Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Computer is very slow probably infected [Solved]

Started by Beshoff , Aug 14 2015 09:02 AM

  • This topic is locked This topic is locked

#1
Beshoff
Posted 14 August 2015 - 09:02 AM

Beshoff

    Member

  • Member
  • PipPip
  • 31 posts

Hi Geeks - its been about 2 years since I last requested help but my laptop has become extremely slow of late. Especially when the system is reawoken internet pages take ages to load and sometimes crash altogether. I use both Mozilla and IE, my Avast Anti-Virus is up to date.

 

Not only is the Internet slow but general navigayion to my files is very slow also.

 

Could tou take a look at my Farbar logs and tell me what I need to do next. Your help is always greatly appreciated.Attached File  Addition.txt   42.74KB   234 downloads 

Attached Files

  • Attached File  FRST.txt   32.28KB   256 downloads

  • 0

Advertisements

#2
Beshoff
Posted 14 August 2015 - 09:18 AM

Beshoff

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts

I attached the logs but here it is copied and pasted in case i should of not done that.

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:13-08-2015
Ran by Nazeer (administrator) on BLUE (14-08-2015 15:33:02)
Running from C:\Users\Nazeer\Downloads
Loaded Profiles: Nazeer (Available Profiles: Nazeer & Guest)
Platform: Windows 8.1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\AllShareDMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Alcor Micro Corp.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
(Qualcomm Atheros) C:\Program Files (x86)\Bluetooth Suite\BtTray.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDIntelligent.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
(Vimicro) C:\Program Files (x86)\USB Camera2\VM332STI.EXE
(Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe
(Syntek Ltd.) C:\Windows\STK02N\STK02NM.exe
(CyberLink) C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe
(Logitech Inc.) C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\AllShare\AllShareAgent.exe
() C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
(Lenovo) C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
() C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\WinStore\WSHost.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.11.149\SSScheduler.exe
(Microsoft Corporation) C:\Program Files (x86)\Windows Media Player\setup_wm.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_232.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_232.exe
(Microsoft Corporation) C:\Windows\SysWOW64\backgroundTaskHost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12921488 2012-07-02] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1212560 2012-06-13] (Realtek Semiconductor)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2874256 2012-12-10] (ELAN Microelectronics Corp.)
HKLM\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [366720 2012-06-26] (Alcor Micro Corp.)
HKLM\...\Run: [BtTray] => C:\Program Files (x86)\Bluetooth Suite\BtTray.exe [764544 2012-09-14] (Qualcomm Atheros)
HKLM\...\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [127616 2012-09-14] (Qualcomm Atheros Commnucations)
HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [17079376 2013-02-21] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [191568 2013-02-21] (Lenovo(beijing) Limited)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [557768 2014-10-14] (Adobe Systems Incorporated)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-04-07] (Apple Inc.)
HKLM-x32\...\Run: [332BigDog] => C:\Program Files (x86)\USB Camera2\VM332STI.EXE [548864 2012-03-20] (Vimicro)
HKLM-x32\...\Run: [Dolby Advanced Audio v2] => C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe [508256 2012-04-23] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [YouCam Mirage] => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [139792 2012-11-08] (CyberLink)
HKLM-x32\...\Run: [YouCam Tray] => C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe [168464 2012-11-08] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateP2GShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [217088 2012-04-19] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe [91432 2012-03-29] (CyberLink Corp.)
HKLM-x32\...\Run: [mcui_exe] => "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
HKLM-x32\...\Run: [Intel AppUp(SM) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-07-12] (Intel Corporation)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-03-20] (Apple Inc.)
HKLM-x32\...\Run: [AdobeCEPServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe [1039248 2013-03-13] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [LWS] => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [204136 2012-09-13] (Logitech Inc.)
HKLM-x32\...\Run: [mobilegeni daemon] => C:\Program Files (x86)\Mobogenie\DaemonProcess.exe
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5515496 2015-05-11] (Avast Software s.r.o.)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2694320 2014-10-15] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AllShareAgent] => C:\Program Files (x86)\Samsung\AllShare\AllShareAgent.exe [285072 2012-03-02] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM-x32\...\RunOnce: [20150107] => C:\Program Files\AVAST Software\Avast\setup\emupdate\dc94b0f7-e682-4c77-960d-193aebf308a4.exe [183232 2015-07-24] (AVAST Software)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-262198327-598105851-806630370-1001\...\Run: [OfficeSyncProcess] => C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE [720064 2015-03-18] (Microsoft Corporation)
HKU\S-1-5-21-262198327-598105851-806630370-1001\...\Run: [uTorrent] => C:\Users\Nazeer\AppData\Roaming\uTorrent\uTorrent.exe [1693024 2015-07-26] (BitTorrent Inc.)
HKU\S-1-5-21-262198327-598105851-806630370-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2015-04-26] (Apple Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2014-07-18]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.149\SSScheduler.exe (McAfee, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\STK02N 2.3 PNP Monitor.lnk [2013-09-01]
ShortcutTarget: STK02N 2.3 PNP Monitor.lnk -> C:\Windows\STK02N\STK02NM.exe (Syntek Ltd.)
Startup: C:\Users\Nazeer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk [2013-06-30]
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2014-09-26] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2014-09-26] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2014-09-26] ()
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-05-02] (Avast Software s.r.o.)
ShellIconOverlayIdentifiers: [SugarSyncBackedUp] -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll [2012-05-14] (SugarSync, Inc.)
ShellIconOverlayIdentifiers: [SugarSyncPending] -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll [2012-05-14] (SugarSync, Inc.)
ShellIconOverlayIdentifiers: [SugarSyncRoot] -> {A759AFF6-5851-457D-A540-F4ECED148351} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll [2012-05-14] (SugarSync, Inc.)
ShellIconOverlayIdentifiers: [SugarSyncShared] -> {1574C9EF-7D58-488F-B358-8B78C1538F51} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll [2012-05-14] (SugarSync, Inc.)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKU\S-1-5-21-262198327-598105851-806630370-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com
SearchScopes: HKU\S-1-5-21-262198327-598105851-806630370-1001 -> DefaultScope {8E200560-9068-465E-9ABE-7039DC777330} URL = hxxps://uk.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=282369&p={searchTerms}
SearchScopes: HKU\S-1-5-21-262198327-598105851-806630370-1001 -> {2B6A75B4-A1F2-4F8C-BE54-0442A1A44F2A} URL = hxxp://wzeu.ask.com/r?t=v&d=eu&s=uk&l=dir&u=hxxp://uk.ask.com/web?q={searchTerms}&iesrc={referrer:source?}&qsrc=3032&l=dir&o=379
SearchScopes: HKU\S-1-5-21-262198327-598105851-806630370-1001 -> {8E200560-9068-465E-9ABE-7039DC777330} URL = hxxps://uk.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=282369&p={searchTerms}
SearchScopes: HKU\S-1-5-21-262198327-598105851-806630370-1001 -> {E5A29759-D79E-4544-9BEE-D59ED3178D74} URL =
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll [2012-09-14] (Qualcomm Atheros Commnucations)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
Toolbar: HKLM - avast! WebRep - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
DPF: HKLM-x32 {4FF78044-96B4-4312-A5B7-FDA3CB328095}
Hosts: 0.0.0.1    mssplus.mcafee.com
Tcpip\Parameters: [DhcpNameServer] 194.168.4.100 194.168.8.100
Tcpip\..\Interfaces\{AE0964BE-F700-4E1C-B3D2-8EA7E9D92462}: [DhcpNameServer] 194.168.4.100 194.168.8.100

FireFox:
========
FF ProfilePath: C:\Users\Nazeer\AppData\Roaming\Mozilla\Firefox\Profiles\lcz9de7b.default
FF Keyword.URL: https://uk.search.ya...&type=282369&p=
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_18_0_0_232.dll [2015-08-11] ()
FF Plugin: @mcafee.com/MSC,version=10 -> C:\Program Files\mcafee\msc\npMcSnFFPl64.dll [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [No File]
FF Plugin: adobe.com/AdobeAAMDetect_x86_64 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2014-10-15] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_232.dll [2015-08-11] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @exent.com/npExentControl,version=7.1.0.1 -> C:\Program Files (x86)\FreeRide Games\npExentControl.dll [2010-10-19] (Exent Technologies Ltd.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> C:\Program Files (x86)\McAfee\msc\npMcSnFFPl.dll [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Pro 8\npnitromozilla.dll [2012-11-19] (Nitro PDF)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2014-10-15] (Adobe Systems)
FF user.js: detected! => C:\Users\Nazeer\AppData\Roaming\Mozilla\Firefox\Profiles\lcz9de7b.default\user.js [2014-12-29]
FF SearchPlugin: C:\Users\Nazeer\AppData\Roaming\Mozilla\Firefox\Profiles\lcz9de7b.default\searchplugins\askcom.xml [2014-10-27]
FF SearchPlugin: C:\Users\Nazeer\AppData\Roaming\Mozilla\Firefox\Profiles\lcz9de7b.default\searchplugins\google-default.xml [2014-10-27]
FF SearchPlugin: C:\Users\Nazeer\AppData\Roaming\Mozilla\Firefox\Profiles\lcz9de7b.default\searchplugins\online-tv.xml [2014-10-27]
FF SearchPlugin: C:\Users\Nazeer\AppData\Roaming\Mozilla\Firefox\Profiles\lcz9de7b.default\searchplugins\thepiratebayorg.xml [2014-10-27]
FF SearchPlugin: C:\Users\Nazeer\AppData\Roaming\Mozilla\Firefox\Profiles\lcz9de7b.default\searchplugins\youtube.xml [2014-10-27]
FF Extension: ColorfulTabs - C:\Users\Nazeer\AppData\Roaming\Mozilla\Firefox\Profiles\lcz9de7b.default\Extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe} [2015-07-21]
FF Extension: Add to Amazon Wish List Button - C:\Users\Nazeer\AppData\Roaming\Mozilla\Firefox\Profiles\lcz9de7b.default\Extensions\[email protected] [2014-11-30]
FF Extension: Session Manager - C:\Users\Nazeer\AppData\Roaming\Mozilla\Firefox\Profiles\lcz9de7b.default\Extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}.xpi [2014-11-24]
FF Extension: Adblock Plus - C:\Users\Nazeer\AppData\Roaming\Mozilla\Firefox\Profiles\lcz9de7b.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-11-24]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-08-18]
FF HKLM-x32\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\McAfee\MSK

Chrome:
=======
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.76\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.76\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.76\pdf.dll No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (AdobeAAMDetect) - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll No File
CHR Plugin: (Exent® AOD Gecko Plugin) - C:\Program Files (x86)\FreeRide Games\npExentControl.dll (Exent Technologies Ltd.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Plugin: (Nitro PDF plugin for Firefox and Chrome) - C:\Program Files (x86)\Nitro\Pro 8\npnitromozilla.dll (Nitro PDF)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Shockwave Flash) - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll No File
CHR Plugin: (McAfee SecurityCenter) - c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL No File
CHR Profile: C:\Users\Nazeer\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Docs) - C:\Users\Nazeer\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-09-29]
CHR Extension: (Google Drive) - C:\Users\Nazeer\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-09-29]
CHR Extension: (YouTube) - C:\Users\Nazeer\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-09-29]
CHR Extension: (Google Search) - C:\Users\Nazeer\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-09-29]
CHR Extension: (Chrome In-App Payments service) - C:\Users\Nazeer\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-29]
CHR Extension: (Gmail) - C:\Users\Nazeer\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-09-29]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswwebrepchrome-sp.crx [2014-08-08]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-03-21]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.)
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [216192 2012-09-14] (Qualcomm Atheros Commnucations) [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-05-02] (Avast Software s.r.o.)
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-11-21] (Microsoft Corporation)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [128896 2012-07-17] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation)
S3 LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [272776 2014-10-16] ()
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.149\McCHSvc.exe [289256 2015-06-26] (McAfee, Inc.)
R2 NitroDriverReadSpool8; C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe [230408 2012-11-19] (Nitro PDF Software)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-04] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-04] (Microsoft Corporation)
R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2012-09-14] (Atheros) [File not signed]
S3 AvastVBoxSvc; "C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe" [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [28656 2015-08-11] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [28144 2015-08-11] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [90968 2015-08-11] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-08-11] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65224 2015-08-11] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1048856 2015-08-11] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [447944 2015-08-11] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [150672 2015-08-11] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [274808 2015-08-11] (AVAST Software)
R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [76952 2012-09-14] (Qualcomm Atheros)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-11-21] (Microsoft Corporation)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [196440 2012-04-20] (McAfee, Inc.)
S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [106552 2013-02-19] (McAfee, Inc.)
S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-14] ("CyberLink)
R2 X5XSEx_Pr148; C:\Program Files (x86)\FreeRide Games\X5XSEx_Pr148.Sys [56136 2012-08-03] (Exent Technologies Ltd.)
S2 VBoxAswDrv; \??\C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-08-14 15:34 - 2015-08-14 15:34 - 00001159 _____ C:\Users\Nazeer\Desktop\FRST64 - Shortcut.lnk
2015-08-14 15:33 - 2015-08-14 15:35 - 00026908 _____ C:\Users\Nazeer\Downloads\FRST.txt
2015-08-14 15:31 - 2015-08-14 15:33 - 00000000 ____D C:\FRST
2015-08-14 15:30 - 2015-08-14 15:30 - 02173952 _____ (Farbar) C:\Users\Nazeer\Downloads\FRST64.exe
2015-08-11 22:28 - 2015-06-26 17:49 - 00442264 _____ (Avast Software s.r.o.) C:\WINDOWS\system32\Drivers\aswD0F6.tmp
2015-08-11 22:28 - 2015-05-02 05:49 - 01047320 _____ (Avast Software s.r.o.) C:\WINDOWS\system32\Drivers\aswCFB9.tmp
2015-08-11 22:28 - 2015-05-02 05:49 - 00272248 _____ C:\WINDOWS\system32\Drivers\aswD107.tmp
2015-08-11 22:28 - 2015-05-02 05:49 - 00137288 _____ (Avast Software s.r.o.) C:\WINDOWS\system32\Drivers\aswD117.tmp
2015-08-11 22:28 - 2015-05-02 05:49 - 00093528 _____ (Avast Software s.r.o.) C:\WINDOWS\system32\Drivers\aswD094.tmp
2015-08-11 22:28 - 2015-05-02 05:49 - 00089944 _____ (Avast Software s.r.o.) C:\WINDOWS\system32\Drivers\aswD0A6.tmp
2015-08-11 22:28 - 2015-05-02 05:49 - 00065736 _____ C:\WINDOWS\system32\Drivers\aswD0E5.tmp
2015-08-11 22:28 - 2015-05-02 05:49 - 00029168 _____ C:\WINDOWS\system32\Drivers\aswD095.tmp
2015-08-11 22:28 - 2015-05-02 05:49 - 00028144 _____ (Avast Software s.r.o.) C:\WINDOWS\system32\Drivers\aswCF1B.tmp
2015-08-11 22:27 - 2015-08-11 22:27 - 00378880 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2015-08-11 22:27 - 2015-08-11 22:27 - 00043112 _____ (AVAST Software) C:\WINDOWS\avastSS.scr
2015-07-21 06:33 - 2015-07-21 06:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
2015-07-21 06:33 - 2015-07-21 06:33 - 00000000 ____D C:\Program Files\McAfee Security Scan
2015-07-16 05:18 - 2015-08-11 22:18 - 09284296 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerInstaller.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-08-14 15:19 - 2013-06-26 17:47 - 00003592 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-262198327-598105851-806630370-1001
2015-08-14 15:18 - 2015-01-25 11:58 - 00003914 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{B47E447B-32D3-4BB8-A2D7-24F785BC8416}
2015-08-14 15:18 - 2013-09-10 22:14 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-08-14 15:05 - 2013-08-22 15:46 - 00366010 _____ C:\WINDOWS\setupact.log
2015-08-14 15:03 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\system32\sru
2015-08-14 15:02 - 2013-07-18 10:55 - 00000000 _____ C:\WINDOWS\system32\Drivers\lvuvc.hs
2015-08-12 21:41 - 2015-01-24 17:07 - 01544806 _____ C:\WINDOWS\WindowsUpdate.log
2015-08-11 22:28 - 2013-08-18 00:37 - 00003924 _____ C:\WINDOWS\System32\Tasks\avast! Emergency Update
2015-08-11 22:27 - 2014-05-28 15:21 - 00028656 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys
2015-08-11 22:27 - 2014-01-05 23:08 - 00150672 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
2015-08-11 22:27 - 2014-01-05 23:06 - 00274808 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
2015-08-11 22:27 - 2014-01-05 23:06 - 00065224 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2015-08-11 22:27 - 2013-08-18 00:38 - 00447944 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2015-08-11 22:27 - 2013-08-18 00:37 - 01048856 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2015-08-11 22:27 - 2013-08-18 00:37 - 00093528 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2015-08-11 22:27 - 2013-08-18 00:37 - 00090968 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2015-08-11 22:27 - 2013-08-18 00:37 - 00028144 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswKbd.sys
2015-08-11 22:19 - 2013-09-10 22:14 - 00003718 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2015-07-29 18:46 - 2014-02-05 00:28 - 00000000 ____D C:\Users\Nazeer\Documents\Cars
2015-07-28 04:28 - 2013-06-26 21:53 - 00000000 ____D C:\Users\Nazeer\AppData\Roaming\uTorrent
2015-07-21 06:33 - 2014-07-18 13:35 - 00001959 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2015-07-21 06:33 - 2014-07-18 13:35 - 00000000 ____D C:\ProgramData\McAfee Security Scan

==================== Files in the root of some directories =======

2014-01-05 17:47 - 2014-01-05 17:47 - 0000112 _____ () C:\Users\Nazeer\AppData\Roaming\WB.CFG
2014-01-05 17:47 - 2014-01-05 17:47 - 0000005 _____ () C:\Users\Nazeer\AppData\Roaming\WBPU-TTL.DAT
2013-02-21 15:08 - 2013-02-21 15:08 - 0000000 _____ () C:\ProgramData\DP45977C.lfl

Some files in TEMP:
====================
C:\Users\Nazeer\AppData\Local\Temp\g3dttuhj.dll
C:\Users\Nazeer\AppData\Local\Temp\_unps.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-07-21 06:54

==================== End of log ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version:13-08-2015
Ran by Nazeer (2015-08-14 15:35:15)
Running from C:\Users\Nazeer\Downloads
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-262198327-598105851-806630370-500 - Administrator - Disabled)
Guest (S-1-5-21-262198327-598105851-806630370-501 - Limited - Enabled) => C:\Users\Guest
HomeGroupUser$ (S-1-5-21-262198327-598105851-806630370-1005 - Limited - Enabled)
Nazeer (S-1-5-21-262198327-598105851-806630370-1001 - Administrator - Enabled) => C:\Users\Nazeer

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-262198327-598105851-806630370-1001\...\uTorrent) (Version: 3.4.3.40760 - BitTorrent Inc.)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 15.0.0.249 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 2.8.1.451 - Adobe Systems Incorporated)
Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.232 - Adobe Systems Incorporated)
Adobe Photoshop CC (HKLM-x32\...\{2D99B50E-431D-4AA8-85C1-172A6F8BCF09}) (Version: 14.0 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.11) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.11 - Adobe Systems Incorporated)
Alcor Micro USB Card Reader (HKLM-x32\...\AmUStor) (Version: 3.8.42.71502 - Alcor Micro Corp.)
Alcor Micro USB Card Reader (x32 Version: 3.8.42.71502 - Alcor Micro Corp.) Hidden
Amazon Browser App (HKLM-x32\...\{0A7D6F3C-F2AB-48ED-BE23-99791BFF87D6}) (Version: 1.0.0.0 - Amazon) <==== ATTENTION
Apple Application Support (32-bit) (HKLM-x32\...\{AFA1153A-F547-409B-B837-3A0D6C5A3FEC}) (Version: 3.1.3 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{D7B824DE-DA32-4772-9E5E-39C5158136A7}) (Version: 3.1.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{C4123106-B685-48E6-B9BD-E4F911841EB4}) (Version: 8.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.4 - Atheros Communications Inc.)
Avast Internet Security (HKLM-x32\...\avast) (Version: 10.3.2225 - AVAST Software)
AVGO Free Video Converter 1.03.1 (HKLM-x32\...\AVGO Free Video Converter_is1) (Version:  - AVGO, Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CameraHelperMsi (x32 Version: 13.51.815.0 - Logitech) Hidden
Dolby Advanced Audio v2 (HKLM-x32\...\{B9E70C7A-9F85-4A39-A4A3-BFA3C3BF7613}) (Version: 7.2.8000.13 - Dolby Laboratories Inc)
Energy Management (HKLM-x32\...\InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}) (Version: 8.0.2.3 - Lenovo)
Energy Management (x32 Version: 8.0.2.3 - Lenovo) Hidden
erLT (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
FreeRide Games (HKLM-x32\...\{6C26A305-4549-4A8A-9F03-25719C03B0FB}) (Version: 07.05.80.00 - Exent Technologies)
iCloud (HKLM\...\{709A2D23-C25E-47B5-9268-CB6FEE648504}) (Version: 4.1.1.53 - Apple Inc.)
Intel AppUp(SM) center (HKLM-x32\...\Intel AppUp(SM) center 33057) (Version: 3.6.1.33057.10 - Intel)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.3347 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.5.0.1207 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
iTunes (HKLM\...\{93F2A022-6C37-48B8-B241-FFABD9F60C30}) (Version: 12.1.2.27 - Apple Inc.)
Lenovo EasyCamera (HKLM-x32\...\{ADE16A9D-FBDC-4ecc-B6BD-9C31E51D0333}) (Version: 1.12.824.1 - Vimicro)
Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.0.0.0710 - CyberLink Corp.)
Lenovo OneKey Recovery (Version: 8.0.0.0710 - CyberLink Corp.) Hidden
Lenovo pointing device (HKLM\...\Elantech) (Version: 11.4.11.7 - ELAN Microelectronic Corp.)
Lenovo PowerDVD10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.4310.52 - CyberLink Corp.)
Lenovo PowerDVD10 (x32 Version: 10.0.4310.52 - CyberLink Corp.) Hidden
Lenovo Solution Center (HKLM\...\{4C2B6F96-3AED-4E3F-8DCE-917863D1E6B1}) (Version: 2.7.003.00 - Lenovo Group Limited)
Lenovo YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 4.1.3423 - CyberLink Corp.)
Lenovo YouCam (x32 Version: 4.1.3423 - CyberLink Corp.) Hidden
Logitech Webcam Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.80 - Logitech Inc.)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.11.149.2 - McAfee, Inc.)
Microsoft Office (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.6120.5004 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 37.0.1 (x86 en-GB) (HKLM-x32\...\Mozilla Firefox 37.0.1 (x86 en-GB)) (Version: 37.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 33.1.1 - Mozilla)
Mozilla Thunderbird 31.7.0 (x86 en-GB) (HKLM-x32\...\Mozilla Thunderbird 31.7.0 (x86 en-GB)) (Version: 31.7.0 - Mozilla)
Nitro Pro 8 (HKLM\...\{FEB91DE4-3B51-4CB2-9CC4-E14577A85976}) (Version: 8.0.7.3 - Nitro)
PDF Settings CC (x32 Version: 12.0 - Adobe Systems Incorporated) Hidden
PodTrans 3.6.6 (HKLM-x32\...\{16EF54EF-8F6F-40DA-9A82-B0DF8F38957F}}_is1) (Version: 3.6.6 - iMobie Inc.)
PokerStars (HKLM-x32\...\PokerStars) (Version:  - PokerStars)
PokerStars.uk (HKLM-x32\...\PokerStars.uk) (Version:  - PokerStars.uk)
Power2Go (HKLM-x32\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 5.6.0.9109 - CyberLink Corp.)
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.209 - Qualcomm Atheros Communications)
Qualcomm Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm Atheros)
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6675 - Realtek Semiconductor Corp.)
Samsung AllShare (HKLM-x32\...\InstallShield_{DF47ACA3-7C78-4C08-8007-AC682563C9F1}) (Version: 2.1.0.12031_10 - Samsung Electronics Co., Ltd.)
Samsung AllShare (x32 Version: 2.1.0.12031_10 - Samsung Electronics Co., Ltd.) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
STK02N 2.3 (HKLM-x32\...\{E42E07F5-5A90-4BA9-B55A-79FCF9EAF9B5}) (Version: 2.3 - Syntek)
SugarSync Manager (HKLM-x32\...\SugarSync) (Version: 1.9.61.90905 - SugarSync, Inc.)
Update for Zip Extractor (HKU\S-1-5-21-262198327-598105851-806630370-1001\...\Digital Sites) (Version:  - Update for Zip Extractor) <==== ATTENTION
UserGuide (HKLM-x32\...\InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 1.0.0.9 - Lenovo)
UserGuide (x32 Version: 1.0.0.9 - Lenovo) Hidden
Windows Driver Package - Lenovo (ACPIVPC) System  (06/15/2012 8.1.0.1) (HKLM\...\71BC3FD63F450BA0A957AAECBDB4A000C4F2BE42) (Version: 06/15/2012 8.1.0.1 - Lenovo)
Windows Driver Package - Lenovo (WUDFRd) LenovoVhid  (06/19/2012 10.13.29.733) (HKLM\...\8A223E56FB1ED4F697B54E5BF96F1EB63B512684) (Version: 06/19/2012 10.13.29.733 - Lenovo)
Zip Extractor Packages (HKU\S-1-5-21-262198327-598105851-806630370-1001\...\Zip Extractor Packages) (Version:  - ) <==== ATTENTION

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Restore Points =========================

02-07-2015 23:19:30 Windows Update
10-07-2015 06:51:06 Scheduled Checkpoint
19-07-2015 18:17:48 Scheduled Checkpoint
11-08-2015 22:24:24 avast! antivirus system restore point

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 14:25 - 2015-07-21 06:33 - 00000854 ____A C:\WINDOWS\system32\Drivers\etc\hosts
0.0.0.1    mssplus.mcafee.com

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {2261BFE7-8E77-4B01-8CA9-AFD676964BCC} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-06-12] (Adobe Systems Incorporated)
Task: {257AF243-EA68-484B-8F86-1EBBE65AA7BF} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-08-11] (Adobe Systems Incorporated)
Task: {2D2F404E-7062-4440-A3D3-D3BFA1FB6902} - System32\Tasks\Apple Diagnostics => C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe [2015-04-26] (Apple Inc.)
Task: {3CD86AFA-8427-4C59-A165-421655EBA21E} - System32\Tasks\OFFICE2010ACT => C:\ProgramData\Microsoft\Windows\OFFICEICON.vbs [2012-03-08] ()
Task: {3F0DFC9E-48F2-4E4C-B263-DF31E437491A} - System32\Tasks\Lenovo\LSC\LSCTaskService => C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCTaskService.exe [2014-10-16] ()
Task: {4A53DE0C-7080-4A66-914E-95450ADFD296} - System32\Tasks\Lenovo\Lenovo Solution Center Launcher => C:\Program Files\lenovo\lenovo solution center\App\LSCService.exe [2014-10-16] (Lenovo)
Task: {6A694A02-51FD-4CF2-B2E9-7709FE13BD77} - System32\Tasks\[email protected] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2014-10-14] (Adobe Systems Incorporated)
Task: {8075E9B7-B058-4F10-874D-87AA2E9A8501} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-06-22] (Microsoft Corporation)
Task: {B9D931BB-A6ED-4C25-9D3E-4040E4A82C59} - \EPUpdater -> No File <==== ATTENTION
Task: {BAE8C06E-4C59-4726-9DAB-1F2CF9EB8401} - System32\Tasks\MirageAgent => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [2012-11-08] (CyberLink)
Task: {BB59C2CF-5D0F-47AB-97D2-69CF13C98EF8} - System32\Tasks\Lenovo\LSC\LSCHardwareScanPostpone => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2014-10-16] ()
Task: {BDC5BE12-8566-43C6-8133-63638D8095AE} - System32\Tasks\Lenovo\LSC\LSCHardwareScan => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2014-10-16] ()
Task: {C5702E4E-8490-45FC-8299-F69D7CF4CEBB} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program => C:\Program Files\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2014-10-16] (Lenovo)
Task: {D4AE54AF-3C03-4A3B-B1A3-3DF8D1902340} - System32\Tasks\Lenovo\LSC\Lenovo Solution Center Notifications => C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe [2014-10-16] (Lenovo)
Task: {E79A94FE-2799-4AA8-9EEE-CDDF1BCC5292} - \Voo Update -> No File <==== ATTENTION
Task: {E810E1B0-1A0E-4852-83D4-ADACE2FAEEEE} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\BrowserChoice\browserchoice.exe
Task: {E90017E0-1BD2-45CC-8D22-78636A57EBD1} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-08-11] (AVAST Software)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (Whitelisted) ==============

2015-03-20 18:12 - 2015-03-20 18:12 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-03-20 18:12 - 2015-03-20 18:12 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2014-01-30 00:02 - 2014-01-30 00:02 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2012-09-14 21:42 - 2012-09-14 21:42 - 00384128 _____ () C:\Program Files (x86)\Bluetooth Suite\ContactsApi.dll
2012-09-13 00:38 - 2012-09-13 00:38 - 00264040 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
2014-09-26 14:40 - 2014-09-26 14:40 - 06237856 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
2014-09-26 14:41 - 2014-09-26 14:41 - 01021088 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
2013-09-05 01:17 - 2013-09-05 01:17 - 04300456 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 16:23 - 2010-10-20 16:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2015-05-02 05:49 - 2015-05-02 05:49 - 00104400 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2015-05-02 05:49 - 2015-05-02 05:49 - 00081728 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2015-06-23 17:47 - 2015-06-23 17:47 - 02952704 _____ () C:\Program Files\AVAST Software\Avast\defs\15062303\algo.dll
2015-08-14 15:06 - 2015-08-14 15:06 - 02962432 _____ () C:\Program Files\AVAST Software\Avast\defs\15081404\algo.dll
2012-02-22 17:46 - 2012-02-22 17:46 - 01135616 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\AllShareDMSWrap.dll
2012-02-22 17:46 - 2012-02-22 17:46 - 00656896 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\ContentDirectoryPresenter.dll
2012-02-22 17:46 - 2012-02-22 17:46 - 00105472 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\DCMCDP.dll
2012-02-22 17:46 - 2012-02-22 17:46 - 00098816 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\FolderCDP.dll
2012-02-22 17:46 - 2012-02-22 17:46 - 00031232 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\Autobackup.dll
2012-02-22 17:46 - 2012-02-22 17:46 - 00054784 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\RosettaAllShare.dll
2012-02-22 17:46 - 2012-02-22 17:46 - 00077312 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\MetadataFramework.dll
2012-01-05 23:40 - 2012-01-05 23:40 - 00520234 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\sqlite3.dll
2012-01-05 23:40 - 2012-01-05 23:40 - 00450560 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\MoodExtractor.dll
2012-01-05 23:40 - 2012-01-05 23:40 - 05717504 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\DCMImgExtractor.dll
2012-02-22 17:46 - 2012-02-22 17:46 - 00029184 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\AutoChaptering.dll
2012-02-22 17:46 - 2012-02-22 17:46 - 00027648 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\AudioExtractor.dll
2012-02-22 17:46 - 2012-02-22 17:46 - 00017920 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\VideoExtractor.dll
2012-02-22 17:46 - 2012-02-22 17:46 - 00012288 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\ImageExtractor.dll
2012-02-22 17:46 - 2012-02-22 17:46 - 00013824 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\TextExtractor.dll
2012-01-05 23:40 - 2012-01-05 23:40 - 00147456 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\libexpat.dll
2012-02-22 17:46 - 2012-02-22 17:46 - 00012288 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\VideoThumb.dll
2012-02-22 17:46 - 2012-02-22 17:46 - 00063488 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\ID3Driver.dll
2012-02-22 17:46 - 2012-02-22 17:46 - 00023040 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\RichInfoDriver.dll
2012-02-22 17:46 - 2012-02-22 17:46 - 00017920 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\ThumbnailMaker.dll
2012-02-22 17:46 - 2012-02-22 17:46 - 00133120 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\VideoMetadataDriver.dll
2012-02-22 17:46 - 2012-02-22 17:46 - 00024064 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\SECMetaDriver.dll
2012-02-22 17:46 - 2012-02-22 17:46 - 00024064 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\photoDriver.dll
2012-01-05 23:40 - 2012-01-05 23:40 - 04671488 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\avcodec-52.dll
2012-01-05 23:40 - 2012-01-05 23:40 - 00686080 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\avformat-52.dll
2012-01-05 23:40 - 2012-01-05 23:40 - 00070656 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\avutil-50.dll
2012-01-05 23:40 - 2012-01-05 23:40 - 00152064 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\swscale-0.dll
2012-01-05 23:40 - 2012-01-05 23:40 - 00366592 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\tag.dll
2012-02-22 17:46 - 2012-02-22 17:46 - 00289792 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\libThumbnail.dll
2012-02-22 17:46 - 2012-02-22 17:46 - 00290304 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\libKeyFrame.dll
2012-01-05 23:40 - 2012-01-05 23:40 - 00399826 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\libexif-12.dll.dll
2012-01-05 23:40 - 2012-01-05 23:40 - 00044032 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\us.dll
2013-02-21 15:04 - 2012-06-25 03:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll
2015-03-20 18:12 - 2015-03-20 18:12 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-02-21 15:32 - 2012-07-12 13:59 - 00891392 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\QtNetwork4.dll
2013-02-21 15:32 - 2012-07-12 13:59 - 02281984 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\QtCore4.dll
2013-02-21 15:32 - 2012-07-12 13:59 - 00016896 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\featureController.dll
2013-02-21 15:32 - 2012-07-12 13:59 - 00062976 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\osEvents.dll
2013-02-21 15:32 - 2012-07-12 13:59 - 00322048 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\log4cplus.dll
2013-02-21 15:32 - 2012-07-12 13:59 - 00339456 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\QtXml4.dll
2013-02-21 15:32 - 2012-07-12 13:59 - 00400384 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\sqlite3.dll
2013-02-21 15:32 - 2012-07-12 13:59 - 00195584 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\libgsoap.dll
2013-02-21 15:32 - 2012-07-12 13:59 - 00062464 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\zlib1.dll
2013-02-21 15:32 - 2012-07-12 13:59 - 00446976 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\deviceProfile.dll
2013-02-21 15:32 - 2012-07-12 13:59 - 00019456 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\eventsSender.dll
2013-02-21 15:32 - 2012-07-12 13:59 - 00062976 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\serviceManagerStarter.dll
2012-09-13 00:38 - 2012-09-13 00:38 - 02144104 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtCore4.dll
2012-09-13 00:38 - 2012-09-13 00:38 - 07955304 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtGui4.dll
2012-09-13 00:38 - 2012-09-13 00:38 - 00341352 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtXml4.dll
2012-09-13 00:38 - 2012-09-13 00:38 - 00028008 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QGif4.dll
2012-09-13 00:38 - 2012-09-13 00:38 - 00127336 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QJpeg4.dll
2015-03-21 13:26 - 2015-03-21 13:26 - 40540672 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-09-28 21:01 - 2014-09-28 21:01 - 36730032 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CEF\libcef.dll
2012-09-13 00:39 - 2012-09-13 00:39 - 00336232 _____ () C:\Program Files (x86)\Common Files\logishrd\LWSPlugins\LWS\Applets\CameraHelper\DevManagerCore.dll
2013-09-05 01:14 - 2013-09-05 01:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 16:45 - 2010-10-20 16:45 - 08801120 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2014-09-28 21:01 - 2014-09-28 21:01 - 00746160 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CEF\libglesv2.dll
2014-09-28 21:01 - 2014-09-28 21:01 - 00136368 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CEF\libegl.dll
2015-01-31 04:07 - 2015-01-31 04:07 - 00605184 _____ () C:\Users\Nazeer\AppData\Local\Packages\E046963F.LenovoSupport_k1h2ywk1493x8\AC\Microsoft\CLR_v4.0_32\NativeImages\BackgroundT72ca5658#\b9c8c588d47bbea423afc74d60e1159f\BackgroundTasks_MetricCollection.ni.dll
2015-01-31 04:06 - 2015-01-31 04:07 - 01130496 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Windows.App640a3541#\6e37f358bf8363dad51e2333292d61a9\Windows.ApplicationModel.ni.dll
2015-01-31 19:04 - 2015-01-31 19:04 - 00808448 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Windows.Storage\f0a2c10499402eff632a7a7df0b4afef\Windows.Storage.ni.dll
2015-01-31 19:04 - 2015-01-31 19:04 - 00797696 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Windows.Networking\e1a2f3f274995f1f847c00f962657943\Windows.Networking.ni.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\Nazeer\OneDrive:ms-properties
AlternateDataStreams: C:\Users\Nazeer\AppData\Roaming\Microsoft\Windows\Start Menu\Facebook.website:TASKICON_0news-1751121550
AlternateDataStreams: C:\Users\Nazeer\AppData\Roaming\Microsoft\Windows\Start Menu\Facebook.website:TASKICON_1messages-431041656
AlternateDataStreams: C:\Users\Nazeer\AppData\Roaming\Microsoft\Windows\Start Menu\Facebook.website:TASKICON_2events-250898981
AlternateDataStreams: C:\Users\Nazeer\AppData\Roaming\Microsoft\Windows\Start Menu\Facebook.website:TASKICON_3friends-215113587

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-262198327-598105851-806630370-1001\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 194.168.4.100 - 194.168.8.100
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-262198327-598105851-806630370-1001\...\StartupApproved\StartupFolder: => "OneNote 2010 Screen Clipper and Launcher.lnk"
HKU\S-1-5-21-262198327-598105851-806630370-1001\...\StartupApproved\Run: => "uTorrent"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{B8B15577-C597-43A3-B15C-F434917143DB}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{CB70927C-C85B-4F12-A239-398DA2E0BE02}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{B0090EA0-1C50-43F0-B2AF-FD56522F373B}] => (Allow) C:\Program Files (x86)\Samsung\AllShare\AllShareAgent.exe
FirewallRules: [{6F4A1E12-EDBF-4F35-A40A-CA19C35DA218}] => (Allow) C:\Program Files (x86)\Samsung\AllShare\AllShare.exe
FirewallRules: [{68C3AE04-0405-4D3E-8E11-D5B513746D12}] => (Allow) C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\AllShareDMS.exe
FirewallRules: [{3C88A224-7F99-4900-9EAF-8EF04F9B4689}] => (Allow) C:\Users\Nazeer\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{D7B89C35-BB5E-4A81-8623-0608534029D9}] => (Allow) C:\Users\Nazeer\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{1278A9BB-660F-4E59-B3AB-DBCDA058A1EC}] => (Allow) C:\Users\Nazeer\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{43899E9F-00B1-4D59-8319-43B09C513463}] => (Allow) C:\Users\Nazeer\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{2CC9EA7A-8313-43DF-8C2D-630D734C7413}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{52CC13BE-9078-48A3-A88E-E5E849373030}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{016DCAD6-B3B2-438B-9CFD-02B4D88A373E}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{46B8F5F4-E831-488D-B90E-2EF18EF37970}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{1E2DCCC5-0CF7-4700-A4A1-8951C4622477}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
FirewallRules: [{1AA0225C-FDC6-475A-A8C8-E85C782A6950}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
FirewallRules: [{2542ADCF-DD56-47D4-A0E8-FE2DA35351AB}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
FirewallRules: [{05439D59-0241-45FB-A139-9EAA929013A8}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
FirewallRules: [{04D3A875-BA38-4941-9FCE-77FE022F3A3B}] => (Allow) C:\Program Files (x86)\Lenovo\PowerDVD10\PowerDVD10.EXE
FirewallRules: [{FA0F2BF6-7E6B-40F5-89CE-E22E99D46E9A}] => (Allow) C:\Program Files (x86)\Lenovo\PowerDVD10\PowerDVD Cinema\PowerDVDCinema10.exe
FirewallRules: [TCP Query User{DBC54153-7F73-4F5A-8257-E009AE2097D1}C:\program files (x86)\intel\intelappstore\bin\ismagent.exe] => (Allow) C:\program files (x86)\intel\intelappstore\bin\ismagent.exe
FirewallRules: [UDP Query User{152D574C-A944-4EBB-B557-90FC47246861}C:\program files (x86)\intel\intelappstore\bin\ismagent.exe] => (Allow) C:\program files (x86)\intel\intelappstore\bin\ismagent.exe
FirewallRules: [TCP Query User{DE47A68F-8930-4AA0-A9CC-7CF3DAA96D17}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{9743300A-5C30-46C8-8A43-051FE9E6CA03}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [TCP Query User{308E1C91-C49B-4C6E-B61B-DC35E9520901}C:\program files (x86)\kodi\kodi.exe] => (Allow) C:\program files (x86)\kodi\kodi.exe
FirewallRules: [UDP Query User{CEE2F4EC-4158-4EAB-B74B-F155C0C2922C}C:\program files (x86)\kodi\kodi.exe] => (Allow) C:\program files (x86)\kodi\kodi.exe
FirewallRules: [{CFCF4CDC-EE92-417D-AB3B-31BAD23DA129}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{6254E2AF-43E8-45DC-B4D3-4C7086EC9D1A}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{711DA95B-125B-4B5A-8073-899FFBE549B6}] => (Allow) C:\Program Files\iTunes\iTunes.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (08/14/2015 03:14:40 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program explorer.exe version 6.3.9600.17667 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1b74

Start Time: 01d0d3946062cdb6

Termination Time: 2364

Application Path: C:\WINDOWS\explorer.exe

Report Id: cae5fb9f-428e-11e5-beb4-2cd05a345fbb

Faulting package full name:

Faulting package-relative application ID:

Error: (08/14/2015 03:14:39 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program LiveComm.exe version 17.5.9600.20911 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 38c0

Start Time: 01d0d53c444ea9ae

Termination Time: 4294967295

Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\LiveComm.exe

Report Id: c47fcd94-428e-11e5-beb4-2cd05a345fbb

Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe

Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1

Error: (08/14/2015 03:06:43 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program IEXPLORE.EXE version 11.0.9600.17840 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 2a18

Start Time: 01d0d483b438cd94

Termination Time: 2012

Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Report Id: adcde864-428d-11e5-beb4-2cd05a345fbb

Faulting package full name:

Faulting package-relative application ID:

Error: (08/14/2015 03:04:53 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program IEXPLORE.EXE version 11.0.9600.17840 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: b08

Start Time: 01d0d608a0fd1cca

Termination Time: 81

Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Report Id: 6ed68d54-428d-11e5-beb4-2cd05a345fbb

Faulting package full name:

Faulting package-relative application ID:

Error: (08/13/2015 10:17:13 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 10765

Error: (08/13/2015 10:17:13 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 10765

Error: (08/13/2015 10:17:13 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (08/13/2015 10:17:12 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 9765

Error: (08/13/2015 10:17:12 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 9765

Error: (08/13/2015 10:17:12 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second


System errors:
=============
Error: (08/11/2015 09:52:12 PM) (Source: Server) (EventID: 2505) (User: )
Description: The server could not bind to the transport \Device\NetBT_Tcpip_{AE0964BE-F700-4E1C-B3D2-8EA7E9D92462} because another computer on the network has the same name.  The server could not start.

Error: (08/07/2015 01:15:58 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 10. The Windows SChannel error state is 10.

Error: (08/07/2015 01:09:59 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 10. The Windows SChannel error state is 10.

Error: (08/04/2015 10:41:01 PM) (Source: Server) (EventID: 2505) (User: )
Description: The server could not bind to the transport \Device\NetBT_Tcpip_{AE0964BE-F700-4E1C-B3D2-8EA7E9D92462} because another computer on the network has the same name.  The server could not start.

Error: (08/03/2015 07:54:11 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the FDResPub service.

Error: (07/28/2015 06:42:41 PM) (Source: Server) (EventID: 2505) (User: )
Description: The server could not bind to the transport \Device\NetBT_Tcpip_{AE0964BE-F700-4E1C-B3D2-8EA7E9D92462} because another computer on the network has the same name.  The server could not start.

Error: (07/27/2015 10:15:34 PM) (Source: Server) (EventID: 2505) (User: )
Description: The server could not bind to the transport \Device\NetBT_Tcpip_{AE0964BE-F700-4E1C-B3D2-8EA7E9D92462} because another computer on the network has the same name.  The server could not start.

Error: (07/07/2015 09:16:01 PM) (Source: Server) (EventID: 2505) (User: )
Description: The server could not bind to the transport \Device\NetBT_Tcpip_{AE0964BE-F700-4E1C-B3D2-8EA7E9D92462} because another computer on the network has the same name.  The server could not start.

Error: (07/03/2015 07:43:13 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x800f0244: Intel Corporation driver update for Intel® HD Graphics 3000.

Error: (07/02/2015 11:22:15 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x800f0244: Intel Corporation driver update for Intel® HD Graphics 3000.


Microsoft Office:
=========================
Error: (08/14/2015 03:14:40 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: explorer.exe6.3.9600.176671b7401d0d3946062cdb62364C:\WINDOWS\explorer.execae5fb9f-428e-11e5-beb4-2cd05a345fbb

Error: (08/14/2015 03:14:39 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: LiveComm.exe17.5.9600.2091138c001d0d53c444ea9ae4294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\LiveComm.exec47fcd94-428e-11e5-beb4-2cd05a345fbbmicrosoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1

Error: (08/14/2015 03:06:43 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: IEXPLORE.EXE11.0.9600.178402a1801d0d483b438cd942012C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEadcde864-428d-11e5-beb4-2cd05a345fbb

Error: (08/14/2015 03:04:53 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: IEXPLORE.EXE11.0.9600.17840b0801d0d608a0fd1cca81C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE6ed68d54-428d-11e5-beb4-2cd05a345fbb

Error: (08/13/2015 10:17:13 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 10765

Error: (08/13/2015 10:17:13 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 10765

Error: (08/13/2015 10:17:13 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (08/13/2015 10:17:12 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 9765

Error: (08/13/2015 10:17:12 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 9765

Error: (08/13/2015 10:17:12 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second


CodeIntegrity:
===================================
  Date: 2015-05-02 14:10:01.620
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-05-02 14:10:01.339
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-05-02 14:08:53.926
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-05-02 14:08:53.641
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-05-02 14:08:53.338
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-05-02 14:08:53.060
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-05-02 14:08:52.623
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-05-02 14:08:52.304
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-05-02 14:08:51.973
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-05-02 14:08:51.691
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info ===========================

Processor: Intel® Core™ i3-2348M CPU @ 2.30GHz
Percentage of memory in use: 83%
Total physical RAM: 3941.41 MB
Available physical RAM: 664.37 MB
Total Virtual: 8686.69 MB
Available Virtual: 1666.86 MB

==================== Drives ================================

Drive c: (Windows8_OS) (Fixed) (Total:883.74 GB) (Free:526.43 GB) NTFS ==>[system with boot components (obtained from reading drive)]
Drive d: (LENOVO) (Fixed) (Total:25 GB) (Free:22.55 GB) NTFS
Drive f: (Manual & Driver) (CDROM) (Total:0.01 GB) (Free:0 GB) CDFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 3CE9A948)

Partition: GPT.

==================== End of log ============================


  • 0

#3
Nevan
Posted 14 August 2015 - 09:35 AM

Nevan

    Trusted Helper

  • Malware Removal
  • 1,765 posts
Hello, Beshoff. My nickname is Nevan and I will be helping you getting your system back on its electronic feet.

Before we get started, please keep these things in mind:
  • Always read every part of my post carefully. If you don't, you may do something wrong and there could be more problems to solve.
  • If your security programs give you any warnings when using tools I asked you to, don't be afraid. Every tool I provide to you is 100% safe.
  • Only run tools that I ask you to. Some of them can be dangerous to your system as they have much power.
  • You should save or print my instructions. It is possible that we will be using Safe mode, which will cut you off from your internet connection and without access to them, you might be stuck.
  • Malware removal is a complicated process that takes multiple steps to be completed. Don't give up, be patient.
  • The tools we are going to use and your software may cause unwanted interactions. Because of that, I recommend you to make backups of any important files from your machine before proceeding as they might be lost.
  • I recommend you to stay with me until I tell you that we are done. It is important because when your system does not show any bad symptoms anymore it does not mean that it is 100% clean.
  • Your time to reply is limited. If you don't reply within 3 days, your topic will be closed and you will have to request it to be reopened by contacting one of Moderator group members with the link to this topic.
  • Every program I ask you to download should be saved to and run from desktop. If you don't know how to choose the direction of where a download is saved, check this site. You can also just copy these programs to your desktop manually and then run them from there.
  • Remember that the fixes I give you are only for your machine. Using it on other systems may (and probably will) cause problems.
  • Finally, if you have any questions or are unsure about something, just ask. I will not blame you for it. It is better to ask rather than regret it later.
Also, please note that I'm currently in training, so my answers to you will have to be checked first by an experienced helper before I can post them. This can lengthen the time between my answers to you, but in return you will have an extra person reviewing your log.

 
I'll check the log provided and be back with appropriate instructions once they are approved by my teacher.

In the meantime, as I see you haven't yet done that: there's a PX9quUo.png button at the top-right side of this page. This will allow you to get notified once I post an answer to this topic ;)

Stay calm :)
  • 0

#4
Nevan
Posted 14 August 2015 - 11:01 AM

Nevan

    Trusted Helper

  • Malware Removal
  • 1,765 posts
Hello again, Beshoff.

I've noticed that your CPU and RAM usage is high and as you have a lot of different processes running, I'd like you to have a look at the uninstall list and remove the programs that you don't use anymore but are still loaded at your computer's startup.

Please read the following warning:

P2P Warning

I've noticed that you have or have had a P2P (Peer-to-Peer) file sharing program on your machine:
  • uTorrent
It is important to stay away from them as they are used to share pirated material. The programs themselves can be safe, but majority of the files shared through them is infected.

Some of things to keep in mind when using P2P programs:
  • Your computer is more likely to get infected with malware, which will result in coming back to our or other forums for help.
  • You may have your important data stolen, including passwords, photos or personal information.
  • You help to share pirated material, which may result in arrest, fines, or even jail time for illegal downloads of copyrighted material.
If I still didn't convince you, please read these short reports about how dangerous it can be to use P2P programs:Whether you remove them or not is your decision. Though I strongly recommend you to uninstall your P2P programs as they most likely will cause problems in the future.

If you choose not to remove them, please refrain from using them until we are done on cleaning your computer.

Also, please perform the instructions below.

 
Step #1
4lSuPAR.pngUninstalling programs

Go to Start Menu>Control Panel>Programs>Uninstall a program (or Control Panel>Programs and Features if using icon view) and remove the following programs:
  • Amazon Browser App
  • Update for Zip Extractor
  • Zip Extractor Packages
Optional programs to uninstall:
  • uTorrent
 
Step #2
4rr98tz.png FRST Fix

I've noticed that you ran FRST64.exe from the Downloads folder. Please move it to your Desktop. You can do it by right-clicking FRST64.exe, click Cut, then move to Desktop, right-click any free space and click Paste.
  • Download attached fixlist.txt file to your desktop.
    Attached File  fixlist.txt   2KB   249 downloads
    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
  • Right click FRST64.exe on your desktop and click Run as administrator.
  • Press the Fix button just once and wait.
    NOTE: It's important that both FRST64.exe and fixlist.txt are in the same location or the fix will not work.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finished, FRST will generate a log on the desktop (Fixlog.txt). Select all (CTRL+A) the content of the log, copy it (CTRL+C) and paste (CTRL+V) it into your next reply.
 
EOEdyWG.png Things that should appear in your next post:
  • Fixlog.txt log content
  • Please tell me if your system got any better after performing the instructions and uninstalling some programs.

  • 0

#5
Beshoff
Posted 14 August 2015 - 01:48 PM

Beshoff

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts

Ok

Step 1 - Programs uninstalled.

I get your message about Utorrent and all the warnings but I am not a big user of it and i am careful and very watchful of it and the damage it could do.

 

Step 2 - I moved the file to desktop, did the fixlist it restarted a couple of times and attached is the fix log.

 

Fix result of Farbar Recovery Scan Tool (x64) Version:13-08-2015
Ran by Nazeer (2015-08-14 20:20:02) Run:1
Running from C:\Users\Nazeer\Desktop
Loaded Profiles: Nazeer (Available Profiles: Nazeer & Guest)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CloseProcesses:
CreateRestorePoint:
HKLM-x32\...\Run: [mobilegeni daemon] => C:\Program Files (x86)\Mobogenie\DaemonProcess.exe
C:\Program Files (x86)\Mobogenie
HKLM\...\Policies\Explorer: [NoControlPanel] 0
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
SearchScopes: HKU\S-1-5-21-262198327-598105851-806630370-1001 -> {2B6A75B4-A1F2-4F8C-BE54-0442A1A44F2A} URL = hxxp://wzeu.ask.com/r?t=v&d=eu&s=uk&l=dir&u=hxxp://uk.ask.com/web?q={searchTerms}&iesrc={referrer:source?}&qsrc=3032&l=dir&o=379
SearchScopes: HKU\S-1-5-21-262198327-598105851-806630370-1001 -> {E5A29759-D79E-4544-9BEE-D59ED3178D74} URL =
DPF: HKLM-x32 {4FF78044-96B4-4312-A5B7-FDA3CB328095}
FF user.js: detected! => C:\Users\Nazeer\AppData\Roaming\Mozilla\Firefox\Profiles\lcz9de7b.default\user.js [2014-12-29]
FF SearchPlugin: C:\Users\Nazeer\AppData\Roaming\Mozilla\Firefox\Profiles\lcz9de7b.default\searchplugins\askcom.xml [2014-10-27]
Task: {B9D931BB-A6ED-4C25-9D3E-4040E4A82C59} - \EPUpdater -> No File <==== ATTENTION
Task: {E79A94FE-2799-4AA8-9EEE-CDDF1BCC5292} - \Voo Update -> No File <==== ATTENTION
AlternateDataStreams: C:\Users\Nazeer\AppData\Roaming\Microsoft\Windows\Start Menu\Facebook.website:TASKICON_0news-1751121550
AlternateDataStreams: C:\Users\Nazeer\AppData\Roaming\Microsoft\Windows\Start Menu\Facebook.website:TASKICON_1messages-431041656
AlternateDataStreams: C:\Users\Nazeer\AppData\Roaming\Microsoft\Windows\Start Menu\Facebook.website:TASKICON_2events-250898981
AlternateDataStreams: C:\Users\Nazeer\AppData\Roaming\Microsoft\Windows\Start Menu\Facebook.website:TASKICON_3friends-215113587
CMD: bitsadmin /reset /allusers
cmd: netsh advfirewall reset
cmd: netsh advfirewall set allprofiles state on
Reg: Reg Delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartupApproved" /F
Reg: Reg Add "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartupApproved" /F
Reg: Reg Delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F
Reg: Reg Add "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F
*****************

Processes closed successfully.
Restore point was successfully created.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\mobilegeni daemon => value removed successfully
C:\Program Files (x86)\Mobogenie => moved successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoControlPanel => value removed successfully
C:\WINDOWS\system32\GroupPolicy\Machine => moved successfully.
C:\WINDOWS\system32\GroupPolicy\GPT.ini => moved successfully.
C:\WINDOWS\SysWOW64\GroupPolicy\GPT.ini => moved successfully.
"HKU\S-1-5-21-262198327-598105851-806630370-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2B6A75B4-A1F2-4F8C-BE54-0442A1A44F2A}" => key removed successfully
HKCR\CLSID\{2B6A75B4-A1F2-4F8C-BE54-0442A1A44F2A} => key not found.
"HKU\S-1-5-21-262198327-598105851-806630370-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{E5A29759-D79E-4544-9BEE-D59ED3178D74}" => key removed successfully
HKCR\CLSID\{E5A29759-D79E-4544-9BEE-D59ED3178D74} => key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Code Store Database\Distribution Units\{4FF78044-96B4-4312-A5B7-FDA3CB328095}" => key removed successfully
"HKCR\Wow6432Node\CLSID\{4FF78044-96B4-4312-A5B7-FDA3CB328095}" => key removed successfully
C:\Users\Nazeer\AppData\Roaming\Mozilla\Firefox\Profiles\lcz9de7b.default\user.js => moved successfully.
C:\Users\Nazeer\AppData\Roaming\Mozilla\Firefox\Profiles\lcz9de7b.default\searchplugins\askcom.xml => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B9D931BB-A6ED-4C25-9D3E-4040E4A82C59}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B9D931BB-A6ED-4C25-9D3E-4040E4A82C59}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\EPUpdater" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E79A94FE-2799-4AA8-9EEE-CDDF1BCC5292}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E79A94FE-2799-4AA8-9EEE-CDDF1BCC5292}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Voo Update" => key removed successfully
C:\Users\Nazeer\AppData\Roaming\Microsoft\Windows\Start Menu\Facebook.website => ":TASKICON_0news-1751121550" ADS removed successfully.
C:\Users\Nazeer\AppData\Roaming\Microsoft\Windows\Start Menu\Facebook.website => ":TASKICON_1messages-431041656" ADS removed successfully.
C:\Users\Nazeer\AppData\Roaming\Microsoft\Windows\Start Menu\Facebook.website => ":TASKICON_2events-250898981" ADS removed successfully.
C:\Users\Nazeer\AppData\Roaming\Microsoft\Windows\Start Menu\Facebook.website => ":TASKICON_3friends-215113587" ADS removed successfully.

=========  bitsadmin /reset /allusers =========


BITSADMIN version 3.0 [ 7.7.9600 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

{559DFF15-2193-4869-9D04-FBA49B033CC1} canceled.
1 out of 1 jobs canceled.

========= End of CMD: =========


=========  netsh advfirewall reset =========

Ok.


========= End of CMD: =========


=========  netsh advfirewall set allprofiles state on =========

Ok.


========= End of CMD: =========


========= Reg Delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartupApproved" /F =========

ERROR: The system was unable to find the specified registry key or value.


========= End of Reg: =========


========= Reg Add "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartupApproved" /F =========

The operation completed successfully.



========= End of Reg: =========


========= Reg Delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F =========

ERROR: The system was unable to find the specified registry key or value.


========= End of Reg: =========


========= Reg Add "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F =========

The operation completed successfully.



========= End of Reg: =========



The system needed a reboot..

==== End of Fixlog 20:20:38 ====

 

 

Computer still sounds like it is working hard but the speed of the internet navigation and page loading is much improved. I would be happy to call this closed and see how i get on. Unless you feel there could be more to do.


  • 0

#6
Nevan
Posted 14 August 2015 - 02:23 PM

Nevan

    Trusted Helper

  • Malware Removal
  • 1,765 posts
Hello again, Beshoff.

Yes, there's still more to do. We'll check if nothing's hiding somewhere there and if it is, we'll try to get rid of it :)

Please stay with me until I tell you that we're done.

Perform the following instructions.

Step #1
INQmTSa.png Junkware Removal Tool
  • Download Junkware Removal Tool to your Desktop
  • Close any open windows
  • Disable your Antivirus program (click here if you don't know how to do this)
  • Double click JRT.exe on your desktop to run it
  • Click any button to start the scan
  • Wait for Junkware Removal Tool to finish the scan
  • When the scan is finished, JRT.txt will be saved to your desktop and it will automatically open
  • Select all (CTRL+A) the content of the log, copy it (CTRL+C) and paste (CTRL+V) it into your next reply.
 
Step #2
LHBIenm.pngAdwCleaner
  • Download AdwCleaner to your Desktop.
  • Close any open windows
  • Double click AdwCleaner.exe on your desktop to run it
  • Click the OvD9RYN.png button
  • Wait for AdwCleaner to finish the scan
  • When the scan is finished, there will be "Pending. Please uncheck elements you don't want to remove" message. Leave everything as it is and click 5W2Ci1o.png button.
  • When the cleaning is finished, the program will ask you to reboot the system. Please do so.
  • Once your machine has rebooted, a Notepad window will be opened. If it won't, you can find it in C:\AdwCleaner. The report will be saved as AdwCleaner[S0].txt.
  • Select all (CTRL+A) the content of the log, copy it (CTRL+C) and paste (CTRL+V) it into your next reply.
Remember to enable your Antivirus program once you're done!

 
EOEdyWG.png Things that should appear in your next post:
  • JRT.txt log content
  • AdwCleaner[S0].txt log content

  • 0

#7
Beshoff
Posted 14 August 2015 - 04:16 PM

Beshoff

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.5.6 (08.10.2015:1)
OS: Windows 8.1 x64
Ran by Nazeer on 14/08/2015 at 22:51:43.28
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Tasks



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Eventlog\Application\Update Jump Flip



~~~ Files



~~~ Folders

Successfully deleted: [Folder] C:\Program Files (x86)\Optimizer Pro 3.16
Successfully deleted: [Folder] C:\Program Files (x86)\predm
Successfully deleted: [Folder] C:\ProgramData\babylon
Successfully deleted: [Folder] C:\ProgramData\google
Successfully deleted: [Folder] C:\Users\Nazeer\Appdata\Local\genienext
Successfully deleted: [Folder] C:\Users\Nazeer\Appdata\Local\mobogenie
Successfully deleted: [Folder] C:\Users\Nazeer\Appdata\LocalLow\delta
Successfully deleted: [Folder] C:\Users\Nazeer\AppData\Roaming\babsolution
Successfully deleted: [Folder] C:\Users\Nazeer\AppData\Roaming\babylon
Successfully deleted: [Folder] C:\Users\Nazeer\AppData\Roaming\search protection
Successfully deleted: [Folder] C:\Users\Nazeer\Documents\optimizer pro



~~~ FireFox

Successfully deleted: [File] C:\Users\Nazeer\AppData\Roaming\mozilla\firefox\profiles\lcz9de7b.default\invalidprefs.js
Emptied folder: C:\Users\Nazeer\AppData\Roaming\mozilla\firefox\profiles\lcz9de7b.default\minidumps [1 files]



~~~ Chrome


[C:\Users\Nazeer\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - default search provider reset

[C:\Users\Nazeer\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:

[C:\Users\Nazeer\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset

[C:\Users\Nazeer\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 14/08/2015 at 22:58:48.23
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

# AdwCleaner v5.000 - Logfile created 14/08/2015 at 23:04:32
# Updated 14/08/2015 by Xplode
# Database : 2015-08-14.3 [Server]
# Operating system : Windows 8.1  (x64)
# Username : Nazeer - BLUE
# Running from : C:\Users\Nazeer\Desktop\AdwCleaner.exe
# Option : Cleaning

***** [ Services ] *****


***** [ Folders ] *****

[-] Folder Deleted : C:\Program Files (x86)\Amazon\ABB
[-] Folder Deleted : C:\Users\Nazeer\AppData\Roaming\DigitalSites
[-] Folder Deleted : C:\Users\Nazeer\Documents\Mobogenie

***** [ Files ] *****

[-] File Deleted : C:\Users\Nazeer\daemonprocess.txt

***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****

[-] Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
[-] Key Deleted : HKCU\Software\Classes\keepmysearch
[-] Key Deleted : HKLM\SOFTWARE\953dd8bbd3db913
[-] Key Deleted : HKLM\SOFTWARE\bd5ef207-ec3a-fb5f-55f8-8256e5f1b0a7
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
[-] Key Deleted : HKU\.DEFAULT\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
[-] Key Deleted : HKCU\Software\BABSOLUTION
[-] Key Deleted : HKCU\Software\Optimizer Pro
[-] Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
[-] Key Deleted : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}
[-] Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
[-] Key Deleted : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ASPackage
[!] Key Not Deleted : [x64] HKCU\Software\BABSOLUTION
[!] Key Not Deleted : [x64] HKCU\Software\Optimizer Pro

***** [ Web browsers ] *****

[-] [C:\Users\Nazeer\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : uk.ask.com

*************************

:: Proxy settings cleared
:: Winsock settings cleared

*************************

C:\AdwCleaner[C1].txt - [2035 octets] - [14/08/2015 23:04:32]
C:\AdwCleaner[S1].txt - [1950 octets] - [14/08/2015 23:02:47]

########## EOF - C:\AdwCleaner[C1].txt - [2161 octets] ##########

 


  • 0

#8
Nevan
Posted 15 August 2015 - 05:48 AM

Nevan

    Trusted Helper

  • Malware Removal
  • 1,765 posts
Hello again, Beshoff

Let's keep removing the remnants.

Step #1
JHlUMFt.png Malwarebytes Anti-Malware

I can see that you currently have Malwarebytes Anti-Malware installed on your computer. We'll use it.
  • Launch Malwarebytes Anti-Malware
  • In Database version section, click Update Now
  • Once the update is done, click Settings>Detection and Protection
  • Make sure that all three boxes under Detection Options are checked
    vG7pLOy.png
  • Go back to Dashboard and click the big, green Scan Now button.
  • Wait for Malwarebytes Anti-Malware to finish the scan
  • If the program will detect anything, click Remove Selected. The program might want to reboot the system. Allow it it wants to.
  • Once the deletion is done (or after reboot), go to History, select Application Logs and click the latest Scan Log.
  • Click Export, then click Copy to Clipboard.
  • Paste (CTRL+V) the log into your next reply.
 
Step #2
jyv2Te8.png ESET Online Scanner
  • Note: This step can only be done using Internet Explorer, Google Chrome or Mozilla Firefox
  • Disable your Antivirus program (click here if you don't know how to do this).
  • Visit ESET site
  • Click RYa1k8g.png
  • When using:
    • Internet Explorer:
      • Accept the Terms of Use and click Start
      • Allow the running of add-on
    • Other browsers:
      • Download esetsmartinstaller_enu.exe that you'll be given link to
      • Double click esetsmartinstaller_enu.exe
      • Allow the Terms of Use and click Start
  • Make sure that the options are set as the example below:
    temh2Om.png
  • Click Start
  • The program will begin to download it's virus database. The speed may vary depending on your Internet connection.
  • When completed, the program will begin to scan. This may take several hours. Please, be patient.
  • Do not do anything on your machine as it may interrupt the scan
  • When the scan is done, click Finish
  • A log.txt file will be created at C:\Program Files (x86)\ESET\ESET Online Scanner. Open it using Notepad.
  • Select all (CTRL+A) the content of the log, copy it (CTRL+C) and paste (CTRL+V) it into your next reply.
Remember to enable your Antivirus program once you're done!

 
EOEdyWG.png Things that should appear in your next post:
  • Malwarebytes Anti-Malware log content
  • ESET Online Scanner log content

  • 0

#9
Beshoff
Posted 16 August 2015 - 10:00 AM

Beshoff

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts

Protection Log

 

Malwarebytes Anti-Malware
www.malwarebytes.org


Update, 16/08/2015 15:25, SYSTEM, BLUE, Manual, IP Database, 0.0.0.0, 2015.7.24.3,
Update, 16/08/2015 15:25, SYSTEM, BLUE, Manual, Domain Database, 0.0.0.0, 2015.7.24.2,
Update, 16/08/2015 15:25, SYSTEM, BLUE, Manual, Remediation Database, 2015.3.9.1, 2015.7.28.1,
Update, 16/08/2015 15:25, SYSTEM, BLUE, Manual, Rootkit Database, 2015.2.25.1, 2015.8.6.1,
Update, 16/08/2015 15:25, SYSTEM, BLUE, Manual, Malware Database, 2015.3.22.3, 2015.8.16.1,
Update, 16/08/2015 15:25, SYSTEM, BLUE, Manual, program, 2.0.4.1028, 2.1.8.1057,
Error, 16/08/2015 15:30, SYSTEM, BLUE, Update, Bad md5 or size: akadomains, 11,
Error, 16/08/2015 15:30, SYSTEM, BLUE, Update, Bad md5 or size: akaips, 11,
Update, 16/08/2015 15:30, SYSTEM, BLUE, Manual, Domain Database, 0.0.0.0, 2015.7.24.2,
Update, 16/08/2015 15:30, SYSTEM, BLUE, Manual, Rootkit Database, 2015.6.2.1, 2015.8.6.1,
Update, 16/08/2015 15:30, SYSTEM, BLUE, Manual, IP Database, 0.0.0.0, 2015.7.24.3,
Update, 16/08/2015 15:30, SYSTEM, BLUE, Manual, Remediation Database, 2015.5.13.1, 2015.7.28.1,
Update, 16/08/2015 15:30, SYSTEM, BLUE, Manual, AKA IP Database, 0.0.0.0, 2015.8.6.1,
Update, 16/08/2015 15:30, SYSTEM, BLUE, Manual, AKA Domain Database, 0.0.0.0, 2015.8.15.1,
Update, 16/08/2015 15:30, SYSTEM, BLUE, Manual, Malware Database, 2015.6.3.3, 2015.8.16.1,
Scan, 16/08/2015 16:24, SYSTEM, BLUE, Manual, Start:16/08/2015 15:31, Duration:52 min 40 sec, Threat Scan, Completed, 0 Malware Detections, 7 Non-Malware Detections,
Error, 16/08/2015 16:49, SYSTEM, BLUE, Protection, IsLicensed, 13,
Protection, 16/08/2015 16:49, SYSTEM, BLUE, Protection, Malware Protection, Stopping,
Protection, 16/08/2015 16:49, SYSTEM, BLUE, Protection, Malware Protection, Stopped,

(end)

 

Scan Log

 

Malwarebytes Anti-Malware
www.malwarebytes.org

 

I will send the ESet

Scan Date: 16/08/2015
Scan Time: 15:31
Logfile:
Administrator: Yes

Version: 2.1.8.1057
Malware Database: v2015.08.16.01
Rootkit Database: v2015.08.06.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 8.1
CPU: x64
File System: NTFS
User: Nazeer

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 426389
Time Elapsed: 52 min, 40 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 2
PUP.Optional.Spigot.A, HKU\S-1-5-21-262198327-598105851-806630370-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{8E200560-9068-465E-9ABE-7039DC777330}, Quarantined, [0f7250b93b500c2aa0ab35eb0ff457a9],
PUP.Optional.OutBrowse.A, HKU\S-1-5-21-262198327-598105851-806630370-1001\SOFTWARE\OB, Quarantined, [a3de28e18ffc3303a8648d266e96f808],

Registry Values: 2
PUP.Optional.Spigot.A, HKU\S-1-5-21-262198327-598105851-806630370-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{8E200560-9068-465E-9ABE-7039DC777330}|URL, https://uk.search.ya...={searchTerms},Quarantined, [0f7250b93b500c2aa0ab35eb0ff457a9]
PUP.Optional.OutBrowse.A, HKU\S-1-5-21-262198327-598105851-806630370-1001\SOFTWARE\OB|monitype22, 12/29/14 19:23:44, Quarantined, [a3de28e18ffc3303a8648d266e96f808]

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 3
PUP.Optional.InstallCore.C, C:\Users\Nazeer\Downloads\Firefox_Setup_22.0.exe, Quarantined, [1f62a762b0db56e0aa7a793aec15ee12],
PUP.Optional.Spigot.A, C:\Users\Nazeer\AppData\Roaming\Mozilla\Firefox\Profiles\lcz9de7b.default\prefs.js, Good: (), Bad: (user_pref("keyword.URL", "https://uk.search.ya...=282369&p=");),Replaced,[631e16f3ee9dbf772c983d4d47be4eb2]
PUP.Optional.FastStart.A, C:\Users\Nazeer\AppData\Roaming\Mozilla\Firefox\Profiles\lcz9de7b.default\prefs.js, Good: (), Bad: ([email protected]), Replaced,[c1c067a24e3deb4b41328708ad58e11f]

Physical Sectors: 0
(No malicious items detected)


(end)

 

I will send the Eset Log when I have completed it.


  • 0

#10
Nevan
Posted 16 August 2015 - 10:03 AM

Nevan

    Trusted Helper

  • Malware Removal
  • 1,765 posts
Alright. I'll be waiting :)
  • 0

Advertisements

#11
Beshoff
Posted 16 August 2015 - 01:11 PM

Beshoff

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts

This is a copy and paste of the list of threats detetcted.

 

 

C:\Users\Nazeer\AppData\Local\Temp\4236752218.Uninstall\uninstaller.exe    Win32/InstallCore.AZ potentially unwanted application
C:\Users\Nazeer\AppData\Local\Temp\4236773046.Uninstall\uninstaller.exe    Win32/InstallCore.AZ potentially unwanted application
C:\Users\Nazeer\AppData\Roaming\uTorrent\updates\3.3.1_30017.exe    a variant of Win32/AdkDLLWrapper.A potentially unwanted application
C:\Users\Nazeer\Documents\zzzzzDell- My Documents\AppData\Local\Babylon\Setup\BExternal.dll    a variant of Win32/Toolbar.Babylon.F potentially unwanted application
C:\Users\Nazeer\Documents\zzzzzDell- My Documents\AppData\Local\Babylon\Setup\IECookieLow.dll    a variant of Win32/Toolbar.Babylon.E potentially unwanted application
C:\Users\Nazeer\Documents\zzzzzDell- My Documents\AppData\Local\Babylon\Setup\Setup.exe    a variant of Win32/Toolbar.Babylon.E potentially unwanted application
C:\Users\Nazeer\Documents\zzzzzDell- My Documents\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15\2eb5aacf-56ab59e4    a variant of Java/Exploit.CVE-2012-0507.FA trojan
C:\Users\Nazeer\Documents\zzzzzDell- My Documents\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17\b207791-2925a3d6    multiple threats
C:\Users\Nazeer\Documents\zzzzzDell- My Documents\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21\5dbf2fd5-6fe023bf    multiple threats

C:\Users\Nazeer\Documents\zzzzzDell- My Documents\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25\6cee03d9-6e12b995    multiple threats
C:\Users\Nazeer\Documents\zzzzzDell- My Documents\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27\47583b1b-74f622db    multiple threats
C:\Users\Nazeer\Documents\zzzzzDell- My Documents\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38\44a3f926-7dbcc963    Java/Exploit.Agent.NHW trojan
C:\Users\Nazeer\Documents\zzzzzDell- My Documents\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\40\25b7c1e8-2a842eb2    multiple threats
C:\Users\Nazeer\Documents\zzzzzDell- My Documents\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44\1be96b2c-58c4cc84    multiple threats
C:\Users\Nazeer\Documents\zzzzzDell- My Documents\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\45\6789536d-18c28583    multiple threats
C:\Users\Nazeer\Documents\zzzzzDell- My Documents\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5\6b0c8c45-398e756e    multiple threats
C:\Users\Nazeer\Documents\zzzzzDell- My Documents\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50\661337f2-669372e4    a variant of Java/Exploit.CVE-2012-0507.FA trojan
C:\Users\Nazeer\Documents\zzzzzDell- My Documents\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\51\3607beb3-2c9c43d4    multiple threats
C:\Users\Nazeer\Documents\zzzzzDell- My Documents\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\56\42567c78-3ba0f8b3    Java/Exploit.Agent.NYF trojan
C:\Users\Nazeer\Documents\zzzzzDell- My Documents\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\8\2fdecfc8-6f718633    multiple threats
C:\Users\Nazeer\Documents\zzzzzDell- My Documents\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9\18604bc9-5f676735    Java/Exploit.Agent.NTJ trojan
C:\Users\Nazeer\Documents\zzzzzDell- My Documents\AppData\Roaming\0T1F0D1F2W1G1I1F1T1Q\Mozilla Firefox Packages\uninstaller.exe    a variant of Win32/InstallCore.AZ potentially unwanted application
C:\Users\Nazeer\Documents\zzzzzDell- My Documents\Downloads\cnet2_jre-7-windows-i586_exe.exe    a variant of Win32/InstallCore.D potentially unwanted application
C:\Users\Nazeer\Documents\zzzzzDell- My Documents\Downloads\ManyCamSetup.exe    a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application
C:\Users\Nazeer\Documents\zzzzzDell- My Documents\Downloads\MediaPlayerClassic_RocketFuelInstaller(1).exe    a variant of Win32/Verti.G potentially unwanted application
C:\Users\Nazeer\Documents\zzzzzDell- My Documents\Downloads\MediaPlayerClassic_RocketFuelInstaller.exe    a variant of Win32/Verti.G potentially unwanted application
C:\Users\Nazeer\Downloads\u.zip    a variant of Win32/UltraReach potentially unsafe application
C:\Users\Nazeer\Music\zzzzzMusic\01 Latest Songs\You Tube downloads\BestVideoDownloaderSetup-OL.exe    multiple threats
C:\Users\Nazeer\Music\zzzzzMusic\01 Latest Songs\You Tube downloads\ManyCamSetup.exe    a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application
C:\Users\Nazeer\Music\zzzzzMusic\MP3s\FreeYouTubeToMp3Converter.exe    a variant of Win32/Bundled.Toolbar.Ask.A potentially unsafe application

 

 

The logfile only stated what is below

 

ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
Update Init
Update Download
Update Finalize
Updated modules version: 25301

 


Edited by Beshoff, 16 August 2015 - 01:12 PM.

