Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

My laptop shutdown automatically when run Malwarebytes Anti-Malware in

Started by sanguine lo , May 30 2017 12:41 PM

  • This topic is locked This topic is locked

#1
sanguine lo
Posted 30 May 2017 - 12:41 PM

sanguine lo

    Member

  • Member
  • PipPip
  • 15 posts

 I have same problem with all anti-virus softwares i have used. When i use them for normal scan they don't find anything but when i use them in boot mode or safe mode they run for some time and then my laptop shutdown automatically. For example i used avast in boot mode and Malwarebytes Anti-Malware in safe mode and same thing happened both time. Is it a case that some malware is resisting or controlling the scan and if it is so what should i do to remove this? what kind of malware can do this?

Point to be added i used free version of anti-virus.

Please help!!!

thanks in advance for your valuable time.


  • 0

Advertisements

#2
zep516
Posted 30 May 2017 - 03:42 PM

zep516

    Trusted Helper

  • Malware Removal
  • 8,090 posts

Hi! My name is zep516 and Welcome to Geekstogo!
I'll do the best I can to resolve your computer issue
Please make sure to carefully read any instruction that I give you. If you're not sure, or if something unexpected happens, don't continue Stop and ask! Never be afraid to ask questions! :)

We need to see 2 logs files before making any determination

Next
Everything gets download to the desktop and tools are "Run as administrator."
Please download Farbar Recovery Scan Tool and save it to your Desktop.
Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

  • 0

#3
sanguine lo
Posted 31 May 2017 - 08:37 AM

sanguine lo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts

Hey, zep516, i did what you said these are the logs

FRST.txt :-

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 28-05-2017
Ran by DEVENDRA (administrator) on PIYUSH  (31-05-2017 00:27:38)
Running from C:\Users\DEVENDRA\Downloads\Programs
Loaded Profiles: DEVENDRA (Available Profiles: DEVENDRA & Administrator)
Platform: Windows 8 Pro (X64) Language: English (United States)
Internet Explorer Version 10 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(GRISOFT s.r.o.) C:\Program Files (x86)\Grisoft\AVG Anti-Spyware 7.5\guard.exe
(Broadcom Corporation.) C:\Windows\System32\BtwRSupportService.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe
() C:\ProgramData\ChgService.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Microsoft) C:\Program Files\Softland\novaPDF 8\Server\novapdfs.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(© 2015 Microsoft Corporation) C:\Users\DEVENDRA\AppData\Local\Microsoft\BingSvc\BingSvc.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe
(Vimicro) C:\Program Files (x86)\USB Camera2\VM332_STI.EXE
(GRISOFT s.r.o.) C:\Program Files (x86)\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IDMan.exe
(uWebb Software) C:\Users\DEVENDRA\Downloads\ThrottleStop_840\ThrottleStop.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(mozilla.org) D:\CALD3\cald3.exe
(Microsoft Corporation) C:\Program Files (x86)\Internet Explorer\ielowutil.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [17079376 2015-05-17] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [191568 2015-05-17] (Lenovo(beijing) Limited)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2816816 2012-03-13] (ELAN Microelectronics Corp.)
HKLM\...\Run: [ShadowPlay] => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [332BigDog] => C:\Program Files (x86)\USB Camera2\VM332_STI.EXE [548864 2011-12-09] (Vimicro)
HKLM-x32\...\Run: [!AVG Anti-Spyware] => C:\Program Files (x86)\Grisoft\AVG Anti-Spyware 7.5\avgas.exe [6731312 2007-06-11] (GRISOFT s.r.o.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2231448702-2167641444-2541206904-1001\...\Run: [IDMan] => C:\Program Files (x86)\Internet Download Manager\IDMan.exe [3491264 2012-06-07] (Tonec Inc.)
HKU\S-1-5-21-2231448702-2167641444-2541206904-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8912088 2016-08-27] (Piriform Ltd)
HKU\S-1-5-21-2231448702-2167641444-2541206904-1001\...\Run: [CyberGhost] => "C:\Program Files\CyberGhost 6\CyberGhost.exe" /autostart /min
HKU\S-1-5-21-2231448702-2167641444-2541206904-1001\...\Run: [AutoVPNConnect] => C:\Program Files (x86)\mvhBytes\AutoVPNConnect\AutoVPNConnect.exe
HKU\S-1-5-21-2231448702-2167641444-2541206904-1001\...\Run: [BingSvc] => C:\Users\DEVENDRA\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2015-11-05] (© 2015 Microsoft Corporation)
HKU\S-1-5-21-2231448702-2167641444-2541206904-1001\...\MountPoints2: {0c7bdd9c-2587-11e5-beb9-3c970e277118} - "I:\.\StartModem.exe"
HKU\S-1-5-21-2231448702-2167641444-2541206904-1001\...\MountPoints2: {1d94643f-0adb-11e5-be94-3c970e277118} - "F:\.\Start.exe"
HKU\S-1-5-21-2231448702-2167641444-2541206904-1001\...\MountPoints2: {94c4cbad-e39c-11e5-bede-3c970e277118} - "F:\Startme.exe"
HKU\S-1-5-21-2231448702-2167641444-2541206904-1001\...\MountPoints2: {94c4cbec-e39c-11e5-bede-3c970e277118} - "I:\HTC_Sync_Manager_PC.exe"
HKU\S-1-5-21-2231448702-2167641444-2541206904-1001\...\MountPoints2: {e4e3d03e-f8d2-11e4-be6a-3c970e277118} - "J:\.\ShowModem.exe"
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [170360 2017-05-18] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [148200 2017-05-18] (NVIDIA Corporation)
ShellExecuteHooks-x32: No Name - {57B86673-276A-48B2-BAE7-C6DBB3020EB8} -  -> No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ShellIconOverlayIdentifiers: [IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll [2012-02-08] (Tonec Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2016-10-19]
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\Users\DEVENDRA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2016-12-07]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files (x86)\Microsoft Office\Office15\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.43.1
Tcpip\..\Interfaces\{7CB1B632-C047-4AD8-8959-53A3F394FF14}: [DhcpNameServer] 172.20.10.1
Tcpip\..\Interfaces\{86551DED-D89B-4CDB-8FDD-3BAF2C4B7C41}: [NameServer] 10.58.75.4 8.8.4.4
Tcpip\..\Interfaces\{A9CE96AF-D756-4853-B00A-1AB63DBD2B77}: [DhcpNameServer] 192.168.43.1
Tcpip\..\Interfaces\{BC2585A4-4F0B-4184-8679-03CEFF6D9457}: [DhcpNameServer] 192.168.137.129
Tcpip\..\Interfaces\{C9CF9AE2-A117-4857-A68D-85CEAE3AB4B0}: [DhcpNameServer] 172.20.10.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2231448702-2167641444-2541206904-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=SK216&ocid=SK216DHP&osmkt=en-us
HKU\S-1-5-21-2231448702-2167641444-2541206904-1001\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
HKU\S-1-5-21-2231448702-2167641444-2541206904-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/en-in/?ocid=iehp
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2231448702-2167641444-2541206904-1001 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={sear
SearchScopes: HKU\S-1-5-21-2231448702-2167641444-2541206904-1001 -> {869E8A5D-E3E6-49DA-B2D4-45CD9264DA8C} URL = hxxp://www.bing.com/search?FORM=SK216DF&PC=SK216&q={searchTerms}&src=IE-SearchBox
BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll [2012-05-02] (Internet Download Manager, Tonec Inc.)
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2012-10-01] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2012-10-01] (Microsoft Corporation)
BHO-x32: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll [2012-05-02] (Internet Download Manager, Tonec Inc.)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2012-10-01] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2012-10-01] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\DEVENDRA\AppData\Roaming\Mozilla\Firefox\Profiles\mhsciojy.default-1476379053432 [2017-05-31]
FF Extension: (Avira Browser Safety) - C:\Users\DEVENDRA\AppData\Roaming\Mozilla\Firefox\Profiles\mhsciojy.default-1476379053432\Extensions\[email protected] [2017-04-06]
FF Extension: (Intersection Observer API) - C:\Users\DEVENDRA\AppData\Roaming\Mozilla\Firefox\Profiles\mhsciojy.default-1476379053432\Extensions\[email protected] [2017-05-10]
FF Extension: (Awesome Screenshot - Capture, Annotate & More) - C:\Users\DEVENDRA\AppData\Roaming\Mozilla\Firefox\Profiles\mhsciojy.default-1476379053432\Extensions\[email protected] [2017-04-14]
FF Extension: (Avira SafeSearch Plus) - C:\Users\DEVENDRA\AppData\Roaming\Mozilla\Firefox\Profiles\mhsciojy.default-1476379053432\Extensions\[email protected] [2016-12-15]
FF Extension: (Adblock Plus) - C:\Users\DEVENDRA\AppData\Roaming\Mozilla\Firefox\Profiles\mhsciojy.default-1476379053432\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2017-05-29]
FF Extension: (Firefox Screenshots) - C:\Program Files (x86)\Mozilla Firefox\browser\features\[email protected] [2017-05-14] [not signed]
FF HKU\S-1-5-21-2231448702-2167641444-2541206904-1001\...\Firefox\Extensions: [[email protected]] - C:\Users\DEVENDRA\AppData\Roaming\IDM\idmmzcc5
FF Extension: (IDM CC) - C:\Users\DEVENDRA\AppData\Roaming\IDM\idmmzcc5 [2015-05-12] [not signed]
FF HKU\S-1-5-21-2231448702-2167641444-2541206904-1001\...\SeaMonkey\Extensions: [[email protected]] - C:\Users\DEVENDRA\AppData\Roaming\IDM\idmmzcc5
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_210.dll [2015-07-19] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_210.dll [2015-07-19] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2012-10-01] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2012-10-01] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)

Chrome:
=======
CHR HomePage: Default -> msn.com
CHR DefaultSearchURL: Default -> hxxp://www.bing.com/search?FORM=__PARAM__DF&PC=__PARAM__&q={searchTerms}
CHR DefaultSearchKeyword: Default -> bing.com
CHR DefaultSuggestURL: Default -> hxxp://www.bing.com/osjson.aspx?FORM=__PARAM__DF&PC=__PARAM__&query={searchTerms}
CHR Profile: C:\Users\DEVENDRA\AppData\Local\Google\Chrome\User Data\Default [2017-05-30]
CHR Extension: (Google Slides) - C:\Users\DEVENDRA\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-03-21]
CHR Extension: (Google Docs) - C:\Users\DEVENDRA\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-03-21]
CHR Extension: (Google Drive) - C:\Users\DEVENDRA\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-03-21]
CHR Extension: (YouTube) - C:\Users\DEVENDRA\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-03-21]
CHR Extension: (Bing) - C:\Users\DEVENDRA\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcfenmboojpjinhpgggodefccipikbpd [2017-03-21]
CHR Extension: (Google Sheets) - C:\Users\DEVENDRA\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-03-21]
CHR Extension: (Google Docs Offline) - C:\Users\DEVENDRA\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-03-30]
CHR Extension: (Chrome Web Store Payments) - C:\Users\DEVENDRA\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-21]
CHR Extension: (Gmail) - C:\Users\DEVENDRA\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-03-21]
CHR Extension: (Chrome Media Router) - C:\Users\DEVENDRA\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-05-29]
CHR HKU\S-1-5-21-2231448702-2167641444-2541206904-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AVG Anti-Spyware Guard; C:\Program Files (x86)\Grisoft\AVG Anti-Spyware 7.5\guard.exe [312880 2007-05-30] (GRISOFT s.r.o.)
R2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2227992 2012-10-02] (Broadcom Corporation.)
R2 btwdins; C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe [957816 2012-10-21] (Broadcom Corporation.)
R2 Change Modem Device Service; C:\ProgramData\ChgService.exe [135168 2011-07-12] () [File not signed] <==== ATTENTION
R2 IAStorDataMgrSvc; C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [7168 2012-08-16] (Intel Corporation) [File not signed]
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-06-27] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [268704 2016-12-27] ()
R2 NovaPdfServer; C:\Program Files\Softland\novaPDF 8\Server\novapdfs.exe [35616 2015-02-27] (Microsoft)
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [495224 2017-05-04] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [495224 2017-05-04] (NVIDIA Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [462968 2017-05-18] (NVIDIA Corporation)
R2 NvTelemetryContainer; C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [449984 2017-05-18] (NVIDIA Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [15440 2012-07-26] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3732896 2016-12-27] (Intel® Corporation)
S2 0094821477171173mcinstcleanup; C:\Windows\TEMP\009482~1.EXE -cleanup -nolog [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 aswTap; C:\Windows\system32\DRIVERS\aswTap.sys [44640 2016-10-08] (The OpenVPN Project)
R1 AVG Anti-Spyware Driver; C:\Program Files (x86)\Grisoft\AVG Anti-Spyware 7.5\guard64.sys [12024 2007-05-30] ()
R1 AvgAsC64; C:\Windows\System32\DRIVERS\AvgAsC64.sys [14072 2007-05-30] (GRISOFT, s.r.o.)
R3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [169240 2012-10-02] (Broadcom Corporation.)
R3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [5139968 2012-06-02] (Broadcom Corporation)
S3 cmnsusbser; C:\Windows\system32\DRIVERS\cmnsusbser.sys [126080 2010-02-25] (QUALCOMM Incorporated)
S3 fcusbser; C:\Windows\system32\DRIVERS\fcusbser.sys [119552 2010-06-03] (BM)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2017-05-30] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [65408 2016-03-10] (Malwarebytes Corporation)
S3 Netaapl; C:\Windows\system32\DRIVERS\netaapl64.sys [23040 2016-03-28] (Apple Inc.) [File not signed]
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30328 2017-05-04] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [48248 2017-05-04] (NVIDIA Corporation)
R3 nvvhci; C:\Windows\System32\drivers\nvvhci.sys [57792 2017-02-24] (NVIDIA Corporation)
R0 pwdrvio; C:\Windows\System32\pwdrvio.sys [19152 2013-09-30] ()
S3 pwdspio; C:\Windows\system32\pwdspio.sys [12504 2013-09-30] ()
S3 SPUVCbv; C:\Windows\System32\Drivers\usbvideo.sys [210304 2012-07-26] (Microsoft Corporation)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2016-03-28] (Apple, Inc.) [File not signed]
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [34216 2012-07-26] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [258288 2012-07-26] (Microsoft Corporation)
R3 WinRing0_1_2_0; C:\Users\DEVENDRA\Downloads\ThrottleStop_840\WinRing0x64.sys [14544 2015-10-12] (OpenLibSys.org)
U0 aswVmm; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-10-01 22:21 - 2018-10-01 22:21 - 00000117 _____ C:\Windows\system32\netcfg-15208125.txt
2017-05-31 00:31 - 2017-05-31 00:31 - 00437448 _____ C:\Users\DEVENDRA\Music\Documents\Malware and Spyware Cleaning Guide - Virus, Spyware, Malware Removal.pdf
2017-05-31 00:27 - 2017-05-31 00:27 - 00000000 ____D C:\FRST
2017-05-31 00:20 - 2017-05-31 00:20 - 00000117 _____ C:\Windows\system32\netcfg-93277890.txt
2017-05-31 00:18 - 2017-05-31 00:18 - 00000117 _____ C:\Windows\system32\netcfg-93181968.txt
2017-05-30 21:52 - 2017-05-30 21:52 - 00000117 _____ C:\Windows\system32\netcfg-84405406.txt
2017-05-30 19:10 - 2017-05-30 19:10 - 00000117 _____ C:\Windows\system32\netcfg-74731843.txt
2017-05-30 19:05 - 2017-05-30 19:05 - 00000117 _____ C:\Windows\system32\netcfg-74412375.txt
2017-05-30 18:58 - 2017-05-30 18:58 - 00000117 _____ C:\Windows\system32\netcfg-73969765.txt
2017-05-30 18:57 - 2017-05-30 18:57 - 00006023 _____ C:\Users\DEVENDRA\Downloads\A010045060516E0559.pdf
2017-05-30 18:56 - 2013-09-18 03:57 - 05331968 _____ (Microsoft Corporation) C:\Windows\system32\sppsvc.exe
2017-05-30 18:56 - 2013-09-18 03:56 - 01172992 _____ (Microsoft Corporation) C:\Windows\system32\sppobjs.dll
2017-05-30 18:56 - 2013-09-18 03:56 - 00368640 _____ (Microsoft Corporation) C:\Windows\system32\sppwinob.dll
2017-05-30 18:52 - 2017-05-30 18:52 - 00000013 _____ C:\Users\DEVENDRA\Downloads\1233.txt
2017-05-30 18:36 - 2017-05-30 18:36 - 00000117 _____ C:\Windows\system32\netcfg-72651703.txt
2017-05-30 10:12 - 2017-05-30 10:12 - 00000117 _____ C:\Windows\system32\netcfg-42450234.txt
2017-05-30 10:07 - 2017-05-30 10:10 - 08152820 _____ C:\Users\DEVENDRA\Downloads\Windows8-RT-KB2885698-x64.msu
2017-05-30 09:56 - 2017-05-30 09:56 - 00000117 _____ C:\Windows\system32\netcfg-41487718.txt
2017-05-30 09:56 - 2017-05-30 09:56 - 00000117 _____ C:\Windows\system32\netcfg-41485390.txt
2017-05-30 09:50 - 2017-05-30 09:50 - 00000117 _____ C:\Windows\system32\netcfg-41091593.txt
2017-05-30 07:28 - 2017-05-30 07:28 - 00000117 _____ C:\Windows\system32\netcfg-32595109.txt
2017-05-30 06:30 - 2017-05-30 06:30 - 00000117 _____ C:\Windows\system32\netcfg-29145093.txt
2017-05-30 03:03 - 2017-05-30 03:03 - 00000117 _____ C:\Windows\system32\netcfg-16704968.txt
2017-05-30 00:32 - 2017-05-30 00:32 - 00000117 _____ C:\Windows\system32\netcfg-7620875.txt
2017-05-29 22:40 - 2017-05-29 22:40 - 00000117 _____ C:\Windows\system32\netcfg-955625.txt
2017-05-29 22:39 - 2017-05-29 22:39 - 00000117 _____ C:\Windows\system32\netcfg-896390.txt
2017-05-29 22:36 - 2017-05-29 22:36 - 00000117 _____ C:\Windows\system32\netcfg-665828.txt
2017-05-29 22:35 - 2017-05-29 22:35 - 00000117 _____ C:\Windows\system32\netcfg-644312.txt
2017-05-29 22:20 - 2016-08-10 14:45 - 02772584 _____ (Microsoft Corporation) C:\Users\DEVENDRA\Downloads\d3d11.dll
2017-05-29 22:19 - 2017-05-29 22:19 - 00000117 _____ C:\Windows\system32\netcfg-80297125.txt
2017-05-29 22:14 - 2017-05-29 22:14 - 00000117 _____ C:\Windows\system32\netcfg-80030234.txt
2017-05-29 22:11 - 2017-05-29 22:11 - 00000117 _____ C:\Windows\system32\netcfg-79810218.txt
2017-05-29 21:59 - 2017-05-29 21:59 - 00229103 _____ C:\Users\DEVENDRA\Downloads\The-Adventures-of-Sherlock-Holmes-Arthur-Conan-Doyle.epub
2017-05-29 21:56 - 2017-05-29 21:57 - 00288360 _____ C:\Users\DEVENDRA\Downloads\23 Minutes.epub
2017-05-29 21:20 - 2017-05-29 21:20 - 00000117 _____ C:\Windows\system32\netcfg-76741312.txt
2017-05-29 21:19 - 2017-05-29 21:19 - 00000117 _____ C:\Windows\system32\netcfg-76720656.txt
2017-05-29 21:19 - 2017-05-29 21:19 - 00000117 _____ C:\Windows\system32\netcfg-76703218.txt
2017-05-29 19:54 - 2017-05-29 19:54 - 00000117 _____ C:\Windows\system32\netcfg-71599968.txt
2017-05-29 19:47 - 2017-05-29 19:47 - 00047811 _____ C:\Users\DEVENDRA\Downloads\GA010045060517(1).pdf
2017-05-29 19:44 - 2017-05-29 19:44 - 00000117 _____ C:\Windows\system32\netcfg-71008203.txt
2017-05-29 19:44 - 2017-05-29 19:44 - 00000117 _____ C:\Windows\system32\netcfg-71006796.txt
2017-05-29 14:55 - 2017-05-29 14:55 - 00000117 _____ C:\Windows\system32\netcfg-53667843.txt
2017-05-29 12:34 - 2017-05-29 12:34 - 00000117 _____ C:\Windows\system32\netcfg-45222984.txt
2017-05-29 11:39 - 2017-05-29 11:39 - 00000117 _____ C:\Windows\system32\netcfg-41950531.txt
2017-05-29 02:07 - 2017-05-29 02:07 - 00000117 _____ C:\Windows\system32\netcfg-7596593.txt
2017-05-29 01:02 - 2017-05-29 01:02 - 00000117 _____ C:\Windows\system32\netcfg-3715890.txt
2017-05-29 00:08 - 2017-05-29 00:08 - 00000012 _____ C:\Users\DEVENDRA\Downloads\jj.txt
2017-05-28 22:39 - 2017-05-28 22:39 - 00000117 _____ C:\Windows\system32\netcfg-437287250.txt
2017-05-28 21:03 - 2017-05-28 21:03 - 00000117 _____ C:\Windows\system32\netcfg-431563453.txt
2017-05-28 16:32 - 2017-05-28 16:32 - 00000117 _____ C:\Windows\system32\netcfg-415277296.txt
2017-05-28 14:31 - 2017-05-28 14:31 - 00000117 _____ C:\Windows\system32\netcfg-408008734.txt
2017-05-28 14:31 - 2017-05-28 14:31 - 00000117 _____ C:\Windows\system32\netcfg-408006015.txt
2017-05-28 14:29 - 2017-05-28 14:29 - 00000117 _____ C:\Windows\system32\netcfg-407920187.txt
2017-05-28 14:29 - 2017-05-28 14:29 - 00000117 _____ C:\Windows\system32\netcfg-407917109.txt
2017-05-28 14:22 - 2017-05-28 14:22 - 00000117 _____ C:\Windows\system32\netcfg-407493359.txt
2017-05-28 01:38 - 2017-05-28 01:38 - 00000117 _____ C:\Windows\system32\netcfg-361667671.txt
2017-05-27 23:34 - 2017-05-27 23:34 - 00000117 _____ C:\Windows\system32\netcfg-354233968.txt
2017-05-27 23:34 - 2017-05-27 23:34 - 00000117 _____ C:\Windows\system32\netcfg-354210562.txt
2017-05-27 23:27 - 2017-05-27 23:27 - 00000117 _____ C:\Windows\system32\netcfg-353761140.txt
2017-05-27 23:26 - 2017-05-27 23:26 - 00000117 _____ C:\Windows\system32\netcfg-353752921.txt
2017-05-27 22:47 - 2017-05-27 22:47 - 00000117 _____ C:\Windows\system32\netcfg-351385625.txt
2017-05-27 22:47 - 2017-05-27 22:47 - 00000117 _____ C:\Windows\system32\netcfg-351383328.txt
2017-05-27 21:03 - 2017-05-27 21:03 - 00000117 _____ C:\Windows\system32\netcfg-345140421.txt
2017-05-27 10:21 - 2017-05-27 10:21 - 00000117 _____ C:\Windows\system32\netcfg-306620203.txt
2017-05-27 10:18 - 2017-05-27 10:18 - 00000117 _____ C:\Windows\system32\netcfg-306448750.txt
2017-05-27 10:17 - 2017-05-27 10:17 - 00000117 _____ C:\Windows\system32\netcfg-306371156.txt
2017-05-27 10:12 - 2017-05-04 11:39 - 00110840 ____N C:\Users\DEVENDRA\Downloads\Guardians of the Galaxy Vol. 2 2017 NEW HDCAM x264 HQMic-CPG.srt
2017-05-27 10:12 - 2016-10-12 09:09 - 00001983 _____ C:\Users\DEVENDRA\Downloads\README.txt
2017-05-27 10:11 - 2017-05-27 10:12 - 00043468 _____ C:\Users\DEVENDRA\Downloads\Guardians.of.the.Galaxy.Vol.2.2017.NEW.HDCAM.x264.HQMic-CPG English.zip
2017-05-27 10:06 - 2017-05-27 10:06 - 00000117 _____ C:\Windows\system32\netcfg-305717171.txt
2017-05-27 00:30 - 2017-05-27 00:30 - 00000117 _____ C:\Windows\system32\netcfg-271204718.txt
2017-05-26 21:54 - 2017-05-26 21:54 - 00000117 _____ C:\Windows\system32\netcfg-261814703.txt
2017-05-26 21:18 - 2017-05-26 21:18 - 00000117 _____ C:\Windows\system32\netcfg-259704156.txt
2017-05-26 21:18 - 2017-05-26 21:18 - 00000117 _____ C:\Windows\system32\netcfg-259696078.txt
2017-05-26 21:18 - 2017-05-26 21:18 - 00000117 _____ C:\Windows\system32\netcfg-259686203.txt
2017-05-26 21:18 - 2017-05-26 21:18 - 00000117 _____ C:\Windows\system32\netcfg-259679703.txt
2017-05-26 21:18 - 2017-05-26 21:18 - 00000117 _____ C:\Windows\system32\netcfg-259671187.txt
2017-05-26 19:19 - 2017-05-26 19:20 - 03696209 _____ C:\Users\DEVENDRA\Music\Documents\Job profile of all posts in ssc cgl - Q...BI _ IBPS BANK PO & Clerk _ RRB NTPC _.pdf
2017-05-26 19:14 - 2017-05-26 19:14 - 00000117 _____ C:\Windows\system32\netcfg-252218187.txt
2017-05-26 11:02 - 2017-05-26 11:02 - 00000117 _____ C:\Windows\system32\netcfg-222745328.txt
2017-05-26 09:59 - 2017-05-26 09:59 - 00000117 _____ C:\Windows\system32\netcfg-218913484.txt
2017-05-26 00:41 - 2017-05-26 00:41 - 00000117 _____ C:\Windows\system32\netcfg-185466234.txt
2017-05-25 23:57 - 2017-05-25 23:57 - 00000117 _____ C:\Windows\system32\netcfg-182836671.txt
2017-05-25 23:49 - 2017-05-25 23:49 - 00000117 _____ C:\Windows\system32\netcfg-182373484.txt
2017-05-25 23:13 - 2017-05-25 23:13 - 00000117 _____ C:\Windows\system32\netcfg-180179046.txt
2017-05-25 23:12 - 2017-05-25 23:12 - 00000117 _____ C:\Windows\system32\netcfg-180115656.txt
2017-05-25 22:40 - 2017-05-25 22:40 - 00000117 _____ C:\Windows\system32\netcfg-178196578.txt
2017-05-25 22:39 - 2017-05-25 22:39 - 00000117 _____ C:\Windows\system32\netcfg-178163781.txt
2017-05-25 22:15 - 2017-05-25 22:15 - 00000117 _____ C:\Windows\system32\netcfg-176704781.txt
2017-05-25 22:15 - 2017-05-25 22:15 - 00000117 _____ C:\Windows\system32\netcfg-176692296.txt
2017-05-25 21:26 - 2017-05-25 21:26 - 00000013 _____ C:\Users\DEVENDRA\salary.txt
2017-05-25 21:16 - 2017-05-25 21:16 - 00000117 _____ C:\Windows\system32\netcfg-173153171.txt
2017-05-25 18:37 - 2017-05-25 18:37 - 00000117 _____ C:\Windows\system32\netcfg-163620843.txt
2017-05-25 18:05 - 2017-05-25 18:05 - 00075629 _____ C:\Users\DEVENDRA\Music\Documents\RRB NTPC2.pdf
2017-05-25 18:03 - 2017-05-25 18:03 - 00075620 _____ C:\Users\DEVENDRA\Music\Documents\RRB NTPC.pdf
2017-05-25 18:03 - 2017-05-25 18:03 - 00000117 _____ C:\Windows\system32\netcfg-161621515.txt
2017-05-25 18:01 - 2017-05-25 18:01 - 00000117 _____ C:\Windows\system32\netcfg-161445250.txt
2017-05-25 18:00 - 2017-05-25 18:00 - 00000117 _____ C:\Windows\system32\netcfg-161428562.txt
2017-05-25 17:56 - 2017-05-25 17:56 - 00000117 _____ C:\Windows\system32\netcfg-161150500.txt
2017-05-25 17:53 - 2017-05-25 17:53 - 00000117 _____ C:\Windows\system32\netcfg-160973578.txt
2017-05-25 15:14 - 2017-05-25 15:14 - 00000117 _____ C:\Windows\system32\netcfg-151444578.txt
2017-05-25 14:01 - 2017-05-25 14:01 - 00000117 _____ C:\Windows\system32\netcfg-147053781.txt
2017-05-25 00:22 - 2017-05-25 00:22 - 00000117 _____ C:\Windows\system32\netcfg-97974718.txt
2017-05-25 00:19 - 2017-05-27 00:30 - 1177521695 _____ C:\Users\DEVENDRA\Downloads\G74rd14n5.0f.Th3.G4l4xy.2.17.dr.sdm0v13sp01nt.c0m.mkv
2017-05-24 23:40 - 2017-05-25 00:06 - 732588192 _____ C:\Users\DEVENDRA\Downloads\H4lf.G1rlfr13nd.17.cm.sdm0v13sp01nt.c0m.mkv
2017-05-24 21:32 - 2017-05-24 21:32 - 00000117 _____ C:\Windows\system32\netcfg-87764296.txt
2017-05-24 21:08 - 2017-05-24 21:08 - 00000117 _____ C:\Windows\system32\netcfg-86327921.txt
2017-05-24 18:45 - 2017-05-24 18:45 - 00000117 _____ C:\Windows\system32\netcfg-77759890.txt
2017-05-23 21:52 - 2017-05-23 21:52 - 00000117 _____ C:\Windows\system32\netcfg-2595937.txt
2017-05-23 21:51 - 2017-05-23 21:51 - 00000117 _____ C:\Windows\system32\netcfg-2498156.txt
2017-05-23 21:51 - 2017-05-23 21:51 - 00000117 _____ C:\Windows\system32\netcfg-2497890.txt
2017-05-23 21:34 - 2017-05-23 21:34 - 00220172 _____ C:\Users\DEVENDRA\Music\Documents\www.irctc.co.in_eticketing_printTicketHindi.jsf_pnr=2710420047^B^28-Jun-2017^1^#.pdf
2017-05-23 21:33 - 2017-05-23 21:33 - 00220142 _____ C:\Users\DEVENDRA\Music\Documents\www.irctc.co.in_eticketing_printTicketHindi.jsf_pnr=2557844503^B^01-Jun-2017^1^#.pdf
2017-05-23 21:22 - 2017-05-23 21:22 - 00000117 _____ C:\Windows\system32\netcfg-772437.txt
2017-05-23 21:17 - 2017-05-23 21:17 - 00000117 _____ C:\Windows\system32\netcfg-484671.txt
2017-05-23 21:14 - 2017-05-23 21:14 - 00000117 _____ C:\Windows\system32\netcfg-304484.txt
2017-05-23 21:12 - 2017-05-23 21:12 - 00000117 _____ C:\Windows\system32\netcfg-193515.txt
2017-05-23 20:48 - 2017-05-23 20:48 - 00000117 _____ C:\Windows\system32\netcfg-41682703.txt
2017-05-23 20:11 - 2017-05-23 20:11 - 00000117 _____ C:\Windows\system32\netcfg-39451265.txt
2017-05-23 16:11 - 2017-05-23 16:11 - 00000117 _____ C:\Windows\system32\netcfg-25067906.txt
2017-05-23 15:22 - 2017-05-23 15:22 - 00000117 _____ C:\Windows\system32\netcfg-22118171.txt
2017-05-23 15:21 - 2017-05-23 15:21 - 00000117 _____ C:\Windows\system32\netcfg-22058625.txt
2017-05-23 15:19 - 2017-05-23 15:19 - 00000117 _____ C:\Windows\system32\netcfg-21966281.txt
2017-05-23 15:17 - 2017-05-23 15:17 - 00000117 _____ C:\Windows\system32\netcfg-21799671.txt
2017-05-23 15:17 - 2017-05-23 15:17 - 00000000 ____D C:\Users\DEVENDRA\Downloads\ThrottleStop_840
2017-05-23 15:16 - 2017-05-23 15:16 - 00644137 _____ C:\Users\DEVENDRA\Downloads\ThrottleStop_840.zip
2017-05-23 15:14 - 2017-05-23 15:14 - 00000117 _____ C:\Windows\system32\netcfg-21624171.txt
2017-05-23 15:13 - 2017-05-23 20:08 - 00000039 _____ C:\Users\DEVENDRA\AppData\Local\{63BE1D37-80D5-4693-826C-3B6A361CE219}
2017-05-23 15:13 - 2017-05-23 15:13 - 00000000 ____D C:\Users\DEVENDRA\AppData\Local\{911C32B1-4371-4961-AFFC-C0DEF27C7EE3}
2017-05-23 15:12 - 2017-05-23 15:12 - 00000117 _____ C:\Windows\system32\netcfg-21544875.txt
2017-05-23 15:11 - 2017-05-23 15:11 - 00000117 _____ C:\Windows\system32\netcfg-21438921.txt
2017-05-23 15:10 - 2017-05-23 15:10 - 00000117 _____ C:\Windows\system32\netcfg-21417140.txt
2017-05-23 15:10 - 2017-05-23 15:10 - 00000117 _____ C:\Windows\system32\netcfg-21396718.txt
2017-05-23 15:04 - 2017-05-23 15:04 - 00000117 _____ C:\Windows\system32\netcfg-21064125.txt
2017-05-23 14:59 - 2017-05-23 14:59 - 00000117 _____ C:\Windows\system32\netcfg-20754781.txt
2017-05-23 12:49 - 2017-05-23 12:49 - 00000117 _____ C:\Windows\system32\netcfg-12953421.txt
2017-05-23 10:29 - 2017-05-23 10:29 - 00000117 _____ C:\Windows\system32\netcfg-4573656.txt
2017-05-23 10:28 - 2017-05-23 12:51 - 00000000 ____D C:\Windows\SysWOW64\NV
2017-05-23 10:28 - 2017-05-23 12:51 - 00000000 ____D C:\Windows\system32\NV
2017-05-23 10:27 - 2017-05-23 10:27 - 00000000 ____D C:\Program Files (x86)\VulkanRT
2017-05-23 10:27 - 2017-03-11 02:47 - 00536864 _____ C:\Windows\system32\vulkan-1.dll
2017-05-23 10:27 - 2017-03-11 02:47 - 00525600 _____ C:\Windows\SysWOW64\vulkan-1.dll
2017-05-23 10:27 - 2017-03-11 02:47 - 00254240 _____ C:\Windows\system32\vulkaninfo.exe
2017-05-23 10:27 - 2017-03-11 02:47 - 00233760 _____ C:\Windows\SysWOW64\vulkaninfo.exe
2017-05-23 10:21 - 2017-05-18 13:03 - 40201848 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2017-05-23 10:21 - 2017-05-18 13:03 - 35349440 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2017-05-23 10:21 - 2017-05-18 13:03 - 35282040 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2017-05-23 10:21 - 2017-05-18 13:03 - 28593088 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2017-05-23 10:21 - 2017-05-18 13:03 - 20066768 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2017-05-23 10:21 - 2017-05-18 13:03 - 16436488 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2017-05-23 10:21 - 2017-05-18 13:03 - 14271608 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2017-05-23 10:21 - 2017-05-18 13:03 - 13402816 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2017-05-23 10:21 - 2017-05-18 13:03 - 11056456 _____ (NVIDIA Corporation) C:\Windows\system32\nvptxJitCompiler.dll
2017-05-23 10:21 - 2017-05-18 13:03 - 11027968 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2017-05-23 10:21 - 2017-05-18 13:03 - 10551072 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2017-05-23 10:21 - 2017-05-18 13:03 - 09248328 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2017-05-23 10:21 - 2017-05-18 13:03 - 09014976 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvptxJitCompiler.dll
2017-05-23 10:21 - 2017-05-18 13:03 - 08808488 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2017-05-23 10:21 - 2017-05-18 13:03 - 03437688 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2017-05-23 10:21 - 2017-05-18 13:03 - 03020920 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2017-05-23 10:21 - 2017-05-18 13:03 - 01988216 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6438233.dll
2017-05-23 10:21 - 2017-05-18 13:03 - 01606592 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6438233.dll
2017-05-23 10:21 - 2017-05-18 13:03 - 01055680 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2017-05-23 10:21 - 2017-05-18 13:03 - 00993912 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2017-05-23 10:21 - 2017-05-18 13:03 - 00964216 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2017-05-23 10:21 - 2017-05-18 13:03 - 00914880 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2017-05-23 10:21 - 2017-05-18 13:03 - 00688968 _____ (NVIDIA Corporation) C:\Windows\system32\nvfatbinaryLoader.dll
2017-05-23 10:21 - 2017-05-18 13:03 - 00577728 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvfatbinaryLoader.dll
2017-05-23 10:21 - 2017-05-18 13:03 - 00153184 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2017-05-23 10:21 - 2017-05-18 13:03 - 00131536 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2017-05-23 10:21 - 2017-05-18 13:03 - 00038336 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvpciflt.sys
2017-05-23 10:21 - 2017-05-18 13:03 - 00000669 _____ C:\Windows\SysWOW64\nv-vk32.json
2017-05-23 10:21 - 2017-05-18 13:03 - 00000669 _____ C:\Windows\system32\nv-vk64.json
2017-05-23 10:20 - 2017-05-23 10:20 - 00000117 _____ C:\Windows\system32\netcfg-4009031.txt
2017-05-23 09:50 - 2017-05-23 09:50 - 00003814 _____ C:\Windows\System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-05-23 09:48 - 2017-05-04 01:51 - 00175736 _____ (NVIDIA Corporation) C:\Windows\system32\nvaudcap64v.dll
2017-05-23 09:48 - 2017-05-04 01:51 - 00143480 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2017-05-23 09:48 - 2017-05-04 01:51 - 00048248 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2017-05-23 09:31 - 2017-05-23 09:31 - 00000117 _____ C:\Windows\system32\netcfg-1077625.txt
2017-05-23 00:43 - 2017-05-23 00:43 - 00000117 _____ C:\Windows\system32\netcfg-215243078.txt
2017-05-23 00:39 - 2017-05-23 00:39 - 00000117 _____ C:\Windows\system32\netcfg-214990234.txt
2017-05-23 00:39 - 2017-05-23 00:39 - 00000117 _____ C:\Windows\system32\netcfg-214987671.txt
2017-05-22 23:20 - 2017-05-22 23:20 - 00047631 _____ C:\Users\DEVENDRA\Downloads\GA010045060517.pdf
2017-05-22 21:58 - 2017-05-22 21:58 - 00000117 _____ C:\Windows\system32\netcfg-205347125.txt
2017-05-22 20:42 - 2017-05-22 20:42 - 00000117 _____ C:\Windows\system32\netcfg-200780187.txt
2017-05-22 19:21 - 2017-05-22 19:22 - 00000117 _____ C:\Windows\system32\netcfg-195942828.txt
2017-05-22 19:20 - 2017-05-22 19:20 - 00000117 _____ C:\Windows\system32\netcfg-195865828.txt
2017-05-22 19:16 - 2017-05-22 19:16 - 00000117 _____ C:\Windows\system32\netcfg-195589093.txt
2017-05-22 01:47 - 2017-05-22 01:47 - 00000117 _____ C:\Windows\system32\netcfg-132679546.txt
2017-05-22 01:31 - 2017-05-23 00:15 - 1157698835 _____ C:\Users\DEVENDRA\Downloads\B347ty.4nd.Th3.B345t.17.br.sdm0v13sp01nt.c0m.mkv
2017-05-22 00:13 - 2017-05-22 00:13 - 00000117 _____ C:\Windows\system32\netcfg-127027125.txt
2017-05-21 23:42 - 2017-05-21 23:42 - 00000117 _____ C:\Windows\system32\netcfg-125187375.txt
2017-05-21 22:37 - 2017-05-21 22:37 - 00000117 _____ C:\Windows\system32\netcfg-121298765.txt
2017-05-21 22:36 - 2017-05-21 22:36 - 00000117 _____ C:\Windows\system32\netcfg-121248921.txt
2017-05-21 21:55 - 2017-05-21 21:55 - 00073279 _____ C:\Users\DEVENDRA\Downloads\fwdworksheets_vdp.zip
2017-05-21 21:27 - 2017-05-21 21:27 - 00000117 _____ C:\Windows\system32\netcfg-117112484.txt
2017-05-21 20:12 - 2017-05-21 20:12 - 00000117 _____ C:\Windows\system32\netcfg-112604171.txt
2017-05-21 19:22 - 2017-05-21 19:22 - 00000117 _____ C:\Windows\system32\netcfg-109600093.txt
2017-05-21 14:14 - 2017-05-21 14:14 - 00000117 _____ C:\Windows\system32\netcfg-91151828.txt
2017-05-21 14:08 - 2017-05-21 14:08 - 00000117 _____ C:\Windows\system32\netcfg-90758812.txt
2017-05-21 14:07 - 2017-05-21 14:07 - 00000117 _____ C:\Windows\system32\netcfg-90724546.txt
2017-05-21 13:55 - 2017-05-21 13:55 - 00005078 _____ C:\Users\DEVENDRA\Downloads\A010045060517E0014.pdf
2017-05-21 13:55 - 2017-05-21 13:55 - 00005059 _____ C:\Users\DEVENDRA\Downloads\A010045060517E0015.pdf
2017-05-21 13:35 - 2017-05-21 13:35 - 00000117 _____ C:\Windows\system32\netcfg-88766437.txt
2017-05-21 02:11 - 2017-05-21 02:11 - 00000117 _____ C:\Windows\system32\netcfg-47779718.txt
2017-05-20 23:56 - 2017-05-20 23:56 - 00000117 _____ C:\Windows\system32\netcfg-39643500.txt
2017-05-20 23:36 - 2017-05-20 23:36 - 00000117 _____ C:\Windows\system32\netcfg-38487937.txt
2017-05-20 21:51 - 2017-05-20 21:51 - 00000117 _____ C:\Windows\system32\netcfg-32177578.txt
2017-05-20 21:28 - 2017-05-20 21:28 - 00000117 _____ C:\Windows\system32\netcfg-30813031.txt
2017-05-20 20:21 - 2017-05-20 20:21 - 00000117 _____ C:\Windows\system32\netcfg-26794046.txt
2017-05-20 15:31 - 2017-05-20 15:31 - 00000117 _____ C:\Windows\system32\netcfg-9384265.txt
2017-05-20 14:23 - 2017-05-21 00:04 - 732468865 _____ C:\Users\DEVENDRA\Downloads\H1nd1.M3d17m.17.cm.sdm0v13sp01nt.c0m.mkv
2017-05-20 14:12 - 2017-05-20 14:12 - 00090525 _____ C:\Users\DEVENDRA\Music\Documents\164.100.129.99_cgl17_payment_verifypayment.jsp.pdf
2017-05-20 13:59 - 2017-05-20 13:59 - 00000117 _____ C:\Windows\system32\netcfg-3836265.txt
2017-05-20 13:59 - 2017-05-20 13:59 - 00000117 _____ C:\Windows\system32\netcfg-3834937.txt
2017-05-20 12:30 - 2017-05-20 12:30 - 00000117 _____ C:\Windows\system32\netcfg-269953109.txt
2017-05-20 12:26 - 2017-05-20 12:26 - 00000117 _____ C:\Windows\system32\netcfg-269755859.txt
2017-05-20 12:20 - 2017-05-20 12:20 - 00000117 _____ C:\Windows\system32\netcfg-269373218.txt
2017-05-20 12:20 - 2017-05-20 12:20 - 00000117 _____ C:\Windows\system32\netcfg-269372109.txt
2017-05-19 23:16 - 2017-05-19 23:16 - 00000117 _____ C:\Windows\system32\netcfg-222355296.txt
2017-05-19 09:05 - 2017-05-19 09:05 - 00000117 _____ C:\Windows\system32\netcfg-171320187.txt
2017-05-19 08:57 - 2017-05-19 08:57 - 00000117 _____ C:\Windows\system32\netcfg-170789921.txt
2017-05-19 01:33 - 2017-05-19 01:33 - 00000117 _____ C:\Windows\system32\netcfg-144150000.txt
2017-05-18 22:23 - 2017-05-18 22:23 - 00000117 _____ C:\Windows\system32\netcfg-132806671.txt
2017-05-18 22:22 - 2017-05-18 22:22 - 00000117 _____ C:\Windows\system32\netcfg-132707000.txt
2017-05-18 14:14 - 2017-05-18 14:14 - 00000117 _____ C:\Windows\system32\netcfg-103465828.txt
2017-05-18 14:03 - 2017-05-18 14:03 - 00000117 _____ C:\Windows\system32\netcfg-102791562.txt
2017-05-18 13:54 - 2017-05-18 13:54 - 00081855 _____ C:\Users\DEVENDRA\Downloads\CPO_15052017(1).pdf
2017-05-18 13:51 - 2017-05-18 13:51 - 00081855 _____ C:\Users\DEVENDRA\Downloads\CPO_15052017.pdf
2017-05-18 13:43 - 2017-05-18 13:43 - 00000117 _____ C:\Windows\system32\netcfg-101592171.txt
2017-05-18 01:51 - 2017-05-18 01:51 - 00000117 _____ C:\Windows\system32\netcfg-58866593.txt
2017-05-18 00:55 - 2017-05-18 00:55 - 00000117 _____ C:\Windows\system32\netcfg-55509640.txt
2017-05-18 00:55 - 2017-05-18 00:55 - 00000117 _____ C:\Windows\system32\netcfg-55507671.txt
2017-05-18 00:39 - 2017-05-18 00:39 - 00000117 _____ C:\Windows\system32\netcfg-54537015.txt
2017-05-18 00:02 - 2017-05-18 00:02 - 00000117 _____ C:\Windows\system32\netcfg-52342640.txt
2017-05-17 22:16 - 2017-05-17 22:16 - 00000117 _____ C:\Windows\system32\netcfg-45952000.txt
2017-05-17 22:16 - 2017-05-17 22:16 - 00000117 _____ C:\Windows\system32\netcfg-45951296.txt
2017-05-17 21:42 - 2017-05-17 21:42 - 00000117 _____ C:\Windows\system32\netcfg-43963500.txt
2017-05-17 21:39 - 2017-05-17 21:39 - 00000265 _____ C:\Users\DEVENDRA\Desktop\u.ini
2017-05-17 19:45 - 2017-05-17 19:45 - 00000117 _____ C:\Windows\system32\netcfg-36941500.txt
2017-05-17 19:43 - 2017-05-17 19:43 - 00007956 _____ C:\Users\DEVENDRA\Music\Documents\164.100.129.99_sicpo2017_payment_verifypayment.jsp.pdf
2017-05-17 19:33 - 2017-05-17 19:33 - 00000117 _____ C:\Windows\system32\netcfg-36184750.txt
2017-05-17 01:30 - 2017-05-05 00:20 - 00104279 ____H C:\Users\DEVENDRA\Downloads\xXx-The.Return.of.Xander.Cage.2017.720p-1080p.BluRay.x264-YIFY.srt
2017-05-17 01:28 - 2017-05-17 01:28 - 00000117 _____ C:\Windows\system32\netcfg-103161359.txt
2017-05-17 01:24 - 2017-05-17 01:24 - 00000117 _____ C:\Windows\system32\netcfg-102921437.txt
2017-05-17 01:12 - 2017-05-17 01:12 - 00000117 _____ C:\Windows\system32\netcfg-102172265.txt
2017-05-17 01:11 - 2017-05-17 01:11 - 00000117 _____ C:\Windows\system32\netcfg-102106734.txt
2017-05-17 01:08 - 2017-05-17 01:08 - 00000117 _____ C:\Windows\system32\netcfg-101929421.txt
2017-05-16 22:23 - 2017-05-16 22:23 - 00000117 _____ C:\Windows\system32\netcfg-92070265.txt
2017-05-16 22:23 - 2017-05-16 22:23 - 00000117 _____ C:\Windows\system32\netcfg-92057640.txt
2017-05-16 21:50 - 2017-05-16 21:50 - 00000117 _____ C:\Windows\system32\netcfg-90099375.txt
2017-05-16 19:33 - 2017-05-16 19:33 - 00000117 _____ C:\Windows\system32\netcfg-81847265.txt
2017-05-16 19:31 - 2017-05-16 19:31 - 01086227 _____ C:\Users\DEVENDRA\Music\Documents\Guidelines about SSC CGL 2017 post preferences.pdf
2017-05-16 19:20 - 2017-05-16 19:20 - 00000117 _____ C:\Windows\system32\netcfg-81075031.txt
2017-05-16 14:42 - 2017-05-16 14:42 - 00000117 _____ C:\Windows\system32\netcfg-64389609.txt
2017-05-16 14:25 - 2017-05-16 14:25 - 00000117 _____ C:\Windows\system32\netcfg-63375296.txt
2017-05-16 14:18 - 2017-05-16 14:18 - 00000117 _____ C:\Windows\system32\netcfg-62959828.txt
2017-05-16 13:50 - 2017-05-16 13:50 - 00000117 _____ C:\Windows\system32\netcfg-61314156.txt
2017-05-16 13:29 - 2017-05-16 13:29 - 00000117 _____ C:\Windows\system32\netcfg-60054343.txt
2017-05-16 12:54 - 2017-05-16 12:54 - 00000117 _____ C:\Windows\system32\netcfg-57939843.txt
2017-05-16 02:42 - 2017-05-16 02:42 - 00000117 _____ C:\Windows\system32\netcfg-21204406.txt
2017-05-15 23:56 - 2017-05-15 23:56 - 00000117 _____ C:\Windows\system32\netcfg-11263515.txt
2017-05-15 23:52 - 2017-05-15 23:52 - 00000117 _____ C:\Windows\system32\netcfg-10997187.txt
2017-05-15 23:49 - 2017-05-15 23:49 - 00000117 _____ C:\Windows\system32\netcfg-10844640.txt
2017-05-15 23:38 - 2017-05-15 23:38 - 00000117 _____ C:\Windows\system32\netcfg-10210140.txt
2017-05-15 21:22 - 2017-05-15 21:22 - 00000117 _____ C:\Windows\system32\netcfg-2047906.txt
2017-05-15 20:46 - 2017-05-15 20:46 - 00000117 _____ C:\Windows\system32\netcfg-405055765.txt
2017-05-15 19:21 - 2017-05-15 19:21 - 00000117 _____ C:\Windows\system32\netcfg-399971281.txt
2017-05-15 11:57 - 2017-05-15 11:57 - 00000117 _____ C:\Windows\system32\netcfg-373322250.txt
2017-05-15 10:52 - 2017-05-15 10:52 - 00000117 _____ C:\Windows\system32\netcfg-369398671.txt
2017-05-15 02:11 - 2017-05-15 02:11 - 00000117 _____ C:\Windows\system32\netcfg-338159921.txt
2017-05-15 02:10 - 2017-05-15 02:10 - 00000117 _____ C:\Windows\system32\netcfg-338132625.txt
2017-05-15 02:00 - 2017-05-15 02:00 - 00000117 _____ C:\Windows\system32\netcfg-337516015.txt
2017-05-15 00:33 - 2017-05-15 00:33 - 00000117 _____ C:\Windows\system32\netcfg-332285625.txt
2017-05-14 23:38 - 2017-05-14 23:38 - 00000117 _____ C:\Windows\system32\netcfg-328967765.txt
2017-05-14 23:36 - 2017-05-14 23:36 - 00000117 _____ C:\Windows\system32\netcfg-328870656.txt
2017-05-14 22:37 - 2017-05-14 22:37 - 00000117 _____ C:\Windows\system32\netcfg-325335875.txt
2017-05-14 21:48 - 2017-05-14 21:48 - 00000117 _____ C:\Windows\system32\netcfg-322385062.txt
2017-05-14 21:48 - 2017-05-14 21:48 - 00000117 _____ C:\Windows\system32\netcfg-322375421.txt
2017-05-14 21:08 - 2017-05-14 21:08 - 00000117 _____ C:\Windows\system32\netcfg-320002921.txt
2017-05-14 21:08 - 2017-05-14 21:08 - 00000117 _____ C:\Windows\system32\netcfg-320000250.txt
2017-05-14 21:07 - 2017-05-14 21:07 - 00000117 _____ C:\Windows\system32\netcfg-319925281.txt
2017-05-14 21:07 - 2017-05-14 21:07 - 00000117 _____ C:\Windows\system32\netcfg-319923828.txt
2017-05-14 21:01 - 2017-05-29 00:00 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-05-14 19:45 - 2017-05-14 19:46 - 00000117 _____ C:\Windows\system32\netcfg-315053187.txt
2017-05-14 00:47 - 2017-05-14 00:47 - 00000117 _____ C:\Windows\system32\netcfg-246769015.txt
2017-05-14 00:21 - 2017-05-14 00:21 - 00000117 _____ C:\Windows\system32\netcfg-245171140.txt
2017-05-14 00:19 - 2017-05-14 00:19 - 00000117 _____ C:\Windows\system32\netcfg-245058406.txt
2017-05-13 23:41 - 2017-05-30 23:27 - 00000000 ____D C:\Users\DEVENDRA\Desktop\utmp
2017-05-13 23:40 - 2017-05-13 23:40 - 00000117 _____ C:\Windows\system32\netcfg-242720546.txt
2017-05-13 23:40 - 2016-07-08 16:03 - 02628920 _____ C:\Users\DEVENDRA\Desktopᘃ.exe
2017-05-13 23:38 - 2017-05-13 23:38 - 00000117 _____ C:\Windows\system32\netcfg-242610390.txt
2017-05-13 22:28 - 2017-05-13 22:28 - 00019764 _____ C:\Users\DEVENDRA\Downloads\FP_1371491970 (1).pdf
2017-05-13 22:27 - 2017-05-13 22:27 - 00019764 _____ C:\Users\DEVENDRA\Downloads\FP_1371491970.pdf
2017-05-13 22:03 - 2017-05-13 22:03 - 00019762 _____ C:\Users\DEVENDRA\Downloads\FP_1371023996.pdf
2017-05-13 22:03 - 2017-05-13 22:03 - 00019762 _____ C:\Users\DEVENDRA\Downloads\FP_1371023996 (1).pdf
2017-05-13 21:52 - 2017-05-13 21:52 - 00000117 _____ C:\Windows\system32\netcfg-236282609.txt
2017-05-13 21:17 - 2017-05-13 21:17 - 00000117 _____ C:\Windows\system32\netcfg-234193562.txt
2017-05-13 20:08 - 2017-05-13 20:08 - 00000117 _____ C:\Windows\system32\netcfg-230049078.txt
2017-05-13 20:06 - 2017-05-13 20:06 - 00000117 _____ C:\Windows\system32\netcfg-229892921.txt
2017-05-13 19:40 - 2017-05-13 19:40 - 00000117 _____ C:\Windows\system32\netcfg-228367421.txt
2017-05-13 10:26 - 2017-05-13 10:26 - 00000117 _____ C:\Windows\system32\netcfg-195106781.txt
2017-05-13 10:06 - 2017-05-13 10:06 - 00000117 _____ C:\Windows\system32\netcfg-193943328.txt
2017-05-13 02:50 - 2017-05-13 02:50 - 00000117 _____ C:\Windows\system32\netcfg-167747046.txt
2017-05-13 01:16 - 2017-05-13 01:16 - 00000117 _____ C:\Windows\system32\netcfg-162145078.txt
2017-05-13 01:13 - 2017-05-13 01:13 - 00000117 _____ C:\Windows\system32\netcfg-161950765.txt
2017-05-13 01:12 - 2017-05-13 01:12 - 00000117 _____ C:\Windows\system32\netcfg-161893296.txt
2017-05-13 00:38 - 2017-05-13 00:38 - 00000117 _____ C:\Windows\system32\netcfg-159842125.txt
2017-05-13 00:36 - 2017-05-30 21:51 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-05-13 00:36 - 2017-05-13 00:36 - 00000117 _____ C:\Windows\system32\netcfg-159707953.txt
2017-05-13 00:35 - 2017-05-13 00:35 - 00001106 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2017-05-13 00:35 - 2017-05-13 00:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2017-05-13 00:35 - 2017-05-13 00:35 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-05-13 00:35 - 2017-05-13 00:35 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2017-05-13 00:35 - 2016-03-10 14:09 - 00065408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2017-05-13 00:35 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2017-05-13 00:35 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2017-05-13 00:33 - 2017-05-13 00:33 - 00000117 _____ C:\Windows\system32\netcfg-159521203.txt
2017-05-13 00:26 - 2017-05-13 00:26 - 00000117 _____ C:\Windows\system32\netcfg-159146781.txt
2017-05-13 00:26 - 2017-05-13 00:26 - 00000117 _____ C:\Windows\system32\netcfg-159145093.txt
2017-05-12 23:47 - 2017-05-12 23:47 - 00000117 _____ C:\Windows\system32\netcfg-156757421.txt
2017-05-12 23:42 - 2017-05-12 23:42 - 00000117 _____ C:\Windows\system32\netcfg-156504250.txt
2017-05-12 22:30 - 2017-05-12 22:30 - 00000117 _____ C:\Windows\system32\netcfg-152177703.txt
2017-05-12 22:28 - 2017-05-12 22:28 - 00000117 _____ C:\Windows\system32\netcfg-152052093.txt
2017-05-12 22:06 - 2017-05-12 22:06 - 00001083 _____ C:\Users\DEVENDRA\Pictures - Shortcut.lnk
2017-05-12 21:33 - 2017-05-12 21:33 - 00000117 _____ C:\Windows\system32\netcfg-148762968.txt
2017-05-12 19:49 - 2017-05-12 19:49 - 00000117 _____ C:\Windows\system32\netcfg-142489328.txt
2017-05-12 19:13 - 2017-05-12 19:13 - 00000117 _____ C:\Windows\system32\netcfg-140379015.txt
2017-05-12 19:07 - 2017-05-12 19:07 - 00000117 _____ C:\Windows\system32\netcfg-139998156.txt
2017-05-12 19:05 - 2017-05-12 19:05 - 00000117 _____ C:\Windows\system32\netcfg-139882625.txt
2017-05-12 19:00 - 2017-05-12 19:00 - 00000117 _____ C:\Windows\system32\netcfg-139552640.txt
2017-05-12 18:12 - 2017-05-12 18:12 - 00000117 _____ C:\Windows\system32\netcfg-136719359.txt
2017-05-12 00:32 - 2017-05-12 00:32 - 00000117 _____ C:\Windows\system32\netcfg-73123796.txt
2017-05-11 23:31 - 2017-05-11 23:31 - 00000117 _____ C:\Windows\system32\netcfg-69447953.txt
2017-05-11 23:10 - 2017-05-11 23:10 - 00000117 _____ C:\Windows\system32\netcfg-68181437.txt
2017-05-11 22:51 - 2017-05-11 22:52 - 00000117 _____ C:\Windows\system32\netcfg-67086609.txt
2017-05-11 22:48 - 2017-05-11 22:48 - 00000117 _____ C:\Windows\system32\netcfg-66902921.txt
2017-05-11 22:44 - 2017-05-11 22:44 - 00000117 _____ C:\Windows\system32\netcfg-66627687.txt
2017-05-11 22:39 - 2017-05-11 22:39 - 00000117 _____ C:\Windows\system32\netcfg-66350234.txt
2017-05-11 22:26 - 2017-05-11 22:26 - 00000117 _____ C:\Windows\system32\netcfg-65592781.txt
2017-05-11 15:37 - 2017-05-11 15:37 - 00000117 _____ C:\Windows\system32\netcfg-41051343.txt
2017-05-11 15:23 - 2017-05-11 15:23 - 00000117 _____ C:\Windows\system32\netcfg-40212734.txt
2017-05-11 01:09 - 2017-05-12 13:31 - 00000000 ____D C:\Program Files\Recuva
2017-05-11 01:09 - 2017-05-11 01:09 - 00001658 _____ C:\Users\Public\Desktop\Recuva.lnk
2017-05-11 01:09 - 2017-05-11 01:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Recuva
2017-05-11 01:08 - 2017-05-11 01:08 - 00000117 _____ C:\Windows\system32\netcfg-704593.txt
2017-05-11 01:06 - 2017-05-12 00:27 - 734340994 ____H C:\Users\DEVENDRA\Downloads\Xxx.R3t7rn.0f.X4nd3r.C4g3.17.br.sdm0v13sp01nt.c0m.mkv
2017-05-11 01:01 - 2017-05-11 01:01 - 00000117 _____ C:\Windows\system32\netcfg-271093.txt
2017-05-11 01:00 - 2017-05-11 01:00 - 00000117 _____ C:\Windows\system32\netcfg-209187.txt
2017-05-11 01:00 - 2017-05-11 01:00 - 00000117 _____ C:\Windows\system32\netcfg-190265.txt
2017-05-11 00:59 - 2017-05-11 00:59 - 00000117 _____ C:\Windows\system32\netcfg-124437.txt
2017-05-11 00:22 - 2017-05-11 00:22 - 00000000 ____D C:\Users\DEVENDRA\AppData\LocalLow\NuSan
2017-05-10 19:58 - 2017-05-10 19:58 - 00062178 _____ C:\Users\DEVENDRA\Music\Documents\Railway Recruitment Board devendra.pdf
2017-05-09 15:22 - 2017-05-09 15:22 - 00014428 _____ C:\Users\DEVENDRA\Downloads\mt (1).pdf
2017-05-09 15:22 - 2017-05-09 15:22 - 00010986 _____ C:\Users\DEVENDRA\Downloads\mt.pdf
2017-05-09 09:55 - 2017-05-09 09:55 - 00000000 ____D C:\Users\DEVENDRA\Downloads\PD
2017-05-09 00:15 - 2017-05-09 00:15 - 10551487 _____ C:\Users\DEVENDRA\Downloads\The Vitamix Cookbook 250 Delicious Whole Food Recipes to Make in Your Blender.epub
2017-05-09 00:11 - 2017-05-09 00:11 - 07979690 _____ C:\Users\DEVENDRA\Downloads\Homestyle Japanese Cooking.epub
2017-05-08 23:57 - 2017-05-30 23:56 - 00000000 ____D C:\Users\DEVENDRA\Music\Documents\My Digital Editions
2017-05-08 21:26 - 2017-05-08 21:26 - 00000117 _____ C:\Windows\system32\netcfg-1021436890.txt
2017-05-08 09:22 - 2017-05-08 09:22 - 00000117 _____ C:\Windows\system32\netcfg-978006078.txt
2017-05-08 08:29 - 2017-05-08 08:29 - 00000117 _____ C:\Windows\system32\netcfg-974841453.txt
2017-05-08 03:12 - 2017-05-08 03:12 - 00000117 _____ C:\Windows\system32\netcfg-955843062.txt
2017-05-07 22:45 - 2017-05-07 22:45 - 00000117 _____ C:\Windows\system32\netcfg-939810718.txt
2017-05-07 17:00 - 2017-05-07 17:00 - 00000117 _____ C:\Windows\system32\netcfg-919093796.txt
2017-05-07 15:34 - 2017-05-07 15:34 - 00000117 _____ C:\Windows\system32\netcfg-913984078.txt
2017-05-07 14:21 - 2017-05-07 14:21 - 00000117 _____ C:\Windows\system32\netcfg-909610578.txt
2017-05-07 14:05 - 2017-05-07 14:05 - 00000117 _____ C:\Windows\system32\netcfg-908633859.txt
2017-05-07 12:33 - 2017-05-07 12:33 - 00000117 _____ C:\Windows\system32\netcfg-903087171.txt
2017-05-07 11:46 - 2017-05-07 11:46 - 00000117 _____ C:\Windows\system32\netcfg-900309531.txt
2017-05-07 02:23 - 2017-05-07 02:23 - 00000117 _____ C:\Windows\system32\netcfg-866553078.txt
2017-05-06 22:22 - 2017-05-06 22:22 - 00000117 _____ C:\Windows\system32\netcfg-852067203.txt
2017-05-06 11:21 - 2017-05-06 11:21 - 00000117 _____ C:\Windows\system32\netcfg-812393453.txt
2017-05-06 10:25 - 2017-05-06 10:25 - 00000117 _____ C:\Windows\system32\netcfg-809057765.txt
2017-05-05 23:37 - 2017-05-05 23:37 - 00000117 _____ C:\Windows\system32\netcfg-770197703.txt
2017-05-05 22:03 - 2017-05-05 22:03 - 00000117 _____ C:\Windows\system32\netcfg-764555296.txt
2017-05-05 22:03 - 2017-05-05 22:03 - 00000117 _____ C:\Windows\system32\netcfg-764553640.txt
2017-05-05 21:37 - 2017-05-05 21:37 - 00000117 _____ C:\Windows\system32\netcfg-762983812.txt
2017-05-05 13:29 - 2017-05-05 13:29 - 00000117 _____ C:\Windows\system32\netcfg-733692140.txt
2017-05-05 11:59 - 2017-05-05 11:59 - 00000117 _____ C:\Windows\system32\netcfg-728308796.txt
2017-05-05 11:58 - 2017-05-05 11:58 - 00000000 ____D C:\ProgramData\Energy Management
2017-05-04 21:04 - 2017-05-04 21:04 - 00000117 _____ C:\Windows\system32\netcfg-674645203.txt
2017-05-04 20:13 - 2017-05-04 20:13 - 00000117 _____ C:\Windows\system32\netcfg-671546593.txt
2017-05-04 20:13 - 2017-05-04 20:13 - 00000117 _____ C:\Windows\system32\netcfg-671546328.txt
2017-05-04 20:10 - 2017-05-04 20:10 - 00000117 _____ C:\Windows\system32\netcfg-671353203.txt
2017-05-04 20:10 - 2017-05-04 20:10 - 00000117 _____ C:\Windows\system32\netcfg-671352359.txt
2017-05-04 19:35 - 2017-05-04 19:35 - 00000117 _____ C:\Windows\system32\netcfg-669265203.txt
2017-05-04 02:08 - 2017-05-04 02:08 - 00000117 _____ C:\Windows\system32\netcfg-606498203.txt
2017-05-03 23:45 - 2017-05-03 23:45 - 00000117 _____ C:\Windows\system32\netcfg-597912812.txt
2017-05-03 23:44 - 2017-05-03 23:44 - 00000117 _____ C:\Windows\system32\netcfg-597819656.txt
2017-05-03 23:04 - 2017-05-03 23:04 - 00000117 _____ C:\Windows\system32\netcfg-595453609.txt
2017-05-03 20:36 - 2017-05-03 20:36 - 00000117 _____ C:\Windows\system32\netcfg-586570468.txt
2017-05-03 19:11 - 2017-05-03 19:11 - 00000117 _____ C:\Windows\system32\netcfg-581472531.txt
2017-05-03 12:48 - 2017-05-03 12:48 - 00000117 _____ C:\Windows\system32\netcfg-558511140.txt
2017-05-03 12:25 - 2017-05-03 12:26 - 00188925 _____ C:\Users\DEVENDRA\Downloads\The-Beginner’s-Gym-Workout-Plan.pdf
2017-05-03 11:45 - 2017-05-03 11:45 - 00000117 _____ C:\Windows\system32\netcfg-554717281.txt
2017-05-03 00:18 - 2017-05-03 00:18 - 00000117 _____ C:\Windows\system32\netcfg-513500046.txt
2017-05-02 22:55 - 2017-05-02 22:55 - 00000117 _____ C:\Windows\system32\netcfg-508506375.txt
2017-05-02 03:32 - 2017-05-02 03:32 - 00000117 _____ C:\Windows\system32\netcfg-438775000.txt
2017-05-02 03:13 - 2017-05-02 03:13 - 00000117 _____ C:\Windows\system32\netcfg-437586625.txt
2017-05-02 03:13 - 2017-05-02 03:13 - 00000117 _____ C:\Windows\system32\netcfg-437584000.txt
2017-05-01 21:16 - 2017-05-01 21:16 - 00000117 _____ C:\Windows\system32\netcfg-416159078.txt
2017-05-01 00:33 - 2017-05-01 00:33 - 00000117 _____ C:\Windows\system32\netcfg-341606859.txt

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-05-31 00:28 - 2017-04-18 00:16 - 00000000 ____D C:\Users\DEVENDRA\Downloads\Compressed
2017-05-31 00:24 - 2015-05-12 23:49 - 00000000 ____D C:\Users\DEVENDRA\AppData\Roaming\IDM
2017-05-31 00:18 - 2012-07-26 13:42 - 00000000 ____D C:\Windows\system32\NDF
2017-05-31 00:18 - 2012-07-26 11:07 - 00000000 ____D C:\Windows\Inf
2017-05-30 23:34 - 2016-10-08 09:45 - 00000000 ____D C:\Users\DEVENDRA\AppData\LocalLow\Mozilla
2017-05-30 23:29 - 2016-10-10 10:55 - 00000000 ____D C:\Users\DEVENDRA\AppData\Local\CrashDumps
2017-05-30 23:26 - 2015-05-12 23:49 - 00000000 ____D C:\Users\DEVENDRA\AppData\Roaming\DMCache
2017-05-30 21:54 - 2016-10-09 14:13 - 00000000 ____D C:\ProgramData\NVIDIA
2017-05-30 21:52 - 2017-04-29 22:37 - 00000600 _____ C:\Users\DEVENDRA\PUTTY.RND
2017-05-30 21:51 - 2016-10-15 18:41 - 00000850 _____ C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
2017-05-30 18:59 - 2012-07-26 13:29 - 00000000 ____D C:\Windows\CbsTemp
2017-05-29 22:25 - 2012-07-26 12:52 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-05-29 22:24 - 2012-07-26 10:56 - 00524288 ___SH C:\Windows\system32\config\BBI
2017-05-29 15:16 - 2015-05-12 23:41 - 00000000 ____D C:\Users\DEVENDRA\AppData\Roaming\vlc
2017-05-29 00:00 - 2016-10-08 09:44 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-05-25 21:26 - 2015-05-12 22:36 - 00000000 ____D C:\Users\DEVENDRA
2017-05-25 21:20 - 2015-10-28 06:14 - 00000000 ____D C:\ProgramData\SecTaskMan
2017-05-24 22:12 - 2012-07-26 13:42 - 00000000 ___HD C:\Program Files\WindowsApps
2017-05-24 22:12 - 2012-07-26 13:42 - 00000000 ____D C:\Windows\AUInstallAgent
2017-05-23 20:07 - 2015-05-28 03:11 - 00000000 ____D C:\Windows\Minidump
2017-05-23 20:07 - 2012-07-26 13:42 - 00000000 ____D C:\Windows\ModemLogs
2017-05-23 14:58 - 2015-05-29 20:09 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2017-05-23 10:26 - 2015-05-29 20:08 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2017-05-23 10:26 - 2015-05-29 20:05 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2017-05-23 09:51 - 2015-10-30 02:12 - 00000000 ____D C:\Users\DEVENDRA\AppData\Local\NVIDIA
2017-05-23 09:50 - 2017-03-25 19:47 - 00001416 _____ C:\Users\Public\Desktop\GeForce Experience.lnk
2017-05-23 09:50 - 2017-03-25 19:46 - 00003852 _____ C:\Windows\System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-05-23 09:49 - 2017-03-25 19:45 - 00004146 _____ C:\Windows\System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-05-23 09:49 - 2017-03-25 19:43 - 00003738 _____ C:\Windows\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-05-23 09:49 - 2017-03-25 19:43 - 00003738 _____ C:\Windows\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-05-23 09:49 - 2017-03-25 19:43 - 00003730 _____ C:\Windows\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-05-23 09:49 - 2017-03-25 19:43 - 00003554 _____ C:\Windows\System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-05-23 09:49 - 2017-03-25 19:43 - 00003494 _____ C:\Windows\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-05-18 13:03 - 2017-03-25 19:43 - 00001951 _____ C:\Windows\NvTelemetryContainerRecovery.bat
2017-05-18 13:03 - 2016-10-09 13:59 - 17426520 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2017-05-18 13:03 - 2016-10-09 13:59 - 04090016 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2017-05-18 13:03 - 2016-10-09 13:59 - 03603672 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2017-05-18 13:03 - 2016-10-09 13:59 - 00491208 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2017-05-18 13:03 - 2016-10-09 13:59 - 00406736 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2017-05-18 13:03 - 2016-10-09 13:59 - 00170360 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2017-05-18 13:03 - 2016-10-09 13:59 - 00148200 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2017-05-18 13:03 - 2016-10-09 13:59 - 00042897 _____ C:\Windows\system32\nvinfo.pb
2017-05-18 13:03 - 2015-05-17 15:40 - 00513144 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2017-05-18 13:03 - 2015-05-17 15:40 - 00418752 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2017-05-18 11:25 - 2017-03-25 19:43 - 00001951 _____ C:\Windows\NvContainerRecovery.bat
2017-05-18 11:18 - 2016-10-09 14:13 - 06437824 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2017-05-18 11:18 - 2016-10-09 14:13 - 02479736 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2017-05-18 11:18 - 2016-10-09 14:13 - 01762936 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2017-05-18 11:18 - 2016-10-09 14:13 - 00548984 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshext.dll
2017-05-18 11:18 - 2016-10-09 14:13 - 00392312 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2017-05-18 11:18 - 2016-10-09 14:13 - 00146880 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\oemdspif.dll
2017-05-18 11:18 - 2016-10-09 14:13 - 00081856 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshextr.dll
2017-05-18 11:18 - 2016-10-09 14:13 - 00069752 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2017-05-16 23:39 - 2016-10-09 14:13 - 07993157 _____ C:\Windows\system32\nvcoproc.bin
2017-05-15 02:10 - 2017-04-19 02:11 - 00000000 ____D C:\Users\DEVENDRA\Downloads\Video
2017-05-13 00:10 - 2017-03-21 11:05 - 00002195 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-05-13 00:10 - 2017-03-21 11:05 - 00002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-05-11 14:23 - 2017-03-09 22:13 - 00000000 ____D C:\Users\Administrator
2017-05-11 14:23 - 2017-03-09 20:08 - 00000000 ___HD C:\Windows\system32\WLANProfiles
2017-05-11 14:23 - 2016-07-27 23:19 - 00000000 ____D C:\Windows\System32\Tasks\AVAST Software
2017-05-11 14:23 - 2015-08-14 00:10 - 00000000 ____D C:\Users\DEVENDRA\AppData\Roaming\TypingMaster10
2017-05-11 14:22 - 2012-07-26 13:42 - 00000000 ____D C:\Windows\registration
2017-05-11 03:05 - 2012-07-26 13:42 - 00000000 ____D C:\PerfLogs
2017-05-08 17:27 - 2016-10-15 18:41 - 00000852 _____ C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
2017-05-04 01:51 - 2017-03-25 19:47 - 01893496 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2017-05-04 01:51 - 2017-03-25 19:47 - 01755256 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll
2017-05-04 01:51 - 2017-03-25 19:47 - 01477240 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2017-05-04 01:51 - 2017-03-25 19:47 - 01317496 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll
2017-05-04 01:51 - 2017-03-25 19:47 - 00121464 _____ C:\Windows\system32\NvRtmpStreamer64.dll

==================== Files in the root of some directories =======

2015-05-25 04:20 - 2015-05-25 04:20 - 50063360 _____ () C:\Program Files (x86)\GUT37E5.tmp
2015-10-30 00:40 - 2015-10-30 00:40 - 0000027 _____ () C:\Users\DEVENDRA\AppData\Roaming\troirtc
2015-05-19 16:07 - 2016-02-07 12:33 - 0003584 _____ () C:\Users\DEVENDRA\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-12-30 00:37 - 2015-12-30 00:37 - 0000017 _____ () C:\Users\DEVENDRA\AppData\Local\resmon.resmoncfg
2017-05-23 15:13 - 2017-05-23 20:08 - 0000039 _____ () C:\Users\DEVENDRA\AppData\Local\{63BE1D37-80D5-4693-826C-3B6A361CE219}
2016-08-08 22:59 - 2016-08-08 22:59 - 0000000 _____ () C:\Users\DEVENDRA\AppData\Local\{7DBFD2B8-FD52-41D4-BAA1-3DBC9DC1B901}
2015-05-17 11:54 - 2011-07-12 15:50 - 0135168 _____ () C:\ProgramData\ChgService.exe

Files to move or delete:
====================
C:\ProgramData\ChgService.exe


==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-05-29 22:49

==================== End of FRST.txt ============================

 

Addition.txt :-

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 28-05-2017
Ran by DEVENDRA (31-05-2017 00:34:38)
Running from C:\Users\DEVENDRA\Downloads\Programs
Windows 8 Pro (X64) (2015-05-12 17:06:05)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2231448702-2167641444-2541206904-500 - Administrator - Disabled) => C:\Users\Administrator
DEVENDRA (S-1-5-21-2231448702-2167641444-2541206904-1001 - Administrator - Enabled) => C:\Users\DEVENDRA
Guest (S-1-5-21-2231448702-2167641444-2541206904-501 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Acrobat.com (HKLM-x32\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1.377 - Adobe Systems Incorporated)
Acrobat.com (x32 Version: 0.0.0 - Adobe Systems Incorporated) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 23.0.0.257 - Adobe Systems Incorporated)
Adobe Digital Editions 4.5 (HKLM-x32\...\Adobe Digital Editions 4.5) (Version: 4.5.2 - Adobe Systems Incorporated)
Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.210 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Ansel (Version: 382.33 - NVIDIA Corporation) Hidden
AVG Anti-Spyware 7.5 (HKLM-x32\...\AVGAntiSpyware75) (Version:  - Grisoft Ltd.)
CCleaner (HKLM\...\CCleaner) (Version: 5.22 - Piriform)
doPDF (Version: 8.2.929 - Softland) Hidden
doPDF 8 (HKLM-x32\...\{1922fb50-7bb8-4221-8187-60436f4e3f87}) (Version: 8.2.929 - Softland)
Energy Management (HKLM-x32\...\InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}) (Version: 8.0.2.5 - Lenovo)
Energy Management (x32 Version: 8.0.2.5 - Lenovo) Hidden
ETDWare PS/2-X64 10.4.4.4_WHQL (HKLM\...\Elantech) (Version: 10.4.4.4 - ELAN Microelectronic Corp.)
GOM Player (HKLM-x32\...\GOM Player) (Version: 2.2.71.5231 - Gretech Corporation)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 58.0.3029.110 - Google Inc.)
Google Update Helper (x32 Version: 1.3.21.123 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.33.5 - Google Inc.) Hidden
Intel® Manageability Engine Firmware Recovery Agent (HKLM-x32\...\{A6C48A9F-694A-4234-B3AA-62590B668927}) (Version: 1.0.0.36354 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2843 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.5.4.1001 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{475ea806-cb2a-455b-bb1b-9f99342b2fe2}) (Version: 19.40.0 - Intel Corporation)
Internet Download Manager (HKLM-x32\...\Internet Download Manager) (Version:  - )
Lenovo Bluetooth with Enhanced Data Rate Software (HKLM\...\{C6D9ED03-6FCF-4410-9CB7-45CA285F9E11}) (Version: 12.0.0.3600 - Broadcom Corporation)
Lenovo EasyCamera (HKLM-x32\...\{ADE16A9D-FBDC-4ECC-B6BD-9C31E51D0333}) (Version: 1.11.1214.1 - Lenovo EasyCamera)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft Office Professional Plus 2013 (HKLM-x32\...\Office15.PROPLUSR) (Version: 15.0.4420.1017 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Mozilla Firefox 54.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 54.0 (x86 en-US)) (Version: 54.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 54.0.0.6354 - Mozilla)
novaPDF 8 add-in for Microsoft Office (x64) (HKLM\...\{17E7C163-EB00-4829-B5FC-F5FB92D22163}) (Version: 8.2.929 - Softland)
novaPDF 8 add-in for Microsoft Office (x86) (HKLM-x32\...\{C4327631-0186-4EFF-A504-D468CB087D01}) (Version: 8.2.929 - Softland)
novaPDF 8 Printer Driver (HKLM\...\{48CFCB4B-0488-4711-B54E-E8E3F5929166}) (Version: 8.2.929 - Softland)
NVIDIA GeForce Experience 3.6.0.74 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.6.0.74 - NVIDIA Corporation)
NVIDIA Graphics Driver 382.33 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 382.33 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.17.0329 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.17.0329 - NVIDIA Corporation)
NvNodejs (Version: 3.6.0.74 - NVIDIA Corporation) Hidden
NvTelemetry (Version: 2.4.10.0 - NVIDIA Corporation) Hidden
NvvHci (Version: 2.02.0.5 - NVIDIA Corporation) Hidden
Outils de vérification linguistique 2013 de Microsoft Office - Français (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Recuva (HKLM\...\Recuva) (Version: 1.53 - Piriform)
Security Task Manager 2.1d (HKLM-x32\...\Security Task Manager) (Version: 2.1d - Neuber Software)
SHIELD Streaming (Version: 7.1.0370 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 3.6.0.74 - NVIDIA Corporation) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
Vulkan Run Time Libraries 1.0.42.1 (HKLM\...\VulkanRT1.0.42.1) (Version: 1.0.42.1 - LunarG, Inc.)
Windows Driver Package - Lenovo (ACPIVPC) System  (06/15/2012 8.1.0.1) (HKLM\...\71BC3FD63F450BA0A957AAECBDB4A000C4F2BE42) (Version: 06/15/2012 8.1.0.1 - Lenovo)
Windows Driver Package - Lenovo (WUDFRd) LenovoVhid  (06/19/2012 10.13.29.733) (HKLM\...\8A223E56FB1ED4F697B54E5BF96F1EB63B512684) (Version: 06/19/2012 10.13.29.733 - Lenovo)
WinRAR 5.30 beta 5 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.30.5 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {05E51391-9802-4B29-921F-4C1EB211A5C3} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-05-04] (NVIDIA Corporation)
Task: {05ECBE50-987C-464C-858F-3FA2FB354D0A} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2017-05-04] (NVIDIA Corporation)
Task: {0BC501CE-04E9-4DFC-8075-57E4FC2FF9F0} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-05-04] (NVIDIA Corporation)
Task: {10B056D5-5BC0-4A3B-A996-8AACF03819C3} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2017-05-04] (NVIDIA Corporation)
Task: {1FD7972F-5BAD-4DF2-89C7-5BB83333ABEF} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-03-22] (Google Inc.)
Task: {2E5AE158-A651-4841-9A94-D397971E4C63} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-03-22] (Google Inc.)
Task: {4C65C548-4D0F-47B5-85FE-30BA42EE6E82} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-13] (Adobe Systems Incorporated)
Task: {4C71F94F-B831-499C-9174-8854DBFDE7FD} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-05-04] (NVIDIA Corporation)
Task: {5E670C39-1CA5-4029-A5A3-AB620F5AA3F9} - System32\Tasks\doPDF Update => C:\Program Files\Softland\novaPDF 8\Driver\UpdateApplication.exe [2015-02-27] ()
Task: {6208C938-3958-40B4-A882-D6B54788D632} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-08-27] (Piriform Ltd)
Task: {6C26FB22-CCAF-465E-A428-E0696F2D55E4} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d => C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe [2012-04-16] (Intel Corporation)
Task: {7E070BB9-3986-4CF4-B3E0-123D8B4307A0} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)
Task: {887EF070-A3B4-4167-B6C7-408DCDC0F3EF} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => %ProgramFiles%\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe
Task: {9EF6BAB4-F32C-4108-8B62-E1B85C6B8B93} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 => %ProgramFiles(x86)%\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe
Task: {A4AA4C8E-E443-436D-BF29-A9E22B1EB9BC} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon => C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe [2012-04-16] (Intel Corporation)
Task: {AA7E2227-4C16-429B-9D88-C44D6DC91959} - System32\Tasks\AviraScoutUpdateTaskMachineCore => C:\Program Files (x86)\Avira\Scout Update\ScoutUpdate.exe
Task: {AB96251E-413E-4346-A4EB-30CCC6D4133D} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2017-05-04] (NVIDIA Corporation)
Task: {C8C047EC-7693-4846-A83F-9D6526728AF7} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-05-04] (NVIDIA Corporation)
Task: {CE69B4EE-CBBF-4A9A-8691-3ADB3275BED8} - System32\Tasks\{9BA5EC21-E494-4432-93D0-36235C083D38} => pcalua.exe -a C:\Users\DEVENDRA\Downloads\Programs\OutpostFreeInstall.exe -d C:\Users\DEVENDRA\AppData\Roaming\IDM\DwnlData\DEVENDRA\ADVERISEMENT-Recruitment-Clerk_588
Task: {D8CDBF09-1DD9-46D7-9817-742FC0F710EB} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2017-01-29] (AVAST Software)
Task: {E733A8E9-9F6A-43B7-9468-72BBF68CED28} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [2017-05-04] (NVIDIA Corporation)
Task: {EDA517EE-9A20-4460-89F5-B72306D58CDA} - System32\Tasks\AviraScoutUpdateTaskMachineUA => C:\Program Files (x86)\Avira\Scout Update\ScoutUpdate.exe
Task: {F1940F51-9A73-4438-91BD-38FD77A6628E} - System32\Tasks\{851E20D7-00C9-42E3-B8F1-A8F7E39D2A4F} => pcalua.exe -a C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_18_0_0_210_Plugin.exe -c -maintain plugin
Task: {F82BC176-22D0-4E64-B1D7-DA4E0D80D6C3} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)
Task: {FA2B677A-A8DB-4C7D-8263-F5D248D74E64} - System32\Tasks\{E72E816E-7DE6-49DB-99D0-44507567DB5A} => pcalua.exe -a "C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Application Installer.exe" -c -uninstall com.adobe.mauby 4875E02D9FB21EE389F73B8D1702B320485DF8CE.1

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\DriverToolkit Autorun.job => C:\Program Files (x86)\DriverToolkit\DriverToolkit.exe
Task: C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job => C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe
Task: C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job => C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2010-05-14 05:18 - 2010-05-13 23:48 - 00192512 _____ () C:\Windows\System32\zlhp1020.dll
2017-04-14 05:43 - 2010-05-13 23:48 - 00065024 _____ () C:\Windows\system32\spool\PRTPROCS\x64\pphp1020.dll
2012-10-21 20:22 - 2012-10-21 20:22 - 00047480 _____ () C:\Program Files\Lenovo\Bluetooth Software\btwleapi.dll
2015-05-17 11:54 - 2011-07-12 15:50 - 00135168 _____ () C:\ProgramData\ChgService.exe
2015-02-27 12:49 - 2015-02-27 12:49 - 00137368 _____ () C:\Program Files\Softland\novaPDF 8\Server\AgileDotNetRT64.dll
2015-02-27 12:49 - 2015-02-27 12:49 - 00034592 _____ () C:\Program Files\Softland\novaPDF 8\Server\CryptUtil.dll
2015-02-27 12:49 - 2015-02-27 12:49 - 00026912 _____ () C:\Program Files\Softland\novaPDF 8\Server\WAFServicePlugin.dll
2017-03-25 19:44 - 2017-05-04 01:51 - 01267320 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll
2012-10-01 20:34 - 2012-10-01 20:34 - 06522480 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2015-05-17 15:33 - 2012-08-23 16:07 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2016-01-06 22:11 - 2016-01-06 22:11 - 00062168 _____ () C:\Program Files\CCleaner\branding.dll
2016-10-27 22:05 - 2016-10-27 22:05 - 00016384 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\PSIClient\ab143d519d0ae1b99e9765d1cb0e9d91\PSIClient.ni.dll
2016-10-15 18:40 - 2012-06-25 10:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll
2017-03-25 19:44 - 2017-05-04 01:51 - 01040504 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\libprotobuf.dll
2012-10-01 20:33 - 2012-10-01 20:33 - 06522480 _____ () C:\Program Files (x86)\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2015-09-23 14:56 - 2015-09-23 14:56 - 00413696 _____ () C:\Program Files (x86)\GRETECH\GomPlayer\GomTVStrm.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Driver => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Guard => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AVG Anti-Spyware Driver => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AVG Anti-Spyware Guard => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2012-07-26 10:56 - 2012-07-26 10:56 - 00000824 _____ C:\Windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2231448702-2167641444-2541206904-1001\Control Panel\Desktop\\Wallpaper -> D:\Pictures\gotham1.png
DNS Servers: Media is not connected to internet.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

HKLM\...\StartupApproved\StartupFolder: => "avast! SecureLine.lnk"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKU\S-1-5-21-2231448702-2167641444-2541206904-1001\...\StartupApproved\StartupFolder: => "Send to OneNote.lnk"
HKU\S-1-5-21-2231448702-2167641444-2541206904-1001\...\StartupApproved\Run: => "IDMan"
HKU\S-1-5-21-2231448702-2167641444-2541206904-1001\...\StartupApproved\Run: => "AutoVPNConnect"
HKU\S-1-5-21-2231448702-2167641444-2541206904-1001\...\StartupApproved\Run: => "CyberGhost"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{2184045A-BC9C-45B1-8837-D8C35B53469E}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{E98B8472-DD37-4FF5-98F7-89896E93E369}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{EAA5C273-00E5-42EB-A970-229CC4AF12A5}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{30B4AC40-EC08-4590-B8E5-B21C2888D2F8}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{26675500-78B3-4E45-9EE2-10BF71216397}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{85A8474E-BA42-4EAE-BA3B-95573A0F6D63}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{FF810584-595A-454A-96AD-4CE12A50B308}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{5EC791E6-0AFF-4EF1-8F23-EDD3CFE1792E}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{D2994710-8CC3-4983-9290-0572B73E839C}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

Check "winmgmt" service or repair WMI.


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (05/31/2017 12:30:04 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program AcroRd32.exe version 11.0.10.32 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 958

Start Time: 01d2d961015682a2

Termination Time: 364

Application Path: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe

Report Id: 29bfd2d4-456a-11e7-bfad-08edb9a6d56e

Faulting package full name:

Faulting package-relative application ID:

Error: (05/31/2017 12:25:46 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: PIYUSH)
Description: Activation of app microsoft.windowsphotos_8wekyb3d8bbwe!Microsoft.WindowsLive.ModernPhotos failed with error: -2147023170 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (05/31/2017 12:25:46 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: PIYUSH)
Description: Activation of app microsoft.windowsphotos_8wekyb3d8bbwe!Microsoft.WindowsLive.ModernPhotos failed with error: -2147023170 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (05/31/2017 12:23:17 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xC004F074
Command-line arguments:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=a98bcd6d-5343-4603-8afe-5908e4611112;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (05/30/2017 09:53:18 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xC004F074
Command-line arguments:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=a98bcd6d-5343-4603-8afe-5908e4611112;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (05/30/2017 09:53:15 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xC004F074
Command-line arguments:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=a98bcd6d-5343-4603-8afe-5908e4611112;NotificationInterval=1440;Trigger=UserLogon;SessionId=3

Error: (05/30/2017 07:08:11 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xC004F074
Command-line arguments:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=a98bcd6d-5343-4603-8afe-5908e4611112;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (05/30/2017 06:36:29 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xC004F074
Command-line arguments:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=a98bcd6d-5343-4603-8afe-5908e4611112;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (05/30/2017 06:36:26 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xC004F074
Command-line arguments:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=a98bcd6d-5343-4603-8afe-5908e4611112;NotificationInterval=1440;Trigger=UserLogon;SessionId=1

Error: (05/30/2017 10:13:42 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program wusa.exe version 6.2.9200.16384 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1790

Start Time: 01d2d8fedd653a1a

Termination Time: 4294967295

Application Path: C:\Windows\system32\wusa.exe

Report Id: 8d88e4d9-44f2-11e7-bfad-08edb9a6d56e

Faulting package full name:

Faulting package-relative application ID:


System errors:
=============
Error: (05/31/2017 12:37:40 AM) (Source: DCOM) (EventID: 10010) (User: PIYUSH)
Description: The server {F32D97DF-E3E5-4CB9-9E3E-0EB5B4E49801} did not register with DCOM within the required timeout.

Error: (05/30/2017 10:13:59 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x800706be: Update for Windows (KB2885698).

Error: (05/30/2017 12:49:46 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 70.

Error: (05/30/2017 12:35:45 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {F87B28F1-DA9A-4F35-8EC0-800EFCF26B83} did not register with DCOM within the required timeout.

Error: (05/27/2017 11:51:18 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 10. The Windows SChannel error state is 10.

Error: (05/27/2017 11:00:42 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 10. The Windows SChannel error state is 10.

Error: (05/26/2017 10:06:12 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 10. The Windows SChannel error state is 10.

Error: (05/26/2017 09:19:26 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {F87B28F1-DA9A-4F35-8EC0-800EFCF26B83} did not register with DCOM within the required timeout.

Error: (05/23/2017 09:09:59 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 8:48:35 PM on ‎5/‎23/‎2017 was unexpected.

Error: (05/23/2017 09:13:48 AM) (Source: volmgr) (EventID: 46) (User: )
Description: Crash dump initialization failed!


==================== Memory info ===========================

Processor: Intel® Core™ i3-2330M CPU @ 2.20GHz
Percentage of memory in use: 41%
Total physical RAM: 1893.41 MB
Available physical RAM: 1112.89 MB
Total Virtual: 3813.41 MB
Available Virtual: 2119.46 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:104.29 GB) (Free:63.17 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (Local Disk) (Fixed) (Total:171.57 GB) (Free:82.93 GB) NTFS
Drive e: () (Fixed) (Total:188.6 GB) (Free:41.74 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: C3FFC3FF)
Partition 1: (Active) - (Size=104.3 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=360.2 GB) - (Type=OF Extended)

==================== End of Addition.txt ============================


  • 0

#4
zep516
Posted 01 June 2017 - 09:02 AM

zep516

    Trusted Helper

  • Malware Removal
  • 8,090 posts
Hello,

Sorry for some delay here. I'll be with you as soon as possible.

Thanks
Joe :)


A few items to fix

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
Open notepad (Start =>All Programs => Accessories => Notepad).
Copy/Paste the contents of the code box below into Notepad.
start
CloseProcesses:
CreateRestorePoint:
ShellExecuteHooks-x32: No Name - {57B86673-276A-48B2-BAE7-C6DBB3020EB8} -  -> No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
R2 Change Modem Device Service; C:\ProgramData\ChgService.exe [135168 2011-07-12] () [File not signed] <==== ATTENTION
C:\ProgramData\ChgService.exe
S2 0094821477171173mcinstcleanup; C:\Windows\TEMP\009482~1.EXE -cleanup -nolog [X]
U0 aswVmm; no ImagePath
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Driver => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Guard => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AVG Anti-Spyware Driver => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AVG Anti-Spyware Guard => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
CMD: ipconfig /flushdns
Emptytemp:
  • Click Format and ensure Wordwrap is unchecked.
  • Save as Fixlist.txt to your Desktop (Must be in this location)
  • Run FRST/FRST64 and press the Fix button just once and wait.
  • If the tool needed a restart please make sure you let the system to restart normally and let the tool completes its run after restart.
  • The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.
  • Note: If the tool warns you about the version you're using being an outdated version please download and run the updated version.

    Next

    Download AdwCleaner from here. Save the file to the desktop.
    NOTE: If you are using IE 8 or above you may get a warning that stops the program from downloading. Just click on the warning and allow the download to complete.
    Close all open windows and browsers.
    • XP users: Double click the AdwCleaner icon to start the program.
    • Vista/7/8 users: Right click the AdwCleaner icon on the desktop, click Run as administrator and accept the UAC prompt to run AdwCleaner.
      You will see the following console:
    iO5EZayK.png
    • Click the Scan button and wait for the scan to finish.
    • After the Scan has finished the window may or may not show what it found and above, in the progress bar, you will see: Pending. Please uncheck elements you don't want to remove.
    • Click the Clean button.
    • Everything checked will be moved to Quarantine.
    • When the program has finished cleaning a report appears.Once done it will ask to reboot, allow this
    adwcleaner_delete_restart.jpg
    • On reboot a log will be produced please copy / paste that in your next reply. This report is also saved to C:\AdwCleaner\AdwCleaner[C0].txt

  • 0

#5
sanguine lo
Posted 01 June 2017 - 12:56 PM

sanguine lo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts

I have a doubt here, i didn't save Farbar Recovery Scan Tool on desktop instead in C:\Users\DEVENDRA\Downloads\Programs location and ran it there so shoudl i save this Fixlist.txt file on desktop or in the same location where i ran scan tool earlier??

May be it is a dumb question but i am quite a novice so i want to be a bit meticulous. Hope you understand  :cool:


  • 0

#6
zep516
Posted 01 June 2017 - 01:28 PM

zep516

    Trusted Helper

  • Malware Removal
  • 8,090 posts
Hello,

shoud i save this Fixlist.txt file on desktop or in the same location where i ran scan tool earlier??

Save the fixlist to where you ran Farber Recovery Scan tool from.

Farber Recovery Scan Tool or (FRST) and the fixlist must always be next door neighbors or in the same location.

Thanks
Joe
  • 0

#7
sanguine lo
Posted 02 June 2017 - 09:20 PM

sanguine lo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts

did what you said. Here is the fixlog :-

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 02-06-2017
Ran by DEVENDRA (03-06-2017 08:36:12) Run:1
Running from C:\Users\DEVENDRA\Downloads\Programs
Loaded Profiles: DEVENDRA (Available Profiles: DEVENDRA & Administrator)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
start
CloseProcesses:
CreateRestorePoint:
ShellExecuteHooks-x32: No Name - {57B86673-276A-48B2-BAE7-C6DBB3020EB8} -  -> No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
R2 Change Modem Device Service; C:\ProgramData\ChgService.exe [135168 2011-07-12] () [File not signed] <==== ATTENTION
C:\ProgramData\ChgService.exe
S2 0094821477171173mcinstcleanup; C:\Windows\TEMP\009482~1.EXE -cleanup -nolog [X]
U0 aswVmm; no ImagePath
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Driver => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Guard => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AVG Anti-Spyware Driver => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AVG Anti-Spyware Guard => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
CMD: ipconfig /flushdns
Emptytemp:
*****************
 
Processes closed successfully.
Restore point was successfully created.
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\ShellExecuteHooks\\{57B86673-276A-48B2-BAE7-C6DBB3020EB8} => value removed successfully
HKCR\Wow6432Node\CLSID\{57B86673-276A-48B2-BAE7-C6DBB3020EB8} => key not found. 
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast => key removed successfully
HKCR\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => key not found. 
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avg => key removed successfully
HKCR\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => key not found. 
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKLM\System\CurrentControlSet\Services\Change Modem Device Service => key removed successfully
Change Modem Device Service => service removed successfully
C:\ProgramData\ChgService.exe => moved successfully
HKLM\System\CurrentControlSet\Services\0094821477171173mcinstcleanup => key removed successfully
0094821477171173mcinstcleanup => service removed successfully
HKLM\System\CurrentControlSet\Services\aswVmm => key removed successfully
aswVmm => service removed successfully
HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Driver => key removed successfully
HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Guard => key removed successfully
HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => key removed successfully
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\AVG Anti-Spyware Driver => key removed successfully
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\AVG Anti-Spyware Guard => key removed successfully
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\MBAMService => key removed successfully
 
========= ipconfig /flushdns =========
 
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========= End of CMD: =========
 
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 19059451 B
Java, Flash, Steam htmlcache => 540 B
Windows/system/drivers => 28122 B
Edge => 0 B
Chrome => 40123716 B
Firefox => 46327455 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 128 B
systemprofile32 => 128 B
LocalService => 21868 B
NetworkService => 3176 B
DEVENDRA => 3108753 B
UpdatusUser => 0 B
Administrator => 1750734 B
 
RecycleBin => 0 B
EmptyTemp: => 113.3 MB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 08:37:33 ====
 
and Joe, I appreciate your help and very thankful to you.

  • 0

#8
zep516
Posted 02 June 2017 - 09:24 PM

zep516

    Trusted Helper

  • Malware Removal
  • 8,090 posts
You're welcome !

Run the adwcleaner now.
  • 0

#9
sanguine lo
Posted 02 June 2017 - 09:37 PM

sanguine lo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts

here it is,

 

# AdwCleaner v6.047 - Logfile created 03/06/2017 at 08:58:59
# Updated on 19/05/2017 by Malwarebytes
# Database : 2017-05-19.1 [Local]
# Operating System : Windows 8 Pro  (X64)
# Username : DEVENDRA - PIYUSH
# Running from : C:\Users\DEVENDRA\Desktop\adwcleaner_6.047.exe
# Mode: Clean
 
 
 
***** [ Services ] *****
 
 
 
***** [ Folders ] *****
 
[-] Folder deleted: C:\Users\DEVENDRA\AppData\Local\Assistant
[-] Folder deleted: C:\Users\DEVENDRA\AppData\Local\DriverToolkit
[-] Folder deleted: C:\extensions
[-] Folder deleted: C:\Users\DEVENDRA\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcfenmboojpjinhpgggodefccipikbpd
 
 
***** [ Files ] *****
 
[-] File deleted: C:\Users\DEVENDRA\AppData\Roaming\Mozilla\Firefox\Profiles\mhsciojy.default-1476379053432\extensions\[email protected]
 
 
***** [ DLL ] *****
 
 
 
***** [ WMI ] *****
 
 
 
***** [ Shortcuts ] *****
 
 
 
***** [ Scheduled Tasks ] *****
 
[-] Task deleted: DRIVERTOOLKIT AUTORUN
 
 
***** [ Registry ] *****
 
[-] Key deleted: HKCU\Software\984b3cf2b5fc4320
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MB Astrology Birth Chart
[-] Key deleted: HKU\S-1-5-21-2231448702-2167641444-2541206904-1001\Software\DriverToolkit
[#] Key deleted on reboot: HKCU\Software\DriverToolkit
[#] Key deleted on reboot: [x64] HKCU\Software\DriverToolkit
[-] Key deleted: HKCU\Software\Google\Chrome\Extensions\fcfenmboojpjinhpgggodefccipikbpd
[#] Key deleted on reboot: [x64] HKCU\Software\Google\Chrome\Extensions\fcfenmboojpjinhpgggodefccipikbpd
 
 
***** [ Web browsers ] *****
 
[-] [C:\Users\DEVENDRA\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: aol.com
[-] [C:\Users\DEVENDRA\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: ask.com
[-] [C:\Users\DEVENDRA\AppData\Local\Google\Chrome\User Data\Default] [extension] Deleted: fcfenmboojpjinhpgggodefccipikbpd
 
 
*************************
 
:: "Tracing" keys deleted
:: Winsock settings cleared
 
*************************
 
C:\AdwCleaner\AdwCleaner[C0].txt - [2138 Bytes] - [03/06/2017 08:58:59]
C:\AdwCleaner\AdwCleaner[S0].txt - [2501 Bytes] - [03/06/2017 08:57:58]
 
########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [2284 Bytes] ##########

  • 0

#10
zep516
Posted 02 June 2017 - 09:43 PM

zep516

    Trusted Helper

  • Malware Removal
  • 8,090 posts
Hello,

Not much to see there. There's no malware on this machine.

Lets

Run a Malwarebytes scan in normal mode and post a log file.
  • 0

Advertisements

#11
sanguine lo
Posted 02 June 2017 - 10:37 PM

sanguine lo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts

I have attached log file of Malwarebytes Anti-Malware scan here.


  • 0

#12
sanguine lo
Posted 02 June 2017 - 10:38 PM

sanguine lo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
<?xml version="1.0" encoding="UTF-8"?>
-<logs><record toVersion="2017.5.27.1" name="Rootkit Database" last_modified_tag="16d11da0-ca70-4a5f-83ba-98df32e6cb2e" fromVersion="2017.4.2.1" systemname="PIYUSH" username="SYSTEM" type="Update" source="Manual" datetime="2017-06-03T09:16:50.145076+05:30" LoggingEventType="1" severity="debug"/><record toVersion="2017.6.3.1" name="Domain Database" last_modified_tag="81602173-6945-43f7-a62e-adc8e437b432" fromVersion="2017.5.26.5" systemname="PIYUSH" username="SYSTEM" type="Update" source="Manual" datetime="2017-06-03T09:16:58.036113+05:30" LoggingEventType="1" severity="debug"/><record toVersion="2017.6.2.8" name="Malware Database" last_modified_tag="7030329b-c0fd-4545-8ee1-5b596f7605c9" fromVersion="2017.5.27.3" systemname="PIYUSH" username="SYSTEM" type="Update" source="Manual" datetime="2017-06-03T09:17:04.645834+05:30" LoggingEventType="1" severity="debug"/><record toVersion="2017.6.2.2" name="IP Database" last_modified_tag="eee90b40-e9c9-4dd4-bfc1-b9f9b03ed388" fromVersion="2017.5.26.2" systemname="PIYUSH" username="SYSTEM" type="Update" source="Manual" datetime="2017-06-03T09:17:05.755267+05:30" LoggingEventType="1" severity="debug"/><record last_modified_tag="3c6f2614-3df9-4cb8-a6ca-fca73bdf6241" systemname="PIYUSH" username="SYSTEM" type="Protection" source="Protection" datetime="2017-06-03T09:17:05.849022+05:30" LoggingEventType="2" severity="debug" subtype="Refresh" result="Starting"/><record last_modified_tag="6fe0acfd-5851-4b1a-903d-3f27b975f6bb" systemname="PIYUSH" username="SYSTEM" type="Protection" source="Protection" datetime="2017-06-03T09:17:18.224675+05:30" LoggingEventType="2" severity="debug" subtype="Refresh" result="Success"/><record last_modified_tag="84cceddc-f6e6-4342-bc66-b71d05816ff7" systemname="PIYUSH" username="SYSTEM" type="Update" source="Manual" datetime="2017-06-03T09:17:24.099978+05:30" LoggingEventType="1" severity="debug" message="Failed" code="No Internet connection detected"/><record last_modified_tag="b9fb1294-5cfc-499c-a4c5-58ac82dfcbf4" systemname="PIYUSH" username="SYSTEM" type="Scan" source="Manual" datetime="2017-06-03T09:53:31.344627+05:30" LoggingEventType="6" severity="debug" malwaredetections="0" duration="2167" starttime="2017-06-03T09:17:24+05:30" scantype="threat" scanresult="completed" nonmalwaredetections="0"/></logs>

  • 0

#13
zep516
Posted 02 June 2017 - 10:42 PM

zep516

    Trusted Helper

  • Malware Removal
  • 8,090 posts
open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the Scan Log which shows the Date and time of the scan just performed.
  • Click 'Export'.
  • Click 'Text file (*.txt)'
  • In the Save File dialog box which appears, click on Desktop.
  • In the File name: box type a name for your scan log.
  • A message box named 'File Saved' should appear stating "Your file has been successfully exported".
  • Click Ok
  • post that saved log to your next reply.

  • 0

#14
sanguine lo
Posted 03 June 2017 - 07:20 AM

sanguine lo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 6/3/2017
Scan Time: 9:17 AM
Logfile: scan.txt
Administrator: Yes
 
Version: 2.2.1.1043
Malware Database: v2017.06.02.08
Rootkit Database: v2017.05.27.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 8
CPU: x64
File System: NTFS
User: DEVENDRA
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 306928
Time Elapsed: 36 min, 7 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)

  • 0

#15
zep516
Posted 03 June 2017 - 11:57 AM

zep516

    Trusted Helper

  • Malware Removal
  • 8,090 posts
Hello,

Computer looks clean, I can't pin point the exact problem you're having here.

Thanks
Joe :)
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP