 19:54 - 00000000 ____D C:\Users\Ajay Kumar\AppData\Local\Adobe
2017-07-20 20:26 - 2016-06-30 21:30 - 00000000 ____D C:\Users\Ajay Kumar\AppData\Roaming\Adobe
2017-07-20 09:31 - 2017-06-13 13:40 - 00091781 _____ C:\Users\Ajay Kumar\Documents\NETGEEKS DUES NEW (Autosaved).xlsx
2017-07-19 20:02 - 2016-07-09 17:04 - 00000000 ____D C:\Program Files (x86)\Wise
2017-07-19 20:01 - 2017-04-28 11:45 - 00000000 ____D C:\Perl64
2017-07-19 19:53 - 2016-10-30 16:38 - 00000000 ____D C:\Users\Ajay Kumar\AppData\Roaming\VMware
2017-07-19 19:53 - 2016-10-30 16:38 - 00000000 ____D C:\Users\Ajay Kumar\AppData\Local\VMware
2017-07-19 19:48 - 2016-10-30 16:39 - 00000000 ____D C:\Users\Ajay Kumar\Documents\Virtual Machines
2017-07-19 07:49 - 2017-04-02 20:36 - 00003884 _____ C:\Windows\System32\Tasks\SafeZone scheduled Autoupdate 1488379810
2017-07-19 07:49 - 2017-03-01 20:20 - 00001059 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk
2017-07-19 07:49 - 2017-03-01 20:19 - 00146696 _____ (AVAST Software) C:\Windows\system32\Drivers\aswmonflt.sys
2017-07-19 07:48 - 2017-03-01 20:19 - 00146664 _____ (AVAST Software) C:\Windows\system32\Drivers\aswmonflt.sys.150043074714003
2017-07-19 07:48 - 2017-03-01 20:19 - 00003914 _____ C:\Windows\System32\Tasks\Avast Emergency Update
2017-07-19 07:47 - 2017-03-01 20:19 - 00320008 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbidsdrivera.sys
2017-07-19 07:47 - 2017-03-01 20:19 - 00198976 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbidsha.sys
2017-07-19 07:47 - 2017-03-01 20:19 - 00057728 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbuniva.sys
2017-07-18 21:47 - 2016-07-19 20:44 - 00004288 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2017-07-18 21:47 - 2013-08-22 21:06 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2017-07-18 21:47 - 2013-08-22 21:06 - 00000000 ____D C:\Windows\system32\Macromed
2017-07-18 20:44 - 2013-08-22 21:06 - 00000000 ___HD C:\Windows\system32\GroupPolicy
2017-07-18 20:44 - 2013-08-22 21:06 - 00000000 ____D C:\Windows\SysWOW64\GroupPolicy
2017-07-18 14:49 - 2016-08-07 21:04 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2017-07-18 14:44 - 2013-08-22 18:55 - 00262144 ___SH C:\Windows\system32\config\BBI
2017-07-18 13:08 - 2016-06-30 22:04 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-07-18 12:49 - 2016-06-30 21:34 - 00000000 __RHD C:\MSOCache
2017-07-17 16:39 - 2016-08-02 09:38 - 00012284 _____ C:\Users\Ajay Kumar\Documents\MONTHLY SAVINGS.xlsx
2017-07-16 20:57 - 2016-07-24 14:06 - 00000000 ____D C:\Windows\SysWOW64\directx
2017-07-12 08:04 - 2013-08-22 21:06 - 00000000 ____D C:\Windows\LiveKernelReports
2017-07-10 07:44 - 2017-06-12 08:48 - 00003648 _____ C:\Windows\System32\Tasks\G2MUploadTask-S-1-5-21-2495111236-882408921-4290804203-1001
2017-07-10 07:44 - 2017-06-12 08:48 - 00003552 _____ C:\Windows\System32\Tasks\G2MUpdateTask-S-1-5-21-2495111236-882408921-4290804203-1001
2017-07-05 07:21 - 2017-04-14 10:51 - 00000983 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 12.lnk
2017-07-05 07:14 - 2016-12-16 19:54 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-07-05 07:14 - 2016-06-30 22:04 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-07-03 20:17 - 2017-06-09 21:07 - 00000000 ____D C:\Users\Ajay Kumar\AppData\Local\Spotify
2017-07-03 20:17 - 2017-06-09 21:06 - 00000000 ____D C:\Users\Ajay Kumar\AppData\Roaming\Spotify
2017-06-30 22:18 - 2017-03-01 20:19 - 00361336 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2017-06-30 15:29 - 2016-06-30 22:05 - 00002215 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-06-30 10:20 - 2016-09-26 01:23 - 00000000 ____D C:\Program Files (x86)\UCBrowser
2017-06-27 00:00 - 2017-03-30 20:31 - 00000000 ____D C:\Users\Ajay Kumar\AppData\Local\ElevatedDiagnostics
2017-06-27 00:00 - 2013-08-22 21:06 - 00000000 ____D C:\Windows\system32\NDF
2017-06-26 22:17 - 2017-03-01 20:19 - 01015848 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2017-06-26 22:17 - 2017-03-01 20:19 - 00585608 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2017-06-26 22:17 - 2017-03-01 20:19 - 00554528 _____ (AVAST Software) C:\Windows\system32\Drivers\aswNetSec.sys
2017-06-26 22:17 - 2017-03-01 20:19 - 00198768 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2017-06-26 22:17 - 2017-03-01 20:19 - 00110352 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2017-06-26 22:17 - 2017-03-01 20:19 - 00084392 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2017-06-26 22:17 - 2017-03-01 20:19 - 00046984 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2017-06-26 22:17 - 2017-03-01 20:19 - 00041800 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2017-06-26 21:39 - 2016-11-27 11:10 - 00000000 ___RD C:\Users\Ajay Kumar\Documents\MAGIX
2017-06-26 20:36 - 2016-07-08 20:56 - 00000000 ____D C:\Users\Ajay Kumar\Documents\Camtasia Studio
2017-06-24 10:26 - 2017-06-12 20:48 - 01292370 _____ C:\Users\Ajay Kumar\Documents\copmb.txt
2017-06-22 22:33 - 2017-06-12 08:48 - 00000000 ____D C:\Users\Ajay Kumar\AppData\Local\Citrix
2017-06-21 22:22 - 2016-06-30 22:22 - 00000000 ____D C:\Windows\Panther
2017-06-21 22:12 - 2017-06-06 19:19 - 00000000 ____D C:\Program Files\CCleaner
2017-06-21 20:31 - 2017-06-08 23:43 - 00001925 _____ C:\Users\Public\Desktop\NordVPN.lnk
2017-06-21 20:31 - 2017-06-08 23:42 - 00000000 ____D C:\Users\Ajay Kumar\AppData\Roaming\NordVPN
2017-06-21 20:28 - 2017-06-11 13:00 - 11360636 _____ C:\Users\Ajay Kumar\Documents\sss.txt
 
==================== Files in the root of some directories =======
 
2017-03-01 20:53 - 2017-03-01 20:53 - 0017408 _____ () C:\Users\Ajay Kumar\AppData\Local\WebpageIcons.db
2016-09-15 23:13 - 2016-09-15 23:13 - 0004932 _____ () C:\ProgramData\pgatahac.zmz
2017-07-18 12:38 - 2017-07-18 12:38 - 0000004 _____ () C:\ProgramData\_lg.3sap
 
Files to move or delete:
====================
C:\ProgramData\C__Program Files (x86)_RealHideIP_RealHideIP.exe
 
