Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Resolved HJT Threads

User Tag List

Can't start base filtering service. It ends with access is denied error

This is a discussion on Can't start base filtering service. It ends with access is denied error within the Resolved HJT Threads forums, part of the Tech Support Forum category. We tried to fix this in this thread , but didn't succeed. jenae believes that my system is infected, so


 
 
Thread Tools Search this Thread
Old 08-22-2015, 11:26 PM   #1
Registered Member
 
Join Date: Aug 2015
Posts: 16
OS: Windows 7



We tried to fix this in this thread, but didn't succeed. jenae believes that my system is infected, so I am here.

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17937 BrowserJavaVersion: 11.51.2
Run by Faraz at 11:46:15 on 2015-08-23
Microsoft Windows 7 Home Basic 6.1.7601.1.1252.1.1033.18.2935.1265 [GMT 5.5:30]
.
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\System32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\alg.exe
C:\Windows\System32\svchost.exe -k utcsvc
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\SysWow64\perfhost.exe
C:\Windows\system32\locator.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\UI0Detect.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Google\Update\1.3.28.1\GoogleCrashHandler.exe
C:\Program Files (x86)\Google\Update\1.3.28.1\GoogleCrashHandler64.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\GWX\GWX.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
c:\program files\windows defender\MpCmdRun.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://in.yahoo.com/?fr=fp-spt_gen
mStart Page = hxxp://in.yahoo.com/?fr=fp-spt_gen
mDefault_Page_URL = hxxp://in.yahoo.com/?fr=fp-spt_gen
mWinlogon: Userinit = userinit.exe
BHO: IDM integration (IDMIEHlprObj Class): {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll
BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_51\bin\ssv.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_51\bin\jp2ssv.dll
TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: SoftwareSASGeneration = dword:1
IE: Download all links with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm
IE: Download with IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
Trusted Zone: dell.com
TCP: NameServer = 113.193.14.16 113.193.0.148
TCP: Interfaces\{1BF92EC9-E983-40F4-B355-894EEEFED04B} : DHCPNameServer = 113.193.14.16 113.193.0.148
TCP: Interfaces\{4508BC6E-B16B-4ED0-BA83-6806ED4CA745} : NameServer = 8.8.8.8,8.8.4.4
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\44.0.2403.157\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: IDM integration (IDMIEHlprObj Class): {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll
x64-BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Broadcom Wireless Manager UI] C:\Program Files\Dell\DW WLAN Card\WLTRAY.exe
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;avast! Revert;C:\Windows\System32\drivers\aswRvrt.sys [2015-2-19 65224]
R0 aswVmm;avast! VM Monitor;C:\Windows\System32\drivers\aswVmm.sys [2015-2-19 274808]
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswsnx.sys [2015-2-19 1048344]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2015-2-19 447944]
R2 aswHwid;avast! HardwareID;C:\Windows\System32\drivers\aswHwid.sys [2015-2-19 28656]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2015-2-19 90968]
R2 aswStm;aswStm;C:\Windows\System32\drivers\aswStm.sys [2015-2-19 150672]
R2 DiagTrack;Diagnostics Tracking Service;C:\Windows\System32\svchost.exe -k utcsvc [2009-7-14 27136]
R3 BcmVWL;Broadcom Virtual Wireless;C:\Windows\System32\drivers\bcmvwl64.sys [2015-3-31 20984]
R3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2015-2-19 158976]
R3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2015-2-19 271872]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2009-6-11 187392]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2012-7-9 104912]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2012-7-8 123856]
S3 HTCAND64;HTC Device Driver;C:\Windows\System32\drivers\ANDROIDUSB.sys [2009-11-2 33736]
S3 IDMWFP;IDMWFP;C:\Windows\System32\drivers\idmwfp.sys [2015-1-26 180648]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2015-8-12 114688]
S3 ss_bbus;SAMSUNG USB Mobile Device (WDM);C:\Windows\System32\drivers\ss_bbus.sys [2009-9-19 127488]
S3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);C:\Windows\System32\drivers\ss_bmdfl.sys [2009-9-19 18944]
S3 ss_bmdm;SAMSUNG USB Mobile Modem;C:\Windows\System32\drivers\ss_bmdm.sys [2009-9-19 161280]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-21 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-21 31232]
S4 avast! Antivirus;Avast Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2015-8-2 146600]
S4 HWDeviceService64.exe;HWDeviceService64.exe;"C:\ProgramData\DatacardService\HWDeviceService64.exe" -/service --> C:\ProgramData\DatacardService\HWDeviceService64.exe [?]
S4 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2015-7-9 327296]
S4 wampapache64;wampapache64;C:\wamp\bin\apache\apache2.4.9\bin\httpd.exe [2015-4-9 24576]
S4 wampmysqld64;wampmysqld64;c:\wamp\bin\mysql\mysql5.6.17\bin\mysqld.exe wampmysqld64 --> c:\wamp\bin\mysql\mysql5.6.17\bin\mysqld.exe wampmysqld64 [?]
S4 wifimansvc;Wifi Man Service;C:\Program Files (x86)\Mobile Partner\eap\wifimansvc.exe --> C:\Program Files (x86)\Mobile Partner\eap\wifimansvc.exe [?]
.
=============== Created Last 30 ================
.
2015-08-23 06:05:05 75888 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{0A33C64B-1AD2-4CDC-A07F-48FA71E52599}\offreg.216.dll
2015-08-21 09:43:19 75888 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{0A33C64B-1AD2-4CDC-A07F-48FA71E52599}\offreg.3460.dll
2015-08-21 08:32:02 11745192 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{0A33C64B-1AD2-4CDC-A07F-48FA71E52599}\mpengine.dll
2015-08-20 11:04:02 -------- d-----w- C:\ProgramData\Malwarebytes
2015-08-19 14:08:09 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2015-08-19 14:08:09 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2015-08-17 10:48:31 42152 ----a-w- C:\Windows\System32\drivers\cnnctfy3.sys
2015-08-17 10:15:35 0 ----a-w- C:\Windows\System32\REN9FEA.tmp
2015-08-13 06:47:49 -------- d-----w- C:\Users\Faraz\Tracing
2015-08-13 06:43:49 -------- d-----w- C:\Users\Faraz\AppData\Local\Skype
2015-08-13 06:43:29 -------- d-----r- C:\Program Files (x86)\Skype
2015-08-12 13:54:34 124624 ----a-w- C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll
2015-08-12 13:54:34 103120 ----a-w- C:\Windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
2015-08-12 07:48:49 44032 ----a-w- C:\Windows\System32\tsgqec.dll
2015-08-12 07:47:59 77824 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2015-08-12 07:45:44 260096 ----a-w- C:\Windows\System32\WebClnt.dll
2015-08-12 07:44:59 493504 ----a-w- C:\Windows\System32\mcupdate_GenuineIntel.dll
2015-08-04 10:21:06 -------- d-----w- C:\Users\Faraz\AppData\Local\ElevatedDiagnostics
2015-08-04 09:02:55 -------- d-----w- C:\Windows\pss
2015-08-02 08:15:02 -------- d-----w- C:\Users\Faraz\AppData\Local\CEF
2015-08-02 08:09:39 -------- d-----w- C:\Users\Faraz\AppData\Local\Adobe
2015-08-02 05:43:06 43112 ----a-w- C:\Windows\avastSS.scr
.
==================== Find3M ====================
.
2015-08-17 10:12:01 97888 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2015-08-14 06:48:07 1048344 ----a-w- C:\Windows\System32\drivers\aswsnx.sys
2015-08-02 05:43:24 150672 ----a-w- C:\Windows\System32\drivers\aswStm.sys
2015-08-02 05:43:23 90968 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2015-08-02 05:43:23 65224 ----a-w- C:\Windows\System32\drivers\aswRvrt.sys
2015-08-02 05:43:23 28656 ----a-w- C:\Windows\System32\drivers\aswHwid.sys
2015-08-02 05:43:23 274808 ----a-w- C:\Windows\System32\drivers\aswVmm.sys
2015-08-02 05:43:21 93528 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys
2015-07-30 1857 2565120 ----a-w- C:\Windows\System32\d3d10warp.dll
2015-07-30 1857 1648128 ----a-w- C:\Windows\System32\DWrite.dll
2015-07-30 1857 1180160 ----a-w- C:\Windows\System32\FntCache.dll
2015-07-30 1842 41984 ----a-w- C:\Windows\System32\lpk.dll
2015-07-30 1839 100864 ----a-w- C:\Windows\System32\fontsub.dll
2015-07-30 1835 14336 ----a-w- C:\Windows\System32\dciman32.dll
2015-07-30 1834 46080 ----a-w- C:\Windows\System32\atmlib.dll
2015-07-30 17:57:30 1987584 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
2015-07-30 17:57:30 1251328 ----a-w- C:\Windows\SysWow64\DWrite.dll
2015-07-30 17:57:08 70656 ----a-w- C:\Windows\SysWow64\fontsub.dll
2015-07-30 17:57:05 10240 ----a-w- C:\Windows\SysWow64\dciman32.dll
2015-07-30 17:57:02 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2015-07-30 17:55:56 25600 ----a-w- C:\Windows\SysWow64\lpk.dll
2015-07-30 16:56:07 3208192 ----a-w- C:\Windows\System32\win32k.sys
2015-07-30 16:52:53 372736 ----a-w- C:\Windows\System32\atmfd.dll
2015-07-30 16:49:55 299520 ----a-w- C:\Windows\SysWow64\atmfd.dll
2015-07-28 20:09:44 17344 ----a-w- C:\Windows\System32\CompatTelRunner.exe
2015-07-28 20:05:53 774656 ----a-w- C:\Windows\System32\invagent.dll
2015-07-28 20:05:50 743424 ----a-w- C:\Windows\System32\generaltel.dll
2015-07-28 20:05:47 437760 ----a-w- C:\Windows\System32\devinv.dll
2015-07-28 20:05:45 1116672 ----a-w- C:\Windows\System32\appraiser.dll
2015-07-28 20:05:44 69120 ----a-w- C:\Windows\System32\acmigration.dll
2015-07-28 20:05:44 227328 ----a-w- C:\Windows\System32\aepdu.dll
2015-07-28 19:55:14 1148416 ----a-w- C:\Windows\System32\aeinv.dll
2015-07-20 18:12:45 98304 ----a-w- C:\Windows\System32\wudriver.dll
2015-07-20 18:12:45 3154944 ----a-w- C:\Windows\System32\wucltux.dll
2015-07-20 18:12:45 192000 ----a-w- C:\Windows\System32\wuwebv.dll
2015-07-20 18:12:16 91136 ----a-w- C:\Windows\System32\WinSetupUI.dll
2015-07-20 18:12:05 12288 ----a-w- C:\Windows\System32\wu.upgrade.ps.dll
2015-07-20 18:12:02 37376 ----a-w- C:\Windows\System32\wuapp.exe
2015-07-20 17:56:49 93184 ----a-w- C:\Windows\SysWow64\wudriver.dll
2015-07-20 17:56:49 173056 ----a-w- C:\Windows\SysWow64\wuwebv.dll
2015-07-20 17:56:08 34816 ----a-w- C:\Windows\SysWow64\wuapp.exe
2015-07-16 20:54:33 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2015-07-16 20:37:26 66560 ----a-w- C:\Windows\System32\iesetup.dll
2015-07-16 20:36:31 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2015-07-16 20:36:22 417792 ----a-w- C:\Windows\System32\html.iec
2015-07-16 20:36:21 584192 ----a-w- C:\Windows\System32\vbscript.dll
2015-07-16 20:35:40 88064 ----a-w- C:\Windows\System32\MshtmlDac.dll
2015-07-16 20:26:00 5923328 ----a-w- C:\Windows\System32\jscript9.dll
2015-07-16 20:21:50 114688 ----a-w- C:\Windows\System32\ieetwcollector.exe
2015-07-16 20:21:47 144384 ----a-w- C:\Windows\System32\ieUnatt.exe
2015-07-16 20:21:25 814080 ----a-w- C:\Windows\System32\jscript9diag.dll
2015-07-16 20:12:23 968704 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2015-07-16 19:51:47 504320 ----a-w- C:\Windows\SysWow64\vbscript.dll
2015-07-16 19:51:46 62464 ----a-w- C:\Windows\SysWow64\iesetup.dll
2015-07-16 19:50:54 47616 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2015-07-16 19:50:38 341504 ----a-w- C:\Windows\SysWow64\html.iec
2015-07-16 19:49:37 64000 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
2015-07-16 19:39:20 115712 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2015-07-16 19:38:51 620032 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2015-07-16 19:33:23 1359360 ----a-w- C:\Windows\System32\mshtmlmedia.dll
2015-07-16 19:32:53 2125824 ----a-w- C:\Windows\System32\inetcpl.cpl
2015-07-16 19:24:03 60416 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2015-07-16 19:12:42 2427904 ----a-w- C:\Windows\System32\wininet.dll
2015-07-16 19:12:39 4520448 ----a-w- C:\Windows\SysWow64\jscript9.dll
2015-07-16 1906 2052608 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2015-07-16 19:05:15 1155072 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
2015-07-16 18:42:02 1951232 ----a-w- C:\Windows\SysWow64\wininet.dll
2015-07-15 18:15:12 5568960 ----a-w- C:\Windows\System32\ntoskrnl.exe
2015-07-15 18:15:11 94656 ----a-w- C:\Windows\System32\drivers\mountmgr.sys
2015-07-15 18:15:10 95680 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2015-07-15 18:15:10 155584 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2015-07-15 18:12:09 1730496 ----a-w- C:\Windows\System32\ntdll.dll
2015-07-15 18:11:14 362496 ----a-w- C:\Windows\System32\wow64win.dll
2015-07-15 18:11:14 243712 ----a-w- C:\Windows\System32\wow64.dll
2015-07-15 18:11:14 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2015-07-15 18:11:13 215040 ----a-w- C:\Windows\System32\winsrv.dll
2015-07-15 18:11:01 210944 ----a-w- C:\Windows\System32\wdigest.dll
2015-07-15 18:09:57 338432 ----a-w- C:\Windows\System32\conhost.exe
2015-07-15 18:09:52 64000 ----a-w- C:\Windows\System32\auditpol.exe
2015-07-15 18:05:47 60416 ----a-w- C:\Windows\System32\msobjs.dll
2015-07-15 18:05:26 146432 ----a-w- C:\Windows\System32\msaudite.dll
2015-07-15 17:59:45 3989952 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2015-07-15 17:59:45 3934656 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2015-07-15 17:56:24 1311768 ----a-w- C:\Windows\SysWow64\ntdll.dll
2015-07-15 17:55:07 172032 ----a-w- C:\Windows\SysWow64\wdigest.dll
2015-07-15 17:55:04 65536 ----a-w- C:\Windows\SysWow64\TSpkg.dll
2015-07-15 17:55:02 43008 ----a-w- C:\Windows\SysWow64\srclient.dll
2015-07-15 17:55:00 248832 ----a-w- C:\Windows\SysWow64\schannel.dll
2015-07-15 17:55:00 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2015-07-15 17:54:56 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2015-07-15 17:54:55 221184 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2015-07-15 17:54:54 259584 ----a-w- C:\Windows\SysWow64\msv1_0.dll
2015-07-15 17:54:49 552960 ----a-w- C:\Windows\SysWow64\kerberos.dll
2015-07-15 17:54:43 36864 ----a-w- C:\Windows\SysWow64\cryptbase.dll
2015-07-15 17:54:43 17408 ----a-w- C:\Windows\SysWow64\credssp.dll
2015-07-15 17:54:40 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2015-07-15 17:54:22 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2015-07-15 17:53:53 50176 ----a-w- C:\Windows\SysWow64\auditpol.exe
2015-07-15 17:53:37 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2015-07-15 17:53:36 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
.
============= FINISH: 11:46:56.97 ===============

I don't have a windows install disk or boot cd. installed this copy from a usb.
Attached Files
File Type: txt attach.txt (9.8 KB, 31 views)
MoinFaraz is offline  
Sponsored Links
Advertisement
 
Old 08-25-2015, 07:53 PM   #2
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello and Welcome to TSF.

If you haven't already, please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

**Note - Please do NOT upgrade your OS to Windows 10 until your machine is clean, and we have uninstalled all our removal tools. Thanks.

Please download AdwCleaner from here and save it to your desktop.
  • Do NOT click the green 'Download' button(if visible).
  • Click the blue 'Download now @bleepingcomputer' button.
  • Run AdwCleaner and select Scan
  • Once the Scan is done, select Cleaning
  • Once done it will ask to reboot, please allow the reboot.
  • On reboot, a log will be produced. It can also be found at C:\AdwCleaner\AdwCleaner[S#].txt
  • Please copy/paste the contents of the log in your next reply.
------------------------------------------------------

Please download Farbar Recovery Scan Tool and save it to your desktop.
  • Double-click FRST64 to run it. When the tool opens click Yes to the disclaimer.
  • Make sure the Addition.txt button is ticked.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). Please attach it to your reply.
-----------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 08-26-2015, 01:34 AM   #3
Registered Member
 
Join Date: Aug 2015
Posts: 16
OS: Windows 7



# AdwCleaner v5.003 - Logfile created 26/08/2015 at 12:43:13
# Updated 20/08/2015 by Xplode
# Database : 2015-08-25.1 [Server]
# Operating system : Windows 7 Home Basic Service Pack 1 (x64)
# Username : Faraz - FARAZ-PC
# Running from : C:\Users\Faraz\Downloads\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****

Service Found : YahooAUService

***** [ Folders ] *****

Folder Found : C:\ProgramData\Yahoo! Companion
Folder Found : C:\Users\Faraz\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbfnbcaeplbcioakkpcpgfkobkghlhen
Folder Found : C:\Users\Faraz\AppData\LocalLow\Yahoo! Companion
Folder Found : C:\Users\Faraz\AppData\Roaming\Mozilla\Firefox\Profiles\wo1u0pdd.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}

***** [ Files ] *****

File Found : C:\Users\Faraz\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_kbfnbcaeplbcioakkpcpgfkobkghlhen_0.localstorage
File Found : C:\Users\Faraz\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_kbfnbcaeplbcioakkpcpgfkobkghlhen_0.localstorage-journal
File Found : C:\Users\Faraz\AppData\Roaming\Mozilla\Firefox\Profiles\wo1u0pdd.default\user.js

***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****

Key Found : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Toolbar
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Companion

***** [ Web browsers ] *****

[C:\Users\Faraz\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : aol.com
[C:\Users\Faraz\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : ask.com
[C:\Users\Faraz\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Found : kbfnbcaeplbcioakkpcpgfkobkghlhen

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [3165 bytes] ##########


Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:25-08-2015 02
Ran by Faraz (administrator) on FARAZ-PC (26-08-2015 13:00:05)
Running from C:\Users\Faraz\Downloads
Loaded Profiles: Faraz (Available Profiles: Faraz)
Platform: Windows 7 Home Basic Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Geeks to Go Forum

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\perfhost.exe
(Microsoft Corporation) C:\Windows\System32\Locator.exe
(Microsoft Corporation) C:\Windows\System32\UI0Detect.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.1\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.1\GoogleCrashHandler64.exe
(Dell Inc.) C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IDMan.exe
(Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\reader_sl.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Broadcom Wireless Manager UI] => C:\Program Files\Dell\DW WLAN Card\WLTRAY.exe [5712896 2010-02-02] (Dell Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896 2015-06-08] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-4285837406-2611494833-1162170984-1000\...\Run: [IDMan] => C:\Program Files (x86)\Internet Download Manager\IDMan.exe [3890768 2015-01-26] (Tonec Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Faraz\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Faraz\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Faraz\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Faraz\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Faraz\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Faraz\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Faraz\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Faraz\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-08-02] (AVAST Software)
ShellIconOverlayIdentifiers: [IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll [2014-04-21] (Tonec Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Faraz\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Faraz\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Faraz\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Faraz\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Faraz\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Faraz\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Faraz\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Faraz\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-06] (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://in.yahoo.com/?fr=fp-spt_gen
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://in.yahoo.com/?fr=fp-spt_gen
HKU\S-1-5-21-4285837406-2611494833-1162170984-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://in.yahoo.com/?fr=fp-spt_gen
HKU\S-1-5-21-4285837406-2611494833-1162170984-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/en-in/?ocid=iehp
BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll [2015-01-26] (Internet Download Manager, Tonec Inc.)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-08-02] (AVAST Software)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation)
BHO-x32: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll [2015-01-26] (Internet Download Manager, Tonec Inc.)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\ssv.dll [2015-08-17] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-08-02] (AVAST Software)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\jp2ssv.dll [2015-08-17] (Oracle Corporation)
Tcpip\Parameters: [DhcpNameServer] 113.193.14.16 113.193.0.148
Tcpip\..\Interfaces\{1BF92EC9-E983-40F4-B355-894EEEFED04B}: [DhcpNameServer] 113.193.14.16 113.193.0.148
Tcpip\..\Interfaces\{4508BC6E-B16B-4ED0-BA83-6806ED4CA745}: [NameServer] 8.8.8.8,8.8.4.4

FireFox:
========
FF ProfilePath: C:\Users\Faraz\AppData\Roaming\Mozilla\Firefox\Profiles\wo1u0pdd.default
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.51.2 -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\dtplugin\npDeployJava1.dll [2015-08-17] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.51.2 -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\plugin2\npjp2.dll [2015-08-17] (Oracle Corporation)
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll [2012-05-25] (Yahoo! Inc.)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-01-10] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-16] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-07-03] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-4285837406-2611494833-1162170984-1000: @citrixonline.com/appdetectorplugin -> C:\Users\Faraz\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2015-03-18] (Citrix Online)
FF Extension: Adblock Plus - C:\Users\Faraz\AppData\Roaming\Mozilla\Firefox\Profiles\wo1u0pdd.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-04-15]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-02-19]
FF HKU\S-1-5-21-4285837406-2611494833-1162170984-1000\...\Firefox\Extensions: [[email protected]] - C:\Users\Faraz\AppData\Roaming\IDM\idmmzcc5
FF Extension: IDM CC - C:\Users\Faraz\AppData\Roaming\IDM\idmmzcc5 [2015-02-19]
FF HKU\S-1-5-21-4285837406-2611494833-1162170984-1000\...\SeaMonkey\Extensions: [[email protected]] - C:\Users\Faraz\AppData\Roaming\IDM\idmmzcc5
FF Extension: No Name - C:\Program Files (x86)\Fiddler2\FiddlerHook [not found]

