Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Help me, Virus infected


  • This topic is locked This topic is locked
3 replies to this topic

#1 shitalpatil

shitalpatil

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:01:21 AM

Posted 26 August 2017 - 08:39 AM

hi all,

 

please help me, i am using windows 8.1, antivirus eset smart security 10, i think my PC get infected due to any malware programe, whenever i started my web brouser chrome, another tab opens and it shows some ads.i am posting FRST. pls help me to solve the problem. thanks for co operation

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 20-08-2017
Ran by HP (administrator) on MHADA (26-08-2017 18:40:34)
Running from C:\Users\HP\Downloads
Loaded Profiles: HP (Available Profiles: HP & Administrator)
Platform: Windows 8.1 Pro (Update) (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(ESET) C:\Program Files\ESET\ESET Security\ekrn.exe
(DigitalPersona, Inc.) C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe
(DigitalPersona, Inc.) C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpCardEngine.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
() C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files (x86)\Hewlett-Packard\HP Theft Recovery\CtService.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
(Portrait Displays, Inc.) C:\Program Files (x86)\Common Files\Portrait Displays\Libs\DTuneSrvc.exe
(Google Inc) C:\Program Files (x86)\Google\Google Input Tools\GoogleInputService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\HP\HPBDSService\HPBDSService.exe
(DigitalPersona, Inc.) C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe
(Google Inc.) C:\Program Files (x86)\Google\Google Input Tools\GoogleInputHandler.exe
(HP) C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Hewlett-Packard Development Company) C:\Program Files (x86)\Hewlett-Packard\HP Device Access Manager\HP.ProtectTools.DeviceAccessManager.ServiceHost.exe
(DigitalPersona, Inc.) C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpAgent.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(Microsoft Corporation) C:\Windows\System32\mobsync.exe
(ESET) C:\Program Files\ESET\ESET Security\egui.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\CORESHREDDER.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Touchpoint Manager\Discover HP Touchpoint Manager\LHBeacon.exe
(Hewlett-Packard Company) C:\Program Files (x86)\HP\StatusAlerts\bin\HPStatusAlerts.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP My Display\OSDManager.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP My Display\DTune.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Portrait Displays, Inc.) C:\Program Files (x86)\Common Files\Portrait Displays\Libs\DTHelper.exe
(Portrait Displays, Inc.) C:\Program Files (x86)\Common Files\Portrait Displays\Libs\DTHelper64.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Google Inc.) C:\Users\HP\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\HP\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\HP\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\HP\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\HP\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\HP\AppData\Local\Google\Chrome\Application\chrome.exe
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7510232 2014-01-18] (Realtek Semiconductor)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [3146704 2017-05-09] (Malwarebytes)
HKLM-x32\...\Run: [CLMLServer_For_P2G8] => c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111576 2013-08-05] (CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] => c:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [490760 2013-08-07] (CyberLink Corp.)
HKLM-x32\...\Run: [HP File Sanitizer] => C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\Coreshredder.exe [2312408 2014-05-16] (Hewlett-Packard)
HKLM-x32\...\Run: [DT_HPO] => C:\Program Files (x86)\Hewlett-Packard\HP My Display\DTuneStartup.exe [141192 2014-05-14] (Hewlett-Packard)
HKLM-x32\...\Run: [Discover HP Touchpoint Manager] => C:\Program Files (x86)\Hewlett-Packard\HP Touchpoint Manager\Discover HP Touchpoint Manager\LHBeacon.exe [421000 2014-09-16] (Hewlett-Packard Company)
HKLM-x32\...\Run: [StatusAlerts] => C:\Program Files (x86)\HP\StatusAlerts\bin\HPStatusAlerts.exe [313656 2013-04-18] (Hewlett-Packard Company)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-27] (Microsoft Corporation)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe,c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe,
HKLM-x32\...\Winlogon: [Userinit] C:\WINDOWS\system32\userinit.exe,userinit.exe,
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1483382352-2176205752-2611233115-1002\...\Run: [Google Update] => C:\Users\HP\AppData\Local\Google\Update\1.3.33.5\GoogleUpdateCore.exe [601168 2017-05-01] (Google Inc.)
Lsa: [Notification Packages] DPPassFilter scecli
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\..\Interfaces\{50333116-FC29-48B3-9812-58BFC0B4CA44}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{E0FB43AF-2B2A-4343-AE52-806D1504D9B5}: [DhcpNameServer] 192.168.43.1
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.jp.msn.com/HPALL14/85
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.jp.msn.com/HPALL14/85
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.jp.msn.com/HPALL14/85
HKU\S-1-5-21-1483382352-2176205752-2611233115-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.jp.msn.com/HPALL14/85
HKU\S-1-5-21-1483382352-2176205752-2611233115-1002\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/en-in/?ocid=iehp
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2014-01-21] (Microsoft Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28] (Hewlett-Packard)
BHO-x32: HP File Sanitizer -> {3134413B-49B4-425C-98A5-893C1F195601} -> C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\IEBHO.dll [2014-05-16] (Hewlett-Packard)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2006-10-27] (Microsoft Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-28] (Hewlett-Packard)
 
FireFox:
========
FF HKLM-x32\...\Firefox\Extensions: [dpmaxz_ng@jetpack] - c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\BrowserExt\dpchrome
FF Extension: (HP Client Security Manager) - c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\BrowserExt\dpchrome [2015-06-09] [not signed]
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-01-31] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32.dll [2016-01-28] ()
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2013-12-18] ()
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2013-12-18] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.56 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2014-08-13] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2014-08-13] (Intel Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Pro 8\npnitromozilla.dll [2012-11-29] (Nitro PDF)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-08-01] (Adobe Systems Inc.)
FF Plugin-x32: digitalpersona.com/ChromeDPAgent -> c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\BrowserExt\components\npChromeDPAgent.dll [2014-03-29] (DigitalPersona, Inc.)
FF Plugin HKU\S-1-5-21-1483382352-2176205752-2611233115-1002: @tools.google.com/Google Update;version=3 -> C:\Users\HP\AppData\Local\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-05-01] (Google Inc.)
FF Plugin HKU\S-1-5-21-1483382352-2176205752-2611233115-1002: @tools.google.com/Google Update;version=9 -> C:\Users\HP\AppData\Local\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-05-01] (Google Inc.)
 
