Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Need help with virus called ntuserlitelist


  • This topic is locked This topic is locked
4 replies to this topic

#1 MemezRdreamz

MemezRdreamz

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:12:46 AM

Posted 20 July 2017 - 06:46 PM

I was just scanning though my laptop just to check on it and I found ntuserlitelist and llsoft, ntuserlitelist had 3 folders, regtools, svcmx, and dataup. I ran MalwareBytes, Bytefence, Windows Defender, ZAM, and Hitman Pro but all softwares were unable to detect these folders as adware but I knew these were viruses since I was surfing bleepingcomputer. I tried Unhackme and it found it as a rootkit and told me to restart me computer, the restart happened but it said that the delete failed. I tried deleting it through recycle bin but it says assess denied while im admin also I tried to alter its properties but it makes no difference. Also I decided to do a restore point but whenever I try it says requested resource in use.  I tried the service.msc thing and I disabled the anti-viruses but it makes no difference. Pls help as I don't want to factory reset and my fixmestick is not with me right now (im travelling).

 

 

Here is the scan by FARBAR=

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 18-07-2017
Ran by Abhay (administrator) on HIRAVANDFAMILY (20-07-2017 20:02:21)
Running from C:\Users\Abhay\Downloads
Loaded Profiles: Abhay (Available Profiles: Abhay & Administrator)
Platform: Windows 8.1 (Update) (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Softex Inc.) C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Byte Technologies LLC) C:\Program Files\ByteFence\ByteFenceService.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
() C:\Users\Abhay\AppData\Local\ntuserlitelist\dataup\dataup.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Hi-Rez Studios) C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe
() C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfemms.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\ModuleCore\ModuleCoreService.exe
(Intel Security, Inc.) C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
() C:\Program Files\ByteFence\rtop\bin\rtop_svc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\VSCore_15_6\mcapexe.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\CSP\2.3.322.0\McCSPServiceHost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\ModuleCore\ModuleCoreService.exe
() C:\Program Files\ByteFence\rtop\bin\rtop_bg.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
() C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\ClientCore.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe
(Mega Limited) C:\Users\Abhay\AppData\Local\MEGAsync\MEGAsync.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerSt.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe
(Power Software Ltd) C:\Program Files\PowerISO\PWRISOVM.EXE
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
() C:\Users\Abhay\AppData\Local\ntuserlitelist\svcvmx\svcvmx.exe
() C:\Users\Abhay\AppData\Local\ntuserlitelist\svcvmx\vmxclient.exe
() C:\Users\Abhay\AppData\Local\ntuserlitelist\svcvmx\vmxclient.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Users\Abhay\AppData\Local\lylwtpt\ekncolxl\ct.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE16\CSISYNCCLIENT.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Users\Abhay\AppData\Local\ntuserlitelist\svcvmx\vmxclient.exe
(McAfee, Inc.) C:\Program Files\mcafee.com\agent\mcupdate.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\platform\McUICnt.exe
() C:\Users\Abhay\AppData\Local\ntuserlitelist\svcvmx\vmxclient.exe
() C:\Users\Abhay\AppData\Local\ntuserlitelist\svcvmx\vmxclient.exe
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7569624 2014-04-03] (Realtek Semiconductor)
HKLM\...\Run: [SimplePass] => C:\Program Files\Hewlett-Packard\SimplePass\ClientCore.exe [3962936 2014-03-28] (Hewlett-Packard)
HKLM\...\Run: [OPBHOBroker] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe [415288 2014-03-28] (Hewlett-Packard)
HKLM\...\Run: [OPBHOBrokerDesktop] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe [415288 2014-03-28] (Hewlett-Packard)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2817776 2014-04-11] (Synaptics Incorporated)
HKLM-x32\...\Run: [AccelerometerSysTrayApplet] => C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerST.exe [126240 2014-02-13] (Hewlett-Packard Company)
HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe [475448 2014-03-26] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [PWRISOVM.EXE] => C:\Program Files\PowerISO\PWRISOVM.EXE [455816 2017-02-02] (Power Software Ltd)
HKLM-x32\...\Run: [InstallValidator.exe.FA87EC44_C38F_4148_93A1_FF4A64A2B707] => C:\Program Files (x86)\National Instruments\Shared\NIUninstaller\InstallValidator.exe [265608 2013-11-21] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-12-12] (Oracle Corporation)
HKLM-x32\...\Run: [cpx] => "C:\Users\Abhay\AppData\Local\ntuserlitelist\cpx\cpx.exe" -starup <==== ATTENTION
HKLM-x32\...\Run: [svcvmx] => C:\Users\Abhay\AppData\Local\ntuserlitelist\svcvmx\svcvmx.exe [884224 2017-04-21] ()
HKU\S-1-5-21-2332732711-2713494290-2704391704-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3062048 2017-07-11] (Valve Corporation)
HKU\S-1-5-18\...\RunOnce: [Application Restart #0] => C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe [372400 2014-10-28] (Microsoft Corporation)
Startup: C:\Users\Abhay\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MEGAsync.lnk [2017-02-06]
ShortcutTarget: MEGAsync.lnk -> C:\Users\Abhay\AppData\Local\MEGAsync\MEGAsync.exe (Mega Limited)
GroupPolicy: Restriction <==== ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
ProxyEnable: [.DEFAULT] => Proxy is enabled.
ProxyServer: [.DEFAULT] => 127.0.0.1:8003
ProxyEnable: [S-1-5-19] => Proxy is enabled.
ProxyServer: [S-1-5-19] => 127.0.0.1:8003
ProxyEnable: [S-1-5-20] => Proxy is enabled.
ProxyServer: [S-1-5-20] => 127.0.0.1:8003
ProxyServer: [S-1-5-21-2332732711-2713494290-2704391704-1001] => 127.0.0.1:8003
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 209.18.47.62 209.18.47.61
Tcpip\..\Interfaces\{3B420A8F-79CF-46C4-9E45-270DE0129855}: [DhcpNameServer] 209.18.47.62 209.18.47.61
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://ca.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_pwrisofs_17_06&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dca%26pa%3Dwinyahoo%26cd%3D2XzuyEtN2Y1L1QzuzztDzzyC0FtBtAtAyEyDtCzztD0D0AzztN0D0Tzu0StCzzyCtAtN1L2XzutAtFtByCtFtBtFyDtDtN1L1Czu1ByCtN1L1G1B1V1N2Y1L1Qzu2SyEzy0F0CtC0F0EyBtGtD0F0C0DtG0FyCyBzztGtD0AyEyCtGyCtBzz0CyByCzyyEyD0E0B0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyEzzzzyDyC0D0F0FtG0A0F0E0CtGyEyD0B0FtGzztC0A0AtG0EzytDzy0F0FtCyByCtDtC0D2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtCzzzytC%26cr%3D1921750074%26a%3Dwbf_pwrisofs_17_06%26os_ver%3D6.3%26os%3DWindows%2B8.1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://ca.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_pwrisofs_17_06&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dca%26pa%3Dwinyahoo%26cd%3D2XzuyEtN2Y1L1QzuzztDzzyC0FtBtAtAyEyDtCzztD0D0AzztN0D0Tzu0StCzzyCtAtN1L2XzutAtFtByCtFtBtFyDtDtN1L1Czu1ByCtN1L1G1B1V1N2Y1L1Qzu2SyEzy0F0CtC0F0EyBtGtD0F0C0DtG0FyCyBzztGtD0AyEyCtGyCtBzz0CyByCzyyEyD0E0B0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyEzzzzyDyC0D0F0FtG0A0F0E0CtGyEyD0B0FtGzztC0A0AtG0EzytDzy0F0FtCyByCtDtC0D2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtCzzzytC%26cr%3D1921750074%26a%3Dwbf_pwrisofs_17_06%26os_ver%3D6.3%26os%3DWindows%2B8.1
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPCON14/4
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPCON14/4
URLSearchHook: [S-1-5-21-2332732711-2713494290-2704391704-1001] ATTENTION => Default URLSearchHook is missing
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://ca.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_pwrisofs_17_06&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dca%26pa%3Dwinyahoo%26cd%3D2XzuyEtN2Y1L1QzuzztDzzyC0FtBtAtAyEyDtCzztD0D0AzztN0D0Tzu0StCzzyCtAtN1L2XzutAtFtByCtFtBtFyDtDtN1L1Czu1ByCtN1L1G1B1V1N2Y1L1Qzu2SyEzy0F0CtC0F0EyBtGtD0F0C0DtG0FyCyBzztGtD0AyEyCtGyCtBzz0CyByCzyyEyD0E0B0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyEzzzzyDyC0D0F0FtG0A0F0E0CtGyEyD0B0FtGzztC0A0AtG0EzytDzy0F0FtCyByCtDtC0D2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtCzzzytC%26cr%3D1921750074%26a%3Dwbf_pwrisofs_17_06%26os_ver%3D6.3%26os%3DWindows%2B8.1&p={searchTerms}
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://ca.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_pwrisofs_17_06&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dca%26pa%3Dwinyahoo%26cd%3D2XzuyEtN2Y1L1QzuzztDzzyC0FtBtAtAyEyDtCzztD0D0AzztN0D0Tzu0StCzzyCtAtN1L2XzutAtFtByCtFtBtFyDtDtN1L1Czu1ByCtN1L1G1B1V1N2Y1L1Qzu2SyEzy0F0CtC0F0EyBtGtD0F0C0DtG0FyCyBzztGtD0AyEyCtGyCtBzz0CyByCzyyEyD0E0B0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyEzzzzyDyC0D0F0FtG0A0F0E0CtGyEyD0B0FtGzztC0A0AtG0EzytDzy0F0FtCyByCtDtC0D2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtCzzzytC%26cr%3D1921750074%26a%3Dwbf_pwrisofs_17_06%26os_ver%3D6.3%26os%3DWindows%2B8.1&p={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://ca.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_pwrisofs_17_06&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dca%26pa%3Dwinyahoo%26cd%3D2XzuyEtN2Y1L1QzuzztDzzyC0FtBtAtAyEyDtCzztD0D0AzztN0D0Tzu0StCzzyCtAtN1L2XzutAtFtByCtFtBtFyDtDtN1L1Czu1ByCtN1L1G1B1V1N2Y1L1Qzu2SyEzy0F0CtC0F0EyBtGtD0F0C0DtG0FyCyBzztGtD0AyEyCtGyCtBzz0CyByCzyyEyD0E0B0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyEzzzzyDyC0D0F0FtG0A0F0E0CtGyEyD0B0FtGzztC0A0AtG0EzytDzy0F0FtCyByCtDtC0D2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtCzzzytC%26cr%3D1921750074%26a%3Dwbf_pwrisofs_17_06%26os_ver%3D6.3%26os%3DWindows%2B8.1&p={searchTerms}
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://ca.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_pwrisofs_17_06&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dca%26pa%3Dwinyahoo%26cd%3D2XzuyEtN2Y1L1QzuzztDzzyC0FtBtAtAyEyDtCzztD0D0AzztN0D0Tzu0StCzzyCtAtN1L2XzutAtFtByCtFtBtFyDtDtN1L1Czu1ByCtN1L1G1B1V1N2Y1L1Qzu2SyEzy0F0CtC0F0EyBtGtD0F0C0DtG0FyCyBzztGtD0AyEyCtGyCtBzz0CyByCzyyEyD0E0B0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyEzzzzyDyC0D0F0FtG0A0F0E0CtGyEyD0B0FtGzztC0A0AtG0EzytDzy0F0FtCyByCtDtC0D2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtCzzzytC%26cr%3D1921750074%26a%3Dwbf_pwrisofs_17_06%26os_ver%3D6.3%26os%3DWindows%2B8.1&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2332732711-2713494290-2704391704-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://ca.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_pwrisofs_17_06&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dca%26pa%3Dwinyahoo%26cd%3D2XzuyEtN2Y1L1QzuzztDzzyC0FtBtAtAyEyDtCzztD0D0AzztN0D0Tzu0StCzzyCtAtN1L2XzutAtFtByCtFtBtFyDtDtN1L1Czu1ByCtN1L1G1B1V1N2Y1L1Qzu2SyEzy0F0CtC0F0EyBtGtD0F0C0DtG0FyCyBzztGtD0AyEyCtGyCtBzz0CyByCzyyEyD0E0B0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyEzzzzyDyC0D0F0FtG0A0F0E0CtGyEyD0B0FtGzztC0A0AtG0EzytDzy0F0FtCyByCtDtC0D2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtCzzzytC%26cr%3D1921750074%26a%3Dwbf_pwrisofs_17_06%26os_ver%3D6.3%26os%3DWindows%2B8.1&p={searchTerms}
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2017-07-18] (Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2017-07-18] (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2017-07-18] (Microsoft Corporation)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL [2017-07-18] (Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-07-18] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-07-18] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-07-18] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-07-18] (Microsoft Corporation)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll [2017-04-17] (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll [2017-04-17] (McAfee, Inc.)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
 
FireFox:
========
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: (McAfee Anti-Spam Thunderbird Extension) - C:\Program Files\McAfee\MSK [2017-03-30] [not signed]
FF Plugin: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-03-28] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-03-28] (Oracle Corporation)
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2017-04-17] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1204144.dll [2013-09-05] (Adobe Systems, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-12-10] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-12-10] (Intel Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2017-04-17] ()
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2017-07-18] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-07-18] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [No File]
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2013-08-05] ()
FF Plugin HKU\S-1-5-21-2332732711-2713494290-2704391704-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Abhay\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-09-23] (Unity Technologies ApS)
 
Chrome: 
=======
CHR NewTab: Default ->  Active:"chrome-extension://inkcbmohaapgocnobknnhmbopbbelljf/start/index.html"
CHR DefaultSearchURL: Default -> hxxp://srch.bar/{searchTerms}
CHR DefaultSuggestURL: Default -> hxxp://srch.bar/?s={searchTerms}
CHR Profile: C:\Users\Abhay\AppData\Local\Google\Chrome\User Data\Default [2017-07-20]
CHR Extension: (Google Slides) - C:\Users\Abhay\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-02-02]
CHR Extension: (Google Docs) - C:\Users\Abhay\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-02-02]
CHR Extension: (Google Drive) - C:\Users\Abhay\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-02-02]
CHR Extension: (YouTube) - C:\Users\Abhay\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-02-02]
CHR Extension: (Google Sheets) - C:\Users\Abhay\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-02-02]
CHR Extension: (Google Docs Offline) - C:\Users\Abhay\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-02-02]
CHR Extension: (Battlefield Wallpapers HD New Tab Themes) - C:\Users\Abhay\AppData\Local\Google\Chrome\User Data\Default\Extensions\inkcbmohaapgocnobknnhmbopbbelljf [2017-06-13]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Abhay\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-18]
CHR Extension: (Gmail) - C:\Users\Abhay\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-02-02]
CHR Extension: (Chrome Media Router) - C:\Users\Abhay\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-07-14]
CHR HKLM\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-2332732711-2713494290-2704391704-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
"drmkpro64" => service could not be unlocked. <==== ATTENTION
 
