Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with Worm:JS/Bondat!lnk and Trojan:Script/Cloxer.D!cl


  • This topic is locked This topic is locked
6 replies to this topic

#1 hennadhawan

hennadhawan

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:02:41 AM

Posted 07 April 2018 - 09:18 AM

Hello!

 

I have Microsoft Security Essentials on my system. Time and again my anti-virus prompts for detection of Worm:JS/Bondat!lnk and Trojan:Script/Cloxer.D!cl and then shows that these are eliminated.

 

My system and internet has slowed down immensely and hangs a lot. 

 

It will be great to receive some support from this forum before I finally give up and get the system formatted.

 

Looking forward to some help.

 

Best!

Henna



BC AdBot (Login to Remove)

 


#2 hennadhawan

hennadhawan
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:02:41 AM

Posted 07 April 2018 - 11:47 AM

FRST.txt logs

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 14.03.2018
Ran by Henna (administrator) on HENNA-PC (07-04-2018 22:00:00)
Running from C:\Users\Henna\Downloads
Loaded Profiles: Henna (Available Profiles: Henna)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Fitbit, Inc.) C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe
() C:\ProgramData\DatacardService\HWDeviceService64.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Windows\SysWOW64\irstrtsv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\NAT.exe
() C:\ProgramData\Photon Max\Huawei\EC306-1\OnlineUpdate\ouc.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\TecoService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\AppVShNotify.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\Toshiba\ConfigFree\CFIWmxSvcs64.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\Toshiba\ConfigFree\CFSvcs.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\NAT.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wscript.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(SRS Labs, Inc.) C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe
() C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TBatmgrTrayicon.exe
(TOSHIBA) C:\Program Files\TOSHIBA\Fingerprint Utility\BrowserAddin\TFPUPWDBank.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\Teco.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\PeakShift\TPSCMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Sony) C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe
() C:\Program Files\TOSHIBA\FlashCards\Hotkey\TCrdKBB.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
() C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe
(Fitbit, Inc.) C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe
(Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(TOSHIBA Corporation) C:\Program Files (x86)\Toshiba\Sync Utility\TosSyncScheduler.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Open Text Corporation) C:\Program Files (x86)\OpenText\Office Editor\OTEditTray.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosLeSrvUseMng.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosLeBtMng.exe
(Apple, Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\secd.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosLeSrvProvider.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtAvAC.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(TOSHIBA Corporation) C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosSkypeApl.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PrivacyIconClient.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\UI0Detect.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\ismagent.exe
() C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\updateui.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\outlook.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\TecoHook.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
() C:\Program Files (x86)\VideoLAN\VLC\vlc.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [] => [X]
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12452968 2012-03-14] (Realtek Semiconductor)
HKLM\...\Run: [SRS Premium Sound 3D] => C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe [2165120 2012-03-22] (SRS Labs, Inc.)
HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [595840 2012-03-03] ()
HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [989056 2012-03-17] (TOSHIBA Corporation)
HKLM\...\Run: [BatteryManager] => C:\Program Files\TOSHIBA\Power Saver\TBatmgrTrayIcon.EXE [286632 2011-11-25] (TOSHIBA Corporation)
HKLM\...\Run: [TFPUPWDBankService] => C:\Program Files\TOSHIBA\Fingerprint Utility\BrowserAddin\TFPUPWDBank.exe [976256 2012-03-16] (TOSHIBA)
HKLM\...\Run: [TFPUService] => C:\Program Files\TOSHIBA\Fingerprint Utility\TFPUTaskMonitor.exe [896384 2012-03-16] (TOSHIBA)
HKLM\...\Run: [Teco] => C:\Program Files\TOSHIBA\TECO\Teco.exe [1562032 2012-02-29] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [712096 2011-12-15] (TOSHIBA Corporation)
HKLM\...\Run: [TPSCMain] => C:\Program Files\TOSHIBA\PeakShift\TPSCMain.exe [745912 2012-02-11] (TOSHIBA Corporation)
HKLM\...\Run: [TosSENotify] => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [710560 2012-04-12] (TOSHIBA Corporation)
HKLM\...\Run: [TosVolRegulator] => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-12] (TOSHIBA Corporation)
HKLM\...\Run: [TosNC] => C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe [598448 2012-04-04] (TOSHIBA Corporation)
HKLM\...\Run: [TosReelTimeMonitor] => C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [38824 2012-04-05] (TOSHIBA Corporation)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3049200 2013-03-15] (Synaptics Incorporated)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1353680 2016-11-14] (Microsoft Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [297272 2017-12-11] (Apple Inc.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe [133400 2012-02-29] (Intel Corporation)
HKLM-x32\...\Run: [ITSecMng] => C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe [80840 2011-04-02] (TOSHIBA CORPORATION)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-02-27] (Intel Corporation)
HKLM-x32\...\Run: [TOSDCR] => C:\Program Files (x86)\TOSHIBA\PasswordUtility\TOSDCR.exe [169296 2007-08-28] ()
HKLM-x32\...\Run: [TSleepSrv] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe [253312 2011-11-22] (TOSHIBA)
HKLM-x32\...\Run: [TSUScheduler] => C:\Program Files (x86)\TOSHIBA\Sync Utility\TosSyncScheduler.exe [923520 2011-08-19] (TOSHIBA Corporation)
HKLM-x32\...\Run: [Andy] => C:\Program Files\Andy\HandyAndy.exe
HKLM-x32\...\Run: [OpenText Office Editor] => C:\Program Files (x86)\OpenText\Office Editor\OTEditTray.exe [1629184 2014-11-27] (Open Text Corporation)
HKLM-x32\...\Run: [Fitbit Connect] => C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe [7285920 2017-10-06] (Fitbit, Inc.)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3556545472-3032083503-3214586581-1000\...\Run: [Sony PC Companion] => C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe [457088 2015-09-23] (Sony)
HKU\S-1-5-21-3556545472-3032083503-3214586581-1000\...\Run: [Facebook Update] => C:\Users\Henna\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2014-03-12] (Facebook Inc.)
HKU\S-1-5-21-3556545472-3032083503-3214586581-1000\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [110392 2017-12-08] (Apple Inc.)
HKU\S-1-5-21-3556545472-3032083503-3214586581-1000\...\Run: [iCloudPhotos] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe [356664 2017-12-08] (Apple Inc.)
HKU\S-1-5-21-3556545472-3032083503-3214586581-1000\...\Run: [Office Timeline Performance Helper] => C:\Program Files (x86)\Office Timeline\Current\OfficeTimelineStartup.exe [15432 2017-06-12] (OfficeTimeline LLC)
HKU\S-1-5-21-3556545472-3032083503-3214586581-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2017-12-08] (Apple Inc.)
HKU\S-1-5-21-3556545472-3032083503-3214586581-1000\...\Run: [Fitbit Connect] => C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe [7285920 2017-10-06] (Fitbit, Inc.)
HKU\S-1-5-21-3556545472-3032083503-3214586581-1000\...\MountPoints2: E - E:\Windows/AutoRun.exe
HKU\S-1-5-21-3556545472-3032083503-3214586581-1000\...\MountPoints2: {10ba9e3f-85cc-11e5-93f7-b4b676e90dee} - D:\AutoRun.exe
HKU\S-1-5-21-3556545472-3032083503-3214586581-1000\...\MountPoints2: {10ba9e69-85cc-11e5-93f7-b4b676e90dee} - D:\AutoRun.exe
HKU\S-1-5-21-3556545472-3032083503-3214586581-1000\...\MountPoints2: {2f32eb80-b0e6-11e3-a128-b86b23c9521e} - E:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-3556545472-3032083503-3214586581-1000\...\MountPoints2: {3cfbddee-6f9b-11e3-aef6-b86b23c9521e} - F:\Windows/AutoRun.exe
HKU\S-1-5-21-3556545472-3032083503-3214586581-1000\...\MountPoints2: {739d1905-84b1-11e3-a74b-b4b676e90dea} - D:\AutoRun.exe
HKU\S-1-5-21-3556545472-3032083503-3214586581-1000\...\MountPoints2: {781b12c3-73d3-11e5-b9fc-b86b2323f973} - D:\AutoRun.exe
HKU\S-1-5-21-3556545472-3032083503-3214586581-1000\...\MountPoints2: {781b12e2-73d3-11e5-b9fc-b86b2323f973} - D:\AutoRun.exe
HKU\S-1-5-21-3556545472-3032083503-3214586581-1000\...\MountPoints2: {781b1d97-73d3-11e5-b9fc-b86b2323f973} - F:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-3556545472-3032083503-3214586581-1000\...\MountPoints2: {781b2215-73d3-11e5-b9fc-b86b2323f973} - D:\Startme.exe
HKU\S-1-5-21-3556545472-3032083503-3214586581-1000\...\MountPoints2: {874bcdf6-a6c6-11e6-ac2a-b4b676e90dee} - D:\AutoRun.exe
HKU\S-1-5-21-3556545472-3032083503-3214586581-1000\...\MountPoints2: {910616d8-9bcb-11e3-9b72-b86b23c9521e} - D:\Startme.exe
HKU\S-1-5-21-3556545472-3032083503-3214586581-1000\...\MountPoints2: {96894ecc-1c78-11e4-81f5-b86b23c9521e} - D:\AutoRun.exe
HKU\S-1-5-21-3556545472-3032083503-3214586581-1000\...\MountPoints2: {c79508ae-a797-11e5-97a6-b4b676e90dee} - D:\AutoRun.exe
HKU\S-1-5-21-3556545472-3032083503-3214586581-1000\...\MountPoints2: {de4d5505-84af-11e3-bf0b-b4b676e90dea} - D:\AutoRun.exe
HKU\S-1-5-21-3556545472-3032083503-3214586581-1000\...\MountPoints2: {f06222c9-725d-11e5-8dd4-b86b2323f973} - D:\AutoRun.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth Manager.lnk [2017-03-14]
ShortcutTarget: Bluetooth Manager.lnk -> C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.)
GroupPolicy: Restriction - Chrome <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{75F1F4AC-FF08-4828-9ACA-049370F10B8A}: [DhcpNameServer] 192.168.20.20
Tcpip\..\Interfaces\{A4BA41E0-D1EB-4670-96BB-18EF3BC73B4D}: [DhcpNameServer] 172.20.10.1
Tcpip\..\Interfaces\{C0F042A9-D296-445C-8977-B6DCA0F45408}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{FA2D4A80-2D7A-4D21-B214-88F5121CD2C6}: [DhcpNameServer] 192.168.42.129
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617911&ResetID=130913455866414640&GUID=38D73C86-D3DB-4DAA-99B1-C08D083DF68F
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617911&ResetID=130913455866504646&GUID=38D73C86-D3DB-4DAA-99B1-C08D083DF68F
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKLM-x32 -> DefaultScope value is missing
SearchScopes: HKU\S-1-5-21-3556545472-3032083503-3214586581-1000 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = 
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2018-02-13] (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL [2017-12-12] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2018-02-13] (Microsoft Corporation)
BHO-x32: TOSHIBA Fingerprint Utility Automatic Password Input -> {030AC7B6-E7EC-40F1-8FB2-C0FD344DE0B9} -> C:\Program Files\TOSHIBA\Fingerprint Utility\BrowserAddin\TFPUPWDBankBHO.dll [2012-03-16] (TOSHIBA)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\ssv.dll [2015-03-05] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL [2017-12-12] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\jp2ssv.dll [2015-03-05] (Oracle Corporation)
Toolbar: HKLM - avast! WebRep - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
Handler-x32: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\BelarcAdvisor\System\BAVoilaX.dll [2013-04-16] (Belarc, Inc.)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2017-07-18] (Microsoft Corporation)
 
FireFox:
========
FF ProfilePath: C:\Users\Henna\AppData\Roaming\Mozilla\Firefox\Profiles\anodhvp4.default [2018-04-07]
FF Homepage: Mozilla\Firefox\Profiles\anodhvp4.default -> hxxps://www.malwarebytes.org/restorebrowser//?type=hp&ts=1446387028&z=4985e21242e7dedf699c25bgdzezcq7c5b0m9efofb&from=amt&uid=toshibaxthnsnf256gmcs_736s10mbts0y10mbts0y
FF Extension: (Password Exporter) - C:\Users\Henna\AppData\Roaming\Mozilla\Firefox\Profiles\anodhvp4.default\Extensions\{B17C1C5A-04B1-11DB-9804-B622A1EF5492}.xpi [2017-07-05] [Legacy]
FF Extension: (TLS 1.3 gradual roll-out fallback-limit) - C:\Users\Henna\AppData\Roaming\Mozilla\Firefox\Profiles\anodhvp4.default\features\{1cc78226-55cd-479e-9df7-5a36f5cd73b6}\tls13-version-fallback-rollout-bug1448176@mozilla.org.xpi [2018-04-04] [Legacy]
FF HKLM-x32\...\Firefox\Extensions: [{302BCF7B-E09E-4854-9F2F-8B2DA4EF70F9}] - C:\Program Files\TOSHIBA\Fingerprint Utility\BrowserAddin\FirefoxAddin
FF Extension: (TOSHIBA Fingerprint Utility Automatic Password Input) - C:\Program Files\TOSHIBA\Fingerprint Utility\BrowserAddin\FirefoxAddin [2013-10-12] [Legacy] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_29_0_0_113.dll [2018-03-13] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_29_0_0_113.dll [2018-03-13] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-10-13] (Google, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-01-07] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-01-07] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-03-05] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\new_plugin\npjp2.dll [No File]
FF Plugin-x32: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-03-05] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-02-22] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3522.0110 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-01-10] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-15] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-15] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2012-03-17] (VideoLAN)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2010-12-08] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-02-12] (Adobe Systems Inc.)
FF Plugin-x32: npotfastedit1030@opentext.com -> C:\Program Files (x86)\OpenText\Office Editor\npotfastedit.dll [2014-11-27] (Open Text Inc.)
FF Plugin HKU\S-1-5-21-3556545472-3032083503-3214586581-1000: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Henna\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited)
FF Plugin HKU\S-1-5-21-3556545472-3032083503-3214586581-1000: @zoom.us/ZoomVideoPlugin -> C:\Users\Henna\AppData\Roaming\Zoom\bin\npzoomplugin.dll [2018-03-06] (Zoom Video Communications, Inc.)
FF Plugin HKU\S-1-5-21-3556545472-3032083503-3214586581-1000: LWAPlugin15.8 -> C:\Users\Henna\AppData\Roaming\Mozilla\Plugins\npLWAPlugin15.8.dll [2013-03-13] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Users\Henna\AppData\Roaming\mozilla\plugins\npLWAPlugin15.8.dll [2013-03-13] (Microsoft Corporation)
 