Chrome: 
=======
CHR Profile: C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default [2017-08-26]
CHR Extension: (FlashSaleTricks) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\bboalniaekhennojedffbbjlokcpbjgn [2017-08-24]
CHR Extension: (Tool for block sites) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgplcdmlpohnnfhmbceobfcjhbfnephd [2016-12-19]
CHR Extension: (HP Client Security Manager) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\ncffjdbbodifgldkcbhmiiljfcnbgjab [2016-10-01]
CHR Extension: (Chrome Web Store Payments) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-23]
CHR Extension: (Chrome Media Router) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-08-08]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [ncffjdbbodifgldkcbhmiiljfcnbgjab] - c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\BrowserExt\dpchrome.crx [2014-03-29]
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 Autodesk Content Service; C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [18656 2011-02-02] ()
S2 BcmBtRSupport; C:\WINDOWS\system32\BtwRSupportService.exe [2251992 2015-06-09] (Broadcom Corporation.)
R2 CtAgentService; C:\Program Files (x86)\Hewlett-Packard\HP Theft Recovery\CtService.exe [7168 2014-08-15] () [File not signed]
R2 CyberLink PowerDVD 12 Media Server Monitor Service; c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe [77576 2013-08-12] (CyberLink)
R2 CyberLink PowerDVD 12 Media Server Service; c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe [298760 2013-08-12] (CyberLink)
R2 DpHost; c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe [500048 2014-04-04] (DigitalPersona, Inc.)
R2 DTuneSrvc; C:\Program Files (x86)\Common Files\Portrait Displays\Libs\DTuneSrvc.exe [119688 2014-05-14] (Portrait Displays, Inc.)
R2 ekrn; C:\Program Files\ESET\ESET Security\ekrn.exe [2625368 2017-06-13] (ESET)
S3 FLCDLOCK; c:\windows\SysWOW64\flcdlock.exe [567608 2013-11-21] (Hewlett-Packard Company)
R2 GoogleInputService; C:\Program Files (x86)\Google\Google Input Tools\GoogleInputService.exe [164312 2016-11-24] (Google Inc)
S3 HotSpotSrv; C:\Program Files (x86)\Hewlett-Packard\HP Wireless Hotspot\HotSpotSrv.exe [373432 2014-05-23] (Hewlett-Packard Development Company, L.P.)
R2 HP DS Service; C:\Program Files (x86)\HP\HPBDSService\HPBDSService.exe [13824 2011-10-17] (Hewlett-Packard Company) [File not signed]
R2 HP LaserJet Service; C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [174592 2012-12-04] (HP) [File not signed]
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [93184 2014-08-22] (Hewlett-Packard Company) [File not signed]
R2 HpDamServiceHost; c:\Program Files (x86)\Hewlett-Packard\HP Device Access Manager\HP.ProtectTools.DeviceAccessManager.ServiceHost.exe [18232 2013-11-15] (Hewlett-Packard Development Company)
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [887256 2014-05-14] (Intel® Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [154584 2014-08-13] (Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4470736 2017-05-09] (Malwarebytes)
R2 NitroDriverReadSpool8; C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe [230408 2012-11-29] (Nitro PDF Software)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [290520 2014-01-09] (Realtek Semiconductor)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [6942480 2016-03-03] (TeamViewer GmbH)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 bcbtums; C:\WINDOWS\system32\drivers\bcbtums.sys [170712 2015-06-09] (Broadcom Corporation.)
R3 BCM43XX; C:\WINDOWS\system32\DRIVERS\bcmwl63a.sys [7545008 2014-01-29] (Broadcom Corporation)
R1 CLVirtualDrive; C:\WINDOWS\system32\DRIVERS\CLVirtualDrive.sys [91712 2013-03-06] (CyberLink)
S3 DAMDrv; C:\WINDOWS\system32\DRIVERS\DAMDrv64.sys [65752 2013-10-07] (Hewlett-Packard Company)
R1 eamonm; C:\WINDOWS\System32\DRIVERS\eamonm.sys [132824 2017-06-22] (ESET)
R0 edevmon; C:\WINDOWS\System32\DRIVERS\edevmon.sys [107344 2017-05-04] (ESET)
S0 eelam; C:\WINDOWS\System32\DRIVERS\eelam.sys [14880 2017-05-04] (ESET)
R1 ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [178056 2017-05-04] (ESET)
R2 ekbdflt; C:\WINDOWS\system32\DRIVERS\ekbdflt.sys [50752 2017-05-04] (ESET)
R1 epfw; C:\WINDOWS\system32\DRIVERS\epfw.sys [78192 2017-05-04] (ESET)
R1 epfwwfp; C:\WINDOWS\system32\DRIVERS\epfwwfp.sys [101648 2017-05-04] (ESET)
R0 MBAMSwissArmy; C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys [253856 2017-08-26] (Malwarebytes)
S3 MBAMWebProtection; C:\WINDOWS\system32\drivers\mwac.sys [93600 2017-07-06] (Malwarebytes)
R3 MEIx64; C:\WINDOWS\system32\DRIVERS\TeeDriverx64.sys [125952 2014-08-13] (Intel Corporation)
R0 PinFile; C:\WINDOWS\System32\DRIVERS\PinFile.sys [49856 2014-02-04] (WinMagic Inc.)
R3 RSP2STOR; C:\WINDOWS\system32\DRIVERS\RtsP2Stor.sys [291544 2014-01-04] (Realtek Semiconductor Corp.)
R0 SDDisk2K; C:\WINDOWS\System32\DRIVERS\SDDisk2K.sys [228544 2014-06-06] (WinMagic Inc.)
R0 SDDToki; C:\WINDOWS\System32\DRIVERS\SDDToki.sys [131264 2014-02-04] (WinMagic Inc.)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [35320 2014-09-22] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [258368 2014-09-22] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-08-26 18:40 - 2017-08-26 18:40 - 000018493 _____ C:\Users\HP\Downloads\FRST.txt
2017-08-26 18:40 - 2017-08-26 18:40 - 000000000 ____D C:\FRST
2017-08-26 18:38 - 2017-08-26 18:39 - 002395648 _____ (Farbar) C:\Users\HP\Downloads\FRST64.exe
2017-08-26 12:52 - 2017-08-26 12:52 - 000872633 _____ C:\Users\HP\Desktop\MahaRERA General Regulations.pdf
2017-08-24 19:05 - 2017-08-24 19:05 - 000159627 _____ C:\Users\HP\Downloads\Certificate69637.pdf
2017-08-23 13:04 - 2017-08-23 13:04 - 000014165 _____ C:\Users\HP\Downloads\TS Complience  08.08.2017.xlsx
2017-08-21 14:14 - 2017-08-21 14:14 - 000000101 _____ C:\Users\HP\Desktop\nokia 6 buy script.txt
2017-08-14 17:13 - 2017-08-14 17:13 - 000062112 _____ C:\Users\HP\Desktop\SBP.pdf
2017-08-14 17:12 - 2017-08-14 17:13 - 000058351 _____ C:\Users\HP\Downloads\SBP.pdf
2017-08-14 16:17 - 2017-08-14 18:28 - 000606208 _____ C:\Users\HP\Documents\Database1.accdb
2017-08-11 17:50 - 2017-08-11 17:50 - 000000000 ____D C:\Users\HP\AppData\Roaming\ESET
2017-08-11 17:06 - 2017-08-11 17:06 - 001315945 _____ C:\Users\HP\Desktop\ch1.pdf
2017-08-08 20:11 - 2017-08-08 20:11 - 000000000 ____D C:\Users\HP\AppData\Local\ElevatedDiagnostics
2017-08-08 19:01 - 2017-08-08 19:01 - 000305147 _____ C:\Users\HP\Desktop\LIC.pdf
2017-08-08 19:00 - 2017-08-08 19:00 - 000165131 _____ C:\Users\HP\Downloads\pan adhar sbp.pdf
2017-08-08 12:42 - 2017-08-08 12:42 - 001065102 _____ C:\Users\HP\Desktop\1.pdf
2017-08-07 16:48 - 2017-08-07 16:48 - 000633922 _____ C:\Users\HP\Downloads\12519865__Y0056958.pdf
2017-08-04 14:39 - 2017-08-04 14:39 - 000366996 _____ C:\Users\HP\Downloads\प्रधानमंत्री आवास योजना सभा 05-08-2017.pdf
2017-08-04 10:18 - 2017-08-04 10:28 - 000000000 ____D C:\raju rajput
2017-08-03 17:13 - 2017-08-03 17:13 - 009518764 _____ C:\Users\HP\Downloads\kameri__project (1).zip
2017-08-03 14:12 - 2017-08-03 14:12 - 000750373 _____ C:\Users\HP\Downloads\rti-palus 1.pdf
2017-08-01 18:30 - 2017-08-01 18:30 - 000358211 _____ C:\Users\HP\Downloads\111469007-20170719.pdf
2017-08-01 18:07 - 2017-08-01 18:07 - 000288904 _____ C:\Users\HP\Desktop\LAQ -ltr to colle.pdf
2017-08-01 15:19 - 2017-08-01 15:19 - 000388608 _____ (Trend Micro Inc.) C:\Users\HP\Desktop\HijackThis.exe
2017-07-31 18:01 - 2017-07-31 18:01 - 000330770 _____ C:\Users\HP\Downloads\Credit Card Statement (8).pdf
2017-07-27 18:45 - 2017-07-27 18:46 - 004648868 _____ C:\Users\HP\Downloads\part1.pdf
2017-07-27 17:25 - 2017-07-27 17:25 - 000002008 _____ C:\Users\Public\Desktop\ESET Banking & Payment protection.lnk
2017-07-27 17:25 - 2017-07-27 17:25 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET
2017-07-27 17:25 - 2017-07-27 17:25 - 000000000 ____D C:\ProgramData\ESET
2017-07-27 17:25 - 2017-07-27 17:25 - 000000000 ____D C:\Program Files\ESET
2017-07-27 17:12 - 2017-07-27 17:12 - 003146880 _____ (ESET) C:\Users\HP\Downloads\eset_internet_security_live_installer.exe
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-08-26 18:21 - 2014-11-21 10:12 - 000891856 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-08-26 18:21 - 2013-08-22 19:06 - 000000000 ____D C:\WINDOWS\Inf
2017-08-26 18:17 - 2017-06-21 17:01 - 000253856 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-08-26 18:17 - 2016-01-28 16:00 - 000000596 _____ C:\WINDOWS\system32\Drivers\etc\hosts.ics
2017-08-26 18:16 - 2016-01-28 13:25 - 000000000 ____D C:\Users\HP
2017-08-26 18:16 - 2013-08-22 20:15 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-08-26 18:13 - 2017-05-26 19:19 - 000790934 _____ C:\WINDOWS\ntbtlog.txt
2017-08-26 12:52 - 2015-10-05 18:53 - 001939968 ___SH C:\Users\HP\Desktop\Thumbs.db
2017-08-24 17:36 - 2016-04-26 17:29 - 000000000 ____D C:\Users\HP\AppData\Roaming\Nitro PDF
2017-08-24 17:21 - 2013-08-22 21:06 - 000000000 ____D C:\WINDOWS\system32\NDF
2017-08-23 19:07 - 2013-08-22 18:55 - 000262144 ___SH C:\WINDOWS\system32\config\BBI
2017-08-23 14:29 - 2016-01-28 14:10 - 000000000 ____D C:\Users\HP\AppData\Local\cache
2017-08-23 14:03 - 2016-01-28 13:39 - 000003600 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1483382352-2176205752-2611233115-1002
2017-08-21 13:25 - 2016-01-28 13:53 - 000002436 _____ C:\Users\HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-08-21 13:25 - 2016-01-28 13:53 - 000002428 _____ C:\Users\HP\Desktop\Google Chrome.lnk
2017-08-21 13:19 - 2013-08-22 21:06 - 000000000 ____D C:\WINDOWS\AppReadiness
2017-08-16 13:21 - 2016-12-31 11:16 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-08-11 17:50 - 2016-04-18 17:52 - 000000000 ____D C:\Users\HP\AppData\Roaming\TeamViewer
2017-08-11 16:53 - 2016-05-12 11:20 - 000004476 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2017-08-10 07:53 - 2013-08-22 21:06 - 000000000 ___HD C:\Program Files\WindowsApps
2017-08-08 12:29 - 2016-03-03 16:13 - 000000000 ____D C:\WINDOWS\Minidump
2017-08-08 12:29 - 2015-08-18 08:15 - 000123729 ____N C:\WINDOWS\Minidump\080817-18593-01.dmp
2017-08-07 17:33 - 2016-09-17 11:15 - 000000000 ____D C:\Users\HP\Desktop\kendra
2017-08-04 18:10 - 2016-04-18 17:51 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2017-08-02 11:56 - 2017-04-12 09:45 - 000013739 _____ C:\Users\HP\Desktop\New Microsoft Office Excel Worksheet.xlsx
2017-07-27 17:28 - 2017-07-12 18:59 - 000000000 ____D C:\Users\HP\AppData\Local\ESET
2017-07-27 17:26 - 2013-08-22 21:06 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2017-07-27 16:44 - 2013-08-22 18:55 - 000262144 ___SH C:\WINDOWS\system32\config\ELAM
 
==================== Files in the root of some directories =======
 
2016-06-06 16:25 - 2016-07-28 13:11 - 000004096 ____H () C:\Users\HP\AppData\Local\keyfile3.drm
2016-07-19 12:49 - 2016-07-19 12:49 - 000000000 _____ () C:\Users\HP\AppData\Local\{FC1AC722-5E9E-40D3-89D1-F13BC170A059}
2015-06-09 22:56 - 2015-06-09 22:58 - 008376326 _____ () C:\ProgramData\hpcsmmsilogs.log
2015-06-09 23:08 - 2015-06-09 23:08 - 001281464 _____ () C:\ProgramData\hpdam_install_log.txt
2015-06-09 23:08 - 2015-06-09 23:08 - 000572902 _____ () C:\ProgramData\HPFileSanitizer_Install_Log.txt
2016-01-28 14:00 - 2016-01-28 14:00 - 000000153 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
 
Some files in TEMP:
====================
2016-01-28 14:04 - 2011-01-18 17:50 - 000161704 _____ (Autodesk, Inc.) C:\Users\HP\AppData\Local\Temp\AcDeltree.exe
2016-03-30 18:22 - 2016-03-30 18:22 - 000467968 _____ (Realtek Semiconductor Corp.) C:\Users\HP\AppData\Local\Temp\COMAP.EXE
2016-07-19 12:50 - 2016-07-19 12:50 - 000000000 _____ () C:\Users\HP\AppData\Local\Temp\GUR1FA8.exe
2016-02-17 19:06 - 2016-02-17 19:06 - 000032768 _____ () C:\Users\HP\AppData\Local\Temp\lpeur6n8.dll
2017-05-15 13:39 - 2012-11-10 23:50 - 000150600 ____R (Microsoft Corporation) C:\Users\HP\AppData\Local\Temp\ose00000.exe
2016-02-26 10:33 - 2006-05-24 22:40 - 000455600 ____R (Macrovision Corporation) C:\Users\HP\AppData\Local\Temp\_isFDBE.exe
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2017-08-23 14:03
 
 
additional.txt
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20-08-2017
Ran by HP (26-08-2017 18:41:18)
Running from C:\Users\HP\Downloads
Windows 8.1 Pro (Update) (X64) (2016-01-28 08:01:18)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-1483382352-2176205752-2611233115-500 - Administrator - Disabled) => C:\Users\Administrator
Guest (S-1-5-21-1483382352-2176205752-2611233115-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-1483382352-2176205752-2611233115-1004 - Limited - Enabled)
HP (S-1-5-21-1483382352-2176205752-2611233115-1002 - Administrator - Enabled) => C:\Users\HP
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: ESET Internet Security (Disabled - Up to date) {EC1D6F37-E411-475A-DF50-12FF7FE4AC70}
AS: ESET Internet Security (Enabled - Up to date) {577C8ED3-C22B-48D4-E5E0-298D0463E6CD}
AS: Malwarebytes (Disabled - Out of date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: ESET Personal firewall (Enabled) {D426EE12-AE7E-4602-F40F-BBCA8137EB0B}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 17.012.20095 - Adobe Systems Incorporated)
Adobe Flash Player 10 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 10.1.53.64 - Adobe Systems Incorporated)
AutoCAD 2012 - English (HKLM\...\{5783F2D7-A001-0409-0102-0060B0CE6BBA}) (Version: 18.2.51.0 - Autodesk) Hidden
AutoCAD 2012 - English (HKLM\...\AutoCAD 2012 - English) (Version: 18.2.51.0 - Autodesk)
AutoCAD 2012 Language Pack - English (HKLM\...\{5783F2D7-A001-0409-1102-0060B0CE6BBA}) (Version: 18.2.51.0 - Autodesk) Hidden
Autodesk Content Service (HKLM-x32\...\{086F9A69-CD39-4893-A9FB-D3A0634CE3F7}) (Version: 2.0.90 - Autodesk)
Autodesk Inventor Fusion 2012 (HKLM\...\{FFF5619F-6669-4EC5-A85E-9994F70A9E5D}) (Version: 1.0.0.79 - Autodesk, Inc.) Hidden
Autodesk Inventor Fusion 2012 (HKLM\...\Autodesk Inventor Fusion 2012) (Version: 1.0.0.79 - Autodesk, Inc.)
Autodesk Inventor Fusion 2012 Language Pack (HKLM\...\{FFF7F80F-929E-497F-A112-B070DE816128}) (Version: 1.0.0.79 - Autodesk, Inc.) Hidden
Autodesk Inventor Fusion plug-in for AutoCAD 2012 (HKLM\...\{EAB3AC1A-68FF-486B-9C6B-E48EBB4B05CC}) (Version: 0.0.1.138 - Autodesk) Hidden
Autodesk Inventor Fusion plug-in for AutoCAD 2012 (HKLM\...\Autodesk Inventor Fusion plug-in for AutoCAD 2012) (Version: 0.0.1.138 - Autodesk)
Autodesk Inventor Fusion plug-in language pack for AutoCAD 2012 (HKLM\...\{E552C39C-C70E-464F-9733-8311331BDD90}) (Version: 0.0.1.138 - Autodesk) Hidden
Autodesk Material Library 2012 (HKLM-x32\...\{8F0837C2-EE09-4903-88F3-1976FE7FFF4E}) (Version: 2.5.0.8 - Autodesk)
Autodesk Material Library Base Resolution Image Library 2012 (HKLM-x32\...\{65420DC9-306E-4371-905F-F4DC3B418E52}) (Version: 2.5.0.8 - Autodesk)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Broadcom 802.11 Wireless LAN Adapter (HKLM\...\Broadcom 802.11 Wireless LAN Adapter) (Version: 6.30.223.227 - Broadcom Corporation)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.3.3207 - CyberLink Corp.)
CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.2.3212 - CyberLink Corp.)
Discover HP Touchpoint Manager (HKLM-x32\...\{74C4DA32-D4FD-406B-AEA3-6781757C8EC3}) (Version: 1.0.15.1 - Hewlett-Packard Company)
Energy Star (HKLM-x32\...\{FC0ADA4D-8FA5-4452-8AFF-F0A0BAC97EF7}) (Version: 1.0.9 - Hewlett-Packard Company)
ESET Internet Security (HKLM\...\{67740CB4-7371-4C8A-A8E3-8E551AF2FF44}) (Version: 10.1.219.0 - ESET, spol. s r.o.)
FARO LS 1.1.406.58 (HKLM-x32\...\{951B0F30-9F1A-4BF6-B3DA-99EB0E917B1C}) (Version: 4.6.58.2 - FARO Scanner Production)
Foxit PhantomPDF (HKLM-x32\...\{5F3E0897-97AA-4FC2-A0A9-130A39D0FDFB}) (Version: 6.0.16.324 - Foxit Corporation)
Google Chrome (HKU\S-1-5-21-1483382352-2176205752-2611233115-1002\...\Google Chrome) (Version: 60.0.3112.101 - Google Inc.)
Google Input Marathi (HKLM\...\GoogleInputMarathi) (Version:  - Google Inc.)
Google Input Tools (HKLM\...\GoogleInputFramework) (Version:  - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (HKLM-x32\...\{6F340107-F9AA-47C6-B54C-C3A19F11553F}) (Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP Client Security Manager (HKLM\...\HPProtectTools) (Version: 8.3.4.1811 - Hewlett-Packard Company)
HP Device Access Manager (HKLM\...\{DBE16A07-DDFF-4453-807A-212EF93916E0}) (Version: 8.3.2.0 - Hewlett-Packard Company)
HP Documentation (HKLM-x32\...\{9EDD5BBA-06C8-4C11-939B-DB2BA9065FA2}) (Version: 1.1.0.0 - Hewlett-Packard)
HP Drive Encryption (HKLM\...\HPDriveEncryption) (Version: 8.6.10.35 - Hewlett-Packard Company)
HP File Sanitizer (HKLM-x32\...\{6349342F-9CEF-4A70-995A-2CF3704C2603}) (Version: 8.4.26.1 - Hewlett-Packard Company)
HP LaserJet Pro MFP M127-M128 (HKLM-x32\...\{3b050369-8d19-413d-9dec-84ff278472eb}) (Version: 8.0.13295.984 - Hewlett-Packard)
HP My Display (HKLM-x32\...\{448286F7-9BCC-4254-A6DC-CB40DC852F55}) (Version: 2.09.13 - Portrait Displays, Inc.)
HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.7745.4851 - Hewlett-Packard)
HP SoftPaq Download Manager (HKLM-x32\...\{68E1C9E9-1606-49AF-9978-573148CED9E4}) (Version: 3.5.3.0 - Hewlett-Packard Company)
HP Software Setup (HKLM-x32\...\{F6D61EC9-347B-4019-9F8E-E24169F7C330}) (Version: 8.7.5 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{904822F1-6C7D-4B91-B936-6A1C0810544C}) (Version: 7.7.34.34 - Hewlett-Packard Company)
HP Support Information (HKLM-x32\...\{B2B7B1C8-7C8B-476C-BE2C-049731C55992}) (Version: 13.00.0000 - Hewlett-Packard)
HP Theft Recovery (HKLM-x32\...\InstallShield_{49FE8EBA-CC77-484E-A4DB-DF4EFC0E5147}) (Version: 8.3.0.8 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HP Wireless Hotspot (HKLM-x32\...\{7416CCA4-1E67-43B4-938C-3709D6570CEB}) (Version: 1.0.27.1 - Hewlett-Packard Company)
hpbDSService (HKLM-x32\...\{62022DCB-BA92-4EC2-AE03-9B946E4DBF12}) (Version: 002.002.07399 - Hewlett-Packard) Hidden
hpbM128DSService (HKLM-x32\...\{F08687B3-BB9A-4CBC-AE6B-BDF4B642E7BA}) (Version: 001.001.08254 - Hewlett-Packard) Hidden
HPDXP (HKLM-x32\...\{EF292659-1504-4F78-A737-471E50D8E0A1}) (Version: 3.0.26.40 - HP) Hidden
HPLJDXPHelper (HKLM-x32\...\{5E4DD8C2-A906-4F1B-94B6-4F6A51D625B2}) (Version: 060.048.005 - HP) Hidden
HPLJProMFPM127M128 (HKLM-x32\...\{B5409C23-DE0C-4B48-8C8A-50AE38694955}) (Version: 1.00.0000 - Hewlett-Packard)
HPLJUTCore (HKLM-x32\...\{30DD7187-F392-4D83-8AED-D9A2DC64EF15}) (Version: 008.000.0001 - HP) Hidden
HPLJUTM127_128 (HKLM-x32\...\{2C886751-51BD-4A8C-B33A-B4C513AB5B9A}) (Version: 008.000.0001 - HP) Hidden
hppLaserJetService (HKLM-x32\...\{178F0383-A2F1-427C-9881-6EACB8728C76}) (Version: 009.033.00905 - Hewlett-Packard) Hidden
hppM125LaserJetService (HKLM-x32\...\{18D5B189-DBDD-4E57-A84B-58C7700E9BB0}) (Version: 001.032.00682 - Hewlett-Packard) Hidden
hpStatusAlerts (HKLM-x32\...\{6470E292-3B55-41DC-B5EB-91C34C5ACB5D}) (Version: 080.040.00171 - Hewlett Packard) Hidden
hpStatusAlertsM127-M128 (HKLM-x32\...\{92374A19-CD4A-498F-92CB-26473EF31FB3}) (Version: 080.046.00111 - Hewlett-Packard) Hidden
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 10.0.27.1012 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3277 - Intel Corporation)
ISM Office 3.04 (HKLM-x32\...\ISM300) (Version:  - )
LJDXPHelperUI (HKLM-x32\...\{EAECD0D7-F27D-4F13-8312-A9C0B5C5F1B7}) (Version: 060.048.005 - HP) Hidden
Malwarebytes version 3.1.2.1733 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.1.2.1733 - Malwarebytes)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Project Professional 2013 (HKLM-x32\...\Office15.PRJPROR) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (HKLM-x32\...\{6e8f74e0-43bd-4dce-8477-6ff6828acc07}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM-x32\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
MP3 To Ringtone Gold 8.7 (HKLM-x32\...\MP3 To Ringtone Gold_is1) (Version:  - AnMing)
Nitro Pro 8 (HKLM\...\{CCFF2C60-9FAE-45B6-8C08-1774644422BD}) (Version: 8.0.9.8 - Nitro)
Outils de vérification linguistique 2013 de Microsoft Office - Français (HKLM-x32\...\{90150000-001F-040C-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.9600.29075 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.23.1126.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7161 - Realtek Semiconductor Corp.)
StarToken-NG (HKLM-x32\...\{9AEF25CF-6F43-41FB-9DDD-9BFA15EE81FD}) (Version: 3.1.12 - Bank of India)
TeamViewer 11 (HKLM-x32\...\TeamViewer) (Version: 11.0.56083 - TeamViewer)
VLC media player 2.1.3 (HKLM\...\VLC media player) (Version: 2.1.3 - VideoLAN)
Windows Driver Package - Broadcom Corporation (bcbtums) Bluetooth  (11/19/2013 12.0.0.9050) (HKLM\...\842F79923C68674AEB21691125DD165B4B2B4ADD) (Version: 11/19/2013 12.0.0.9050 - Broadcom Corporation)
WinRAR archiver (HKLM-x32\...\WinRAR archiver) (Version:  - )
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
HKU\S-1-5-21-1483382352-2176205752-2611233115-1002\...\ChromeHTML: -> C:\Users\HP\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1483382352-2176205752-2611233115-1002_Classes\CLSID\{144DF3B2-2402-47AE-9583-5A045929A8D4}\InprocServer32 -> C:\Users\HP\AppData\Local\Google\Update\1.3.33.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1483382352-2176205752-2611233115-1002_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\HP\AppData\Local\Google\Update\1.3.30.3\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1483382352-2176205752-2611233115-1002_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Users\HP\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1483382352-2176205752-2611233115-1002_Classes\CLSID\{6D7AE628-FF41-4CD3-91DD-34825BB1A251}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2012 - English\acad.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-1483382352-2176205752-2611233115-1002_Classes\CLSID\{724FE766-71C2-4E6E-8379-CD0EF5E51BDD}\InprocServer32 -> C:\Users\HP\AppData\Local\Google\Update\1.3.28.17\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1483382352-2176205752-2611233115-1002_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\HP\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1483382352-2176205752-2611233115-1002_Classes\CLSID\{8C46158B-D978-483C-A312-16EE5013BE04}\InprocServer32 -> C:\Users\HP\AppData\Local\Google\Update\1.3.33.3\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1483382352-2176205752-2611233115-1002_Classes\CLSID\{B77E471C-FBF3-4CB5-880F-D7528AD4B349}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2012 - English\acad.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-1483382352-2176205752-2611233115-1002_Classes\CLSID\{C92FB640-AD4D-498A-9979-A51A2540C977}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2012 - English\acad.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-1483382352-2176205752-2611233115-1002_Classes\CLSID\{CB492AF1-2CEF-4E58-BE47-471C77D0C8BA}\InprocServer32 -> C:\Users\HP\AppData\Local\Google\Update\1.3.32.7\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1483382352-2176205752-2611233115-1002_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\HP\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1483382352-2176205752-2611233115-1002_Classes\CLSID\{D70E31AD-2614-49F2-B0FC-ACA781D81F3E}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2012 - English\acad.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-1483382352-2176205752-2611233115-1002_Classes\CLSID\{E2C40589-DE61-11ce-BAE0-0020AF6D7005}\InprocServer32 -> C:\Program Files\Autodesk\AutoCAD 2012 - English\acadficn.dll (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-1483382352-2176205752-2611233115-1002_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\HP\AppData\Local\Google\Update\1.3.33.5\psuser_64.dll (Google Inc.)
ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\WINDOWS\system32\AcSignIcon.dll [2011-02-03] (Autodesk, Inc.)
ContextMenuHandlers1: [AcShellExtension.AcContextMenuHandler] -> {2E7A2C6C-B938-40a4-BA1C-C7EC982DC202} => C:\Program Files\Common Files\Autodesk Shared\AcShellEx\AcShellExtension.dll [2011-02-03] (Autodesk)
ContextMenuHandlers1: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll [2013-08-20] (Cyberlink)
ContextMenuHandlers1: [ESET Smart Security - Context Menu Shell Extension] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll [2017-06-13] (ESET)
ContextMenuHandlers1: [Foxit_ConvertToPDF] -> {C5269811-4A29-4818-A4BB-111F9FC63A5F} => C:\Program Files (x86)\Foxit PhantomPDF\plugins\ConvertToPDFShellExtension_x64.dll [2013-12-18] (Foxit Corporation)
ContextMenuHandlers1: [NP8ShellExtension] -> {9C4B85B8-956C-49BF-9BA5-101384E562B2} => C:\Program Files\Common Files\Nitro\Pro\8.0\NPShellExtension64.dll [2012-11-29] (Nitro PDF)
ContextMenuHandlers1: [ShredContextMenu] -> {85EFA470-665A-4322-AB1E-1EB9C70F61C8} => C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\ShredContextMenu.dll [2014-05-16] ()
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2006-12-11] ()
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2007-09-20] ()
ContextMenuHandlers2: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll [2013-08-20] (Cyberlink)
ContextMenuHandlers2: [ESET Smart Security - Context Menu Shell Extension] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll [2017-06-13] (ESET)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-05-09] (Malwarebytes)
ContextMenuHandlers4: [ShredContextMenu] -> {85EFA470-665A-4322-AB1E-1EB9C70F61C8} => C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\ShredContextMenu.dll [2014-05-16] ()
ContextMenuHandlers4: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2006-12-11] ()
ContextMenuHandlers4-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2007-09-20] ()
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\windows\system32\igfxpph.dll [2013-08-20] (Intel Corporation)
ContextMenuHandlers6: [ESET Smart Security - Context Menu Shell Extension] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll [2017-06-13] (ESET)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-05-09] (Malwarebytes)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2006-12-11] ()
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2007-09-20] ()
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {0AD08E26-08F7-4A43-BB29-C3102A7C3109} - System32\Tasks\HPLJCustParticipation => C:\Program Files (x86)\HP\HPLJUT\HPLJUTSCH.exe [2013-01-28] (Hewlett Packard)
Task: {1DD9C328-4ECF-4699-8F38-83262A77D885} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-04-26] (Google Inc.)
Task: {4F38327B-344E-44F3-8DD6-1B3F1E0DEC9A} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe
Task: {586654B4-829B-400E-9EC5-DA5E7B29A3C4} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1483382352-2176205752-2611233115-1002UA => C:\Users\HP\AppData\Local\Google\Update\GoogleUpdate.exe [2016-01-28] (Google Inc.)
Task: {6DCAFF7D-707B-4F05-8839-53160CF21496} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1483382352-2176205752-2611233115-1002Core => C:\Users\HP\AppData\Local\Google\Update\GoogleUpdate.exe [2016-01-28] (Google Inc.)
Task: {82253D40-4652-4B1E-B9E5-3ED44957649C} - System32\Tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser => %windir%\system32\rundll32.exe aepdu.dll,AePduRunUpdate -nolegacy
Task: {94CEAF28-A9DA-4F7D-8F5A-9C89E4CCAD7F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-04-26] (Google Inc.)
Task: {B878A467-DAA8-425B-8874-4624936C4757} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-21] (Microsoft Corporation)
Task: {D80690E0-112A-4154-BA11-0DE7F8A5026A} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-07-19] (Adobe Systems Incorporated)
Task: {DD067EE5-62BD-42B0-A52E-318A96408517} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-21] (Microsoft Corporation)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
==================== Loaded Modules (Whitelisted) ==============
 
2011-02-02 14:08 - 2011-02-02 14:08 - 000018656 _____ () C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe
2014-08-15 23:21 - 2014-08-15 23:21 - 000007168 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Theft Recovery\CtService.exe
2014-01-21 20:07 - 2014-01-21 20:07 - 008878248 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2017-08-21 13:25 - 2017-08-11 13:10 - 003824472 _____ () C:\Users\HP\AppData\Local\Google\Chrome\Application\60.0.3112.101\libglesv2.dll
2017-08-21 13:25 - 2017-08-11 13:10 - 000100184 _____ () C:\Users\HP\AppData\Local\Google\Chrome\Application\60.0.3112.101\libegl.dll
2015-06-09 23:07 - 2013-08-05 13:19 - 000627672 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2013-08-06 04:18 - 2013-08-06 04:18 - 000016856 _____ () c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2012-01-18 04:51 - 2012-01-18 04:51 - 000068104 _____ () C:\Program Files (x86)\Hewlett-Packard\HP My Display\PEGAACPIDLL.dll
2014-05-14 02:06 - 2014-05-14 02:06 - 000058248 _____ () C:\Program Files (x86)\Hewlett-Packard\HP My Display\VistaAPI.dll
2014-08-13 23:24 - 2014-08-13 23:24 - 001241560 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\Users\HP\Desktop\01_O_PUNE_DSR_Publish_aug16.pdf:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\HP\Desktop\Deputy Engineers_0.pdf:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\HP\Desktop\RERAMANUAL.pdf:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\HP\Downloads\01. Palus phase Ist-  S.No. 116  AA proposal (1).xlsx:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\HP\Downloads\01. Palus phase Ist-  S.No. 116  AA proposal (2).xlsx:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\HP\Downloads\01. Palus phase Ist-  S.No. 116  AA proposal.xlsx:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\HP\Downloads\01. Sale Price calculations.xlsx:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\HP\Downloads\01_O_PUNE_DSR_Publish_aug16 (2).xlsx:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\HP\Downloads\01_O_PUNE_DSR_Publish_aug16.xlsx:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\HP\Downloads\02.Areas & Financial  Calculations..xlsx:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\HP\Downloads\1 (1).pdf:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\HP\Downloads\1 मे २०१७ बैठक इतिवृत्-त.pdf:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\HP\Downloads\1.pdf:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\HP\Downloads\11-4504_DS_DCS_Data_Historians_FINAL (1).pdf:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\HP\Downloads\11-4504_DS_DCS_Data_Historians_FINAL.pdf:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\HP\Downloads\12519865.pdf:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\HP\Downloads\12519865__Y0021568.pdf:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\HP\Downloads\130576WT-BR00.xlsx (1).pdf:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\HP\Downloads\130576WT-BR00.xlsx (2).pdf:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\HP\Downloads\130576WT-BR00.xlsx.pdf:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\HP\Downloads\15163294987-AKAxxxxx2G-G4.pdf:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\HP\Downloads\15178105226_AKAxxxxx2G_A1.pdf:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\HP\Downloads\16079194850-AKAxxxxx2G-G4.pdf:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\HP\Downloads\18.8.15Minutes of meeting.xls:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\HP\Downloads\18_CS091213B.xls:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\HP\Downloads\19_CS091213B.xls:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\HP\Downloads\2.pdf:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\HP\Downloads\2016-01-06-13-25-50-895_1452066950895_XXXPP4922X_ITRV.pdf:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\HP\Downloads\2016-07-30-12-35-39-036_1469862339036_XXXPP4922X_ITRV.pdf:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\HP\Downloads\2017-03-24.pdf:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\HP\Downloads\21T_BUL10022014.xls:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\HP\Downloads\21T_CT090114.xls:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\HP\Downloads\21_CS091213B.xls:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\HP\Downloads\22T_BUL10022014.xls:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\HP\Downloads\279940665927 (1).pdf:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\HP\Downloads\279940665927 (2).pdf:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\HP\Downloads\279940665927 (3).pdf:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\HP\Downloads\279940665927 (4).pdf:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\HP\Downloads\279940665927 (5).pdf:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\HP\Downloads\279940665927 (6).pdf:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\HP\Downloads\279940665927.pdf:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\HP\Downloads\35T_CSBL091112 (1).xls:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\HP\Downloads\35T_CSBL091112.xls:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\HP\Downloads\36T_CSBL101212.xls:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\HP\Downloads\454181_0.pdf:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\HP\Downloads\50 koti meeting 02.05.2017.pdf:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\HP\Downloads\50 koti meeting on 24.05.2017.pdf:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\HP\Downloads\7-12 vita-Islampur-mhapatemala.pdf:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\HP\Downloads\752804666_106008333.pdf:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\HP\Downloads\881030223254834.pdf:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\HP\Downloads\Aarti Sangrah ( Marathi ).pdf:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\HP\Downloads\Acknowledgment_Slip (1).pdf:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\HP\Downloads\Acknowledgment_Slip (2).pdf:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\HP\Downloads\Acknowledgment_Slip (3).pdf:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\HP\Downloads\Acknowledgment_Slip (4).pdf:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\HP\Downloads\Acknowledgment_Slip (5).pdf:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\HP\Downloads\Acknowledgment_Slip (6).pdf:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\HP\Downloads\Acknowledgment_Slip.pdf:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\HP\Downloads\Advance bill.pdf:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\HP\Downloads\agreement.pdf:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\HP\Downloads\Areas & Financial  Calculations..xlsx:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\HP\Downloads\Authorization_Letter_for_Common_mobile_and_email_id_letter_Rev (3) (1).pdf:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\HP\Downloads\Authorization_Letter_for_Common_mobile_and_email_id_letter_Rev (3).pdf:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\HP\Downloads\BANKERS INDEMNITY CLAIM FORM.pdf:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\HP\Downloads\Bar Chart EWS Type-A & B & MIG -1 Nos.MHADA Site Sangli. (1).xlsx:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\HP\Downloads\Bar Chart EWS Type-A & B & MIG -1 Nos.MHADA Site Sangli..xlsx:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\HP\Downloads\Bar Chart EWS Type-A & B MHADA Site Sangli._3.xlsx:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\HP\Downloads\billform.xlsx:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\HP\Downloads\BSNL योजना सुरु करणेबाबत .pdf:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\HP\Downloads\Budget- ,16-17 ,17-18( EE-II) - Copy.xls:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\HP\Downloads\cm daura 19-5-17.pdf:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\HP\Downloads\cm dura 29 may 2017.pdf:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\HP\Downloads\Collector Meeting sub list 29 3 2017 4pm .pdf:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\HP\Downloads\comparative statement.xlsx:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\HP\Downloads\compound wall  work medad .doc:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\HP\Downloads\copy of Review.xlsx:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\HP\Downloads\Copy of Sangli.xlsx:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\HP\Downloads\Cost calculation (1).xlsx:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\HP\Downloads\Cost calculation.xlsx:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\HP\Downloads\Credit Card Statement (1).pdf:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\HP\Downloads\Credit Card Statement (2).pdf:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\HP\Downloads\Credit Card Statement (3).pdf:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\HP\Downloads\Credit Card Statement (4).pdf:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\HP\Downloads\Credit Card Statement (5).pdf:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\HP\Downloads\Credit Card Statement (6).pdf:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\HP\Downloads\Credit Card Statement (7).pdf:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\HP\Downloads\Credit Card Statement.pdf:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\HP\Downloads\CyberReceipt1473339072227.txt:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\HP\Downloads\Daily English prayer.pdf:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\HP\Downloads\Daily Marathi Prayer.pdf:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\HP\Downloads\DE 7 & 8.docx:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\HP\Downloads\DE SANGLI  INFO FOR MEETING .xlsx:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\HP\Downloads\DeclarationFormatTN569.doc:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\HP\Downloads\Details at a glance  S.No. 12B, Miraji.docx:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\HP\Downloads\Details at a glance  S.No. 164, Sangli.docx:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\HP\Downloads\Details at a glance  S.No. 215, Sangli.docx:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\HP\Downloads\devp work  bill.xlsx:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\HP\Downloads\DIFPAY.xlsx:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\HP\Downloads\DishTvReceipt_D10530418417.pdf:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\HP\Downloads\doc01744820170711163851.pdf:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\HP\Downloads\document2013-03-07_29.pdf:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\HP\Downloads\DPR_Info_for_PMAY_ppt_03.11.2016.xls:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\HP\Downloads\Driver.pdf:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\HP\Downloads\DSR  Rate Analaysis.xls:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\HP\Downloads\DSR Rate Analysis 2016-17 (1).xlsx:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\HP\Downloads\DSR Rate Analysis 2016-17.xlsx:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\HP\Downloads\ee2@phIIWorkorder215.pdf:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\HP\Downloads\election progrrame34.pdf:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\HP\Downloads\englishgrammarbook.pdf:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\HP\Downloads\escalation bill-mhada (1).xlsx:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\HP\Downloads\escalation bill-mhada.xlsx:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\HP\Downloads\Escalation final.xls:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\HP\Downloads\escalation_bill_1_Saswad klassic (1).xls:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\HP\Downloads\escalation_bill_1_Saswad klassic (2).xls:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\HP\Downloads\escalation_bill_1_Saswad klassic.xlsx:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\HP\Downloads\Estimate of Infrastructure works Palus.xls:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\HP\Downloads\FAMILY_MEDICARE_PROPOSAL_FORM_0.pdf:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\HP\Downloads\FB Statements (1).xls:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\HP\Downloads\FB Statements.xls:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\HP\Downloads\File Cover.docx:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\HP\Downloads\FINAL 01--02-17.xlsx:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\HP\Downloads\Final SP S No 954-132Ts-LIG@ MIRAJ.xlsx:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\HP\Downloads\Forwordin letter @ Medical bill.docx:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\HP\Downloads\GT 365 Pune housing - MHADA- Residential S No. 255 -Sangli.pdf:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\HP\Downloads\HEALTH_CLAIM_FORM.pdf:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\HP\Downloads\Housing Minister Visit 27-06-16.docx:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\HP\Downloads\HUDCO-CLSS-Subsidy Calculator.xlsx:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\HP\Downloads\IMP.Copy of Copy of Budget-2014-15& 15-16 ( EE-II) - Remarks Copy - Copy - Copy.xls:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\HP\Downloads\Income Tax 2013-14.xls:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\HP\Downloads\Info.of MHADA Land (KES.Islampur) (1).pdf:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\HP\Downloads\Info.of MHADA Land (KES.Islampur) (2).pdf:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\HP\Downloads\Info.of MHADA Land (KES.Islampur).pdf:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\HP\Downloads\INFORMATION SANGLI MEETING.xlsx:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\HP\Downloads\Information to De Sangli For Drda Meeting.xlsx:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\HP\Downloads\Kabjepatti S No 252-1_00000.pdf:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\HP\Downloads\Kabjepatti S No 252-2_00000.pdf:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\HP\Downloads\Kabjepatti S No 252-3_00000.pdf:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\HP\Downloads\KABJEPATTI S NO 894-1_00000.pdf:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\HP\Downloads\Kapuskhed Naka S.pdf:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\HP\Downloads\kasegaon jamin.docx:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\HP\Downloads\kasegaon vapar badal.pdf:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\HP\Downloads\kop interior work check list.pdf:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\HP\Downloads\Land Statement in Pune Board 07-10-2016.docx:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\HP\Downloads\LAQ NO.19674.pdf:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\HP\Downloads\letter for Prebid meeting clarrification.doc:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\HP\Downloads\letter.Mumbai.imp.24.06.pdf:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\HP\Downloads\letter.pdf:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\HP\Downloads\maptemala.doc:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\HP\Downloads\Master.xls:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\HP\Downloads\Mastering Vba for MS Office 2013.pdf:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\HP\Downloads\Medical Bill 11.1.2016.doc:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\HP\Downloads\Meeting latter 22 3 2017 .pdf:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\HP\Downloads\MHADA 255 Final - 1 (1).xlsx:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\HP\Downloads\MHADA 255 Final - 1 (2).xlsx:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\HP\Downloads\MHADA 255 Final - 1.xlsx:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\HP\Downloads\mhada 255 letter.pdf:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\HP\Downloads\MHADA MIRAJ WATER TANK RCC.pdf:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\HP\Downloads\MHADA RA 02 -.xlsx:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\HP\Downloads\Miraj Page1.pdf:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\HP\Downloads\mirajnotice.pdf:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\HP\Downloads\mirajnoticewordformat.docx:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\HP\Downloads\MobileBill_1290062595_134109390_9890696499.pdf:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\HP\Downloads\MobileBill_1290062595_289973061_9890696499.pdf:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\HP\Downloads\MobileBill_1290062595_366408408_9890696499.pdf:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\HP\Downloads\month2 (1).xls:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\HP\Downloads\month2.xls:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\HP\Downloads\MPR  APRIL -16 .xls:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\HP\Downloads\new doc 2017-04-13 15.15.18_20170413151753 (1).pdf:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\HP\Downloads\new doc 2017-04-13 15.15.18_20170413151753 (2).pdf:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\HP\Downloads\new doc 2017-04-13 15.15.18_20170413151753 (3).pdf:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\HP\Downloads\new doc 2017-04-13 15.15.18_20170413151753 (4).pdf:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\HP\Downloads\new doc 2017-04-13 15.15.18_20170413151753 (5).pdf:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\HP\Downloads\new doc 2017-04-13 15.15.18_20170413151753 (6).pdf:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\HP\Downloads\new doc 2017-04-13 15.15.18_20170413151753 (7).pdf:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\HP\Downloads\new doc 2017-04-13 15.15.18_20170413151753.pdf:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\HP\Downloads\New Doc 2017-04-13.pdf:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\HP\Downloads\New Doc 2017-06-05_1.pdf:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\HP\Downloads\New Doc 2017-06-13_1.pdf:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\HP\Downloads\New Doc 2017-06-17.pdf:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\HP\Downloads\New Doc 2017-06-23_1.pdf:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\HP\Downloads\New Doc 94 (1).pdf:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\HP\Downloads\New Doc 94.pdf:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\HP\Downloads\New Document(3) 22-Jun-2016 11-27-01.pdf:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\HP\Downloads\New Document(43) 29-Oct-2015 17-50-58 Page 1 (1).pdf:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\HP\Downloads\New Document(43) 29-Oct-2015 17-50-58 Page 1.pdf:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\HP\Downloads\palus ready reckoner 19-May-2016 16-14-36.pdf:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\HP\Downloads\pankaja munde madam mantri mahody.pdf:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\HP\Downloads\Payment.pdf:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\HP\Downloads\Payment_Advice_DHS16Z164154  Letter.pdf:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\HP\Downloads\Payslip_12_2016.pdf:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\HP\Downloads\Payslip_1_2017.pdf:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\HP\Downloads\Payslip_2_2017 (1).pdf:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\HP\Downloads\Payslip_2_2017.pdf:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\HP\Downloads\Payslip_3_2017 (1).pdf:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\HP\Downloads\Payslip_3_2017 (2).pdf:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\HP\Downloads\Payslip_3_2017.pdf:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\HP\Downloads\Payslip_5_2017.pdf:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\HP\Downloads\Payslip_7_2016.pdf:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\HP\Downloads\Pending Ref 29 June17_0001.pdf:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\HP\Downloads\PHADB (Lane Statement).docx:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\HP\Downloads\PMAY INVITATION.doc:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\HP\Downloads\PMAY INVITATION.pdf:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\HP\Downloads\PMAY Tender Notice.pdf:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\HP\Downloads\PPP - S.no 12B miraj.pptx:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\HP\Downloads\PPT 164 - Revised (1) (1).pptx:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\HP\Downloads\PPT 164 - Revised (1).pptx:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\HP\Downloads\PPT 215 EWS - Revised  (1).pptx:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\HP\Downloads\Pribid  Annexure -I  03 02 2017.doc:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\HP\Downloads\Pribid  Annexure -II  03 02 2017.doc:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\HP\Downloads\Pribid  Annexure -III  03 02 2017.doc:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\HP\Downloads\proformas gov.land in possession.xlsx:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\HP\Downloads\property_details.doc:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\HP\Downloads\Pune Main Findings.doc:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\HP\Downloads\RA BILL 8 For month of May & June 2016.xls:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\HP\Downloads\RA of MS Pipe Railing (1).xls:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\HP\Downloads\RA of MS Pipe Railing.xls:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\HP\Downloads\Rate Analysis 16-17.xlsx:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\HP\Downloads\rbच_22-12-2016_191847_1.pdf:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\HP\Downloads\RDInstallmentReport05-09-2016(1).xls:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\HP\Downloads\RDInstallmentReport10-11-2015.xls:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\HP\Downloads\RDInstallmentReport12-07-2017.xls:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\HP\Downloads\RDInstallmentReport16-10-2016 (1).xls:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\HP\Downloads\RDInstallmentReport16-10-2016.xls:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\HP\Downloads\RDInstallmentReport17-04-2017.xls:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\HP\Downloads\RDInstallmentReport20-08-2016.xls:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\HP\Downloads\RDInstallmentReport20-12-2016 (1).xls:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\HP\Downloads\RDInstallmentReport20-12-2016 (2).xls:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\HP\Downloads\RDInstallmentReport20-12-2016.xls:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\HP\Downloads\RDInstallmentReport23-06-2017 (1).xls:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\HP\Downloads\RDInstallmentReport23-06-2017.xls:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\HP\Downloads\RDInstallmentReport24-05-2017 (1).xls:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\HP\Downloads\RDInstallmentReport24-05-2017 (2).xls:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\HP\Downloads\RDInstallmentReport25-03-2017.xls:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\HP\Downloads\RDInstallmentReport28-04-2016.xls:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\HP\Downloads\RDInstallmentReport29-01-2017 (1).xls:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\HP\Downloads\RDInstallmentReport29-01-2017.xls:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\HP\Downloads\RDInstallmentReport29-12-2016.xls:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\HP\Downloads\Recipt_English_Online.pdf:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\HP\Downloads\resubmitted note.pdf:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\HP\Downloads\resume.doc:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\HP\Downloads\Review Meeting June 2016.xls:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\HP\Downloads\Royalty.xls:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\HP\Downloads\S No 257 TS DSR2013-14.xlsx:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\HP\Downloads\S No 894  TS 26112013.xlsx:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\HP\Downloads\S.No 215  EWS A building Abstract.xls:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\HP\Downloads\S.no.215  EWS A build Measurments.xls:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\HP\Downloads\S.No164 EWS B Building Abstract.xls:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\HP\Downloads\Salary slips 2.pdf:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\HP\Downloads\Salary slips.pdf:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\HP\Downloads\Sale Price calculations.xlsx:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\HP\Downloads\sale prise as per tender (1).xlsx:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\HP\Downloads\sale prise as per tender (2).xlsx:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\HP\Downloads\sale prise as per tender.xlsx:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\HP\Downloads\sale prise proposed_kameri.xlsx.pdf:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\HP\Downloads\sale prise proposed_mhapte mala.xlsx.pdf:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\HP\Downloads\sale prize total.pdf:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\HP\Downloads\Sangli  S.No.252  AA proposal (1).xlsx:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\HP\Downloads\Sangli  S.No.252  AA proposal (2).xlsx:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\HP\Downloads\Sangli  S.No.252  AA proposal.xlsx:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\HP\Downloads\Sangli Mhada  23.8.16 (1).docx:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\HP\Downloads\Sangli Mhada  23.8.16 (2).docx:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\HP\Downloads\Sangli Mhada  23.8.16.docx:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\HP\Downloads\SANGLI SCHEME REPORT.xlsx:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\HP\Downloads\Sangli Tour Programe_ 13 Nov 2013.pdf:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\HP\Downloads\Sangli Work Order.pdf:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\HP\Downloads\Sangli-  S.No. 164 AA proposal final.xlsx:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\HP\Downloads\Sangli-__S.No._164_AA_proposal_final.xlsx:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\HP\Downloads\SCADA ppt Rexaware Solutions.pdf:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\HP\Downloads\scada system.pdf:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\HP\Downloads\Scan0094.pdf:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\HP\Downloads\scan_0001 (1).pdf:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\HP\Downloads\scan_0001.pdf:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\HP\Downloads\Sevak Duties.pdf:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\HP\Downloads\STAPOO000094740420.pdf:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\HP\Downloads\STAPOO000115770420.pdf:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\HP\Downloads\STATE DM LETTERS.docx:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\HP\Downloads\Steel_Quantity.docx:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\HP\Downloads\Suggestions for AH 05 03 16.doc:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\HP\Downloads\summary_dec_2013.doc:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\HP\Downloads\summary_nov_2013.doc:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\HP\Downloads\sump tank miraj (1).pdf:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\HP\Downloads\sump tank miraj.pdf:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\HP\Downloads\T.S. check list (1).xls:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\HP\Downloads\Technical PPT 164 -.pptx:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\HP\Downloads\Technical PPT Sangli S.No.215  - .pptx:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\HP\Downloads\tech_prebid_320843.pdf:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\HP\Downloads\TenderNotice569.pdf:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\HP\Downloads\Tender_acceptance_parishishtha_ (1).doc:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\HP\Downloads\Tender_acceptance_parishishtha_.doc:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\HP\Downloads\Trial Pit Sketch.docx:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\HP\Downloads\ulc meeting minutes.pdf:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\HP\Downloads\V-II (Part 1).docx:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\HP\Downloads\V-II (Part-3).docx:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\HP\Downloads\V-III (Part-1).docx:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\HP\Downloads\v.c..pdf:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\HP\Downloads\VC Agenda 4-2-2017.docx:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\HP\Downloads\VC minuts28-11-2016.docx:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\HP\Downloads\VIJAYDATTA PANDURANG GAIKWAD_23-Jul-2016_289971690 (1).pdf:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\HP\Downloads\VIJAYDATTA PANDURANG GAIKWAD_23-Jul-2016_289971690.pdf:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\HP\Downloads\Vodafone_IBBR5218061225 (1).pdf:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\HP\Downloads\Vodafone_IBBR5218061225.pdf:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\HP\Downloads\vqc.pdf:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\HP\Downloads\Watertank Design.xlsx:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\HP\Downloads\Wordordervvpatil.pdf:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\HP\Downloads\work memo.docx:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\HP\Downloads\~WRL2825.tmp:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\HP\Downloads\खाजगी जागेमधील शासकीय  कार्यालयाची माहीती नमुना.pdf:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\HP\Downloads\जिल्-हाधिकारी कार्यालय सांगली  यांचा नुतन इमारतीचा पत्-ता.pdf:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\HP\Downloads\दौरा कार्यक्रम दि. १-४ ते ५-४-१७ .pdf:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\HP\Downloads\दौरा कार्यक्रम दि. १२-४ ते १४-४ .pdf:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\HP\Downloads\दौरा कार्यक्रम दि. १२-४ ते १४-४-२०१७.pdf:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\HP\Downloads\दौरा कार्यक्रम दि. १७-५ ते १८-५ .pdf:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\HP\Downloads\दौरा कार्यक्रम दि. २१-६-१७.pdf:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\HP\Downloads\दौरा कार्यक्रम दि. २२-६-२०१७.pdf:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\HP\Downloads\बैठकीबाबत.pdf:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\HP\Downloads\मा केंद्रीय राज्-यमंत्री महोदय,समन्-वय अधिकारी दुरुस्-ती आदेश.pdf:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\HP\Downloads\मा मुख्-यमंत्री महोदय यांचा अंशताः बदल झालेला सुधारीत दौरा कार्यक्रम.pdf:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\HP\Downloads\माहिती अधिकार अधिनियम २००५ अतंर्गत मासिक अहवााल मुदतीत  सदर करणेबाबत...pdf:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\HP\Downloads\म्-हाडा आदेश .pdf:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\HP\Downloads\म्-हाडा सांगली सर्वे नं १६४-२ १+२ तह मिरज यांना पत्र .pdf:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\HP\Downloads\योग दिन.pdf:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\HP\Downloads\शासकीय पत्रे .pdf:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\HP\Downloads\२१नागरी सेवा दिन दिनांक २१.pdf:SandBoxSafeFile [0]
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMSwissArmy => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMSwissArmy => ""="Driver"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
HKU\S-1-5-21-1483382352-2176205752-2611233115-1002\Software\Classes\.scr: AutoCADScriptFile => C:\WINDOWS\system32\notepad.exe "%1"
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 18:55 - 2017-07-26 16:45 - 000000347 _____ C:\WINDOWS\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1483382352-2176205752-2611233115-1002\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\HP\HP_Orkney_Stones.jpg
DNS Servers: 8.8.8.8 - 8.8.4.4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{B2215BB3-F41A-4B90-A525-628BD54442A6}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12.exe
FirewallRules: [{B3C47D77-E079-4CC7-8404-602DC34CEFFB}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe
FirewallRules: [{79CFD636-484D-4067-ADE7-6E6A354BDF91}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
FirewallRules: [{BEC5039A-0E3A-4A70-B8A6-5231179034D7}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exe
FirewallRules: [{DD4BFEBB-8545-4BA7-9D22-FDF1C501B43D}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12ML.exe
FirewallRules: [{81CFA800-E4F6-4BE8-AF96-B23767E44B1A}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD.exe
FirewallRules: [{7628778F-5532-415C-A117-F126D2152501}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{44DA89B1-CA7D-4293-B4F2-F4B8BA4843EC}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{80953908-A87C-477E-8ABE-8D0D8F7E0A1E}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{ED5F9A24-21BE-4A9A-A3D9-264F060C29CE}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{B49E239D-FEBB-451C-9844-C968FF19777E}] => (Allow) C:\Program Files\HP\HP LaserJet Pro MFP M127-M128\bin\SendAFax.exe
FirewallRules: [{06302ACE-AB04-4C8E-A3A2-04A7EAAB8A83}] => (Allow) C:\Program Files (x86)\HP\HP LaserJet Pro MFP M127-M128\bin\FaxApplications.exe
FirewallRules: [{CE651925-084A-4CDD-8A7E-9C128E8A229D}] => (Allow) C:\Program Files (x86)\HP\HP LaserJet Pro MFP M127-M128\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{3F921C71-BA50-4690-A16F-2BF1DD43A359}] => (Allow) C:\Program Files (x86)\HP\HP LaserJet Pro MFP M127-M128\bin\EWSProxy.exe
FirewallRules: [{D38C8F8E-ACC7-4FFF-8DAD-3542696FF156}] => (Allow) C:\Program Files\HP\HP LaserJet Pro MFP M127-M128\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{648DD5FC-0FC2-4814-8F33-7C4FC2152325}] => (Allow) C:\Program Files\HP\HP LaserJet Pro MFP M127-M128\bin\FaxPrinterUtility.exe
FirewallRules: [{DCDECCA0-7FE8-4317-96C2-3455B3C3FC9B}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{44E562B7-82F7-49F8-99D8-0520CFE52537}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{809FA116-0B8E-4BA0-A86C-959F2A5C2EA7}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{E921DCD1-124B-4833-82F1-1ABE2917B42B}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [TCP Query User{FEFDA20E-FE3C-4442-8ABE-66ABFDDF3D6E}C:\users\hp\appdata\local\google\chrome\application\chrome.exe] => (Block) C:\users\hp\appdata\local\google\chrome\application\chrome.exe
FirewallRules: [UDP Query User{BEDE770D-2C93-432F-8136-71F72A356337}C:\users\hp\appdata\local\google\chrome\application\chrome.exe] => (Block) C:\users\hp\appdata\local\google\chrome\application\chrome.exe
FirewallRules: [{401F632E-BB3F-4DF3-9637-65E792C0F71C}] => (Allow) %systemroot%\system32\alg.exe
 
==================== Restore Points =========================
 
07-08-2017 13:06:17 Scheduled Checkpoint
16-08-2017 14:18:45 Scheduled Checkpoint
24-08-2017 14:19:23 Scheduled Checkpoint
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (08/26/2017 12:18:53 PM) (Source: Windows Search Service) (EventID: 3083) (User: )
Description: The protocol handler Mapi cannot be loaded. Error description: (HRESULT : 0x800700c1).
 
Error: (08/24/2017 07:17:52 PM) (Source: Windows Search Service) (EventID: 3083) (User: )
Description: The protocol handler Mapi cannot be loaded. Error description: (HRESULT : 0x800700c1).
 
Error: (08/24/2017 05:20:18 PM) (Source: Windows Search Service) (EventID: 3083) (User: )
Description: The protocol handler Mapi cannot be loaded. Error description: (HRESULT : 0x800700c1).
 
Error: (08/24/2017 02:19:24 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
Details:
AddCoreCsiFiles : GetNextFileMapContent() failed.
 
System Error:
The parameter is incorrect.
.
 
Error: (08/24/2017 02:19:23 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
Details:
AddCoreCsiFiles : GetNextFileMapContent() failed.
 
System Error:
The parameter is incorrect.
.
 
Error: (08/23/2017 07:07:22 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: GoogleInputHandler.exe, version: 1.1.4.19, time stamp: 0x583682e5
Faulting module name: GoogleInputHandler.exe, version: 1.1.4.19, time stamp: 0x583682e5
Exception code: 0xc0000005
Fault offset: 0x0005f184
Faulting process id: 0x1034
Faulting application start time: 0x01d31c14f2471bf6
Faulting application path: C:\Program Files (x86)\Google\Google Input Tools\GoogleInputHandler.exe
Faulting module path: C:\Program Files (x86)\Google\Google Input Tools\GoogleInputHandler.exe
Report Id: 30d3c774-8808-11e7-83a3-ace010da98a0
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (08/23/2017 11:42:20 AM) (Source: Windows Search Service) (EventID: 3083) (User: )
Description: The protocol handler Mapi cannot be loaded. Error description: (HRESULT : 0x800700c1).
 
Error: (08/21/2017 03:22:46 PM) (Source: Windows Search Service) (EventID: 3083) (User: )
Description: The protocol handler Mapi cannot be loaded. Error description: (HRESULT : 0x800700c1).
 
Error: (08/21/2017 03:17:27 PM) (Source: Windows Search Service) (EventID: 3083) (User: )
Description: The protocol handler Mapi cannot be loaded. Error description: (HRESULT : 0x800700c1).
 
Error: (08/21/2017 03:14:43 PM) (Source: Windows Search Service) (EventID: 3083) (User: )
Description: The protocol handler Mapi cannot be loaded. Error description: (HRESULT : 0x800700c1).
 
 
System errors:
=============
Error: (08/26/2017 06:31:26 PM) (Source: Ntfs) (EventID: 55) (User: NT AUTHORITY)
Description: A corruption was discovered in the file system structure on volume C:.
 
The exact nature of the corruption is unknown.  The file system structures need to be scanned online.
 
Error: (08/26/2017 06:16:50 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has failed to start.
 
Module Path: C:\WINDOWS\System32\bcmihvsrv64.dll
Error Code: 126
 
Error: (08/26/2017 06:16:44 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 6:11:40 PM on ‎8/‎26/‎2017 was unexpected.
 
Error: (08/26/2017 06:13:02 PM) (Source: DCOM) (EventID: 10005) (User: mhada)
Description: DCOM got error "1084" attempting to start the service dps with arguments "Unavailable" in order to run the server:
{DDCFD26B-FEED-44CD-B71D-79487D2E5E5A}
 
Error: (08/26/2017 06:13:02 PM) (Source: DCOM) (EventID: 10005) (User: mhada)
Description: DCOM got error "1084" attempting to start the service dps with arguments "Unavailable" in order to run the server:
{DDCFD26B-FEED-44CD-B71D-79487D2E5E5A}
 
Error: (08/26/2017 06:13:02 PM) (Source: DCOM) (EventID: 10005) (User: mhada)
Description: DCOM got error "1084" attempting to start the service dps with arguments "Unavailable" in order to run the server:
{DDCFD26B-FEED-44CD-B71D-79487D2E5E5A}
 
Error: (08/26/2017 06:12:53 PM) (Source: DCOM) (EventID: 10005) (User: mhada)
Description: DCOM got error "1084" attempting to start the service dps with arguments "Unavailable" in order to run the server:
{DDCFD26B-FEED-44CD-B71D-79487D2E5E5A}
 
Error: (08/26/2017 02:38:33 PM) (Source: Ntfs) (EventID: 55) (User: NT AUTHORITY)
Description: A corruption was discovered in the file system structure on volume C:.
 
The exact nature of the corruption is unknown.  The file system structures need to be scanned online.
 
Error: (08/26/2017 01:31:40 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The WinHTTP Web Proxy Auto-Discovery Service service depends on the DHCP Client service which failed to start because of the following error: 
The dependency service or group failed to start.
 
Error: (08/26/2017 01:31:40 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The TeamViewer 11 service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: 
A device attached to the system is not functioning.
 
 
CodeIntegrity:
===================================
  Date: 2017-08-26 18:40:25.347
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\ESET\ESET Security\ekrn.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-08-26 18:40:25.241
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\ESET\ESET Security\ekrn.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-08-26 18:39:27.741
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\ESET\ESET Security\ekrn.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-08-26 18:39:27.637
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\ESET\ESET Security\ekrn.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-08-26 18:38:45.906
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\ESET\ESET Security\ekrn.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-08-26 18:38:45.796
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\ESET\ESET Security\ekrn.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-08-26 18:38:27.623
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\ESET\ESET Security\ekrn.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-08-26 18:38:27.473
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\ESET\ESET Security\ekrn.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-08-26 18:38:24.431
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\ESET\ESET Security\ekrn.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-08-26 18:38:24.336
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\ESET\ESET Security\ekrn.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i3-4130T CPU @ 2.90GHz
Percentage of memory in use: 47%
Total physical RAM: 4018.25 MB
Available physical RAM: 2115.64 MB
Total Virtual: 4418.25 MB
Available Virtual: 2531.17 MB
 
==================== Drives ================================
 
Drive c: (Windows) (Fixed) (Total:253.46 GB) (Free:191.8 GB) NTFS
Drive d: (Recovery Image) (Fixed) (Total:10.04 GB) (Free:1.02 GB) NTFS
Drive e: (PRJ_20160226) (CDROM) (Total:1.37 GB) (Free:0 GB) UDF
Drive f: (New Volume) (Fixed) (Total:100.39 GB) (Free:89.82 GB) NTFS
Drive g: (New Volume) (Fixed) (Total:100.39 GB) (Free:74.77 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 80E03B79)
 
Partition: GPT.
 

 



BC AdBot (Login to Remove)

 


#2 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,956 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:51 AM

Posted 26 August 2017 - 07:11 PM

Greetings and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met.
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far.

Do you recognize this?

C:\raju rajput

Please do this.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Right click on the FRST icon and select Run as administrator
  • Highlight the below information then hit the Ctrl + C keys at the same time
Start::
CreateRestorePoint:
CloseProcesses:
HKLM-x32\...\Winlogon: [Userinit] C:\WINDOWS\system32\userinit.exe,userinit.exe,
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
CHR Extension: (Tool for block sites) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgplcdmlpohnnfhmbceobfcjhbfnephd [2016-12-19]
CHR Extension: (Chrome Web Store Payments) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-23]
CHR Extension: (Chrome Media Router) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-08-08]
2016-07-19 12:49 - 2016-07-19 12:49 - 000000000 _____ () C:\Users\HP\AppData\Local\{FC1AC722-5E9E-40D3-89D1-F13BC170A059}
cmd: netsh winsock reset catalog
cmd: netsh int ip reset C:\resettcpip.txt
cmd: netsh advfirewall reset
cmd: netsh advfirewall set allprofiles state ON
cmd: Bitsadmin /Reset /Allusers
cmd: ipconfig /flushdns
Removeproxy:
emptytemp:
End::
  • Click Fix
  • Copy and paste the contents of the Fixlog.txt file in your reply.
===================================================

Malwarebytes AdwCleaner

-------------------
  • Please download AdwCleaner and save it on your desktop.
  • Close all open programs and browsers
  • Double click on AdwCleaner.exe, click Run, then select I agree if it appears
  • Click Scan
  • Once the scan has completed if there are threats found you will see Found 3 threats or something similar above the progress bar
  • Click each tab under Results and uncheck any items you want to keep
  • Click on Clean
  • Confirm the cleaning and rebooting of your computer by clicking OK
  • Click OK twice to finish the removal process by automatically rebooting your computer
  • Once completed an AdwCleaner document will open on your desktop
  • Copy and paste the contents in your reply
=================

Malwarebytes Junkware Removal Tool

-------------------
  • Please download Junkware Removal Tool and save it to your Desktop
  • Right click JRT.exe and select Run as administrator (Windows XP double click the icon)
  • Press any key to start the scan
  • Once completed a JRT.txt document will open on your desktop
  • Copy and paste the contents in your reply
===================================================

Running chkdsk Scan with Report

--------------------
  • Click Start, type cmd, right click on cmd above and select Run as Administrator
  • Note: For Windows 8/10 press the Windows Key + X on your keyboard at the same time then select Command Prompt (Admin)
  • Copy and paste the following after the command prompt and click Enter

cmd /c chkdsk c: |find /v "percent" >> "%userprofile%\desktop\chkdskreport.txt"

  • The black command window will remain empty for a few minutes. When completed you will see the C:\Windows\system32> prompt
  • When completed a chkdskreport.txt document will appear on your desktop
  • Copy and paste the contents of the report on your desktop in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Recognize entry?
  • Fixlog
  • AdwCleaner report
  • Junkware report
  • chkdsk report
  • Update on computer/browser behavior

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#3 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,956 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:51 AM

Posted 30 August 2017 - 09:41 AM

Greetings,

===================================================

Do You Still Need Help?

It has been 3 days since my last post.
  • Do you still need help with this?
  • If you have not replied within 48 hours I will assume you have abandoned the Topic and it will be closed.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,956 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:51 AM

Posted 02 September 2017 - 01:35 PM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users