  • 0

#12
Nevan
Posted 17 August 2015 - 02:07 PM

Nevan

    Trusted Helper

  • Malware Removal
  • 1,765 posts
Hello again, Beshoff.

Let's do some final checks.

First, please tell me, do you recognise that file?

C:\Users\Nazeer\Downloads\u.zip


Looks like it's infected but that may be a False Positive, especially if you know what that file is.

Also, please perform the following instructions.

Step #1
4rr98tz.png FRST Fix
  • Download attached fixlist.txt file to your desktop.
    Attached File  fixlist.txt   1.28KB   244 downloads
    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
  • Right click FRST64.exe on your desktop and click Run as administrator.
  • Press the Fix button just once and wait.
    NOTE: It's important that both FRST64.exe and fixlist.txt are in the same location or the fix will not work.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finished, FRST will generate a log on the desktop (Fixlog.txt). Select all (CTRL+A) the content of the log, copy it (CTRL+C) and paste (CTRL+V) it into your next reply.
 
Step #2
4rr98tz.pngFRST Scan
  • Right click FRST64.exe and click Run as administrator. When the tool opens click Yes to disclaimer.
  • Make sure that Addition.txt is checked and press the Scan button.
  • It will produce two logs - one called FRST.txt and another one called Addition.txt in the same directory the tool is run from.
  • Select all (CTRL+A) the content of the logs, copy them (CTRL+C) and paste (CTRL+V) them into your next reply.
 
Step #3
bABuPc2.pngSecurity Check

Download Security Check from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
NOTE: If SecurityCheck aborts and you get the following message: UNSUPPORTED OPERATING SYSTEM! ABORTED! try rebooting the system and then run SecurityCheck again.

 
EOEdyWG.png Things that should appear in your next post:
  • Fixlog.txt log content
  • FRST.txt log content
  • Addition.txt log content
  • Checkup.txt log content
  • Answer to my question about the file

  • 0

#13
Beshoff
Posted 18 August 2015 - 01:19 PM

Beshoff

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts

Got a problem running step 1 - a pop up message stated - There is no disk in drive.Please insert a disl into drive E. I presssed cancel, continue or try again and it wont move on. FRST64.exe-No disk

 

 

Ignore this managed to get it moving again will posts logs shortly


Edited by Beshoff, 18 August 2015 - 01:56 PM.

  • 0

#14
Beshoff
Posted 18 August 2015 - 02:24 PM

Beshoff

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts

NO - I dont recognise the file C:\Users\Nazeer\Downloads\u.zip

 

 

 

Fix result of Farbar Recovery Scan Tool (x64) Version:17-08-2015
Ran by Nazeer (2015-08-18 20:13:23) Run:2
Running from C:\Users\Nazeer\Desktop
Loaded Profiles: Nazeer (Available Profiles: Nazeer & Guest)
Boot Mode: Normal
==============================================

fixlist content:
*****************
C:\Users\Nazeer\AppData\Local\Temp\4236752218.Uninstall\uninstaller.exe
C:\Users\Nazeer\AppData\Local\Temp\4236773046.Uninstall\uninstaller.exe
C:\Users\Nazeer\AppData\Roaming\uTorrent\updates\3.3.1_30017.exe
C:\Users\Nazeer\Documents\zzzzzDell- My Documents\AppData\Local\Babylon\  
C:\Users\Nazeer\Documents\zzzzzDell- My Documents\AppData\LocalLow\Sun\Java
C:\Users\Nazeer\Documents\zzzzzDell- My Documents\AppData\Roaming\0T1F0D1F2W1G1I1F1T1Q\Mozilla Firefox Packages\uninstaller.exe
C:\Users\Nazeer\Documents\zzzzzDell- My Documents\Downloads\cnet2_jre-7-windows-i586_exe.exe
C:\Users\Nazeer\Documents\zzzzzDell- My Documents\Downloads\ManyCamSetup.exe
C:\Users\Nazeer\Documents\zzzzzDell- My Documents\Downloads\MediaPlayerClassic_RocketFuelInstaller(1).exe
C:\Users\Nazeer\Documents\zzzzzDell- My Documents\Downloads\MediaPlayerClassic_RocketFuelInstaller.exe
C:\Users\Nazeer\Music\zzzzzMusic\01 Latest Songs\You Tube downloads\BestVideoDownloaderSetup-OL.exe
C:\Users\Nazeer\Music\zzzzzMusic\01 Latest Songs\You Tube downloads\ManyCamSetup.exe
C:\Users\Nazeer\Music\zzzzzMusic\MP3s\FreeYouTubeToMp3Converter.exe
Unlock: HKCU\Software\BABSOLUTION
Reg: reg delete "HKCU\Software\BABSOLUTION"
Unlock: HKCU\Software\Optimizer Pro
Reg: reg delete "HKCU\Software\Optimizer Pro"
EmptyTemp:
*****************

"C:\Users\Nazeer\AppData\Local\Temp\4236752218.Uninstall\uninstaller.exe" => File/Folder not found.
"C:\Users\Nazeer\AppData\Local\Temp\4236773046.Uninstall\uninstaller.exe" => File/Folder not found.
C:\Users\Nazeer\AppData\Roaming\uTorrent\updates\3.3.1_30017.exe => moved successfully.
C:\Users\Nazeer\Documents\zzzzzDell- My Documents\AppData\Local\Babylon => moved successfully.
C:\Users\Nazeer\Documents\zzzzzDell- My Documents\AppData\LocalLow\Sun\Java => moved successfully.
C:\Users\Nazeer\Documents\zzzzzDell- My Documents\AppData\Roaming\0T1F0D1F2W1G1I1F1T1Q\Mozilla Firefox Packages\uninstaller.exe => moved successfully.
C:\Users\Nazeer\Documents\zzzzzDell- My Documents\Downloads\cnet2_jre-7-windows-i586_exe.exe => moved successfully.
C:\Users\Nazeer\Documents\zzzzzDell- My Documents\Downloads\ManyCamSetup.exe => moved successfully.
C:\Users\Nazeer\Documents\zzzzzDell- My Documents\Downloads\MediaPlayerClassic_RocketFuelInstaller(1).exe => moved successfully.
C:\Users\Nazeer\Documents\zzzzzDell- My Documents\Downloads\MediaPlayerClassic_RocketFuelInstaller.exe => moved successfully.
C:\Users\Nazeer\Music\zzzzzMusic\01 Latest Songs\You Tube downloads\BestVideoDownloaderSetup-OL.exe => moved successfully.
C:\Users\Nazeer\Music\zzzzzMusic\01 Latest Songs\You Tube downloads\ManyCamSetup.exe => moved successfully.
C:\Users\Nazeer\Music\zzzzzMusic\MP3s\FreeYouTubeToMp3Converter.exe => moved successfully.
"HKCU\Software\BABSOLUTION" => key could not be unlocked

========= reg delete "HKCU\Software\BABSOLUTION" =========

Permanently delete the registry key HKEY_CURRENT_USER\Software\BABSOLUTION (Yes/No)? ERROR: The system was unable to find the specified registry key or value.


========= End of Reg: =========

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:17-08-2015
Ran by Nazeer (administrator) on BLUE (18-08-2015 20:58:54)
Running from C:\Users\Nazeer\Desktop
Loaded Profiles: Nazeer (Available Profiles: Nazeer & Guest)
Platform: Windows 10 Home (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDIntelligent.exe
(CyberLink) C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
(Microsoft Corporation) C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Alcor Micro Corp.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Microsoft Corporation) C:\Users\Nazeer\AppData\Local\Microsoft\OneDrive\OneDrive.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.11.149\SSScheduler.exe
(Syntek Ltd.) C:\Windows\STK02N\STK02NM.exe
(Vimicro) C:\Program Files (x86)\USB Camera\VM331STI.EXE
(Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe
(Lenovo) C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe
(Logitech Inc.) C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
() C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\AllShare\AllShareAgent.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\AllShareDMS.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
() C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13885696 2015-06-24] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1402624 2015-06-24] (Realtek Semiconductor)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [3233976 2015-08-16] (ELAN Microelectronics Corp.)
HKLM\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [366720 2012-06-26] (Alcor Micro Corp.)
HKLM\...\Run: [BtTray] => "C:\Program Files (x86)\Bluetooth Suite\BtTray.exe"
HKLM\...\Run: [BtvStack] => "C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe"
HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [17079376 2013-02-21] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [191568 2013-02-21] (Lenovo(beijing) Limited)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [557768 2014-10-14] (Adobe Systems Incorporated)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-04-07] (Apple Inc.)
HKLM-x32\...\Run: [331BigDog] => C:\Program Files (x86)\USB Camera\VM331STI.EXE [561672 2015-06-12] (Vimicro)
HKLM-x32\...\Run: [332BigDog] => C:\Program Files (x86)\USB Camera2\VM332STI.EXE
HKLM-x32\...\Run: [Dolby Advanced Audio v2] => C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe [508256 2012-04-23] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [YouCam Mirage] => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [139792 2012-11-08] (CyberLink)
HKLM-x32\...\Run: [YouCam Tray] => C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe [168464 2012-11-08] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateP2GShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [217088 2012-04-19] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe [91432 2012-03-29] (CyberLink Corp.)
HKLM-x32\...\Run: [mcui_exe] => "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
HKLM-x32\...\Run: [Intel AppUp(SM) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-07-12] (Intel Corporation)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-03-20] (Apple Inc.)
HKLM-x32\...\Run: [AdobeCEPServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe [1039248 2013-03-13] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [LWS] => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [204136 2012-09-13] (Logitech Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [6109776 2015-08-11] (AVAST Software)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2694320 2014-10-15] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AllShareAgent] => C:\Program Files (x86)\Samsung\AllShare\AllShareAgent.exe [285072 2012-03-02] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-19\...\Run: [OneDriveSetup] => C:\Windows\SysWOW64\OneDriveSetup.exe [7805120 2015-07-10] (Microsoft Corporation)
HKU\S-1-5-20\...\Run: [OneDriveSetup] => C:\Windows\SysWOW64\OneDriveSetup.exe [7805120 2015-07-10] (Microsoft Corporation)
HKU\S-1-5-21-262198327-598105851-806630370-1001\...\Run: [OfficeSyncProcess] => C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE [720064 2015-03-18] (Microsoft Corporation)
HKU\S-1-5-21-262198327-598105851-806630370-1001\...\Run: [uTorrent] => C:\Users\Nazeer\AppData\Roaming\uTorrent\uTorrent.exe [1693024 2015-07-26] (BitTorrent Inc.)
HKU\S-1-5-21-262198327-598105851-806630370-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2015-04-26] (Apple Inc.)
HKU\S-1-5-21-262198327-598105851-806630370-1001\...\Run: [OneDrive] => C:\Users\Nazeer\AppData\Local\Microsoft\OneDrive\OneDrive.exe [402632 2015-08-17] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2014-07-18]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.149\SSScheduler.exe (McAfee, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\STK02N 2.3 PNP Monitor.lnk [2013-09-01]
ShortcutTarget: STK02N 2.3 PNP Monitor.lnk -> C:\Windows\STK02N\STK02NM.exe (Syntek Ltd.)
Startup: C:\Users\Nazeer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk [2013-06-30]
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2014-09-26] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2014-09-26] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2014-09-26] ()
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-08-11] (AVAST Software)
ShellIconOverlayIdentifiers: [SugarSyncBackedUp] -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll [2012-05-14] (SugarSync, Inc.)
ShellIconOverlayIdentifiers: [SugarSyncPending] -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll [2012-05-14] (SugarSync, Inc.)
ShellIconOverlayIdentifiers: [SugarSyncRoot] -> {A759AFF6-5851-457D-A540-F4ECED148351} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll [2012-05-14] (SugarSync, Inc.)
ShellIconOverlayIdentifiers: [SugarSyncShared] -> {1574C9EF-7D58-488F-B358-8B78C1538F51} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll [2012-05-14] (SugarSync, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Local Page = %11%\blank.htm
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Local Page = %11%\blank.htm
HKU\S-1-5-21-262198327-598105851-806630370-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com
SearchScopes: HKU\S-1-5-21-262198327-598105851-806630370-1001 -> {E5A29759-D79E-4544-9BEE-D59ED3178D74} URL =
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll [2012-09-14] (Qualcomm Atheros Commnucations)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-08-11] (AVAST Software)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-08-11] (AVAST Software)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
Toolbar: HKLM - avast! WebRep - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
Hosts: 0.0.0.1    mssplus.mcafee.com
Tcpip\Parameters: [DhcpNameServer] 194.168.4.100 194.168.8.100
Tcpip\..\Interfaces\{ae0964be-f700-4e1c-b3d2-8ea7e9d92462}: [DhcpNameServer] 194.168.4.100 194.168.8.100

FireFox:
========
FF ProfilePath: C:\Users\Nazeer\AppData\Roaming\Mozilla\Firefox\Profiles\lcz9de7b.default
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_18_0_0_232.dll [2015-08-11] ()
FF Plugin: @mcafee.com/MSC,version=10 -> C:\Program Files\mcafee\msc\npMcSnFFPl64.dll [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [No File]
FF Plugin: adobe.com/AdobeAAMDetect_x86_64 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2014-10-15] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_232.dll [2015-08-11] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @exent.com/npExentControl,version=7.1.0.1 -> C:\Program Files (x86)\FreeRide Games\npExentControl.dll [2010-10-19] (Exent Technologies Ltd.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> C:\Program Files (x86)\McAfee\msc\npMcSnFFPl.dll [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Pro 8\npnitromozilla.dll [2012-11-19] (Nitro PDF)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-06-29] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2014-10-15] (Adobe Systems)
FF SearchPlugin: C:\Users\Nazeer\AppData\Roaming\Mozilla\Firefox\Profiles\lcz9de7b.default\searchplugins\google-default.xml [2014-10-27]
FF SearchPlugin: C:\Users\Nazeer\AppData\Roaming\Mozilla\Firefox\Profiles\lcz9de7b.default\searchplugins\online-tv.xml [2014-10-27]
FF SearchPlugin: C:\Users\Nazeer\AppData\Roaming\Mozilla\Firefox\Profiles\lcz9de7b.default\searchplugins\thepiratebayorg.xml [2014-10-27]
FF SearchPlugin: C:\Users\Nazeer\AppData\Roaming\Mozilla\Firefox\Profiles\lcz9de7b.default\searchplugins\youtube.xml [2014-10-27]
FF Extension: ColorfulTabs - C:\Users\Nazeer\AppData\Roaming\Mozilla\Firefox\Profiles\lcz9de7b.default\Extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe} [2015-07-21]
FF Extension: Add to Amazon Wish List Button - C:\Users\Nazeer\AppData\Roaming\Mozilla\Firefox\Profiles\lcz9de7b.default\Extensions\[email protected] [2014-11-30]
FF Extension: Session Manager - C:\Users\Nazeer\AppData\Roaming\Mozilla\Firefox\Profiles\lcz9de7b.default\Extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}.xpi [2014-11-24]
FF Extension: Adblock Plus - C:\Users\Nazeer\AppData\Roaming\Mozilla\Firefox\Profiles\lcz9de7b.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-11-24]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-08-18]
FF HKLM-x32\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\McAfee\MSK

Chrome:
=======
CHR Profile: C:\Users\Nazeer\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Docs) - C:\Users\Nazeer\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-09-29]
CHR Extension: (Google Drive) - C:\Users\Nazeer\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-09-29]
CHR Extension: (YouTube) - C:\Users\Nazeer\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-09-29]
CHR Extension: (Google Search) - C:\Users\Nazeer\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-09-29]
CHR Extension: (Chrome In-App Payments service) - C:\Users\Nazeer\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-29]
CHR Extension: (Gmail) - C:\Users\Nazeer\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-09-29]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswwebrepchrome-sp.crx [2014-08-08]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-03-21]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [146600 2015-08-11] (AVAST Software)
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [326144 2015-07-10] (Microsoft Corporation)
S3 CDPSvc; C:\Windows\System32\CDPSvc.dll [134144 2015-07-10] (Microsoft Corporation)
R2 CoreMessagingRegistrar; C:\Windows\system32\coremessaging.dll [808856 2015-08-17] (Microsoft Corporation)
R2 CoreMessagingRegistrar; C:\Windows\SysWOW64\coremessaging.dll [510976 2015-08-17] (Microsoft Corporation)
S3 diagnosticshub.standardcollector.service; C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe [27136 2015-07-10] (Microsoft Corporation)
S3 DmEnrollmentSvc; C:\Windows\system32\Windows.Internal.Management.dll [267776 2015-07-10] (Microsoft Corporation)
S3 DmEnrollmentSvc; C:\Windows\SysWOW64\Windows.Internal.Management.dll [193024 2015-07-10] (Microsoft Corporation)
S3 embeddedmode; C:\Windows\System32\embeddedmodesvc.dll [87040 2015-07-10] (Microsoft Corporation)
S3 EntAppSvc; C:\Windows\system32\EnterpriseAppMgmtSvc.dll [275456 2015-07-10] (Microsoft Corporation)
R2 ETDService; C:\Program Files\Elantech\ETDService.exe [135352 2015-08-16] (ELAN Microelectronics Corp.)
S3 icssvc; C:\Windows\System32\tetheringservice.dll [148992 2015-08-17] (Microsoft Corporation)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [128896 2012-07-17] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation)
S3 lfsvc; C:\Windows\SysWOW64\lfsvc.dll [22528 2015-07-10] (Microsoft Corporation)
R3 LicenseManager; C:\Windows\system32\LicenseManagerSvc.dll [21504 2015-07-10] (Microsoft Corporation)
S3 LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [272776 2014-10-16] ()
S2 MapsBroker; C:\Windows\System32\moshost.dll [62464 2015-07-10] (Microsoft Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.149\McCHSvc.exe [289256 2015-06-26] (McAfee, Inc.)
R2 NitroDriverReadSpool8; C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe [230408 2012-11-19] (Nitro PDF Software)
S2 OneSyncSvc; C:\Windows\System32\APHostService.dll [296960 2015-07-10] (Microsoft Corporation)
R2 OneSyncSvc_Session1; C:\WINDOWS\system32\svchost.exe [39856 2015-07-10] (Microsoft Corporation)
R2 OneSyncSvc_Session1; C:\WINDOWS\SysWOW64\svchost.exe [35176 2015-07-10] (Microsoft Corporation)
S3 PimIndexMaintenanceSvc; C:\Windows\System32\PimIndexMaintenance.dll [289280 2015-07-10] (Microsoft Corporation)
R3 PimIndexMaintenanceSvc_Session1; C:\WINDOWS\system32\svchost.exe [39856 2015-07-10] (Microsoft Corporation)
R3 PimIndexMaintenanceSvc_Session1; C:\WINDOWS\SysWOW64\svchost.exe [35176 2015-07-10] (Microsoft Corporation)
S3 RetailDemo; C:\Windows\system32\RDXService.dll [988672 2015-08-17] (Microsoft Corporation)
S3 SensorDataService; C:\Windows\System32\SensorDataService.exe [1031680 2015-08-17] (Microsoft Corporation)
R3 StateRepository; C:\Windows\system32\windows.staterepository.dll [2674176 2015-07-10] (Microsoft Corporation)
R3 StateRepository; C:\Windows\SysWOW64\windows.staterepository.dll [2049024 2015-07-10] (Microsoft Corporation)
S3 UnistoreSvc; C:\Windows\System32\unistore.dll [1203200 2015-08-17] (Microsoft Corporation)
S3 UnistoreSvc; C:\Windows\SysWOW64\unistore.dll [925696 2015-08-17] (Microsoft Corporation)
R3 UnistoreSvc_Session1; C:\WINDOWS\System32\svchost.exe [39856 2015-07-10] (Microsoft Corporation)
R3 UnistoreSvc_Session1; C:\WINDOWS\SysWOW64\svchost.exe [35176 2015-07-10] (Microsoft Corporation)
S3 UserDataSvc; C:\Windows\System32\userdataservice.dll [1420288 2015-08-17] (Microsoft Corporation)
R3 UserDataSvc_Session1; C:\WINDOWS\system32\svchost.exe [39856 2015-07-10] (Microsoft Corporation)
R3 UserDataSvc_Session1; C:\WINDOWS\SysWOW64\svchost.exe [35176 2015-07-10] (Microsoft Corporation)
S3 vmicvmsession; C:\Windows\System32\ICSvc.dll [506880 2015-07-10] (Microsoft Corporation)
S3 WalletService; C:\Windows\system32\WalletService.dll [504320 2015-07-10] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [362928 2015-07-10] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-07-10] (Microsoft Corporation)
S3 XblAuthManager; C:\Windows\System32\XblAuthManager.dll [918016 2015-07-10] (Microsoft Corporation)
S3 XblGameSave; C:\Windows\System32\XblGameSave.dll [1149440 2015-07-10] (Microsoft Corporation)
S3 XboxNetApiSvc; C:\Windows\system32\XboxNetApiSvc.dll [1019392 2015-07-10] (Microsoft Corporation)
R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2012-09-14] (Atheros) [File not signed]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [28656 2015-08-11] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [28144 2015-08-11] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [90968 2015-08-11] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-08-11] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65224 2015-08-11] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1048344 2015-08-14] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [447944 2015-08-11] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [150672 2015-08-11] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [274808 2015-08-11] (AVAST Software)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [237568 2015-07-10] (Microsoft Corporation)
R3 CompositeBus; C:\Windows\System32\DriverStore\FileRepository\compositebus.inf_amd64_98334ba6e76853ba\CompositeBus.sys [39936 2015-07-10] (Microsoft Corporation)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3436896 2015-07-10] (QLogic Corporation)
R1 FileCrypt; C:\Windows\System32\drivers\filecrypt.sys [83968 2015-07-10] (Microsoft Corporation)
S3 genericusbfn; C:\Windows\System32\drivers\genericusbfn.sys [20992 2015-07-10] (Microsoft Corporation)
R1 GpuEnergyDrv; C:\Windows\System32\drivers\gpuenergydrv.sys [8192 2015-07-10] (Microsoft Corporation)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [196440 2012-04-20] (McAfee, Inc.)
S3 ibbus; C:\Windows\System32\drivers\ibbus.sys [424800 2015-07-10] (Mellanox)
S3 IoQos; C:\Windows\System32\drivers\ioqos.sys [26624 2015-07-10] (Microsoft Corporation)
S0 LSI_SAS3i; C:\Windows\System32\drivers\lsi_sas3i.sys [99168 2015-07-10] (Avago Technologies)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-06-18] (Malwarebytes Corporation)
S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [106552 2013-02-19] (McAfee, Inc.)
S3 mlx4_bus; C:\Windows\System32\drivers\mlx4_bus.sys [705376 2015-07-10] (Mellanox)
S3 ndfltr; C:\Windows\System32\drivers\ndfltr.sys [76128 2015-07-10] (Mellanox)
R2 storqosflt; C:\Windows\System32\drivers\storqosflt.sys [61952 2015-07-10] (Microsoft Corporation)
R3 swenum; C:\Windows\System32\DriverStore\FileRepository\swenum.inf_amd64_2a699e44676b7781\swenum.sys [17760 2015-07-10] (Microsoft Corporation)
S3 UcmCx0101; C:\Windows\System32\Drivers\UcmCx.sys [61952 2015-07-10] (Microsoft Corporation)
S3 UcmUcsi; C:\Windows\System32\drivers\UcmUcsi.sys [46080 2015-08-17] (Microsoft Corporation)
S3 UdeCx; C:\Windows\System32\drivers\udecx.sys [44032 2015-07-10] ()
R3 vm331avs; C:\Windows\System32\Drivers\vm331avs.sys [802312 2015-06-12] (Vimicro Corporation)
R0 WindowsTrustedRT; C:\Windows\System32\drivers\WindowsTrustedRT.sys [106520 2015-07-10] (Microsoft Corporation)
R0 WindowsTrustedRTProxy; C:\Windows\System32\drivers\WindowsTrustedRTProxy.sys [17944 2015-07-10] (Microsoft Corporation)
S3 WinMad; C:\Windows\System32\drivers\winmad.sys [26976 2015-07-10] (Mellanox)
S3 WinVerbs; C:\Windows\System32\drivers\winverbs.sys [59232 2015-07-10] (Mellanox)
S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-14] ("CyberLink)
R2 X5XSEx_Pr148; C:\Program Files (x86)\FreeRide Games\X5XSEx_Pr148.Sys [56136 2012-08-03] (Exent Technologies Ltd.)
S3 xboxgip; C:\Windows\System32\drivers\xboxgip.sys [222720 2015-07-10] (Microsoft Corporation)
S3 xinputhid; C:\Windows\System32\drivers\xinputhid.sys [25600 2015-07-10] (Microsoft Corporation)
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

