Jump to content

AdwCleaner - what to remove? Log file in message body


vicdrac

Recommended Posts

Hi,

 

My laptop has been infected by a browser hijacker virus (searchinterneat). In my attempt to rid my laptop of this virus I have run a scan using AdwCleaner. However, I'm not sure what to remove and any help would be greatly appreciated. Below is a copy of the log file (note: I have replaced user name with XXXX):

 

# AdwCleaner v5.025 - Logfile created 18/12/2015 at 14:17:57
# Updated 13/12/2015 by Xplode
# Database : 2015-12-13.2 [server]
# Operating system : Windows 10 Home  (x64)
# Running from : C:\Users\XXXX\Downloads\adwcleaner_5.025.exe
# Option : Scan
 
***** [ Services ] *****
 
 
***** [ Folders ] *****
 
Folder Found : C:\Users\XXXX\AppData\Local\YSearchUtil
 
***** [ Files ] *****
 
 
***** [ DLL ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Scheduled tasks ] *****
 
 
***** [ Registry ] *****
 
Key Found : HKLM\SOFTWARE\Classes\CLSID\{26B19FA4-E8A1-4A1B-A163-1A1E46F830DD}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{0A7D6F3C-F2AB-48ED-BE23-99791BFF87D6}
Key Found : HKLM\SOFTWARE\Classes\Installer\Features\C3F6D7A0BA2FDE84EB329997B1FF786D
Key Found : HKLM\SOFTWARE\Classes\Installer\Products\C3F6D7A0BA2FDE84EB329997B1FF786D
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\C3F6D7A0BA2FDE84EB329997B1FF786D
 
***** [ Web browsers ] *****
 
[C:\Users\XXXX\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Found : npdicihegicnhaangkdmcgbjceoemeoo
 
########## EOF - C:\AdwCleaner\AdwCleaner[s1].txt - [1287 bytes] ##########
 
Link to post
Share on other sites

Hello and welcome to Malwarebytes,

Please be aware the following P2P/Piracy Warning is a standard opening reply made here at Malwarebytes, we make no accusations but do make you aware of Forum Protocol....

If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.

 

Please open Malwarebytes Anti-Malware.

  • On the Settings tab > Detection and Protection sub tab, Detection Options, tick the box "Scan for rootkits".
  • Under Non-Malware Protection sub tab Change PUP and PUM entries to Treat detections as Malware
  • Click on the Scan tab, then click on Scan Now >> . If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • With some infections, you may or may not see this message box.

            'Could not load DDA driver'
  • Click 'Yes' to this message, to allow the driver to load after a restart.
  • Allow the computer to restart. Continue with the rest of these instructions.
  • When the scan is complete, click Apply Actions.
  • Wait for the prompt to restart the computer to appear, then click on Yes.
  • After the restart once you are back at your desktop, open MBAM once more.



To get the log from Malwarebytes do the following:

  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click Export > From export you have three options:

      Copy to Clipboard - if seleted right click to your reply and select "Paste" log will be pasted to your reply
      Text file (*.txt)        - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply
      XML file (*.xml)      - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply
  • Please use "Copy to Clipboard, then Right click to your reply > select "Paste" that will copy the log to your reply…




If Malwarebytes is not installed follow these instructions first:

Download Malwarebytes Anti-Malware to your desktop.

  • Double-click mbam-setup and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
  • Launch Malwarebytes Anti-Malware
  • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish. Follow the instructions above....

 
Next,
 
Download AdwCleaner by Xplode onto your Desktop.

  • Double click on Adwcleaner.exe to run the tool.
  • Click on the Scan in the Actions box
  • Please wait fot the scan to finish..
  • When "Waiting for action.Please uncheck elements you want to keep" shows in top line..
  • Click on the Cleaning box.
  • Next click OK on the "Closing Programs" pop up box.
  • Click OK on the Information box & again OK to allow the necessary reboot
  • After restart the AdwCleaner(C*)-Notepad log will appear, please copy/paste it in your next reply. Where * is the number relative to list of scans completed...


 

Next,

 

thisisujrt.gif Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts. (re-enable when done)
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

 
Next,
 
Download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.


  • Double-click to run it. When the tool opens click Yes to disclaimer.
    (Windows 8/10 users will be prompted about Windows SmartScreen protection - click More information and Run.)
  • Make sure Addition.txt is checkmarked under "Optional scans"
  • Press Scan button to run the tool....
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The tool will also make logs named (Addition.txt) and Shortcut.txt Please attach those logs to your reply.


 

Let me see those logs in your reply, do not change user name; there is nothing to gain....

 

Thank you,

 

Kevin

Link to post
Share on other sites

Hi Kevin,

 

Thanks for taking out the time to help me today.

 

I have followed your instructions and run all the scans in the same order as you mentioned them. Here are the reports:

 

1. MBAM (there are 2 log files - the first one from a scan I ran on 16-12-2015 and the second one from just now)

 

FIRST SCAN (16-12-2015; I have included this because it contains data on files detected and quarantined in this first scan, and therefore not a part of the second scan report)

 

Scan Date: 16-12-2015
Scan Time: 19:12
Logfile: mbam1.txt
Administrator: Yes
 
Version: 2.2.0.1024
Malware Database: v2015.12.16.03
Rootkit Database: v2015.12.07.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 10
CPU: x64
File System: NTFS
User: Aditya Sharma
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 387387
Time Elapsed: 25 min, 10 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 35
PUP.Optional.Yontoo, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{cdc9b2b6-5796-4d44-bc7a-2fa644057d7f}, Quarantined, [f9ca3b6accbf85b18c56bfa5837f6898], 
PUP.Optional.Yontoo, HKLM\SOFTWARE\CLASSES\TYPELIB\{6f387e5f-b247-45e2-a4b9-a1291df085e4}, Quarantined, [f9ca3b6accbf85b18c56bfa5837f6898], 
PUP.Optional.Yontoo, HKLM\SOFTWARE\CLASSES\INTERFACE\{8C327BD5-D857-4594-86D1-9D218E2F52CE}, Quarantined, [f9ca3b6accbf85b18c56bfa5837f6898], 
PUP.Optional.Yontoo, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{8C327BD5-D857-4594-86D1-9D218E2F52CE}, Quarantined, [f9ca3b6accbf85b18c56bfa5837f6898], 
PUP.Optional.Yontoo, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{8C327BD5-D857-4594-86D1-9D218E2F52CE}, Quarantined, [f9ca3b6accbf85b18c56bfa5837f6898], 
PUP.Optional.Yontoo, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{6f387e5f-b247-45e2-a4b9-a1291df085e4}, Quarantined, [f9ca3b6accbf85b18c56bfa5837f6898], 
PUP.Optional.Yontoo, HKLM\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{6f387e5f-b247-45e2-a4b9-a1291df085e4}, Quarantined, [f9ca3b6accbf85b18c56bfa5837f6898], 
PUP.Optional.Yontoo, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{CDC9B2B6-5796-4D44-BC7A-2FA644057D7F}, Quarantined, [f9ca3b6accbf85b18c56bfa5837f6898], 
PUP.Optional.Yontoo, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{CDC9B2B6-5796-4D44-BC7A-2FA644057D7F}, Quarantined, [f9ca3b6accbf85b18c56bfa5837f6898], 
PUP.Optional.Yontoo, HKU\S-1-5-21-3735849130-1491884294-2926513707-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{CDC9B2B6-5796-4D44-BC7A-2FA644057D7F}, Quarantined, [f9ca3b6accbf85b18c56bfa5837f6898], 
PUP.Optional.Yontoo, HKU\S-1-5-21-3735849130-1491884294-2926513707-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{CDC9B2B6-5796-4D44-BC7A-2FA644057D7F}, Quarantined, [f9ca3b6accbf85b18c56bfa5837f6898], 
PUP.Optional.Yontoo, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{F83D1872-D9FF-47F8-B5A0-49CC51E24EE8}, Quarantined, [ae1521847912a195f524e44ea85a4bb5], 
PUP.Optional.Yontoo, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{F83D1872-D9FF-47F8-B5A0-49CC51E24EE8}, Quarantined, [ae1521847912a195f524e44ea85a4bb5], 
PUP.Optional.OpenCandy, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{47A1DF02-BCE4-40C3-AE47-E3EA09A65E4A}, Quarantined, [c5fe9d08a2e90333a5af65ada75bd828], 
PUP.Optional.OpenCandy, HKLM\SOFTWARE\CLASSES\INTERFACE\{47A1DF02-BCE4-40C3-AE47-E3EA09A65E4A}, Quarantined, [c5fe9d08a2e90333a5af65ada75bd828], 
PUP.Optional.OpenCandy, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{47A1DF02-BCE4-40C3-AE47-E3EA09A65E4A}, Quarantined, [c5fe9d08a2e90333a5af65ada75bd828], 
PUP.Optional.OpenCandy, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{47A1DF02-BCE4-40C3-AE47-E3EA09A65E4A}, Quarantined, [c5fe9d08a2e90333a5af65ada75bd828], 
PUP.Optional.OpenCandy, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{47A1DF02-BCE4-40C3-AE47-E3EA09A65E4A}, Quarantined, [c5fe9d08a2e90333a5af65ada75bd828], 
PUP.Optional.OpenCandy, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{B9D64D3B-BE75-4FA2-B94A-C4AE772A0146}, Quarantined, [c5fe9d08a2e90333a5af65ada75bd828], 
PUP.Optional.OpenCandy, HKLM\SOFTWARE\CLASSES\TYPELIB\{1112F282-7099-4624-A439-DB29D6551552}, Quarantined, [c5fe9d08a2e90333a5af65ada75bd828], 
PUP.Optional.OpenCandy, HKLM\SOFTWARE\CLASSES\INTERFACE\{FA7B2795-C0C8-4A58-8672-3F8D80CC0270}, Quarantined, [c5fe9d08a2e90333a5af65ada75bd828], 
PUP.Optional.OpenCandy, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{FA7B2795-C0C8-4A58-8672-3F8D80CC0270}, Quarantined, [c5fe9d08a2e90333a5af65ada75bd828], 
PUP.Optional.OpenCandy, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{FA7B2795-C0C8-4A58-8672-3F8D80CC0270}, Quarantined, [c5fe9d08a2e90333a5af65ada75bd828], 
PUP.Optional.OpenCandy, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{1112F282-7099-4624-A439-DB29D6551552}, Quarantined, [c5fe9d08a2e90333a5af65ada75bd828], 
PUP.Optional.OpenCandy, HKLM\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{1112F282-7099-4624-A439-DB29D6551552}, Quarantined, [c5fe9d08a2e90333a5af65ada75bd828], 
PUP.Optional.OpenCandy, HKLM\SOFTWARE\CLASSES\OCComSDK.ComSDK.1, Quarantined, [c5fe9d08a2e90333a5af65ada75bd828], 
PUP.Optional.OpenCandy, HKLM\SOFTWARE\CLASSES\OCComSDK.ComSDK, Quarantined, [c5fe9d08a2e90333a5af65ada75bd828], 
PUP.Optional.OpenCandy, HKLM\SOFTWARE\WOW6432NODE\CLASSES\OCComSDK.ComSDK, Quarantined, [c5fe9d08a2e90333a5af65ada75bd828], 
PUP.Optional.OpenCandy, HKLM\SOFTWARE\CLASSES\WOW6432NODE\OCComSDK.ComSDK, Quarantined, [c5fe9d08a2e90333a5af65ada75bd828], 
PUP.Optional.OpenCandy, HKLM\SOFTWARE\WOW6432NODE\CLASSES\OCComSDK.ComSDK.1, Quarantined, [c5fe9d08a2e90333a5af65ada75bd828], 
PUP.Optional.OpenCandy, HKLM\SOFTWARE\CLASSES\WOW6432NODE\OCComSDK.ComSDK.1, Quarantined, [c5fe9d08a2e90333a5af65ada75bd828], 
PUP.Optional.OpenCandy, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{B9D64D3B-BE75-4FA2-B94A-C4AE772A0146}, Quarantined, [c5fe9d08a2e90333a5af65ada75bd828], 
PUP.Optional.Yontoo, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{BDE61FE2-3C88-43D3-81DD-ABEA863B2F17}, Quarantined, [9e25772eb3d8171f05675c6f8d76629e], 
PUP.Optional.Yontoo, HKU\S-1-5-21-3735849130-1491884294-2926513707-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{BDE61FE2-3C88-43D3-81DD-ABEA863B2F17}, Quarantined, [249f426347447abca7c496354db6837d], 
PUP.Optional.ProductSetup, HKU\S-1-5-21-3735849130-1491884294-2926513707-1001\SOFTWARE\PRODUCTSETUP, Quarantined, [a41faafb107bf4422023e5caf2119e62], 
 
Registry Values: 5
PUP.Optional.Yontoo.ChrPRST, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DoNotAskAgain, searchinterneat-a.akamaihd.net, Quarantined, [a41fddc83952f73fa2af6d60e71cab55]
PUP.Optional.Yontoo, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{BDE61FE2-3C88-43D3-81DD-ABEA863B2F17}|URL, http://searchinterneat-a.akamaihd.net/s?eq=U0EeE1xZE1oZB1ZEfVoAWAsTQwdAbQ5cVgpcFQNCIxRZVAkXDFFBJl1bBA1FQlEQIx9aFQQTSEcFME0FCFwEURNNfWpdAEsSSX5NL04=&q={searchTerms},Quarantined, [9e25772eb3d8171f05675c6f8d76629e]
PUP.Optional.Yontoo.ChrPRST, HKU\S-1-5-21-3735849130-1491884294-2926513707-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DoNotAskAgain, searchinterneat-a.akamaihd.net, Quarantined, [7053b0f55e2db97d5a31dcf0798a7987]
PUP.Optional.Yontoo, HKU\S-1-5-21-3735849130-1491884294-2926513707-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{BDE61FE2-3C88-43D3-81DD-ABEA863B2F17}|URL, http://searchinterneat-a.akamaihd.net/s?eq=U0EeE1xZE1oZB1ZEfVoAWAsTQwdAbQ5cVgpcFQNCIxRZVAkXDFFBJl1bBA1FQlEQIx9aFQQTSEcFME0FCFwEURNNfWpdAEsSSX5NL04=&q={searchTerms},Quarantined, [249f426347447abca7c496354db6837d]
PUP.Optional.ProductSetup, HKU\S-1-5-21-3735849130-1491884294-2926513707-1001\SOFTWARE\PRODUCTSETUP|tb, 1Z1C1O2Z1R1K2T0U1H1N1D, Quarantined, [a41faafb107bf4422023e5caf2119e62]
 
Registry Data: 1
 
Folders: 0
(No malicious items detected)
 
Files: 3
PUP.Optional.OpenCandy, C:\Users\Aditya Sharma\AppData\Local\Temp\HYDB29D.tmp.1450271349\HTA\install.1450271349.zip, Quarantined, [ae15980d018aad8966eeaf633ec44cb4], 
PUP.Optional.OpenCandy, C:\Users\Aditya Sharma\AppData\Local\Temp\HYDB29D.tmp.1450271349\HTA\3rdparty\OCComSDK.dll, Quarantined, [c5fe9d08a2e90333a5af65ada75bd828], 
PUP.Optional.OpenCandy, C:\Users\Aditya Sharma\AppData\Local\Temp\HYDB29D.tmp.1450271349\HTA\3rdparty\OCSetupHlp.dll, Quarantined, [d3f0eabb8dfef73fbf6ddbbfd92bc739], 
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 
SECOND SCAN (TODAY)
 
Scan Date: 18-12-2015
Scan Time: 17:21
Logfile: mbam2.txt
Administrator: Yes
 
Version: 2.2.0.1024
Malware Database: v2015.12.18.02
Rootkit Database: v2015.12.16.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 10
CPU: x64
File System: NTFS
User: Aditya Sharma
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 388778
Time Elapsed: 37 min, 42 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 1
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 
2. ADWCLEANER
 
# AdwCleaner v5.025 - Logfile created 18/12/2015 at 18:27:05
# Updated 13/12/2015 by Xplode
# Database : 2015-12-13.2 [server]
# Operating system : Windows 10 Home  (x64)
# Username : Aditya Sharma - ADITYA
# Running from : C:\Users\Aditya Sharma\Downloads\adwcleaner_5.025.exe
# Option : Cleaning
 
***** [ Services ] *****
 
 
***** [ Folders ] *****
 
[-] Folder Deleted : C:\Users\Aditya Sharma\AppData\Local\YSearchUtil
 
***** [ Files ] *****
 
 
***** [ DLLs ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Scheduled tasks ] *****
 
 
***** [ Registry ] *****
 
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{26B19FA4-E8A1-4A1B-A163-1A1E46F830DD}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{0A7D6F3C-F2AB-48ED-BE23-99791BFF87D6}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Installer\Features\C3F6D7A0BA2FDE84EB329997B1FF786D
[-] Key Deleted : HKLM\SOFTWARE\Classes\Installer\Products\C3F6D7A0BA2FDE84EB329997B1FF786D
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\C3F6D7A0BA2FDE84EB329997B1FF786D
 
***** [ Web browsers ] *****
 
[-] [C:\Users\Aditya Sharma\AppData\Local\Google\Chrome\User Data\Default\Web Data] [search Provider] Deleted : free-mp3-cutter-joiner.en.softonic.com
[-] [C:\Users\Aditya Sharma\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : npdicihegicnhaangkdmcgbjceoemeoo
 
*************************
 
:: "Tracing" keys removed
:: Winsock settings cleared
 
########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [1573 bytes] ##########
 
3. JRT
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.1 (11.24.2015)
Operating System: Windows 10 Home x64 
Ran by Aditya Sharma (Administrator) on 18-12-2015 at 18:39:20.90
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
File System: 2 
 
Successfully deleted: C:\WINDOWS\system32\Tasks\PCDEventLauncherTask (Task)
Successfully deleted: C:\WINDOWS\system32\Tasks\PCDoctorBackgroundMonitorTask (Task)
 
 
 
Registry: 2 
 
Successfully deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\GoogleChromeAutoLaunch_ED149537A45965A62D7EC593B0DF37F6 (Registry Value) 
Successfully deleted: HKLM\Software\Google\Chrome\Extensions\npdicihegicnhaangkdmcgbjceoemeoo (Registry Key) 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 18-12-2015 at 18:47:46.01
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
Link to post
Share on other sites

Hi Kevin,

 

Thanks for taking out the time to help me today.

 

I have followed your instructions and run all the scans in the same order as you mentioned them. Here are the reports:

 

1. MBAM (there are 2 log files - the first one from a scan I ran on 16-12-2015 and the second one from just now)

 

FIRST SCAN (16-12-2015; I have included this because it contains data on files detected and quarantined in this first scan, and therefore not a part of the second scan report)

 

Scan Date: 16-12-2015
Scan Time: 19:12
Logfile: mbam1.txt
Administrator: Yes
 
Version: 2.2.0.1024
Malware Database: v2015.12.16.03
Rootkit Database: v2015.12.07.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 10
CPU: x64
File System: NTFS
User: Aditya Sharma
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 387387
Time Elapsed: 25 min, 10 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 35
PUP.Optional.Yontoo, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{cdc9b2b6-5796-4d44-bc7a-2fa644057d7f}, Quarantined, [f9ca3b6accbf85b18c56bfa5837f6898], 
PUP.Optional.Yontoo, HKLM\SOFTWARE\CLASSES\TYPELIB\{6f387e5f-b247-45e2-a4b9-a1291df085e4}, Quarantined, [f9ca3b6accbf85b18c56bfa5837f6898], 
PUP.Optional.Yontoo, HKLM\SOFTWARE\CLASSES\INTERFACE\{8C327BD5-D857-4594-86D1-9D218E2F52CE}, Quarantined, [f9ca3b6accbf85b18c56bfa5837f6898], 
PUP.Optional.Yontoo, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{8C327BD5-D857-4594-86D1-9D218E2F52CE}, Quarantined, [f9ca3b6accbf85b18c56bfa5837f6898], 
PUP.Optional.Yontoo, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{8C327BD5-D857-4594-86D1-9D218E2F52CE}, Quarantined, [f9ca3b6accbf85b18c56bfa5837f6898], 
PUP.Optional.Yontoo, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{6f387e5f-b247-45e2-a4b9-a1291df085e4}, Quarantined, [f9ca3b6accbf85b18c56bfa5837f6898], 
PUP.Optional.Yontoo, HKLM\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{6f387e5f-b247-45e2-a4b9-a1291df085e4}, Quarantined, [f9ca3b6accbf85b18c56bfa5837f6898], 
PUP.Optional.Yontoo, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{CDC9B2B6-5796-4D44-BC7A-2FA644057D7F}, Quarantined, [f9ca3b6accbf85b18c56bfa5837f6898], 
PUP.Optional.Yontoo, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{CDC9B2B6-5796-4D44-BC7A-2FA644057D7F}, Quarantined, [f9ca3b6accbf85b18c56bfa5837f6898], 
PUP.Optional.Yontoo, HKU\S-1-5-21-3735849130-1491884294-2926513707-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{CDC9B2B6-5796-4D44-BC7A-2FA644057D7F}, Quarantined, [f9ca3b6accbf85b18c56bfa5837f6898], 
PUP.Optional.Yontoo, HKU\S-1-5-21-3735849130-1491884294-2926513707-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{CDC9B2B6-5796-4D44-BC7A-2FA644057D7F}, Quarantined, [f9ca3b6accbf85b18c56bfa5837f6898], 
PUP.Optional.Yontoo, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{F83D1872-D9FF-47F8-B5A0-49CC51E24EE8}, Quarantined, [ae1521847912a195f524e44ea85a4bb5], 
PUP.Optional.Yontoo, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{F83D1872-D9FF-47F8-B5A0-49CC51E24EE8}, Quarantined, [ae1521847912a195f524e44ea85a4bb5], 
PUP.Optional.OpenCandy, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{47A1DF02-BCE4-40C3-AE47-E3EA09A65E4A}, Quarantined, [c5fe9d08a2e90333a5af65ada75bd828], 
PUP.Optional.OpenCandy, HKLM\SOFTWARE\CLASSES\INTERFACE\{47A1DF02-BCE4-40C3-AE47-E3EA09A65E4A}, Quarantined, [c5fe9d08a2e90333a5af65ada75bd828], 
PUP.Optional.OpenCandy, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{47A1DF02-BCE4-40C3-AE47-E3EA09A65E4A}, Quarantined, [c5fe9d08a2e90333a5af65ada75bd828], 
PUP.Optional.OpenCandy, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{47A1DF02-BCE4-40C3-AE47-E3EA09A65E4A}, Quarantined, [c5fe9d08a2e90333a5af65ada75bd828], 
PUP.Optional.OpenCandy, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{47A1DF02-BCE4-40C3-AE47-E3EA09A65E4A}, Quarantined, [c5fe9d08a2e90333a5af65ada75bd828], 
PUP.Optional.OpenCandy, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{B9D64D3B-BE75-4FA2-B94A-C4AE772A0146}, Quarantined, [c5fe9d08a2e90333a5af65ada75bd828], 
PUP.Optional.OpenCandy, HKLM\SOFTWARE\CLASSES\TYPELIB\{1112F282-7099-4624-A439-DB29D6551552}, Quarantined, [c5fe9d08a2e90333a5af65ada75bd828], 
PUP.Optional.OpenCandy, HKLM\SOFTWARE\CLASSES\INTERFACE\{FA7B2795-C0C8-4A58-8672-3F8D80CC0270}, Quarantined, [c5fe9d08a2e90333a5af65ada75bd828], 
PUP.Optional.OpenCandy, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{FA7B2795-C0C8-4A58-8672-3F8D80CC0270}, Quarantined, [c5fe9d08a2e90333a5af65ada75bd828], 
PUP.Optional.OpenCandy, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{FA7B2795-C0C8-4A58-8672-3F8D80CC0270}, Quarantined, [c5fe9d08a2e90333a5af65ada75bd828], 
PUP.Optional.OpenCandy, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{1112F282-7099-4624-A439-DB29D6551552}, Quarantined, [c5fe9d08a2e90333a5af65ada75bd828], 
PUP.Optional.OpenCandy, HKLM\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{1112F282-7099-4624-A439-DB29D6551552}, Quarantined, [c5fe9d08a2e90333a5af65ada75bd828], 
PUP.Optional.OpenCandy, HKLM\SOFTWARE\CLASSES\OCComSDK.ComSDK.1, Quarantined, [c5fe9d08a2e90333a5af65ada75bd828], 
PUP.Optional.OpenCandy, HKLM\SOFTWARE\CLASSES\OCComSDK.ComSDK, Quarantined, [c5fe9d08a2e90333a5af65ada75bd828], 
PUP.Optional.OpenCandy, HKLM\SOFTWARE\WOW6432NODE\CLASSES\OCComSDK.ComSDK, Quarantined, [c5fe9d08a2e90333a5af65ada75bd828], 
PUP.Optional.OpenCandy, HKLM\SOFTWARE\CLASSES\WOW6432NODE\OCComSDK.ComSDK, Quarantined, [c5fe9d08a2e90333a5af65ada75bd828], 
PUP.Optional.OpenCandy, HKLM\SOFTWARE\WOW6432NODE\CLASSES\OCComSDK.ComSDK.1, Quarantined, [c5fe9d08a2e90333a5af65ada75bd828], 
PUP.Optional.OpenCandy, HKLM\SOFTWARE\CLASSES\WOW6432NODE\OCComSDK.ComSDK.1, Quarantined, [c5fe9d08a2e90333a5af65ada75bd828], 
PUP.Optional.OpenCandy, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{B9D64D3B-BE75-4FA2-B94A-C4AE772A0146}, Quarantined, [c5fe9d08a2e90333a5af65ada75bd828], 
PUP.Optional.Yontoo, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{BDE61FE2-3C88-43D3-81DD-ABEA863B2F17}, Quarantined, [9e25772eb3d8171f05675c6f8d76629e], 
PUP.Optional.Yontoo, HKU\S-1-5-21-3735849130-1491884294-2926513707-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{BDE61FE2-3C88-43D3-81DD-ABEA863B2F17}, Quarantined, [249f426347447abca7c496354db6837d], 
PUP.Optional.ProductSetup, HKU\S-1-5-21-3735849130-1491884294-2926513707-1001\SOFTWARE\PRODUCTSETUP, Quarantined, [a41faafb107bf4422023e5caf2119e62], 
 
Registry Values: 5
PUP.Optional.Yontoo.ChrPRST, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DoNotAskAgain, searchinterneat-a.akamaihd.net, Quarantined, [a41fddc83952f73fa2af6d60e71cab55]
PUP.Optional.Yontoo, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{BDE61FE2-3C88-43D3-81DD-ABEA863B2F17}|URL, http://searchinterneat-a.akamaihd.net/s?eq=U0EeE1xZE1oZB1ZEfVoAWAsTQwdAbQ5cVgpcFQNCIxRZVAkXDFFBJl1bBA1FQlEQIx9aFQQTSEcFME0FCFwEURNNfWpdAEsSSX5NL04=&q={searchTerms},Quarantined, [9e25772eb3d8171f05675c6f8d76629e]
PUP.Optional.Yontoo.ChrPRST, HKU\S-1-5-21-3735849130-1491884294-2926513707-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DoNotAskAgain, searchinterneat-a.akamaihd.net, Quarantined, [7053b0f55e2db97d5a31dcf0798a7987]
PUP.Optional.Yontoo, HKU\S-1-5-21-3735849130-1491884294-2926513707-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{BDE61FE2-3C88-43D3-81DD-ABEA863B2F17}|URL, http://searchinterneat-a.akamaihd.net/s?eq=U0EeE1xZE1oZB1ZEfVoAWAsTQwdAbQ5cVgpcFQNCIxRZVAkXDFFBJl1bBA1FQlEQIx9aFQQTSEcFME0FCFwEURNNfWpdAEsSSX5NL04=&q={searchTerms},Quarantined, [249f426347447abca7c496354db6837d]
PUP.Optional.ProductSetup, HKU\S-1-5-21-3735849130-1491884294-2926513707-1001\SOFTWARE\PRODUCTSETUP|tb, 1Z1C1O2Z1R1K2T0U1H1N1D, Quarantined, [a41faafb107bf4422023e5caf2119e62]
 
Registry Data: 1
 
Folders: 0
(No malicious items detected)
 
Files: 3
PUP.Optional.OpenCandy, C:\Users\Aditya Sharma\AppData\Local\Temp\HYDB29D.tmp.1450271349\HTA\install.1450271349.zip, Quarantined, [ae15980d018aad8966eeaf633ec44cb4], 
PUP.Optional.OpenCandy, C:\Users\Aditya Sharma\AppData\Local\Temp\HYDB29D.tmp.1450271349\HTA\3rdparty\OCComSDK.dll, Quarantined, [c5fe9d08a2e90333a5af65ada75bd828], 
PUP.Optional.OpenCandy, C:\Users\Aditya Sharma\AppData\Local\Temp\HYDB29D.tmp.1450271349\HTA\3rdparty\OCSetupHlp.dll, Quarantined, [d3f0eabb8dfef73fbf6ddbbfd92bc739], 
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 
SECOND SCAN (TODAY)
 
Scan Date: 18-12-2015
Scan Time: 17:21
Logfile: mbam2.txt
Administrator: Yes
 
Version: 2.2.0.1024
Malware Database: v2015.12.18.02
Rootkit Database: v2015.12.16.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 10
CPU: x64
File System: NTFS
User: Aditya Sharma
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 388778
Time Elapsed: 37 min, 42 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 1
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
Link to post
Share on other sites

(Contd.)

 

2. ADWCLEANER
 
# AdwCleaner v5.025 - Logfile created 18/12/2015 at 18:27:05
# Updated 13/12/2015 by Xplode
# Database : 2015-12-13.2 [server]
# Operating system : Windows 10 Home  (x64)
# Username : Aditya Sharma - ADITYA
# Running from : C:\Users\Aditya Sharma\Downloads\adwcleaner_5.025.exe
# Option : Cleaning
 
***** [ Services ] *****
 
 
***** [ Folders ] *****
 
[-] Folder Deleted : C:\Users\Aditya Sharma\AppData\Local\YSearchUtil
 
***** [ Files ] *****
 
 
***** [ DLLs ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Scheduled tasks ] *****
 
 
***** [ Registry ] *****
 
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{26B19FA4-E8A1-4A1B-A163-1A1E46F830DD}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{0A7D6F3C-F2AB-48ED-BE23-99791BFF87D6}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Installer\Features\C3F6D7A0BA2FDE84EB329997B1FF786D
[-] Key Deleted : HKLM\SOFTWARE\Classes\Installer\Products\C3F6D7A0BA2FDE84EB329997B1FF786D
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\C3F6D7A0BA2FDE84EB329997B1FF786D
 
***** [ Web browsers ] *****
 
[-] [C:\Users\Aditya Sharma\AppData\Local\Google\Chrome\User Data\Default\Web Data] [search Provider] Deleted : free-mp3-cutter-joiner.en.softonic.com
[-] [C:\Users\Aditya Sharma\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : npdicihegicnhaangkdmcgbjceoemeoo
 
*************************
 
:: "Tracing" keys removed
:: Winsock settings cleared
 
########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [1573 bytes] ##########
 
3. JRT
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.1 (11.24.2015)
Operating System: Windows 10 Home x64 
Ran by Aditya Sharma (Administrator) on 18-12-2015 at 18:39:20.90
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
File System: 2 
 
Successfully deleted: C:\WINDOWS\system32\Tasks\PCDEventLauncherTask (Task)
Successfully deleted: C:\WINDOWS\system32\Tasks\PCDoctorBackgroundMonitorTask (Task)
 
 
 
Registry: 2 
 
Successfully deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\GoogleChromeAutoLaunch_ED149537A45965A62D7EC593B0DF37F6 (Registry Value) 
Successfully deleted: HKLM\Software\Google\Chrome\Extensions\npdicihegicnhaangkdmcgbjceoemeoo (Registry Key) 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 18-12-2015 at 18:47:46.01
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Link to post
Share on other sites

4. FARBAR (When I opened this program, I got the following pop-up message with the header Application Error: "Exception EAccessViolation in module ERUNT.exe at 00003A38. Access violation at address 00403A38 in module 'ERUNT.exe'. Read of address 00630061." But the program seemed to run fine. Also, I ran the scan twice one after the other as the first time shortcut.txt was deselected. I guess the reports generated from the second scan overwrote the first scan reports as I can only find one copy of the reports.)

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:17-12-2015

Ran by Aditya Sharma (administrator) on ADITYA (18-12-2015 18:58:41)

Running from C:\Users\Aditya Sharma\Downloads

Loaded Profiles: Aditya Sharma (Available Profiles: Aditya Sharma & Aditya)

Platform: Windows 10 Home Version 1511 (X64) Language: English (United States)

Internet Explorer Version 11 (Default browser: Chrome)

Boot Mode: Normal


 

==================== Processes (Whitelisted) =================

 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

 

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe

(Intel Corporation) C:\Windows\SysWOW64\IntelCpHeciSvc.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe

(Microsoft Corporation) C:\Windows\System32\wlanext.exe

(McAfee, Inc.) C:\Windows\System32\mfevtps.exe

(McAfee, Inc.) C:\Program Files\Common Files\McAfee\systemcore\mfemms.exe

(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe

(DELL Inc.) C:\Program Files (x86)\Wyse\PocketCloud\WyseRemoteAccess.exe

(Broadcom Corporation.) C:\Windows\System32\BtwRSupportService.exe

() C:\Program Files (x86)\Intel\Intel® Security Assist\isaHelperService.exe

() C:\Program Files (x86)\Wyse\PocketCloud\PocketCloudService.exe

(McAfee, Inc.) C:\Windows\System32\mfevtps.exe

(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe

(McAfee, Inc.) C:\Program Files\Common Files\McAfee\systemcore\mfefire.exe

(McAfee, Inc.) C:\Program Files\Common Files\McAfee\systemcore\mfefire.exe

(McAfee, Inc.) C:\Program Files\mcafee\msc\McAPExe.exe

(McAfee, Inc.) C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe

(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe

() C:\Program Files\WindowsApps\Microsoft.Messaging_2.12.15004.0_x86__8wekyb3d8bbwe\SkypeHost.exe

(McAfee, Inc.) C:\Program Files\Common Files\McAfee\platform\McUICnt.exe

(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

(Dell Inc.) C:\Program Files (x86)\Dell Customer Connect\DCCService.exe

(Dell) C:\Program Files\Dell\Dell Foundation Services\DFSSvc.exe

(Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe

(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

(Intel Corporation) C:\Program Files\Intel\Intel® Management Engine Components\DAL\jhi_service.exe

(Intel Corporation) C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe

(McAfee, Inc.) C:\Program Files\Common Files\McAfee\CSP\1.8.190.0\McCSPServiceHost.exe

(CyberLink) C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe

(SoftThinks SAS) C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe

(Dell Inc.) C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe

(Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVault.exe

(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe

 

 

==================== Registry (Whitelisted) ===========================

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

 

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8512760 2015-08-04] (Realtek Semiconductor)

HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1411320 2015-08-04] (Realtek Semiconductor)

HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2857128 2015-01-09] (Synaptics Incorporated)

HKLM\...\Run: [WavesSvc] => "C:\Program Files\Realtek\Audio\HDA\WavesSvc64.exe"

HKLM\...\Run: [QuickSet] => c:\Program Files\Dell\QuickSet\QuickSet.exe [3859456 2014-09-06] (Dell Inc.)

HKLM\...\Run: [iAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [322472 2015-06-23] (Intel Corporation)

HKLM-x32\...\Run: [DropboxOEM] => C:\Program Files (x86)\Dropbox\DropboxOEM\DropboxOEM.exe [462160 2014-09-03] ()

HKLM-x32\...\Run: [bCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-01-21] (Microsoft Corporation)

HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596528 2015-11-09] (Oracle Corporation)

HKU\S-1-5-21-3735849130-1491884294-2926513707-1001\...\Run: [skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [28785792 2015-06-02] (Skype Technologies S.A.)

HKU\S-1-5-21-3735849130-1491884294-2926513707-1001\...\Run: [OfficeSyncProcess] => C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE [717696 2010-01-16] (Microsoft Corporation)

HKU\S-1-5-21-3735849130-1491884294-2926513707-1001\...\RunOnce: [uninstall C:\Users\Aditya Sharma\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Aditya Sharma\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64"

HKU\S-1-5-21-3735849130-1491884294-2926513707-1001\...\RunOnce: [uninstall C:\Users\Aditya Sharma\AppData\Local\Microsoft\OneDrive\17.3.5892.0626] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Aditya Sharma\AppData\Local\Microsoft\OneDrive\17.3.5892.0626"

ShellIconOverlayIdentifiers: [DBARFileBackuped] -> {831cebdd-6baf-4432-be76-9e0989c14aef} => C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayIconBackuped.dll [2014-12-31] (Softthinks SAS)

ShellIconOverlayIdentifiers: [DBARFileNotBackuped] -> {275e4fd7-21ef-45cf-a836-832e5d2cc1b3} => C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayIconNotBackuped.dll [2014-12-31] (Softthinks SAS)

ShellIconOverlayIdentifiers: [DBRShellOverlayBackupFile] -> {831CEBDD-6BAF-4432-BE76-9E0989C14AEF} => C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayIconBackuped.dll [2014-12-31] (Softthinks SAS)

ShellIconOverlayIdentifiers: [DBRShellOverlayModifiedBackupFile] -> {275E4FD7-21EF-45CF-A836-832E5D2CC1B3} => C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayIconNotBackuped.dll [2014-12-31] (Softthinks SAS)

CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

 

==================== Internet (Whitelisted) ====================

 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

 

Tcpip\Parameters: [DhcpNameServer] 202.88.131.90 202.88.131.89

Tcpip\..\Interfaces\{ac6b204a-ef02-405d-af6d-01b33c190899}: [DhcpNameServer] 202.88.131.90 202.88.131.89

Tcpip\..\Interfaces\{ed0d8c95-647c-45b2-b9c8-69cf4d9520a0}: [DhcpNameServer] 202.88.131.90 202.88.131.89

 

Internet Explorer:

==================

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com

HKU\S-1-5-21-3735849130-1491884294-2926513707-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:Tabs

HKU\S-1-5-21-3735849130-1491884294-2926513707-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dell13.msn.com/?pc=DCJB

SearchScopes: HKLM -> DefaultScope {BDE61FE2-3C88-43D3-81DD-ABEA863B2F17} URL = 

SearchScopes: HKU\S-1-5-21-3735849130-1491884294-2926513707-1001 -> {A284D873-486D-4FC4-AA38-F9DABC10207F} URL = hxxps://in.search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default

BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-01-21] (Microsoft Corporation)

BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation)

BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2010-01-21] (Microsoft Corporation)

BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\ssv.dll [2015-12-11] (Oracle Corporation)

BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation)

BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\jp2ssv.dll [2015-12-11] (Oracle Corporation)

Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2015-12-02] (McAfee, Inc.)

Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2015-12-02] (McAfee, Inc.)

Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2015-12-02] (McAfee, Inc.)

Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2015-12-02] (McAfee, Inc.)

Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll [2015-11-10] (McAfee, Inc.)

Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll [2015-11-10] (McAfee, Inc.)

 

FireFox:

========

FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2015-11-10] ()

FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.68 -> C:\Program Files\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-04-21] (Intel Corporation)

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2015-04-21] (Intel Corporation)

FF Plugin-x32: @java.com/DTPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\dtplugin\npDeployJava1.dll [2015-12-11] (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\plugin2\npjp2.dll [2015-12-11] (Oracle Corporation)

FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2015-11-10] ()

FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-01-10] (Microsoft Corporation)

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-05] (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-05] (Google Inc.)

FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-09-27] (Adobe Systems Inc.)

FF Plugin HKU\S-1-5-21-3735849130-1491884294-2926513707-1001: @citrixonline.com/appdetectorplugin -> C:\Users\Aditya Sharma\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2015-06-11] (Citrix Online)

FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi

FF Extension: McAfee WebAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi [2015-11-23]

FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi

FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK

FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2015-12-10] [not signed]

 

Chrome: 

=======

CHR DefaultSearchKeyword: Default -> google.co.in

CHR Profile: C:\Users\Aditya Sharma\AppData\Local\Google\Chrome\User Data\Default

CHR Extension: (Google Slides) - C:\Users\Aditya Sharma\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-12-15]

CHR Extension: (Google Docs) - C:\Users\Aditya Sharma\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-12-15]

CHR Extension: (Google Drive) - C:\Users\Aditya Sharma\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-12-15]

CHR Extension: (YouTube) - C:\Users\Aditya Sharma\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-12-15]

CHR Extension: (Google Search) - C:\Users\Aditya Sharma\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-12-15]

CHR Extension: (Google Sheets) - C:\Users\Aditya Sharma\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-12-15]

CHR Extension: (SiteAdvisor) - C:\Users\Aditya Sharma\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2015-12-15]

CHR Extension: (Google Docs Offline) - C:\Users\Aditya Sharma\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-12-15]

CHR Extension: (Chrome Web Store Payments) - C:\Users\Aditya Sharma\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-12-15]

CHR Extension: (Gmail) - C:\Users\Aditya Sharma\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-12-15]

CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2015-12-10]

CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2015-12-10]

 

==================== Services (Whitelisted) ========================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

R2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2251992 2015-03-27] (Broadcom Corporation.)

R2 Dell Customer Connect; C:\Program Files (x86)\Dell Customer Connect\DCCService.exe [137968 2015-09-22] (Dell Inc.)

R2 Dell Foundation Services; C:\Program Files\Dell\Dell Foundation Services\DFSSvc.exe [119656 2015-12-07] (Dell)

R2 DellDataVault; C:\Program Files\Dell\DellDataVault\DellDataVault.exe [2574168 2015-09-11] (Dell Inc.)

R2 DellDataVaultWiz; C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe [201560 2015-09-11] (Dell Inc.)

S3 DellProdRegManager; C:\Program Files (x86)\Dell Product Registration\regmgrsvc.exe [293440 2014-04-02] (Aviata, Inc.)

R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [451960 2015-11-02] (McAfee, Inc.)

R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [18856 2015-06-23] (Intel Corporation)

R2 igfxCUIService2.0.0.0; C:\Windows\system32\igfxCUIService.exe [350312 2015-09-07] (Intel Corporation)

S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [881152 2015-05-22] (Intel® Corporation)

S3 Intel® Security Assist; C:\Program Files (x86)\Intel\Intel® Security Assist\isa.exe [335872 2015-05-19] (Intel Corporation) [File not signed]

R2 isaHelperSvc; C:\Program Files (x86)\Intel\Intel® Security Assist\isaHelperService.exe [7680 2015-05-19] () [File not signed]

R2 jhi_service; C:\Program Files\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [223008 2015-06-24] (Intel Corporation)

R2 LMS; C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe [411936 2015-06-24] (Intel Corporation)

S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)

R2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [157928 2015-12-02] (McAfee, Inc.)

R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [863448 2015-11-10] (McAfee, Inc.)

S3 McAWFwk; C:\Program Files\Common Files\McAfee\ActWiz\McAWFwk.exe [333584 2013-09-27] (McAfee, Inc.)

R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\1.8.190.0\McCSPServiceHost.exe [1694152 2015-10-28] (McAfee, Inc.)

R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [451960 2015-11-02] (McAfee, Inc.)

R2 McNaiAnn; C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe [451960 2015-11-02] (McAfee, Inc.)

S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [679120 2015-10-20] (McAfee, Inc.)

S4 McOobeSv2; C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe [451960 2015-11-02] (McAfee, Inc.)

R2 mcpltsvc; C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe [451960 2015-11-02] (McAfee, Inc.)

R2 McProxy; C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe [451960 2015-11-02] (McAfee, Inc.)

R3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [233680 2015-09-21] (McAfee, Inc.)

R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe [378848 2015-10-21] (McAfee, Inc.)

R2 mfevtp; C:\Windows\system32\mfevtps.exe [256840 2015-09-21] (McAfee, Inc.)

R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [451960 2015-11-02] (McAfee, Inc.)

S2 My Dell Client Framework; C:\Program Files (x86)\Dell\My Dell Client Framework\Dell.ClientFramework.exe [168960 2014-01-11] (Dell Inc.) [File not signed]

R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [253776 2013-07-30] (CyberLink)

R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [312056 2015-08-04] (Realtek Semiconductor)

R2 SftService; C:\Program Files (x86)\Dell Backup and Recovery\sftservice.exe [2005392 2015-02-12] (SoftThinks SAS)

R2 SupportAssistAgent; C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [21160 2015-09-30] (Dell Inc.)

S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)

S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)

R2 WysePocketCloud; C:\Program Files (x86)\Wyse\PocketCloud\PocketCloudService.exe [16176 2013-08-23] ()

R2 WyseRemoteAccess; C:\Program Files (x86)\Wyse\PocketCloud\WyseRemoteAccess.exe [1785344 2013-08-19] (DELL Inc.) [File not signed]

 

===================== Drivers (Whitelisted) ==========================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

R3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [173312 2015-03-27] (Broadcom Corporation.)

R3 BCMWL63A; C:\Windows\system32\DRIVERS\bcmwl63a.sys [11259136 2015-08-13] (Broadcom Corp)

R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [80760 2015-09-23] (McAfee, Inc.)

R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91712 2013-03-06] (CyberLink)

R3 DDDriver; C:\Windows\system32\drivers\DDDriver64Dcsa.sys [23760 2015-02-26] (Dell Computer Corporation)

R3 DellProf; C:\Windows\system32\drivers\DellProf.sys [24240 2015-09-11] (Dell Computer Corporation)

R3 DellRbtn; C:\Windows\System32\drivers\DellRbtn.sys [10752 2013-01-25] (OSR Open Systems Resources, Inc.)

R1 ElRawDisk; C:\Windows\system32\drivers\rsdrvx64.sys [26024 2009-02-12] (EldoS Corporation)

S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [207208 2015-05-19] (McAfee, Inc.)

S3 iaLPSS_SPI; C:\Windows\System32\drivers\iaLPSS_SPI.sys [100856 2014-06-11] (Intel Corporation)

R3 iaLPSS_UART2; C:\Windows\System32\drivers\iaLPSS_UART2.sys [143864 2014-06-11] (Intel Corporation)

R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)

S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)

R3 MEIx64; C:\Windows\System32\drivers\TeeDriverW8x64.sys [183584 2015-06-12] (Intel Corporation)

R3 mfeaack; C:\Windows\System32\drivers\mfeaack.sys [415976 2015-09-23] (McAfee, Inc.)

R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [351120 2015-09-23] (McAfee, Inc.)

S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [82072 2015-09-23] (McAfee, Inc.)

R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [497888 2015-09-23] (McAfee, Inc.)

R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [841944 2015-09-23] (McAfee, Inc.)

R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [537192 2015-10-06] (McAfee, Inc.)

S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [109480 2015-10-06] (McAfee, Inc.)

R3 mfesapsn; C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys [37960 2015-12-02] (McAfee, Inc.)

R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [244544 2015-09-23] (McAfee, Inc.)

R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [896744 2015-08-13] (Realtek                                            )

R3 RTSUER; C:\Windows\system32\Drivers\RtsUer.sys [402960 2015-05-14] (Realsil Semiconductor Corporation)

R3 SynRMIHID; C:\Windows\system32\DRIVERS\SynRMIHID.sys [42664 2015-01-09] (Synaptics Incorporated)

S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)

S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)

S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)

S3 PCDSRVC{3B54B31B-D06B6431-06020200}_0; \??\c:\program files\dell\supportassist\pcdsrvc_x64.pkms [X]

 

==================== NetSvcs (Whitelisted) ===================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

 

==================== One Month Created files and folders ========

 

(If an entry is included in the fixlist, the file/folder will be moved.)

 

2015-12-18 18:55 - 2015-12-18 18:57 - 00030045 _____ C:\Users\Aditya Sharma\Downloads\Addition.txt

2015-12-18 18:52 - 2015-12-18 18:58 - 00022048 _____ C:\Users\Aditya Sharma\Downloads\FRST.txt

2015-12-18 18:50 - 2015-12-18 18:58 - 00000000 ____D C:\FRST

2015-12-18 18:47 - 2015-12-18 18:47 - 00000978 _____ C:\Users\Aditya Sharma\Desktop\JRT.txt

2015-12-18 18:37 - 2015-12-18 18:37 - 02370048 _____ (Farbar) C:\Users\Aditya Sharma\Downloads\FRST64.exe

2015-12-18 18:33 - 2015-12-18 18:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee

2015-12-18 18:27 - 2015-12-18 18:27 - 00003616 _____ C:\WINDOWS\System32\Tasks\UninstallDDS-C960901F-CE14-4DE1-9729-1305F719A337

2015-12-18 18:22 - 2015-12-18 18:23 - 01599336 _____ (Malwarebytes) C:\Users\Aditya Sharma\Downloads\JRT.exe

2015-12-18 18:10 - 2015-12-18 18:10 - 00000000 ___HD C:\OneDriveTemp

2015-12-18 18:02 - 2015-12-18 18:02 - 00008599 _____ C:\Users\Aditya Sharma\Desktop\mbam1.txt

2015-12-18 18:01 - 2015-12-18 18:01 - 00001580 _____ C:\Users\Aditya Sharma\Desktop\mbam2.txt

2015-12-18 18:00 - 2015-12-18 18:00 - 00001571 _____ C:\Users\Aditya Sharma\Desktop\mbam.txt

2015-12-18 14:17 - 2015-12-18 18:27 - 00000000 ____D C:\AdwCleaner

2015-12-18 14:17 - 2015-12-18 14:17 - 01740288 _____ C:\Users\Aditya Sharma\Downloads\adwcleaner_5.025.exe

2015-12-18 13:53 - 2015-12-07 10:27 - 00973664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll

2015-12-18 13:53 - 2015-12-07 10:25 - 01281376 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll

2015-12-18 13:53 - 2015-12-07 10:18 - 02544256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll

2015-12-18 13:53 - 2015-12-07 10:18 - 02180136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll

2015-12-18 13:53 - 2015-12-07 10:18 - 01299504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetsrc.dll

2015-12-18 13:53 - 2015-12-07 10:18 - 01155944 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll

2015-12-18 13:53 - 2015-12-07 10:18 - 01118208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetsrc.dll

2015-12-18 13:53 - 2015-12-07 10:18 - 01092456 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll

2015-12-18 13:53 - 2015-12-07 10:18 - 01065080 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll

2015-12-18 13:53 - 2015-12-07 10:18 - 01020096 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsrcsnk.dll

2015-12-18 13:53 - 2015-12-07 10:18 - 00983464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll

2015-12-18 13:53 - 2015-12-07 10:18 - 00823264 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll

2015-12-18 13:53 - 2015-12-07 10:18 - 00794888 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfds.dll

2015-12-18 13:53 - 2015-12-07 10:18 - 00696160 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll

2015-12-18 13:53 - 2015-12-07 10:18 - 00502112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll

2015-12-18 13:53 - 2015-12-07 10:17 - 00925064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll

2015-12-18 13:53 - 2015-12-07 10:17 - 00898184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsrcsnk.dll

2015-12-18 13:53 - 2015-12-07 10:17 - 00716928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll

2015-12-18 13:53 - 2015-12-07 10:16 - 03671888 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll

2015-12-18 13:53 - 2015-12-07 10:16 - 02919320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll

2015-12-18 13:53 - 2015-12-07 09:40 - 00824320 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll

2015-12-18 13:53 - 2015-12-07 09:37 - 16984064 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll

2015-12-18 13:53 - 2015-12-07 09:36 - 00572928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll

2015-12-18 13:53 - 2015-12-07 09:33 - 13017600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll

2015-12-18 13:53 - 2015-12-07 09:28 - 24601600 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll

2015-12-18 13:53 - 2015-12-07 09:26 - 00497152 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmkvsrcsnk.dll

2015-12-18 13:53 - 2015-12-07 09:23 - 19339264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll

2015-12-18 13:53 - 2015-12-07 09:21 - 01318912 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll

2015-12-18 13:53 - 2015-12-07 09:20 - 01131520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Audio.dll

2015-12-18 13:53 - 2015-12-07 09:17 - 03428864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll

2015-12-18 13:53 - 2015-12-07 09:15 - 02582016 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll

2015-12-18 13:53 - 2015-12-07 09:15 - 00900608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.BackgroundTransfer.dll

2015-12-18 13:53 - 2015-12-07 09:14 - 02796032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll

2015-12-18 13:53 - 2015-12-07 09:13 - 02598400 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll

2015-12-18 13:53 - 2015-12-07 09:13 - 00931328 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSMPEG2ENC.DLL

2015-12-18 13:53 - 2015-12-07 09:11 - 02061824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll

2015-12-18 13:53 - 2015-12-07 09:10 - 01995776 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncProvider.dll

2015-12-18 13:53 - 2015-12-07 09:10 - 01706496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActiveSyncProvider.dll

2015-12-18 13:52 - 2015-12-07 10:19 - 00412512 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifitask.exe

2015-12-18 13:52 - 2015-12-07 10:18 - 00884256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll

2015-12-18 13:52 - 2015-12-07 10:18 - 00670928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfds.dll

2015-12-18 13:52 - 2015-12-07 10:18 - 00526856 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfreadwrite.dll

2015-12-18 13:52 - 2015-12-07 10:18 - 00498448 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFCaptureEngine.dll

2015-12-18 13:52 - 2015-12-07 10:18 - 00462760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfreadwrite.dll

2015-12-18 13:52 - 2015-12-07 10:18 - 00450904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFCaptureEngine.dll

2015-12-18 13:52 - 2015-12-07 10:18 - 00337840 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFPlay.dll

2015-12-18 13:52 - 2015-12-07 10:18 - 00289248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFPlay.dll

2015-12-18 13:52 - 2015-12-07 10:18 - 00245848 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll

2015-12-18 13:52 - 2015-12-07 10:18 - 00115040 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupApi.dll

2015-12-18 13:52 - 2015-12-07 10:18 - 00084832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupApi.dll

2015-12-18 13:52 - 2015-12-07 10:17 - 00116720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfps.dll

2015-12-18 13:52 - 2015-12-07 10:15 - 00264544 _____ (Microsoft Corporation) C:\WINDOWS\system32\ContentDeliveryManager.Utilities.dll

2015-12-18 13:52 - 2015-12-07 09:45 - 01035776 _____ (Microsoft Corporation) C:\WINDOWS\system32\XboxNetApiSvc.dll

2015-12-18 13:52 - 2015-12-07 09:45 - 00075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.XboxLive.ProxyStub.dll

2015-12-18 13:52 - 2015-12-07 09:39 - 00133120 _____ (Microsoft Corporation) C:\WINDOWS\system32\flvprophandler.dll

2015-12-18 13:52 - 2015-12-07 09:39 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanagerprecheck.dll

2015-12-18 13:52 - 2015-12-07 09:39 - 00030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorageUsage.dll

2015-12-18 13:52 - 2015-12-07 09:37 - 00134656 _____ (Microsoft Corporation) C:\WINDOWS\system32\wificonnapi.dll

2015-12-18 13:52 - 2015-12-07 09:37 - 00077312 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProvPluginEng.dll

2015-12-18 13:52 - 2015-12-07 09:36 - 00231936 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCore.dll

2015-12-18 13:52 - 2015-12-07 09:36 - 00199168 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe

2015-12-18 13:52 - 2015-12-07 09:35 - 00192000 _____ (Microsoft Corporation) C:\WINDOWS\system32\provisioningcsp.dll

2015-12-18 13:52 - 2015-12-07 09:35 - 00036864 _____ (Microsoft Corporation) C:\WINDOWS\system32\BackgroundTransferHost.exe

2015-12-18 13:52 - 2015-12-07 09:34 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshost.dll

2015-12-18 13:52 - 2015-12-07 09:34 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\system32\provtool.exe

2015-12-18 13:52 - 2015-12-07 09:32 - 00269824 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshostcore.dll

2015-12-18 13:52 - 2015-12-07 09:32 - 00161280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe

2015-12-18 13:52 - 2015-12-07 09:31 - 00543232 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll

2015-12-18 13:52 - 2015-12-07 09:31 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BackgroundTransferHost.exe

2015-12-18 13:52 - 2015-12-07 09:30 - 00618496 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll

2015-12-18 13:52 - 2015-12-07 09:30 - 00323072 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSFlacDecoder.dll

2015-12-18 13:52 - 2015-12-07 09:30 - 00210432 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmcsp.dll

2015-12-18 13:52 - 2015-12-07 09:30 - 00203776 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll

2015-12-18 13:52 - 2015-12-07 09:29 - 00558080 _____ (Microsoft Corporation) C:\WINDOWS\system32\MBMediaManager.dll

2015-12-18 13:52 - 2015-12-07 09:29 - 00292352 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll

2015-12-18 13:52 - 2015-12-07 09:29 - 00286208 _____ (Microsoft Corporation) C:\WINDOWS\system32\provhandlers.dll

2015-12-18 13:52 - 2015-12-07 09:29 - 00165376 _____ (Microsoft Corporation) C:\WINDOWS\system32\provdatastore.dll

2015-12-18 13:52 - 2015-12-07 09:28 - 00459776 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll

2015-12-18 13:52 - 2015-12-07 09:27 - 00409088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll

2015-12-18 13:52 - 2015-12-07 09:27 - 00387072 _____ (Microsoft Corporation) C:\WINDOWS\system32\qdvd.dll

2015-12-18 13:52 - 2015-12-07 09:27 - 00270848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSFlacDecoder.dll

2015-12-18 13:52 - 2015-12-07 09:26 - 00607232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll

2015-12-18 13:52 - 2015-12-07 09:25 - 07979008 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll

2015-12-18 13:52 - 2015-12-07 09:25 - 00346112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapConfiguration.dll

2015-12-18 13:52 - 2015-12-07 09:24 - 00850432 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll

2015-12-18 13:52 - 2015-12-07 09:24 - 00569856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qdvd.dll

2015-12-18 13:52 - 2015-12-07 09:23 - 00381952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmkvsrcsnk.dll

2015-12-18 13:52 - 2015-12-07 09:21 - 00223232 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapibase.dll

2015-12-18 13:52 - 2015-12-07 09:19 - 01105920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Audio.dll

2015-12-18 13:52 - 2015-12-07 09:18 - 06297088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll

2015-12-18 13:52 - 2015-12-07 09:15 - 00683008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.BackgroundTransfer.dll

2015-12-18 13:52 - 2015-12-07 09:10 - 03593216 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys

2015-12-18 13:52 - 2015-12-07 09:09 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll

2015-12-18 13:52 - 2015-12-07 09:08 - 00871936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSMPEG2ENC.DLL

2015-12-18 13:52 - 2015-12-07 09:03 - 00375296 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDEServer.exe

2015-12-18 13:52 - 2015-12-07 09:02 - 00126464 _____ (Microsoft Corporation) C:\WINDOWS\system32\dialserver.dll

2015-12-16 21:05 - 2015-12-16 21:05 - 556699171 _____ C:\WINDOWS\MEMORY.DMP

2015-12-16 21:05 - 2015-12-16 21:05 - 00284788 _____ C:\WINDOWS\Minidump\121615-18296-01.dmp

2015-12-16 21:05 - 2015-12-16 21:05 - 00000000 ____D C:\WINDOWS\Minidump

2015-12-16 20:08 - 2015-02-27 02:14 - 00000107 ____H C:\DBAR_Ver.txt

2015-12-16 19:11 - 2015-12-18 17:21 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys

2015-12-16 19:10 - 2015-12-16 19:10 - 00001177 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2015-12-16 19:10 - 2015-12-16 19:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2015-12-16 19:10 - 2015-12-16 19:10 - 00000000 ____D C:\ProgramData\Malwarebytes

2015-12-16 19:10 - 2015-12-16 19:10 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware

2015-12-16 19:10 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys

2015-12-16 19:10 - 2015-10-05 09:50 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys

2015-12-16 19:10 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys

2015-12-16 18:53 - 2015-12-16 19:02 - 22908888 _____ (Malwarebytes ) C:\Users\Aditya Sharma\Downloads\mbam-setup-2.2.0.1024.exe

2015-12-16 17:31 - 2015-12-16 17:31 - 00017616 _____ C:\Users\Aditya Sharma\Downloads\amifldrv64.sys

2015-12-16 17:26 - 2015-12-16 17:26 - 00000000 ____D C:\Users\Aditya Sharma\AppData\LocalLow\Intel

2015-12-16 17:24 - 2015-12-16 17:24 - 00888134 _____ C:\WINDOWS\SysWOW64\PerfStringBackup.INI

2015-12-16 17:24 - 2015-12-16 17:24 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel

2015-12-16 17:24 - 2015-12-16 17:24 - 00000000 ____D C:\Users\Aditya Sharma\AppData\Roaming\Intel Corporation

2015-12-16 17:22 - 2015-12-16 17:22 - 00000716 _____ C:\Users\Public\Desktop\Intel® HD Graphics Control Panel.lnk

2015-12-16 17:15 - 2015-12-16 17:15 - 06210680 _____ C:\Users\Aditya Sharma\Downloads\3443A07.EXE

2015-12-16 17:15 - 2015-12-16 17:15 - 00000000 ____D C:\Users\Aditya Sharma\Documents\Dell Downloads

2015-12-16 17:13 - 2015-12-16 18:40 - 00000000 ____D C:\Users\Aditya Sharma\AppData\Local\Deployment

2015-12-16 17:13 - 2015-12-16 17:13 - 00417064 _____ () C:\Users\Aditya Sharma\Downloads\DellSystemDetectLauncher.exe

2015-12-16 02:25 - 2015-12-18 13:27 - 00004020 _____ C:\WINDOWS\System32\Tasks\Intel Security DAT Reputation (AMCore) periodic endpoint safety pulse

2015-12-12 18:03 - 2015-12-12 18:03 - 00003306 _____ C:\WINDOWS\System32\Tasks\SystemToolsDailyTest

2015-12-12 18:03 - 2015-12-12 18:03 - 00000000 ____D C:\Users\Aditya Sharma\AppData\Roaming\Dell

2015-12-12 18:03 - 2015-12-12 18:03 - 00000000 ____D C:\ProgramData\PC-Doctor for Windows

2015-12-12 18:03 - 2015-12-12 18:03 - 00000000 ____D C:\Program Files\Dell Support Center

2015-12-12 15:28 - 2015-12-16 20:00 - 00000258 __RSH C:\ProgramData\ntuser.pol

2015-12-12 08:39 - 2015-12-16 21:38 - 00000000 ____D C:\Users\Aditya Sharma\AppData\Local\MicrosoftEdge

2015-12-12 08:32 - 2015-12-12 16:08 - 00000000 ____D C:\Users\Aditya Sharma\AppData\Roaming\Audacity

2015-12-12 08:28 - 2015-12-16 18:38 - 00000000 ____D C:\Users\Aditya Sharma\AppData\Roaming\Opera Software

2015-12-12 08:28 - 2015-12-16 18:38 - 00000000 ____D C:\Users\Aditya Sharma\AppData\Local\Opera Software

2015-12-12 08:28 - 2015-12-12 08:29 - 22180353 _____ (Audacity Team ) C:\Users\Aditya Sharma\Downloads\audacity-win-2.0.5.exe

2015-12-12 08:28 - 2015-12-12 08:28 - 00003376 _____ C:\WINDOWS\System32\Tasks\Opera N Saturday

2015-12-12 08:28 - 2015-12-12 08:28 - 00003372 _____ C:\WINDOWS\System32\Tasks\Opera N Sunday

2015-12-12 08:28 - 2015-12-12 08:28 - 00000000 ____D C:\Users\Aditya Sharma\AppData\Roaming\Shortcut

2015-12-12 08:26 - 2015-12-16 18:38 - 00000000 ____D C:\Program Files (x86)\Opera

2015-12-11 16:19 - 2015-12-11 16:19 - 00029596 _____ C:\Users\Aditya Sharma\Desktop\downloadInvoice.pdf

2015-12-10 19:04 - 2015-12-10 19:04 - 00000000 ____D C:\WINDOWS\system32\SleepStudy

2015-12-10 15:51 - 2015-12-10 15:51 - 00001053 _____ C:\Users\Aditya Sharma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Optional Features.lnk

2015-12-10 14:39 - 2015-12-10 14:39 - 00000000 ____D C:\ProgramData\USOShared

2015-12-10 03:50 - 2015-12-09 15:45 - 00000000 ___DC C:\WINDOWS\Panther

2015-12-10 03:46 - 2015-12-10 03:46 - 00000000 ____D C:\Windows.old

2015-12-10 03:45 - 2015-12-10 03:45 - 22572632 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll

2015-12-10 03:45 - 2015-12-10 03:45 - 22393856 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll

2015-12-10 03:45 - 2015-12-10 03:45 - 21125408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll

2015-12-10 03:45 - 2015-12-10 03:45 - 18678272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll

2015-12-10 03:45 - 2015-12-10 03:45 - 13381120 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll

2015-12-10 03:45 - 2015-12-10 03:45 - 12125184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll

2015-12-10 03:45 - 2015-12-10 03:45 - 11545088 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll

2015-12-10 03:45 - 2015-12-10 03:45 - 09918976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll

2015-12-10 03:45 - 2015-12-10 03:45 - 07476576 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe

2015-12-10 03:45 - 2015-12-10 03:45 - 07199232 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll

2015-12-10 03:45 - 2015-12-10 03:45 - 06572032 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanmm.dll

2015-12-10 03:45 - 2015-12-10 03:45 - 05202944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll

2015-12-10 03:45 - 2015-12-10 03:45 - 03993600 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll

2015-12-10 03:45 - 2015-12-10 03:45 - 03355136 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll

2015-12-10 03:45 - 2015-12-10 03:45 - 02843136 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll

2015-12-10 03:45 - 2015-12-10 03:45 - 02772584 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d11.dll

2015-12-10 03:45 - 2015-12-10 03:45 - 02756096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb

2015-12-10 03:45 - 2015-12-10 03:45 - 02756096 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb

2015-12-10 03:45 - 2015-12-10 03:45 - 02680320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll

2015-12-10 03:45 - 2015-12-10 03:45 - 02653816 _____ C:\WINDOWS\system32\CoreUIComponents.dll

2015-12-10 03:45 - 2015-12-10 03:45 - 02647552 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll

2015-12-10 03:45 - 2015-12-10 03:45 - 02624512 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll

2015-12-10 03:45 - 2015-12-10 03:45 - 02444288 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll

2015-12-10 03:45 - 2015-12-10 03:45 - 02352128 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll

2015-12-10 03:45 - 2015-12-10 03:45 - 02280448 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll

2015-12-10 03:45 - 2015-12-10 03:45 - 02185840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d11.dll

2015-12-10 03:45 - 2015-12-10 03:45 - 02155008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll

2015-12-10 03:45 - 2015-12-10 03:45 - 02152800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys

2015-12-10 03:45 - 2015-12-10 03:45 - 02126848 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl

2015-12-10 03:45 - 2015-12-10 03:45 - 02121216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll

2015-12-10 03:45 - 2015-12-10 03:45 - 02049024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl

2015-12-10 03:45 - 2015-12-10 03:45 - 02001408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll

2015-12-10 03:45 - 2015-12-10 03:45 - 01944576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll

2015-12-10 03:45 - 2015-12-10 03:45 - 01860096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll

2015-12-10 03:45 - 2015-12-10 03:45 - 01859448 _____ C:\WINDOWS\SysWOW64\CoreUIComponents.dll

2015-12-10 03:45 - 2015-12-10 03:45 - 01817160 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll

2015-12-10 03:45 - 2015-12-10 03:45 - 01814528 _____ (Microsoft Corporation) C:\WINDOWS\system32\pnidui.dll

2015-12-10 03:45 - 2015-12-10 03:45 - 01734656 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll

2015-12-10 03:45 - 2015-12-10 03:45 - 01717248 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll

2015-12-10 03:45 - 2015-12-10 03:45 - 01713664 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRHInproc.dll

2015-12-10 03:45 - 2015-12-10 03:45 - 01648640 _____ (Microsoft Corporation) C:\WINDOWS\system32\comsvcs.dll

2015-12-10 03:45 - 2015-12-10 03:45 - 01540768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll

2015-12-10 03:45 - 2015-12-10 03:45 - 01505280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll

2015-12-10 03:45 - 2015-12-10 03:45 - 01467392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll

2015-12-10 03:45 - 2015-12-10 03:45 - 01443328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRHInproc.dll

2015-12-10 03:45 - 2015-12-10 03:45 - 01399224 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll

2015-12-10 03:45 - 2015-12-10 03:45 - 01395200 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll

2015-12-10 03:45 - 2015-12-10 03:45 - 01393664 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys

2015-12-10 03:45 - 2015-12-10 03:45 - 01387008 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll

2015-12-10 03:45 - 2015-12-10 03:45 - 01337240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll

2015-12-10 03:45 - 2015-12-10 03:45 - 01328128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comsvcs.dll

2015-12-10 03:45 - 2015-12-10 03:45 - 01268736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll

2015-12-10 03:45 - 2015-12-10 03:45 - 01268736 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll

2015-12-10 03:45 - 2015-12-10 03:45 - 01223168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Unistore.dll

2015-12-10 03:45 - 2015-12-10 03:45 - 01212928 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll

2015-12-10 03:45 - 2015-12-10 03:45 - 01139200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll

2015-12-10 03:45 - 2015-12-10 03:45 - 01063424 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll

2015-12-10 03:45 - 2015-12-10 03:45 - 01056256 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpMapControl.dll

2015-12-10 03:45 - 2015-12-10 03:45 - 01042432 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingOnlineServices.dll

2015-12-10 03:45 - 2015-12-10 03:45 - 00988160 _____ (Microsoft Corporation) C:\WINDOWS\system32\NMAA.dll

2015-12-10 03:45 - 2015-12-10 03:45 - 00969728 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll

2015-12-10 03:45 - 2015-12-10 03:45 - 00957440 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll

2015-12-10 03:45 - 2015-12-10 03:45 - 00948224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Unistore.dll

2015-12-10 03:45 - 2015-12-10 03:45 - 00948224 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblAuthManager.dll

2015-12-10 03:45 - 2015-12-10 03:45 - 00938496 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlCore.dll

2015-12-10 03:45 - 2015-12-10 03:45 - 00912384 _____ (Microsoft Corporation) C:\WINDOWS\system32\usermgr.dll

2015-12-10 03:45 - 2015-12-10 03:45 - 00911648 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcomp.dll

2015-12-10 03:45 - 2015-12-10 03:45 - 00870400 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll

2015-12-10 03:45 - 2015-12-10 03:45 - 00870400 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll

2015-12-10 03:45 - 2015-12-10 03:45 - 00809312 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe

2015-12-10 03:45 - 2015-12-10 03:45 - 00803840 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll

2015-12-10 03:45 - 2015-12-10 03:45 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JpMapControl.dll

2015-12-10 03:45 - 2015-12-10 03:45 - 00795840 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll

2015-12-10 03:45 - 2015-12-10 03:45 - 00793600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRH.dll

2015-12-10 03:45 - 2015-12-10 03:45 - 00791552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll

2015-12-10 03:45 - 2015-12-10 03:45 - 00784896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NMAA.dll

2015-12-10 03:45 - 2015-12-10 03:45 - 00783360 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll

2015-12-10 03:45 - 2015-12-10 03:45 - 00711680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlCore.dll

2015-12-10 03:45 - 2015-12-10 03:45 - 00709120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingOnlineServices.dll

2015-12-10 03:45 - 2015-12-10 03:45 - 00704352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe

2015-12-10 03:45 - 2015-12-10 03:45 - 00704000 _____ (Microsoft Corporation) C:\WINDOWS\system32\CellularAPI.dll

2015-12-10 03:45 - 2015-12-10 03:45 - 00698208 _____ (Microsoft Corporation) C:\WINDOWS\system32\wimgapi.dll

2015-12-10 03:45 - 2015-12-10 03:45 - 00697856 _____ (Microsoft Corporation) C:\WINDOWS\system32\PlayToManager.dll

2015-12-10 03:45 - 2015-12-10 03:45 - 00686592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll

2015-12-10 03:45 - 2015-12-10 03:45 - 00675064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dcomp.dll

2015-12-10 03:45 - 2015-12-10 03:45 - 00674816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll

2015-12-10 03:45 - 2015-12-10 03:45 - 00647168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll

2015-12-10 03:45 - 2015-12-10 03:45 - 00638464 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll

2015-12-10 03:45 - 2015-12-10 03:45 - 00630632 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe

2015-12-10 03:45 - 2015-12-10 03:45 - 00623616 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneProviders.dll

2015-12-10 03:45 - 2015-12-10 03:45 - 00604928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys

2015-12-10 03:45 - 2015-12-10 03:45 - 00604672 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll

2015-12-10 03:45 - 2015-12-10 03:45 - 00589312 _____ (Microsoft Corporation) C:\WINDOWS\system32\MbaeApi.dll

2015-12-10 03:45 - 2015-12-10 03:45 - 00586208 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf.dll

2015-12-10 03:45 - 2015-12-10 03:45 - 00586080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wimgapi.dll

2015-12-10 03:45 - 2015-12-10 03:45 - 00578912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys

2015-12-10 03:45 - 2015-12-10 03:45 - 00540752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe

2015-12-10 03:45 - 2015-12-10 03:45 - 00538632 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWanAPI.dll

2015-12-10 03:45 - 2015-12-10 03:45 - 00536768 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll

2015-12-10 03:45 - 2015-12-10 03:45 - 00523776 _____ (Microsoft Corporation) C:\WINDOWS\system32\catsrvut.dll

2015-12-10 03:45 - 2015-12-10 03:45 - 00523616 _____ (Microsoft Corporation) C:\WINDOWS\system32\wimserv.exe

2015-12-10 03:45 - 2015-12-10 03:45 - 00517632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PlayToManager.dll

2015-12-10 03:45 - 2015-12-10 03:45 - 00517632 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv

2015-12-10 03:45 - 2015-12-10 03:45 - 00516544 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll

2015-12-10 03:45 - 2015-12-10 03:45 - 00515584 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll

2015-12-10 03:45 - 2015-12-10 03:45 - 00511320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf.dll

2015-12-10 03:45 - 2015-12-10 03:45 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll

2015-12-10 03:45 - 2015-12-10 03:45 - 00490496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll

2015-12-10 03:45 - 2015-12-10 03:45 - 00470528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MbaeApi.dll

2015-12-10 03:45 - 2015-12-10 03:45 - 00465920 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanconn.dll

2015-12-10 03:45 - 2015-12-10 03:45 - 00458752 _____ (Microsoft Corporation) C:\WINDOWS\system32\PlayToDevice.dll

2015-12-10 03:45 - 2015-12-10 03:45 - 00454056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll

2015-12-10 03:45 - 2015-12-10 03:45 - 00450560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Bluetooth.dll

2015-12-10 03:45 - 2015-12-10 03:45 - 00440160 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe

2015-12-10 03:45 - 2015-12-10 03:45 - 00431232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWanAPI.dll

2015-12-10 03:45 - 2015-12-10 03:45 - 00421888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LogonController.dll

2015-12-10 03:45 - 2015-12-10 03:45 - 00416768 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenrollengine.dll

2015-12-10 03:45 - 2015-12-10 03:45 - 00415744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\catsrvut.dll

2015-12-10 03:45 - 2015-12-10 03:45 - 00414720 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe

2015-12-10 03:45 - 2015-12-10 03:45 - 00408128 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll

2015-12-10 03:45 - 2015-12-10 03:45 - 00405048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll

2015-12-10 03:45 - 2015-12-10 03:45 - 00400896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv

2015-12-10 03:45 - 2015-12-10 03:45 - 00382464 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll

2015-12-10 03:45 - 2015-12-10 03:45 - 00369912 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe

2015-12-10 03:45 - 2015-12-10 03:45 - 00366224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll

2015-12-10 03:45 - 2015-12-10 03:45 - 00365568 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll

2015-12-10 03:45 - 2015-12-10 03:45 - 00345600 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll

2015-12-10 03:45 - 2015-12-10 03:45 - 00342016 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorService.dll

2015-12-10 03:45 - 2015-12-10 03:45 - 00340480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PlayToDevice.dll

2015-12-10 03:45 - 2015-12-10 03:45 - 00334848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll

2015-12-10 03:45 - 2015-12-10 03:45 - 00334736 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanager.dll

2015-12-10 03:45 - 2015-12-10 03:45 - 00334336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcastdvr.exe

2015-12-10 03:45 - 2015-12-10 03:45 - 00320000 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptngc.dll

2015-12-10 03:45 - 2015-12-10 03:45 - 00315904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Bluetooth.dll

2015-12-10 03:45 - 2015-12-10 03:45 - 00303104 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll

2015-12-10 03:45 - 2015-12-10 03:45 - 00296488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\policymanager.dll

2015-12-10 03:45 - 2015-12-10 03:45 - 00286720 _____ (Microsoft Corporation) C:\WINDOWS\system32\deviceaccess.dll

2015-12-10 03:45 - 2015-12-10 03:45 - 00275456 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll

2015-12-10 03:45 - 2015-12-10 03:45 - 00264192 _____ (Nokia) C:\WINDOWS\system32\NmaDirect.dll

2015-12-10 03:45 - 2015-12-10 03:45 - 00248832 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserMgrProxy.dll

2015-12-10 03:45 - 2015-12-10 03:45 - 00245760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TextInputFramework.dll

2015-12-10 03:45 - 2015-12-10 03:45 - 00241664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptngc.dll

2015-12-10 03:45 - 2015-12-10 03:45 - 00227840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\deviceaccess.dll

2015-12-10 03:45 - 2015-12-10 03:45 - 00220672 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe

2015-12-10 03:45 - 2015-12-10 03:45 - 00205824 _____ (Nokia) C:\WINDOWS\SysWOW64\NmaDirect.dll

2015-12-10 03:45 - 2015-12-10 03:45 - 00204800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft-Windows-AppModelExecEvents.dll

2015-12-10 03:45 - 2015-12-10 03:45 - 00182784 _____ (Microsoft Corporation) C:\WINDOWS\system32\shutdownux.dll

2015-12-10 03:45 - 2015-12-10 03:45 - 00175616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll

2015-12-10 03:45 - 2015-12-10 03:45 - 00168960 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmmigrator.dll

2015-12-10 03:45 - 2015-12-10 03:45 - 00166912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserMgrProxy.dll

2015-12-10 03:45 - 2015-12-10 03:45 - 00163328 _____ (Microsoft Corporation) C:\WINDOWS\system32\provops.dll

2015-12-10 03:45 - 2015-12-10 03:45 - 00162304 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringservice.dll

2015-12-10 03:45 - 2015-12-10 03:45 - 00162304 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe

2015-12-10 03:45 - 2015-12-10 03:45 - 00161632 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys

2015-12-10 03:45 - 2015-12-10 03:45 - 00160768 _____ (Microsoft Corporation) C:\WINDOWS\system32\enrollmentapi.dll

2015-12-10 03:45 - 2015-12-10 03:45 - 00157184 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcertinst.exe

2015-12-10 03:45 - 2015-12-10 03:45 - 00147968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rmcast.sys

2015-12-10 03:45 - 2015-12-10 03:45 - 00138240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ETWCoreUIComponentsResources.dll

2015-12-10 03:45 - 2015-12-10 03:45 - 00138240 _____ (Microsoft Corporation) C:\WINDOWS\system32\ETWCoreUIComponentsResources.dll

2015-12-10 03:45 - 2015-12-10 03:45 - 00133632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll

2015-12-10 03:45 - 2015-12-10 03:45 - 00122368 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCsp.dll

2015-12-10 03:45 - 2015-12-10 03:45 - 00119808 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsBtSvc.dll

2015-12-10 03:45 - 2015-12-10 03:45 - 00118624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tdx.sys

2015-12-10 03:45 - 2015-12-10 03:45 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll

2015-12-10 03:45 - 2015-12-10 03:45 - 00117248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\capimg.sys

2015-12-10 03:45 - 2015-12-10 03:45 - 00115200 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys

2015-12-10 03:45 - 2015-12-10 03:45 - 00114688 _____ (Microsoft Corporation) C:\WINDOWS\system32\offlinelsa.dll

2015-12-10 03:45 - 2015-12-10 03:45 - 00110592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Microsoft-Windows-MapControls.dll

2015-12-10 03:45 - 2015-12-10 03:45 - 00110592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft-Windows-MapControls.dll

2015-12-10 03:45 - 2015-12-10 03:45 - 00110032 _____ (Microsoft Corporation) C:\WINDOWS\system32\EncDump.dll

2015-12-10 03:45 - 2015-12-10 03:45 - 00108544 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputLocaleManager.dll

2015-12-10 03:45 - 2015-12-10 03:45 - 00100864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offlinelsa.dll

2015-12-10 03:45 - 2015-12-10 03:45 - 00095072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdstor.sys

2015-12-10 03:45 - 2015-12-10 03:45 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll

2015-12-10 03:45 - 2015-12-10 03:45 - 00092352 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll

2015-12-10 03:45 - 2015-12-10 03:45 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsNativeApi.V2.dll

2015-12-10 03:45 - 2015-12-10 03:45 - 00089600 _____ (Microsoft Corporation) C:\WINDOWS\system32\NFCProvisioningPlugin.dll

2015-12-10 03:45 - 2015-12-10 03:45 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsCSP.dll

2015-12-10 03:45 - 2015-12-10 03:45 - 00088392 _____ (Microsoft Corporation) C:\WINDOWS\system32\remoteaudioendpoint.dll

2015-12-10 03:45 - 2015-12-10 03:45 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzautoupdate.dll

2015-12-10 03:45 - 2015-12-10 03:45 - 00086528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapsBtSvc.dll

2015-12-10 03:45 - 2015-12-10 03:45 - 00086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppCapture.dll

2015-12-10 03:45 - 2015-12-10 03:45 - 00083456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputLocaleManager.dll

2015-12-10 03:45 - 2015-12-10 03:45 - 00080600 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwapi.dll

2015-12-10 03:45 - 2015-12-10 03:45 - 00078336 _____ (Microsoft Corporation) C:\WINDOWS\system32\BarcodeProvisioningPlugin.dll

2015-12-10 03:45 - 2015-12-10 03:45 - 00075264 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanprotdim.dll

2015-12-10 03:45 - 2015-12-10 03:45 - 00075264 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditBufferTestHook.dll

2015-12-10 03:45 - 2015-12-10 03:45 - 00074240 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssign32.dll

2015-12-10 03:45 - 2015-12-10 03:45 - 00073728 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwancfg.dll

2015-12-10 03:45 - 2015-12-10 03:45 - 00073360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\remoteaudioendpoint.dll

2015-12-10 03:45 - 2015-12-10 03:45 - 00072704 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosStorage.dll

2015-12-10 03:45 - 2015-12-10 03:45 - 00070656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppCapture.dll

2015-12-10 03:45 - 2015-12-10 03:45 - 00070656 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblAuthManagerProxy.dll

2015-12-10 03:45 - 2015-12-10 03:45 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininetlui.dll

2015-12-10 03:45 - 2015-12-10 03:45 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesetup.dll

2015-12-10 03:45 - 2015-12-10 03:45 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininetlui.dll

2015-12-10 03:45 - 2015-12-10 03:45 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosHostClient.dll

2015-12-10 03:45 - 2015-12-10 03:45 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\ihvrilproxy.dll

2015-12-10 03:45 - 2015-12-10 03:45 - 00063528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wwapi.dll

2015-12-10 03:45 - 2015-12-10 03:45 - 00060928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssign32.dll

2015-12-10 03:45 - 2015-12-10 03:45 - 00060928 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblAuthTokenBrokerExt.dll

2015-12-10 03:45 - 2015-12-10 03:45 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EditBufferTestHook.dll

2015-12-10 03:45 - 2015-12-10 03:45 - 00058408 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsNativeApi.dll

2015-12-10 03:45 - 2015-12-10 03:45 - 00058368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosStorage.dll

2015-12-10 03:45 - 2015-12-10 03:45 - 00058368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosResource.dll

2015-12-10 03:45 - 2015-12-10 03:45 - 00058368 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosResource.dll

2015-12-10 03:45 - 2015-12-10 03:45 - 00055808 _____ (Microsoft Corporation) C:\WINDOWS\system32\rilproxy.dll

2015-12-10 03:45 - 2015-12-10 03:45 - 00052736 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringclient.dll

2015-12-10 03:45 - 2015-12-10 03:45 - 00052736 _____ (Microsoft Corporation) C:\WINDOWS\system32\RemovableMediaProvisioningPlugin.dll

2015-12-10 03:45 - 2015-12-10 03:45 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\Wwanpref.dll

2015-12-10 03:45 - 2015-12-10 03:45 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll

2015-12-10 03:45 - 2015-12-10 03:45 - 00051680 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsUtilsV2.dll

2015-12-10 03:45 - 2015-12-10 03:45 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XblAuthTokenBrokerExt.dll

2015-12-10 03:45 - 2015-12-10 03:45 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosHostClient.dll

2015-12-10 03:45 - 2015-12-10 03:45 - 00045568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll

2015-12-10 03:45 - 2015-12-10 03:45 - 00045568 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll

2015-12-10 03:45 - 2015-12-10 03:45 - 00044032 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsplib.dll

2015-12-10 03:45 - 2015-12-10 03:45 - 00043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.proxy.dll

2015-12-10 03:45 - 2015-12-10 03:45 - 00042496 _____ (Microsoft Corporation) C:\WINDOWS\system32\mapstoasttask.dll

2015-12-10 03:45 - 2015-12-10 03:45 - 00041984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XblAuthManagerProxy.dll

2015-12-10 03:45 - 2015-12-10 03:45 - 00037376 _____ (Microsoft Corporation) C:\WINDOWS\system32\LaunchWinApp.exe

2015-12-10 03:45 - 2015-12-10 03:45 - 00037376 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll

2015-12-10 03:45 - 2015-12-10 03:45 - 00036352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCoreRes.dll

2015-12-10 03:45 - 2015-12-10 03:45 - 00036352 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCoreRes.dll

2015-12-10 03:45 - 2015-12-10 03:45 - 00035680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wimmount.sys

2015-12-10 03:45 - 2015-12-10 03:45 - 00035656 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfpmp.exe

2015-12-10 03:45 - 2015-12-10 03:45 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\system32\iernonce.dll

2015-12-10 03:45 - 2015-12-10 03:45 - 00032256 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll

2015-12-10 03:45 - 2015-12-10 03:45 - 00032040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfpmp.exe

2015-12-10 03:45 - 2015-12-10 03:45 - 00030720 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringconfigsp.dll

2015-12-10 03:45 - 2015-12-10 03:45 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LaunchWinApp.exe

2015-12-10 03:45 - 2015-12-10 03:45 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\WordBreakers.dll

2015-12-10 03:45 - 2015-12-10 03:45 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\mapsupdatetask.dll

2015-12-10 03:45 - 2015-12-10 03:45 - 00028160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Management.Provisioning.ProxyStub.dll

2015-12-10 03:45 - 2015-12-10 03:45 - 00028160 _____ (Microsoft Corporation) C:\WINDOWS\system32\nativemap.dll

2015-12-10 03:45 - 2015-12-10 03:45 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcastdvr.proxy.dll

2015-12-10 03:45 - 2015-12-10 03:45 - 00026408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe

2015-12-10 03:45 - 2015-12-10 03:45 - 00024064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WordBreakers.dll

2015-12-10 03:45 - 2015-12-10 03:45 - 00018944 _____ (Microsoft Corporation) C:\WINDOWS\system32\wshrm.dll

2015-12-10 03:45 - 2015-12-10 03:45 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\IcsEntitlementHost.exe

2015-12-10 03:45 - 2015-12-10 03:45 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\system32\dciman32.dll

2015-12-10 03:45 - 2015-12-10 03:45 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsBtSvcProxy.dll

2015-12-10 03:45 - 2015-12-10 03:45 - 00011776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dciman32.dll

2015-12-10 03:45 - 2015-12-10 03:45 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Microsoft-Windows-MosTrace.dll

2015-12-10 03:45 - 2015-12-10 03:45 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft-Windows-MosTrace.dll

2015-12-10 03:45 - 2015-12-10 03:45 - 00009728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Microsoft-Windows-MosHost.dll

2015-12-10 03:45 - 2015-12-10 03:45 - 00009728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft-Windows-MosHost.dll

2015-12-10 03:45 - 2015-12-10 03:45 - 00007680 _____ (Microsoft Corporation) C:\WINDOWS\system32\readingviewresources.dll

2015-12-10 03:45 - 2015-12-10 03:45 - 00003072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlStringsRes.dll

2015-12-10 03:45 - 2015-12-10 03:45 - 00003072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\lpk.dll

2015-12-10 03:45 - 2015-12-10 03:45 - 00003072 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlStringsRes.dll

2015-12-10 03:45 - 2015-12-10 03:45 - 00003072 _____ (Microsoft Corporation) C:\WINDOWS\system32\lpk.dll

2015-12-10 03:42 - 2015-12-10 03:42 - 00008192 _____ C:\WINDOWS\system32\config\userdiff

2015-12-10 03:37 - 2015-12-10 03:37 - 00000000 ____D C:\Program Files\Reference Assemblies

2015-12-10 03:37 - 2015-12-10 03:37 - 00000000 ____D C:\Program Files\MSBuild

2015-12-10 03:37 - 2015-12-10 03:37 - 00000000 ____D C:\Program Files (x86)\Reference Assemblies

2015-12-10 03:37 - 2015-12-09 14:37 - 00000000 ____D C:\Program Files (x86)\MSBuild

2015-12-10 03:36 - 2015-10-24 07:17 - 00778936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationNative_v0300.dll

2015-12-10 03:36 - 2015-10-24 07:17 - 00103120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll

2015-12-10 03:36 - 2015-10-24 07:17 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe

2015-12-10 03:36 - 2015-10-24 07:16 - 01166520 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationNative_v0300.dll

2015-12-10 03:36 - 2015-10-24 07:16 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe

2015-12-10 03:36 - 2015-10-24 07:15 - 00124624 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll

2015-12-09 15:54 - 2015-12-14 20:19 - 00002431 _____ C:\Users\Aditya Sharma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk

2015-12-09 15:53 - 2015-12-09 15:53 - 00000000 ____D C:\ProgramData\Microsoft OneDrive

2015-12-09 15:50 - 2015-12-09 15:50 - 00000000 ____D C:\Users\Aditya Sharma\AppData\Local\Publishers

2015-12-09 15:48 - 2015-12-09 15:48 - 00000000 ____D C:\Users\Aditya Sharma\AppData\Local\Comms

2015-12-09 15:48 - 2015-12-09 15:48 - 00000000 ____D C:\Users\Aditya Sharma\AppData\Local\ActiveSync

2015-12-09 15:46 - 2015-12-09 15:46 - 00000020 ___SH C:\Users\Aditya Sharma\ntuser.ini

2015-12-09 15:46 - 2015-12-09 15:46 - 00000000 ____D C:\Users\Aditya Sharma\AppData\Local\TileDataLayer

2015-12-09 15:07 - 2015-12-09 15:07 - 00000000 _SHDL C:\Users\Default\My Documents

2015-12-09 15:07 - 2015-12-09 15:07 - 00000000 _SHDL C:\Users\Default\Documents\My Videos

2015-12-09 15:07 - 2015-12-09 15:07 - 00000000 _SHDL C:\Users\Default\Documents\My Pictures

2015-12-09 15:07 - 2015-12-09 15:07 - 00000000 _SHDL C:\Users\Default\Documents\My Music

2015-12-09 15:07 - 2015-12-09 15:07 - 00000000 _SHDL C:\Users\Default User\Documents\My Videos

2015-12-09 15:07 - 2015-12-09 15:07 - 00000000 _SHDL C:\Users\Default User\Documents\My Pictures

2015-12-09 15:07 - 2015-12-09 15:07 - 00000000 _SHDL C:\Users\Default User\Documents\My Music

2015-12-09 15:01 - 2015-12-18 18:29 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT

2015-12-09 15:01 - 2015-12-09 15:01 - 00022744 _____ C:\WINDOWS\system32\emptyregdb.dat

2015-12-09 14:46 - 2015-12-16 21:12 - 00881036 _____ C:\WINDOWS\system32\PerfStringBackup.INI

2015-12-09 14:35 - 2015-12-09 14:35 - 00001576 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk

2015-12-09 14:31 - 2015-12-09 14:31 - 00000000 ____D C:\WINDOWS\system32\config\bbimigrate

2015-12-09 14:29 - 2015-12-16 22:54 - 00000000 ____D C:\Users\Aditya Sharma

2015-12-09 14:29 - 2015-12-09 14:42 - 00000000 ____D C:\Users\Aditya

2015-12-09 14:29 - 2015-12-09 14:29 - 00000000 _SHDL C:\Users\Aditya\My Documents

2015-12-09 14:29 - 2015-12-09 14:29 - 00000000 _SHDL C:\Users\Aditya\Documents\My Videos

2015-12-09 14:29 - 2015-12-09 14:29 - 00000000 _SHDL C:\Users\Aditya\Documents\My Pictures

2015-12-09 14:29 - 2015-12-09 14:29 - 00000000 _SHDL C:\Users\Aditya\Documents\My Music

2015-12-09 14:29 - 2015-12-09 14:29 - 00000000 _SHDL C:\Users\Aditya Sharma\My Documents

2015-12-09 14:29 - 2015-12-09 14:29 - 00000000 _SHDL C:\Users\Aditya Sharma\Documents\My Videos

2015-12-09 14:29 - 2015-12-09 14:29 - 00000000 _SHDL C:\Users\Aditya Sharma\Documents\My Pictures

2015-12-09 14:29 - 2015-12-09 14:29 - 00000000 _SHDL C:\Users\Aditya Sharma\Documents\My Music

2015-12-09 14:26 - 2015-12-18 18:30 - 00000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat

2015-12-09 14:26 - 2015-12-16 17:22 - 00000200 _____ C:\WINDOWS\system32\{EC94D02F-D200-4428-9531-05AF7F9799CB}.bat

2015-12-09 14:26 - 2015-12-09 14:26 - 00455938 _____ C:\WINDOWS\system32\Drivers\rtwavesmapro.dat

2015-12-09 14:26 - 2015-12-09 14:26 - 00031095 _____ C:\WINDOWS\system32\Drivers\rtwavesEFX.dat

2015-12-09 14:26 - 2015-12-09 14:26 - 00019678 _____ C:\WINDOWS\system32\Drivers\rtwavesmaprocap.dat

2015-12-09 14:26 - 2015-12-09 14:26 - 00010945 _____ C:\WINDOWS\system32\Drivers\rtwavesMFX.dat

2015-12-09 14:26 - 2015-12-09 14:26 - 00000264 _____ C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job

2015-12-09 14:26 - 2015-12-09 14:26 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_SynTP_01011.Wdf

2015-12-09 14:26 - 2015-12-09 14:26 - 00000000 ____H C:\ProgramData\DP45977C.lfl

2015-12-09 14:26 - 2015-12-09 14:26 - 00000000 ____D C:\WINDOWS\SysWOW64\RTCOM

2015-12-09 14:26 - 2015-12-09 14:26 - 00000000 ____D C:\WINDOWS\system32\SRSLabs

2015-12-09 14:26 - 2015-12-09 14:26 - 00000000 ____D C:\Program Files\Synaptics

2015-12-09 14:26 - 2015-12-09 14:26 - 00000000 ____D C:\Program Files\Realtek

2015-12-09 14:26 - 2015-07-17 23:58 - 00086528 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.DLL

2015-12-09 14:26 - 2015-07-17 23:58 - 00082432 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.DLL

2015-12-09 14:25 - 2015-12-16 17:24 - 00000000 ____D C:\Program Files\Intel

2015-12-09 14:25 - 2015-12-09 14:25 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_TeeDriverx64_01011.Wdf

2015-12-09 14:24 - 2015-10-30 12:47 - 02718208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll

2015-12-09 14:21 - 2015-12-16 19:57 - 00353128 _____ C:\WINDOWS\system32\FNTCACHE.DAT

2015-12-09 13:50 - 2015-12-09 15:06 - 00013338 _____ C:\WINDOWS\diagwrn.xml

2015-12-09 13:50 - 2015-12-09 15:06 - 00013338 _____ C:\WINDOWS\diagerr.xml

2015-12-08 13:09 - 2015-12-08 13:09 - 03791434 _____ C:\Users\Aditya Sharma\Downloads\Windows8.1-KB3112336-x64 (1).msu

2015-12-08 13:05 - 2015-12-08 13:05 - 00000000 ____D C:\45028bc1d5b72ec55fa32c2d092d

2015-12-08 13:04 - 2015-12-08 13:04 - 03791434 _____ C:\Users\Aditya Sharma\Downloads\Windows8.1-KB3112336-x64.msu

2015-12-05 12:33 - 2015-12-05 12:33 - 00037536 _____ C:\Users\Aditya Sharma\Downloads\DPS_20151130_MLDA267.pdf

2015-12-02 22:28 - 2015-11-17 00:02 - 00919040 _____ (Farbar) C:\WINDOWS\mod_frst.exe

2015-11-19 16:38 - 2015-11-19 16:38 - 00000000 ____D C:\Users\Aditya Sharma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bluetooth

 

==================== One Month Modified files and folders ========

 

(If an entry is included in the fixlist, the file/folder will be moved.)

 

2015-12-18 18:59 - 2015-04-25 21:27 - 00000920 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job

2015-12-18 18:56 - 2015-10-30 11:58 - 00000000 ____D C:\Windows

2015-12-18 18:43 - 2015-04-25 21:10 - 00000000 __RDO C:\Users\Aditya Sharma\OneDrive

2015-12-18 18:39 - 2014-12-10 12:45 - 00000000 ____D C:\Program Files (x86)\Dell Backup and Recovery

2015-12-18 18:31 - 2014-12-10 12:37 - 00000000 ____D C:\ProgramData\Dell

2015-12-18 18:30 - 2015-04-25 21:27 - 00000916 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job

2015-12-18 18:30 - 2015-04-25 14:23 - 00000000 __SHD C:\Users\Aditya Sharma\IntelGraphicsProfiles

2015-12-18 18:28 - 2015-10-30 11:58 - 00262144 ___SH C:\WINDOWS\system32\config\BBI

2015-12-18 18:27 - 2014-12-10 12:37 - 00000000 ____D C:\Program Files\Dell

2015-12-18 18:14 - 2015-10-30 12:54 - 00000000 ____D C:\WINDOWS\AppReadiness

2015-12-18 18:13 - 2015-10-30 12:54 - 00000000 ___HD C:\Program Files\WindowsApps

2015-12-18 18:07 - 2015-10-30 11:58 - 00008192 ___SH C:\WINDOWS\system32\config\ELAM

2015-12-18 18:07 - 2014-12-10 12:47 - 00000000 ____D C:\Program Files (x86)\McAfee

2015-12-18 18:04 - 2015-10-30 12:54 - 00000000 ____D C:\WINDOWS\system32\appraiser

2015-12-18 18:04 - 2015-10-30 12:54 - 00000000 ____D C:\WINDOWS\Provisioning

2015-12-18 18:04 - 2015-10-30 12:54 - 00000000 ____D C:\WINDOWS\bcastdvr

2015-12-18 13:58 - 2015-10-30 12:41 - 00000000 ____D C:\WINDOWS\CbsTemp

2015-12-18 13:40 - 2015-10-30 12:51 - 00000000 ____D C:\WINDOWS\INF

2015-12-18 13:40 - 2015-07-03 09:47 - 00003122 _____ C:\WINDOWS\System32\Tasks\McAfeeLogon

2015-12-18 13:40 - 2015-07-03 09:47 - 00000000 ____D C:\WINDOWS\System32\Tasks\McAfee

2015-12-16 22:20 - 2015-10-30 12:54 - 00000000 ____D C:\WINDOWS\LiveKernelReports

2015-12-16 21:13 - 2015-10-30 12:54 - 00000000 ____D C:\WINDOWS\system32\NDF

2015-12-16 18:37 - 2015-07-02 18:27 - 00000000 ____D C:\Program Files (x86)\TeamViewer

2015-12-16 18:36 - 2015-06-11 12:46 - 00000000 ____D C:\Users\Aditya Sharma\AppData\Local\Citrix

2015-12-16 18:36 - 2015-04-27 15:42 - 00000000 ___RD C:\Program Files (x86)\Skype

2015-12-16 17:47 - 2014-12-10 12:44 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell

2015-12-16 17:37 - 2014-12-10 12:43 - 00016406 _____ C:\WINDOWS\system32\results.xml

2015-12-16 17:26 - 2014-12-10 12:39 - 00000000 ____D C:\ProgramData\Intel

2015-12-16 17:26 - 2014-12-10 12:39 - 00000000 ____D C:\Program Files (x86)\Intel

2015-12-16 17:23 - 2014-12-10 12:30 - 00000000 ____D C:\ProgramData\Package Cache

2015-12-16 17:22 - 2014-12-10 12:41 - 00000728 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel® HD Graphics Control Panel.lnk

2015-12-16 15:01 - 2015-04-25 21:28 - 00002262 _____ C:\Users\Public\Desktop\Google Chrome.lnk

2015-12-12 09:07 - 2013-08-22 21:06 - 00000000 ____D C:\WINDOWS\system32\GroupPolicy

2015-12-11 18:14 - 2014-12-10 12:47 - 00000000 ____D C:\Program Files\Common Files\McAfee

2015-12-11 18:10 - 2014-12-10 12:47 - 00000000 ____D C:\ProgramData\McAfee

2015-12-11 00:40 - 2015-08-20 20:55 - 00000000 ____D C:\ProgramData\Oracle

2015-12-11 00:36 - 2015-08-20 20:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java

2015-12-11 00:36 - 2015-08-20 20:55 - 00000000 ____D C:\Program Files (x86)\Java

2015-12-11 00:35 - 2015-08-20 20:57 - 00000000 ____D C:\Users\Aditya Sharma\.oracle_jre_usage

2015-12-11 00:35 - 2015-08-20 20:56 - 00097888 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll

2015-12-10 16:38 - 2015-10-30 12:54 - 00000000 ___HD C:\WINDOWS\ELAMBKUP

2015-12-10 15:52 - 2015-10-30 14:33 - 00000000 ____D C:\WINDOWS\OCR

2015-12-10 15:52 - 2015-04-27 22:32 - 00003972 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task

2015-12-10 15:35 - 2015-04-25 14:23 - 00000000 ____D C:\Users\Aditya Sharma\AppData\Local\Packages

2015-12-10 15:20 - 2015-04-27 16:05 - 00000000 ____D C:\ProgramData\Microsoft Help

2015-12-10 15:18 - 2015-04-26 22:27 - 00000000 ____D C:\WINDOWS\system32\MRT

2015-12-10 14:42 - 2015-10-30 12:54 - 00000000 ___RD C:\WINDOWS\DevicesFlow

2015-12-10 14:42 - 2015-10-30 12:54 - 00000000 ____D C:\WINDOWS\appcompat

2015-12-10 14:39 - 2015-10-30 12:54 - 00000000 ____D C:\ProgramData\USOPrivate

2015-12-10 03:50 - 2015-10-30 12:54 - 00028672 _____ C:\WINDOWS\system32\config\BCD-Template

2015-12-10 03:46 - 2015-10-30 12:54 - 00000000 ____D C:\WINDOWS\system32\SystemResetPlatform

2015-12-10 03:46 - 2015-10-30 11:58 - 00000000 ____D C:\WINDOWS\SysWOW64\Dism

2015-12-10 03:46 - 2015-10-30 11:58 - 00000000 ____D C:\WINDOWS\system32\Dism

2015-12-09 15:49 - 2015-10-30 12:54 - 00000000 ___RD C:\WINDOWS\PurchaseDialog

2015-12-09 15:49 - 2015-10-30 12:54 - 00000000 ___RD C:\WINDOWS\PrintDialog

2015-12-09 15:49 - 2015-10-30 12:54 - 00000000 ___RD C:\WINDOWS\MiracastView

2015-12-09 15:48 - 2015-10-30 12:54 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel

2015-12-09 15:47 - 2015-04-25 16:12 - 00000000 __RHD C:\Users\Public\AccountPictures

2015-12-09 15:46 - 2014-12-10 12:40 - 00000000 ____D C:\Intel

2015-12-09 15:31 - 2015-10-30 12:54 - 00000000 ____D C:\WINDOWS\rescache

2015-12-09 15:30 - 2014-12-10 12:39 - 00000000 ____D C:\WINDOWS\SysWOW64\sda

2015-12-09 15:08 - 2015-10-30 12:54 - 00000000 ____D C:\WINDOWS\system32\WinBioDatabase

2015-12-09 15:02 - 2015-10-30 12:54 - 00000000 ____D C:\WINDOWS\Registration

2015-12-09 15:01 - 2015-07-21 19:42 - 00002230 _____ C:\WINDOWS\System32\Tasks\McAfee Remediation (Prepare)

2015-12-09 15:01 - 2015-04-25 21:27 - 00003288 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA

2015-12-09 15:01 - 2015-04-25 21:27 - 00003060 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore

2015-12-09 15:01 - 2015-04-25 21:02 - 00003120 _____ C:\WINDOWS\System32\Tasks\Dell SupportAssistAgent AutoUpdate

2015-12-09 15:01 - 2015-04-25 14:28 - 00002812 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3735849130-1491884294-2926513707-1001

2015-12-09 15:01 - 2014-12-10 12:37 - 00002048 _____ C:\WINDOWS\System32\Tasks\Synaptics TouchPad Enhancements

2015-12-09 15:01 - 2014-12-10 12:33 - 00002350 _____ C:\WINDOWS\System32\Tasks\CLVDLauncher

2015-12-09 15:01 - 2014-12-10 12:33 - 00002350 _____ C:\WINDOWS\System32\Tasks\CLMLSvc_P2G8

2015-12-09 15:01 - 2014-12-10 12:30 - 00002384 _____ C:\WINDOWS\System32\Tasks\PocketCloudUpdater

2015-12-09 15:01 - 2014-12-10 12:30 - 00002232 _____ C:\WINDOWS\System32\Tasks\PocketCloudVirtualChannel

2015-12-09 15:01 - 2014-12-10 12:30 - 00002130 _____ C:\WINDOWS\System32\Tasks\PocketCloud

2015-12-09 15:01 - 2014-12-10 12:18 - 00002174 _____ C:\WINDOWS\System32\Tasks\RtHDVBg_PushButton

2015-12-09 14:54 - 2015-10-30 12:54 - 00000000 __RHD C:\Users\Public\Libraries

2015-12-09 14:37 - 2015-10-30 14:37 - 00000000 ____D C:\WINDOWS\ShellNew

2015-12-09 14:37 - 2015-10-30 12:54 - 00000000 ____D C:\WINDOWS\system32\FxsTmp

2015-12-09 14:37 - 2015-10-30 12:54 - 00000000 ____D C:\WINDOWS\ModemLogs

2015-12-09 14:37 - 2015-10-30 12:54 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft

2015-12-09 14:37 - 2015-04-27 16:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SharePoint

2015-12-09 14:37 - 2015-04-27 16:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office

2015-12-09 14:37 - 2015-04-27 15:47 - 00000000 ____D C:\Users\Aditya Sharma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR

2015-12-09 14:37 - 2015-04-27 15:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR

2015-12-09 14:37 - 2015-04-27 15:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype

2015-12-09 14:37 - 2015-04-25 21:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome

2015-12-09 14:37 - 2014-12-10 12:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox 20 GB

2015-12-09 14:37 - 2014-12-10 12:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink Media Suite

2015-12-09 14:37 - 2014-12-10 12:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wyse

2015-12-09 14:35 - 2013-08-22 19:06 - 00000000 ____D C:\Users\Default.migrated

2015-12-09 14:33 - 2015-10-30 12:54 - 00000000 ____D C:\WINDOWS\SysWOW64\lv-LV

2015-12-09 14:33 - 2015-10-30 12:54 - 00000000 ____D C:\WINDOWS\SysWOW64\lt-LT

2015-12-09 14:33 - 2015-10-30 12:54 - 00000000 ____D C:\WINDOWS\SysWOW64\et-EE

2015-12-09 14:33 - 2015-10-30 12:54 - 00000000 ____D C:\WINDOWS\SysWOW64\en-GB

2015-12-09 14:33 - 2015-10-30 12:54 - 00000000 ____D C:\WINDOWS\system32\spool

2015-12-09 14:33 - 2015-10-30 12:54 - 00000000 ____D C:\WINDOWS\system32\oobe

2015-12-09 14:33 - 2015-10-30 12:54 - 00000000 ____D C:\WINDOWS\system32\lv-LV

2015-12-09 14:33 - 2015-10-30 12:54 - 00000000 ____D C:\WINDOWS\system32\lt-LT

2015-12-09 14:33 - 2015-10-30 12:54 - 00000000 ____D C:\WINDOWS\system32\InputMethod

2015-12-09 14:33 - 2015-10-30 12:54 - 00000000 ____D C:\WINDOWS\system32\et-EE

2015-12-09 14:33 - 2015-10-30 12:54 - 00000000 ____D C:\WINDOWS\system32\en-GB

2015-12-09 14:33 - 2013-08-22 21:06 - 00000000 ____D C:\WINDOWS\system32\WindowsInternal.Inbox.Shared

2015-12-09 14:33 - 2013-08-22 21:06 - 00000000 ____D C:\WINDOWS\system32\WindowsInternal.Inbox.Media.Shared

2015-12-09 14:32 - 2015-10-30 12:54 - 00000000 ____D C:\WINDOWS\InputMethod

2015-12-09 14:32 - 2013-08-22 21:06 - 00000000 ____D C:\WINDOWS\MediaViewer

2015-12-09 14:31 - 2015-10-30 12:54 - 00000000 ____D C:\Program Files\Common Files\microsoft shared

2015-12-09 14:31 - 2014-12-10 12:37 - 00000000 ____D C:\Program Files\WIDCOMM

2015-12-09 14:31 - 2013-08-22 21:06 - 00000000 ____D C:\WINDOWS\ADFS

2015-12-09 14:28 - 2015-10-30 11:58 - 00000000 ____D C:\WINDOWS\system32\Sysprep

2015-12-09 14:21 - 2015-10-30 14:43 - 00000000 ____D C:\WINDOWS\ServiceProfiles

2015-12-09 13:50 - 2015-10-30 15:12 - 00000000 ___HD C:\$WINDOWS.~BT

2015-12-08 13:57 - 2015-05-02 00:57 - 00405504 ___SH C:\Users\Aditya Sharma\Desktop\Thumbs.db

2015-12-08 13:09 - 2015-06-29 20:12 - 00000000 ____D C:\Users\Aditya Sharma\AppData\Local\ElevatedDiagnostics

2015-12-01 06:03 - 2015-10-30 12:56 - 00826872 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe

2015-12-01 06:03 - 2015-10-30 12:56 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl

2015-11-23 19:10 - 2015-04-26 22:27 - 140158008 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe

 

==================== Files in the root of some directories =======

 

2015-12-09 14:26 - 2015-12-09 14:26 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

2014-12-10 12:36 - 2014-12-10 12:36 - 0000121 _____ () C:\ProgramData\{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}.log

2014-12-10 12:32 - 2014-12-10 12:33 - 0000106 _____ () C:\ProgramData\{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}.log

2014-12-10 12:34 - 2014-12-10 12:35 - 0000111 _____ () C:\ProgramData\{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}.log

2014-12-10 12:35 - 2014-12-10 12:36 - 0000108 _____ () C:\ProgramData\{B46BEA36-0B71-4A4E-AE41-87241643FA0A}.log

2014-12-10 12:32 - 2014-12-10 12:32 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log

 

Some files in TEMP:

====================

C:\Users\Aditya Sharma\AppData\Local\Temp\jre-8u66-windows-au.exe

C:\Users\Aditya Sharma\AppData\Local\Temp\sqlite3.dll

 

 

==================== Bamital & volsnap =================

 

(There is no automatic fix for files that do not pass verification.)

 

C:\WINDOWS\system32\winlogon.exe => File is digitally signed

C:\WINDOWS\system32\wininit.exe => File is digitally signed

C:\WINDOWS\explorer.exe => File is digitally signed

C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed

C:\WINDOWS\system32\svchost.exe => File is digitally signed

C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed

C:\WINDOWS\system32\services.exe => File is digitally signed

C:\WINDOWS\system32\User32.dll => File is digitally signed

C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed

C:\WINDOWS\system32\userinit.exe => File is digitally signed

C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed

C:\WINDOWS\system32\rpcss.dll => File is digitally signed

C:\WINDOWS\system32\dnsapi.dll => File is digitally signed

C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed

C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

 

 

LastRegBack: 2015-12-09 14:21

 

==================== End of FRST.txt ============================

Link to post
Share on other sites

Addition.txt

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version:17-12-2015

Ran by Aditya Sharma (2015-12-18 19:00:11)

Running from C:\Users\Aditya Sharma\Downloads

Windows 10 Home (X64) (2015-12-09 10:15:26)

Boot Mode: Normal

==========================================================

 

 

==================== Accounts: =============================

 

Aditya (S-1-5-21-3735849130-1491884294-2926513707-1004 - Limited - Enabled) => C:\Users\Aditya

Aditya Sharma (S-1-5-21-3735849130-1491884294-2926513707-1001 - Administrator - Enabled) => C:\Users\Aditya Sharma

Administrator (S-1-5-21-3735849130-1491884294-2926513707-500 - Administrator - Disabled)

DefaultAccount (S-1-5-21-3735849130-1491884294-2926513707-503 - Limited - Disabled)

Guest (S-1-5-21-3735849130-1491884294-2926513707-501 - Limited - Disabled)

HomeGroupUser$ (S-1-5-21-3735849130-1491884294-2926513707-1003 - Limited - Enabled)

 

==================== Security Center ========================

 

(If an entry is included in the fixlist, it will be removed.)

 

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AV: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {DA9F8ED0-D0DE-39CC-F55A-51AB4CC1B556}

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AS: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {61FE6F34-F6E4-3642-CFEA-6AD93746FFEB}

FW: McAfee Firewall (Enabled) {E2A40FF5-9AB1-3894-DE05-F89EB212F22D}

 

==================== Installed Programs ======================

 

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

 

Adobe Reader XI (11.0.13) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.13 - Adobe Systems Incorporated)

Cisco EAP-FAST Module (x32 Version: 2.2.14 - Cisco Systems, Inc.) Hidden

Cisco LEAP Module (x32 Version: 1.0.19 - Cisco Systems, Inc.) Hidden

Cisco PEAP Module (x32 Version: 1.1.6 - Cisco Systems, Inc.) Hidden

CyberLink Media Suite Essentials (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 10.0 - CyberLink Corp.)

Dell Backup and Recovery (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 1.8.1.70 - Dell Inc.)

Dell Customer Connect (HKLM-x32\...\{124DE80C-9BFE-4D04-A8D9-69C5019DEEBF}) (Version: 1.3.28.0 - Dell Inc.)

Dell Data Vault (Version: 4.3.5.1 - Dell Inc.) Hidden

Dell Digital Delivery (HKLM-x32\...\{D850CB7E-72BC-4510-BA4F-48932BFAB295}) (Version: 2.9.901.0 - Dell Products, LP)

Dell Foundation Services (HKLM\...\{91E2DDB6-DC13-4585-8A10-04C6AB6F87A4}) (Version: 3.1.1900.0 - Dell Inc.)

Dell Product Registration (HKLM-x32\...\{17FFE63C-6734-4950-B488-134B5A2505F7}) (Version: 2.04.0280 - Aviata Inc.)

Dell SupportAssist (HKLM\...\PC-Doctor for Windows) (Version: 1.1.6664.93 - Dell)

Dell SupportAssistAgent (HKLM-x32\...\{287348C8-8B47-4C36-AF28-441A3B7D8722}) (Version: 1.1.1.14 - Dell)

Dell Touchpad (HKLM\...\SynTPDeinstKey) (Version: 18.1.34.40 - Synaptics Incorporated)

Dell Update (HKLM-x32\...\{90437913-9D4D-4D9D-B438-B8664DF851E9}) (Version: 1.7.1007.0 - Dell Inc.)

Dropbox 20 GB (HKLM-x32\...\{597A58EC-42D6-4940-8739-FB94491B013C}) (Version: 0.9.0 - Dropbox, Inc.)

DW WLAN Card (HKLM\...\DW WLAN Card) (Version: 6.30.223.201 - Dell Inc.)

Google Chrome (HKLM-x32\...\Google Chrome) (Version: 47.0.2526.106 - Google Inc.)

Google Update Helper (x32 Version: 1.3.29.1 - Google Inc.) Hidden

Intel® Chipset Device Software (x32 Version: 10.1.1.7 - Intel® Corporation) Hidden

Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.0.1153 - Intel Corporation)

Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.15.4274 - Intel Corporation)

Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 14.5.0.1081 - Intel Corporation)

Intel® Security Assist (HKLM-x32\...\{4B230374-6475-4A73-BA6E-41015E9C5013}) (Version: 1.0.0.532 - Intel Corporation)

Java 8 Update 66 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218066F0}) (Version: 8.0.660.18 - Oracle Corporation)

Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)

McAfee LiveSafe – Internet Security (HKLM-x32\...\MSC) (Version: 14.0.6120 - McAfee, Inc.)

McAfee WebAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.0.207 - McAfee, Inc.)

Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)

Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.4734.1000 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)

Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)

My Dell Client Framework (HKLM-x32\...\InstallShield_{05F1B866-2372-4E82-9AA8-C64FB11CEF8B}) (Version: 1.0.0.3 - Dell)

My Dell Client Framework (x32 Version: 1.0.0.3 - Dell) Hidden

PocketCloud (HKLM-x32\...\{D9752C7D-A595-4687-A0D5-362E9C311C55}) (Version: 2.7.14 - Wyse Technology)

QuickSet64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 11.1.25 - Dell Inc.)

Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9600.39054 - Realtek Semiconductor Corp.)

Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7544 - Realtek Semiconductor Corp.)

Skype™ 7.5 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.5.102 - Skype Technologies S.A.)

WIDCOMM Bluetooth Software (HKLM\...\{C6D9ED03-6FCF-4410-9CB7-45CA285F9E11}) (Version: 12.0.0.9350 - Broadcom Corporation)

WinRAR 5.00 beta 3 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.00.3 - win.rar GmbH)

 

==================== Custom CLSID (Whitelisted): ==========================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

CustomCLSID: HKU\S-1-5-21-3735849130-1491884294-2926513707-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Aditya Sharma\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\FileCoAuth.exe (Microsoft Corporation)

 

==================== Restore Points =========================

 

16-12-2015 15:07:54 Windows Modules Installer

18-12-2015 18:39:38 JRT Pre-Junkware Removal

 

==================== Hosts content: ===============================

 

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

 

2013-08-22 18:55 - 2013-08-22 18:55 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

 

 

==================== Scheduled Tasks (Whitelisted) =============

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

Task: {00543431-4118-4375-9297-8AC457717AF1} - System32\Tasks\PocketCloudUpdater => C:\Program

Task: {115CEF32-964E-4FC5-8423-CBBF7E580B17} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION

Task: {16436F6A-477E-4681-BDB0-8C24C3F9344D} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION

Task: {1D01823C-CA86-4972-9D2B-560346B8E0B0} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION

Task: {2D75993F-2A52-49EF-82D7-CB727213534A} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-11-23] (Microsoft Corporation)

Task: {3DCDFC77-6AAE-43B5-831F-E97264590212} - System32\Tasks\Dell\Dell Product Registration => C:\Program Files (x86)\Dell Product Registration\prodreg.exe [2014-04-02] (Aviata Inc)

Task: {445F7331-426B-4EEF-BCE6-B09D3BB1B78E} - System32\Tasks\PocketCloudVirtualChannel => C:\Program Files (x86)\Wyse\PocketCloud\WPCRDPVirtualChannelServer.exe [2013-08-23] ()

Task: {48CBF4B2-4CFC-4BBC-B2E1-CA76DF407B9A} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2013-03-05] (CyberLink)

Task: {4DE988A4-3AE3-4B3B-B2B4-97E797B16B29} - System32\Tasks\Dell SupportAssistAgent AutoUpdate => C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssist.exe [2015-09-30] (Dell Inc.)

Task: {521E0E07-EE67-463D-BB78-FA5F4C1785EB} - System32\Tasks\McAfee\McAfee Idle Detection Task

Task: {5481E703-D2A0-400B-AACE-5440F50B8F30} - System32\Tasks\Opera N Sunday => C:\Program Files (x86)\Opera\launcher.exe

Task: {60A0BA9A-7F65-438F-9F78-CF83509D3DB6} - System32\Tasks\Dell\Dell Product Registration Update => C:\Program Files (x86)\Dell Product Registration\prodreg.exe [2014-04-02] (Aviata Inc)

Task: {635D474B-3D04-47F4-A65F-80761C8D8CF6} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION

Task: {6FEBDE15-B61D-40E3-A258-E09322067288} - System32\Tasks\McAfee Remediation (Prepare) => C:\Program Files\Common Files\AV\McAfee Anti-Virus And Anti-Spyware\upgrade.exe [2015-11-03] (McAfee, Inc.)

Task: {7CB3255B-4FDC-4836-BF56-0511C12411D4} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-04-25] (Google Inc.)

Task: {89923FC3-FCA7-46F1-8FB0-53AECF03AEA9} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION

Task: {8A486FFC-A2E3-4405-8D7A-EFB11B91B8E4} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2015-01-09] (Synaptics Incorporated)

Task: {90F763D1-5E84-4B5F-835D-87E54BCCC41B} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-10-28] (Adobe Systems Incorporated)

Task: {A0376E88-EB30-434C-A425-DC043004C0BA} - System32\Tasks\McAfeeLogon => C:\Program Files\Common Files\McAfee\platform\McUICnt.exe [2015-11-02] (McAfee, Inc.)

Task: {A889F4E1-0273-4B78-985F-D36D7AAF9133} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION

Task: {AD5D531C-ADB9-4547-9281-82FD6F1F1848} - System32\Tasks\McAfee\McAfee Auto Maintenance Task Agent

Task: {AEB096C5-EA77-4936-A39B-6B7A67447FF1} - System32\Tasks\Intel Security DAT Reputation (AMCore) periodic endpoint safety pulse => C:\Program Files\Common Files\McAfee\AMContent\scanners\x86_64\datrep\21.0\mcdatrep.exe [2015-12-11] (McAfee, Inc.)

Task: {B06B0770-9A25-4410-AA73-1A87F34F72E3} - System32\Tasks\PocketCloud => C:\Program Files (x86)\Wyse\PocketCloud\PocketCloudDesktopApp.exe [2013-08-23] ()

Task: {B41C63EC-0DBF-4A4B-9F55-0CB66A8A1071} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe

Task: {B786A135-53EE-407C-8C15-71E6129FF4F9} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION

Task: {C22069B4-D7B7-401B-B494-AC7681430664} - System32\Tasks\RtHDVBg_PushButton => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2015-08-04] (Realtek Semiconductor)

Task: {C5C98F37-6472-4E6B-91B7-AB16B831D1FD} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION

Task: {CA3554F2-5A57-4403-BB48-35277F68C5D8} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION

Task: {CF7378A8-DC05-43D2-8BD1-7E42D9BD08BC} - System32\Tasks\UninstallDDS-C960901F-CE14-4DE1-9729-1305F719A337 => C:\WINDOWS\TEMP\DeleteFolderTask.exe [2015-12-18] ()

Task: {D42825A2-A800-4A5D-BAAE-767ABA48C2EA} - System32\Tasks\Opera N Saturday => C:\Program Files (x86)\Opera\launcher.exe

Task: {E29DCBA4-C943-4BF3-A46F-85AC3B1C60EA} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION

Task: {E58304CF-5419-453C-BEE7-0490C70155A1} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-04-25] (Google Inc.)

Task: {E6AC7110-2A88-4936-95E6-EFCD075FDF54} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION

Task: {F7CF18C3-BAA2-4A9B-B721-53EA42AFCA89} - System32\Tasks\CLVDLauncher => C:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2013-03-22] (CyberLink Corp.)

 

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

 

Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

 

==================== Shortcuts =============================

 

(The entries could be listed to be restored or removed.)

 

==================== Loaded Modules (Whitelisted) ==============

 

2015-10-30 12:48 - 2015-10-30 12:48 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll

2015-05-19 09:11 - 2015-05-19 09:11 - 00007680 _____ () C:\Program Files (x86)\Intel\Intel® Security Assist\isaHelperService.exe

2013-08-23 01:10 - 2013-08-23 01:10 - 00016176 _____ () C:\Program Files (x86)\Wyse\PocketCloud\PocketCloudService.exe

2015-12-10 03:45 - 2015-12-10 03:45 - 02653816 _____ () C:\WINDOWS\system32\CoreUIComponents.dll

2015-12-10 03:45 - 2015-12-10 03:45 - 02653816 _____ () C:\WINDOWS\System32\CoreUIComponents.dll

2010-01-09 20:17 - 2010-01-09 20:17 - 04254560 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF

2010-01-21 01:40 - 2010-01-21 01:40 - 08794464 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll

2015-12-18 13:43 - 2015-12-18 13:43 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.12.15004.0_x86__8wekyb3d8bbwe\SkypeHost.exe

2015-12-18 13:52 - 2015-12-07 09:44 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll

2015-12-18 13:52 - 2015-12-07 09:30 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll

2015-12-18 13:53 - 2015-12-07 09:07 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll

2015-12-18 13:52 - 2015-12-07 09:03 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll

2015-12-18 13:53 - 2015-12-07 09:04 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll

2015-12-18 13:53 - 2015-12-07 09:06 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll

2015-12-18 13:43 - 2015-12-18 13:43 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.12.15004.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll

2015-12-18 13:43 - 2015-12-18 13:43 - 21845504 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.12.15004.0_x86__8wekyb3d8bbwe\SkyWrap.dll

2015-06-24 01:07 - 2015-06-24 01:07 - 01243936 _____ () C:\Program Files\Intel\Intel® Management Engine Components\LMS\ACE.dll

 

==================== Alternate Data Streams (Whitelisted) =========

 

(If an entry is included in the fixlist, only the ADS will be removed.)

 

 

==================== Safe Mode (Whitelisted) ===================

 

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

 

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McNaiAnn => ""=""

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack.sys => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk.sys => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfemms => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service"

 

==================== EXE Association (Whitelisted) ===============

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

 

 

==================== Internet Explorer trusted/restricted ===============

 

(If an entry is included in the fixlist, it will be removed from the registry.)

 

 

==================== Other Areas ============================

 

(Currently there is no automatic fix for this section.)

 

HKU\S-1-5-21-3735849130-1491884294-2926513707-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Aditya Sharma\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\bluelava_1112000xx_inspiron_wallpaper58095_16x9_72dpi_rgb.jpg

DNS Servers: 202.88.131.90 - 202.88.131.89

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)

Windows Firewall is enabled.

 

==================== MSCONFIG/TASK MANAGER disabled items ==

 

(Currently there is no automatic fix for this section.)

 

HKU\S-1-5-21-3735849130-1491884294-2926513707-1001\...\StartupApproved\Run: => "Skype"

 

==================== FirewallRules (Whitelisted) ===============

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139

FirewallRules: [{4F85D63C-7092-4306-93D5-9BB8E5B69ADD}] => (Allow) C:\Users\Aditya Sharma\AppData\Roaming\uTorrent\uTorrent.exe

FirewallRules: [{F5296ACA-993D-468D-8329-A5B4D67B60D3}] => (Allow) C:\Users\Aditya Sharma\AppData\Roaming\uTorrent\uTorrent.exe

FirewallRules: [{432AE552-05D7-483F-BE40-26DEEA0C8B82}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe

FirewallRules: [{433C3EB9-3271-47CD-94B1-28C4541D9CF3}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD Cinema\PowerDVDCinema12.exe

FirewallRules: [{59602C3F-CAA5-449C-B690-E1EAC4EB6682}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXE

FirewallRules: [{C2448803-9668-4395-8A74-7BFD47FE0C95}] => (Allow) C:\Program Files (x86)\Wyse\PocketCloud\WyseRemoteAccess.exe

FirewallRules: [{FF3A2B6A-E646-47B2-9439-8A6850764184}] => (Allow) C:\Program Files (x86)\Wyse\PocketCloud\AetherWindowsService.exe

FirewallRules: [{D0909EF3-CCA2-4B19-AC3A-7451DD051725}] => (Allow) C:\Program Files (x86)\Wyse\PocketCloud\PocketCloudDesktopApp.exe

FirewallRules: [{78D2A776-F5B9-4E30-B56E-EEB09AB7DB58}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

 

==================== Faulty Device Manager Devices =============

 

 

==================== Event log errors: =========================

 

Application errors:

==================

Error: (12/18/2015 06:42:20 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )

Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

 

Details:

AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

 

System Error:

Access is denied.

.

 

Error: (12/18/2015 06:35:22 PM) (Source: Perflib) (EventID: 1008) (User: )

Description: BITSC:\Windows\System32\bitsperf.dll8

 

Error: (12/18/2015 06:09:39 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: ADITYA)

Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2147023170 See the Microsoft-Windows-TWinUI/Operational log for additional information.

 

Error: (12/18/2015 06:09:31 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: SearchUI.exe, version: 10.0.10586.35, time stamp: 0x566503dc

Faulting module name: Windows.UI.Xaml.dll, version: 10.0.10586.35, time stamp: 0x566505e8

Exception code: 0xc000027b

Fault offset: 0x00000000006fcc8b

Faulting process id: 0x103c

Faulting application start time: 0xSearchUI.exe0

Faulting application path: SearchUI.exe1

Faulting module path: SearchUI.exe2

Report Id: SearchUI.exe3

Faulting package full name: SearchUI.exe4

Faulting package-relative application ID: SearchUI.exe5

 

Error: (12/18/2015 02:44:42 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )

Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

 

Details:

AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

 

System Error:

Access is denied.

.

 

Error: (12/18/2015 01:36:23 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: McSvHost.exe, version: 5.0.6060.0, time stamp: 0x563809af

Faulting module name: McVsoShl.dll_unloaded, version: 18.0.6014.0, time stamp: 0x5626b8b9

Exception code: 0xc0000005

Fault offset: 0x000000000002115a

Faulting process id: 0xe0c

Faulting application start time: 0xMcSvHost.exe0

Faulting application path: McSvHost.exe1

Faulting module path: McSvHost.exe2

Report Id: McSvHost.exe3

Faulting package full name: McSvHost.exe4

Faulting package-relative application ID: McSvHost.exe5

 

Error: (12/16/2015 08:49:23 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: NetworkUXBroker.exe, version: 10.0.10586.0, time stamp: 0x5632d7f4

Faulting module name: NetworkUXBroker.exe, version: 10.0.10586.0, time stamp: 0x5632d7f4

Exception code: 0xe0464645

Fault offset: 0x000000000000a6d6

Faulting process id: 0x1e14

Faulting application start time: 0xNetworkUXBroker.exe0

Faulting application path: NetworkUXBroker.exe1

Faulting module path: NetworkUXBroker.exe2

Report Id: NetworkUXBroker.exe3

Faulting package full name: NetworkUXBroker.exe4

Faulting package-relative application ID: NetworkUXBroker.exe5

 

Error: (12/16/2015 06:50:08 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )

Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

 

Details:

AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

 

System Error:

Access is denied.

.

 

Error: (12/16/2015 06:36:39 PM) (Source: YSearchUtilSvc) (EventID: 0) (User: )

Description: YSearchUtilSvc error: The operation completed successfully. (0x0)Could not open service (1060)

 

Error: (12/16/2015 05:25:45 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: ShellExperienceHost.exe, version: 10.0.10586.0, time stamp: 0x5632d93d

Faulting module name: Windows.UI.Xaml.dll, version: 10.0.10586.17, time stamp: 0x56519066

Exception code: 0xc000027b

Fault offset: 0x0000000000517a92

Faulting process id: 0x2d98

Faulting application start time: 0xShellExperienceHost.exe0

Faulting application path: ShellExperienceHost.exe1

Faulting module path: ShellExperienceHost.exe2

Report Id: ShellExperienceHost.exe3

Faulting package full name: ShellExperienceHost.exe4

Faulting package-relative application ID: ShellExperienceHost.exe5

 

 

System errors:

=============

Error: (12/18/2015 06:32:53 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)

Description: {784E29F4-5EBE-4279-9948-1E8FE941646D}

 

Error: (12/18/2015 06:29:46 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: The My Dell Client Framework service failed to start due to the following error: 

%%1053

 

Error: (12/18/2015 06:29:46 PM) (Source: Service Control Manager) (EventID: 7009) (User: )

Description: A timeout was reached (30000 milliseconds) while waiting for the My Dell Client Framework service to connect.

 

Error: (12/18/2015 06:28:17 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)

Description: WLAN Extensibility Module has stopped unexpectedly.

 

Module Path: C:\WINDOWS\System32\bcmihvsrv64.dll

 

Error: (12/18/2015 06:28:17 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)

Description: WLAN Extensibility Module has stopped unexpectedly.

 

Module Path: C:\WINDOWS\System32\bcmihvsrv64.dll

 

Error: (12/18/2015 06:28:11 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)

Description: WLAN Extensibility Module has stopped unexpectedly.

 

Module Path: C:\WINDOWS\System32\bcmihvsrv64.dll

 

Error: (12/18/2015 06:28:07 PM) (Source: Service Control Manager) (EventID: 7031) (User: )

Description: The User Data Access_7d221 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

 

Error: (12/18/2015 06:28:07 PM) (Source: Service Control Manager) (EventID: 7031) (User: )

Description: The User Data Storage_7d221 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

 

Error: (12/18/2015 06:28:07 PM) (Source: Service Control Manager) (EventID: 7031) (User: )

Description: The Contact Data_7d221 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

 

Error: (12/18/2015 06:28:07 PM) (Source: Service Control Manager) (EventID: 7031) (User: )

Description: The Sync Host_7d221 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

 

 

CodeIntegrity:

===================================

  Date: 2015-12-18 18:08:34.536

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

 

  Date: 2015-12-16 15:25:23.367

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

 

  Date: 2015-12-10 15:57:14.971

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

 

  Date: 2015-12-09 14:56:15.076

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

 

  Date: 2015-12-09 14:42:33.776

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

 

  Date: 2015-12-09 14:23:00.333

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

 

 

==================== Memory info =========================== 

 

Processor: Intel® Core i3-5005U CPU @ 2.00GHz

Percentage of memory in use: 42%

Total physical RAM: 4007.41 MB

Available physical RAM: 2321 MB

Total Virtual: 4711.41 MB

Available Virtual: 3035.81 MB

 

==================== Drives ================================

 

Drive c: (OS) (Fixed) (Total:305.23 GB) (Free:238 GB) NTFS

Drive d: () (Fixed) (Total:150 GB) (Free:135.39 GB) NTFS

Drive w: (WINRETOOLS) (Fixed) (Total:0.73 GB) (Free:0.45 GB) NTFS

Drive x: (PBR Image) (Fixed) (Total:8.67 GB) (Free:0.73 GB) NTFS

 

==================== MBR & Partition Table ==================

 

========================================================

Disk: 0 (Size: 465.8 GB) (Disk ID: B76A4D72)

 

Partition: GPT.

 

==================== End of Addition.txt ============================

 

Shortcut.txt

 

Users shortcut scan result (x64) Version:17-12-2015

Ran by Aditya Sharma (2015-12-18 19:01:37)

Running from C:\Users\Aditya Sharma\Downloads

Boot Mode: Normal

 

==================== Shortcuts =============================

 

(The entries could be listed to be restored or removed.)

 

 

 

 

 

Shortcut: C:\Users\Aditya\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk -> C:\Users\Aditya\Documents ()

Shortcut: C:\Users\Aditya\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk -> C:\Users\Aditya\Pictures ()

Shortcut: C:\Users\Aditya\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell (x86).lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)

Shortcut: C:\Users\Aditya\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell ISE (x86).lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation)

Shortcut: C:\Users\Aditya\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell ISE.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation)

Shortcut: C:\Users\Aditya\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)

Shortcut: C:\Users\Aditya\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)

Shortcut: C:\Users\Aditya\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk -> C:\Windows\System32\notepad.exe (Microsoft Corporation)

Shortcut: C:\Users\Aditya\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation)

Shortcut: C:\Users\Aditya\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation)

Shortcut: C:\Users\Aditya\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation)

Shortcut: C:\Users\Aditya\AppData\Local\Microsoft\Windows\WinX\Group3\01 - Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)

Shortcut: C:\Users\Aditya\AppData\Local\Microsoft\Windows\WinX\Group3\01a - Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)

Shortcut: C:\Users\Aditya\AppData\Local\Microsoft\Windows\WinX\Group3\02 - Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)

Shortcut: C:\Users\Aditya\AppData\Local\Microsoft\Windows\WinX\Group3\02a - Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)

Shortcut: C:\Users\Aditya\AppData\Local\Microsoft\Windows\WinX\Group3\03 - Computer Management.lnk -> C:\Windows\System32\compmgmt.msc ()

Shortcut: C:\Users\Aditya\AppData\Local\Microsoft\Windows\WinX\Group3\04 - Disk Management.lnk -> C:\Windows\System32\diskmgmt.msc ()

Shortcut: C:\Users\Aditya\AppData\Local\Microsoft\Windows\WinX\Group3\07 - Event Viewer.lnk -> C:\Windows\System32\eventvwr.exe (Microsoft Corporation)

Shortcut: C:\Users\Aditya\AppData\Local\Microsoft\Windows\WinX\Group3\09 - Mobility Center.lnk -> C:\Windows\System32\mblctr.exe (Microsoft Corporation)

Shortcut: C:\Users\Aditya\AppData\Local\Microsoft\Windows\WinX\Group2\4 - Control Panel.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation)

Shortcut: C:\Users\Aditya Sharma\Links\Desktop.lnk -> C:\Users\Aditya Sharma\Desktop ()

Shortcut: C:\Users\Aditya Sharma\Links\Downloads.lnk -> C:\Users\Aditya Sharma\Downloads ()

Shortcut: C:\Users\Aditya Sharma\Downloads\Downloads.lnk -> C:\Users\Aditya Sharma\Downloads ()

Shortcut: C:\Users\Aditya Sharma\Desktop\Skype.lnk -> C:\Windows\Installer\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}\SkypeIcon.exe ()

Shortcut: C:\Users\Aditya Sharma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk -> C:\Users\Aditya Sharma\AppData\Local\Microsoft\OneDrive\OneDrive.exe (Microsoft Corporation)

Shortcut: C:\Users\Aditya Sharma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Optional Features.lnk -> C:\Windows\System32\fodhelper.exe (Microsoft Corporation)

Shortcut: C:\Users\Aditya Sharma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\Console RAR manual.lnk -> C:\Program Files\WinRAR\Rar.txt ()

Shortcut: C:\Users\Aditya Sharma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\What is new in the latest version.lnk -> C:\Program Files\WinRAR\WhatsNew.txt ()

Shortcut: C:\Users\Aditya Sharma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR help.lnk -> C:\Program Files\WinRAR\WinRAR.chm ()

Shortcut: C:\Users\Aditya Sharma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR.lnk -> C:\Program Files\WinRAR\WinRAR.exe (Alexander Roshal)

Shortcut: C:\Users\Aditya Sharma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell (x86).lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)

Shortcut: C:\Users\Aditya Sharma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell ISE (x86).lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation)

Shortcut: C:\Users\Aditya Sharma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell ISE.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation)

Shortcut: C:\Users\Aditya Sharma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)

Shortcut: C:\Users\Aditya Sharma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)

Shortcut: C:\Users\Aditya Sharma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

Shortcut: C:\Users\Aditya Sharma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk -> C:\Windows\System32\notepad.exe (Microsoft Corporation)

Shortcut: C:\Users\Aditya Sharma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation)

Shortcut: C:\Users\Aditya Sharma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation)

Shortcut: C:\Users\Aditya Sharma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation)

Shortcut: C:\Users\Aditya Sharma\AppData\Roaming\Microsoft\Windows\SendTo\Bluetooth File Transfer.LNK -> C:\Windows\System32\fsquirt.exe (Microsoft Corporation)

Shortcut: C:\Users\Aditya Sharma\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)

Shortcut: C:\Users\Aditya Sharma\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

Shortcut: C:\Users\Aditya Sharma\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)

Shortcut: C:\Users\Aditya Sharma\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Microsoft Excel 2010.lnk -> C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\xlicons.exe ()

Shortcut: C:\Users\Aditya Sharma\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Skype.lnk -> C:\Windows\Installer\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}\SkypeIcon.exe ()

Shortcut: C:\Users\Aditya Sharma\AppData\Local\Microsoft\Windows\WinX\Group3\01 - Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)

Shortcut: C:\Users\Aditya Sharma\AppData\Local\Microsoft\Windows\WinX\Group3\01a - Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)

Shortcut: C:\Users\Aditya Sharma\AppData\Local\Microsoft\Windows\WinX\Group3\02 - Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)

Shortcut: C:\Users\Aditya Sharma\AppData\Local\Microsoft\Windows\WinX\Group3\02a - Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)

Shortcut: C:\Users\Aditya Sharma\AppData\Local\Microsoft\Windows\WinX\Group3\03 - Computer Management.lnk -> C:\Windows\System32\compmgmt.msc ()

Shortcut: C:\Users\Aditya Sharma\AppData\Local\Microsoft\Windows\WinX\Group3\04 - Disk Management.lnk -> C:\Windows\System32\diskmgmt.msc ()

Shortcut: C:\Users\Aditya Sharma\AppData\Local\Microsoft\Windows\WinX\Group3\07 - Event Viewer.lnk -> C:\Windows\System32\eventvwr.exe (Microsoft Corporation)

Shortcut: C:\Users\Aditya Sharma\AppData\Local\Microsoft\Windows\WinX\Group3\09 - Mobility Center.lnk -> C:\Windows\System32\mblctr.exe (Microsoft Corporation)

Shortcut: C:\Users\Aditya Sharma\AppData\Local\Microsoft\Windows\WinX\Group2\4 - Control Panel.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu Places\01 - File Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu Places\03 - Documents.lnk -> C:\Users\Aditya Sharma\Documents ()

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu Places\04 - Downloads.lnk -> C:\Users\Aditya Sharma\Downloads ()

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu Places\05 - Music.lnk -> C:\Users\Aditya Sharma\Music ()

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu Places\06 - Pictures.lnk -> C:\Users\Aditya Sharma\Pictures ()

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu Places\07 - Videos.lnk -> C:\Users\Aditya Sharma\Videos ()

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu Places\10 - UserProfile.lnk -> C:\Users\Aditya Sharma ()

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk -> C:\Windows\Installer\{AC76BA86-7AD7-1033-7B44-AB0000000001}\SC_Reader.ico ()

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Amazon.lnk -> C:\Program Files (x86)\Amazon\Amazon1ButtonApp\Amazon1ButtonTaskbarApp.exe (Amazon)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Devices Flow.lnk -> C:\Windows\DevicesFlow\DevicesFlow.exe (Microsoft Corporation)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Immersive Control Panel.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel® HD Graphics Control Panel.lnk -> C:\Windows\System32\GfxUIEx.exe (Intel Corporation)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MiracastView.lnk -> C:\Windows\MiracastView\MiracastView.exe (Microsoft Corporation)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PrintDialog.lnk -> C:\Windows\PrintDialog\PrintDialog.exe (Microsoft Corporation)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wyse\PocketCloud.lnk -> C:\Program Files (x86)\Wyse\PocketCloud\PocketCloudDesktopApp.exe ()

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\Console RAR manual.lnk -> C:\Program Files\WinRAR\Rar.txt ()

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\What is new in the latest version.lnk -> C:\Program Files\WinRAR\WhatsNew.txt ()

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR help.lnk -> C:\Program Files\WinRAR\WinRAR.chm ()

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR.lnk -> C:\Program Files\WinRAR\WinRAR.exe (Alexander Roshal)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools\Windows Defender.lnk -> C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype\Skype for desktop.lnk -> C:\Program Files (x86)\Skype\Phone\Skype.exe (Skype Technologies S.A.)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SharePoint\Microsoft SharePoint Workspace 2010.lnk -> C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\grvicons.exe ()

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Access 2010.lnk -> C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\accicons.exe ()

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Excel 2010.lnk -> C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\xlicons.exe ()

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft InfoPath Filler 2010.lnk -> C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\inficon.exe ()

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft OneNote 2010.lnk -> C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\joticon.exe ()

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Outlook 2010.lnk -> C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\outicon.exe ()

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft PowerPoint 2010.lnk -> C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\pptico.exe ()

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Publisher 2010.lnk -> C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\pubs.exe ()

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft SharePoint Workspace 2010.lnk -> C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\grvicons.exe ()

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Word 2010.lnk -> C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\wordicon.exe ()

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office 2010 Tools\Digital Certificate for VBA Projects.lnk -> C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\misc.exe ()

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office 2010 Tools\Microsoft Clip Organizer.lnk -> C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\cagicon.exe ()

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office 2010 Tools\Microsoft Office 2010 Language Preferences.lnk -> C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\misc.exe ()

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office 2010 Tools\Microsoft Office 2010 Upload Center.lnk -> C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\msouc.exe ()

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office 2010 Tools\Microsoft Office Picture Manager.lnk -> C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\oisicon.exe ()

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Malwarebytes Anti-Malware Notifications.lnk -> C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe (Malwarebytes)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Malwarebytes Anti-Malware.lnk -> C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe (Malwarebytes)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Uninstall Malwarebytes Anti-Malware.lnk -> C:\Program Files (x86)\Malwarebytes Anti-Malware\unins000.exe ()

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Tools\Malwarebytes Anti-Malware Chameleon.lnk -> C:\Program Files (x86)\Malwarebytes Anti-Malware\Chameleon\Windows\chameleon.chm ()

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Configure Java.lnk -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\javacpl.exe (Oracle Corporation)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel\Intel® Rapid Storage Technology.lnk -> C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorUI.exe (Intel Corporation)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell\Dell Backup and Recovery.lnk -> C:\Program Files (x86)\Dell Backup and Recovery\Dbr.exe (SoftThinks - Dell)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell\Dell Customer Connect.lnk -> C:\Program Files (x86)\Dell Customer Connect\DCCTrayApp.exe (Dell Inc.)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell\Dell Update.lnk -> C:\Program Files (x86)\Dell Update\DellUpTray.exe (Dell Inc.)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink Media Suite\CyberLink Media Suite Essentials.lnk -> C:\Program Files (x86)\CyberLink\Media Suite\CMSLauncher.exe (CyberLink Corp.)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink Media Suite\CyberLink PowerDVD 12\CyberLink PowerDVD 12.lnk -> C:\Program Files (x86)\CyberLink\PowerDVD12\PDVDLaunchPolicy.exe (CyberLink Corp.)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink Media Suite\CyberLink PowerDirector 10\PowerDirector 10.lnk -> C:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.exe (CyberLink Corp.)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink Media Suite\CyberLink Power2Go 8\CyberLink Power2Go 8.lnk -> C:\Program Files (x86)\CyberLink\Power2Go8\Power2Go8.exe (CyberLink Corp.)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink Media Suite\CyberLink Power2Go 8\Desktop Burning Gadget.lnk -> C:\Program Files (x86)\CyberLink\Power2Go8\Power2GoExpress8.exe (CyberLink Corp.)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink Media Suite\CyberLink Power2Go 8\ISO Viewer.lnk -> C:\Program Files (x86)\CyberLink\Power2Go8\IsoViewer8.exe (CyberLink Corp.)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink Media Suite\CyberLink Power2Go 8\Virtual Drive.lnk -> C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe (CyberLink Corp.)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink Media Suite\CyberLink LabelPrint 2.5\CyberLink LabelPrint 2.5.lnk -> C:\Program Files (x86)\CyberLink\LabelPrint\LabelPrint.exe (CyberLink Corp.)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Component Services.lnk -> C:\Windows\System32\comexp.msc ()

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\dfrgui.lnk -> C:\Windows\System32\dfrgui.exe (Microsoft Corporation)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Disk Cleanup.lnk -> C:\Windows\System32\cleanmgr.exe (Microsoft Corporation)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\iSCSI Initiator.lnk -> C:\Windows\System32\iscsicpl.exe (Microsoft Corporation)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Memory Diagnostics Tool.lnk -> C:\Windows\System32\MdSched.exe (Microsoft Corporation)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\ODBC Data Sources (32-bit).lnk -> C:\Windows\SysWOW64\odbcad32.exe (Microsoft Corporation)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\ODBC Data Sources (64-bit).lnk -> C:\Windows\System32\odbcad32.exe (Microsoft Corporation)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk -> C:\Windows\System32\services.msc ()

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration.lnk -> C:\Windows\System32\msconfig.exe (Microsoft Corporation)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Information.lnk -> C:\Windows\System32\msinfo32.exe (Microsoft Corporation)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Windows Firewall with Advanced Security.lnk -> C:\Windows\System32\WF.msc ()

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Math Input Panel.lnk -> C:\Program Files\Common Files\Microsoft Shared\ink\mip.exe (Microsoft Corporation)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Paint.lnk -> C:\Windows\System32\mspaint.exe (Microsoft Corporation)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Remote Desktop Connection.lnk -> C:\Windows\System32\mstsc.exe (Microsoft Corporation)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Snipping Tool.lnk -> C:\Windows\System32\SnippingTool.exe (Microsoft Corporation)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Steps Recorder.lnk -> C:\Windows\System32\psr.exe (Microsoft Corporation)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Sticky Notes.lnk -> C:\Windows\System32\StikyNot.exe (Microsoft Corporation)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Fax and Scan.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Wordpad.lnk -> C:\Program Files\Windows NT\Accessories\wordpad.exe (Microsoft Corporation)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\XPS Viewer.lnk -> C:\Windows\System32\xpsrchvw.exe (Microsoft Corporation)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\Windows Journal.lnk -> C:\Program Files\Windows Journal\Journal.exe (Microsoft Corporation)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Character Map.lnk -> C:\Windows\System32\charmap.exe (Microsoft Corporation)

Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk -> C:\Users\Aditya Sharma\Documents ()

Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk -> C:\Users\Aditya Sharma\Pictures ()

Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell (x86).lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)

Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell ISE (x86).lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation)

Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell ISE.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation)

Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)

Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)

Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk -> C:\Windows\System32\notepad.exe (Microsoft Corporation)

Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation)

Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation)

Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation)

Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\01 - Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)

Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\01a - Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)

Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\02 - Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)

Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\02a - Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)

Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\03 - Computer Management.lnk -> C:\Windows\System32\compmgmt.msc ()

Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\04 - Disk Management.lnk -> C:\Windows\System32\diskmgmt.msc ()

Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\07 - Event Viewer.lnk -> C:\Windows\System32\eventvwr.exe (Microsoft Corporation)

Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\09 - Mobility Center.lnk -> C:\Windows\System32\mblctr.exe (Microsoft Corporation)

Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\4 - Control Panel.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation)

Shortcut: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)

Shortcut: C:\Users\Public\Desktop\Intel® HD Graphics Control Panel.lnk -> C:\Windows\System32\GfxUIEx.exe (Intel Corporation)

Shortcut: C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk -> C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe (Malwarebytes)

 

 

 

 

ShortcutWithArgument: C:\Users\Aditya\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo

ShortcutWithArgument: C:\Users\Aditya\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - Network Connections.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> ::{7007ACC7-3202-11D1-AAD2-00805FC1270E}

ShortcutWithArgument: C:\Users\Aditya\AppData\Local\Microsoft\Windows\WinX\Group3\05 - Device Manager.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.DeviceManager

ShortcutWithArgument: C:\Users\Aditya\AppData\Local\Microsoft\Windows\WinX\Group3\06 - System.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.System

ShortcutWithArgument: C:\Users\Aditya\AppData\Local\Microsoft\Windows\WinX\Group3\08 - Power Options.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.PowerOptions

ShortcutWithArgument: C:\Users\Aditya\AppData\Local\Microsoft\Windows\WinX\Group3\10 - Programs and Features.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.ProgramsAndFeatures

ShortcutWithArgument: C:\Users\Aditya\AppData\Local\Microsoft\Windows\WinX\Group2\1 - Run.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}

ShortcutWithArgument: C:\Users\Aditya\AppData\Local\Microsoft\Windows\WinX\Group2\2 - Search.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{2559a1f8-21d7-11d4-bdaf-00c04f60b9f0}

ShortcutWithArgument: C:\Users\Aditya\AppData\Local\Microsoft\Windows\WinX\Group2\3 - Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> /e,::{20D04FE0-3AEA-1069-A2D8-08002B30309D}

ShortcutWithArgument: C:\Users\Aditya\AppData\Local\Microsoft\Windows\WinX\Group2\5 - Task Manager.lnk -> C:\Windows\System32\Taskmgr.exe (Microsoft Corporation) -> /0

ShortcutWithArgument: C:\Users\Aditya\AppData\Local\Microsoft\Windows\WinX\Group1\1 - Desktop.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{3080F90D-D7AD-11D9-BD98-0000947B0257}

ShortcutWithArgument: C:\Users\Aditya Sharma\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo

ShortcutWithArgument: C:\Users\Aditya Sharma\AppData\Roaming\Microsoft\Windows\SendTo\Skype.lnk -> C:\Program Files (x86)\Skype\Phone\Skype.exe (Skype Technologies S.A.) -> /sendto:

ShortcutWithArgument: C:\Users\Aditya Sharma\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - Network Connections.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> ::{7007ACC7-3202-11D1-AAD2-00805FC1270E}

ShortcutWithArgument: C:\Users\Aditya Sharma\AppData\Local\Microsoft\Windows\WinX\Group3\05 - Device Manager.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.DeviceManager

ShortcutWithArgument: C:\Users\Aditya Sharma\AppData\Local\Microsoft\Windows\WinX\Group3\06 - System.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.System

ShortcutWithArgument: C:\Users\Aditya Sharma\AppData\Local\Microsoft\Windows\WinX\Group3\08 - Power Options.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.PowerOptions

ShortcutWithArgument: C:\Users\Aditya Sharma\AppData\Local\Microsoft\Windows\WinX\Group3\10 - Programs and Features.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.ProgramsAndFeatures

ShortcutWithArgument: C:\Users\Aditya Sharma\AppData\Local\Microsoft\Windows\WinX\Group2\1 - Run.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}

ShortcutWithArgument: C:\Users\Aditya Sharma\AppData\Local\Microsoft\Windows\WinX\Group2\2 - Search.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{2559a1f8-21d7-11d4-bdaf-00c04f60b9f0}

ShortcutWithArgument: C:\Users\Aditya Sharma\AppData\Local\Microsoft\Windows\WinX\Group2\3 - Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> /e,::{20D04FE0-3AEA-1069-A2D8-08002B30309D}

ShortcutWithArgument: C:\Users\Aditya Sharma\AppData\Local\Microsoft\Windows\WinX\Group2\5 - Task Manager.lnk -> C:\Windows\System32\Taskmgr.exe (Microsoft Corporation) -> /0

ShortcutWithArgument: C:\Users\Aditya Sharma\AppData\Local\Microsoft\Windows\WinX\Group1\1 - Desktop.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{3080F90D-D7AD-11D9-BD98-0000947B0257}

ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office.lnk -> C:\Program Files (x86)\Microsoft Office\Office15\FIRSTRUN.EXE (Microsoft Corporation) -> /OEM

ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search.lnk -> C:\Windows\System32\rundll32.exe (Microsoft Corporation) -> -sta {C90FB8CA-3295-4462-A721-2935E83694BA}

ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk -> C:\Program Files (x86)\Windows Media Player\wmplayer.exe (Microsoft Corporation) -> /prefetch:1

ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools\Default Programs.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.DefaultPrograms

ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools\Task Manager.lnk -> C:\Windows\System32\Taskmgr.exe (Microsoft Corporation) -> /7

ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft InfoPath Designer 2010.lnk -> C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\inficon.exe () ->  /design 

ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee\McAfee LiveSafe – Internet Security.lnk -> C:\Program Files\mcafee.com\agent\mcagent.exe (McAfee, Inc.) -> /desktopicon /platui

ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\About Java.lnk -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\javacpl.exe (Oracle Corporation) -> -tab about

ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Check For Updates.lnk -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\javacpl.exe (Oracle Corporation) -> -tab update

ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox 20 GB\Dropbox 20 GB.lnk -> C:\Program Files (x86)\Dropbox\DropboxOEM\DropboxOEM.exe () -> manual

ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell\Dell Notification Center.lnk -> C:\Program Files\Dell\Dell Foundation Services\DFS.Common.Agent.exe (Dell) -> /FromShortcut

ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell\Register My Device.lnk -> C:\Program Files (x86)\Dell Product Registration\prodreg.exe (Aviata Inc) -> /LSRC=StartMenu

ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell\SupportAssist\SupportAssist.lnk -> C:\Program Files\Dell\SupportAssist\pcdlauncher.exe (PC-Doctor, Inc.) -> -lloc dsc

ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Computer Management.lnk -> C:\Windows\System32\compmgmt.msc () -> /s

ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Event Viewer.lnk -> C:\Windows\System32\eventvwr.msc () -> /s

ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Performance Monitor.lnk -> C:\Windows\System32\perfmon.msc () -> /s

ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Resource Monitor.lnk -> C:\Windows\System32\perfmon.exe (Microsoft Corporation) -> /res

ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Task Scheduler.lnk -> C:\Windows\System32\taskschd.msc () -> /s

ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Media Player.lnk -> C:\Program Files (x86)\Windows Media Player\wmplayer.exe (Microsoft Corporation) -> /prefetch:1

ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessibility\Speech Recognition.lnk -> C:\Windows\Speech\Common\sapisvr.exe (Microsoft Corporation) -> -SpeechUX

ShortcutWithArgument: C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo

ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - Network Connections.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> ::{7007ACC7-3202-11D1-AAD2-00805FC1270E}

ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\05 - Device Manager.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.DeviceManager

ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\06 - System.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.System

ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\08 - Power Options.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.PowerOptions

ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\10 - Programs and Features.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.ProgramsAndFeatures

ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\1 - Run.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}

ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\2 - Search.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{2559a1f8-21d7-11d4-bdaf-00c04f60b9f0}

ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\3 - Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{52205fd8-5dfb-447d-801a-d0b52f2e83e1}

ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\5 - Task Manager.lnk -> C:\Windows\System32\Taskmgr.exe (Microsoft Corporation) -> /0

ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group1\1 - Desktop.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{3080F90D-D7AD-11D9-BD98-0000947B0257}

ShortcutWithArgument: C:\Users\Public\Desktop\Dropbox 20 GB.lnk -> C:\Program Files (x86)\Dropbox\DropboxOEM\DropboxOEM.exe () -> manual

 

 

InternetURL: C:\Users\Aditya Sharma\Favorites\Bing.url -> hxxp://go.microsoft.com/fwlink/p/?LinkId=255142

InternetURL: C:\Users\Aditya Sharma\Favorites\Dell\Dell Auction.url -> hxxp://www.dellauction.com/

InternetURL: C:\Users\Aditya Sharma\Favorites\Dell\Dell Internet Security.url -> hxxp://support.dell.com/support/topics/global.aspx/support/security/security?c=us&cs=19&l=en&s=dhs

InternetURL: C:\Users\Aditya Sharma\Favorites\Dell\Dell.url -> hxxp://www.dell.com/

InternetURL: C:\Users\Aditya Sharma\Favorites\Dell\Support.Dell.Com.url -> hxxp://support.dell.com/support/index.aspx?c=us&l=en&s=gen

InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Get Help.url -> hxxp://java.com/help

InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Visit Java.com.url -> hxxp://java.com/

 

==================== End of Shortcut.txt =============================

Link to post
Share on other sites

Problem persists. Infected by browser search redirect virus called searchinterneat.

 

Whenever I open a new tab in Google Chrome, instead of opening my default home page which is set to 'New Tab', it redirects via 'http://searchinterneat-a.akamaihd.net/t?eq=U0EeFFhaR1oWHFYbeQtaAwsSDAJHdwoVVQ8QQhhCdQleTF0TR1FAJQ0MAl1CQhNBNARaAktXUUEeIlVfAh8fHGZGIUtbCXIfTkI=' and finally to 'https://in.search.yahoo.com/?fr=hp-ddc-bd-tab&type=dc-bcr-is-rhb-50__alt__ddc_dsssyctab_bd_com' which looks like an innocuous Yahoo search page but I found information online that this virus tracks your browser activity.

 

I have followed instructions I found online from posts by others and done the following so far in all my browsers (IE and Chrome):

1. Deleted additional/ suspicious-looking search engines and set my default search engine (Google in Chrome, Bing in IE)

2. Deleted any suspicious-looking extensions

3. Reset browser settings

4. Checked the target path in browser properties and it seemed okay

 

This problem began a few days ago after my sister installed Audacity software on my laptop when I wasn't around and I suspect she accidentally installed some malicious programs as part of the installation bundle. I have uninstalled from Control Panel, in addition to Audacity, all programs that look new or suspicious.

Link to post
Share on other sites

Problem persists. Infected by browser search redirect virus called searchinterneat.

 

Whenever I open a new tab in Google Chrome, instead of opening my default home page which is set to 'New Tab', it redirects via 'http://searchinterneat-a.akamaihd.net/t?eq=U0EeFFhaR1oWHFYbeQtaAwsSDAJHdwoVVQ8QQhhCdQleTF0TR1FAJQ0MAl1CQhNBNARaAktXUUEeIlVfAh8fHGZGIUtbCXIfTkI=' and finally to 'https://in.search.yahoo.com/?fr=hp-ddc-bd-tab&type=dc-bcr-is-rhb-50__alt__ddc_dsssyctab_bd_com' which looks like an innocuous Yahoo search page but I found information online that this virus tracks your browser activity.

 

I have followed instructions I found online from posts by others and done the following so far in all my browsers (IE and Chrome):

1. Deleted additional/ suspicious-looking search engines and set my default search engine (Google in Chrome, Bing in IE)

2. Deleted any suspicious-looking extensions

3. Reset browser settings

4. Checked the target path in browser properties and it seemed okay

 

This problem began a few days ago after my sister installed Audacity software on my laptop when I wasn't around and I suspect she accidentally installed some malicious programs as part of the installation bundle. I have uninstalled from Control Panel, in addition to Audacity, all programs that look new or suspicious.

Link to post
Share on other sites

Also, Internet Explorer seems unaffected by this problem. It starts with the default new tab. Only Chrome seems to suffer from the redirect virus.

 

Until yesterday, my laptop was acting up a bit - lagging, hanging and intermittent Wi-Fi disconnection (might be a one-off and completely unrelated to the redirect virus). Today it seems to be running fine except for the redirect problem with Chrome.

Link to post
Share on other sites

Lets go for a fresh clean install of Chrome, see how it responds when complete:

 

If your Chrome Bookmarks are important do this first:

Go to this link: http://www.wikihow.com/Export-Bookmarks-from-Chrome follow the instructions and Export your Bookmarks from Chrome, save to your Desktop or similar. Note the instructions can also be used to Import the bookmarks.....

Continue for a clean install:

Remove all synced data from Chrome go here: http://www.howtogeek.com/103655/how-to-delete-your-google-chrome-browser-sync-data/ follow those instructions...

Uninstall Chrome: https://support.google.com/chrome/answer/95319?hl=en-GB follow those instructions, ensure the option to "Also delete your browsing data" is selected. <<--- Very important!!

Type or copy/paste the following into search %appdata% scroll to and delete the folder named Google

Install Google Chrome from here: https://www.google.com/intl/en_uk/chrome/browser/desktop/index.html

Install Adblock Plus to Chrome: https://chrome.google.com/webstore/detail/adblock-plus/cfhdojbkjhnklbpkdaibdccddilifddb
 

Any improvement?

 

Thank you,

 

Kevin

Link to post
Share on other sites

I have uninstalled Chrome. At the next step, deleting the Google folder from AppData: when I search %appdata% it takes me to AppData > Roaming. There's no Google folder in there. There is, however, one named Audacity. And also Opera Software (one of the programs that I believe got accidentally installed by my sister when my laptop was infected). Opera is an empty folder. Audacity has an empty folder called AutoSave and two files audacity.cfg and plugins.cfg. Should I delete these now that I'm here or let them be?

There is a Google folder in App Data > Local. Subfolders Chrome Cleanup Tool (chrome_cleanup_tool.log file within it) and CrashReports (empty). Is this the Google folder I must delete before installing Chrome?

Link to post
Share on other sites

  • 2 weeks later...
  • Root Admin

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.