Chrome: 
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp://home.sweetim.com/?barid={3382F38A-CD68-11E0-B341-00231828E7FB}
CHR StartupUrls: Default -> "hxxps://www.google.co.in/_/chrome/newtab","hxxp://www.oursurfing.com/?type=hp&ts=1446387028&z=4985e21242e7dedf699c25bgdzezcq7c5b0m9efofb&from=amt&uid=toshibaxthnsnf256gmcs_736s10mbts0y10mbts0y"
CHR NewTab: Default ->  Not-active:"chrome-extension://klicfmpioocaighkipjohjaeifjkpebc/newtab.html"
CHR Session Restore: Default -> is enabled.
CHR Profile: C:\Users\Henna\AppData\Local\Google\Chrome\User Data\Default [2018-04-07]
CHR Extension: (ixigo inspire) - C:\Users\Henna\AppData\Local\Google\Chrome\User Data\Default\Extensions\adpjkecnjfmgneijfljandenedleocdo [2018-03-23]
CHR Extension: (Adobe Acrobat) - C:\Users\Henna\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-03-07]
CHR Extension: (AdBlock) - C:\Users\Henna\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2018-04-01]
CHR Extension: (TOSHIBA Fingerprint Utility Automatic Password Input) - C:\Users\Henna\AppData\Local\Google\Chrome\User Data\Default\Extensions\iniieblifogecdlkejbmonblijmdaiog [2016-04-26]
CHR Extension: (MySmartPrice) - C:\Users\Henna\AppData\Local\Google\Chrome\User Data\Default\Extensions\klicfmpioocaighkipjohjaeifjkpebc [2017-11-08]
CHR Extension: (Google Hangouts) - C:\Users\Henna\AppData\Local\Google\Chrome\User Data\Default\Extensions\nckgahadagoaajjgafhacjanaoiihapd [2018-03-11]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Henna\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-03]
CHR Extension: (AdBlocker Ultimate) - C:\Users\Henna\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohahllgiabjaoigichmmfljhkcfikeof [2017-07-22]
CHR Extension: (Chrome Media Router) - C:\Users\Henna\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-04-01]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [iniieblifogecdlkejbmonblijmdaiog] - C:\Program Files\TOSHIBA\Fingerprint Utility\BrowserAddin\ChromeAddin\ChromeAddin.crx [2012-03-16]
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2017-11-27] (Apple Inc.)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [3058392 2017-12-12] (Microsoft Corporation)
R2 Fitbit Connect; C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe [6106112 2017-10-06] (Fitbit, Inc.) [File not signed]
R2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [346976 2011-03-14] ()
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [128280 2012-02-29] ()
R2 irstrtsv; C:\windows\SysWOW64\irstrtsv.exe [192856 2012-02-25] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [161560 2012-02-29] (Intel Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [119864 2016-11-14] (Microsoft Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273168 2012-02-26] ()
R2 NAT; C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\NAT.exe [232424 2013-10-12] (Symantec Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [361816 2016-11-14] (Microsoft Corporation)
S2 Photon Max. RunOuc; C:\Program Files (x86)\Photon Max\Huawei\EC306-1\UpdateDog\ouc.exe [650752 2015-11-08] () [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2669840 2012-02-26] (Intel® Corporation)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 ccSet_NAT; C:\windows\system32\drivers\NATx64\010A000.009\ccSetx64.sys [150104 2013-07-29] (Symantec Corporation)
R3 irstrtdv; C:\windows\System32\DRIVERS\irstrtdv.sys [26504 2012-02-23] (Intel Corporation)
R0 MpFilter; C:\windows\System32\DRIVERS\MpFilter.sys [295000 2016-08-25] (Microsoft Corporation)
R1 MpKslf0d86eaf; c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{E219FED2-DAA8-4213-B5A9-6E2CB5A2BB8C}\MpKslf0d86eaf.sys [58120 2018-04-07] (Microsoft Corporation)
R3 NisDrv; C:\windows\System32\DRIVERS\NisDrvWFP.sys [135928 2016-08-25] (Microsoft Corporation)
R3 OTFastEdit; C:\windows\System32\DRIVERS\otfasted.sys [25368 2014-11-27] (Windows ® Win 7 DDK provider)
S3 hwusb_cdcacm; system32\DRIVERS\ew_cdcacm.sys [X]
S3 hwusb_wwanecm; system32\DRIVERS\ew_wwanecm.sys [X]
S3 massfilter; system32\drivers\massfilter.sys [X]
S3 MBAMSwissArmy; \??\C:\windows\system32\drivers\MBAMSwissArmy.sys [X]
S3 ZTEusbmdm6k; system32\DRIVERS\ZTEusbmdm6k.sys [X]
S3 ZTEusbnmea; system32\DRIVERS\ZTEusbnmea.sys [X]
S3 ZTEusbser6k; system32\DRIVERS\ZTEusbser6k.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-04-07 21:57 - 2018-04-07 21:59 - 002403328 _____ (Farbar) C:\Users\Henna\Downloads\FRST64.exe
2018-04-06 19:05 - 2018-04-06 19:05 - 002418688 _____ C:\Users\Henna\Desktop\Ambala Pilot.ppt
2018-04-06 17:42 - 2018-04-06 19:04 - 002947584 _____ C:\Users\Henna\Desktop\Timelines.ppt
2018-04-05 15:16 - 2018-04-06 17:42 - 008927232 _____ C:\Users\Henna\Desktop\AB-NHPM_PMO meeting 7th April.ppt
2018-03-31 03:27 - 2018-03-28 14:01 - 005583040 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2018-03-31 03:27 - 2018-03-28 13:39 - 004046016 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntkrnlpa.exe
2018-03-31 03:27 - 2018-03-28 13:39 - 004026048 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntoskrnl.exe
2018-03-14 03:57 - 2018-02-16 21:21 - 000092160 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2018-03-14 03:57 - 2018-02-15 20:45 - 003241472 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2018-03-14 03:57 - 2018-02-15 20:27 - 002767872 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2018-03-14 03:57 - 2018-02-10 23:25 - 000004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2018-03-14 03:57 - 2018-02-10 23:10 - 000417280 _____ (Microsoft Corporation) C:\windows\system32\html.iec
2018-03-14 03:57 - 2018-02-10 23:10 - 000048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2018-03-14 03:57 - 2018-02-10 23:07 - 005779968 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2018-03-14 03:57 - 2018-02-10 23:02 - 000054784 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2018-03-14 03:57 - 2018-02-10 22:59 - 000615936 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2018-03-14 03:57 - 2018-02-10 22:58 - 000116224 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2018-03-14 03:57 - 2018-02-10 22:57 - 000814080 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2018-03-14 03:57 - 2018-02-10 22:50 - 000969216 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2018-03-14 03:57 - 2018-02-10 22:40 - 000499712 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2018-03-14 03:57 - 2018-02-10 22:40 - 000077824 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2018-03-14 03:57 - 2018-02-10 22:39 - 000341504 _____ (Microsoft Corporation) C:\windows\SysWOW64\html.iec
2018-03-14 03:57 - 2018-02-10 22:33 - 000047104 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2018-03-14 03:57 - 2018-02-10 22:31 - 000476160 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2018-03-14 03:57 - 2018-02-10 22:30 - 000661504 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2018-03-14 03:57 - 2018-02-10 22:30 - 000620032 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2018-03-14 03:57 - 2018-02-10 22:17 - 001359360 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2018-03-14 03:57 - 2018-02-10 22:10 - 004496384 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2018-03-14 03:57 - 2018-02-10 22:03 - 001155072 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2018-03-14 03:56 - 2018-03-09 09:09 - 000708288 _____ (Microsoft Corporation) C:\windows\system32\winload.efi
2018-03-14 03:56 - 2018-03-09 09:09 - 000262336 _____ (Microsoft Corporation) C:\windows\system32\hal.dll
2018-03-14 03:56 - 2018-03-09 09:09 - 000154816 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2018-03-14 03:56 - 2018-03-09 09:09 - 000095424 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys
2018-03-14 03:56 - 2018-03-09 08:48 - 000631640 _____ (Microsoft Corporation) C:\windows\system32\winresume.efi
2018-03-14 03:56 - 2018-03-09 08:39 - 001665336 _____ (Microsoft Corporation) C:\windows\system32\ntdll.dll
2018-03-14 03:56 - 2018-03-09 08:36 - 001461248 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2018-03-14 03:56 - 2018-03-09 08:36 - 001212928 _____ (Microsoft Corporation) C:\windows\system32\rpcrt4.dll
2018-03-14 03:56 - 2018-03-09 08:36 - 001163264 _____ (Microsoft Corporation) C:\windows\system32\kernel32.dll
2018-03-14 03:56 - 2018-03-09 08:36 - 000880640 _____ (Microsoft Corporation) C:\windows\system32\advapi32.dll
2018-03-14 03:56 - 2018-03-09 08:36 - 000731648 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2018-03-14 03:56 - 2018-03-09 08:36 - 000690688 _____ (Microsoft Corporation) C:\windows\system32\adtschema.dll
2018-03-14 03:56 - 2018-03-09 08:36 - 000503808 _____ (Microsoft Corporation) C:\windows\system32\srcore.dll
2018-03-14 03:56 - 2018-03-09 08:36 - 000463872 _____ (Microsoft Corporation) C:\windows\system32\certcli.dll
2018-03-14 03:56 - 2018-03-09 08:36 - 000419840 _____ (Microsoft Corporation) C:\windows\system32\KernelBase.dll
2018-03-14 03:56 - 2018-03-09 08:36 - 000361984 _____ (Microsoft Corporation) C:\windows\system32\wow64win.dll
2018-03-14 03:56 - 2018-03-09 08:36 - 000345600 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2018-03-14 03:56 - 2018-03-09 08:36 - 000316928 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2018-03-14 03:56 - 2018-03-09 08:36 - 000312320 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
2018-03-14 03:56 - 2018-03-09 08:36 - 000243712 _____ (Microsoft Corporation) C:\windows\system32\wow64.dll
2018-03-14 03:56 - 2018-03-09 08:36 - 000215552 _____ (Microsoft Corporation) C:\windows\system32\winsrv.dll
2018-03-14 03:56 - 2018-03-09 08:36 - 000210432 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
2018-03-14 03:56 - 2018-03-09 08:36 - 000190464 _____ (Microsoft Corporation) C:\windows\system32\rpchttp.dll
2018-03-14 03:56 - 2018-03-09 08:36 - 000146432 _____ (Microsoft Corporation) C:\windows\system32\msaudite.dll
2018-03-14 03:56 - 2018-03-09 08:36 - 000135680 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll
2018-03-14 03:56 - 2018-03-09 08:36 - 000123904 _____ (Microsoft Corporation) C:\windows\system32\bcrypt.dll
2018-03-14 03:56 - 2018-03-09 08:36 - 000094720 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2018-03-14 03:56 - 2018-03-09 08:36 - 000063488 _____ (Microsoft Corporation) C:\windows\system32\setbcdlocale.dll
2018-03-14 03:56 - 2018-03-09 08:36 - 000060416 _____ (Microsoft Corporation) C:\windows\system32\msobjs.dll
2018-03-14 03:56 - 2018-03-09 08:36 - 000059904 _____ (Microsoft Corporation) C:\windows\system32\appidapi.dll
2018-03-14 03:56 - 2018-03-09 08:36 - 000050176 _____ (Microsoft Corporation) C:\windows\system32\srclient.dll
2018-03-14 03:56 - 2018-03-09 08:36 - 000044032 _____ (Microsoft Corporation) C:\windows\system32\csrsrv.dll
2018-03-14 03:56 - 2018-03-09 08:36 - 000043520 _____ (Microsoft Corporation) C:\windows\system32\cryptbase.dll
2018-03-14 03:56 - 2018-03-09 08:36 - 000034816 _____ (Microsoft Corporation) C:\windows\system32\appidsvc.dll
2018-03-14 03:56 - 2018-03-09 08:36 - 000028672 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll
2018-03-14 03:56 - 2018-03-09 08:36 - 000028160 _____ (Microsoft Corporation) C:\windows\system32\secur32.dll
2018-03-14 03:56 - 2018-03-09 08:36 - 000022016 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2018-03-14 03:56 - 2018-03-09 08:36 - 000016384 _____ (Microsoft Corporation) C:\windows\system32\ntvdm64.dll
2018-03-14 03:56 - 2018-03-09 08:36 - 000013312 _____ (Microsoft Corporation) C:\windows\system32\wow64cpu.dll
2018-03-14 03:56 - 2018-03-09 08:36 - 000007168 _____ (Microsoft Corporation) C:\windows\system32\apisetschema.dll
2018-03-14 03:56 - 2018-03-09 08:36 - 000006144 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2018-03-14 03:56 - 2018-03-09 08:36 - 000005120 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2018-03-14 03:56 - 2018-03-09 08:36 - 000004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2018-03-14 03:56 - 2018-03-09 08:36 - 000004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2018-03-14 03:56 - 2018-03-09 08:36 - 000004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2018-03-14 03:56 - 2018-03-09 08:36 - 000004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2018-03-14 03:56 - 2018-03-09 08:36 - 000004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2018-03-14 03:56 - 2018-03-09 08:36 - 000004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2018-03-14 03:56 - 2018-03-09 08:36 - 000003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2018-03-14 03:56 - 2018-03-09 08:36 - 000003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2018-03-14 03:56 - 2018-03-09 08:36 - 000003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2018-03-14 03:56 - 2018-03-09 08:36 - 000003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2018-03-14 03:56 - 2018-03-09 08:36 - 000003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2018-03-14 03:56 - 2018-03-09 08:36 - 000003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2018-03-14 03:56 - 2018-03-09 08:36 - 000003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2018-03-14 03:56 - 2018-03-09 08:36 - 000003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2018-03-14 03:56 - 2018-03-09 08:36 - 000003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2018-03-14 03:56 - 2018-03-09 08:36 - 000003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2018-03-14 03:56 - 2018-03-09 08:36 - 000003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2018-03-14 03:56 - 2018-03-09 08:36 - 000003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2018-03-14 03:56 - 2018-03-09 08:36 - 000003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2018-03-14 03:56 - 2018-03-09 08:36 - 000003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2018-03-14 03:56 - 2018-03-09 08:36 - 000003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2018-03-14 03:56 - 2018-03-09 08:36 - 000003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2018-03-14 03:56 - 2018-03-09 08:36 - 000003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2018-03-14 03:56 - 2018-03-09 08:36 - 000003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2018-03-14 03:56 - 2018-03-09 08:36 - 000003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2018-03-14 03:56 - 2018-03-09 08:36 - 000003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2018-03-14 03:56 - 2018-03-09 08:17 - 001314064 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntdll.dll
2018-03-14 03:56 - 2018-03-09 08:13 - 001114112 _____ (Microsoft Corporation) C:\windows\SysWOW64\kernel32.dll
2018-03-14 03:56 - 2018-03-09 08:13 - 000690688 _____ (Microsoft Corporation) C:\windows\SysWOW64\adtschema.dll
2018-03-14 03:56 - 2018-03-09 08:13 - 000666112 _____ (Microsoft Corporation) C:\windows\SysWOW64\rpcrt4.dll
2018-03-14 03:56 - 2018-03-09 08:13 - 000644096 _____ (Microsoft Corporation) C:\windows\SysWOW64\advapi32.dll
2018-03-14 03:56 - 2018-03-09 08:13 - 000554496 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2018-03-14 03:56 - 2018-03-09 08:13 - 000342528 _____ (Microsoft Corporation) C:\windows\SysWOW64\certcli.dll
2018-03-14 03:56 - 2018-03-09 08:13 - 000275456 _____ (Microsoft Corporation) C:\windows\SysWOW64\KernelBase.dll
2018-03-14 03:56 - 2018-03-09 08:13 - 000261120 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll
2018-03-14 03:56 - 2018-03-09 08:13 - 000254464 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2018-03-14 03:56 - 2018-03-09 08:13 - 000223232 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncrypt.dll
2018-03-14 03:56 - 2018-03-09 08:13 - 000172032 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdigest.dll
2018-03-14 03:56 - 2018-03-09 08:13 - 000146432 _____ (Microsoft Corporation) C:\windows\SysWOW64\msaudite.dll
2018-03-14 03:56 - 2018-03-09 08:13 - 000141312 _____ (Microsoft Corporation) C:\windows\SysWOW64\rpchttp.dll
2018-03-14 03:56 - 2018-03-09 08:13 - 000096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll
2018-03-14 03:56 - 2018-03-09 08:13 - 000082944 _____ (Microsoft Corporation) C:\windows\SysWOW64\bcrypt.dll
2018-03-14 03:56 - 2018-03-09 08:13 - 000070144 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll
2018-03-14 03:56 - 2018-03-09 08:13 - 000060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\msobjs.dll
2018-03-14 03:56 - 2018-03-09 08:13 - 000050688 _____ (Microsoft Corporation) C:\windows\SysWOW64\appidapi.dll
2018-03-14 03:56 - 2018-03-09 08:13 - 000043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\srclient.dll
2018-03-14 03:56 - 2018-03-09 08:13 - 000022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll
2018-03-14 03:56 - 2018-03-09 08:13 - 000017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll
2018-03-14 03:56 - 2018-03-09 08:13 - 000007168 _____ (Microsoft Corporation) C:\windows\SysWOW64\apisetschema.dll
2018-03-14 03:56 - 2018-03-09 08:13 - 000005120 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2018-03-14 03:56 - 2018-03-09 08:13 - 000005120 _____ (Microsoft Corporation) C:\windows\SysWOW64\wow32.dll
2018-03-14 03:56 - 2018-03-09 08:13 - 000004608 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2018-03-14 03:56 - 2018-03-09 08:13 - 000004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2018-03-14 03:56 - 2018-03-09 08:13 - 000004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2018-03-14 03:56 - 2018-03-09 08:13 - 000004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2018-03-14 03:56 - 2018-03-09 08:13 - 000004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2018-03-14 03:56 - 2018-03-09 08:13 - 000004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2018-03-14 03:56 - 2018-03-09 08:13 - 000003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2018-03-14 03:56 - 2018-03-09 08:13 - 000003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2018-03-14 03:56 - 2018-03-09 08:13 - 000003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2018-03-14 03:56 - 2018-03-09 08:13 - 000003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2018-03-14 03:56 - 2018-03-09 08:13 - 000003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2018-03-14 03:56 - 2018-03-09 08:13 - 000003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2018-03-14 03:56 - 2018-03-09 08:13 - 000003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2018-03-14 03:56 - 2018-03-09 08:13 - 000003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2018-03-14 03:56 - 2018-03-09 08:13 - 000003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2018-03-14 03:56 - 2018-03-09 08:13 - 000003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2018-03-14 03:56 - 2018-03-09 08:13 - 000003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2018-03-14 03:56 - 2018-03-09 08:13 - 000003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2018-03-14 03:56 - 2018-03-09 08:13 - 000003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2018-03-14 03:56 - 2018-03-09 08:13 - 000003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2018-03-14 03:56 - 2018-03-09 08:13 - 000003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2018-03-14 03:56 - 2018-03-09 08:13 - 000003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2018-03-14 03:56 - 2018-03-09 08:13 - 000003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2018-03-14 03:56 - 2018-03-09 08:08 - 000148480 _____ (Microsoft Corporation) C:\windows\system32\appidpolicyconverter.exe
2018-03-14 03:56 - 2018-03-09 08:08 - 000062464 _____ (Microsoft Corporation) C:\windows\system32\Drivers\appid.sys
2018-03-14 03:56 - 2018-03-09 08:08 - 000017920 _____ (Microsoft Corporation) C:\windows\system32\appidcertstorecheck.exe
2018-03-14 03:56 - 2018-03-09 08:07 - 000064512 _____ (Microsoft Corporation) C:\windows\system32\auditpol.exe
2018-03-14 03:56 - 2018-03-09 08:04 - 000338432 _____ (Microsoft Corporation) C:\windows\system32\conhost.exe
2018-03-14 03:56 - 2018-03-09 08:04 - 000129536 _____ (Microsoft Corporation) C:\windows\system32\Drivers\videoprt.sys
2018-03-14 03:56 - 2018-03-09 08:03 - 000296960 _____ (Microsoft Corporation) C:\windows\system32\rstrui.exe
2018-03-14 03:56 - 2018-03-09 08:01 - 000160256 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb.sys
2018-03-14 03:56 - 2018-03-09 08:00 - 000291328 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb10.sys
2018-03-14 03:56 - 2018-03-09 08:00 - 000129536 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb20.sys
2018-03-14 03:56 - 2018-03-09 07:59 - 000112640 _____ (Microsoft Corporation) C:\windows\system32\smss.exe
2018-03-14 03:56 - 2018-03-09 07:59 - 000030720 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe
2018-03-14 03:56 - 2018-03-09 07:56 - 000050688 _____ (Microsoft Corporation) C:\windows\SysWOW64\auditpol.exe
2018-03-14 03:56 - 2018-03-09 07:52 - 000036352 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptbase.dll
2018-03-14 03:56 - 2018-03-09 07:52 - 000025600 _____ (Microsoft Corporation) C:\windows\SysWOW64\setup16.exe
2018-03-14 03:56 - 2018-03-09 07:52 - 000014336 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntvdm64.dll
2018-03-14 03:56 - 2018-03-09 07:52 - 000007680 _____ (Microsoft Corporation) C:\windows\SysWOW64\instnm.exe
2018-03-14 03:56 - 2018-03-09 07:52 - 000002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\user.exe
2018-03-14 03:56 - 2018-03-09 07:51 - 000006144 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2018-03-14 03:56 - 2018-03-09 07:51 - 000004608 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2018-03-14 03:56 - 2018-03-09 07:51 - 000003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2018-03-14 03:56 - 2018-03-09 07:51 - 000003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2018-03-14 03:56 - 2018-03-01 14:06 - 003226112 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2018-03-14 03:56 - 2018-02-22 08:58 - 000217600 _____ (Microsoft Corporation) C:\windows\system32\WinSCard.dll
2018-03-14 03:56 - 2018-02-22 08:36 - 000134656 _____ (Microsoft Corporation) C:\windows\SysWOW64\WinSCard.dll
2018-03-14 03:56 - 2018-02-19 03:04 - 000634272 _____ (Microsoft Corporation) C:\windows\system32\winload.exe
2018-03-14 03:56 - 2018-02-17 09:57 - 000395928 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2018-03-14 03:56 - 2018-02-17 09:06 - 000340088 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2018-03-14 03:56 - 2018-02-16 21:21 - 000489984 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2018-03-14 03:56 - 2018-02-16 21:21 - 000315392 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2018-03-14 03:56 - 2018-02-16 21:15 - 025742848 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2018-03-14 03:56 - 2018-02-16 21:14 - 013678080 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2018-03-14 03:56 - 2018-02-16 20:54 - 000416256 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2018-03-14 03:56 - 2018-02-16 20:54 - 000279040 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2018-03-14 03:56 - 2018-02-16 20:54 - 000076288 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2018-03-14 03:56 - 2018-02-16 20:49 - 020286976 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2018-03-14 03:56 - 2018-02-16 20:07 - 000088064 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2018-03-14 03:56 - 2018-02-16 20:07 - 000064000 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2018-03-14 03:56 - 2018-02-11 00:05 - 000367296 _____ (Microsoft Corporation) C:\windows\system32\Drivers\msrpc.sys
2018-03-14 03:56 - 2018-02-11 00:05 - 000334528 _____ (Microsoft Corporation) C:\windows\system32\Drivers\acpi.sys
2018-03-14 03:56 - 2018-02-11 00:05 - 000185024 _____ (Microsoft Corporation) C:\windows\system32\Drivers\pci.sys
2018-03-14 03:56 - 2018-02-11 00:05 - 000122560 _____ (Microsoft Corporation) C:\windows\system32\Drivers\NV_AGP.SYS
2018-03-14 03:56 - 2018-02-11 00:05 - 000068288 _____ (Microsoft Corporation) C:\windows\system32\Drivers\volmgr.sys
2018-03-14 03:56 - 2018-02-11 00:05 - 000064192 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ULIAGPKX.SYS
2018-03-14 03:56 - 2018-02-11 00:05 - 000063168 _____ (Microsoft Corporation) C:\windows\system32\Drivers\termdd.sys
2018-03-14 03:56 - 2018-02-11 00:05 - 000060608 _____ (Microsoft Corporation) C:\windows\system32\Drivers\AGP440.sys
2018-03-14 03:56 - 2018-02-11 00:05 - 000036032 _____ (Microsoft Corporation) C:\windows\system32\Drivers\vdrvroot.sys
2018-03-14 03:56 - 2018-02-11 00:05 - 000031936 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mssmbios.sys
2018-03-14 03:56 - 2018-02-11 00:05 - 000023744 _____ (Microsoft Corporation) C:\windows\system32\streamci.dll
2018-03-14 03:56 - 2018-02-11 00:05 - 000020160 _____ (Microsoft Corporation) C:\windows\system32\Drivers\isapnp.sys
2018-03-14 03:56 - 2018-02-11 00:05 - 000015040 _____ (Microsoft Corporation) C:\windows\system32\Drivers\msisadrv.sys
2018-03-14 03:56 - 2018-02-11 00:05 - 000012096 _____ (Microsoft Corporation) C:\windows\system32\Drivers\swenum.sys
2018-03-14 03:56 - 2018-02-10 23:53 - 002292224 _____ (Microsoft Corporation) C:\windows\SysWOW64\MSVidCtl.dll
2018-03-14 03:56 - 2018-02-10 23:53 - 000330240 _____ (Microsoft Corporation) C:\windows\SysWOW64\zipfldr.dll
2018-03-14 03:56 - 2018-02-10 23:53 - 000111616 _____ (Microsoft Corporation) C:\windows\SysWOW64\racpldlg.dll
2018-03-14 03:56 - 2018-02-10 23:41 - 003665920 _____ (Microsoft Corporation) C:\windows\system32\MSVidCtl.dll
2018-03-14 03:56 - 2018-02-10 23:41 - 000369664 _____ (Microsoft Corporation) C:\windows\system32\zipfldr.dll
2018-03-14 03:56 - 2018-02-10 23:41 - 000133120 _____ (Microsoft Corporation) C:\windows\system32\msrahc.dll
2018-03-14 03:56 - 2018-02-10 23:41 - 000119296 _____ (Microsoft Corporation) C:\windows\system32\racpldlg.dll
2018-03-14 03:56 - 2018-02-10 23:25 - 002724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2018-03-14 03:56 - 2018-02-10 23:10 - 002901504 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2018-03-14 03:56 - 2018-02-10 23:10 - 000577536 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2018-03-14 03:56 - 2018-02-10 23:10 - 000066560 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2018-03-14 03:56 - 2018-02-10 23:06 - 000108032 _____ (Microsoft Corporation) C:\windows\SysWOW64\msra.exe
2018-03-14 03:56 - 2018-02-10 23:06 - 000040960 _____ (Microsoft Corporation) C:\windows\SysWOW64\sdchange.exe
2018-03-14 03:56 - 2018-02-10 23:06 - 000007168 _____ (Microsoft Corporation) C:\windows\SysWOW64\MsraLegacy.tlb
2018-03-14 03:56 - 2018-02-10 23:01 - 000034304 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2018-03-14 03:56 - 2018-02-10 22:58 - 000144384 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2018-03-14 03:56 - 2018-02-10 22:57 - 000817152 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2018-03-14 03:56 - 2018-02-10 22:56 - 000653312 _____ (Microsoft Corporation) C:\windows\system32\msra.exe
2018-03-14 03:56 - 2018-02-10 22:56 - 000051712 _____ (Microsoft Corporation) C:\windows\system32\sdchange.exe
2018-03-14 03:56 - 2018-02-10 22:55 - 000014336 _____ (Microsoft Corporation) C:\windows\system32\Drivers\wmiacpi.sys
2018-03-14 03:56 - 2018-02-10 22:55 - 000009728 _____ (Microsoft Corporation) C:\windows\system32\Drivers\errdev.sys
2018-03-14 03:56 - 2018-02-10 22:55 - 000007168 _____ (Microsoft Corporation) C:\windows\system32\MsraLegacy.tlb
2018-03-14 03:56 - 2018-02-10 22:52 - 002724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2018-03-14 03:56 - 2018-02-10 22:40 - 000062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2018-03-14 03:56 - 2018-02-10 22:39 - 000107520 _____ (Microsoft Corporation) C:\windows\system32\inseng.dll
2018-03-14 03:56 - 2018-02-10 22:39 - 000087552 _____ (Microsoft Corporation) C:\windows\system32\tdc.ocx
2018-03-14 03:56 - 2018-02-10 22:39 - 000047616 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2018-03-14 03:56 - 2018-02-10 22:36 - 002295296 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2018-03-14 03:56 - 2018-02-10 22:36 - 000199680 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2018-03-14 03:56 - 2018-02-10 22:33 - 000030720 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2018-03-14 03:56 - 2018-02-10 22:31 - 000152064 _____ (Microsoft Corporation) C:\windows\system32\occache.dll
2018-03-14 03:56 - 2018-02-10 22:30 - 000115712 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2018-03-14 03:56 - 2018-02-10 22:27 - 015281664 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2018-03-14 03:56 - 2018-02-10 22:22 - 000262144 _____ (Microsoft Corporation) C:\windows\system32\webcheck.dll
2018-03-14 03:56 - 2018-02-10 22:20 - 000807936 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2018-03-14 03:56 - 2018-02-10 22:20 - 000726528 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2018-03-14 03:56 - 2018-02-10 22:17 - 002134016 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2018-03-14 03:56 - 2018-02-10 22:17 - 000073216 _____ (Microsoft Corporation) C:\windows\SysWOW64\tdc.ocx
2018-03-14 03:56 - 2018-02-10 22:17 - 000060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2018-03-14 03:56 - 2018-02-10 22:16 - 000091136 _____ (Microsoft Corporation) C:\windows\SysWOW64\inseng.dll
2018-03-14 03:56 - 2018-02-10 22:14 - 000168960 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2018-03-14 03:56 - 2018-02-10 22:11 - 000130048 _____ (Microsoft Corporation) C:\windows\SysWOW64\occache.dll
2018-03-14 03:56 - 2018-02-10 22:05 - 000230400 _____ (Microsoft Corporation) C:\windows\SysWOW64\webcheck.dll
2018-03-14 03:56 - 2018-02-10 22:04 - 000694784 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2018-03-14 03:56 - 2018-02-10 22:03 - 002058240 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2018-03-14 03:56 - 2018-02-10 21:53 - 001545728 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2018-03-14 03:56 - 2018-02-10 21:42 - 000800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2018-03-14 03:56 - 2018-02-10 21:41 - 001313792 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2018-03-14 03:56 - 2018-02-10 21:39 - 000710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2018-03-14 03:56 - 2018-02-03 00:10 - 000114368 _____ (Microsoft Corporation) C:\windows\system32\consent.exe
2018-03-14 03:56 - 2018-02-02 23:59 - 002365952 _____ (Microsoft Corporation) C:\windows\SysWOW64\msi.dll
2018-03-14 03:56 - 2018-02-02 23:59 - 000337408 _____ (Microsoft Corporation) C:\windows\SysWOW64\msihnd.dll
2018-03-14 03:56 - 2018-02-02 23:59 - 000025088 _____ (Microsoft Corporation) C:\windows\SysWOW64\msimsg.dll
2018-03-14 03:56 - 2018-02-02 23:58 - 001806848 _____ (Microsoft Corporation) C:\windows\SysWOW64\authui.dll
2018-03-14 03:56 - 2018-02-02 23:46 - 003246080 _____ (Microsoft Corporation) C:\windows\system32\msi.dll
2018-03-14 03:56 - 2018-02-02 23:46 - 000504320 _____ (Microsoft Corporation) C:\windows\system32\msihnd.dll
2018-03-14 03:56 - 2018-02-02 23:46 - 000025088 _____ (Microsoft Corporation) C:\windows\system32\msimsg.dll
2018-03-14 03:56 - 2018-02-02 23:44 - 001942016 _____ (Microsoft Corporation) C:\windows\system32\authui.dll
2018-03-14 03:56 - 2018-02-02 23:44 - 000070144 _____ (Microsoft Corporation) C:\windows\system32\appinfo.dll
2018-03-14 03:56 - 2018-02-02 23:16 - 000073216 _____ (Microsoft Corporation) C:\windows\SysWOW64\msiexec.exe
2018-03-14 03:56 - 2018-02-02 23:06 - 000128512 _____ (Microsoft Corporation) C:\windows\system32\msiexec.exe
2018-03-14 03:56 - 2018-01-16 01:29 - 000002048 _____ (Microsoft Corporation) C:\windows\system32\tzres.dll
2018-03-14 03:56 - 2018-01-16 01:10 - 000002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\tzres.dll
2018-03-14 03:56 - 2018-01-12 22:10 - 000407040 _____ (Microsoft Corporation) C:\windows\system32\scesrv.dll
2018-03-14 03:56 - 2018-01-12 21:56 - 000308224 _____ (Microsoft Corporation) C:\windows\SysWOW64\scesrv.dll
2018-03-14 03:17 - 2018-02-13 23:47 - 000136384 _____ (Microsoft Corporation) C:\windows\system32\CompatTelRunner.exe
2018-03-14 03:17 - 2018-02-13 23:40 - 000655872 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2018-03-14 03:17 - 2018-02-13 19:35 - 001994752 _____ (Microsoft Corporation) C:\windows\system32\aitstatic.exe
2018-03-14 03:17 - 2018-02-13 19:35 - 001560064 _____ (Microsoft Corporation) C:\windows\system32\appraiser.dll
2018-03-14 03:17 - 2018-02-13 19:35 - 000740864 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll
2018-03-14 03:17 - 2018-02-13 19:35 - 000600576 _____ (Microsoft Corporation) C:\windows\system32\devinv.dll
2018-03-14 03:17 - 2018-02-13 19:35 - 000451072 _____ (Microsoft Corporation) C:\windows\system32\centel.dll
2018-03-14 03:17 - 2018-02-13 19:35 - 000380928 _____ (Microsoft Corporation) C:\windows\system32\invagent.dll
2018-03-14 03:17 - 2018-02-13 19:35 - 000262144 _____ (Microsoft Corporation) C:\windows\system32\acmigration.dll
2018-03-14 03:17 - 2018-02-13 19:35 - 000237568 _____ (Microsoft Corporation) C:\windows\system32\aepic.dll
2018-03-13 23:55 - 2018-03-13 23:55 - 000004462 _____ C:\windows\System32\Tasks\Adobe Flash Player NPAPI Notifier
2018-03-12 10:24 - 2018-03-12 10:24 - 000284720 _____ C:\windows\Minidump\031218-8954-01.dmp
2018-03-11 14:22 - 2018-03-11 14:22 - 000289088 _____ C:\windows\Minidump\031118-9266-01.dmp
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-04-07 22:04 - 2014-01-31 11:02 - 000000000 ____D C:\Users\Henna\Documents\Mails
2018-04-07 22:01 - 2015-03-05 23:35 - 000034193 _____ C:\Users\Henna\Downloads\FRST.txt
2018-04-07 22:00 - 2015-03-05 23:35 - 000000000 ____D C:\FRST
2018-04-07 21:17 - 2017-12-14 18:48 - 000000534 _____ C:\windows\Tasks\G2MUpdateTask-S-1-5-21-3556545472-3032083503-3214586581-1000.job
2018-04-07 20:59 - 2014-03-12 23:27 - 000000928 _____ C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3556545472-3032083503-3214586581-1000UA.job
2018-04-07 20:45 - 2017-12-14 18:48 - 000000630 _____ C:\windows\Tasks\G2MUploadTask-S-1-5-21-3556545472-3032083503-3214586581-1000.job
2018-04-07 19:52 - 2009-07-14 08:50 - 000000000 ____D C:\windows\system32\NDF
2018-04-07 14:34 - 2013-10-12 15:35 - 000000830 _____ C:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
2018-04-07 03:19 - 2009-07-14 10:15 - 000028080 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-04-07 03:19 - 2009-07-14 10:15 - 000028080 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-04-06 23:59 - 2014-03-12 23:27 - 000000906 _____ C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3556545472-3032083503-3214586581-1000Core.job
2018-04-06 19:05 - 2016-02-20 20:15 - 005240832 ___SH C:\Users\Henna\Desktop\Thumbs.db
2018-04-06 18:57 - 2013-12-17 19:42 - 000000000 ____D C:\Users\Henna\AppData\Local\Deployment
2018-04-06 18:06 - 2009-07-14 10:43 - 000796146 _____ C:\windows\system32\PerfStringBackup.INI
2018-04-06 18:06 - 2009-07-14 08:50 - 000000000 ____D C:\windows\inf
2018-04-04 14:31 - 2016-08-03 15:59 - 000000000 ___RD C:\Users\Henna\iCloudDrive
2018-04-01 22:12 - 2016-10-10 16:58 - 000000000 ____D C:\Users\Henna\AppData\LocalLow\Mozilla
2018-04-01 22:12 - 2014-02-22 19:23 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2018-04-01 22:11 - 2016-10-01 05:32 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2018-04-01 10:18 - 2013-10-12 15:35 - 000000828 _____ C:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
2018-04-01 03:19 - 2013-10-12 16:12 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2018-04-01 03:18 - 2013-12-17 11:01 - 000000000 ____D C:\Program Files\Microsoft Office 15
2018-04-01 03:18 - 2009-07-14 10:38 - 000000006 ____H C:\windows\Tasks\SA.DAT
2018-03-30 22:17 - 2017-12-14 18:48 - 000000000 ____D C:\Users\Henna\AppData\Local\GoToMeeting
2018-03-28 11:41 - 2013-12-17 11:42 - 000000000 ____D C:\Users\Henna\AppData\Roaming\vlc
2018-03-28 00:42 - 2017-12-14 18:48 - 000003656 _____ C:\windows\System32\Tasks\G2MUploadTask-S-1-5-21-3556545472-3032083503-3214586581-1000
2018-03-28 00:42 - 2017-12-14 18:48 - 000003560 _____ C:\windows\System32\Tasks\G2MUpdateTask-S-1-5-21-3556545472-3032083503-3214586581-1000
2018-03-24 22:33 - 2014-02-21 23:44 - 000000000 ____D C:\Users\Henna\AppData\Local\CrashDumps
2018-03-23 09:43 - 2014-02-17 16:04 - 000002195 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-03-19 15:06 - 2018-02-12 18:43 - 000000000 ____D C:\Users\Henna\Desktop\New folder
2018-03-15 04:14 - 2009-07-14 08:50 - 000000000 ____D C:\windows\rescache
2018-03-15 03:37 - 2015-04-16 03:29 - 000000000 ____D C:\windows\system32\appraiser
2018-03-15 03:37 - 2009-07-14 10:15 - 000439384 _____ C:\windows\system32\FNTCACHE.DAT
2018-03-15 03:37 - 2009-07-14 08:50 - 000000000 ____D C:\windows\PolicyDefinitions
2018-03-15 03:21 - 2014-03-20 20:14 - 000000000 ____D C:\windows\system32\MRT
2018-03-15 03:07 - 2017-10-13 03:07 - 130364688 ____C (Microsoft Corporation) C:\windows\system32\MRT-KB890830.exe
2018-03-15 03:07 - 2014-03-20 20:14 - 130364688 ____C (Microsoft Corporation) C:\windows\system32\MRT.exe
2018-03-13 23:55 - 2013-01-04 07:58 - 000804352 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2018-03-13 23:55 - 2013-01-04 07:58 - 000144896 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2018-03-13 23:55 - 2013-01-04 07:58 - 000004312 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater
2018-03-13 23:54 - 2013-01-04 07:58 - 000000000 ____D C:\windows\SysWOW64\Macromed
2018-03-13 23:54 - 2013-01-04 07:58 - 000000000 ____D C:\windows\system32\Macromed
2018-03-12 10:24 - 2015-02-03 21:29 - 000000000 ____D C:\windows\Minidump
 
==================== Files in the root of some directories =======
 
2018-02-20 15:07 - 2017-03-10 17:02 - 000081920 ___SH () C:\Users\Henna\AppData\Roaming\gd.js
2018-02-20 15:07 - 2017-03-10 17:02 - 000081920 ___SH () C:\Users\Henna\AppData\Roaming\Microsoft\gd.js
2015-08-27 11:45 - 2015-08-27 11:45 - 000000017 _____ () C:\Users\Henna\AppData\Local\resmon.resmoncfg
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\SysWOW64\wininit.exe => File is digitally signed
C:\windows\explorer.exe => File is digitally signed
C:\windows\SysWOW64\explorer.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\SysWOW64\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\SysWOW64\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\SysWOW64\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll => File is digitally signed
C:\windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2018-03-31 02:19
 
==================== End of FRST.txt ============================



______________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________




ADDITION.txt logs
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14.03.2018
Ran by Henna (07-04-2018 22:04:49)
Running from C:\Users\Henna\Downloads
Windows 7 Professional Service Pack 1 (X64) (2013-12-17 04:32:16)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-3556545472-3032083503-3214586581-500 - Administrator - Disabled)
Guest (S-1-5-21-3556545472-3032083503-3214586581-501 - Limited - Disabled)
Henna (S-1-5-21-3556545472-3032083503-3214586581-1000 - Administrator - Enabled) => C:\Users\Henna
HomeGroupUser$ (S-1-5-21-3556545472-3032083503-3214586581-1002 - Limited - Enabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Microsoft Security Essentials (Enabled - Up to date) {71A27EC9-3DA6-45FC-60A7-004F623C6189}
AS: Microsoft Security Essentials (Enabled - Up to date) {CAC39F2D-1B9C-4A72-5A17-3B3D19BB2B34}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version:  - )
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 18.011.20038 - Adobe Systems Incorporated)
Adobe Digital Editions 4.0 (HKLM-x32\...\Adobe Digital Editions 4.0) (Version: 4.0 - Adobe Systems Incorporated)
Adobe Flash Player 29 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 29.0.0.113 - Adobe Systems Incorporated)
Adobe Flash Player 29 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 29.0.0.113 - Adobe Systems Incorporated)
Amazon Kindle (HKU\S-1-5-21-3556545472-3032083503-3214586581-1000\...\Amazon Kindle) (Version:  - Amazon)
Apple Application Support (32-bit) (HKLM-x32\...\{BC7C46A4-D7A7-48EC-A98C-32A7762B5EFA}) (Version: 6.2.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{F0C4B709-8BF4-4A72-B527-12E7BF5482F8}) (Version: 6.2.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BD6778C5-6FA5-492A-ADD6-E706339C2A7B}) (Version: 11.0.2.4 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{19589375-5C58-4AFA-842F-8B34744CCEAD}) (Version: 2.5.0.1 - Apple Inc.)
AuthenTec WinBio FingerPrint Software (HKLM\...\{3CEE4431-D0DA-49AA-A78D-5D3B559446DF}) (Version: 3.2.3.1157 - AuthenTec, Inc.)
Bejeweled 3 (HKLM-x32\...\WTA-f3f008fa-ce0c-4109-b821-a716eac15c65) (Version: 2.2.0.97 - WildTangent) Hidden
Belarc Advisor 8.4 (HKLM-x32\...\Belarc Advisor) (Version: 8.4.0.0 - Belarc Inc.)
Bluetooth Stack for Windows by Toshiba (HKLM\...\{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}) (Version: v9.00.03(T) - TOSHIBA CORPORATION)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
Fitbit Connect (HKLM-x32\...\{30C7C152-D711-4A39-AD18-3F675AEAD50A}) (Version: 2.0.2.6982 - Fitbit Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 65.0.3325.181 - Google Inc.)
Google Earth Plug-in (HKLM-x32\...\{57BB4801-61C8-4E74-9672-2160728A461E}) (Version: 7.1.5.1557 - Google)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
GoTo Opener (HKLM-x32\...\{1F803452-798F-49FB-A5DD-9F527F7017E4}) (Version: 1.0.473 - LogMeIn, Inc.)
GoToMeeting 8.24.0.8569 (HKU\S-1-5-21-3556545472-3032083503-3214586581-1000\...\GoToMeeting) (Version: 8.24.0.8569 - LogMeIn, Inc.)
iCloud (HKLM\...\{99868C9C-C141-4DDE-A2C7-9DDF00F68F17}) (Version: 7.2.0.67 - Apple Inc.)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Manageability Engine Firmware Recovery Agent (HKLM-x32\...\{A6C48A9F-694A-4234-B3AA-62590B668927}) (Version: 1.0.0.35342 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.3.1427 - Intel Corporation)
Intel® Network Connections Drivers (HKLM\...\PROSet) (Version: 16.8 - Intel)
Intel® OpenCL CPU Runtime (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version:  - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2712 - Intel Corporation)
Intel® Rapid Start Technology (HKLM-x32\...\3D073343-CEEB-4ce7-85AC-A69A7631B5D6) (Version: 1.0.0.1022 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.0.0.1032 - Intel Corporation)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.4.220 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (HKLM\...\{E2D0B67F-8032-4E11-87C6-C8C721D331B3}) (Version: 15.01.0500.0875 - Intel Corporation)
Intel® Trusted Connect Service Client (HKLM\...\{09536BA1-E498-4CC3-B834-D884A67D7E34}) (Version: 1.23.605.1 - Intel Corporation)
iTunes (HKLM\...\{D7D4465C-B3B6-4BC1-B336-2803FB57BFAF}) (Version: 12.7.2.60 - Apple Inc.)
Java 8 Update 40 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218040F0}) (Version: 8.0.400 - Oracle Corporation)
Junk Mail filter update (HKLM-x32\...\{24758B1D-9345-4538-A69A-05660F63A296}) (Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.7.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.02558 - Microsoft Corporation)
Microsoft Camera Codec Pack (HKLM-x32\...\{D03632B5-1DA9-4536-976D-604719500C45}) (Version: 16.4.1970.0624 - Microsoft Corporation)
Microsoft Lync Web App Plug-in (HKLM\...\{BE6D5464-0B1F-46CC-8973-F9651FE6A45A}) (Version: 15.8.8308.965 - Microsoft Corporation)
Microsoft Office Professional 2013 - en-us (HKLM\...\ProfessionalRetail - en-us) (Version: 15.0.5015.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3556545472-3032083503-3214586581-1000\...\OneDriveSetup.exe) (Version: 17.0.4024.1220 - Microsoft Corporation)
Microsoft Primary Interoperability Assemblies 2005 (HKLM-x32\...\{2C303EE0-A595-3543-A71A-931C7AC40EDE}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.10.209.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Sync Framework 2.0 Core Components (x64) ENU  (HKLM\...\{8CCBEC22-D2DB-4DC9-A58A-E1A1F3A38C8A}) (Version: 2.0.1578.0 - Microsoft Corporation)
Microsoft Sync Framework 2.0 Provider Services (x64) ENU  (HKLM\...\{03AC245F-4C64-425C-89CF-7783C1D3AB2C}) (Version: 2.0.1578.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.60724 - Microsoft Corporation)
Movie Maker (HKLM-x32\...\{8C22A294-DBBA-445F-B55C-E26817CCFE69}) (Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{C95AEB53-7FAE-4257-97AF-7136E8D9F9CA}) (Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Mozilla Firefox 60.0 (x64 en-US) (HKLM\...\Mozilla Firefox 60.0 (x64 en-US)) (Version: 60.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 60.0.0.6655 - Mozilla)
Norton Anti-Theft (HKLM-x32\...\NAT) (Version: 1.10.0.9 - Symantec Corporation)
Office 15 Click-to-Run Extensibility Component (HKLM-x32\...\{90150000-008C-0000-0000-0000000FF1CE}) (Version: 15.0.5015.1000 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (HKLM\...\{90150000-008F-0000-1000-0000000FF1CE}) (Version: 15.0.5015.1000 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (HKLM-x32\...\{90150000-008C-0409-0000-0000000FF1CE}) (Version: 15.0.5015.1000 - Microsoft Corporation) Hidden
Office Timeline (HKLM-x32\...\{FBBBEDE5-4139-4976-9916-D40DA8436482}) (Version: 3.15.1 - Office Timeline)
OpenText Office Editor (64-bit) 10.5.1 (HKLM\...\{D59D4D95-D933-463B-8A90-9B1BC5A5816B}) (Version: 10.5.1.513 - OpenText Corporation)
Photon Max (HKLM-x32\...\Huawei Photon Max) (Version: 21.005.22.25.628 - Huawei Technologies Co.,Ltd)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9.141.259 - Google, Inc.)
Plants vs. Zombies - Game of the Year (HKLM-x32\...\WTA-aa478675-1b65-4655-b971-ff35f8ff3509) (Version: 2.2.0.98 - WildTangent) Hidden
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6591 - Realtek Semiconductor Corp.)
RICOH Media Driver v2.15.17.02 (HKLM-x32\...\{FE041B02-234C-4AAA-9511-80DF6482A458}) (Version: 2.15.17.02 - RICOH)
Skype™ 7.25 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.25.106 - Skype Technologies S.A.)
Sony Mobile Update Engine (HKLM-x32\...\Update Engine) (Version: 2.14.12.201408250841 - Sony Mobile Communications AB)
Sony PC Companion 2.10.303 (HKLM-x32\...\{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}) (Version: 2.10.303 - Sony)
SRS Premium Sound Control Panel (HKLM\...\{3007FF9F-5B2C-41FF-8BFC-08BF25DB2681}) (Version: 1.12.1800 - SRS Labs, Inc.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.4.2.0 - Synaptics Incorporated)
SyncToy 2.1 (x64) (HKLM\...\{88DAAF05-5A72-46D2-A7C5-C3759697E943}) (Version: 2.1.0 - Microsoft)
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.27614 - TeamViewer)
TOSHIBA Assist (HKLM-x32\...\{C2A276E3-154E-44DC-AAF1-FFDD7FD30E35}) (Version: 4.2.3.1 - TOSHIBA CORPORATION)
TOSHIBA Bulletin Board (HKLM-x32\...\InstallShield_{1C8C049A-145F-4A6E-8290-B5C245EBE39D}) (Version: 2.1.19.64 - TOSHIBA Corporation)
TOSHIBA ConfigFree (HKLM-x32\...\{EAF55C99-A493-4373-A8C5-09ACC5DCD7EF}) (Version: 8.0.43 - TOSHIBA CORPORATION)
TOSHIBA eco Utility (HKLM\...\{F5AFF327-9B52-4E96-B5A0-BD2488A8EEC9}) (Version: 1.3.21.64 - TOSHIBA Corporation)
TOSHIBA Face Recognition (HKLM-x32\...\InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}) (Version: 3.1.18.64 - TOSHIBA Corporation)
TOSHIBA Fingerprint Utility (HKLM\...\{62BBF381-D208-4EF0-B502-6CB6E5B9A161}) (Version: 2.0.0.6409 - TOSHIBA Corporation)
TOSHIBA HDD/SSD Alert (HKLM\...\{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.1.64.14 - TOSHIBA Corporation)
TOSHIBA Media Controller (HKLM-x32\...\{C7A4F26F-F9B0-41B2-8659-99181108CDE3}) (Version: 1.0.87.5 - TOSHIBA CORPORATION)
TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.7.17.64 - TOSHIBA Corporation)
TOSHIBA Peak Shift Control (HKLM\...\{73F1BDB6-11E1-11D5-9DC6-00C04F2FC33B}) (Version: 3.01.00.64 - TOSHIBA Corporation)
TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.1.7.52020010 - TOSHIBA CORPORATION)
TOSHIBA ReelTime (HKLM-x32\...\InstallShield_{24811C12-F4A9-4D0F-8494-A7B8FE46123C}) (Version: 1.7.22.64 - TOSHIBA Corporation)
TOSHIBA Resolution+ Plug-in for Windows Media Player (HKLM-x32\...\{6CB76C9D-80C2-4CB3-A4CD-D96B239E3F94}) (Version: 1.1.4.01 - TOSHIBA Corporation)
TOSHIBA Security Assist (HKLM-x32\...\{1E63ACB5-D45E-4856-8FC9-78F4B0D7BB80}) (Version: 2.0.10 - TOSHIBA)
TOSHIBA Service Station (HKLM-x32\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.2.13 - TOSHIBA)
TOSHIBA Sleep Utility (HKLM-x32\...\{654F7484-88C5-46DC-AB32-C66BCB0E2102}) (Version: 1.4.0024.000101 - TOSHIBA Corporation)
TOSHIBA Sync Utility (HKLM-x32\...\{CCF62642-ECB1-4D2B-80C0-3FD3286AEAED}) (Version: 2.0.3090 - TOSHIBA Corporation)
TOSHIBA Value Added Package (HKLM-x32\...\InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}) (Version: 1.6.0027.640202 - TOSHIBA Corporation)
TOSHIBA Web Camera Application (HKLM-x32\...\InstallShield_{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}) (Version: 2.0.3.33 - TOSHIBA Corporation)
TOSHIBA Wireless LAN Indicator (HKLM-x32\...\{5B01BCB7-A5D3-476F-AF11-E515BA206591}) (Version: 1.0.5 - TOSHIBA CORPORATION)
Update Installer for WildTangent Games App (HKLM-x32\...\{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App) (Version:  - WildTangent) Hidden
VLC media player 2.0.1 (HKLM-x32\...\VLC media player) (Version: 2.0.1 - VideoLAN)
WildTangent Games (HKLM-x32\...\WildTangent toshiba Master Uninstall) (Version: 1.0.2.5 - WildTangent)
WildTangent Games App (Toshiba Games) (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-toshiba) (Version: 4.0.5.31 - WildTangent) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3522.0110 - Microsoft Corporation)
Zoom (HKU\S-1-5-21-3556545472-3032083503-3214586581-1000\...\ZoomUMX) (Version: 4.1 - Zoom Video Communications, Inc.)
Zuma's Revenge (HKLM-x32\...\WTA-7a2c2cfe-1566-475b-b738-5fb33f10e3ed) (Version: 2.2.0.98 - WildTangent) Hidden
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-3556545472-3032083503-3214586581-1000_Classes\CLSID\{45C6AFA5-2C13-402f-BC5D-45CC8172EF6B}\InprocServer32 -> C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\sys\x64\TosBtExt.dll (TOSHIBA)
CustomCLSID: HKU\S-1-5-21-3556545472-3032083503-3214586581-1000_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\Henna\AppData\Local\GoToMeeting\8034\G2MOutlookAddin64.dll => No File
CustomCLSID: HKU\S-1-5-21-3556545472-3032083503-3214586581-1000_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Henna\AppData\Local\Microsoft\SkyDrive\17.0.4024.1220\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3556545472-3032083503-3214586581-1000_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Henna\AppData\Local\Microsoft\SkyDrive\17.0.4024.1220\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3556545472-3032083503-3214586581-1000_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Henna\AppData\Local\Microsoft\SkyDrive\17.0.4024.1220\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3556545472-3032083503-3214586581-1000_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Henna\AppData\Local\Microsoft\SkyDrive\17.0.4024.1220\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3556545472-3032083503-3214586581-1000_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Henna\AppData\Local\Microsoft\SkyDrive\17.0.4024.1220\amd64\FileSyncApi64.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ShellIconOverlayIdentifiers: [ATFPUOverlayIcon] -> {3239DBC1-B76D-4dc7-8B29-D99CBA3C7336} => C:\Program Files\TOSHIBA\Fingerprint Utility\TFPUOverlayIcon.dll [2012-03-16] (TOSHIBA)
ContextMenuHandlers1-x32: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files (x86)\7-Zip\7-zip.dll [2010-11-18] (Igor Pavlov)
ContextMenuHandlers1-x32: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => c:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation)
ContextMenuHandlers1-x32: [PhotoStreamsExt] -> {89D984B3-813B-406A-8298-118AFA3A22AE} => C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll [2017-12-08] (Apple Inc.)
ContextMenuHandlers1-x32: [TFPUContextMenu] -> {2E34EBB9-C147-4DF4-938F-90C5B0837B1E} => C:\Program Files\TOSHIBA\Fingerprint Utility\TFPUFileShellExt.dll [2012-03-16] (TOSHIBA)
ContextMenuHandlers1-x32: [tosBtShllExt] -> {6BEF3D0B-53F0-4b0d-B91C-C19ED3D4C9D1} => C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\sys\x64\TosBtShell.dll [2010-07-30] (TOSHIBA)
ContextMenuHandlers2: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => c:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation)
ContextMenuHandlers3: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers4-x32: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files (x86)\7-Zip\7-zip.dll [2010-11-18] (Igor Pavlov)
ContextMenuHandlers4-x32: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => c:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation)
ContextMenuHandlers4-x32: [tosBtShllExt] -> {6BEF3D0B-53F0-4b0d-B91C-C19ED3D4C9D1} => C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\sys\x64\TosBtShell.dll [2010-07-30] (TOSHIBA)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\windows\system32\igfxpph.dll [2012-03-27] (Intel Corporation)
ContextMenuHandlers6: [TFPUContextMenu] -> {2E34EBB9-C147-4DF4-938F-90C5B0837B1E} => C:\Program Files\TOSHIBA\Fingerprint Utility\TFPUFileShellExt.dll [2012-03-16] (TOSHIBA)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {00F4887E-3523-4CD9-B309-A5602AF4F135} - \Installer_ytd -> No File <==== ATTENTION
Task: {0262F059-88D2-460F-9741-E0D8828A2907} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2018-03-13] (Adobe Systems Incorporated)
Task: {0EEFFC06-D3CB-4517-BEB6-92A56FF36ADF} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon => C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-26] (Intel Corporation)
Task: {10966D8C-E20E-450C-AE16-6ADCA3A9A019} - \GoforFilesUpdate -> No File <==== ATTENTION
Task: {1739C0E4-ABF0-4344-A714-4B006186F903} - System32\Tasks\{A3360E57-92FF-43AE-938B-45A953DBCC10} => C:\windows\system32\pcalua.exe -a C:\Users\Henna\Downloads\wlsetup-web.exe -d C:\Users\Henna\Downloads
Task: {20D59AFC-9A9B-497F-BBE6-9DBDBDC55F43} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3556545472-3032083503-3214586581-1000UA => C:\Users\Henna\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-03-12] (Facebook Inc.)
Task: {2B6DDBD9-A317-4438-A63E-3BF1FD89618F} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-02-09] (Adobe Systems Incorporated)
Task: {2F184D0F-7937-4656-B337-21251A5CE20B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {322600F1-9DB0-4C00-AAA8-93055217FB82} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {32D23544-C2A2-44F1-AFB0-45940A21D292} - System32\Tasks\Norton Anti-Theft\Norton Error Processor => C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\SymErr.exe [2013-08-01] (Symantec Corporation)
Task: {3F3CC740-153A-4163-8B06-C2A8A65C2147} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d => C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-26] (Intel Corporation)
Task: {45C88D84-9C50-4D5A-9786-8AAAFA38FE7F} - System32\Tasks\{D7878F31-2204-457B-AB81-D3D4014DC5BB} => C:\windows\system32\pcalua.exe -a C:\Users\Henna\Desktop\OfficeTimeline.exe -d C:\Users\Henna\Desktop
Task: {490138D6-F06C-41D6-B07A-6F51BB160624} - \Installer_iwebar -> No File <==== ATTENTION
Task: {4D1BE5F2-DABA-422D-90BF-9937C71C94AB} - System32\Tasks\G2MUpdateTask-S-1-5-21-3556545472-3032083503-3214586581-1000 => C:\Users\Henna\AppData\Local\GoToMeeting\8569\g2mupdate.exe [2018-03-28] (LogMeIn, Inc.)
Task: {5236D5BF-0113-4611-9F9C-110012CCE717} - System32\Tasks\Installer_cr => C:\Users\Henna\AppData\Local\Installer\Installcr_32225\ytdieamodc_amodc_inst.exe <==== ATTENTION
Task: {6F00716F-7781-4261-9C62-CC570587AE1F} - \Installer_shopperpro -> No File <==== ATTENTION
Task: {A5E96DF3-C1D2-441F-9C04-EF769BB37014} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\\MpCmdRun.exe [2016-11-14] (Microsoft Corporation)
Task: {AB4FF679-89C6-4C33-B120-68F8053C5A72} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2017-10-12] (Apple Inc.)
Task: {AFD7959D-BA6A-48E4-94D3-842671DFB723} - System32\Tasks\ConfigFree Startup Programs => C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe [2011-10-24] (TOSHIBA CORPORATION)
Task: {B076187F-DF13-438C-A185-E5C434BCB507} - System32\Tasks\G2MUploadTask-S-1-5-21-3556545472-3032083503-3214586581-1000 => C:\Users\Henna\AppData\Local\GoToMeeting\8569\g2mupload.exe [2018-03-28] (LogMeIn, Inc.)
Task: {C547876F-A022-4631-A025-3DC14E994EA8} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3556545472-3032083503-3214586581-1000Core => C:\Users\Henna\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-03-12] (Facebook Inc.)
Task: {D3CB3357-DFE9-4405-A733-2FD1982E2478} - System32\Tasks\WindowsUpda2ta => C:\Users\Henna\AppData\Roaming\MICROSOFT\gd.js [2017-03-10] () <==== ATTENTION
Task: {E98FB8EE-1AC1-4E88-853E-348CCA8C1FFF} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2017-12-12] (Microsoft Corporation)
Task: {EAD2144C-A3DE-46A1-A4EE-F1F536768C39} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2017-12-12] (Microsoft Corporation)
Task: {EDE8DE2C-89DE-486A-92DA-C656C9D256E1} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\windows\SysWOW64\Macromed\Flash\FlashUtil32_29_0_0_113_Plugin.exe [2018-03-13] (Adobe Systems Incorporated)
Task: {F007D4B5-A9B2-4F3D-B01C-6019B544E383} - System32\Tasks\Norton Anti-Theft\Norton Error Analyzer => C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\SymErr.exe [2013-08-01] (Symantec Corporation)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3556545472-3032083503-3214586581-1000Core.job => C:\Users\Henna\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3556545472-3032083503-3214586581-1000UA.job => C:\Users\Henna\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\windows\Tasks\G2MUpdateTask-S-1-5-21-3556545472-3032083503-3214586581-1000.job => C:\Users\Henna\AppData\Local\GoToMeeting\8569\g2mupdate.exe
Task: C:\windows\Tasks\G2MUploadTask-S-1-5-21-3556545472-3032083503-3214586581-1000.job => C:\Users\Henna\AppData\Local\GoToMeeting\8569\g2mupload.exe
Task: C:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job => C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe
Task: C:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job => C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
==================== Loaded Modules (Whitelisted) ==============
 
2014-03-06 08:04 - 2013-04-01 18:21 - 000178688 _____ () C:\windows\System32\HP1005LM.DLL
2014-03-06 08:05 - 2013-04-01 18:21 - 000065024 _____ () C:\windows\system32\spool\PRTPROCS\x64\HP1005PP.dll
2017-12-08 01:48 - 2017-12-08 01:48 - 001356088 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2017-12-08 01:48 - 2017-12-08 01:48 - 000088888 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2014-04-15 03:28 - 2017-01-17 03:25 - 000117440 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2011-03-14 20:57 - 2011-03-14 20:57 - 000346976 _____ () C:\ProgramData\DatacardService\HWDeviceService64.exe
2013-10-12 15:35 - 2012-02-29 05:50 - 000128280 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
2015-10-14 19:33 - 2015-11-08 22:19 - 000650752 _____ () C:\ProgramData\Photon Max\Huawei\EC306-1\OnlineUpdate\ouc.exe
2014-03-06 08:04 - 2013-04-01 18:21 - 004096512 _____ () C:\windows\system32\spool\DRIVERS\x64\3\HP1005SU.DLL
2014-03-06 08:04 - 2013-04-01 18:20 - 001236992 _____ () C:\windows\system32\spool\DRIVERS\x64\3\HP1005GC.dll
2017-03-24 04:57 - 2017-01-31 18:04 - 008909512 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2012-03-16 22:55 - 2012-03-16 22:55 - 000476544 _____ () C:\Program Files\TOSHIBA\Fingerprint Utility\TFPUCommon.dll
2012-03-27 06:03 - 2012-03-27 06:03 - 000094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2012-03-03 04:38 - 2012-03-03 04:38 - 000595840 _____ () C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
2011-08-23 03:49 - 2011-08-23 03:49 - 011204992 _____ () C:\Program Files\TOSHIBA\FlashCards\BlackPng.dll
2010-11-30 23:07 - 2010-11-30 23:07 - 000048504 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnZ.dll
2010-03-04 02:45 - 2010-03-04 02:45 - 000019256 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnF10.dll
2010-03-04 02:45 - 2010-03-04 02:45 - 000019256 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnF11.dll
2010-12-16 03:49 - 2010-12-16 03:49 - 000124320 _____ () C:\Program Files\TOSHIBA\TECO\MUIHelp.dll
2011-01-20 04:30 - 2011-01-20 04:30 - 000118784 _____ () C:\Program Files\TOSHIBA\PeakShift\MUIHelp.dll
2017-12-11 11:05 - 2017-12-11 11:05 - 001356088 _____ () C:\Program Files\iTunes\libxml2.dll
2017-12-11 11:05 - 2017-12-11 11:05 - 000088888 _____ () C:\Program Files\iTunes\zlib1.dll
2011-08-13 03:27 - 2011-08-13 03:27 - 000437632 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\TcrdKBB.exe
2014-02-23 11:20 - 2015-06-10 10:13 - 000113024 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe
2018-03-23 09:43 - 2018-03-20 11:30 - 004435288 _____ () C:\Program Files (x86)\Google\Chrome\Application\65.0.3325.181\libglesv2.dll
2018-03-23 09:43 - 2018-03-20 11:30 - 000099672 _____ () C:\Program Files (x86)\Google\Chrome\Application\65.0.3325.181\libegl.dll
2012-04-12 05:35 - 2012-04-12 05:35 - 000079784 _____ () C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosIPCWraper.dll
2011-12-23 22:54 - 2011-12-23 22:54 - 000119808 _____ () C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\updateui.exe
2012-03-17 05:35 - 2012-03-17 05:35 - 000108544 _____ () C:\Program Files (x86)\VideoLAN\VLC\vlc.exe
2015-10-14 19:33 - 2015-10-14 19:32 - 000011362 _____ () C:\ProgramData\Photon Max\Huawei\EC306-1\OnlineUpdate\mingwm10.dll
2015-10-14 19:33 - 2015-10-14 19:32 - 000043008 _____ () C:\ProgramData\Photon Max\Huawei\EC306-1\OnlineUpdate\libgcc_s_dw2-1.dll
2015-10-14 19:33 - 2015-10-14 19:32 - 002415104 _____ () C:\ProgramData\Photon Max\Huawei\EC306-1\OnlineUpdate\QtCore4.dll
2015-10-14 19:33 - 2015-10-14 19:32 - 001148416 _____ () C:\ProgramData\Photon Max\Huawei\EC306-1\OnlineUpdate\QtNetwork4.dll
2015-10-14 19:33 - 2015-10-14 19:32 - 000835072 _____ () C:\ProgramData\Photon Max\Huawei\EC306-1\OnlineUpdate\QueryStrategy.dll
2015-10-14 19:33 - 2015-10-14 19:32 - 000398336 _____ () C:\ProgramData\Photon Max\Huawei\EC306-1\OnlineUpdate\QtXml4.dll
2013-10-12 15:35 - 2012-02-22 00:39 - 001198872 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll
2012-03-16 22:58 - 2012-03-16 22:58 - 000372608 _____ () C:\Program Files\TOSHIBA\Fingerprint Utility\BrowserAddin\TFPUCommon.dll
2012-03-16 22:58 - 2012-03-16 22:58 - 000415104 _____ () C:\Program Files\TOSHIBA\Fingerprint Utility\BrowserAddin\TFPUBrowserAddinRc.dll
2014-02-23 11:20 - 2012-04-30 10:57 - 000039936 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\TMonitorAPI.dll
2014-02-23 11:20 - 2015-10-20 17:44 - 000242176 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\MExplorer.dll
2015-09-07 16:00 - 2015-09-07 16:00 - 000093568 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\CalEngine.dll
2015-09-07 16:00 - 2015-09-07 16:00 - 000143232 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\CAgdLNotes.dll
2015-09-07 16:00 - 2015-09-07 16:00 - 000167296 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\CAgdOutlook.dll
2015-09-07 16:02 - 2015-09-07 16:02 - 000212352 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\VistaCalendar.dll
2014-02-23 11:20 - 2015-04-21 12:22 - 000053248 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\VObject.dll
2015-09-07 16:01 - 2015-09-07 16:01 - 000056704 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\PimNotes.dll
2015-09-07 15:59 - 2015-09-07 15:59 - 000237440 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\Report.dll
2015-11-06 11:46 - 2015-11-06 11:46 - 002385280 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\libxt.dll
2015-12-22 12:12 - 2015-12-22 12:12 - 000463744 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\Calendar.dll
2015-11-13 11:52 - 2015-11-13 11:52 - 000824192 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\PhoneUpdate.dll
2016-05-27 06:40 - 2016-05-27 06:40 - 000131264 _____ () C:\Program Files\Microsoft Office 15\root\Office15\JitV.dll
2017-06-20 09:54 - 2017-06-20 09:54 - 000325824 _____ () C:\Program Files\Microsoft Office 15\root\Office15\AppVIsvStream32.dll
2017-12-08 01:49 - 2017-12-08 01:49 - 001042232 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2017-12-08 01:49 - 2017-12-08 01:49 - 000076088 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2017-12-08 01:48 - 2017-12-08 01:48 - 000189752 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxslt.dll
2017-06-14 12:08 - 2017-06-14 12:08 - 067718656 ____R () C:\Program Files (x86)\Fitbit Connect\libcef.dll
2017-10-06 16:06 - 2017-10-06 16:06 - 000068608 ____R () C:\Program Files (x86)\Fitbit Connect\MP3Gain.dll
2012-01-25 23:27 - 2012-01-25 23:27 - 000172032 _____ () C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosGatt.dll
2011-08-16 08:42 - 2011-08-16 08:42 - 002603520 _____ () C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\QtCore4.dll
2011-08-16 08:45 - 2011-08-16 08:45 - 000382464 _____ () C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\QtXml4.dll
2011-08-18 05:11 - 2011-08-18 05:11 - 000400384 _____ () C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\sqlite3.dll
2011-08-18 05:18 - 2011-08-18 05:18 - 000322048 _____ () C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\log4cplus.dll
2011-11-26 01:59 - 2011-11-26 01:59 - 000015872 _____ () C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\featureController.dll
2011-08-16 08:42 - 2011-08-16 08:42 - 001006592 _____ () C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\QtNetwork4.dll
2011-08-18 05:18 - 2011-08-18 05:18 - 000195584 _____ () C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\libgsoap.dll
2011-08-16 07:53 - 2011-08-16 07:53 - 000062464 _____ () C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\zlib1.dll
2011-11-26 01:58 - 2011-11-26 01:58 - 000484352 _____ () C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\DeviceProfile.dll
2011-11-26 02:12 - 2011-11-26 02:12 - 000499976 _____ () C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\plugin\PServerPlugin.dll
2011-11-26 01:56 - 2011-11-26 01:56 - 000013824 _____ () C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\eventsSender.dll
2011-07-20 04:35 - 2011-07-20 04:35 - 014978048 _____ () C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\QtWebKit4.dll
2011-07-20 04:34 - 2011-07-20 04:34 - 000317952 _____ () C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\phonon4.dll
2011-08-16 08:47 - 2011-08-16 08:47 - 009224704 _____ () C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\QtGui4.dll
2017-10-27 11:47 - 2018-01-17 10:18 - 001041584 _____ () C:\Program Files\Microsoft Office 15\Root\Office15\ADDINS\UmOutlookAddin.dll
2012-03-17 05:35 - 2012-03-17 05:35 - 000111104 _____ () C:\Program Files (x86)\VideoLAN\VLC\libvlc.dll
2012-03-17 05:35 - 2012-03-17 05:35 - 002285056 _____ () C:\Program Files (x86)\VideoLAN\VLC\libvlccore.dll
2012-03-17 05:35 - 2012-03-17 05:35 - 000219648 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\access\libdshow_plugin.dll
2012-03-17 05:35 - 2012-03-17 05:35 - 000049664 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_output\libaout_directx_plugin.dll
2012-03-17 05:35 - 2012-03-17 05:35 - 000051200 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_output\libwaveout_plugin.dll
2012-03-17 05:35 - 2012-03-17 05:35 - 000070144 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\video_output\libdirectx_plugin.dll
2012-03-17 05:35 - 2012-03-17 05:35 - 000037376 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\mmxext\libmemcpymmxext_plugin.dll
2012-03-17 05:35 - 2012-03-17 05:35 - 000238080 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\access\liblibbluray_plugin.dll
2012-03-17 05:35 - 2012-03-17 05:35 - 000093696 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\access\libaccess_bd_plugin.dll
2012-03-17 05:35 - 2012-03-17 05:35 - 000258560 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\access\libdvdnav_plugin.dll
2012-03-17 05:35 - 2012-03-17 05:35 - 000047616 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\access\libaccess_vdr_plugin.dll
2012-03-17 05:35 - 2012-03-17 05:35 - 000043520 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\access\libfilesystem_plugin.dll
2012-03-17 05:35 - 2012-03-17 05:35 - 000440832 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\stream_filter\libstream_filter_httplive_plugin.dll
2012-03-17 05:35 - 2012-03-17 05:35 - 000724992 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\stream_filter\libstream_filter_dash_plugin.dll
2012-03-17 05:35 - 2012-03-17 05:35 - 000038400 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\access\libstream_filter_rar_plugin.dll
2012-03-17 05:35 - 2012-03-17 05:35 - 000083968 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\access\libzip_plugin.dll
2012-03-17 05:35 - 2012-03-17 05:35 - 000035840 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\stream_filter\libstream_filter_record_plugin.dll
2012-03-17 05:35 - 2012-03-17 05:35 - 000106496 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libplaylist_plugin.dll
2012-03-17 05:35 - 2012-03-17 05:35 - 001304576 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\meta_engine\libtaglib_plugin.dll
2012-03-17 05:35 - 2012-03-17 05:35 - 000310272 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\lua\liblua_plugin.dll
2012-03-17 05:35 - 2012-03-17 05:35 - 001235456 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\misc\libxml_plugin.dll
2012-03-17 05:35 - 2012-03-17 05:35 - 000051200 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\control\libhotkeys_plugin.dll
2012-03-17 05:35 - 2012-03-17 05:35 - 000037888 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\control\libglobalhotkeys_plugin.dll
2012-03-17 05:35 - 2012-03-17 05:35 - 000196608 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libmp4_plugin.dll
2012-03-17 05:35 - 2012-03-17 05:35 - 000092160 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libavi_plugin.dll
2012-03-17 05:35 - 2012-03-17 05:35 - 011595264 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\gui\libqt4_plugin.dll
2012-03-17 05:35 - 2012-03-17 05:35 - 000073728 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libasf_plugin.dll
2012-03-17 05:35 - 2012-03-17 05:35 - 000045568 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libflacsys_plugin.dll
2012-03-17 05:35 - 2012-03-17 05:35 - 000044544 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libes_plugin.dll
2012-03-17 05:35 - 2012-03-17 05:35 - 000095744 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libmpc_plugin.dll
2012-03-17 05:35 - 2012-03-17 05:35 - 000044032 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libnuv_plugin.dll
2012-03-17 05:35 - 2012-03-17 05:35 - 000037888 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libtta_plugin.dll
2012-03-17 05:35 - 2012-03-17 05:35 - 000040448 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libwav_plugin.dll
2012-03-17 05:35 - 2012-03-17 05:35 - 000973312 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libsid_plugin.dll
2012-03-17 05:35 - 2012-03-17 05:35 - 000085504 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\services_discovery\libsap_plugin.dll
2012-03-17 05:35 - 2012-03-17 05:35 - 001220608 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libmkv_plugin.dll
2012-03-17 05:35 - 2012-03-17 05:35 - 000285184 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\services_discovery\libupnp_plugin.dll
2012-03-17 05:35 - 2012-03-17 05:35 - 000041984 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\services_discovery\libpodcast_plugin.dll
2012-03-17 05:35 - 2012-03-17 05:35 - 000038400 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\services_discovery\libmediadirs_plugin.dll
2012-03-17 05:35 - 2012-03-17 05:35 - 000036352 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\services_discovery\libwindrive_plugin.dll
2012-03-17 05:35 - 2012-03-17 05:35 - 000184832 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libpng_plugin.dll
2012-03-17 05:35 - 2012-03-17 05:35 - 000038400 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libcdg_plugin.dll
2012-03-17 05:35 - 2012-03-17 05:35 - 001318912 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libschroedinger_plugin.dll
2012-03-17 05:35 - 2012-03-17 05:35 - 000051200 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libaraw_plugin.dll
2012-03-17 05:35 - 2012-03-17 05:35 - 001719296 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libvorbis_plugin.dll
2012-03-17 05:35 - 2012-03-17 05:35 - 000043008 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libdts_plugin.dll
2012-03-17 05:35 - 2012-03-17 05:35 - 000371200 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libfaad_plugin.dll
2012-03-17 05:35 - 2012-03-17 05:35 - 000154624 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libspeex_plugin.dll
2012-03-17 05:35 - 2012-03-17 05:35 - 000037376 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libaes3_plugin.dll
2012-03-17 05:35 - 2012-03-17 05:35 - 000386560 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libtheora_plugin.dll
2012-03-17 05:35 - 2012-03-17 05:35 - 000265216 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libflac_plugin.dll
2012-03-17 05:35 - 2012-03-17 05:35 - 000947200 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\liblibass_plugin.dll
2012-03-17 05:35 - 2012-03-17 05:35 - 000041472 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libmpeg_audio_plugin.dll
2012-03-17 05:35 - 2012-03-17 05:35 - 000043008 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\liblpcm_plugin.dll
2012-03-17 05:35 - 2012-03-17 05:35 - 000263168 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libfluidsynth_plugin.dll
2012-03-17 05:35 - 2012-03-17 05:35 - 000040448 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\liba52_plugin.dll
2012-03-17 05:35 - 2012-03-17 05:35 - 000042496 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libspudec_plugin.dll
2012-03-17 05:35 - 2012-03-17 05:35 - 009942016 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libavcodec_plugin.dll
2012-03-17 05:35 - 2012-03-17 05:35 - 001397248 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libzvbi_plugin.dll
2012-03-17 05:35 - 2012-03-17 05:35 - 000154624 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libdvbsub_plugin.dll
2012-03-17 05:35 - 2012-03-17 05:35 - 000166400 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\liblibmpeg2_plugin.dll
2012-03-17 05:35 - 2012-03-17 05:35 - 000038912 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libsvcdsub_plugin.dll
2012-03-17 05:35 - 2012-03-17 05:35 - 000040960 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libcvdsub_plugin.dll
2012-03-17 05:35 - 2012-03-17 05:35 - 000046592 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libsubsdec_plugin.dll
2012-03-17 05:35 - 2012-03-17 05:35 - 000708608 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\text_renderer\libfreetype_plugin.dll
2012-03-17 05:35 - 2012-03-17 05:35 - 000052736 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\sse2\libi420_yuy2_sse2_plugin.dll
2012-03-17 05:35 - 2012-03-17 05:35 - 000044544 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\mmx\libi420_yuy2_mmx_plugin.dll
2012-03-17 05:35 - 2012-03-17 05:35 - 000403968 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\video_filter\libswscale_plugin.dll
2012-03-17 05:35 - 2012-03-17 05:35 - 000139264 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\sse2\libi420_rgb_sse2_plugin.dll
2012-03-17 05:35 - 2012-03-17 05:35 - 000050688 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\sse2\libi422_yuy2_sse2_plugin.dll
2012-03-17 05:35 - 2012-03-17 05:35 - 000041984 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\mmx\libi422_yuy2_mmx_plugin.dll
2012-03-17 05:35 - 2012-03-17 05:35 - 000077824 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\mmx\libi420_rgb_mmx_plugin.dll
2012-03-17 05:35 - 2012-03-17 05:35 - 000040960 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\video_chroma\libi422_yuy2_plugin.dll
2012-03-17 05:35 - 2012-03-17 05:35 - 000042496 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\video_chroma\libi420_yuy2_plugin.dll
2012-03-17 05:35 - 2012-03-17 05:35 - 000056320 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\video_chroma\libi420_rgb_plugin.dll
2012-03-17 05:35 - 2012-03-17 05:35 - 000036352 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\video_chroma\libgrey_yuv_plugin.dll
2012-03-17 05:35 - 2012-03-17 05:35 - 000040960 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\video_chroma\libyuy2_i422_plugin.dll
2012-03-17 05:35 - 2012-03-17 05:35 - 000044544 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\video_chroma\libyuy2_i420_plugin.dll
2012-03-17 05:35 - 2012-03-17 05:35 - 000036864 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\video_chroma\libi422_i420_plugin.dll
2012-03-17 05:35 - 2012-03-17 05:35 - 000035840 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\video_filter\libscale_plugin.dll
2012-03-17 05:35 - 2012-03-17 05:35 - 000034816 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\video_filter\libyuvp_plugin.dll
2012-03-17 05:35 - 2012-03-17 05:35 - 000070144 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\video_output\libdirect3d_plugin.dll
2012-03-17 05:35 - 2012-03-17 05:35 - 000182272 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libdtstofloat32_plugin.dll
2012-03-17 05:35 - 2012-03-17 05:35 - 000068608 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\liba52tofloat32_plugin.dll
2012-03-17 05:35 - 2012-03-17 05:35 - 000135168 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libmpgatofixed32_plugin.dll
2012-03-17 05:35 - 2012-03-17 05:35 - 001518080 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libsamplerate_plugin.dll
2012-03-17 05:35 - 2012-03-17 05:35 - 000046592 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libspeex_resampler_plugin.dll
2012-03-17 05:35 - 2012-03-17 05:35 - 000036864 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libconverter_fixed_plugin.dll
2012-03-17 05:35 - 2012-03-17 05:35 - 000034816 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\liba52tospdif_plugin.dll
2012-03-17 05:35 - 2012-03-17 05:35 - 000036864 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libdtstospdif_plugin.dll
2012-03-17 05:35 - 2012-03-17 05:35 - 000038400 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libsimple_channel_mixer_plugin.dll
2012-03-17 05:35 - 2012-03-17 05:35 - 000036352 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libdolby_surround_decoder_plugin.dll
2012-03-17 05:35 - 2012-03-17 05:35 - 000035328 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libugly_resampler_plugin.dll
2012-03-17 05:35 - 2012-03-17 05:35 - 000036352 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libtrivial_channel_mixer_plugin.dll
2012-03-17 05:35 - 2012-03-17 05:35 - 000045568 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libaudio_format_plugin.dll
2012-03-17 05:35 - 2012-03-17 05:35 - 000033792 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_mixer\libfloat32_mixer_plugin.dll
2012-03-17 05:35 - 2012-03-17 05:35 - 000040960 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libscaletempo_plugin.dll
2012-03-17 05:35 - 2012-03-17 05:35 - 000046592 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libequalizer_plugin.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-14 08:04 - 2009-06-11 02:30 - 000000824 _____ C:\windows\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-3556545472-3032083503-3214586581-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Henna\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [VirtualPC-In-UDP-1] => (Allow) %SystemRoot%\System32\vpc.exe
FirewallRules: [VirtualPC-In-UDP-2] => (Allow) %SystemRoot%\System32\vpc.exe
FirewallRules: [VirtualPC-In-TCP-1] => (Allow) %SystemRoot%\System32\vpc.exe
FirewallRules: [{24253ED2-B842-48E1-8EAD-E486FA600F47}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{88530536-035B-49D6-B320-CE61CADFA01A}] => (Allow) C:\Users\Henna\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [{5DF9E94B-F081-45DD-945A-83D528D5B05A}] => (Allow) C:\Program Files\BitComet\BitComet.exe
FirewallRules: [{733B103A-9253-4E38-B60B-6D6E4790C188}] => (Allow) C:\Program Files\BitComet\BitComet.exe
FirewallRules: [{636493D8-2BF5-48CD-A786-FB9C4A5FF08E}] => (Allow) C:\Program Files (x86)\GoforFiles\goforfilesdl.exe
FirewallRules: [{92F07FDB-B91E-4DA5-94C6-D7E2344D1372}] => (Allow) C:\Program Files (x86)\GoforFiles\goforfilesdl.exe
FirewallRules: [{8FE1664D-FC7B-462D-8349-B1D6EF159133}] => (Allow) C:\Program Files (x86)\GoforFiles\GoforFiles.exe
FirewallRules: [{46A302E5-3ED5-4047-8DFD-60B42572CADA}] => (Allow) C:\Program Files (x86)\GoforFiles\GoforFiles.exe
FirewallRules: [{46B40D9B-70E2-460B-98EA-E5BA2405235A}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{189273E2-A91B-4BCF-9813-D2B99CD06698}] => (Allow) LPort=2869
FirewallRules: [{65041B6E-6C9A-4861-855F-9DF2D1A6F287}] => (Allow) LPort=1900
FirewallRules: [{D49CE601-C219-43C9-B951-8A0EC8242624}] => (Allow) C:\Program Files\BitComet\BitComet.exe
FirewallRules: [{6467320E-2001-4969-85AF-1DF45E1423C8}] => (Allow) C:\Program Files\BitComet\BitComet.exe
FirewallRules: [{0201C3C7-D608-4F24-8C1E-EA174B742A62}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
FirewallRules: [{BDC67C18-ECB0-41AD-9BD0-DDB9FD7DB103}] => (Allow) C:\Users\Henna\AppData\Local\Facebook\Video\Skype\FacebookVideoCalling.exe
FirewallRules: [{6AAEEA9F-0518-4B80-9402-97A93CC09111}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{DABEEFFF-4430-47CE-B1D0-B09CB3C8A234}] => (Allow) C:\Program Files (x86)\Sony Mobile\Update Engine\Sony Mobile Update Engine.exe
FirewallRules: [{91C37BB6-EBDC-4BCF-BEA6-6F24F612EDB9}] => (Allow) C:\Program Files (x86)\Sony Mobile\Update Engine\Sony Mobile Update Engine.exe
FirewallRules: [{F169A1CB-FA3E-4308-AA62-33A8E3509004}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{9E4341C0-3447-4F17-AA42-FAD8EA52C082}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{7E4FFC44-77C3-40EC-8832-2BFA9FD53CA4}] => (Allow) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.5337.5000.105\Bin\Smc.exe
FirewallRules: [{4B879BA0-BABD-4F45-85D9-AAE3EF595EAC}] => (Allow) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.5337.5000.105\Bin\Smc.exe
FirewallRules: [{64A40C0C-9F35-4894-9637-FC66175F1E38}] => (Allow) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.5337.5000.105\Bin64\snac64.exe
FirewallRules: [{0867E6FE-2041-4E63-BEE6-0E1652358E7E}] => (Allow) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.5337.5000.105\Bin64\snac64.exe
FirewallRules: [{781DBA4C-AA65-4E9E-8EBC-410693E9F7CE}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{9E46F858-ADFF-4C51-984D-498E3101288D}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{298C839C-E2E5-432D-B719-9685D08E48A2}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{6FD65B2E-03FE-4941-A721-39CAC441BA9B}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{83331435-4016-473A-8248-42FB6620F2EA}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{8CAA2623-5FFC-4C79-801C-2854DCA548E2}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{D3B100E9-A4CF-4ACE-83EC-847951FD747B}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
FirewallRules: [{66F9CFF6-71BF-4206-AAE6-8352BC24C03D}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
FirewallRules: [{EBCC30F7-B7CB-4E3D-8004-82F8F1B3DB99}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
FirewallRules: [{D10EB770-814F-4FDD-8351-F9D1DB01DE15}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
FirewallRules: [TCP Query User{9E1ACEDA-D204-4D1B-B1ED-36859CFC724B}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{706846AE-3B01-496C-88CA-A17E0100CD04}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{594D0D69-EF71-4BC5-813E-D790FEA012CA}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
FirewallRules: [{7151B060-91A7-4CD7-AB58-334C8235E43F}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [TCP Query User{2B52909C-45D2-475B-A8DD-31C185025F16}C:\users\henna\appdata\local\microsoft\lwaplugin\x86\15.8\lwaplugin.exe] => (Allow) C:\users\henna\appdata\local\microsoft\lwaplugin\x86\15.8\lwaplugin.exe
FirewallRules: [UDP Query User{2904075C-04C5-45A9-885E-54F21AEA6AD1}C:\users\henna\appdata\local\microsoft\lwaplugin\x86\15.8\lwaplugin.exe] => (Allow) C:\users\henna\appdata\local\microsoft\lwaplugin\x86\15.8\lwaplugin.exe
FirewallRules: [{81BAEAEB-55D4-4068-8222-A93E4ECC64BA}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Restore Points =========================
 
04-04-2018 23:05:30 Windows Update
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (04/07/2018 05:59:06 PM) (Source: Google Update) (EventID: 20) (User: Henna-PC)
Description: Event-ID 20
 
Error: (04/07/2018 02:59:06 PM) (Source: Google Update) (EventID: 20) (User: Henna-PC)
Description: Event-ID 20
 
Error: (04/04/2018 06:01:30 AM) (Source: Google Update) (EventID: 20) (User: Henna-PC)
Description: Event-ID 20
 
Error: (04/04/2018 12:01:40 AM) (Source: Google Update) (EventID: 20) (User: Henna-PC)
Description: Event-ID 20
 
Error: (04/03/2018 08:59:14 AM) (Source: Google Update) (EventID: 20) (User: Henna-PC)
Description: Event-ID 20
 
Error: (04/02/2018 08:59:05 PM) (Source: Google Update) (EventID: 20) (User: Henna-PC)
Description: Event-ID 20
 
Error: (04/01/2018 09:50:48 PM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: The backup did not complete because of an error writing to the backup location D:\. The error is: The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006).
 
Error: (04/01/2018 03:19:15 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
 
System errors:
=============
Error: (04/07/2018 07:35:26 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: Microsoft Antimalware has encountered an error trying to update signatures.
 
New Signature Version: 
 
Previous Signature Version: 1.265.200.0
 
Update Source: Microsoft Update Server
 
Update Stage: Search
 
 
Signature Type: AntiVirus
 
Update Type: Full
 
User: NT AUTHORITY\SYSTEM
 
Current Engine Version: 
 
Previous Engine Version: 1.1.14700.5
 
Error code: 0x80072ee2
 
Error description: The operation timed out
 
Error: (04/07/2018 03:32:33 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: Microsoft Antimalware has encountered an error trying to update signatures.
 
New Signature Version: 
 
Previous Signature Version: 119.0.0.0
 
Update Source: Microsoft Malware Protection Center
 
Update Stage: Search
 
 
Signature Type: Network Inspection System
 
Update Type: Full
 
User: NT AUTHORITY\NETWORK SERVICE
 
Current Engine Version: 
 
Previous Engine Version: 2.1.14600.4
 
Error code: 0x80072ee7
 
Error description: The server name or address could not be resolved
 
Error: (04/07/2018 03:32:33 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: Microsoft Antimalware has encountered an error trying to update signatures.
 
New Signature Version: 
 
Previous Signature Version: 1.265.200.0
 
Update Source: Microsoft Malware Protection Center
 
Update Stage: Search
 
 
Signature Type: AntiSpyware
 
Update Type: Full
 
User: NT AUTHORITY\NETWORK SERVICE
 
Current Engine Version: 
 
Previous Engine Version: 1.1.14700.5
 
Error code: 0x80072ee7
 
Error description: The server name or address could not be resolved
 
Error: (04/07/2018 03:32:33 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: Microsoft Antimalware has encountered an error trying to update signatures.
 
New Signature Version: 
 
Previous Signature Version: 1.265.200.0
 
Update Source: Microsoft Malware Protection Center
 
Update Stage: Search
 
 
Signature Type: AntiVirus
 
Update Type: Full
 
User: NT AUTHORITY\NETWORK SERVICE
 
Current Engine Version: 
 
Previous Engine Version: 1.1.14700.5
 
Error code: 0x80072ee7
 
Error description: The server name or address could not be resolved
 
Error: (04/07/2018 03:32:33 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: Microsoft Antimalware has encountered an error trying to update signatures.
 
New Signature Version: 
 
Previous Signature Version: 1.265.200.0
 
Update Source: Microsoft Update Server
 
Update Stage: Search
 
 
Signature Type: AntiVirus
 
Update Type: Full
 
User: NT AUTHORITY\SYSTEM
 
Current Engine Version: 
 
Previous Engine Version: 1.1.14700.5
 
Error code: 0x8024402c
 
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
 
Error: (04/07/2018 02:51:55 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: Microsoft Antimalware has encountered an error trying to update signatures.
 
New Signature Version: 
 
Previous Signature Version: 119.0.0.0
 
Update Source: Microsoft Malware Protection Center
 
Update Stage: Search
 
 
Signature Type: Network Inspection System
 
Update Type: Full
 
User: Henna-PC\Henna
 
Current Engine Version: 
 
Previous Engine Version: 2.1.14600.4
 
Error code: 0x80072ee7
 
Error description: The server name or address could not be resolved
 
Error: (04/07/2018 02:51:55 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: Microsoft Antimalware has encountered an error trying to update signatures.
 
New Signature Version: 
 
Previous Signature Version: 1.265.200.0
 
Update Source: Microsoft Malware Protection Center
 
Update Stage: Search
 
 
Signature Type: AntiSpyware
 
Update Type: Full
 
User: Henna-PC\Henna
 
Current Engine Version: 
 
Previous Engine Version: 1.1.14700.5
 
Error code: 0x80072ee7
 
Error description: The server name or address could not be resolved
 
Error: (04/07/2018 02:51:55 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: Microsoft Antimalware has encountered an error trying to update signatures.
 
New Signature Version: 
 
Previous Signature Version: 1.265.200.0
 
Update Source: Microsoft Malware Protection Center
 
Update Stage: Search
 
 
Signature Type: AntiVirus
 
Update Type: Full
 
User: Henna-PC\Henna
 
Current Engine Version: 
 
Previous Engine Version: 1.1.14700.5
 
Error code: 0x80072ee7
 
Error description: The server name or address could not be resolved
 
 
CodeIntegrity:
===================================
 
Date: 2015-08-18 22:23:04.565
Description: 
Windows is unable to verify the integrity of the file \Device\HarddiskVolume2\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\x86_microsoft-windows-errorreportingcore_31bf3856ad364e35_10.0.10074.1_none_47662a2706182d6f\wermgr.exe because the signing certificate has been revoked.  Check with the publisher to see if a new signed version of the kernel module is available.
 
Date: 2015-08-18 22:23:04.562
Description: 
Windows is unable to verify the integrity of the file \Device\HarddiskVolume2\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\x86_microsoft-windows-errorreportingcore_31bf3856ad364e35_10.0.10074.1_none_47662a2706182d6f\wermgr.exe because the signing certificate has been revoked.  Check with the publisher to see if a new signed version of the kernel module is available.
 
Date: 2015-08-18 22:23:04.553
Description: 
Windows is unable to verify the integrity of the file \Device\HarddiskVolume2\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\amd64_microsoft-windows-errorreportingcore_31bf3856ad364e35_10.0.10074.1_none_a384c5aabe759ea5\wermgr.exe because the signing certificate has been revoked.  Check with the publisher to see if a new signed version of the kernel module is available.
 
Date: 2015-08-18 22:23:04.549
Description: 
Windows is unable to verify the integrity of the file \Device\HarddiskVolume2\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\amd64_microsoft-windows-errorreportingcore_31bf3856ad364e35_10.0.10074.1_none_a384c5aabe759ea5\wermgr.exe because the signing certificate has been revoked.  Check with the publisher to see if a new signed version of the kernel module is available.
 
Date: 2015-08-18 22:23:04.539
Description: 
Windows is unable to verify the integrity of the file \Device\HarddiskVolume2\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\amd64_microsoft-windows-errorreportingfaults_31bf3856ad364e35_10.0.10074.1_none_f3153036f55ab3f5\werfault.exe because the signing certificate has been revoked.  Check with the publisher to see if a new signed version of the kernel module is available.
 
Date: 2015-08-18 22:23:04.535
Description: 
Windows is unable to verify the integrity of the file \Device\HarddiskVolume2\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\amd64_microsoft-windows-errorreportingfaults_31bf3856ad364e35_10.0.10074.1_none_f3153036f55ab3f5\werfault.exe because the signing certificate has been revoked.  Check with the publisher to see if a new signed version of the kernel module is available.
 
Date: 2015-08-18 22:23:04.510
Description: 
Windows is unable to verify the integrity of the file \Device\HarddiskVolume2\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\x86_microsoft-windows-errorreportingfaults_31bf3856ad364e35_10.0.10074.1_none_96f694b33cfd42bf\werfault.exe because the signing certificate has been revoked.  Check with the publisher to see if a new signed version of the kernel module is available.
 
Date: 2015-08-18 22:23:04.506
Description: 
Windows is unable to verify the integrity of the file \Device\HarddiskVolume2\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\x86_microsoft-windows-errorreportingfaults_31bf3856ad364e35_10.0.10074.1_none_96f694b33cfd42bf\werfault.exe because the signing certificate has been revoked.  Check with the publisher to see if a new signed version of the kernel module is available.
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i7-3687U CPU @ 2.10GHz
Percentage of memory in use: 95%
Total physical RAM: 8070.17 MB
Available physical RAM: 380.1 MB
Total Virtual: 17381.53 MB
Available Virtual: 1771.46 MB
 
==================== Drives ================================
 
Drive c: (TI308467D0G) (Fixed) (Total:217.14 GB) (Free:20.75 GB) NTFS ==>[system with boot components (obtained from drive)]
 
\\?\Volume{3d35f645-3325-11e3-aae5-806e6f6e6963}\ (System) (Fixed) (Total:1.46 GB) (Free:1.24 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 238.5 GB) (Disk ID: A9A673BF)
Partition 1: (Active) - (Size=1.5 GB) - (Type=27)
Partition 2: (Not Active) - (Size=217.1 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=8 GB) - (Type=84)
Partition 4: (Not Active) - (Size=11.9 GB) - (Type=17)
 
==================== End of Addition.txt ============================


#3 nasdaq

nasdaq

  • Malware Response Team
  • 39,237 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:11 PM

Posted 07 April 2018 - 01:21 PM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Press the Windows key + r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

HKLM\...\Run: [] => [X]
GroupPolicy: Restriction - Chrome <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKLM-x32 -> DefaultScope value is missing
SearchScopes: HKU\S-1-5-21-3556545472-3032083503-3214586581-1000 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
Toolbar: HKLM - avast! WebRep - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\new_plugin\npjp2.dll [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
CHR HomePage: Default -> hxxp://home.sweetim.com/?barid={3382F38A-CD68-11E0-B341-00231828E7FB}
CHR StartupUrls: Default -> "hxxps://www.google.co.in/_/chrome/newtab","hxxp://www.oursurfing.com/?type=hp&ts=1446387028&z=4985e21242e7dedf699c25bgdzezcq7c5b0m9efofb&from=amt&uid=toshibaxthnsnf256gmcs_736s10mbts0y10mbts0y"
CHR NewTab: Default ->  Not-active:"chrome-extension://klicfmpioocaighkipjohjaeifjkpebc/newtab.html"
S3 hwusb_cdcacm; system32\DRIVERS\ew_cdcacm.sys [X]
S3 hwusb_wwanecm; system32\DRIVERS\ew_wwanecm.sys [X]
S3 massfilter; system32\drivers\massfilter.sys [X]
S3 MBAMSwissArmy; \??\C:\windows\system32\drivers\MBAMSwissArmy.sys [X]
S3 ZTEusbmdm6k; system32\DRIVERS\ZTEusbmdm6k.sys [X]
S3 ZTEusbnmea; system32\DRIVERS\ZTEusbnmea.sys [X]
S3 ZTEusbser6k; system32\DRIVERS\ZTEusbser6k.sys [X]

CustomCLSID: HKU\S-1-5-21-3556545472-3032083503-3214586581-1000_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\Henna\AppData\Local\GoToMeeting\8034\G2MOutlookAddin64.dll => No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers3: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
Task: {00F4887E-3523-4CD9-B309-A5602AF4F135} - \Installer_ytd -> No File <==== ATTENTION
Task: {10966D8C-E20E-450C-AE16-6ADCA3A9A019} - \GoforFilesUpdate -> No File <==== ATTENTION
Task: {490138D6-F06C-41D6-B07A-6F51BB160624} - \Installer_iwebar -> No File <==== ATTENTION
Task: {5236D5BF-0113-4611-9F9C-110012CCE717} - System32\Tasks\Installer_cr => C:\Users\Henna\AppData\Local\Installer\Installcr_32225\ytdieamodc_amodc_inst.exe <==== ATTENTION
Task: {6F00716F-7781-4261-9C62-CC570587AE1F} - \Installer_shopperpro -> No File <==== ATTENTION
Task: {D3CB3357-DFE9-4405-A733-2FD1982E2478} - System32\Tasks\WindowsUpda2ta => C:\Users\Henna\AppData\Roaming\MICROSOFT\gd.js [2017-03-10] () <==== ATTENTION
C:\Windows\System32\Tasks\Installer_cr
C:\Users\Henna\AppData\Local\Installer\Installcr_32225
C:\Windows\System32\Tasks\WindowsUpda2ta
C:\Users\Henna\AppData\Roaming\MICROSOFTs [2017-03-10] () <==== ATTENTION
C:\Users\Henna\AppData\Roaming\gd.js

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.
===

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Reset the browsers that you use and have been compromised.

How To:
https://www.howtogeek.com/171924/how-to-reset-your-web-browser-to-its-default-settings/

====

Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.

You can manually check your present version and update as recommended. (You need to check with Internet Explorer) <- Important.
https://www.java.com/en/download/installed.jsp

Be careful not to install malware posing as Java update!
Important read this blog.
http://blog.trendmicro.com/trendlabs-security-intelligence/malware-poses-as-an-update-for-java-0-day-fix/

Quoted from the page.
"In light of the recent events surrounding Java, users must seriously consider their use of Java. Do they really need it? If yes, make sure that users follow the steps we recommended and get the security update directly from the official oracle website." at:
http://www.oracle.com/technetwork/java/javase/downloads/index.html

How to disable Java in your browsers
http://www.infoworld.com/t/web-browsers/how-disable-java-in-your-browsers-210882

If still present after the update you can remove the old versions of Java via the Control Panel > Programs > Programs and Features.
Java 8 Update 40 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218040F0}) (Version: 8.0.400 - Oracle Corporation)
=====

Please post the fixlog.txt and let me know if the problem persists.

#4 hennadhawan

hennadhawan
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:02:41 AM

Posted 08 April 2018 - 06:53 AM

Fix result of Farbar Recovery Scan Tool (x64) Version: 14.03.2018
Ran by Henna (08-04-2018 12:54:47) Run:1
Running from C:\Users\Henna\Downloads
Loaded Profiles: Henna (Available Profiles: Henna)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
start
 
CreateRestorePoint:
EmptyTemp:
CloseProcesses:
 
HKLM\...\Run: [] => [X]
GroupPolicy: Restriction - Chrome <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKLM-x32 -> DefaultScope value is missing
SearchScopes: HKU\S-1-5-21-3556545472-3032083503-3214586581-1000 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
Toolbar: HKLM - avast! WebRep - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\new_plugin\npjp2.dll [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
CHR HomePage: Default -> hxxp://home.sweetim.com/?barid={3382F38A-CD68-11E0-B341-00231828E7FB}
CHR StartupUrls: Default -> "hxxps://www.google.co.in/_/chrome/newtab","hxxp://www.oursurfing.com/?type=hp&ts=1446387028&z=4985e21242e7dedf699c25bgdzezcq7c5b0m9efofb&from=amt&uid=toshibaxthnsnf256gmcs_736s10mbts0y10mbts0y"
CHR NewTab: Default ->  Not-active:"chrome-extension://klicfmpioocaighkipjohjaeifjkpebc/newtab.html"
S3 hwusb_cdcacm; system32\DRIVERS\ew_cdcacm.sys [X]
S3 hwusb_wwanecm; system32\DRIVERS\ew_wwanecm.sys [X]
S3 massfilter; system32\drivers\massfilter.sys [X]
S3 MBAMSwissArmy; \??\C:\windows\system32\drivers\MBAMSwissArmy.sys [X]
S3 ZTEusbmdm6k; system32\DRIVERS\ZTEusbmdm6k.sys [X]
S3 ZTEusbnmea; system32\DRIVERS\ZTEusbnmea.sys [X]
S3 ZTEusbser6k; system32\DRIVERS\ZTEusbser6k.sys [X]
 
CustomCLSID: HKU\S-1-5-21-3556545472-3032083503-3214586581-1000_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\Henna\AppData\Local\GoToMeeting\8034\G2MOutlookAddin64.dll => No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers3: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
Task: {00F4887E-3523-4CD9-B309-A5602AF4F135} - \Installer_ytd -> No File <==== ATTENTION
Task: {10966D8C-E20E-450C-AE16-6ADCA3A9A019} - \GoforFilesUpdate -> No File <==== ATTENTION
Task: {490138D6-F06C-41D6-B07A-6F51BB160624} - \Installer_iwebar -> No File <==== ATTENTION
Task: {5236D5BF-0113-4611-9F9C-110012CCE717} - System32\Tasks\Installer_cr => C:\Users\Henna\AppData\Local\Installer\Installcr_32225\ytdieamodc_amodc_inst.exe <==== ATTENTION
Task: {6F00716F-7781-4261-9C62-CC570587AE1F} - \Installer_shopperpro -> No File <==== ATTENTION
Task: {D3CB3357-DFE9-4405-A733-2FD1982E2478} - System32\Tasks\WindowsUpda2ta => C:\Users\Henna\AppData\Roaming\MICROSOFT\gd.js [2017-03-10] () <==== ATTENTION
C:\Windows\System32\Tasks\Installer_cr
C:\Users\Henna\AppData\Local\Installer\Installcr_32225
C:\Windows\System32\Tasks\WindowsUpda2ta
C:\Users\Henna\AppData\Roaming\MICROSOFTs [2017-03-10] () <==== ATTENTION
C:\Users\Henna\AppData\Roaming\gd.js
 
End
*****************
 
Restore point was successfully created.
Processes closed successfully.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\" => removed successfully
C:\windows\system32\GroupPolicy\Machine => moved successfully
C:\windows\system32\GroupPolicy\GPT.ini => moved successfully
C:\windows\SysWOW64\GroupPolicy\GPT.ini => moved successfully
"HKLM\SOFTWARE\Policies\Google" => removed successfully
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}" => removed successfully
HKLM\Software\Classes\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => not found
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
"HKU\S-1-5-21-3556545472-3032083503-3214586581-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope" => removed successfully
"HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}" => removed successfully
"HKLM\Software\Classes\CLSID\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F}" => removed successfully
HKLM\Software\Classes\CLSID\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} => not found
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin" => removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => removed successfully
"Chrome HomePage" => removed successfully
"Chrome StartupUrls" => removed successfully
"Chrome NewTab" => removed successfully
"HKLM\System\CurrentControlSet\Services\hwusb_cdcacm" => removed successfully
hwusb_cdcacm => service removed successfully
"HKLM\System\CurrentControlSet\Services\hwusb_wwanecm" => removed successfully
hwusb_wwanecm => service removed successfully
"HKLM\System\CurrentControlSet\Services\massfilter" => removed successfully
massfilter => service removed successfully
"HKLM\System\CurrentControlSet\Services\MBAMSwissArmy" => removed successfully
MBAMSwissArmy => service removed successfully
"HKLM\System\CurrentControlSet\Services\ZTEusbmdm6k" => removed successfully
ZTEusbmdm6k => service removed successfully
"HKLM\System\CurrentControlSet\Services\ZTEusbnmea" => removed successfully
ZTEusbnmea => service removed successfully
"HKLM\System\CurrentControlSet\Services\ZTEusbser6k" => removed successfully
ZTEusbser6k => service removed successfully
"HKU\S-1-5-21-3556545472-3032083503-3214586581-1000_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}" => removed successfully
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast" => removed successfully
HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => not found
"HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers\00avast" => removed successfully
HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{00F4887E-3523-4CD9-B309-A5602AF4F135}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{00F4887E-3523-4CD9-B309-A5602AF4F135}" => removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Installer_ytd => could not remove. Access Denied.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{10966D8C-E20E-450C-AE16-6ADCA3A9A019}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{10966D8C-E20E-450C-AE16-6ADCA3A9A019}" => removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoforFilesUpdate => could not remove. Access Denied.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{490138D6-F06C-41D6-B07A-6F51BB160624}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{490138D6-F06C-41D6-B07A-6F51BB160624}" => removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Installer_iwebar => could not remove. Access Denied.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{5236D5BF-0113-4611-9F9C-110012CCE717}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5236D5BF-0113-4611-9F9C-110012CCE717}" => removed successfully
C:\windows\System32\Tasks\Installer_cr => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Installer_cr" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{6F00716F-7781-4261-9C62-CC570587AE1F}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6F00716F-7781-4261-9C62-CC570587AE1F}" => removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Installer_shopperpro => could not remove. Access Denied.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{D3CB3357-DFE9-4405-A733-2FD1982E2478}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D3CB3357-DFE9-4405-A733-2FD1982E2478}" => removed successfully
C:\windows\System32\Tasks\WindowsUpda2ta => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WindowsUpda2ta" => removed successfully
"C:\Windows\System32\Tasks\Installer_cr" => not found
C:\Users\Henna\AppData\Local\Installer\Installcr_32225 => moved successfully
"C:\Windows\System32\Tasks\WindowsUpda2ta" => not found
"C:\Users\Henna\AppData\Roaming\MICROSOFTs [2017-03-10] () <==== ATTENTION" => not found
C:\Users\Henna\AppData\Roaming\gd.js => moved successfully
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 30790986 B
Java, Flash, Steam htmlcache => 7600 B
Windows/system/drivers => 12165401 B
Edge => 0 B
Chrome => 629421256 B
Firefox => 399833083 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 22314270 B
systemprofile32 => 82740 B
LocalService => 0 B
NetworkService => 34516890 B
Henna => 628295625 B
 
RecycleBin => 0 B
EmptyTemp: => 1.6 GB temporary data Removed.
 
================================
 
Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 08-04-2018 13:00:17)
 
 
Result of scheduled keys to remove after reboot:
 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Installer_ytd => could not remove. Access Denied.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoforFilesUpdate => could not remove. Access Denied.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Installer_iwebar => could not remove. Access Denied.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Installer_shopperpro => could not remove. Access Denied.
 
==== End of Fixlog 13:00:17 ====


#5 nasdaq

nasdaq

  • Malware Response Team
  • 39,237 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:11 PM

Posted 08 April 2018 - 07:36 AM



Hi,

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the LogFile button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleanerCx.txt (x is a number).
===

Please post the log and let me know what problem persists with this computer.

#6 hennadhawan

hennadhawan
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:02:41 AM

Posted 11 April 2018 - 01:45 PM

# AdwCleaner 7.0.8.0 - Logfile created on Wed Apr 11 18:40:43 2018

# Updated on 2018/08/02 by Malwarebytes 
# Running on Windows 7 Professional (X64)
# Mode: clean
 
***** [ Services ] *****
 
No malicious services deleted.
 
***** [ Folders ] *****
 
Deleted: C:\Users\Administrator\AppData\Local\torch
Deleted: C:\Users\Guest\AppData\Local\torch
Deleted: C:\Users\HomeGroupUser$\AppData\Local\torch
 
 
***** [ Files ] *****
 
No malicious files deleted.
 
***** [ DLL ] *****
 
No malicious DLLs cleaned.
 
***** [ WMI ] *****
 
No malicious WMI cleaned.
 
***** [ Shortcuts ] *****
 
No malicious shortcuts cleaned.
 
***** [ Tasks ] *****
 
No malicious tasks deleted.
 
***** [ Registry ] *****
 
No malicious registry entries deleted.
 
***** [ Firefox (and derivatives) ] *****
 
No malicious Firefox entries deleted.
 
***** [ Chromium (and derivatives) ] *****
 
SearchProvider deleted: Ask - ask.com
 
 
*************************
 
::Tracing keys deleted
::Winsock settings cleared
::Additional Actions: 0
 
 
 
*************************
 
C:/AdwCleaner/AdwCleaner[C1].txt - [31293 B] - [2016/4/27 13:54:49]
C:/AdwCleaner/AdwCleaner[S1].txt - [1416 B] - [2016/4/27 13:49:17]
 
 
########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt ##########


#7 nasdaq

nasdaq

  • Malware Response Team
  • 39,237 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:11 PM

Posted 12 April 2018 - 07:13 AM

Hi,

How is the computer running now?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users