Jump to content

I don't know whether I can delete these files


Recommended Posts

Hi,

 

I am using Malwarebytes trial version. when I scanned my system I found the below files/folders infected(pls see attached). I dont know whether I can delete them or not. Pls help!!

 

I then ran a scan with Farber recovery scan tool. I am attaching that logs too here. pls help. 

 

-===========================

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:23-12-2015
Ran by FAISAL (administrator) on LAPTOP-B5I21MR1 (24-12-2015 10:53:36)
Running from C:\Users\FAISAL\Downloads
Loaded Profiles: FAISAL (Available Profiles: FAISAL)
Platform: Windows 10 Home Single Language (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 16.0.0\avp.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Windows ® Win 7 DDK provider) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(TOSHIBA) C:\Program Files (x86)\TOSHIBA\TOSHIBA System Driver\RMService.exe
(Toshiba Corporation) C:\Program Files\TOSHIBA\Teco\TecoService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 16.0.0\avpui.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Teco\TecoResident.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\System Setting\TCrdMain_Win8.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(TODO: <Company name>) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TosWififind.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [TecoResident] => C:\Program Files\TOSHIBA\Teco\TecoResident.exe [180016 2015-06-08] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [354144 2013-08-13] (TOSHIBA Corporation)
HKLM\...\Run: [TCrdMain] => C:\Program Files\Toshiba\System Setting\TCrdMain_Win8.exe [511280 2015-06-23] (TOSHIBA Corporation)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3954880 2015-12-23] (Synaptics Incorporated)
HKLM-x32\...\Run: [KeNotify] => C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe [34160 2015-03-23] (TOSHIBA CORPORATION)
HKLM-x32\...\Run: [TSVU] => c:\Program Files\TOSHIBA\TOSHIBA Smart View Utility\TosSmartViewLauncher.exe [516976 2015-06-09] (TOSHIBA)
HKLM-x32\...\Run: [CLMLServer_For_P2G8] => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [110008 2015-05-14] (CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [499128 2015-05-14] (CyberLink Corp.)
HKU\S-1-5-21-3975837588-78564851-2815030472-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8590760 2015-12-08] (Piriform Ltd)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FAH.lnk [2015-12-23]
ShortcutTarget: FAH.lnk -> C:\Program Files\WinZip\FAH\FAHConsole.exe (Nico Mak Computing)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Preloader.lnk [2015-12-23]
ShortcutTarget: WinZip Preloader.lnk -> C:\Program Files\WinZip\WzPreloader.exe (WinZip Computing, S.L.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 213.42.20.20 195.229.241.222 192.168.1.1
Tcpip\..\Interfaces\{59470477-8c78-4c75-8982-66f28cc8b5be}: [DhcpNameServer] 213.42.20.20 195.229.241.222 192.168.1.1
 
Internet Explorer:
==================
HKU\S-1-5-21-3975837588-78564851-2815030472-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://toshiba15.msn.com/?pc=TBTE
HKU\S-1-5-21-3975837588-78564851-2815030472-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://follow.toshiba.ca/toshiba/id-ss
HKU\S-1-5-21-3975837588-78564851-2815030472-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://follow.toshiba.ca/toshiba/id-ss
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-3975837588-78564851-2815030472-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation)
BHO: Kaspersky Protection plugin -> {C66D064F-82FE-4E1A-B06A-B2490BA48B18} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 16.0.0\x64\IEExt\ie_plugin.dll [2015-12-22] (AO Kaspersky Lab)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2015-06-02] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation)
BHO-x32: Kaspersky Protection plugin -> {C66D064F-82FE-4E1A-B06A-B2490BA48B18} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 16.0.0\IEExt\ie_plugin.dll [2015-12-22] (AO Kaspersky Lab)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2012-10-01] (Microsoft Corporation)
Toolbar: HKLM - Kaspersky Protection toolbar - {3507FA00-ADA2-4A02-99B9-51AD26CA9120} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 16.0.0\x64\IEExt\ie_plugin.dll [2015-12-22] (AO Kaspersky Lab)
Toolbar: HKLM-x32 - Kaspersky Protection toolbar - {3507FA00-ADA2-4A02-99B9-51AD26CA9120} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 16.0.0\IEExt\ie_plugin.dll [2015-12-22] (AO Kaspersky Lab)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2012-10-01] (Microsoft Corporation)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} -  No File
 
FireFox:
========
FF ProfilePath: C:\Users\FAISAL\AppData\Roaming\Mozilla\Firefox\Profiles\x3027sea.default
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-23] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-23] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2013-07-13] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-10-01] (Adobe Systems Inc.)
FF Extension: Adblock Plus - C:\Users\FAISAL\AppData\Roaming\Mozilla\Firefox\Profiles\x3027sea.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-12-22]
FF HKLM-x32\...\Firefox\Extensions: [light_plugin_D772DC8D6FAF43A29B25C4EBAA5AD1DE@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 16.0.0\FFExt\light_plugin_firefox
FF Extension: Kaspersky Protection - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 16.0.0\FFExt\light_plugin_firefox [2015-12-22]
 
Chrome: 
=======
CHR Profile: C:\Users\FAISAL\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\FAISAL\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-12-23]
CHR Extension: (Google Docs) - C:\Users\FAISAL\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-12-23]
CHR Extension: (Google Drive) - C:\Users\FAISAL\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-12-23]
CHR Extension: (YouTube) - C:\Users\FAISAL\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-12-23]
CHR Extension: (Google Search) - C:\Users\FAISAL\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-12-23]
CHR Extension: (Google Sheets) - C:\Users\FAISAL\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-12-23]
CHR Extension: (Google Docs Offline) - C:\Users\FAISAL\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-12-23]
CHR Extension: (AdBlock) - C:\Users\FAISAL\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-12-23]
CHR Extension: (Chrome Web Store Payments) - C:\Users\FAISAL\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-12-23]
CHR Extension: (Gmail) - C:\Users\FAISAL\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-12-23]
CHR HKLM\...\Chrome\Extension: [eahebamiopdhefndnmappcihfajigkka] - hxxps://chrome.google.com/webstore/detail/eahebamiopdhefndnmappcihfajigkka
CHR HKLM-x32\...\Chrome\Extension: [eahebamiopdhefndnmappcihfajigkka] - hxxps://chrome.google.com/webstore/detail/eahebamiopdhefndnmappcihfajigkka
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [323152 2015-05-28] (Windows ® Win 7 DDK provider)
R2 AVP16.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 16.0.0\avp.exe [194000 2015-12-22] (Kaspersky Lab ZAO)
R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [235008 2013-07-16] (TODO: <Company name>) [File not signed]
R2 igfxCUIService2.0.0.0; C:\Windows\system32\igfxCUIService.exe [351120 2015-10-15] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [255168 2015-12-23] (Synaptics Incorporated)
R2 TOSRMService; C:\Program Files (x86)\TOSHIBA\TOSHIBA System Driver\RMService.exe [326960 2015-06-24] (TOSHIBA)
S3 vssbrigde64; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 16.0.0\x64\vssbridge64.exe [144640 2015-07-09] (AO Kaspersky Lab)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [362928 2015-07-10] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-07-10] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 athr; C:\Windows\System32\drivers\athw10x.sys [4342936 2015-12-09] (Qualcomm Atheros Communications, Inc.)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91912 2013-11-12] (CyberLink)
R0 cm_km; C:\Windows\System32\DRIVERS\cm_km.sys [389816 2015-07-06] (Kaspersky Lab ZAO)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [478392 2015-06-22] (Kaspersky Lab ZAO)
R0 klbackupdisk; C:\Windows\System32\DRIVERS\klbackupdisk.sys [53432 2015-06-06] (Kaspersky Lab ZAO)
R1 klbackupflt; C:\Windows\System32\DRIVERS\klbackupflt.sys [70512 2015-06-27] (Kaspersky Lab ZAO)
R2 kldisk; C:\Windows\system32\DRIVERS\kldisk.sys [68280 2015-06-06] (Kaspersky Lab ZAO)
S0 klelam; C:\Windows\System32\DRIVERS\klelam.sys [30328 2015-06-24] (Kaspersky Lab)
R3 klflt; C:\Windows\system32\DRIVERS\klflt.sys [181640 2015-12-22] (AO Kaspersky Lab)
R1 klhk; C:\Windows\system32\DRIVERS\klhk.sys [227512 2015-12-22] (AO Kaspersky Lab)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [934272 2015-12-22] (AO Kaspersky Lab)
R1 KLIM6; C:\Windows\system32\DRIVERS\klim6.sys [39608 2015-06-11] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\system32\DRIVERS\klkbdflt.sys [41656 2015-06-06] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\system32\DRIVERS\klmouflt.sys [41656 2015-06-07] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [41352 2015-12-22] (AO Kaspersky Lab)
R1 klwfp; C:\Windows\system32\DRIVERS\klwfp.sys [87944 2015-12-22] (Kaspersky Lab ZAO)
R1 Klwtp; C:\Windows\system32\DRIVERS\klwtp.sys [102584 2015-06-16] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\system32\DRIVERS\kneps.sys [187056 2015-06-23] (Kaspersky Lab ZAO)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2015-12-24] (Malwarebytes)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\System32\drivers\TeeDriverW8x64.sys [183584 2015-06-12] (Intel Corporation)
S3 mfeaack; C:\Windows\System32\drivers\mfeaack.sys [412440 2015-07-02] (McAfee, Inc.)
S3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [492000 2015-05-27] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [109480 2015-05-27] (McAfee, Inc.)
R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [301784 2015-06-02] (Realtek Semiconductor Corp.)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [895256 2015-06-17] (Realtek                                            )
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [51392 2015-12-23] (Synaptics Incorporated)
R3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [45720 2015-06-13] (Toshiba Corporation)
S3 UdeCx; C:\Windows\System32\drivers\udecx.sys [44032 2015-07-10] ()
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-07-10] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [291680 2015-07-10] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [119648 2015-07-10] (Microsoft Corporation)
U4 klkbdflt2; \SystemRoot\system32\DRIVERS\klkbdflt2.sys [X]
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-12-24 10:53 - 2015-12-24 10:54 - 00016524 _____ C:\Users\FAISAL\Downloads\FRST.txt
2015-12-24 10:53 - 2015-12-24 10:53 - 02370560 _____ (Farbar) C:\Users\FAISAL\Downloads\FRST64.exe
2015-12-24 10:53 - 2015-12-24 10:53 - 00000000 ____D C:\FRST
2015-12-24 10:32 - 2015-12-24 10:32 - 00016148 _____ C:\Windows\system32\LAPTOP-B5I21MR1_FAISAL_HistoryPrediction.bin
2015-12-23 21:47 - 2015-12-24 10:33 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-12-23 21:47 - 2015-12-23 21:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-12-23 21:47 - 2015-12-23 21:47 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-12-23 21:47 - 2015-12-23 21:47 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-12-23 21:47 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-12-23 21:47 - 2015-10-05 09:50 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-12-23 21:47 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2015-12-23 21:44 - 2015-12-23 21:46 - 22908888 _____ (Malwarebytes ) C:\Users\FAISAL\Downloads\mbam-setup-2.2.0.1024.exe
2015-12-23 20:37 - 2015-12-23 20:37 - 00000000 ____D C:\Program Files\Synaptics
2015-12-23 20:37 - 2015-12-23 20:36 - 00051392 _____ (Synaptics Incorporated) C:\Windows\system32\Drivers\Smb_driver_Intel.sys
2015-12-23 20:36 - 2015-12-23 20:36 - 01813392 _____ (Microsoft Corporation) C:\Windows\system32\WdfCoInstaller01011.dll
2015-12-23 20:36 - 2015-12-23 20:36 - 00773312 _____ (Synaptics Incorporated) C:\Windows\system32\SynCOM.dll
2015-12-23 20:36 - 2015-12-23 20:36 - 00627392 _____ (Synaptics Incorporated) C:\Windows\system32\Drivers\SynTP.sys
2015-12-23 20:36 - 2015-12-23 20:36 - 00428736 _____ (Synaptics Incorporated) C:\Windows\SysWOW64\SynCom.dll
2015-12-23 20:36 - 2015-12-23 20:36 - 00277696 _____ (Synaptics Incorporated) C:\Windows\system32\SynTPAPI.dll
2015-12-23 20:36 - 2015-12-23 20:36 - 00262848 _____ (Synaptics Incorporated) C:\Windows\system32\SynTPCo33.dll
2015-12-23 20:36 - 2015-12-23 20:36 - 00051392 _____ (Synaptics Incorporated) C:\Windows\system32\Drivers\Smb_driver_Intel_Aux.sys
2015-12-23 20:36 - 2015-12-23 20:36 - 00050880 _____ (Synaptics Incorporated) C:\Windows\system32\Drivers\Smb_driver_AMDASF_Aux.sys
2015-12-23 14:37 - 2015-12-23 14:37 - 00000000 ____D C:\Users\FAISAL\Documents\scratches
2015-12-23 14:17 - 2015-12-23 14:19 - 00000000 ____D C:\Users\FAISAL\AppData\Roaming\QuickScan
2015-12-23 14:17 - 2015-12-23 14:17 - 00039480 _____ C:\Users\FAISAL\Downloads\qsinstaller.exe
2015-12-23 14:02 - 2015-12-23 22:24 - 00002297 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-12-23 14:02 - 2015-12-23 14:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-12-23 14:00 - 2015-12-24 10:33 - 00000926 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-12-23 14:00 - 2015-12-23 22:05 - 00000930 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-12-23 14:00 - 2015-12-23 14:01 - 00000000 ____D C:\Program Files (x86)\Google
2015-12-23 14:00 - 2015-12-23 14:00 - 00927824 _____ (Google Inc.) C:\Users\FAISAL\Downloads\ChromeSetup.exe
2015-12-23 14:00 - 2015-12-23 14:00 - 00003988 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-12-23 14:00 - 2015-12-23 14:00 - 00003756 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-12-23 11:32 - 2015-12-23 11:32 - 00081682 _____ C:\Users\FAISAL\Downloads\UAE JOB SITES-1.xlsx
2015-12-23 10:26 - 2015-12-23 10:26 - 00165396 _____ C:\Users\FAISAL\Documents\cc_20151223_102556.reg
2015-12-23 09:47 - 2015-12-23 09:47 - 00002872 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2015-12-23 09:47 - 2015-12-23 09:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2015-12-23 09:46 - 2015-12-23 09:47 - 00000000 ____D C:\Program Files\CCleaner
2015-12-23 09:45 - 2015-12-23 09:46 - 06805328 _____ (Piriform Ltd) C:\Users\FAISAL\Downloads\ccsetup513.exe
2015-12-22 16:20 - 2015-12-23 10:09 - 00005250 _____ C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for LAPTOP-B5I21MR1-FAISAL LAPTOP-B5I21MR1
2015-12-22 15:20 - 2015-12-22 15:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2015-12-22 15:18 - 2015-12-22 15:18 - 00000000 ____D C:\Program Files\Common Files\DESIGNER
2015-12-22 15:18 - 2015-12-22 15:18 - 00000000 ____D C:\Program Files (x86)\Microsoft SQL Server
2015-12-22 15:16 - 2015-12-22 15:18 - 00000000 ____D C:\Program Files\Microsoft SQL Server
2015-12-22 15:16 - 2015-12-22 15:16 - 00000000 ____D C:\Windows\PCHEALTH
2015-12-22 15:11 - 2015-12-22 15:16 - 00000000 ____D C:\Program Files\Microsoft Office
2015-12-22 15:11 - 2015-12-22 15:11 - 00000000 __RHD C:\MSOCache
2015-12-22 15:11 - 2015-12-22 15:11 - 00000000 ____D C:\Users\FAISAL\AppData\Local\Microsoft Help
2015-12-22 15:11 - 2015-12-22 15:11 - 00000000 ____D C:\Program Files\Microsoft Analysis Services
2015-12-22 15:11 - 2015-12-22 15:11 - 00000000 ____D C:\Program Files (x86)\Microsoft Analysis Services
2015-12-22 15:01 - 2015-12-22 15:06 - 00000000 ____D C:\Volumes
2015-12-22 14:59 - 2015-12-22 16:17 - 00000000 ____D C:\Windows\PismoFileMount
2015-12-22 14:59 - 2015-12-22 16:17 - 00000000 ____D C:\Program Files\Pismo File Mount Audit Package
2015-12-22 14:59 - 2015-12-22 14:59 - 02709320 _____ (Pismo Technic Inc.) C:\Users\FAISAL\Downloads\pfmap-180-win.exe
2015-12-22 14:59 - 2015-12-03 00:01 - 00440072 _____ (Pismo Technic Inc.) C:\Windows\SysWOW64\pfmapi_180.dll
2015-12-22 14:59 - 2015-12-02 23:51 - 00175880 _____ (Pismo Technic Inc.) C:\Windows\system32\ptdllrun1.exe
2015-12-22 14:59 - 2015-12-02 23:51 - 00142600 _____ (Pismo Technic Inc.) C:\Windows\SysWOW64\ptdllrun1.exe
2015-12-22 12:12 - 2015-12-22 12:12 - 04217456 _____ (Smart Projects ) C:\Users\FAISAL\Downloads\isobuster_install.exe
2015-12-22 10:57 - 2015-12-22 12:26 - 806676480 _____ C:\Users\FAISAL\Downloads\OfficeProfessionalPlus_x64_en-us.img
2015-12-22 10:26 - 2015-12-22 10:26 - 00437353 _____ C:\Users\FAISAL\Downloads\IT Engineer with 1.5 Years exp..pdf
2015-12-22 09:34 - 2015-12-23 22:25 - 00001227 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-12-22 09:34 - 2015-12-22 09:40 - 00000000 ____D C:\Users\FAISAL\AppData\Local\Mozilla
2015-12-22 09:34 - 2015-12-22 09:34 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-12-22 09:32 - 2015-12-22 09:33 - 00249416 _____ C:\Users\FAISAL\Downloads\Firefox Setup Stub 43.0.1.exe
2015-12-22 09:13 - 2015-12-22 09:13 - 00000000 ____D C:\Users\FAISAL\AppData\Local\VS Revo Group
2015-12-22 09:13 - 2015-12-22 09:13 - 00000000 ____D C:\ProgramData\VS Revo Group
2015-12-21 22:43 - 2015-12-23 22:24 - 00002291 _____ C:\Users\Public\Desktop\Kaspersky Anti-Virus.lnk
2015-12-21 22:43 - 2015-12-21 22:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Anti-Virus
2015-12-21 22:43 - 2013-05-06 08:13 - 00110176 _____ (Kaspersky Lab ZAO) C:\Windows\system32\klfphc.dll
2015-12-21 22:42 - 2015-12-24 10:32 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2015-12-21 22:42 - 2015-12-21 22:42 - 00000000 ____D C:\Program Files (x86)\Kaspersky Lab
2015-12-21 22:41 - 2015-12-22 07:42 - 00934272 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klif.sys
2015-12-21 22:41 - 2015-12-22 07:41 - 00181640 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klflt.sys
2015-12-21 22:41 - 2015-12-22 07:37 - 00227512 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klhk.sys
2015-12-21 21:55 - 2015-12-21 21:55 - 00000017 _____ C:\Windows\SysWOW64\history.dat
2015-12-21 21:33 - 2015-12-21 21:33 - 00003322 _____ C:\Windows\System32\Tasks\{616FB10E-2682-45E4-B3D6-EA3A4BBFC33B}
2015-12-21 21:32 - 2015-12-21 21:32 - 00000000 ____D C:\Users\FAISAL\AppData\Roaming\Synaptics
2015-12-21 21:30 - 2015-12-21 21:34 - 00000000 ____D C:\Users\FAISAL\AppData\Roaming\Opera Software
2015-12-21 21:30 - 2015-12-21 21:34 - 00000000 ____D C:\Users\FAISAL\AppData\Local\Opera Software
2015-12-21 21:29 - 2015-12-21 21:34 - 00000000 ____D C:\Program Files (x86)\Opera
2015-12-21 21:15 - 2015-12-22 09:34 - 00000000 ____D C:\Users\FAISAL\AppData\Roaming\Mozilla
2015-12-21 20:57 - 2015-12-21 20:56 - 00000931 _____ C:\Windows\system32\Drivers\etc\hp.bak
2015-12-21 20:55 - 2015-12-23 09:27 - 00000000 ____D C:\Users\FAISAL\AppData\Local\Cooking Virtual
2015-12-09 08:47 - 2015-11-25 08:44 - 21872640 _____ (Microsoft Corporation) C:\Windows\system32\edgehtml.dll
2015-12-09 08:47 - 2015-11-25 08:42 - 24592384 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-12-09 08:47 - 2015-11-25 08:34 - 12504576 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-12-09 08:47 - 2015-11-25 08:23 - 19323392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-12-09 08:47 - 2015-11-25 08:22 - 01717248 _____ (Microsoft Corporation) C:\Windows\system32\GdiPlus.dll
2015-12-09 08:47 - 2015-11-25 08:10 - 18801664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\edgehtml.dll
2015-12-09 08:47 - 2015-11-25 08:05 - 11263488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-12-09 08:46 - 2015-12-01 11:01 - 02115936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2015-12-09 08:46 - 2015-12-01 10:03 - 00008192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\gpuenergydrv.sys
2015-12-09 08:46 - 2015-12-01 09:54 - 00771072 _____ (Microsoft Corporation) C:\Windows\system32\Chakradiag.dll
2015-12-09 08:46 - 2015-12-01 09:51 - 07523840 _____ (Microsoft Corporation) C:\Windows\system32\Chakra.dll
2015-12-09 08:46 - 2015-12-01 09:49 - 04792320 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-12-09 08:46 - 2015-12-01 09:02 - 03580416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-12-09 08:46 - 2015-12-01 08:59 - 05455360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Chakra.dll
2015-12-09 08:46 - 2015-11-25 09:42 - 04532304 _____ (Microsoft Corporation) C:\Windows\explorer.exe
2015-12-09 08:46 - 2015-11-25 09:42 - 00168288 _____ (Microsoft Corporation) C:\Windows\system32\NetworkUXBroker.exe
2015-12-09 08:46 - 2015-11-25 09:41 - 01822280 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-12-09 08:46 - 2015-11-25 09:40 - 00516448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBHUB3.SYS
2015-12-09 08:46 - 2015-11-25 09:33 - 03622272 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-12-09 08:46 - 2015-11-25 09:32 - 00113184 _____ (Microsoft Corporation) C:\Windows\system32\userenv.dll
2015-12-09 08:46 - 2015-11-25 09:27 - 01366680 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll
2015-12-09 08:46 - 2015-11-25 09:12 - 04047288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
2015-12-09 08:46 - 2015-11-25 09:11 - 01532984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-12-09 08:46 - 2015-11-25 09:09 - 01310880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll
2015-12-09 08:46 - 2015-11-25 09:01 - 02879024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-12-09 08:46 - 2015-11-25 08:59 - 00092992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\userenv.dll
2015-12-09 08:46 - 2015-11-25 08:49 - 01569280 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Globalization.dll
2015-12-09 08:46 - 2015-11-25 08:49 - 00498688 _____ (Microsoft Corporation) C:\Windows\system32\WlanMediaManager.dll
2015-12-09 08:46 - 2015-11-25 08:49 - 00467456 _____ (Microsoft Corporation) C:\Windows\system32\MBMediaManager.dll
2015-12-09 08:46 - 2015-11-25 08:49 - 00270336 _____ (Microsoft Corporation) C:\Windows\system32\RasMediaManager.dll
2015-12-09 08:46 - 2015-11-25 08:48 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\EthernetMediaManager.dll
2015-12-09 08:46 - 2015-11-25 08:48 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\DAMediaManager.dll
2015-12-09 08:46 - 2015-11-25 08:37 - 02350592 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2015-12-09 08:46 - 2015-11-25 08:36 - 01710592 _____ (Microsoft Corporation) C:\Windows\system32\SRHInproc.dll
2015-12-09 08:46 - 2015-11-25 08:36 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usb8023.sys
2015-12-09 08:46 - 2015-11-25 08:35 - 00929792 _____ (Microsoft Corporation) C:\Windows\system32\SRH.dll
2015-12-09 08:46 - 2015-11-25 08:35 - 00845824 _____ (Microsoft Corporation) C:\Windows\system32\Magnify.exe
2015-12-09 08:46 - 2015-11-25 08:31 - 00121344 _____ (Microsoft Corporation) C:\Windows\system32\DAMM.dll
2015-12-09 08:46 - 2015-11-25 08:30 - 00171008 _____ (Microsoft Corporation) C:\Windows\system32\dot3mm.dll
2015-12-09 08:46 - 2015-11-25 08:30 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rmcast.sys
2015-12-09 08:46 - 2015-11-25 08:30 - 00080896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hdaudbus.sys
2015-12-09 08:46 - 2015-11-25 08:29 - 01649152 _____ (Microsoft Corporation) C:\Windows\system32\comsvcs.dll
2015-12-09 08:46 - 2015-11-25 08:29 - 00355328 _____ (Microsoft Corporation) C:\Windows\system32\ninput.dll
2015-12-09 08:46 - 2015-11-25 08:28 - 00572928 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-12-09 08:46 - 2015-11-25 08:28 - 00523776 _____ (Microsoft Corporation) C:\Windows\system32\catsrvut.dll
2015-12-09 08:46 - 2015-11-25 08:27 - 02180608 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentServer.dll
2015-12-09 08:46 - 2015-11-25 08:26 - 00849408 _____ (Microsoft Corporation) C:\Windows\system32\comdlg32.dll
2015-12-09 08:46 - 2015-11-25 08:26 - 00181760 _____ (Microsoft Corporation) C:\Windows\system32\shutdownux.dll
2015-12-09 08:46 - 2015-11-25 08:25 - 00324096 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-12-09 08:46 - 2015-11-25 08:25 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\profext.dll
2015-12-09 08:46 - 2015-11-25 08:23 - 03588096 _____ (Microsoft Corporation) C:\Windows\system32\win32kfull.sys
2015-12-09 08:46 - 2015-11-25 08:23 - 00587776 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-12-09 08:46 - 2015-11-25 08:22 - 01383424 _____ (Microsoft Corporation) C:\Windows\system32\win32kbase.sys
2015-12-09 08:46 - 2015-11-25 08:22 - 00603648 _____ (Microsoft Corporation) C:\Windows\system32\duser.dll
2015-12-09 08:46 - 2015-11-25 08:22 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\kbdgeoqw.dll
2015-12-09 08:46 - 2015-11-25 08:22 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDAZST.DLL
2015-12-09 08:46 - 2015-11-25 08:22 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDAZEL.DLL
2015-12-09 08:46 - 2015-11-25 08:22 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDAZE.DLL
2015-12-09 08:46 - 2015-11-25 08:19 - 01795584 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentExtensions.dll
2015-12-09 08:46 - 2015-11-25 08:19 - 00185344 _____ (Microsoft Corporation) C:\Windows\system32\psmsrv.dll
2015-12-09 08:46 - 2015-11-25 08:18 - 01233920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Globalization.dll
2015-12-09 08:46 - 2015-11-25 08:17 - 00774656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SRH.dll
2015-12-09 08:46 - 2015-11-25 08:16 - 01442816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SRHInproc.dll
2015-12-09 08:46 - 2015-11-25 08:16 - 00786432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Magnify.exe
2015-12-09 08:46 - 2015-11-25 08:13 - 02153984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2015-12-09 08:46 - 2015-11-25 08:11 - 00296960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ninput.dll
2015-12-09 08:46 - 2015-11-25 08:10 - 01328128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comsvcs.dll
2015-12-09 08:46 - 2015-11-25 08:10 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-12-09 08:46 - 2015-11-25 08:10 - 00415744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\catsrvut.dll
2015-12-09 08:46 - 2015-11-25 08:08 - 00749568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comdlg32.dll
2015-12-09 08:46 - 2015-11-25 08:07 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\profext.dll
2015-12-09 08:46 - 2015-11-25 08:04 - 01467392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\GdiPlus.dll
2015-12-09 08:46 - 2015-11-25 08:04 - 00480768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\duser.dll
2015-12-09 08:46 - 2015-11-25 08:04 - 00474624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-12-09 08:46 - 2015-11-25 08:04 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kbdgeoqw.dll
2015-12-09 08:46 - 2015-11-25 08:04 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDAZST.DLL
2015-12-09 08:46 - 2015-11-25 08:04 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDAZEL.DLL
2015-12-09 08:46 - 2015-11-25 08:04 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDAZE.DLL
2015-12-09 08:46 - 2015-11-25 06:52 - 00775312 _____ C:\Windows\SysWOW64\locale.nls
2015-12-09 08:46 - 2015-11-25 06:52 - 00775312 _____ C:\Windows\system32\locale.nls
2015-12-08 20:58 - 2015-12-08 20:58 - 00000000 ____D C:\Users\FAISAL\AppData\Local\ElevatedDiagnostics
2015-11-29 15:10 - 2015-12-01 15:07 - 00000000 ____D C:\KMPlayer
2015-11-27 15:14 - 2015-11-27 15:14 - 00000000 ____D C:\Users\FAISAL\AppData\LocalLow\Adobe
2015-11-27 15:14 - 2015-11-27 15:14 - 00000000 ____D C:\Users\FAISAL\AppData\Local\CEF
2015-11-26 23:00 - 2015-12-23 22:25 - 00002445 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2015-11-26 23:00 - 2015-11-27 19:51 - 00003972 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2015-11-26 22:59 - 2015-11-26 22:59 - 00000000 ____D C:\Program Files (x86)\Adobe
2015-11-26 22:58 - 2015-11-27 15:16 - 00000000 ____D C:\ProgramData\Adobe
2015-11-26 22:50 - 2015-11-27 15:14 - 00000000 ____D C:\Users\FAISAL\AppData\Local\Adobe
2015-11-24 17:18 - 2015-11-24 17:18 - 00000000 ____D C:\Users\FAISAL\AppData\Local\MediaShow
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-12-24 10:53 - 2015-07-10 13:05 - 00000000 ____D C:\Windows
2015-12-24 10:39 - 2015-11-08 18:55 - 00004166 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{A83C30DF-14DC-4A2C-88A4-9BB9B9C2A016}
2015-12-24 10:33 - 2015-10-10 11:03 - 00000000 __SHD C:\Users\FAISAL\IntelGraphicsProfiles
2015-12-24 10:32 - 2015-10-10 11:03 - 00000000 ____D C:\Users\FAISAL
2015-12-24 10:32 - 2015-10-10 11:02 - 00000180 _____ C:\Windows\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2015-12-24 10:32 - 2015-07-10 16:21 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-12-23 22:25 - 2015-11-09 09:06 - 00002491 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint 2016.lnk
2015-12-23 22:25 - 2015-11-09 09:06 - 00002455 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access 2016.lnk
2015-12-23 22:25 - 2015-11-09 09:06 - 00002448 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook 2016.lnk
2015-12-23 22:25 - 2015-11-09 09:06 - 00002442 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher 2016.lnk
2015-12-23 22:25 - 2015-11-09 09:06 - 00002434 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk
2015-12-23 22:25 - 2015-10-10 11:07 - 00002375 _____ C:\Users\FAISAL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2015-12-23 22:24 - 2015-11-08 15:51 - 00001329 _____ C:\Users\FAISAL\Desktop\Cisco Packet Tracer Student.lnk
2015-12-23 22:24 - 2015-08-19 15:26 - 00002194 _____ C:\ProgramData\Microsoft\Windows\Start Menu\WinZip.lnk
2015-12-23 22:22 - 2015-08-19 15:27 - 00000000 ____D C:\Program Files (x86)\WildGames
2015-12-23 22:22 - 2015-07-10 14:55 - 00000000 ____D C:\Windows\CbsTemp
2015-12-23 22:21 - 2015-07-10 13:05 - 00262144 ___SH C:\Windows\system32\config\BBI
2015-12-23 20:37 - 2015-07-10 15:02 - 00000000 ____D C:\Windows\INF
2015-12-23 15:28 - 2015-11-08 17:44 - 00000000 ____D C:\Users\FAISAL\Documents\musthafa
2015-12-23 14:02 - 2015-11-08 09:04 - 00000000 ____D C:\Users\FAISAL\AppData\Local\Google
2015-12-23 11:49 - 2015-10-10 11:03 - 00000000 ____D C:\Users\FAISAL\AppData\Local\Packages
2015-12-23 11:17 - 2015-08-19 15:27 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-12-23 10:36 - 2015-07-10 15:04 - 00000000 ____D C:\Windows\AppReadiness
2015-12-23 10:28 - 2015-10-30 13:25 - 00000000 ___HD C:\$WINDOWS.~BT
2015-12-23 10:23 - 2015-08-15 02:07 - 00000000 ____D C:\Windows\Panther
2015-12-22 16:17 - 2015-07-10 16:20 - 00340672 _____ C:\Windows\system32\FNTCACHE.DAT
2015-12-22 15:19 - 2015-07-10 17:16 - 00000000 ____D C:\Windows\ShellNew
2015-12-22 15:19 - 2015-07-10 15:04 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2015-12-22 15:17 - 2015-07-10 15:04 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2015-12-22 15:13 - 2015-07-10 15:04 - 00000199 _____ C:\Windows\win.ini
2015-12-22 15:13 - 2015-07-10 15:04 - 00000000 ____D C:\Program Files\Common Files\System
2015-12-22 15:11 - 2015-08-19 15:38 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2015-12-22 07:42 - 2015-06-26 23:58 - 00087944 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klwfp.sys
2015-12-22 07:42 - 2015-06-08 19:43 - 00041352 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klpd.sys
2015-12-22 07:21 - 2015-07-10 15:04 - 00000000 ___HD C:\Program Files\WindowsApps
2015-12-21 22:43 - 2015-07-10 13:05 - 00032768 ___SH C:\Windows\system32\config\ELAM
2015-12-21 22:42 - 2015-07-10 15:04 - 00000000 ___HD C:\Windows\ELAMBKUP
2015-12-21 22:10 - 2015-10-15 09:56 - 00000000 ____D C:\Windows\System32\Tasks\McAfee
2015-12-21 21:37 - 2015-08-19 14:42 - 00000000 __RHD C:\Users\Public\AccountPictures
2015-12-12 20:04 - 2015-08-19 14:34 - 00875126 _____ C:\Windows\system32\PerfStringBackup.INI
2015-12-12 15:28 - 2015-07-10 15:04 - 00000000 ____D C:\Windows\system32\oobe
2015-12-11 13:32 - 2015-10-10 11:06 - 00000000 ____D C:\Users\FAISAL\AppData\Local\Toshiba
2015-12-11 09:38 - 2015-10-10 11:07 - 00000000 ___RD C:\Users\FAISAL\OneDrive
2015-12-09 09:40 - 2015-08-19 15:08 - 04342936 _____ (Qualcomm Atheros Communications, Inc.) C:\Windows\system32\Drivers\athw10x.sys
2015-12-09 09:38 - 2015-10-16 09:21 - 00000000 ____D C:\Windows\system32\MRT
2015-12-09 09:28 - 2015-10-16 09:21 - 140158008 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-12-09 07:39 - 2015-11-09 15:14 - 00301728 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-12-06 22:27 - 2014-08-06 16:29 - 00000000 ____D C:\Users\FAISAL\Desktop\DesktopSupportEngineers(Microsoft)Questions
2015-12-01 04:32 - 2015-07-10 15:06 - 00826872 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-12-01 04:32 - 2015-07-10 15:06 - 00176632 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-11-27 15:14 - 2015-10-10 11:03 - 00000000 ____D C:\Users\FAISAL\AppData\Roaming\Adobe
 
==================== Files in the root of some directories =======
 
2015-11-16 19:15 - 2015-11-16 19:17 - 0007597 _____ () C:\Users\FAISAL\AppData\Local\resmon.resmoncfg
2015-08-19 15:00 - 2015-08-19 15:00 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-12-14 08:05
 
==================== End of FRST.txt ============================

=============================

 

 

 

 

==============

Additional scan result of Farbar Recovery Scan Tool (x64) Version:23-12-2015
Ran by FAISAL (2015-12-24 10:55:23)
Running from C:\Users\FAISAL\Downloads
Windows 10 Home Single Language (X64) (2015-10-10 07:01:30)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-3975837588-78564851-2815030472-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3975837588-78564851-2815030472-503 - Limited - Disabled)
FAISAL (S-1-5-21-3975837588-78564851-2815030472-1001 - Administrator - Enabled) => C:\Users\FAISAL
Guest (S-1-5-21-3975837588-78564851-2815030472-501 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Kaspersky Anti-Virus (Enabled - Up to date) {B41C7598-35F6-4D89-7D0E-7ADE69B4047B}
AS: Kaspersky Anti-Virus (Enabled - Up to date) {0F7D947C-13CC-4207-47BE-41AC12334EC6}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.009.20079 - Adobe Systems Incorporated)
Bluetooth® Link (HKLM\...\{3F3DCC8C-2C93-4082-A6DE-BBDC74804FA0}) (Version: 4.3.03 - Toshiba Corporation)
CCleaner (HKLM\...\CCleaner) (Version: 5.13 - Piriform)
Cisco Packet Tracer 6.2 Student (HKLM-x32\...\Cisco Packet Tracer 6.2 Student_is1) (Version:  - Cisco Systems, Inc.)
CyberLink MediaStory (HKLM-x32\...\InstallShield_{55762F9A-FCE3-45d5-817B-051218658423}) (Version: 1.0.3113 - CyberLink Corp.)
CyberLink PhotoDirector 5 (HKLM-x32\...\InstallShield_{5A454EC5-217A-42a5-8CE1-2DDEC4E70E01}) (Version: 5.0.6312.0 - CyberLink Corp.)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.0.5311 - CyberLink Corp.)
CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.5509.05 - CyberLink Corp.)
CyberLink WaveEditor 2 (HKLM-x32\...\InstallShield_{324F76CC-D8DD-4D87-B77D-D4AF5E1AA7B3}) (Version: 2.0.0.5620 - CyberLink Corp.)
Evernote v. 5.8.8 (HKLM-x32\...\{CD252A60-0965-11E5-B3A2-00505695D7B0}) (Version: 5.8.8.7837 - Evernote Corp.)
Get Dropbox (HKLM-x32\...\{597A58EC-42D6-4940-8739-FB94491B013C}) (Version: 1.0.8.0 - Dropbox, Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 47.0.2526.106 - Google Inc.)
Google Update Helper (x32 Version: 1.3.29.1 - Google Inc.) Hidden
Intel® Chipset Device Software (x32 Version: 10.1.1.8 - Intel® Corporation) Hidden
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.0.1153 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.14.4112 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 14.5.0.1081 - Intel Corporation)
Kaspersky Anti-Virus (HKLM-x32\...\InstallWIX_{77E7AE5C-181C-4CAF-ADBF-946F11C1CE26}) (Version: 16.0.0.614 - Kaspersky Lab)
Kaspersky Anti-Virus (x32 Version: 16.0.0.614 - Kaspersky Lab) Hidden
KMPlayer (HKLM-x32\...\The KMPlayer) (Version: 3.9.1.138 - PandoraTV)
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUSR) (Version: 15.0.4420.1017 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Mozilla Firefox 43.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 43.0.1 (x86 en-US)) (Version: 43.0.1 - Mozilla)
Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 10.0.0.0 - Qualcomm Atheros)
Qualcomm Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm Atheros)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.10130.29089 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.1.505.2015 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7592 - Realtek Semiconductor Corp.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.16.3 - Synaptics Incorporated)
TOSHIBA Audio Enhancement (HKLM\...\{1515F5E3-29EA-4CD1-A981-032D88880F09}) (Version: 2.0.18.3 - Toshiba Corporation)
TOSHIBA Display Utility (HKLM\...\{0B39C39A-3ECE-4582-9C91-842D22819A24}) (Version: 2.0.1.0 - Toshiba Corporation)
TOSHIBA eco Utility (HKLM\...\{72EFCFA8-3923-451D-AF52-7CE9D87BC2A1}) (Version: 3.0.1.6403 - Toshiba Corporation)
TOSHIBA Flash Cards Support Utility (HKLM-x32\...\InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}) (Version: 2.51.10.3 - Toshiba Corporation)
TOSHIBA Manuals (HKLM-x32\...\{90FF4432-21B7-4AF6-BA6E-FB8C1FED9173}) (Version: 10.20 - TOSHIBA)
TOSHIBA Password Utility (HKLM-x32\...\InstallShield_{59358FD4-252B-4B38-AB81-955C491A494F}) (Version: 2.0.0.26 - Toshiba Corporation)
TOSHIBA Product Improvement Program (HKLM\...\{FB721B5D-3B72-4264-9CF3-D69F4798DB1E}) (Version: 1.00.01.6401 - Toshiba Corporation)
TOSHIBA Service Station (HKLM\...\{EDC626BA-3E59-44C4-96B4-9066E29BF600}) (Version: 3.1.0.2 - Toshiba Corporation)
TOSHIBA System Driver (HKLM-x32\...\{1E6A96A1-2BAB-43EF-8087-30437593C66C}) (Version: 2.00.0005 - Toshiba Corporation)
TOSHIBA System Settings (HKLM\...\{B040D5C9-C9AA-430A-A44E-696656012E61}) (Version: 3.0.0.6406 - Toshiba Corporation)
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
Utility Common Driver (x32 Version: 1.0.54.2 - Compal) Hidden
WinZip 19.5 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240EB}) (Version: 19.5.11475 - WinZip Computing, S.L. )
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-3975837588-78564851-2815030472-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\FAISAL\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\FileCoAuth.exe (Microsoft Corporation)
 
==================== Restore Points =========================
 
22-12-2015 09:13:46 Revo Uninstaller Pro's restore point - Google Chrome
22-12-2015 16:28:30 2020
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2015-07-10 15:04 - 2015-12-21 20:56 - 00000931 ____A C:\Windows\system32\Drivers\etc\hosts
 
127.0.0.1       down.baidu2016.com
127.0.0.1       123.sogou.com
127.0.0.1       www.czzsyzgm.com
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {17ED0673-5C67-4D6D-8766-99B34EB6340D} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2015-12-09] (Microsoft Corporation)
Task: {3A55C178-DC28-45F3-9B0A-58CB1B80EB4A} - System32\Tasks\DropboxOEM => C:\Program Files (x86)\Dropbox\DropboxOEM\DropboxOEM.exe [2015-05-29] ()
Task: {432DA64C-315D-4FDC-82EF-6DE100BA3030} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-10-28] (Adobe Systems Incorporated)
Task: {57062EB8-073A-44EA-A672-E7823757B290} - \psv_Coftough -> No File <==== ATTENTION
Task: {62AAD765-52FB-42F6-93E5-96089625EC75} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2012-10-01] (Microsoft Corporation)
Task: {6AE0C921-779F-43F9-8D97-81A150EA6FB7} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)
Task: {6DF69921-8805-4DE6-B5CB-3095567D36EE} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-12-23] (Google Inc.)
Task: {6EBC8095-3CDB-4C80-85CE-0B7BEAC73E38} - System32\Tasks\{38B7EB12-01EF-4C18-BF61-CDE0E7933503} => pcalua.exe -a C:\Users\FAISAL\Downloads\clcl112_eng.exe -d C:\Users\FAISAL\Downloads
Task: {9C40533A-B476-4889-875F-54947625F8D7} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2015-10-15] (Realtek Semiconductor)
Task: {A836DCD2-0BC9-4896-BDE1-0BB389EB79D2} - \psv_StrongSoft -> No File <==== ATTENTION
Task: {A8A59D0E-806A-4DCB-A763-0F655FC04654} - \psv_Stockair -> No File <==== ATTENTION
Task: {B320EA33-40E6-4E1F-9F4D-A2C00061E6C0} - System32\Tasks\Microsoft Office 15 Sync Maintenance for LAPTOP-B5I21MR1-FAISAL LAPTOP-B5I21MR1 => C:\Program Files\Microsoft Office\Office15\MsoSync.exe [2012-10-01] (Microsoft Corporation)
Task: {B36E3556-0264-492C-B6CF-C7AD5F0910D1} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-12-23] (Google Inc.)
Task: {C57E6E3F-F109-4491-8B34-6E1F7F25041A} - \psv_TouchDamcom -> No File <==== ATTENTION
Task: {C83A01AC-8415-4EB2-BF12-7E1E30C934EE} - System32\Tasks\BTSchedulerTask => C:\Program Files (x86)\TOSHIBA\Toshiba Bluetooth Device Profile Utility\TosBt_NotificationScheduler.exe [2015-07-08] (Toshiba Corporation)
Task: {CD29CF36-6318-4A33-8361-318714F21F8F} - System32\Tasks\{616FB10E-2682-45E4-B3D6-EA3A4BBFC33B} => pcalua.exe -a C:\Users\FAISAL\AppData\Roaming\istartpageing\UninstallManager.exe -c  -ptid=cmi
Task: {D00093E5-BF3C-4448-ABC8-3EE7102A998F} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-12-08] (Piriform Ltd)
Task: {F0C2FC8E-9B96-43BD-B56B-AF25C3DEB526} - System32\Tasks\TOSHIBA\Service Station => C:\Program Files\TOSHIBA\Toshiba Service Station\ToshibaServiceStation.exe [2015-07-15] (TOSHIBA Corporation)
Task: {F1958F0C-3000-4437-B6A6-B5267826FD4E} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)
Task: {FCEE23F0-5463-47BD-9B59-383B1E18DD7C} - System32\Tasks\Resolution+ Setting Task => C:\Program Files\Toshiba\TOSHIBA Smart View Utility\Plugins\ResolutionPlus\TosRegPermissionChg.exe [2015-06-12] (TOSHIBA Corporation)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
==================== Loaded Modules (Whitelisted) ==============
 
2015-08-09 08:29 - 2015-08-09 08:29 - 00032768 _____ () C:\Windows\SYSTEM32\licensemanagerapi.dll
2015-10-16 09:09 - 2015-08-11 13:14 - 00404480 _____ () C:\Windows\System32\diagtrack_wininternal.dll
2015-10-16 09:09 - 2015-09-17 10:48 - 02494712 _____ () C:\Windows\system32\CoreUIComponents.dll
2015-10-16 09:09 - 2015-09-17 10:48 - 02494712 _____ () C:\Windows\System32\CoreUIComponents.dll
2015-03-12 10:50 - 2015-10-15 10:26 - 00396688 _____ () C:\Windows\system32\igfxTray.exe
2015-10-16 09:09 - 2015-09-17 09:48 - 00429056 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2015-07-10 14:59 - 2015-07-10 14:59 - 00143360 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\XamlTileRendering.dll
2012-07-18 20:38 - 2012-07-18 20:38 - 00020904 _____ () C:\Program Files\TOSHIBA\System Setting\SmoothView.dll
2015-12-09 08:47 - 2015-11-25 08:20 - 06569472 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2015-12-09 08:46 - 2015-11-25 08:17 - 00471040 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2015-12-09 08:46 - 2015-11-25 08:17 - 01808384 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2015-10-16 09:09 - 2015-09-17 09:43 - 02274816 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2015-07-10 15:00 - 2015-07-10 17:15 - 00210432 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.ProxyStub.dll
2015-07-08 23:18 - 2015-07-08 23:18 - 00794920 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 16.0.0\kpcengine.2.3.dll
2012-10-01 20:37 - 2012-10-01 20:37 - 06522480 _____ () C:\Program Files (x86)\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2015-12-23 14:02 - 2015-12-11 07:54 - 01583432 _____ () C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.106\libglesv2.dll
2015-12-23 14:02 - 2015-12-11 07:54 - 00081224 _____ () C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.106\libegl.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfemms => ""="Service"
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-3975837588-78564851-2815030472-1001\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\toshiba\toshiba1.jpg
DNS Servers: 213.42.20.20 - 195.229.241.222
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
HKLM\...\StartupApproved\StartupFolder: => "FAH.lnk"
HKLM\...\StartupApproved\StartupFolder: => "WinZip Preloader.lnk"
HKLM\...\StartupApproved\Run32: => "CLMLServer_For_P2G8"
HKLM\...\StartupApproved\Run32: => "CLVirtualDrive"
HKU\S-1-5-21-3975837588-78564851-2815030472-1001\...\StartupApproved\Run: => "OneDrive"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{624CD17B-3FD7-48BD-ACD4-1CA33D3D7902}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD Cinema\PowerDVDCinema12.exe
FirewallRules: [TCP Query User{EB6FE991-BA82-4A7F-9B6B-841AB989DEFC}C:\program files (x86)\cisco packet tracer 6.2sv\bin\packettracer6.exe] => (Allow) C:\program files (x86)\cisco packet tracer 6.2sv\bin\packettracer6.exe
FirewallRules: [uDP Query User{ADBAA491-6562-4E02-B4C8-F2D78D77C07C}C:\program files (x86)\cisco packet tracer 6.2sv\bin\packettracer6.exe] => (Allow) C:\program files (x86)\cisco packet tracer 6.2sv\bin\packettracer6.exe
FirewallRules: [{AC26F470-B05E-42A1-AF75-1560B8B8A62E}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{4676E2AF-8EAE-4C76-8CDB-B4FB74CFF7B2}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{DC5B7ADD-3A68-4D97-BC13-CCF22767124A}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (12/24/2015 10:37:18 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: TPCHWMsg.exe, version: 2.0.0.5, time stamp: 0x559f7d2c
Faulting module name: RtCOM64.dll_unloaded, version: 2.0.0.175, time stamp: 0x55d5c0e5
Exception code: 0xc0000005
Fault offset: 0x0000000000021d07
Faulting process id: 0x1ea4
Faulting application start time: 0xTPCHWMsg.exe0
Faulting application path: TPCHWMsg.exe1
Faulting module path: TPCHWMsg.exe2
Report Id: TPCHWMsg.exe3
Faulting package full name: TPCHWMsg.exe4
Faulting package-relative application ID: TPCHWMsg.exe5
 
Error: (12/24/2015 10:35:28 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: LAPTOP-B5I21MR1)
Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (12/24/2015 10:35:28 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program SearchUI.exe version 10.0.10240.16603 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
 
Process ID: 16a4
 
Start Time: 01d13e14facf2cf9
 
Termination Time: 4294967295
 
Application Path: C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
 
Report Id: 4a345608-aa08-11e5-9be8-1c39470072ec
 
Faulting package full name: Microsoft.Windows.Cortana_1.4.8.176_neutral_neutral_cw5n1h2txyewy
 
Faulting package-relative application ID: CortanaUI
 
Error: (12/24/2015 10:33:35 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2486) (User: LAPTOP-B5I21MR1)
Description: App Microsoft.Windows.Cortana_1.4.8.176_neutral_neutral_cw5n1h2txyewy+CortanaUI did not launch within its allotted time.
 
Error: (12/23/2015 10:56:02 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: ShellExperienceHost.exe, version: 10.0.10240.16515, time stamp: 0x55fa599a
Faulting module name: StartUI.dll, version: 10.0.10240.16515, time stamp: 0x55fa5463
Exception code: 0x80000003
Fault offset: 0x00000000001c01cb
Faulting process id: 0x1420
Faulting application start time: 0xShellExperienceHost.exe0
Faulting application path: ShellExperienceHost.exe1
Faulting module path: ShellExperienceHost.exe2
Report Id: ShellExperienceHost.exe3
Faulting package full name: ShellExperienceHost.exe4
Faulting package-relative application ID: ShellExperienceHost.exe5
 
Error: (12/23/2015 10:27:31 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: TPCHWMsg.exe, version: 2.0.0.5, time stamp: 0x559f7d2c
Faulting module name: RtCOM64.dll_unloaded, version: 2.0.0.175, time stamp: 0x55d5c0e5
Exception code: 0xc0000005
Fault offset: 0x0000000000021d07
Faulting process id: 0x13f4
Faulting application start time: 0xTPCHWMsg.exe0
Faulting application path: TPCHWMsg.exe1
Faulting module path: TPCHWMsg.exe2
Report Id: TPCHWMsg.exe3
Faulting package full name: TPCHWMsg.exe4
Faulting package-relative application ID: TPCHWMsg.exe5
 
Error: (12/23/2015 08:33:55 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: LAPTOP-B5I21MR1)
Description: Package Microsoft.Windows.Photos_15.1208.10480.0_x64__8wekyb3d8bbwe+App was terminated because it took too long to suspend.
 
Error: (12/23/2015 08:26:25 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: LAPTOP-B5I21MR1)
Description: Package Microsoft.Windows.Photos_15.1208.10480.0_x64__8wekyb3d8bbwe+App was terminated because it took too long to suspend.
 
Error: (12/23/2015 08:14:46 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: LAPTOP-B5I21MR1)
Description: Package Microsoft.Windows.Photos_15.1208.10480.0_x64__8wekyb3d8bbwe+App was terminated because it took too long to suspend.
 
Error: (12/23/2015 08:10:03 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: TPCHWMsg.exe, version: 2.0.0.5, time stamp: 0x559f7d2c
Faulting module name: RtCOM64.dll_unloaded, version: 2.0.0.175, time stamp: 0x55d5c0e5
Exception code: 0xc0000005
Fault offset: 0x0000000000021d07
Faulting process id: 0x1934
Faulting application start time: 0xTPCHWMsg.exe0
Faulting application path: TPCHWMsg.exe1
Faulting module path: TPCHWMsg.exe2
Report Id: TPCHWMsg.exe3
Faulting package full name: TPCHWMsg.exe4
Faulting package-relative application ID: TPCHWMsg.exe5
 
 
System errors:
=============
Error: (12/24/2015 10:31:39 AM) (Source: Microsoft-Windows-Kernel-Boot) (EventID: 29) (User: NT AUTHORITY)
Description: 32212256841182544
 
Error: (12/24/2015 10:32:07 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 10:47:25 PM on ‎12/‎23/‎2015 was unexpected.
 
Error: (12/23/2015 10:26:28 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (12/23/2015 10:26:21 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (12/23/2015 10:26:15 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (12/23/2015 10:21:19 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Sync Host_Session4 service to connect.
 
Error: (12/23/2015 10:21:19 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the User Data Storage_Session4 service to connect.
 
Error: (12/23/2015 10:21:08 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Access_Session4 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
Error: (12/23/2015 10:21:08 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Storage_Session4 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
Error: (12/23/2015 10:21:08 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Contact Data_Session4 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core i5-5200U CPU @ 2.20GHz
Percentage of memory in use: 52%
Total physical RAM: 4010.4 MB
Available physical RAM: 1893.92 MB
Total Virtual: 4714.4 MB
Available Virtual: 2230.05 MB
 
==================== Drives ================================
 
Drive c: (TIH0033400A) (Fixed) (Total:220.9 GB) (Free:171.58 GB) NTFS
Drive f: (New Volume) (Fixed) (Total:244.14 GB) (Free:240.03 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 00000000)
 
Partition: GPT.
 
==================== End of Addition.txt ============================

================

post-196919-0-32862800-1450941039_thumb.

post-196919-0-86654500-1450941040_thumb.

Link to post
Share on other sites

Hello,

    

 

They call me TwinHeadedEagle around here, and I'll try to help your with your issue.

 

     

    

Before we start please read and note the following:

  • We're primarily oriented on malware removal here, so you must know that some issues just cannot be solved and you must be prepared for this. Some tools we use here will remove your browser search history, so backup your important links and all the files whose loss is unacceptable.
  • Note that we may live in totally different time zones, what may cause some delays between answers.
  • Don't run any scripts or tools on your own, unsupervised usage may cause more harm than good.
  • Do not paste the logs in your posts, attachments make my work easier. There is a More reply options button, that gives you Upload Files option below which you can use to attach your reports. Always attach reports from all tools.
  • Always execute my instructions in given order. If for some reason you cannot completely follow one instruction, inform me about that.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
:excl: I can't foresee everything, so if anything not covered in my instructions happens, please stop and inform me!

:excl: There are no silly questions. Never be afraid to ask if in doubt!

 

 

 

  warning.gif Rules and policies

 

We won't support any piracy.

That being told, if any evidence of illegal OS, software, cracks/keygens or any other will be revealed, any further assistance will be suspended. If you are aware that there is this kind of stuff on your machine, remove it before proceeding!

The same applies to any use of P2P software: uTorrent, BitTorrent, Vuze, Kazaa, Ares... We don't provide any help for P2P, except for their removal. All P2P software has to be uninstalled or at least fully disabled before proceeding!

 

Failure to follow these guidelines will result with closing your topic and withdrawning any assistance.

 

 


51a46ae42d560-malwarebytes_anti_malware. Scan with Malwarebytes' Anti-Malware

Please re-run 51a46ae42d560-malwarebytes_anti_malware. Malwarebytes' Anti-Malware.

  • First of all, select update.
  • Once updated, click the Settings tab, in the left panel choose Detection & Protection and tick Scan for rootkits.
  • In the same tab, under PUP and PUM detections make sure it is set to Treat detections as malware
  • Click the Scan tab, choose Threat Scan is checked and click Start Scan.
  • If threats are detected, click the Apply Actions button. You will now be prompted to reboot. Click Yes.
  • Upon completion of the scan (or after the reboot), click the History tab.
  • Click Application Logs and double-click the newest Scan Log.
  • At the bottom click Export and choose Text file.
Save the file to your desktop and upload your next reply.


FRST.gif Scan with Farbar Recovery Scan Tool

 

Please re-run Farbar Recovery Scan Tool to give me a fresh look at your system.

  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.

    (XP users click run after receipt of Windows Security Warning - Open File).

  • Make sure that Addition option is checked.
  • Press Scan button and wait.
  • The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.
Please upload them into your next reply.
Link to post
Share on other sites

  • Root Admin

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.