Jump to content

Windows 10 System Shuts down while running the scan, during heuristic analysis


Kumar

Recommended Posts

Hello Kumar and welcome to Malwarebytes,

My screen name is kevinf80, i`m here to help clean up your system. Make sure to run all scans from accounts with Administrator status, continue as follows please:

Anyone other than the original starter of this thread please DO NOT follow the instructions and advice posted as replies here, my help and advice is NOT related to your system and will probably cause more harm than good...

Change the download folder setting in the Default Browser only. so all of the tools we may use are saved to the Desktop:

user posted imageGoogle Chrome - Click the "Customize and control Google Chrome" button in the upper right-corner of the browser. user posted image
Choose Settings. at the bottom of the screen click the
"Show advanced settings..." link. Scroll down to find the Downloads section and click the Change... button. Select your desktop and click OK.

user posted imageMozilla Firefox - Click the "Open Menu" button in the upper right-corner of the browser. user posted image Choose Options. In the downloads section, click the Browse button, click on the Desktop folder and the click the "Select Folder" button. Click OK to get out of the Options menu.

user posted imageInternet Explorer - Click the Tools menu in the upper right-corner of the browser. user posted image Select View downloads. Select the Options link in the lower left of the window. Click Browse and select the Desktop and then choose the Select Folder button. Click OK to get out of the download options screen and then click Close to get out of the View Downloads screen.
NOTE: IE8 Does not support changing download locations in this manner. You will need to download the tool(s) to the default folder, usually Downloads, then copy them to the desktop.

user posted imageChange default download folder location in Edge -Boot to a user account with admin status, select start > file explorer > right click on "Downloads" folder and select "Properties"

In the new window select "Location" tab > clear the text field box and type in or copy/paste %userprofile%\Desktop > select "Apply" then "OK"

Be aware you are not changing the Browser download folder location, you are changing the user’s download directory location.....

Next,

Follow the instructions in the following link to show hidden files:

http://www.howtogeek.com/howto/windows-vista/show-hidden-files-and-folders-in-windows-vista/

Next,

Download Farbar Recovery Scan Tool and save it to your desktop.

Alternative download option: http://www.techspot.com/downloads/6731-farbar-recovery-scan-tool.html

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

If your security alerts to FRST either, accept the alert or turn your security off to allow FRST to run. It is not malicious or infected in any way...

Be aware FRST must be run from an account with Administrator status...
 
  • Double-click to run it. When the tool opens click Yes to disclaimer.(Windows 8/10 users will be prompted about Windows SmartScreen protection - click More information and Run.)
  • Make sure Addition.txt is checkmarked under "Optional scans"
  • Press Scan button to run the tool....
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The tool will also make a log named (Addition.txt) Please attach that log to your reply.


Let me see those logs...

Thank you,

Kevin..
Link to post
Share on other sites

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:04-10-2015
Ran by admin (administrator) on DESKTOP-T7EL38F (18-01-2017 10:57:44)
Running from C:\Users\admin\Desktop
Loaded Profiles: admin (Available Profiles: defaultuser0 & admin)
Platform: Windows 10 Pro (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
() C:\Program Files (x86)\Gubed_WMI\Gubed_WMI.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
Failed to access process -> Memory Compression
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler64.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Deskjet 3540 series\Bin\ScanToPCActivationApp.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgent.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [631808 2016-09-07] (Microsoft Corporation)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2776528 2016-12-14] (Malwarebytes)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-09-22] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2565885549-1411879035-1963333558-1001\...\Run: [HP Deskjet 3540 series (NET)] => C:\Program Files\HP\HP Deskjet 3540 series\Bin\ScanToPCActivationApp.exe [3487240 2014-03-06] (Hewlett-Packard Co.)
HKU\S-1-5-21-2565885549-1411879035-1963333558-1001\...\MountPoints2: {0ffc644d-a98d-11e6-a380-e4e616ef3ea0} - "D:\Setup.exe"
Startup: C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Opengoogle - Shortcut.lnk [2016-11-04]
ShortcutTarget: Opengoogle - Shortcut.lnk -> C:\Users\admin\Desktop\Opengoogle.bat ()
GroupPolicyScripts: Restriction <======= ATTENTION
GroupPolicyScripts\User: Restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local: [ActivePolicy] SOFTWARE\Policies\Microsoft\Windows\IPSEC\Policy\Local\ipsecPolicy{1ac9556e-1a35-4fbf-be7f-c07a04c5c56c} <======= ATTENTION (Restriction - IP)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{683d6c98-2eb4-4557-abfe-91322efc5e75}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{dd8ca756-2d76-4373-9d3d-dcf1ae753f4e}: [DhcpNameServer] 192.168.1.1
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-2565885549-1411879035-1963333558-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2012-10-02] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_74\bin\ssv.dll [2016-12-21] (Oracle Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2012-10-02] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2012-10-02] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_74\bin\jp2ssv.dll [2016-12-21] (Oracle Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2012-10-02] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\ssv.dll [2016-11-01] (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2012-10-02] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2012-10-02] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\jp2ssv.dll [2016-11-01] (Oracle Corporation)
Handler: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\System32\tbauth.dll [2016-07-16] (Microsoft Corporation)
Handler-x32: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll [2016-07-16] (Microsoft Corporation)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
Edge:
======
Edge HomeButtonPage: HKU\S-1-5-21-2565885549-1411879035-1963333558-1001 -> hxxp://www.google.com
FireFox:
========
FF ProfilePath: C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\wk1jsp8t.default
FF Homepage: user_pref("browser.startup.homepage", "hxxps://www.malwarebytes.org/restorebrowser/
FF Plugin: @java.com/DTPlugin,version=11.74.2 -> C:\Program Files\Java\jre1.8.0_74\bin\dtplugin\npDeployJava1.dll [2016-12-21] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.74.2 -> C:\Program Files\Java\jre1.8.0_74\bin\plugin2\npjp2.dll [2016-12-21] (Oracle Corporation)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2016-10-06] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\dtplugin\npDeployJava1.dll [2016-11-01] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\plugin2\npjp2.dll [2016-11-01] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2012-10-02] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2012-10-02] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin HKU\S-1-5-21-2565885549-1411879035-1963333558-1001: @citrixonline.com/appdetectorplugin -> C:\Users\admin\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2016-11-22] (Citrix Online)
FF Plugin HKU\S-1-5-21-2565885549-1411879035-1963333558-1001: tdameritrade.com/thinkorswim -> C:\Users\admin\AppData\Local\thinkorswim\npthinkorswim.dll No File
FF Plugin HKU\S-1-5-21-2565885549-1411879035-1963333558-1001: tdameritrade.com/tossc -> C:\Users\admin\AppData\Local\thinkorswim\nptossc.dll No File
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2012-10-02] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Users\admin\AppData\Roaming\mozilla\plugins\npatgpc.dll [2016-11-17] (Cisco WebEx LLC)
FF Extension: Adblock Plus - C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\wk1jsp8t.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-10-11]
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S4 AppVClient; C:\Windows\system32\AppVClient.exe [822624 2016-12-14] (Microsoft Corporation)
S2 CDPUserSvc; C:\Windows\System32\CDPUserSvc.dll [339456 2016-11-11] (Microsoft Corporation)
R2 CDPUserSvc_c3042; C:\Windows\system32\svchost.exe [44496 2016-07-16] (Microsoft Corporation)
R2 CDPUserSvc_c3042; C:\Windows\SysWOW64\svchost.exe [38792 2016-07-16] (Microsoft Corporation)
S2 FirefoxU; C:\Program Files (x86)\Firefox\bin\FirefoxUpdate.exe [523952 2016-10-24] () [File not signed]
S3 FrameServer; C:\Windows\system32\FrameServer.dll [805888 2016-11-02] (Microsoft Corporation)
R2 GubedZL; C:\Program Files (x86)\Gubed\GubedZL.dll [125952 2017-01-16] () [File not signed]
R2 Gubed_WMI; C:\Program Files (x86)\Gubed_WMI\Gubed_WMI.exe [109056 2016-12-23] () [File not signed] <==== ATTENTION
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [31776 2016-12-07] (HP Inc.)
S3 HvHost; C:\Windows\System32\hvhostsvc.dll [67584 2016-07-16] (Microsoft Corporation)
S2 ibtsiva; C:\Program Files (x86)\Intel\Bluetooth\utilities\ibtsiva.exe [150256 2015-07-13] (Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4317648 2016-12-14] (Malwarebytes)
S3 MessagingService; C:\Windows\System32\MessagingService.dll [52224 2016-07-16] (Microsoft Corporation)
S3 MessagingService_c3042; C:\Windows\system32\svchost.exe [44496 2016-07-16] (Microsoft Corporation)
S3 MessagingService_c3042; C:\Windows\SysWOW64\svchost.exe [38792 2016-07-16] (Microsoft Corporation)
R2 OneSyncSvc_c3042; C:\Windows\system32\svchost.exe [44496 2016-07-16] (Microsoft Corporation)
R2 OneSyncSvc_c3042; C:\Windows\SysWOW64\svchost.exe [38792 2016-07-16] (Microsoft Corporation)
S3 PimIndexMaintenanceSvc_c3042; C:\Windows\system32\svchost.exe [44496 2016-07-16] (Microsoft Corporation)
S3 PimIndexMaintenanceSvc_c3042; C:\Windows\SysWOW64\svchost.exe [38792 2016-07-16] (Microsoft Corporation)
S3 RmSvc; C:\Windows\System32\RMapi.dll [140800 2016-09-15] (Microsoft Corporation)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [2889896 2016-09-15] (Microsoft Corporation)
S4 shpamsvc; C:\Windows\system32\Windows.SharedPC.AccountManager.dll [161792 2016-07-16] (Microsoft Corporation)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [10351856 2016-12-15] (TeamViewer GmbH)
S3 TieringEngineService; C:\Windows\system32\TieringEngineService.exe [287744 2016-07-16] (Microsoft Corporation)
R3 TimeBrokerSvc; C:\Windows\System32\TimeBrokerServer.dll [177664 2016-07-16] (Microsoft Corporation)
S4 tzautoupdate; C:\Windows\system32\tzautoupdate.dll [95232 2016-09-07] (Microsoft Corporation)
S4 UevAgentService; C:\Windows\system32\AgentService.exe [1227264 2016-07-16] (Microsoft Corporation)
S3 UnistoreSvc_c3042; C:\Windows\System32\svchost.exe [44496 2016-07-16] (Microsoft Corporation)
S3 UnistoreSvc_c3042; C:\Windows\SysWOW64\svchost.exe [38792 2016-07-16] (Microsoft Corporation)
S3 UserDataSvc_c3042; C:\Windows\system32\svchost.exe [44496 2016-07-16] (Microsoft Corporation)
S3 UserDataSvc_c3042; C:\Windows\SysWOW64\svchost.exe [38792 2016-07-16] (Microsoft Corporation)
S3 vmicrdv; C:\Windows\System32\icsvcext.dll [349696 2016-09-15] (Microsoft Corporation)
S3 vmicvss; C:\Windows\System32\icsvcext.dll [349696 2016-09-15] (Microsoft Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)
S3 wisvc; C:\Windows\system32\flightsettings.dll [635904 2016-11-02] (Microsoft Corporation)
S3 WpnUserService; C:\Windows\System32\WpnUserService.dll [74240 2016-07-16] (Microsoft Corporation)
S3 WpnUserService_c3042; C:\Windows\system32\svchost.exe [44496 2016-07-16] (Microsoft Corporation)
S3 WpnUserService_c3042; C:\Windows\SysWOW64\svchost.exe [38792 2016-07-16] (Microsoft Corporation)
S2 ed2kidle; "C:\Program Files (x86)\amuleC\ed2k.exe" -downloadwhenidle [X]
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 AcpiDev; C:\Windows\System32\drivers\AcpiDev.sys [18432 2016-07-16] (Microsoft Corporation)
S3 applockerfltr; C:\Windows\System32\drivers\applockerfltr.sys [15360 2016-07-16] (Microsoft Corporation)
S3 AppvStrm; C:\Windows\system32\drivers\AppvStrm.sys [127328 2016-09-15] (Microsoft Corporation)
S3 AppvVemgr; C:\Windows\system32\drivers\AppvVemgr.sys [157024 2016-07-16] (Microsoft Corporation)
S3 AppvVfs; C:\Windows\system32\drivers\AppvVfs.sys [141152 2016-07-16] (Microsoft Corporation)
S0 b06bdrv; C:\Windows\System32\drivers\bxvbda.sys [533856 2016-07-16] (QLogic Corporation)
S3 bcmfn; C:\Windows\System32\drivers\bcmfn.sys [9728 2016-07-16] (Windows (R) Win 7 DDK provider)
S3 BthA2DP; C:\Windows\system32\drivers\BthA2DP.sys [168448 2016-09-15] (Microsoft Corporation)
R3 BthHFAud; C:\Windows\system32\DRIVERS\BthHfAud.sys [37376 2016-07-16] (Microsoft Corporation)
S3 cht4iscsi; C:\Windows\System32\drivers\cht4sx64.sys [346976 2016-07-16] (Chelsio Communications)
S3 cht4vbd; C:\Windows\System32\drivers\cht4vx64.sys [2104160 2016-07-16] (Chelsio Communications)
R2 clreg; C:\Windows\System32\drivers\registry.sys [70144 2016-07-16] (Microsoft Corporation)
S3 hvservice; C:\Windows\System32\drivers\hvservice.sys [73568 2016-08-06] (Microsoft Corporation)
S3 iagpio; C:\Windows\System32\drivers\iagpio.sys [33280 2016-07-16] (Intel(R) Corporation)
S3 iai2c; C:\Windows\System32\drivers\iai2c.sys [81408 2016-07-16] (Intel(R) Corporation)
S3 iaLPSS2i_GPIO2; C:\Windows\System32\drivers\iaLPSS2i_GPIO2.sys [64512 2016-07-16] (Intel Corporation)
S3 iaLPSS2i_I2C; C:\Windows\System32\drivers\iaLPSS2i_I2C.sys [176384 2016-07-16] (Intel Corporation)
S3 IndirectKmd; C:\Windows\System32\drivers\IndirectKmd.sys [35840 2016-07-16] (Microsoft Corporation)
R0 iorate; C:\Windows\System32\drivers\iorate.sys [48992 2016-11-02] (Microsoft Corporation)
R0 MBAMSwissArmy; C:\Windows\System32\drivers\MBAMSwissArmy.sys [250816 2017-01-18] (Malwarebytes)
S0 megasas2i; C:\Windows\System32\drivers\MegaSas2i.sys [64352 2016-10-05] (Avago Technologies)
S3 MsSecFlt; C:\Windows\System32\drivers\mssecflt.sys [179040 2016-07-16] (Microsoft Corporation)
S3 NetAdapterCx; C:\Windows\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
S0 percsas2i; C:\Windows\System32\drivers\percsas2i.sys [58720 2016-07-16] (Avago Technologies)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [589824 2016-07-16] (Realtek                                            )
S0 scmbus; C:\Windows\System32\drivers\scmbus.sys [88416 2016-07-16] (Microsoft Corporation)
S3 scmdisk0101; C:\Windows\System32\drivers\scmdisk0101.sys [123904 2016-07-16] (Microsoft Corporation)
S3 UcmTcpciCx0101; C:\Windows\System32\Drivers\UcmTcpciCx.sys [108544 2016-07-16] (Microsoft Corporation)
S3 UdeCx; C:\Windows\System32\drivers\udecx.sys [45568 2016-07-16] (Microsoft Corporation)
S4 UevAgentDriver; C:\Windows\system32\drivers\UevAgentDriver.sys [40288 2016-07-16] (Microsoft Corporation)
S3 vmgid; C:\Windows\System32\drivers\vmgid.sys [10240 2016-07-16] (Microsoft Corporation)
R0 volume; C:\Windows\System32\drivers\volume.sys [16224 2016-07-16] (Microsoft Corporation)
R2 wcifs; C:\Windows\system32\drivers\wcifs.sys [119648 2016-09-15] (Microsoft Corporation)
R2 wcnfs; C:\Windows\system32\drivers\wcnfs.sys [66560 2016-07-16] (Microsoft Corporation)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
NETSVC: shpamsvc -> C:\Windows\system32\Windows.SharedPC.AccountManager.dll (Microsoft Corporation)
NETSVC: WpnService -> C:\Windows\system32\WpnService.dll (Microsoft Corporation)
NETSVC: wisvc -> C:\Windows\system32\flightsettings.dll (Microsoft Corporation)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-01-18 10:57 - 2017-01-18 10:58 - 00019014 _____ C:\Users\admin\Desktop\FRST.txt
2017-01-18 10:57 - 2017-01-18 10:57 - 00000000 ____D C:\FRST
2017-01-18 10:56 - 2017-01-18 10:57 - 02193920 _____ (Farbar) C:\Users\admin\Desktop\FRST64.exe
2017-01-18 10:50 - 2016-12-26 11:27 - 00022016 _____ C:\Users\admin\Desktop\tt0202.xls
2017-01-18 10:50 - 2016-12-21 22:40 - 00955904 _____ C:\Users\admin\Desktop\VRS16 X 2003.xls
2017-01-18 10:50 - 2016-11-23 12:53 - 00061003 _____ C:\Users\admin\Desktop\Valuing Oil Stocks with the Graham Number.xlsm
2017-01-18 10:50 - 2016-11-16 17:35 - 79029520 _____ (WhatsApp) C:\Users\admin\Desktop\WhatsAppSetup.exe
2017-01-18 10:50 - 2016-11-16 17:35 - 79029520 _____ (WhatsApp) C:\Users\admin\Desktop\Unconfirmed 52640.crdownload
2017-01-18 10:50 - 2016-11-16 16:41 - 24743106 _____ C:\Users\admin\Desktop\vlc-setup-win.exe
2017-01-18 10:50 - 2016-11-05 21:26 - 00069710 _____ C:\Users\admin\Desktop\Valuing-Oil-Stocks-with-the-Graham-Number.zip
2017-01-18 10:50 - 2016-10-21 16:03 - 10841720 _____ (TeamViewer GmbH) C:\Users\admin\Desktop\TeamViewer_Setup_en-sbv.exe
2017-01-18 10:50 - 2016-10-17 13:19 - 06544056 _____ (Intel(R) Corporation) C:\Users\admin\Desktop\WP-BT_17.1.1529.1613_t64(1).exe
2017-01-18 10:50 - 2016-10-15 17:30 - 06544056 _____ (Intel(R) Corporation) C:\Users\admin\Desktop\WP-BT_17.1.1529.1613_t64.exe
2017-01-18 10:50 - 2016-10-13 20:34 - 30072320 _____ C:\Users\admin\Desktop\TradeTigerSetup.msi
2017-01-18 10:49 - 2017-01-18 10:50 - 00000000 ____D C:\Users\admin\Desktop\OptionProbabilityCalculator
2017-01-18 10:49 - 2017-01-17 13:49 - 54199488 _____ (Malwarebytes ) C:\Users\admin\Desktop\mb3-setup-consumer-3.0.5.1299.exe
2017-01-18 10:49 - 2017-01-15 23:17 - 00352436 _____ C:\Users\admin\Desktop\google.csv
2017-01-18 10:49 - 2017-01-15 17:16 - 00243552 _____ C:\Users\admin\Desktop\Firefox Setup Stub 50.1.0.exe
2017-01-18 10:49 - 2017-01-15 16:38 - 16146725 _____ C:\Users\admin\Desktop\pi.zip
2017-01-18 10:49 - 2017-01-10 23:26 - 01065376 _____ (Google Inc.) C:\Users\admin\Desktop\GoogleEarthSetup.exe
2017-01-18 10:49 - 2016-12-27 20:52 - 00113079 _____ C:\Users\admin\Desktop\DELHI (1).xlsx
2017-01-18 10:49 - 2016-12-27 19:58 - 00065024 _____ C:\Users\admin\Desktop\fiscal-calendar-2017-portrait-6-months-blocks.xls
2017-01-18 10:49 - 2016-12-26 23:16 - 00113079 _____ C:\Users\admin\Desktop\DELHI.xlsx
2017-01-18 10:49 - 2016-12-21 23:15 - 43544408 _____ (HP Inc. ) C:\Users\admin\Desktop\sp78153.exe
2017-01-18 10:49 - 2016-12-21 16:46 - 57569888 _____ (Oracle Corporation) C:\Users\admin\Desktop\jre-8u74-windows-x64.exe
2017-01-18 10:49 - 2016-12-21 16:33 - 30403470 _____ C:\Users\admin\Desktop\NestTrader_Setup_V.3.11.4.4_CapitalFocus_iNET_without_framewrk.zip
2017-01-18 10:49 - 2016-12-12 17:05 - 07659763 _____ C:\Users\admin\Desktop\cHENNAI vARDAH 2016-12-12 at 16.23.19
2017-01-18 10:49 - 2016-12-02 16:01 - 00000103 _____ C:\Users\admin\Desktop\block.csv
2017-01-18 10:49 - 2016-11-29 20:08 - 00022028 _____ C:\Users\admin\Desktop\FOVOLT_28112016.csv
2017-01-18 10:49 - 2016-11-29 19:46 - 00025508 _____ C:\Users\admin\Desktop\FOVOLT_29112016.csv
2017-01-18 10:49 - 2016-11-29 17:13 - 00025514 _____ C:\Users\admin\Desktop\FOVOLT_28112016 (1).csv
2017-01-18 10:49 - 2016-11-24 18:10 - 00000922 _____ C:\Users\admin\Desktop\fao_participant_vol_24112016.csv
2017-01-18 10:49 - 2016-11-24 18:06 - 00000883 _____ C:\Users\admin\Desktop\fao_participant_oi_24112016.csv
2017-01-18 10:49 - 2016-11-24 16:35 - 00025534 _____ C:\Users\admin\Desktop\FOVOLT_24112016.csv
2017-01-18 10:49 - 2016-11-23 16:55 - 00000907 _____ C:\Users\admin\Desktop\fao_participant_vol_22112016.csv
2017-01-18 10:49 - 2016-11-23 11:09 - 00101236 _____ C:\Users\admin\Desktop\CMVOLT_22112016.CSV
2017-01-18 10:49 - 2016-11-17 15:06 - 00922728 _____ (Cisco WebEx LLC) C:\Users\admin\Desktop\Cisco_WebEx_Add-On.exe
2017-01-18 10:49 - 2016-11-09 15:23 - 00321536 _____ C:\Users\admin\Desktop\OptionTradingWorkbook.xls
2017-01-18 10:49 - 2016-11-09 15:09 - 00330752 _____ C:\Users\admin\Desktop\OptionTradingWorkbook (1).xls
2017-01-18 10:49 - 2016-11-08 18:42 - 00526336 _____ C:\Users\admin\Desktop\IndexInclExcl.xls
2017-01-18 10:49 - 2016-11-08 11:36 - 00006234 _____ C:\Users\admin\Desktop\nifty50_mcwb.csv
2017-01-18 10:49 - 2016-11-05 21:03 - 00011314 _____ C:\Users\admin\Desktop\OptionProbabilityCalculator.zip
2017-01-18 10:49 - 2016-11-02 16:10 - 02076064 _____ C:\Users\admin\Desktop\ShowMyPC3500.exe
2017-01-18 10:49 - 2016-11-02 12:26 - 00051017 _____ C:\Users\admin\Desktop\table (1).csv
2017-01-18 10:49 - 2016-11-02 12:24 - 00057559 _____ C:\Users\admin\Desktop\table.csv
2017-01-18 10:49 - 2016-11-02 11:35 - 00019964 _____ C:\Users\admin\Desktop\FOVOLT_210920151.csv
2017-01-18 10:49 - 2016-11-02 11:34 - 00023217 _____ C:\Users\admin\Desktop\FOVOLT_21092015.csv
2017-01-18 10:49 - 2016-11-01 21:21 - 00083253 _____ C:\Users\admin\Desktop\DailyNFRELIANCE 24-Nov-2016.csv
2017-01-18 10:49 - 2016-11-01 16:53 - 00348527 _____ C:\Users\admin\Desktop\dATA _ TO CALCULATE vo_DailyNCNIFTY.csv
2017-01-18 10:49 - 2016-11-01 16:45 - 00007562 _____ C:\Users\admin\Desktop\8750_NIFTY_CE_01-Aug-2016_TO_28-Oct-2016.csv
2017-01-18 10:49 - 2016-11-01 14:02 - 00737344 _____ (Oracle Corporation) C:\Users\admin\Desktop\JavaSetup8u111.exe
2017-01-18 10:49 - 2016-10-31 22:41 - 00025521 _____ C:\Users\admin\Desktop\FOVOLT_30102016.csv
2017-01-18 10:49 - 2016-10-31 22:40 - 00001307 _____ C:\Users\admin\Desktop\FOVOLT_28102016.csv
2017-01-18 10:49 - 2016-10-26 23:18 - 00002577 _____ C:\Users\admin\Desktop\OPTIDX_NIFTY_CE_03-Oct-2016_TO_26-Oct-2016.csv
2017-01-18 10:49 - 2016-10-26 23:18 - 00002569 _____ C:\Users\admin\Desktop\OPTIDX_NIFTY_PE_03-Oct-2016_TO_26-Oct-2016.csv
2017-01-18 10:49 - 2016-10-26 23:05 - 00046080 _____ C:\Users\admin\Desktop\sos_scheme (1).xls
2017-01-18 10:49 - 2016-10-26 23:04 - 00046080 _____ C:\Users\admin\Desktop\sos_scheme.xls
2017-01-18 10:49 - 2016-10-26 16:13 - 00422371 _____ C:\Users\admin\Desktop\fo25OCT2016bhav.csv.zip
2017-01-18 10:49 - 2016-10-26 16:07 - 00063045 _____ C:\Users\admin\Desktop\cm25OCT2016bhav.csv.zip
2017-01-18 10:49 - 2016-10-26 16:05 - 00101678 _____ C:\Users\admin\Desktop\CMVOLT_25102016.CSV
2017-01-18 10:49 - 2016-10-25 22:00 - 00067584 _____ C:\Users\admin\Desktop\Options_Premium_Calculator.xls
2017-01-18 10:49 - 2016-10-24 15:51 - 00065870 _____ C:\Users\admin\Desktop\app1.pdf;jsessionid=C0ABE07C15C69BC99E86C4E0FA91A095.f03t03
2017-01-18 10:49 - 2016-10-23 18:08 - 03630540 _____ C:\Users\admin\Desktop\option_trades_20160516_TUVWXYZ_sample.zip
2017-01-18 10:49 - 2016-10-21 17:24 - 00927232 _____ C:\Users\admin\Desktop\OptionCalculatorSetup.msi
2017-01-18 10:49 - 2016-10-21 15:30 - 24998531 _____ C:\Users\admin\Desktop\NEST3.zip
2017-01-18 10:49 - 2016-10-15 19:01 - 52706560 _____ (Lenovo Group Limited ) C:\Users\admin\Desktop\j3bm02ww.exe
2017-01-18 10:49 - 2016-10-11 19:52 - 00243560 _____ C:\Users\admin\Desktop\Firefox Setup Stub 49.0.1.exe
2017-01-17 14:12 - 2017-01-17 14:12 - 00174764 _____ C:\Windows\Minidump\011717-19531-01.dmp
2017-01-17 13:49 - 2017-01-18 10:22 - 00250816 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-01-17 13:49 - 2017-01-17 13:49 - 00001912 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-01-17 13:49 - 2017-01-17 13:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-01-17 13:49 - 2017-01-17 13:49 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-01-17 13:49 - 2017-01-17 13:49 - 00000000 ____D C:\Program Files\Malwarebytes
2017-01-17 13:49 - 2016-12-14 12:55 - 00077416 _____ C:\Windows\system32\Drivers\mbae64.sys
2017-01-17 11:57 - 2017-01-17 13:53 - 00000214 _____ C:\Windows\Tasks\CreateExplorerShellUnelevatedTask.job
2017-01-15 22:44 - 2017-01-16 09:29 - 00142188 _____ C:\Users\admin\Desktop\New_IntraDayNFNIFTY 25-Jan-2017.xlsm
2017-01-15 18:46 - 2017-01-15 22:44 - 00156974 _____ C:\Users\admin\Desktop\IntraDayNFNIFTY 25-Jan-2017.csv
2017-01-15 17:17 - 2017-01-16 23:14 - 00000000 ____D C:\Users\admin\AppData\LocalLow\Mozilla
2017-01-15 16:40 - 2017-01-15 16:40 - 00002565 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Uninstall Pi.lnk
2017-01-15 16:40 - 2017-01-15 16:40 - 00002565 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Pi.lnk
2017-01-15 16:40 - 2017-01-15 16:40 - 00002559 _____ C:\Users\Public\Desktop\Pi.lnk
2017-01-15 16:40 - 2017-01-15 16:40 - 00000000 ____D C:\Zerodha
2017-01-12 19:53 - 2017-01-12 19:53 - 00001040 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 12.lnk
2017-01-12 19:53 - 2017-01-12 19:53 - 00001028 _____ C:\Users\Public\Desktop\TeamViewer 12.lnk
2017-01-12 12:13 - 2017-01-12 12:39 - 00002596 _____ C:\Users\admin\Desktop\GraphNFNIFTY 25-Jan-2017.csv
2017-01-12 11:55 - 2017-01-12 11:55 - 00238942 _____ C:\Users\admin\Desktop\min_HA_Open_hign and Low testing.csv
2017-01-12 11:44 - 2017-01-15 18:40 - 00089533 _____ C:\Users\admin\Desktop\DailyNFNIFTY 25-Jan-2017_12th Jan.csv
2017-01-11 13:22 - 2016-12-23 04:43 - 00835576 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-01-11 13:22 - 2016-12-23 04:43 - 00177656 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-01-11 10:10 - 2016-12-21 13:13 - 04130440 _____ (Microsoft Corporation) C:\Windows\system32\mfcore.dll
2017-01-11 10:10 - 2016-12-21 13:13 - 01454504 _____ (Microsoft Corporation) C:\Windows\system32\mfnetsrc.dll
2017-01-11 10:10 - 2016-12-21 13:13 - 01071736 _____ (Microsoft Corporation) C:\Windows\system32\mfnetcore.dll
2017-01-11 10:10 - 2016-12-21 13:12 - 01988560 _____ (Microsoft Corporation) C:\Windows\system32\mfmp4srcsnk.dll
2017-01-11 10:10 - 2016-12-21 13:12 - 01702392 _____ (Microsoft Corporation) C:\Windows\system32\mfasfsrcsnk.dll
2017-01-11 10:10 - 2016-12-21 13:12 - 01300600 _____ (Microsoft Corporation) C:\Windows\system32\mfmpeg2srcsnk.dll
2017-01-11 10:10 - 2016-12-21 13:11 - 01600632 _____ (Microsoft Corporation) C:\Windows\system32\sppobjs.dll
2017-01-11 10:10 - 2016-12-21 12:38 - 00360448 _____ (Microsoft Corporation) C:\Windows\system32\rdpencom.dll
2017-01-11 10:10 - 2016-12-21 12:36 - 06285312 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.dll
2017-01-11 10:10 - 2016-12-21 12:29 - 00883712 _____ (Microsoft Corporation) C:\Windows\system32\samsrv.dll
2017-01-11 10:10 - 2016-12-21 12:26 - 00936960 _____ (Microsoft Corporation) C:\Windows\system32\MCRecvSrc.dll
2017-01-11 10:10 - 2016-12-21 12:23 - 04474368 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_47.dll
2017-01-11 10:10 - 2016-12-21 12:21 - 08075776 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2017-01-11 10:10 - 2016-12-21 12:21 - 05611008 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2017-01-11 10:10 - 2016-12-21 12:20 - 01490432 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2017-01-11 10:10 - 2016-12-21 11:29 - 00218976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\offlinesam.dll
2017-01-11 10:10 - 2016-12-21 10:39 - 00263472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Storage.ApplicationData.dll
2017-01-11 10:10 - 2016-12-21 10:13 - 00285184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.BlockedShutdown.dll
2017-01-11 10:10 - 2016-12-21 10:11 - 00253952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.BioFeedback.dll
2017-01-11 10:10 - 2016-12-21 10:10 - 00557568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\StoreAgent.dll
2017-01-11 10:10 - 2016-12-21 10:10 - 00180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InstallAgent.exe
2017-01-11 10:10 - 2016-12-21 10:09 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InstallAgentUserBroker.exe
2017-01-11 10:10 - 2016-12-21 10:08 - 00866816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Cred.dll
2017-01-11 10:10 - 2016-12-21 09:52 - 01883648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Logon.dll
2017-01-11 10:10 - 2016-12-14 11:11 - 01235296 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2017-01-11 10:10 - 2016-12-14 10:18 - 01631232 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Xaml.Resources.dll
2017-01-11 10:10 - 2016-12-14 10:08 - 17188864 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Xaml.dll
2017-01-11 10:10 - 2016-12-14 10:08 - 00213504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.CredDialogController.dll
2017-01-11 10:10 - 2016-12-14 09:54 - 01005568 _____ (Microsoft Corporation) C:\Windows\system32\D3D12.dll
2017-01-11 10:10 - 2016-12-14 09:54 - 00673792 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2017-01-11 10:10 - 2016-12-14 09:53 - 03134976 _____ (Microsoft Corporation) C:\Windows\system32\rdpcore.dll
2017-01-11 10:10 - 2016-12-14 09:52 - 02317824 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2017-01-11 10:10 - 2016-12-14 09:52 - 00391168 _____ (Microsoft Corporation) C:\Windows\system32\wuuhext.dll
2017-01-11 10:09 - 2016-12-21 13:38 - 00245600 _____ (Microsoft Corporation) C:\Windows\system32\offlinesam.dll
2017-01-11 10:09 - 2016-12-21 13:38 - 00136032 _____ (Microsoft Corporation) C:\Windows\system32\ImplatSetup.dll
2017-01-11 10:09 - 2016-12-21 13:34 - 07816032 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2017-01-11 10:09 - 2016-12-21 13:19 - 00328008 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Storage.ApplicationData.dll
2017-01-11 10:09 - 2016-12-21 13:16 - 00624048 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2017-01-11 10:09 - 2016-12-21 13:13 - 00092512 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2017-01-11 10:09 - 2016-12-21 13:12 - 22224480 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2017-01-11 10:09 - 2016-12-21 13:07 - 00455520 _____ (Microsoft Corporation) C:\Windows\system32\securekernel.exe
2017-01-11 10:09 - 2016-12-21 12:45 - 22563840 _____ (Microsoft Corporation) C:\Windows\system32\edgehtml.dll
2017-01-11 10:09 - 2016-12-21 12:44 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\LaunchWinApp.exe
2017-01-11 10:09 - 2016-12-21 12:39 - 00368640 _____ (Microsoft Corporation) C:\Windows\system32\OneBackupHandler.dll
2017-01-11 10:09 - 2016-12-21 12:39 - 00363520 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.BioFeedback.dll
2017-01-11 10:09 - 2016-12-21 12:38 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.BlockedShutdown.dll
2017-01-11 10:09 - 2016-12-21 12:38 - 00289792 _____ (Microsoft Corporation) C:\Windows\system32\DeveloperOptionsSettingsHandlers.dll
2017-01-11 10:09 - 2016-12-21 12:38 - 00211968 _____ (Microsoft Corporation) C:\Windows\system32\InstallAgent.exe
2017-01-11 10:09 - 2016-12-21 12:37 - 00748544 _____ (Microsoft Corporation) C:\Windows\system32\StoreAgent.dll
2017-01-11 10:09 - 2016-12-21 12:36 - 00310784 _____ (Microsoft Corporation) C:\Windows\system32\SyncSettings.dll
2017-01-11 10:09 - 2016-12-21 12:36 - 00260608 _____ (Microsoft Corporation) C:\Windows\system32\InstallAgentUserBroker.exe
2017-01-11 10:09 - 2016-12-21 12:36 - 00147456 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2017-01-11 10:09 - 2016-12-21 12:35 - 00425984 _____ (Microsoft Corporation) C:\Windows\system32\aadcloudap.dll
2017-01-11 10:09 - 2016-12-21 12:35 - 00261632 _____ (Microsoft Corporation) C:\Windows\system32\indexeddbserver.dll
2017-01-11 10:09 - 2016-12-21 12:35 - 00049152 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Shell.dll
2017-01-11 10:09 - 2016-12-21 12:31 - 09131008 _____ (Microsoft Corporation) C:\Windows\system32\twinui.dll
2017-01-11 10:09 - 2016-12-21 12:30 - 00440320 _____ (Microsoft Corporation) C:\Windows\system32\fhcfg.dll
2017-01-11 10:09 - 2016-12-21 12:29 - 01908224 _____ (Microsoft Corporation) C:\Windows\system32\AzureSettingSyncProvider.dll
2017-01-11 10:09 - 2016-12-21 12:28 - 23678464 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2017-01-11 10:09 - 2016-12-21 12:27 - 00462336 _____ (Microsoft Corporation) C:\Windows\system32\fhsettingsprovider.dll
2017-01-11 10:09 - 2016-12-21 12:26 - 00947712 _____ (Microsoft Corporation) C:\Windows\system32\MSVP9DEC.dll
2017-01-11 10:09 - 2016-12-21 12:25 - 08129536 _____ (Microsoft Corporation) C:\Windows\system32\Chakra.dll
2017-01-11 10:09 - 2016-12-21 12:25 - 04749312 _____ (Microsoft Corporation) C:\Windows\system32\SettingsHandlers_nt.dll
2017-01-11 10:09 - 2016-12-21 12:24 - 05511680 _____ (Microsoft Corporation) C:\Windows\system32\aclui.dll
2017-01-11 10:09 - 2016-12-21 12:23 - 06664192 _____ (Microsoft Corporation) C:\Windows\system32\mspaint.exe
2017-01-11 10:09 - 2016-12-21 12:19 - 04149248 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2017-01-11 10:09 - 2016-12-21 12:19 - 02691072 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Logon.dll
2017-01-11 10:09 - 2016-12-21 12:19 - 01062912 _____ (Microsoft Corporation) C:\Windows\system32\SettingSyncCore.dll
2017-01-11 10:09 - 2016-12-21 12:17 - 01121280 _____ (Microsoft Corporation) C:\Windows\system32\aadtb.dll
2017-01-11 10:09 - 2016-12-21 10:32 - 03892864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfcore.dll
2017-01-11 10:09 - 2016-12-21 10:32 - 01852720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfmp4srcsnk.dll
2017-01-11 10:09 - 2016-12-21 10:32 - 01360464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfnetsrc.dll
2017-01-11 10:09 - 2016-12-21 10:32 - 01277344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfasfsrcsnk.dll
2017-01-11 10:09 - 2016-12-21 10:32 - 01201872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfmpeg2srcsnk.dll
2017-01-11 10:09 - 2016-12-21 10:32 - 00980832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfnetcore.dll
2017-01-11 10:09 - 2016-12-21 10:31 - 20969928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2017-01-11 10:09 - 2016-12-21 10:16 - 00034304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\LaunchWinApp.exe
2017-01-11 10:09 - 2016-12-21 10:11 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.LockScreen.dll
2017-01-11 10:09 - 2016-12-21 10:10 - 00318976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpencom.dll
2017-01-11 10:09 - 2016-12-21 10:10 - 00237056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SyncSettings.dll
2017-01-11 10:09 - 2016-12-21 10:09 - 01300480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSVPXENC.dll
2017-01-11 10:09 - 2016-12-21 10:05 - 04612608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.dll
2017-01-11 10:09 - 2016-12-21 10:05 - 00198656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\indexeddbserver.dll
2017-01-11 10:09 - 2016-12-21 10:04 - 07626752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll
2017-01-11 10:09 - 2016-12-21 10:03 - 19413504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\edgehtml.dll
2017-01-11 10:09 - 2016-12-21 10:02 - 19417600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2017-01-11 10:09 - 2016-12-21 10:00 - 05398016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aclui.dll
2017-01-11 10:09 - 2016-12-21 10:00 - 01255936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AzureSettingSyncProvider.dll
2017-01-11 10:09 - 2016-12-21 09:57 - 00640000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MCRecvSrc.dll
2017-01-11 10:09 - 2016-12-21 09:56 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSVP9DEC.dll
2017-01-11 10:09 - 2016-12-21 09:55 - 07469056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2017-01-11 10:09 - 2016-12-21 09:55 - 06474752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mspaint.exe
2017-01-11 10:09 - 2016-12-21 09:54 - 06044160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Chakra.dll
2017-01-11 10:09 - 2016-12-14 11:11 - 00590960 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2017-01-11 10:09 - 2016-12-14 11:04 - 02482280 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2017-01-11 10:09 - 2016-12-14 11:03 - 02169184 _____ (Microsoft Corporation) C:\Windows\system32\AppVEntSubsystems64.dll
2017-01-11 10:09 - 2016-12-14 11:03 - 01669984 _____ (Microsoft Corporation) C:\Windows\system32\AppVIntegration.dll
2017-01-11 10:09 - 2016-12-14 11:03 - 01400160 _____ (Microsoft Corporation) C:\Windows\system32\AppVEntSubsystemController.dll
2017-01-11 10:09 - 2016-12-14 11:03 - 01356864 _____ (Microsoft Corporation) C:\Windows\system32\ClipUp.exe
2017-01-11 10:09 - 2016-12-14 11:03 - 01054048 _____ (Microsoft Corporation) C:\Windows\system32\AppVPolicy.dll
2017-01-11 10:09 - 2016-12-14 11:03 - 00992096 _____ (Microsoft Corporation) C:\Windows\system32\AppVManifest.dll
2017-01-11 10:09 - 2016-12-14 11:03 - 00822624 _____ (Microsoft Corporation) C:\Windows\system32\AppVClient.exe
2017-01-11 10:09 - 2016-12-14 11:03 - 00813408 _____ (Microsoft Corporation) C:\Windows\system32\AppVEntStreamingManager.dll
2017-01-11 10:09 - 2016-12-14 11:03 - 00779616 _____ (Microsoft Corporation) C:\Windows\system32\AppVReporting.dll
2017-01-11 10:09 - 2016-12-14 11:03 - 00752992 _____ (Microsoft Corporation) C:\Windows\system32\AppVOrchestration.dll
2017-01-11 10:09 - 2016-12-14 11:03 - 00704352 _____ (Microsoft Corporation) C:\Windows\system32\AppVEntVirtualization.dll
2017-01-11 10:09 - 2016-12-14 11:03 - 00696160 _____ (Microsoft Corporation) C:\Windows\system32\AppVPublishing.dll
2017-01-11 10:09 - 2016-12-14 11:03 - 00571744 _____ (Microsoft Corporation) C:\Windows\system32\AppVCatalog.dll
2017-01-11 10:09 - 2016-12-14 11:03 - 00513376 _____ (Microsoft Corporation) C:\Windows\system32\TransportDSA.dll
2017-01-11 10:09 - 2016-12-14 11:03 - 00406368 _____ (Microsoft Corporation) C:\Windows\system32\AppVScripting.dll
2017-01-11 10:09 - 2016-12-14 11:03 - 00241504 _____ (Microsoft Corporation) C:\Windows\system32\AppVShNotify.exe
2017-01-11 10:09 - 2016-12-14 11:03 - 00190816 _____ (Microsoft Corporation) C:\Windows\system32\AppVDllSurrogate.exe
2017-01-11 10:09 - 2016-12-14 10:53 - 00404832 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2017-01-11 10:09 - 2016-12-14 10:51 - 02206496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2017-01-11 10:09 - 2016-12-14 10:49 - 00584544 _____ (Microsoft Corporation) C:\Windows\system32\SettingSyncHost.exe
2017-01-11 10:09 - 2016-12-14 10:48 - 00715104 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vhdmp.sys
2017-01-11 10:09 - 2016-12-14 10:48 - 00335712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pci.sys
2017-01-11 10:09 - 2016-12-14 10:47 - 00319288 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2017-01-11 10:09 - 2016-12-14 10:44 - 01694712 _____ (Microsoft Corporation) C:\Windows\system32\winmde.dll
2017-01-11 10:09 - 2016-12-14 10:44 - 00418952 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2017-01-11 10:09 - 2016-12-14 10:44 - 00089416 _____ (Microsoft Corporation) C:\Windows\system32\remoteaudioendpoint.dll
2017-01-11 10:09 - 2016-12-14 10:31 - 01557808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winmde.dll
2017-01-11 10:09 - 2016-12-14 10:31 - 00382784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2017-01-11 10:09 - 2016-12-14 10:31 - 00076984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\remoteaudioendpoint.dll
2017-01-11 10:09 - 2016-12-14 10:16 - 01631232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Xaml.Resources.dll
2017-01-11 10:09 - 2016-12-14 10:16 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2017-01-11 10:09 - 2016-12-14 10:13 - 00201728 _____ (Microsoft Corporation) C:\Windows\system32\ScDeviceEnum.dll
2017-01-11 10:09 - 2016-12-14 10:12 - 00352768 _____ (Microsoft Corporation) C:\Windows\system32\cloudAP.dll
2017-01-11 10:09 - 2016-12-14 10:12 - 00236544 _____ (Microsoft Corporation) C:\Windows\system32\WinSCard.dll
2017-01-11 10:09 - 2016-12-14 10:12 - 00208896 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Internal.UI.Logon.ProxyStub.dll
2017-01-11 10:09 - 2016-12-14 10:12 - 00167424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WinSCard.dll
2017-01-11 10:09 - 2016-12-14 10:11 - 00223744 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2017-01-11 10:09 - 2016-12-14 10:10 - 00324096 _____ (Microsoft Corporation) C:\Windows\system32\domgmt.dll
2017-01-11 10:09 - 2016-12-14 10:10 - 00231424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CloudBackupSettings.dll
2017-01-11 10:09 - 2016-12-14 10:10 - 00193536 _____ (Microsoft Corporation) C:\Windows\system32\certprop.dll
2017-01-11 10:09 - 2016-12-14 10:09 - 00837632 _____ (Microsoft Corporation) C:\Windows\system32\wbiosrvc.dll
2017-01-11 10:09 - 2016-12-14 10:09 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\updatehandlers.dll
2017-01-11 10:09 - 2016-12-14 10:09 - 00257024 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.CredDialogController.dll
2017-01-11 10:09 - 2016-12-14 10:08 - 13869056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Xaml.dll
2017-01-11 10:09 - 2016-12-14 10:08 - 00295424 _____ (Microsoft Corporation) C:\Windows\system32\CloudBackupSettings.dll
2017-01-11 10:09 - 2016-12-14 10:07 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\updatepolicy.dll
2017-01-11 10:09 - 2016-12-14 10:06 - 01002496 _____ (Microsoft Corporation) C:\Windows\system32\SRH.dll
2017-01-11 10:09 - 2016-12-14 10:06 - 00539648 _____ (Microsoft Corporation) C:\Windows\system32\usocore.dll
2017-01-11 10:09 - 2016-12-14 10:06 - 00074752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\updatepolicy.dll
2017-01-11 10:09 - 2016-12-14 10:05 - 00755712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2017-01-11 10:09 - 2016-12-14 10:05 - 00712192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2017-01-11 10:09 - 2016-12-14 10:05 - 00600576 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2017-01-11 10:09 - 2016-12-14 10:05 - 00553984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll
2017-01-11 10:09 - 2016-12-14 10:02 - 00497152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\LogonController.dll
2017-01-11 10:09 - 2016-12-14 09:56 - 00932864 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2017-01-11 10:09 - 2016-12-14 09:56 - 00869888 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2017-01-11 10:09 - 2016-12-14 09:55 - 02009600 _____ (Microsoft Corporation) C:\Windows\system32\SRHInproc.dll
2017-01-11 10:09 - 2016-12-14 09:53 - 01231872 _____ (Microsoft Corporation) C:\Windows\system32\dosvc.dll
2017-01-11 10:09 - 2016-12-14 09:52 - 02748416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpcore.dll
2017-01-11 10:09 - 2016-12-14 09:52 - 01513472 _____ (Microsoft Corporation) C:\Windows\system32\win32kbase.sys
2017-01-11 10:09 - 2016-12-14 09:51 - 03616768 _____ (Microsoft Corporation) C:\Windows\system32\win32kfull.sys
2017-01-11 10:09 - 2016-11-02 17:31 - 00484584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2017-01-11 10:09 - 2016-11-02 16:30 - 00534096 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2017-01-11 10:09 - 2016-11-02 15:58 - 00324608 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.LockScreen.dll
2017-01-11 10:09 - 2016-11-02 15:52 - 00337920 _____ (Microsoft Corporation) C:\Windows\system32\AudioEndpointBuilder.dll
2017-01-11 10:09 - 2016-11-02 15:51 - 00942080 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2017-01-11 10:09 - 2016-08-02 10:00 - 00822784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Chakradiag.dll
2017-01-11 10:08 - 2016-12-21 13:12 - 00241504 _____ (Microsoft Corporation) C:\Windows\system32\CloudExperienceHost.dll
2017-01-11 10:08 - 2016-12-21 12:43 - 00119808 _____ (Microsoft Corporation) C:\Windows\system32\KnobsCsp.dll
2017-01-11 10:08 - 2016-12-21 12:42 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\ProvPluginEng.dll
2017-01-11 10:08 - 2016-12-21 12:40 - 00234496 _____ (Microsoft Corporation) C:\Windows\system32\KnobsCore.dll
2017-01-11 10:08 - 2016-12-21 12:38 - 01292288 _____ (Microsoft Corporation) C:\Windows\system32\MSVPXENC.dll
2017-01-11 10:08 - 2016-12-21 12:38 - 00349184 _____ (Microsoft Corporation) C:\Windows\system32\provengine.dll
2017-01-11 10:08 - 2016-12-21 12:23 - 01692672 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentExtensions.onecore.dll
2017-01-11 10:08 - 2016-12-21 12:21 - 02275840 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentServer.dll
2017-01-11 10:08 - 2016-12-21 09:54 - 05061120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2017-01-11 10:08 - 2016-12-21 09:54 - 03733504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_47.dll
2017-01-11 10:08 - 2016-12-21 09:54 - 00886272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aadtb.dll
2017-01-11 10:08 - 2016-12-21 09:52 - 00860672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SettingSyncCore.dll
2017-01-11 10:08 - 2016-12-14 10:56 - 01469792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AppVEntSubsystems32.dll
2017-01-11 10:08 - 2016-12-14 10:38 - 00341344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2017-01-11 10:08 - 2016-12-14 10:36 - 00509792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SettingSyncHost.exe
2017-01-11 10:08 - 2016-12-14 10:15 - 00147968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32k.sys
2017-01-11 10:08 - 2016-12-14 10:10 - 00266752 _____ (Microsoft Corporation) C:\Windows\system32\ConsoleLogon.dll
2017-01-11 10:08 - 2016-12-14 10:10 - 00104448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Internal.UI.Logon.ProxyStub.dll
2017-01-11 10:08 - 2016-12-14 10:02 - 00806400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3D12.dll
2017-01-11 10:08 - 2016-12-14 09:52 - 02998272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32kfull.sys
2017-01-11 10:08 - 2016-12-14 09:52 - 00707584 _____ (Microsoft Corporation) C:\Windows\system32\LogonController.dll
2017-01-10 23:28 - 2017-01-10 23:28 - 00002221 _____ C:\Users\Public\Desktop\Google Earth.lnk
2017-01-10 23:28 - 2017-01-10 23:28 - 00000000 ____D C:\Users\admin\AppData\LocalLow\Google
2017-01-10 23:28 - 2017-01-10 23:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
2017-01-09 20:13 - 2017-01-09 20:13 - 00001012 _____ C:\Users\admin\Desktop\Opengoogle - Shortcut.lnk
2017-01-08 18:25 - 2017-01-08 18:25 - 00001380 _____ C:\Users\admin\AppData\Local\suit.log
2017-01-02 18:08 - 2017-01-02 18:08 - 00000000 ____D C:\Users\admin\Documents\Fax
2017-01-02 17:42 - 2017-01-02 17:42 - 00002064 _____ C:\Users\Public\Desktop\HP Photo Creations.lnk
2017-01-02 17:42 - 2017-01-02 17:42 - 00000000 ____D C:\Users\admin\AppData\Roaming\HpUpdate
2017-01-02 17:42 - 2017-01-02 17:42 - 00000000 ____D C:\ProgramData\Visan
2017-01-02 17:42 - 2017-01-02 17:42 - 00000000 ____D C:\ProgramData\HP Photo Creations
2017-01-02 17:42 - 2017-01-02 17:42 - 00000000 ____D C:\Program Files (x86)\HP Photo Creations
2017-01-02 17:41 - 2017-01-02 17:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2017-01-02 17:41 - 2017-01-02 17:42 - 00000000 ____D C:\Program Files (x86)\HP
2017-01-02 17:41 - 2017-01-02 17:41 - 00003780 _____ C:\Windows\System32\Tasks\HPCustParticipation HP Deskjet 3540 series
2017-01-02 17:41 - 2017-01-02 17:41 - 00002289 _____ C:\Users\Public\Desktop\HP Deskjet 3540 series.lnk
2017-01-02 17:41 - 2017-01-02 17:41 - 00001236 _____ C:\Users\Public\Desktop\Shop for Supplies - HP Deskjet 3540 series.lnk
2017-01-02 17:41 - 2017-01-02 17:41 - 00000057 _____ C:\ProgramData\Ament.ini
2017-01-02 17:41 - 2017-01-02 17:41 - 00000000 ____D C:\ProgramData\HP
2017-01-02 17:41 - 2017-01-02 17:41 - 00000000 ____D C:\Program Files\HP
2017-01-02 17:41 - 2014-03-06 12:51 - 00763912 ____N (Hewlett-Packard Co.) C:\Windows\system32\HPDiscoPMC711.dll
2017-01-02 17:39 - 2017-01-02 17:43 - 00000000 ____D C:\Users\admin\AppData\Local\HP
2016-12-28 19:11 - 2016-12-28 19:11 - 00000000 ____D C:\Program Files (x86)\Gubed
2016-12-28 15:36 - 2016-12-28 15:36 - 00008190 _____ C:\Users\admin\Desktop\NIFTY 29-Dec-2016 _1sd WORKS.csv
2016-12-26 21:15 - 2016-12-26 23:21 - 00013818 _____ C:\Users\admin\Desktop\cal.xlsx
2016-12-23 20:46 - 2016-12-23 20:46 - 00000000 ____D C:\Program Files (x86)\Gubed_WMI
2016-12-22 18:46 - 2016-12-22 19:28 - 00000037 _____ C:\Users\admin\Desktop\strt_cmd.bat
2016-12-22 12:16 - 2016-12-22 12:16 - 00071259 _____ C:\Users\admin\Desktop\Potato Gift
2016-12-21 23:22 - 2017-01-12 19:32 - 00000179 _____ C:\Windows\SysWOW64\DOErrors.log
2016-12-21 23:19 - 2016-12-21 23:19 - 00000000 ____D C:\Users\admin\AppData\Roaming\Hewlett-Packard
2016-12-21 23:19 - 2016-12-21 23:19 - 00000000 ____D C:\Users\admin\AppData\Local\Hewlett-Packard
2016-12-21 23:18 - 2016-12-21 23:18 - 00002304 _____ C:\Users\Public\Desktop\HP Support Assistant.lnk
2016-12-21 23:18 - 2016-12-21 23:18 - 00000000 ____D C:\System.sav
2016-12-21 23:18 - 2016-12-21 23:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support
2016-12-21 23:17 - 2016-12-22 08:25 - 00000000 ____D C:\ProgramData\Hewlett-Packard
2016-12-21 23:16 - 2017-01-02 17:42 - 00000000 ____D C:\Program Files (x86)\Hewlett-Packard
2016-12-21 23:16 - 2016-12-22 08:25 - 00000000 ____D C:\Windows\System32\Tasks\Hewlett-Packard
2016-12-21 23:16 - 2016-12-21 23:16 - 00000000 ____D C:\Users\admin\AppData\Roaming\hpqLog
2016-12-21 23:15 - 2016-12-21 23:15 - 00000000 ____D C:\swsetup
2016-12-21 23:00 - 2016-12-21 23:00 - 00000000 _____ C:\Windows\WindowsUpdate_AU_deprecated.log
2016-12-21 16:47 - 2016-12-21 16:46 - 00110176 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2016-12-21 16:46 - 2016-12-21 16:46 - 00000000 ____D C:\Users\admin\AppData\LocalLow\Oracle
2016-12-21 16:46 - 2016-12-21 16:46 - 00000000 ____D C:\Program Files\Java
2016-12-21 16:42 - 2016-12-22 11:18 - 00000000 ____D C:\Users\admin\AppData\Roaming\Omnesys
2016-12-21 16:42 - 2016-12-21 16:42 - 00002125 _____ C:\Users\Public\Desktop\Nest Trader.lnk
2016-12-21 16:42 - 2016-12-21 16:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Omnesysindia
2016-12-21 16:42 - 2016-12-21 16:42 - 00000000 ____D C:\Program Files (x86)\Omnesys
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-01-18 10:56 - 2016-10-11 16:03 - 00000275 _____ C:\Windows\WindowsUpdate.log
2017-01-18 10:54 - 2016-07-16 17:17 - 00000000 ____D C:\Windows\system32\sru
2017-01-18 10:50 - 2016-10-12 04:25 - 00000000 ____D C:\Users\admin
2017-01-18 10:46 - 2016-10-12 04:12 - 00000000 ____D C:\Windows\system32\SleepStudy
2017-01-18 10:30 - 2016-07-16 17:17 - 00000000 ____D C:\Windows\AppReadiness
2017-01-18 10:27 - 2016-10-13 20:04 - 00004168 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{9A03C682-7423-45CC-9D52-D299D6DF42E6}
2017-01-18 10:22 - 2016-10-12 04:12 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-01-18 10:22 - 2016-10-11 19:24 - 00025114 _____ C:\Windows\PFRO.log
2017-01-17 22:22 - 2016-07-16 11:34 - 00524288 _____ C:\Windows\system32\config\BBI
2017-01-17 22:20 - 2016-10-20 22:28 - 00005278 _____ C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for DESKTOP-T7EL38F-admin DESKTOP-T7EL38F
2017-01-17 22:18 - 2016-11-17 15:06 - 00000000 ____D C:\Users\admin\AppData\Local\WebEx
2017-01-17 22:18 - 2016-10-25 21:50 - 00000000 ____D C:\Users\admin\AppData\Local\Google
2017-01-17 22:07 - 2016-10-25 21:50 - 00000000 ____D C:\Program Files (x86)\Google
2017-01-17 20:07 - 2016-10-11 16:33 - 00000000 ____D C:\Users\admin\AppData\Local\Microsoft Help
2017-01-17 20:06 - 2016-07-16 17:17 - 00000000 ____D C:\Windows\system32\FxsTmp
2017-01-17 14:12 - 2016-10-27 13:11 - 284635216 _____ C:\Windows\MEMORY.DMP
2017-01-17 14:12 - 2016-10-27 13:11 - 00000000 ____D C:\Windows\Minidump
2017-01-17 12:17 - 2016-07-16 17:17 - 00000000 ____D C:\Windows\LiveKernelReports
2017-01-17 11:20 - 2016-10-12 04:25 - 02073080 _____ C:\Windows\system32\PerfStringBackup.INI
2017-01-17 11:18 - 2016-10-25 16:24 - 00000000 _____ C:\Users\Public\Documents\report.dat
2017-01-17 11:12 - 2016-10-26 14:38 - 00000000 ____D C:\Program Files (x86)\WinArcher
2017-01-17 10:58 - 2016-10-21 17:28 - 00000000 ____D C:\Windows\system32\appmgmt
2017-01-16 23:16 - 2016-11-16 17:36 - 00000000 ____D C:\Users\admin\AppData\Roaming\WhatsApp
2017-01-16 23:16 - 2016-11-16 17:36 - 00000000 ____D C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WhatsApp
2017-01-16 23:16 - 2016-11-16 17:36 - 00000000 ____D C:\Users\admin\AppData\Local\WhatsApp
2017-01-16 23:16 - 2016-10-21 16:19 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-01-16 23:07 - 2016-10-25 15:17 - 00000374 _____ C:\Windows\SysWOW64\data.bin
2017-01-16 23:04 - 2016-10-25 15:15 - 00034328 _____ (Sysinternals - www.sysinternals.com) C:\Windows\system32\Drivers\PROCEXP152.SYS
2017-01-16 22:33 - 2016-10-12 04:25 - 00000000 ____D C:\Users\admin\AppData\Local\Packages
2017-01-16 15:52 - 2016-10-12 04:22 - 00000000 ____D C:\Users\defaultuser0
2017-01-16 15:48 - 2016-10-12 04:12 - 00350176 _____ C:\Windows\system32\FNTCACHE.DAT
2017-01-12 20:12 - 2016-10-21 16:05 - 00000000 ____D C:\Users\admin\AppData\Roaming\TeamViewer
2017-01-12 19:54 - 2016-10-21 16:04 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2017-01-11 13:38 - 2016-07-16 17:17 - 00000000 ____D C:\Windows\rescache
2017-01-11 12:03 - 2016-07-16 17:17 - 00000000 ___RD C:\Windows\ImmersiveControlPanel
2017-01-11 12:03 - 2016-07-16 17:17 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2017-01-11 12:03 - 2016-07-16 17:17 - 00000000 ____D C:\Windows\system32\WinBioPlugIns
2017-01-11 12:03 - 2016-07-16 17:17 - 00000000 ____D C:\Windows\system32\oobe
2017-01-11 12:03 - 2016-07-16 17:17 - 00000000 ____D C:\Windows\ShellExperiences
2017-01-11 12:03 - 2016-07-16 17:17 - 00000000 ____D C:\Windows\Provisioning
2017-01-11 12:03 - 2016-07-16 17:17 - 00000000 ____D C:\Windows\PolicyDefinitions
2017-01-11 10:23 - 2016-07-16 17:06 - 00000000 ____D C:\Windows\CbsTemp
2017-01-11 10:15 - 2016-10-13 17:36 - 135657872 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-01-09 20:02 - 2016-07-16 17:17 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2017-01-09 20:02 - 2016-07-16 17:17 - 00000000 ____D C:\Windows\system32\Macromed
2017-01-08 21:09 - 2016-11-05 21:24 - 00020304 _____ C:\Users\admin\Documents\debug.log
2017-01-08 18:25 - 2016-12-16 00:02 - 00000000 ____D C:\Users\admin\AppData\Local\thinkorswim
2017-01-08 14:01 - 2016-10-25 16:24 - 00000000 _____ C:\Users\Public\Documents\temp.dat
2017-01-08 13:48 - 2016-10-25 16:27 - 00000000 ____D C:\Program Files (x86)\Firefox
2017-01-08 13:48 - 2016-10-12 04:22 - 00000000 ___RD C:\Users\defaultuser0\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2017-01-07 23:13 - 2016-11-04 16:32 - 00000572 __RSH C:\ProgramData\ntuser.pol
2017-01-02 11:04 - 2016-07-16 17:17 - 00000000 ____D C:\Windows\system32\NDF
2017-01-02 10:24 - 2016-10-13 20:34 - 00002585 _____ C:\Users\Public\Desktop\TradeTiger.lnk
2016-12-31 13:00 - 2016-11-18 15:46 - 00000000 __SHD C:\Users\admin\Documents\cache
2016-12-31 13:00 - 2016-11-17 15:06 - 00000000 ____D C:\Users\admin\AppData\LocalLow\WebEx
2016-12-31 11:32 - 2016-11-17 15:06 - 00000000 ____D C:\ProgramData\WebEx
2016-12-28 19:08 - 2016-11-22 17:03 - 00000690 _____ C:\Windows\Tasks\G2MUploadTask-S-1-5-21-2565885549-1411879035-1963333558-1001.job
2016-12-28 19:08 - 2016-11-22 17:02 - 00000594 _____ C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-2565885549-1411879035-1963333558-1001.job
2016-12-24 11:25 - 2016-11-22 17:03 - 00003860 _____ C:\Windows\System32\Tasks\G2MUploadTask-S-1-5-21-2565885549-1411879035-1963333558-1001
2016-12-24 11:25 - 2016-11-22 17:03 - 00003764 _____ C:\Windows\System32\Tasks\G2MUpdateTask-S-1-5-21-2565885549-1411879035-1963333558-1001
2016-12-23 23:26 - 2016-12-16 00:02 - 00000000 ____D C:\Users\admin\.thinkorswim
2016-12-21 23:18 - 2016-10-15 19:02 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2016-12-21 16:47 - 2016-12-16 00:00 - 00000000 ____D C:\Users\admin\.oracle_jre_usage
2016-12-21 16:47 - 2016-11-01 14:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
==================== Files in the root of some directories =======
2016-06-17 12:24 - 2016-06-17 12:24 - 0004436 _____ () C:\Users\admin\AppData\Roaming\90msp-RKSJ-V
2016-10-10 13:03 - 2016-10-10 13:03 - 0000677 _____ () C:\Users\admin\AppData\Roaming\adventives.zkh
2016-06-17 12:23 - 2016-06-17 12:23 - 0001196 _____ () C:\Users\admin\AppData\Roaming\Athens
2016-10-10 13:03 - 2016-10-10 13:03 - 0060457 _____ () C:\Users\admin\AppData\Roaming\bookmaking.rgj
2016-10-11 17:08 - 2016-10-12 15:51 - 0061134 _____ () C:\Users\admin\AppData\Roaming\Carney.DLB
2016-06-17 12:23 - 2016-06-17 12:23 - 0001930 _____ () C:\Users\admin\AppData\Roaming\compare-with-callbacks.js
2016-06-17 12:23 - 2016-06-17 12:23 - 0003119 _____ () C:\Users\admin\AppData\Roaming\frnphon.env
2017-01-08 18:25 - 2017-01-08 18:25 - 0001380 _____ () C:\Users\admin\AppData\Local\suit.log
2017-01-02 17:41 - 2017-01-02 17:41 - 0000057 _____ () C:\ProgramData\Ament.ini
Some files in TEMP:
====================
C:\Users\admin\AppData\Local\Temp\setup.exe
C:\Users\admin\AppData\Local\Temp\~ct42D9.tmp.dll