R2 ByteFenceService; C:\Program Files\ByteFence\ByteFenceService.exe [145888 2017-04-19] (Byte Technologies LLC)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [4411584 2017-07-02] (Microsoft Corporation)
S3 ClientAnalyticsService; C:\Program Files\Common Files\McAfee\ClientAnalytics\Legacy\McClientAnalytics.exe [1752992 2017-03-29] (Intel Security)
R2 Dataup; C:\Users\Abhay\AppData\Local\ntuserlitelist\dataup\dataup.exe [77824 2017-01-05] () [File not signed] <==== ATTENTION
R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [227904 2014-01-27] (WildTangent)
U2 HiPatchService; C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [9728 2017-06-26] (Hi-Rez Studios) [File not signed]
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [641520 2017-02-22] (McAfee, Inc.)
S3 hpqcaslwmiex; C:\Program Files (x86)\HP\Shared\hpqwmiex.exe [1031704 2016-06-04] (HP)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [321896 2017-07-06] (HP Inc.)
R2 HPWMISVC; C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe [469304 2014-03-26] (Hewlett-Packard Development Company, L.P.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-11-08] (Intel Corporation)
R2 igfxCUIService1.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [282096 2014-03-22] (Intel Corporation)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel® Corporation)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-12-10] (Intel Corporation)
R2 IpOverUsbSvc; C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe [21312 2017-03-30] (Microsoft Corporation)
R2 ISCTAgent; C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe [200168 2013-12-04] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-12-10] (Intel Corporation)
R2 McAPExe; C:\Program Files\Common Files\McAfee\VSCore_15_6\McApExe.exe [994312 2017-04-04] (McAfee, Inc.)
S3 McAWFwk; c:\Program Files\Common Files\mcafee\ActWiz\McAWFwk.exe [334608 2013-07-29] (McAfee, Inc.)
R2 mcbootdelaystartsvc; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [641520 2017-02-22] (McAfee, Inc.)
R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\2.3.322.0\\McCSPServiceHost.exe [2054080 2017-02-28] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [641520 2017-02-22] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [641520 2017-02-22] (McAfee, Inc.)
S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [1344472 2017-02-25] (McAfee, Inc.)
S4 McOobeSv2; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [641520 2017-02-22] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [641520 2017-02-22] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [641520 2017-02-22] (McAfee, Inc.)
R3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [241040 2017-01-18] (McAfee, Inc.)
R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe [385112 2017-01-18] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [343792 2017-01-18] (McAfee, Inc.)
R2 ModuleCoreService; C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe [1551512 2017-02-26] (McAfee, Inc.)
S3 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [641520 2017-02-22] (McAfee, Inc.)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [284912 2014-01-17] ()
R2 omniserv; C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe [88064 2014-03-28] (Softex Inc.) [File not signed]
R2 PEFService; C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe [1105840 2017-04-21] (Intel Security, Inc.)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [290520 2014-01-08] (Realtek Semiconductor)
R2 rtop; C:\Program Files\ByteFence\rtop\bin\rtop_svc.exe [304456 2017-03-18] ()
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [191728 2014-04-11] (Synaptics Incorporated)
S3 VSStandardCollectorService150; C:\Program Files (x86)\Microsoft Visual Studio\Shared\Common\DiagnosticsHub.Collection.Service\StandardCollector.Service.exe [128232 2017-02-08] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [361824 2017-01-12] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [119872 2017-01-12] (Microsoft Corporation)
R2 windowsmanagementservice; C:\Users\Abhay\AppData\Local\lylwtpt\ekncolxl\ct.exe [689664 2017-05-30] () [File not signed] <==== ATTENTION
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3816176 2014-01-17] (Intel® Corporation)
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 cfwids; C:\WINDOWS\System32\drivers\cfwids.sys [88464 2017-01-20] (McAfee, Inc.)
R1 CLVirtualDrive; C:\WINDOWS\system32\DRIVERS\CLVirtualDrive.sys [91912 2013-11-12] (CyberLink)
S3 HipShieldK; C:\WINDOWS\System32\drivers\HipShieldK.sys [225432 2017-04-01] (McAfee, Inc.)
R3 ibtusb; C:\WINDOWS\system32\DRIVERS\ibtusb.sys [162512 2014-02-14] (Intel Corporation)
R3 ikbevent; C:\WINDOWS\system32\DRIVERS\ikbevent.sys [21408 2013-08-13] ()
R3 imsevent; C:\WINDOWS\system32\DRIVERS\imsevent.sys [21920 2013-08-13] ()
R3 INETMON; C:\Windows\System32\Drivers\INETMON.sys [29088 2013-08-13] ()
R3 ISCT; C:\WINDOWS\System32\drivers\ISCTD64.sys [46568 2013-08-13] ()
R3 MEIx64; C:\WINDOWS\system32\DRIVERS\TeeDriverx64.sys [100312 2013-12-10] (Intel Corporation)
R3 mfeaack; C:\WINDOWS\System32\drivers\mfeaack.sys [487184 2017-01-20] (McAfee, Inc.)
R3 mfeavfk; C:\WINDOWS\System32\drivers\mfeavfk.sys [366328 2017-01-20] (McAfee, Inc.)
S0 mfeelamk; C:\WINDOWS\System32\drivers\mfeelamk.sys [85048 2017-04-03] (McAfee, Inc.)
R3 mfefirek; C:\WINDOWS\System32\drivers\mfefirek.sys [518704 2017-01-20] (McAfee, Inc.)
R0 mfehidk; C:\WINDOWS\System32\drivers\mfehidk.sys [923640 2017-01-20] (McAfee, Inc.)
R3 mfencbdc; C:\WINDOWS\System32\DRIVERS\mfencbdc.sys [498648 2017-01-19] (McAfee, Inc.)
S3 mfencrk; C:\WINDOWS\System32\DRIVERS\mfencrk.sys [109320 2017-01-19] (McAfee, Inc.)
R3 mfeplk; C:\WINDOWS\System32\drivers\mfeplk.sys [110256 2017-01-20] (McAfee, Inc.)
R0 mfewfpk; C:\WINDOWS\System32\drivers\mfewfpk.sys [254800 2017-01-20] (McAfee, Inc.)
R3 NETwNb64; C:\WINDOWS\system32\DRIVERS\Netwbw02.sys [3434464 2014-03-13] (Intel Corporation)
S3 NETwNe64; C:\WINDOWS\system32\DRIVERS\NETwew02.sys [4649440 2013-06-18] (Intel Corporation)
R3 RTSPER; C:\WINDOWS\system32\DRIVERS\RtsPer.sys [466136 2014-01-14] (Realsil Semiconductor Corporation)
R3 SensorsServiceDriver; C:\WINDOWS\System32\drivers\WUDFRd.sys [226304 2014-10-28] (Microsoft Corporation)
S3 SmbDrv; C:\WINDOWS\System32\drivers\Smb_driver_AMDASF.sys [30448 2014-04-11] (Synaptics Incorporated)
R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [31472 2014-04-11] (Synaptics Incorporated)
R3 VirtualButtons; C:\WINDOWS\System32\drivers\VirtualButtons.sys [32024 2013-10-04] (Intel Corporation)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [46600 2017-02-10] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [274776 2017-01-12] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [117592 2017-01-12] (Microsoft Corporation)
R3 WirelessButtonDriver; C:\WINDOWS\System32\drivers\WirelessButtonDriver64.sys [20800 2013-07-22] (Hewlett-Packard Development Company, L.P.)
S3 WirelessKeyboardFilter; C:\WINDOWS\System32\drivers\WirelessKeyboardFilter.sys [49896 2016-07-22] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-07-20 20:02 - 2017-07-20 20:02 - 02382336 _____ (Farbar) C:\Users\Abhay\Downloads\FRST64.exe
2017-07-20 20:02 - 2017-07-20 20:02 - 00030955 _____ C:\Users\Abhay\Downloads\FRST.txt
2017-07-20 20:02 - 2017-07-20 20:02 - 00000000 ____D C:\FRST
2017-07-20 19:23 - 2017-07-20 19:23 - 00000090 _____ C:\Users\Abhay\Desktop\resotre fix.txt
2017-07-20 18:26 - 2017-07-20 18:51 - 00000000 ____D C:\Users\Abhay\AppData\Local\llssoft
2017-07-19 09:48 - 2017-07-20 18:28 - 00000000 ____D C:\Users\Abhay\AppData\Local\ntuserlitelist
2017-07-19 09:43 - 2017-07-20 19:17 - 00000000 ____D C:\Program Files (x86)\Zemana AntiMalware
2017-07-19 09:43 - 2017-07-20 19:16 - 00051622 _____ C:\WINDOWS\ZAM_Guard.krnl.trace
2017-07-19 09:43 - 2017-07-20 19:09 - 00068127 _____ C:\WINDOWS\ZAM.krnl.trace
2017-07-19 09:43 - 2017-07-19 09:43 - 05766464 _____ (Zemana Ltd. ) C:\Users\Abhay\Downloads\eXplorer.exe
2017-07-19 09:43 - 2017-07-19 09:43 - 00000000 ____D C:\Users\Abhay\AppData\Local\Zemana
2017-07-19 09:42 - 2017-07-19 09:42 - 00684269 _____ C:\Users\Abhay\Desktop\regrunlog.txt
2017-07-19 09:17 - 2017-07-19 09:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileASSASSIN
2017-07-19 09:16 - 2017-07-19 09:16 - 00167034 _____ C:\Users\Abhay\Downloads\fileassassin-setup-1.06.exe
2017-07-18 18:42 - 2017-07-18 18:42 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-07-18 18:41 - 2017-07-18 18:41 - 22851472 _____ (Malwarebytes ) C:\Users\Abhay\Downloads\mbam-setup-bc.1878-2.2.1.1043.exe
2017-07-18 18:33 - 2017-07-18 18:33 - 00012872 _____ (SurfRight B.V.) C:\WINDOWS\system32\bootdelete.exe
2017-07-18 18:08 - 2017-07-18 18:34 - 00000000 ____D C:\ProgramData\HitmanPro
2017-07-18 18:07 - 2017-07-20 19:16 - 00000000 ____D C:\ProgramData\HitmanPro.Alert
2017-07-18 18:06 - 2017-07-18 18:06 - 04853384 _____ (SurfRight B.V.) C:\Users\Abhay\Downloads\hmpalert3.exe
2017-07-18 16:54 - 2017-07-20 19:00 - 00000248 _____ C:\WINDOWS\SysWOW64\PARTIZAN.TXT
2017-07-18 10:45 - 2017-07-18 17:24 - 00000000 ____D C:\Users\Abhay\Documents\Euro Truck Simulator 2
2017-07-18 10:43 - 2017-07-18 17:24 - 00000000 ____D C:\Program Files (x86)\Euro Truck Simulator 2
2017-07-18 10:37 - 2017-07-18 10:37 - 02524402 _____ C:\Users\Abhay\Downloads\HEYIMACRACK.rar
2017-07-18 10:36 - 2017-07-18 10:40 - 620534000 _____ (SCS Software ) C:\Users\Abhay\Downloads\EuroTruckSimulator2_1_3_1_setup.exe
2017-07-18 10:36 - 2017-07-18 10:36 - 00000000 ____D C:\Users\Abhay\AppData\LocalLow\uTorrent
2017-07-18 10:35 - 2017-07-18 10:35 - 00047752 _____ C:\Users\Abhay\Downloads\EuroTruckSimulator2_1_3_1_setup.exe.torrent
2017-07-17 21:15 - 2017-07-17 21:15 - 00000000 ____D C:\@RestoreQuarantine
2017-07-17 20:38 - 2017-07-19 09:40 - 00000000 ____D C:\ProgramData\RegRun
2017-07-17 20:35 - 2017-07-20 18:10 - 00000000 ____D C:\Users\Abhay\Documents\RegRun2
2017-07-17 20:35 - 2017-07-17 20:35 - 00000002 RSHOT C:\WINDOWS\winstart.bat
2017-07-17 20:35 - 2017-07-17 20:35 - 00000002 RSHOT C:\WINDOWS\SysWOW64\CONFIG.NT
2017-07-17 20:35 - 2017-07-17 20:35 - 00000002 RSHOT C:\WINDOWS\SysWOW64\AUTOEXEC.NT
2017-07-17 20:34 - 2017-07-20 19:10 - 00000000 ____D C:\Program Files (x86)\UnHackMe
2017-07-17 20:34 - 2017-07-17 20:34 - 00000000 ____D C:\Users\Abhay\Desktop\unhackme
2017-07-17 20:33 - 2017-07-17 20:34 - 18781709 _____ C:\Users\Abhay\Downloads\unhackme.zip
2017-07-17 20:15 - 2017-07-17 20:15 - 39378396 _____ C:\Users\Abhay\Downloads\Unconfirmed 604835.crdownload
2017-07-17 20:09 - 2017-07-17 21:55 - 00000000 ____D C:\Users\Abhay\Documents\Bus Driver
2017-07-17 20:05 - 2017-07-20 13:31 - 00000000 ___RD C:\Users\Abhay\Desktop\ntuserlitelist
2017-07-17 20:05 - 2017-07-17 20:05 - 00000000 ____D C:\Users\Abhay\AppData\Local\lylwtpt
2017-07-17 20:04 - 2017-07-17 20:05 - 00000000 ____D C:\Users\Abhay\AppData\Local\gdutuwol
2017-07-17 20:04 - 2017-07-17 20:04 - 00000000 ____D C:\Users\Abhay\AppData\Roaming\c
2017-07-17 20:02 - 2017-07-17 20:02 - 00001161 _____ C:\Users\Administrator\Desktop\Purchase Bus Driver.lnk
2017-07-17 20:02 - 2017-07-17 20:02 - 00001161 _____ C:\Users\Abhay\Desktop\Purchase Bus Driver.lnk
2017-07-17 20:02 - 2017-07-17 20:02 - 00001074 _____ C:\Users\Administrator\Desktop\Bus Driver.lnk
2017-07-17 20:02 - 2017-07-17 20:02 - 00001074 _____ C:\Users\Abhay\Desktop\Bus Driver.lnk
2017-07-17 20:02 - 2017-07-17 20:02 - 00000000 ____D C:\Users\Abhay\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bus Driver
2017-07-17 20:02 - 2017-07-17 20:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bus Driver
2017-07-17 20:01 - 2017-07-17 20:05 - 00000000 ____D C:\Program Files (x86)\Bus Driver
2017-07-17 20:00 - 2017-07-17 20:01 - 63722550 _____ C:\Users\Abhay\Downloads\Bus Driver full.rar
2017-07-17 19:59 - 2017-07-17 19:59 - 01762060 _____ C:\HEADERS
2017-07-17 19:59 - 2017-07-17 19:59 - 00003072 _____ C:\Users\Abhay\AppData\Local\uninstallce.exe
2017-07-17 19:59 - 2017-07-17 19:59 - 00000019 _____ C:\END
2017-07-14 16:58 - 2017-07-14 16:58 - 01214464 _____ (Zolf Labs) C:\Users\Abhay\Downloads\ZolfernosUltimateBlackOpsTrainer.exe
2017-07-13 22:54 - 2017-07-20 18:38 - 00000000 ____D C:\Users\Abhay\AppData\Roaming\tor
2017-07-13 22:54 - 2017-07-13 22:54 - 00000000 ____D C:\Users\Abhay\AppData\Local\Activision
2017-07-13 21:52 - 2017-07-13 22:49 - 532295164 _____ C:\Users\Abhay\Downloads\COD-BO_V2Ops_patch_4.0-3.exe
2017-07-13 21:47 - 2017-07-13 21:47 - 00002101 _____ C:\Users\Abhay\Desktop\Play Black Ops Multiplayer.lnk
2017-07-13 21:47 - 2017-07-13 21:47 - 00002091 _____ C:\Users\Abhay\Desktop\Play Black Ops Zombie or SP.lnk
2017-07-13 21:28 - 2017-07-13 21:29 - 00000000 ____D C:\Call of Duty
2017-07-13 17:23 - 2017-07-13 17:55 - 00000000 ____D C:\Users\Abhay\Downloads\Call of Duty Black Ops repzOps PC game SP-MP-ZM ^^nosTEAM^^
2017-07-13 17:17 - 2017-07-13 17:22 - 53574078 _____ C:\Users\Abhay\Downloads\CODBO_repzOps.exe
2017-07-13 16:58 - 2017-07-13 17:23 - 00000000 ____D C:\Users\Abhay\Downloads\bo3
2017-07-13 16:56 - 2017-07-13 16:57 - 00000000 ____D C:\Users\Abhay\AppData\Local\MegaDownloader
2017-07-13 16:56 - 2017-07-13 16:56 - 02165541 _____ C:\Users\Abhay\Downloads\MegaDownloader_v1.7.exe
2017-07-13 16:28 - 2017-07-13 16:28 - 00003184 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2332732711-2713494290-2704391704-1001
2017-07-12 09:45 - 2017-07-12 09:45 - 00000143 _____ C:\Users\Abhay\Desktop\wireless adapter.txt
2017-07-12 08:10 - 2017-07-12 08:10 - 00000000 ____D C:\Users\Abhay\AppData\Roaming\uplay
2017-07-12 08:05 - 2017-07-12 08:05 - 00000778 _____ C:\Users\Abhay\Desktop\Tom Clancys Rainbow Six Siege.lnk
2017-07-12 08:05 - 2017-07-12 08:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tom Clancys Rainbow Six Siege
2017-07-12 07:54 - 2017-07-15 14:50 - 00000000 ____D C:\Tom Clancys Rainbow Six Siege
2017-07-12 02:30 - 2017-07-12 07:37 - 00000000 ____D C:\Users\Abhay\Downloads\Tom.Clancys.Rainbow.Six.Siege-CODEX
2017-07-12 02:29 - 2017-07-12 02:29 - 00069024 _____ C:\Users\Abhay\Downloads\Tom.Clancys.Rainbow.Six.Siege-CODEX-[rarbg.com].torrent
2017-07-12 01:05 - 2017-07-12 07:45 - 00000000 ____D C:\Users\Abhay\BrawlhallaReplays
2017-07-12 00:59 - 2017-07-12 00:59 - 00000000 ____D C:\Users\Abhay\AppData\Roaming\BrawlhallaAir
2017-07-12 00:58 - 2017-07-12 07:38 - 00000000 ____D C:\Users\Abhay\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2017-07-12 00:58 - 2017-07-12 00:58 - 00000222 _____ C:\Users\Abhay\Desktop\Brawlhalla.url
2017-07-11 21:41 - 2017-07-11 21:41 - 00000000 ____D C:\Users\Abhay\AppData\Local\Steam
2017-07-11 21:38 - 2017-07-20 19:26 - 00000000 ____D C:\Program Files (x86)\Steam
2017-07-11 21:38 - 2017-07-11 21:38 - 00000986 _____ C:\Users\Public\Desktop\Steam.lnk
2017-07-11 21:38 - 2017-07-11 21:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2017-07-11 21:37 - 2017-07-11 21:37 - 01446792 _____ C:\Users\Abhay\Downloads\SteamSetup.exe
2017-07-11 21:37 - 2017-07-11 21:37 - 01446792 _____ C:\Users\Abhay\Downloads\5c6a0cd5-ff8a-4aef-b06f-c3391cd909a1.tmp
2017-07-11 19:43 - 2017-07-11 19:43 - 00000106 _____ C:\Users\Abhay\Desktop\rainbow 6 seige tutorial.txt
2017-07-11 17:19 - 2017-06-29 02:27 - 25734656 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-07-11 17:19 - 2017-06-29 01:44 - 05975552 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2017-07-11 17:19 - 2017-06-29 01:23 - 20270592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-07-11 17:19 - 2017-06-29 00:58 - 15253504 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2017-07-11 17:19 - 2017-06-29 00:52 - 04549632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2017-07-11 17:19 - 2017-06-22 10:22 - 04169216 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2017-07-11 17:19 - 2017-06-17 12:45 - 03631616 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2017-07-11 17:19 - 2017-06-17 12:34 - 02749952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2017-07-11 17:19 - 2017-06-06 16:52 - 03120640 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
2017-07-11 17:19 - 2017-06-06 15:08 - 02712576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll
2017-07-11 17:19 - 2017-04-27 21:13 - 01292288 _____ (Microsoft Corporation) C:\WINDOWS\system32\certutil.exe
2017-07-11 17:18 - 2017-07-06 04:52 - 00119296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthpan.sys
2017-07-11 17:18 - 2017-06-29 02:02 - 00576512 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2017-07-11 17:18 - 2017-06-29 01:50 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2017-07-11 17:18 - 2017-06-29 01:23 - 00499200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2017-07-11 17:18 - 2017-06-29 01:17 - 01033216 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2017-07-11 17:18 - 2017-06-29 01:13 - 00663552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2017-07-11 17:18 - 2017-06-29 01:09 - 00806912 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2017-07-11 17:18 - 2017-06-29 00:53 - 03240960 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2017-07-11 17:18 - 2017-06-29 00:51 - 00880640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2017-07-11 17:18 - 2017-06-29 00:47 - 00693248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2017-07-11 17:18 - 2017-06-29 00:43 - 13663744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2017-07-11 17:18 - 2017-06-29 00:41 - 01545728 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2017-07-11 17:18 - 2017-06-29 00:29 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2017-07-11 17:18 - 2017-06-29 00:28 - 02767872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2017-07-11 17:18 - 2017-06-29 00:24 - 01314816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2017-07-11 17:18 - 2017-06-29 00:23 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2017-07-11 17:18 - 2017-06-27 10:29 - 07796736 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2017-07-11 17:18 - 2017-06-27 10:29 - 07077376 _____ (Microsoft Corporation) C:\WINDOWS\system32\glcndFilter.dll
2017-07-11 17:18 - 2017-06-27 10:26 - 05274112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\glcndFilter.dll
2017-07-11 17:18 - 2017-06-27 10:26 - 05268992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2017-07-11 17:18 - 2017-06-17 12:11 - 02551808 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2017-07-11 17:18 - 2017-06-17 12:05 - 01920000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
2017-07-11 17:18 - 2017-06-15 18:02 - 00990040 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2017-07-11 17:18 - 2017-06-15 09:45 - 07440728 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-07-11 17:18 - 2017-06-15 09:45 - 01674520 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2017-07-11 17:18 - 2017-06-15 09:45 - 01534064 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2017-07-11 17:18 - 2017-06-15 09:45 - 01499920 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2017-07-11 17:18 - 2017-06-15 09:45 - 01370320 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2017-07-11 17:18 - 2017-06-15 09:45 - 00086360 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys
2017-07-11 17:18 - 2017-06-11 20:06 - 00376672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2017-07-11 17:18 - 2017-06-11 18:21 - 00590848 _____ (Microsoft Corporation) C:\WINDOWS\system32\wvc.dll
2017-07-11 17:18 - 2017-06-11 17:43 - 00371200 _____ (Microsoft Corporation) C:\WINDOWS\system32\msinfo32.exe
2017-07-11 17:18 - 2017-06-11 17:25 - 00478720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wvc.dll
2017-07-11 17:18 - 2017-06-11 17:15 - 01436672 _____ (Microsoft Corporation) C:\WINDOWS\system32\wdc.dll
2017-07-11 17:18 - 2017-06-11 17:08 - 00358912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Wldap32.dll
2017-07-11 17:18 - 2017-06-11 17:07 - 00416256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sysmon.ocx
2017-07-11 17:18 - 2017-06-11 17:00 - 00962560 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2017-07-11 17:18 - 2017-06-11 16:58 - 00334336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msinfo32.exe
2017-07-11 17:18 - 2017-06-11 16:40 - 01323008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wdc.dll
2017-07-11 17:18 - 2017-06-11 16:35 - 00325120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Wldap32.dll
2017-07-11 17:18 - 2017-06-11 16:31 - 00781312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2017-07-11 17:18 - 2017-06-11 11:15 - 02013528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2017-07-11 17:18 - 2017-06-06 16:42 - 00925696 _____ (Microsoft Corporation) C:\WINDOWS\system32\autoconv.exe
2017-07-11 17:18 - 2017-06-06 16:38 - 00039424 _____ (Microsoft Corporation) C:\WINDOWS\system32\cnvfat.dll
2017-07-11 17:18 - 2017-06-06 16:36 - 00168448 _____ (Microsoft Corporation) C:\WINDOWS\system32\uudf.dll
2017-07-11 17:18 - 2017-06-06 16:36 - 00020992 _____ (Microsoft Corporation) C:\WINDOWS\system32\convert.exe
2017-07-11 17:18 - 2017-06-06 16:35 - 00517120 _____ (Microsoft Corporation) C:\WINDOWS\system32\uReFS.dll
2017-07-11 17:18 - 2017-06-06 15:13 - 00177664 _____ (Microsoft Corporation) C:\WINDOWS\system32\ulib.dll
2017-07-11 17:18 - 2017-06-06 15:11 - 00557568 _____ (Microsoft Corporation) C:\WINDOWS\system32\untfs.dll
2017-07-11 17:18 - 2017-06-06 15:11 - 00220672 _____ (Microsoft Corporation) C:\WINDOWS\system32\ifsutil.dll
2017-07-11 17:18 - 2017-06-06 15:11 - 00131072 _____ (Microsoft Corporation) C:\WINDOWS\system32\ufat.dll
2017-07-11 17:18 - 2017-06-06 15:11 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\uexfat.dll
2017-07-11 17:18 - 2017-06-06 15:03 - 00837632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\autoconv.exe
2017-07-11 17:18 - 2017-06-06 14:59 - 00034816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cnvfat.dll
2017-07-11 17:18 - 2017-06-06 14:57 - 00141824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\uudf.dll
2017-07-11 17:18 - 2017-06-06 14:56 - 00375296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\uReFS.dll
2017-07-11 17:18 - 2017-06-06 14:03 - 00143360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ulib.dll
2017-07-11 17:18 - 2017-06-06 14:02 - 00513536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\untfs.dll
2017-07-11 17:18 - 2017-06-06 14:02 - 00197120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ifsutil.dll
2017-07-11 17:18 - 2017-06-06 14:02 - 00106496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ufat.dll
2017-07-11 17:18 - 2017-06-06 14:02 - 00074240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\uexfat.dll
2017-07-11 17:18 - 2017-06-03 12:27 - 02346496 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2017-07-11 17:18 - 2017-06-03 12:03 - 01549312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2017-07-11 17:18 - 2017-05-31 17:20 - 00470360 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netio.sys
2017-07-11 17:18 - 2017-05-15 18:09 - 00057688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\stornvme.sys
2017-07-11 17:18 - 2017-05-15 16:03 - 00379744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2017-07-11 17:18 - 2017-05-09 10:37 - 00658432 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSDApi.dll
2017-07-11 17:18 - 2017-05-09 10:35 - 00555520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSDApi.dll
2017-07-11 17:18 - 2017-05-09 10:29 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsdchngr.dll
2017-07-11 17:18 - 2017-05-09 10:29 - 00014848 _____ (Microsoft Corporation) C:\WINDOWS\system32\snmptrap.exe
2017-07-11 17:18 - 2017-05-09 10:28 - 00193024 _____ (Microsoft Corporation) C:\WINDOWS\system32\DAFWSD.dll
2017-07-11 17:18 - 2017-05-09 10:28 - 00030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsdchngr.dll
2017-07-11 17:18 - 2017-05-09 10:12 - 00448576 _____ C:\WINDOWS\system32\ApnDatabase.xml
2017-07-11 17:18 - 2017-05-06 12:45 - 01114624 _____ (Microsoft Corporation) C:\WINDOWS\system32\termsrv.dll
2017-07-11 17:18 - 2017-05-06 12:41 - 00056832 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdsdwmdr.dll
2017-07-11 17:18 - 2017-05-02 16:09 - 00686592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2017-07-11 17:18 - 2017-05-02 16:08 - 00415744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv.sys
2017-07-11 17:18 - 2017-05-02 16:08 - 00243200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srvnet.sys
2017-07-11 17:18 - 2017-05-02 14:41 - 00044032 _____ (Microsoft Corporation) C:\WINDOWS\system32\sscore.dll
2017-07-11 17:18 - 2017-05-02 14:31 - 00329216 _____ (Microsoft Corporation) C:\WINDOWS\system32\srvsvc.dll
2017-07-11 17:18 - 2017-05-02 14:31 - 00207360 _____ (Microsoft Corporation) C:\WINDOWS\system32\smbwmiv2.dll
2017-07-11 17:18 - 2017-05-02 13:35 - 00031744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sscore.dll
2017-07-11 17:18 - 2017-04-30 12:48 - 00080078 _____ C:\WINDOWS\system32\normidna.nls
2017-07-11 17:18 - 2017-04-27 21:11 - 01060352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certutil.exe
2017-07-11 17:18 - 2016-05-18 17:54 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\system32\certenc.dll
2017-07-11 17:18 - 2016-05-18 17:15 - 00044032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certenc.dll
2017-07-11 16:51 - 2017-06-09 15:14 - 00383016 _____ (EasyAntiCheat Ltd) C:\WINDOWS\SysWOW64\EasyAntiCheat.exe
2017-07-11 16:50 - 2010-06-02 04:55 - 00527192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_7.dll
2017-07-11 16:50 - 2010-06-02 04:55 - 00518488 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_7.dll
2017-07-11 16:50 - 2010-06-02 04:55 - 00077656 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAPOFX1_5.dll
2017-07-11 16:50 - 2010-06-02 04:55 - 00074072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAPOFX1_5.dll
2017-07-11 16:50 - 2010-05-26 11:41 - 02526056 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_43.dll
2017-07-11 16:50 - 2010-05-26 11:41 - 02401112 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_43.dll
2017-07-11 16:50 - 2010-05-26 11:41 - 02106216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_43.dll
2017-07-11 16:50 - 2010-05-26 11:41 - 01998168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DX9_43.dll
2017-07-11 16:50 - 2010-05-26 11:41 - 00276832 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx11_43.dll
2017-07-11 16:50 - 2010-05-26 11:41 - 00248672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx11_43.dll
2017-07-11 16:50 - 2010-02-04 10:01 - 00024920 _____ (Microsoft Corporation) C:\WINDOWS\system32\X3DAudio1_7.dll
2017-07-11 16:50 - 2010-02-04 10:01 - 00022360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\X3DAudio1_7.dll
2017-07-11 16:37 - 2017-07-20 19:25 - 00000000 ____D C:\Program Files (x86)\Hi-Rez Studios
2017-07-11 16:37 - 2017-07-11 16:52 - 00000000 ____D C:\ProgramData\Hi-Rez Studios
2017-07-11 16:37 - 2017-07-11 16:37 - 00002056 _____ C:\Users\Public\Desktop\Hi-Rez Diagnostics and Support.lnk
2017-07-11 16:37 - 2017-07-11 16:37 - 00002049 _____ C:\Users\Public\Desktop\Paladins.lnk
2017-07-11 16:37 - 2017-07-11 16:37 - 00000000 ____D C:\Users\Abhay\AppData\Local\HirezLauncherUI
2017-07-11 16:37 - 2017-07-11 16:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hi-Rez Studios
2017-07-11 16:35 - 2017-07-11 16:36 - 75200952 _____ (Hi-Rez Studios) C:\Users\Abhay\Downloads\InstallPaladins.exe
2017-07-09 14:15 - 2017-07-09 14:15 - 00000951 _____ C:\Users\Abhay\Desktop\LiquidSky.lnk
2017-07-09 14:15 - 2017-07-09 14:15 - 00000000 ____D C:\Users\Abhay\AppData\Local\CEF
2017-07-09 13:56 - 2017-07-12 22:05 - 00000000 ____D C:\Users\Abhay\AppData\Roaming\LiquidSky
2017-07-09 13:53 - 2017-07-09 13:56 - 04022392 _____ C:\Users\Abhay\Downloads\LiquidSkyClient0.2.9.exe
2017-07-05 22:39 - 2017-07-05 22:39 - 00000000 ____D C:\Users\Abhay\AppData\Roaming\MonoDevelop-Unity-5.0
2017-07-05 22:39 - 2017-07-05 22:39 - 00000000 ____D C:\Users\Abhay\AppData\Local\MonoDevelop-Unity-5.0
2017-07-03 22:27 - 2017-07-03 22:27 - 00000000 ____D C:\Users\Abhay\Downloads\desert-environment
2017-07-03 18:56 - 2017-07-03 19:10 - 186875992 _____ C:\Users\Abhay\Downloads\desert-environment.zip
2017-07-03 18:54 - 2017-07-03 18:54 - 00000000 ____D C:\Users\Abhay\Downloads\general-textures
2017-07-03 18:33 - 2017-07-03 18:52 - 264910735 _____ C:\Users\Abhay\Downloads\general-textures.zip
2017-07-03 15:33 - 2017-07-03 15:33 - 00000000 ____D C:\Users\Abhay\Downloads\survival-game-assets
2017-07-03 15:33 - 2017-07-03 15:33 - 00000000 ____D C:\Users\Abhay\Downloads\modern-weapons
2017-07-03 15:32 - 2017-07-03 15:32 - 51479614 _____ C:\Users\Abhay\Downloads\survival-game-assets.zip
2017-07-03 15:31 - 2017-07-03 15:31 - 55106704 _____ C:\Users\Abhay\Downloads\modern-weapons.zip
2017-07-03 15:05 - 2017-07-05 23:03 - 00000000 ____D C:\Users\Abhay\Documents\New Unity Project 1
2017-07-03 15:05 - 2017-07-03 15:05 - 00000000 ____D C:\Users\Abhay\AppData\LocalLow\DefaultCompany
2017-07-03 14:04 - 2017-07-03 14:04 - 00000906 _____ C:\Users\Public\Desktop\Unity 5.6.2f1 (64-bit).lnk
2017-07-03 14:03 - 2017-07-03 14:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Unity 5.6.2f1 (64-bit)
2017-07-03 13:57 - 2017-07-03 14:05 - 00000000 ____D C:\Program Files\Unity
2017-07-03 13:52 - 2017-07-03 13:52 - 00736264 _____ C:\Users\Abhay\Downloads\UnityDownloadAssistant-5.6.2f1.exe
2017-06-30 19:28 - 2017-06-30 19:28 - 00903982 _____ C:\Users\Abhay\Downloads\Rental_Lease.pdf
2017-06-27 09:27 - 2017-06-27 09:27 - 00000000 ____D C:\Users\Abhay\Documents\Avatar
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-07-20 19:47 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-07-20 19:46 - 2013-08-22 11:36 - 00000000 ___HD C:\Program Files\WindowsApps
2017-07-20 19:32 - 2017-02-02 08:02 - 00000000 ____D C:\Users\Abhay\Documents\Youcam
2017-07-20 19:31 - 2017-02-02 08:06 - 00003598 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2332732711-2713494290-2704391704-1001
2017-07-20 19:31 - 2014-03-18 05:53 - 00958356 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-07-20 19:31 - 2013-08-22 09:36 - 00000000 ____D C:\WINDOWS\Inf
2017-07-20 19:28 - 2017-02-02 08:03 - 00000000 __RDO C:\Users\Abhay\OneDrive
2017-07-20 19:24 - 2013-08-22 10:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-07-20 19:14 - 2017-02-07 14:05 - 00000000 ____D C:\Users\Abhay\AppData\Local\CrashDumps
2017-07-20 19:00 - 2017-02-09 13:58 - 00000000 ____D C:\WINDOWS\Minidump
2017-07-20 19:00 - 2017-02-02 04:13 - 00143524 ____N C:\WINDOWS\Minidump\072017-27015-01.dmp
2017-07-20 18:50 - 2017-02-02 07:59 - 00000000 ____D C:\Users\Abhay
2017-07-20 18:49 - 2017-02-02 04:13 - 00141476 ____N C:\WINDOWS\Minidump\072017-26890-01.dmp
2017-07-20 18:26 - 2017-02-02 08:04 - 00003950 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{12D7C0DB-8111-415C-95F9-17C5C70AE086}
2017-07-20 18:23 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\system32\NDF
2017-07-20 13:22 - 2013-08-22 09:25 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2017-07-20 13:20 - 2017-02-02 04:13 - 00142022 ____N C:\WINDOWS\Minidump\072017-24703-01.dmp
2017-07-19 09:48 - 2017-02-06 22:12 - 00000000 ____D C:\Program Files\ByteFence
2017-07-18 18:15 - 2013-08-22 11:36 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-07-18 18:10 - 2014-04-24 13:40 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2017-07-18 16:53 - 2017-02-06 21:51 - 00000000 ____D C:\Users\Abhay\AppData\Roaming\uTorrent
2017-07-17 20:28 - 2013-08-22 09:25 - 00262144 ___SH C:\WINDOWS\system32\config\ELAM
2017-07-17 20:03 - 2017-02-02 08:05 - 00000000 ____D C:\Program Files (x86)\Google
2017-07-16 15:26 - 2017-04-29 06:38 - 00003176 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForAbhay
2017-07-16 15:26 - 2017-04-29 06:38 - 00000362 _____ C:\WINDOWS\Tasks\HPCeeScheduleForAbhay.job
2017-07-14 17:09 - 2017-02-06 14:57 - 00000000 ____D C:\Users\Abhay\Documents\MEGAsync Downloads
2017-07-14 11:23 - 2013-08-22 10:44 - 00490856 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-07-13 22:14 - 2014-05-30 18:12 - 00000000 ____D C:\ProgramData\McAfee
2017-07-13 21:28 - 2017-02-10 10:59 - 00000000 ____D C:\Games
2017-07-13 16:28 - 2017-02-09 14:32 - 00002354 _____ C:\Users\Abhay\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive for Business.lnk
2017-07-13 16:28 - 2017-02-02 11:30 - 00003192 _____ C:\WINDOWS\System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-2332732711-2713494290-2704391704-1001
2017-07-12 08:09 - 2017-02-06 22:51 - 00000000 ____D C:\Users\Abhay\Documents\My Games
2017-07-12 02:38 - 2017-02-10 09:46 - 00000000 ____D C:\WINDOWS\system32\MRT
2017-07-12 02:35 - 2017-02-10 09:45 - 135225752 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-07-12 02:35 - 2013-08-22 11:20 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-07-11 16:50 - 2014-05-30 17:55 - 00000000 ____D C:\ProgramData\Package Cache
2017-07-11 16:48 - 2017-02-06 01:46 - 00003312 _____ C:\WINDOWS\System32\Tasks\McAfee Remediation (Prepare)
2017-07-11 16:37 - 2014-04-24 13:39 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2017-07-05 22:10 - 2017-02-02 21:13 - 00000000 ____D C:\ProgramData\Unity
2017-07-03 15:05 - 2017-02-02 21:17 - 00000000 ____D C:\Users\Abhay\AppData\Roaming\Unity
2017-07-03 15:05 - 2017-02-02 21:13 - 00000000 ____D C:\Users\Abhay\AppData\LocalLow\Unity
2017-07-03 15:00 - 2017-04-29 07:03 - 00000000 ____D C:\Users\Abhay\AppData\Roaming\Visual Studio Setup
2017-07-03 14:59 - 2017-04-29 07:03 - 00002245 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual Studio Installer.lnk
2017-07-03 14:58 - 2017-04-29 07:03 - 00000000 ____D C:\Program Files (x86)\Microsoft Visual Studio
2017-07-03 14:06 - 2017-04-28 15:01 - 00000000 ____D C:\Program Files (x86)\GtkSharp
2017-07-02 11:12 - 2017-02-02 08:05 - 00002222 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-07-02 11:12 - 2017-02-02 08:05 - 00002210 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-06-29 20:27 - 2017-06-07 21:52 - 00835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-06-29 20:27 - 2017-06-07 21:52 - 00177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2017-06-27 14:32 - 2017-02-02 21:18 - 00000000 ____D C:\Users\Abhay\Documents\New Unity Project
2017-06-27 09:53 - 2017-02-12 13:19 - 00265216 ___SH C:\Users\Abhay\Downloads\Thumbs.db
2017-06-27 09:21 - 2017-02-06 14:47 - 00000000 ____D C:\Users\Abhay\AppData\Local\MEGAsync
 
==================== Files in the root of some directories =======
 
2017-07-17 19:59 - 2017-07-17 19:59 - 0003072 _____ () C:\Users\Abhay\AppData\Local\uninstallce.exe
 
Some files in TEMP:
====================
2017-07-12 01:26 - 2017-07-12 01:26 - 0000089 _____ () C:\Users\Abhay\AppData\Local\Temp\6b868b445746a580bd7acfe2d77bcddb.dll
2017-07-12 01:26 - 2017-07-12 01:43 - 0000000 _____ () C:\Users\Abhay\AppData\Local\Temp\ed6e8e8c4b588010c8f64663407c6196.dll
2017-07-18 18:07 - 2017-07-20 19:12 - 11584088 _____ (SurfRight B.V.) C:\Users\Abhay\AppData\Local\Temp\HitmanPro_x64.exe
2017-02-11 12:05 - 2016-12-07 17:21 - 0619656 _____ (HP Inc.) C:\Users\Abhay\AppData\Local\Temp\HPSFUpdater.exe
2017-02-11 12:14 - 2016-12-07 07:29 - 0167456 _____ (HP Inc.) C:\Users\Abhay\AppData\Local\Temp\UninstallHPSA.exe
2017-02-11 11:46 - 2017-02-11 11:46 - 0040960 _____ () C:\Users\Abhay\AppData\Local\Temp\y1ufav9m.dll
2017-04-28 14:00 - 2017-04-28 14:03 - 14865512 _____ (Google Inc.) C:\Users\Abhay\AppData\Local\Temp\{93235287-0158-4122-B8D5-C591770011B5}-58.0.3029.81_57.0.2987.133_chrome_updater.exe
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2017-07-12 01:49
 
==================== End of FRST.txt ============================

Edited by MemezRdreamz, 20 July 2017 - 07:07 PM.


BC AdBot (Login to Remove)

 


#2 MemezRdreamz

MemezRdreamz
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:12:46 AM

Posted 20 July 2017 - 07:08 PM

Additional Scan by FARBAR=

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 18-07-2017
Ran by Abhay (20-07-2017 20:03:46)
Running from C:\Users\Abhay\Downloads
Windows 8.1 (Update) (X64) (2017-02-02 11:59:42)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Abhay (S-1-5-21-2332732711-2713494290-2704391704-1001 - Administrator - Enabled) => C:\Users\Abhay
Administrator (S-1-5-21-2332732711-2713494290-2704391704-500 - Administrator - Disabled) => C:\Users\Administrator
Guest (S-1-5-21-2332732711-2713494290-2704391704-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2332732711-2713494290-2704391704-1003 - Limited - Enabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: McAfee VirusScan (Disabled - Up to date) {8BCDACFA-D264-3528-5EF8-E94FD0BC1FBC}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: McAfee VirusScan (Disabled - Up to date) {30AC4D1E-F45E-3AA6-6448-D23DAB3B5501}
FW: McAfee Firewall (Disabled) {B3F62DDF-980B-3470-75A7-407A2E6F58C7}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKU\S-1-5-21-2332732711-2713494290-2704391704-1001\...\uTorrent) (Version: 3.5.0.43916 - BitTorrent Inc.)
4 Elements II (HKLM-x32\...\WTA-e64fb456-9214-4f57-9811-3faa4dd574f6) (Version: 2.2.0.98 - WildTangent) Hidden
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Photoshop CS6 version 13.0.1 (HKLM-x32\...\{A724DC44-6241-42D3-BA57-778B178ABC17}_is1) (Version: 13.0.1 - Adobe Systems, Inc.)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.4.144 - Adobe Systems, Inc.)
Application Verifier x64 External Package (HKLM\...\{01C2C51F-B0CF-BB5E-A010-E927D44F7720}) (Version: 10.1.15063.137 - Microsoft) Hidden
Azkend 2: The World Beneath (HKLM-x32\...\WTA-af85fe28-9da6-4327-962f-600dfd411378) (Version: 2.2.0.98 - WildTangent) Hidden
Bejeweled 3 (HKLM-x32\...\WTA-d88c9e58-f652-497e-a778-405df60a504f) (Version: 2.2.0.98 - WildTangent) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Brawlhalla (HKLM\...\Steam App 291550) (Version:  - Blue Mammoth Games)
Build Tools - amd64 (HKLM\...\{F74753A3-C93C-34F5-A199-993CAF602B7D}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Build Tools - x86 (HKLM-x32\...\{FB3A15FD-FC67-3A2F-892B-6890B0C56EA9}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Build Tools Language Resources - amd64 (HKLM\...\{05198C22-FFCE-374A-B190-9F18CC99DAEA}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Build Tools Language Resources - x86 (HKLM-x32\...\{9347889B-C22A-3905-901F-C05D8F73C929}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Build-a-lot (HKLM-x32\...\WTA-b0cce456-72f1-4d86-a5f5-8f3a41da3fe0) (Version: 2.2.0.98 - WildTangent) Hidden
Building the Great Wall of China Collector's Edition (HKLM-x32\...\WTA-f3c8e851-6d1d-4cbc-84ea-d0fa577804fa) (Version: 3.0.2.48 - WildTangent) Hidden
Bus Driver 1.0 (HKLM-x32\...\Bus Driver) (Version: 1.0 - SCS Software)
ByteFence Anti-Malware (HKLM-x32\...\ByteFence) (Version: 3.9.0.3 - Byte Technologies LLC) <==== ATTENTION
Camtasia Studio 8 (HKLM-x32\...\{80AE23DF-71A4-4E3F-B931-F93AB5DF0BDD}) (Version: 8.4.2.1768 - TechSmith Corporation)
ClickOnce Bootstrapper Package for Microsoft .NET Framework (HKLM-x32\...\{E598B692-764A-413C-8530-59163D6B4AE3}) (Version: 4.6.01590 - Microsoft Corporation) Hidden
Curse at Twilight (HKLM-x32\...\WTA-856a472c-6aa8-4053-b4d8-ddd7ca75b8bf) (Version: 3.0.2.51 - WildTangent) Hidden
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.6.3728 - CyberLink Corp.)
CyberLink MediaEspresso 6.7 (HKLM-x32\...\InstallShield_{E3739848-5329-48E3-8D28-5BBD6E8BE384}) (Version: 6.7.1.5112 - CyberLink Corp.)
Cyberlink PhotoDirector (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.4.4824 - CyberLink Corp.)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.6.3821 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.6.3912 - CyberLink Corp.)
CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.3.3709 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 5.0.3.3907 - CyberLink Corp.)
Delicious - Emily's Wonder Wedding Premium Edition (HKLM-x32\...\WTA-ce925c15-b7f7-4b8e-b8a2-058e97174360) (Version: 3.0.2.48 - WildTangent) Hidden
DiagnosticsHub_CollectionService (HKLM\...\{90A561D7-0C29-464D-94E1-2A7E1C553230}) (Version: 15.0.26208 - Microsoft Corporation) Hidden
DisableMSDefender (HKLM\...\{74FE39A0-FB76-47CD-84BA-91E2BBB17EF2}) (Version: 1.0.0 - Hewlett-Packard Company) Hidden
DragonBoost (HKU\S-1-5-21-2332732711-2713494290-2704391704-1001\...\119) (Version:  - ) <==== ATTENTION
Energy Star (HKLM\...\{465CA2B6-98AF-4E77-BE22-A908C34BB9EC}) (Version: 1.0.9 - Hewlett-Packard Company)
Entity Framework 6.1.3 Tools  for Visual Studio 15 (HKLM-x32\...\{F8C0447E-D45C-4E52-94E8-C6340AAC9DB8}) (Version: 6.1.60104.0 - Microsoft Corporation) Hidden
Evernote v. 5.2 (HKLM-x32\...\{412F6426-A3C7-11E3-8A71-00163E98E7D6}) (Version: 5.2.0.2951 - Evernote Corp.)
Farm Frenzy (HKLM-x32\...\WTA-7fd77cb1-e2fd-447b-897e-c7ca5369fc2f) (Version: 2.2.0.98 - WildTangent) Hidden
FileASSASSIN (HKLM-x32\...\FileASSASSIN) (Version: 1.06 - Malwarebytes)
Fishdom 3: Collector's Edition (HKLM-x32\...\WTA-2cd58382-a81d-4cef-89aa-8843082c054d) (Version: 3.0.2.38 - WildTangent) Hidden
Game Loader version 1.0.1 (HKLM-x32\...\{1325F77D-B029-4F9E-AE0A-4AF68C15E017}_is1) (Version: 1.0.1 - Gaming Style, Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 59.0.3071.115 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
Governor of Poker 2 Premium Edition (HKLM-x32\...\WTA-698e23e8-2125-4b18-9489-f9148d9f41d1) (Version: 2.2.0.110 - WildTangent) Hidden
Gtk# for .Net 2.12.26 (HKLM-x32\...\{BC25B808-A11C-4C9F-9C0A-6682E47AAB83}) (Version: 2.12.26 - Xamarin, Inc.)
Gtk# for .Net 2.12.44 (HKLM-x32\...\{063E9BC4-FF17-45D6-8337-6CEC03254879}) (Version: 2.12.44 - Xamarin, Inc.)
Hewlett-Packard ACLM.NET v1.2.2.3 (HKLM-x32\...\{6F340107-F9AA-47C6-B54C-C3A19F11553F}) (Version: 1.00.0000 - Hewlett-Packard Company) Hidden
Hi-Rez Studios Authenticate and Update Service (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}) (Version: 3.0.0.0 - Hi-Rez Studios)
HP 3D DriveGuard (HKLM-x32\...\{F90A86C9-7779-47DD-AC06-8EE832C55F55}) (Version: 6.0.18.1 - Hewlett-Packard Company)
HP CoolSense (HKLM-x32\...\{E2C8D0C2-1C97-4C05-939A-5B13A0FE655C}) (Version: 2.20.31 - Hewlett-Packard Company)
HP Documentation (HKLM-x32\...\{ADD75863-9A69-4C44-9B43-11AE2B12BE51}) (Version: 1.1.0.0 - Hewlett-Packard)
HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.7493.4758 - Hewlett-Packard)
HP SimplePass (HKLM-x32\...\InstallShield_{314FAD12-F785-4471-BCE8-AB506642B9A1}) (Version: 8.01.11 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{4780AF24-213D-4187-86F2-0014A6D6077B}) (Version: 8.4.19.3 - HP Inc.)
HP Support Solutions Framework (HKLM-x32\...\{00612F78-52C4-46C0-97F0-F50B6036B5E2}) (Version: 12.7.27.15 - HP Inc.)
HP System Event Utility (HKLM-x32\...\{DEF23826-DB71-4654-BC00-D5D6C20802EA}) (Version: 1.1.4 - Hewlett-Packard Company)
HP Utility Center (HKLM\...\{36F80C5F-DC0D-4DF4-AF09-DC1867F0EB0A}) (Version: 2.4.4 - Hewlett-Packard Company)
HP Wireless Button Driver (HKLM-x32\...\{30B2D1D8-0A07-4B71-9553-0710C5D31E35}) (Version: 1.1.2.1 - Hewlett-Packard Company)
icecap_collection_neutral (HKLM-x32\...\{64F3E6FC-68E3-4062-9C2C-ABD93FDFF309}) (Version: 15.0.26208 - Microsoft Corporation) Hidden
icecap_collection_x64 (HKLM\...\{0AD162D1-4973-4315-97E9-5DE9A92B4049}) (Version: 15.0.26208 - Microsoft Corporation) Hidden
icecap_collectionresources (HKLM-x32\...\{12C50688-5919-4A7A-8784-B26A7238FCEE}) (Version: 15.0.26208 - Microsoft Corporation) Hidden
icecap_collectionresourcesx64 (HKLM-x32\...\{400E7885-8851-43F1-849C-5A720CB4F001}) (Version: 15.0.26208 - Microsoft Corporation) Hidden
Inst5675 (HKLM\...\{2DE6247C-7077-451B-8BA7-FFD1A2ABBB47}) (Version: 8.01.11 - Softex Inc.) Hidden
Inst5676 (HKLM\...\{878F6913-7421-4713-97F7-0A736EE2A188}) (Version: 8.01.11 - Softex Inc.) Hidden
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.23.1766 - Intel Corporation)
Intel® PRO/Wireless Driver (HKLM\...\{dd372384-a281-47d6-8ef4-19cc622dce4e}) (Version: 17.00.1000.1423 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3496 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.9.1000 - Intel Corporation)
Intel® Smart Connect Technology (HKLM\...\{51AC86D3-C431-48AD-9195-0D6C930D07CD}) (Version: 4.2.41.2710 - Intel Corporation)
Intel® Virtual Buttons (HKLM-x32\...\1992736F-C90A-481C-B21B-EE34CAD07387) (Version: 1.0.0.14 - Intel Corporation)
Intel® Wireless Bluetooth® 4.0 (HKLM-x32\...\{A405194D-16D1-44FA-8FF8-D43684D77005}) (Version: 17.0.1407.02 - Intel Corporation)
Intellisense Lang Pack Mobile Extension SDK 10.0.15063.0 (HKLM-x32\...\{A0007ADE-F6F6-410F-822F-7522B4F0BFDE}) (Version: 10.1.15063.137 - Microsoft Corporation) Hidden
IntelliTraceProfilerProxy (HKLM-x32\...\{51783942-DFB0-4452-97CC-BDF2D4AB3A48}) (Version: 15.0.24.0 - Microsoft Corporation) Hidden
Java 8 Update 121 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180121F0}) (Version: 8.0.1210.13 - Oracle Corporation)
Jewel Match 3 (HKLM-x32\...\WTA-ba8dcacc-2dcb-4559-9134-c58a57c64421) (Version: 2.2.0.98 - WildTangent) Hidden
Joining Hands 2 (HKLM-x32\...\WTA-e21dd8c6-7144-4616-9e2d-c15d06d49d13) (Version: 3.0.2.51 - WildTangent) Hidden
Kits Configuration Installer (HKLM-x32\...\{0C05DE52-2C77-D6FA-A561-D508CF5FC96E}) (Version: 10.1.15063.137 - Microsoft) Hidden
LEGO MINDSTORMS EV3 (HKLM-x32\...\LEGO_SW.{5B0CB826-E499-4E6B-94F0-75B6327ED934}) (Version: 1.0.0 - The LEGO Group)
LEGO MINDSTORMS EV3 Home Content (HKLM-x32\...\{142D9B8C-E72A-4970-A703-B8AF9904E6F1}) (Version: 1.2.30 - The LEGO Group) Hidden
LEGO MINDSTORMS EV3 Home Edition (HKLM-x32\...\{ACC62EC7-E615-473F-83A5-F95DF9A20E49}) (Version: 1.2.30 - The LEGO Group) Hidden
LEGO MINDSTORMS EV3 Home English Support (HKLM-x32\...\{BD199034-21A3-4FD5-98A8-CE885DAF8ABB}) (Version: 1.2.30 - The LEGO Group) Hidden
LEGO MINDSTORMS EV3 Uninstaller (HKLM-x32\...\{5F3092B9-4240-4037-A287-BF6F9A2996BC}) (Version: 1.0.11 - The LEGO Group) Hidden
LEGO MINDSTORMS NXT x64 Driver (HKLM\...\{A0831C28-A6FA-49A3-86AE-B5AE3C9EE19C}) (Version: 1.20.115.0 - LEGO)
Letters from Nowhere 2 (HKLM-x32\...\WTA-afd7916f-6dae-4cf9-a23e-da5ca0c267a9) (Version: 2.2.0.97 - WildTangent) Hidden
Lost in Reefs 2 (HKLM-x32\...\WTA-f6c8c1c6-b97e-43c4-8d69-9072e3f8ef83) (Version: 3.0.2.51 - WildTangent) Hidden
LUXOR Evolved (HKLM-x32\...\WTA-880d4a91-ff2a-41a9-abe1-3c00784b8bba) (Version: 2.2.0.98 - WildTangent) Hidden
McAfee LiveSafe (HKLM-x32\...\MSC) (Version: 14.0 R13 - McAfee, Inc.)
MEGAsync (HKLM-x32\...\MEGAsync) (Version:  - Mega Limited)
Microsoft Build Tools 2013 (HKLM-x32\...\{2bceccd3-6613-4596-b748-441a06847696}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Build Tools 2015 (HKLM-x32\...\{d21da0dd-4ba4-4838-ba58-64cf7a77131a}) (Version: 14.0.23107.10 - Microsoft Corporation)
Microsoft Office 365 ProPlus - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 16.0.8229.2086 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2332732711-2713494290-2704391704-1001\...\OneDriveSetup.exe) (Version: 17.3.6943.0625 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2016 (HKLM\...\{96EB5054-C775-4BEF-B7B9-AA96A295EDCD}) (Version: 13.0.1601.5 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2016 (HKLM-x32\...\{84C23ECA-FE4D-494F-9247-3EBAD57E7F0C}) (Version: 13.0.1601.5 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.10.25008 (HKLM-x32\...\{f1e7e313-06df-4c56-96a9-99fdfd149c51}) (Version: 14.10.25008.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.10.25008 (HKLM-x32\...\{c239cea1-d49e-4e16-8e87-8c055765f7ec}) (Version: 14.10.25008.0 - Microsoft Corporation)
Microsoft Visual Studio 2017 (HKLM-x32\...\{6F320B93-EE3C-4826-85E0-ADF79F8D4C61}) (Version: 1.10.30640.0 - Microsoft Corporation)
MSI Development Tools (HKLM-x32\...\{074120DA-7DA8-E059-BD8E-5750E97C6046}) (Version: 10.1.15063.137 - Microsoft Corporation) Hidden
NI .NET Framework 4.0 (HKLM-x32\...\{0C43BB65-C604-4D94-A83A-54DCB42780B8}) (Version: 4.01.49154 - National Instruments) Hidden
NI EulaDepot (HKLM-x32\...\{87F60C46-07E2-46B4-B872-680DE4184C0A}) (Version: 3.20.363 - National Instruments) Hidden
NI MDF Support (HKLM-x32\...\{FA35D849-889D-4454-9532-6BE2008D2CDF}) (Version: 3.20.363 - National Instruments) Hidden
NI Security Update (KB 67L8LCQW) (64-bit) (HKLM\...\{4A78D9E6-D349-4CCA-9295-45B12BE5BC6C}) (Version: 1.0.29.0 - National Instruments) Hidden
NI Security Update (KB 67L8LCQW) (HKLM-x32\...\{20124E21-206B-485F-838F-14BB88161045}) (Version: 1.0.29.0 - National Instruments) Hidden
NI Uninstaller (HKLM-x32\...\{C7743231-5899-418D-8CA5-22B0F654D894}) (Version: 3.20.363 - National Instruments) Hidden
NI VC2008MSMs x64 (HKLM\...\{07E00E94-7A78-40FA-9BEF-71C190E98041}) (Version: 9.0.401 - National Instruments) Hidden
NI VC2008MSMs x86 (HKLM-x32\...\{E84997A1-4D6F-4C0B-B60D-F85B360D2666}) (Version: 9.0.401 - National Instruments) Hidden
NVIDIA PhysX (HKLM-x32\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.8229.2086 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.8229.2086 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.8229.2086 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.8201.2075 - Microsoft Corporation) Hidden
Paladins (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF402}) (Version: 0.54.1958.1 - Hi-Rez Studios)
Papers, Please (HKLM-x32\...\GOGPACKPAPERSPLEASE_is1) (Version: 2.0.0.4 - GOG.com)
Peggle Nights (HKLM-x32\...\WTA-a4925211-2629-48dd-9b93-21fa6ec15ade) (Version: 2.2.0.98 - WildTangent) Hidden
Penguins! (HKLM-x32\...\WTA-d828e2b2-72a3-4435-9573-198c488ee8b6) (Version: 2.2.0.98 - WildTangent) Hidden
Pinger (HKLM-x32\...\{9B56B031-A6C0-4BB7-8F61-938548C1B759}) (Version: 1.4.0.1 - Pinger Inc.) Hidden
Pinger (HKLM-x32\...\Pinger 1.4.0.1) (Version: 1.4.0.1 - Pinger Inc.)
Plants vs. Zombies - Game of the Year (HKLM-x32\...\WTA-f11e7b93-a2fe-4a80-9d07-39a9b4acca52) (Version: 3.0.2.51 - WildTangent) Hidden
Polar Bowler 1st Frame (HKLM-x32\...\WTA-9e8dabb1-4f98-4f42-a7f5-345e746c11f9) (Version: 3.0.2.59 - WildTangent) Hidden
PowerISO (HKLM-x32\...\PowerISO) (Version: 6.8 - Power Software Ltd)
Prison Architect (HKLM-x32\...\1441974651_is1) (Version: 2.16.0.20 - GOG.com)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.273.40 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.24.1218.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7219 - Realtek Semiconductor Corp.)
Roads of Rome 3 (HKLM-x32\...\WTA-f35f366f-a7a9-4f16-8ee7-335754c8bb73) (Version: 2.2.0.98 - WildTangent) Hidden
Solitaire Mystery Four Seasons (HKLM-x32\...\WTA-cb2e810c-024c-47d6-b0b3-3b5e81f19eb2) (Version: 3.0.2.51 - WildTangent) Hidden
Sparkle 2 (HKLM-x32\...\WTA-7442245c-3953-4ead-8913-321ea7eac36b) (Version: 3.0.2.51 - WildTangent) Hidden
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 18.1.7.6 - Synaptics Incorporated)
Tom Clancys Rainbow Six Siege (HKLM-x32\...\Tom Clancys Rainbow Six Siege_is1) (Version:  - )
Tom Clancy's Rainbow Six Vegas 2 (HKLM-x32\...\{7AA77536-7DC2-4831-A0CF-B46C49C2D4DF}_is1) (Version: 1.03 - Ubisoft)
Trinklit Supreme (HKLM-x32\...\WTA-64965df0-2ff8-4763-9eb3-4b42d14bd1b1) (Version: 2.2.0.98 - WildTangent) Hidden
TypeScript Power Tool (HKLM-x32\...\{0B693FB7-DF61-44DB-AEAA-E2E30F85A781}) (Version: 2.1.5.0 - Microsoft Corporation) Hidden
Unity (HKLM-x32\...\Unity) (Version: 5.6.2f1 - Unity Technologies ApS)
Unity Web Player (HKU\S-1-5-21-2332732711-2713494290-2704391704-1001\...\UnityWebPlayer) (Version: 5.1.4f1 - Unity Technologies ApS)
Universal CRT Extension SDK (HKLM-x32\...\{ADD45F52-630A-4F45-8879-A8DB80DF921B}) (Version: 10.1.15063.137 - Microsoft Corporation) Hidden
Universal CRT Headers Libraries and Sources (HKLM-x32\...\{919D63C5-565C-F1C3-67D9-353FE902EF11}) (Version: 10.1.15063.137 - Microsoft Corporation) Hidden
Universal CRT Redistributable (HKLM-x32\...\{0AAB833E-034D-430B-D3E4-39C5753B14AC}) (Version: 10.1.15063.137 - Microsoft Corporation) Hidden
Universal CRT Tools x64 (HKLM\...\{D29934EC-24B6-0F5D-C6BB-E9ECCF220C12}) (Version: 10.1.15063.137 - Microsoft Corporation) Hidden
Universal CRT Tools x86 (HKLM-x32\...\{2410D879-0C8F-B254-C207-455E119075B6}) (Version: 10.1.15063.137 - Microsoft Corporation) Hidden
Universal General MIDI DLS Extension SDK (HKLM-x32\...\{485209AE-37CE-2208-59CB-7BB59AA85BE7}) (Version: 10.1.15063.137 - Microsoft Corporation) Hidden
Update for  (KB2504637) (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation)
Update Installer for WildTangent Games App (HKLM-x32\...\{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App) (Version:  - WildTangent) Hidden
Vacation Quest™ - Australia (HKLM-x32\...\WTA-3c57899e-d4de-4c6f-9011-6653630f5740) (Version: 3.0.2.32 - WildTangent) Hidden
vcpp_crt.redist.clickonce (HKLM-x32\...\{93FDC294-0726-48EA-989D-50E89C67ABF0}) (Version: 14.10.25008 - Microsoft Corporation) Hidden
VEGAS Pro 14.0 (64-bit) (HKLM\...\{4C79D80F-79F9-11E6-8402-BB95F5A309BD}) (Version: 14.0.161 - VEGAS)
Viking Saga (HKLM-x32\...\WTA-973df290-a73d-45b1-9034-53b3d30422f9) (Version: 3.0.2.48 - WildTangent) Hidden
VS Immersive Activate Helper (HKLM-x32\...\{D8A4EA2B-1A97-45A5-BF96-7493183F8524}) (Version: 16.0.59.0 - Microsoft Corporation) Hidden
VS JIT Debugger (HKLM\...\{2901E697-0E9C-404B-B7D0-6E2D43F64CE5}) (Version: 16.0.59.0 - Microsoft Corporation) Hidden
VS Script Debugging Common (HKLM\...\{3B64C68E-14E0-4214-A53D-502E9FBD32E7}) (Version: 16.0.59.0 - Microsoft Corporation) Hidden
vs_BlendMsi (HKLM-x32\...\{1070C8E8-4DFB-419F-984A-5C835828897E}) (Version: 15.0.26208 - Microsoft Corporation) Hidden
vs_clickoncebootstrappermsi (HKLM-x32\...\{B9F4AA09-F4AC-4108-ADA0-27CDD45FCEC3}) (Version: 15.0.26208 - Microsoft Corporation) Hidden
vs_clickoncebootstrappermsires (HKLM-x32\...\{AEF5E0F2-31D1-454A-A992-C523C0007B4D}) (Version: 15.0.26208 - Microsoft Corporation) Hidden
vs_clickoncesigntoolmsi (HKLM-x32\...\{DE8B48BF-82B9-434A-B254-1EA2306E5FBA}) (Version: 15.0.26208 - Microsoft Corporation) Hidden
vs_communitymsi (HKLM-x32\...\{A041943F-C97B-48F6-8F23-C5078F99BB3A}) (Version: 15.0.26323 - Microsoft Corporation) Hidden
vs_communitymsires (HKLM-x32\...\{1210EE60-E253-407D-B537-D36898049CF0}) (Version: 15.0.26228 - Microsoft Corporation) Hidden
vs_devenvmsi (HKLM-x32\...\{581E5656-26E2-4A02-9711-48C8E4998310}) (Version: 15.0.26208 - Microsoft Corporation) Hidden
vs_filehandler_amd64 (HKLM-x32\...\{15D591B0-7B40-4957-B6C0-EB7452B5AAB6}) (Version: 15.0.26228 - Microsoft Corporation) Hidden
vs_filehandler_x86 (HKLM-x32\...\{DC296244-0701-4EDE-9696-05B9C1D017B3}) (Version: 15.0.26228 - Microsoft Corporation) Hidden
vs_FileTracker_Singleton (HKLM-x32\...\{11230C85-1813-4BC3-9C24-E0B74B59653E}) (Version: 15.0.26208 - Microsoft Corporation) Hidden
vs_Graphics_Singletonx64 (HKLM\...\{F3217611-B414-4A3A-81BF-6A3A4DB7E743}) (Version: 15.0.26208 - Microsoft Corporation) Hidden
vs_Graphics_Singletonx86 (HKLM-x32\...\{D4DCEC6A-BC59-43D5-866A-AB057E64F73F}) (Version: 15.0.26208 - Microsoft Corporation) Hidden
vs_minshellinteropmsi (HKLM-x32\...\{9477F337-FD16-4ACA-8217-E2D7A0F92603}) (Version: 15.0.26301 - Microsoft Corporation) Hidden
vs_minshellmsi (HKLM-x32\...\{ACFEA151-D1BE-4114-875A-87328B6002D4}) (Version: 15.0.26315 - Microsoft Corporation) Hidden
vs_minshellmsires (HKLM-x32\...\{A8B77523-13AB-46B9-B54F-5483E09668F9}) (Version: 15.0.26228 - Microsoft Corporation) Hidden
vs_SQLClickOnceBootstrappermsi (HKLM-x32\...\{D396CF10-5F2B-417D-9571-0B669B99440E}) (Version: 15.0.26208 - Microsoft Corporation) Hidden
vs_tipsmsi (HKLM-x32\...\{A32A9CF6-E7AA-48B8-A3D3-50C157E69F53}) (Version: 15.0.26208 - Microsoft Corporation) Hidden
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
WildTangent Games App for HP (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp) (Version: 4.0.11.2 - WildTangent) Hidden
WinAppDeploy (HKLM-x32\...\{80859F5A-D13C-AB8E-4659-B630CFE2599D}) (Version: 10.1.15063.137 - Microsoft Corporation) Hidden
Windows SDK AddOn (HKLM-x32\...\{30DCCFB4-068F-4C5C-BC10-5ECDCAEE55D4}) (Version: 10.1.0.0 - Microsoft Corporation)
Windows Software Development Kit - Windows 10.0.15063.137 (HKLM-x32\...\{a07b4a01-ca27-4e28-9353-f325a308f128}) (Version: 10.1.15063.137 - Microsoft Corporation)
WinRAR 5.40 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)
WinRT Intellisense Desktop - en-us (HKLM-x32\...\{45B6202F-A716-C68A-199E-43B106B56A7E}) (Version: 10.1.15063.137 - Microsoft Corporation) Hidden
WinRT Intellisense Desktop - Other Languages (HKLM-x32\...\{357D0CD4-8B72-8D65-7015-81DFB2BF9150}) (Version: 10.1.15063.137 - Microsoft Corporation) Hidden
WinRT Intellisense IoT - en-us (HKLM-x32\...\{3E5375A1-0E4C-34E3-6294-C1C8BDA823E4}) (Version: 10.1.15063.137 - Microsoft Corporation) Hidden
WinRT Intellisense IoT - Other Languages (HKLM-x32\...\{E2F78B92-04DE-5350-14C0-7C281BF87D9E}) (Version: 10.1.15063.137 - Microsoft Corporation) Hidden
WinRT Intellisense PPI - en-us (HKLM-x32\...\{6CE744AE-7E0F-00AF-F1BD-077D9AFCBEC6}) (Version: 10.1.15063.137 - Microsoft Corporation) Hidden
WinRT Intellisense PPI - Other Languages (HKLM-x32\...\{81A0EC8C-9462-BC98-0E5C-301DD7A46792}) (Version: 10.1.15063.137 - Microsoft Corporation) Hidden
WinRT Intellisense UAP - en-us (HKLM-x32\...\{FAD08838-3937-0F6C-8787-FDFDFBF63502}) (Version: 10.1.15063.137 - Microsoft Corporation) Hidden
WinRT Intellisense UAP - Other Languages (HKLM-x32\...\{D089A695-49F0-D3B2-0EBF-2BBC33A05CD6}) (Version: 10.1.15063.137 - Microsoft Corporation) Hidden
Xamarin Studio 6.1.2 (HKLM-x32\...\{5DC82148-73B0-4609-A094-CDD66CC76CBF}) (Version: 6.1.2.44 - Xamarin)
Youda Jewel Shop (HKLM-x32\...\WTA-191b60c2-95f5-4618-b9fd-bf05a5f1101b) (Version: 3.0.2.51 - WildTangent) Hidden
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-2332732711-2713494290-2704391704-1001_Classes\CLSID\{162C6FB5-44D3-435B-903D-E613FA093FB5}\InprocServer32 -> C:\Users\Abhay\AppData\Local\Microsoft\OneDrive\17.3.6943.0625\amd64\FileCoAuthLib64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2332732711-2713494290-2704391704-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)
ShellIconOverlayIdentifiers: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Abhay\AppData\Local\MEGAsync\ShellExtX64.dll [2017-06-27] ()
ShellIconOverlayIdentifiers: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Abhay\AppData\Local\MEGAsync\ShellExtX64.dll [2017-06-27] ()
ShellIconOverlayIdentifiers: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Abhay\AppData\Local\MEGAsync\ShellExtX64.dll [2017-06-27] ()
ShellIconOverlayIdentifiers-x32: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Abhay\AppData\Local\MEGAsync\ShellExtX32.dll [2017-06-27] ()
ShellIconOverlayIdentifiers-x32: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Abhay\AppData\Local\MEGAsync\ShellExtX32.dll [2017-06-27] ()
ShellIconOverlayIdentifiers-x32: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Abhay\AppData\Local\MEGAsync\ShellExtX32.dll [2017-06-27] ()
ContextMenuHandlers01: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2010-11-19] (Igor Pavlov)
ContextMenuHandlers01: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll [2014-02-21] (Cyberlink)
ContextMenuHandlers01: [McCtxMenuFrmWrk] -> {CCA9EFD3-29ED-430A-BA6D-E6BBFF0A60C2} => c:\Program Files\mcafee\msc\McCtxMenuFrmWrk.dll [2017-04-17] (McAfee, Inc.)
ContextMenuHandlers01: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\Abhay\AppData\Local\MEGAsync\ShellExtX64.dll [2017-06-27] ()
ContextMenuHandlers01: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\Program Files\PowerISO\PWRISOSH.DLL [2017-02-02] (Power Software Ltd)
ContextMenuHandlers01: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-15] (Alexander Roshal)
ContextMenuHandlers01: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} =>  -> No File
ContextMenuHandlers02: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll [2014-02-21] (Cyberlink)
ContextMenuHandlers03: [FAExt] -> {05672D66-9736-42F5-8BEB-FA1DD3CA51C4} =>  -> No File
ContextMenuHandlers03: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\Abhay\AppData\Local\MEGAsync\ShellExtX64.dll [2017-06-27] ()
ContextMenuHandlers04: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2010-11-19] (Igor Pavlov)
ContextMenuHandlers04: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\Abhay\AppData\Local\MEGAsync\ShellExtX64.dll [2017-06-27] ()
ContextMenuHandlers04: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\Program Files\PowerISO\PWRISOSH.DLL [2017-02-02] (Power Software Ltd)
ContextMenuHandlers05: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers05: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\Windows\system32\igfxDTCM.dll [2014-03-08] (Intel Corporation)
ContextMenuHandlers05: [igfxOSP] -> {FA507C3F-30C6-4DCA-9EE5-2656072EEC14} => C:\Windows\system32\igfxOSP.dll [2014-03-08] (Intel Corporation)
ContextMenuHandlers06: [McCtxMenuFrmWrk] -> {CCA9EFD3-29ED-430A-BA6D-E6BBFF0A60C2} => c:\Program Files\mcafee\msc\McCtxMenuFrmWrk.dll [2017-04-17] (McAfee, Inc.)
ContextMenuHandlers06: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\Program Files\PowerISO\PWRISOSH.DLL [2017-02-02] (Power Software Ltd)
ContextMenuHandlers06: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-15] (Alexander Roshal)
ContextMenuHandlers06: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} =>  -> No File
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {0BAA14AE-D695-4543-BEF4-72F8F6BEB25A} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-07-02] (Microsoft Corporation)
Task: {0D8DBE92-706F-4A23-AD98-1D6D9BB0E1B6} - System32\Tasks\YCMServiceAgent => C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe [2014-03-07] (CyberLink Corp.)
Task: {21370A35-F02C-4538-A3B3-0C16714C0534} - System32\Tasks\McAfee Remediation (Prepare) => C:\Program Files\Common Files\AV\McAfee VirusScan\upgrade.exe [2017-04-12] (McAfee, Inc.)
Task: {22AB5DDB-699A-48BB-B065-BFD15DA78D35} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2017-04-07] (HP Inc.)
Task: {34B45139-348B-4361-AA8C-E82FB71F0E4E} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2017-07-18] ()
Task: {396FCB6D-20A5-48A6-BB7D-4E8D971BD310} - \ByteFence Scan -> No File <==== ATTENTION
Task: {463DBAD1-BEFF-4C7A-A197-F6AB27AEE40C} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2017-07-18] (Microsoft Corporation)
Task: {49090D7D-9EF2-45A2-8323-04E38B5D6CA5} - \ByteFence -> No File <==== ATTENTION
Task: {53B4A757-45DC-4838-BBBC-2407BF0749CD} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {552FB5C9-8B50-4340-8A21-169FE8276F83} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-12-07] (HP Inc.)
Task: {55BF4F2A-2D1C-462D-913F-6B8720ED66A6} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe [2017-05-25] (HP Inc.)
Task: {65658FE5-05C4-46F5-AB24-975073777EEB} - System32\Tasks\HPCeeScheduleForAbhay => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2016-05-12] (HP Development Company, L.P.)
Task: {75F55646-E438-4D09-8F47-6935BB299811} - System32\Tasks\McAfee\McAfee Idle Detection Task
Task: {78C4DD38-CCF3-463C-82A8-F2F409278D5B} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-07-02] (Microsoft Corporation)
Task: {8F480E2F-2C41-494B-97BD-913F4D02D6F0} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2017-04-06] (HP Inc.)
Task: {8F7A4BB3-2667-4640-AFF4-696B002346B4} - System32\Tasks\McAfeeLogon => C:\Program Files\Common Files\mcafee\platform\McUICnt.exe [2017-02-22] (McAfee, Inc.)
Task: {93169049-9B41-49CA-8EFF-201ABA759849} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2017-07-18] ()
Task: {99E16A57-68C5-4534-ACB7-1763C47792BF} - System32\Tasks\McAfee\McAfee Auto Maintenance Task Agent
Task: {9AB9B784-230B-47FC-B2FF-E35284FADD78} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2017-07-18] (Microsoft Corporation)
Task: {A58EE2DD-9F73-4D06-8B10-72705EC0E888} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2017-07-18] (Microsoft Corporation)
Task: {A7AD335A-A6CC-416F-AA6E-2380869F1891} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2017-04-07] (HP Inc.)
Task: {B72239D9-F4BB-4F38-8A4E-9F115B1CB6B8} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2017-06-22] (HP Inc.)
Task: {BE506C7C-6E15-4066-8E4B-0684D5C164CD} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {D240AFCD-2273-41E8-A88E-8D53EB1B9BBE} - System32\Tasks\Hewlett-Packard\HP CoolSense\HP CoolSense Start at Logon => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [2013-11-01] (Hewlett-Packard Development Company, L.P.)
Task: {E47F9714-DB6A-4B1D-8754-BC25B550EC1A} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2017-04-06] (HP Inc.)
Task: {EF5B85C1-B1D5-4D7C-8825-6E83642F42D3} - System32\Tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser => %windir%\system32\rundll32.exe aepdu.dll,AePduRunUpdate -nolegacy
Task: {F64A282E-274F-4B5A-BAF6-4507B7B9CE55} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2016-12-07] (HP Inc.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\HPCeeScheduleForAbhay.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
==================== Loaded Modules (Whitelisted) ==============
 
2014-03-28 16:31 - 2014-03-28 16:31 - 02110464 _____ () C:\Program Files\Hewlett-Packard\SimplePass\autheng.dll
2014-03-28 16:27 - 2014-03-28 16:27 - 00021504 _____ () C:\Program Files\Hewlett-Packard\SimplePass\cryptodll.dll
2014-03-28 16:27 - 2014-03-28 16:27 - 00035328 _____ () C:\Program Files\Hewlett-Packard\SimplePass\ssplogon.dll
2014-03-28 16:27 - 2014-03-28 16:27 - 00055296 _____ () C:\Program Files\Hewlett-Packard\SimplePass\RandomPass.dll
2014-03-28 16:48 - 2014-03-28 16:48 - 00367504 _____ () C:\Program Files\Hewlett-Packard\SimplePass\mstrpwd.dll
2014-03-28 16:48 - 2014-03-28 16:48 - 00712080 _____ () C:\Program Files\Hewlett-Packard\SimplePass\GraphicalPwd.dll
2016-05-25 08:38 - 2016-05-25 08:38 - 00129304 _____ () C:\Program Files\ByteFence\x64\lz4_x64.dll
2017-01-05 17:36 - 2017-01-05 17:36 - 00077824 ____N () C:\Users\Abhay\AppData\Local\ntuserlitelist\dataup\dataup.exe
2013-12-04 11:44 - 2013-12-04 11:44 - 00200168 _____ () C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe
2013-12-04 11:44 - 2013-12-04 11:44 - 00054760 _____ () C:\Program Files\Intel\Intel® Smart Connect Technology Agent\NetworkHeuristic.dll
2013-12-04 11:44 - 2013-12-04 11:44 - 00034792 _____ () C:\Program Files\Intel\Intel® Smart Connect Technology Agent\ISCTNetMon.dll
2017-02-07 01:48 - 2017-03-18 17:12 - 00304456 _____ () C:\Program Files\ByteFence\rtop\bin\rtop_svc.exe
2016-10-31 15:45 - 2017-06-27 09:21 - 00598528 _____ () C:\Users\Abhay\AppData\Local\MEGAsync\ShellExtX64.dll
2017-02-02 11:17 - 2017-07-18 17:44 - 08932040 _____ () C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\1033\GrooveIntlResource.dll
2017-02-07 01:48 - 2017-03-18 17:12 - 00619848 _____ () C:\Program Files\ByteFence\rtop\bin\rtop_bg.exe
2014-03-28 16:36 - 2014-03-28 16:36 - 00065024 _____ () C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe
2017-04-21 15:37 - 2017-04-21 15:37 - 00884224 ____N () C:\Users\Abhay\AppData\Local\ntuserlitelist\svcvmx\svcvmx.exe
2017-04-21 16:28 - 2017-04-21 16:28 - 01080832 ____N () C:\Users\Abhay\AppData\Local\ntuserlitelist\svcvmx\vmxclient.exe
2017-07-02 11:12 - 2017-06-22 23:21 - 03807064 _____ () C:\Program Files (x86)\Google\Chrome\Application\59.0.3071.115\libglesv2.dll
2017-07-02 11:11 - 2017-06-22 23:21 - 00100184 _____ () C:\Program Files (x86)\Google\Chrome\Application\59.0.3071.115\libegl.dll
2017-05-30 21:52 - 2017-05-30 21:52 - 00689664 ____N () C:\Users\Abhay\AppData\Local\lylwtpt\ekncolxl\ct.exe
2017-05-04 11:13 - 2017-05-04 11:13 - 00235520 ____N () C:\Users\Abhay\AppData\Local\ntuserlitelist\dataup\help_dll.dll
2016-04-13 04:38 - 2016-04-13 04:38 - 00482304 _____ () C:\Users\Abhay\AppData\Local\MEGAsync\libsodium.dll
2017-01-14 19:40 - 2017-01-14 19:40 - 53460992 ____N () C:\Users\Abhay\AppData\Local\ntuserlitelist\svcvmx\libcef.dll
2016-05-31 11:43 - 2016-05-31 11:43 - 01976832 ____N () C:\Users\Abhay\AppData\Local\ntuserlitelist\svcvmx\libglesv2.dll
2016-05-31 11:44 - 2016-05-31 11:44 - 00075264 ____N () C:\Users\Abhay\AppData\Local\ntuserlitelist\svcvmx\libegl.dll
2014-05-30 17:47 - 2013-12-10 11:27 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
2016-06-15 17:15 - 2016-06-15 17:15 - 17599640 ____N () C:\Users\Abhay\AppData\Local\ntuserlitelist\svcvmx\pepflashplayer.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ModuleCoreService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcapexe => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McNaiAnn => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfemms => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeplk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeplk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ModuleCoreService => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\S-1-5-21-2332732711-2713494290-2704391704-1001\...\sharepoint.com -> hxxps://pdsb1-files.sharepoint.com
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 09:25 - 2017-07-20 19:25 - 00004503 ____R C:\WINDOWS\system32\Drivers\etc\hosts
 
127.0.0.1 oscount.techsmith.com
127.0.0.1 activation.cloud.techsmith.com
0.0.0.0 0.0.0.0 # fix for traceroute and netstat display anomaly
0.0.0.0 tracking.opencandy.com.s3.amazonaws.com
0.0.0.0 media.opencandy.com
0.0.0.0 cdn.opencandy.com
0.0.0.0 tracking.opencandy.com
0.0.0.0 api.opencandy.com
0.0.0.0 api.recommendedsw.com
0.0.0.0 installer.betterinstaller.com
0.0.0.0 installer.filebulldog.com
0.0.0.0 d3oxtn1x3b8d7i.cloudfront.net
0.0.0.0 inno.bisrv.com
0.0.0.0 nsis.bisrv.com
0.0.0.0 cdn.file2desktop.com
0.0.0.0 cdn.goateastcach.us
0.0.0.0 cdn.guttastatdk.us
0.0.0.0 cdn.inskinmedia.com
0.0.0.0 cdn.insta.oibundles2.com
0.0.0.0 cdn.insta.playbryte.com
0.0.0.0 cdn.llogetfastcach.us
0.0.0.0 cdn.montiera.com
0.0.0.0 cdn.msdwnld.com
0.0.0.0 cdn.mypcbackup.com
0.0.0.0 cdn.ppdownload.com
0.0.0.0 cdn.riceateastcach.us
0.0.0.0 cdn.shyapotato.us
0.0.0.0 cdn.solimba.com
0.0.0.0 cdn.tuto4pc.com
0.0.0.0 cdn.appround.biz
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-2332732711-2713494290-2704391704-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Abhay\Downloads\LWwxanA.jpg
DNS Servers: 209.18.47.62 - 209.18.47.61
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{EFE25548-8C46-4758-B7BF-6A61E58BAF4D}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{923EF454-43B4-42F1-98AE-A2F5ED808AD0}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{F01A0D2E-8E67-4ECD-9743-70EF0063C21E}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{F4F3669A-5D51-4051-A995-4F96BB8D4600}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{7D13959F-0A2D-45C0-881D-20AEDCDC894F}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{9A58E0DB-AF29-4C08-9474-FCCC4221DD5E}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12.exe
FirewallRules: [{5C532033-268A-4A89-AB2C-77936F4D3BB5}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe
FirewallRules: [{F0542E48-6539-42B8-9902-D09FC7DF99B7}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
FirewallRules: [{DAEC5F16-6FFB-4526-B480-1626D4D7A641}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exe
FirewallRules: [{DDA30E1D-BA67-4D5B-9793-483612875EEC}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12ML.exe
FirewallRules: [{E56E58A1-F19A-4A2F-8108-48EA77798C4F}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD.exe
FirewallRules: [{DFB2C669-984E-463D-B3C2-B557EA64D774}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{CDC19624-5C7F-4D00-A7AA-CD042DFC3E4B}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{00D90F57-2761-488B-8878-0C4EB40A2031}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXE
FirewallRules: [{7C2897B4-8050-4129-8BFD-EDB924C0BF86}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{B8DA92CC-664F-498A-A00A-93C412A79B02}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{B9BC47D9-15B1-4EEB-85DA-5FC7E124B2E7}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{F40FABC8-2B7C-442E-938E-12A7AE1CDFEA}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [TCP Query User{38DB6F0A-94C1-4B9F-8FD3-7690A08806CD}C:\program files (x86)\unity\editor\unity.exe] => (Allow) C:\program files (x86)\unity\editor\unity.exe
FirewallRules: [UDP Query User{FCD64E96-6ABB-4AFF-9768-E112368451A2}C:\program files (x86)\unity\editor\unity.exe] => (Allow) C:\program files (x86)\unity\editor\unity.exe
FirewallRules: [{CAACABBF-BF59-4711-90BE-258D98F8083A}] => (Allow) C:\Users\Abhay\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{23AEF05B-020F-430A-8E72-6CAC250FEC57}] => (Allow) C:\Users\Abhay\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{A8A09401-232D-4A48-9A88-3D0D57A3F508}] => (Allow) C:\Users\Abhay\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{C276902B-364A-4311-ADF0-9F3C0A4AD001}] => (Allow) C:\Users\Abhay\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{CC3936F0-C51B-466A-997F-B54D4B58DC0A}] => (Allow) C:\Users\Abhay\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{5ACF6C4A-5BB5-404C-B40C-C0B6A15BE75A}] => (Allow) C:\Users\Abhay\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [UDP Query User{68E46633-8DC3-499C-A590-8A85F5FE92AD}C:\Program Files (x86)\LEGO Software\LEGO MINDSTORMS EV3 Home Edition\MindstormsEV3.exe] => (Allow) C:\Program Files (x86)\LEGO Software\LEGO MINDSTORMS EV3 Home Edition\MindstormsEV3.exe
FirewallRules: [TCP Query User{F468232A-782C-4386-AF14-03CFA72EB0FB}C:\Program Files (x86)\LEGO Software\LEGO MINDSTORMS EV3 Home Edition\MindstormsEV3.exe] => (Allow) C:\Program Files (x86)\LEGO Software\LEGO MINDSTORMS EV3 Home Edition\MindstormsEV3.exe
FirewallRules: [{AE64F51E-6C99-4EDD-8DF1-E6401BF6C252}] => (Allow) LPort=8317
FirewallRules: [{2B70060F-8120-403B-B113-0A5DFEE626F5}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [TCP Query User{483CA88D-1464-4CDA-9B63-66F541A21C44}C:\program files (x86)\unity\editor\unity.exe] => (Allow) C:\program files (x86)\unity\editor\unity.exe
FirewallRules: [UDP Query User{DDB551E3-A7DE-49D9-89D1-4270E2524087}C:\program files (x86)\unity\editor\unity.exe] => (Allow) C:\program files (x86)\unity\editor\unity.exe
FirewallRules: [{B362A167-605E-453D-AA1D-E38D40BD6A5A}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [TCP Query User{F526EDD3-F763-4357-8654-A673193E76E1}C:\program files\unity\editor\unity.exe] => (Block) C:\program files\unity\editor\unity.exe
FirewallRules: [UDP Query User{27B11563-9490-4C2C-995D-10963B7FD53C}C:\program files\unity\editor\unity.exe] => (Block) C:\program files\unity\editor\unity.exe
FirewallRules: [TCP Query User{801DD66C-1727-4EDB-B27B-F7B3D5E79E80}C:\program files (x86)\ubisoft\tom clancy's rainbow six vegas 2\binaries\r6vegas2_game.exe] => (Allow) C:\program files (x86)\ubisoft\tom clancy's rainbow six vegas 2\binaries\r6vegas2_game.exe
FirewallRules: [UDP Query User{874D165B-8921-4068-8A14-037D389F0416}C:\program files (x86)\ubisoft\tom clancy's rainbow six vegas 2\binaries\r6vegas2_game.exe] => (Allow) C:\program files (x86)\ubisoft\tom clancy's rainbow six vegas 2\binaries\r6vegas2_game.exe
FirewallRules: [TCP Query User{7C18CC8C-50DD-4424-B0CF-BC5B3EEB5641}C:\games\payday 2\payday2_win32_release.exe] => (Block) C:\games\payday 2\payday2_win32_release.exe
FirewallRules: [UDP Query User{88DE0F99-9297-4982-8E0B-DDE2119A2F09}C:\games\payday 2\payday2_win32_release.exe] => (Block) C:\games\payday 2\payday2_win32_release.exe
FirewallRules: [{097C1B91-3BED-4145-9501-7BE67D30FF8D}] => (Allow) C:\Users\Abhay\Downloads\LiquidSkyClient0.2.9.exe
FirewallRules: [{58506B46-B4F9-4910-B276-338D8A81B11E}] => (Allow) C:\Users\Abhay\Downloads\LiquidSkyClient0.2.9.exe
FirewallRules: [{1E849862-4442-44A9-9E76-CDF04EB1619C}] => (Allow) C:\Users\Abhay\AppData\Roaming\LiquidSky\LiquidSkyClient.exe
FirewallRules: [{C44B9343-7F38-4DFE-9A30-ACB994639991}] => (Allow) C:\Users\Abhay\AppData\Roaming\LiquidSky\LiquidSkyClient.exe
FirewallRules: [{1C6B7268-5755-4796-96AA-1CE3C813AA03}] => (Allow) C:\Users\Abhay\AppData\Roaming\LiquidSky\lib\LiquidSky.exe
FirewallRules: [{59D9E61C-8D62-4540-946D-96B38DB29874}] => (Allow) C:\Users\Abhay\AppData\Roaming\LiquidSky\lib\LiquidSky.exe
FirewallRules: [TCP Query User{D826CB36-4327-4E0D-A4AD-5077A3407131}C:\program files (x86)\hi-rez studios\hirezgames\paladins\binaries\win32\paladins.exe] => (Allow) C:\program files (x86)\hi-rez studios\hirezgames\paladins\binaries\win32\paladins.exe
FirewallRules: [UDP Query User{E6D735E8-AA54-414D-B088-680CC1F0A926}C:\program files (x86)\hi-rez studios\hirezgames\paladins\binaries\win32\paladins.exe] => (Allow) C:\program files (x86)\hi-rez studios\hirezgames\paladins\binaries\win32\paladins.exe
FirewallRules: [{6F300789-38D6-4AA3-9562-C78D451FF8A6}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{02291932-1793-443C-B2AD-9E4B45532067}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{EA18D033-CD68-450E-9574-A32EE5A16475}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{E4101A6F-50B6-49D3-95D4-894169A252CA}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{5E28B3E9-A7E4-4D84-ABED-FD34C797F1B2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Brawlhalla\Brawlhalla.exe
FirewallRules: [{7E9B07EB-7C4D-486D-A74E-BED34EFBA51E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Brawlhalla\Brawlhalla.exe
FirewallRules: [{80435D01-7A66-499C-A2F9-3BDDC4DB8ADF}] => (Allow) C:\Users\Abhay\AppData\Roaming\LiquidSky\LiquidSkyClient.exe
FirewallRules: [{7E075F59-2D3A-46AF-9AC6-C103C20A9E27}] => (Allow) C:\Users\Abhay\AppData\Roaming\LiquidSky\LiquidSkyClient.exe
FirewallRules: [{5E8BA79F-8CD6-47D9-AA80-0A636FC3D0D9}] => (Allow) C:\Users\Abhay\AppData\Roaming\LiquidSky\lib\LiquidSky.exe
FirewallRules: [{A0BED29A-0175-4059-A050-6DB7314D5B04}] => (Allow) C:\Users\Abhay\AppData\Roaming\LiquidSky\lib\LiquidSky.exe
FirewallRules: [TCP Query User{DD5488F9-EA3A-4AFE-8D96-5947DAD3E1D4}C:\tom clancys rainbow six siege\rainbowsix.exe] => (Allow) C:\tom clancys rainbow six siege\rainbowsix.exe
FirewallRules: [UDP Query User{1C429E7A-F7D4-493C-A011-357595994427}C:\tom clancys rainbow six siege\rainbowsix.exe] => (Allow) C:\tom clancys rainbow six siege\rainbowsix.exe
FirewallRules: [TCP Query User{D4DD59A5-60DC-45E0-8725-DAE6737D4EBE}C:\call of duty\call of duty black ops\call of duty black ops\blackopsmp.exe] => (Allow) C:\call of duty\call of duty black ops\call of duty black ops\blackopsmp.exe
FirewallRules: [UDP Query User{99393E7A-396C-4B02-9B87-07C3754C578E}C:\call of duty\call of duty black ops\call of duty black ops\blackopsmp.exe] => (Allow) C:\call of duty\call of duty black ops\call of duty black ops\blackopsmp.exe
FirewallRules: [TCP Query User{F5E53D3A-155B-4EF4-83AD-B4DB63547585}C:\call of duty\call of duty black ops\call of duty black ops\blackops.exe] => (Allow) C:\call of duty\call of duty black ops\call of duty black ops\blackops.exe
FirewallRules: [UDP Query User{E6020B73-6F3C-49AE-A141-32B239D32A00}C:\call of duty\call of duty black ops\call of duty black ops\blackops.exe] => (Allow) C:\call of duty\call of duty black ops\call of duty black ops\blackops.exe
FirewallRules: [TCP Query User{B32AE8BB-F9F1-40AF-9946-F54E80462D78}C:\program files (x86)\ubisoft\tom clancy's rainbow six vegas 2\binaries\r6vegas2_game.exe] => (Allow) C:\program files (x86)\ubisoft\tom clancy's rainbow six vegas 2\binaries\r6vegas2_game.exe
FirewallRules: [UDP Query User{5842A26A-7D3E-4BEA-82E4-970A6C36CA2E}C:\program files (x86)\ubisoft\tom clancy's rainbow six vegas 2\binaries\r6vegas2_game.exe] => (Allow) C:\program files (x86)\ubisoft\tom clancy's rainbow six vegas 2\binaries\r6vegas2_game.exe
FirewallRules: [TCP Query User{D8842C5C-BAE0-47E8-BB72-11A365A629B3}C:\call of duty\call of duty black ops\call of duty black ops\blackops.exe] => (Allow) C:\call of duty\call of duty black ops\call of duty black ops\blackops.exe
FirewallRules: [UDP Query User{B91E5E86-0EFE-41D9-96ED-AE98B46D8E3D}C:\call of duty\call of duty black ops\call of duty black ops\blackops.exe] => (Allow) C:\call of duty\call of duty black ops\call of duty black ops\blackops.exe
FirewallRules: [TCP Query User{2A77ABBC-D8DE-41AE-AF9F-D5D15998C2F8}C:\call of duty\call of duty black ops\call of duty black ops\blackopsmp.exe] => (Allow) C:\call of duty\call of duty black ops\call of duty black ops\blackopsmp.exe
FirewallRules: [UDP Query User{6928A8AB-2492-4CC3-B10C-90962A53D4D4}C:\call of duty\call of duty black ops\call of duty black ops\blackopsmp.exe] => (Allow) C:\call of duty\call of duty black ops\call of duty black ops\blackopsmp.exe
FirewallRules: [{8386898D-ADC8-42BC-A820-B3C8188B8F7A}] => (Allow) C:\WINDOWS\system32\rundll32.exe
 
==================== Restore Points =========================
 
11-07-2017 16:36:38 Installed InstallShieldHiRezCurrent
17-07-2017 21:04:56 UnHackMe Malware Removal
20-07-2017 13:48:53 UnHackMe Malware Removal
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (07/20/2017 07:27:17 PM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2006) (User: HIRAVANDFAMILY)
Description: There was an error with the Windows Location Provider database
 
Error: (07/20/2017 07:27:17 PM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2006) (User: HIRAVANDFAMILY)
Description: There was an error with the Windows Location Provider database
 
Error: (07/20/2017 07:27:17 PM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2007) (User: NT AUTHORITY)
Description: There was an error communicating to the Orion inference server
 
Error: (07/20/2017 07:27:16 PM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2006) (User: NT AUTHORITY)
Description: There was an error with the Windows Location Provider database
 
Error: (07/20/2017 07:27:16 PM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2006) (User: NT AUTHORITY)
Description: There was an error with the Windows Location Provider database
 
Error: (07/20/2017 07:27:16 PM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2006) (User: HIRAVANDFAMILY)
Description: There was an error with the Windows Location Provider database
 
Error: (07/20/2017 07:27:16 PM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2006) (User: HIRAVANDFAMILY)
Description: There was an error with the Windows Location Provider database
 
Error: (07/20/2017 07:27:16 PM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2006) (User: HIRAVANDFAMILY)
Description: There was an error with the Windows Location Provider database
 
Error: (07/20/2017 07:27:16 PM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2006) (User: HIRAVANDFAMILY)
Description: There was an error with the Windows Location Provider database
 
Error: (07/20/2017 07:27:16 PM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2006) (User: HIRAVANDFAMILY)
Description: There was an error with the Windows Location Provider database
 
 
System errors:
=============
Error: (07/20/2017 07:27:27 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Google Update Service (gupdate) service failed to start due to the following error: 
The system cannot find the file specified.
 
Error: (07/20/2017 07:19:52 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Google Update Service (gupdate) service failed to start due to the following error: 
The system cannot find the file specified.
 
Error: (07/20/2017 07:09:13 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The ZAM Controller Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (07/20/2017 07:04:00 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Google Update Service (gupdate) service failed to start due to the following error: 
The system cannot find the file specified.
 
Error: (07/20/2017 07:00:54 PM) (Source: BugCheck) (EventID: 1001) (User: )
Description: The computer has rebooted from a bugcheck.  The bugcheck was: 0x000000d1 (0x00000000000000e0, 0x0000000000000002, 0x0000000000000000, 0xfffff801c9a2743a). A dump was saved in: C:\WINDOWS\Minidump\072017-27015-01.dmp. Report Id: 072017-27015-01.
 
Error: (07/20/2017 07:00:54 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 6:52:00 PM on ‎2017-‎07-‎20 was unexpected.
 
Error: (07/20/2017 06:54:44 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Google Update Service (gupdate) service failed to start due to the following error: 
The system cannot find the file specified.
 
Error: (07/20/2017 06:52:00 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 6:49:21 PM on ‎2017-‎07-‎20 was unexpected.
 
Error: (07/20/2017 02:02:54 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Google Update Service (gupdate) service failed to start due to the following error: 
The system cannot find the file specified.
 
Error: (07/20/2017 01:55:58 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for DeleteFlag with the following error: 
Access is denied.
 
 
CodeIntegrity:
===================================
  Date: 2017-07-18 22:17:37.233
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-07-18 22:17:36.197
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-07-18 19:22:33.114
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-07-18 19:22:32.546
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-07-18 17:23:45.522
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-07-18 17:23:45.131
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-07-18 10:39:24.246
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-07-18 10:39:23.802
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-07-14 17:00:16.746
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-07-14 17:00:16.377
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5-4210U CPU @ 1.70GHz
Percentage of memory in use: 35%
Total physical RAM: 8122.15 MB
Available physical RAM: 5259.35 MB
Total Virtual: 9018.15 MB
Available Virtual: 6029.84 MB
 
==================== Drives ================================
 
Drive c: (Windows) (Fixed) (Total:676.44 GB) (Free:474.75 GB) NTFS
Drive d: (RECOVERY) (Fixed) (Total:20.33 GB) (Free:2.01 GB) NTFS ==>[system with boot components (obtained from drive)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 698.6 GB) (Disk ID: EEF8BDBD)
 
Partition: GPT.
 
==================== End of Addition.txt ============================


#3 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,559 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:12:46 AM

Posted 20 July 2017 - 11:09 PM

Welcome. :)
 
Lets check for a rootkit.
  • Please download Malwarebytes Anti-Rootkit and save the file to your Desktop.
  • Right-Click MBAR.exe and select AVOiBNU.jpgRun as administrator to run the installer.
  • Select your Desktop as the location to extract the contents and click OK. The programme should open upon completion.
  • Click Next, followed by Update. Upon update completion, click Next.
  • Ensure Drivers, Sectors & System are checked and click Scan.
  • Note: Do not use your computer during the scan.
  • Upon completion:
    • If no infection is found, close the MBAR window.
    • If an infection is found, ensure Create Restore Point is checked and click Cleanup. Reboot when prompted.
  • Two logs (mbar-log.txt and system-log.txt) will be created. Copy the contents of both logs and paste in your next reply. Both logs can be found in the MBAR folder.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#4 MemezRdreamz

MemezRdreamz
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:12:46 AM

Posted 20 July 2017 - 11:29 PM

Im sorry I already got help from forum.malwarebytes and completed the same steps as shown above, but I will post the log tomorrow as I have to go to sleep, thank you JsntgRvr for helping me!!

 

Welcome. :)
 
Lets check for a rootkit.

  • Please download Malwarebytes Anti-Rootkit and save the file to your Desktop.
  • Right-Click MBAR.exe and select AVOiBNU.jpgRun as administrator to run the installer.
  • Select your Desktop as the location to extract the contents and click OK. The programme should open upon completion.
  • Click Next, followed by Update. Upon update completion, click Next.
  • Ensure Drivers, Sectors & System are checked and click Scan.
  • Note: Do not use your computer during the scan.
  • Upon completion:
    • If no infection is found, close the MBAR window.
    • If an infection is found, ensure Create Restore Point is checked and click Cleanup. Reboot when prompted.
  • Two logs (mbar-log.txt and system-log.txt) will be created. Copy the contents of both logs and paste in your next reply. Both logs can be found in the MBAR folder.

 



#5 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,559 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:12:46 AM

Posted 21 July 2017 - 03:49 PM

You are in good hands at Malwarebytes. I am therefore closing this topic.


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users