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2017-07-18 15:04
 
==================== End of FRST.txt ============================
New Addition.txt :
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 18-07-2017
Ran by Ajay (21-07-2017 22:27:38)
Running from D:\Programs
Windows 8.1 Pro (Update) (X64) (2016-06-30 15:59:54)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-2495111236-882408921-4290804203-500 - Administrator - Disabled)
Ajay (S-1-5-21-2495111236-882408921-4290804203-1001 - Administrator - Enabled) => C:\Users\Ajay Kumar
Guest (S-1-5-21-2495111236-882408921-4290804203-501 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
FW: Avast Antivirus (Enabled) {B693136B-F6EE-DD1C-A0EF-229B8B0B29C4}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
. . (HKLM\...\{7565710A-C97D-44A4-A030-768957F9F2C1}) (Version: 7.1 - Intel) Hidden
. . . (HKLM-x32\...\{F3B4320C-C72B-46B3-96D7-0C38E37388B8}) (Version: 2.8.0.7 - Intel) Hidden
µTorrent (HKU\S-1-5-21-2495111236-882408921-4290804203-1001\...\uTorrent) (Version: 3.4.9.43295 - BitTorrent Inc.)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 17.009.20044 - Adobe Systems Incorporated)
Adobe Flash Player 26 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 26.0.0.137 - Adobe Systems Incorporated)
Adobe Flash Player 26 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 26.0.0.137 - Adobe Systems Incorporated)
Advanced BAT to EXE Converter v4.09 (HKLM-x32\...\Advanced BAT to EXE Converter v4.09) (Version:  - )
AGEIA PhysX v7.07.09 (HKLM-x32\...\{65F1CF63-31E0-450B-96F3-4A88BE7361A6}) (Version: 7.07.09 - AGEIA Technologies, Inc.)
Avast Premier (HKLM-x32\...\Avast Antivirus) (Version: 17.5.2303 - AVAST Software)
Bandisoft MPEG-1 Decoder (HKLM-x32\...\BandiMPEG1) (Version:  - Bandisoft.com)
Battlefield 2™ (HKLM-x32\...\{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}) (Version:  - )
BBSAK (HKLM-x32\...\{B23F12D4-17DE-453A-B1F4-55E501FE0EBF}) (Version: 1.9.2 - JMT Labs)
Bing Bar (HKLM-x32\...\{16793295-2366-40F7-A045-A3E42A81365E}) (Version: 7.1.362.0 - Microsoft Corporation)
Bing Desktop (HKLM-x32\...\{7D095455-D971-4D4C-9EFD-9AF6A6584F3A}) (Version: 1.3.470.0 - Microsoft Corporation)
CCleaner (HKLM\...\CCleaner) (Version: 5.31 - Piriform)
Comodo Dragon (HKLM-x32\...\Comodo Dragon) (Version: 57.0.2987.93 - Comodo)
doPDF (HKLM\...\{F64C9051-AF79-4416-9522-EDBE765F062C}) (Version: 8.6.942 - Softland) Hidden
doPDF 8 (HKLM-x32\...\{413fb852-4e7d-4e52-bcaa-6270ff9a9347}) (Version: 8.6.942 - Softland)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 59.0.3071.115 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
GoToMeeting 8.8.0.7297 (HKU\S-1-5-21-2495111236-882408921-4290804203-1001\...\GoToMeeting) (Version: 8.8.0.7297 - LogMeIn, Inc.)
HandBrake 1.0.3 (HKLM-x32\...\HandBrake) (Version: 1.0.3 - )
ImagePrinter Pro 6.1 (HKLM\...\ImagePrinter Pro 6.1_is1) (Version:  - Code Industry Ltd.)
Intel® Driver Update Utility (HKLM-x32\...\{b480f6cc-fa56-482b-b0a3-49d69a32db6d}) (Version: 2.8.0.7 - Intel)
Internet Download Manager (HKLM-x32\...\Internet Download Manager) (Version:  - Tonec Inc.)
Java 8 Update 101 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180101F0}) (Version: 8.0.1010.13 - Oracle Corporation)
Java 8 Update 111 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180111F0}) (Version: 8.0.1110.14 - Oracle Corporation)
Java 8 Update 91 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218091F0}) (Version: 8.0.910.15 - Oracle Corporation)
KMSpico v9.0.5.20131111 (HKLM\...\KMSpico_is1) (Version: 9.0.5.20131111 - )
MAGIX Movie Edit Pro 2016 Premium (HKLM\...\{0E64129B-4258-44B9-8034-464C6E28878D}) (Version: 15.0.0.73 - MAGIX Software GmbH) Hidden
MAGIX Movie Edit Pro 2016 Premium (HKLM\...\MX.{0E64129B-4258-44B9-8034-464C6E28878D}) (Version: 15.0.0.73 - MAGIX Software GmbH)
MAGIX Speed burnR (MSI) (HKLM\...\{EFF38464-ED43-451C-9117-F910728B3FF8}) (Version: 7.0.1.27 - MAGIX Software GmbH) Hidden
MAGIX Speed burnR (MSI) (HKLM-x32\...\MX.{EFF38464-ED43-451C-9117-F910728B3FF8}) (Version: 7.0.1.27 - MAGIX Software GmbH)
MAGIX Video deluxe 2016 Premium Update (HKLM\...\{AA6874A6-C7EB-42D5-B434-A86B75E00F32}) (Version: 15.0.0.77 - MAGIX Software GmbH) Hidden
Malwarebytes version 3.1.2.1733 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.1.2.1733 - Malwarebytes)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUSR) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Server Speech Platform Runtime (x86) (HKLM-x32\...\{22CB8ED7-DF57-4864-BD04-F63B9CE4B494}) (Version: 11.0.7400.345 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 54.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 54.0.1 (x86 en-US)) (Version: 54.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 54.0.1.6388 - Mozilla)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
NordVPN (HKLM-x32\...\{E3B2A8B4-D5F6-42D8-BE94-57ACC29EE70B}) (Version: 6.3.3 - NordVPN) Hidden
NordVPN (HKLM-x32\...\NordVPN 6.3.3) (Version: 6.3.3 - NordVPN)
novaPDF 8 add-in for Microsoft Office (x64) (HKLM\...\{A53F3DB0-ECBA-4CA0-A4AC-518FA7347A02}) (Version: 8.6.942 - Softland)
novaPDF 8 add-in for Microsoft Office (x86) (HKLM-x32\...\{A0B71772-5AC4-47D5-A175-99238C057B37}) (Version: 8.6.942 - Softland)
novaPDF 8 Printer Driver (HKLM\...\{1A9E9E77-B29B-47C6-ADEB-9E7D6F7A08CE}) (Version: 8.6.942 - Softland)
Outils de vérification linguistique 2013 de Microsoft Office - Français (HKLM\...\{90150000-001F-040C-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
PhishBait Maker 2.1.0 (HKLM-x32\...\PhishBait Maker 2.1.0) (Version:  - )
PowerISO (HKLM-x32\...\PowerISO) (Version: 6.8 - Power Software Ltd)
RoboForm 7-9-19-7 (All Users) (HKLM-x32\...\AI RoboForm) (Version: 7-9-19-7 - Siber Systems)
SafeZone Stable 3.55.2393.609 (HKLM-x32\...\SafeZone 3.55.2393.609) (Version: 3.55.2393.609 - Avast Software) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version:  - Microsoft)
Simple Port Tester (HKLM-x32\...\Simple Port Tester3.0.0) (Version: 3.0.0 - PcWinTech.com)
SmartFTP Client (HKLM\...\{73724E56-E50A-4DE0-B05A-DF50216E5B30}) (Version: 9.0.2456.0 - SmartSoft Ltd.)
Spotify (HKU\S-1-5-21-2495111236-882408921-4290804203-1001\...\Spotify) (Version: 1.0.56.451.gb2f539fc - Spotify AB)
TAP-NordVPN 9.21.2 (HKLM\...\TAP-NordVPN) (Version: 9.21.2 - NordVPN.com)
TeamViewer 12 (HKLM-x32\...\TeamViewer) (Version: 12.0.78716 - TeamViewer)
Turbo C++ 3.2 (HKLM-x32\...\{16FEECA3-A0BF-44ED-A894-C0E7B29FAA2B}) (Version: 3.2.2.0 - Turbo C++)
Update for Skype for Business 2015 (KB3039776) 64-Bit Edition (HKLM\...\{90150000-012B-0409-1000-0000000FF1CE}_Office15.PROPLUSR_{0FA8AE0C-69AE-4F60-A1AB-F79C6BA5A999}) (Version:  - Microsoft)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.6 - VideoLAN)
VMware Workstation (HKLM\...\{389F7934-61F4-40DF-B983-331614BB4686}) (Version: 12.5.1 - VMware, Inc.)
WinRAR 5.40 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)
Wise Hotkey 1.14 (HKLM\...\Wise Hotkey_is1) (Version: 1.14 - WiseCleaner.com, Inc.)
ZD Soft Screen Recorder (HKLM-x32\...\{D893898C-2FFB-41F9-ADA5-80A3C1FC8F86}) (Version: 9.1.0 - ZD Soft)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-2495111236-882408921-4290804203-1001_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\Ajay Kumar\AppData\Local\Citrix\GoToMeeting\6956\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)
ShellIconOverlayIdentifiers: [   IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll [2015-08-14] (Tonec Inc.)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-07-19] (AVAST Software)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-07-19] (AVAST Software)
ShellIconOverlayIdentifiers: [SmartFTP Drop] -> {EA5A76F7-8138-4B53-B0F5-ADCC730CAFBD} => C:\Program Files\SmartFTP Client\ShellTools.dll [2017-07-05] (SmartSoft Ltd.)
ContextMenuHandlers01: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-07-19] (AVAST Software)
ContextMenuHandlers01: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\Program Files\PowerISO\PWRISOSH.DLL [2017-02-02] (Power Software Ltd)
ContextMenuHandlers01: [SmartFTP] -> {F87DED31-303F-4ED1-9BCE-D360FBC74E0A} => C:\Program Files\SmartFTP Client\ShellTools.dll [2017-07-05] (SmartSoft Ltd.)
ContextMenuHandlers01: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-15] (Alexander Roshal)
ContextMenuHandlers01: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} =>  -> No File
ContextMenuHandlers02: [VMDiskMenuHandler] -> {271DC252-6FE1-4D59-9053-E4CF50AB99DE} =>  -> No File
ContextMenuHandlers02: [VMDiskMenuHandler64] -> {E4D28EDC-8C0B-43EE-9E7D-C8A8682334DC} => C:\Program Files (x86)\VMware\VMware Workstation\x64\vmdkShellExt64.dll [2016-10-21] (VMware, Inc.)
ContextMenuHandlers03: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-07-19] (AVAST Software)
ContextMenuHandlers03: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-05-09] (Malwarebytes)
ContextMenuHandlers04: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\Program Files\PowerISO\PWRISOSH.DLL [2017-02-02] (Power Software Ltd)
ContextMenuHandlers04: [SmartFTP] -> {F87DED31-303F-4ED1-9BCE-D360FBC74E0A} => C:\Program Files\SmartFTP Client\ShellTools.dll [2017-07-05] (SmartSoft Ltd.)
ContextMenuHandlers06: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-07-19] (AVAST Software)
ContextMenuHandlers06: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-05-09] (Malwarebytes)
ContextMenuHandlers06: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\Program Files\PowerISO\PWRISOSH.DLL [2017-02-02] (Power Software Ltd)
ContextMenuHandlers06: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-15] (Alexander Roshal)
ContextMenuHandlers06: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} =>  -> No File
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {02F28430-43E5-4801-BDC7-258A742FB791} - System32\Tasks\doPDF Update => C:\Program Files\Softland\novaPDF 8\Driver\UpdateApplication.exe [2016-06-17] ()
Task: {1A6B32D3-5638-4940-AB57-BC929E0C682A} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2017-07-19] (AVAST Software)
Task: {2305124F-9261-4EE9-B0B3-883E43B72E65} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {28792C66-8F36-413E-BC28-6431947907CE} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-06-13] (Piriform Ltd)
Task: {327635E8-6162-422D-B7B4-7CCD3FCA5AC3} - \WiseCleaner\WDRSkipUAC -> No File <==== ATTENTION
Task: {3845C103-0727-4AF5-87E2-AB7E737E92A6} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {4591E491-44BA-45BD-BB6E-0E679D3A6B37} - System32\Tasks\Run RoboForm TaskBar Icon => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [2016-06-30] (Siber Systems)
Task: {4CB8BE34-8A33-4686-B41F-2EDBE7755184} - System32\Tasks\SafeZone scheduled Autoupdate 1488379810 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2017-06-13] (Avast Software)
Task: {6AC2D611-289E-4CF0-B527-18008435BCAC} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-07-18] (Adobe Systems Incorporated)
Task: {6E589B41-AAEA-4401-B7E3-B0F708C37BD8} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_26_0_0_137_pepper.exe [2017-07-18] (Adobe Systems Incorporated)
Task: {7C710134-A323-4C7E-A452-8D5A4B578BC9} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2017-07-12] (AVAST Software)
Task: {7ED597D9-D258-413A-BF57-9C7435EEC661} - System32\Tasks\G2MUploadTask-S-1-5-21-2495111236-882408921-4290804203-1001 => C:\Users\Ajay Kumar\AppData\Local\GoToMeeting\7297\g2mupload.exe [2017-07-10] (LogMeIn, Inc.)
Task: {80DA16BF-CE7E-442E-8B3D-6A41583E7691} - System32\Tasks\{0B2CB605-DA63-4EB5-92C9-ABA649CDFAFF} => C:\Windows\system32\pcalua.exe -a "D:\3d analyzer\3DAnalyze.exe" -d "D:\3d analyzer"
Task: {84E956A2-A14C-4F2B-85B4-03E7F7A393E5} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-06-30] (Google Inc.)
Task: {86157B65-E121-4ED4-8869-A204313DE2BF} - System32\Tasks\USER_ESRV_SVC_QUEENCREEK => "C:\Windows\System32\Wscript.exe" //B //NoLogo "C:\Program Files\Intel\SUR\QUEENCREEK\task.vbs"
Task: {9C704E6A-D1F8-4704-8B31-34CAF502D70E} - System32\Tasks\Open URL by RoboForm => C:\Windows\system32\rundll32.exe url.dll,FileProtocolHandler "hxxp://www.roboform.com/test-pass.html?aaa=KICMHMNMJMOMKJLJNMJJCNLMNMKMLJCNLMKMJJMMCNHMOMKJOJCNNJIMLMOJPMMJNMOMNJGMNJNJJNJICMIMCNGMCNOMGMFMOMOMCNPMCNGMJMPMPMFMJMCNMMCNGMJMPMPMCNNMJNPICMLMFMEKMICNJJCKFMPMJNHICMEKMICNJJCKJNBJCMOLFJOJGIPNELKICJOJNIJNKJCMJNNICMJNDJCMKJBJJNMJ (the data entry has 49 more characters).
Task: {CED87036-1493-4B43-884F-68B25D6AB605} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-06-30] (Google Inc.)
Task: {D4E8B631-02DB-468E-A147-0E4E2435FBBD} - System32\Tasks\Intel\Intel Telemetry 2 => C:\Program Files\Intel\Telemetry 2.0\lrio.exe [2016-03-17] (Intel Corporation)
Task: {F07832F9-DEF8-43BB-BE88-1DDED4420420} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {FD1E1C9D-2F6E-4800-8481-0CD2B9D947A0} - System32\Tasks\AutoPico Daily Restart => C:\Program Files\KMSpico\AutoPico.exe [2013-11-12] ()
Task: {FEF66B24-6CE0-4F6C-89A1-85BD7F69657A} - System32\Tasks\G2MUpdateTask-S-1-5-21-2495111236-882408921-4290804203-1001 => C:\Users\Ajay Kumar\AppData\Local\GoToMeeting\7297\g2mupdate.exe [2017-07-10] (LogMeIn, Inc.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-2495111236-882408921-4290804203-1001.job => C:\Users\Ajay Kumar\AppData\Local\GoToMeeting\7297\g2mupdate.exe
Task: C:\Windows\Tasks\G2MUploadTask-S-1-5-21-2495111236-882408921-4290804203-1001.job => C:\Users\Ajay Kumar\AppData\Local\GoToMeeting\7297\g2mupload.exe
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
==================== Loaded Modules (Whitelisted) ==============
 
2017-06-24 09:55 - 2017-03-07 19:15 - 00824592 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\esrv_svc.exe
2017-06-24 09:55 - 2017-03-07 19:18 - 01981712 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\intel_modeler.dll
2017-06-24 09:55 - 2017-03-07 19:10 - 00248080 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\acpi_battery_input.dll
2017-06-24 09:55 - 2017-03-07 19:09 - 00213776 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\wifi_input.dll
2017-06-24 09:55 - 2017-03-07 19:10 - 00175376 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\devices_use_input.dll
2017-06-24 09:55 - 2017-03-07 19:09 - 00204048 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\intel_system_power_state_input.dll
2017-06-24 09:55 - 2017-03-07 19:08 - 00337680 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\intel_process_input.dll
2017-06-24 09:55 - 2017-03-07 19:05 - 00148240 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\intel_winstat_input.dll
2017-06-24 09:55 - 2017-03-07 19:05 - 00178448 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\intel_acdc_setting_input.dll
2017-06-24 09:55 - 2017-03-07 19:10 - 00213776 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\sema_thermal_input.dll
2017-06-24 09:55 - 2017-03-07 19:06 - 00229648 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\intel_quality_and_reliability_input.dll
2017-06-24 09:55 - 2017-03-07 19:07 - 00225040 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\intel_sampler_input.dll
2017-06-24 09:55 - 2017-03-07 19:05 - 00212752 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\intel_stress_odometer_input.dll
2017-06-24 09:55 - 2017-03-07 19:07 - 00220432 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\intel_turbo_input.dll
2017-06-20 13:30 - 2017-06-20 13:30 - 00416432 _____ () C:\Program Files (x86)\NordVPN\nordvpn-service.exe
2016-06-17 12:43 - 2016-06-17 12:43 - 00145696 _____ () C:\Program Files\Softland\novaPDF 8\Server\AgileDotNetRT64.dll
2017-03-07 19:04 - 2017-03-07 19:04 - 00157456 _____ () C:\Program Files\Intel Driver Update Utility\SUR\SurSvc.exe
2017-07-18 13:09 - 2017-07-18 13:12 - 02260432 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2016-06-14 13:37 - 2016-06-14 13:37 - 08909504 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2017-06-29 00:05 - 2017-06-29 00:05 - 00001024 _____ () C:\Program Files\SmartFTP Client\api-ms-win-core-libraryloader-l1-2-2.dll
2017-06-29 00:05 - 2017-06-29 00:05 - 00001024 _____ () C:\Program Files\SmartFTP Client\api-ms-win-core-heap-l2-1-0.dll
2017-04-07 13:11 - 2017-04-07 13:11 - 00054488 _____ () C:\Program Files\CCleaner\branding.dll
2017-06-24 09:55 - 2017-03-07 19:13 - 00747792 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\esrv.exe
2017-06-24 09:55 - 2017-03-07 19:11 - 00238864 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\foreground_window_input.dll
2017-06-24 09:55 - 2017-03-07 19:08 - 00218384 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\intel_user_waiting_input.dll
2017-06-30 15:29 - 2017-06-23 08:51 - 02692440 _____ () C:\Program Files (x86)\Google\Chrome\Application\59.0.3071.115\swiftshader\libglesv2.dll
2017-06-30 15:29 - 2017-06-23 08:51 - 00137048 _____ () C:\Program Files (x86)\Google\Chrome\Application\59.0.3071.115\swiftshader\libegl.dll
2016-06-14 13:38 - 2016-06-14 13:38 - 08909504 _____ () C:\Program Files (x86)\Microsoft Office\Office15\1033\GrooveIntlResource.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 18:55 - 2017-07-18 19:16 - 00001308 _____ C:\Windows\system32\Drivers\etc\hosts
 
127.0.0.1 activate.adobe.com
127.0.0.1 practivate.adobe.com
127.0.0.1 ereg.adobe.com
127.0.0.1 activate.wip3.adobe.com
127.0.0.1 wip3.adobe.com
127.0.0.1 3dns-3.adobe.com
127.0.0.1 3dns-2.adobe.com
127.0.0.1 adobe-dns.adobe.com
127.0.0.1 adobe-dns-2.adobe.com
127.0.0.1 adobe-dns-3.adobe.com
127.0.0.1 ereg.wip3.adobe.com
127.0.0.1 activate-sea.adobe.com
127.0.0.1 wwis-dubc1-vip60.adobe.com
127.0.0.1 activate-sjc0.adobe.com
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-2495111236-882408921-4290804203-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Ajay Kumar\AppData\Local\Microsoft\BingDesktop\en-US\Apps\Wallpaper_5386c77076d04cf9a8b5d619b4cba48e\VersionIndependent\images\58968.jpg
DNS Servers: 8.8.8.8 - 8.8.4.4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
HKLM\...\StartupApproved\Run: => "AvastUI.exe"
HKLM\...\StartupApproved\Run32: => "BingDesktop"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "vmware-tray.exe"
HKU\S-1-5-21-2495111236-882408921-4290804203-1001\...\StartupApproved\Run: => "IDMan"
HKU\S-1-5-21-2495111236-882408921-4290804203-1001\...\StartupApproved\Run: => "RoboForm"
HKU\S-1-5-21-2495111236-882408921-4290804203-1001\...\StartupApproved\Run: => "SecureBrowserAutoLaunch_4A9037BD31FE9505D46E53ABE3CC686C"
HKU\S-1-5-21-2495111236-882408921-4290804203-1001\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_B7F1EC60451F30C5A745B3E33A731F83"
HKU\S-1-5-21-2495111236-882408921-4290804203-1001\...\StartupApproved\Run: => "Spotify Web Helper"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{259928AB-1340-4569-B30D-17BA5351FAB2}] => (Allow) C:\Program Files\KMSpico\KMSELDI.exe
FirewallRules: [{ABEA0FE3-6B11-4135-8871-64872F9079B6}] => (Allow) C:\Program Files\KMSpico\KMSELDI.exe
FirewallRules: [{10E2D20C-5551-49C0-A770-7E00B70A2C43}] => (Allow) C:\Program Files\KMSpico\KMSELDI.exe
FirewallRules: [{C4FCF7D1-78D7-410F-8356-0D05A15CEB4C}] => (Allow) C:\Program Files\KMSpico\KMSELDI.exe
FirewallRules: [{5BC09A1E-F06E-4393-926C-E5BFBF1D01CF}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{833902A4-F765-4F81-BCA3-461F5D0AC70F}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{E4F2A935-B814-4168-815F-20EE7BED76FD}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{00AE5E9B-8C0B-4DBA-89DB-BA9B14CFF8FD}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{98FDA97A-B523-43BC-82DF-A84D609D37FA}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{CD4E003E-9662-42E6-8305-4915A2B84E1D}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{04B2CFB5-4D9A-418D-A20D-0C70B475157E}] => (Allow) C:\Users\Ajay Kumar\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{07AFE6FB-2364-40A8-A16B-B414C39405E7}] => (Allow) C:\Users\Ajay Kumar\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{B6FD2779-351D-4AE2-8832-D7571C52EF32}] => (Allow) C:\Users\Ajay Kumar\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{53530430-E332-46E1-8CFA-425634CD3C46}] => (Allow) C:\Users\Ajay Kumar\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{C7EB1E63-CF01-422C-92E9-75689C10B064}] => (Allow) C:\Program Files\KMSpico\AutoPico.exe
FirewallRules: [{F34C7A07-0E58-4481-821F-BC6AA4CFAF54}] => (Allow) C:\Program Files\KMSpico\AutoPico.exe
FirewallRules: [{FC38D25F-EC0E-476D-8598-E9DE2EA68B86}] => (Allow) LPort=8501
FirewallRules: [{15890D53-9686-43DE-BCA4-945382B5FE68}] => (Allow) LPort=8501
FirewallRules: [{F040CA0E-BBE0-40FB-B4F5-AED4B4D84D79}] => (Allow) C:\Program Files\KMSpico\AutoPico.exe
FirewallRules: [{1C280F80-88FB-4912-BAAE-55201B623DB0}] => (Allow) C:\Program Files\KMSpico\AutoPico.exe
FirewallRules: [{CF39396A-1B3C-4B5F-98E8-B9C2994CF5D9}] => (Allow) C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
FirewallRules: [{E8B30553-5D47-41C5-95FA-3EF8A2E77705}] => (Allow) C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
FirewallRules: [{F2597B71-6B03-4EE9-9B4A-3BB07D9F402F}] => (Allow) C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe
FirewallRules: [{FE0DA5F2-39B8-4C32-B0B7-3A38BB0BC09D}] => (Allow) C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe
FirewallRules: [{24D9D325-C7D6-4F41-BC14-523A3585C726}] => (Allow) LPort=8317
FirewallRules: [{F3CBF496-ABFC-4AED-8017-326628DD1845}] => (Allow) C:\Program Files\MAGIX\Movie Edit Pro 2016 Premium\Videodeluxe.exe
FirewallRules: [{B228A3C8-2D45-48C7-A599-3FA898D683B3}] => (Allow) D:\Battlefield 2\BF2.exe
FirewallRules: [{8C881FD4-4345-43BA-B88E-3F8A0450D49E}] => (Allow) D:\Battlefield 2\BF2.exe
FirewallRules: [{E6046EDA-10AA-4131-9C3C-07061F326F5D}] => (Allow) C:\Program Files (x86)\Simple Port Tester\spt.exe
FirewallRules: [{9249C14F-294F-4557-8A29-A191FD258817}] => (Allow) C:\Program Files (x86)\Simple Port Tester\spt.exe
FirewallRules: [{028880DA-B2C0-402B-86F3-56BDB841F290}] => (Allow) LPort=8080
FirewallRules: [{37474FE3-1E63-4F9F-8856-A5029048DE17}] => (Allow) LPort=4481
FirewallRules: [{89B0CD08-2616-4885-9428-4A7CC9CF9A3F}] => (Allow) LPort=4481
FirewallRules: [{1A63159B-9470-42D0-BD38-EAD2BE21BE2E}] => (Allow) LPort=4482
FirewallRules: [{78098966-073E-4A46-852C-123183E36E00}] => (Allow) LPort=4482
FirewallRules: [{C75016A7-F948-479A-840A-E57F36935A7B}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{09F1B502-E7A6-404A-B6E0-BD3661E667B5}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{6B8613A3-6A47-4D97-B824-02CCB7024610}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{FDA1811C-F0C5-4100-A388-81C9B6F4AFE0}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{2C9D1492-1ED8-4106-AEB1-D7991026F7FB}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\3.55.2393.607\SZBrowser.exe
FirewallRules: [{F0AF8406-EF44-4504-85F4-1430F6B5987E}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{4DDD6DC4-2508-4E94-9256-6CAFDDC96FD9}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{81AEE7DE-DAE8-4CE5-A558-774811052539}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{4620A280-1B42-443C-9F01-0CDD8564BD49}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{6C70BCD6-9307-4F93-BC7B-04E652401F4D}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{EBF61AD2-9DDB-48F8-9B73-14A8D6EC5E37}] => (Allow) C:\Program Files\SmartFTP Client\SmartFTP.exe
FirewallRules: [{B360693E-6543-47A9-B3B4-A36C614ADFED}] => (Allow) C:\Windows\System32\KMSServer.exe
FirewallRules: [{35B815F1-BAB7-4542-BF0F-671F47DFEE0B}] => (Allow) C:\Windows\System32\KMSServer.exe
FirewallRules: [{59A4039F-112A-4326-9DB0-801267A02B21}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\3.55.2393.609\SZBrowser.exe
 
==================== Restore Points =========================
 
21-07-2017 21:46:23 Scheduled Checkpoint
 
==================== Faulty Device Manager Devices =============
 
Name: avast! SecureLine TAP Adapter v3
Description: avast! SecureLine TAP Adapter v3
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: TAP-Windows Provider V9
Service: aswTap
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (07/21/2017 09:46:28 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
 
System Error:
Access is denied.
.
 
Error: (07/21/2017 07:34:00 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xC004F074
Command-line arguments:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=UserLogon;SessionId=1
 
Error: (07/21/2017 07:34:00 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xC004F074
Command-line arguments:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=NetworkAvailable
 
Error: (07/21/2017 07:32:51 PM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: The index cannot be initialized.
 
Details:
The specified object cannot be found. Specify the name of an existing object.  (HRESULT : 0x80040d06) (0x80040d06)
 
Error: (07/21/2017 07:32:51 PM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: The application cannot be initialized.
 
Context: Windows Application
 
Details:
The specified object cannot be found. Specify the name of an existing object.  (HRESULT : 0x80040d06) (0x80040d06)
 
Error: (07/21/2017 07:32:51 PM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: The gatherer object cannot be initialized.
 
Context: Windows Application, SystemIndex Catalog
 
Details:
The specified object cannot be found. Specify the name of an existing object.  (HRESULT : 0x80040d06) (0x80040d06)
 
Error: (07/21/2017 07:32:51 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: The plug-in in <Search.TripoliIndexer> cannot be initialized.
 
Context: Windows Application, SystemIndex Catalog
 
Details:
The specified object cannot be found. Specify the name of an existing object.  (HRESULT : 0x80040d06) (0x80040d06)
 
Error: (07/21/2017 07:32:50 PM) (Source: Windows Search Service) (EventID: 3057) (User: )
Description: The plug-in manager <Search.TripoliIndexer> cannot be initialized.
 
Context: Windows Application
 
Details:
(HRESULT : 0x8e5e0210) (0x8e5e0210)
 
Error: (07/21/2017 07:32:50 PM) (Source: Windows Search Service) (EventID: 7042) (User: )
Description: The Windows Search Service is being stopped because there is a problem with the indexer: The catalog is corrupt.
 
Details:
The content index catalog is corrupt.   0xc0041801 (0xc0041801)
 
Error: (07/21/2017 07:32:50 PM) (Source: Windows Search Service) (EventID: 7040) (User: )
Description: The search service has detected corrupted data files in the index {id=4810 - enduser\mssearch2\search\ytrip\common\util\jetutil.cpp (167)}. The service will attempt to automatically correct this problem by rebuilding the index.
 
Details:
0x8e5e0210 (0x8e5e0210)
 
 
System errors:
=============
Error: (07/21/2017 09:43:36 PM) (Source: volsnap) (EventID: 36) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
 
Error: (07/21/2017 09:41:57 PM) (Source: DCOM) (EventID: 10010) (User: Ajay)
Description: The server {1B1F472E-3221-4826-97DB-2C2324D389AE} did not register with DCOM within the required timeout.
 
Error: (07/21/2017 09:41:26 PM) (Source: DCOM) (EventID: 10010) (User: Ajay)
Description: The server {BF6C1E47-86EC-4194-9CE5-13C15DCB2001} did not register with DCOM within the required timeout.
 
Error: (07/21/2017 07:43:38 PM) (Source: DCOM) (EventID: 10010) (User: Ajay)
Description: The server {1B1F472E-3221-4826-97DB-2C2324D389AE} did not register with DCOM within the required timeout.
 
Error: (07/21/2017 07:43:08 PM) (Source: DCOM) (EventID: 10010) (User: Ajay)
Description: The server {BF6C1E47-86EC-4194-9CE5-13C15DCB2001} did not register with DCOM within the required timeout.
 
Error: (07/21/2017 07:33:00 PM) (Source: DCOM) (EventID: 10005) (User: Ajay)
Description: DCOM got error "1053" attempting to start the service WSearch with arguments "Unavailable" in order to run the server:
{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}
 
Error: (07/21/2017 07:33:00 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Search service failed to start due to the following error: 
The service did not respond to the start or control request in a timely fashion.
 
Error: (07/21/2017 07:33:00 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
 
Error: (07/21/2017 07:33:00 PM) (Source: DCOM) (EventID: 10005) (User: Ajay)
Description: DCOM got error "1053" attempting to start the service WSearch with arguments "Unavailable" in order to run the server:
{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}
 
Error: (07/21/2017 07:33:00 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Search service failed to start due to the following error: 
The service did not respond to the start or control request in a timely fashion.
 
 
CodeIntegrity:
===================================
  Date: 2017-07-20 21:26:10.178
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2017-07-20 21:26:09.991
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2017-07-20 21:26:09.835
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2017-07-20 21:26:09.678
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2017-07-20 21:26:09.538
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2017-07-20 21:26:09.366
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2017-07-20 21:26:09.210
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2017-07-20 21:26:09.053
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2017-07-20 21:26:08.881
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2017-07-20 21:26:08.710
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Processor: Pentium® Dual-Core CPU E5700 @ 3.00GHz
Percentage of memory in use: 51%
Total physical RAM: 7836.49 MB
Available physical RAM: 3834.15 MB
Total Virtual: 16476.49 MB
Available Virtual: 12258.73 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:97.65 GB) (Free:13.05 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: () (Fixed) (Total:135.22 GB) (Free:38.85 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: A46CA46C)
Partition 1: (Active) - (Size=97.7 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=135.2 GB) - (Type=OF Extended)
 
==================== End of Addition.txt ============================
ckfiles.txt 
 
CKScanner 2.5 - Additional Security Risks - These are not necessarily bad
c:\program files\kmspico\autopico.exe
c:\program files\kmspico\devcomponents.dotnetbar2.dll
c:\program files\kmspico\kmseldi.exe
c:\program files\kmspico\unins000.dat
c:\program files\kmspico\unins000.exe
c:\program files\kmspico\uninshs.exe
c:\program files\kmspico\cert\installall.cmd
c:\program files\kmspico\cert\kmscert2010\access\accessvlreg32.reg
c:\program files\kmspico\cert\kmscert2010\access\accessvlreg64.reg
c:\program files\kmspico\cert\kmscert2010\access\accessvlregwow.reg
c:\program files\kmspico\cert\kmscert2010\access\access_kms_client.oob.xrm-ms
c:\program files\kmspico\cert\kmscert2010\access\access_kms_client.pl.xrm-ms
c:\program files\kmspico\cert\kmscert2010\access\access_kms_client.ppdlic.xrm-ms
c:\program files\kmspico\cert\kmscert2010\access\access_kms_client.rac_priv.xrm-ms
c:\program files\kmspico\cert\kmscert2010\access\access_kms_client.rac_pub.xrm-ms
c:\program files\kmspico\cert\kmscert2010\access\access_mak.oob.xrm-ms
c:\program files\kmspico\cert\kmscert2010\access\access_mak.phn.xrm-ms
c:\program files\kmspico\cert\kmscert2010\access\access_mak.pl.xrm-ms
c:\program files\kmspico\cert\kmscert2010\access\access_mak.ppdlic.xrm-ms
c:\program files\kmspico\cert\kmscert2010\excel\excelvlreg32.reg
c:\program files\kmspico\cert\kmscert2010\excel\excelvlreg64.reg
c:\program files\kmspico\cert\kmscert2010\excel\excelvlregwow.reg
c:\program files\kmspico\cert\kmscert2010\excel\excel_kms_client.oob.xrm-ms
c:\program files\kmspico\cert\kmscert2010\excel\excel_kms_client.pl.xrm-ms
c:\program files\kmspico\cert\kmscert2010\excel\excel_kms_client.ppdlic.xrm-ms
c:\program files\kmspico\cert\kmscert2010\excel\excel_kms_client.rac_priv.xrm-ms
c:\program files\kmspico\cert\kmscert2010\excel\excel_kms_client.rac_pub.xrm-ms
c:\program files\kmspico\cert\kmscert2010\excel\excel_mak.oob.xrm-ms
c:\program files\kmspico\cert\kmscert2010\excel\excel_mak.phn.xrm-ms
c:\program files\kmspico\cert\kmscert2010\excel\excel_mak.pl.xrm-ms
c:\program files\kmspico\cert\kmscert2010\excel\excel_mak.ppdlic.xrm-ms
c:\program files\kmspico\cert\kmscert2010\groove\groovevlreg32.reg
c:\program files\kmspico\cert\kmscert2010\groove\groovevlreg64.reg
c:\program files\kmspico\cert\kmscert2010\groove\groovevlregwow.reg
c:\program files\kmspico\cert\kmscert2010\groove\groove_kms_client.oob.xrm-ms
c:\program files\kmspico\cert\kmscert2010\groove\groove_kms_client.pl.xrm-ms
c:\program files\kmspico\cert\kmscert2010\groove\groove_kms_client.ppdlic.xrm-ms
c:\program files\kmspico\cert\kmscert2010\groove\groove_kms_client.rac_priv.xrm-ms
c:\program files\kmspico\cert\kmscert2010\groove\groove_kms_client.rac_pub.xrm-ms
c:\program files\kmspico\cert\kmscert2010\groove\groove_mak.oob.xrm-ms
c:\program files\kmspico\cert\kmscert2010\groove\groove_mak.phn.xrm-ms
c:\program files\kmspico\cert\kmscert2010\groove\groove_mak.pl.xrm-ms
c:\program files\kmspico\cert\kmscert2010\groove\groove_mak.ppdlic.xrm-ms
c:\program files\kmspico\cert\kmscert2010\infopath\infopathvlreg32.reg
c:\program files\kmspico\cert\kmscert2010\infopath\infopathvlreg64.reg
c:\program files\kmspico\cert\kmscert2010\infopath\infopathvlregwow.reg
c:\program files\kmspico\cert\kmscert2010\infopath\infopath_kms_client.oob.xrm-ms
c:\program files\kmspico\cert\kmscert2010\infopath\infopath_kms_client.pl.xrm-ms
c:\program files\kmspico\cert\kmscert2010\infopath\infopath_kms_client.ppdlic.xrm-ms
c:\program files\kmspico\cert\kmscert2010\infopath\infopath_kms_client.rac_priv.xrm-ms
c:\program files\kmspico\cert\kmscert2010\infopath\infopath_kms_client.rac_pub.xrm-ms
c:\program files\kmspico\cert\kmscert2010\infopath\infopath_mak.oob.xrm-ms
c:\program files\kmspico\cert\kmscert2010\infopath\infopath_mak.phn.xrm-ms
c:\program files\kmspico\cert\kmscert2010\infopath\infopath_mak.pl.xrm-ms
c:\program files\kmspico\cert\kmscert2010\infopath\infopath_mak.ppdlic.xrm-ms
c:\program files\kmspico\cert\kmscert2010\onenote\onenotevlreg32.reg
c:\program files\kmspico\cert\kmscert2010\onenote\onenotevlreg64.reg
c:\program files\kmspico\cert\kmscert2010\onenote\onenotevlregwow.reg
c:\program files\kmspico\cert\kmscert2010\onenote\onenote_kms_client.oob.xrm-ms
c:\program files\kmspico\cert\kmscert2010\onenote\onenote_kms_client.pl.xrm-ms
c:\program files\kmspico\cert\kmscert2010\onenote\onenote_kms_client.ppdlic.xrm-ms
c:\program files\kmspico\cert\kmscert2010\onenote\onenote_kms_client.rac_priv.xrm-ms
c:\program files\kmspico\cert\kmscert2010\onenote\onenote_kms_client.rac_pub.xrm-ms
c:\program files\kmspico\cert\kmscert2010\onenote\onenote_mak.oob.xrm-ms
c:\program files\kmspico\cert\kmscert2010\onenote\onenote_mak.phn.xrm-ms
c:\program files\kmspico\cert\kmscert2010\onenote\onenote_mak.pl.xrm-ms
c:\program files\kmspico\cert\kmscert2010\onenote\onenote_mak.ppdlic.xrm-ms
c:\program files\kmspico\cert\kmscert2010\outlook\outlookvlreg32.reg
c:\program files\kmspico\cert\kmscert2010\outlook\outlookvlreg64.reg
c:\program files\kmspico\cert\kmscert2010\outlook\outlookvlregwow.reg
c:\program files\kmspico\cert\kmscert2010\outlook\outlook_kms_client.oob.xrm-ms
c:\program files\kmspico\cert\kmscert2010\outlook\outlook_kms_client.pl.xrm-ms
c:\program files\kmspico\cert\kmscert2010\outlook\outlook_kms_client.ppdlic.xrm-ms
c:\program files\kmspico\cert\kmscert2010\outlook\outlook_kms_client.rac_priv.xrm-ms
c:\program files\kmspico\cert\kmscert2010\outlook\outlook_kms_client.rac_pub.xrm-ms
c:\program files\kmspico\cert\kmscert2010\outlook\outlook_mak.oob.xrm-ms
c:\program files\kmspico\cert\kmscert2010\outlook\outlook_mak.phn.xrm-ms
c:\program files\kmspico\cert\kmscert2010\outlook\outlook_mak.pl.xrm-ms
c:\program files\kmspico\cert\kmscert2010\outlook\outlook_mak.ppdlic.xrm-ms
c:\program files\kmspico\cert\kmscert2010\powerpoint\powerpointvlreg32.reg
c:\program files\kmspico\cert\kmscert2010\powerpoint\powerpointvlreg64.reg
c:\program files\kmspico\cert\kmscert2010\powerpoint\powerpointvlregwow.reg
c:\program files\kmspico\cert\kmscert2010\powerpoint\powerpoint_kms_client.oob.xrm-ms
c:\program files\kmspico\cert\kmscert2010\powerpoint\powerpoint_kms_client.pl.xrm-ms
c:\program files\kmspico\cert\kmscert2010\powerpoint\powerpoint_kms_client.ppdlic.xrm-ms
c:\program files\kmspico\cert\kmscert2010\powerpoint\powerpoint_kms_client.rac_priv.xrm-ms
c:\program files\kmspico\cert\kmscert2010\powerpoint\powerpoint_kms_client.rac_pub.xrm-ms
c:\program files\kmspico\cert\kmscert2010\powerpoint\powerpoint_mak.oob.xrm-ms
c:\program files\kmspico\cert\kmscert2010\powerpoint\powerpoint_mak.phn.xrm-ms
c:\program files\kmspico\cert\kmscert2010\powerpoint\powerpoint_mak.pl.xrm-ms
c:\program files\kmspico\cert\kmscert2010\powerpoint\powerpoint_mak.ppdlic.xrm-ms
c:\program files\kmspico\cert\kmscert2010\projectpro\projectprovlreg32.reg
c:\program files\kmspico\cert\kmscert2010\projectpro\projectprovlreg64.reg
c:\program files\kmspico\cert\kmscert2010\projectpro\projectprovlregwow.reg
c:\program files\kmspico\cert\kmscert2010\projectpro\projectpro_kms_client.oob.xrm-ms
c:\program files\kmspico\cert\kmscert2010\projectpro\projectpro_kms_client.pl.xrm-ms
c:\program files\kmspico\cert\kmscert2010\projectpro\projectpro_kms_client.ppdlic.xrm-ms
c:\program files\kmspico\cert\kmscert2010\projectpro\projectpro_kms_client.rac_priv.xrm-ms
c:\program files\kmspico\cert\kmscert2010\projectpro\projectpro_kms_client.rac_pub.xrm-ms
c:\program files\kmspico\cert\kmscert2010\projectpro\projectpro_mak.oob.xrm-ms
c:\program files\kmspico\cert\kmscert2010\projectpro\projectpro_mak.phn.xrm-ms
c:\program files\kmspico\cert\kmscert2010\projectpro\projectpro_mak.pl.xrm-ms
c:\program files\kmspico\cert\kmscert2010\projectpro\projectpro_mak.ppdlic.xrm-ms
c:\program files\kmspico\cert\kmscert2010\projectstd\projectstdvlreg32.reg
c:\program files\kmspico\cert\kmscert2010\projectstd\projectstdvlreg64.reg
c:\program files\kmspico\cert\kmscert2010\projectstd\projectstdvlregwow.reg
c:\program files\kmspico\cert\kmscert2010\projectstd\projectstd_kms_client.oob.xrm-ms
c:\program files\kmspico\cert\kmscert2010\projectstd\projectstd_kms_client.pl.xrm-ms
c:\program files\kmspico\cert\kmscert2010\projectstd\projectstd_kms_client.ppdlic.xrm-ms
c:\program files\kmspico\cert\kmscert2010\projectstd\projectstd_kms_client.rac_priv.xrm-ms
c:\program files\kmspico\cert\kmscert2010\projectstd\projectstd_kms_client.rac_pub.xrm-ms
c:\program files\kmspico\cert\kmscert2010\projectstd\projectstd_mak.oob.xrm-ms
c:\program files\kmspico\cert\kmscert2010\projectstd\projectstd_mak.phn.xrm-ms
c:\program files\kmspico\cert\kmscert2010\projectstd\projectstd_mak.pl.xrm-ms
c:\program files\kmspico\cert\kmscert2010\projectstd\projectstd_mak.ppdlic.xrm-ms
c:\program files\kmspico\cert\kmscert2010\projectstd\projectstd_mak2.oob.xrm-ms
c:\program files\kmspico\cert\kmscert2010\projectstd\projectstd_mak2.phn.xrm-ms
c:\program files\kmspico\cert\kmscert2010\projectstd\projectstd_mak2.pl.xrm-ms
c:\program files\kmspico\cert\kmscert2010\projectstd\projectstd_mak2.ppdlic.xrm-ms
c:\program files\kmspico\cert\kmscert2010\proplus\proplusacad_mak.oob.xrm-ms
c:\program files\kmspico\cert\kmscert2010\proplus\proplusacad_mak.phn.xrm-ms
c:\program files\kmspico\cert\kmscert2010\proplus\proplusacad_mak.pl.xrm-ms
c:\program files\kmspico\cert\kmscert2010\proplus\proplusacad_mak.ppdlic.xrm-ms
c:\program files\kmspico\cert\kmscert2010\proplus\proplusvlreg32.reg
c:\program files\kmspico\cert\kmscert2010\proplus\proplusvlreg64.reg
c:\program files\kmspico\cert\kmscert2010\proplus\proplusvlregwow.reg
c:\program files\kmspico\cert\kmscert2010\proplus\proplus_kms_client.oob.xrm-ms
c:\program files\kmspico\cert\kmscert2010\proplus\proplus_kms_client.pl.xrm-ms
c:\program files\kmspico\cert\kmscert2010\proplus\proplus_kms_client.ppdlic.xrm-ms
c:\program files\kmspico\cert\kmscert2010\proplus\proplus_kms_client.rac_priv.xrm-ms
c:\program files\kmspico\cert\kmscert2010\proplus\proplus_kms_client.rac_pub.xrm-ms
c:\program files\kmspico\cert\kmscert2010\proplus\proplus_mak.oob.xrm-ms
c:\program files\kmspico\cert\kmscert2010\proplus\proplus_mak.phn.xrm-ms
c:\program files\kmspico\cert\kmscert2010\proplus\proplus_mak.pl.xrm-ms
c:\program files\kmspico\cert\kmscert2010\proplus\proplus_mak.ppdlic.xrm-ms
c:\program files\kmspico\cert\kmscert2010\publisher\publishervlreg32.reg
c:\program files\kmspico\cert\kmscert2010\publisher\publishervlreg64.reg
c:\program files\kmspico\cert\kmscert2010\publisher\publishervlregwow.reg
c:\program files\kmspico\cert\kmscert2010\publisher\publisher_kms_client.oob.xrm-ms
c:\program files\kmspico\cert\kmscert2010\publisher\publisher_kms_client.pl.xrm-ms
c:\program files\kmspico\cert\kmscert2010\publisher\publisher_kms_client.ppdlic.xrm-ms
c:\program files\kmspico\cert\kmscert2010\publisher\publisher_kms_client.rac_priv.xrm-ms
c:\program files\kmspico\cert\kmscert2010\publisher\publisher_kms_client.rac_pub.xrm-ms
c:\program files\kmspico\cert\kmscert2010\publisher\publisher_mak.oob.xrm-ms
c:\program files\kmspico\cert\kmscert2010\publisher\publisher_mak.phn.xrm-ms
c:\program files\kmspico\cert\kmscert2010\publisher\publisher_mak.pl.xrm-ms
c:\program files\kmspico\cert\kmscert2010\publisher\publisher_mak.ppdlic.xrm-ms
c:\program files\kmspico\cert\kmscert2010\smallbusbasics\smallbusbasicsvlreg32.reg
c:\program files\kmspico\cert\kmscert2010\smallbusbasics\smallbusbasicsvlreg64.reg
c:\program files\kmspico\cert\kmscert2010\smallbusbasics\smallbusbasicsvlregwow.reg
c:\program files\kmspico\cert\kmscert2010\smallbusbasics\smallbusbasics_kms_client.oob.xrm-ms
c:\program files\kmspico\cert\kmscert2010\smallbusbasics\smallbusbasics_kms_client.pl.xrm-ms
c:\program files\kmspico\cert\kmscert2010\smallbusbasics\smallbusbasics_kms_client.ppdlic.xrm-ms
c:\program files\kmspico\cert\kmscert2010\smallbusbasics\smallbusbasics_kms_client.rac_priv.xrm-ms
c:\program files\kmspico\cert\kmscert2010\smallbusbasics\smallbusbasics_kms_client.rac_pub.xrm-ms
c:\program files\kmspico\cert\kmscert2010\smallbusbasics\smallbusbasics_mak.oob.xrm-ms
c:\program files\kmspico\cert\kmscert2010\smallbusbasics\smallbusbasics_mak.phn.xrm-ms
c:\program files\kmspico\cert\kmscert2010\smallbusbasics\smallbusbasics_mak.pl.xrm-ms
c:\program files\kmspico\cert\kmscert2010\smallbusbasics\smallbusbasics_mak.ppdlic.xrm-ms
c:\program files\kmspico\cert\kmscert2010\standard\standardacad_mak.oob.xrm-ms
c:\program files\kmspico\cert\kmscert2010\standard\standardacad_mak.phn.xrm-ms
c:\program files\kmspico\cert\kmscert2010\standard\standardacad_mak.pl.xrm-ms
c:\program files\kmspico\cert\kmscert2010\standard\standardacad_mak.ppdlic.xrm-ms
c:\program files\kmspico\cert\kmscert2010\standard\standardvlreg32.reg
c:\program files\kmspico\cert\kmscert2010\standard\standardvlreg64.reg
c:\program files\kmspico\cert\kmscert2010\standard\standardvlregwow.reg
c:\program files\kmspico\cert\kmscert2010\standard\standard_kms_client.oob.xrm-ms
c:\program files\kmspico\cert\kmscert2010\standard\standard_kms_client.pl.xrm-ms
c:\program files\kmspico\cert\kmscert2010\standard\standard_kms_client.ppdlic.xrm-ms
c:\program files\kmspico\cert\kmscert2010\standard\standard_kms_client.rac_priv.xrm-ms
c:\program files\kmspico\cert\kmscert2010\standard\standard_kms_client.rac_pub.xrm-ms
c:\program files\kmspico\cert\kmscert2010\standard\standard_mak.oob.xrm-ms
c:\program files\kmspico\cert\kmscert2010\standard\standard_mak.phn.xrm-ms
c:\program files\kmspico\cert\kmscert2010\standard\standard_mak.pl.xrm-ms
c:\program files\kmspico\cert\kmscert2010\standard\standard_mak.ppdlic.xrm-ms
c:\program files\kmspico\cert\kmscert2010\visio\visioprem_kms_client.oob.xrm-ms
c:\program files\kmspico\cert\kmscert2010\visio\visioprem_kms_client.pl.xrm-ms
c:\program files\kmspico\cert\kmscert2010\visio\visioprem_kms_client.ppdlic.xrm-ms
c:\program files\kmspico\cert\kmscert2010\visio\visioprem_kms_client.rac_priv.xrm-ms
c:\program files\kmspico\cert\kmscert2010\visio\visioprem_kms_client.rac_pub.xrm-ms
c:\program files\kmspico\cert\kmscert2010\visio\visioprem_mak.oob.xrm-ms
c:\program files\kmspico\cert\kmscert2010\visio\visioprem_mak.phn.xrm-ms
c:\program files\kmspico\cert\kmscert2010\visio\visioprem_mak.pl.xrm-ms
c:\program files\kmspico\cert\kmscert2010\visio\visioprem_mak.ppdlic.xrm-ms
c:\program files\kmspico\cert\kmscert2010\visio\visiopro_kms_client.oob.xrm-ms
c:\program files\kmspico\cert\kmscert2010\visio\visiopro_kms_client.pl.xrm-ms
c:\program files\kmspico\cert\kmscert2010\visio\visiopro_kms_client.ppdlic.xrm-ms
c:\program files\kmspico\cert\kmscert2010\visio\visiopro_kms_client.rac_priv.xrm-ms
c:\program files\kmspico\cert\kmscert2010\visio\visiopro_kms_client.rac_pub.xrm-ms
c:\program files\kmspico\cert\kmscert2010\visio\visiopro_mak.oob.xrm-ms
c:\program files\kmspico\cert\kmscert2010\visio\visiopro_mak.phn.xrm-ms
c:\program files\kmspico\cert\kmscert2010\visio\visiopro_mak.pl.xrm-ms
c:\program files\kmspico\cert\kmscert2010\visio\visiopro_mak.ppdlic.xrm-ms
c:\program files\kmspico\cert\kmscert2010\visio\visiostd_kms_client.oob.xrm-ms
c:\program files\kmspico\cert\kmscert2010\visio\visiostd_kms_client.pl.xrm-ms
c:\program files\kmspico\cert\kmscert2010\visio\visiostd_kms_client.ppdlic.xrm-ms
c:\program files\kmspico\cert\kmscert2010\visio\visiostd_kms_client.rac_priv.xrm-ms
c:\program files\kmspico\cert\kmscert2010\visio\visiostd_kms_client.rac_pub.xrm-ms
c:\program files\kmspico\cert\kmscert2010\visio\visiostd_mak.oob.xrm-ms
c:\program files\kmspico\cert\kmscert2010\visio\visiostd_mak.phn.xrm-ms
c:\program files\kmspico\cert\kmscert2010\visio\visiostd_mak.pl.xrm-ms
c:\program files\kmspico\cert\kmscert2010\visio\visiostd_mak.ppdlic.xrm-ms
c:\program files\kmspico\cert\kmscert2010\visio\visiovlreg32.reg
c:\program files\kmspico\cert\kmscert2010\visio\visiovlreg64.reg
c:\program files\kmspico\cert\kmscert2010\visio\visiovlregwow.reg
c:\program files\kmspico\cert\kmscert2010\word\wordvlreg32.reg
c:\program files\kmspico\cert\kmscert2010\word\wordvlreg64.reg
c:\program files\kmspico\cert\kmscert2010\word\wordvlregwow.reg
c:\program files\kmspico\cert\kmscert2010\word\word_kms_client.oob.xrm-ms
c:\program files\kmspico\cert\kmscert2010\word\word_kms_client.pl.xrm-ms
c:\program files\kmspico\cert\kmscert2010\word\word_kms_client.ppdlic.xrm-ms
c:\program files\kmspico\cert\kmscert2010\word\word_kms_client.rac_priv.xrm-ms
c:\program files\kmspico\cert\kmscert2010\word\word_kms_client.rac_pub.xrm-ms
c:\program files\kmspico\cert\kmscert2010\word\word_mak.oob.xrm-ms
c:\program files\kmspico\cert\kmscert2010\word\word_mak.phn.xrm-ms
c:\program files\kmspico\cert\kmscert2010\word\word_mak.pl.xrm-ms
c:\program files\kmspico\cert\kmscert2010\word\word_mak.ppdlic.xrm-ms
c:\program files\kmspico\cert\kmscert2013\access\licenses.sl.issuance.client_bridge_office.xrm-ms
c:\program files\kmspico\cert\kmscert2013\access\licenses.sl.issuance.client_root.xrm-ms
c:\program files\kmspico\cert\kmscert2013\access\licenses.sl.issuance.client_root_bridge_test.xrm-ms
c:\program files\kmspico\cert\kmscert2013\access\licenses.sl.issuance.client_stil.xrm-ms
c:\program files\kmspico\cert\kmscert2013\access\licenses.sl.issuance.client_ul.xrm-ms
c:\program files\kmspico\cert\kmscert2013\access\licenses.sl.issuance.client_ul_oob.xrm-ms
c:\program files\kmspico\cert\kmscert2013\access\licenses.sl.pkeyconfig.signed.xrm-ms
c:\program files\kmspico\cert\kmscert2013\access\licensesetdata._4374022d_56b8_48c1_9bb7_d8f2fc726343.oob.xrm-ms
c:\program files\kmspico\cert\kmscert2013\access\licensesetdata._4374022d_56b8_48c1_9bb7_d8f2fc726343.phn.xrm-ms
c:\program files\kmspico\cert\kmscert2013\access\licensesetdata._4374022d_56b8_48c1_9bb7_d8f2fc726343.pl.xrm-ms
c:\program files\kmspico\cert\kmscert2013\access\licensesetdata._4374022d_56b8_48c1_9bb7_d8f2fc726343.ppdlic.xrm-ms
c:\program files\kmspico\cert\kmscert2013\access\licensesetdata._6ee7622c_18d8_4005_9fb7_92db644a279b.oob.xrm-ms
c:\program files\kmspico\cert\kmscert2013\access\licensesetdata._6ee7622c_18d8_4005_9fb7_92db644a279b.pl.xrm-ms
c:\program files\kmspico\cert\kmscert2013\access\licensesetdata._6ee7622c_18d8_4005_9fb7_92db644a279b.ppdlic.xrm-ms
c:\program files\kmspico\cert\kmscert2013\excel\licenses.sl.issuance.client_bridge_office.xrm-ms
c:\program files\kmspico\cert\kmscert2013\excel\licenses.sl.issuance.client_root.xrm-ms
c:\program files\kmspico\cert\kmscert2013\excel\licenses.sl.issuance.client_root_bridge_test.xrm-ms
c:\program files\kmspico\cert\kmscert2013\excel\licenses.sl.issuance.client_stil.xrm-ms
c:\program files\kmspico\cert\kmscert2013\excel\licenses.sl.issuance.client_ul.xrm-ms
c:\program files\kmspico\cert\kmscert2013\excel\licenses.sl.issuance.client_ul_oob.xrm-ms
c:\program files\kmspico\cert\kmscert2013\excel\licenses.sl.pkeyconfig.signed.xrm-ms
c:\program files\kmspico\cert\kmscert2013\excel\licensesetdata._ac1ae7fd_b949_4e04_a330_849bc40638cf.oob.xrm-ms
c:\program files\kmspico\cert\kmscert2013\excel\licensesetdata._ac1ae7fd_b949_4e04_a330_849bc40638cf.phn.xrm-ms
c:\program files\kmspico\cert\kmscert2013\excel\licensesetdata._ac1ae7fd_b949_4e04_a330_849bc40638cf.pl.xrm-ms
c:\program files\kmspico\cert\kmscert2013\excel\licensesetdata._ac1ae7fd_b949_4e04_a330_849bc40638cf.ppdlic.xrm-ms
c:\program files\kmspico\cert\kmscert2013\excel\licensesetdata._f7461d52_7c2b_43b2_8744_ea958e0bd09a.oob.xrm-ms
c:\program files\kmspico\cert\kmscert2013\excel\licensesetdata._f7461d52_7c2b_43b2_8744_ea958e0bd09a.pl.xrm-ms
c:\program files\kmspico\cert\kmscert2013\excel\licensesetdata._f7461d52_7c2b_43b2_8744_ea958e0bd09a.ppdlic.xrm-ms
c:\program files\kmspico\cert\kmscert2013\infopath\licenses.sl.issuance.client_bridge_office.xrm-ms
c:\program files\kmspico\cert\kmscert2013\infopath\licenses.sl.issuance.client_root.xrm-ms
c:\program files\kmspico\cert\kmscert2013\infopath\licenses.sl.issuance.client_root_bridge_test.xrm-ms
c:\program files\kmspico\cert\kmscert2013\infopath\licenses.sl.issuance.client_stil.xrm-ms
c:\program files\kmspico\cert\kmscert2013\infopath\licenses.sl.issuance.client_ul.xrm-ms
c:\program files\kmspico\cert\kmscert2013\infopath\licenses.sl.issuance.client_ul_oob.xrm-ms
c:\program files\kmspico\cert\kmscert2013\infopath\licenses.sl.pkeyconfig.signed.xrm-ms
c:\program files\kmspico\cert\kmscert2013\infopath\licensesetdata._9e016989_4007_42a6_8051_64eb97110cf2.oob.xrm-ms
c:\program files\kmspico\cert\kmscert2013\infopath\licensesetdata._9e016989_4007_42a6_8051_64eb97110cf2.phn.xrm-ms
c:\program files\kmspico\cert\kmscert2013\infopath\licensesetdata._9e016989_4007_42a6_8051_64eb97110cf2.pl.xrm-ms
c:\program files\kmspico\cert\kmscert2013\infopath\licensesetdata._9e016989_4007_42a6_8051_64eb97110cf2.ppdlic.xrm-ms
c:\program files\kmspico\cert\kmscert2013\infopath\licensesetdata._a30b8040_d68a_423f_b0b5_9ce292ea5a8f.oob.xrm-ms
c:\program files\kmspico\cert\kmscert2013\infopath\licensesetdata._a30b8040_d68a_423f_b0b5_9ce292ea5a8f.pl.xrm-ms
c:\program files\kmspico\cert\kmscert2013\infopath\licensesetdata._a30b8040_d68a_423f_b0b5_9ce292ea5a8f.ppdlic.xrm-ms
c:\program files\kmspico\cert\kmscert2013\lync\licenses.sl.issuance.client_bridge_office.xrm-ms
c:\program files\kmspico\cert\kmscert2013\lync\licenses.sl.issuance.client_root.xrm-ms
c:\program files\kmspico\cert\kmscert2013\lync\licenses.sl.issuance.client_root_bridge_test.xrm-ms
c:\program files\kmspico\cert\kmscert2013\lync\licenses.sl.issuance.client_stil.xrm-ms
c:\program files\kmspico\cert\kmscert2013\lync\licenses.sl.issuance.client_ul.xrm-ms
c:\program files\kmspico\cert\kmscert2013\lync\licenses.sl.issuance.client_ul_oob.xrm-ms
c:\program files\kmspico\cert\kmscert2013\lync\licenses.sl.pkeyconfig.signed.xrm-ms
c:\program files\kmspico\cert\kmscert2013\lync\licensesetdata._1b9f11e3_c85c_4e1b_bb29_879ad2c909e3.oob.xrm-ms
c:\program files\kmspico\cert\kmscert2013\lync\licensesetdata._1b9f11e3_c85c_4e1b_bb29_879ad2c909e3.pl.xrm-ms
c:\program files\kmspico\cert\kmscert2013\lync\licensesetdata._1b9f11e3_c85c_4e1b_bb29_879ad2c909e3.ppdlic.xrm-ms
c:\program files\kmspico\cert\kmscert2013\lync\licensesetdata._e1264e10_afaf_4439_a98b_256df8bb156f.oob.xrm-ms
c:\program files\kmspico\cert\kmscert2013\lync\licensesetdata._e1264e10_afaf_4439_a98b_256df8bb156f.phn.xrm-ms
c:\program files\kmspico\cert\kmscert2013\lync\licensesetdata._e1264e10_afaf_4439_a98b_256df8bb156f.pl.xrm-ms
c:\program files\kmspico\cert\kmscert2013\lync\licensesetdata._e1264e10_afaf_4439_a98b_256df8bb156f.ppdlic.xrm-ms
c:\program files\kmspico\cert\kmscert2013\onenote\licenses.sl.issuance.client_bridge_office.xrm-ms
c:\program files\kmspico\cert\kmscert2013\onenote\licenses.sl.issuance.client_root.xrm-ms
c:\program files\kmspico\cert\kmscert2013\onenote\licenses.sl.issuance.client_root_bridge_test.xrm-ms
c:\program files\kmspico\cert\kmscert2013\onenote\licenses.sl.issuance.client_stil.xrm-ms
c:\program files\kmspico\cert\kmscert2013\onenote\licenses.sl.issuance.client_ul.xrm-ms
c:\program files\kmspico\cert\kmscert2013\onenote\licenses.sl.issuance.client_ul_oob.xrm-ms
c:\program files\kmspico\cert\kmscert2013\onenote\licenses.sl.pkeyconfig.signed.xrm-ms
c:\program files\kmspico\cert\kmscert2013\onenote\licensesetdata._b067e965_7521_455b_b9f7_c740204578a2.oob.xrm-ms
c:\program files\kmspico\cert\kmscert2013\onenote\licensesetdata._b067e965_7521_455b_b9f7_c740204578a2.phn.xrm-ms
c:\program files\kmspico\cert\kmscert2013\onenote\licensesetdata._b067e965_7521_455b_b9f7_c740204578a2.pl.xrm-ms
c:\program files\kmspico\cert\kmscert2013\onenote\licensesetdata._b067e965_7521_455b_b9f7_c740204578a2.ppdlic.xrm-ms
c:\program files\kmspico\cert\kmscert2013\onenote\licensesetdata._efe1f3e6_aea2_4144_a208_32aa872b6545.oob.xrm-ms
c:\program files\kmspico\cert\kmscert2013\onenote\licensesetdata._efe1f3e6_aea2_4144_a208_32aa872b6545.pl.xrm-ms
c:\program files\kmspico\cert\kmscert2013\onenote\licensesetdata._efe1f3e6_aea2_4144_a208_32aa872b6545.ppdlic.xrm-ms
c:\program files\kmspico\cert\kmscert2013\outlook\licenses.sl.issuance.client_bridge_office.xrm-ms
c:\program files\kmspico\cert\kmscert2013\outlook\licenses.sl.issuance.client_root.xrm-ms
c:\program files\kmspico\cert\kmscert2013\outlook\licenses.sl.issuance.client_root_bridge_test.xrm-ms
c:\program files\kmspico\cert\kmscert2013\outlook\licenses.sl.issuance.client_stil.xrm-ms
c:\program files\kmspico\cert\kmscert2013\outlook\licenses.sl.issuance.client_ul.xrm-ms
c:\program files\kmspico\cert\kmscert2013\outlook\licenses.sl.issuance.client_ul_oob.xrm-ms
c:\program files\kmspico\cert\kmscert2013\outlook\licenses.sl.pkeyconfig.signed.xrm-ms
c:\program files\kmspico\cert\kmscert2013\outlook\licensesetdata._771c3afa_50c5_443f_b151_ff2546d863a0.oob.xrm-ms
c:\program files\kmspico\cert\kmscert2013\outlook\licensesetdata._771c3afa_50c5_443f_b151_ff2546d863a0.pl.xrm-ms
c:\program files\kmspico\cert\kmscert2013\outlook\licensesetdata._771c3afa_50c5_443f_b151_ff2546d863a0.ppdlic.xrm-ms
c:\program files\kmspico\cert\kmscert2013\outlook\licensesetdata._8d577c50_ae5e_47fd_a240_24986f73d503.oob.xrm-ms
c:\program files\kmspico\cert\kmscert2013\outlook\licensesetdata._8d577c50_ae5e_47fd_a240_24986f73d503.phn.xrm-ms
c:\program files\kmspico\cert\kmscert2013\outlook\licensesetdata._8d577c50_ae5e_47fd_a240_24986f73d503.pl.xrm-ms
c:\program files\kmspico\cert\kmscert2013\outlook\licensesetdata._8d577c50_ae5e_47fd_a240_24986f73d503.ppdlic.xrm-ms
c:\program files\kmspico\cert\kmscert2013\powerpoint\licenses.sl.issuance.client_bridge_office.xrm-ms
c:\program files\kmspico\cert\kmscert2013\powerpoint\licenses.sl.issuance.client_root.xrm-ms
c:\program files\kmspico\cert\kmscert2013\powerpoint\licenses.sl.issuance.client_root_bridge_test.xrm-ms
c:\program files\kmspico\cert\kmscert2013\powerpoint\licenses.sl.issuance.client_stil.xrm-ms
c:\program files\kmspico\cert\kmscert2013\powerpoint\licenses.sl.issuance.client_ul.xrm-ms
c:\program files\kmspico\cert\kmscert2013\powerpoint\licenses.sl.issuance.client_ul_oob.xrm-ms
c:\program files\kmspico\cert\kmscert2013\powerpoint\licenses.sl.pkeyconfig.signed.xrm-ms
c:\program files\kmspico\cert\kmscert2013\powerpoint\licensesetdata._8c762649_97d1_4953_ad27_b7e2c25b972e.oob.xrm-ms
c:\program files\kmspico\cert\kmscert2013\powerpoint\licensesetdata._8c762649_97d1_4953_ad27_b7e2c25b972e.pl.xrm-ms
c:\program files\kmspico\cert\kmscert2013\powerpoint\licensesetdata._8c762649_97d1_4953_ad27_b7e2c25b972e.ppdlic.xrm-ms
c:\program files\kmspico\cert\kmscert2013\powerpoint\licensesetdata._e40dcb44_1d5c_4085_8e8f_943f33c4f004.oob.xrm-ms
c:\program files\kmspico\cert\kmscert2013\powerpoint\licensesetdata._e40dcb44_1d5c_4085_8e8f_943f33c4f004.phn.xrm-ms
c:\program files\kmspico\cert\kmscert2013\powerpoint\licensesetdata._e40dcb44_1d5c_4085_8e8f_943f33c4f004.pl.xrm-ms
c:\program files\kmspico\cert\kmscert2013\powerpoint\licensesetdata._e40dcb44_1d5c_4085_8e8f_943f33c4f004.ppdlic.xrm-ms
c:\program files\kmspico\cert\kmscert2013\projectpro\licenses.sl.issuance.client_bridge_office.xrm-ms
c:\program files\kmspico\cert\kmscert2013\projectpro\licenses.sl.issuance.client_root.xrm-ms
c:\program files\kmspico\cert\kmscert2013\projectpro\licenses.sl.issuance.client_root_bridge_test.xrm-ms
c:\program files\kmspico\cert\kmscert2013\projectpro\licenses.sl.issuance.client_stil.xrm-ms
c:\program files\kmspico\cert\kmscert2013\projectpro\licenses.sl.issuance.client_ul.xrm-ms
c:\program files\kmspico\cert\kmscert2013\projectpro\licenses.sl.issuance.client_ul_oob.xrm-ms
c:\program files\kmspico\cert\kmscert2013\projectpro\licenses.sl.pkeyconfig.signed.xrm-ms
c:\program files\kmspico\cert\kmscert2013\projectpro\licensesetdata._4a5d124a_e620_44ba_b6ff_658961b33b9a.oob.xrm-ms
c:\program files\kmspico\cert\kmscert2013\projectpro\licensesetdata._4a5d124a_e620_44ba_b6ff_658961b33b9a.pl.xrm-ms
c:\program files\kmspico\cert\kmscert2013\projectpro\licensesetdata._4a5d124a_e620_44ba_b6ff_658961b33b9a.ppdlic.xrm-ms
c:\program files\kmspico\cert\kmscert2013\projectpro\licensesetdata._ed34dc89_1c27_4ecd_8b2f_63d0f4cedc32.oob.xrm-ms
c:\program files\kmspico\cert\kmscert2013\projectpro\licensesetdata._ed34dc89_1c27_4ecd_8b2f_63d0f4cedc32.phn.xrm-ms
c:\program files\kmspico\cert\kmscert2013\projectpro\licensesetdata._ed34dc89_1c27_4ecd_8b2f_63d0f4cedc32.pl.xrm-ms
c:\program files\kmspico\cert\kmscert2013\projectpro\licensesetdata._ed34dc89_1c27_4ecd_8b2f_63d0f4cedc32.ppdlic.xrm-ms
c:\program files\kmspico\cert\kmscert2013\projectstd\licenses.sl.issuance.client_bridge_office.xrm-ms
c:\program files\kmspico\cert\kmscert2013\projectstd\licenses.sl.issuance.client_root.xrm-ms
c:\program files\kmspico\cert\kmscert2013\projectstd\licenses.sl.issuance.client_root_bridge_test.xrm-ms
c:\program files\kmspico\cert\kmscert2013\projectstd\licenses.sl.issuance.client_stil.xrm-ms
c:\program files\kmspico\cert\kmscert2013\projectstd\licenses.sl.issuance.client_ul.xrm-ms
c:\program files\kmspico\cert\kmscert2013\projectstd\licenses.sl.issuance.client_ul_oob.xrm-ms
c:\program files\kmspico\cert\kmscert2013\projectstd\licenses.sl.pkeyconfig.signed.xrm-ms
c:\program files\kmspico\cert\kmscert2013\projectstd\licensesetdata._2b9e4a37_6230_4b42_bee2_e25ce86c8c7a.oob.xrm-ms
c:\program files\kmspico\cert\kmscert2013\projectstd\licensesetdata._2b9e4a37_6230_4b42_bee2_e25ce86c8c7a.phn.xrm-ms
c:\program files\kmspico\cert\kmscert2013\projectstd\licensesetdata._2b9e4a37_6230_4b42_bee2_e25ce86c8c7a.pl.xrm-ms
c:\program files\kmspico\cert\kmscert2013\projectstd\licensesetdata._2b9e4a37_6230_4b42_bee2_e25ce86c8c7a.ppdlic.xrm-ms
c:\program files\kmspico\cert\kmscert2013\projectstd\licensesetdata._427a28d1_d17c_4abf_b717_32c780ba6f07.oob.xrm-ms
c:\program files\kmspico\cert\kmscert2013\projectstd\licensesetdata._427a28d1_d17c_4abf_b717_32c780ba6f07.pl.xrm-ms
c:\program files\kmspico\cert\kmscert2013\projectstd\licensesetdata._427a28d1_d17c_4abf_b717_32c780ba6f07.ppdlic.xrm-ms
c:\program files\kmspico\cert\kmscert2013\proplus\licenses.sl.issuance.client_bridge_office.xrm-ms
c:\program files\kmspico\cert\kmscert2013\proplus\licenses.sl.issuance.client_root.xrm-ms
c:\program files\kmspico\cert\kmscert2013\proplus\licenses.sl.issuance.client_root_bridge_test.xrm-ms
c:\program files\kmspico\cert\kmscert2013\proplus\licenses.sl.issuance.client_stil.xrm-ms
c:\program files\kmspico\cert\kmscert2013\proplus\licenses.sl.issuance.client_ul.xrm-ms
c:\program files\kmspico\cert\kmscert2013\proplus\licenses.sl.issuance.client_ul_oob.xrm-ms
c:\program files\kmspico\cert\kmscert2013\proplus\licenses.sl.pkeyconfig.signed.xrm-ms
c:\program files\kmspico\cert\kmscert2013\proplus\licensesetdata._2b88c4f2_ea8f_43cd_805e_4d41346e18a7.oob.xrm-ms
c:\program files\kmspico\cert\kmscert2013\proplus\licensesetdata._2b88c4f2_ea8f_43cd_805e_4d41346e18a7.phn.xrm-ms
c:\program files\kmspico\cert\kmscert2013\proplus\licensesetdata._2b88c4f2_ea8f_43cd_805e_4d41346e18a7.pl.xrm-ms
c:\program files\kmspico\cert\kmscert2013\proplus\licensesetdata._2b88c4f2_ea8f_43cd_805e_4d41346e18a7.ppdlic.xrm-ms
c:\program files\kmspico\cert\kmscert2013\proplus\licensesetdata._b322da9c_a2e2_4058_9e4e_f59a6970bd69.oob.xrm-ms
c:\program files\kmspico\cert\kmscert2013\proplus\licensesetdata._b322da9c_a2e2_4058_9e4e_f59a6970bd69.pl.xrm-ms
c:\program files\kmspico\cert\kmscert2013\proplus\licensesetdata._b322da9c_a2e2_4058_9e4e_f59a6970bd69.ppdlic.xrm-ms
c:\program files\kmspico\cert\kmscert2013\proplus\proplus.reg
c:\program files\kmspico\cert\kmscert2013\publisher\licenses.sl.issuance.client_bridge_office.xrm-ms
c:\program files\kmspico\cert\kmscert2013\publisher\licenses.sl.issuance.client_root.xrm-ms
c:\program files\kmspico\cert\kmscert2013\publisher\licenses.sl.issuance.client_root_bridge_test.xrm-ms
c:\program files\kmspico\cert\kmscert2013\publisher\licenses.sl.issuance.client_stil.xrm-ms
c:\program files\kmspico\cert\kmscert2013\publisher\licenses.sl.issuance.client_ul.xrm-ms
c:\program files\kmspico\cert\kmscert2013\publisher\licenses.sl.issuance.client_ul_oob.xrm-ms
c:\program files\kmspico\cert\kmscert2013\publisher\licenses.sl.pkeyconfig.signed.xrm-ms
c:\program files\kmspico\cert\kmscert2013\publisher\licensesetdata._00c79ff1_6850_443d_bf61_71cde0de305f.oob.xrm-ms
c:\program files\kmspico\cert\kmscert2013\publisher\licensesetdata._00c79ff1_6850_443d_bf61_71cde0de305f.pl.xrm-ms
c:\program files\kmspico\cert\kmscert2013\publisher\licensesetdata._00c79ff1_6850_443d_bf61_71cde0de305f.ppdlic.xrm-ms
c:\program files\kmspico\cert\kmscert2013\publisher\licensesetdata._38ea49f6_ad1d_43f1_9888_99a35d7c9409.oob.xrm-ms
c:\program files\kmspico\cert\kmscert2013\publisher\licensesetdata._38ea49f6_ad1d_43f1_9888_99a35d7c9409.phn.xrm-ms
c:\program files\kmspico\cert\kmscert2013\publisher\licensesetdata._38ea49f6_ad1d_43f1_9888_99a35d7c9409.pl.xrm-ms
c:\program files\kmspico\cert\kmscert2013\publisher\licensesetdata._38ea49f6_ad1d_43f1_9888_99a35d7c9409.ppdlic.xrm-ms
c:\program files\kmspico\cert\kmscert2013\standard\licenses.sl.issuance.client_bridge_office.xrm-ms
c:\program files\kmspico\cert\kmscert2013\standard\licenses.sl.issuance.client_root.xrm-ms
c:\program files\kmspico\cert\kmscert2013\standard\licenses.sl.issuance.client_root_bridge_test.xrm-ms
c:\program files\kmspico\cert\kmscert2013\standard\licenses.sl.issuance.client_stil.xrm-ms
c:\program files\kmspico\cert\kmscert2013\standard\licenses.sl.issuance.client_ul.xrm-ms
c:\program files\kmspico\cert\kmscert2013\standard\licenses.sl.issuance.client_ul_oob.xrm-ms
c:\program files\kmspico\cert\kmscert2013\standard\licenses.sl.pkeyconfig.signed.xrm-ms
c:\program files\kmspico\cert\kmscert2013\standard\licensesetdata._a24cca51_3d54_4c41_8a76_4031f5338cb2.oob.xrm-ms
c:\program files\kmspico\cert\kmscert2013\standard\licensesetdata._a24cca51_3d54_4c41_8a76_4031f5338cb2.phn.xrm-ms
c:\program files\kmspico\cert\kmscert2013\standard\licensesetdata._a24cca51_3d54_4c41_8a76_4031f5338cb2.pl.xrm-ms
c:\program files\kmspico\cert\kmscert2013\standard\licensesetdata._a24cca51_3d54_4c41_8a76_4031f5338cb2.ppdlic.xrm-ms
c:\program files\kmspico\cert\kmscert2013\standard\licensesetdata._b13afb38_cd79_4ae5_9f7f_eed058d750ca.oob.xrm-ms
c:\program files\kmspico\cert\kmscert2013\standard\licensesetdata._b13afb38_cd79_4ae5_9f7f_eed058d750ca.pl.xrm-ms
c:\program files\kmspico\cert\kmscert2013\standard\licensesetdata._b13afb38_cd79_4ae5_9f7f_eed058d750ca.ppdlic.xrm-ms
c:\program files\kmspico\cert\kmscert2013\visiopro\licenses.sl.issuance.client_bridge_office.xrm-ms
c:\program files\kmspico\cert\kmscert2013\visiopro\licenses.sl.issuance.client_root.xrm-ms
c:\program files\kmspico\cert\kmscert2013\visiopro\licenses.sl.issuance.client_root_bridge_test.xrm-ms
c:\program files\kmspico\cert\kmscert2013\visiopro\licenses.sl.issuance.client_stil.xrm-ms
c:\program files\kmspico\cert\kmscert2013\visiopro\licenses.sl.issuance.client_ul.xrm-ms
c:\program files\kmspico\cert\kmscert2013\visiopro\licenses.sl.issuance.client_ul_oob.xrm-ms
c:\program files\kmspico\cert\kmscert2013\visiopro\licenses.sl.pkeyconfig.signed.xrm-ms
c:\program files\kmspico\cert\kmscert2013\visiopro\licensesetdata._3e4294dd_a765_49bc_8dbd_cf8b62a4bd3d.oob.xrm-ms
c:\program files\kmspico\cert\kmscert2013\visiopro\licensesetdata._3e4294dd_a765_49bc_8dbd_cf8b62a4bd3d.phn.xrm-ms
c:\program files\kmspico\cert\kmscert2013\visiopro\licensesetdata._3e4294dd_a765_49bc_8dbd_cf8b62a4bd3d.pl.xrm-ms
c:\program files\kmspico\cert\kmscert2013\visiopro\licensesetdata._3e4294dd_a765_49bc_8dbd_cf8b62a4bd3d.ppdlic.xrm-ms
c:\program files\kmspico\cert\kmscert2013\visiopro\licensesetdata._e13ac10e_75d0_4aff_a0cd_764982cf541c.oob.xrm-ms
c:\program files\kmspico\cert\kmscert2013\visiopro\licensesetdata._e13ac10e_75d0_4aff_a0cd_764982cf541c.pl.xrm-ms
c:\program files\kmspico\cert\kmscert2013\visiopro\licensesetdata._e13ac10e_75d0_4aff_a0cd_764982cf541c.ppdlic.xrm-ms
c:\program files\kmspico\cert\kmscert2013\visiopro\visio.reg
c:\program files\kmspico\cert\kmscert2013\visiostd\licenses.sl.issuance.client_bridge_office.xrm-ms
c:\program files\kmspico\cert\kmscert2013\visiostd\licenses.sl.issuance.client_root.xrm-ms
c:\program files\kmspico\cert\kmscert2013\visiostd\licenses.sl.issuance.client_root_bridge_test.xrm-ms
c:\program files\kmspico\cert\kmscert2013\visiostd\licenses.sl.issuance.client_stil.xrm-ms
c:\program files\kmspico\cert\kmscert2013\visiostd\licenses.sl.issuance.client_ul.xrm-ms
c:\program files\kmspico\cert\kmscert2013\visiostd\licenses.sl.issuance.client_ul_oob.xrm-ms
c:\program files\kmspico\cert\kmscert2013\visiostd\licenses.sl.pkeyconfig.signed.xrm-ms
c:\program files\kmspico\cert\kmscert2013\visiostd\licensesetdata._44a1f6ff_0876_4edb_9169_dbb43101ee89.oob.xrm-ms
c:\program files\kmspico\cert\kmscert2013\visiostd\licensesetdata._44a1f6ff_0876_4edb_9169_dbb43101ee89.phn.xrm-ms
c:\program files\kmspico\cert\kmscert2013\visiostd\licensesetdata._44a1f6ff_0876_4edb_9169_dbb43101ee89.pl.xrm-ms
c:\program files\kmspico\cert\kmscert2013\visiostd\licensesetdata._44a1f6ff_0876_4edb_9169_dbb43101ee89.ppdlic.xrm-ms
c:\program files\kmspico\cert\kmscert2013\visiostd\licensesetdata._ac4efaf0_f81f_4f61_bdf7_ea32b02ab117.oob.xrm-ms
c:\program files\kmspico\cert\kmscert2013\visiostd\licensesetdata._ac4efaf0_f81f_4f61_bdf7_ea32b02ab117.pl.xrm-ms
c:\program files\kmspico\cert\kmscert2013\visiostd\licensesetdata._ac4efaf0_f81f_4f61_bdf7_ea32b02ab117.ppdlic.xrm-ms
c:\program files\kmspico\cert\kmscert2013\word\licenses.sl.issuance.client_bridge_office.xrm-ms
c:\program files\kmspico\cert\kmscert2013\word\licenses.sl.issuance.client_root.xrm-ms
c:\program files\kmspico\cert\kmscert2013\word\licenses.sl.issuance.client_root_bridge_test.xrm-ms
c:\program files\kmspico\cert\kmscert2013\word\licenses.sl.issuance.client_stil.xrm-ms
c:\program files\kmspico\cert\kmscert2013\word\licenses.sl.issuance.client_ul.xrm-ms
c:\program files\kmspico\cert\kmscert2013\word\licenses.sl.issuance.client_ul_oob.xrm-ms
c:\program files\kmspico\cert\kmscert2013\word\licenses.sl.pkeyconfig.signed.xrm-ms
c:\program files\kmspico\cert\kmscert2013\word\licensesetdata._9cedef15_be37_4ff0_a08a_13a045540641.oob.xrm-ms
c:\program files\kmspico\cert\kmscert2013\word\licensesetdata._9cedef15_be37_4ff0_a08a_13a045540641.phn.xrm-ms
c:\program files\kmspico\cert\kmscert2013\word\licensesetdata._9cedef15_be37_4ff0_a08a_13a045540641.pl.xrm-ms
c:\program files\kmspico\cert\kmscert2013\word\licensesetdata._9cedef15_be37_4ff0_a08a_13a045540641.ppdlic.xrm-ms
c:\program files\kmspico\cert\kmscert2013\word\licensesetdata._d9f5b1c6_5386_495a_88f9_9ad6b41ac9b3.oob.xrm-ms
c:\program files\kmspico\cert\kmscert2013\word\licensesetdata._d9f5b1c6_5386_495a_88f9_9ad6b41ac9b3.pl.xrm-ms
c:\program files\kmspico\cert\kmscert2013\word\licensesetdata._d9f5b1c6_5386_495a_88f9_9ad6b41ac9b3.ppdlic.xrm-ms
c:\program files\kmspico\driver\installdriver.cmd
c:\program files\kmspico\driver\tap-windows-9.9.2_3.exe
c:\program files\kmspico\driver\uninstalldriver.cmd
c:\program files\kmspico\icons\error.png
c:\program files\kmspico\icons\information.png
c:\program files\kmspico\icons\question.png
c:\program files\kmspico\icons\warning.png
c:\program files\kmspico\logs\autopico.log
c:\program files\kmspico\logs\kmseldi.log
c:\program files\kmspico\logs\service_kms.log
c:\program files\kmspico\scripts\enablesmartscreen.cmd
c:\program files\kmspico\scripts\enablesmartscreen.reg
c:\program files\kmspico\scripts\install_service.cmd
c:\program files\kmspico\scripts\install_task.cmd
c:\program files\kmspico\scripts\log.cmd
c:\program files\kmspico\scripts\silent.cmd
c:\program files\kmspico\scripts\uninstall_service.cmd
c:\program files\kmspico\sounds\affirmative.mp3
c:\program files\kmspico\sounds\begin.mp3
c:\program files\kmspico\sounds\complete.mp3
c:\program files\kmspico\sounds\diagnostic.mp3
c:\program files\kmspico\sounds\enterauthorizationcode.mp3
c:\program files\kmspico\sounds\incomingtransmission.mp3
c:\program files\kmspico\sounds\inputfailed.mp3
c:\program files\kmspico\sounds\inputok.mp3
c:\program files\kmspico\sounds\processing.mp3
c:\program files\kmspico\sounds\transfer.mp3
c:\program files\kmspico\sounds\verified.mp3
c:\program files\kmspico\sounds\warning.mp3
c:\users\ajay kumar\documents\mbam latest crack.rar
c:\users\ajay kumar\documents\mbam latest crack\mbam latest crack\malwarebytes_anti-malware_keygen_patch_v1.1_uret.exe
c:\users\ajay kumar\documents\mbam latest crack\mbam latest crack\setup\mb3-setup-consumer-3.0.4.1269.exe
c:\users\ajay kumar\documents\mbam latest crack\mbam latest crack\setup\mbam-setup-2.2.1.1043.exe
c:\users\ajay kumar\downloads\c4d+r17-crack by - ds.torrent
c:\users\ajay kumar\downloads\comodo_internet_security_2017_crack_license_key.zip
c:\users\ajay kumar\downloads\malwarebytes anti-malware premium crack+keys.zip
hosts 127.0.0.1 activate.adobe.com
hosts 127.0.0.1 practivate.adobe.com
hosts 127.0.0.1 ereg.adobe.com
hosts 127.0.0.1 activate.wip3.adobe.com
hosts 127.0.0.1 wip3.adobe.com
hosts 127.0.0.1 3dns-3.adobe.com
hosts 127.0.0.1 3dns-2.adobe.com
hosts 127.0.0.1 adobe-dns.adobe.com
hosts 127.0.0.1 adobe-dns-2.adobe.com
hosts 127.0.0.1 adobe-dns-3.adobe.com
hosts 127.0.0.1 ereg.wip3.adobe.com
hosts 127.0.0.1 activate-sea.adobe.com
hosts 127.0.0.1 wwis-dubc1-vip60.adobe.com
hosts 127.0.0.1 activate-sjc0.adobe.com
scanner sequence 3.ZZ.11.TELBF0
 ----- EOF ----- 
 


#11 satchfan

satchfan

  • Malware Response Team
  • 2,858 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:04:10 PM

Posted 21 July 2017 - 02:56 PM

You have obviously ignored my suggestions and still have illegal software on your computer, (plus remnants of previously-installed illegal software).

 

Unless you uninstall all of it and send a new CKScanner log that shows no sign of anything illegitimate I will be unable to help you further.

 

Satchfan


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#12 satchfan

satchfan

  • Malware Response Team
  • 2,858 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:04:10 PM

Posted 24 July 2017 - 06:47 PM

Hi ajay1998A

It has been several days since I sent my last set of instructions to help with your computer problem.

Please let me know if you still need help. If I don't get a reply within 24 hours I'll close this topic.

Satchfan


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#13 satchfan

satchfan

  • Malware Response Team
  • 2,858 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:04:10 PM

Posted 26 July 2017 - 09:34 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users