==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
--------
Additional scan result of Farbar Recovery Scan Tool (x64) Version:04-10-2015
Ran by admin (2017-01-18 10:59:19)
Running from C:\Users\admin\Desktop
Windows 10 Pro (X64) (2016-10-11 22:53:30)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================
admin (S-1-5-21-2565885549-1411879035-1963333558-1001 - Administrator - Enabled) => C:\Users\admin
Administrator (S-1-5-21-2565885549-1411879035-1963333558-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2565885549-1411879035-1963333558-503 - Limited - Disabled)
defaultuser0 (S-1-5-21-2565885549-1411879035-1963333558-1000 - Limited - Disabled) => C:\Users\defaultuser0
Guest (S-1-5-21-2565885549-1411879035-1963333558-501 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Cisco WebEx Meetings (HKLM-x32\...\ActiveTouchMeetingClient) (Version:  - Cisco WebEx LLC)
Citrix Online Launcher (HKLM-x32\...\{75FCE33E-4E0C-4CE1-ADF0-75F258DF27A0}) (Version: 1.0.445 - Citrix)
Google Earth (HKLM-x32\...\{A0C18B96-AB79-46BD-8321-6FA83E6D25B9}) (Version: 7.1.7.2606 - Google)
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
GoToMeeting 7.30.0.6140 (HKU\S-1-5-21-2565885549-1411879035-1963333558-1001\...\GoToMeeting) (Version: 7.30.0.6140 - CitrixOnline)
HP Deskjet 3540 series Basic Device Software (HKLM\...\{60D33935-59B4-4ACE-8FAE-EBC60DE40A9C}) (Version: 32.2.188.47710 - Hewlett-Packard Co.)
HP Deskjet 3540 series Help (HKLM-x32\...\{1D456349-7D00-479E-A2A9-C846CE390FE5}) (Version: 30.0.0 - Hewlett Packard)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
HP Support Assistant (HKLM-x32\...\{4780AF24-213D-4187-86F2-0014A6D6077B}) (Version: 8.3.50.9 - HP Inc.)
HP Support Solutions Framework (HKLM-x32\...\{00612F78-52C4-46C0-97F0-F50B6036B5E2}) (Version: 12.5.32.203 - HP Inc.)
Intel(R) Wireless Bluetooth(R) (HKLM-x32\...\{C345A462-2044-47D6-81F6-A4416453A514}) (Version: 17.1.1529.1613 - Intel Corporation)
Java 8 Update 111 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180111F0}) (Version: 8.0.1110.14 - Oracle Corporation)
Java 8 Update 74 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418074F0}) (Version: 8.0.740.2 - Oracle Corporation)
Malwarebytes version 3.0.5.1299 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.5.1299 - Malwarebytes)
Microsoft Office Professional Plus 2013 (HKLM-x32\...\Office15.PROPLUSR) (Version: 15.0.4420.1017 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2565885549-1411879035-1963333558-1001\...\OneDriveSetup.exe) (Version: 17.3.6720.1207 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
NEST3 (HKLM-x32\...\InstallShield_{CA17875A-1499-4713-9E6C-E0DFA162FF50}) (Version: 3.11.4.4 - Omnesysindia)
NEST3 (x32 Version: 3.11.4.4 - Omnesysindia) Hidden
Outils de vérification linguistique 2013 de Microsoft Office - Français (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Pi (HKLM-x32\...\{AF6D353A-B1BE-4A56-BA7D-19E3FD9CF0B4}) (Version: 1.0.06 - Tradelab Software Pvt Ltd)
Product Improvement Study for HP Deskjet 3540 series (HKLM\...\{8E8FABC1-F28A-40DF-932F-1076A63CE701}) (Version: 32.2.188.47710 - Hewlett-Packard Co.)
REALTEK Bluetooth Driver (HKLM-x32\...\{9D3D8C60-A5EF-4123-B2B9-172095903AB}) (Version: 3.769.769.091213 - REALTEK Semiconductor Corp.)
TeamViewer 12 (HKLM-x32\...\TeamViewer) (Version: 12.0.72365 - TeamViewer)
TradeTiger (HKLM-x32\...\{33E5D6EE-35EA-42FD-9534-8EDE6F006F60}) (Version: 2.4.60 - Sharekhan)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
WinRAR 5.40 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-2565885549-1411879035-1963333558-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\admin\AppData\Local\Microsoft\OneDrive\17.3.6720.1207\FileCoAuth.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2565885549-1411879035-1963333558-1001_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\admin\AppData\Local\Citrix\GoToMeeting\5808\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)
==================== Restore Points =========================
ATTENTION: System Restore is disabled
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2016-07-16 17:17 - 2017-01-08 18:23 - 00000830 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {02D9DF12-582F-44D5-97BA-1FF119DC6664} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2016-12-06] (HP Inc.)
Task: {10A2FC35-8622-4967-A051-89D5BD2B0115} - System32\Tasks\Wefowardvahodom Monitor => C:\Program Files (x86)\Ateqerly\jemige.exe
Task: {11EF8237-224D-4CF9-9039-61D08754EA5D} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => C:\Windows\system32\compattelrunner.exe [2016-10-15] (Microsoft Corporation)
Task: {1634FC5D-BA63-4B94-9ADE-0659A5E5DFBB} - System32\Tasks\PPI Update 2 => C:\Windows\explorer.exe [2016-11-11] (Microsoft Corporation)
Task: {16DEA092-FB0C-40D0-AE20-0536BECC21D9} - System32\Tasks\Microsoft\Windows\EDP\EDP App Launch Task
Task: {17FDEE71-A741-442B-8A7C-25499EB1341C} - System32\Tasks\Microsoft\XblGameSave\XblGameSaveTaskLogon => C:\Windows\System32\XblGameSaveTask.exe [2016-07-16] (Microsoft Corporation)
Task: {184784E2-6ACB-4154-BD0F-A955BE13F177} - System32\Tasks\Microsoft\Windows\DeviceDirectoryClient\RegisterDevicePolicyChange
Task: {1B65DD58-D16B-45E8-BEB4-94D7E4D64DF7} - System32\Tasks\Microsoft\Windows\EDP\EDP Auth Task
Task: {2A573895-C7BD-4405-9455-74574FE1CF5A} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe [2016-12-15] (HP Inc.)
Task: {34C625A9-BF4A-49E9-A10F-BDC2972C1E2D} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-02] (Microsoft Corporation)
Task: {3825F321-4426-4317-B61B-8A6186620795} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2016-12-12] (HP Inc.)
Task: {3E31ABD7-7B10-482B-AD2F-EFAA1C4741C3} - System32\Tasks\Microsoft\Windows\Subscription\LicenseAcquisition => C:\Windows\system32\UpgradeSubscription.exe [2016-07-16] (Microsoft Corporation)
Task: {40054E9C-D49D-4C36-98A8-EA2B44F7CDEF} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe
Task: {43DF67E8-D733-48FA-98F2-4E6D341E4A79} - System32\Tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser => C:\Windows\system32\compattelrunner.exe [2016-10-15] (Microsoft Corporation)
Task: {443F0ABE-C5C8-46FC-8B5E-32863E46CF15} - System32\Tasks\HPCustParticipation HP Deskjet 3540 series => C:\Program Files\HP\HP Deskjet 3540 series\Bin\HPCustPartic.exe [2014-03-06] (Hewlett-Packard Co.)
Task: {49A803C1-60F6-430C-878E-1577A1C71F30} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-10-25] (Google Inc.)
Task: {4D0DF670-E165-4388-8C95-6464F7778CE8} - System32\Tasks\Microsoft\XblGameSave\XblGameSaveTask => C:\Windows\System32\XblGameSaveTask.exe [2016-07-16] (Microsoft Corporation)
Task: {51B7FB15-4DCB-400E-9A98-10E802F21FB3} - System32\Tasks\Microsoft\Windows\DeviceDirectoryClient\RegisterDeviceScreenOnOff
Task: {5293446B-DE67-4761-A264-627512F5B101} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\Program Files\Windows Defender\\MpCmdRun.exe [2016-07-16] (Microsoft Corporation)
Task: {5654DFBB-E797-4758-B9A0-8BAE94A91F1D} - System32\Tasks\Microsoft\Windows\DUSM\dusmtask => C:\Windows\System32\dusmtask.exe [2016-07-16] (Microsoft Corporation)
Task: {5FAAF530-ED1B-4F7B-AD7B-1694AA0B202B} - System32\Tasks\Microsoft\Windows\CertificateServicesClient\CryptoPolicyTask
Task: {6232090F-3BD0-4E1F-960B-78CBA797F685} - System32\Tasks\Microsoft\Windows\DeviceDirectoryClient\HandleWnsCommand
Task: {6B1AE720-1359-4B9E-9C0F-60167361EF01} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyRefreshTask
Task: {6CEC134A-B492-46DB-B491-27D8F402A586} - System32\Tasks\OneDrive Standalone Update Task v2 => %localappdata%\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe
Task: {6D1C0035-5CAD-4340-A533-D63C9853BCC9} - System32\Tasks\Microsoft\Windows\Storage Tiers Management\Storage Tiers Management Initialization
Task: {6E3E65AA-06DD-4BE2-949B-31298BD15E81} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2016-12-07] (HP Inc.)
Task: {6E8AE752-C5D2-4B34-B351-338B4370A342} - System32\Tasks\Microsoft\Windows\DeviceDirectoryClient\HandleCommand
Task: {6FB07287-E12F-497B-A480-12DD4F7868E7} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater - Resources => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-12-06] (HP Inc.)
Task: {7042A166-4524-4418-AA02-61C3019C1993} - System32\Tasks\Microsoft\Windows\ErrorDetails\EnableErrorDetailsUpdate
Task: {752110F1-7D53-4D29-8B9A-3914A46B3D30} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2016-12-07] (HP Inc.)
Task: {76A89855-B5E3-474F-9977-509C47D41EAD} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\Program Files\Windows Defender\\MpCmdRun.exe [2016-07-16] (Microsoft Corporation)
Task: {7AC5E1E2-2FD3-40CD-8842-88CE53A3609C} - System32\Tasks\Microsoft\Windows\DiskFootprint\StorageSense
Task: {8A495B62-940E-4B17-8C01-602978EDF164} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-02] (Microsoft Corporation)
Task: {8D791FAA-0257-4EBC-A6DD-74E842528806} - System32\Tasks\Microsoft\Windows\DeviceDirectoryClient\RegisterDeviceSettingChange
Task: {921E9DE0-7EEA-4678-8E0E-AB03689D83D1} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-10-25] (Google Inc.)
Task: {9851188E-AC07-4F36-BA28-6D00BB2C9C46} - System32\Tasks\Microsoft\Windows\Device Information\Device => C:\Windows\system32\devicecensus.exe [2016-10-15] (Microsoft Corporation)
Task: {9C2325BB-CFAD-497E-B716-087F37A77EE7} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\Program Files\Windows Defender\\MpCmdRun.exe [2016-07-16] (Microsoft Corporation)
Task: {9EC12157-DB5B-4B50-86B9-FD6E15F49282} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2016-12-07] (HP Inc.)
Task: {A2CC1174-A96C-43DC-84AE-76AB7B3B9D0D} - System32\Tasks\G2MUploadTask-S-1-5-21-2565885549-1411879035-1963333558-1001 => C:\Users\admin\AppData\Local\Citrix\GoToMeeting\6140\g2mupload.exe [2016-12-24] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {A396E954-5C0C-4067-B6F1-9EA8CAA736BD} - System32\Tasks\Microsoft\Windows\SpacePort\SpaceManagerTask => C:\Windows\system32\spaceman.exe [2016-09-15] (Microsoft Corporation)
Task: {A7EE1744-6CAE-4FA7-9A82-1D02D7C60A59} - System32\Tasks\Microsoft Office 15 Sync Maintenance for DESKTOP-T7EL38F-admin DESKTOP-T7EL38F => C:\Program Files (x86)\Microsoft Office\Office15\MsoSync.exe [2012-10-02] (Microsoft Corporation)
Task: {AD7321D2-997C-4E81-AE46-4631E6B033A3} - System32\Tasks\Microsoft\Windows\Subscription\EnableLicenseAcquisition => C:\Windows\system32\UpgradeSubscription.exe [2016-07-16] (Microsoft Corporation)
Task: {B320E058-C6FA-413F-876B-0C9B4428AE66} - System32\Tasks\Microsoft\Windows\DeviceDirectoryClient\RegisterDevicePeriodic6
Task: {B6865057-2EF9-4F87-ABEF-5F2B57004BDE} - System32\Tasks\Microsoft\Windows\ErrorDetails\ErrorDetailsUpdate
Task: {B6EE76B2-4F82-4E15-9345-C867A29CBAD0} - System32\Tasks\Microsoft\Windows\Speech\SpeechModelDownloadTask => C:\Windows\system32\speech_onecore\common\SpeechModelDownload.exe [2016-08-05] (Microsoft Corporation)
Task: {BDDEF317-2692-422F-AEA2-FFD67DC7CEA3} - System32\Tasks\Microsoft\Windows\DeviceDirectoryClient\RegisterUserDevice
Task: {C125018F-0B81-4B64-B7DC-0E01220E5D0E} - System32\Tasks\Microsoft\Windows\DeviceDirectoryClient\RegisterDeviceAccountChange
Task: {C6B2579B-4962-4D12-883D-BBD420573A6C} - System32\Tasks\Microsoft\Windows\DeviceDirectoryClient\RegisterDevicePeriodic1
Task: {CC636E49-0109-402B-A40B-A37C29069A95} - System32\Tasks\Microsoft\Windows\DeviceDirectoryClient\LocateCommandUserSession
Task: {CDF482F0-DE14-4F76-85C5-8CC4B4FDB76A} - System32\Tasks\Microsoft\Windows\Management\Provisioning\Logon => C:\Windows\system32\ProvTool.exe [2016-08-20] (Microsoft Corporation)
Task: {CF961092-6299-4995-B695-EEF40AD52190} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-12-06] (HP Inc.)
Task: {D19A2726-897E-4F7D-9CE4-0773B449CE9E} - System32\Tasks\Microsoft\Windows\DeviceDirectoryClient\RegisterDeviceConnectedToNetwork
Task: {D394BE25-2E16-45D4-AAB2-3E8861A09351} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyMonitorToastTask
Task: {D3C4106A-D511-42C6-9716-465644534C87} - System32\Tasks\microsoft\windows\applicationdata\appuriverifierinstall => C:\Windows\system32\AppHostRegistrationVerifier.exe [2016-07-16] (Microsoft Corporation)
Task: {D941F53F-7907-4FBE-B1E7-69EBD5B3A5D8} - System32\Tasks\Microsoft\Windows\DeviceDirectoryClient\RegisterDeviceLocationRightsChange
Task: {DAC2B591-CD3E-4636-8F64-255B6EC3D777} - System32\Tasks\PPI Update 3 => C:\Windows\explorer.exe [2016-11-11] (Microsoft Corporation)
Task: {DDAECFC0-67E3-4062-BF25-CD685F73B394} - System32\Tasks\Microsoft\Windows\DeviceDirectoryClient\IntegrityCheck
Task: {E7B04252-97CA-42C6-9920-F58B76B2C3E1} - System32\Tasks\Microsoft\Windows\DeviceDirectoryClient\RegisterDevicePeriodic24
Task: {EA9BAA00-6604-4A27-8A73-AFA65F0EE1B3} - System32\Tasks\Microsoft\Windows\SharedPC\Account Cleanup => Rundll32.exe %windir%\System32\Windows.SharedPC.AccountManager.dll,StartMaintenance
Task: {ECEDC57D-8965-4EB1-BD6F-84791D928E23} - System32\Tasks\microsoft\windows\applicationdata\appuriverifierdaily => C:\Windows\system32\AppHostRegistrationVerifier.exe [2016-07-16] (Microsoft Corporation)
Task: {F0AA4DF9-4E43-45BE-947F-BC9A1173FEAF} - System32\Tasks\G2MUpdateTask-S-1-5-21-2565885549-1411879035-1963333558-1001 => C:\Users\admin\AppData\Local\Citrix\GoToMeeting\6140\g2mupdate.exe [2016-12-24] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {F1CD7C4B-B30F-44A4-BE7D-787B07B83A3A} - System32\Tasks\Microsoft\Windows\License Manager\TempSignedLicenseExchange
Task: {FCF60FBA-7190-4CA5-BC49-F5F717FE4CF5} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\Program Files\Windows Defender\\MpCmdRun.exe [2016-07-16] (Microsoft Corporation)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\CreateExplorerShellUnelevatedTask.job => C:\Windows\explorer.exe
Task: C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-2565885549-1411879035-1963333558-1001.job => C:\Users\admin\AppData\Local\Citrix\GoToMeeting\6140\g2mupdate.exe
Task: C:\Windows\Tasks\G2MUploadTask-S-1-5-21-2565885549-1411879035-1963333558-1001.job => C:\Users\admin\AppData\Local\Citrix\GoToMeeting\6140\g2mupload.exe
==================== Loaded Modules (Whitelisted) ==============
2016-07-16 17:12 - 2016-07-16 17:12 - 00231424 _____ () C:\Windows\SYSTEM32\ism32k.dll
2016-12-14 10:46 - 2016-12-09 15:59 - 02681200 _____ () C:\Windows\system32\CoreUIComponents.dll
2016-12-23 20:46 - 2016-12-23 20:46 - 00109056 _____ () C:\Program Files (x86)\Gubed_WMI\Gubed_WMI.exe
2017-01-17 13:49 - 2016-12-14 12:55 - 02259232 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\PoliciesControllerImpl.dll
2016-12-14 10:46 - 2016-12-09 15:59 - 02681200 _____ () C:\Windows\SYSTEM32\CoreUIComponents.dll
2016-12-14 09:50 - 2016-12-14 09:50 - 01678560 _____ () C:\Users\admin\AppData\Local\Microsoft\OneDrive\17.3.6720.1207\amd64\ClientTelemetry.dll
2012-10-02 09:04 - 2012-10-02 09:04 - 06522480 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2016-10-13 14:35 - 2016-09-07 10:26 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2017-01-11 10:09 - 2016-12-21 12:39 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2017-01-11 10:08 - 2016-12-21 12:24 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-01-11 10:08 - 2016-12-21 12:18 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-01-11 10:08 - 2016-12-21 12:18 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2017-01-11 10:08 - 2016-12-21 12:18 - 01033216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2017-01-11 10:08 - 2016-12-21 12:18 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2017-01-11 10:08 - 2016-12-21 12:23 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2012-11-27 12:24 - 2012-11-27 12:24 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2016-12-28 19:11 - 2017-01-16 07:08 - 00125952 _____ () c:\program files (x86)\gubed\gubedzl.dll
2016-12-14 09:49 - 2016-12-14 09:49 - 01244376 _____ () C:\Users\admin\AppData\Local\Microsoft\OneDrive\17.3.6720.1207\ClientTelemetry.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\Program Files\WinRAR:Win32App_1
AlternateDataStreams: C:\Program Files (x86)\Intel:Win32App_1
AlternateDataStreams: C:\Program Files (x86)\Microsoft Office:Win32App_1
AlternateDataStreams: C:\Program Files (x86)\Microsoft.NET:Win32App_1
AlternateDataStreams: C:\Program Files (x86)\Mozilla Firefox:Win32App_1
AlternateDataStreams: C:\Program Files (x86)\TeamViewer:Win32App_1
AlternateDataStreams: C:\Program Files\Common Files\microsoft shared:Win32App_1
AlternateDataStreams: C:\Users\admin\AppData\Local\thinkorswim:Win32App_1
AlternateDataStreams: C:\ProgramData\HP:Win32App_1
AlternateDataStreams: C:\ProgramData\HP Photo Creations:Win32App_1
AlternateDataStreams: C:\ProgramData\regid.1991-06.com.microsoft:Win32App_1
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\iai2c.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SpbCx.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\uefi.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{F2E7DD72-6468-4E36-B6F1-6488F42C1B52} => ""="Firmware"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SpbCx.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\uefi.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{F2E7DD72-6468-4E36-B6F1-6488F42C1B52} => ""="Firmware"
==================== EXE Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
IE restricted site: HKU\S-1-5-21-2565885549-1411879035-1963333558-1001\...\amisites.com -> hxxp://www.amisites.com
IE restricted site: HKU\S-1-5-21-2565885549-1411879035-1963333558-1001\...\mylucky123.com -> hxxp://www.mylucky123.com
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-2565885549-1411879035-1963333558-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)

==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [WirelessDisplay-Infra-In-TCP] => (Allow) %systemroot%\system32\CastSrv.exe
FirewallRules: [{156DCF49-7311-4DB8-AF78-F536B1F856C4}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe
FirewallRules: [{D0D5106F-A06E-48EF-975B-5637B143DE37}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe
FirewallRules: [{85CE0C8B-2B0A-4D84-AFC2-698B773413F4}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{E52D9F5E-64AC-48C9-AC2B-D51FC5C581BB}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [TCP Query User{641160A3-5614-4EDE-BA68-E33908E8AA58}C:\sharekhan\tradetigernew\tradetiger.exe] => (Allow) C:\sharekhan\tradetigernew\tradetiger.exe
FirewallRules: [UDP Query User{AEB85F57-433F-4D8C-A6FA-BAF7AF7BF6A9}C:\sharekhan\tradetigernew\tradetiger.exe] => (Allow) C:\sharekhan\tradetigernew\tradetiger.exe
FirewallRules: [TCP Query User{5A49CAF0-1716-4ACC-B54F-5F68B4B8960A}C:\users\admin\appdata\local\temp\rar$exa0.570\nest3\nesttrader - exe.exe] => (Allow) C:\users\admin\appdata\local\temp\rar$exa0.570\nest3\nesttrader - exe.exe
FirewallRules: [UDP Query User{E4478638-05A7-495B-B553-5CD40E0085BE}C:\users\admin\appdata\local\temp\rar$exa0.570\nest3\nesttrader - exe.exe] => (Allow) C:\users\admin\appdata\local\temp\rar$exa0.570\nest3\nesttrader - exe.exe
FirewallRules: [{BFF1A77C-2A10-4005-80A4-F192A299B5C4}] => (Allow) C:\Program Files (x86)\Firefox\bin\FirefoxUpdate.exe
FirewallRules: [{F3B968C9-0FC4-4C89-9A17-B97AAD821A53}] => (Allow) C:\Program Files (x86)\Firefox\Firefox.exe
FirewallRules: [{5309090C-472A-48A4-A9F6-0D7EE1A2BD69}] => (Allow) C:\Program Files (x86)\Nolarry\Application\chrome.exe
FirewallRules: [TCP Query User{64DC529D-4EBA-4BDC-AE0F-7D71D339CE6E}C:\program files (x86)\omnesys\nest3\nesttrader.exe] => (Allow) C:\program files (x86)\omnesys\nest3\nesttrader.exe
FirewallRules: [UDP Query User{F2BC802B-B79C-4674-A645-605724CF1EDF}C:\program files (x86)\omnesys\nest3\nesttrader.exe] => (Allow) C:\program files (x86)\omnesys\nest3\nesttrader.exe
FirewallRules: [{D9FB1746-9E61-41CA-94AA-EA319193F635}] => (Allow) C:\Program Files\HP\HP Deskjet 3540 series\Bin\DeviceSetup.exe
FirewallRules: [{08533AC7-5C33-4620-85D8-AECE46BF336B}] => (Allow) LPort=5357
FirewallRules: [{927AABD9-AA4D-411C-970D-86A9EC12FF93}] => (Allow) C:\Program Files\HP\HP Deskjet 3540 series\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{651F4C46-57DA-451D-9C43-C05F430C40F4}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{8EE0F08D-F17B-4932-9AE6-93932F0E95C8}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{EA6FD83C-9B0B-4E1A-8AC2-14E5EC2A213E}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{27C80270-56E3-4B21-B29E-5EFB9250A158}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{39F1F75A-7663-4BAB-BD3F-6D81BBBFC574}] => (Allow) C:\Users\admin\AppData\Local\Temp\ShowMyPC\-ShowMyPC3500\SMPCSetup.exe
FirewallRules: [{02F69BA4-D4EE-4B6C-B5DE-7F06E15B2515}] => (Allow) C:\Users\admin\AppData\Local\Temp\ShowMyPC\-ShowMyPC3500\tvnserver.exe
==================== Faulty Device Manager Devices =============
Name: Intel(R) HD Graphics
Description: Intel(R) HD Graphics
Class Guid: {4d36e968-e325-11ce-bfc1-08002be10318}
Manufacturer: Intel Corporation
Service: igfx
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver
Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

==================== Event log errors: =========================
Application errors:
==================
Error: (01/18/2017 10:46:56 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xC004F074
Command-line arguments:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=NetworkAvailable
Error: (01/18/2017 10:23:14 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xC004F074
Command-line arguments:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=UserLogon;SessionId=1
Error: (01/18/2017 10:22:49 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0x8007139F
Command-line arguments:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=NetworkAvailable
Error: (01/17/2017 10:03:44 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: microsoftedgecp.exe, version: 11.0.14393.82, time stamp: 0x57a55786
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000604
Fault offset: 0x0000000000000000
Faulting process id: 0x1a8c
Faulting application start time: 0xmicrosoftedgecp.exe0
Faulting application path: microsoftedgecp.exe1
Faulting module path: microsoftedgecp.exe2
Report Id: microsoftedgecp.exe3
Faulting package full name: microsoftedgecp.exe4
Faulting package-relative application ID: microsoftedgecp.exe5
Error: (01/17/2017 09:58:19 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xC004F074
Command-line arguments:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=UserLogon;SessionId=1
Error: (01/17/2017 09:57:43 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0x8007139F
Command-line arguments:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=NetworkAvailable
Error: (01/17/2017 08:14:11 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xC004F074
Command-line arguments:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=NetworkAvailable
Error: (01/17/2017 08:14:07 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xC004F074
Command-line arguments:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=NetworkAvailable
Error: (01/17/2017 07:10:22 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: BITSC:\Windows\System32\bitsperf.dll8
Error: (01/17/2017 07:06:21 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xC004F074
Command-line arguments:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=UserLogon;SessionId=1

System errors:
=============
Error: (01/18/2017 10:47:39 AM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-T7EL38F)
Description: application-specificLocalActivation{9E175B6D-F52A-11D8-B9A5-505054503030}{9E175B9C-F52A-11D8-B9A5-505054503030}DESKTOP-T7EL38FadminS-1-5-21-2565885549-1411879035-1963333558-1001LocalHost (Using LRPC)Microsoft.MicrosoftEdge_38.14393.0.0_neutral__8wekyb3d8bbweS-1-15-2-3624051433-2125758914-1423191267-1740899205-1073925389-3782572162-737981194
Error: (01/18/2017 10:44:50 AM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 4
Error: (01/18/2017 10:44:46 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable
Error: (01/18/2017 10:24:52 AM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-T7EL38F)
Description: application-specificLocalActivation{9E175B6D-F52A-11D8-B9A5-505054503030}{9E175B9C-F52A-11D8-B9A5-505054503030}DESKTOP-T7EL38FadminS-1-5-21-2565885549-1411879035-1963333558-1001LocalHost (Using LRPC)Microsoft.MicrosoftEdge_38.14393.0.0_neutral__8wekyb3d8bbweS-1-15-2-3624051433-2125758914-1423191267-1740899205-1073925389-3782572162-737981194
Error: (01/18/2017 10:24:36 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Update Service(FirefoxU) service failed to start due to the following error:
%%225
Error: (01/18/2017 10:24:34 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The ed2k idle service service failed to start due to the following error:
%%2
Error: (01/18/2017 10:23:09 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable
Error: (01/18/2017 10:23:09 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable
Error: (01/18/2017 10:23:06 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}{F72671A9-012C-4725-9D2F-2A4D32D65169}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable
Error: (01/17/2017 10:20:39 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable

CodeIntegrity:
===================================
  Date: 2017-01-17 11:38:11.816
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
  Date: 2017-01-11 13:32:34.857
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
  Date: 2017-01-10 12:14:16.518
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
  Date: 2017-01-09 11:14:45.464
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
  Date: 2017-01-08 19:07:37.096
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
  Date: 2017-01-07 11:29:45.405
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements.
  Date: 2017-01-07 11:12:02.986
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements.
  Date: 2017-01-07 10:16:03.518
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements.
  Date: 2017-01-06 12:02:21.599
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements.
  Date: 2017-01-04 22:33:58.584
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements.

==================== Memory info ===========================
Processor: Intel(R) Core(TM) i3 CPU M 380 @ 2.53GHz
Percentage of memory in use: 52%
Total physical RAM: 2934.68 MB
Available physical RAM: 1396.26 MB
Total Virtual: 4278.68 MB
Available Virtual: 2659.27 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:74.65 GB) (Free:43.01 GB) NTFS
Drive e: () (Fixed) (Total:195.31 GB) (Free:187.89 GB) NTFS
Drive f: () (Fixed) (Total:195.31 GB) (Free:138.56 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 4CDCDF4B)
Partition 1: (Active) - (Size=500 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=74.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=195.3 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=195.3 GB) - (Type=07 NTFS)
==================== End of Addition.txt ============================
 
 

LastRegBack: 2017-01-10 12:13
==================== End of FRST.txt ============================
Link to post
Share on other sites

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:04-10-2015
Ran by admin (administrator) on DESKTOP-T7EL38F (18-01-2017 10:57:44)
Running from C:\Users\admin\Desktop
Loaded Profiles: admin (Available Profiles: defaultuser0 & admin)
Platform: Windows 10 Pro (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
() C:\Program Files (x86)\Gubed_WMI\Gubed_WMI.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
Failed to access process -> Memory Compression
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler64.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Deskjet 3540 series\Bin\ScanToPCActivationApp.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgent.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [631808 2016-09-07] (Microsoft Corporation)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2776528 2016-12-14] (Malwarebytes)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-09-22] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2565885549-1411879035-1963333558-1001\...\Run: [HP Deskjet 3540 series (NET)] => C:\Program Files\HP\HP Deskjet 3540 series\Bin\ScanToPCActivationApp.exe [3487240 2014-03-06] (Hewlett-Packard Co.)
HKU\S-1-5-21-2565885549-1411879035-1963333558-1001\...\MountPoints2: {0ffc644d-a98d-11e6-a380-e4e616ef3ea0} - "D:\Setup.exe"
Startup: C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Opengoogle - Shortcut.lnk [2016-11-04]
ShortcutTarget: Opengoogle - Shortcut.lnk -> C:\Users\admin\Desktop\Opengoogle.bat ()
GroupPolicyScripts: Restriction <======= ATTENTION
GroupPolicyScripts\User: Restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local: [ActivePolicy] SOFTWARE\Policies\Microsoft\Windows\IPSEC\Policy\Local\ipsecPolicy{1ac9556e-1a35-4fbf-be7f-c07a04c5c56c} <======= ATTENTION (Restriction - IP)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{683d6c98-2eb4-4557-abfe-91322efc5e75}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{dd8ca756-2d76-4373-9d3d-dcf1ae753f4e}: [DhcpNameServer] 192.168.1.1
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-2565885549-1411879035-1963333558-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2012-10-02] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_74\bin\ssv.dll [2016-12-21] (Oracle Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2012-10-02] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2012-10-02] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_74\bin\jp2ssv.dll [2016-12-21] (Oracle Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2012-10-02] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\ssv.dll [2016-11-01] (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2012-10-02] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2012-10-02] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\jp2ssv.dll [2016-11-01] (Oracle Corporation)
Handler: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\System32\tbauth.dll [2016-07-16] (Microsoft Corporation)
Handler-x32: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll [2016-07-16] (Microsoft Corporation)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
Edge:
======
Edge HomeButtonPage: HKU\S-1-5-21-2565885549-1411879035-1963333558-1001 -> hxxp://www.google.com
FireFox:
========
FF ProfilePath: C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\wk1jsp8t.default
FF Homepage: user_pref("browser.startup.homepage", "hxxps://www.malwarebytes.org/restorebrowser/
FF Plugin: @java.com/DTPlugin,version=11.74.2 -> C:\Program Files\Java\jre1.8.0_74\bin\dtplugin\npDeployJava1.dll [2016-12-21] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.74.2 -> C:\Program Files\Java\jre1.8.0_74\bin\plugin2\npjp2.dll [2016-12-21] (Oracle Corporation)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2016-10-06] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\dtplugin\npDeployJava1.dll [2016-11-01] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\plugin2\npjp2.dll [2016-11-01] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2012-10-02] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2012-10-02] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin HKU\S-1-5-21-2565885549-1411879035-1963333558-1001: @citrixonline.com/appdetectorplugin -> C:\Users\admin\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2016-11-22] (Citrix Online)
FF Plugin HKU\S-1-5-21-2565885549-1411879035-1963333558-1001: tdameritrade.com/thinkorswim -> C:\Users\admin\AppData\Local\thinkorswim\npthinkorswim.dll No File
FF Plugin HKU\S-1-5-21-2565885549-1411879035-1963333558-1001: tdameritrade.com/tossc -> C:\Users\admin\AppData\Local\thinkorswim\nptossc.dll No File
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2012-10-02] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Users\admin\AppData\Roaming\mozilla\plugins\npatgpc.dll [2016-11-17] (Cisco WebEx LLC)
FF Extension: Adblock Plus - C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\wk1jsp8t.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-10-11]
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S4 AppVClient; C:\Windows\system32\AppVClient.exe [822624 2016-12-14] (Microsoft Corporation)
S2 CDPUserSvc; C:\Windows\System32\CDPUserSvc.dll [339456 2016-11-11] (Microsoft Corporation)
R2 CDPUserSvc_c3042; C:\Windows\system32\svchost.exe [44496 2016-07-16] (Microsoft Corporation)
R2 CDPUserSvc_c3042; C:\Windows\SysWOW64\svchost.exe [38792 2016-07-16] (Microsoft Corporation)
S2 FirefoxU; C:\Program Files (x86)\Firefox\bin\FirefoxUpdate.exe [523952 2016-10-24] () [File not signed]
S3 FrameServer; C:\Windows\system32\FrameServer.dll [805888 2016-11-02] (Microsoft Corporation)
R2 GubedZL; C:\Program Files (x86)\Gubed\GubedZL.dll [125952 2017-01-16] () [File not signed]
R2 Gubed_WMI; C:\Program Files (x86)\Gubed_WMI\Gubed_WMI.exe [109056 2016-12-23] () [File not signed] <==== ATTENTION
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [31776 2016-12-07] (HP Inc.)
S3 HvHost; C:\Windows\System32\hvhostsvc.dll [67584 2016-07-16] (Microsoft Corporation)
S2 ibtsiva; C:\Program Files (x86)\Intel\Bluetooth\utilities\ibtsiva.exe [150256 2015-07-13] (Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4317648 2016-12-14] (Malwarebytes)
S3 MessagingService; C:\Windows\System32\MessagingService.dll [52224 2016-07-16] (Microsoft Corporation)
S3 MessagingService_c3042; C:\Windows\system32\svchost.exe [44496 2016-07-16] (Microsoft Corporation)
S3 MessagingService_c3042; C:\Windows\SysWOW64\svchost.exe [38792 2016-07-16] (Microsoft Corporation)
R2 OneSyncSvc_c3042; C:\Windows\system32\svchost.exe [44496 2016-07-16] (Microsoft Corporation)
R2 OneSyncSvc_c3042; C:\Windows\SysWOW64\svchost.exe [38792 2016-07-16] (Microsoft Corporation)
S3 PimIndexMaintenanceSvc_c3042; C:\Windows\system32\svchost.exe [44496 2016-07-16] (Microsoft Corporation)
S3 PimIndexMaintenanceSvc_c3042; C:\Windows\SysWOW64\svchost.exe [38792 2016-07-16] (Microsoft Corporation)
S3 RmSvc; C:\Windows\System32\RMapi.dll [140800 2016-09-15] (Microsoft Corporation)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [2889896 2016-09-15] (Microsoft Corporation)
S4 shpamsvc; C:\Windows\system32\Windows.SharedPC.AccountManager.dll [161792 2016-07-16] (Microsoft Corporation)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [10351856 2016-12-15] (TeamViewer GmbH)
S3 TieringEngineService; C:\Windows\system32\TieringEngineService.exe [287744 2016-07-16] (Microsoft Corporation)
R3 TimeBrokerSvc; C:\Windows\System32\TimeBrokerServer.dll [177664 2016-07-16] (Microsoft Corporation)
S4 tzautoupdate; C:\Windows\system32\tzautoupdate.dll [95232 2016-09-07] (Microsoft Corporation)
S4 UevAgentService; C:\Windows\system32\AgentService.exe [1227264 2016-07-16] (Microsoft Corporation)
S3 UnistoreSvc_c3042; C:\Windows\System32\svchost.exe [44496 2016-07-16] (Microsoft Corporation)
S3 UnistoreSvc_c3042; C:\Windows\SysWOW64\svchost.exe [38792 2016-07-16] (Microsoft Corporation)
S3 UserDataSvc_c3042; C:\Windows\system32\svchost.exe [44496 2016-07-16] (Microsoft Corporation)
S3 UserDataSvc_c3042; C:\Windows\SysWOW64\svchost.exe [38792 2016-07-16] (Microsoft Corporation)
S3 vmicrdv; C:\Windows\System32\icsvcext.dll [349696 2016-09-15] (Microsoft Corporation)
S3 vmicvss; C:\Windows\System32\icsvcext.dll [349696 2016-09-15] (Microsoft Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)
S3 wisvc; C:\Windows\system32\flightsettings.dll [635904 2016-11-02] (Microsoft Corporation)
S3 WpnUserService; C:\Windows\System32\WpnUserService.dll [74240 2016-07-16] (Microsoft Corporation)
S3 WpnUserService_c3042; C:\Windows\system32\svchost.exe [44496 2016-07-16] (Microsoft Corporation)
S3 WpnUserService_c3042; C:\Windows\SysWOW64\svchost.exe [38792 2016-07-16] (Microsoft Corporation)
S2 ed2kidle; "C:\Program Files (x86)\amuleC\ed2k.exe" -downloadwhenidle [X]
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 AcpiDev; C:\Windows\System32\drivers\AcpiDev.sys [18432 2016-07-16] (Microsoft Corporation)
S3 applockerfltr; C:\Windows\System32\drivers\applockerfltr.sys [15360 2016-07-16] (Microsoft Corporation)
S3 AppvStrm; C:\Windows\system32\drivers\AppvStrm.sys [127328 2016-09-15] (Microsoft Corporation)
S3 AppvVemgr; C:\Windows\system32\drivers\AppvVemgr.sys [157024 2016-07-16] (Microsoft Corporation)
S3 AppvVfs; C:\Windows\system32\drivers\AppvVfs.sys [141152 2016-07-16] (Microsoft Corporation)
S0 b06bdrv; C:\Windows\System32\drivers\bxvbda.sys [533856 2016-07-16] (QLogic Corporation)
S3 bcmfn; C:\Windows\System32\drivers\bcmfn.sys [9728 2016-07-16] (Windows (R) Win 7 DDK provider)
S3 BthA2DP; C:\Windows\system32\drivers\BthA2DP.sys [168448 2016-09-15] (Microsoft Corporation)
R3 BthHFAud; C:\Windows\system32\DRIVERS\BthHfAud.sys [37376 2016-07-16] (Microsoft Corporation)
S3 cht4iscsi; C:\Windows\System32\drivers\cht4sx64.sys [346976 2016-07-16] (Chelsio Communications)
S3 cht4vbd; C:\Windows\System32\drivers\cht4vx64.sys [2104160 2016-07-16] (Chelsio Communications)
R2 clreg; C:\Windows\System32\drivers\registry.sys [70144 2016-07-16] (Microsoft Corporation)
S3 hvservice; C:\Windows\System32\drivers\hvservice.sys [73568 2016-08-06] (Microsoft Corporation)
S3 iagpio; C:\Windows\System32\drivers\iagpio.sys [33280 2016-07-16] (Intel(R) Corporation)
S3 iai2c; C:\Windows\System32\drivers\iai2c.sys [81408 2016-07-16] (Intel(R) Corporation)
S3 iaLPSS2i_GPIO2; C:\Windows\System32\drivers\iaLPSS2i_GPIO2.sys [64512 2016-07-16] (Intel Corporation)
S3 iaLPSS2i_I2C; C:\Windows\System32\drivers\iaLPSS2i_I2C.sys [176384 2016-07-16] (Intel Corporation)
S3 IndirectKmd; C:\Windows\System32\drivers\IndirectKmd.sys [35840 2016-07-16] (Microsoft Corporation)
R0 iorate; C:\Windows\System32\drivers\iorate.sys [48992 2016-11-02] (Microsoft Corporation)
R0 MBAMSwissArmy; C:\Windows\System32\drivers\MBAMSwissArmy.sys [250816 2017-01-18] (Malwarebytes)
S0 megasas2i; C:\Windows\System32\drivers\MegaSas2i.sys [64352 2016-10-05] (Avago Technologies)
S3 MsSecFlt; C:\Windows\System32\drivers\mssecflt.sys [179040 2016-07-16] (Microsoft Corporation)
S3 NetAdapterCx; C:\Windows\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
S0 percsas2i; C:\Windows\System32\drivers\percsas2i.sys [58720 2016-07-16] (Avago Technologies)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [589824 2016-07-16] (Realtek                                            )
S0 scmbus; C:\Windows\System32\drivers\scmbus.sys [88416 2016-07-16] (Microsoft Corporation)
S3 scmdisk0101; C:\Windows\System32\drivers\scmdisk0101.sys [123904 2016-07-16] (Microsoft Corporation)
S3 UcmTcpciCx0101; C:\Windows\System32\Drivers\UcmTcpciCx.sys [108544 2016-07-16] (Microsoft Corporation)
S3 UdeCx; C:\Windows\System32\drivers\udecx.sys [45568 2016-07-16] (Microsoft Corporation)
S4 UevAgentDriver; C:\Windows\system32\drivers\UevAgentDriver.sys [40288 2016-07-16] (Microsoft Corporation)
S3 vmgid; C:\Windows\System32\drivers\vmgid.sys [10240 2016-07-16] (Microsoft Corporation)
R0 volume; C:\Windows\System32\drivers\volume.sys [16224 2016-07-16] (Microsoft Corporation)
R2 wcifs; C:\Windows\system32\drivers\wcifs.sys [119648 2016-09-15] (Microsoft Corporation)
R2 wcnfs; C:\Windows\system32\drivers\wcnfs.sys [66560 2016-07-16] (Microsoft Corporation)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
NETSVC: shpamsvc -> C:\Windows\system32\Windows.SharedPC.AccountManager.dll (Microsoft Corporation)
NETSVC: WpnService -> C:\Windows\system32\WpnService.dll (Microsoft Corporation)
NETSVC: wisvc -> C:\Windows\system32\flightsettings.dll (Microsoft Corporation)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-01-18 10:57 - 2017-01-18 10:58 - 00019014 _____ C:\Users\admin\Desktop\FRST.txt
2017-01-18 10:57 - 2017-01-18 10:57 - 00000000 ____D C:\FRST
2017-01-18 10:56 - 2017-01-18 10:57 - 02193920 _____ (Farbar) C:\Users\admin\Desktop\FRST64.exe
2017-01-18 10:50 - 2016-12-26 11:27 - 00022016 _____ C:\Users\admin\Desktop\tt0202.xls
2017-01-18 10:50 - 2016-12-21 22:40 - 00955904 _____ C:\Users\admin\Desktop\VRS16 X 2003.xls
2017-01-18 10:50 - 2016-11-23 12:53 - 00061003 _____ C:\Users\admin\Desktop\Valuing Oil Stocks with the Graham Number.xlsm
2017-01-18 10:50 - 2016-11-16 17:35 - 79029520 _____ (WhatsApp) C:\Users\admin\Desktop\WhatsAppSetup.exe
2017-01-18 10:50 - 2016-11-16 17:35 - 79029520 _____ (WhatsApp) C:\Users\admin\Desktop\Unconfirmed 52640.crdownload
2017-01-18 10:50 - 2016-11-16 16:41 - 24743106 _____ C:\Users\admin\Desktop\vlc-setup-win.exe
2017-01-18 10:50 - 2016-11-05 21:26 - 00069710 _____ C:\Users\admin\Desktop\Valuing-Oil-Stocks-with-the-Graham-Number.zip
2017-01-18 10:50 - 2016-10-21 16:03 - 10841720 _____ (TeamViewer GmbH) C:\Users\admin\Desktop\TeamViewer_Setup_en-sbv.exe
2017-01-18 10:50 - 2016-10-17 13:19 - 06544056 _____ (Intel(R) Corporation) C:\Users\admin\Desktop\WP-BT_17.1.1529.1613_t64(1).exe
2017-01-18 10:50 - 2016-10-15 17:30 - 06544056 _____ (Intel(R) Corporation) C:\Users\admin\Desktop\WP-BT_17.1.1529.1613_t64.exe
2017-01-18 10:50 - 2016-10-13 20:34 - 30072320 _____ C:\Users\admin\Desktop\TradeTigerSetup.msi
2017-01-18 10:49 - 2017-01-18 10:50 - 00000000 ____D C:\Users\admin\Desktop\OptionProbabilityCalculator
2017-01-18 10:49 - 2017-01-17 13:49 - 54199488 _____ (Malwarebytes ) C:\Users\admin\Desktop\mb3-setup-consumer-3.0.5.1299.exe
2017-01-18 10:49 - 2017-01-15 23:17 - 00352436 _____ C:\Users\admin\Desktop\google.csv
2017-01-18 10:49 - 2017-01-15 17:16 - 00243552 _____ C:\Users\admin\Desktop\Firefox Setup Stub 50.1.0.exe
2017-01-18 10:49 - 2017-01-15 16:38 - 16146725 _____ C:\Users\admin\Desktop\pi.zip
2017-01-18 10:49 - 2017-01-10 23:26 - 01065376 _____ (Google Inc.) C:\Users\admin\Desktop\GoogleEarthSetup.exe
2017-01-18 10:49 - 2016-12-27 20:52 - 00113079 _____ C:\Users\admin\Desktop\DELHI (1).xlsx
2017-01-18 10:49 - 2016-12-27 19:58 - 00065024 _____ C:\Users\admin\Desktop\fiscal-calendar-2017-portrait-6-months-blocks.xls
2017-01-18 10:49 - 2016-12-26 23:16 - 00113079 _____ C:\Users\admin\Desktop\DELHI.xlsx
2017-01-18 10:49 - 2016-12-21 23:15 - 43544408 _____ (HP Inc. ) C:\Users\admin\Desktop\sp78153.exe
2017-01-18 10:49 - 2016-12-21 16:46 - 57569888 _____ (Oracle Corporation) C:\Users\admin\Desktop\jre-8u74-windows-x64.exe
2017-01-18 10:49 - 2016-12-21 16:33 - 30403470 _____ C:\Users\admin\Desktop\NestTrader_Setup_V.3.11.4.4_CapitalFocus_iNET_without_framewrk.zip
2017-01-18 10:49 - 2016-12-12 17:05 - 07659763 _____ C:\Users\admin\Desktop\cHENNAI vARDAH 2016-12-12 at 16.23.19
2017-01-18 10:49 - 2016-12-02 16:01 - 00000103 _____ C:\Users\admin\Desktop\block.csv
2017-01-18 10:49 - 2016-11-29 20:08 - 00022028 _____ C:\Users\admin\Desktop\FOVOLT_28112016.csv
2017-01-18 10:49 - 2016-11-29 19:46 - 00025508 _____ C:\Users\admin\Desktop\FOVOLT_29112016.csv
2017-01-18 10:49 - 2016-11-29 17:13 - 00025514 _____ C:\Users\admin\Desktop\FOVOLT_28112016 (1).csv
2017-01-18 10:49 - 2016-11-24 18:10 - 00000922 _____ C:\Users\admin\Desktop\fao_participant_vol_24112016.csv
2017-01-18 10:49 - 2016-11-24 18:06 - 00000883 _____ C:\Users\admin\Desktop\fao_participant_oi_24112016.csv
2017-01-18 10:49 - 2016-11-24 16:35 - 00025534 _____ C:\Users\admin\Desktop\FOVOLT_24112016.csv
2017-01-18 10:49 - 2016-11-23 16:55 - 00000907 _____ C:\Users\admin\Desktop\fao_participant_vol_22112016.csv
2017-01-18 10:49 - 2016-11-23 11:09 - 00101236 _____ C:\Users\admin\Desktop\CMVOLT_22112016.CSV
2017-01-18 10:49 - 2016-11-17 15:06 - 00922728 _____ (Cisco WebEx LLC) C:\Users\admin\Desktop\Cisco_WebEx_Add-On.exe
2017-01-18 10:49 - 2016-11-09 15:23 - 00321536 _____ C:\Users\admin\Desktop\OptionTradingWorkbook.xls
2017-01-18 10:49 - 2016-11-09 15:09 - 00330752 _____ C:\Users\admin\Desktop\OptionTradingWorkbook (1).xls
2017-01-18 10:49 - 2016-11-08 18:42 - 00526336 _____ C:\Users\admin\Desktop\IndexInclExcl.xls
2017-01-18 10:49 - 2016-11-08 11:36 - 00006234 _____ C:\Users\admin\Desktop\nifty50_mcwb.csv
2017-01-18 10:49 - 2016-11-05 21:03 - 00011314 _____ C:\Users\admin\Desktop\OptionProbabilityCalculator.zip
2017-01-18 10:49 - 2016-11-02 16:10 - 02076064 _____ C:\Users\admin\Desktop\ShowMyPC3500.exe
2017-01-18 10:49 - 2016-11-02 12:26 - 00051017 _____ C:\Users\admin\Desktop\table (1).csv
2017-01-18 10:49 - 2016-11-02 12:24 - 00057559 _____ C:\Users\admin\Desktop\table.csv
2017-01-18 10:49 - 2016-11-02 11:35 - 00019964 _____ C:\Users\admin\Desktop\FOVOLT_210920151.csv
2017-01-18 10:49 - 2016-11-02 11:34 - 00023217 _____ C:\Users\admin\Desktop\FOVOLT_21092015.csv
2017-01-18 10:49 - 2016-11-01 21:21 - 00083253 _____ C:\Users\admin\Desktop\DailyNFRELIANCE 24-Nov-2016.csv
2017-01-18 10:49 - 2016-11-01 16:53 - 00348527 _____ C:\Users\admin\Desktop\dATA _ TO CALCULATE vo_DailyNCNIFTY.csv
2017-01-18 10:49 - 2016-11-01 16:45 - 00007562 _____ C:\Users\admin\Desktop\8750_NIFTY_CE_01-Aug-2016_TO_28-Oct-2016.csv
2017-01-18 10:49 - 2016-11-01 14:02 - 00737344 _____ (Oracle Corporation) C:\Users\admin\Desktop\JavaSetup8u111.exe
2017-01-18 10:49 - 2016-10-31 22:41 - 00025521 _____ C:\Users\admin\Desktop\FOVOLT_30102016.csv
2017-01-18 10:49 - 2016-10-31 22:40 - 00001307 _____ C:\Users\admin\Desktop\FOVOLT_28102016.csv
2017-01-18 10:49 - 2016-10-26 23:18 - 00002577 _____ C:\Users\admin\Desktop\OPTIDX_NIFTY_CE_03-Oct-2016_TO_26-Oct-2016.csv
2017-01-18 10:49 - 2016-10-26 23:18 - 00002569 _____ C:\Users\admin\Desktop\OPTIDX_NIFTY_PE_03-Oct-2016_TO_26-Oct-2016.csv
2017-01-18 10:49 - 2016-10-26 23:05 - 00046080 _____ C:\Users\admin\Desktop\sos_scheme (1).xls
2017-01-18 10:49 - 2016-10-26 23:04 - 00046080 _____ C:\Users\admin\Desktop\sos_scheme.xls
2017-01-18 10:49 - 2016-10-26 16:13 - 00422371 _____ C:\Users\admin\Desktop\fo25OCT2016bhav.csv.zip
2017-01-18 10:49 - 2016-10-26 16:07 - 00063045 _____ C:\Users\admin\Desktop\cm25OCT2016bhav.csv.zip
2017-01-18 10:49 - 2016-10-26 16:05 - 00101678 _____ C:\Users\admin\Desktop\CMVOLT_25102016.CSV
2017-01-18 10:49 - 2016-10-25 22:00 - 00067584 _____ C:\Users\admin\Desktop\Options_Premium_Calculator.xls
2017-01-18 10:49 - 2016-10-24 15:51 - 00065870 _____ C:\Users\admin\Desktop\app1.pdf;jsessionid=C0ABE07C15C69BC99E86C4E0FA91A095.f03t03
2017-01-18 10:49 - 2016-10-23 18:08 - 03630540 _____ C:\Users\admin\Desktop\option_trades_20160516_TUVWXYZ_sample.zip
2017-01-18 10:49 - 2016-10-21 17:24 - 00927232 _____ C:\Users\admin\Desktop\OptionCalculatorSetup.msi
2017-01-18 10:49 - 2016-10-21 15:30 - 24998531 _____ C:\Users\admin\Desktop\NEST3.zip
2017-01-18 10:49 - 2016-10-15 19:01 - 52706560 _____ (Lenovo Group Limited ) C:\Users\admin\Desktop\j3bm02ww.exe
2017-01-18 10:49 - 2016-10-11 19:52 - 00243560 _____ C:\Users\admin\Desktop\Firefox Setup Stub 49.0.1.exe
2017-01-17 14:12 - 2017-01-17 14:12 - 00174764 _____ C:\Windows\Minidump\011717-19531-01.dmp
2017-01-17 13:49 - 2017-01-18 10:22 - 00250816 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-01-17 13:49 - 2017-01-17 13:49 - 00001912 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-01-17 13:49 - 2017-01-17 13:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-01-17 13:49 - 2017-01-17 13:49 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-01-17 13:49 - 2017-01-17 13:49 - 00000000 ____D C:\Program Files\Malwarebytes
2017-01-17 13:49 - 2016-12-14 12:55 - 00077416 _____ C:\Windows\system32\Drivers\mbae64.sys
2017-01-17 11:57 - 2017-01-17 13:53 - 00000214 _____ C:\Windows\Tasks\CreateExplorerShellUnelevatedTask.job
2017-01-15 22:44 - 2017-01-16 09:29 - 00142188 _____ C:\Users\admin\Desktop\New_IntraDayNFNIFTY 25-Jan-2017.xlsm
2017-01-15 18:46 - 2017-01-15 22:44 - 00156974 _____ C:\Users\admin\Desktop\IntraDayNFNIFTY 25-Jan-2017.csv
2017-01-15 17:17 - 2017-01-16 23:14 - 00000000 ____D C:\Users\admin\AppData\LocalLow\Mozilla
2017-01-15 16:40 - 2017-01-15 16:40 - 00002565 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Uninstall Pi.lnk
2017-01-15 16:40 - 2017-01-15 16:40 - 00002565 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Pi.lnk
2017-01-15 16:40 - 2017-01-15 16:40 - 00002559 _____ C:\Users\Public\Desktop\Pi.lnk
2017-01-15 16:40 - 2017-01-15 16:40 - 00000000 ____D C:\Zerodha
2017-01-12 19:53 - 2017-01-12 19:53 - 00001040 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 12.lnk
2017-01-12 19:53 - 2017-01-12 19:53 - 00001028 _____ C:\Users\Public\Desktop\TeamViewer 12.lnk
2017-01-12 12:13 - 2017-01-12 12:39 - 00002596 _____ C:\Users\admin\Desktop\GraphNFNIFTY 25-Jan-2017.csv
2017-01-12 11:55 - 2017-01-12 11:55 - 00238942 _____ C:\Users\admin\Desktop\min_HA_Open_hign and Low testing.csv
2017-01-12 11:44 - 2017-01-15 18:40 - 00089533 _____ C:\Users\admin\Desktop\DailyNFNIFTY 25-Jan-2017_12th Jan.csv
2017-01-11 13:22 - 2016-12-23 04:43 - 00835576 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-01-11 13:22 - 2016-12-23 04:43 - 00177656 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-01-11 10:10 - 2016-12-21 13:13 - 04130440 _____ (Microsoft Corporation) C:\Windows\system32\mfcore.dll
2017-01-11 10:10 - 2016-12-21 13:13 - 01454504 _____ (Microsoft Corporation) C:\Windows\system32\mfnetsrc.dll
2017-01-11 10:10 - 2016-12-21 13:13 - 01071736 _____ (Microsoft Corporation) C:\Windows\system32\mfnetcore.dll
2017-01-11 10:10 - 2016-12-21 13:12 - 01988560 _____ (Microsoft Corporation) C:\Windows\system32\mfmp4srcsnk.dll
2017-01-11 10:10 - 2016-12-21 13:12 - 01702392 _____ (Microsoft Corporation) C:\Windows\system32\mfasfsrcsnk.dll
2017-01-11 10:10 - 2016-12-21 13:12 - 01300600 _____ (Microsoft Corporation) C:\Windows\system32\mfmpeg2srcsnk.dll
2017-01-11 10:10 - 2016-12-21 13:11 - 01600632 _____ (Microsoft Corporation) C:\Windows\system32\sppobjs.dll
2017-01-11 10:10 - 2016-12-21 12:38 - 00360448 _____ (Microsoft Corporation) C:\Windows\system32\rdpencom.dll
2017-01-11 10:10 - 2016-12-21 12:36 - 06285312 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.dll
2017-01-11 10:10 - 2016-12-21 12:29 - 00883712 _____ (Microsoft Corporation) C:\Windows\system32\samsrv.dll
2017-01-11 10:10 - 2016-12-21 12:26 - 00936960 _____ (Microsoft Corporation) C:\Windows\system32\MCRecvSrc.dll
2017-01-11 10:10 - 2016-12-21 12:23 - 04474368 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_47.dll
2017-01-11 10:10 - 2016-12-21 12:21 - 08075776 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2017-01-11 10:10 - 2016-12-21 12:21 - 05611008 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2017-01-11 10:10 - 2016-12-21 12:20 - 01490432 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2017-01-11 10:10 - 2016-12-21 11:29 - 00218976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\offlinesam.dll
2017-01-11 10:10 - 2016-12-21 10:39 - 00263472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Storage.ApplicationData.dll
2017-01-11 10:10 - 2016-12-21 10:13 - 00285184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.BlockedShutdown.dll
2017-01-11 10:10 - 2016-12-21 10:11 - 00253952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.BioFeedback.dll
2017-01-11 10:10 - 2016-12-21 10:10 - 00557568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\StoreAgent.dll
2017-01-11 10:10 - 2016-12-21 10:10 - 00180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InstallAgent.exe
2017-01-11 10:10 - 2016-12-21 10:09 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InstallAgentUserBroker.exe
2017-01-11 10:10 - 2016-12-21 10:08 - 00866816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Cred.dll
2017-01-11 10:10 - 2016-12-21 09:52 - 01883648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Logon.dll
2017-01-11 10:10 - 2016-12-14 11:11 - 01235296 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2017-01-11 10:10 - 2016-12-14 10:18 - 01631232 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Xaml.Resources.dll
2017-01-11 10:10 - 2016-12-14 10:08 - 17188864 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Xaml.dll
2017-01-11 10:10 - 2016-12-14 10:08 - 00213504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.CredDialogController.dll
2017-01-11 10:10 - 2016-12-14 09:54 - 01005568 _____ (Microsoft Corporation) C:\Windows\system32\D3D12.dll
2017-01-11 10:10 - 2016-12-14 09:54 - 00673792 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2017-01-11 10:10 - 2016-12-14 09:53 - 03134976 _____ (Microsoft Corporation) C:\Windows\system32\rdpcore.dll
2017-01-11 10:10 - 2016-12-14 09:52 - 02317824 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2017-01-11 10:10 - 2016-12-14 09:52 - 00391168 _____ (Microsoft Corporation) C:\Windows\system32\wuuhext.dll
2017-01-11 10:09 - 2016-12-21 13:38 - 00245600 _____ (Microsoft Corporation) C:\Windows\system32\offlinesam.dll
2017-01-11 10:09 - 2016-12-21 13:38 - 00136032 _____ (Microsoft Corporation) C:\Windows\system32\ImplatSetup.dll
2017-01-11 10:09 - 2016-12-21 13:34 - 07816032 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2017-01-11 10:09 - 2016-12-21 13:19 - 00328008 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Storage.ApplicationData.dll
2017-01-11 10:09 - 2016-12-21 13:16 - 00624048 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2017-01-11 10:09 - 2016-12-21 13:13 - 00092512 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2017-01-11 10:09 - 2016-12-21 13:12 - 22224480 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2017-01-11 10:09 - 2016-12-21 13:07 - 00455520 _____ (Microsoft Corporation) C:\Windows\system32\securekernel.exe
2017-01-11 10:09 - 2016-12-21 12:45 - 22563840 _____ (Microsoft Corporation) C:\Windows\system32\edgehtml.dll
2017-01-11 10:09 - 2016-12-21 12:44 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\LaunchWinApp.exe
2017-01-11 10:09 - 2016-12-21 12:39 - 00368640 _____ (Microsoft Corporation) C:\Windows\system32\OneBackupHandler.dll
2017-01-11 10:09 - 2016-12-21 12:39 - 00363520 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.BioFeedback.dll
2017-01-11 10:09 - 2016-12-21 12:38 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.BlockedShutdown.dll
2017-01-11 10:09 - 2016-12-21 12:38 - 00289792 _____ (Microsoft Corporation) C:\Windows\system32\DeveloperOptionsSettingsHandlers.dll
2017-01-11 10:09 - 2016-12-21 12:38 - 00211968 _____ (Microsoft Corporation) C:\Windows\system32\InstallAgent.exe
2017-01-11 10:09 - 2016-12-21 12:37 - 00748544 _____ (Microsoft Corporation) C:\Windows\system32\StoreAgent.dll
2017-01-11 10:09 - 2016-12-21 12:36 - 00310784 _____ (Microsoft Corporation) C:\Windows\system32\SyncSettings.dll
2017-01-11 10:09 - 2016-12-21 12:36 - 00260608 _____ (Microsoft Corporation) C:\Windows\system32\InstallAgentUserBroker.exe
2017-01-11 10:09 - 2016-12-21 12:36 - 00147456 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2017-01-11 10:09 - 2016-12-21 12:35 - 00425984 _____ (Microsoft Corporation) C:\Windows\system32\aadcloudap.dll
2017-01-11 10:09 - 2016-12-21 12:35 - 00261632 _____ (Microsoft Corporation) C:\Windows\system32\indexeddbserver.dll
2017-01-11 10:09 - 2016-12-21 12:35 - 00049152 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Shell.dll
2017-01-11 10:09 - 2016-12-21 12:31 - 09131008 _____ (Microsoft Corporation) C:\Windows\system32\twinui.dll
2017-01-11 10:09 - 2016-12-21 12:30 - 00440320 _____ (Microsoft Corporation) C:\Windows\system32\fhcfg.dll
2017-01-11 10:09 - 2016-12-21 12:29 - 01908224 _____ (Microsoft Corporation) C:\Windows\system32\AzureSettingSyncProvider.dll
2017-01-11 10:09 - 2016-12-21 12:28 - 23678464 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2017-01-11 10:09 - 2016-12-21 12:27 - 00462336 _____ (Microsoft Corporation) C:\Windows\system32\fhsettingsprovider.dll
2017-01-11 10:09 - 2016-12-21 12:26 - 00947712 _____ (Microsoft Corporation) C:\Windows\system32\MSVP9DEC.dll
2017-01-11 10:09 - 2016-12-21 12:25 - 08129536 _____ (Microsoft Corporation) C:\Windows\system32\Chakra.dll
2017-01-11 10:09 - 2016-12-21 12:25 - 04749312 _____ (Microsoft Corporation) C:\Windows\system32\SettingsHandlers_nt.dll
2017-01-11 10:09 - 2016-12-21 12:24 - 05511680 _____ (Microsoft Corporation) C:\Windows\system32\aclui.dll
2017-01-11 10:09 - 2016-12-21 12:23 - 06664192 _____ (Microsoft Corporation) C:\Windows\system32\mspaint.exe
2017-01-11 10:09 - 2016-12-21 12:19 - 04149248 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2017-01-11 10:09 - 2016-12-21 12:19 - 02691072 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Logon.dll
2017-01-11 10:09 - 2016-12-21 12:19 - 01062912 _____ (Microsoft Corporation) C:\Windows\system32\SettingSyncCore.dll
2017-01-11 10:09 - 2016-12-21 12:17 - 01121280 _____ (Microsoft Corporation) C:\Windows\system32\aadtb.dll
2017-01-11 10:09 - 2016-12-21 10:32 - 03892864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfcore.dll
2017-01-11 10:09 - 2016-12-21 10:32 - 01852720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfmp4srcsnk.dll
2017-01-11 10:09 - 2016-12-21 10:32 - 01360464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfnetsrc.dll
2017-01-11 10:09 - 2016-12-21 10:32 - 01277344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfasfsrcsnk.dll
2017-01-11 10:09 - 2016-12-21 10:32 - 01201872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfmpeg2srcsnk.dll
2017-01-11 10:09 - 2016-12-21 10:32 - 00980832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfnetcore.dll
2017-01-11 10:09 - 2016-12-21 10:31 - 20969928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2017-01-11 10:09 - 2016-12-21 10:16 - 00034304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\LaunchWinApp.exe
2017-01-11 10:09 - 2016-12-21 10:11 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.LockScreen.dll
2017-01-11 10:09 - 2016-12-21 10:10 - 00318976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpencom.dll
2017-01-11 10:09 - 2016-12-21 10:10 - 00237056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SyncSettings.dll
2017-01-11 10:09 - 2016-12-21 10:09 - 01300480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSVPXENC.dll
2017-01-11 10:09 - 2016-12-21 10:05 - 04612608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.dll
2017-01-11 10:09 - 2016-12-21 10:05 - 00198656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\indexeddbserver.dll
2017-01-11 10:09 - 2016-12-21 10:04 - 07626752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll
2017-01-11 10:09 - 2016-12-21 10:03 - 19413504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\edgehtml.dll
2017-01-11 10:09 - 2016-12-21 10:02 - 19417600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2017-01-11 10:09 - 2016-12-21 10:00 - 05398016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aclui.dll
2017-01-11 10:09 - 2016-12-21 10:00 - 01255936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AzureSettingSyncProvider.dll
2017-01-11 10:09 - 2016-12-21 09:57 - 00640000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MCRecvSrc.dll
2017-01-11 10:09 - 2016-12-21 09:56 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSVP9DEC.dll
2017-01-11 10:09 - 2016-12-21 09:55 - 07469056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2017-01-11 10:09 - 2016-12-21 09:55 - 06474752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mspaint.exe
2017-01-11 10:09 - 2016-12-21 09:54 - 06044160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Chakra.dll
2017-01-11 10:09 - 2016-12-14 11:11 - 00590960 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2017-01-11 10:09 - 2016-12-14 11:04 - 02482280 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2017-01-11 10:09 - 2016-12-14 11:03 - 02169184 _____ (Microsoft Corporation) C:\Windows\system32\AppVEntSubsystems64.dll
2017-01-11 10:09 - 2016-12-14 11:03 - 01669984 _____ (Microsoft Corporation) C:\Windows\system32\AppVIntegration.dll
2017-01-11 10:09 - 2016-12-14 11:03 - 01400160 _____ (Microsoft Corporation) C:\Windows\system32\AppVEntSubsystemController.dll
2017-01-11 10:09 - 2016-12-14 11:03 - 01356864 _____ (Microsoft Corporation) C:\Windows\system32\ClipUp.exe
2017-01-11 10:09 - 2016-12-14 11:03 - 01054048 _____ (Microsoft Corporation) C:\Windows\system32\AppVPolicy.dll
2017-01-11 10:09 - 2016-12-14 11:03 - 00992096 _____ (Microsoft Corporation) C:\Windows\system32\AppVManifest.dll
2017-01-11 10:09 - 2016-12-14 11:03 - 00822624 _____ (Microsoft Corporation) C:\Windows\system32\AppVClient.exe
2017-01-11 10:09 - 2016-12-14 11:03 - 00813408 _____ (Microsoft Corporation) C:\Windows\system32\AppVEntStreamingManager.dll
2017-01-11 10:09 - 2016-12-14 11:03 - 00779616 _____ (Microsoft Corporation) C:\Windows\system32\AppVReporting.dll
2017-01-11 10:09 - 2016-12-14 11:03 - 00752992 _____ (Microsoft Corporation) C:\Windows\system32\AppVOrchestration.dll
2017-01-11 10:09 - 2016-12-14 11:03 - 00704352 _____ (Microsoft Corporation) C:\Windows\system32\AppVEntVirtualization.dll
2017-01-11 10:09 - 2016-12-14 11:03 - 00696160 _____ (Microsoft Corporation) C:\Windows\system32\AppVPublishing.dll
2017-01-11 10:09 - 2016-12-14 11:03 - 00571744 _____ (Microsoft Corporation) C:\Windows\system32\AppVCatalog.dll
2017-01-11 10:09 - 2016-12-14 11:03 - 00513376 _____ (Microsoft Corporation) C:\Windows\system32\TransportDSA.dll
2017-01-11 10:09 - 2016-12-14 11:03 - 00406368 _____ (Microsoft Corporation) C:\Windows\system32\AppVScripting.dll
2017-01-11 10:09 - 2016-12-14 11:03 - 00241504 _____ (Microsoft Corporation) C:\Windows\system32\AppVShNotify.exe
2017-01-11 10:09 - 2016-12-14 11:03 - 00190816 _____ (Microsoft Corporation) C:\Windows\system32\AppVDllSurrogate.exe
2017-01-11 10:09 - 2016-12-14 10:53 - 00404832 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2017-01-11 10:09 - 2016-12-14 10:51 - 02206496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2017-01-11 10:09 - 2016-12-14 10:49 - 00584544 _____ (Microsoft Corporation) C:\Windows\system32\SettingSyncHost.exe
2017-01-11 10:09 - 2016-12-14 10:48 - 00715104 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vhdmp.sys
2017-01-11 10:09 - 2016-12-14 10:48 - 00335712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pci.sys
2017-01-11 10:09 - 2016-12-14 10:47 - 00319288 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2017-01-11 10:09 - 2016-12-14 10:44 - 01694712 _____ (Microsoft Corporation) C:\Windows\system32\winmde.dll
2017-01-11 10:09 - 2016-12-14 10:44 - 00418952 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2017-01-11 10:09 - 2016-12-14 10:44 - 00089416 _____ (Microsoft Corporation) C:\Windows\system32\remoteaudioendpoint.dll
2017-01-11 10:09 - 2016-12-14 10:31 - 01557808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winmde.dll
2017-01-11 10:09 - 2016-12-14 10:31 - 00382784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2017-01-11 10:09 - 2016-12-14 10:31 - 00076984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\remoteaudioendpoint.dll
2017-01-11 10:09 - 2016-12-14 10:16 - 01631232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Xaml.Resources.dll
2017-01-11 10:09 - 2016-12-14 10:16 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2017-01-11 10:09 - 2016-12-14 10:13 - 00201728 _____ (Microsoft Corporation) C:\Windows\system32\ScDeviceEnum.dll
2017-01-11 10:09 - 2016-12-14 10:12 - 00352768 _____ (Microsoft Corporation) C:\Windows\system32\cloudAP.dll
2017-01-11 10:09 - 2016-12-14 10:12 - 00236544 _____ (Microsoft Corporation) C:\Windows\system32\WinSCard.dll
2017-01-11 10:09 - 2016-12-14 10:12 - 00208896 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Internal.UI.Logon.ProxyStub.dll
2017-01-11 10:09 - 2016-12-14 10:12 - 00167424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WinSCard.dll
2017-01-11 10:09 - 2016-12-14 10:11 - 00223744 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2017-01-11 10:09 - 2016-12-14 10:10 - 00324096 _____ (Microsoft Corporation) C:\Windows\system32\domgmt.dll
2017-01-11 10:09 - 2016-12-14 10:10 - 00231424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CloudBackupSettings.dll
2017-01-11 10:09 - 2016-12-14 10:10 - 00193536 _____ (Microsoft Corporation) C:\Windows\system32\certprop.dll
2017-01-11 10:09 - 2016-12-14 10:09 - 00837632 _____ (Microsoft Corporation) C:\Windows\system32\wbiosrvc.dll
2017-01-11 10:09 - 2016-12-14 10:09 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\updatehandlers.dll
2017-01-11 10:09 - 2016-12-14 10:09 - 00257024 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.CredDialogController.dll
2017-01-11 10:09 - 2016-12-14 10:08 - 13869056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Xaml.dll
2017-01-11 10:09 - 2016-12-14 10:08 - 00295424 _____ (Microsoft Corporation) C:\Windows\system32\CloudBackupSettings.dll
2017-01-11 10:09 - 2016-12-14 10:07 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\updatepolicy.dll
2017-01-11 10:09 - 2016-12-14 10:06 - 01002496 _____ (Microsoft Corporation) C:\Windows\system32\SRH.dll
2017-01-11 10:09 - 2016-12-14 10:06 - 00539648 _____ (Microsoft Corporation) C:\Windows\system32\usocore.dll
2017-01-11 10:09 - 2016-12-14 10:06 - 00074752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\updatepolicy.dll
2017-01-11 10:09 - 2016-12-14 10:05 - 00755712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2017-01-11 10:09 - 2016-12-14 10:05 - 00712192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2017-01-11 10:09 - 2016-12-14 10:05 - 00600576 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2017-01-11 10:09 - 2016-12-14 10:05 - 00553984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll
2017-01-11 10:09 - 2016-12-14 10:02 - 00497152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\LogonController.dll
2017-01-11 10:09 - 2016-12-14 09:56 - 00932864 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2017-01-11 10:09 - 2016-12-14 09:56 - 00869888 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2017-01-11 10:09 - 2016-12-14 09:55 - 02009600 _____ (Microsoft Corporation) C:\Windows\system32\SRHInproc.dll
2017-01-11 10:09 - 2016-12-14 09:53 - 01231872 _____ (Microsoft Corporation) C:\Windows\system32\dosvc.dll
2017-01-11 10:09 - 2016-12-14 09:52 - 02748416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpcore.dll
2017-01-11 10:09 - 2016-12-14 09:52 - 01513472 _____ (Microsoft Corporation) C:\Windows\system32\win32kbase.sys
2017-01-11 10:09 - 2016-12-14 09:51 - 03616768 _____ (Microsoft Corporation) C:\Windows\system32\win32kfull.sys
2017-01-11 10:09 - 2016-11-02 17:31 - 00484584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2017-01-11 10:09 - 2016-11-02 16:30 - 00534096 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2017-01-11 10:09 - 2016-11-02 15:58 - 00324608 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.LockScreen.dll
2017-01-11 10:09 - 2016-11-02 15:52 - 00337920 _____ (Microsoft Corporation) C:\Windows\system32\AudioEndpointBuilder.dll
2017-01-11 10:09 - 2016-11-02 15:51 - 00942080 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2017-01-11 10:09 - 2016-08-02 10:00 - 00822784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Chakradiag.dll
2017-01-11 10:08 - 2016-12-21 13:12 - 00241504 _____ (Microsoft Corporation) C:\Windows\system32\CloudExperienceHost.dll
2017-01-11 10:08 - 2016-12-21 12:43 - 00119808 _____ (Microsoft Corporation) C:\Windows\system32\KnobsCsp.dll
2017-01-11 10:08 - 2016-12-21 12:42 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\ProvPluginEng.dll
2017-01-11 10:08 - 2016-12-21 12:40 - 00234496 _____ (Microsoft Corporation) C:\Windows\system32\KnobsCore.dll
2017-01-11 10:08 - 2016-12-21 12:38 - 01292288 _____ (Microsoft Corporation) C:\Windows\system32\MSVPXENC.dll
2017-01-11 10:08 - 2016-12-21 12:38 - 00349184 _____ (Microsoft Corporation) C:\Windows\system32\provengine.dll
2017-01-11 10:08 - 2016-12-21 12:23 - 01692672 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentExtensions.onecore.dll
2017-01-11 10:08 - 2016-12-21 12:21 - 02275840 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentServer.dll
2017-01-11 10:08 - 2016-12-21 09:54 - 05061120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2017-01-11 10:08 - 2016-12-21 09:54 - 03733504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_47.dll
2017-01-11 10:08 - 2016-12-21 09:54 - 00886272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aadtb.dll
2017-01-11 10:08 - 2016-12-21 09:52 - 00860672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SettingSyncCore.dll
2017-01-11 10:08 - 2016-12-14 10:56 - 01469792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AppVEntSubsystems32.dll
2017-01-11 10:08 - 2016-12-14 10:38 - 00341344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2017-01-11 10:08 - 2016-12-14 10:36 - 00509792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SettingSyncHost.exe
2017-01-11 10:08 - 2016-12-14 10:15 - 00147968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32k.sys
2017-01-11 10:08 - 2016-12-14 10:10 - 00266752 _____ (Microsoft Corporation) C:\Windows\system32\ConsoleLogon.dll
2017-01-11 10:08 - 2016-12-14 10:10 - 00104448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Internal.UI.Logon.ProxyStub.dll
2017-01-11 10:08 - 2016-12-14 10:02 - 00806400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3D12.dll
2017-01-11 10:08 - 2016-12-14 09:52 - 02998272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32kfull.sys
2017-01-11 10:08 - 2016-12-14 09:52 - 00707584 _____ (Microsoft Corporation) C:\Windows\system32\LogonController.dll
2017-01-10 23:28 - 2017-01-10 23:28 - 00002221 _____ C:\Users\Public\Desktop\Google Earth.lnk
2017-01-10 23:28 - 2017-01-10 23:28 - 00000000 ____D C:\Users\admin\AppData\LocalLow\Google
2017-01-10 23:28 - 2017-01-10 23:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
2017-01-09 20:13 - 2017-01-09 20:13 - 00001012 _____ C:\Users\admin\Desktop\Opengoogle - Shortcut.lnk
2017-01-08 18:25 - 2017-01-08 18:25 - 00001380 _____ C:\Users\admin\AppData\Local\suit.log
2017-01-02 18:08 - 2017-01-02 18:08 - 00000000 ____D C:\Users\admin\Documents\Fax
2017-01-02 17:42 - 2017-01-02 17:42 - 00002064 _____ C:\Users\Public\Desktop\HP Photo Creations.lnk
2017-01-02 17:42 - 2017-01-02 17:42 - 00000000 ____D C:\Users\admin\AppData\Roaming\HpUpdate
2017-01-02 17:42 - 2017-01-02 17:42 - 00000000 ____D C:\ProgramData\Visan
2017-01-02 17:42 - 2017-01-02 17:42 - 00000000 ____D C:\ProgramData\HP Photo Creations
2017-01-02 17:42 - 2017-01-02 17:42 - 00000000 ____D C:\Program Files (x86)\HP Photo Creations
2017-01-02 17:41 - 2017-01-02 17:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2017-01-02 17:41 - 2017-01-02 17:42 - 00000000 ____D C:\Program Files (x86)\HP
2017-01-02 17:41 - 2017-01-02 17:41 - 00003780 _____ C:\Windows\System32\Tasks\HPCustParticipation HP Deskjet 3540 series
2017-01-02 17:41 - 2017-01-02 17:41 - 00002289 _____ C:\Users\Public\Desktop\HP Deskjet 3540 series.lnk
2017-01-02 17:41 - 2017-01-02 17:41 - 00001236 _____ C:\Users\Public\Desktop\Shop for Supplies - HP Deskjet 3540 series.lnk
2017-01-02 17:41 - 2017-01-02 17:41 - 00000057 _____ C:\ProgramData\Ament.ini
2017-01-02 17:41 - 2017-01-02 17:41 - 00000000 ____D C:\ProgramData\HP
2017-01-02 17:41 - 2017-01-02 17:41 - 00000000 ____D C:\Program Files\HP
2017-01-02 17:41 - 2014-03-06 12:51 - 00763912 ____N (Hewlett-Packard Co.) C:\Windows\system32\HPDiscoPMC711.dll
2017-01-02 17:39 - 2017-01-02 17:43 - 00000000 ____D C:\Users\admin\AppData\Local\HP
2016-12-28 19:11 - 2016-12-28 19:11 - 00000000 ____D C:\Program Files (x86)\Gubed
2016-12-28 15:36 - 2016-12-28 15:36 - 00008190 _____ C:\Users\admin\Desktop\NIFTY 29-Dec-2016 _1sd WORKS.csv
2016-12-26 21:15 - 2016-12-26 23:21 - 00013818 _____ C:\Users\admin\Desktop\cal.xlsx
2016-12-23 20:46 - 2016-12-23 20:46 - 00000000 ____D C:\Program Files (x86)\Gubed_WMI
2016-12-22 18:46 - 2016-12-22 19:28 - 00000037 _____ C:\Users\admin\Desktop\strt_cmd.bat
2016-12-22 12:16 - 2016-12-22 12:16 - 00071259 _____ C:\Users\admin\Desktop\Potato Gift
2016-12-21 23:22 - 2017-01-12 19:32 - 00000179 _____ C:\Windows\SysWOW64\DOErrors.log
2016-12-21 23:19 - 2016-12-21 23:19 - 00000000 ____D C:\Users\admin\AppData\Roaming\Hewlett-Packard
2016-12-21 23:19 - 2016-12-21 23:19 - 00000000 ____D C:\Users\admin\AppData\Local\Hewlett-Packard
2016-12-21 23:18 - 2016-12-21 23:18 - 00002304 _____ C:\Users\Public\Desktop\HP Support Assistant.lnk
2016-12-21 23:18 - 2016-12-21 23:18 - 00000000 ____D C:\System.sav
2016-12-21 23:18 - 2016-12-21 23:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support
2016-12-21 23:17 - 2016-12-22 08:25 - 00000000 ____D C:\ProgramData\Hewlett-Packard
2016-12-21 23:16 - 2017-01-02 17:42 - 00000000 ____D C:\Program Files (x86)\Hewlett-Packard
2016-12-21 23:16 - 2016-12-22 08:25 - 00000000 ____D C:\Windows\System32\Tasks\Hewlett-Packard
2016-12-21 23:16 - 2016-12-21 23:16 - 00000000 ____D C:\Users\admin\AppData\Roaming\hpqLog
2016-12-21 23:15 - 2016-12-21 23:15 - 00000000 ____D C:\swsetup
2016-12-21 23:00 - 2016-12-21 23:00 - 00000000 _____ C:\Windows\WindowsUpdate_AU_deprecated.log
2016-12-21 16:47 - 2016-12-21 16:46 - 00110176 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2016-12-21 16:46 - 2016-12-21 16:46 - 00000000 ____D C:\Users\admin\AppData\LocalLow\Oracle
2016-12-21 16:46 - 2016-12-21 16:46 - 00000000 ____D C:\Program Files\Java
2016-12-21 16:42 - 2016-12-22 11:18 - 00000000 ____D C:\Users\admin\AppData\Roaming\Omnesys
2016-12-21 16:42 - 2016-12-21 16:42 - 00002125 _____ C:\Users\Public\Desktop\Nest Trader.lnk
2016-12-21 16:42 - 2016-12-21 16:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Omnesysindia
2016-12-21 16:42 - 2016-12-21 16:42 - 00000000 ____D C:\Program Files (x86)\Omnesys
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-01-18 10:56 - 2016-10-11 16:03 - 00000275 _____ C:\Windows\WindowsUpdate.log
2017-01-18 10:54 - 2016-07-16 17:17 - 00000000 ____D C:\Windows\system32\sru
2017-01-18 10:50 - 2016-10-12 04:25 - 00000000 ____D C:\Users\admin
2017-01-18 10:46 - 2016-10-12 04:12 - 00000000 ____D C:\Windows\system32\SleepStudy
2017-01-18 10:30 - 2016-07-16 17:17 - 00000000 ____D C:\Windows\AppReadiness
2017-01-18 10:27 - 2016-10-13 20:04 - 00004168 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{9A03C682-7423-45CC-9D52-D299D6DF42E6}
2017-01-18 10:22 - 2016-10-12 04:12 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-01-18 10:22 - 2016-10-11 19:24 - 00025114 _____ C:\Windows\PFRO.log
2017-01-17 22:22 - 2016-07-16 11:34 - 00524288 _____ C:\Windows\system32\config\BBI
2017-01-17 22:20 - 2016-10-20 22:28 - 00005278 _____ C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for DESKTOP-T7EL38F-admin DESKTOP-T7EL38F
2017-01-17 22:18 - 2016-11-17 15:06 - 00000000 ____D C:\Users\admin\AppData\Local\WebEx
2017-01-17 22:18 - 2016-10-25 21:50 - 00000000 ____D C:\Users\admin\AppData\Local\Google
2017-01-17 22:07 - 2016-10-25 21:50 - 00000000 ____D C:\Program Files (x86)\Google
2017-01-17 20:07 - 2016-10-11 16:33 - 00000000 ____D C:\Users\admin\AppData\Local\Microsoft Help
2017-01-17 20:06 - 2016-07-16 17:17 - 00000000 ____D C:\Windows\system32\FxsTmp
2017-01-17 14:12 - 2016-10-27 13:11 - 284635216 _____ C:\Windows\MEMORY.DMP
2017-01-17 14:12 - 2016-10-27 13:11 - 00000000 ____D C:\Windows\Minidump
2017-01-17 12:17 - 2016-07-16 17:17 - 00000000 ____D C:\Windows\LiveKernelReports
2017-01-17 11:20 - 2016-10-12 04:25 - 02073080 _____ C:\Windows\system32\PerfStringBackup.INI
2017-01-17 11:18 - 2016-10-25 16:24 - 00000000 _____ C:\Users\Public\Documents\report.dat
2017-01-17 11:12 - 2016-10-26 14:38 - 00000000 ____D C:\Program Files (x86)\WinArcher
2017-01-17 10:58 - 2016-10-21 17:28 - 00000000 ____D C:\Windows\system32\appmgmt
2017-01-16 23:16 - 2016-11-16 17:36 - 00000000 ____D C:\Users\admin\AppData\Roaming\WhatsApp
2017-01-16 23:16 - 2016-11-16 17:36 - 00000000 ____D C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WhatsApp
2017-01-16 23:16 - 2016-11-16 17:36 - 00000000 ____D C:\Users\admin\AppData\Local\WhatsApp
2017-01-16 23:16 - 2016-10-21 16:19 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-01-16 23:07 - 2016-10-25 15:17 - 00000374 _____ C:\Windows\SysWOW64\data.bin
2017-01-16 23:04 - 2016-10-25 15:15 - 00034328 _____ (Sysinternals - www.sysinternals.com) C:\Windows\system32\Drivers\PROCEXP152.SYS
2017-01-16 22:33 - 2016-10-12 04:25 - 00000000 ____D C:\Users\admin\AppData\Local\Packages
2017-01-16 15:52 - 2016-10-12 04:22 - 00000000 ____D C:\Users\defaultuser0
2017-01-16 15:48 - 2016-10-12 04:12 - 00350176 _____ C:\Windows\system32\FNTCACHE.DAT
2017-01-12 20:12 - 2016-10-21 16:05 - 00000000 ____D C:\Users\admin\AppData\Roaming\TeamViewer
2017-01-12 19:54 - 2016-10-21 16:04 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2017-01-11 13:38 - 2016-07-16 17:17 - 00000000 ____D C:\Windows\rescache
2017-01-11 12:03 - 2016-07-16 17:17 - 00000000 ___RD C:\Windows\ImmersiveControlPanel
2017-01-11 12:03 - 2016-07-16 17:17 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2017-01-11 12:03 - 2016-07-16 17:17 - 00000000 ____D C:\Windows\system32\WinBioPlugIns
2017-01-11 12:03 - 2016-07-16 17:17 - 00000000 ____D C:\Windows\system32\oobe
2017-01-11 12:03 - 2016-07-16 17:17 - 00000000 ____D C:\Windows\ShellExperiences
2017-01-11 12:03 - 2016-07-16 17:17 - 00000000 ____D C:\Windows\Provisioning
2017-01-11 12:03 - 2016-07-16 17:17 - 00000000 ____D C:\Windows\PolicyDefinitions
2017-01-11 10:23 - 2016-07-16 17:06 - 00000000 ____D C:\Windows\CbsTemp
2017-01-11 10:15 - 2016-10-13 17:36 - 135657872 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-01-09 20:02 - 2016-07-16 17:17 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2017-01-09 20:02 - 2016-07-16 17:17 - 00000000 ____D C:\Windows\system32\Macromed
2017-01-08 21:09 - 2016-11-05 21:24 - 00020304 _____ C:\Users\admin\Documents\debug.log
2017-01-08 18:25 - 2016-12-16 00:02 - 00000000 ____D C:\Users\admin\AppData\Local\thinkorswim
2017-01-08 14:01 - 2016-10-25 16:24 - 00000000 _____ C:\Users\Public\Documents\temp.dat
2017-01-08 13:48 - 2016-10-25 16:27 - 00000000 ____D C:\Program Files (x86)\Firefox
2017-01-08 13:48 - 2016-10-12 04:22 - 00000000 ___RD C:\Users\defaultuser0\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2017-01-07 23:13 - 2016-11-04 16:32 - 00000572 __RSH C:\ProgramData\ntuser.pol
2017-01-02 11:04 - 2016-07-16 17:17 - 00000000 ____D C:\Windows\system32\NDF
2017-01-02 10:24 - 2016-10-13 20:34 - 00002585 _____ C:\Users\Public\Desktop\TradeTiger.lnk
2016-12-31 13:00 - 2016-11-18 15:46 - 00000000 __SHD C:\Users\admin\Documents\cache
2016-12-31 13:00 - 2016-11-17 15:06 - 00000000 ____D C:\Users\admin\AppData\LocalLow\WebEx
2016-12-31 11:32 - 2016-11-17 15:06 - 00000000 ____D C:\ProgramData\WebEx
2016-12-28 19:08 - 2016-11-22 17:03 - 00000690 _____ C:\Windows\Tasks\G2MUploadTask-S-1-5-21-2565885549-1411879035-1963333558-1001.job
2016-12-28 19:08 - 2016-11-22 17:02 - 00000594 _____ C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-2565885549-1411879035-1963333558-1001.job
2016-12-24 11:25 - 2016-11-22 17:03 - 00003860 _____ C:\Windows\System32\Tasks\G2MUploadTask-S-1-5-21-2565885549-1411879035-1963333558-1001
2016-12-24 11:25 - 2016-11-22 17:03 - 00003764 _____ C:\Windows\System32\Tasks\G2MUpdateTask-S-1-5-21-2565885549-1411879035-1963333558-1001
2016-12-23 23:26 - 2016-12-16 00:02 - 00000000 ____D C:\Users\admin\.thinkorswim
2016-12-21 23:18 - 2016-10-15 19:02 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2016-12-21 16:47 - 2016-12-16 00:00 - 00000000 ____D C:\Users\admin\.oracle_jre_usage
2016-12-21 16:47 - 2016-11-01 14:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
==================== Files in the root of some directories =======
2016-06-17 12:24 - 2016-06-17 12:24 - 0004436 _____ () C:\Users\admin\AppData\Roaming\90msp-RKSJ-V
2016-10-10 13:03 - 2016-10-10 13:03 - 0000677 _____ () C:\Users\admin\AppData\Roaming\adventives.zkh
2016-06-17 12:23 - 2016-06-17 12:23 - 0001196 _____ () C:\Users\admin\AppData\Roaming\Athens
2016-10-10 13:03 - 2016-10-10 13:03 - 0060457 _____ () C:\Users\admin\AppData\Roaming\bookmaking.rgj
2016-10-11 17:08 - 2016-10-12 15:51 - 0061134 _____ () C:\Users\admin\AppData\Roaming\Carney.DLB
2016-06-17 12:23 - 2016-06-17 12:23 - 0001930 _____ () C:\Users\admin\AppData\Roaming\compare-with-callbacks.js
2016-06-17 12:23 - 2016-06-17 12:23 - 0003119 _____ () C:\Users\admin\AppData\Roaming\frnphon.env
2017-01-08 18:25 - 2017-01-08 18:25 - 0001380 _____ () C:\Users\admin\AppData\Local\suit.log
2017-01-02 17:41 - 2017-01-02 17:41 - 0000057 _____ () C:\ProgramData\Ament.ini
Some files in TEMP:
====================
C:\Users\admin\AppData\Local\Temp\setup.exe
C:\Users\admin\AppData\Local\Temp\~ct42D9.tmp.dll

==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
--------
Additional scan result of Farbar Recovery Scan Tool (x64) Version:04-10-2015
Ran by admin (2017-01-18 10:59:19)
Running from C:\Users\admin\Desktop
Windows 10 Pro (X64) (2016-10-11 22:53:30)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================
admin (S-1-5-21-2565885549-1411879035-1963333558-1001 - Administrator - Enabled) => C:\Users\admin
Administrator (S-1-5-21-2565885549-1411879035-1963333558-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2565885549-1411879035-1963333558-503 - Limited - Disabled)
defaultuser0 (S-1-5-21-2565885549-1411879035-1963333558-1000 - Limited - Disabled) => C:\Users\defaultuser0
Guest (S-1-5-21-2565885549-1411879035-1963333558-501 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Cisco WebEx Meetings (HKLM-x32\...\ActiveTouchMeetingClient) (Version:  - Cisco WebEx LLC)
Citrix Online Launcher (HKLM-x32\...\{75FCE33E-4E0C-4CE1-ADF0-75F258DF27A0}) (Version: 1.0.445 - Citrix)
Google Earth (HKLM-x32\...\{A0C18B96-AB79-46BD-8321-6FA83E6D25B9}) (Version: 7.1.7.2606 - Google)
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
GoToMeeting 7.30.0.6140 (HKU\S-1-5-21-2565885549-1411879035-1963333558-1001\...\GoToMeeting) (Version: 7.30.0.6140 - CitrixOnline)
HP Deskjet 3540 series Basic Device Software (HKLM\...\{60D33935-59B4-4ACE-8FAE-EBC60DE40A9C}) (Version: 32.2.188.47710 - Hewlett-Packard Co.)
HP Deskjet 3540 series Help (HKLM-x32\...\{1D456349-7D00-479E-A2A9-C846CE390FE5}) (Version: 30.0.0 - Hewlett Packard)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
HP Support Assistant (HKLM-x32\...\{4780AF24-213D-4187-86F2-0014A6D6077B}) (Version: 8.3.50.9 - HP Inc.)
HP Support Solutions Framework (HKLM-x32\...\{00612F78-52C4-46C0-97F0-F50B6036B5E2}) (Version: 12.5.32.203 - HP Inc.)
Intel(R) Wireless Bluetooth(R) (HKLM-x32\...\{C345A462-2044-47D6-81F6-A4416453A514}) (Version: 17.1.1529.1613 - Intel Corporation)
Java 8 Update 111 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180111F0}) (Version: 8.0.1110.14 - Oracle Corporation)
Java 8 Update 74 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418074F0}) (Version: 8.0.740.2 - Oracle Corporation)
Malwarebytes version 3.0.5.1299 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.5.1299 - Malwarebytes)
Microsoft Office Professional Plus 2013 (HKLM-x32\...\Office15.PROPLUSR) (Version: 15.0.4420.1017 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2565885549-1411879035-1963333558-1001\...\OneDriveSetup.exe) (Version: 17.3.6720.1207 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
NEST3 (HKLM-x32\...\InstallShield_{CA17875A-1499-4713-9E6C-E0DFA162FF50}) (Version: 3.11.4.4 - Omnesysindia)
NEST3 (x32 Version: 3.11.4.4 - Omnesysindia) Hidden
Outils de vérification linguistique 2013 de Microsoft Office - Français (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Pi (HKLM-x32\...\{AF6D353A-B1BE-4A56-BA7D-19E3FD9CF0B4}) (Version: 1.0.06 - Tradelab Software Pvt Ltd)
Product Improvement Study for HP Deskjet 3540 series (HKLM\...\{8E8FABC1-F28A-40DF-932F-1076A63CE701}) (Version: 32.2.188.47710 - Hewlett-Packard Co.)
REALTEK Bluetooth Driver (HKLM-x32\...\{9D3D8C60-A5EF-4123-B2B9-172095903AB}) (Version: 3.769.769.091213 - REALTEK Semiconductor Corp.)
TeamViewer 12 (HKLM-x32\...\TeamViewer) (Version: 12.0.72365 - TeamViewer)
TradeTiger (HKLM-x32\...\{33E5D6EE-35EA-42FD-9534-8EDE6F006F60}) (Version: 2.4.60 - Sharekhan)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
WinRAR 5.40 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-2565885549-1411879035-1963333558-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\admin\AppData\Local\Microsoft\OneDrive\17.3.6720.1207\FileCoAuth.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2565885549-1411879035-1963333558-1001_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\admin\AppData\Local\Citrix\GoToMeeting\5808\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)
==================== Restore Points =========================
ATTENTION: System Restore is disabled
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2016-07-16 17:17 - 2017-01-08 18:23 - 00000830 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {02D9DF12-582F-44D5-97BA-1FF119DC6664} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2016-12-06] (HP Inc.)
Task: {10A2FC35-8622-4967-A051-89D5BD2B0115} - System32\Tasks\Wefowardvahodom Monitor => C:\Program Files (x86)\Ateqerly\jemige.exe
Task: {11EF8237-224D-4CF9-9039-61D08754EA5D} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => C:\Windows\system32\compattelrunner.exe [2016-10-15] (Microsoft Corporation)
Task: {1634FC5D-BA63-4B94-9ADE-0659A5E5DFBB} - System32\Tasks\PPI Update 2 => C:\Windows\explorer.exe [2016-11-11] (Microsoft Corporation)
Task: {16DEA092-FB0C-40D0-AE20-0536BECC21D9} - System32\Tasks\Microsoft\Windows\EDP\EDP App Launch Task
Task: {17FDEE71-A741-442B-8A7C-25499EB1341C} - System32\Tasks\Microsoft\XblGameSave\XblGameSaveTaskLogon => C:\Windows\System32\XblGameSaveTask.exe [2016-07-16] (Microsoft Corporation)
Task: {184784E2-6ACB-4154-BD0F-A955BE13F177} - System32\Tasks\Microsoft\Windows\DeviceDirectoryClient\RegisterDevicePolicyChange
Task: {1B65DD58-D16B-45E8-BEB4-94D7E4D64DF7} - System32\Tasks\Microsoft\Windows\EDP\EDP Auth Task
Task: {2A573895-C7BD-4405-9455-74574FE1CF5A} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe [2016-12-15] (HP Inc.)
Task: {34C625A9-BF4A-49E9-A10F-BDC2972C1E2D} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-02] (Microsoft Corporation)
Task: {3825F321-4426-4317-B61B-8A6186620795} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2016-12-12] (HP Inc.)
Task: {3E31ABD7-7B10-482B-AD2F-EFAA1C4741C3} - System32\Tasks\Microsoft\Windows\Subscription\LicenseAcquisition => C:\Windows\system32\UpgradeSubscription.exe [2016-07-16] (Microsoft Corporation)
Task: {40054E9C-D49D-4C36-98A8-EA2B44F7CDEF} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe
Task: {43DF67E8-D733-48FA-98F2-4E6D341E4A79} - System32\Tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser => C:\Windows\system32\compattelrunner.exe [2016-10-15] (Microsoft Corporation)
Task: {443F0ABE-C5C8-46FC-8B5E-32863E46CF15} - System32\Tasks\HPCustParticipation HP Deskjet 3540 series => C:\Program Files\HP\HP Deskjet 3540 series\Bin\HPCustPartic.exe [2014-03-06] (Hewlett-Packard Co.)
Task: {49A803C1-60F6-430C-878E-1577A1C71F30} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-10-25] (Google Inc.)
Task: {4D0DF670-E165-4388-8C95-6464F7778CE8} - System32\Tasks\Microsoft\XblGameSave\XblGameSaveTask => C:\Windows\System32\XblGameSaveTask.exe [2016-07-16] (Microsoft Corporation)
Task: {51B7FB15-4DCB-400E-9A98-10E802F21FB3} - System32\Tasks\Microsoft\Windows\DeviceDirectoryClient\RegisterDeviceScreenOnOff
Task: {5293446B-DE67-4761-A264-627512F5B101} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\Program Files\Windows Defender\\MpCmdRun.exe [2016-07-16] (Microsoft Corporation)
Task: {5654DFBB-E797-4758-B9A0-8BAE94A91F1D} - System32\Tasks\Microsoft\Windows\DUSM\dusmtask => C:\Windows\System32\dusmtask.exe [2016-07-16] (Microsoft Corporation)
Task: {5FAAF530-ED1B-4F7B-AD7B-1694AA0B202B} - System32\Tasks\Microsoft\Windows\CertificateServicesClient\CryptoPolicyTask
Task: {6232090F-3BD0-4E1F-960B-78CBA797F685} - System32\Tasks\Microsoft\Windows\DeviceDirectoryClient\HandleWnsCommand
Task: {6B1AE720-1359-4B9E-9C0F-60167361EF01} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyRefreshTask
Task: {6CEC134A-B492-46DB-B491-27D8F402A586} - System32\Tasks\OneDrive Standalone Update Task v2 => %localappdata%\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe
Task: {6D1C0035-5CAD-4340-A533-D63C9853BCC9} - System32\Tasks\Microsoft\Windows\Storage Tiers Management\Storage Tiers Management Initialization
Task: {6E3E65AA-06DD-4BE2-949B-31298BD15E81} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2016-12-07] (HP Inc.)
Task: {6E8AE752-C5D2-4B34-B351-338B4370A342} - System32\Tasks\Microsoft\Windows\DeviceDirectoryClient\HandleCommand
Task: {6FB07287-E12F-497B-A480-12DD4F7868E7} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater - Resources => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-12-06] (HP Inc.)
Task: {7042A166-4524-4418-AA02-61C3019C1993} - System32\Tasks\Microsoft\Windows\ErrorDetails\EnableErrorDetailsUpdate
Task: {752110F1-7D53-4D29-8B9A-3914A46B3D30} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2016-12-07] (HP Inc.)
Task: {76A89855-B5E3-474F-9977-509C47D41EAD} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\Program Files\Windows Defender\\MpCmdRun.exe [2016-07-16] (Microsoft Corporation)
Task: {7AC5E1E2-2FD3-40CD-8842-88CE53A3609C} - System32\Tasks\Microsoft\Windows\DiskFootprint\StorageSense
Task: {8A495B62-940E-4B17-8C01-602978EDF164} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-02] (Microsoft Corporation)
Task: {8D791FAA-0257-4EBC-A6DD-74E842528806} - System32\Tasks\Microsoft\Windows\DeviceDirectoryClient\RegisterDeviceSettingChange
Task: {921E9DE0-7EEA-4678-8E0E-AB03689D83D1} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-10-25] (Google Inc.)
Task: {9851188E-AC07-4F36-BA28-6D00BB2C9C46} - System32\Tasks\Microsoft\Windows\Device Information\Device => C:\Windows\system32\devicecensus.exe [2016-10-15] (Microsoft Corporation)
Task: {9C2325BB-CFAD-497E-B716-087F37A77EE7} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\Program Files\Windows Defender\\MpCmdRun.exe [2016-07-16] (Microsoft Corporation)
Task: {9EC12157-DB5B-4B50-86B9-FD6E15F49282} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2016-12-07] (HP Inc.)
Task: {A2CC1174-A96C-43DC-84AE-76AB7B3B9D0D} - System32\Tasks\G2MUploadTask-S-1-5-21-2565885549-1411879035-1963333558-1001 => C:\Users\admin\AppData\Local\Citrix\GoToMeeting\6140\g2mupload.exe [2016-12-24] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {A396E954-5C0C-4067-B6F1-9EA8CAA736BD} - System32\Tasks\Microsoft\Windows\SpacePort\SpaceManagerTask => C:\Windows\system32\spaceman.exe [2016-09-15] (Microsoft Corporation)
Task: {A7EE1744-6CAE-4FA7-9A82-1D02D7C60A59} - System32\Tasks\Microsoft Office 15 Sync Maintenance for DESKTOP-T7EL38F-admin DESKTOP-T7EL38F => C:\Program Files (x86)\Microsoft Office\Office15\MsoSync.exe [2012-10-02] (Microsoft Corporation)
Task: {AD7321D2-997C-4E81-AE46-4631E6B033A3} - System32\Tasks\Microsoft\Windows\Subscription\EnableLicenseAcquisition => C:\Windows\system32\UpgradeSubscription.exe [2016-07-16] (Microsoft Corporation)
Task: {B320E058-C6FA-413F-876B-0C9B4428AE66} - System32\Tasks\Microsoft\Windows\DeviceDirectoryClient\RegisterDevicePeriodic6
Task: {B6865057-2EF9-4F87-ABEF-5F2B57004BDE} - System32\Tasks\Microsoft\Windows\ErrorDetails\ErrorDetailsUpdate
Task: {B6EE76B2-4F82-4E15-9345-C867A29CBAD0} - System32\Tasks\Microsoft\Windows\Speech\SpeechModelDownloadTask => C:\Windows\system32\speech_onecore\common\SpeechModelDownload.exe [2016-08-05] (Microsoft Corporation)
Task: {BDDEF317-2692-422F-AEA2-FFD67DC7CEA3} - System32\Tasks\Microsoft\Windows\DeviceDirectoryClient\RegisterUserDevice
Task: {C125018F-0B81-4B64-B7DC-0E01220E5D0E} - System32\Tasks\Microsoft\Windows\DeviceDirectoryClient\RegisterDeviceAccountChange
Task: {C6B2579B-4962-4D12-883D-BBD420573A6C} - System32\Tasks\Microsoft\Windows\DeviceDirectoryClient\RegisterDevicePeriodic1
Task: {CC636E49-0109-402B-A40B-A37C29069A95} - System32\Tasks\Microsoft\Windows\DeviceDirectoryClient\LocateCommandUserSession
Task: {CDF482F0-DE14-4F76-85C5-8CC4B4FDB76A} - System32\Tasks\Microsoft\Windows\Management\Provisioning\Logon => C:\Windows\system32\ProvTool.exe [2016-08-20] (Microsoft Corporation)
Task: {CF961092-6299-4995-B695-EEF40AD52190} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-12-06] (HP Inc.)
Task: {D19A2726-897E-4F7D-9CE4-0773B449CE9E} - System32\Tasks\Microsoft\Windows\DeviceDirectoryClient\RegisterDeviceConnectedToNetwork
Task: {D394BE25-2E16-45D4-AAB2-3E8861A09351} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyMonitorToastTask
Task: {D3C4106A-D511-42C6-9716-465644534C87} - System32\Tasks\microsoft\windows\applicationdata\appuriverifierinstall => C:\Windows\system32\AppHostRegistrationVerifier.exe [2016-07-16] (Microsoft Corporation)
Task: {D941F53F-7907-4FBE-B1E7-69EBD5B3A5D8} - System32\Tasks\Microsoft\Windows\DeviceDirectoryClient\RegisterDeviceLocationRightsChange
Task: {DAC2B591-CD3E-4636-8F64-255B6EC3D777} - System32\Tasks\PPI Update 3 => C:\Windows\explorer.exe [2016-11-11] (Microsoft Corporation)
Task: {DDAECFC0-67E3-4062-BF25-CD685F73B394} - System32\Tasks\Microsoft\Windows\DeviceDirectoryClient\IntegrityCheck
Task: {E7B04252-97CA-42C6-9920-F58B76B2C3E1} - System32\Tasks\Microsoft\Windows\DeviceDirectoryClient\RegisterDevicePeriodic24
Task: {EA9BAA00-6604-4A27-8A73-AFA65F0EE1B3} - System32\Tasks\Microsoft\Windows\SharedPC\Account Cleanup => Rundll32.exe %windir%\System32\Windows.SharedPC.AccountManager.dll,StartMaintenance
Task: {ECEDC57D-8965-4EB1-BD6F-84791D928E23} - System32\Tasks\microsoft\windows\applicationdata\appuriverifierdaily => C:\Windows\system32\AppHostRegistrationVerifier.exe [2016-07-16] (Microsoft Corporation)
Task: {F0AA4DF9-4E43-45BE-947F-BC9A1173FEAF} - System32\Tasks\G2MUpdateTask-S-1-5-21-2565885549-1411879035-1963333558-1001 => C:\Users\admin\AppData\Local\Citrix\GoToMeeting\6140\g2mupdate.exe [2016-12-24] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {F1CD7C4B-B30F-44A4-BE7D-787B07B83A3A} - System32\Tasks\Microsoft\Windows\License Manager\TempSignedLicenseExchange
Task: {FCF60FBA-7190-4CA5-BC49-F5F717FE4CF5} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\Program Files\Windows Defender\\MpCmdRun.exe [2016-07-16] (Microsoft Corporation)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\CreateExplorerShellUnelevatedTask.job => C:\Windows\explorer.exe
Task: C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-2565885549-1411879035-1963333558-1001.job => C:\Users\admin\AppData\Local\Citrix\GoToMeeting\6140\g2mupdate.exe
Task: C:\Windows\Tasks\G2MUploadTask-S-1-5-21-2565885549-1411879035-1963333558-1001.job => C:\Users\admin\AppData\Local\Citrix\GoToMeeting\6140\g2mupload.exe
==================== Loaded Modules (Whitelisted) ==============
2016-07-16 17:12 - 2016-07-16 17:12 - 00231424 _____ () C:\Windows\SYSTEM32\ism32k.dll
2016-12-14 10:46 - 2016-12-09 15:59 - 02681200 _____ () C:\Windows\system32\CoreUIComponents.dll
2016-12-23 20:46 - 2016-12-23 20:46 - 00109056 _____ () C:\Program Files (x86)\Gubed_WMI\Gubed_WMI.exe
2017-01-17 13:49 - 2016-12-14 12:55 - 02259232 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\PoliciesControllerImpl.dll
2016-12-14 10:46 - 2016-12-09 15:59 - 02681200 _____ () C:\Windows\SYSTEM32\CoreUIComponents.dll
2016-12-14 09:50 - 2016-12-14 09:50 - 01678560 _____ () C:\Users\admin\AppData\Local\Microsoft\OneDrive\17.3.6720.1207\amd64\ClientTelemetry.dll
2012-10-02 09:04 - 2012-10-02 09:04 - 06522480 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2016-10-13 14:35 - 2016-09-07 10:26 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2017-01-11 10:09 - 2016-12-21 12:39 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2017-01-11 10:08 - 2016-12-21 12:24 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-01-11 10:08 - 2016-12-21 12:18 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-01-11 10:08 - 2016-12-21 12:18 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2017-01-11 10:08 - 2016-12-21 12:18 - 01033216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2017-01-11 10:08 - 2016-12-21 12:18 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2017-01-11 10:08 - 2016-12-21 12:23 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2012-11-27 12:24 - 2012-11-27 12:24 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2016-12-28 19:11 - 2017-01-16 07:08 - 00125952 _____ () c:\program files (x86)\gubed\gubedzl.dll
2016-12-14 09:49 - 2016-12-14 09:49 - 01244376 _____ () C:\Users\admin\AppData\Local\Microsoft\OneDrive\17.3.6720.1207\ClientTelemetry.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\Program Files\WinRAR:Win32App_1
AlternateDataStreams: C:\Program Files (x86)\Intel:Win32App_1
AlternateDataStreams: C:\Program Files (x86)\Microsoft Office:Win32App_1
AlternateDataStreams: C:\Program Files (x86)\Microsoft.NET:Win32App_1
AlternateDataStreams: C:\Program Files (x86)\Mozilla Firefox:Win32App_1
AlternateDataStreams: C:\Program Files (x86)\TeamViewer:Win32App_1
AlternateDataStreams: C:\Program Files\Common Files\microsoft shared:Win32App_1
AlternateDataStreams: C:\Users\admin\AppData\Local\thinkorswim:Win32App_1
AlternateDataStreams: C:\ProgramData\HP:Win32App_1
AlternateDataStreams: C:\ProgramData\HP Photo Creations:Win32App_1
AlternateDataStreams: C:\ProgramData\regid.1991-06.com.microsoft:Win32App_1
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\iai2c.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SpbCx.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\uefi.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{F2E7DD72-6468-4E36-B6F1-6488F42C1B52} => ""="Firmware"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SpbCx.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\uefi.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{F2E7DD72-6468-4E36-B6F1-6488F42C1B52} => ""="Firmware"
==================== EXE Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
IE restricted site: HKU\S-1-5-21-2565885549-1411879035-1963333558-1001\...\amisites.com -> hxxp://www.amisites.com
IE restricted site: HKU\S-1-5-21-2565885549-1411879035-1963333558-1001\...\mylucky123.com -> hxxp://www.mylucky123.com
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-2565885549-1411879035-1963333558-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)

==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [WirelessDisplay-Infra-In-TCP] => (Allow) %systemroot%\system32\CastSrv.exe
FirewallRules: [{156DCF49-7311-4DB8-AF78-F536B1F856C4}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe
FirewallRules: [{D0D5106F-A06E-48EF-975B-5637B143DE37}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe
FirewallRules: [{85CE0C8B-2B0A-4D84-AFC2-698B773413F4}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{E52D9F5E-64AC-48C9-AC2B-D51FC5C581BB}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [TCP Query User{641160A3-5614-4EDE-BA68-E33908E8AA58}C:\sharekhan\tradetigernew\tradetiger.exe] => (Allow) C:\sharekhan\tradetigernew\tradetiger.exe
FirewallRules: [UDP Query User{AEB85F57-433F-4D8C-A6FA-BAF7AF7BF6A9}C:\sharekhan\tradetigernew\tradetiger.exe] => (Allow) C:\sharekhan\tradetigernew\tradetiger.exe
FirewallRules: [TCP Query User{5A49CAF0-1716-4ACC-B54F-5F68B4B8960A}C:\users\admin\appdata\local\temp\rar$exa0.570\nest3\nesttrader - exe.exe] => (Allow) C:\users\admin\appdata\local\temp\rar$exa0.570\nest3\nesttrader - exe.exe
FirewallRules: [UDP Query User{E4478638-05A7-495B-B553-5CD40E0085BE}C:\users\admin\appdata\local\temp\rar$exa0.570\nest3\nesttrader - exe.exe] => (Allow) C:\users\admin\appdata\local\temp\rar$exa0.570\nest3\nesttrader - exe.exe
FirewallRules: [{BFF1A77C-2A10-4005-80A4-F192A299B5C4}] => (Allow) C:\Program Files (x86)\Firefox\bin\FirefoxUpdate.exe
FirewallRules: [{F3B968C9-0FC4-4C89-9A17-B97AAD821A53}] => (Allow) C:\Program Files (x86)\Firefox\Firefox.exe
FirewallRules: [{5309090C-472A-48A4-A9F6-0D7EE1A2BD69}] => (Allow) C:\Program Files (x86)\Nolarry\Application\chrome.exe
FirewallRules: [TCP Query User{64DC529D-4EBA-4BDC-AE0F-7D71D339CE6E}C:\program files (x86)\omnesys\nest3\nesttrader.exe] => (Allow) C:\program files (x86)\omnesys\nest3\nesttrader.exe
FirewallRules: [UDP Query User{F2BC802B-B79C-4674-A645-605724CF1EDF}C:\program files (x86)\omnesys\nest3\nesttrader.exe] => (Allow) C:\program files (x86)\omnesys\nest3\nesttrader.exe
FirewallRules: [{D9FB1746-9E61-41CA-94AA-EA319193F635}] => (Allow) C:\Program Files\HP\HP Deskjet 3540 series\Bin\DeviceSetup.exe
FirewallRules: [{08533AC7-5C33-4620-85D8-AECE46BF336B}] => (Allow) LPort=5357
FirewallRules: [{927AABD9-AA4D-411C-970D-86A9EC12FF93}] => (Allow) C:\Program Files\HP\HP Deskjet 3540 series\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{651F4C46-57DA-451D-9C43-C05F430C40F4}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{8EE0F08D-F17B-4932-9AE6-93932F0E95C8}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{EA6FD83C-9B0B-4E1A-8AC2-14E5EC2A213E}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{27C80270-56E3-4B21-B29E-5EFB9250A158}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{39F1F75A-7663-4BAB-BD3F-6D81BBBFC574}] => (Allow) C:\Users\admin\AppData\Local\Temp\ShowMyPC\-ShowMyPC3500\SMPCSetup.exe
FirewallRules: [{02F69BA4-D4EE-4B6C-B5DE-7F06E15B2515}] => (Allow) C:\Users\admin\AppData\Local\Temp\ShowMyPC\-ShowMyPC3500\tvnserver.exe
==================== Faulty Device Manager Devices =============
Name: Intel(R) HD Graphics
Description: Intel(R) HD Graphics
Class Guid: {4d36e968-e325-11ce-bfc1-08002be10318}
Manufacturer: Intel Corporation
Service: igfx
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver
Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

==================== Event log errors: =========================
Application errors:
==================
Error: (01/18/2017 10:46:56 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xC004F074
Command-line arguments:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=NetworkAvailable
Error: (01/18/2017 10:23:14 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xC004F074
Command-line arguments:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=UserLogon;SessionId=1
Error: (01/18/2017 10:22:49 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0x8007139F
Command-line arguments:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=NetworkAvailable
Error: (01/17/2017 10:03:44 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: microsoftedgecp.exe, version: 11.0.14393.82, time stamp: 0x57a55786
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000604
Fault offset: 0x0000000000000000
Faulting process id: 0x1a8c
Faulting application start time: 0xmicrosoftedgecp.exe0
Faulting application path: microsoftedgecp.exe1
Faulting module path: microsoftedgecp.exe2
Report Id: microsoftedgecp.exe3
Faulting package full name: microsoftedgecp.exe4
Faulting package-relative application ID: microsoftedgecp.exe5
Error: (01/17/2017 09:58:19 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xC004F074
Command-line arguments:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=UserLogon;SessionId=1
Error: (01/17/2017 09:57:43 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0x8007139F
Command-line arguments:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=NetworkAvailable
Error: (01/17/2017 08:14:11 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xC004F074
Command-line arguments:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=NetworkAvailable
Error: (01/17/2017 08:14:07 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xC004F074
Command-line arguments:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=NetworkAvailable
Error: (01/17/2017 07:10:22 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: BITSC:\Windows\System32\bitsperf.dll8
Error: (01/17/2017 07:06:21 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xC004F074
Command-line arguments:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=UserLogon;SessionId=1

System errors:
=============
Error: (01/18/2017 10:47:39 AM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-T7EL38F)
Description: application-specificLocalActivation{9E175B6D-F52A-11D8-B9A5-505054503030}{9E175B9C-F52A-11D8-B9A5-505054503030}DESKTOP-T7EL38FadminS-1-5-21-2565885549-1411879035-1963333558-1001LocalHost (Using LRPC)Microsoft.MicrosoftEdge_38.14393.0.0_neutral__8wekyb3d8bbweS-1-15-2-3624051433-2125758914-1423191267-1740899205-1073925389-3782572162-737981194
Error: (01/18/2017 10:44:50 AM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 4
Error: (01/18/2017 10:44:46 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable
Error: (01/18/2017 10:24:52 AM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-T7EL38F)
Description: application-specificLocalActivation{9E175B6D-F52A-11D8-B9A5-505054503030}{9E175B9C-F52A-11D8-B9A5-505054503030}DESKTOP-T7EL38FadminS-1-5-21-2565885549-1411879035-1963333558-1001LocalHost (Using LRPC)Microsoft.MicrosoftEdge_38.14393.0.0_neutral__8wekyb3d8bbweS-1-15-2-3624051433-2125758914-1423191267-1740899205-1073925389-3782572162-737981194
Error: (01/18/2017 10:24:36 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Update Service(FirefoxU) service failed to start due to the following error:
%%225
Error: (01/18/2017 10:24:34 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The ed2k idle service service failed to start due to the following error:
%%2
Error: (01/18/2017 10:23:09 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable
Error: (01/18/2017 10:23:09 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable
Error: (01/18/2017 10:23:06 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}{F72671A9-012C-4725-9D2F-2A4D32D65169}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable
Error: (01/17/2017 10:20:39 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable

CodeIntegrity:
===================================
  Date: 2017-01-17 11:38:11.816
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
  Date: 2017-01-11 13:32:34.857
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
  Date: 2017-01-10 12:14:16.518
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
  Date: 2017-01-09 11:14:45.464
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
  Date: 2017-01-08 19:07:37.096
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
  Date: 2017-01-07 11:29:45.405
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements.
  Date: 2017-01-07 11:12:02.986
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements.
  Date: 2017-01-07 10:16:03.518
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements.
  Date: 2017-01-06 12:02:21.599
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements.
  Date: 2017-01-04 22:33:58.584
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements.

==================== Memory info ===========================
Processor: Intel(R) Core(TM) i3 CPU M 380 @ 2.53GHz
Percentage of memory in use: 52%
Total physical RAM: 2934.68 MB
Available physical RAM: 1396.26 MB
Total Virtual: 4278.68 MB
Available Virtual: 2659.27 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:74.65 GB) (Free:43.01 GB) NTFS
Drive e: () (Fixed) (Total:195.31 GB) (Free:187.89 GB) NTFS
Drive f: () (Fixed) (Total:195.31 GB) (Free:138.56 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 4CDCDF4B)
Partition 1: (Active) - (Size=500 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=74.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=195.3 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=195.3 GB) - (Type=07 NTFS)
==================== End of Addition.txt ============================
 
 

LastRegBack: 2017-01-10 12:13
==================== End of FRST.txt ============================

Addition_18-01-2017_11-00-00.txt

FRST_18-01-2017_11-00-00.txt

Link to post
Share on other sites

Thanks for those logs, continue as follows:

Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into. "Do not open that file"
NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

Open FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.

Next,

Open Malwarebytes, select > "settings" > "protection tab"

Scroll down to "Scan Options" ensure Scan for Rootkits and Scan within Archives are both on....

Go back to "DashBoard" select the Blue "Scan Now" tab......

When the scan completes deal with any found entries... Then select "Export Summary" then "Text File (*.txt)" name that log and save , you can copy or attach that to your reply...

Next,

Download AdwCleaner by Xplode onto your Desktop.
 
  • Double click on Adwcleaner.exe to run the tool.
  • Click on the Scan in the Actions box
  • Please wait fot the scan to finish..
  • When "Waiting for action.Please uncheck elements you want to keep" shows in top line..
  • Click on the Cleaning box.
  • Next click OK on the "Closing Programs" pop up box.
  • Click OK on the Information box & again OK to allow the necessary reboot
  • After restart the AdwCleaner(C*)-Notepad log will appear, please copy/paste it in your next reply. Where * is the number relative to list of scans completed...


Next,

Download and save ESET Online scanner to your Desktop from the following Link:

http:/download.eset.com/special/eos/esetonlinescanner_enu.exe

Turn off the real-time scanner of any existing antivirus program before performing the online scan. Here's how

Right click on user posted image and select "Run as Administrator"

In the new Window accept the terms of service

user posted image

In the new Window select "Enable detection of potentially unwanted applictions" then expand "Advanced Settings"

user posted image

In the new Window checkmark (tick) the entries as shown, make sure "Clean threats automatically" is not checkmarked. Now select "Scan"

user posted image

In the new Window new virus database signatures will download, Do Not Select Stop

user posted image

The Window will progress showing the scan in action....

user posted image

In the new Window if no threats are found, select "Delete applications data on close" then select "Finish" no log is produced, confirm that in your reply...

user posted image

If threats are found the following Window will open:

user posted image

Click on "Select All" then "Save to Text file" name and save that file, attach to your reply.

Now select "Do not clean" and then close out....

Let me see those logs in your reply, also give an update on any remaining issues or concerns...

Thank you,

Kevin....

 

fixlist.txt

Link to post
Share on other sites

  • 2 weeks later...
  • Root Admin

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.