NETSVC: XblGameSave -> C:\Windows\System32\XblGameSave.dll (Microsoft Corporation)
NETSVC: XboxNetApiSvc -> C:\Windows\system32\XboxNetApiSvc.dll (Microsoft Corporation)
NETSVC: UserManager -> C:\Windows\System32\usermgr.dll (Microsoft Corporation)
NETSVC: XblAuthManager -> C:\Windows\System32\XblAuthManager.dll (Microsoft Corporation)
NETSVCx32: UserManager -> C:\Windows\SysWOW64\usermgr.dll ==> No File

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-08-18 20:58 - 2015-08-18 20:59 - 00029685 _____ C:\Users\Nazeer\Desktop\FRST.txt
2015-08-18 20:51 - 2015-08-18 20:51 - 00000000 ___HD C:\OneDriveTemp
2015-08-18 20:48 - 2015-08-18 20:48 - 00016148 _____ C:\WINDOWS\system32\BLUE_Nazeer_HistoryPrediction.bin
2015-08-18 20:11 - 2015-08-18 20:11 - 00001307 _____ C:\Users\Nazeer\Downloads\fixlist(1).txt
2015-08-18 20:10 - 2015-08-18 20:10 - 00000000 ____D C:\Users\Nazeer\Desktop\FRST-OlderVersion
2015-08-17 20:23 - 2015-08-17 20:23 - 00000000 ____D C:\Users\Nazeer\AppData\Local\NetworkTiles
2015-08-17 05:47 - 2015-08-16 23:07 - 00000000 ___DC C:\WINDOWS\Panther
2015-08-17 05:43 - 2015-08-17 05:44 - 00000000 ____D C:\Windows.old
2015-08-17 05:42 - 2015-08-17 05:42 - 24592384 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-08-17 05:42 - 2015-08-17 05:42 - 22322624 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2015-08-17 05:42 - 2015-08-17 05:42 - 21874176 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2015-08-17 05:42 - 2015-08-17 05:42 - 20857848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2015-08-17 05:42 - 2015-08-17 05:42 - 19323392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-08-17 05:42 - 2015-08-17 05:42 - 18805248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2015-08-17 05:42 - 2015-08-17 05:42 - 16709120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2015-08-17 05:42 - 2015-08-17 05:42 - 14241792 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2015-08-17 05:42 - 2015-08-17 05:42 - 13025792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2015-08-17 05:42 - 2015-08-17 05:42 - 12589056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2015-08-17 05:42 - 2015-08-17 05:42 - 12503552 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-08-17 05:42 - 2015-08-17 05:42 - 11557888 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2015-08-17 05:42 - 2015-08-17 05:42 - 11262464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-08-17 05:42 - 2015-08-17 05:42 - 09889792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2015-08-17 05:42 - 2015-08-17 05:42 - 08613200 _____ (Microsoft Corp.) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2015-08-17 05:42 - 2015-08-17 05:42 - 08020320 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-08-17 05:42 - 2015-08-17 05:42 - 07569408 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2015-08-17 05:42 - 2015-08-17 05:42 - 07523328 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2015-08-17 05:42 - 2015-08-17 05:42 - 07051264 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2015-08-17 05:42 - 2015-08-17 05:42 - 06878256 _____ (Microsoft Corp.) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2015-08-17 05:42 - 2015-08-17 05:42 - 06488312 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2015-08-17 05:42 - 2015-08-17 05:42 - 06305792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Search.dll
2015-08-17 05:42 - 2015-08-17 05:42 - 06101504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2015-08-17 05:42 - 2015-08-17 05:42 - 05454848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2015-08-17 05:42 - 2015-08-17 05:42 - 05118024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2015-08-17 05:42 - 2015-08-17 05:42 - 05076480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2015-08-17 05:42 - 2015-08-17 05:42 - 04791296 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-08-17 05:42 - 2015-08-17 05:42 - 04760576 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
2015-08-17 05:42 - 2015-08-17 05:42 - 04611584 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2015-08-17 05:42 - 2015-08-17 05:42 - 04532304 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2015-08-17 05:42 - 2015-08-17 05:42 - 04398080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Search.dll
2015-08-17 05:42 - 2015-08-17 05:42 - 04350464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll
2015-08-17 05:42 - 2015-08-17 05:42 - 04169728 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbon.dll
2015-08-17 05:42 - 2015-08-17 05:42 - 04047288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2015-08-17 05:42 - 2015-08-17 05:42 - 03780096 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2015-08-17 05:42 - 2015-08-17 05:42 - 03687936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2015-08-17 05:42 - 2015-08-17 05:42 - 03620736 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-08-17 05:42 - 2015-08-17 05:42 - 03588096 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2015-08-17 05:42 - 2015-08-17 05:42 - 03579904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-08-17 05:42 - 2015-08-17 05:42 - 03443200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIRibbon.dll
2015-08-17 05:42 - 2015-08-17 05:42 - 03362816 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2015-08-17 05:42 - 2015-08-17 05:42 - 03248640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2015-08-17 05:42 - 2015-08-17 05:42 - 03248128 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll
2015-08-17 05:42 - 2015-08-17 05:42 - 02878000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-08-17 05:42 - 2015-08-17 05:42 - 02741760 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-08-17 05:42 - 2015-08-17 05:42 - 02662400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2015-08-17 05:42 - 2015-08-17 05:42 - 02646528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2015-08-17 05:42 - 2015-08-17 05:42 - 02606080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll
2015-08-17 05:42 - 2015-08-17 05:42 - 02558976 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2015-08-17 05:42 - 2015-08-17 05:42 - 02498808 _____ C:\WINDOWS\system32\CoreUIComponents.dll
2015-08-17 05:42 - 2015-08-17 05:42 - 02462648 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2015-08-17 05:42 - 2015-08-17 05:42 - 02446336 _____ C:\WINDOWS\system32\InputService.dll
2015-08-17 05:42 - 2015-08-17 05:42 - 02416640 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2015-08-17 05:42 - 2015-08-17 05:42 - 02415104 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2015-08-17 05:42 - 2015-08-17 05:42 - 02235904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2015-08-17 05:42 - 2015-08-17 05:42 - 02224128 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2015-08-17 05:42 - 2015-08-17 05:42 - 02207744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-08-17 05:42 - 2015-08-17 05:42 - 02178560 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2015-08-17 05:42 - 2015-08-17 05:42 - 02151208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2015-08-17 05:42 - 2015-08-17 05:42 - 02147080 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d9.dll
2015-08-17 05:42 - 2015-08-17 05:42 - 02125312 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
2015-08-17 05:42 - 2015-08-17 05:42 - 02116448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2015-08-17 05:42 - 2015-08-17 05:42 - 02112512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2015-08-17 05:42 - 2015-08-17 05:42 - 01985024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
2015-08-17 05:42 - 2015-08-17 05:42 - 01983840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2015-08-17 05:42 - 2015-08-17 05:42 - 01964544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
2015-08-17 05:42 - 2015-08-17 05:42 - 01916416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2015-08-17 05:42 - 2015-08-17 05:42 - 01890304 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2015-08-17 05:42 - 2015-08-17 05:42 - 01867160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d9.dll
2015-08-17 05:42 - 2015-08-17 05:42 - 01823232 _____ C:\WINDOWS\SysWOW64\InputService.dll
2015-08-17 05:42 - 2015-08-17 05:42 - 01822280 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2015-08-17 05:42 - 2015-08-17 05:42 - 01820160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2015-08-17 05:42 - 2015-08-17 05:42 - 01795072 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2015-08-17 05:42 - 2015-08-17 05:42 - 01773056 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
2015-08-17 05:42 - 2015-08-17 05:42 - 01769056 _____ C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2015-08-17 05:42 - 2015-08-17 05:42 - 01714176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll
2015-08-17 05:42 - 2015-08-17 05:42 - 01679360 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2015-08-17 05:42 - 2015-08-17 05:42 - 01643872 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2015-08-17 05:42 - 2015-08-17 05:42 - 01611264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll
2015-08-17 05:42 - 2015-08-17 05:42 - 01602560 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-08-17 05:42 - 2015-08-17 05:42 - 01601536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Speech.dll
2015-08-17 05:42 - 2015-08-17 05:42 - 01593856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2015-08-17 05:42 - 2015-08-17 05:42 - 01591856 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2015-08-17 05:42 - 2015-08-17 05:42 - 01562968 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpmde.dll
2015-08-17 05:42 - 2015-08-17 05:42 - 01561872 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
2015-08-17 05:42 - 2015-08-17 05:42 - 01533496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2015-08-17 05:42 - 2015-08-17 05:42 - 01521664 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncProvider.dll
2015-08-17 05:42 - 2015-08-17 05:42 - 01420288 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataService.dll
2015-08-17 05:42 - 2015-08-17 05:42 - 01418240 _____ (Microsoft Corporation) C:\WINDOWS\system32\RecoveryDrive.exe
2015-08-17 05:42 - 2015-08-17 05:42 - 01417216 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2015-08-17 05:42 - 2015-08-17 05:42 - 01411072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Editing.dll
2015-08-17 05:42 - 2015-08-17 05:42 - 01396064 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2015-08-17 05:42 - 2015-08-17 05:42 - 01383424 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2015-08-17 05:42 - 2015-08-17 05:42 - 01380864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-08-17 05:42 - 2015-08-17 05:42 - 01365072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2015-08-17 05:42 - 2015-08-17 05:42 - 01356368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmde.dll
2015-08-17 05:42 - 2015-08-17 05:42 - 01334784 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll
2015-08-17 05:42 - 2015-08-17 05:42 - 01294352 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2015-08-17 05:42 - 2015-08-17 05:42 - 01290752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll
2015-08-17 05:42 - 2015-08-17 05:42 - 01274880 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll
2015-08-17 05:42 - 2015-08-17 05:42 - 01212416 _____ (Microsoft Corporation) C:\WINDOWS\system32\RemoteNaturalLanguage.dll
2015-08-17 05:42 - 2015-08-17 05:42 - 01203200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Bluetooth.dll
2015-08-17 05:42 - 2015-08-17 05:42 - 01203200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Unistore.dll
2015-08-17 05:42 - 2015-08-17 05:42 - 01201664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Cred.dll
2015-08-17 05:42 - 2015-08-17 05:42 - 01200400 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2015-08-17 05:42 - 2015-08-17 05:42 - 01177600 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2015-08-17 05:42 - 2015-08-17 05:42 - 01169408 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2015-08-17 05:42 - 2015-08-17 05:42 - 01168736 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2015-08-17 05:42 - 2015-08-17 05:42 - 01162240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Speech.dll
2015-08-17 05:42 - 2015-08-17 05:42 - 01135312 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipUp.exe
2015-08-17 05:42 - 2015-08-17 05:42 - 01123400 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2015-08-17 05:42 - 2015-08-17 05:42 - 01112064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll
2015-08-17 05:42 - 2015-08-17 05:42 - 01105920 _____ (Microsoft Corporation) C:\WINDOWS\system32\sysmain.dll
2015-08-17 05:42 - 2015-08-17 05:42 - 01101792 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
2015-08-17 05:42 - 2015-08-17 05:42 - 01085776 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2015-08-17 05:42 - 2015-08-17 05:42 - 01067520 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2015-08-17 05:42 - 2015-08-17 05:42 - 01061888 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2015-08-17 05:42 - 2015-08-17 05:42 - 01043968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Editing.dll
2015-08-17 05:42 - 2015-08-17 05:42 - 01043872 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2015-08-17 05:42 - 2015-08-17 05:42 - 01031680 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorDataService.exe
2015-08-17 05:42 - 2015-08-17 05:42 - 01025840 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsrcsnk.dll
2015-08-17 05:42 - 2015-08-17 05:42 - 01018568 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2015-08-17 05:42 - 2015-08-17 05:42 - 01008640 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
2015-08-17 05:42 - 2015-08-17 05:42 - 00991584 _____ (Microsoft Corporation) C:\WINDOWS\system32\ReAgent.dll
2015-08-17 05:42 - 2015-08-17 05:42 - 00988672 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2015-08-17 05:42 - 2015-08-17 05:42 - 00980832 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2015-08-17 05:42 - 2015-08-17 05:42 - 00966424 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll
2015-08-17 05:42 - 2015-08-17 05:42 - 00962400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2015-08-17 05:42 - 2015-08-17 05:42 - 00934752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\refsv1.sys
2015-08-17 05:42 - 2015-08-17 05:42 - 00925696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Unistore.dll
2015-08-17 05:42 - 2015-08-17 05:42 - 00916800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2015-08-17 05:42 - 2015-08-17 05:42 - 00911360 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedStartModel.dll
2015-08-17 05:42 - 2015-08-17 05:42 - 00902656 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe
2015-08-17 05:42 - 2015-08-17 05:42 - 00898560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RemoteNaturalLanguage.dll
2015-08-17 05:42 - 2015-08-17 05:42 - 00896144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsrcsnk.dll
2015-08-17 05:42 - 2015-08-17 05:42 - 00877016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2015-08-17 05:42 - 2015-08-17 05:42 - 00872448 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntshrui.dll
2015-08-17 05:42 - 2015-08-17 05:42 - 00869376 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlCore.dll
2015-08-17 05:42 - 2015-08-17 05:42 - 00859136 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2015-08-17 05:42 - 2015-08-17 05:42 - 00858408 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2015-08-17 05:42 - 2015-08-17 05:42 - 00856064 _____ (Microsoft Corporation) C:\WINDOWS\system32\ContactApis.dll
2015-08-17 05:42 - 2015-08-17 05:42 - 00855552 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
2015-08-17 05:42 - 2015-08-17 05:42 - 00850432 _____ (Microsoft Corporation) C:\WINDOWS\system32\comdlg32.dll
2015-08-17 05:42 - 2015-08-17 05:42 - 00846336 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll
2015-08-17 05:42 - 2015-08-17 05:42 - 00845664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ReAgent.dll
2015-08-17 05:42 - 2015-08-17 05:42 - 00841728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Import.dll
2015-08-17 05:42 - 2015-08-17 05:42 - 00832512 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2015-08-17 05:42 - 2015-08-17 05:42 - 00828416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Bluetooth.dll
2015-08-17 05:42 - 2015-08-17 05:42 - 00823336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MrmCoreR.dll
2015-08-17 05:42 - 2015-08-17 05:42 - 00816576 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2015-08-17 05:42 - 2015-08-17 05:42 - 00814080 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctfuimanager.dll
2015-08-17 05:42 - 2015-08-17 05:42 - 00808856 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2015-08-17 05:42 - 2015-08-17 05:42 - 00801632 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2015-08-17 05:42 - 2015-08-17 05:42 - 00799232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpccpl.dll
2015-08-17 05:42 - 2015-08-17 05:42 - 00798208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntshrui.dll
2015-08-17 05:42 - 2015-08-17 05:42 - 00783872 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2015-08-17 05:42 - 2015-08-17 05:42 - 00783112 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2015-08-17 05:42 - 2015-08-17 05:42 - 00777728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
2015-08-17 05:42 - 2015-08-17 05:42 - 00762896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.appcore.dll
2015-08-17 05:42 - 2015-08-17 05:42 - 00754688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Cred.dll
2015-08-17 05:42 - 2015-08-17 05:42 - 00752640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctfuimanager.dll
2015-08-17 05:42 - 2015-08-17 05:42 - 00752640 _____ (Microsoft Corporation) C:\WINDOWS\system32\efscore.dll
2015-08-17 05:42 - 2015-08-17 05:42 - 00750592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comdlg32.dll
2015-08-17 05:42 - 2015-08-17 05:42 - 00713312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2015-08-17 05:42 - 2015-08-17 05:42 - 00712192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe
2015-08-17 05:42 - 2015-08-17 05:42 - 00705520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2015-08-17 05:42 - 2015-08-17 05:42 - 00700256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2015-08-17 05:42 - 2015-08-17 05:42 - 00695136 _____ (Microsoft Corporation) C:\WINDOWS\system32\wimgapi.dll
2015-08-17 05:42 - 2015-08-17 05:42 - 00685568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdiWiFi.sys
2015-08-17 05:42 - 2015-08-17 05:42 - 00680448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.Connectivity.dll
2015-08-17 05:42 - 2015-08-17 05:42 - 00679424 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppContracts.dll
2015-08-17 05:42 - 2015-08-17 05:42 - 00677888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2015-08-17 05:42 - 2015-08-17 05:42 - 00670208 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2015-08-17 05:42 - 2015-08-17 05:42 - 00667136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
2015-08-17 05:42 - 2015-08-17 05:42 - 00658568 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll
2015-08-17 05:42 - 2015-08-17 05:42 - 00654848 _____ (Microsoft Corporation) C:\WINDOWS\system32\PlayToManager.dll
2015-08-17 05:42 - 2015-08-17 05:42 - 00644128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2015-08-17 05:42 - 2015-08-17 05:42 - 00642048 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdbui.dll
2015-08-17 05:42 - 2015-08-17 05:42 - 00632168 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll
2015-08-17 05:42 - 2015-08-17 05:42 - 00630160 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2015-08-17 05:42 - 2015-08-17 05:42 - 00623616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ContactApis.dll
2015-08-17 05:42 - 2015-08-17 05:42 - 00608936 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2015-08-17 05:42 - 2015-08-17 05:42 - 00607008 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2015-08-17 05:42 - 2015-08-17 05:42 - 00601344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2015-08-17 05:42 - 2015-08-17 05:42 - 00599552 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnapps.dll
2015-08-17 05:42 - 2015-08-17 05:42 - 00595456 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2015-08-17 05:42 - 2015-08-17 05:42 - 00594472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Shell.Broker.dll
2015-08-17 05:42 - 2015-08-17 05:42 - 00593920 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2015-08-17 05:42 - 2015-08-17 05:42 - 00590336 _____ (Microsoft Corporation) C:\WINDOWS\system32\MessagingDataModel2.dll
2015-08-17 05:42 - 2015-08-17 05:42 - 00589824 _____ (Microsoft Corporation) C:\WINDOWS\system32\uxtheme.dll
2015-08-17 05:42 - 2015-08-17 05:42 - 00589312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\efscore.dll
2015-08-17 05:42 - 2015-08-17 05:42 - 00585728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll
2015-08-17 05:42 - 2015-08-17 05:42 - 00584704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIRibbonRes.dll
2015-08-17 05:42 - 2015-08-17 05:42 - 00584704 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Sensors.dll
2015-08-17 05:42 - 2015-08-17 05:42 - 00584704 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbonRes.dll
2015-08-17 05:42 - 2015-08-17 05:42 - 00584544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wimgapi.dll
2015-08-17 05:42 - 2015-08-17 05:42 - 00583128 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf.dll
2015-08-17 05:42 - 2015-08-17 05:42 - 00578048 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2015-08-17 05:42 - 2015-08-17 05:42 - 00575488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Import.dll
2015-08-17 05:42 - 2015-08-17 05:42 - 00573440 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Cortana.Desktop.dll
2015-08-17 05:42 - 2015-08-17 05:42 - 00569344 _____ (Microsoft Corporation) C:\WINDOWS\system32\MCRecvSrc.dll
2015-08-17 05:42 - 2015-08-17 05:42 - 00565088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\acpi.sys
2015-08-17 05:42 - 2015-08-17 05:42 - 00562688 _____ (Microsoft Corporation) C:\WINDOWS\system32\MbaeApi.dll
2015-08-17 05:42 - 2015-08-17 05:42 - 00553472 _____ (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe
2015-08-17 05:42 - 2015-08-17 05:42 - 00542720 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchFolder.dll
2015-08-17 05:42 - 2015-08-17 05:42 - 00539728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2015-08-17 05:42 - 2015-08-17 05:42 - 00527952 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2015-08-17 05:42 - 2015-08-17 05:42 - 00521568 _____ (Microsoft Corporation) C:\WINDOWS\system32\wimserv.exe
2015-08-17 05:42 - 2015-08-17 05:42 - 00521216 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2015-08-17 05:42 - 2015-08-17 05:42 - 00518144 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationController.dll
2015-08-17 05:42 - 2015-08-17 05:42 - 00516960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2015-08-17 05:42 - 2015-08-17 05:42 - 00510976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2015-08-17 05:42 - 2015-08-17 05:42 - 00507696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxgi.dll
2015-08-17 05:42 - 2015-08-17 05:42 - 00505696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2015-08-17 05:42 - 2015-08-17 05:42 - 00505344 _____ C:\WINDOWS\system32\EditionUpgradeManagerObj.dll
2015-08-17 05:42 - 2015-08-17 05:42 - 00503808 _____ (Microsoft Corporation) C:\WINDOWS\system32\tileobjserver.dll
2015-08-17 05:42 - 2015-08-17 05:42 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.Connectivity.dll
2015-08-17 05:42 - 2015-08-17 05:42 - 00501008 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2015-08-17 05:42 - 2015-08-17 05:42 - 00498016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbhub.sys
2015-08-17 05:42 - 2015-08-17 05:42 - 00497152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PlayToManager.dll
2015-08-17 05:42 - 2015-08-17 05:42 - 00494592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LogonController.dll
2015-08-17 05:42 - 2015-08-17 05:42 - 00494592 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2015-08-17 05:42 - 2015-08-17 05:42 - 00487424 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmkvsrcsnk.dll
2015-08-17 05:42 - 2015-08-17 05:42 - 00485888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.BlockedShutdown.dll
2015-08-17 05:42 - 2015-08-17 05:42 - 00480256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MCRecvSrc.dll
2015-08-17 05:42 - 2015-08-17 05:42 - 00473088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wpnapps.dll
2015-08-17 05:42 - 2015-08-17 05:42 - 00465920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MessagingDataModel2.dll
2015-08-17 05:42 - 2015-08-17 05:42 - 00458752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\uxtheme.dll
2015-08-17 05:42 - 2015-08-17 05:42 - 00452608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchFolder.dll
2015-08-17 05:42 - 2015-08-17 05:42 - 00448512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MbaeApi.dll
2015-08-17 05:42 - 2015-08-17 05:42 - 00446976 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll
2015-08-17 05:42 - 2015-08-17 05:42 - 00445240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2015-08-17 05:42 - 2015-08-17 05:42 - 00441344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppContracts.dll
2015-08-17 05:42 - 2015-08-17 05:42 - 00437248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Sensors.dll
2015-08-17 05:42 - 2015-08-17 05:42 - 00430592 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppcomapi.dll
2015-08-17 05:42 - 2015-08-17 05:42 - 00425824 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
2015-08-17 05:42 - 2015-08-17 05:42 - 00421888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Bluetooth.dll
2015-08-17 05:42 - 2015-08-17 05:42 - 00420352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GamePanel.exe
2015-08-17 05:42 - 2015-08-17 05:42 - 00416256 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcdedit.exe
2015-08-17 05:42 - 2015-08-17 05:42 - 00414720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.BioFeedback.dll
2015-08-17 05:42 - 2015-08-17 05:42 - 00412672 _____ C:\WINDOWS\system32\diagtrack_win.dll
2015-08-17 05:42 - 2015-08-17 05:42 - 00407616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2015-08-17 05:42 - 2015-08-17 05:42 - 00407040 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredProvDataModel.dll
2015-08-17 05:42 - 2015-08-17 05:42 - 00403968 _____ C:\WINDOWS\system32\diagtrack_wininternal.dll
2015-08-17 05:42 - 2015-08-17 05:42 - 00393568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2015-08-17 05:42 - 2015-08-17 05:42 - 00384000 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppBroker.dll
2015-08-17 05:42 - 2015-08-17 05:42 - 00373248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmkvsrcsnk.dll
2015-08-17 05:42 - 2015-08-17 05:42 - 00366592 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2015-08-17 05:42 - 2015-08-17 05:42 - 00365056 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2015-08-17 05:42 - 2015-08-17 05:42 - 00359936 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncsi.dll
2015-08-17 05:42 - 2015-08-17 05:42 - 00356352 _____ (Microsoft Corporation) C:\WINDOWS\system32\stobject.dll
2015-08-17 05:42 - 2015-08-17 05:42 - 00343040 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2015-08-17 05:42 - 2015-08-17 05:42 - 00342528 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe
2015-08-17 05:42 - 2015-08-17 05:42 - 00335360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredProvDataModel.dll
2015-08-17 05:42 - 2015-08-17 05:42 - 00335248 _____ (Microsoft Corporation) C:\WINDOWS\system32\wintrust.dll
2015-08-17 05:42 - 2015-08-17 05:42 - 00333168 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFPlay.dll
2015-08-17 05:42 - 2015-08-17 05:42 - 00329728 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2015-08-17 05:42 - 2015-08-17 05:42 - 00328704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapConfiguration.dll
2015-08-17 05:42 - 2015-08-17 05:42 - 00325984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2015-08-17 05:42 - 2015-08-17 05:42 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2015-08-17 05:42 - 2015-08-17 05:42 - 00322048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.BlockedShutdown.dll
2015-08-17 05:42 - 2015-08-17 05:42 - 00322048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\stobject.dll
2015-08-17 05:42 - 2015-08-17 05:42 - 00317440 _____ (Microsoft Corporation) C:\WINDOWS\system32\configmanager2.dll
2015-08-17 05:42 - 2015-08-17 05:42 - 00316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\ConhostV2.dll
2015-08-17 05:42 - 2015-08-17 05:42 - 00311808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppBroker.dll
2015-08-17 05:42 - 2015-08-17 05:42 - 00310784 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsApi.dll
2015-08-17 05:42 - 2015-08-17 05:42 - 00310784 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActionCenter.dll
2015-08-17 05:42 - 2015-08-17 05:42 - 00306688 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationObjFactory.dll
2015-08-17 05:42 - 2015-08-17 05:42 - 00303616 _____ (Microsoft Corporation) C:\WINDOWS\system32\MBMediaManager.dll
2015-08-17 05:42 - 2015-08-17 05:42 - 00303104 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2015-08-17 05:42 - 2015-08-17 05:42 - 00296960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Bluetooth.dll
2015-08-17 05:42 - 2015-08-17 05:42 - 00294912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2015-08-17 05:42 - 2015-08-17 05:42 - 00293376 _____ C:\WINDOWS\system32\TextInputFramework.dll
2015-08-17 05:42 - 2015-08-17 05:42 - 00291840 _____ (Microsoft Corporation) C:\WINDOWS\system32\systemcpl.dll
2015-08-17 05:42 - 2015-08-17 05:42 - 00290768 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppHost.exe
2015-08-17 05:42 - 2015-08-17 05:42 - 00290312 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininit.exe
2015-08-17 05:42 - 2015-08-17 05:42 - 00287744 _____ (Microsoft Corporation) C:\WINDOWS\system32\provhandlers.dll
2015-08-17 05:42 - 2015-08-17 05:42 - 00285632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFPlay.dll
2015-08-17 05:42 - 2015-08-17 05:42 - 00283648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.BioFeedback.dll
2015-08-17 05:42 - 2015-08-17 05:42 - 00282112 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEEventDispatcher.dll
2015-08-17 05:42 - 2015-08-17 05:42 - 00280064 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2015-08-17 05:42 - 2015-08-17 05:42 - 00279552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\systemcpl.dll
2015-08-17 05:42 - 2015-08-17 05:42 - 00275456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcastdvr.exe
2015-08-17 05:42 - 2015-08-17 05:42 - 00273920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.LockScreen.dll
2015-08-17 05:42 - 2015-08-17 05:42 - 00271872 _____ (Microsoft Corporation) C:\WINDOWS\system32\ConsoleLogon.dll
2015-08-17 05:42 - 2015-08-17 05:42 - 00268800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NotificationObjFactory.dll
2015-08-17 05:42 - 2015-08-17 05:42 - 00268800 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
2015-08-17 05:42 - 2015-08-17 05:42 - 00265480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wintrust.dll
2015-08-17 05:42 - 2015-08-17 05:42 - 00263168 _____ (Microsoft Corporation) C:\WINDOWS\system32\DisplayManager.dll
2015-08-17 05:42 - 2015-08-17 05:42 - 00261632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActionCenter.dll
2015-08-17 05:42 - 2015-08-17 05:42 - 00253952 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_UserAccount.dll
2015-08-17 05:42 - 2015-08-17 05:42 - 00252768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ContentDeliveryManager.Utilities.dll
2015-08-17 05:42 - 2015-08-17 05:42 - 00251392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsApi.dll
2015-08-17 05:42 - 2015-08-17 05:42 - 00247808 _____ C:\WINDOWS\system32\facecredentialprovider.dll
2015-08-17 05:42 - 2015-08-17 05:42 - 00247808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2015-08-17 05:42 - 2015-08-17 05:42 - 00243248 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2015-08-17 05:42 - 2015-08-17 05:42 - 00242264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppHost.exe
2015-08-17 05:42 - 2015-08-17 05:42 - 00242176 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2015-08-17 05:42 - 2015-08-17 05:42 - 00237392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdyboost.sys
2015-08-17 05:42 - 2015-08-17 05:42 - 00235008 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Notifications.dll
2015-08-17 05:42 - 2015-08-17 05:42 - 00232960 _____ (Microsoft Corporation) C:\WINDOWS\system32\DevicesFlowBroker.dll
2015-08-17 05:42 - 2015-08-17 05:42 - 00229376 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorService.dll
2015-08-17 05:42 - 2015-08-17 05:42 - 00217088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEEventDispatcher.dll
2015-08-17 05:42 - 2015-08-17 05:42 - 00215040 _____ (Microsoft Corporation) C:\WINDOWS\system32\notepad.exe
2015-08-17 05:42 - 2015-08-17 05:42 - 00215040 _____ (Microsoft Corporation) C:\WINDOWS\notepad.exe
2015-08-17 05:42 - 2015-08-17 05:42 - 00208736 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2015-08-17 05:42 - 2015-08-17 05:42 - 00208384 _____ (Microsoft Corporation) C:\WINDOWS\system32\srumsvc.dll
2015-08-17 05:42 - 2015-08-17 05:42 - 00207872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\notepad.exe
2015-08-17 05:42 - 2015-08-17 05:42 - 00204288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmcsp.dll
2015-08-17 05:42 - 2015-08-17 05:42 - 00204288 _____ (Microsoft Corporation) C:\WINDOWS\system32\OmaDmAgent.dll
2015-08-17 05:42 - 2015-08-17 05:42 - 00200704 _____ C:\WINDOWS\SysWOW64\TextInputFramework.dll
2015-08-17 05:42 - 2015-08-17 05:42 - 00200528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wof.sys
2015-08-17 05:42 - 2015-08-17 05:42 - 00195584 _____ (Microsoft Corporation) C:\WINDOWS\system32\fwpolicyiomgr.dll
2015-08-17 05:42 - 2015-08-17 05:42 - 00195072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.LockScreen.dll
2015-08-17 05:42 - 2015-08-17 05:42 - 00193536 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedStartModelShim.dll
2015-08-17 05:42 - 2015-08-17 05:42 - 00193024 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseModernAppMgmtCSP.dll
2015-08-17 05:42 - 2015-08-17 05:42 - 00191488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DisplayManager.dll
2015-08-17 05:42 - 2015-08-17 05:42 - 00190464 _____ (Microsoft Corporation) C:\WINDOWS\system32\ReInfo.dll
2015-08-17 05:42 - 2015-08-17 05:42 - 00187904 _____ (Microsoft Corporation) C:\WINDOWS\system32\provisioningcsp.dll
2015-08-17 05:42 - 2015-08-17 05:42 - 00186880 _____ (Microsoft Corporation) C:\WINDOWS\system32\BootMenuUX.dll
2015-08-17 05:42 - 2015-08-17 05:42 - 00185856 _____ (Microsoft Corporation) C:\WINDOWS\system32\psmsrv.dll
2015-08-17 05:42 - 2015-08-17 05:42 - 00185344 _____ (Microsoft Corporation) C:\WINDOWS\system32\cloudAP.dll
2015-08-17 05:42 - 2015-08-17 05:42 - 00181760 _____ (Microsoft Corporation) C:\WINDOWS\system32\shutdownux.dll
2015-08-17 05:42 - 2015-08-17 05:42 - 00181088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
2015-08-17 05:42 - 2015-08-17 05:42 - 00179712 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_SignInOptions.dll
2015-08-17 05:42 - 2015-08-17 05:42 - 00179712 _____ (Microsoft Corporation) C:\WINDOWS\system32\coredpus.dll
2015-08-17 05:42 - 2015-08-17 05:42 - 00179200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\srumsvc.dll
2015-08-17 05:42 - 2015-08-17 05:42 - 00176640 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcdboot.exe
2015-08-17 05:42 - 2015-08-17 05:42 - 00171520 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinBioDataModel.dll
2015-08-17 05:42 - 2015-08-17 05:42 - 00169984 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2015-08-17 05:42 - 2015-08-17 05:42 - 00168960 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2015-08-17 05:42 - 2015-08-17 05:42 - 00167424 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Privacy.dll
2015-08-17 05:42 - 2015-08-17 05:42 - 00163328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fwpolicyiomgr.dll
2015-08-17 05:42 - 2015-08-17 05:42 - 00162304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ReInfo.dll
2015-08-17 05:42 - 2015-08-17 05:42 - 00162304 _____ (Microsoft Corporation) C:\WINDOWS\system32\SubscriptionMgr.dll
2015-08-17 05:42 - 2015-08-17 05:42 - 00155136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tunnel.sys
2015-08-17 05:42 - 2015-08-17 05:42 - 00151040 _____ (Microsoft Corporation) C:\WINDOWS\system32\TabSvc.dll
2015-08-17 05:42 - 2015-08-17 05:42 - 00150528 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2015-08-17 05:42 - 2015-08-17 05:42 - 00148992 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringservice.dll
2015-08-17 05:42 - 2015-08-17 05:42 - 00137216 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEStoreEventHandlers.dll
2015-08-17 05:42 - 2015-08-17 05:42 - 00123392 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2015-08-17 05:42 - 2015-08-17 05:42 - 00122880 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEDataLayerHelpers.dll
2015-08-17 05:42 - 2015-08-17 05:42 - 00120832 _____ (Microsoft Corporation) C:\WINDOWS\system32\omadmclient.exe
2015-08-17 05:42 - 2015-08-17 05:42 - 00120832 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkStatus.dll
2015-08-17 05:42 - 2015-08-17 05:42 - 00116736 _____ (Microsoft Corporation) C:\WINDOWS\system32\sendmail.dll
2015-08-17 05:42 - 2015-08-17 05:42 - 00107520 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmapi.dll
2015-08-17 05:42 - 2015-08-17 05:42 - 00104960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sendmail.dll
2015-08-17 05:42 - 2015-08-17 05:42 - 00102752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mountmgr.sys
2015-08-17 05:42 - 2015-08-17 05:42 - 00097128 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcd.dll
2015-08-17 05:42 - 2015-08-17 05:42 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmapi.dll
2015-08-17 05:42 - 2015-08-17 05:42 - 00091648 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsNativeApi.V2.dll
2015-08-17 05:42 - 2015-08-17 05:42 - 00084480 _____ (Microsoft Corporation) C:\WINDOWS\system32\spbcd.dll
2015-08-17 05:42 - 2015-08-17 05:42 - 00082616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcd.dll
2015-08-17 05:42 - 2015-08-17 05:42 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEDataLayerHelpers.dll
2015-08-17 05:42 - 2015-08-17 05:42 - 00080384 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxSysprep.dll
2015-08-17 05:42 - 2015-08-17 05:42 - 00078848 _____ (Microsoft Corporation) C:\WINDOWS\system32\VPNv2CSP.dll
2015-08-17 05:42 - 2015-08-17 05:42 - 00078336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsNativeApi.V2.dll
2015-08-17 05:42 - 2015-08-17 05:42 - 00075264 _____ (Microsoft Corporation) C:\WINDOWS\system32\ACPBackgroundManagerPolicy.dll
2015-08-17 05:42 - 2015-08-17 05:42 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\setbcdlocale.dll
2015-08-17 05:42 - 2015-08-17 05:42 - 00069120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\spbcd.dll
2015-08-17 05:42 - 2015-08-17 05:42 - 00068096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Cortana.ProxyStub.dll
2015-08-17 05:42 - 2015-08-17 05:42 - 00067072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbser.sys
2015-08-17 05:42 - 2015-08-17 05:42 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\system32\msiexec.exe
2015-08-17 05:42 - 2015-08-17 05:42 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthhfenum.sys
2015-08-17 05:42 - 2015-08-17 05:42 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\unenrollhook.dll
2015-08-17 05:42 - 2015-08-17 05:42 - 00061280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dam.sys
2015-08-17 05:42 - 2015-08-17 05:42 - 00060928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Cortana.OneCore.dll
2015-08-17 05:42 - 2015-08-17 05:42 - 00058368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msiexec.exe
2015-08-17 05:42 - 2015-08-17 05:42 - 00057856 _____ (Microsoft Corporation) C:\WINDOWS\system32\hmkd.dll
2015-08-17 05:42 - 2015-08-17 05:42 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Cortana.PAL.Desktop.dll
2015-08-17 05:42 - 2015-08-17 05:42 - 00055296 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2015-08-17 05:42 - 2015-08-17 05:42 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\system32\omadmprc.exe
2015-08-17 05:42 - 2015-08-17 05:42 - 00052264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wpcfltr.sys
2015-08-17 05:42 - 2015-08-17 05:42 - 00046432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msgpiowin32.sys
2015-08-17 05:42 - 2015-08-17 05:42 - 00046080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\UcmUcsi.sys
2015-08-17 05:42 - 2015-08-17 05:42 - 00045568 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2015-08-17 05:42 - 2015-08-17 05:42 - 00045056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hmkd.dll
2015-08-17 05:42 - 2015-08-17 05:42 - 00041984 _____ (Microsoft Corporation) C:\WINDOWS\system32\VoiceActivationManager.dll
2015-08-17 05:42 - 2015-08-17 05:42 - 00037376 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2015-08-17 05:42 - 2015-08-17 05:42 - 00034816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VoiceActivationManager.dll
2015-08-17 05:42 - 2015-08-17 05:42 - 00032768 _____ C:\WINDOWS\system32\LicenseManagerApi.dll
2015-08-17 05:42 - 2015-08-17 05:42 - 00032768 _____ (Microsoft Corporation) C:\WINDOWS\system32\calc.exe
2015-08-17 05:42 - 2015-08-17 05:42 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\calc.exe
2015-08-17 05:42 - 2015-08-17 05:42 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationControllerPS.dll
2015-08-17 05:42 - 2015-08-17 05:42 - 00024576 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManagerShellext.exe
2015-08-17 05:37 - 2015-08-17 05:37 - 00008192 _____ C:\WINDOWS\system32\config\userdiff
2015-08-17 05:33 - 2015-08-17 05:33 - 00000000 ____D C:\Program Files\Reference Assemblies
2015-08-17 05:33 - 2015-08-17 05:33 - 00000000 ____D C:\Program Files\MSBuild
2015-08-17 05:33 - 2015-08-17 05:33 - 00000000 ____D C:\Program Files (x86)\Reference Assemblies
2015-08-17 05:33 - 2015-08-16 21:13 - 00000000 ____D C:\Program Files (x86)\MSBuild
2015-08-17 05:32 - 2015-06-18 03:10 - 01166520 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationNative_v0300.dll
2015-08-17 05:32 - 2015-06-18 03:10 - 00124112 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2015-08-17 05:32 - 2015-06-18 03:10 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe
2015-08-17 05:32 - 2015-05-30 06:07 - 00778936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationNative_v0300.dll
2015-08-17 05:32 - 2015-05-30 06:07 - 00102608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-08-17 05:32 - 2015-05-30 06:07 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe
2015-08-17 00:27 - 2015-08-17 00:27 - 00002379 _____ C:\Users\Nazeer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2015-08-17 00:25 - 2015-08-17 00:25 - 00001054 _____ C:\Users\Nazeer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Optional Features.lnk
2015-08-17 00:18 - 2015-08-17 00:19 - 00000000 ____D C:\Users\Nazeer\AppData\Local\MicrosoftEdge
2015-08-17 00:15 - 2015-08-17 00:15 - 00000000 ____D C:\ProgramData\Microsoft OneDrive
2015-08-17 00:14 - 2015-08-17 00:14 - 00000000 ____D C:\Users\Nazeer\AppData\Local\Publishers
2015-08-17 00:11 - 2015-08-17 00:13 - 00000000 ____D C:\Users\Nazeer\AppData\Local\Comms
2015-08-17 00:09 - 2015-08-17 00:09 - 00000020 ___SH C:\Users\Nazeer\ntuser.ini
2015-08-17 00:09 - 2015-08-17 00:09 - 00000000 ____D C:\Users\Nazeer\AppData\Local\TileDataLayer
2015-08-17 00:07 - 2015-08-17 00:07 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2015-08-16 23:09 - 2015-08-16 23:09 - 00047288 _____ (ELAN Microelectronics Corp.) C:\WINDOWS\system32\ETDCoInstaller01000.dll
2015-08-16 21:44 - 2015-08-16 21:44 - 00000000 __SHD C:\Recovery
2015-08-16 21:25 - 2015-08-18 20:54 - 00875126 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-08-16 21:17 - 2015-07-10 11:59 - 02718208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2015-08-16 21:11 - 2015-08-16 21:11 - 00001576 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2015-08-16 21:11 - 2015-08-16 21:11 - 00000000 ____D C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lenovo
2015-08-16 21:11 - 2015-08-16 21:11 - 00000000 ____D C:\Users\Default\AppData\Roaming\Macromedia
2015-08-16 21:11 - 2015-08-16 21:11 - 00000000 ____D C:\Users\Default\AppData\Local\Microsoft Help
2015-08-16 21:11 - 2015-08-16 21:11 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lenovo
2015-08-16 21:11 - 2015-08-16 21:11 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Macromedia
2015-08-16 21:11 - 2015-08-16 21:11 - 00000000 ____D C:\Users\Default User\AppData\Local\Microsoft Help
2015-08-16 21:03 - 2015-08-16 21:03 - 00000000 ____D C:\WINDOWS\system32\config\bbimigrate
2015-08-16 20:57 - 2015-08-18 20:46 - 00000000 ____D C:\Users\Nazeer
2015-08-16 20:57 - 2015-08-17 05:43 - 00000000 ___RD C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-08-16 20:57 - 2015-08-17 00:09 - 00000000 ___RD C:\Users\Nazeer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-08-16 20:57 - 2015-08-16 21:23 - 00000000 ____D C:\Users\Guest
2015-08-16 20:57 - 2015-08-16 21:03 - 00000000 ___RD C:\Users\Nazeer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-08-16 20:57 - 2015-08-16 20:58 - 00000000 ___RD C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-08-16 20:57 - 2015-08-16 20:58 - 00000000 ___RD C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-08-16 20:57 - 2015-07-10 12:04 - 00000000 __RSD C:\Users\Nazeer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell
2015-08-16 20:57 - 2015-07-10 12:04 - 00000000 __RSD C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell
2015-08-16 20:57 - 2015-07-10 12:04 - 00000000 ___RD C:\Users\Nazeer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-08-16 20:57 - 2015-07-10 12:04 - 00000000 ____D C:\Users\Nazeer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-08-16 20:57 - 2015-07-10 12:04 - 00000000 ____D C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-08-16 20:54 - 2015-08-16 20:54 - 00000000 ____D C:\Program Files\Common Files\Atheros
2015-08-16 20:54 - 2015-08-16 20:54 - 00000000 ____D C:\Program Files (x86)\USB Camera
2015-08-16 20:53 - 2015-08-18 20:47 - 00000000 _____ C:\WINDOWS\system32\Drivers\lvuvc.hs
2015-08-16 20:53 - 2015-08-16 23:10 - 00000000 ____D C:\Program Files\Elantech
2015-08-16 20:53 - 2015-08-16 21:04 - 00000000 ____D C:\Program Files\Common Files\logishrd
2015-08-16 20:53 - 2015-08-16 20:53 - 00003357 _____ C:\WINDOWS\system32\lvcoinst.log
2015-08-16 20:53 - 2015-08-16 20:53 - 00000000 ____H C:\ProgramData\DP45977C.lfl
2015-08-16 20:53 - 2015-08-16 20:53 - 00000000 ____D C:\WINDOWS\SysWOW64\RTCOM
2015-08-16 20:53 - 2015-08-16 20:53 - 00000000 ____D C:\Program Files\Realtek
2015-08-16 20:50 - 2015-08-16 20:51 - 00032603 _____ C:\WINDOWS\system32\NetSetupMig.log
2015-08-16 20:49 - 2015-08-17 20:52 - 00011642 _____ C:\WINDOWS\PFRO.log
2015-08-16 17:08 - 2015-08-16 17:08 - 00000000 ____D C:\Program Files (x86)\ESET
2015-08-14 23:04 - 2015-08-14 23:04 - 00002238 _____ C:\AdwCleaner[C1].txt
2015-08-14 23:02 - 2015-08-14 23:04 - 00000000 ____D C:\AdwCleaner
2015-08-14 23:02 - 2015-08-14 23:03 - 00001950 _____ C:\AdwCleaner[S1].txt
2015-08-14 23:00 - 2015-08-14 23:01 - 01563648 _____ C:\Users\Nazeer\Desktop\AdwCleaner.exe
2015-08-14 22:58 - 2015-08-14 22:58 - 00002199 _____ C:\Users\Nazeer\Desktop\JRT.txt
2015-08-14 22:49 - 2015-08-14 22:49 - 01798040 _____ (Malwarebytes Corporation) C:\Users\Nazeer\Desktop\JRT.exe
2015-08-14 21:38 - 2015-08-14 23:07 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-08-14 20:16 - 2015-08-14 20:16 - 00002051 _____ C:\Users\Nazeer\Downloads\fixlist.txt
2015-08-14 15:53 - 2015-08-14 20:15 - 00000000 ____D C:\Users\Nazeer\Documents\Farbar
2015-08-14 15:31 - 2015-08-18 20:59 - 00000000 ____D C:\FRST
2015-08-14 15:30 - 2015-08-18 20:10 - 02173440 _____ (Farbar) C:\Users\Nazeer\Desktop\FRST64.exe
2015-08-11 22:27 - 2015-08-11 22:27 - 00378880 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2015-08-11 22:27 - 2015-08-11 22:27 - 00043112 _____ (AVAST Software) C:\WINDOWS\avastSS.scr
2015-07-21 06:33 - 2015-08-16 21:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
2015-07-21 06:33 - 2015-07-21 06:33 - 00000000 ____D C:\Program Files\McAfee Security Scan

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-08-18 20:59 - 2015-07-10 13:20 - 00015990 _____ C:\WINDOWS\setupact.log
2015-08-18 20:51 - 2015-01-24 19:29 - 00000000 ___RD C:\Users\Nazeer\OneDrive
2015-08-18 20:50 - 2015-07-10 12:04 - 00000000 ____D C:\WINDOWS\system32\sru
2015-08-18 20:49 - 2015-07-10 13:22 - 00000275 _____ C:\WINDOWS\WindowsUpdate.log
2015-08-18 20:47 - 2015-07-10 13:21 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-08-18 20:47 - 2015-07-10 10:05 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2015-08-18 20:18 - 2013-09-10 22:14 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-08-18 20:13 - 2015-07-10 12:04 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-08-18 20:10 - 2015-01-25 11:58 - 00004142 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{B47E447B-32D3-4BB8-A2D7-24F785BC8416}
2015-08-18 03:32 - 2014-06-16 02:00 - 00000000 ____D C:\Users\Nazeer\AppData\Local\Adobe
2015-08-17 20:53 - 2015-07-10 13:20 - 05007736 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-08-17 20:47 - 2015-07-10 11:55 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-08-17 20:00 - 2015-07-10 12:04 - 00000000 ____D C:\WINDOWS\system32\restore
2015-08-17 19:28 - 2015-07-10 12:04 - 00000000 ____D C:\WINDOWS\appcompat
2015-08-17 05:47 - 2015-07-10 12:04 - 00028672 _____ C:\WINDOWS\system32\config\BCD-Template
2015-08-17 05:43 - 2015-07-10 12:04 - 00000000 ___RD C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-08-17 05:43 - 2015-07-10 12:04 - 00000000 ___RD C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-08-17 05:43 - 2015-07-10 12:04 - 00000000 ____D C:\WINDOWS\SysWOW64\oobe
2015-08-17 05:43 - 2015-07-10 12:04 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2015-08-17 05:43 - 2015-07-10 12:04 - 00000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2015-08-17 05:43 - 2015-07-10 12:04 - 00000000 ____D C:\WINDOWS\system32\appraiser
2015-08-17 05:43 - 2015-07-10 12:04 - 00000000 ____D C:\WINDOWS\Provisioning
2015-08-17 05:43 - 2015-07-10 10:05 - 00000000 ____D C:\WINDOWS\SysWOW64\Dism
2015-08-17 05:43 - 2015-07-10 10:05 - 00000000 ____D C:\WINDOWS\system32\Dism
2015-08-17 00:36 - 2013-06-26 17:37 - 00000000 ____D C:\Users\Nazeer\AppData\Local\Packages
2015-08-17 00:27 - 2015-07-10 12:04 - 00000000 ____D C:\WINDOWS\system32\WinBioDatabase
2015-08-17 00:25 - 2015-07-10 14:12 - 00000000 ____D C:\WINDOWS\OCR
2015-08-17 00:11 - 2015-07-10 12:04 - 00000000 ___RD C:\WINDOWS\PurchaseDialog
2015-08-17 00:11 - 2015-07-10 12:04 - 00000000 ___RD C:\WINDOWS\PrintDialog
2015-08-17 00:11 - 2015-07-10 12:04 - 00000000 ___RD C:\WINDOWS\MiracastView
2015-08-17 00:11 - 2015-07-10 12:04 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2015-08-16 23:09 - 2013-01-09 10:23 - 00428216 _____ (ELAN Microelectronics Corp.) C:\WINDOWS\system32\Drivers\ETD.sys
2015-08-16 21:45 - 2015-07-10 12:04 - 00000000 ____D C:\WINDOWS\rescache
2015-08-16 21:43 - 2015-01-24 16:33 - 00049533 _____ C:\WINDOWS\diagwrn.xml
2015-08-16 21:43 - 2015-01-24 16:33 - 00049533 _____ C:\WINDOWS\diagerr.xml
2015-08-16 21:37 - 2015-07-10 12:04 - 00000000 ____D C:\WINDOWS\Registration
2015-08-16 21:36 - 2015-01-24 13:22 - 00013160 _____ C:\WINDOWS\comsetup.log
2015-08-16 21:35 - 2015-01-24 17:05 - 00022840 _____ C:\WINDOWS\system32\emptyregdb.dat
2015-08-16 21:35 - 2014-12-24 01:24 - 00003996 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2015-08-16 21:35 - 2013-09-10 22:14 - 00003828 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2015-08-16 21:35 - 2013-08-18 00:37 - 00004292 _____ C:\WINDOWS\System32\Tasks\avast! Emergency Update
2015-08-16 21:35 - 2013-07-14 00:01 - 00003606 _____ C:\WINDOWS\System32\Tasks\[email protected]
2015-08-16 21:35 - 2013-06-30 10:49 - 00003654 _____ C:\WINDOWS\System32\Tasks\CreateChoiceProcessTask
2015-08-16 21:35 - 2013-06-26 17:47 - 00003704 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-262198327-598105851-806630370-1001
2015-08-16 21:35 - 2013-02-21 15:24 - 00003252 _____ C:\WINDOWS\System32\Tasks\MirageAgent
2015-08-16 21:35 - 2013-02-21 15:21 - 00003622 _____ C:\WINDOWS\System32\Tasks\OFFICE2010ACT
2015-08-16 21:31 - 2015-07-10 12:04 - 00000000 __RSD C:\WINDOWS\Media
2015-08-16 21:31 - 2015-07-10 12:04 - 00000000 __RHD C:\Users\Public\Libraries
2015-08-16 21:14 - 2015-07-10 14:14 - 00000000 ____D C:\WINDOWS\ShellNew
2015-08-16 21:14 - 2014-12-29 20:44 - 00000000 ____D C:\WINDOWS\SysWOW64\vbox
2015-08-16 21:14 - 2014-12-29 20:44 - 00000000 ____D C:\WINDOWS\system32\vbox
2015-08-16 21:14 - 2013-02-21 15:08 - 00000000 ____D C:\WINDOWS\SysWOW64\Atheros_L1e
2015-08-16 21:13 - 2015-07-10 10:05 - 00065536 ___SH C:\WINDOWS\system32\config\ELAM
2015-08-16 21:13 - 2015-05-01 21:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
2015-08-16 21:13 - 2015-05-01 21:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-08-16 21:13 - 2015-03-21 13:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2015-08-16 21:13 - 2015-02-06 13:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PokerStars.UK
2015-08-16 21:13 - 2015-01-29 00:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVGO Free Software
2015-08-16 21:13 - 2014-11-21 19:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2015-08-16 21:13 - 2014-10-16 22:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-08-16 21:13 - 2014-02-16 19:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-08-16 21:13 - 2013-07-18 11:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
2015-08-16 21:13 - 2013-07-13 05:23 - 00000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2015-08-16 21:13 - 2013-06-30 23:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mini Motor Racing EVO
2015-08-16 21:13 - 2013-06-27 00:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SharePoint
2015-08-16 21:13 - 2013-06-27 00:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2015-08-16 21:13 - 2013-02-21 15:33 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneKey Recovery
2015-08-16 21:13 - 2013-02-21 15:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel AppUp(SM) center
2015-08-16 21:13 - 2013-02-21 15:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo
2015-08-16 21:13 - 2013-02-21 15:11 - 00000000 ____D C:\Program Files (x86)\Bluetooth Suite
2015-08-16 21:13 - 2013-02-21 15:06 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
2015-08-16 21:11 - 2015-07-10 12:05 - 00004362 _____ C:\WINDOWS\DtcInstall.log
2015-08-16 21:11 - 2013-08-22 14:36 - 00000000 ____D C:\Users\Default.migrated
2015-08-16 21:06 - 2015-07-10 12:04 - 00000000 ____D C:\WINDOWS\SysWOW64\zh-HK
2015-08-16 21:06 - 2015-07-10 12:04 - 00000000 ____D C:\WINDOWS\SysWOW64\uk-UA
2015-08-16 21:06 - 2015-07-10 12:04 - 00000000 ____D C:\WINDOWS\SysWOW64\tr-TR
2015-08-16 21:06 - 2015-07-10 12:04 - 00000000 ____D C:\WINDOWS\SysWOW64\th-TH
2015-08-16 21:06 - 2015-07-10 12:04 - 00000000 ____D C:\WINDOWS\SysWOW64\sr-Latn-RS
2015-08-16 21:06 - 2015-07-10 12:04 - 00000000 ____D C:\WINDOWS\SysWOW64\sl-SI
2015-08-16 21:06 - 2015-07-10 12:04 - 00000000 ____D C:\WINDOWS\SysWOW64\sk-SK
2015-08-16 21:06 - 2015-07-10 12:04 - 00000000 ____D C:\WINDOWS\SysWOW64\ro-RO
2015-08-16 21:06 - 2015-07-10 12:04 - 00000000 ____D C:\WINDOWS\SysWOW64\migwiz
2015-08-16 21:06 - 2015-07-10 12:04 - 00000000 ____D C:\WINDOWS\SysWOW64\lv-LV
2015-08-16 21:06 - 2015-07-10 12:04 - 00000000 ____D C:\WINDOWS\SysWOW64\lt-LT
2015-08-16 21:06 - 2015-07-10 12:04 - 00000000 ____D C:\WINDOWS\SysWOW64\IME
2015-08-16 21:06 - 2015-07-10 12:04 - 00000000 ____D C:\WINDOWS\SysWOW64\hr-HR
2015-08-16 21:06 - 2015-07-10 12:04 - 00000000 ____D C:\WINDOWS\SysWOW64\he-IL
2015-08-16 21:06 - 2015-07-10 12:04 - 00000000 ____D C:\WINDOWS\SysWOW64\et-EE
2015-08-16 21:06 - 2015-07-10 12:04 - 00000000 ____D C:\WINDOWS\SysWOW64\en-GB
2015-08-16 21:06 - 2015-07-10 12:04 - 00000000 ____D C:\WINDOWS\SysWOW64\bg-BG
2015-08-16 21:06 - 2015-07-10 12:04 - 00000000 ____D C:\WINDOWS\SysWOW64\ar-SA
2015-08-16 21:06 - 2015-07-10 12:04 - 00000000 ____D C:\WINDOWS\system32\zh-HK
2015-08-16 21:06 - 2015-07-10 12:04 - 00000000 ____D C:\WINDOWS\system32\uk-UA
2015-08-16 21:06 - 2015-07-10 12:04 - 00000000 ____D C:\WINDOWS\system32\tr-TR
2015-08-16 21:06 - 2015-07-10 12:04 - 00000000 ____D C:\WINDOWS\system32\th-TH
2015-08-16 21:06 - 2015-07-10 12:04 - 00000000 ____D C:\WINDOWS\system32\sr-Latn-RS
2015-08-16 21:06 - 2015-07-10 12:04 - 00000000 ____D C:\WINDOWS\system32\spool
2015-08-16 21:06 - 2015-07-10 12:04 - 00000000 ____D C:\WINDOWS\system32\sl-SI
2015-08-16 21:06 - 2015-07-10 12:04 - 00000000 ____D C:\WINDOWS\system32\sk-SK
2015-08-16 21:06 - 2015-07-10 12:04 - 00000000 ____D C:\WINDOWS\system32\ro-RO
2015-08-16 21:06 - 2015-07-10 12:04 - 00000000 ____D C:\WINDOWS\system32\oobe
2015-08-16 21:06 - 2015-07-10 12:04 - 00000000 ____D C:\WINDOWS\system32\NDF
2015-08-16 21:06 - 2015-07-10 12:04 - 00000000 ____D C:\WINDOWS\system32\lv-LV
2015-08-16 21:06 - 2015-07-10 12:04 - 00000000 ____D C:\WINDOWS\system32\lt-LT
2015-08-16 21:06 - 2015-07-10 12:04 - 00000000 ____D C:\WINDOWS\system32\InputMethod
2015-08-16 21:06 - 2015-07-10 12:04 - 00000000 ____D C:\WINDOWS\system32\IME
2015-08-16 21:06 - 2015-07-10 12:04 - 00000000 ____D C:\WINDOWS\system32\hr-HR
2015-08-16 21:06 - 2015-07-10 12:04 - 00000000 ____D C:\WINDOWS\system32\he-IL
2015-08-16 21:06 - 2015-07-10 12:04 - 00000000 ____D C:\WINDOWS\system32\et-EE
2015-08-16 21:06 - 2015-07-10 12:04 - 00000000 ____D C:\WINDOWS\system32\en-GB
2015-08-16 21:06 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\system32\WindowsInternal.Inbox.Shared
2015-08-16 21:06 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\system32\WindowsInternal.Inbox.Media.Shared
2015-08-16 21:05 - 2015-07-10 12:04 - 00000000 ____D C:\WINDOWS\system32\bg-BG
2015-08-16 21:05 - 2015-07-10 12:04 - 00000000 ____D C:\WINDOWS\system32\ar-SA
2015-08-16 21:04 - 2015-07-10 12:04 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2015-08-16 21:04 - 2015-07-10 12:04 - 00000000 ____D C:\WINDOWS\InputMethod
2015-08-16 21:04 - 2015-07-10 12:04 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2015-08-16 21:04 - 2014-11-18 23:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung
2015-08-16 21:04 - 2014-01-05 16:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iMobie
2015-08-16 21:04 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\MediaViewer
2015-08-16 21:04 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\ADFS
2015-08-16 21:04 - 2012-10-10 00:10 - 00000000 ____D C:\ProgramData\PRICache
2015-08-16 21:03 - 2015-07-10 12:04 - 00000000 ____D C:\WINDOWS\system32\Recovery
2015-08-16 21:03 - 2013-06-26 17:35 - 00000000 ____D C:\Users\Nazeer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lenovo
2015-08-16 21:03 - 2012-07-26 09:12 - 00000000 ___HD C:\WINDOWS\system32\GroupPolicy
2015-08-16 20:58 - 2014-06-10 20:16 - 00000000 ____D C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lenovo
2015-08-16 20:58 - 2014-06-10 20:16 - 00000000 ____D C:\Users\Guest\AppData\Local\Packages
2015-08-16 20:56 - 2015-07-10 10:05 - 00000000 ____D C:\WINDOWS\system32\Sysprep
2015-08-16 20:54 - 2015-07-10 12:04 - 00000000 ____D C:\WINDOWS\System
2015-08-16 20:49 - 2015-07-10 10:05 - 00000000 __RHD C:\Users\Default
2015-08-16 20:21 - 2015-01-24 17:07 - 02059977 _____ C:\WINDOWS\WindowsUpdate (1).log
2015-08-16 20:14 - 2015-07-10 14:39 - 00000000 ___HD C:\$Windows.~BT
2015-08-16 16:52 - 2014-10-16 22:48 - 00113880 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-08-16 15:27 - 2014-10-16 22:47 - 00001121 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-08-16 15:27 - 2014-10-16 22:46 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-08-14 23:07 - 2014-02-16 19:06 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-08-14 23:07 - 2014-02-16 19:06 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2015-08-14 23:07 - 2013-06-30 11:13 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-08-14 23:05 - 2013-08-22 16:36 - 00000000 ___RD C:\WINDOWS\ToastData
2015-08-14 23:04 - 2013-02-21 15:29 - 00000000 ____D C:\Program Files (x86)\Amazon
2015-08-14 21:44 - 2013-08-14 23:13 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-08-14 21:37 - 2013-06-27 00:00 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-08-14 20:11 - 2012-07-26 06:26 - 00000191 _____ C:\WINDOWS\win.ini
2015-08-14 19:42 - 2014-07-18 13:34 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-08-14 19:34 - 2013-08-18 00:37 - 01048344 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsnx.sys
2015-08-11 22:27 - 2014-05-28 15:21 - 00028656 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys
2015-08-11 22:27 - 2014-01-05 23:08 - 00150672 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
2015-08-11 22:27 - 2014-01-05 23:06 - 00274808 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
2015-08-11 22:27 - 2014-01-05 23:06 - 00065224 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2015-08-11 22:27 - 2013-08-18 00:38 - 00447944 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2015-08-11 22:27 - 2013-08-18 00:37 - 00093528 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2015-08-11 22:27 - 2013-08-18 00:37 - 00090968 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2015-08-11 22:27 - 2013-08-18 00:37 - 00028144 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswKbd.sys
2015-08-11 22:18 - 2015-07-16 05:18 - 09284296 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerInstaller.exe
2015-08-08 16:38 - 2015-07-10 12:06 - 00794088 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-08-08 16:38 - 2015-07-10 12:06 - 00179688 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-07-29 18:46 - 2014-02-05 00:28 - 00000000 ____D C:\Users\Nazeer\Documents\Cars
2015-07-28 10:59 - 2013-06-27 03:48 - 132483416 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-07-28 04:28 - 2013-06-26 21:53 - 00000000 ____D C:\Users\Nazeer\AppData\Roaming\uTorrent
2015-07-21 06:33 - 2014-07-18 13:35 - 00001959 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2015-07-21 06:33 - 2014-07-18 13:35 - 00000000 ____D C:\ProgramData\McAfee Security Scan

==================== Files in the root of some directories =======

2014-01-05 17:47 - 2014-01-05 17:47 - 0000112 _____ () C:\Users\Nazeer\AppData\Roaming\WB.CFG
2014-01-05 17:47 - 2014-01-05 17:47 - 0000005 _____ () C:\Users\Nazeer\AppData\Roaming\WBPU-TTL.DAT
2015-08-16 20:53 - 2015-08-16 20:53 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-08-16 20:49

==================== End of log ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version:17-08-2015
Ran by Nazeer (2015-08-18 21:00:39)
Running from C:\Users\Nazeer\Desktop
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-262198327-598105851-806630370-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-262198327-598105851-806630370-503 - Limited - Disabled)
Guest (S-1-5-21-262198327-598105851-806630370-501 - Limited - Disabled) => C:\Users\Guest
HomeGroupUser$ (S-1-5-21-262198327-598105851-806630370-1005 - Limited - Enabled)
Nazeer (S-1-5-21-262198327-598105851-806630370-1001 - Administrator - Enabled) => C:\Users\Nazeer

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-262198327-598105851-806630370-1001\...\uTorrent) (Version: 3.4.3.40760 - BitTorrent Inc.)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 15.0.0.249 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 2.8.1.451 - Adobe Systems Incorporated)
Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.232 - Adobe Systems Incorporated)
Adobe Photoshop CC (HKLM-x32\...\{2D99B50E-431D-4AA8-85C1-172A6F8BCF09}) (Version: 14.0 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.12) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.12 - Adobe Systems Incorporated)
Alcor Micro USB Card Reader (HKLM-x32\...\AmUStor) (Version: 3.8.42.71502 - Alcor Micro Corp.)
Alcor Micro USB Card Reader (x32 Version: 3.8.42.71502 - Alcor Micro Corp.) Hidden
Apple Application Support (32-bit) (HKLM-x32\...\{AFA1153A-F547-409B-B837-3A0D6C5A3FEC}) (Version: 3.1.3 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{D7B824DE-DA32-4772-9E5E-39C5158136A7}) (Version: 3.1.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{C4123106-B685-48E6-B9BD-E4F911841EB4}) (Version: 8.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.4 - Atheros Communications Inc.)
Avast Internet Security (HKLM-x32\...\avast) (Version: 10.3.2225 - AVAST Software)
AVGO Free Video Converter 1.03.1 (HKLM-x32\...\AVGO Free Video Converter_is1) (Version:  - AVGO, Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CameraHelperMsi (x32 Version: 13.51.815.0 - Logitech) Hidden
Dolby Advanced Audio v2 (HKLM-x32\...\{B9E70C7A-9F85-4A39-A4A3-BFA3C3BF7613}) (Version: 7.2.8000.13 - Dolby Laboratories Inc)
ELAN Touchpad 11.15.0.14_X64 (HKLM\...\Elantech) (Version: 11.15.0.14 - ELAN Microelectronic Corp.)
Energy Management (HKLM-x32\...\InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}) (Version: 8.0.2.3 - Lenovo)
Energy Management (x32 Version: 8.0.2.3 - Lenovo) Hidden
erLT (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
FreeRide Games (HKLM-x32\...\{6C26A305-4549-4A8A-9F03-25719C03B0FB}) (Version: 07.05.80.00 - Exent Technologies)
iCloud (HKLM\...\{709A2D23-C25E-47B5-9268-CB6FEE648504}) (Version: 4.1.1.53 - Apple Inc.)
Intel AppUp(SM) center (HKLM-x32\...\Intel AppUp(SM) center 33057) (Version: 3.6.1.33057.10 - Intel)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.4229 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.5.0.1207 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
iTunes (HKLM\...\{93F2A022-6C37-48B8-B241-FFABD9F60C30}) (Version: 12.1.2.27 - Apple Inc.)
Lenovo EasyCamera (HKLM-x32\...\{ADE16A9D-FBDC-4ecc-B6BD-9C31E51D0332}) (Version: 3.15.0414.1 - Vimicro)
Lenovo EasyCamera (HKLM-x32\...\{ADE16A9D-FBDC-4ecc-B6BD-9C31E51D0333}) (Version: 1.12.824.1 - Vimicro)
Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.0.0.0710 - CyberLink Corp.)
Lenovo OneKey Recovery (Version: 8.0.0.0710 - CyberLink Corp.) Hidden
Lenovo PowerDVD10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.4310.52 - CyberLink Corp.)
Lenovo PowerDVD10 (x32 Version: 10.0.4310.52 - CyberLink Corp.) Hidden
Lenovo Solution Center (HKLM\...\{4C2B6F96-3AED-4E3F-8DCE-917863D1E6B1}) (Version: 2.7.003.00 - Lenovo Group Limited)
Lenovo YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 4.1.3423 - CyberLink Corp.)
Lenovo YouCam (x32 Version: 4.1.3423 - CyberLink Corp.) Hidden
Logitech Webcam Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.80 - Logitech Inc.)
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.11.149.2 - McAfee, Inc.)
Microsoft Office (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.6120.5004 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 40.0.2 (x86 en-GB) (HKLM-x32\...\Mozilla Firefox 40.0.2 (x86 en-GB)) (Version: 40.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 40.0.2.5702 - Mozilla)
Mozilla Thunderbird 31.7.0 (x86 en-GB) (HKLM-x32\...\Mozilla Thunderbird 31.7.0 (x86 en-GB)) (Version: 31.7.0 - Mozilla)
Nitro Pro 8 (HKLM\...\{FEB91DE4-3B51-4CB2-9CC4-E14577A85976}) (Version: 8.0.7.3 - Nitro)
PDF Settings CC (x32 Version: 12.0 - Adobe Systems Incorporated) Hidden
PodTrans 3.6.6 (HKLM-x32\...\{16EF54EF-8F6F-40DA-9A82-B0DF8F38957F}}_is1) (Version: 3.6.6 - iMobie Inc.)
PokerStars (HKLM-x32\...\PokerStars) (Version:  - PokerStars)
PokerStars.uk (HKLM-x32\...\PokerStars.uk) (Version:  - PokerStars.uk)
Power2Go (HKLM-x32\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 5.6.0.9109 - CyberLink Corp.)
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.209 - Qualcomm Atheros Communications)
Qualcomm Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm Atheros)
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7535 - Realtek Semiconductor Corp.)
Samsung AllShare (HKLM-x32\...\InstallShield_{DF47ACA3-7C78-4C08-8007-AC682563C9F1}) (Version: 2.1.0.12031_10 - Samsung Electronics Co., Ltd.)
Samsung AllShare (x32 Version: 2.1.0.12031_10 - Samsung Electronics Co., Ltd.) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
STK02N 2.3 (HKLM-x32\...\{E42E07F5-5A90-4BA9-B55A-79FCF9EAF9B5}) (Version: 2.3 - Syntek)
SugarSync Manager (HKLM-x32\...\SugarSync) (Version: 1.9.61.90905 - SugarSync, Inc.)
UserGuide (HKLM-x32\...\InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 1.0.0.9 - Lenovo)
UserGuide (x32 Version: 1.0.0.9 - Lenovo) Hidden
Windows Driver Package - Lenovo (ACPIVPC) System  (06/15/2012 8.1.0.1) (HKLM\...\71BC3FD63F450BA0A957AAECBDB4A000C4F2BE42) (Version: 06/15/2012 8.1.0.1 - Lenovo)
Windows Driver Package - Lenovo (WUDFRd) LenovoVhid  (06/19/2012 10.13.29.733) (HKLM\...\8A223E56FB1ED4F697B54E5BF96F1EB63B512684) (Version: 06/19/2012 10.13.29.733 - Lenovo)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-262198327-598105851-806630370-1001_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\InprocServer32 -> C:\Windows\system32\shell32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-262198327-598105851-806630370-1001_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\Nazeer\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-262198327-598105851-806630370-1001_Classes\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282}\InprocServer32 -> C:\Users\Nazeer\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-262198327-598105851-806630370-1001_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\Nazeer\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-262198327-598105851-806630370-1001_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\Nazeer\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-262198327-598105851-806630370-1001_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Nazeer\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-262198327-598105851-806630370-1001_Classes\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30}\InprocServer32 -> C:\Users\Nazeer\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-262198327-598105851-806630370-1001_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Nazeer\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-262198327-598105851-806630370-1001_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Nazeer\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-262198327-598105851-806630370-1001_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Nazeer\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-262198327-598105851-806630370-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Nazeer\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64\FileSyncApi64.dll (Microsoft Corporation)

==================== Restore Points =========================

17-08-2015 20:00:20 Windows Update
17-08-2015 20:01:42 Windows Update

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 14:25 - 2015-07-21 06:33 - 00000854 ____A C:\WINDOWS\system32\Drivers\etc\hosts
0.0.0.1    mssplus.mcafee.com

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {00EEBA9C-F9EF-4272-B793-C830FBADD359} - System32\Tasks\Microsoft\Windows\ApplicationData\DsSvcCleanup => C:\Windows\system32\dstokenclean.exe [2015-07-10] (Microsoft Corporation)
Task: {01627C7A-9867-4AE9-8EC6-00701B42E061} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {0CCA7916-2916-4F12-BD32-1E3BE31E1269} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Device-Join => C:\Windows\System32\dsregcmd.exe [2015-07-10] (Microsoft Corporation)
Task: {19865544-CE08-40BE-8B8C-87C47681433D} - System32\Tasks\Microsoft\Windows\WindowsUpdate\sihboot => C:\Windows\System32\sihclient.exe [2015-07-10] (Microsoft Corporation)
Task: {257AF243-EA68-484B-8F86-1EBBE65AA7BF} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-08-11] (Adobe Systems Incorporated)
Task: {2D2F404E-7062-4440-A3D3-D3BFA1FB6902} - System32\Tasks\Apple Diagnostics => C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe [2015-04-26] (Apple Inc.)
Task: {2D830F84-05DE-4866-A55B-A3D8A75305D0} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {3CD86AFA-8427-4C59-A165-421655EBA21E} - System32\Tasks\OFFICE2010ACT => C:\ProgramData\Microsoft\Windows\OFFICEICON.vbs [2012-03-08] ()
Task: {3F0DFC9E-48F2-4E4C-B263-DF31E437491A} - System32\Tasks\Lenovo\LSC\LSCTaskService => C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCTaskService.exe [2014-10-16] ()
Task: {3F6E048D-6404-433B-8F5F-CFF4D89BF89E} - System32\Tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser => Rundll32.exe generaltel.dll,RunTelemetryW
Task: {41160EA0-208B-4C3E-B4DB-805BBABC6B93} - System32\Tasks\Microsoft\Windows\Feedback\Siuf\DmClient => C:\Windows\system32\dmclient.exe [2015-07-10] (Microsoft Corporation)
Task: {414663A7-C542-4B4F-8355-314C93779E65} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {4A53DE0C-7080-4A66-914E-95450ADFD296} - System32\Tasks\Lenovo\Lenovo Solution Center Launcher => C:\Program Files\lenovo\lenovo solution center\App\LSCService.exe [2014-10-16] (Lenovo)
Task: {4ECEB3D9-B30C-4B15-9FB1-C58C64716560} - System32\Tasks\Microsoft\Windows\SetupSQMTask => C:\WINDOWS\SYSTEM32\OOBE\SETUPSQM.EXE [2015-07-10] (Microsoft Corporation)
Task: {6A694A02-51FD-4CF2-B2E9-7709FE13BD77} - System32\Tasks\[email protected] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2014-10-14] (Adobe Systems Incorporated)
Task: {73551810-E5F4-433E-9494-0D00B55C855E} - System32\Tasks\Microsoft\Windows\Maps\MapsToastTask
Task: {755E1617-570A-429F-BCB1-C2074A661959} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {78B77FA3-9D97-441D-97B6-68CEA40B4F74} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => Rundll32.exe generaltel.dll,RunTelemetry -maintenance
Task: {803B1B12-BEE5-47ED-9683-E9CADFE66E26} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {8DF84CB3-D8E0-4307-A35B-CA74E21786DB} - System32\Tasks\Microsoft\Windows\Clip\License Validation => C:\Windows\system32\ClipUp.exe [2015-08-17] (Microsoft Corporation)
Task: {9F860A47-D54E-4ABF-8619-B61712BC944D} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {A5B6CD85-1B57-49B9-BA80-5D5D65F02826} - System32\Tasks\Microsoft\Windows\AppID\EDP Policy Manager
Task: {AB8F693F-F0A1-4E1E-8084-DB04247B1F8E} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {B4F0005D-A827-4549-AC59-FB189802A4B6} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {BAE8C06E-4C59-4726-9DAB-1F2CF9EB8401} - System32\Tasks\MirageAgent => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [2012-11-08] (CyberLink)
Task: {BB59C2CF-5D0F-47AB-97D2-69CF13C98EF8} - System32\Tasks\Lenovo\LSC\LSCHardwareScanPostpone => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2014-10-16] ()
Task: {BDC5BE12-8566-43C6-8133-63638D8095AE} - System32\Tasks\Lenovo\LSC\LSCHardwareScan => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2014-10-16] ()
Task: {C56AFFD3-06B8-4A16-AF7E-F7A6EB3FAE9E} - System32\Tasks\Microsoft\Windows\TPM\Tpm-HASCertRetr
Task: {C5702E4E-8490-45FC-8299-F69D7CF4CEBB} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program => C:\Program Files\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2014-10-16] (Lenovo)
Task: {C5EE2EA2-5312-4D1F-B9D0-41B18DF31B78} - System32\Tasks\Microsoft\Windows\WindowsUpdate\sih => C:\Windows\System32\sihclient.exe [2015-07-10] (Microsoft Corporation)
Task: {C7A236B2-12E1-46DC-9501-3B1B0209CC09} - System32\Tasks\Microsoft\Windows\Location\WindowsActionDialog => C:\Windows\System32\WindowsActionDialog.exe [2015-07-10] (Microsoft Corporation)
Task: {CE78036C-2AC1-4847-97E8-0266F0E9FC9A} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-07-28] (Microsoft Corporation)
Task: {CFE923C2-2786-4628-819A-793CD80C60E6} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {D4AE54AF-3C03-4A3B-B1A3-3DF8D1902340} - System32\Tasks\Lenovo\LSC\Lenovo Solution Center Notifications => C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe [2014-10-16] (Lenovo)
Task: {E810E1B0-1A0E-4852-83D4-ADACE2FAEEEE} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\BrowserChoice\browserchoice.exe
Task: {E90017E0-1BD2-45CC-8D22-78636A57EBD1} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-08-11] (AVAST Software)
Task: {EB02AD82-406E-4C47-AE9A-7C65E6378ADD} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {EB072F1E-6204-4878-9E3E-8F6BACA02A05} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {F3600CAD-CD26-4DDC-B2C3-AB61DD23FB2F} - System32\Tasks\Microsoft\Windows\RetailDemo\CleanupOfflineContent
Task: {FE4D0B76-5FD3-4B73-B973-7C94916F99DF} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-07-07] (Adobe Systems Incorporated)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (Whitelisted) ==============

2015-07-10 12:00 - 2015-07-10 12:00 - 00028160 _____ () C:\WINDOWS\SYSTEM32\efsext.dll
2015-08-17 05:42 - 2015-08-17 05:42 - 00032768 _____ () C:\WINDOWS\SYSTEM32\licensemanagerapi.dll
2015-08-17 05:42 - 2015-08-17 05:42 - 00403968 _____ () C:\WINDOWS\System32\diagtrack_wininternal.dll
2015-03-20 18:12 - 2015-03-20 18:12 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-03-20 18:12 - 2015-03-20 18:12 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2015-08-17 05:42 - 2015-08-17 05:42 - 02498808 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2015-08-17 05:42 - 2015-08-17 05:42 - 02498808 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2014-09-26 14:41 - 2014-09-26 14:41 - 01021088 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
2013-09-05 01:17 - 2013-09-05 01:17 - 04300456 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 16:23 - 2010-10-20 16:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2015-07-10 11:59 - 2015-07-10 11:59 - 00429056 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2015-08-17 05:42 - 2015-08-17 05:42 - 06569472 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2015-07-10 12:00 - 2015-07-10 14:14 - 00471040 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2015-08-17 05:42 - 2015-08-17 05:42 - 01806848 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2015-08-17 05:42 - 2015-08-17 05:42 - 02274816 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2015-06-01 21:00 - 2015-06-01 21:00 - 00102912 _____ () C:\Windows\System32\IccLibDll_x64.dll
2012-09-13 00:38 - 2012-09-13 00:38 - 00264040 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
2014-09-26 14:40 - 2014-09-26 14:40 - 06237856 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
2015-08-11 22:27 - 2015-08-11 22:27 - 00102864 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2015-08-11 22:27 - 2015-08-11 22:27 - 00123976 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2015-08-18 20:35 - 2015-08-18 20:35 - 02961920 _____ () C:\Program Files\AVAST Software\Avast\defs\15081800\algo.dll
2015-03-20 18:12 - 2015-03-20 18:12 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-02-21 15:32 - 2012-07-12 13:59 - 00891392 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\QtNetwork4.dll
2013-02-21 15:32 - 2012-07-12 13:59 - 02281984 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\QtCore4.dll
2013-02-21 15:32 - 2012-07-12 13:59 - 00016896 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\featureController.dll
2013-02-21 15:32 - 2012-07-12 13:59 - 00062976 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\osEvents.dll
2013-02-21 15:32 - 2012-07-12 13:59 - 00322048 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\log4cplus.dll
2013-02-21 15:32 - 2012-07-12 13:59 - 00339456 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\QtXml4.dll
2013-02-21 15:32 - 2012-07-12 13:59 - 00400384 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\sqlite3.dll
2013-02-21 15:32 - 2012-07-12 13:59 - 00195584 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\libgsoap.dll
2013-02-21 15:32 - 2012-07-12 13:59 - 00062464 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\zlib1.dll
2013-02-21 15:32 - 2012-07-12 13:59 - 00446976 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\deviceProfile.dll
2013-02-21 15:32 - 2012-07-12 13:59 - 00019456 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\eventsSender.dll
2013-02-21 15:32 - 2012-07-12 13:59 - 00062976 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\serviceManagerStarter.dll
2012-09-13 00:38 - 2012-09-13 00:38 - 02144104 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtCore4.dll
2012-09-13 00:38 - 2012-09-13 00:38 - 00341352 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtXml4.dll
2012-09-13 00:38 - 2012-09-13 00:38 - 07955304 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtGui4.dll
2012-09-13 00:38 - 2012-09-13 00:38 - 00028008 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QGif4.dll
2012-09-13 00:38 - 2012-09-13 00:38 - 00127336 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QJpeg4.dll
2012-09-13 00:39 - 2012-09-13 00:39 - 00336232 _____ () C:\Program Files (x86)\Common Files\logishrd\LWSPlugins\LWS\Applets\CameraHelper\DevManagerCore.dll
2015-03-21 13:26 - 2015-03-21 13:26 - 40540672 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-09-28 21:01 - 2014-09-28 21:01 - 36730032 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CEF\libcef.dll
2012-02-22 17:46 - 2012-02-22 17:46 - 01135616 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\AllShareDMSWrap.dll
2012-02-22 17:46 - 2012-02-22 17:46 - 00098816 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\FolderCDP.dll
2012-02-22 17:46 - 2012-02-22 17:46 - 00656896 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\ContentDirectoryPresenter.dll
2012-02-22 17:46 - 2012-02-22 17:46 - 00105472 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\DCMCDP.dll
2012-02-22 17:46 - 2012-02-22 17:46 - 00031232 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\Autobackup.dll
2012-02-22 17:46 - 2012-02-22 17:46 - 00054784 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\RosettaAllShare.dll
2012-01-05 23:40 - 2012-01-05 23:40 - 00520234 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\sqlite3.dll
2012-02-22 17:46 - 2012-02-22 17:46 - 00077312 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\MetadataFramework.dll
2012-01-05 23:40 - 2012-01-05 23:40 - 00450560 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\MoodExtractor.dll
2012-01-05 23:40 - 2012-01-05 23:40 - 05717504 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\DCMImgExtractor.dll
2012-02-22 17:46 - 2012-02-22 17:46 - 00027648 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\AudioExtractor.dll
2012-02-22 17:46 - 2012-02-22 17:46 - 00017920 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\VideoExtractor.dll
2012-02-22 17:46 - 2012-02-22 17:46 - 00029184 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\AutoChaptering.dll
2012-02-22 17:46 - 2012-02-22 17:46 - 00012288 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\ImageExtractor.dll
2012-02-22 17:46 - 2012-02-22 17:46 - 00023040 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\RichInfoDriver.dll
2012-02-22 17:46 - 2012-02-22 17:46 - 00063488 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\ID3Driver.dll
2012-02-22 17:46 - 2012-02-22 17:46 - 00013824 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\TextExtractor.dll
2012-02-22 17:46 - 2012-02-22 17:46 - 00024064 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\SECMetaDriver.dll
2012-02-22 17:46 - 2012-02-22 17:46 - 00017920 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\ThumbnailMaker.dll
2012-02-22 17:46 - 2012-02-22 17:46 - 00133120 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\VideoMetadataDriver.dll
2012-02-22 17:46 - 2012-02-22 17:46 - 00024064 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\photoDriver.dll
2012-01-05 23:40 - 2012-01-05 23:40 - 00147456 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\libexpat.dll
2012-02-22 17:46 - 2012-02-22 17:46 - 00012288 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\VideoThumb.dll
2012-02-22 17:46 - 2012-02-22 17:46 - 00289792 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\libThumbnail.dll
2012-01-05 23:40 - 2012-01-05 23:40 - 00366592 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\tag.dll
2012-01-05 23:40 - 2012-01-05 23:40 - 04671488 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\avcodec-52.dll
2012-01-05 23:40 - 2012-01-05 23:40 - 00686080 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\avformat-52.dll
2012-02-22 17:46 - 2012-02-22 17:46 - 00290304 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\libKeyFrame.dll
2012-01-05 23:40 - 2012-01-05 23:40 - 00399826 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\libexif-12.dll.dll
2012-01-05 23:40 - 2012-01-05 23:40 - 00070656 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\avutil-50.dll
2012-01-05 23:40 - 2012-01-05 23:40 - 00152064 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\swscale-0.dll
2012-01-05 23:40 - 2012-01-05 23:40 - 00044032 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\us.dll
2014-09-28 21:01 - 2014-09-28 21:01 - 00746160 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CEF\libglesv2.dll
2014-09-28 21:01 - 2014-09-28 21:01 - 00136368 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CEF\libegl.dll
2013-02-21 15:04 - 2012-06-25 03:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\Nazeer\OneDrive:ms-properties

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ahcache.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CoreMessagingRegistrar => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\StateRepository => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TileDataModelSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\UserManager => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Ahcache.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CoreMessagingRegistrar => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\StateRepository => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TileDataModelSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\UserManager => ""="Service"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-262198327-598105851-806630370-1001\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 194.168.4.100 - 194.168.8.100
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

 




==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-262198327-598105851-806630370-1001\...\StartupApproved\StartupFolder: => "OneNote 2010 Screen Clipper and Launcher.lnk"
HKU\S-1-5-21-262198327-598105851-806630370-1001\...\StartupApproved\Run: => "uTorrent"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{ACD95341-34C3-4354-88B1-E564D8920B26}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{8BD00A7F-1408-4588-861B-79F1BAF9548B}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [UDP Query User{DEF8E8AA-B923-46BB-8BC3-081DDA1E5E1C}C:\program files (x86)\samsung\allshare\allshareagent.exe] => (Allow) C:\program files (x86)\samsung\allshare\allshareagent.exe
FirewallRules: [TCP Query User{78A4CAE4-335C-4D2B-8BA3-683FFAAE64F4}C:\program files (x86)\samsung\allshare\allshareagent.exe] => (Allow) C:\program files (x86)\samsung\allshare\allshareagent.exe
FirewallRules: [UDP Query User{6B7C740F-D27C-4DBD-AC0A-0BF4DA4B31B2}C:\program files (x86)\intel\intelappstore\bin\ismagent.exe] => (Allow) C:\program files (x86)\intel\intelappstore\bin\ismagent.exe
FirewallRules: [TCP Query User{7228FB2B-644C-49E3-807D-CC16E504A464}C:\program files (x86)\intel\intelappstore\bin\ismagent.exe] => (Allow) C:\program files (x86)\intel\intelappstore\bin\ismagent.exe
FirewallRules: [TCP Query User{1A6A8BFC-4AE7-415E-B9FD-C52099935B0C}C:\program files (x86)\intel\intelappstore\bin\ismagent.exe] => (Allow) C:\program files (x86)\intel\intelappstore\bin\ismagent.exe
FirewallRules: [UDP Query User{BDD354A4-066D-47D7-84DA-7C2284C3C298}C:\program files (x86)\intel\intelappstore\bin\ismagent.exe] => (Allow) C:\program files (x86)\intel\intelappstore\bin\ismagent.exe
FirewallRules: [TCP Query User{587FC9FF-E188-4C4F-9D40-3CA1F817463F}C:\program files (x86)\samsung\allshare\allshareagent.exe] => (Allow) C:\program files (x86)\samsung\allshare\allshareagent.exe
FirewallRules: [UDP Query User{8F5A85FB-4051-4BCA-8949-2F4E769A02DE}C:\program files (x86)\samsung\allshare\allshareagent.exe] => (Allow) C:\program files (x86)\samsung\allshare\allshareagent.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (08/18/2015 08:57:12 PM) (Source: ESENT) (EventID: 413) (User: )
Description: SettingSyncHost (7160) Unable to create a new logfile because the database cannot write to the log drive. The drive may be read-only, out of disk space, misconfigured, or corrupted. Error -1032.

Error: (08/18/2015 08:57:12 PM) (Source: ESENT) (EventID: 488) (User: )
Description: SettingSyncHost (7160) An attempt to create the file "C:\WINDOWS\system32\edbtmp.log" failed with system error 5 (0x00000005): "Access is denied. ".  The create file operation will fail with error -1032 (0xfffffbf8).

Error: (08/18/2015 08:57:01 PM) (Source: ESENT) (EventID: 413) (User: )
Description: SettingSyncHost (7160) Unable to create a new logfile because the database cannot write to the log drive. The drive may be read-only, out of disk space, misconfigured, or corrupted. Error -1032.

Error: (08/18/2015 08:57:01 PM) (Source: ESENT) (EventID: 488) (User: )
Description: SettingSyncHost (7160) An attempt to create the file "C:\WINDOWS\system32\edbtmp.log" failed with system error 5 (0x00000005): "Access is denied. ".  The create file operation will fail with error -1032 (0xfffffbf8).

Error: (08/18/2015 08:56:51 PM) (Source: ESENT) (EventID: 413) (User: )
Description: SettingSyncHost (7160) Unable to create a new logfile because the database cannot write to the log drive. The drive may be read-only, out of disk space, misconfigured, or corrupted. Error -1032.

Error: (08/18/2015 08:56:51 PM) (Source: ESENT) (EventID: 488) (User: )
Description: SettingSyncHost (7160) An attempt to create the file "C:\WINDOWS\system32\edbtmp.log" failed with system error 5 (0x00000005): "Access is denied. ".  The create file operation will fail with error -1032 (0xfffffbf8).

Error: (08/18/2015 08:56:41 PM) (Source: ESENT) (EventID: 413) (User: )
Description: SettingSyncHost (7160) Unable to create a new logfile because the database cannot write to the log drive. The drive may be read-only, out of disk space, misconfigured, or corrupted. Error -1032.

Error: (08/18/2015 08:56:41 PM) (Source: ESENT) (EventID: 488) (User: )
Description: SettingSyncHost (7160) An attempt to create the file "C:\WINDOWS\system32\edbtmp.log" failed with system error 5 (0x00000005): "Access is denied. ".  The create file operation will fail with error -1032 (0xfffffbf8).

Error: (08/18/2015 08:56:30 PM) (Source: ESENT) (EventID: 413) (User: )
Description: SettingSyncHost (7160) Unable to create a new logfile because the database cannot write to the log drive. The drive may be read-only, out of disk space, misconfigured, or corrupted. Error -1032.

Error: (08/18/2015 08:56:30 PM) (Source: ESENT) (EventID: 488) (User: )
Description: SettingSyncHost (7160) An attempt to create the file "C:\WINDOWS\system32\edbtmp.log" failed with system error 5 (0x00000005): "Access is denied. ".  The create file operation will fail with error -1032 (0xfffffbf8).


System errors:
=============
Error: (08/18/2015 08:57:57 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable

Error: (08/18/2015 08:57:57 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable

Error: (08/18/2015 08:57:56 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable

Error: (08/18/2015 08:57:55 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable

Error: (08/18/2015 08:57:55 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable

Error: (08/18/2015 08:57:54 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable

Error: (08/18/2015 08:57:54 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable

Error: (08/18/2015 08:57:53 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable

Error: (08/18/2015 08:57:52 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable

Error: (08/18/2015 08:57:52 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable


Microsoft Office:
=========================
Error: (08/18/2015 08:57:12 PM) (Source: ESENT) (EventID: 413) (User: )
Description: SettingSyncHost7160-1032

Error: (08/18/2015 08:57:12 PM) (Source: ESENT) (EventID: 488) (User: )
Description: SettingSyncHost7160C:\WINDOWS\system32\edbtmp.log-1032 (0xfffffbf8)5 (0x00000005)Access is denied.

Error: (08/18/2015 08:57:01 PM) (Source: ESENT) (EventID: 413) (User: )
Description: SettingSyncHost7160-1032

Error: (08/18/2015 08:57:01 PM) (Source: ESENT) (EventID: 488) (User: )
Description: SettingSyncHost7160C:\WINDOWS\system32\edbtmp.log-1032 (0xfffffbf8)5 (0x00000005)Access is denied.

Error: (08/18/2015 08:56:51 PM) (Source: ESENT) (EventID: 413) (User: )
Description: SettingSyncHost7160-1032

Error: (08/18/2015 08:56:51 PM) (Source: ESENT) (EventID: 488) (User: )
Description: SettingSyncHost7160C:\WINDOWS\system32\edbtmp.log-1032 (0xfffffbf8)5 (0x00000005)Access is denied.

Error: (08/18/2015 08:56:41 PM) (Source: ESENT) (EventID: 413) (User: )
Description: SettingSyncHost7160-1032

Error: (08/18/2015 08:56:41 PM) (Source: ESENT) (EventID: 488) (User: )
Description: SettingSyncHost7160C:\WINDOWS\system32\edbtmp.log-1032 (0xfffffbf8)5 (0x00000005)Access is denied.

Error: (08/18/2015 08:56:30 PM) (Source: ESENT) (EventID: 413) (User: )
Description: SettingSyncHost7160-1032

Error: (08/18/2015 08:56:30 PM) (Source: ESENT) (EventID: 488) (User: )
Description: SettingSyncHost7160C:\WINDOWS\system32\edbtmp.log-1032 (0xfffffbf8)5 (0x00000005)Access is denied.


CodeIntegrity:
===================================
  Date: 2015-08-16 21:55:20.549
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-08-16 21:55:20.511
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-08-16 21:55:20.470
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-08-16 21:55:11.361
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-08-16 21:55:11.195
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info ===========================

Processor: Intel® Core™ i3-2348M CPU @ 2.30GHz
Percentage of memory in use: 53%
Total physical RAM: 3941.41 MB
Available physical RAM: 1847.24 MB
Total Virtual: 5349.41 MB
Available Virtual: 3187.33 MB

==================== Drives ================================

Drive c: (Windows8_OS) (Fixed) (Total:883.74 GB) (Free:509.25 GB) NTFS ==>[system with boot components (obtained from reading drive)]
Drive d: (LENOVO) (Fixed) (Total:25 GB) (Free:22.55 GB) NTFS
Drive f: (Manual & Driver) (CDROM) (Total:0.01 GB) (Free:0 GB) CDFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 3CE9A948)

Partition: GPT.

==================== End of log ============================


"HKCU\Software\Optimizer Pro" => key could not be unlocked

========= reg delete "HKCU\Software\Optimizer Pro" =========

Permanently delete the registry key HKEY_CURRENT_USER\Software\Optimizer Pro (Yes/No)? ERROR: The system was unable to find the specified registry key or value.


========= End of Reg: =========

EmptyTemp: => 1.5 GB temporary data Removed.


The system needed a reboot..

==== End of Fixlog 20:46:17 ====

 

 

 

Results of screen317's Security Check version 1.007  
   x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
Windows Defender   
avast! Antivirus   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:`````````
 Adobe Flash Player     18.0.0.232  
 Adobe Reader XI  
 Mozilla Firefox (40.0.2)
 Mozilla Thunderbird 31.7.0 Thunderbird out of Date!  
 Google Chrome 30.0.1599.66 Google Chrome out of date!  
````````Process Check: objlist.exe by Laurent````````  
 AVAST Software Avast AvastSvc.exe  
 AVAST Software Avast AvastUI.exe  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:  %
````````````````````End of Log``````````````````````


  • 0

#15
Nevan
Posted 19 August 2015 - 11:11 AM

Nevan

    Trusted Helper

  • Malware Removal
  • 1,765 posts
Hello again, Beshoff.

Let's launch the last fix and update the programs.

Step #1
4rr98tz.png FRST Fix
  • Download attached fixlist.txt file to your desktop.
    Attached File  fixlist.txt   1.42KB   232 downloads
    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
  • Right click FRST64.exe on your desktop and click Run as administrator.
  • Press the Fix button just once and wait.
    NOTE: It's important that both FRST64.exe and fixlist.txt are in the same location or the fix will not work.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finished, FRST will generate a log on the desktop (Fixlog.txt). Select all (CTRL+A) the content of the log, copy it (CTRL+C) and paste (CTRL+V) it into your next reply.
 
Step #2
Updating programs

Your Google Chrome is outdated. It is important to keep browsers updated as it decreases the chance of being infected in the future.
To update it:
  • Click the Chrome menu 2014-01-10-13-08-08-f52b8c.png on the browser toolbar and select About Google Chrome.
  • Chrome will check for updates when you're on this page.
  • Click Relaunch to apply any available update.
 
Your Mozilla Thunderbird is outdated. Please update it to decrease the chance of being infected. Use the following instructions.
  • If updates are available, the Software Update dialog will be displayed containing details about these updates. To update Thunderbird, click OK and the selected updates will be downloaded and installed.
  • To finish the install process, you need to restart (close and re-open) Thunderbird by clicking Done.
  • When Thunderbird restarts, the updates will have been installed.
 
EOEdyWG.png Things that should appear in your next post:
  • Fixlog.txt log content
  • Please tell me if you have successfully updated Chrome and Thunderbird

Edited by Nevan, 19 August 2015 - 12:57 PM.

  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP