Kumar

Members

View Profile See their activity

Posts
3
Joined
January 17, 2017
Last visited
January 18, 2017

Reputation

0 Neutral

Windows 10 System Shuts down while running the scan, during heuristic analysis

Kumar replied to Kumar's topic in Resolved Malware Removal Logs

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:04-10-2015 Ran by admin (administrator) on DESKTOP-T7EL38F (18-01-2017 10:57:44) Running from C:\Users\admin\Desktop Loaded Profiles: admin (Available Profiles: defaultuser0 & admin) Platform: Windows 10 Pro (X64) Language: English (United States) Internet Explorer Version 11 (Default browser: Edge) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe () C:\Program Files (x86)\Gubed_WMI\Gubed_WMI.exe (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe Failed to access process -> Memory Compression (Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler64.exe (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe (Hewlett-Packard Co.) C:\Program Files\HP\HP Deskjet 3540 series\Bin\ScanToPCActivationApp.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe (HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe (Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe (Microsoft Corporation) C:\Windows\System32\browser_broker.exe (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe (Microsoft Corporation) C:\Windows\System32\InstallAgent.exe (Microsoft Corporation) C:\Windows\System32\smartscreen.exe (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [631808 2016-09-07] (Microsoft Corporation) HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2776528 2016-12-14] (Malwarebytes) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-09-22] (Oracle Corporation) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-21-2565885549-1411879035-1963333558-1001\...\Run: [HP Deskjet 3540 series (NET)] => C:\Program Files\HP\HP Deskjet 3540 series\Bin\ScanToPCActivationApp.exe [3487240 2014-03-06] (Hewlett-Packard Co.) HKU\S-1-5-21-2565885549-1411879035-1963333558-1001\...\MountPoints2: {0ffc644d-a98d-11e6-a380-e4e616ef3ea0} - "D:\Setup.exe" Startup: C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Opengoogle - Shortcut.lnk [2016-11-04] ShortcutTarget: Opengoogle - Shortcut.lnk -> C:\Users\admin\Desktop\Opengoogle.bat () GroupPolicyScripts: Restriction <======= ATTENTION GroupPolicyScripts\User: Restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local: [ActivePolicy] SOFTWARE\Policies\Microsoft\Windows\IPSEC\Policy\Local\ipsecPolicy{1ac9556e-1a35-4fbf-be7f-c07a04c5c56c} <======= ATTENTION (Restriction - IP) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{683d6c98-2eb4-4557-abfe-91322efc5e75}: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{dd8ca756-2d76-4373-9d3d-dcf1ae753f4e}: [DhcpNameServer] 192.168.1.1 Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = HKU\S-1-5-21-2565885549-1411879035-1963333558-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/ BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2012-10-02] (Microsoft Corporation) BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_74\bin\ssv.dll [2016-12-21] (Oracle Corporation) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2012-10-02] (Microsoft Corporation) BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2012-10-02] (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_74\bin\jp2ssv.dll [2016-12-21] (Oracle Corporation) BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2012-10-02] (Microsoft Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\ssv.dll [2016-11-01] (Oracle Corporation) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2012-10-02] (Microsoft Corporation) BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2012-10-02] (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\jp2ssv.dll [2016-11-01] (Oracle Corporation) Handler: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\System32\tbauth.dll [2016-07-16] (Microsoft Corporation) Handler-x32: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll [2016-07-16] (Microsoft Corporation) StartMenuInternet: IEXPLORE.EXE - iexplore.exe Edge: ====== Edge HomeButtonPage: HKU\S-1-5-21-2565885549-1411879035-1963333558-1001 -> hxxp://www.google.com FireFox: ======== FF ProfilePath: C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\wk1jsp8t.default FF Homepage: user_pref("browser.startup.homepage", "hxxps://www.malwarebytes.org/restorebrowser/ FF Plugin: @java.com/DTPlugin,version=11.74.2 -> C:\Program Files\Java\jre1.8.0_74\bin\dtplugin\npDeployJava1.dll [2016-12-21] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.74.2 -> C:\Program Files\Java\jre1.8.0_74\bin\plugin2\npjp2.dll [2016-12-21] (Oracle Corporation) FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2016-10-06] (Google) FF Plugin-x32: @java.com/DTPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\dtplugin\npDeployJava1.dll [2016-11-01] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\plugin2\npjp2.dll [2016-11-01] (Oracle Corporation) FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2012-10-02] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2012-10-02] (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN) FF Plugin HKU\S-1-5-21-2565885549-1411879035-1963333558-1001: @citrixonline.com/appdetectorplugin -> C:\Users\admin\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2016-11-22] (Citrix Online) FF Plugin HKU\S-1-5-21-2565885549-1411879035-1963333558-1001: tdameritrade.com/thinkorswim -> C:\Users\admin\AppData\Local\thinkorswim\npthinkorswim.dll No File FF Plugin HKU\S-1-5-21-2565885549-1411879035-1963333558-1001: tdameritrade.com/tossc -> C:\Users\admin\AppData\Local\thinkorswim\nptossc.dll No File FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2012-10-02] (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Users\admin\AppData\Roaming\mozilla\plugins\npatgpc.dll [2016-11-17] (Cisco WebEx LLC) FF Extension: Adblock Plus - C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\wk1jsp8t.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-10-11] ==================== Services (Whitelisted) ======================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S4 AppVClient; C:\Windows\system32\AppVClient.exe [822624 2016-12-14] (Microsoft Corporation) S2 CDPUserSvc; C:\Windows\System32\CDPUserSvc.dll [339456 2016-11-11] (Microsoft Corporation) R2 CDPUserSvc_c3042; C:\Windows\system32\svchost.exe [44496 2016-07-16] (Microsoft Corporation) R2 CDPUserSvc_c3042; C:\Windows\SysWOW64\svchost.exe [38792 2016-07-16] (Microsoft Corporation) S2 FirefoxU; C:\Program Files (x86)\Firefox\bin\FirefoxUpdate.exe [523952 2016-10-24] () [File not signed] S3 FrameServer; C:\Windows\system32\FrameServer.dll [805888 2016-11-02] (Microsoft Corporation) R2 GubedZL; C:\Program Files (x86)\Gubed\GubedZL.dll [125952 2017-01-16] () [File not signed] R2 Gubed_WMI; C:\Program Files (x86)\Gubed_WMI\Gubed_WMI.exe [109056 2016-12-23] () [File not signed] <==== ATTENTION R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [31776 2016-12-07] (HP Inc.) S3 HvHost; C:\Windows\System32\hvhostsvc.dll [67584 2016-07-16] (Microsoft Corporation) S2 ibtsiva; C:\Program Files (x86)\Intel\Bluetooth\utilities\ibtsiva.exe [150256 2015-07-13] (Intel Corporation) R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4317648 2016-12-14] (Malwarebytes) S3 MessagingService; C:\Windows\System32\MessagingService.dll [52224 2016-07-16] (Microsoft Corporation) S3 MessagingService_c3042; C:\Windows\system32\svchost.exe [44496 2016-07-16] (Microsoft Corporation) S3 MessagingService_c3042; C:\Windows\SysWOW64\svchost.exe [38792 2016-07-16] (Microsoft Corporation) R2 OneSyncSvc_c3042; C:\Windows\system32\svchost.exe [44496 2016-07-16] (Microsoft Corporation) R2 OneSyncSvc_c3042; C:\Windows\SysWOW64\svchost.exe [38792 2016-07-16] (Microsoft Corporation) S3 PimIndexMaintenanceSvc_c3042; C:\Windows\system32\svchost.exe [44496 2016-07-16] (Microsoft Corporation) S3 PimIndexMaintenanceSvc_c3042; C:\Windows\SysWOW64\svchost.exe [38792 2016-07-16] (Microsoft Corporation) S3 RmSvc; C:\Windows\System32\RMapi.dll [140800 2016-09-15] (Microsoft Corporation) S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [2889896 2016-09-15] (Microsoft Corporation) S4 shpamsvc; C:\Windows\system32\Windows.SharedPC.AccountManager.dll [161792 2016-07-16] (Microsoft Corporation) R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [10351856 2016-12-15] (TeamViewer GmbH) S3 TieringEngineService; C:\Windows\system32\TieringEngineService.exe [287744 2016-07-16] (Microsoft Corporation) R3 TimeBrokerSvc; C:\Windows\System32\TimeBrokerServer.dll [177664 2016-07-16] (Microsoft Corporation) S4 tzautoupdate; C:\Windows\system32\tzautoupdate.dll [95232 2016-09-07] (Microsoft Corporation) S4 UevAgentService; C:\Windows\system32\AgentService.exe [1227264 2016-07-16] (Microsoft Corporation) S3 UnistoreSvc_c3042; C:\Windows\System32\svchost.exe [44496 2016-07-16] (Microsoft Corporation) S3 UnistoreSvc_c3042; C:\Windows\SysWOW64\svchost.exe [38792 2016-07-16] (Microsoft Corporation) S3 UserDataSvc_c3042; C:\Windows\system32\svchost.exe [44496 2016-07-16] (Microsoft Corporation) S3 UserDataSvc_c3042; C:\Windows\SysWOW64\svchost.exe [38792 2016-07-16] (Microsoft Corporation) S3 vmicrdv; C:\Windows\System32\icsvcext.dll [349696 2016-09-15] (Microsoft Corporation) S3 vmicvss; C:\Windows\System32\icsvcext.dll [349696 2016-09-15] (Microsoft Corporation) R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation) R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation) S3 wisvc; C:\Windows\system32\flightsettings.dll [635904 2016-11-02] (Microsoft Corporation) S3 WpnUserService; C:\Windows\System32\WpnUserService.dll [74240 2016-07-16] (Microsoft Corporation) S3 WpnUserService_c3042; C:\Windows\system32\svchost.exe [44496 2016-07-16] (Microsoft Corporation) S3 WpnUserService_c3042; C:\Windows\SysWOW64\svchost.exe [38792 2016-07-16] (Microsoft Corporation) S2 ed2kidle; "C:\Program Files (x86)\amuleC\ed2k.exe" -downloadwhenidle [X] ===================== Drivers (Whitelisted) ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 AcpiDev; C:\Windows\System32\drivers\AcpiDev.sys [18432 2016-07-16] (Microsoft Corporation) S3 applockerfltr; C:\Windows\System32\drivers\applockerfltr.sys [15360 2016-07-16] (Microsoft Corporation) S3 AppvStrm; C:\Windows\system32\drivers\AppvStrm.sys [127328 2016-09-15] (Microsoft Corporation) S3 AppvVemgr; C:\Windows\system32\drivers\AppvVemgr.sys [157024 2016-07-16] (Microsoft Corporation) S3 AppvVfs; C:\Windows\system32\drivers\AppvVfs.sys [141152 2016-07-16] (Microsoft Corporation) S0 b06bdrv; C:\Windows\System32\drivers\bxvbda.sys [533856 2016-07-16] (QLogic Corporation) S3 bcmfn; C:\Windows\System32\drivers\bcmfn.sys [9728 2016-07-16] (Windows (R) Win 7 DDK provider) S3 BthA2DP; C:\Windows\system32\drivers\BthA2DP.sys [168448 2016-09-15] (Microsoft Corporation) R3 BthHFAud; C:\Windows\system32\DRIVERS\BthHfAud.sys [37376 2016-07-16] (Microsoft Corporation) S3 cht4iscsi; C:\Windows\System32\drivers\cht4sx64.sys [346976 2016-07-16] (Chelsio Communications) S3 cht4vbd; C:\Windows\System32\drivers\cht4vx64.sys [2104160 2016-07-16] (Chelsio Communications) R2 clreg; C:\Windows\System32\drivers\registry.sys [70144 2016-07-16] (Microsoft Corporation) S3 hvservice; C:\Windows\System32\drivers\hvservice.sys [73568 2016-08-06] (Microsoft Corporation) S3 iagpio; C:\Windows\System32\drivers\iagpio.sys [33280 2016-07-16] (Intel(R) Corporation) S3 iai2c; C:\Windows\System32\drivers\iai2c.sys [81408 2016-07-16] (Intel(R) Corporation) S3 iaLPSS2i_GPIO2; C:\Windows\System32\drivers\iaLPSS2i_GPIO2.sys [64512 2016-07-16] (Intel Corporation) S3 iaLPSS2i_I2C; C:\Windows\System32\drivers\iaLPSS2i_I2C.sys [176384 2016-07-16] (Intel Corporation) S3 IndirectKmd; C:\Windows\System32\drivers\IndirectKmd.sys [35840 2016-07-16] (Microsoft Corporation) R0 iorate; C:\Windows\System32\drivers\iorate.sys [48992 2016-11-02] (Microsoft Corporation) R0 MBAMSwissArmy; C:\Windows\System32\drivers\MBAMSwissArmy.sys [250816 2017-01-18] (Malwarebytes) S0 megasas2i; C:\Windows\System32\drivers\MegaSas2i.sys [64352 2016-10-05] (Avago Technologies) S3 MsSecFlt; C:\Windows\System32\drivers\mssecflt.sys [179040 2016-07-16] (Microsoft Corporation) S3 NetAdapterCx; C:\Windows\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] () S0 percsas2i; C:\Windows\System32\drivers\percsas2i.sys [58720 2016-07-16] (Avago Technologies) R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [589824 2016-07-16] (Realtek ) S0 scmbus; C:\Windows\System32\drivers\scmbus.sys [88416 2016-07-16] (Microsoft Corporation) S3 scmdisk0101; C:\Windows\System32\drivers\scmdisk0101.sys [123904 2016-07-16] (Microsoft Corporation) S3 UcmTcpciCx0101; C:\Windows\System32\Drivers\UcmTcpciCx.sys [108544 2016-07-16] (Microsoft Corporation) S3 UdeCx; C:\Windows\System32\drivers\udecx.sys [45568 2016-07-16] (Microsoft Corporation) S4 UevAgentDriver; C:\Windows\system32\drivers\UevAgentDriver.sys [40288 2016-07-16] (Microsoft Corporation) S3 vmgid; C:\Windows\System32\drivers\vmgid.sys [10240 2016-07-16] (Microsoft Corporation) R0 volume; C:\Windows\System32\drivers\volume.sys [16224 2016-07-16] (Microsoft Corporation) R2 wcifs; C:\Windows\system32\drivers\wcifs.sys [119648 2016-09-15] (Microsoft Corporation) R2 wcnfs; C:\Windows\system32\drivers\wcnfs.sys [66560 2016-07-16] (Microsoft Corporation) S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation) R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation) R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) NETSVC: shpamsvc -> C:\Windows\system32\Windows.SharedPC.AccountManager.dll (Microsoft Corporation) NETSVC: WpnService -> C:\Windows\system32\WpnService.dll (Microsoft Corporation) NETSVC: wisvc -> C:\Windows\system32\flightsettings.dll (Microsoft Corporation) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-01-18 10:57 - 2017-01-18 10:58 - 00019014 _____ C:\Users\admin\Desktop\FRST.txt 2017-01-18 10:57 - 2017-01-18 10:57 - 00000000 ____D C:\FRST 2017-01-18 10:56 - 2017-01-18 10:57 - 02193920 _____ (Farbar) C:\Users\admin\Desktop\FRST64.exe 2017-01-18 10:50 - 2016-12-26 11:27 - 00022016 _____ C:\Users\admin\Desktop\tt0202.xls 2017-01-18 10:50 - 2016-12-21 22:40 - 00955904 _____ C:\Users\admin\Desktop\VRS16 X 2003.xls 2017-01-18 10:50 - 2016-11-23 12:53 - 00061003 _____ C:\Users\admin\Desktop\Valuing Oil Stocks with the Graham Number.xlsm 2017-01-18 10:50 - 2016-11-16 17:35 - 79029520 _____ (WhatsApp) C:\Users\admin\Desktop\WhatsAppSetup.exe 2017-01-18 10:50 - 2016-11-16 17:35 - 79029520 _____ (WhatsApp) C:\Users\admin\Desktop\Unconfirmed 52640.crdownload 2017-01-18 10:50 - 2016-11-16 16:41 - 24743106 _____ C:\Users\admin\Desktop\vlc-setup-win.exe 2017-01-18 10:50 - 2016-11-05 21:26 - 00069710 _____ C:\Users\admin\Desktop\Valuing-Oil-Stocks-with-the-Graham-Number.zip 2017-01-18 10:50 - 2016-10-21 16:03 - 10841720 _____ (TeamViewer GmbH) C:\Users\admin\Desktop\TeamViewer_Setup_en-sbv.exe 2017-01-18 10:50 - 2016-10-17 13:19 - 06544056 _____ (Intel(R) Corporation) C:\Users\admin\Desktop\WP-BT_17.1.1529.1613_t64(1).exe 2017-01-18 10:50 - 2016-10-15 17:30 - 06544056 _____ (Intel(R) Corporation) C:\Users\admin\Desktop\WP-BT_17.1.1529.1613_t64.exe 2017-01-18 10:50 - 2016-10-13 20:34 - 30072320 _____ C:\Users\admin\Desktop\TradeTigerSetup.msi 2017-01-18 10:49 - 2017-01-18 10:50 - 00000000 ____D C:\Users\admin\Desktop\OptionProbabilityCalculator 2017-01-18 10:49 - 2017-01-17 13:49 - 54199488 _____ (Malwarebytes ) C:\Users\admin\Desktop\mb3-setup-consumer-3.0.5.1299.exe 2017-01-18 10:49 - 2017-01-15 23:17 - 00352436 _____ C:\Users\admin\Desktop\google.csv 2017-01-18 10:49 - 2017-01-15 17:16 - 00243552 _____ C:\Users\admin\Desktop\Firefox Setup Stub 50.1.0.exe 2017-01-18 10:49 - 2017-01-15 16:38 - 16146725 _____ C:\Users\admin\Desktop\pi.zip 2017-01-18 10:49 - 2017-01-10 23:26 - 01065376 _____ (Google Inc.) C:\Users\admin\Desktop\GoogleEarthSetup.exe 2017-01-18 10:49 - 2016-12-27 20:52 - 00113079 _____ C:\Users\admin\Desktop\DELHI (1).xlsx 2017-01-18 10:49 - 2016-12-27 19:58 - 00065024 _____ C:\Users\admin\Desktop\fiscal-calendar-2017-portrait-6-months-blocks.xls 2017-01-18 10:49 - 2016-12-26 23:16 - 00113079 _____ C:\Users\admin\Desktop\DELHI.xlsx 2017-01-18 10:49 - 2016-12-21 23:15 - 43544408 _____ (HP Inc. ) C:\Users\admin\Desktop\sp78153.exe 2017-01-18 10:49 - 2016-12-21 16:46 - 57569888 _____ (Oracle Corporation) C:\Users\admin\Desktop\jre-8u74-windows-x64.exe 2017-01-18 10:49 - 2016-12-21 16:33 - 30403470 _____ C:\Users\admin\Desktop\NestTrader_Setup_V.3.11.4.4_CapitalFocus_iNET_without_framewrk.zip 2017-01-18 10:49 - 2016-12-12 17:05 - 07659763 _____ C:\Users\admin\Desktop\cHENNAI vARDAH 2016-12-12 at 16.23.19 2017-01-18 10:49 - 2016-12-02 16:01 - 00000103 _____ C:\Users\admin\Desktop\block.csv 2017-01-18 10:49 - 2016-11-29 20:08 - 00022028 _____ C:\Users\admin\Desktop\FOVOLT_28112016.csv 2017-01-18 10:49 - 2016-11-29 19:46 - 00025508 _____ C:\Users\admin\Desktop\FOVOLT_29112016.csv 2017-01-18 10:49 - 2016-11-29 17:13 - 00025514 _____ C:\Users\admin\Desktop\FOVOLT_28112016 (1).csv 2017-01-18 10:49 - 2016-11-24 18:10 - 00000922 _____ C:\Users\admin\Desktop\fao_participant_vol_24112016.csv 2017-01-18 10:49 - 2016-11-24 18:06 - 00000883 _____ C:\Users\admin\Desktop\fao_participant_oi_24112016.csv 2017-01-18 10:49 - 2016-11-24 16:35 - 00025534 _____ C:\Users\admin\Desktop\FOVOLT_24112016.csv 2017-01-18 10:49 - 2016-11-23 16:55 - 00000907 _____ C:\Users\admin\Desktop\fao_participant_vol_22112016.csv 2017-01-18 10:49 - 2016-11-23 11:09 - 00101236 _____ C:\Users\admin\Desktop\CMVOLT_22112016.CSV 2017-01-18 10:49 - 2016-11-17 15:06 - 00922728 _____ (Cisco WebEx LLC) C:\Users\admin\Desktop\Cisco_WebEx_Add-On.exe 2017-01-18 10:49 - 2016-11-09 15:23 - 00321536 _____ C:\Users\admin\Desktop\OptionTradingWorkbook.xls 2017-01-18 10:49 - 2016-11-09 15:09 - 00330752 _____ C:\Users\admin\Desktop\OptionTradingWorkbook (1).xls 2017-01-18 10:49 - 2016-11-08 18:42 - 00526336 _____ C:\Users\admin\Desktop\IndexInclExcl.xls 2017-01-18 10:49 - 2016-11-08 11:36 - 00006234 _____ C:\Users\admin\Desktop\nifty50_mcwb.csv 2017-01-18 10:49 - 2016-11-05 21:03 - 00011314 _____ C:\Users\admin\Desktop\OptionProbabilityCalculator.zip 2017-01-18 10:49 - 2016-11-02 16:10 - 02076064 _____ C:\Users\admin\Desktop\ShowMyPC3500.exe 2017-01-18 10:49 - 2016-11-02 12:26 - 00051017 _____ C:\Users\admin\Desktop\table (1).csv 2017-01-18 10:49 - 2016-11-02 12:24 - 00057559 _____ C:\Users\admin\Desktop\table.csv 2017-01-18 10:49 - 2016-11-02 11:35 - 00019964 _____ C:\Users\admin\Desktop\FOVOLT_210920151.csv 2017-01-18 10:49 - 2016-11-02 11:34 - 00023217 _____ C:\Users\admin\Desktop\FOVOLT_21092015.csv 2017-01-18 10:49 - 2016-11-01 21:21 - 00083253 _____ C:\Users\admin\Desktop\DailyNFRELIANCE 24-Nov-2016.csv 2017-01-18 10:49 - 2016-11-01 16:53 - 00348527 _____ C:\Users\admin\Desktop\dATA _ TO CALCULATE vo_DailyNCNIFTY.csv 2017-01-18 10:49 - 2016-11-01 16:45 - 00007562 _____ C:\Users\admin\Desktop\8750_NIFTY_CE_01-Aug-2016_TO_28-Oct-2016.csv 2017-01-18 10:49 - 2016-11-01 14:02 - 00737344 _____ (Oracle Corporation) C:\Users\admin\Desktop\JavaSetup8u111.exe 2017-01-18 10:49 - 2016-10-31 22:41 - 00025521 _____ C:\Users\admin\Desktop\FOVOLT_30102016.csv 2017-01-18 10:49 - 2016-10-31 22:40 - 00001307 _____ C:\Users\admin\Desktop\FOVOLT_28102016.csv 2017-01-18 10:49 - 2016-10-26 23:18 - 00002577 _____ C:\Users\admin\Desktop\OPTIDX_NIFTY_CE_03-Oct-2016_TO_26-Oct-2016.csv 2017-01-18 10:49 - 2016-10-26 23:18 - 00002569 _____ C:\Users\admin\Desktop\OPTIDX_NIFTY_PE_03-Oct-2016_TO_26-Oct-2016.csv 2017-01-18 10:49 - 2016-10-26 23:05 - 00046080 _____ C:\Users\admin\Desktop\sos_scheme (1).xls 2017-01-18 10:49 - 2016-10-26 23:04 - 00046080 _____ C:\Users\admin\Desktop\sos_scheme.xls 2017-01-18 10:49 - 2016-10-26 16:13 - 00422371 _____ C:\Users\admin\Desktop\fo25OCT2016bhav.csv.zip 2017-01-18 10:49 - 2016-10-26 16:07 - 00063045 _____ C:\Users\admin\Desktop\cm25OCT2016bhav.csv.zip 2017-01-18 10:49 - 2016-10-26 16:05 - 00101678 _____ C:\Users\admin\Desktop\CMVOLT_25102016.CSV 2017-01-18 10:49 - 2016-10-25 22:00 - 00067584 _____ C:\Users\admin\Desktop\Options_Premium_Calculator.xls 2017-01-18 10:49 - 2016-10-24 15:51 - 00065870 _____ C:\Users\admin\Desktop\app1.pdf;jsessionid=C0ABE07C15C69BC99E86C4E0FA91A095.f03t03 2017-01-18 10:49 - 2016-10-23 18:08 - 03630540 _____ C:\Users\admin\Desktop\option_trades_20160516_TUVWXYZ_sample.zip 2017-01-18 10:49 - 2016-10-21 17:24 - 00927232 _____ C:\Users\admin\Desktop\OptionCalculatorSetup.msi 2017-01-18 10:49 - 2016-10-21 15:30 - 24998531 _____ C:\Users\admin\Desktop\NEST3.zip 2017-01-18 10:49 - 2016-10-15 19:01 - 52706560 _____ (Lenovo Group Limited ) C:\Users\admin\Desktop\j3bm02ww.exe 2017-01-18 10:49 - 2016-10-11 19:52 - 00243560 _____ C:\Users\admin\Desktop\Firefox Setup Stub 49.0.1.exe 2017-01-17 14:12 - 2017-01-17 14:12 - 00174764 _____ C:\Windows\Minidump\011717-19531-01.dmp 2017-01-17 13:49 - 2017-01-18 10:22 - 00250816 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2017-01-17 13:49 - 2017-01-17 13:49 - 00001912 _____ C:\Users\Public\Desktop\Malwarebytes.lnk 2017-01-17 13:49 - 2017-01-17 13:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes 2017-01-17 13:49 - 2017-01-17 13:49 - 00000000 ____D C:\ProgramData\Malwarebytes 2017-01-17 13:49 - 2017-01-17 13:49 - 00000000 ____D C:\Program Files\Malwarebytes 2017-01-17 13:49 - 2016-12-14 12:55 - 00077416 _____ C:\Windows\system32\Drivers\mbae64.sys 2017-01-17 11:57 - 2017-01-17 13:53 - 00000214 _____ C:\Windows\Tasks\CreateExplorerShellUnelevatedTask.job 2017-01-15 22:44 - 2017-01-16 09:29 - 00142188 _____ C:\Users\admin\Desktop\New_IntraDayNFNIFTY 25-Jan-2017.xlsm 2017-01-15 18:46 - 2017-01-15 22:44 - 00156974 _____ C:\Users\admin\Desktop\IntraDayNFNIFTY 25-Jan-2017.csv 2017-01-15 17:17 - 2017-01-16 23:14 - 00000000 ____D C:\Users\admin\AppData\LocalLow\Mozilla 2017-01-15 16:40 - 2017-01-15 16:40 - 00002565 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Uninstall Pi.lnk 2017-01-15 16:40 - 2017-01-15 16:40 - 00002565 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Pi.lnk 2017-01-15 16:40 - 2017-01-15 16:40 - 00002559 _____ C:\Users\Public\Desktop\Pi.lnk 2017-01-15 16:40 - 2017-01-15 16:40 - 00000000 ____D C:\Zerodha 2017-01-12 19:53 - 2017-01-12 19:53 - 00001040 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 12.lnk 2017-01-12 19:53 - 2017-01-12 19:53 - 00001028 _____ C:\Users\Public\Desktop\TeamViewer 12.lnk 2017-01-12 12:13 - 2017-01-12 12:39 - 00002596 _____ C:\Users\admin\Desktop\GraphNFNIFTY 25-Jan-2017.csv 2017-01-12 11:55 - 2017-01-12 11:55 - 00238942 _____ C:\Users\admin\Desktop\min_HA_Open_hign and Low testing.csv 2017-01-12 11:44 - 2017-01-15 18:40 - 00089533 _____ C:\Users\admin\Desktop\DailyNFNIFTY 25-Jan-2017_12th Jan.csv 2017-01-11 13:22 - 2016-12-23 04:43 - 00835576 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2017-01-11 13:22 - 2016-12-23 04:43 - 00177656 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2017-01-11 10:10 - 2016-12-21 13:13 - 04130440 _____ (Microsoft Corporation) C:\Windows\system32\mfcore.dll 2017-01-11 10:10 - 2016-12-21 13:13 - 01454504 _____ (Microsoft Corporation) C:\Windows\system32\mfnetsrc.dll 2017-01-11 10:10 - 2016-12-21 13:13 - 01071736 _____ (Microsoft Corporation) C:\Windows\system32\mfnetcore.dll 2017-01-11 10:10 - 2016-12-21 13:12 - 01988560 _____ (Microsoft Corporation) C:\Windows\system32\mfmp4srcsnk.dll 2017-01-11 10:10 - 2016-12-21 13:12 - 01702392 _____ (Microsoft Corporation) C:\Windows\system32\mfasfsrcsnk.dll 2017-01-11 10:10 - 2016-12-21 13:12 - 01300600 _____ (Microsoft Corporation) C:\Windows\system32\mfmpeg2srcsnk.dll 2017-01-11 10:10 - 2016-12-21 13:11 - 01600632 _____ (Microsoft Corporation) C:\Windows\system32\sppobjs.dll 2017-01-11 10:10 - 2016-12-21 12:38 - 00360448 _____ (Microsoft Corporation) C:\Windows\system32\rdpencom.dll 2017-01-11 10:10 - 2016-12-21 12:36 - 06285312 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.dll 2017-01-11 10:10 - 2016-12-21 12:29 - 00883712 _____ (Microsoft Corporation) C:\Windows\system32\samsrv.dll 2017-01-11 10:10 - 2016-12-21 12:26 - 00936960 _____ (Microsoft Corporation) C:\Windows\system32\MCRecvSrc.dll 2017-01-11 10:10 - 2016-12-21 12:23 - 04474368 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_47.dll 2017-01-11 10:10 - 2016-12-21 12:21 - 08075776 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll 2017-01-11 10:10 - 2016-12-21 12:21 - 05611008 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll 2017-01-11 10:10 - 2016-12-21 12:20 - 01490432 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2017-01-11 10:10 - 2016-12-21 11:29 - 00218976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\offlinesam.dll 2017-01-11 10:10 - 2016-12-21 10:39 - 00263472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Storage.ApplicationData.dll 2017-01-11 10:10 - 2016-12-21 10:13 - 00285184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.BlockedShutdown.dll 2017-01-11 10:10 - 2016-12-21 10:11 - 00253952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.BioFeedback.dll 2017-01-11 10:10 - 2016-12-21 10:10 - 00557568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\StoreAgent.dll 2017-01-11 10:10 - 2016-12-21 10:10 - 00180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InstallAgent.exe 2017-01-11 10:10 - 2016-12-21 10:09 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InstallAgentUserBroker.exe 2017-01-11 10:10 - 2016-12-21 10:08 - 00866816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Cred.dll 2017-01-11 10:10 - 2016-12-21 09:52 - 01883648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Logon.dll 2017-01-11 10:10 - 2016-12-14 11:11 - 01235296 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2017-01-11 10:10 - 2016-12-14 10:18 - 01631232 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Xaml.Resources.dll 2017-01-11 10:10 - 2016-12-14 10:08 - 17188864 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Xaml.dll 2017-01-11 10:10 - 2016-12-14 10:08 - 00213504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.CredDialogController.dll 2017-01-11 10:10 - 2016-12-14 09:54 - 01005568 _____ (Microsoft Corporation) C:\Windows\system32\D3D12.dll 2017-01-11 10:10 - 2016-12-14 09:54 - 00673792 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe 2017-01-11 10:10 - 2016-12-14 09:53 - 03134976 _____ (Microsoft Corporation) C:\Windows\system32\rdpcore.dll 2017-01-11 10:10 - 2016-12-14 09:52 - 02317824 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll 2017-01-11 10:10 - 2016-12-14 09:52 - 00391168 _____ (Microsoft Corporation) C:\Windows\system32\wuuhext.dll 2017-01-11 10:09 - 2016-12-21 13:38 - 00245600 _____ (Microsoft Corporation) C:\Windows\system32\offlinesam.dll 2017-01-11 10:09 - 2016-12-21 13:38 - 00136032 _____ (Microsoft Corporation) C:\Windows\system32\ImplatSetup.dll 2017-01-11 10:09 - 2016-12-21 13:34 - 07816032 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2017-01-11 10:09 - 2016-12-21 13:19 - 00328008 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Storage.ApplicationData.dll 2017-01-11 10:09 - 2016-12-21 13:16 - 00624048 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys 2017-01-11 10:09 - 2016-12-21 13:13 - 00092512 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll 2017-01-11 10:09 - 2016-12-21 13:12 - 22224480 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll 2017-01-11 10:09 - 2016-12-21 13:07 - 00455520 _____ (Microsoft Corporation) C:\Windows\system32\securekernel.exe 2017-01-11 10:09 - 2016-12-21 12:45 - 22563840 _____ (Microsoft Corporation) C:\Windows\system32\edgehtml.dll 2017-01-11 10:09 - 2016-12-21 12:44 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\LaunchWinApp.exe 2017-01-11 10:09 - 2016-12-21 12:39 - 00368640 _____ (Microsoft Corporation) C:\Windows\system32\OneBackupHandler.dll 2017-01-11 10:09 - 2016-12-21 12:39 - 00363520 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.BioFeedback.dll 2017-01-11 10:09 - 2016-12-21 12:38 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.BlockedShutdown.dll 2017-01-11 10:09 - 2016-12-21 12:38 - 00289792 _____ (Microsoft Corporation) C:\Windows\system32\DeveloperOptionsSettingsHandlers.dll 2017-01-11 10:09 - 2016-12-21 12:38 - 00211968 _____ (Microsoft Corporation) C:\Windows\system32\InstallAgent.exe 2017-01-11 10:09 - 2016-12-21 12:37 - 00748544 _____ (Microsoft Corporation) C:\Windows\system32\StoreAgent.dll 2017-01-11 10:09 - 2016-12-21 12:36 - 00310784 _____ (Microsoft Corporation) C:\Windows\system32\SyncSettings.dll 2017-01-11 10:09 - 2016-12-21 12:36 - 00260608 _____ (Microsoft Corporation) C:\Windows\system32\InstallAgentUserBroker.exe 2017-01-11 10:09 - 2016-12-21 12:36 - 00147456 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll 2017-01-11 10:09 - 2016-12-21 12:35 - 00425984 _____ (Microsoft Corporation) C:\Windows\system32\aadcloudap.dll 2017-01-11 10:09 - 2016-12-21 12:35 - 00261632 _____ (Microsoft Corporation) C:\Windows\system32\indexeddbserver.dll 2017-01-11 10:09 - 2016-12-21 12:35 - 00049152 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Shell.dll 2017-01-11 10:09 - 2016-12-21 12:31 - 09131008 _____ (Microsoft Corporation) C:\Windows\system32\twinui.dll 2017-01-11 10:09 - 2016-12-21 12:30 - 00440320 _____ (Microsoft Corporation) C:\Windows\system32\fhcfg.dll 2017-01-11 10:09 - 2016-12-21 12:29 - 01908224 _____ (Microsoft Corporation) C:\Windows\system32\AzureSettingSyncProvider.dll 2017-01-11 10:09 - 2016-12-21 12:28 - 23678464 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2017-01-11 10:09 - 2016-12-21 12:27 - 00462336 _____ (Microsoft Corporation) C:\Windows\system32\fhsettingsprovider.dll 2017-01-11 10:09 - 2016-12-21 12:26 - 00947712 _____ (Microsoft Corporation) C:\Windows\system32\MSVP9DEC.dll 2017-01-11 10:09 - 2016-12-21 12:25 - 08129536 _____ (Microsoft Corporation) C:\Windows\system32\Chakra.dll 2017-01-11 10:09 - 2016-12-21 12:25 - 04749312 _____ (Microsoft Corporation) C:\Windows\system32\SettingsHandlers_nt.dll 2017-01-11 10:09 - 2016-12-21 12:24 - 05511680 _____ (Microsoft Corporation) C:\Windows\system32\aclui.dll 2017-01-11 10:09 - 2016-12-21 12:23 - 06664192 _____ (Microsoft Corporation) C:\Windows\system32\mspaint.exe 2017-01-11 10:09 - 2016-12-21 12:19 - 04149248 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll 2017-01-11 10:09 - 2016-12-21 12:19 - 02691072 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Logon.dll 2017-01-11 10:09 - 2016-12-21 12:19 - 01062912 _____ (Microsoft Corporation) C:\Windows\system32\SettingSyncCore.dll 2017-01-11 10:09 - 2016-12-21 12:17 - 01121280 _____ (Microsoft Corporation) C:\Windows\system32\aadtb.dll 2017-01-11 10:09 - 2016-12-21 10:32 - 03892864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfcore.dll 2017-01-11 10:09 - 2016-12-21 10:32 - 01852720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfmp4srcsnk.dll 2017-01-11 10:09 - 2016-12-21 10:32 - 01360464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfnetsrc.dll 2017-01-11 10:09 - 2016-12-21 10:32 - 01277344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfasfsrcsnk.dll 2017-01-11 10:09 - 2016-12-21 10:32 - 01201872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfmpeg2srcsnk.dll 2017-01-11 10:09 - 2016-12-21 10:32 - 00980832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfnetcore.dll 2017-01-11 10:09 - 2016-12-21 10:31 - 20969928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll 2017-01-11 10:09 - 2016-12-21 10:16 - 00034304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\LaunchWinApp.exe 2017-01-11 10:09 - 2016-12-21 10:11 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.LockScreen.dll 2017-01-11 10:09 - 2016-12-21 10:10 - 00318976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpencom.dll 2017-01-11 10:09 - 2016-12-21 10:10 - 00237056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SyncSettings.dll 2017-01-11 10:09 - 2016-12-21 10:09 - 01300480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSVPXENC.dll 2017-01-11 10:09 - 2016-12-21 10:05 - 04612608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.dll 2017-01-11 10:09 - 2016-12-21 10:05 - 00198656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\indexeddbserver.dll 2017-01-11 10:09 - 2016-12-21 10:04 - 07626752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll 2017-01-11 10:09 - 2016-12-21 10:03 - 19413504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\edgehtml.dll 2017-01-11 10:09 - 2016-12-21 10:02 - 19417600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2017-01-11 10:09 - 2016-12-21 10:00 - 05398016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aclui.dll 2017-01-11 10:09 - 2016-12-21 10:00 - 01255936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AzureSettingSyncProvider.dll 2017-01-11 10:09 - 2016-12-21 09:57 - 00640000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MCRecvSrc.dll 2017-01-11 10:09 - 2016-12-21 09:56 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSVP9DEC.dll 2017-01-11 10:09 - 2016-12-21 09:55 - 07469056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll 2017-01-11 10:09 - 2016-12-21 09:55 - 06474752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mspaint.exe 2017-01-11 10:09 - 2016-12-21 09:54 - 06044160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Chakra.dll 2017-01-11 10:09 - 2016-12-14 11:11 - 00590960 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll 2017-01-11 10:09 - 2016-12-14 11:04 - 02482280 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll 2017-01-11 10:09 - 2016-12-14 11:03 - 02169184 _____ (Microsoft Corporation) C:\Windows\system32\AppVEntSubsystems64.dll 2017-01-11 10:09 - 2016-12-14 11:03 - 01669984 _____ (Microsoft Corporation) C:\Windows\system32\AppVIntegration.dll 2017-01-11 10:09 - 2016-12-14 11:03 - 01400160 _____ (Microsoft Corporation) C:\Windows\system32\AppVEntSubsystemController.dll 2017-01-11 10:09 - 2016-12-14 11:03 - 01356864 _____ (Microsoft Corporation) C:\Windows\system32\ClipUp.exe 2017-01-11 10:09 - 2016-12-14 11:03 - 01054048 _____ (Microsoft Corporation) C:\Windows\system32\AppVPolicy.dll 2017-01-11 10:09 - 2016-12-14 11:03 - 00992096 _____ (Microsoft Corporation) C:\Windows\system32\AppVManifest.dll 2017-01-11 10:09 - 2016-12-14 11:03 - 00822624 _____ (Microsoft Corporation) C:\Windows\system32\AppVClient.exe 2017-01-11 10:09 - 2016-12-14 11:03 - 00813408 _____ (Microsoft Corporation) C:\Windows\system32\AppVEntStreamingManager.dll 2017-01-11 10:09 - 2016-12-14 11:03 - 00779616 _____ (Microsoft Corporation) C:\Windows\system32\AppVReporting.dll 2017-01-11 10:09 - 2016-12-14 11:03 - 00752992 _____ (Microsoft Corporation) C:\Windows\system32\AppVOrchestration.dll 2017-01-11 10:09 - 2016-12-14 11:03 - 00704352 _____ (Microsoft Corporation) C:\Windows\system32\AppVEntVirtualization.dll 2017-01-11 10:09 - 2016-12-14 11:03 - 00696160 _____ (Microsoft Corporation) C:\Windows\system32\AppVPublishing.dll 2017-01-11 10:09 - 2016-12-14 11:03 - 00571744 _____ (Microsoft Corporation) C:\Windows\system32\AppVCatalog.dll 2017-01-11 10:09 - 2016-12-14 11:03 - 00513376 _____ (Microsoft Corporation) C:\Windows\system32\TransportDSA.dll 2017-01-11 10:09 - 2016-12-14 11:03 - 00406368 _____ (Microsoft Corporation) C:\Windows\system32\AppVScripting.dll 2017-01-11 10:09 - 2016-12-14 11:03 - 00241504 _____ (Microsoft Corporation) C:\Windows\system32\AppVShNotify.exe 2017-01-11 10:09 - 2016-12-14 11:03 - 00190816 _____ (Microsoft Corporation) C:\Windows\system32\AppVDllSurrogate.exe 2017-01-11 10:09 - 2016-12-14 10:53 - 00404832 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2017-01-11 10:09 - 2016-12-14 10:51 - 02206496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll 2017-01-11 10:09 - 2016-12-14 10:49 - 00584544 _____ (Microsoft Corporation) C:\Windows\system32\SettingSyncHost.exe 2017-01-11 10:09 - 2016-12-14 10:48 - 00715104 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vhdmp.sys 2017-01-11 10:09 - 2016-12-14 10:48 - 00335712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pci.sys 2017-01-11 10:09 - 2016-12-14 10:47 - 00319288 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll 2017-01-11 10:09 - 2016-12-14 10:44 - 01694712 _____ (Microsoft Corporation) C:\Windows\system32\winmde.dll 2017-01-11 10:09 - 2016-12-14 10:44 - 00418952 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll 2017-01-11 10:09 - 2016-12-14 10:44 - 00089416 _____ (Microsoft Corporation) C:\Windows\system32\remoteaudioendpoint.dll 2017-01-11 10:09 - 2016-12-14 10:31 - 01557808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winmde.dll 2017-01-11 10:09 - 2016-12-14 10:31 - 00382784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll 2017-01-11 10:09 - 2016-12-14 10:31 - 00076984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\remoteaudioendpoint.dll 2017-01-11 10:09 - 2016-12-14 10:16 - 01631232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Xaml.Resources.dll 2017-01-11 10:09 - 2016-12-14 10:16 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2017-01-11 10:09 - 2016-12-14 10:13 - 00201728 _____ (Microsoft Corporation) C:\Windows\system32\ScDeviceEnum.dll 2017-01-11 10:09 - 2016-12-14 10:12 - 00352768 _____ (Microsoft Corporation) C:\Windows\system32\cloudAP.dll 2017-01-11 10:09 - 2016-12-14 10:12 - 00236544 _____ (Microsoft Corporation) C:\Windows\system32\WinSCard.dll 2017-01-11 10:09 - 2016-12-14 10:12 - 00208896 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Internal.UI.Logon.ProxyStub.dll 2017-01-11 10:09 - 2016-12-14 10:12 - 00167424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WinSCard.dll 2017-01-11 10:09 - 2016-12-14 10:11 - 00223744 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2017-01-11 10:09 - 2016-12-14 10:10 - 00324096 _____ (Microsoft Corporation) C:\Windows\system32\domgmt.dll 2017-01-11 10:09 - 2016-12-14 10:10 - 00231424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CloudBackupSettings.dll 2017-01-11 10:09 - 2016-12-14 10:10 - 00193536 _____ (Microsoft Corporation) C:\Windows\system32\certprop.dll 2017-01-11 10:09 - 2016-12-14 10:09 - 00837632 _____ (Microsoft Corporation) C:\Windows\system32\wbiosrvc.dll 2017-01-11 10:09 - 2016-12-14 10:09 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\updatehandlers.dll 2017-01-11 10:09 - 2016-12-14 10:09 - 00257024 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.CredDialogController.dll 2017-01-11 10:09 - 2016-12-14 10:08 - 13869056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Xaml.dll 2017-01-11 10:09 - 2016-12-14 10:08 - 00295424 _____ (Microsoft Corporation) C:\Windows\system32\CloudBackupSettings.dll 2017-01-11 10:09 - 2016-12-14 10:07 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\updatepolicy.dll 2017-01-11 10:09 - 2016-12-14 10:06 - 01002496 _____ (Microsoft Corporation) C:\Windows\system32\SRH.dll 2017-01-11 10:09 - 2016-12-14 10:06 - 00539648 _____ (Microsoft Corporation) C:\Windows\system32\usocore.dll 2017-01-11 10:09 - 2016-12-14 10:06 - 00074752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\updatepolicy.dll 2017-01-11 10:09 - 2016-12-14 10:05 - 00755712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2017-01-11 10:09 - 2016-12-14 10:05 - 00712192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll 2017-01-11 10:09 - 2016-12-14 10:05 - 00600576 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll 2017-01-11 10:09 - 2016-12-14 10:05 - 00553984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll 2017-01-11 10:09 - 2016-12-14 10:02 - 00497152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\LogonController.dll 2017-01-11 10:09 - 2016-12-14 09:56 - 00932864 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2017-01-11 10:09 - 2016-12-14 09:56 - 00869888 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll 2017-01-11 10:09 - 2016-12-14 09:55 - 02009600 _____ (Microsoft Corporation) C:\Windows\system32\SRHInproc.dll 2017-01-11 10:09 - 2016-12-14 09:53 - 01231872 _____ (Microsoft Corporation) C:\Windows\system32\dosvc.dll 2017-01-11 10:09 - 2016-12-14 09:52 - 02748416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpcore.dll 2017-01-11 10:09 - 2016-12-14 09:52 - 01513472 _____ (Microsoft Corporation) C:\Windows\system32\win32kbase.sys 2017-01-11 10:09 - 2016-12-14 09:51 - 03616768 _____ (Microsoft Corporation) C:\Windows\system32\win32kfull.sys 2017-01-11 10:09 - 2016-11-02 17:31 - 00484584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll 2017-01-11 10:09 - 2016-11-02 16:30 - 00534096 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll 2017-01-11 10:09 - 2016-11-02 15:58 - 00324608 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.LockScreen.dll 2017-01-11 10:09 - 2016-11-02 15:52 - 00337920 _____ (Microsoft Corporation) C:\Windows\system32\AudioEndpointBuilder.dll 2017-01-11 10:09 - 2016-11-02 15:51 - 00942080 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll 2017-01-11 10:09 - 2016-08-02 10:00 - 00822784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Chakradiag.dll 2017-01-11 10:08 - 2016-12-21 13:12 - 00241504 _____ (Microsoft Corporation) C:\Windows\system32\CloudExperienceHost.dll 2017-01-11 10:08 - 2016-12-21 12:43 - 00119808 _____ (Microsoft Corporation) C:\Windows\system32\KnobsCsp.dll 2017-01-11 10:08 - 2016-12-21 12:42 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\ProvPluginEng.dll 2017-01-11 10:08 - 2016-12-21 12:40 - 00234496 _____ (Microsoft Corporation) C:\Windows\system32\KnobsCore.dll 2017-01-11 10:08 - 2016-12-21 12:38 - 01292288 _____ (Microsoft Corporation) C:\Windows\system32\MSVPXENC.dll 2017-01-11 10:08 - 2016-12-21 12:38 - 00349184 _____ (Microsoft Corporation) C:\Windows\system32\provengine.dll 2017-01-11 10:08 - 2016-12-21 12:23 - 01692672 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentExtensions.onecore.dll 2017-01-11 10:08 - 2016-12-21 12:21 - 02275840 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentServer.dll 2017-01-11 10:08 - 2016-12-21 09:54 - 05061120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll 2017-01-11 10:08 - 2016-12-21 09:54 - 03733504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_47.dll 2017-01-11 10:08 - 2016-12-21 09:54 - 00886272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aadtb.dll 2017-01-11 10:08 - 2016-12-21 09:52 - 00860672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SettingSyncCore.dll 2017-01-11 10:08 - 2016-12-14 10:56 - 01469792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AppVEntSubsystems32.dll 2017-01-11 10:08 - 2016-12-14 10:38 - 00341344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll 2017-01-11 10:08 - 2016-12-14 10:36 - 00509792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SettingSyncHost.exe 2017-01-11 10:08 - 2016-12-14 10:15 - 00147968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32k.sys 2017-01-11 10:08 - 2016-12-14 10:10 - 00266752 _____ (Microsoft Corporation) C:\Windows\system32\ConsoleLogon.dll 2017-01-11 10:08 - 2016-12-14 10:10 - 00104448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Internal.UI.Logon.ProxyStub.dll 2017-01-11 10:08 - 2016-12-14 10:02 - 00806400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3D12.dll 2017-01-11 10:08 - 2016-12-14 09:52 - 02998272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32kfull.sys 2017-01-11 10:08 - 2016-12-14 09:52 - 00707584 _____ (Microsoft Corporation) C:\Windows\system32\LogonController.dll 2017-01-10 23:28 - 2017-01-10 23:28 - 00002221 _____ C:\Users\Public\Desktop\Google Earth.lnk 2017-01-10 23:28 - 2017-01-10 23:28 - 00000000 ____D C:\Users\admin\AppData\LocalLow\Google 2017-01-10 23:28 - 2017-01-10 23:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth 2017-01-09 20:13 - 2017-01-09 20:13 - 00001012 _____ C:\Users\admin\Desktop\Opengoogle - Shortcut.lnk 2017-01-08 18:25 - 2017-01-08 18:25 - 00001380 _____ C:\Users\admin\AppData\Local\suit.log 2017-01-02 18:08 - 2017-01-02 18:08 - 00000000 ____D C:\Users\admin\Documents\Fax 2017-01-02 17:42 - 2017-01-02 17:42 - 00002064 _____ C:\Users\Public\Desktop\HP Photo Creations.lnk 2017-01-02 17:42 - 2017-01-02 17:42 - 00000000 ____D C:\Users\admin\AppData\Roaming\HpUpdate 2017-01-02 17:42 - 2017-01-02 17:42 - 00000000 ____D C:\ProgramData\Visan 2017-01-02 17:42 - 2017-01-02 17:42 - 00000000 ____D C:\ProgramData\HP Photo Creations 2017-01-02 17:42 - 2017-01-02 17:42 - 00000000 ____D C:\Program Files (x86)\HP Photo Creations 2017-01-02 17:41 - 2017-01-02 17:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP 2017-01-02 17:41 - 2017-01-02 17:42 - 00000000 ____D C:\Program Files (x86)\HP 2017-01-02 17:41 - 2017-01-02 17:41 - 00003780 _____ C:\Windows\System32\Tasks\HPCustParticipation HP Deskjet 3540 series 2017-01-02 17:41 - 2017-01-02 17:41 - 00002289 _____ C:\Users\Public\Desktop\HP Deskjet 3540 series.lnk 2017-01-02 17:41 - 2017-01-02 17:41 - 00001236 _____ C:\Users\Public\Desktop\Shop for Supplies - HP Deskjet 3540 series.lnk 2017-01-02 17:41 - 2017-01-02 17:41 - 00000057 _____ C:\ProgramData\Ament.ini 2017-01-02 17:41 - 2017-01-02 17:41 - 00000000 ____D C:\ProgramData\HP 2017-01-02 17:41 - 2017-01-02 17:41 - 00000000 ____D C:\Program Files\HP 2017-01-02 17:41 - 2014-03-06 12:51 - 00763912 ____N (Hewlett-Packard Co.) C:\Windows\system32\HPDiscoPMC711.dll 2017-01-02 17:39 - 2017-01-02 17:43 - 00000000 ____D C:\Users\admin\AppData\Local\HP 2016-12-28 19:11 - 2016-12-28 19:11 - 00000000 ____D C:\Program Files (x86)\Gubed 2016-12-28 15:36 - 2016-12-28 15:36 - 00008190 _____ C:\Users\admin\Desktop\NIFTY 29-Dec-2016 _1sd WORKS.csv 2016-12-26 21:15 - 2016-12-26 23:21 - 00013818 _____ C:\Users\admin\Desktop\cal.xlsx 2016-12-23 20:46 - 2016-12-23 20:46 - 00000000 ____D C:\Program Files (x86)\Gubed_WMI 2016-12-22 18:46 - 2016-12-22 19:28 - 00000037 _____ C:\Users\admin\Desktop\strt_cmd.bat 2016-12-22 12:16 - 2016-12-22 12:16 - 00071259 _____ C:\Users\admin\Desktop\Potato Gift 2016-12-21 23:22 - 2017-01-12 19:32 - 00000179 _____ C:\Windows\SysWOW64\DOErrors.log 2016-12-21 23:19 - 2016-12-21 23:19 - 00000000 ____D C:\Users\admin\AppData\Roaming\Hewlett-Packard 2016-12-21 23:19 - 2016-12-21 23:19 - 00000000 ____D C:\Users\admin\AppData\Local\Hewlett-Packard 2016-12-21 23:18 - 2016-12-21 23:18 - 00002304 _____ C:\Users\Public\Desktop\HP Support Assistant.lnk 2016-12-21 23:18 - 2016-12-21 23:18 - 00000000 ____D C:\System.sav 2016-12-21 23:18 - 2016-12-21 23:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support 2016-12-21 23:17 - 2016-12-22 08:25 - 00000000 ____D C:\ProgramData\Hewlett-Packard 2016-12-21 23:16 - 2017-01-02 17:42 - 00000000 ____D C:\Program Files (x86)\Hewlett-Packard 2016-12-21 23:16 - 2016-12-22 08:25 - 00000000 ____D C:\Windows\System32\Tasks\Hewlett-Packard 2016-12-21 23:16 - 2016-12-21 23:16 - 00000000 ____D C:\Users\admin\AppData\Roaming\hpqLog 2016-12-21 23:15 - 2016-12-21 23:15 - 00000000 ____D C:\swsetup 2016-12-21 23:00 - 2016-12-21 23:00 - 00000000 _____ C:\Windows\WindowsUpdate_AU_deprecated.log 2016-12-21 16:47 - 2016-12-21 16:46 - 00110176 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll 2016-12-21 16:46 - 2016-12-21 16:46 - 00000000 ____D C:\Users\admin\AppData\LocalLow\Oracle 2016-12-21 16:46 - 2016-12-21 16:46 - 00000000 ____D C:\Program Files\Java 2016-12-21 16:42 - 2016-12-22 11:18 - 00000000 ____D C:\Users\admin\AppData\Roaming\Omnesys 2016-12-21 16:42 - 2016-12-21 16:42 - 00002125 _____ C:\Users\Public\Desktop\Nest Trader.lnk 2016-12-21 16:42 - 2016-12-21 16:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Omnesysindia 2016-12-21 16:42 - 2016-12-21 16:42 - 00000000 ____D C:\Program Files (x86)\Omnesys ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-01-18 10:56 - 2016-10-11 16:03 - 00000275 _____ C:\Windows\WindowsUpdate.log 2017-01-18 10:54 - 2016-07-16 17:17 - 00000000 ____D C:\Windows\system32\sru 2017-01-18 10:50 - 2016-10-12 04:25 - 00000000 ____D C:\Users\admin 2017-01-18 10:46 - 2016-10-12 04:12 - 00000000 ____D C:\Windows\system32\SleepStudy 2017-01-18 10:30 - 2016-07-16 17:17 - 00000000 ____D C:\Windows\AppReadiness 2017-01-18 10:27 - 2016-10-13 20:04 - 00004168 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{9A03C682-7423-45CC-9D52-D299D6DF42E6} 2017-01-18 10:22 - 2016-10-12 04:12 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2017-01-18 10:22 - 2016-10-11 19:24 - 00025114 _____ C:\Windows\PFRO.log 2017-01-17 22:22 - 2016-07-16 11:34 - 00524288 _____ C:\Windows\system32\config\BBI 2017-01-17 22:20 - 2016-10-20 22:28 - 00005278 _____ C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for DESKTOP-T7EL38F-admin DESKTOP-T7EL38F 2017-01-17 22:18 - 2016-11-17 15:06 - 00000000 ____D C:\Users\admin\AppData\Local\WebEx 2017-01-17 22:18 - 2016-10-25 21:50 - 00000000 ____D C:\Users\admin\AppData\Local\Google 2017-01-17 22:07 - 2016-10-25 21:50 - 00000000 ____D C:\Program Files (x86)\Google 2017-01-17 20:07 - 2016-10-11 16:33 - 00000000 ____D C:\Users\admin\AppData\Local\Microsoft Help 2017-01-17 20:06 - 2016-07-16 17:17 - 00000000 ____D C:\Windows\system32\FxsTmp 2017-01-17 14:12 - 2016-10-27 13:11 - 284635216 _____ C:\Windows\MEMORY.DMP 2017-01-17 14:12 - 2016-10-27 13:11 - 00000000 ____D C:\Windows\Minidump 2017-01-17 12:17 - 2016-07-16 17:17 - 00000000 ____D C:\Windows\LiveKernelReports 2017-01-17 11:20 - 2016-10-12 04:25 - 02073080 _____ C:\Windows\system32\PerfStringBackup.INI 2017-01-17 11:18 - 2016-10-25 16:24 - 00000000 _____ C:\Users\Public\Documents\report.dat 2017-01-17 11:12 - 2016-10-26 14:38 - 00000000 ____D C:\Program Files (x86)\WinArcher 2017-01-17 10:58 - 2016-10-21 17:28 - 00000000 ____D C:\Windows\system32\appmgmt 2017-01-16 23:16 - 2016-11-16 17:36 - 00000000 ____D C:\Users\admin\AppData\Roaming\WhatsApp 2017-01-16 23:16 - 2016-11-16 17:36 - 00000000 ____D C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WhatsApp 2017-01-16 23:16 - 2016-11-16 17:36 - 00000000 ____D C:\Users\admin\AppData\Local\WhatsApp 2017-01-16 23:16 - 2016-10-21 16:19 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2017-01-16 23:07 - 2016-10-25 15:17 - 00000374 _____ C:\Windows\SysWOW64\data.bin 2017-01-16 23:04 - 2016-10-25 15:15 - 00034328 _____ (Sysinternals - www.sysinternals.com) C:\Windows\system32\Drivers\PROCEXP152.SYS 2017-01-16 22:33 - 2016-10-12 04:25 - 00000000 ____D C:\Users\admin\AppData\Local\Packages 2017-01-16 15:52 - 2016-10-12 04:22 - 00000000 ____D C:\Users\defaultuser0 2017-01-16 15:48 - 2016-10-12 04:12 - 00350176 _____ C:\Windows\system32\FNTCACHE.DAT 2017-01-12 20:12 - 2016-10-21 16:05 - 00000000 ____D C:\Users\admin\AppData\Roaming\TeamViewer 2017-01-12 19:54 - 2016-10-21 16:04 - 00000000 ____D C:\Program Files (x86)\TeamViewer 2017-01-11 13:38 - 2016-07-16 17:17 - 00000000 ____D C:\Windows\rescache 2017-01-11 12:03 - 2016-07-16 17:17 - 00000000 ___RD C:\Windows\ImmersiveControlPanel 2017-01-11 12:03 - 2016-07-16 17:17 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories 2017-01-11 12:03 - 2016-07-16 17:17 - 00000000 ____D C:\Windows\system32\WinBioPlugIns 2017-01-11 12:03 - 2016-07-16 17:17 - 00000000 ____D C:\Windows\system32\oobe 2017-01-11 12:03 - 2016-07-16 17:17 - 00000000 ____D C:\Windows\ShellExperiences 2017-01-11 12:03 - 2016-07-16 17:17 - 00000000 ____D C:\Windows\Provisioning 2017-01-11 12:03 - 2016-07-16 17:17 - 00000000 ____D C:\Windows\PolicyDefinitions 2017-01-11 10:23 - 2016-07-16 17:06 - 00000000 ____D C:\Windows\CbsTemp 2017-01-11 10:15 - 2016-10-13 17:36 - 135657872 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe 2017-01-09 20:02 - 2016-07-16 17:17 - 00000000 ____D C:\Windows\SysWOW64\Macromed 2017-01-09 20:02 - 2016-07-16 17:17 - 00000000 ____D C:\Windows\system32\Macromed 2017-01-08 21:09 - 2016-11-05 21:24 - 00020304 _____ C:\Users\admin\Documents\debug.log 2017-01-08 18:25 - 2016-12-16 00:02 - 00000000 ____D C:\Users\admin\AppData\Local\thinkorswim 2017-01-08 14:01 - 2016-10-25 16:24 - 00000000 _____ C:\Users\Public\Documents\temp.dat 2017-01-08 13:48 - 2016-10-25 16:27 - 00000000 ____D C:\Program Files (x86)\Firefox 2017-01-08 13:48 - 2016-10-12 04:22 - 00000000 ___RD C:\Users\defaultuser0\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories 2017-01-07 23:13 - 2016-11-04 16:32 - 00000572 __RSH C:\ProgramData\ntuser.pol 2017-01-02 11:04 - 2016-07-16 17:17 - 00000000 ____D C:\Windows\system32\NDF 2017-01-02 10:24 - 2016-10-13 20:34 - 00002585 _____ C:\Users\Public\Desktop\TradeTiger.lnk 2016-12-31 13:00 - 2016-11-18 15:46 - 00000000 __SHD C:\Users\admin\Documents\cache 2016-12-31 13:00 - 2016-11-17 15:06 - 00000000 ____D C:\Users\admin\AppData\LocalLow\WebEx 2016-12-31 11:32 - 2016-11-17 15:06 - 00000000 ____D C:\ProgramData\WebEx 2016-12-28 19:08 - 2016-11-22 17:03 - 00000690 _____ C:\Windows\Tasks\G2MUploadTask-S-1-5-21-2565885549-1411879035-1963333558-1001.job 2016-12-28 19:08 - 2016-11-22 17:02 - 00000594 _____ C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-2565885549-1411879035-1963333558-1001.job 2016-12-24 11:25 - 2016-11-22 17:03 - 00003860 _____ C:\Windows\System32\Tasks\G2MUploadTask-S-1-5-21-2565885549-1411879035-1963333558-1001 2016-12-24 11:25 - 2016-11-22 17:03 - 00003764 _____ C:\Windows\System32\Tasks\G2MUpdateTask-S-1-5-21-2565885549-1411879035-1963333558-1001 2016-12-23 23:26 - 2016-12-16 00:02 - 00000000 ____D C:\Users\admin\.thinkorswim 2016-12-21 23:18 - 2016-10-15 19:02 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information 2016-12-21 16:47 - 2016-12-16 00:00 - 00000000 ____D C:\Users\admin\.oracle_jre_usage 2016-12-21 16:47 - 2016-11-01 14:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java ==================== Files in the root of some directories ======= 2016-06-17 12:24 - 2016-06-17 12:24 - 0004436 _____ () C:\Users\admin\AppData\Roaming\90msp-RKSJ-V 2016-10-10 13:03 - 2016-10-10 13:03 - 0000677 _____ () C:\Users\admin\AppData\Roaming\adventives.zkh 2016-06-17 12:23 - 2016-06-17 12:23 - 0001196 _____ () C:\Users\admin\AppData\Roaming\Athens 2016-10-10 13:03 - 2016-10-10 13:03 - 0060457 _____ () C:\Users\admin\AppData\Roaming\bookmaking.rgj 2016-10-11 17:08 - 2016-10-12 15:51 - 0061134 _____ () C:\Users\admin\AppData\Roaming\Carney.DLB 2016-06-17 12:23 - 2016-06-17 12:23 - 0001930 _____ () C:\Users\admin\AppData\Roaming\compare-with-callbacks.js 2016-06-17 12:23 - 2016-06-17 12:23 - 0003119 _____ () C:\Users\admin\AppData\Roaming\frnphon.env 2017-01-08 18:25 - 2017-01-08 18:25 - 0001380 _____ () C:\Users\admin\AppData\Local\suit.log 2017-01-02 17:41 - 2017-01-02 17:41 - 0000057 _____ () C:\ProgramData\Ament.ini Some files in TEMP: ==================== C:\Users\admin\AppData\Local\Temp\setup.exe C:\Users\admin\AppData\Local\Temp\~ct42D9.tmp.dll ==================== Bamital & volsnap ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed -------- Additional scan result of Farbar Recovery Scan Tool (x64) Version:04-10-2015 Ran by admin (2017-01-18 10:59:19) Running from C:\Users\admin\Desktop Windows 10 Pro (X64) (2016-10-11 22:53:30) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= admin (S-1-5-21-2565885549-1411879035-1963333558-1001 - Administrator - Enabled) => C:\Users\admin Administrator (S-1-5-21-2565885549-1411879035-1963333558-500 - Administrator - Disabled) DefaultAccount (S-1-5-21-2565885549-1411879035-1963333558-503 - Limited - Disabled) defaultuser0 (S-1-5-21-2565885549-1411879035-1963333558-1000 - Limited - Disabled) => C:\Users\defaultuser0 Guest (S-1-5-21-2565885549-1411879035-1963333558-501 - Limited - Disabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Cisco WebEx Meetings (HKLM-x32\...\ActiveTouchMeetingClient) (Version: - Cisco WebEx LLC) Citrix Online Launcher (HKLM-x32\...\{75FCE33E-4E0C-4CE1-ADF0-75F258DF27A0}) (Version: 1.0.445 - Citrix) Google Earth (HKLM-x32\...\{A0C18B96-AB79-46BD-8321-6FA83E6D25B9}) (Version: 7.1.7.2606 - Google) Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden GoToMeeting 7.30.0.6140 (HKU\S-1-5-21-2565885549-1411879035-1963333558-1001\...\GoToMeeting) (Version: 7.30.0.6140 - CitrixOnline) HP Deskjet 3540 series Basic Device Software (HKLM\...\{60D33935-59B4-4ACE-8FAE-EBC60DE40A9C}) (Version: 32.2.188.47710 - Hewlett-Packard Co.) HP Deskjet 3540 series Help (HKLM-x32\...\{1D456349-7D00-479E-A2A9-C846CE390FE5}) (Version: 30.0.0 - Hewlett Packard) HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP) HP Support Assistant (HKLM-x32\...\{4780AF24-213D-4187-86F2-0014A6D6077B}) (Version: 8.3.50.9 - HP Inc.) HP Support Solutions Framework (HKLM-x32\...\{00612F78-52C4-46C0-97F0-F50B6036B5E2}) (Version: 12.5.32.203 - HP Inc.) Intel(R) Wireless Bluetooth(R) (HKLM-x32\...\{C345A462-2044-47D6-81F6-A4416453A514}) (Version: 17.1.1529.1613 - Intel Corporation) Java 8 Update 111 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180111F0}) (Version: 8.0.1110.14 - Oracle Corporation) Java 8 Update 74 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418074F0}) (Version: 8.0.740.2 - Oracle Corporation) Malwarebytes version 3.0.5.1299 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.5.1299 - Malwarebytes) Microsoft Office Professional Plus 2013 (HKLM-x32\...\Office15.PROPLUSR) (Version: 15.0.4420.1017 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-2565885549-1411879035-1963333558-1001\...\OneDriveSetup.exe) (Version: 17.3.6720.1207 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation) NEST3 (HKLM-x32\...\InstallShield_{CA17875A-1499-4713-9E6C-E0DFA162FF50}) (Version: 3.11.4.4 - Omnesysindia) NEST3 (x32 Version: 3.11.4.4 - Omnesysindia) Hidden Outils de vérification linguistique 2013 de Microsoft Office - Français (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden Pi (HKLM-x32\...\{AF6D353A-B1BE-4A56-BA7D-19E3FD9CF0B4}) (Version: 1.0.06 - Tradelab Software Pvt Ltd) Product Improvement Study for HP Deskjet 3540 series (HKLM\...\{8E8FABC1-F28A-40DF-932F-1076A63CE701}) (Version: 32.2.188.47710 - Hewlett-Packard Co.) REALTEK Bluetooth Driver (HKLM-x32\...\{9D3D8C60-A5EF-4123-B2B9-172095903AB}) (Version: 3.769.769.091213 - REALTEK Semiconductor Corp.) TeamViewer 12 (HKLM-x32\...\TeamViewer) (Version: 12.0.72365 - TeamViewer) TradeTiger (HKLM-x32\...\{33E5D6EE-35EA-42FD-9534-8EDE6F006F60}) (Version: 2.4.60 - Sharekhan) VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN) WinRAR 5.40 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-2565885549-1411879035-1963333558-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\admin\AppData\Local\Microsoft\OneDrive\17.3.6720.1207\FileCoAuth.exe (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-2565885549-1411879035-1963333558-1001_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\admin\AppData\Local\Citrix\GoToMeeting\5808\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.) ==================== Restore Points ========================= ATTENTION: System Restore is disabled ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2016-07-16 17:17 - 2017-01-08 18:23 - 00000830 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {02D9DF12-582F-44D5-97BA-1FF119DC6664} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2016-12-06] (HP Inc.) Task: {10A2FC35-8622-4967-A051-89D5BD2B0115} - System32\Tasks\Wefowardvahodom Monitor => C:\Program Files (x86)\Ateqerly\jemige.exe Task: {11EF8237-224D-4CF9-9039-61D08754EA5D} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => C:\Windows\system32\compattelrunner.exe [2016-10-15] (Microsoft Corporation) Task: {1634FC5D-BA63-4B94-9ADE-0659A5E5DFBB} - System32\Tasks\PPI Update 2 => C:\Windows\explorer.exe [2016-11-11] (Microsoft Corporation) Task: {16DEA092-FB0C-40D0-AE20-0536BECC21D9} - System32\Tasks\Microsoft\Windows\EDP\EDP App Launch Task Task: {17FDEE71-A741-442B-8A7C-25499EB1341C} - System32\Tasks\Microsoft\XblGameSave\XblGameSaveTaskLogon => C:\Windows\System32\XblGameSaveTask.exe [2016-07-16] (Microsoft Corporation) Task: {184784E2-6ACB-4154-BD0F-A955BE13F177} - System32\Tasks\Microsoft\Windows\DeviceDirectoryClient\RegisterDevicePolicyChange Task: {1B65DD58-D16B-45E8-BEB4-94D7E4D64DF7} - System32\Tasks\Microsoft\Windows\EDP\EDP Auth Task Task: {2A573895-C7BD-4405-9455-74574FE1CF5A} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe [2016-12-15] (HP Inc.) Task: {34C625A9-BF4A-49E9-A10F-BDC2972C1E2D} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-02] (Microsoft Corporation) Task: {3825F321-4426-4317-B61B-8A6186620795} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2016-12-12] (HP Inc.) Task: {3E31ABD7-7B10-482B-AD2F-EFAA1C4741C3} - System32\Tasks\Microsoft\Windows\Subscription\LicenseAcquisition => C:\Windows\system32\UpgradeSubscription.exe [2016-07-16] (Microsoft Corporation) Task: {40054E9C-D49D-4C36-98A8-EA2B44F7CDEF} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe Task: {43DF67E8-D733-48FA-98F2-4E6D341E4A79} - System32\Tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser => C:\Windows\system32\compattelrunner.exe [2016-10-15] (Microsoft Corporation) Task: {443F0ABE-C5C8-46FC-8B5E-32863E46CF15} - System32\Tasks\HPCustParticipation HP Deskjet 3540 series => C:\Program Files\HP\HP Deskjet 3540 series\Bin\HPCustPartic.exe [2014-03-06] (Hewlett-Packard Co.) Task: {49A803C1-60F6-430C-878E-1577A1C71F30} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-10-25] (Google Inc.) Task: {4D0DF670-E165-4388-8C95-6464F7778CE8} - System32\Tasks\Microsoft\XblGameSave\XblGameSaveTask => C:\Windows\System32\XblGameSaveTask.exe [2016-07-16] (Microsoft Corporation) Task: {51B7FB15-4DCB-400E-9A98-10E802F21FB3} - System32\Tasks\Microsoft\Windows\DeviceDirectoryClient\RegisterDeviceScreenOnOff Task: {5293446B-DE67-4761-A264-627512F5B101} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\Program Files\Windows Defender\\MpCmdRun.exe [2016-07-16] (Microsoft Corporation) Task: {5654DFBB-E797-4758-B9A0-8BAE94A91F1D} - System32\Tasks\Microsoft\Windows\DUSM\dusmtask => C:\Windows\System32\dusmtask.exe [2016-07-16] (Microsoft Corporation) Task: {5FAAF530-ED1B-4F7B-AD7B-1694AA0B202B} - System32\Tasks\Microsoft\Windows\CertificateServicesClient\CryptoPolicyTask Task: {6232090F-3BD0-4E1F-960B-78CBA797F685} - System32\Tasks\Microsoft\Windows\DeviceDirectoryClient\HandleWnsCommand Task: {6B1AE720-1359-4B9E-9C0F-60167361EF01} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyRefreshTask Task: {6CEC134A-B492-46DB-B491-27D8F402A586} - System32\Tasks\OneDrive Standalone Update Task v2 => %localappdata%\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe Task: {6D1C0035-5CAD-4340-A533-D63C9853BCC9} - System32\Tasks\Microsoft\Windows\Storage Tiers Management\Storage Tiers Management Initialization Task: {6E3E65AA-06DD-4BE2-949B-31298BD15E81} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2016-12-07] (HP Inc.) Task: {6E8AE752-C5D2-4B34-B351-338B4370A342} - System32\Tasks\Microsoft\Windows\DeviceDirectoryClient\HandleCommand Task: {6FB07287-E12F-497B-A480-12DD4F7868E7} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater - Resources => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-12-06] (HP Inc.) Task: {7042A166-4524-4418-AA02-61C3019C1993} - System32\Tasks\Microsoft\Windows\ErrorDetails\EnableErrorDetailsUpdate Task: {752110F1-7D53-4D29-8B9A-3914A46B3D30} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2016-12-07] (HP Inc.) Task: {76A89855-B5E3-474F-9977-509C47D41EAD} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\Program Files\Windows Defender\\MpCmdRun.exe [2016-07-16] (Microsoft Corporation) Task: {7AC5E1E2-2FD3-40CD-8842-88CE53A3609C} - System32\Tasks\Microsoft\Windows\DiskFootprint\StorageSense Task: {8A495B62-940E-4B17-8C01-602978EDF164} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-02] (Microsoft Corporation) Task: {8D791FAA-0257-4EBC-A6DD-74E842528806} - System32\Tasks\Microsoft\Windows\DeviceDirectoryClient\RegisterDeviceSettingChange Task: {921E9DE0-7EEA-4678-8E0E-AB03689D83D1} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-10-25] (Google Inc.) Task: {9851188E-AC07-4F36-BA28-6D00BB2C9C46} - System32\Tasks\Microsoft\Windows\Device Information\Device => C:\Windows\system32\devicecensus.exe [2016-10-15] (Microsoft Corporation) Task: {9C2325BB-CFAD-497E-B716-087F37A77EE7} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\Program Files\Windows Defender\\MpCmdRun.exe [2016-07-16] (Microsoft Corporation) Task: {9EC12157-DB5B-4B50-86B9-FD6E15F49282} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2016-12-07] (HP Inc.) Task: {A2CC1174-A96C-43DC-84AE-76AB7B3B9D0D} - System32\Tasks\G2MUploadTask-S-1-5-21-2565885549-1411879035-1963333558-1001 => C:\Users\admin\AppData\Local\Citrix\GoToMeeting\6140\g2mupload.exe [2016-12-24] (Citrix Online, a division of Citrix Systems, Inc.) Task: {A396E954-5C0C-4067-B6F1-9EA8CAA736BD} - System32\Tasks\Microsoft\Windows\SpacePort\SpaceManagerTask => C:\Windows\system32\spaceman.exe [2016-09-15] (Microsoft Corporation) Task: {A7EE1744-6CAE-4FA7-9A82-1D02D7C60A59} - System32\Tasks\Microsoft Office 15 Sync Maintenance for DESKTOP-T7EL38F-admin DESKTOP-T7EL38F => C:\Program Files (x86)\Microsoft Office\Office15\MsoSync.exe [2012-10-02] (Microsoft Corporation) Task: {AD7321D2-997C-4E81-AE46-4631E6B033A3} - System32\Tasks\Microsoft\Windows\Subscription\EnableLicenseAcquisition => C:\Windows\system32\UpgradeSubscription.exe [2016-07-16] (Microsoft Corporation) Task: {B320E058-C6FA-413F-876B-0C9B4428AE66} - System32\Tasks\Microsoft\Windows\DeviceDirectoryClient\RegisterDevicePeriodic6 Task: {B6865057-2EF9-4F87-ABEF-5F2B57004BDE} - System32\Tasks\Microsoft\Windows\ErrorDetails\ErrorDetailsUpdate Task: {B6EE76B2-4F82-4E15-9345-C867A29CBAD0} - System32\Tasks\Microsoft\Windows\Speech\SpeechModelDownloadTask => C:\Windows\system32\speech_onecore\common\SpeechModelDownload.exe [2016-08-05] (Microsoft Corporation) Task: {BDDEF317-2692-422F-AEA2-FFD67DC7CEA3} - System32\Tasks\Microsoft\Windows\DeviceDirectoryClient\RegisterUserDevice Task: {C125018F-0B81-4B64-B7DC-0E01220E5D0E} - System32\Tasks\Microsoft\Windows\DeviceDirectoryClient\RegisterDeviceAccountChange Task: {C6B2579B-4962-4D12-883D-BBD420573A6C} - System32\Tasks\Microsoft\Windows\DeviceDirectoryClient\RegisterDevicePeriodic1 Task: {CC636E49-0109-402B-A40B-A37C29069A95} - System32\Tasks\Microsoft\Windows\DeviceDirectoryClient\LocateCommandUserSession Task: {CDF482F0-DE14-4F76-85C5-8CC4B4FDB76A} - System32\Tasks\Microsoft\Windows\Management\Provisioning\Logon => C:\Windows\system32\ProvTool.exe [2016-08-20] (Microsoft Corporation) Task: {CF961092-6299-4995-B695-EEF40AD52190} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-12-06] (HP Inc.) Task: {D19A2726-897E-4F7D-9CE4-0773B449CE9E} - System32\Tasks\Microsoft\Windows\DeviceDirectoryClient\RegisterDeviceConnectedToNetwork Task: {D394BE25-2E16-45D4-AAB2-3E8861A09351} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyMonitorToastTask Task: {D3C4106A-D511-42C6-9716-465644534C87} - System32\Tasks\microsoft\windows\applicationdata\appuriverifierinstall => C:\Windows\system32\AppHostRegistrationVerifier.exe [2016-07-16] (Microsoft Corporation) Task: {D941F53F-7907-4FBE-B1E7-69EBD5B3A5D8} - System32\Tasks\Microsoft\Windows\DeviceDirectoryClient\RegisterDeviceLocationRightsChange Task: {DAC2B591-CD3E-4636-8F64-255B6EC3D777} - System32\Tasks\PPI Update 3 => C:\Windows\explorer.exe [2016-11-11] (Microsoft Corporation) Task: {DDAECFC0-67E3-4062-BF25-CD685F73B394} - System32\Tasks\Microsoft\Windows\DeviceDirectoryClient\IntegrityCheck Task: {E7B04252-97CA-42C6-9920-F58B76B2C3E1} - System32\Tasks\Microsoft\Windows\DeviceDirectoryClient\RegisterDevicePeriodic24 Task: {EA9BAA00-6604-4A27-8A73-AFA65F0EE1B3} - System32\Tasks\Microsoft\Windows\SharedPC\Account Cleanup => Rundll32.exe %windir%\System32\Windows.SharedPC.AccountManager.dll,StartMaintenance Task: {ECEDC57D-8965-4EB1-BD6F-84791D928E23} - System32\Tasks\microsoft\windows\applicationdata\appuriverifierdaily => C:\Windows\system32\AppHostRegistrationVerifier.exe [2016-07-16] (Microsoft Corporation) Task: {F0AA4DF9-4E43-45BE-947F-BC9A1173FEAF} - System32\Tasks\G2MUpdateTask-S-1-5-21-2565885549-1411879035-1963333558-1001 => C:\Users\admin\AppData\Local\Citrix\GoToMeeting\6140\g2mupdate.exe [2016-12-24] (Citrix Online, a division of Citrix Systems, Inc.) Task: {F1CD7C4B-B30F-44A4-BE7D-787B07B83A3A} - System32\Tasks\Microsoft\Windows\License Manager\TempSignedLicenseExchange Task: {FCF60FBA-7190-4CA5-BC49-F5F717FE4CF5} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\Program Files\Windows Defender\\MpCmdRun.exe [2016-07-16] (Microsoft Corporation) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\CreateExplorerShellUnelevatedTask.job => C:\Windows\explorer.exe Task: C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-2565885549-1411879035-1963333558-1001.job => C:\Users\admin\AppData\Local\Citrix\GoToMeeting\6140\g2mupdate.exe Task: C:\Windows\Tasks\G2MUploadTask-S-1-5-21-2565885549-1411879035-1963333558-1001.job => C:\Users\admin\AppData\Local\Citrix\GoToMeeting\6140\g2mupload.exe ==================== Loaded Modules (Whitelisted) ============== 2016-07-16 17:12 - 2016-07-16 17:12 - 00231424 _____ () C:\Windows\SYSTEM32\ism32k.dll 2016-12-14 10:46 - 2016-12-09 15:59 - 02681200 _____ () C:\Windows\system32\CoreUIComponents.dll 2016-12-23 20:46 - 2016-12-23 20:46 - 00109056 _____ () C:\Program Files (x86)\Gubed_WMI\Gubed_WMI.exe 2017-01-17 13:49 - 2016-12-14 12:55 - 02259232 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\PoliciesControllerImpl.dll 2016-12-14 10:46 - 2016-12-09 15:59 - 02681200 _____ () C:\Windows\SYSTEM32\CoreUIComponents.dll 2016-12-14 09:50 - 2016-12-14 09:50 - 01678560 _____ () C:\Users\admin\AppData\Local\Microsoft\OneDrive\17.3.6720.1207\amd64\ClientTelemetry.dll 2012-10-02 09:04 - 2012-10-02 09:04 - 06522480 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll 2016-10-13 14:35 - 2016-09-07 10:26 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll 2017-01-11 10:09 - 2016-12-21 12:39 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll 2017-01-11 10:08 - 2016-12-21 12:24 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll 2017-01-11 10:08 - 2016-12-21 12:18 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll 2017-01-11 10:08 - 2016-12-21 12:18 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll 2017-01-11 10:08 - 2016-12-21 12:18 - 01033216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll 2017-01-11 10:08 - 2016-12-21 12:18 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll 2017-01-11 10:08 - 2016-12-21 12:23 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll 2012-11-27 12:24 - 2012-11-27 12:24 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll 2016-12-28 19:11 - 2017-01-16 07:08 - 00125952 _____ () c:\program files (x86)\gubed\gubedzl.dll 2016-12-14 09:49 - 2016-12-14 09:49 - 01244376 _____ () C:\Users\admin\AppData\Local\Microsoft\OneDrive\17.3.6720.1207\ClientTelemetry.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: C:\Program Files\WinRAR:Win32App_1 AlternateDataStreams: C:\Program Files (x86)\Intel:Win32App_1 AlternateDataStreams: C:\Program Files (x86)\Microsoft Office:Win32App_1 AlternateDataStreams: C:\Program Files (x86)\Microsoft.NET:Win32App_1 AlternateDataStreams: C:\Program Files (x86)\Mozilla Firefox:Win32App_1 AlternateDataStreams: C:\Program Files (x86)\TeamViewer:Win32App_1 AlternateDataStreams: C:\Program Files\Common Files\microsoft shared:Win32App_1 AlternateDataStreams: C:\Users\admin\AppData\Local\thinkorswim:Win32App_1 AlternateDataStreams: C:\ProgramData\HP:Win32App_1 AlternateDataStreams: C:\ProgramData\HP Photo Creations:Win32App_1 AlternateDataStreams: C:\ProgramData\regid.1991-06.com.microsoft:Win32App_1 ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\iai2c.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SpbCx.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\uefi.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{F2E7DD72-6468-4E36-B6F1-6488F42C1B52} => ""="Firmware" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SpbCx.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\uefi.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{F2E7DD72-6468-4E36-B6F1-6488F42C1B52} => ""="Firmware" ==================== EXE Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) IE restricted site: HKU\S-1-5-21-2565885549-1411879035-1963333558-1001\...\amisites.com -> hxxp://www.amisites.com IE restricted site: HKU\S-1-5-21-2565885549-1411879035-1963333558-1001\...\mylucky123.com -> hxxp://www.mylucky123.com ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-2565885549-1411879035-1963333558-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg DNS Servers: 192.168.1.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139 FirewallRules: [WirelessDisplay-Infra-In-TCP] => (Allow) %systemroot%\system32\CastSrv.exe FirewallRules: [{156DCF49-7311-4DB8-AF78-F536B1F856C4}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe FirewallRules: [{D0D5106F-A06E-48EF-975B-5637B143DE37}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe FirewallRules: [{85CE0C8B-2B0A-4D84-AFC2-698B773413F4}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe FirewallRules: [{E52D9F5E-64AC-48C9-AC2B-D51FC5C581BB}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe FirewallRules: [TCP Query User{641160A3-5614-4EDE-BA68-E33908E8AA58}C:\sharekhan\tradetigernew\tradetiger.exe] => (Allow) C:\sharekhan\tradetigernew\tradetiger.exe FirewallRules: [UDP Query User{AEB85F57-433F-4D8C-A6FA-BAF7AF7BF6A9}C:\sharekhan\tradetigernew\tradetiger.exe] => (Allow) C:\sharekhan\tradetigernew\tradetiger.exe FirewallRules: [TCP Query User{5A49CAF0-1716-4ACC-B54F-5F68B4B8960A}C:\users\admin\appdata\local\temp\rar$exa0.570\nest3\nesttrader - exe.exe] => (Allow) C:\users\admin\appdata\local\temp\rar$exa0.570\nest3\nesttrader - exe.exe FirewallRules: [UDP Query User{E4478638-05A7-495B-B553-5CD40E0085BE}C:\users\admin\appdata\local\temp\rar$exa0.570\nest3\nesttrader - exe.exe] => (Allow) C:\users\admin\appdata\local\temp\rar$exa0.570\nest3\nesttrader - exe.exe FirewallRules: [{BFF1A77C-2A10-4005-80A4-F192A299B5C4}] => (Allow) C:\Program Files (x86)\Firefox\bin\FirefoxUpdate.exe FirewallRules: [{F3B968C9-0FC4-4C89-9A17-B97AAD821A53}] => (Allow) C:\Program Files (x86)\Firefox\Firefox.exe FirewallRules: [{5309090C-472A-48A4-A9F6-0D7EE1A2BD69}] => (Allow) C:\Program Files (x86)\Nolarry\Application\chrome.exe FirewallRules: [TCP Query User{64DC529D-4EBA-4BDC-AE0F-7D71D339CE6E}C:\program files (x86)\omnesys\nest3\nesttrader.exe] => (Allow) C:\program files (x86)\omnesys\nest3\nesttrader.exe FirewallRules: [UDP Query User{F2BC802B-B79C-4674-A645-605724CF1EDF}C:\program files (x86)\omnesys\nest3\nesttrader.exe] => (Allow) C:\program files (x86)\omnesys\nest3\nesttrader.exe FirewallRules: [{D9FB1746-9E61-41CA-94AA-EA319193F635}] => (Allow) C:\Program Files\HP\HP Deskjet 3540 series\Bin\DeviceSetup.exe FirewallRules: [{08533AC7-5C33-4620-85D8-AECE46BF336B}] => (Allow) LPort=5357 FirewallRules: [{927AABD9-AA4D-411C-970D-86A9EC12FF93}] => (Allow) C:\Program Files\HP\HP Deskjet 3540 series\Bin\HPNetworkCommunicatorCom.exe FirewallRules: [{651F4C46-57DA-451D-9C43-C05F430C40F4}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe FirewallRules: [{8EE0F08D-F17B-4932-9AE6-93932F0E95C8}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe FirewallRules: [{EA6FD83C-9B0B-4E1A-8AC2-14E5EC2A213E}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe FirewallRules: [{27C80270-56E3-4B21-B29E-5EFB9250A158}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe FirewallRules: [{39F1F75A-7663-4BAB-BD3F-6D81BBBFC574}] => (Allow) C:\Users\admin\AppData\Local\Temp\ShowMyPC\-ShowMyPC3500\SMPCSetup.exe FirewallRules: [{02F69BA4-D4EE-4B6C-B5DE-7F06E15B2515}] => (Allow) C:\Users\admin\AppData\Local\Temp\ShowMyPC\-ShowMyPC3500\tvnserver.exe ==================== Faulty Device Manager Devices ============= Name: Intel(R) HD Graphics Description: Intel(R) HD Graphics Class Guid: {4d36e968-e325-11ce-bfc1-08002be10318} Manufacturer: Intel Corporation Service: igfx Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31) Resolution: Update the driver Name: Description: Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. ==================== Event log errors: ========================= Application errors: ================== Error: (01/18/2017 10:46:56 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: ) Description: License Activation (slui.exe) failed with the following error code: hr=0xC004F074 Command-line arguments: RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=NetworkAvailable Error: (01/18/2017 10:23:14 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: ) Description: License Activation (slui.exe) failed with the following error code: hr=0xC004F074 Command-line arguments: RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=UserLogon;SessionId=1 Error: (01/18/2017 10:22:49 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: ) Description: License Activation (slui.exe) failed with the following error code: hr=0x8007139F Command-line arguments: RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=NetworkAvailable Error: (01/17/2017 10:03:44 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: microsoftedgecp.exe, version: 11.0.14393.82, time stamp: 0x57a55786 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000 Exception code: 0xc0000604 Fault offset: 0x0000000000000000 Faulting process id: 0x1a8c Faulting application start time: 0xmicrosoftedgecp.exe0 Faulting application path: microsoftedgecp.exe1 Faulting module path: microsoftedgecp.exe2 Report Id: microsoftedgecp.exe3 Faulting package full name: microsoftedgecp.exe4 Faulting package-relative application ID: microsoftedgecp.exe5 Error: (01/17/2017 09:58:19 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: ) Description: License Activation (slui.exe) failed with the following error code: hr=0xC004F074 Command-line arguments: RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=UserLogon;SessionId=1 Error: (01/17/2017 09:57:43 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: ) Description: License Activation (slui.exe) failed with the following error code: hr=0x8007139F Command-line arguments: RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=NetworkAvailable Error: (01/17/2017 08:14:11 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: ) Description: License Activation (slui.exe) failed with the following error code: hr=0xC004F074 Command-line arguments: RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=NetworkAvailable Error: (01/17/2017 08:14:07 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: ) Description: License Activation (slui.exe) failed with the following error code: hr=0xC004F074 Command-line arguments: RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=NetworkAvailable Error: (01/17/2017 07:10:22 PM) (Source: Perflib) (EventID: 1008) (User: ) Description: BITSC:\Windows\System32\bitsperf.dll8 Error: (01/17/2017 07:06:21 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: ) Description: License Activation (slui.exe) failed with the following error code: hr=0xC004F074 Command-line arguments: RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=UserLogon;SessionId=1 System errors: ============= Error: (01/18/2017 10:47:39 AM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-T7EL38F) Description: application-specificLocalActivation{9E175B6D-F52A-11D8-B9A5-505054503030}{9E175B9C-F52A-11D8-B9A5-505054503030}DESKTOP-T7EL38FadminS-1-5-21-2565885549-1411879035-1963333558-1001LocalHost (Using LRPC)Microsoft.MicrosoftEdge_38.14393.0.0_neutral__8wekyb3d8bbweS-1-15-2-3624051433-2125758914-1423191267-1740899205-1073925389-3782572162-737981194 Error: (01/18/2017 10:44:50 AM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: ) Description: 4 Error: (01/18/2017 10:44:46 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable Error: (01/18/2017 10:24:52 AM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-T7EL38F) Description: application-specificLocalActivation{9E175B6D-F52A-11D8-B9A5-505054503030}{9E175B9C-F52A-11D8-B9A5-505054503030}DESKTOP-T7EL38FadminS-1-5-21-2565885549-1411879035-1963333558-1001LocalHost (Using LRPC)Microsoft.MicrosoftEdge_38.14393.0.0_neutral__8wekyb3d8bbweS-1-15-2-3624051433-2125758914-1423191267-1740899205-1073925389-3782572162-737981194 Error: (01/18/2017 10:24:36 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The Update Service(FirefoxU) service failed to start due to the following error: %%225 Error: (01/18/2017 10:24:34 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The ed2k idle service service failed to start due to the following error: %%2 Error: (01/18/2017 10:23:09 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: application-specificLocalActivation{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable Error: (01/18/2017 10:23:09 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: application-specificLocalActivation{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable Error: (01/18/2017 10:23:06 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: application-specificLocalActivation{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}{F72671A9-012C-4725-9D2F-2A4D32D65169}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable Error: (01/17/2017 10:20:39 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable CodeIntegrity: =================================== Date: 2017-01-17 11:38:11.816 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-01-11 13:32:34.857 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-01-10 12:14:16.518 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-01-09 11:14:45.464 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-01-08 19:07:37.096 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-01-07 11:29:45.405 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements. Date: 2017-01-07 11:12:02.986 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements. Date: 2017-01-07 10:16:03.518 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements. Date: 2017-01-06 12:02:21.599 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements. Date: 2017-01-04 22:33:58.584 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements. ==================== Memory info =========================== Processor: Intel(R) Core(TM) i3 CPU M 380 @ 2.53GHz Percentage of memory in use: 52% Total physical RAM: 2934.68 MB Available physical RAM: 1396.26 MB Total Virtual: 4278.68 MB Available Virtual: 2659.27 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:74.65 GB) (Free:43.01 GB) NTFS Drive e: () (Fixed) (Total:195.31 GB) (Free:187.89 GB) NTFS Drive f: () (Fixed) (Total:195.31 GB) (Free:138.56 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 4CDCDF4B) Partition 1: (Active) - (Size=500 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=74.6 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=195.3 GB) - (Type=07 NTFS) Partition 4: (Not Active) - (Size=195.3 GB) - (Type=07 NTFS) ==================== End of Addition.txt ============================ LastRegBack: 2017-01-10 12:13 ==================== End of FRST.txt ============================ Addition_18-01-2017_11-00-00.txt FRST_18-01-2017_11-00-00.txt
- January 18, 2017
- 5 replies
Windows 10 System Shuts down while running the scan, during heuristic analysis

Kumar replied to Kumar's topic in Resolved Malware Removal Logs

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:04-10-2015 Ran by admin (administrator) on DESKTOP-T7EL38F (18-01-2017 10:57:44) Running from C:\Users\admin\Desktop Loaded Profiles: admin (Available Profiles: defaultuser0 & admin) Platform: Windows 10 Pro (X64) Language: English (United States) Internet Explorer Version 11 (Default browser: Edge) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe () C:\Program Files (x86)\Gubed_WMI\Gubed_WMI.exe (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe Failed to access process -> Memory Compression (Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler64.exe (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe (Hewlett-Packard Co.) C:\Program Files\HP\HP Deskjet 3540 series\Bin\ScanToPCActivationApp.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe (HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe (Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe (Microsoft Corporation) C:\Windows\System32\browser_broker.exe (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe (Microsoft Corporation) C:\Windows\System32\InstallAgent.exe (Microsoft Corporation) C:\Windows\System32\smartscreen.exe (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [631808 2016-09-07] (Microsoft Corporation) HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2776528 2016-12-14] (Malwarebytes) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-09-22] (Oracle Corporation) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-21-2565885549-1411879035-1963333558-1001\...\Run: [HP Deskjet 3540 series (NET)] => C:\Program Files\HP\HP Deskjet 3540 series\Bin\ScanToPCActivationApp.exe [3487240 2014-03-06] (Hewlett-Packard Co.) HKU\S-1-5-21-2565885549-1411879035-1963333558-1001\...\MountPoints2: {0ffc644d-a98d-11e6-a380-e4e616ef3ea0} - "D:\Setup.exe" Startup: C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Opengoogle - Shortcut.lnk [2016-11-04] ShortcutTarget: Opengoogle - Shortcut.lnk -> C:\Users\admin\Desktop\Opengoogle.bat () GroupPolicyScripts: Restriction <======= ATTENTION GroupPolicyScripts\User: Restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local: [ActivePolicy] SOFTWARE\Policies\Microsoft\Windows\IPSEC\Policy\Local\ipsecPolicy{1ac9556e-1a35-4fbf-be7f-c07a04c5c56c} <======= ATTENTION (Restriction - IP) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{683d6c98-2eb4-4557-abfe-91322efc5e75}: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{dd8ca756-2d76-4373-9d3d-dcf1ae753f4e}: [DhcpNameServer] 192.168.1.1 Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = HKU\S-1-5-21-2565885549-1411879035-1963333558-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/ BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2012-10-02] (Microsoft Corporation) BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_74\bin\ssv.dll [2016-12-21] (Oracle Corporation) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2012-10-02] (Microsoft Corporation) BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2012-10-02] (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_74\bin\jp2ssv.dll [2016-12-21] (Oracle Corporation) BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2012-10-02] (Microsoft Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\ssv.dll [2016-11-01] (Oracle Corporation) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2012-10-02] (Microsoft Corporation) BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2012-10-02] (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\jp2ssv.dll [2016-11-01] (Oracle Corporation) Handler: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\System32\tbauth.dll [2016-07-16] (Microsoft Corporation) Handler-x32: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll [2016-07-16] (Microsoft Corporation) StartMenuInternet: IEXPLORE.EXE - iexplore.exe Edge: ====== Edge HomeButtonPage: HKU\S-1-5-21-2565885549-1411879035-1963333558-1001 -> hxxp://www.google.com FireFox: ======== FF ProfilePath: C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\wk1jsp8t.default FF Homepage: user_pref("browser.startup.homepage", "hxxps://www.malwarebytes.org/restorebrowser/ FF Plugin: @java.com/DTPlugin,version=11.74.2 -> C:\Program Files\Java\jre1.8.0_74\bin\dtplugin\npDeployJava1.dll [2016-12-21] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.74.2 -> C:\Program Files\Java\jre1.8.0_74\bin\plugin2\npjp2.dll [2016-12-21] (Oracle Corporation) FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2016-10-06] (Google) FF Plugin-x32: @java.com/DTPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\dtplugin\npDeployJava1.dll [2016-11-01] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\plugin2\npjp2.dll [2016-11-01] (Oracle Corporation) FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2012-10-02] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2012-10-02] (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN) FF Plugin HKU\S-1-5-21-2565885549-1411879035-1963333558-1001: @citrixonline.com/appdetectorplugin -> C:\Users\admin\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2016-11-22] (Citrix Online) FF Plugin HKU\S-1-5-21-2565885549-1411879035-1963333558-1001: tdameritrade.com/thinkorswim -> C:\Users\admin\AppData\Local\thinkorswim\npthinkorswim.dll No File FF Plugin HKU\S-1-5-21-2565885549-1411879035-1963333558-1001: tdameritrade.com/tossc -> C:\Users\admin\AppData\Local\thinkorswim\nptossc.dll No File FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2012-10-02] (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Users\admin\AppData\Roaming\mozilla\plugins\npatgpc.dll [2016-11-17] (Cisco WebEx LLC) FF Extension: Adblock Plus - C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\wk1jsp8t.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-10-11] ==================== Services (Whitelisted) ======================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S4 AppVClient; C:\Windows\system32\AppVClient.exe [822624 2016-12-14] (Microsoft Corporation) S2 CDPUserSvc; C:\Windows\System32\CDPUserSvc.dll [339456 2016-11-11] (Microsoft Corporation) R2 CDPUserSvc_c3042; C:\Windows\system32\svchost.exe [44496 2016-07-16] (Microsoft Corporation) R2 CDPUserSvc_c3042; C:\Windows\SysWOW64\svchost.exe [38792 2016-07-16] (Microsoft Corporation) S2 FirefoxU; C:\Program Files (x86)\Firefox\bin\FirefoxUpdate.exe [523952 2016-10-24] () [File not signed] S3 FrameServer; C:\Windows\system32\FrameServer.dll [805888 2016-11-02] (Microsoft Corporation) R2 GubedZL; C:\Program Files (x86)\Gubed\GubedZL.dll [125952 2017-01-16] () [File not signed] R2 Gubed_WMI; C:\Program Files (x86)\Gubed_WMI\Gubed_WMI.exe [109056 2016-12-23] () [File not signed] <==== ATTENTION R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [31776 2016-12-07] (HP Inc.) S3 HvHost; C:\Windows\System32\hvhostsvc.dll [67584 2016-07-16] (Microsoft Corporation) S2 ibtsiva; C:\Program Files (x86)\Intel\Bluetooth\utilities\ibtsiva.exe [150256 2015-07-13] (Intel Corporation) R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4317648 2016-12-14] (Malwarebytes) S3 MessagingService; C:\Windows\System32\MessagingService.dll [52224 2016-07-16] (Microsoft Corporation) S3 MessagingService_c3042; C:\Windows\system32\svchost.exe [44496 2016-07-16] (Microsoft Corporation) S3 MessagingService_c3042; C:\Windows\SysWOW64\svchost.exe [38792 2016-07-16] (Microsoft Corporation) R2 OneSyncSvc_c3042; C:\Windows\system32\svchost.exe [44496 2016-07-16] (Microsoft Corporation) R2 OneSyncSvc_c3042; C:\Windows\SysWOW64\svchost.exe [38792 2016-07-16] (Microsoft Corporation) S3 PimIndexMaintenanceSvc_c3042; C:\Windows\system32\svchost.exe [44496 2016-07-16] (Microsoft Corporation) S3 PimIndexMaintenanceSvc_c3042; C:\Windows\SysWOW64\svchost.exe [38792 2016-07-16] (Microsoft Corporation) S3 RmSvc; C:\Windows\System32\RMapi.dll [140800 2016-09-15] (Microsoft Corporation) S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [2889896 2016-09-15] (Microsoft Corporation) S4 shpamsvc; C:\Windows\system32\Windows.SharedPC.AccountManager.dll [161792 2016-07-16] (Microsoft Corporation) R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [10351856 2016-12-15] (TeamViewer GmbH) S3 TieringEngineService; C:\Windows\system32\TieringEngineService.exe [287744 2016-07-16] (Microsoft Corporation) R3 TimeBrokerSvc; C:\Windows\System32\TimeBrokerServer.dll [177664 2016-07-16] (Microsoft Corporation) S4 tzautoupdate; C:\Windows\system32\tzautoupdate.dll [95232 2016-09-07] (Microsoft Corporation) S4 UevAgentService; C:\Windows\system32\AgentService.exe [1227264 2016-07-16] (Microsoft Corporation) S3 UnistoreSvc_c3042; C:\Windows\System32\svchost.exe [44496 2016-07-16] (Microsoft Corporation) S3 UnistoreSvc_c3042; C:\Windows\SysWOW64\svchost.exe [38792 2016-07-16] (Microsoft Corporation) S3 UserDataSvc_c3042; C:\Windows\system32\svchost.exe [44496 2016-07-16] (Microsoft Corporation) S3 UserDataSvc_c3042; C:\Windows\SysWOW64\svchost.exe [38792 2016-07-16] (Microsoft Corporation) S3 vmicrdv; C:\Windows\System32\icsvcext.dll [349696 2016-09-15] (Microsoft Corporation) S3 vmicvss; C:\Windows\System32\icsvcext.dll [349696 2016-09-15] (Microsoft Corporation) R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation) R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation) S3 wisvc; C:\Windows\system32\flightsettings.dll [635904 2016-11-02] (Microsoft Corporation) S3 WpnUserService; C:\Windows\System32\WpnUserService.dll [74240 2016-07-16] (Microsoft Corporation) S3 WpnUserService_c3042; C:\Windows\system32\svchost.exe [44496 2016-07-16] (Microsoft Corporation) S3 WpnUserService_c3042; C:\Windows\SysWOW64\svchost.exe [38792 2016-07-16] (Microsoft Corporation) S2 ed2kidle; "C:\Program Files (x86)\amuleC\ed2k.exe" -downloadwhenidle [X] ===================== Drivers (Whitelisted) ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 AcpiDev; C:\Windows\System32\drivers\AcpiDev.sys [18432 2016-07-16] (Microsoft Corporation) S3 applockerfltr; C:\Windows\System32\drivers\applockerfltr.sys [15360 2016-07-16] (Microsoft Corporation) S3 AppvStrm; C:\Windows\system32\drivers\AppvStrm.sys [127328 2016-09-15] (Microsoft Corporation) S3 AppvVemgr; C:\Windows\system32\drivers\AppvVemgr.sys [157024 2016-07-16] (Microsoft Corporation) S3 AppvVfs; C:\Windows\system32\drivers\AppvVfs.sys [141152 2016-07-16] (Microsoft Corporation) S0 b06bdrv; C:\Windows\System32\drivers\bxvbda.sys [533856 2016-07-16] (QLogic Corporation) S3 bcmfn; C:\Windows\System32\drivers\bcmfn.sys [9728 2016-07-16] (Windows (R) Win 7 DDK provider) S3 BthA2DP; C:\Windows\system32\drivers\BthA2DP.sys [168448 2016-09-15] (Microsoft Corporation) R3 BthHFAud; C:\Windows\system32\DRIVERS\BthHfAud.sys [37376 2016-07-16] (Microsoft Corporation) S3 cht4iscsi; C:\Windows\System32\drivers\cht4sx64.sys [346976 2016-07-16] (Chelsio Communications) S3 cht4vbd; C:\Windows\System32\drivers\cht4vx64.sys [2104160 2016-07-16] (Chelsio Communications) R2 clreg; C:\Windows\System32\drivers\registry.sys [70144 2016-07-16] (Microsoft Corporation) S3 hvservice; C:\Windows\System32\drivers\hvservice.sys [73568 2016-08-06] (Microsoft Corporation) S3 iagpio; C:\Windows\System32\drivers\iagpio.sys [33280 2016-07-16] (Intel(R) Corporation) S3 iai2c; C:\Windows\System32\drivers\iai2c.sys [81408 2016-07-16] (Intel(R) Corporation) S3 iaLPSS2i_GPIO2; C:\Windows\System32\drivers\iaLPSS2i_GPIO2.sys [64512 2016-07-16] (Intel Corporation) S3 iaLPSS2i_I2C; C:\Windows\System32\drivers\iaLPSS2i_I2C.sys [176384 2016-07-16] (Intel Corporation) S3 IndirectKmd; C:\Windows\System32\drivers\IndirectKmd.sys [35840 2016-07-16] (Microsoft Corporation) R0 iorate; C:\Windows\System32\drivers\iorate.sys [48992 2016-11-02] (Microsoft Corporation) R0 MBAMSwissArmy; C:\Windows\System32\drivers\MBAMSwissArmy.sys [250816 2017-01-18] (Malwarebytes) S0 megasas2i; C:\Windows\System32\drivers\MegaSas2i.sys [64352 2016-10-05] (Avago Technologies) S3 MsSecFlt; C:\Windows\System32\drivers\mssecflt.sys [179040 2016-07-16] (Microsoft Corporation) S3 NetAdapterCx; C:\Windows\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] () S0 percsas2i; C:\Windows\System32\drivers\percsas2i.sys [58720 2016-07-16] (Avago Technologies) R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [589824 2016-07-16] (Realtek ) S0 scmbus; C:\Windows\System32\drivers\scmbus.sys [88416 2016-07-16] (Microsoft Corporation) S3 scmdisk0101; C:\Windows\System32\drivers\scmdisk0101.sys [123904 2016-07-16] (Microsoft Corporation) S3 UcmTcpciCx0101; C:\Windows\System32\Drivers\UcmTcpciCx.sys [108544 2016-07-16] (Microsoft Corporation) S3 UdeCx; C:\Windows\System32\drivers\udecx.sys [45568 2016-07-16] (Microsoft Corporation) S4 UevAgentDriver; C:\Windows\system32\drivers\UevAgentDriver.sys [40288 2016-07-16] (Microsoft Corporation) S3 vmgid; C:\Windows\System32\drivers\vmgid.sys [10240 2016-07-16] (Microsoft Corporation) R0 volume; C:\Windows\System32\drivers\volume.sys [16224 2016-07-16] (Microsoft Corporation) R2 wcifs; C:\Windows\system32\drivers\wcifs.sys [119648 2016-09-15] (Microsoft Corporation) R2 wcnfs; C:\Windows\system32\drivers\wcnfs.sys [66560 2016-07-16] (Microsoft Corporation) S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation) R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation) R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) NETSVC: shpamsvc -> C:\Windows\system32\Windows.SharedPC.AccountManager.dll (Microsoft Corporation) NETSVC: WpnService -> C:\Windows\system32\WpnService.dll (Microsoft Corporation) NETSVC: wisvc -> C:\Windows\system32\flightsettings.dll (Microsoft Corporation) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-01-18 10:57 - 2017-01-18 10:58 - 00019014 _____ C:\Users\admin\Desktop\FRST.txt 2017-01-18 10:57 - 2017-01-18 10:57 - 00000000 ____D C:\FRST 2017-01-18 10:56 - 2017-01-18 10:57 - 02193920 _____ (Farbar) C:\Users\admin\Desktop\FRST64.exe 2017-01-18 10:50 - 2016-12-26 11:27 - 00022016 _____ C:\Users\admin\Desktop\tt0202.xls 2017-01-18 10:50 - 2016-12-21 22:40 - 00955904 _____ C:\Users\admin\Desktop\VRS16 X 2003.xls 2017-01-18 10:50 - 2016-11-23 12:53 - 00061003 _____ C:\Users\admin\Desktop\Valuing Oil Stocks with the Graham Number.xlsm 2017-01-18 10:50 - 2016-11-16 17:35 - 79029520 _____ (WhatsApp) C:\Users\admin\Desktop\WhatsAppSetup.exe 2017-01-18 10:50 - 2016-11-16 17:35 - 79029520 _____ (WhatsApp) C:\Users\admin\Desktop\Unconfirmed 52640.crdownload 2017-01-18 10:50 - 2016-11-16 16:41 - 24743106 _____ C:\Users\admin\Desktop\vlc-setup-win.exe 2017-01-18 10:50 - 2016-11-05 21:26 - 00069710 _____ C:\Users\admin\Desktop\Valuing-Oil-Stocks-with-the-Graham-Number.zip 2017-01-18 10:50 - 2016-10-21 16:03 - 10841720 _____ (TeamViewer GmbH) C:\Users\admin\Desktop\TeamViewer_Setup_en-sbv.exe 2017-01-18 10:50 - 2016-10-17 13:19 - 06544056 _____ (Intel(R) Corporation) C:\Users\admin\Desktop\WP-BT_17.1.1529.1613_t64(1).exe 2017-01-18 10:50 - 2016-10-15 17:30 - 06544056 _____ (Intel(R) Corporation) C:\Users\admin\Desktop\WP-BT_17.1.1529.1613_t64.exe 2017-01-18 10:50 - 2016-10-13 20:34 - 30072320 _____ C:\Users\admin\Desktop\TradeTigerSetup.msi 2017-01-18 10:49 - 2017-01-18 10:50 - 00000000 ____D C:\Users\admin\Desktop\OptionProbabilityCalculator 2017-01-18 10:49 - 2017-01-17 13:49 - 54199488 _____ (Malwarebytes ) C:\Users\admin\Desktop\mb3-setup-consumer-3.0.5.1299.exe 2017-01-18 10:49 - 2017-01-15 23:17 - 00352436 _____ C:\Users\admin\Desktop\google.csv 2017-01-18 10:49 - 2017-01-15 17:16 - 00243552 _____ C:\Users\admin\Desktop\Firefox Setup Stub 50.1.0.exe 2017-01-18 10:49 - 2017-01-15 16:38 - 16146725 _____ C:\Users\admin\Desktop\pi.zip 2017-01-18 10:49 - 2017-01-10 23:26 - 01065376 _____ (Google Inc.) C:\Users\admin\Desktop\GoogleEarthSetup.exe 2017-01-18 10:49 - 2016-12-27 20:52 - 00113079 _____ C:\Users\admin\Desktop\DELHI (1).xlsx 2017-01-18 10:49 - 2016-12-27 19:58 - 00065024 _____ C:\Users\admin\Desktop\fiscal-calendar-2017-portrait-6-months-blocks.xls 2017-01-18 10:49 - 2016-12-26 23:16 - 00113079 _____ C:\Users\admin\Desktop\DELHI.xlsx 2017-01-18 10:49 - 2016-12-21 23:15 - 43544408 _____ (HP Inc. ) C:\Users\admin\Desktop\sp78153.exe 2017-01-18 10:49 - 2016-12-21 16:46 - 57569888 _____ (Oracle Corporation) C:\Users\admin\Desktop\jre-8u74-windows-x64.exe 2017-01-18 10:49 - 2016-12-21 16:33 - 30403470 _____ C:\Users\admin\Desktop\NestTrader_Setup_V.3.11.4.4_CapitalFocus_iNET_without_framewrk.zip 2017-01-18 10:49 - 2016-12-12 17:05 - 07659763 _____ C:\Users\admin\Desktop\cHENNAI vARDAH 2016-12-12 at 16.23.19 2017-01-18 10:49 - 2016-12-02 16:01 - 00000103 _____ C:\Users\admin\Desktop\block.csv 2017-01-18 10:49 - 2016-11-29 20:08 - 00022028 _____ C:\Users\admin\Desktop\FOVOLT_28112016.csv 2017-01-18 10:49 - 2016-11-29 19:46 - 00025508 _____ C:\Users\admin\Desktop\FOVOLT_29112016.csv 2017-01-18 10:49 - 2016-11-29 17:13 - 00025514 _____ C:\Users\admin\Desktop\FOVOLT_28112016 (1).csv 2017-01-18 10:49 - 2016-11-24 18:10 - 00000922 _____ C:\Users\admin\Desktop\fao_participant_vol_24112016.csv 2017-01-18 10:49 - 2016-11-24 18:06 - 00000883 _____ C:\Users\admin\Desktop\fao_participant_oi_24112016.csv 2017-01-18 10:49 - 2016-11-24 16:35 - 00025534 _____ C:\Users\admin\Desktop\FOVOLT_24112016.csv 2017-01-18 10:49 - 2016-11-23 16:55 - 00000907 _____ C:\Users\admin\Desktop\fao_participant_vol_22112016.csv 2017-01-18 10:49 - 2016-11-23 11:09 - 00101236 _____ C:\Users\admin\Desktop\CMVOLT_22112016.CSV 2017-01-18 10:49 - 2016-11-17 15:06 - 00922728 _____ (Cisco WebEx LLC) C:\Users\admin\Desktop\Cisco_WebEx_Add-On.exe 2017-01-18 10:49 - 2016-11-09 15:23 - 00321536 _____ C:\Users\admin\Desktop\OptionTradingWorkbook.xls 2017-01-18 10:49 - 2016-11-09 15:09 - 00330752 _____ C:\Users\admin\Desktop\OptionTradingWorkbook (1).xls 2017-01-18 10:49 - 2016-11-08 18:42 - 00526336 _____ C:\Users\admin\Desktop\IndexInclExcl.xls 2017-01-18 10:49 - 2016-11-08 11:36 - 00006234 _____ C:\Users\admin\Desktop\nifty50_mcwb.csv 2017-01-18 10:49 - 2016-11-05 21:03 - 00011314 _____ C:\Users\admin\Desktop\OptionProbabilityCalculator.zip 2017-01-18 10:49 - 2016-11-02 16:10 - 02076064 _____ C:\Users\admin\Desktop\ShowMyPC3500.exe 2017-01-18 10:49 - 2016-11-02 12:26 - 00051017 _____ C:\Users\admin\Desktop\table (1).csv 2017-01-18 10:49 - 2016-11-02 12:24 - 00057559 _____ C:\Users\admin\Desktop\table.csv 2017-01-18 10:49 - 2016-11-02 11:35 - 00019964 _____ C:\Users\admin\Desktop\FOVOLT_210920151.csv 2017-01-18 10:49 - 2016-11-02 11:34 - 00023217 _____ C:\Users\admin\Desktop\FOVOLT_21092015.csv 2017-01-18 10:49 - 2016-11-01 21:21 - 00083253 _____ C:\Users\admin\Desktop\DailyNFRELIANCE 24-Nov-2016.csv 2017-01-18 10:49 - 2016-11-01 16:53 - 00348527 _____ C:\Users\admin\Desktop\dATA _ TO CALCULATE vo_DailyNCNIFTY.csv 2017-01-18 10:49 - 2016-11-01 16:45 - 00007562 _____ C:\Users\admin\Desktop\8750_NIFTY_CE_01-Aug-2016_TO_28-Oct-2016.csv 2017-01-18 10:49 - 2016-11-01 14:02 - 00737344 _____ (Oracle Corporation) C:\Users\admin\Desktop\JavaSetup8u111.exe 2017-01-18 10:49 - 2016-10-31 22:41 - 00025521 _____ C:\Users\admin\Desktop\FOVOLT_30102016.csv 2017-01-18 10:49 - 2016-10-31 22:40 - 00001307 _____ C:\Users\admin\Desktop\FOVOLT_28102016.csv 2017-01-18 10:49 - 2016-10-26 23:18 - 00002577 _____ C:\Users\admin\Desktop\OPTIDX_NIFTY_CE_03-Oct-2016_TO_26-Oct-2016.csv 2017-01-18 10:49 - 2016-10-26 23:18 - 00002569 _____ C:\Users\admin\Desktop\OPTIDX_NIFTY_PE_03-Oct-2016_TO_26-Oct-2016.csv 2017-01-18 10:49 - 2016-10-26 23:05 - 00046080 _____ C:\Users\admin\Desktop\sos_scheme (1).xls 2017-01-18 10:49 - 2016-10-26 23:04 - 00046080 _____ C:\Users\admin\Desktop\sos_scheme.xls 2017-01-18 10:49 - 2016-10-26 16:13 - 00422371 _____ C:\Users\admin\Desktop\fo25OCT2016bhav.csv.zip 2017-01-18 10:49 - 2016-10-26 16:07 - 00063045 _____ C:\Users\admin\Desktop\cm25OCT2016bhav.csv.zip 2017-01-18 10:49 - 2016-10-26 16:05 - 00101678 _____ C:\Users\admin\Desktop\CMVOLT_25102016.CSV 2017-01-18 10:49 - 2016-10-25 22:00 - 00067584 _____ C:\Users\admin\Desktop\Options_Premium_Calculator.xls 2017-01-18 10:49 - 2016-10-24 15:51 - 00065870 _____ C:\Users\admin\Desktop\app1.pdf;jsessionid=C0ABE07C15C69BC99E86C4E0FA91A095.f03t03 2017-01-18 10:49 - 2016-10-23 18:08 - 03630540 _____ C:\Users\admin\Desktop\option_trades_20160516_TUVWXYZ_sample.zip 2017-01-18 10:49 - 2016-10-21 17:24 - 00927232 _____ C:\Users\admin\Desktop\OptionCalculatorSetup.msi 2017-01-18 10:49 - 2016-10-21 15:30 - 24998531 _____ C:\Users\admin\Desktop\NEST3.zip 2017-01-18 10:49 - 2016-10-15 19:01 - 52706560 _____ (Lenovo Group Limited ) C:\Users\admin\Desktop\j3bm02ww.exe 2017-01-18 10:49 - 2016-10-11 19:52 - 00243560 _____ C:\Users\admin\Desktop\Firefox Setup Stub 49.0.1.exe 2017-01-17 14:12 - 2017-01-17 14:12 - 00174764 _____ C:\Windows\Minidump\011717-19531-01.dmp 2017-01-17 13:49 - 2017-01-18 10:22 - 00250816 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2017-01-17 13:49 - 2017-01-17 13:49 - 00001912 _____ C:\Users\Public\Desktop\Malwarebytes.lnk 2017-01-17 13:49 - 2017-01-17 13:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes 2017-01-17 13:49 - 2017-01-17 13:49 - 00000000 ____D C:\ProgramData\Malwarebytes 2017-01-17 13:49 - 2017-01-17 13:49 - 00000000 ____D C:\Program Files\Malwarebytes 2017-01-17 13:49 - 2016-12-14 12:55 - 00077416 _____ C:\Windows\system32\Drivers\mbae64.sys 2017-01-17 11:57 - 2017-01-17 13:53 - 00000214 _____ C:\Windows\Tasks\CreateExplorerShellUnelevatedTask.job 2017-01-15 22:44 - 2017-01-16 09:29 - 00142188 _____ C:\Users\admin\Desktop\New_IntraDayNFNIFTY 25-Jan-2017.xlsm 2017-01-15 18:46 - 2017-01-15 22:44 - 00156974 _____ C:\Users\admin\Desktop\IntraDayNFNIFTY 25-Jan-2017.csv 2017-01-15 17:17 - 2017-01-16 23:14 - 00000000 ____D C:\Users\admin\AppData\LocalLow\Mozilla 2017-01-15 16:40 - 2017-01-15 16:40 - 00002565 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Uninstall Pi.lnk 2017-01-15 16:40 - 2017-01-15 16:40 - 00002565 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Pi.lnk 2017-01-15 16:40 - 2017-01-15 16:40 - 00002559 _____ C:\Users\Public\Desktop\Pi.lnk 2017-01-15 16:40 - 2017-01-15 16:40 - 00000000 ____D C:\Zerodha 2017-01-12 19:53 - 2017-01-12 19:53 - 00001040 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 12.lnk 2017-01-12 19:53 - 2017-01-12 19:53 - 00001028 _____ C:\Users\Public\Desktop\TeamViewer 12.lnk 2017-01-12 12:13 - 2017-01-12 12:39 - 00002596 _____ C:\Users\admin\Desktop\GraphNFNIFTY 25-Jan-2017.csv 2017-01-12 11:55 - 2017-01-12 11:55 - 00238942 _____ C:\Users\admin\Desktop\min_HA_Open_hign and Low testing.csv 2017-01-12 11:44 - 2017-01-15 18:40 - 00089533 _____ C:\Users\admin\Desktop\DailyNFNIFTY 25-Jan-2017_12th Jan.csv 2017-01-11 13:22 - 2016-12-23 04:43 - 00835576 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2017-01-11 13:22 - 2016-12-23 04:43 - 00177656 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2017-01-11 10:10 - 2016-12-21 13:13 - 04130440 _____ (Microsoft Corporation) C:\Windows\system32\mfcore.dll 2017-01-11 10:10 - 2016-12-21 13:13 - 01454504 _____ (Microsoft Corporation) C:\Windows\system32\mfnetsrc.dll 2017-01-11 10:10 - 2016-12-21 13:13 - 01071736 _____ (Microsoft Corporation) C:\Windows\system32\mfnetcore.dll 2017-01-11 10:10 - 2016-12-21 13:12 - 01988560 _____ (Microsoft Corporation) C:\Windows\system32\mfmp4srcsnk.dll 2017-01-11 10:10 - 2016-12-21 13:12 - 01702392 _____ (Microsoft Corporation) C:\Windows\system32\mfasfsrcsnk.dll 2017-01-11 10:10 - 2016-12-21 13:12 - 01300600 _____ (Microsoft Corporation) C:\Windows\system32\mfmpeg2srcsnk.dll 2017-01-11 10:10 - 2016-12-21 13:11 - 01600632 _____ (Microsoft Corporation) C:\Windows\system32\sppobjs.dll 2017-01-11 10:10 - 2016-12-21 12:38 - 00360448 _____ (Microsoft Corporation) C:\Windows\system32\rdpencom.dll 2017-01-11 10:10 - 2016-12-21 12:36 - 06285312 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.dll 2017-01-11 10:10 - 2016-12-21 12:29 - 00883712 _____ (Microsoft Corporation) C:\Windows\system32\samsrv.dll 2017-01-11 10:10 - 2016-12-21 12:26 - 00936960 _____ (Microsoft Corporation) C:\Windows\system32\MCRecvSrc.dll 2017-01-11 10:10 - 2016-12-21 12:23 - 04474368 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_47.dll 2017-01-11 10:10 - 2016-12-21 12:21 - 08075776 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll 2017-01-11 10:10 - 2016-12-21 12:21 - 05611008 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll 2017-01-11 10:10 - 2016-12-21 12:20 - 01490432 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2017-01-11 10:10 - 2016-12-21 11:29 - 00218976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\offlinesam.dll 2017-01-11 10:10 - 2016-12-21 10:39 - 00263472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Storage.ApplicationData.dll 2017-01-11 10:10 - 2016-12-21 10:13 - 00285184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.BlockedShutdown.dll 2017-01-11 10:10 - 2016-12-21 10:11 - 00253952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.BioFeedback.dll 2017-01-11 10:10 - 2016-12-21 10:10 - 00557568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\StoreAgent.dll 2017-01-11 10:10 - 2016-12-21 10:10 - 00180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InstallAgent.exe 2017-01-11 10:10 - 2016-12-21 10:09 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InstallAgentUserBroker.exe 2017-01-11 10:10 - 2016-12-21 10:08 - 00866816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Cred.dll 2017-01-11 10:10 - 2016-12-21 09:52 - 01883648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Logon.dll 2017-01-11 10:10 - 2016-12-14 11:11 - 01235296 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2017-01-11 10:10 - 2016-12-14 10:18 - 01631232 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Xaml.Resources.dll 2017-01-11 10:10 - 2016-12-14 10:08 - 17188864 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Xaml.dll 2017-01-11 10:10 - 2016-12-14 10:08 - 00213504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.CredDialogController.dll 2017-01-11 10:10 - 2016-12-14 09:54 - 01005568 _____ (Microsoft Corporation) C:\Windows\system32\D3D12.dll 2017-01-11 10:10 - 2016-12-14 09:54 - 00673792 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe 2017-01-11 10:10 - 2016-12-14 09:53 - 03134976 _____ (Microsoft Corporation) C:\Windows\system32\rdpcore.dll 2017-01-11 10:10 - 2016-12-14 09:52 - 02317824 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll 2017-01-11 10:10 - 2016-12-14 09:52 - 00391168 _____ (Microsoft Corporation) C:\Windows\system32\wuuhext.dll 2017-01-11 10:09 - 2016-12-21 13:38 - 00245600 _____ (Microsoft Corporation) C:\Windows\system32\offlinesam.dll 2017-01-11 10:09 - 2016-12-21 13:38 - 00136032 _____ (Microsoft Corporation) C:\Windows\system32\ImplatSetup.dll 2017-01-11 10:09 - 2016-12-21 13:34 - 07816032 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2017-01-11 10:09 - 2016-12-21 13:19 - 00328008 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Storage.ApplicationData.dll 2017-01-11 10:09 - 2016-12-21 13:16 - 00624048 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys 2017-01-11 10:09 - 2016-12-21 13:13 - 00092512 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll 2017-01-11 10:09 - 2016-12-21 13:12 - 22224480 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll 2017-01-11 10:09 - 2016-12-21 13:07 - 00455520 _____ (Microsoft Corporation) C:\Windows\system32\securekernel.exe 2017-01-11 10:09 - 2016-12-21 12:45 - 22563840 _____ (Microsoft Corporation) C:\Windows\system32\edgehtml.dll 2017-01-11 10:09 - 2016-12-21 12:44 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\LaunchWinApp.exe 2017-01-11 10:09 - 2016-12-21 12:39 - 00368640 _____ (Microsoft Corporation) C:\Windows\system32\OneBackupHandler.dll 2017-01-11 10:09 - 2016-12-21 12:39 - 00363520 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.BioFeedback.dll 2017-01-11 10:09 - 2016-12-21 12:38 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.BlockedShutdown.dll 2017-01-11 10:09 - 2016-12-21 12:38 - 00289792 _____ (Microsoft Corporation) C:\Windows\system32\DeveloperOptionsSettingsHandlers.dll 2017-01-11 10:09 - 2016-12-21 12:38 - 00211968 _____ (Microsoft Corporation) C:\Windows\system32\InstallAgent.exe 2017-01-11 10:09 - 2016-12-21 12:37 - 00748544 _____ (Microsoft Corporation) C:\Windows\system32\StoreAgent.dll 2017-01-11 10:09 - 2016-12-21 12:36 - 00310784 _____ (Microsoft Corporation) C:\Windows\system32\SyncSettings.dll 2017-01-11 10:09 - 2016-12-21 12:36 - 00260608 _____ (Microsoft Corporation) C:\Windows\system32\InstallAgentUserBroker.exe 2017-01-11 10:09 - 2016-12-21 12:36 - 00147456 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll 2017-01-11 10:09 - 2016-12-21 12:35 - 00425984 _____ (Microsoft Corporation) C:\Windows\system32\aadcloudap.dll 2017-01-11 10:09 - 2016-12-21 12:35 - 00261632 _____ (Microsoft Corporation) C:\Windows\system32\indexeddbserver.dll 2017-01-11 10:09 - 2016-12-21 12:35 - 00049152 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Shell.dll 2017-01-11 10:09 - 2016-12-21 12:31 - 09131008 _____ (Microsoft Corporation) C:\Windows\system32\twinui.dll 2017-01-11 10:09 - 2016-12-21 12:30 - 00440320 _____ (Microsoft Corporation) C:\Windows\system32\fhcfg.dll 2017-01-11 10:09 - 2016-12-21 12:29 - 01908224 _____ (Microsoft Corporation) C:\Windows\system32\AzureSettingSyncProvider.dll 2017-01-11 10:09 - 2016-12-21 12:28 - 23678464 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2017-01-11 10:09 - 2016-12-21 12:27 - 00462336 _____ (Microsoft Corporation) C:\Windows\system32\fhsettingsprovider.dll 2017-01-11 10:09 - 2016-12-21 12:26 - 00947712 _____ (Microsoft Corporation) C:\Windows\system32\MSVP9DEC.dll 2017-01-11 10:09 - 2016-12-21 12:25 - 08129536 _____ (Microsoft Corporation) C:\Windows\system32\Chakra.dll 2017-01-11 10:09 - 2016-12-21 12:25 - 04749312 _____ (Microsoft Corporation) C:\Windows\system32\SettingsHandlers_nt.dll 2017-01-11 10:09 - 2016-12-21 12:24 - 05511680 _____ (Microsoft Corporation) C:\Windows\system32\aclui.dll 2017-01-11 10:09 - 2016-12-21 12:23 - 06664192 _____ (Microsoft Corporation) C:\Windows\system32\mspaint.exe 2017-01-11 10:09 - 2016-12-21 12:19 - 04149248 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll 2017-01-11 10:09 - 2016-12-21 12:19 - 02691072 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Logon.dll 2017-01-11 10:09 - 2016-12-21 12:19 - 01062912 _____ (Microsoft Corporation) C:\Windows\system32\SettingSyncCore.dll 2017-01-11 10:09 - 2016-12-21 12:17 - 01121280 _____ (Microsoft Corporation) C:\Windows\system32\aadtb.dll 2017-01-11 10:09 - 2016-12-21 10:32 - 03892864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfcore.dll 2017-01-11 10:09 - 2016-12-21 10:32 - 01852720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfmp4srcsnk.dll 2017-01-11 10:09 - 2016-12-21 10:32 - 01360464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfnetsrc.dll 2017-01-11 10:09 - 2016-12-21 10:32 - 01277344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfasfsrcsnk.dll 2017-01-11 10:09 - 2016-12-21 10:32 - 01201872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfmpeg2srcsnk.dll 2017-01-11 10:09 - 2016-12-21 10:32 - 00980832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfnetcore.dll 2017-01-11 10:09 - 2016-12-21 10:31 - 20969928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll 2017-01-11 10:09 - 2016-12-21 10:16 - 00034304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\LaunchWinApp.exe 2017-01-11 10:09 - 2016-12-21 10:11 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.LockScreen.dll 2017-01-11 10:09 - 2016-12-21 10:10 - 00318976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpencom.dll 2017-01-11 10:09 - 2016-12-21 10:10 - 00237056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SyncSettings.dll 2017-01-11 10:09 - 2016-12-21 10:09 - 01300480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSVPXENC.dll 2017-01-11 10:09 - 2016-12-21 10:05 - 04612608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.dll 2017-01-11 10:09 - 2016-12-21 10:05 - 00198656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\indexeddbserver.dll 2017-01-11 10:09 - 2016-12-21 10:04 - 07626752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll 2017-01-11 10:09 - 2016-12-21 10:03 - 19413504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\edgehtml.dll 2017-01-11 10:09 - 2016-12-21 10:02 - 19417600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2017-01-11 10:09 - 2016-12-21 10:00 - 05398016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aclui.dll 2017-01-11 10:09 - 2016-12-21 10:00 - 01255936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AzureSettingSyncProvider.dll 2017-01-11 10:09 - 2016-12-21 09:57 - 00640000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MCRecvSrc.dll 2017-01-11 10:09 - 2016-12-21 09:56 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSVP9DEC.dll 2017-01-11 10:09 - 2016-12-21 09:55 - 07469056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll 2017-01-11 10:09 - 2016-12-21 09:55 - 06474752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mspaint.exe 2017-01-11 10:09 - 2016-12-21 09:54 - 06044160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Chakra.dll 2017-01-11 10:09 - 2016-12-14 11:11 - 00590960 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll 2017-01-11 10:09 - 2016-12-14 11:04 - 02482280 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll 2017-01-11 10:09 - 2016-12-14 11:03 - 02169184 _____ (Microsoft Corporation) C:\Windows\system32\AppVEntSubsystems64.dll 2017-01-11 10:09 - 2016-12-14 11:03 - 01669984 _____ (Microsoft Corporation) C:\Windows\system32\AppVIntegration.dll 2017-01-11 10:09 - 2016-12-14 11:03 - 01400160 _____ (Microsoft Corporation) C:\Windows\system32\AppVEntSubsystemController.dll 2017-01-11 10:09 - 2016-12-14 11:03 - 01356864 _____ (Microsoft Corporation) C:\Windows\system32\ClipUp.exe 2017-01-11 10:09 - 2016-12-14 11:03 - 01054048 _____ (Microsoft Corporation) C:\Windows\system32\AppVPolicy.dll 2017-01-11 10:09 - 2016-12-14 11:03 - 00992096 _____ (Microsoft Corporation) C:\Windows\system32\AppVManifest.dll 2017-01-11 10:09 - 2016-12-14 11:03 - 00822624 _____ (Microsoft Corporation) C:\Windows\system32\AppVClient.exe 2017-01-11 10:09 - 2016-12-14 11:03 - 00813408 _____ (Microsoft Corporation) C:\Windows\system32\AppVEntStreamingManager.dll 2017-01-11 10:09 - 2016-12-14 11:03 - 00779616 _____ (Microsoft Corporation) C:\Windows\system32\AppVReporting.dll 2017-01-11 10:09 - 2016-12-14 11:03 - 00752992 _____ (Microsoft Corporation) C:\Windows\system32\AppVOrchestration.dll 2017-01-11 10:09 - 2016-12-14 11:03 - 00704352 _____ (Microsoft Corporation) C:\Windows\system32\AppVEntVirtualization.dll 2017-01-11 10:09 - 2016-12-14 11:03 - 00696160 _____ (Microsoft Corporation) C:\Windows\system32\AppVPublishing.dll 2017-01-11 10:09 - 2016-12-14 11:03 - 00571744 _____ (Microsoft Corporation) C:\Windows\system32\AppVCatalog.dll 2017-01-11 10:09 - 2016-12-14 11:03 - 00513376 _____ (Microsoft Corporation) C:\Windows\system32\TransportDSA.dll 2017-01-11 10:09 - 2016-12-14 11:03 - 00406368 _____ (Microsoft Corporation) C:\Windows\system32\AppVScripting.dll 2017-01-11 10:09 - 2016-12-14 11:03 - 00241504 _____ (Microsoft Corporation) C:\Windows\system32\AppVShNotify.exe 2017-01-11 10:09 - 2016-12-14 11:03 - 00190816 _____ (Microsoft Corporation) C:\Windows\system32\AppVDllSurrogate.exe 2017-01-11 10:09 - 2016-12-14 10:53 - 00404832 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2017-01-11 10:09 - 2016-12-14 10:51 - 02206496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll 2017-01-11 10:09 - 2016-12-14 10:49 - 00584544 _____ (Microsoft Corporation) C:\Windows\system32\SettingSyncHost.exe 2017-01-11 10:09 - 2016-12-14 10:48 - 00715104 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vhdmp.sys 2017-01-11 10:09 - 2016-12-14 10:48 - 00335712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pci.sys 2017-01-11 10:09 - 2016-12-14 10:47 - 00319288 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll 2017-01-11 10:09 - 2016-12-14 10:44 - 01694712 _____ (Microsoft Corporation) C:\Windows\system32\winmde.dll 2017-01-11 10:09 - 2016-12-14 10:44 - 00418952 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll 2017-01-11 10:09 - 2016-12-14 10:44 - 00089416 _____ (Microsoft Corporation) C:\Windows\system32\remoteaudioendpoint.dll 2017-01-11 10:09 - 2016-12-14 10:31 - 01557808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winmde.dll 2017-01-11 10:09 - 2016-12-14 10:31 - 00382784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll 2017-01-11 10:09 - 2016-12-14 10:31 - 00076984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\remoteaudioendpoint.dll 2017-01-11 10:09 - 2016-12-14 10:16 - 01631232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Xaml.Resources.dll 2017-01-11 10:09 - 2016-12-14 10:16 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2017-01-11 10:09 - 2016-12-14 10:13 - 00201728 _____ (Microsoft Corporation) C:\Windows\system32\ScDeviceEnum.dll 2017-01-11 10:09 - 2016-12-14 10:12 - 00352768 _____ (Microsoft Corporation) C:\Windows\system32\cloudAP.dll 2017-01-11 10:09 - 2016-12-14 10:12 - 00236544 _____ (Microsoft Corporation) C:\Windows\system32\WinSCard.dll 2017-01-11 10:09 - 2016-12-14 10:12 - 00208896 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Internal.UI.Logon.ProxyStub.dll 2017-01-11 10:09 - 2016-12-14 10:12 - 00167424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WinSCard.dll 2017-01-11 10:09 - 2016-12-14 10:11 - 00223744 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2017-01-11 10:09 - 2016-12-14 10:10 - 00324096 _____ (Microsoft Corporation) C:\Windows\system32\domgmt.dll 2017-01-11 10:09 - 2016-12-14 10:10 - 00231424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CloudBackupSettings.dll 2017-01-11 10:09 - 2016-12-14 10:10 - 00193536 _____ (Microsoft Corporation) C:\Windows\system32\certprop.dll 2017-01-11 10:09 - 2016-12-14 10:09 - 00837632 _____ (Microsoft Corporation) C:\Windows\system32\wbiosrvc.dll 2017-01-11 10:09 - 2016-12-14 10:09 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\updatehandlers.dll 2017-01-11 10:09 - 2016-12-14 10:09 - 00257024 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.CredDialogController.dll 2017-01-11 10:09 - 2016-12-14 10:08 - 13869056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Xaml.dll 2017-01-11 10:09 - 2016-12-14 10:08 - 00295424 _____ (Microsoft Corporation) C:\Windows\system32\CloudBackupSettings.dll 2017-01-11 10:09 - 2016-12-14 10:07 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\updatepolicy.dll 2017-01-11 10:09 - 2016-12-14 10:06 - 01002496 _____ (Microsoft Corporation) C:\Windows\system32\SRH.dll 2017-01-11 10:09 - 2016-12-14 10:06 - 00539648 _____ (Microsoft Corporation) C:\Windows\system32\usocore.dll 2017-01-11 10:09 - 2016-12-14 10:06 - 00074752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\updatepolicy.dll 2017-01-11 10:09 - 2016-12-14 10:05 - 00755712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2017-01-11 10:09 - 2016-12-14 10:05 - 00712192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll 2017-01-11 10:09 - 2016-12-14 10:05 - 00600576 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll 2017-01-11 10:09 - 2016-12-14 10:05 - 00553984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll 2017-01-11 10:09 - 2016-12-14 10:02 - 00497152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\LogonController.dll 2017-01-11 10:09 - 2016-12-14 09:56 - 00932864 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2017-01-11 10:09 - 2016-12-14 09:56 - 00869888 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll 2017-01-11 10:09 - 2016-12-14 09:55 - 02009600 _____ (Microsoft Corporation) C:\Windows\system32\SRHInproc.dll 2017-01-11 10:09 - 2016-12-14 09:53 - 01231872 _____ (Microsoft Corporation) C:\Windows\system32\dosvc.dll 2017-01-11 10:09 - 2016-12-14 09:52 - 02748416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpcore.dll 2017-01-11 10:09 - 2016-12-14 09:52 - 01513472 _____ (Microsoft Corporation) C:\Windows\system32\win32kbase.sys 2017-01-11 10:09 - 2016-12-14 09:51 - 03616768 _____ (Microsoft Corporation) C:\Windows\system32\win32kfull.sys 2017-01-11 10:09 - 2016-11-02 17:31 - 00484584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll 2017-01-11 10:09 - 2016-11-02 16:30 - 00534096 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll 2017-01-11 10:09 - 2016-11-02 15:58 - 00324608 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.LockScreen.dll 2017-01-11 10:09 - 2016-11-02 15:52 - 00337920 _____ (Microsoft Corporation) C:\Windows\system32\AudioEndpointBuilder.dll 2017-01-11 10:09 - 2016-11-02 15:51 - 00942080 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll 2017-01-11 10:09 - 2016-08-02 10:00 - 00822784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Chakradiag.dll 2017-01-11 10:08 - 2016-12-21 13:12 - 00241504 _____ (Microsoft Corporation) C:\Windows\system32\CloudExperienceHost.dll 2017-01-11 10:08 - 2016-12-21 12:43 - 00119808 _____ (Microsoft Corporation) C:\Windows\system32\KnobsCsp.dll 2017-01-11 10:08 - 2016-12-21 12:42 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\ProvPluginEng.dll 2017-01-11 10:08 - 2016-12-21 12:40 - 00234496 _____ (Microsoft Corporation) C:\Windows\system32\KnobsCore.dll 2017-01-11 10:08 - 2016-12-21 12:38 - 01292288 _____ (Microsoft Corporation) C:\Windows\system32\MSVPXENC.dll 2017-01-11 10:08 - 2016-12-21 12:38 - 00349184 _____ (Microsoft Corporation) C:\Windows\system32\provengine.dll 2017-01-11 10:08 - 2016-12-21 12:23 - 01692672 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentExtensions.onecore.dll 2017-01-11 10:08 - 2016-12-21 12:21 - 02275840 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentServer.dll 2017-01-11 10:08 - 2016-12-21 09:54 - 05061120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll 2017-01-11 10:08 - 2016-12-21 09:54 - 03733504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_47.dll 2017-01-11 10:08 - 2016-12-21 09:54 - 00886272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aadtb.dll 2017-01-11 10:08 - 2016-12-21 09:52 - 00860672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SettingSyncCore.dll 2017-01-11 10:08 - 2016-12-14 10:56 - 01469792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AppVEntSubsystems32.dll 2017-01-11 10:08 - 2016-12-14 10:38 - 00341344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll 2017-01-11 10:08 - 2016-12-14 10:36 - 00509792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SettingSyncHost.exe 2017-01-11 10:08 - 2016-12-14 10:15 - 00147968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32k.sys 2017-01-11 10:08 - 2016-12-14 10:10 - 00266752 _____ (Microsoft Corporation) C:\Windows\system32\ConsoleLogon.dll 2017-01-11 10:08 - 2016-12-14 10:10 - 00104448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Internal.UI.Logon.ProxyStub.dll 2017-01-11 10:08 - 2016-12-14 10:02 - 00806400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3D12.dll 2017-01-11 10:08 - 2016-12-14 09:52 - 02998272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32kfull.sys 2017-01-11 10:08 - 2016-12-14 09:52 - 00707584 _____ (Microsoft Corporation) C:\Windows\system32\LogonController.dll 2017-01-10 23:28 - 2017-01-10 23:28 - 00002221 _____ C:\Users\Public\Desktop\Google Earth.lnk 2017-01-10 23:28 - 2017-01-10 23:28 - 00000000 ____D C:\Users\admin\AppData\LocalLow\Google 2017-01-10 23:28 - 2017-01-10 23:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth 2017-01-09 20:13 - 2017-01-09 20:13 - 00001012 _____ C:\Users\admin\Desktop\Opengoogle - Shortcut.lnk 2017-01-08 18:25 - 2017-01-08 18:25 - 00001380 _____ C:\Users\admin\AppData\Local\suit.log 2017-01-02 18:08 - 2017-01-02 18:08 - 00000000 ____D C:\Users\admin\Documents\Fax 2017-01-02 17:42 - 2017-01-02 17:42 - 00002064 _____ C:\Users\Public\Desktop\HP Photo Creations.lnk 2017-01-02 17:42 - 2017-01-02 17:42 - 00000000 ____D C:\Users\admin\AppData\Roaming\HpUpdate 2017-01-02 17:42 - 2017-01-02 17:42 - 00000000 ____D C:\ProgramData\Visan 2017-01-02 17:42 - 2017-01-02 17:42 - 00000000 ____D C:\ProgramData\HP Photo Creations 2017-01-02 17:42 - 2017-01-02 17:42 - 00000000 ____D C:\Program Files (x86)\HP Photo Creations 2017-01-02 17:41 - 2017-01-02 17:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP 2017-01-02 17:41 - 2017-01-02 17:42 - 00000000 ____D C:\Program Files (x86)\HP 2017-01-02 17:41 - 2017-01-02 17:41 - 00003780 _____ C:\Windows\System32\Tasks\HPCustParticipation HP Deskjet 3540 series 2017-01-02 17:41 - 2017-01-02 17:41 - 00002289 _____ C:\Users\Public\Desktop\HP Deskjet 3540 series.lnk 2017-01-02 17:41 - 2017-01-02 17:41 - 00001236 _____ C:\Users\Public\Desktop\Shop for Supplies - HP Deskjet 3540 series.lnk 2017-01-02 17:41 - 2017-01-02 17:41 - 00000057 _____ C:\ProgramData\Ament.ini 2017-01-02 17:41 - 2017-01-02 17:41 - 00000000 ____D C:\ProgramData\HP 2017-01-02 17:41 - 2017-01-02 17:41 - 00000000 ____D C:\Program Files\HP 2017-01-02 17:41 - 2014-03-06 12:51 - 00763912 ____N (Hewlett-Packard Co.) C:\Windows\system32\HPDiscoPMC711.dll 2017-01-02 17:39 - 2017-01-02 17:43 - 00000000 ____D C:\Users\admin\AppData\Local\HP 2016-12-28 19:11 - 2016-12-28 19:11 - 00000000 ____D C:\Program Files (x86)\Gubed 2016-12-28 15:36 - 2016-12-28 15:36 - 00008190 _____ C:\Users\admin\Desktop\NIFTY 29-Dec-2016 _1sd WORKS.csv 2016-12-26 21:15 - 2016-12-26 23:21 - 00013818 _____ C:\Users\admin\Desktop\cal.xlsx 2016-12-23 20:46 - 2016-12-23 20:46 - 00000000 ____D C:\Program Files (x86)\Gubed_WMI 2016-12-22 18:46 - 2016-12-22 19:28 - 00000037 _____ C:\Users\admin\Desktop\strt_cmd.bat 2016-12-22 12:16 - 2016-12-22 12:16 - 00071259 _____ C:\Users\admin\Desktop\Potato Gift 2016-12-21 23:22 - 2017-01-12 19:32 - 00000179 _____ C:\Windows\SysWOW64\DOErrors.log 2016-12-21 23:19 - 2016-12-21 23:19 - 00000000 ____D C:\Users\admin\AppData\Roaming\Hewlett-Packard 2016-12-21 23:19 - 2016-12-21 23:19 - 00000000 ____D C:\Users\admin\AppData\Local\Hewlett-Packard 2016-12-21 23:18 - 2016-12-21 23:18 - 00002304 _____ C:\Users\Public\Desktop\HP Support Assistant.lnk 2016-12-21 23:18 - 2016-12-21 23:18 - 00000000 ____D C:\System.sav 2016-12-21 23:18 - 2016-12-21 23:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support 2016-12-21 23:17 - 2016-12-22 08:25 - 00000000 ____D C:\ProgramData\Hewlett-Packard 2016-12-21 23:16 - 2017-01-02 17:42 - 00000000 ____D C:\Program Files (x86)\Hewlett-Packard 2016-12-21 23:16 - 2016-12-22 08:25 - 00000000 ____D C:\Windows\System32\Tasks\Hewlett-Packard 2016-12-21 23:16 - 2016-12-21 23:16 - 00000000 ____D C:\Users\admin\AppData\Roaming\hpqLog 2016-12-21 23:15 - 2016-12-21 23:15 - 00000000 ____D C:\swsetup 2016-12-21 23:00 - 2016-12-21 23:00 - 00000000 _____ C:\Windows\WindowsUpdate_AU_deprecated.log 2016-12-21 16:47 - 2016-12-21 16:46 - 00110176 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll 2016-12-21 16:46 - 2016-12-21 16:46 - 00000000 ____D C:\Users\admin\AppData\LocalLow\Oracle 2016-12-21 16:46 - 2016-12-21 16:46 - 00000000 ____D C:\Program Files\Java 2016-12-21 16:42 - 2016-12-22 11:18 - 00000000 ____D C:\Users\admin\AppData\Roaming\Omnesys 2016-12-21 16:42 - 2016-12-21 16:42 - 00002125 _____ C:\Users\Public\Desktop\Nest Trader.lnk 2016-12-21 16:42 - 2016-12-21 16:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Omnesysindia 2016-12-21 16:42 - 2016-12-21 16:42 - 00000000 ____D C:\Program Files (x86)\Omnesys ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-01-18 10:56 - 2016-10-11 16:03 - 00000275 _____ C:\Windows\WindowsUpdate.log 2017-01-18 10:54 - 2016-07-16 17:17 - 00000000 ____D C:\Windows\system32\sru 2017-01-18 10:50 - 2016-10-12 04:25 - 00000000 ____D C:\Users\admin 2017-01-18 10:46 - 2016-10-12 04:12 - 00000000 ____D C:\Windows\system32\SleepStudy 2017-01-18 10:30 - 2016-07-16 17:17 - 00000000 ____D C:\Windows\AppReadiness 2017-01-18 10:27 - 2016-10-13 20:04 - 00004168 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{9A03C682-7423-45CC-9D52-D299D6DF42E6} 2017-01-18 10:22 - 2016-10-12 04:12 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2017-01-18 10:22 - 2016-10-11 19:24 - 00025114 _____ C:\Windows\PFRO.log 2017-01-17 22:22 - 2016-07-16 11:34 - 00524288 _____ C:\Windows\system32\config\BBI 2017-01-17 22:20 - 2016-10-20 22:28 - 00005278 _____ C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for DESKTOP-T7EL38F-admin DESKTOP-T7EL38F 2017-01-17 22:18 - 2016-11-17 15:06 - 00000000 ____D C:\Users\admin\AppData\Local\WebEx 2017-01-17 22:18 - 2016-10-25 21:50 - 00000000 ____D C:\Users\admin\AppData\Local\Google 2017-01-17 22:07 - 2016-10-25 21:50 - 00000000 ____D C:\Program Files (x86)\Google 2017-01-17 20:07 - 2016-10-11 16:33 - 00000000 ____D C:\Users\admin\AppData\Local\Microsoft Help 2017-01-17 20:06 - 2016-07-16 17:17 - 00000000 ____D C:\Windows\system32\FxsTmp 2017-01-17 14:12 - 2016-10-27 13:11 - 284635216 _____ C:\Windows\MEMORY.DMP 2017-01-17 14:12 - 2016-10-27 13:11 - 00000000 ____D C:\Windows\Minidump 2017-01-17 12:17 - 2016-07-16 17:17 - 00000000 ____D C:\Windows\LiveKernelReports 2017-01-17 11:20 - 2016-10-12 04:25 - 02073080 _____ C:\Windows\system32\PerfStringBackup.INI 2017-01-17 11:18 - 2016-10-25 16:24 - 00000000 _____ C:\Users\Public\Documents\report.dat 2017-01-17 11:12 - 2016-10-26 14:38 - 00000000 ____D C:\Program Files (x86)\WinArcher 2017-01-17 10:58 - 2016-10-21 17:28 - 00000000 ____D C:\Windows\system32\appmgmt 2017-01-16 23:16 - 2016-11-16 17:36 - 00000000 ____D C:\Users\admin\AppData\Roaming\WhatsApp 2017-01-16 23:16 - 2016-11-16 17:36 - 00000000 ____D C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WhatsApp 2017-01-16 23:16 - 2016-11-16 17:36 - 00000000 ____D C:\Users\admin\AppData\Local\WhatsApp 2017-01-16 23:16 - 2016-10-21 16:19 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2017-01-16 23:07 - 2016-10-25 15:17 - 00000374 _____ C:\Windows\SysWOW64\data.bin 2017-01-16 23:04 - 2016-10-25 15:15 - 00034328 _____ (Sysinternals - www.sysinternals.com) C:\Windows\system32\Drivers\PROCEXP152.SYS 2017-01-16 22:33 - 2016-10-12 04:25 - 00000000 ____D C:\Users\admin\AppData\Local\Packages 2017-01-16 15:52 - 2016-10-12 04:22 - 00000000 ____D C:\Users\defaultuser0 2017-01-16 15:48 - 2016-10-12 04:12 - 00350176 _____ C:\Windows\system32\FNTCACHE.DAT 2017-01-12 20:12 - 2016-10-21 16:05 - 00000000 ____D C:\Users\admin\AppData\Roaming\TeamViewer 2017-01-12 19:54 - 2016-10-21 16:04 - 00000000 ____D C:\Program Files (x86)\TeamViewer 2017-01-11 13:38 - 2016-07-16 17:17 - 00000000 ____D C:\Windows\rescache 2017-01-11 12:03 - 2016-07-16 17:17 - 00000000 ___RD C:\Windows\ImmersiveControlPanel 2017-01-11 12:03 - 2016-07-16 17:17 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories 2017-01-11 12:03 - 2016-07-16 17:17 - 00000000 ____D C:\Windows\system32\WinBioPlugIns 2017-01-11 12:03 - 2016-07-16 17:17 - 00000000 ____D C:\Windows\system32\oobe 2017-01-11 12:03 - 2016-07-16 17:17 - 00000000 ____D C:\Windows\ShellExperiences 2017-01-11 12:03 - 2016-07-16 17:17 - 00000000 ____D C:\Windows\Provisioning 2017-01-11 12:03 - 2016-07-16 17:17 - 00000000 ____D C:\Windows\PolicyDefinitions 2017-01-11 10:23 - 2016-07-16 17:06 - 00000000 ____D C:\Windows\CbsTemp 2017-01-11 10:15 - 2016-10-13 17:36 - 135657872 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe 2017-01-09 20:02 - 2016-07-16 17:17 - 00000000 ____D C:\Windows\SysWOW64\Macromed 2017-01-09 20:02 - 2016-07-16 17:17 - 00000000 ____D C:\Windows\system32\Macromed 2017-01-08 21:09 - 2016-11-05 21:24 - 00020304 _____ C:\Users\admin\Documents\debug.log 2017-01-08 18:25 - 2016-12-16 00:02 - 00000000 ____D C:\Users\admin\AppData\Local\thinkorswim 2017-01-08 14:01 - 2016-10-25 16:24 - 00000000 _____ C:\Users\Public\Documents\temp.dat 2017-01-08 13:48 - 2016-10-25 16:27 - 00000000 ____D C:\Program Files (x86)\Firefox 2017-01-08 13:48 - 2016-10-12 04:22 - 00000000 ___RD C:\Users\defaultuser0\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories 2017-01-07 23:13 - 2016-11-04 16:32 - 00000572 __RSH C:\ProgramData\ntuser.pol 2017-01-02 11:04 - 2016-07-16 17:17 - 00000000 ____D C:\Windows\system32\NDF 2017-01-02 10:24 - 2016-10-13 20:34 - 00002585 _____ C:\Users\Public\Desktop\TradeTiger.lnk 2016-12-31 13:00 - 2016-11-18 15:46 - 00000000 __SHD C:\Users\admin\Documents\cache 2016-12-31 13:00 - 2016-11-17 15:06 - 00000000 ____D C:\Users\admin\AppData\LocalLow\WebEx 2016-12-31 11:32 - 2016-11-17 15:06 - 00000000 ____D C:\ProgramData\WebEx 2016-12-28 19:08 - 2016-11-22 17:03 - 00000690 _____ C:\Windows\Tasks\G2MUploadTask-S-1-5-21-2565885549-1411879035-1963333558-1001.job 2016-12-28 19:08 - 2016-11-22 17:02 - 00000594 _____ C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-2565885549-1411879035-1963333558-1001.job 2016-12-24 11:25 - 2016-11-22 17:03 - 00003860 _____ C:\Windows\System32\Tasks\G2MUploadTask-S-1-5-21-2565885549-1411879035-1963333558-1001 2016-12-24 11:25 - 2016-11-22 17:03 - 00003764 _____ C:\Windows\System32\Tasks\G2MUpdateTask-S-1-5-21-2565885549-1411879035-1963333558-1001 2016-12-23 23:26 - 2016-12-16 00:02 - 00000000 ____D C:\Users\admin\.thinkorswim 2016-12-21 23:18 - 2016-10-15 19:02 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information 2016-12-21 16:47 - 2016-12-16 00:00 - 00000000 ____D C:\Users\admin\.oracle_jre_usage 2016-12-21 16:47 - 2016-11-01 14:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java ==================== Files in the root of some directories ======= 2016-06-17 12:24 - 2016-06-17 12:24 - 0004436 _____ () C:\Users\admin\AppData\Roaming\90msp-RKSJ-V 2016-10-10 13:03 - 2016-10-10 13:03 - 0000677 _____ () C:\Users\admin\AppData\Roaming\adventives.zkh 2016-06-17 12:23 - 2016-06-17 12:23 - 0001196 _____ () C:\Users\admin\AppData\Roaming\Athens 2016-10-10 13:03 - 2016-10-10 13:03 - 0060457 _____ () C:\Users\admin\AppData\Roaming\bookmaking.rgj 2016-10-11 17:08 - 2016-10-12 15:51 - 0061134 _____ () C:\Users\admin\AppData\Roaming\Carney.DLB 2016-06-17 12:23 - 2016-06-17 12:23 - 0001930 _____ () C:\Users\admin\AppData\Roaming\compare-with-callbacks.js 2016-06-17 12:23 - 2016-06-17 12:23 - 0003119 _____ () C:\Users\admin\AppData\Roaming\frnphon.env 2017-01-08 18:25 - 2017-01-08 18:25 - 0001380 _____ () C:\Users\admin\AppData\Local\suit.log 2017-01-02 17:41 - 2017-01-02 17:41 - 0000057 _____ () C:\ProgramData\Ament.ini Some files in TEMP: ==================== C:\Users\admin\AppData\Local\Temp\setup.exe C:\Users\admin\AppData\Local\Temp\~ct42D9.tmp.dll ==================== Bamital & volsnap ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed -------- Additional scan result of Farbar Recovery Scan Tool (x64) Version:04-10-2015 Ran by admin (2017-01-18 10:59:19) Running from C:\Users\admin\Desktop Windows 10 Pro (X64) (2016-10-11 22:53:30) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= admin (S-1-5-21-2565885549-1411879035-1963333558-1001 - Administrator - Enabled) => C:\Users\admin Administrator (S-1-5-21-2565885549-1411879035-1963333558-500 - Administrator - Disabled) DefaultAccount (S-1-5-21-2565885549-1411879035-1963333558-503 - Limited - Disabled) defaultuser0 (S-1-5-21-2565885549-1411879035-1963333558-1000 - Limited - Disabled) => C:\Users\defaultuser0 Guest (S-1-5-21-2565885549-1411879035-1963333558-501 - Limited - Disabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Cisco WebEx Meetings (HKLM-x32\...\ActiveTouchMeetingClient) (Version: - Cisco WebEx LLC) Citrix Online Launcher (HKLM-x32\...\{75FCE33E-4E0C-4CE1-ADF0-75F258DF27A0}) (Version: 1.0.445 - Citrix) Google Earth (HKLM-x32\...\{A0C18B96-AB79-46BD-8321-6FA83E6D25B9}) (Version: 7.1.7.2606 - Google) Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden GoToMeeting 7.30.0.6140 (HKU\S-1-5-21-2565885549-1411879035-1963333558-1001\...\GoToMeeting) (Version: 7.30.0.6140 - CitrixOnline) HP Deskjet 3540 series Basic Device Software (HKLM\...\{60D33935-59B4-4ACE-8FAE-EBC60DE40A9C}) (Version: 32.2.188.47710 - Hewlett-Packard Co.) HP Deskjet 3540 series Help (HKLM-x32\...\{1D456349-7D00-479E-A2A9-C846CE390FE5}) (Version: 30.0.0 - Hewlett Packard) HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP) HP Support Assistant (HKLM-x32\...\{4780AF24-213D-4187-86F2-0014A6D6077B}) (Version: 8.3.50.9 - HP Inc.) HP Support Solutions Framework (HKLM-x32\...\{00612F78-52C4-46C0-97F0-F50B6036B5E2}) (Version: 12.5.32.203 - HP Inc.) Intel(R) Wireless Bluetooth(R) (HKLM-x32\...\{C345A462-2044-47D6-81F6-A4416453A514}) (Version: 17.1.1529.1613 - Intel Corporation) Java 8 Update 111 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180111F0}) (Version: 8.0.1110.14 - Oracle Corporation) Java 8 Update 74 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418074F0}) (Version: 8.0.740.2 - Oracle Corporation) Malwarebytes version 3.0.5.1299 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.5.1299 - Malwarebytes) Microsoft Office Professional Plus 2013 (HKLM-x32\...\Office15.PROPLUSR) (Version: 15.0.4420.1017 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-2565885549-1411879035-1963333558-1001\...\OneDriveSetup.exe) (Version: 17.3.6720.1207 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation) NEST3 (HKLM-x32\...\InstallShield_{CA17875A-1499-4713-9E6C-E0DFA162FF50}) (Version: 3.11.4.4 - Omnesysindia) NEST3 (x32 Version: 3.11.4.4 - Omnesysindia) Hidden Outils de vérification linguistique 2013 de Microsoft Office - Français (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden Pi (HKLM-x32\...\{AF6D353A-B1BE-4A56-BA7D-19E3FD9CF0B4}) (Version: 1.0.06 - Tradelab Software Pvt Ltd) Product Improvement Study for HP Deskjet 3540 series (HKLM\...\{8E8FABC1-F28A-40DF-932F-1076A63CE701}) (Version: 32.2.188.47710 - Hewlett-Packard Co.) REALTEK Bluetooth Driver (HKLM-x32\...\{9D3D8C60-A5EF-4123-B2B9-172095903AB}) (Version: 3.769.769.091213 - REALTEK Semiconductor Corp.) TeamViewer 12 (HKLM-x32\...\TeamViewer) (Version: 12.0.72365 - TeamViewer) TradeTiger (HKLM-x32\...\{33E5D6EE-35EA-42FD-9534-8EDE6F006F60}) (Version: 2.4.60 - Sharekhan) VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN) WinRAR 5.40 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-2565885549-1411879035-1963333558-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\admin\AppData\Local\Microsoft\OneDrive\17.3.6720.1207\FileCoAuth.exe (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-2565885549-1411879035-1963333558-1001_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\admin\AppData\Local\Citrix\GoToMeeting\5808\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.) ==================== Restore Points ========================= ATTENTION: System Restore is disabled ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2016-07-16 17:17 - 2017-01-08 18:23 - 00000830 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {02D9DF12-582F-44D5-97BA-1FF119DC6664} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2016-12-06] (HP Inc.) Task: {10A2FC35-8622-4967-A051-89D5BD2B0115} - System32\Tasks\Wefowardvahodom Monitor => C:\Program Files (x86)\Ateqerly\jemige.exe Task: {11EF8237-224D-4CF9-9039-61D08754EA5D} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => C:\Windows\system32\compattelrunner.exe [2016-10-15] (Microsoft Corporation) Task: {1634FC5D-BA63-4B94-9ADE-0659A5E5DFBB} - System32\Tasks\PPI Update 2 => C:\Windows\explorer.exe [2016-11-11] (Microsoft Corporation) Task: {16DEA092-FB0C-40D0-AE20-0536BECC21D9} - System32\Tasks\Microsoft\Windows\EDP\EDP App Launch Task Task: {17FDEE71-A741-442B-8A7C-25499EB1341C} - System32\Tasks\Microsoft\XblGameSave\XblGameSaveTaskLogon => C:\Windows\System32\XblGameSaveTask.exe [2016-07-16] (Microsoft Corporation) Task: {184784E2-6ACB-4154-BD0F-A955BE13F177} - System32\Tasks\Microsoft\Windows\DeviceDirectoryClient\RegisterDevicePolicyChange Task: {1B65DD58-D16B-45E8-BEB4-94D7E4D64DF7} - System32\Tasks\Microsoft\Windows\EDP\EDP Auth Task Task: {2A573895-C7BD-4405-9455-74574FE1CF5A} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe [2016-12-15] (HP Inc.) Task: {34C625A9-BF4A-49E9-A10F-BDC2972C1E2D} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-02] (Microsoft Corporation) Task: {3825F321-4426-4317-B61B-8A6186620795} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2016-12-12] (HP Inc.) Task: {3E31ABD7-7B10-482B-AD2F-EFAA1C4741C3} - System32\Tasks\Microsoft\Windows\Subscription\LicenseAcquisition => C:\Windows\system32\UpgradeSubscription.exe [2016-07-16] (Microsoft Corporation) Task: {40054E9C-D49D-4C36-98A8-EA2B44F7CDEF} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe Task: {43DF67E8-D733-48FA-98F2-4E6D341E4A79} - System32\Tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser => C:\Windows\system32\compattelrunner.exe [2016-10-15] (Microsoft Corporation) Task: {443F0ABE-C5C8-46FC-8B5E-32863E46CF15} - System32\Tasks\HPCustParticipation HP Deskjet 3540 series => C:\Program Files\HP\HP Deskjet 3540 series\Bin\HPCustPartic.exe [2014-03-06] (Hewlett-Packard Co.) Task: {49A803C1-60F6-430C-878E-1577A1C71F30} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-10-25] (Google Inc.) Task: {4D0DF670-E165-4388-8C95-6464F7778CE8} - System32\Tasks\Microsoft\XblGameSave\XblGameSaveTask => C:\Windows\System32\XblGameSaveTask.exe [2016-07-16] (Microsoft Corporation) Task: {51B7FB15-4DCB-400E-9A98-10E802F21FB3} - System32\Tasks\Microsoft\Windows\DeviceDirectoryClient\RegisterDeviceScreenOnOff Task: {5293446B-DE67-4761-A264-627512F5B101} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\Program Files\Windows Defender\\MpCmdRun.exe [2016-07-16] (Microsoft Corporation) Task: {5654DFBB-E797-4758-B9A0-8BAE94A91F1D} - System32\Tasks\Microsoft\Windows\DUSM\dusmtask => C:\Windows\System32\dusmtask.exe [2016-07-16] (Microsoft Corporation) Task: {5FAAF530-ED1B-4F7B-AD7B-1694AA0B202B} - System32\Tasks\Microsoft\Windows\CertificateServicesClient\CryptoPolicyTask Task: {6232090F-3BD0-4E1F-960B-78CBA797F685} - System32\Tasks\Microsoft\Windows\DeviceDirectoryClient\HandleWnsCommand Task: {6B1AE720-1359-4B9E-9C0F-60167361EF01} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyRefreshTask Task: {6CEC134A-B492-46DB-B491-27D8F402A586} - System32\Tasks\OneDrive Standalone Update Task v2 => %localappdata%\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe Task: {6D1C0035-5CAD-4340-A533-D63C9853BCC9} - System32\Tasks\Microsoft\Windows\Storage Tiers Management\Storage Tiers Management Initialization Task: {6E3E65AA-06DD-4BE2-949B-31298BD15E81} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2016-12-07] (HP Inc.) Task: {6E8AE752-C5D2-4B34-B351-338B4370A342} - System32\Tasks\Microsoft\Windows\DeviceDirectoryClient\HandleCommand Task: {6FB07287-E12F-497B-A480-12DD4F7868E7} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater - Resources => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-12-06] (HP Inc.) Task: {7042A166-4524-4418-AA02-61C3019C1993} - System32\Tasks\Microsoft\Windows\ErrorDetails\EnableErrorDetailsUpdate Task: {752110F1-7D53-4D29-8B9A-3914A46B3D30} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2016-12-07] (HP Inc.) Task: {76A89855-B5E3-474F-9977-509C47D41EAD} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\Program Files\Windows Defender\\MpCmdRun.exe [2016-07-16] (Microsoft Corporation) Task: {7AC5E1E2-2FD3-40CD-8842-88CE53A3609C} - System32\Tasks\Microsoft\Windows\DiskFootprint\StorageSense Task: {8A495B62-940E-4B17-8C01-602978EDF164} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-02] (Microsoft Corporation) Task: {8D791FAA-0257-4EBC-A6DD-74E842528806} - System32\Tasks\Microsoft\Windows\DeviceDirectoryClient\RegisterDeviceSettingChange Task: {921E9DE0-7EEA-4678-8E0E-AB03689D83D1} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-10-25] (Google Inc.) Task: {9851188E-AC07-4F36-BA28-6D00BB2C9C46} - System32\Tasks\Microsoft\Windows\Device Information\Device => C:\Windows\system32\devicecensus.exe [2016-10-15] (Microsoft Corporation) Task: {9C2325BB-CFAD-497E-B716-087F37A77EE7} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\Program Files\Windows Defender\\MpCmdRun.exe [2016-07-16] (Microsoft Corporation) Task: {9EC12157-DB5B-4B50-86B9-FD6E15F49282} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2016-12-07] (HP Inc.) Task: {A2CC1174-A96C-43DC-84AE-76AB7B3B9D0D} - System32\Tasks\G2MUploadTask-S-1-5-21-2565885549-1411879035-1963333558-1001 => C:\Users\admin\AppData\Local\Citrix\GoToMeeting\6140\g2mupload.exe [2016-12-24] (Citrix Online, a division of Citrix Systems, Inc.) Task: {A396E954-5C0C-4067-B6F1-9EA8CAA736BD} - System32\Tasks\Microsoft\Windows\SpacePort\SpaceManagerTask => C:\Windows\system32\spaceman.exe [2016-09-15] (Microsoft Corporation) Task: {A7EE1744-6CAE-4FA7-9A82-1D02D7C60A59} - System32\Tasks\Microsoft Office 15 Sync Maintenance for DESKTOP-T7EL38F-admin DESKTOP-T7EL38F => C:\Program Files (x86)\Microsoft Office\Office15\MsoSync.exe [2012-10-02] (Microsoft Corporation) Task: {AD7321D2-997C-4E81-AE46-4631E6B033A3} - System32\Tasks\Microsoft\Windows\Subscription\EnableLicenseAcquisition => C:\Windows\system32\UpgradeSubscription.exe [2016-07-16] (Microsoft Corporation) Task: {B320E058-C6FA-413F-876B-0C9B4428AE66} - System32\Tasks\Microsoft\Windows\DeviceDirectoryClient\RegisterDevicePeriodic6 Task: {B6865057-2EF9-4F87-ABEF-5F2B57004BDE} - System32\Tasks\Microsoft\Windows\ErrorDetails\ErrorDetailsUpdate Task: {B6EE76B2-4F82-4E15-9345-C867A29CBAD0} - System32\Tasks\Microsoft\Windows\Speech\SpeechModelDownloadTask => C:\Windows\system32\speech_onecore\common\SpeechModelDownload.exe [2016-08-05] (Microsoft Corporation) Task: {BDDEF317-2692-422F-AEA2-FFD67DC7CEA3} - System32\Tasks\Microsoft\Windows\DeviceDirectoryClient\RegisterUserDevice Task: {C125018F-0B81-4B64-B7DC-0E01220E5D0E} - System32\Tasks\Microsoft\Windows\DeviceDirectoryClient\RegisterDeviceAccountChange Task: {C6B2579B-4962-4D12-883D-BBD420573A6C} - System32\Tasks\Microsoft\Windows\DeviceDirectoryClient\RegisterDevicePeriodic1 Task: {CC636E49-0109-402B-A40B-A37C29069A95} - System32\Tasks\Microsoft\Windows\DeviceDirectoryClient\LocateCommandUserSession Task: {CDF482F0-DE14-4F76-85C5-8CC4B4FDB76A} - System32\Tasks\Microsoft\Windows\Management\Provisioning\Logon => C:\Windows\system32\ProvTool.exe [2016-08-20] (Microsoft Corporation) Task: {CF961092-6299-4995-B695-EEF40AD52190} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-12-06] (HP Inc.) Task: {D19A2726-897E-4F7D-9CE4-0773B449CE9E} - System32\Tasks\Microsoft\Windows\DeviceDirectoryClient\RegisterDeviceConnectedToNetwork Task: {D394BE25-2E16-45D4-AAB2-3E8861A09351} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyMonitorToastTask Task: {D3C4106A-D511-42C6-9716-465644534C87} - System32\Tasks\microsoft\windows\applicationdata\appuriverifierinstall => C:\Windows\system32\AppHostRegistrationVerifier.exe [2016-07-16] (Microsoft Corporation) Task: {D941F53F-7907-4FBE-B1E7-69EBD5B3A5D8} - System32\Tasks\Microsoft\Windows\DeviceDirectoryClient\RegisterDeviceLocationRightsChange Task: {DAC2B591-CD3E-4636-8F64-255B6EC3D777} - System32\Tasks\PPI Update 3 => C:\Windows\explorer.exe [2016-11-11] (Microsoft Corporation) Task: {DDAECFC0-67E3-4062-BF25-CD685F73B394} - System32\Tasks\Microsoft\Windows\DeviceDirectoryClient\IntegrityCheck Task: {E7B04252-97CA-42C6-9920-F58B76B2C3E1} - System32\Tasks\Microsoft\Windows\DeviceDirectoryClient\RegisterDevicePeriodic24 Task: {EA9BAA00-6604-4A27-8A73-AFA65F0EE1B3} - System32\Tasks\Microsoft\Windows\SharedPC\Account Cleanup => Rundll32.exe %windir%\System32\Windows.SharedPC.AccountManager.dll,StartMaintenance Task: {ECEDC57D-8965-4EB1-BD6F-84791D928E23} - System32\Tasks\microsoft\windows\applicationdata\appuriverifierdaily => C:\Windows\system32\AppHostRegistrationVerifier.exe [2016-07-16] (Microsoft Corporation) Task: {F0AA4DF9-4E43-45BE-947F-BC9A1173FEAF} - System32\Tasks\G2MUpdateTask-S-1-5-21-2565885549-1411879035-1963333558-1001 => C:\Users\admin\AppData\Local\Citrix\GoToMeeting\6140\g2mupdate.exe [2016-12-24] (Citrix Online, a division of Citrix Systems, Inc.) Task: {F1CD7C4B-B30F-44A4-BE7D-787B07B83A3A} - System32\Tasks\Microsoft\Windows\License Manager\TempSignedLicenseExchange Task: {FCF60FBA-7190-4CA5-BC49-F5F717FE4CF5} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\Program Files\Windows Defender\\MpCmdRun.exe [2016-07-16] (Microsoft Corporation) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\CreateExplorerShellUnelevatedTask.job => C:\Windows\explorer.exe Task: C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-2565885549-1411879035-1963333558-1001.job => C:\Users\admin\AppData\Local\Citrix\GoToMeeting\6140\g2mupdate.exe Task: C:\Windows\Tasks\G2MUploadTask-S-1-5-21-2565885549-1411879035-1963333558-1001.job => C:\Users\admin\AppData\Local\Citrix\GoToMeeting\6140\g2mupload.exe ==================== Loaded Modules (Whitelisted) ============== 2016-07-16 17:12 - 2016-07-16 17:12 - 00231424 _____ () C:\Windows\SYSTEM32\ism32k.dll 2016-12-14 10:46 - 2016-12-09 15:59 - 02681200 _____ () C:\Windows\system32\CoreUIComponents.dll 2016-12-23 20:46 - 2016-12-23 20:46 - 00109056 _____ () C:\Program Files (x86)\Gubed_WMI\Gubed_WMI.exe 2017-01-17 13:49 - 2016-12-14 12:55 - 02259232 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\PoliciesControllerImpl.dll 2016-12-14 10:46 - 2016-12-09 15:59 - 02681200 _____ () C:\Windows\SYSTEM32\CoreUIComponents.dll 2016-12-14 09:50 - 2016-12-14 09:50 - 01678560 _____ () C:\Users\admin\AppData\Local\Microsoft\OneDrive\17.3.6720.1207\amd64\ClientTelemetry.dll 2012-10-02 09:04 - 2012-10-02 09:04 - 06522480 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll 2016-10-13 14:35 - 2016-09-07 10:26 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll 2017-01-11 10:09 - 2016-12-21 12:39 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll 2017-01-11 10:08 - 2016-12-21 12:24 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll 2017-01-11 10:08 - 2016-12-21 12:18 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll 2017-01-11 10:08 - 2016-12-21 12:18 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll 2017-01-11 10:08 - 2016-12-21 12:18 - 01033216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll 2017-01-11 10:08 - 2016-12-21 12:18 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll 2017-01-11 10:08 - 2016-12-21 12:23 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll 2012-11-27 12:24 - 2012-11-27 12:24 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll 2016-12-28 19:11 - 2017-01-16 07:08 - 00125952 _____ () c:\program files (x86)\gubed\gubedzl.dll 2016-12-14 09:49 - 2016-12-14 09:49 - 01244376 _____ () C:\Users\admin\AppData\Local\Microsoft\OneDrive\17.3.6720.1207\ClientTelemetry.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: C:\Program Files\WinRAR:Win32App_1 AlternateDataStreams: C:\Program Files (x86)\Intel:Win32App_1 AlternateDataStreams: C:\Program Files (x86)\Microsoft Office:Win32App_1 AlternateDataStreams: C:\Program Files (x86)\Microsoft.NET:Win32App_1 AlternateDataStreams: C:\Program Files (x86)\Mozilla Firefox:Win32App_1 AlternateDataStreams: C:\Program Files (x86)\TeamViewer:Win32App_1 AlternateDataStreams: C:\Program Files\Common Files\microsoft shared:Win32App_1 AlternateDataStreams: C:\Users\admin\AppData\Local\thinkorswim:Win32App_1 AlternateDataStreams: C:\ProgramData\HP:Win32App_1 AlternateDataStreams: C:\ProgramData\HP Photo Creations:Win32App_1 AlternateDataStreams: C:\ProgramData\regid.1991-06.com.microsoft:Win32App_1 ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\iai2c.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SpbCx.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\uefi.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{F2E7DD72-6468-4E36-B6F1-6488F42C1B52} => ""="Firmware" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SpbCx.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\uefi.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{F2E7DD72-6468-4E36-B6F1-6488F42C1B52} => ""="Firmware" ==================== EXE Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) IE restricted site: HKU\S-1-5-21-2565885549-1411879035-1963333558-1001\...\amisites.com -> hxxp://www.amisites.com IE restricted site: HKU\S-1-5-21-2565885549-1411879035-1963333558-1001\...\mylucky123.com -> hxxp://www.mylucky123.com ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-2565885549-1411879035-1963333558-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg DNS Servers: 192.168.1.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139 FirewallRules: [WirelessDisplay-Infra-In-TCP] => (Allow) %systemroot%\system32\CastSrv.exe FirewallRules: [{156DCF49-7311-4DB8-AF78-F536B1F856C4}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe FirewallRules: [{D0D5106F-A06E-48EF-975B-5637B143DE37}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe FirewallRules: [{85CE0C8B-2B0A-4D84-AFC2-698B773413F4}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe FirewallRules: [{E52D9F5E-64AC-48C9-AC2B-D51FC5C581BB}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe FirewallRules: [TCP Query User{641160A3-5614-4EDE-BA68-E33908E8AA58}C:\sharekhan\tradetigernew\tradetiger.exe] => (Allow) C:\sharekhan\tradetigernew\tradetiger.exe FirewallRules: [UDP Query User{AEB85F57-433F-4D8C-A6FA-BAF7AF7BF6A9}C:\sharekhan\tradetigernew\tradetiger.exe] => (Allow) C:\sharekhan\tradetigernew\tradetiger.exe FirewallRules: [TCP Query User{5A49CAF0-1716-4ACC-B54F-5F68B4B8960A}C:\users\admin\appdata\local\temp\rar$exa0.570\nest3\nesttrader - exe.exe] => (Allow) C:\users\admin\appdata\local\temp\rar$exa0.570\nest3\nesttrader - exe.exe FirewallRules: [UDP Query User{E4478638-05A7-495B-B553-5CD40E0085BE}C:\users\admin\appdata\local\temp\rar$exa0.570\nest3\nesttrader - exe.exe] => (Allow) C:\users\admin\appdata\local\temp\rar$exa0.570\nest3\nesttrader - exe.exe FirewallRules: [{BFF1A77C-2A10-4005-80A4-F192A299B5C4}] => (Allow) C:\Program Files (x86)\Firefox\bin\FirefoxUpdate.exe FirewallRules: [{F3B968C9-0FC4-4C89-9A17-B97AAD821A53}] => (Allow) C:\Program Files (x86)\Firefox\Firefox.exe FirewallRules: [{5309090C-472A-48A4-A9F6-0D7EE1A2BD69}] => (Allow) C:\Program Files (x86)\Nolarry\Application\chrome.exe FirewallRules: [TCP Query User{64DC529D-4EBA-4BDC-AE0F-7D71D339CE6E}C:\program files (x86)\omnesys\nest3\nesttrader.exe] => (Allow) C:\program files (x86)\omnesys\nest3\nesttrader.exe FirewallRules: [UDP Query User{F2BC802B-B79C-4674-A645-605724CF1EDF}C:\program files (x86)\omnesys\nest3\nesttrader.exe] => (Allow) C:\program files (x86)\omnesys\nest3\nesttrader.exe FirewallRules: [{D9FB1746-9E61-41CA-94AA-EA319193F635}] => (Allow) C:\Program Files\HP\HP Deskjet 3540 series\Bin\DeviceSetup.exe FirewallRules: [{08533AC7-5C33-4620-85D8-AECE46BF336B}] => (Allow) LPort=5357 FirewallRules: [{927AABD9-AA4D-411C-970D-86A9EC12FF93}] => (Allow) C:\Program Files\HP\HP Deskjet 3540 series\Bin\HPNetworkCommunicatorCom.exe FirewallRules: [{651F4C46-57DA-451D-9C43-C05F430C40F4}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe FirewallRules: [{8EE0F08D-F17B-4932-9AE6-93932F0E95C8}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe FirewallRules: [{EA6FD83C-9B0B-4E1A-8AC2-14E5EC2A213E}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe FirewallRules: [{27C80270-56E3-4B21-B29E-5EFB9250A158}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe FirewallRules: [{39F1F75A-7663-4BAB-BD3F-6D81BBBFC574}] => (Allow) C:\Users\admin\AppData\Local\Temp\ShowMyPC\-ShowMyPC3500\SMPCSetup.exe FirewallRules: [{02F69BA4-D4EE-4B6C-B5DE-7F06E15B2515}] => (Allow) C:\Users\admin\AppData\Local\Temp\ShowMyPC\-ShowMyPC3500\tvnserver.exe ==================== Faulty Device Manager Devices ============= Name: Intel(R) HD Graphics Description: Intel(R) HD Graphics Class Guid: {4d36e968-e325-11ce-bfc1-08002be10318} Manufacturer: Intel Corporation Service: igfx Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31) Resolution: Update the driver Name: Description: Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. ==================== Event log errors: ========================= Application errors: ================== Error: (01/18/2017 10:46:56 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: ) Description: License Activation (slui.exe) failed with the following error code: hr=0xC004F074 Command-line arguments: RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=NetworkAvailable Error: (01/18/2017 10:23:14 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: ) Description: License Activation (slui.exe) failed with the following error code: hr=0xC004F074 Command-line arguments: RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=UserLogon;SessionId=1 Error: (01/18/2017 10:22:49 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: ) Description: License Activation (slui.exe) failed with the following error code: hr=0x8007139F Command-line arguments: RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=NetworkAvailable Error: (01/17/2017 10:03:44 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: microsoftedgecp.exe, version: 11.0.14393.82, time stamp: 0x57a55786 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000 Exception code: 0xc0000604 Fault offset: 0x0000000000000000 Faulting process id: 0x1a8c Faulting application start time: 0xmicrosoftedgecp.exe0 Faulting application path: microsoftedgecp.exe1 Faulting module path: microsoftedgecp.exe2 Report Id: microsoftedgecp.exe3 Faulting package full name: microsoftedgecp.exe4 Faulting package-relative application ID: microsoftedgecp.exe5 Error: (01/17/2017 09:58:19 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: ) Description: License Activation (slui.exe) failed with the following error code: hr=0xC004F074 Command-line arguments: RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=UserLogon;SessionId=1 Error: (01/17/2017 09:57:43 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: ) Description: License Activation (slui.exe) failed with the following error code: hr=0x8007139F Command-line arguments: RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=NetworkAvailable Error: (01/17/2017 08:14:11 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: ) Description: License Activation (slui.exe) failed with the following error code: hr=0xC004F074 Command-line arguments: RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=NetworkAvailable Error: (01/17/2017 08:14:07 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: ) Description: License Activation (slui.exe) failed with the following error code: hr=0xC004F074 Command-line arguments: RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=NetworkAvailable Error: (01/17/2017 07:10:22 PM) (Source: Perflib) (EventID: 1008) (User: ) Description: BITSC:\Windows\System32\bitsperf.dll8 Error: (01/17/2017 07:06:21 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: ) Description: License Activation (slui.exe) failed with the following error code: hr=0xC004F074 Command-line arguments: RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=UserLogon;SessionId=1 System errors: ============= Error: (01/18/2017 10:47:39 AM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-T7EL38F) Description: application-specificLocalActivation{9E175B6D-F52A-11D8-B9A5-505054503030}{9E175B9C-F52A-11D8-B9A5-505054503030}DESKTOP-T7EL38FadminS-1-5-21-2565885549-1411879035-1963333558-1001LocalHost (Using LRPC)Microsoft.MicrosoftEdge_38.14393.0.0_neutral__8wekyb3d8bbweS-1-15-2-3624051433-2125758914-1423191267-1740899205-1073925389-3782572162-737981194 Error: (01/18/2017 10:44:50 AM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: ) Description: 4 Error: (01/18/2017 10:44:46 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable Error: (01/18/2017 10:24:52 AM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-T7EL38F) Description: application-specificLocalActivation{9E175B6D-F52A-11D8-B9A5-505054503030}{9E175B9C-F52A-11D8-B9A5-505054503030}DESKTOP-T7EL38FadminS-1-5-21-2565885549-1411879035-1963333558-1001LocalHost (Using LRPC)Microsoft.MicrosoftEdge_38.14393.0.0_neutral__8wekyb3d8bbweS-1-15-2-3624051433-2125758914-1423191267-1740899205-1073925389-3782572162-737981194 Error: (01/18/2017 10:24:36 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The Update Service(FirefoxU) service failed to start due to the following error: %%225 Error: (01/18/2017 10:24:34 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The ed2k idle service service failed to start due to the following error: %%2 Error: (01/18/2017 10:23:09 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: application-specificLocalActivation{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable Error: (01/18/2017 10:23:09 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: application-specificLocalActivation{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable Error: (01/18/2017 10:23:06 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: application-specificLocalActivation{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}{F72671A9-012C-4725-9D2F-2A4D32D65169}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable Error: (01/17/2017 10:20:39 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable CodeIntegrity: =================================== Date: 2017-01-17 11:38:11.816 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-01-11 13:32:34.857 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-01-10 12:14:16.518 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-01-09 11:14:45.464 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-01-08 19:07:37.096 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-01-07 11:29:45.405 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements. Date: 2017-01-07 11:12:02.986 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements. Date: 2017-01-07 10:16:03.518 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements. Date: 2017-01-06 12:02:21.599 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements. Date: 2017-01-04 22:33:58.584 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements. ==================== Memory info =========================== Processor: Intel(R) Core(TM) i3 CPU M 380 @ 2.53GHz Percentage of memory in use: 52% Total physical RAM: 2934.68 MB Available physical RAM: 1396.26 MB Total Virtual: 4278.68 MB Available Virtual: 2659.27 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:74.65 GB) (Free:43.01 GB) NTFS Drive e: () (Fixed) (Total:195.31 GB) (Free:187.89 GB) NTFS Drive f: () (Fixed) (Total:195.31 GB) (Free:138.56 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 4CDCDF4B) Partition 1: (Active) - (Size=500 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=74.6 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=195.3 GB) - (Type=07 NTFS) Partition 4: (Not Active) - (Size=195.3 GB) - (Type=07 NTFS) ==================== End of Addition.txt ============================ LastRegBack: 2017-01-10 12:13 ==================== End of FRST.txt ============================
- January 18, 2017
- 5 replies
Windows 10 System Shuts down while running the scan, during heuristic analysis

Kumar posted a topic in Resolved Malware Removal Logs

While running the malwarebyte scan on my system, the system suddenly shuts down. Shuts down while I try to run the scan during safe mode also and also while I try to clean c drive in safe mode. Help Would be appreciated/
- January 17, 2017
- 5 replies

Sign In

Kumar

Posts

Joined

Last visited

Reputation

Windows 10 System Shuts down while running the scan, during heuristic analysis

Windows 10 System Shuts down while running the scan, during heuristic analysis

Windows 10 System Shuts down while running the scan, during heuristic analysis

Browse

Activity

Personal

Business

Business Modules

Partners

Learn

Start here

Type of malware/attacks

How does it get on my computer?

Scams and grifts

Support

Important Information