Chrome:
=======
CHR Profile: C:\Users\Faraz\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Faraz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-03-01]
CHR Extension: (Google Docs) - C:\Users\Faraz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-03-01]
CHR Extension: (Google Drive) - C:\Users\Faraz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-03-01]
CHR Extension: (YouTube) - C:\Users\Faraz\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-03-01]
CHR Extension: (Google Search) - C:\Users\Faraz\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-03-01]
CHR Extension: (Google Sheets) - C:\Users\Faraz\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-03-01]
CHR Extension: (AdBlock) - C:\Users\Faraz\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-03-04]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\Faraz\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2015-03-01]
CHR Extension: (IDM Integration Module) - C:\Users\Faraz\AppData\Local\Google\Chrome\User Data\Default\Extensions\jeaohhlajejodfjadcponpnjgkiikocn [2015-03-01]
CHR Extension: (Hangouts) - C:\Users\Faraz\AppData\Local\Google\Chrome\User Data\Default\Extensions\knipolnnllmklapflnccelgolnpehhpl [2015-03-10]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Faraz\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-05]
CHR Extension: (Google Dictionary (by Google)) - C:\Users\Faraz\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgijmajocgfcbeboacabfgobmjgjcoja [2015-03-15]
CHR Extension: (Google Wallet) - C:\Users\Faraz\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-03-07]
CHR Extension: (Hover Zoom) - C:\Users\Faraz\AppData\Local\Google\Chrome\User Data\Default\Extensions\nonjdcjchghhkdoolnlbekcfllmednbl [2015-03-25]
CHR Extension: (Gmail) - C:\Users\Faraz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-01]
CHR Profile: C:\Users\Faraz\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (Google Drive) - C:\Users\Faraz\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-03-01]
CHR Extension: (YouTube) - C:\Users\Faraz\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-03-01]
CHR Extension: (Google Search) - C:\Users\Faraz\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-03-01]
CHR Extension: (Full Page Screen Capture) - C:\Users\Faraz\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\fdpohaocaechififmbbbbbknoalclacl [2015-04-08]
CHR Extension: (AdBlock) - C:\Users\Faraz\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-04-08]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\Faraz\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2015-04-08]
CHR Extension: (IDM Integration Module) - C:\Users\Faraz\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\jeaohhlajejodfjadcponpnjgkiikocn [2015-03-01]
CHR Extension: (Evernote Web) - C:\Users\Faraz\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lbfehkoinhhcknnbdgnnmjhiladcgbol [2015-04-08]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Faraz\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-04-08]
CHR Extension: (Google Dictionary (by Google)) - C:\Users\Faraz\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\mgijmajocgfcbeboacabfgobmjgjcoja [2015-04-08]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Faraz\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-04-08]
CHR Extension: (Hover Zoom) - C:\Users\Faraz\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nonjdcjchghhkdoolnlbekcfllmednbl [2015-04-08]
CHR Extension: (Gmail) - C:\Users\Faraz\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-01]
CHR HKLM\...\Chrome\Extension: [jeaohhlajejodfjadcponpnjgkiikocn] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2015-01-26]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2015-06-18]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-06-18]
CHR HKLM-x32\...\Chrome\Extension: [jeaohhlajejodfjadcponpnjgkiikocn] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2015-01-26]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [146600 2015-08-02] (AVAST Software)
S4 wampapache64; c:\wamp\bin\apache\apache2.4.9\bin\httpd.exe [24576 2014-05-01] (Apache Software Foundation) [File not signed]
S4 wampmysqld64; c:\wamp\bin\mysql\mysql5.6.17\bin\mysqld.exe [12942848 2014-05-01] () [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S4 wltrysvc; C:\Program Files\Dell\DW WLAN Card\bcmwltry.exe [5088256 2010-02-02] (Dell Inc.) [File not signed]
S4 HWDeviceService64.exe; "C:\ProgramData\DatacardService\HWDeviceService64.exe" -/service [X]
S4 wifimansvc; C:\Program Files (x86)\Mobile Partner\eap\wifimansvc.exe [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [28656 2015-08-02] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [90968 2015-08-02] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-08-02] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65224 2015-08-02] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1048344 2015-08-14] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [447944 2015-08-02] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [150672 2015-08-02] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [274808 2015-08-02] (AVAST Software)
R2 PHYMEM; C:\Windows\system32\ami_ipower.sys [15992 2015-08-25] ()
S3 ewusbmbb; system32\DRIVERS\ewusbwwan.sys [X]
S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [X]
S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-08-26 13:00 - 2015-08-26 13:00 - 00019368 _____ C:\Users\Faraz\Downloads\FRST.txt
2015-08-26 12:59 - 2015-08-26 13:00 - 00000000 ____D C:\FRST
2015-08-26 12:59 - 2015-08-26 12:59 - 02186752 _____ (Farbar) C:\Users\Faraz\Downloads\FRST64.exe
2015-08-26 12:51 - 2015-08-26 12:51 - 00000374 _____ C:\Windows\system32\Drivers\etc\hosts.ics
2015-08-26 12:43 - 2015-08-26 12:44 - 00000000 ____D C:\AdwCleaner
2015-08-26 12:42 - 2015-08-26 12:42 - 01605632 _____ C:\Users\Faraz\Downloads\AdwCleaner.exe
2015-08-25 21:19 - 2015-08-25 21:19 - 00004170 _____ C:\Windows\DPINST.LOG
2015-08-25 21:07 - 2015-08-25 21:07 - 00000000 ____D C:\Intel
2015-08-25 21:07 - 2010-09-07 19:59 - 03156504 _____ (Intel Corporation) C:\Windows\system32\GfxUI.exe
2015-08-25 21:07 - 2010-09-07 19:59 - 00508952 _____ (Intel Corporation) C:\Windows\system32\igfxsrvc.exe
2015-08-25 21:07 - 2010-09-07 19:59 - 00415256 _____ (Intel Corporation) C:\Windows\system32\igfxpers.exe
2015-08-25 21:07 - 2010-09-07 19:59 - 00386584 _____ (Intel Corporation) C:\Windows\system32\hkcmd.exe
2015-08-25 21:07 - 2010-09-07 19:59 - 00223768 _____ (Intel Corporation) C:\Windows\system32\igfxext.exe
2015-08-25 21:07 - 2010-09-07 19:59 - 00161304 _____ (Intel Corporation) C:\Windows\system32\igfxtray.exe
2015-08-25 21:07 - 2010-09-07 19:59 - 00152600 _____ C:\Windows\system32\difx64.exe
2015-08-25 21:07 - 2010-08-30 11:17 - 00289280 _____ (Intel(R) Corporation) C:\Windows\system32\Drivers\IntcDAud.sys
2015-08-25 21:07 - 2010-08-30 11:17 - 00014848 _____ (Intel(R) Corporation) C:\Windows\system32\IntcDAuC.dll
2015-08-25 21:07 - 2010-08-25 19:58 - 00005396 _____ C:\Windows\system32\iglhxs64.vp
2015-08-25 21:07 - 2010-08-25 19:40 - 00090112 _____ (Intel Corporation) C:\Windows\system32\igfxCoIn_v2202.dll
2015-08-25 21:07 - 2010-08-25 19:36 - 10611552 _____ (Intel Corporation) C:\Windows\system32\Drivers\igdkmd64.sys
2015-08-25 21:07 - 2010-08-25 19:36 - 06547968 _____ (Intel Corporation) C:\Windows\system32\igdumd64.dll
2015-08-25 21:07 - 2010-08-25 19:34 - 00127868 _____ C:\Windows\SysWOW64\igcompkrng575.bin
2015-08-25 21:07 - 2010-08-25 19:34 - 00127868 _____ C:\Windows\system32\igcompkrng575.bin
2015-08-25 21:07 - 2010-08-25 19:34 - 00104796 _____ C:\Windows\SysWOW64\igfcg575m.bin
2015-08-25 21:07 - 2010-08-25 19:34 - 00104796 _____ C:\Windows\system32\igfcg575m.bin
2015-08-25 21:07 - 2010-08-25 19:23 - 04411904 _____ (Intel Corporation) C:\Windows\SysWOW64\igd10umd32.dll
2015-08-25 21:07 - 2010-08-25 19:17 - 15032832 _____ (Intel Corporation) C:\Windows\system32\ig4icd64.dll
2015-08-25 21:07 - 2010-08-25 19:09 - 11040256 _____ (Intel Corporation) C:\Windows\SysWOW64\ig4icd32.dll
2015-08-25 21:07 - 2010-08-25 19:05 - 00189408 _____ C:\Windows\system32\Gfxres.th-TH.resources
2015-08-25 21:07 - 2010-08-25 19:05 - 00178288 _____ C:\Windows\system32\Gfxres.el-GR.resources
2015-08-25 21:07 - 2010-08-25 19:05 - 00165251 _____ C:\Windows\system32\Gfxres.ru-RU.resources
2015-08-25 21:07 - 2010-08-25 19:05 - 00139830 _____ C:\Windows\system32\Gfxres.ar-SA.resources
2015-08-25 21:07 - 2010-08-25 19:05 - 00136327 _____ C:\Windows\system32\Gfxres.ja-JP.resources
2015-08-25 21:07 - 2010-08-25 19:05 - 00133680 _____ C:\Windows\system32\Gfxres.he-IL.resources
2015-08-25 21:07 - 2010-08-25 19:05 - 00125477 _____ C:\Windows\system32\Gfxres.it-IT.resources
2015-08-25 21:07 - 2010-08-25 19:05 - 00123164 _____ C:\Windows\system32\Gfxres.ko-KR.resources
2015-08-25 21:07 - 2010-08-25 19:05 - 00122858 _____ C:\Windows\system32\Gfxres.es-ES.resources
2015-08-25 21:07 - 2010-08-25 19:05 - 00122638 _____ C:\Windows\system32\Gfxres.de-DE.resources
2015-08-25 21:07 - 2010-08-25 19:05 - 00122368 _____ (Intel Corporation) C:\Windows\system32\igfxcpl.cpl
2015-08-25 21:07 - 2010-08-25 19:05 - 00121121 _____ C:\Windows\system32\Gfxres.tr-TR.resources
2015-08-25 21:07 - 2010-08-25 19:05 - 00120695 _____ C:\Windows\system32\Gfxres.fr-FR.resources
2015-08-25 21:07 - 2010-08-25 19:05 - 00120287 _____ C:\Windows\system32\Gfxres.pt-BR.resources
2015-08-25 21:07 - 2010-08-25 19:05 - 00119533 _____ C:\Windows\system32\Gfxres.hu-HU.resources
2015-08-25 21:07 - 2010-08-25 19:05 - 00119513 _____ C:\Windows\system32\Gfxres.nl-NL.resources
2015-08-25 21:07 - 2010-08-25 19:05 - 00119286 _____ C:\Windows\system32\Gfxres.sv-SE.resources
2015-08-25 21:07 - 2010-08-25 19:05 - 00118997 _____ C:\Windows\system32\Gfxres.pt-PT.resources
2015-08-25 21:07 - 2010-08-25 19:05 - 00118684 _____ C:\Windows\system32\Gfxres.cs-CZ.resources
2015-08-25 21:07 - 2010-08-25 19:05 - 00118631 _____ C:\Windows\system32\Gfxres.fi-FI.resources
2015-08-25 21:07 - 2010-08-25 19:05 - 00118317 _____ C:\Windows\system32\Gfxres.pl-PL.resources
2015-08-25 21:07 - 2010-08-25 19:05 - 00117984 _____ C:\Windows\system32\Gfxres.sk-SK.resources
2015-08-25 21:07 - 2010-08-25 19:05 - 00114779 _____ C:\Windows\system32\Gfxres.nb-NO.resources
2015-08-25 21:07 - 2010-08-25 19:05 - 00114308 _____ C:\Windows\system32\Gfxres.sl-SI.resources
2015-08-25 21:07 - 2010-08-25 19:05 - 00114179 _____ C:\Windows\system32\Gfxres.da-DK.resources
2015-08-25 21:07 - 2010-08-25 19:05 - 00110156 _____ C:\Windows\system32\Gfxres.en-US.resources
2015-08-25 21:07 - 2010-08-25 19:05 - 00103997 _____ C:\Windows\system32\Gfxres.zh-TW.resources
2015-08-25 21:07 - 2010-08-25 19:05 - 00102843 _____ C:\Windows\system32\Gfxres.zh-CN.resources
2015-08-25 21:07 - 2010-08-25 19:05 - 00088576 _____ (Intel Corporation) C:\Windows\system32\igfxrfra.lrc
2015-08-25 21:07 - 2010-08-25 19:05 - 00088576 _____ (Intel Corporation) C:\Windows\system32\igfxresn.lrc
2015-08-25 21:07 - 2010-08-25 19:05 - 00088576 _____ (Intel Corporation) C:\Windows\system32\igfxrell.lrc
2015-08-25 21:07 - 2010-08-25 19:05 - 00088064 _____ (Intel Corporation) C:\Windows\system32\igfxrsky.lrc
2015-08-25 21:07 - 2010-08-25 19:05 - 00088064 _____ (Intel Corporation) C:\Windows\system32\igfxrrus.lrc
2015-08-25 21:07 - 2010-08-25 19:05 - 00088064 _____ (Intel Corporation) C:\Windows\system32\igfxrptg.lrc
2015-08-25 21:07 - 2010-08-25 19:05 - 00088064 _____ (Intel Corporation) C:\Windows\system32\igfxrplk.lrc
2015-08-25 21:07 - 2010-08-25 19:05 - 00088064 _____ (Intel Corporation) C:\Windows\system32\igfxrnld.lrc
2015-08-25 21:07 - 2010-08-25 19:05 - 00088064 _____ (Intel Corporation) C:\Windows\system32\igfxrita.lrc
2015-08-25 21:07 - 2010-08-25 19:05 - 00088064 _____ (Intel Corporation) C:\Windows\system32\igfxrdeu.lrc
2015-08-25 21:07 - 2010-08-25 19:05 - 00087552 _____ (Intel Corporation) C:\Windows\system32\igfxrtrk.lrc
2015-08-25 21:07 - 2010-08-25 19:05 - 00087552 _____ (Intel Corporation) C:\Windows\system32\igfxrsve.lrc
2015-08-25 21:07 - 2010-08-25 19:05 - 00087552 _____ (Intel Corporation) C:\Windows\system32\igfxrslv.lrc
2015-08-25 21:07 - 2010-08-25 19:05 - 00087552 _____ (Intel Corporation) C:\Windows\system32\igfxrptb.lrc
2015-08-25 21:07 - 2010-08-25 19:05 - 00087552 _____ (Intel Corporation) C:\Windows\system32\igfxrnor.lrc
2015-08-25 21:07 - 2010-08-25 19:05 - 00087552 _____ (Intel Corporation) C:\Windows\system32\igfxrhun.lrc
2015-08-25 21:07 - 2010-08-25 19:05 - 00087552 _____ (Intel Corporation) C:\Windows\system32\igfxrfin.lrc
2015-08-25 21:07 - 2010-08-25 19:05 - 00087552 _____ (Intel Corporation) C:\Windows\system32\igfxrcsy.lrc
2015-08-25 21:07 - 2010-08-25 19:05 - 00087040 _____ (Intel Corporation) C:\Windows\system32\igfxrtha.lrc
2015-08-25 21:07 - 2010-08-25 19:05 - 00087040 _____ (Intel Corporation) C:\Windows\system32\igfxrdan.lrc
2015-08-25 21:07 - 2010-08-25 19:05 - 00086528 _____ (Intel Corporation) C:\Windows\system32\igfxrheb.lrc
2015-08-25 21:07 - 2010-08-25 19:05 - 00086528 _____ (Intel Corporation) C:\Windows\system32\igfxrara.lrc
2015-08-25 21:07 - 2010-08-25 19:05 - 00084992 _____ (Intel Corporation) C:\Windows\system32\igfxrkor.lrc
2015-08-25 21:07 - 2010-08-25 19:05 - 00084992 _____ (Intel Corporation) C:\Windows\system32\igfxrjpn.lrc
2015-08-25 21:07 - 2010-08-25 19:05 - 00083968 _____ (Intel Corporation) C:\Windows\system32\igfxrcht.lrc
2015-08-25 21:07 - 2010-08-25 19:05 - 00083968 _____ (Intel Corporation) C:\Windows\system32\igfxrchs.lrc
2015-08-25 21:07 - 2010-08-25 19:04 - 00380416 _____ (Intel Corporation) C:\Windows\system32\igfxTMM.dll
2015-08-25 21:07 - 2010-08-25 19:04 - 00027648 _____ (Intel Corporation) C:\Windows\system32\igfxexps.dll
2015-08-25 21:07 - 2010-08-25 19:03 - 00271360 _____ (Intel Corporation) C:\Windows\system32\igfxdev.dll
2015-08-25 21:07 - 2010-08-25 19:03 - 00142336 _____ (Intel Corporation) C:\Windows\system32\igfxdo.dll
2015-08-25 21:07 - 2010-08-25 19:03 - 00119808 _____ (Intel Corporation) C:\Windows\system32\gfxSrvc.dll
2015-08-25 21:07 - 2010-08-25 19:03 - 00087552 _____ (Intel Corporation) C:\Windows\system32\igfxrenu.lrc
2015-08-25 21:07 - 2010-08-25 19:03 - 00004096 _____ ( ) C:\Windows\system32\IGFXDEVLib.dll
2015-08-25 21:07 - 2010-08-25 19:00 - 00023552 _____ (Intel Corporation) C:\Windows\SysWOW64\igfxexps32.dll
2015-08-25 21:07 - 2010-08-25 18:59 - 00228864 _____ (Intel Corporation) C:\Windows\SysWOW64\igfxdv32.dll
2015-08-25 21:05 - 2015-08-25 21:05 - 00000000 ____D C:\Program Files\ATI Technologies
2015-08-25 21:05 - 2015-08-25 21:05 - 00000000 ____D C:\Program Files\ATI
2015-08-25 19:05 - 2015-08-25 19:05 - 00417064 _____ () C:\Users\Faraz\Downloads\DellSystemDetectLauncher.exe
2015-08-25 19:05 - 2015-08-25 19:05 - 00000000 ____D C:\Users\Faraz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell
2015-08-25 18:38 - 2015-08-25 21:16 - 00001571 _____ C:\Users\Faraz\Downloads\DuOSSystemInfo.txt
2015-08-25 18:37 - 2015-08-25 18:37 - 00729552 _____ (American Megatrends Inc.) C:\Users\Faraz\Downloads\DuOSSystemInfo.exe
2015-08-25 18:33 - 2015-08-25 18:33 - 00015992 _____ C:\Windows\system32\ami_ipower.sys
2015-08-24 23:04 - 2015-08-24 23:04 - 00007334 _____ C:\Users\Faraz\Downloads\customers (1).csv
2015-08-24 22:54 - 2015-08-24 22:54 - 00007248 _____ C:\Users\Faraz\Downloads\customers.csv
2015-08-23 14:14 - 2015-08-23 14:14 - 00000000 ____D C:\Users\Faraz\AppData\Roaming\Microsoft\Windows\Start Menu\LeapingBrain
2015-08-23 14:14 - 2015-08-23 14:14 - 00000000 ____D C:\Users\Faraz\AppData\Roaming\LeapingBrain
2015-08-23 14:14 - 2015-08-23 14:14 - 00000000 ____D C:\Program Files (x86)\LeapingBrain
2015-08-23 14:13 - 2015-08-23 14:14 - 00000000 ____D C:\Users\Faraz\Downloads\stefangrossman_setup
2015-08-23 14:11 - 2015-08-23 14:12 - 08776196 _____ C:\Users\Faraz\Downloads\stefangrossman_setup.zip
2015-08-22 17:14 - 2015-08-22 17:15 - 35363937 _____ C:\Users\Faraz\Downloads\stefan_grossman.mov
2015-08-22 12:10 - 2015-08-22 14:27 - 00000155 _____ C:\Windows\system32\0
2015-08-20 16:34 - 2015-08-20 16:34 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-08-20 16:32 - 2015-08-20 16:33 - 24345872 _____ (Malwarebytes Corporation ) C:\Users\Faraz\Downloads\mbam-setup-2.1.8.1057.exe
2015-08-20 15:38 - 2015-08-20 15:39 - 04009167 _____ C:\Users\Faraz\Downloads\ServicesRepair.exe
2015-08-19 19:38 - 2015-08-11 06:50 - 25191936 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-08-19 19:38 - 2015-08-11 06:44 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-08-19 19:38 - 2015-08-11 06:03 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-08-19 19:38 - 2015-08-11 05:50 - 19871232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-08-19 14:24 - 2015-08-19 14:24 - 00000422 _____ C:\Users\Faraz\Downloads\mtdvanities.com.duck
2015-08-18 21:34 - 2015-08-18 21:34 - 00272440 _____ C:\Windows\Minidump\081815-14461-01.dmp
2015-08-18 16:58 - 2015-08-18 16:58 - 00000436 _____ C:\Users\Faraz\Downloads\store-gpb25.mybigcommerce.com (1).duck
2015-08-18 16:55 - 2015-08-18 16:55 - 00000436 _____ C:\Users\Faraz\Downloads\store-gpb25.mybigcommerce.com.duck
2015-08-17 18:07 - 2015-08-17 18:07 - 00007894 _____ C:\Users\Faraz\Downloads\Per.zip
2015-08-17 18:07 - 2015-08-17 18:07 - 00000000 ____D C:\Users\Faraz\Downloads\Per
2015-08-17 17:43 - 2015-08-17 17:43 - 00664576 _____ C:\Users\Faraz\Downloads\MicrosoftFixit50562.msi
2015-08-17 16:55 - 2015-08-17 16:55 - 00000000 ____D C:\Users\Faraz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-08-17 16:18 - 2015-08-17 16:18 - 00042152 _____ (Connectify) C:\Windows\system32\Drivers\cnnctfy3.sys
2015-08-17 16:03 - 2015-08-17 16:03 - 10248952 _____ (Connectify) C:\Users\Faraz\Downloads\Connectify2015Installer.exe
2015-08-17 15:45 - 2015-08-17 15:45 - 00000000 _____ C:\Windows\system32\REN9FEA.tmp
2015-08-17 10:37 - 2015-08-18 21:34 - 00000000 ____D C:\Windows\Minidump
2015-08-17 10:37 - 2015-08-17 10:37 - 00272504 _____ C:\Windows\Minidump\081715-16520-01.dmp
2015-08-13 12:50 - 2015-08-13 12:50 - 00001257 _____ C:\Users\Faraz\Downloads\Product SKU (2).csv
2015-08-13 12:49 - 2015-08-13 12:49 - 00001257 _____ C:\Users\Faraz\Downloads\Product SKU (1).csv
2015-08-13 12:37 - 2015-08-13 12:37 - 00000489 _____ C:\Users\Faraz\Downloads\skus-2015-08-13.csv
2015-08-13 12:33 - 2015-08-13 12:33 - 00001269 _____ C:\Users\Faraz\Downloads\Product SKU.csv
2015-08-13 12:17 - 2015-08-13 12:17 - 00000000 ____D C:\Users\Faraz\Tracing
2015-08-13 12:13 - 2015-08-26 01:33 - 00000000 ____D C:\Users\Faraz\AppData\Roaming\Skype
2015-08-13 12:13 - 2015-08-13 12:13 - 00002697 _____ C:\Users\Public\Desktop\Skype.lnk
2015-08-13 12:13 - 2015-08-13 12:13 - 00000000 ___RD C:\Program Files (x86)\Skype
2015-08-13 12:13 - 2015-08-13 12:13 - 00000000 ____D C:\Users\Faraz\AppData\Local\Skype
2015-08-13 12:13 - 2015-08-13 12:13 - 00000000 ____D C:\ProgramData\Skype
2015-08-13 12:13 - 2015-08-13 12:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-08-13 12:10 - 2015-08-13 12:10 - 01385504 _____ (Skype Technologies S.A.) C:\Users\Faraz\Downloads\SkypeSetup.exe
2015-08-12 19:24 - 2015-07-30 18:43 - 00124624 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-08-12 19:24 - 2015-07-30 18:43 - 00103120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-08-12 13:19 - 2015-07-29 01:39 - 00017344 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2015-08-12 13:19 - 2015-07-29 01:35 - 01116672 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-08-12 13:19 - 2015-07-29 01:35 - 00774656 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-08-12 13:19 - 2015-07-29 01:35 - 00743424 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-08-12 13:19 - 2015-07-29 01:35 - 00437760 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-08-12 13:19 - 2015-07-29 01:35 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-08-12 13:19 - 2015-07-29 01:35 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-08-12 13:19 - 2015-07-29 01:25 - 01148416 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-08-12 13:19 - 2015-07-15 23:45 - 05568960 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-08-12 13:19 - 2015-07-15 23:45 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-08-12 13:19 - 2015-07-15 23:45 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-08-12 13:19 - 2015-07-15 23:45 - 00094656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2015-08-12 13:19 - 2015-07-15 23:42 - 01730496 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-08-12 13:19 - 2015-07-15 23:41 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-08-12 13:19 - 2015-07-15 23:41 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-08-12 13:19 - 2015-07-15 23:41 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-08-12 13:19 - 2015-07-15 23:41 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-08-12 13:19 - 2015-07-15 23:41 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-08-12 13:19 - 2015-07-15 23:40 - 01743360 _____ (Microsoft Corporation) C:\Windows\system32\sysmain.dll
2015-08-12 13:19 - 2015-07-15 23:40 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-08-12 13:19 - 2015-07-15 23:40 - 01216512 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-08-12 13:19 - 2015-07-15 23:40 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-08-12 13:19 - 2015-07-15 23:40 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-08-12 13:19 - 2015-07-15 23:40 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-08-12 13:19 - 2015-07-15 23:40 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-08-12 13:19 - 2015-07-15 23:40 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-08-12 13:19 - 2015-07-15 23:40 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-08-12 13:19 - 2015-07-15 23:40 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-08-12 13:19 - 2015-07-15 23:40 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-08-12 13:19 - 2015-07-15 23:40 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-08-12 13:19 - 2015-07-15 23:40 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-08-12 13:19 - 2015-07-15 23:40 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-08-12 13:19 - 2015-07-15 23:40 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-08-12 13:19 - 2015-07-15 23:40 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2015-08-12 13:19 - 2015-07-15 23:40 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-08-12 13:19 - 2015-07-15 23:40 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-08-12 13:19 - 2015-07-15 23:40 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-08-12 13:19 - 2015-07-15 23:40 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-08-12 13:19 - 2015-07-15 23:40 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-08-12 13:19 - 2015-07-15 23:40 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-08-12 13:19 - 2015-07-15 23:40 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2015-08-12 13:19 - 2015-07-15 23:39 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-08-12 13:19 - 2015-07-15 23:39 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-08-12 13:19 - 2015-07-15 23:35 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-08-12 13:19 - 2015-07-15 23:35 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-08-12 13:19 - 2015-07-15 23:30 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-08-12 13:19 - 2015-07-15 23:30 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-08-12 13:19 - 2015-07-15 23:30 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-08-12 13:19 - 2015-07-15 23:30 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-08-12 13:19 - 2015-07-15 23:30 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-08-12 13:19 - 2015-07-15 23:30 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-08-12 13:19 - 2015-07-15 23:30 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-08-12 13:19 - 2015-07-15 23:30 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-08-12 13:19 - 2015-07-15 23:30 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-08-12 13:19 - 2015-07-15 23:30 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-08-12 13:19 - 2015-07-15 23:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-08-12 13:19 - 2015-07-15 23:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-08-12 13:19 - 2015-07-15 23:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-08-12 13:19 - 2015-07-15 23:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-08-12 13:19 - 2015-07-15 23:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-08-12 13:19 - 2015-07-15 23:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-08-12 13:19 - 2015-07-15 23:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-08-12 13:19 - 2015-07-15 23:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-08-12 13:19 - 2015-07-15 23:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-08-12 13:19 - 2015-07-15 23:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-08-12 13:19 - 2015-07-15 23:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-08-12 13:19 - 2015-07-15 23:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-08-12 13:19 - 2015-07-15 23:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-08-12 13:19 - 2015-07-15 23:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-08-12 13:19 - 2015-07-15 23:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-08-12 13:19 - 2015-07-15 23:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-08-12 13:19 - 2015-07-15 23:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-08-12 13:19 - 2015-07-15 23:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-08-12 13:19 - 2015-07-15 23:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-08-12 13:19 - 2015-07-15 23:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-08-12 13:19 - 2015-07-15 23:29 - 03989952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-08-12 13:19 - 2015-07-15 23:29 - 03934656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-08-12 13:19 - 2015-07-15 23:26 - 01311768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-08-12 13:19 - 2015-07-15 23:25 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-08-12 13:19 - 2015-07-15 23:25 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-08-12 13:19 - 2015-07-15 23:25 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-08-12 13:19 - 2015-07-15 23:25 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-08-12 13:19 - 2015-07-15 23:25 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-08-12 13:19 - 2015-07-15 23:24 - 00552960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-08-12 13:19 - 2015-07-15 23:24 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-08-12 13:19 - 2015-07-15 23:24 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-08-12 13:19 - 2015-07-15 23:24 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2015-08-12 13:19 - 2015-07-15 23:24 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-08-12 13:19 - 2015-07-15 23:24 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-08-12 13:19 - 2015-07-15 23:24 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-08-12 13:19 - 2015-07-15 23:23 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-08-12 13:19 - 2015-07-15 23:23 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2015-08-12 13:19 - 2015-07-15 23:23 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-08-12 13:19 - 2015-07-15 23:23 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-08-12 13:19 - 2015-07-15 23:23 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-08-12 13:19 - 2015-07-15 23:23 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-08-12 13:19 - 2015-07-15 23:19 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-08-12 13:19 - 2015-07-15 23:18 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-08-12 13:19 - 2015-07-15 23:14 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-08-12 13:19 - 2015-07-15 23:14 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-08-12 13:19 - 2015-07-15 23:14 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-08-12 13:19 - 2015-07-15 23:14 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-08-12 13:19 - 2015-07-15 23:14 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-08-12 13:19 - 2015-07-15 23:14 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-08-12 13:19 - 2015-07-15 23:14 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-08-12 13:19 - 2015-07-15 23:14 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-08-12 13:19 - 2015-07-15 23:14 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-08-12 13:19 - 2015-07-15 23:14 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-08-12 13:19 - 2015-07-15 23:14 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-08-12 13:19 - 2015-07-15 23:14 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-08-12 13:19 - 2015-07-15 23:14 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-08-12 13:19 - 2015-07-15 23:14 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-08-12 13:19 - 2015-07-15 23:14 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-08-12 13:19 - 2015-07-15 23:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-08-12 13:19 - 2015-07-15 23:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-08-12 13:19 - 2015-07-15 23:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-08-12 13:19 - 2015-07-15 23:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-08-12 13:19 - 2015-07-15 23:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-08-12 13:19 - 2015-07-15 23:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-08-12 13:19 - 2015-07-15 23:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-08-12 13:19 - 2015-07-15 23:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-08-12 13:19 - 2015-07-15 23:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-08-12 13:19 - 2015-07-15 23:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-08-12 13:19 - 2015-07-15 23:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-08-12 13:19 - 2015-07-15 22:16 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-08-12 13:19 - 2015-07-15 22:16 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-08-12 13:19 - 2015-07-15 22:16 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-08-12 13:19 - 2015-07-15 22:07 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-08-12 13:19 - 2015-07-15 22:07 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-08-12 13:19 - 2015-07-15 22:04 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-08-12 13:19 - 2015-07-15 22:04 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-08-12 13:19 - 2015-07-15 22:04 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-08-12 13:19 - 2015-07-15 22:04 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-08-12 13:19 - 2015-07-10 23:21 - 14177280 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-08-12 13:19 - 2015-07-10 23:04 - 12875776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-08-12 13:18 - 2015-07-17 02:06 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-08-12 13:18 - 2015-07-17 02:05 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-08-12 13:18 - 2015-07-17 01:51 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-08-12 13:18 - 2015-07-17 01:20 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-08-12 13:18 - 2015-07-17 01:15 - 02279424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-08-12 13:18 - 2015-07-17 01:13 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-08-12 13:18 - 2015-07-17 00:49 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-08-12 13:18 - 2015-07-15 08:49 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\basesrv.dll
2015-08-12 13:18 - 2015-07-10 23:21 - 03722752 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2015-08-12 13:18 - 2015-07-10 23:21 - 00158720 _____ (Microsoft Corporation) C:\Windows\system32\aaclient.dll
2015-08-12 13:18 - 2015-07-10 23:21 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2015-08-12 13:18 - 2015-07-10 23:04 - 03221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2015-08-12 13:18 - 2015-07-10 23:04 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2015-08-12 13:18 - 2015-07-10 23:03 - 00131584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2015-08-12 13:17 - 2015-07-21 06:09 - 00389840 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-08-12 13:17 - 2015-07-21 05:42 - 00342736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-08-12 13:17 - 2015-07-17 02:24 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-08-12 13:17 - 2015-07-17 02:07 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-08-12 13:17 - 2015-07-17 02:06 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-08-12 13:17 - 2015-07-17 02:06 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-08-12 13:17 - 2015-07-17 02:05 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-08-12 13:17 - 2015-07-17 01:57 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-08-12 13:17 - 2015-07-17 01:56 - 05923328 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-08-12 13:17 - 2015-07-17 01:56 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-08-12 13:17 - 2015-07-17 01:53 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-08-12 13:17 - 2015-07-17 01:51 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-08-12 13:17 - 2015-07-17 01:51 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-08-12 13:17 - 2015-07-17 01:51 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-08-12 13:17 - 2015-07-17 01:42 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-08-12 13:17 - 2015-07-17 01:38 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-08-12 13:17 - 2015-07-17 01:30 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-08-12 13:17 - 2015-07-17 01:25 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-08-12 13:17 - 2015-07-17 01:24 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-08-12 13:17 - 2015-07-17 01:21 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-08-12 13:17 - 2015-07-17 01:21 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-08-12 13:17 - 2015-07-17 01:21 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-08-12 13:17 - 2015-07-17 01:20 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-08-12 13:17 - 2015-07-17 01:19 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-08-12 13:17 - 2015-07-17 01:13 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-08-12 13:17 - 2015-07-17 01:11 - 00479232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-08-12 13:17 - 2015-07-17 01:09 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-08-12 13:17 - 2015-07-17 01:09 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-08-12 13:17 - 2015-07-17 01:08 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-08-12 13:17 - 2015-07-17 01:06 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-08-12 13:17 - 2015-07-17 01:05 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-08-12 13:17 - 2015-07-17 01:04 - 14451200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-08-12 13:17 - 2015-07-17 01:03 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-08-12 13:17 - 2015-07-17 01:02 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-08-12 13:17 - 2015-07-17 00:59 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-08-12 13:17 - 2015-07-17 00:54 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-08-12 13:17 - 2015-07-17 00:50 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-08-12 13:17 - 2015-07-17 00:47 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-08-12 13:17 - 2015-07-17 00:42 - 04520448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-08-12 13:17 - 2015-07-17 00:42 - 02427904 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-08-12 13:17 - 2015-07-17 00:40 - 12856832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-08-12 13:17 - 2015-07-17 00:36 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-08-12 13:17 - 2015-07-17 00:36 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-08-12 13:17 - 2015-07-17 00:35 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-08-12 13:17 - 2015-07-17 00:31 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-08-12 13:17 - 2015-07-17 00:19 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-08-12 13:17 - 2015-07-17 00:12 - 01951232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-08-12 13:17 - 2015-07-17 00:08 - 01310720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-08-12 13:17 - 2015-07-17 00:07 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-08-12 13:15 - 2015-07-30 23:36 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2015-08-12 13:15 - 2015-07-30 23:36 - 01648128 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-08-12 13:15 - 2015-07-30 23:36 - 01180160 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-08-12 13:15 - 2015-07-30 23:36 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-08-12 13:15 - 2015-07-30 23:36 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-08-12 13:15 - 2015-07-30 23:36 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-08-12 13:15 - 2015-07-30 23:36 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-08-12 13:15 - 2015-07-30 23:27 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2015-08-12 13:15 - 2015-07-30 23:27 - 01251328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-08-12 13:15 - 2015-07-30 23:27 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2015-08-12 13:15 - 2015-07-30 23:27 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-08-12 13:15 - 2015-07-30 23:27 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2015-08-12 13:15 - 2015-07-30 23:25 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2015-08-12 13:15 - 2015-07-30 22:26 - 03208192 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-08-12 13:15 - 2015-07-30 22:22 - 00372736 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-08-12 13:15 - 2015-07-30 22:19 - 00299520 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-08-12 13:15 - 2015-07-20 23:42 - 03154944 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-08-12 13:15 - 2015-07-20 23:42 - 02606080 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-08-12 13:15 - 2015-07-20 23:42 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-08-12 13:15 - 2015-07-20 23:42 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-08-12 13:15 - 2015-07-20 23:42 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-08-12 13:15 - 2015-07-20 23:42 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-08-12 13:15 - 2015-07-20 23:42 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-08-12 13:15 - 2015-07-20 23:42 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-08-12 13:15 - 2015-07-20 23:42 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-08-12 13:15 - 2015-07-20 23:42 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-08-12 13:15 - 2015-07-20 23:42 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-08-12 13:15 - 2015-07-20 23:26 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-08-12 13:15 - 2015-07-20 23:26 - 00173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-08-12 13:15 - 2015-07-20 23:26 - 00093184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-08-12 13:15 - 2015-07-20 23:26 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-08-12 13:15 - 2015-07-20 23:26 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-08-12 13:15 - 2015-07-15 08:49 - 02004992 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2015-08-12 13:15 - 2015-07-15 08:49 - 01887232 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-08-12 13:15 - 2015-07-15 08:44 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2015-08-12 13:15 - 2015-07-15 08:43 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2015-08-12 13:15 - 2015-07-15 08:25 - 01390592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2015-08-12 13:15 - 2015-07-15 08:25 - 01241088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2015-08-12 13:15 - 2015-07-15 08:21 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
2015-08-12 13:15 - 2015-07-15 08:21 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2015-08-12 13:15 - 2015-07-09 23:27 - 00193536 _____ (Microsoft Corporation) C:\Windows\system32\notepad.exe
2015-08-12 13:15 - 2015-07-09 23:27 - 00193536 _____ (Microsoft Corporation) C:\Windows\notepad.exe
2015-08-12 13:15 - 2015-07-09 23:12 - 00179712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
2015-08-12 13:15 - 2015-07-02 02:19 - 00260096 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2015-08-12 13:15 - 2015-07-02 02:18 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2015-08-12 13:15 - 2015-07-02 02:00 - 00206848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2015-08-12 13:15 - 2015-07-02 02:00 - 00082432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
2015-08-12 13:14 - 2015-05-09 23:56 - 00493504 _____ (Microsoft Corporation) C:\Windows\system32\mcupdate_GenuineIntel.dll
2015-08-11 16:36 - 2015-08-11 16:36 - 00004544 _____ C:\Users\Faraz\Downloads\p5qzhgdwiyztrzkypgfhtc8i4qjkxnv8.zip
2015-08-11 16:36 - 2015-08-11 16:36 - 00000000 ____D C:\Users\Faraz\Downloads\p5qzhgdwiyztrzkypgfhtc8i4qjkxnv8
2015-08-11 16:06 - 2015-08-11 16:06 - 00004549 _____ C:\Users\Faraz\Downloads\ezaiphgksdg12wgvutrrvxear1k8alhy.zip
2015-08-11 16:06 - 2015-08-11 16:06 - 00000000 ____D C:\Users\Faraz\Downloads\ezaiphgksdg12wgvutrrvxear1k8alhy
2015-08-06 18:37 - 2015-08-06 18:37 - 00194885 _____ C:\Users\Faraz\Downloads\hjsplit.zip
2015-08-06 14:03 - 2015-08-06 14:03 - 00053946 _____ C:\Users\Faraz\Downloads\products-2015-08-05 (1).csv
2015-08-06 13:01 - 2015-08-06 13:03 - 00454057 _____ C:\Users\Faraz\Downloads\products-2015-08-05.csv
2015-08-06 12:58 - 2015-08-06 11:20 - 04795639 _____ C:\Users\Faraz\Downloads\attributes.csv
2015-08-06 12:46 - 2015-08-06 12:46 - 00000462 _____ C:\Users\Faraz\Downloads\www.govtechdepot.com.duck
2015-08-05 15:59 - 2015-08-05 15:59 - 00000446 _____ C:\Users\Faraz\Downloads\store-njwmv1.mybigcommerce.com.duck
2015-08-05 13:03 - 2015-08-05 13:03 - 00000441 _____ C:\Users\Faraz\Downloads\store-8jh2a5fg.mybigcommerce.com.duck
2015-08-04 19:01 - 2015-08-04 19:01 - 00000438 _____ C:\Users\Faraz\Downloads\www.savoywatches.com.duck
2015-08-04 14:32 - 2015-08-04 16:40 - 00000000 ____D C:\Windows\pss
2015-08-02 13:57 - 2015-08-02 13:57 - 00000098 _____ C:\Users\Faraz\Downloads\ohleech.com_AV-Qu33N-DR1P.rar
2015-08-02 13:45 - 2015-08-02 13:45 - 00000000 ____D C:\Users\Faraz\AppData\Local\CEF
2015-08-02 13:44 - 2015-08-03 11:16 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2015-08-02 13:43 - 2015-08-02 13:43 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2015-08-02 13:43 - 2015-08-02 13:43 - 00000000 ____D C:\Program Files (x86)\Adobe
2015-08-02 13:42 - 2015-08-02 13:45 - 00000000 ____D C:\ProgramData\Adobe
2015-08-02 13:39 - 2015-08-02 13:45 - 00000000 ____D C:\Users\Faraz\AppData\Local\Adobe
2015-08-02 11:13 - 2015-08-02 11:13 - 00378880 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2015-08-02 11:13 - 2015-08-02 11:13 - 00043112 _____ (AVAST Software) C:\Windows\avastSS.scr

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-08-26 12:58 - 2015-02-19 04:41 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-08-26 12:58 - 2015-02-19 04:41 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-08-26 12:56 - 2009-07-14 10:15 - 00021648 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-08-26 12:56 - 2009-07-14 10:15 - 00021648 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-08-26 12:53 - 2015-02-19 04:29 - 01458904 _____ C:\Windows\WindowsUpdate.log
2015-08-26 12:53 - 2009-07-14 10:43 - 00782470 _____ C:\Windows\system32\PerfStringBackup.INI
2015-08-26 12:50 - 2015-06-16 16:39 - 00000918 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-4285837406-2611494833-1162170984-1000UA.job
2015-08-26 12:50 - 2015-06-16 16:39 - 00000866 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-4285837406-2611494833-1162170984-1000Core.job
2015-08-26 12:46 - 2009-07-14 10:38 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-08-26 12:46 - 2009-07-14 10:21 - 00055033 _____ C:\Windows\setupact.log
2015-08-26 12:37 - 2009-07-14 10:38 - 00032652 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-08-26 01:34 - 2015-02-19 06:00 - 00000000 ____D C:\Users\Faraz\AppData\Roaming\DMCache
2015-08-26 01:08 - 2015-07-06 12:25 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-08-25 21:14 - 2015-02-19 05:48 - 00015774 _____ C:\Windows\system32\results.xml
2015-08-25 19:06 - 2015-02-19 04:40 - 00000000 ____D C:\Users\Faraz\AppData\Local\Deployment
2015-08-24 13:22 - 2010-11-21 09:17 - 00361292 _____ C:\Windows\PFRO.log
2015-08-23 14:09 - 2015-03-05 13:48 - 00000000 ____D C:\Users\Faraz\AppData\Roaming\vlc
2015-08-23 11:45 - 2015-02-19 05:01 - 00000000 ____D C:\Users\Faraz\AppData\Roaming\uTorrent
2015-08-23 11:42 - 2015-04-13 23:59 - 00000000 ____D C:\Program Files\SecurityKISS Tunnel
2015-08-23 11:41 - 2015-02-19 11:35 - 00000000 ____D C:\ProgramData\DatacardService
2015-08-23 11:40 - 2015-06-03 15:07 - 00000000 ____D C:\Program Files (x86)\Citrix
2015-08-23 11:40 - 2015-06-03 14:19 - 00000000 ____D C:\Users\Faraz\Documents\Fiddler2
2015-08-23 11:40 - 2015-03-15 14:41 - 00000000 ____D C:\Program Files (x86)\Fiddler2
2015-08-23 11:32 - 2015-05-09 18:23 - 00000000 ____D C:\Users\Faraz\AppData\Local\Android
2015-08-23 11:32 - 2015-02-19 04:29 - 00000000 ____D C:\Users\Faraz
2015-08-23 11:31 - 2015-05-09 18:22 - 00000000 ____D C:\Program Files\Android
2015-08-23 11:13 - 2009-07-14 08:50 - 00000000 ____D C:\Windows\system32\NDF
2015-08-22 13:01 - 2015-02-19 04:52 - 00002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-08-18 23:10 - 2015-03-03 12:21 - 00775084 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2015-08-17 18:41 - 2015-02-19 21:21 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2015-08-17 16:55 - 2015-02-19 21:29 - 00000000 ____D C:\Users\Faraz\AppData\Roaming\Dropbox
2015-08-17 15:47 - 2015-05-09 21:30 - 00000000 ____D C:\ProgramData\Oracle
2015-08-17 15:45 - 2015-05-09 21:29 - 00000000 ____D C:\Program Files\Java
2015-08-17 15:42 - 2015-05-09 18:18 - 00097888 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-08-17 15:41 - 2015-05-09 18:17 - 00000000 ____D C:\Program Files (x86)\Java
2015-08-14 13:07 - 2015-07-16 03:49 - 00000000 ____D C:\Windows\rescache
2015-08-14 12:18 - 2015-02-19 21:20 - 01048344 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2015-08-13 11:37 - 2009-07-14 10:15 - 00281488 _____ C:\Windows\system32\FNTCACHE.DAT
2015-08-13 11:35 - 2015-02-21 17:31 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-08-13 11:35 - 2015-02-21 17:31 - 00000000 ____D C:\Windows\system32\appraiser
2015-08-12 19:18 - 2015-04-13 15:41 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-08-06 12:17 - 2015-03-03 14:13 - 00000000 __SHD C:\Users\Faraz\wc
2015-08-04 16:29 - 2015-02-19 21:52 - 00000000 ___RD C:\Users\Faraz\Dropbox
2015-08-02 13:44 - 2015-02-22 01:43 - 00000000 ____D C:\Users\Faraz\AppData\Roaming\Adobe
2015-08-02 11:13 - 2015-02-19 21:20 - 00447944 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2015-08-02 11:13 - 2015-02-19 21:20 - 00274808 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2015-08-02 11:13 - 2015-02-19 21:20 - 00150672 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2015-08-02 11:13 - 2015-02-19 21:20 - 00093528 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2015-08-02 11:13 - 2015-02-19 21:20 - 00090968 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2015-08-02 11:13 - 2015-02-19 21:20 - 00065224 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2015-08-02 11:13 - 2015-02-19 21:20 - 00028656 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys

==================== Files in the root of some directories =======

2015-03-03 11:33 - 2015-03-03 11:33 - 0000000 _____ () C:\Users\Faraz\AppData\Local\{9288891C-01E9-403D-A93B-12D4AA9F95CE}

Some files in TEMP:
====================
C:\Users\Faraz\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpoqnjre.dll
C:\Users\Faraz\AppData\Local\Temp\DseShExt-x64.dll
C:\Users\Faraz\AppData\Local\Temp\DseShExt-x86.dll
C:\Users\Faraz\AppData\Local\Temp\SDShelEx-win32.dll
C:\Users\Faraz\AppData\Local\Temp\SDShelEx-x64.dll
C:\Users\Faraz\AppData\Local\Temp\sqlite3.dll
C:\Users\Faraz\AppData\Local\Temp\vlc-2.2.1-win32.exe
C:\Users\Faraz\AppData\Local\Temp\{100F937D-BFF7-421B-BFD9-BF8F3841F7E1}-DropboxClient_3.8.5.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-08-22 13:39

==================== End of FRST.txt ============================
Attached Files
File Type: txt Addition_26-08-2015_13-02-00.txt (28.5 KB, 30 views)
MoinFaraz is offline  
Sponsored Links
Advertisement
 
Old 08-26-2015, 09:46 AM   #4
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello MoinFaraz. Press the Windows "logo" key and "R" key then copy/paste the following single-line command into the Run box and click OK:

msconfig

Open the Services tab, uncheck 'Hide all Microsoft services' if checked, then click 'Enable all' > 'Apply'.

Open the Startup tab and click 'Enable all' > 'Apply'.

Reboot your machine, run FRST64.exe once more, and post/attach the logs as before.

Make sure you check the Addition.txt box before clicking Run.

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 08-26-2015, 11:03 AM   #5
Registered Member
 
Join Date: Aug 2015
Posts: 16
OS: Windows 7



Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:25-08-2015 02
Ran by Faraz (administrator) on FARAZ-PC (26-08-2015 23:15:12)
Running from C:\Users\Faraz\Downloads
Loaded Profiles: Faraz (Available Profiles: Faraz)
Platform: Windows 7 Home Basic Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Geeks to Go Forum

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Dell Inc.) C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE
(Dell Inc.) C:\Program Files\Dell\DW WLAN Card\BCMWLTRY.EXE
(Dell Inc.) C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Connectify) C:\Program Files (x86)\Connectify\DispatchUI.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Connectify) C:\Program Files (x86)\Connectify\Connectify.exe
(Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IDMan.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\perfhost.exe
(Microsoft Corporation) C:\Windows\System32\Locator.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe
(Microsoft Corporation) C:\Windows\System32\UI0Detect.exe
(Connectify) C:\Program Files (x86)\Connectify\ConnectifyService.exe
(Connectify) C:\Program Files (x86)\Connectify\Connectifyd.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.1\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.1\GoogleCrashHandler64.exe
(TechSmith Corporation) C:\Program Files (x86)\TechSmith\Jing\Jing.exe
(Dropbox, Inc.) C:\Users\Faraz\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Connectify) C:\Program Files (x86)\Connectify\ConnectifyNetServices.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Broadcom Wireless Manager UI] => C:\Program Files\Dell\DW WLAN Card\WLTRAY.exe [5712896 2010-02-02] (Dell Inc.)
HKLM\...\Run: [Connectify Dispatch] => C:\Program Files (x86)\Connectify\DispatchUI.exe [1672992 2014-03-05] (Connectify)
HKLM\...\Run: [Connectify Hotspot] => C:\Program Files (x86)\Connectify\Connectify.exe [3761952 2014-03-05] (Connectify)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [597552 2015-08-04] (Oracle Corporation)
HKLM-x32\...\Run: [AvastUI.exe] => "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-4285837406-2611494833-1162170984-1000\...\Run: [IDMan] => C:\Program Files (x86)\Internet Download Manager\IDMan.exe [3890768 2015-01-26] (Tonec Inc.)
HKU\S-1-5-21-4285837406-2611494833-1162170984-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [53729824 2015-08-07] (Skype Technologies S.A.)
HKU\S-1-5-21-4285837406-2611494833-1162170984-1000\...\Run: [Jing] => C:\Program Files (x86)\TechSmith\Jing\Jing.exe [2909640 2013-01-07] (TechSmith Corporation)
HKU\S-1-5-21-4285837406-2611494833-1162170984-1000\...\Run: [Dropbox Update] => C:\Users\Faraz\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-16] (Dropbox, Inc.)
Startup: C:\Users\Faraz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2015-08-26]
ShortcutTarget: Dropbox.lnk -> C:\Users\Faraz\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Faraz\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Faraz\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Faraz\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Faraz\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Faraz\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Faraz\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Faraz\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Faraz\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
ShellIconOverlayIdentifiers: [IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll [2014-04-21] (Tonec Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Faraz\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Faraz\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Faraz\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Faraz\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Faraz\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Faraz\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Faraz\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Faraz\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-06] (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://in.yahoo.com/?fr=fp-spt_gen
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://in.yahoo.com/?fr=fp-spt_gen
HKU\S-1-5-21-4285837406-2611494833-1162170984-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://in.yahoo.com/?fr=fp-spt_gen
HKU\S-1-5-21-4285837406-2611494833-1162170984-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/en-in/?ocid=iehp
BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll [2015-01-26] (Internet Download Manager, Tonec Inc.)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_60\bin\ssv.dll [2015-08-26] (Oracle Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_60\bin\jp2ssv.dll [2015-08-26] (Oracle Corporation)
BHO-x32: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll [2015-01-26] (Internet Download Manager, Tonec Inc.)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\ssv.dll [2015-08-17] (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\jp2ssv.dll [2015-08-17] (Oracle Corporation)
Tcpip\Parameters: [DhcpNameServer] 113.193.14.16 113.193.0.148
Tcpip\..\Interfaces\{1BF92EC9-E983-40F4-B355-894EEEFED04B}: [DhcpNameServer] 113.193.14.16 113.193.0.148
Tcpip\..\Interfaces\{4508BC6E-B16B-4ED0-BA83-6806ED4CA745}: [NameServer] 8.8.8.8,8.8.4.4

FireFox:
========
FF ProfilePath: C:\Users\Faraz\AppData\Roaming\Mozilla\Firefox\Profiles\wo1u0pdd.default
FF Plugin: @java.com/DTPlugin,version=11.60.2 -> C:\Program Files\Java\jre1.8.0_60\bin\dtplugin\npDeployJava1.dll [2015-08-26] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.60.2 -> C:\Program Files\Java\jre1.8.0_60\bin\plugin2\npjp2.dll [2015-08-26] (Oracle Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.51.2 -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\dtplugin\npDeployJava1.dll [2015-08-17] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.51.2 -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\plugin2\npjp2.dll [2015-08-17] (Oracle Corporation)
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll [2012-05-25] (Yahoo! Inc.)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-01-10] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-16] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-07-03] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-4285837406-2611494833-1162170984-1000: @citrixonline.com/appdetectorplugin -> C:\Users\Faraz\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2015-03-18] (Citrix Online)
FF Extension: Adblock Plus - C:\Users\Faraz\AppData\Roaming\Mozilla\Firefox\Profiles\wo1u0pdd.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-04-15]
FF HKU\S-1-5-21-4285837406-2611494833-1162170984-1000\...\Firefox\Extensions: [[email protected]] - C:\Users\Faraz\AppData\Roaming\IDM\idmmzcc5
FF Extension: IDM CC - C:\Users\Faraz\AppData\Roaming\IDM\idmmzcc5 [2015-02-19]
FF HKU\S-1-5-21-4285837406-2611494833-1162170984-1000\...\SeaMonkey\Extensions: [[email protected]] - C:\Users\Faraz\AppData\Roaming\IDM\idmmzcc5
FF Extension: No Name - C:\Program Files (x86)\Fiddler2\FiddlerHook [not found]

Chrome:
=======
CHR Profile: C:\Users\Faraz\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Faraz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-03-01]
CHR Extension: (Google Docs) - C:\Users\Faraz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-03-01]
CHR Extension: (Google Drive) - C:\Users\Faraz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-03-01]
CHR Extension: (YouTube) - C:\Users\Faraz\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-03-01]
CHR Extension: (Google Search) - C:\Users\Faraz\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-03-01]
CHR Extension: (Google Sheets) - C:\Users\Faraz\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-03-01]
CHR Extension: (AdBlock) - C:\Users\Faraz\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-03-04]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\Faraz\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2015-03-01]
CHR Extension: (IDM Integration Module) - C:\Users\Faraz\AppData\Local\Google\Chrome\User Data\Default\Extensions\jeaohhlajejodfjadcponpnjgkiikocn [2015-03-01]
CHR Extension: (Hangouts) - C:\Users\Faraz\AppData\Local\Google\Chrome\User Data\Default\Extensions\knipolnnllmklapflnccelgolnpehhpl [2015-03-10]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Faraz\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-05]
CHR Extension: (Google Dictionary (by Google)) - C:\Users\Faraz\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgijmajocgfcbeboacabfgobmjgjcoja [2015-03-15]
CHR Extension: (Google Wallet) - C:\Users\Faraz\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-03-07]
CHR Extension: (Hover Zoom) - C:\Users\Faraz\AppData\Local\Google\Chrome\User Data\Default\Extensions\nonjdcjchghhkdoolnlbekcfllmednbl [2015-03-25]
CHR Extension: (Gmail) - C:\Users\Faraz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-01]
CHR Profile: C:\Users\Faraz\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (Google Drive) - C:\Users\Faraz\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-03-01]
CHR Extension: (YouTube) - C:\Users\Faraz\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-03-01]
CHR Extension: (Google Search) - C:\Users\Faraz\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-03-01]
CHR Extension: (Full Page Screen Capture) - C:\Users\Faraz\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\fdpohaocaechififmbbbbbknoalclacl [2015-04-08]
CHR Extension: (AdBlock) - C:\Users\Faraz\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-04-08]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\Faraz\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2015-04-08]
CHR Extension: (IDM Integration Module) - C:\Users\Faraz\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\jeaohhlajejodfjadcponpnjgkiikocn [2015-03-01]
CHR Extension: (Evernote Web) - C:\Users\Faraz\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lbfehkoinhhcknnbdgnnmjhiladcgbol [2015-04-08]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Faraz\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-04-08]
CHR Extension: (Google Dictionary (by Google)) - C:\Users\Faraz\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\mgijmajocgfcbeboacabfgobmjgjcoja [2015-04-08]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Faraz\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-04-08]
CHR Extension: (Hover Zoom) - C:\Users\Faraz\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nonjdcjchghhkdoolnlbekcfllmednbl [2015-04-08]
CHR Extension: (Gmail) - C:\Users\Faraz\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-01]
CHR HKLM\...\Chrome\Extension: [jeaohhlajejodfjadcponpnjgkiikocn] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2015-01-26]
CHR HKLM-x32\...\Chrome\Extension: [jeaohhlajejodfjadcponpnjgkiikocn] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2015-01-26]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Connectify; C:\Program Files (x86)\Connectify\ConnectifyService.exe [487936 2014-03-05] (Connectify) [File not signed]
S3 wampapache64; c:\wamp\bin\apache\apache2.4.9\bin\httpd.exe [24576 2014-05-01] (Apache Software Foundation) [File not signed]
S3 wampmysqld64; c:\wamp\bin\mysql\mysql5.6.17\bin\mysqld.exe [12942848 2014-05-01] () [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 wltrysvc; C:\Program Files\Dell\DW WLAN Card\bcmwltry.exe [5088256 2010-02-02] (Dell Inc.) [File not signed]
S4 HWDeviceService64.exe; "C:\ProgramData\DatacardService\HWDeviceService64.exe" -/service [X]
S4 wifimansvc; C:\Program Files (x86)\Mobile Partner\eap\wifimansvc.exe [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 cnnctfy3; C:\Windows\System32\DRIVERS\cnnctfy3.sys [35352 2015-08-26] (Connectify)
R2 PHYMEM; C:\Windows\system32\ami_ipower.sys [15992 2015-08-25] ()
S3 ewusbmbb; system32\DRIVERS\ewusbwwan.sys [X]
S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [X]
S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-08-26 20:31 - 2015-08-26 20:31 - 00000358 _____ C:\Users\Public\Desktop\Connectify Hotspot.lnk
2015-08-26 20:31 - 2015-08-26 20:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Connectify
2015-08-26 20:29 - 2015-08-26 20:29 - 00035352 _____ (Connectify) C:\Windows\system32\Drivers\cnnctfy3.sys
2015-08-26 19:01 - 2015-08-26 19:01 - 00000000 ____D C:\ProgramData\Connectify
2015-08-26 14:59 - 2015-08-26 14:59 - 00000000 ____D C:\Users\Faraz\AppData\Local\CrashDumps
2015-08-26 14:49 - 2015-08-26 20:31 - 00000374 _____ C:\Users\Public\Desktop\Connectify Dispatch.lnk
2015-08-26 14:47 - 2015-08-26 20:36 - 00000000 ____D C:\Program Files (x86)\Connectify
2015-08-26 14:45 - 2015-08-26 14:45 - 00000000 ____D C:\Users\Faraz\Downloads\sHaRewbb_ctify733
2015-08-26 14:44 - 2015-08-26 14:45 - 09575403 _____ C:\Users\Faraz\Downloads\sHaRewbb_ctify733.rar
2015-08-26 14:09 - 2015-08-26 18:51 - 00000000 ____D C:\Program Files (x86)\PdaNet for Android
2015-08-26 14:09 - 2011-11-25 01:25 - 00015360 _____ (June Fabrics Technology Inc.) C:\Windows\system32\Drivers\pneteth.sys
2015-08-26 14:08 - 2015-08-26 14:08 - 03214808 _____ (June Fabrics Technology Inc. ) C:\Users\Faraz\Downloads\PdaNetA4181.exe
2015-08-26 13:58 - 2015-08-26 13:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Android SDK Tools
2015-08-26 13:57 - 2015-08-26 13:57 - 00000000 ____D C:\Program Files (x86)\Android
2015-08-26 13:56 - 2015-08-26 13:57 - 00000000 ____D C:\Users\Faraz\.oracle_jre_usage
2015-08-26 13:56 - 2015-08-26 13:56 - 00000000 ____D C:\Users\Faraz\AppData\Roaming\Sun
2015-08-26 13:56 - 2015-08-26 13:55 - 00110688 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2015-08-26 13:22 - 2015-08-26 13:34 - 195200088 _____ (Oracle Corporation) C:\Users\Faraz\Downloads\jdk-8u60-windows-x64.exe
2015-08-26 13:13 - 2015-08-26 13:13 - 00000000 ____D C:\adhoctablets
2015-08-26 13:12 - 2015-08-26 13:12 - 00737451 _____ C:\Users\Faraz\Downloads\adhoctablets.zip
2015-08-26 13:01 - 2015-08-26 13:02 - 00029179 _____ C:\Users\Faraz\Downloads\Addition.txt
2015-08-26 13:00 - 2015-08-26 23:16 - 00020029 _____ C:\Users\Faraz\Downloads\FRST.txt
2015-08-26 12:59 - 2015-08-26 23:15 - 00000000 ____D C:\FRST
2015-08-26 12:59 - 2015-08-26 12:59 - 02186752 _____ (Farbar) C:\Users\Faraz\Downloads\FRST64.exe
2015-08-26 12:51 - 2015-08-26 23:12 - 00000374 _____ C:\Windows\system32\Drivers\etc\hosts.ics
2015-08-26 12:43 - 2015-08-26 12:44 - 00000000 ____D C:\AdwCleaner
2015-08-26 12:42 - 2015-08-26 12:42 - 01605632 _____ C:\Users\Faraz\Downloads\AdwCleaner.exe
2015-08-25 21:19 - 2015-08-25 21:19 - 00004170 _____ C:\Windows\DPINST.LOG
2015-08-25 21:07 - 2015-08-25 21:07 - 00000000 ____D C:\Intel
2015-08-25 21:07 - 2010-09-07 19:59 - 03156504 _____ (Intel Corporation) C:\Windows\system32\GfxUI.exe
2015-08-25 21:07 - 2010-09-07 19:59 - 00508952 _____ (Intel Corporation) C:\Windows\system32\igfxsrvc.exe
2015-08-25 21:07 - 2010-09-07 19:59 - 00415256 _____ (Intel Corporation) C:\Windows\system32\igfxpers.exe
2015-08-25 21:07 - 2010-09-07 19:59 - 00386584 _____ (Intel Corporation) C:\Windows\system32\hkcmd.exe
2015-08-25 21:07 - 2010-09-07 19:59 - 00223768 _____ (Intel Corporation) C:\Windows\system32\igfxext.exe
2015-08-25 21:07 - 2010-09-07 19:59 - 00161304 _____ (Intel Corporation) C:\Windows\system32\igfxtray.exe
2015-08-25 21:07 - 2010-09-07 19:59 - 00152600 _____ C:\Windows\system32\difx64.exe
2015-08-25 21:07 - 2010-08-30 11:17 - 00289280 _____ (Intel(R) Corporation) C:\Windows\system32\Drivers\IntcDAud.sys
2015-08-25 21:07 - 2010-08-30 11:17 - 00014848 _____ (Intel(R) Corporation) C:\Windows\system32\IntcDAuC.dll
2015-08-25 21:07 - 2010-08-25 19:58 - 00005396 _____ C:\Windows\system32\iglhxs64.vp
2015-08-25 21:07 - 2010-08-25 19:40 - 00090112 _____ (Intel Corporation) C:\Windows\system32\igfxCoIn_v2202.dll
2015-08-25 21:07 - 2010-08-25 19:36 - 10611552 _____ (Intel Corporation) C:\Windows\system32\Drivers\igdkmd64.sys
2015-08-25 21:07 - 2010-08-25 19:36 - 06547968 _____ (Intel Corporation) C:\Windows\system32\igdumd64.dll
2015-08-25 21:07 - 2010-08-25 19:34 - 00127868 _____ C:\Windows\SysWOW64\igcompkrng575.bin
2015-08-25 21:07 - 2010-08-25 19:34 - 00127868 _____ C:\Windows\system32\igcompkrng575.bin
2015-08-25 21:07 - 2010-08-25 19:34 - 00104796 _____ C:\Windows\SysWOW64\igfcg575m.bin
2015-08-25 21:07 - 2010-08-25 19:34 - 00104796 _____ C:\Windows\system32\igfcg575m.bin
2015-08-25 21:07 - 2010-08-25 19:23 - 04411904 _____ (Intel Corporation) C:\Windows\SysWOW64\igd10umd32.dll
2015-08-25 21:07 - 2010-08-25 19:17 - 15032832 _____ (Intel Corporation) C:\Windows\system32\ig4icd64.dll
2015-08-25 21:07 - 2010-08-25 19:09 - 11040256 _____ (Intel Corporation) C:\Windows\SysWOW64\ig4icd32.dll
2015-08-25 21:07 - 2010-08-25 19:05 - 00189408 _____ C:\Windows\system32\Gfxres.th-TH.resources
2015-08-25 21:07 - 2010-08-25 19:05 - 00178288 _____ C:\Windows\system32\Gfxres.el-GR.resources
2015-08-25 21:07 - 2010-08-25 19:05 - 00165251 _____ C:\Windows\system32\Gfxres.ru-RU.resources
2015-08-25 21:07 - 2010-08-25 19:05 - 00139830 _____ C:\Windows\system32\Gfxres.ar-SA.resources
2015-08-25 21:07 - 2010-08-25 19:05 - 00136327 _____ C:\Windows\system32\Gfxres.ja-JP.resources
2015-08-25 21:07 - 2010-08-25 19:05 - 00133680 _____ C:\Windows\system32\Gfxres.he-IL.resources
2015-08-25 21:07 - 2010-08-25 19:05 - 00125477 _____ C:\Windows\system32\Gfxres.it-IT.resources
2015-08-25 21:07 - 2010-08-25 19:05 - 00123164 _____ C:\Windows\system32\Gfxres.ko-KR.resources
2015-08-25 21:07 - 2010-08-25 19:05 - 00122858 _____ C:\Windows\system32\Gfxres.es-ES.resources
2015-08-25 21:07 - 2010-08-25 19:05 - 00122638 _____ C:\Windows\system32\Gfxres.de-DE.resources
2015-08-25 21:07 - 2010-08-25 19:05 - 00122368 _____ (Intel Corporation) C:\Windows\system32\igfxcpl.cpl
2015-08-25 21:07 - 2010-08-25 19:05 - 00121121 _____ C:\Windows\system32\Gfxres.tr-TR.resources
2015-08-25 21:07 - 2010-08-25 19:05 - 00120695 _____ C:\Windows\system32\Gfxres.fr-FR.resources
2015-08-25 21:07 - 2010-08-25 19:05 - 00120287 _____ C:\Windows\system32\Gfxres.pt-BR.resources
2015-08-25 21:07 - 2010-08-25 19:05 - 00119533 _____ C:\Windows\system32\Gfxres.hu-HU.resources
2015-08-25 21:07 - 2010-08-25 19:05 - 00119513 _____ C:\Windows\system32\Gfxres.nl-NL.resources
2015-08-25 21:07 - 2010-08-25 19:05 - 00119286 _____ C:\Windows\system32\Gfxres.sv-SE.resources
2015-08-25 21:07 - 2010-08-25 19:05 - 00118997 _____ C:\Windows\system32\Gfxres.pt-PT.resources
2015-08-25 21:07 - 2010-08-25 19:05 - 00118684 _____ C:\Windows\system32\Gfxres.cs-CZ.resources
2015-08-25 21:07 - 2010-08-25 19:05 - 00118631 _____ C:\Windows\system32\Gfxres.fi-FI.resources
2015-08-25 21:07 - 2010-08-25 19:05 - 00118317 _____ C:\Windows\system32\Gfxres.pl-PL.resources
2015-08-25 21:07 - 2010-08-25 19:05 - 00117984 _____ C:\Windows\system32\Gfxres.sk-SK.resources
2015-08-25 21:07 - 2010-08-25 19:05 - 00114779 _____ C:\Windows\system32\Gfxres.nb-NO.resources
2015-08-25 21:07 - 2010-08-25 19:05 - 00114308 _____ C:\Windows\system32\Gfxres.sl-SI.resources
2015-08-25 21:07 - 2010-08-25 19:05 - 00114179 _____ C:\Windows\system32\Gfxres.da-DK.resources
2015-08-25 21:07 - 2010-08-25 19:05 - 00110156 _____ C:\Windows\system32\Gfxres.en-US.resources
2015-08-25 21:07 - 2010-08-25 19:05 - 00103997 _____ C:\Windows\system32\Gfxres.zh-TW.resources
2015-08-25 21:07 - 2010-08-25 19:05 - 00102843 _____ C:\Windows\system32\Gfxres.zh-CN.resources
2015-08-25 21:07 - 2010-08-25 19:05 - 00088576 _____ (Intel Corporation) C:\Windows\system32\igfxrfra.lrc
2015-08-25 21:07 - 2010-08-25 19:05 - 00088576 _____ (Intel Corporation) C:\Windows\system32\igfxresn.lrc
2015-08-25 21:07 - 2010-08-25 19:05 - 00088576 _____ (Intel Corporation) C:\Windows\system32\igfxrell.lrc
2015-08-25 21:07 - 2010-08-25 19:05 - 00088064 _____ (Intel Corporation) C:\Windows\system32\igfxrsky.lrc
2015-08-25 21:07 - 2010-08-25 19:05 - 00088064 _____ (Intel Corporation) C:\Windows\system32\igfxrrus.lrc
2015-08-25 21:07 - 2010-08-25 19:05 - 00088064 _____ (Intel Corporation) C:\Windows\system32\igfxrptg.lrc
2015-08-25 21:07 - 2010-08-25 19:05 - 00088064 _____ (Intel Corporation) C:\Windows\system32\igfxrplk.lrc
2015-08-25 21:07 - 2010-08-25 19:05 - 00088064 _____ (Intel Corporation) C:\Windows\system32\igfxrnld.lrc
2015-08-25 21:07 - 2010-08-25 19:05 - 00088064 _____ (Intel Corporation) C:\Windows\system32\igfxrita.lrc
2015-08-25 21:07 - 2010-08-25 19:05 - 00088064 _____ (Intel Corporation) C:\Windows\system32\igfxrdeu.lrc
2015-08-25 21:07 - 2010-08-25 19:05 - 00087552 _____ (Intel Corporation) C:\Windows\system32\igfxrtrk.lrc
2015-08-25 21:07 - 2010-08-25 19:05 - 00087552 _____ (Intel Corporation) C:\Windows\system32\igfxrsve.lrc
2015-08-25 21:07 - 2010-08-25 19:05 - 00087552 _____ (Intel Corporation) C:\Windows\system32\igfxrslv.lrc
2015-08-25 21:07 - 2010-08-25 19:05 - 00087552 _____ (Intel Corporation) C:\Windows\system32\igfxrptb.lrc
2015-08-25 21:07 - 2010-08-25 19:05 - 00087552 _____ (Intel Corporation) C:\Windows\system32\igfxrnor.lrc
2015-08-25 21:07 - 2010-08-25 19:05 - 00087552 _____ (Intel Corporation) C:\Windows\system32\igfxrhun.lrc
2015-08-25 21:07 - 2010-08-25 19:05 - 00087552 _____ (Intel Corporation) C:\Windows\system32\igfxrfin.lrc
2015-08-25 21:07 - 2010-08-25 19:05 - 00087552 _____ (Intel Corporation) C:\Windows\system32\igfxrcsy.lrc
2015-08-25 21:07 - 2010-08-25 19:05 - 00087040 _____ (Intel Corporation) C:\Windows\system32\igfxrtha.lrc
2015-08-25 21:07 - 2010-08-25 19:05 - 00087040 _____ (Intel Corporation) C:\Windows\system32\igfxrdan.lrc
2015-08-25 21:07 - 2010-08-25 19:05 - 00086528 _____ (Intel Corporation) C:\Windows\system32\igfxrheb.lrc
2015-08-25 21:07 - 2010-08-25 19:05 - 00086528 _____ (Intel Corporation) C:\Windows\system32\igfxrara.lrc
2015-08-25 21:07 - 2010-08-25 19:05 - 00084992 _____ (Intel Corporation) C:\Windows\system32\igfxrkor.lrc
2015-08-25 21:07 - 2010-08-25 19:05 - 00084992 _____ (Intel Corporation) C:\Windows\system32\igfxrjpn.lrc
2015-08-25 21:07 - 2010-08-25 19:05 - 00083968 _____ (Intel Corporation) C:\Windows\system32\igfxrcht.lrc
2015-08-25 21:07 - 2010-08-25 19:05 - 00083968 _____ (Intel Corporation) C:\Windows\system32\igfxrchs.lrc
2015-08-25 21:07 - 2010-08-25 19:04 - 00380416 _____ (Intel Corporation) C:\Windows\system32\igfxTMM.dll
2015-08-25 21:07 - 2010-08-25 19:04 - 00027648 _____ (Intel Corporation) C:\Windows\system32\igfxexps.dll
2015-08-25 21:07 - 2010-08-25 19:03 - 00271360 _____ (Intel Corporation) C:\Windows\system32\igfxdev.dll
2015-08-25 21:07 - 2010-08-25 19:03 - 00142336 _____ (Intel Corporation) C:\Windows\system32\igfxdo.dll
2015-08-25 21:07 - 2010-08-25 19:03 - 00119808 _____ (Intel Corporation) C:\Windows\system32\gfxSrvc.dll
2015-08-25 21:07 - 2010-08-25 19:03 - 00087552 _____ (Intel Corporation) C:\Windows\system32\igfxrenu.lrc
2015-08-25 21:07 - 2010-08-25 19:03 - 00004096 _____ ( ) C:\Windows\system32\IGFXDEVLib.dll
2015-08-25 21:07 - 2010-08-25 19:00 - 00023552 _____ (Intel Corporation) C:\Windows\SysWOW64\igfxexps32.dll
2015-08-25 21:07 - 2010-08-25 18:59 - 00228864 _____ (Intel Corporation) C:\Windows\SysWOW64\igfxdv32.dll
2015-08-25 21:05 - 2015-08-25 21:05 - 00000000 ____D C:\Program Files\ATI Technologies
2015-08-25 21:05 - 2015-08-25 21:05 - 00000000 ____D C:\Program Files\ATI
2015-08-25 19:05 - 2015-08-25 19:05 - 00417064 _____ () C:\Users\Faraz\Downloads\DellSystemDetectLauncher.exe
2015-08-25 18:38 - 2015-08-25 21:16 - 00001571 _____ C:\Users\Faraz\Downloads\DuOSSystemInfo.txt
2015-08-25 18:37 - 2015-08-25 18:37 - 00729552 _____ (American Megatrends Inc.) C:\Users\Faraz\Downloads\DuOSSystemInfo.exe
2015-08-25 18:33 - 2015-08-25 18:33 - 00015992 _____ C:\Windows\system32\ami_ipower.sys
2015-08-24 23:04 - 2015-08-24 23:04 - 00007334 _____ C:\Users\Faraz\Downloads\customers (1).csv
2015-08-24 22:54 - 2015-08-24 22:54 - 00007248 _____ C:\Users\Faraz\Downloads\customers.csv
2015-08-23 14:14 - 2015-08-23 14:14 - 00000000 ____D C:\Users\Faraz\AppData\Roaming\Microsoft\Windows\Start Menu\LeapingBrain
2015-08-23 14:14 - 2015-08-23 14:14 - 00000000 ____D C:\Users\Faraz\AppData\Roaming\LeapingBrain
2015-08-23 14:14 - 2015-08-23 14:14 - 00000000 ____D C:\Program Files (x86)\LeapingBrain
2015-08-23 14:13 - 2015-08-23 14:14 - 00000000 ____D C:\Users\Faraz\Downloads\stefangrossman_setup
2015-08-23 14:11 - 2015-08-23 14:12 - 08776196 _____ C:\Users\Faraz\Downloads\stefangrossman_setup.zip
2015-08-22 17:14 - 2015-08-22 17:15 - 35363937 _____ C:\Users\Faraz\Downloads\stefan_grossman.mov
2015-08-22 12:10 - 2015-08-22 14:27 - 00000155 _____ C:\Windows\system32\0
2015-08-20 16:34 - 2015-08-20 16:34 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-08-20 16:32 - 2015-08-20 16:33 - 24345872 _____ (Malwarebytes Corporation ) C:\Users\Faraz\Downloads\mbam-setup-2.1.8.1057.exe
2015-08-20 15:38 - 2015-08-20 15:39 - 04009167 _____ C:\Users\Faraz\Downloads\ServicesRepair.exe
2015-08-19 19:38 - 2015-08-11 06:50 - 25191936 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-08-19 19:38 - 2015-08-11 06:44 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-08-19 19:38 - 2015-08-11 06:03 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-08-19 19:38 - 2015-08-11 05:50 - 19871232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-08-19 14:24 - 2015-08-19 14:24 - 00000422 _____ C:\Users\Faraz\Downloads\mtdvanities.com.duck
2015-08-18 21:34 - 2015-08-18 21:34 - 00272440 _____ C:\Windows\Minidump\081815-14461-01.dmp
2015-08-18 16:58 - 2015-08-18 16:58 - 00000436 _____ C:\Users\Faraz\Downloads\store-gpb25.mybigcommerce.com (1).duck
2015-08-18 16:55 - 2015-08-18 16:55 - 00000436 _____ C:\Users\Faraz\Downloads\store-gpb25.mybigcommerce.com.duck
2015-08-17 18:07 - 2015-08-17 18:07 - 00007894 _____ C:\Users\Faraz\Downloads\Per.zip
2015-08-17 18:07 - 2015-08-17 18:07 - 00000000 ____D C:\Users\Faraz\Downloads\Per
2015-08-17 17:43 - 2015-08-17 17:43 - 00664576 _____ C:\Users\Faraz\Downloads\MicrosoftFixit50562.msi
2015-08-17 16:55 - 2015-08-17 16:55 - 00000000 ____D C:\Users\Faraz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-08-17 16:03 - 2015-08-17 16:03 - 10248952 _____ (Connectify) C:\Users\Faraz\Downloads\Connectify2015Installer.exe
2015-08-17 15:45 - 2015-08-17 15:45 - 00000000 _____ C:\Windows\system32\REN9FEA.tmp
2015-08-17 10:37 - 2015-08-18 21:34 - 00000000 ____D C:\Windows\Minidump
2015-08-17 10:37 - 2015-08-17 10:37 - 00272504 _____ C:\Windows\Minidump\081715-16520-01.dmp
2015-08-13 12:50 - 2015-08-13 12:50 - 00001257 _____ C:\Users\Faraz\Downloads\Product SKU (2).csv
2015-08-13 12:49 - 2015-08-13 12:49 - 00001257 _____ C:\Users\Faraz\Downloads\Product SKU (1).csv
2015-08-13 12:37 - 2015-08-13 12:37 - 00000489 _____ C:\Users\Faraz\Downloads\skus-2015-08-13.csv
2015-08-13 12:33 - 2015-08-13 12:33 - 00001269 _____ C:\Users\Faraz\Downloads\Product SKU.csv
2015-08-13 12:17 - 2015-08-13 12:17 - 00000000 ____D C:\Users\Faraz\Tracing
2015-08-13 12:13 - 2015-08-26 23:14 - 00000000 ____D C:\Users\Faraz\AppData\Roaming\Skype
2015-08-13 12:13 - 2015-08-13 12:13 - 00002697 _____ C:\Users\Public\Desktop\Skype.lnk
2015-08-13 12:13 - 2015-08-13 12:13 - 00000000 ___RD C:\Program Files (x86)\Skype
2015-08-13 12:13 - 2015-08-13 12:13 - 00000000 ____D C:\Users\Faraz\AppData\Local\Skype
2015-08-13 12:13 - 2015-08-13 12:13 - 00000000 ____D C:\ProgramData\Skype
2015-08-13 12:13 - 2015-08-13 12:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-08-13 12:10 - 2015-08-13 12:10 - 01385504 _____ (Skype Technologies S.A.) C:\Users\Faraz\Downloads\SkypeSetup.exe
2015-08-12 19:24 - 2015-07-30 18:43 - 00124624 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-08-12 19:24 - 2015-07-30 18:43 - 00103120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-08-12 13:19 - 2015-07-29 01:39 - 00017344 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2015-08-12 13:19 - 2015-07-29 01:35 - 01116672 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-08-12 13:19 - 2015-07-29 01:35 - 00774656 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-08-12 13:19 - 2015-07-29 01:35 - 00743424 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-08-12 13:19 - 2015-07-29 01:35 - 00437760 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-08-12 13:19 - 2015-07-29 01:35 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-08-12 13:19 - 2015-07-29 01:35 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-08-12 13:19 - 2015-07-29 01:25 - 01148416 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-08-12 13:19 - 2015-07-15 23:45 - 05568960 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-08-12 13:19 - 2015-07-15 23:45 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-08-12 13:19 - 2015-07-15 23:45 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-08-12 13:19 - 2015-07-15 23:45 - 00094656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2015-08-12 13:19 - 2015-07-15 23:42 - 01730496 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-08-12 13:19 - 2015-07-15 23:41 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-08-12 13:19 - 2015-07-15 23:41 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-08-12 13:19 - 2015-07-15 23:41 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-08-12 13:19 - 2015-07-15 23:41 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-08-12 13:19 - 2015-07-15 23:41 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-08-12 13:19 - 2015-07-15 23:40 - 01743360 _____ (Microsoft Corporation) C:\Windows\system32\sysmain.dll
2015-08-12 13:19 - 2015-07-15 23:40 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-08-12 13:19 - 2015-07-15 23:40 - 01216512 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-08-12 13:19 - 2015-07-15 23:40 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-08-12 13:19 - 2015-07-15 23:40 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-08-12 13:19 - 2015-07-15 23:40 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-08-12 13:19 - 2015-07-15 23:40 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-08-12 13:19 - 2015-07-15 23:40 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-08-12 13:19 - 2015-07-15 23:40 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-08-12 13:19 - 2015-07-15 23:40 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-08-12 13:19 - 2015-07-15 23:40 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-08-12 13:19 - 2015-07-15 23:40 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-08-12 13:19 - 2015-07-15 23:40 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-08-12 13:19 - 2015-07-15 23:40 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-08-12 13:19 - 2015-07-15 23:40 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-08-12 13:19 - 2015-07-15 23:40 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2015-08-12 13:19 - 2015-07-15 23:40 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-08-12 13:19 - 2015-07-15 23:40 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-08-12 13:19 - 2015-07-15 23:40 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-08-12 13:19 - 2015-07-15 23:40 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-08-12 13:19 - 2015-07-15 23:40 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-08-12 13:19 - 2015-07-15 23:40 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-08-12 13:19 - 2015-07-15 23:40 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2015-08-12 13:19 - 2015-07-15 23:39 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-08-12 13:19 - 2015-07-15 23:39 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-08-12 13:19 - 2015-07-15 23:35 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-08-12 13:19 - 2015-07-15 23:35 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-08-12 13:19 - 2015-07-15 23:30 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-08-12 13:19 - 2015-07-15 23:30 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-08-12 13:19 - 2015-07-15 23:30 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-08-12 13:19 - 2015-07-15 23:30 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-08-12 13:19 - 2015-07-15 23:30 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-08-12 13:19 - 2015-07-15 23:30 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-08-12 13:19 - 2015-07-15 23:30 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-08-12 13:19 - 2015-07-15 23:30 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-08-12 13:19 - 2015-07-15 23:30 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-08-12 13:19 - 2015-07-15 23:30 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-08-12 13:19 - 2015-07-15 23:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-08-12 13:19 - 2015-07-15 23:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-08-12 13:19 - 2015-07-15 23:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-08-12 13:19 - 2015-07-15 23:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-08-12 13:19 - 2015-07-15 23:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-08-12 13:19 - 2015-07-15 23:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-08-12 13:19 - 2015-07-15 23:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-08-12 13:19 - 2015-07-15 23:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-08-12 13:19 - 2015-07-15 23:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-08-12 13:19 - 2015-07-15 23:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-08-12 13:19 - 2015-07-15 23:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-08-12 13:19 - 2015-07-15 23:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-08-12 13:19 - 2015-07-15 23:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-08-12 13:19 - 2015-07-15 23:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-08-12 13:19 - 2015-07-15 23:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-08-12 13:19 - 2015-07-15 23:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-08-12 13:19 - 2015-07-15 23:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-08-12 13:19 - 2015-07-15 23:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-08-12 13:19 - 2015-07-15 23:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-08-12 13:19 - 2015-07-15 23:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-08-12 13:19 - 2015-07-15 23:29 - 03989952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-08-12 13:19 - 2015-07-15 23:29 - 03934656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-08-12 13:19 - 2015-07-15 23:26 - 01311768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-08-12 13:19 - 2015-07-15 23:25 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-08-12 13:19 - 2015-07-15 23:25 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-08-12 13:19 - 2015-07-15 23:25 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-08-12 13:19 - 2015-07-15 23:25 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-08-12 13:19 - 2015-07-15 23:25 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-08-12 13:19 - 2015-07-15 23:24 - 00552960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-08-12 13:19 - 2015-07-15 23:24 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-08-12 13:19 - 2015-07-15 23:24 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-08-12 13:19 - 2015-07-15 23:24 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2015-08-12 13:19 - 2015-07-15 23:24 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-08-12 13:19 - 2015-07-15 23:24 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-08-12 13:19 - 2015-07-15 23:24 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-08-12 13:19 - 2015-07-15 23:23 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-08-12 13:19 - 2015-07-15 23:23 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2015-08-12 13:19 - 2015-07-15 23:23 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-08-12 13:19 - 2015-07-15 23:23 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-08-12 13:19 - 2015-07-15 23:23 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-08-12 13:19 - 2015-07-15 23:23 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-08-12 13:19 - 2015-07-15 23:19 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-08-12 13:19 - 2015-07-15 23:18 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-08-12 13:19 - 2015-07-15 23:14 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-08-12 13:19 - 2015-07-15 23:14 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-08-12 13:19 - 2015-07-15 23:14 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-08-12 13:19 - 2015-07-15 23:14 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-08-12 13:19 - 2015-07-15 23:14 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-08-12 13:19 - 2015-07-15 23:14 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-08-12 13:19 - 2015-07-15 23:14 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-08-12 13:19 - 2015-07-15 23:14 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-08-12 13:19 - 2015-07-15 23:14 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-08-12 13:19 - 2015-07-15 23:14 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-08-12 13:19 - 2015-07-15 23:14 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-08-12 13:19 - 2015-07-15 23:14 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-08-12 13:19 - 2015-07-15 23:14 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-08-12 13:19 - 2015-07-15 23:14 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-08-12 13:19 - 2015-07-15 23:14 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-08-12 13:19 - 2015-07-15 23:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-08-12 13:19 - 2015-07-15 23:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-08-12 13:19 - 2015-07-15 23:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-08-12 13:19 - 2015-07-15 23:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-08-12 13:19 - 2015-07-15 23:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-08-12 13:19 - 2015-07-15 23:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-08-12 13:19 - 2015-07-15 23:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-08-12 13:19 - 2015-07-15 23:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-08-12 13:19 - 2015-07-15 23:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-08-12 13:19 - 2015-07-15 23:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-08-12 13:19 - 2015-07-15 23:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-08-12 13:19 - 2015-07-15 22:16 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-08-12 13:19 - 2015-07-15 22:16 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-08-12 13:19 - 2015-07-15 22:16 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-08-12 13:19 - 2015-07-15 22:07 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-08-12 13:19 - 2015-07-15 22:07 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-08-12 13:19 - 2015-07-15 22:04 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-08-12 13:19 - 2015-07-15 22:04 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-08-12 13:19 - 2015-07-15 22:04 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-08-12 13:19 - 2015-07-15 22:04 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-08-12 13:19 - 2015-07-10 23:21 - 14177280 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-08-12 13:19 - 2015-07-10 23:04 - 12875776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-08-12 13:18 - 2015-07-17 02:06 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-08-12 13:18 - 2015-07-17 02:05 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-08-12 13:18 - 2015-07-17 01:51 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-08-12 13:18 - 2015-07-17 01:20 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-08-12 13:18 - 2015-07-17 01:15 - 02279424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-08-12 13:18 - 2015-07-17 01:13 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-08-12 13:18 - 2015-07-17 00:49 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-08-12 13:18 - 2015-07-15 08:49 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\basesrv.dll
2015-08-12 13:18 - 2015-07-10 23:21 - 03722752 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2015-08-12 13:18 - 2015-07-10 23:21 - 00158720 _____ (Microsoft Corporation) C:\Windows\system32\aaclient.dll
2015-08-12 13:18 - 2015-07-10 23:21 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2015-08-12 13:18 - 2015-07-10 23:04 - 03221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2015-08-12 13:18 - 2015-07-10 23:04 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2015-08-12 13:18 - 2015-07-10 23:03 - 00131584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2015-08-12 13:17 - 2015-07-21 06:09 - 00389840 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-08-12 13:17 - 2015-07-21 05:42 - 00342736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-08-12 13:17 - 2015-07-17 02:24 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-08-12 13:17 - 2015-07-17 02:07 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-08-12 13:17 - 2015-07-17 02:06 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-08-12 13:17 - 2015-07-17 02:06 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-08-12 13:17 - 2015-07-17 02:05 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-08-12 13:17 - 2015-07-17 01:57 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-08-12 13:17 - 2015-07-17 01:56 - 05923328 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-08-12 13:17 - 2015-07-17 01:56 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-08-12 13:17 - 2015-07-17 01:53 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-08-12 13:17 - 2015-07-17 01:51 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-08-12 13:17 - 2015-07-17 01:51 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-08-12 13:17 - 2015-07-17 01:51 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-08-12 13:17 - 2015-07-17 01:42 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-08-12 13:17 - 2015-07-17 01:38 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-08-12 13:17 - 2015-07-17 01:30 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-08-12 13:17 - 2015-07-17 01:25 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-08-12 13:17 - 2015-07-17 01:24 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-08-12 13:17 - 2015-07-17 01:21 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-08-12 13:17 - 2015-07-17 01:21 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-08-12 13:17 - 2015-07-17 01:21 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-08-12 13:17 - 2015-07-17 01:20 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-08-12 13:17 - 2015-07-17 01:19 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-08-12 13:17 - 2015-07-17 01:13 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-08-12 13:17 - 2015-07-17 01:11 - 00479232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-08-12 13:17 - 2015-07-17 01:09 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-08-12 13:17 - 2015-07-17 01:09 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-08-12 13:17 - 2015-07-17 01:08 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-08-12 13:17 - 2015-07-17 01:06 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-08-12 13:17 - 2015-07-17 01:05 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-08-12 13:17 - 2015-07-17 01:04 - 14451200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-08-12 13:17 - 2015-07-17 01:03 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-08-12 13:17 - 2015-07-17 01:02 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-08-12 13:17 - 2015-07-17 00:59 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-08-12 13:17 - 2015-07-17 00:54 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-08-12 13:17 - 2015-07-17 00:50 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-08-12 13:17 - 2015-07-17 00:47 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-08-12 13:17 - 2015-07-17 00:42 - 04520448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-08-12 13:17 - 2015-07-17 00:42 - 02427904 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-08-12 13:17 - 2015-07-17 00:40 - 12856832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-08-12 13:17 - 2015-07-17 00:36 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-08-12 13:17 - 2015-07-17 00:36 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-08-12 13:17 - 2015-07-17 00:35 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-08-12 13:17 - 2015-07-17 00:31 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-08-12 13:17 - 2015-07-17 00:19 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-08-12 13:17 - 2015-07-17 00:12 - 01951232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-08-12 13:17 - 2015-07-17 00:08 - 01310720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-08-12 13:17 - 2015-07-17 00:07 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-08-12 13:15 - 2015-07-30 23:36 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2015-08-12 13:15 - 2015-07-30 23:36 - 01648128 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-08-12 13:15 - 2015-07-30 23:36 - 01180160 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-08-12 13:15 - 2015-07-30 23:36 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-08-12 13:15 - 2015-07-30 23:36 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-08-12 13:15 - 2015-07-30 23:36 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-08-12 13:15 - 2015-07-30 23:36 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-08-12 13:15 - 2015-07-30 23:27 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2015-08-12 13:15 - 2015-07-30 23:27 - 01251328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-08-12 13:15 - 2015-07-30 23:27 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2015-08-12 13:15 - 2015-07-30 23:27 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-08-12 13:15 - 2015-07-30 23:27 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2015-08-12 13:15 - 2015-07-30 23:25 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2015-08-12 13:15 - 2015-07-30 22:26 - 03208192 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-08-12 13:15 - 2015-07-30 22:22 - 00372736 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-08-12 13:15 - 2015-07-30 22:19 - 00299520 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-08-12 13:15 - 2015-07-20 23:42 - 03154944 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-08-12 13:15 - 2015-07-20 23:42 - 02606080 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-08-12 13:15 - 2015-07-20 23:42 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-08-12 13:15 - 2015-07-20 23:42 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-08-12 13:15 - 2015-07-20 23:42 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-08-12 13:15 - 2015-07-20 23:42 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-08-12 13:15 - 2015-07-20 23:42 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-08-12 13:15 - 2015-07-20 23:42 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-08-12 13:15 - 2015-07-20 23:42 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-08-12 13:15 - 2015-07-20 23:42 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-08-12 13:15 - 2015-07-20 23:42 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-08-12 13:15 - 2015-07-20 23:26 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-08-12 13:15 - 2015-07-20 23:26 - 00173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-08-12 13:15 - 2015-07-20 23:26 - 00093184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-08-12 13:15 - 2015-07-20 23:26 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-08-12 13:15 - 2015-07-20 23:26 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-08-12 13:15 - 2015-07-15 08:49 - 02004992 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2015-08-12 13:15 - 2015-07-15 08:49 - 01887232 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-08-12 13:15 - 2015-07-15 08:44 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2015-08-12 13:15 - 2015-07-15 08:43 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2015-08-12 13:15 - 2015-07-15 08:25 - 01390592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2015-08-12 13:15 - 2015-07-15 08:25 - 01241088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2015-08-12 13:15 - 2015-07-15 08:21 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
2015-08-12 13:15 - 2015-07-15 08:21 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2015-08-12 13:15 - 2015-07-09 23:27 - 00193536 _____ (Microsoft Corporation) C:\Windows\system32\notepad.exe
2015-08-12 13:15 - 2015-07-09 23:27 - 00193536 _____ (Microsoft Corporation) C:\Windows\notepad.exe
2015-08-12 13:15 - 2015-07-09 23:12 - 00179712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
2015-08-12 13:15 - 2015-07-02 02:19 - 00260096 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2015-08-12 13:15 - 2015-07-02 02:18 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2015-08-12 13:15 - 2015-07-02 02:00 - 00206848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2015-08-12 13:15 - 2015-07-02 02:00 - 00082432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
2015-08-12 13:14 - 2015-05-09 23:56 - 00493504 _____ (Microsoft Corporation) C:\Windows\system32\mcupdate_GenuineIntel.dll
2015-08-11 16:36 - 2015-08-11 16:36 - 00004544 _____ C:\Users\Faraz\Downloads\p5qzhgdwiyztrzkypgfhtc8i4qjkxnv8.zip
2015-08-11 16:36 - 2015-08-11 16:36 - 00000000 ____D C:\Users\Faraz\Downloads\p5qzhgdwiyztrzkypgfhtc8i4qjkxnv8
2015-08-11 16:06 - 2015-08-11 16:06 - 00004549 _____ C:\Users\Faraz\Downloads\ezaiphgksdg12wgvutrrvxear1k8alhy.zip
2015-08-11 16:06 - 2015-08-11 16:06 - 00000000 ____D C:\Users\Faraz\Downloads\ezaiphgksdg12wgvutrrvxear1k8alhy
2015-08-06 18:37 - 2015-08-06 18:37 - 00194885 _____ C:\Users\Faraz\Downloads\hjsplit.zip
2015-08-06 14:03 - 2015-08-06 14:03 - 00053946 _____ C:\Users\Faraz\Downloads\products-2015-08-05 (1).csv
2015-08-06 13:01 - 2015-08-06 13:03 - 00454057 _____ C:\Users\Faraz\Downloads\products-2015-08-05.csv
2015-08-06 12:58 - 2015-08-06 11:20 - 04795639 _____ C:\Users\Faraz\Downloads\attributes.csv
2015-08-06 12:46 - 2015-08-06 12:46 - 00000462 _____ C:\Users\Faraz\Downloads\www.govtechdepot.com.duck
2015-08-05 15:59 - 2015-08-05 15:59 - 00000446 _____ C:\Users\Faraz\Downloads\store-njwmv1.mybigcommerce.com.duck
2015-08-05 13:03 - 2015-08-05 13:03 - 00000441 _____ C:\Users\Faraz\Downloads\store-8jh2a5fg.mybigcommerce.com.duck
2015-08-04 19:01 - 2015-08-04 19:01 - 00000438 _____ C:\Users\Faraz\Downloads\www.savoywatches.com.duck
2015-08-04 14:32 - 2015-08-26 23:08 - 00000000 ____D C:\Windows\pss
2015-08-02 13:57 - 2015-08-02 13:57 - 00000098 _____ C:\Users\Faraz\Downloads\ohleech.com_AV-Qu33N-DR1P.rar
2015-08-02 13:45 - 2015-08-02 13:45 - 00000000 ____D C:\Users\Faraz\AppData\Local\CEF
2015-08-02 13:44 - 2015-08-03 11:16 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2015-08-02 13:43 - 2015-08-02 13:43 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2015-08-02 13:43 - 2015-08-02 13:43 - 00000000 ____D C:\Program Files (x86)\Adobe
2015-08-02 13:42 - 2015-08-02 13:45 - 00000000 ____D C:\ProgramData\Adobe
2015-08-02 13:39 - 2015-08-02 13:45 - 00000000 ____D C:\Users\Faraz\AppData\Local\Adobe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-08-26 23:15 - 2015-02-19 04:29 - 01583693 _____ C:\Windows\WindowsUpdate.log
2015-08-26 23:13 - 2015-02-19 21:52 - 00000000 ___RD C:\Users\Faraz\Dropbox
2015-08-26 23:13 - 2015-02-19 21:29 - 00000000 ____D C:\Users\Faraz\AppData\Roaming\Dropbox
2015-08-26 23:12 - 2015-02-19 04:41 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-08-26 23:11 - 2009-07-14 10:38 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-08-26 23:11 - 2009-07-14 10:21 - 00055425 _____ C:\Windows\setupact.log
2015-08-26 23:08 - 2015-07-06 12:25 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-08-26 23:08 - 2015-02-19 06:00 - 00000000 ____D C:\Users\Faraz\AppData\Roaming\DMCache
2015-08-26 22:58 - 2015-02-19 04:41 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-08-26 22:50 - 2015-06-16 16:39 - 00000918 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-4285837406-2611494833-1162170984-1000UA.job
2015-08-26 20:42 - 2009-07-14 10:15 - 00021648 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-08-26 20:42 - 2009-07-14 10:15 - 00021648 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-08-26 18:56 - 2015-02-19 04:40 - 00000000 ____D C:\Users\Faraz\AppData\Local\Deployment
2015-08-26 15:05 - 2009-07-14 10:43 - 00782470 _____ C:\Windows\system32\PerfStringBackup.INI
2015-08-26 14:51 - 2015-02-19 20:45 - 00000000 ____D C:\ProgramData\AVAST Software
2015-08-26 14:51 - 2010-11-21 09:17 - 00720238 _____ C:\Windows\PFRO.log
2015-08-26 13:56 - 2015-05-09 18:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit
2015-08-26 13:56 - 2015-05-09 18:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-08-26 13:56 - 2015-02-19 04:29 - 00000000 ____D C:\Users\Faraz
2015-08-26 13:55 - 2015-05-09 21:29 - 00000000 ____D C:\Program Files\Java
2015-08-26 12:50 - 2015-06-16 16:39 - 00000866 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-4285837406-2611494833-1162170984-1000Core.job
2015-08-26 12:37 - 2009-07-14 10:38 - 00032652 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-08-25 21:14 - 2015-02-19 05:48 - 00015774 _____ C:\Windows\system32\results.xml
2015-08-23 14:09 - 2015-03-05 13:48 - 00000000 ____D C:\Users\Faraz\AppData\Roaming\vlc
2015-08-23 11:45 - 2015-02-19 05:01 - 00000000 ____D C:\Users\Faraz\AppData\Roaming\uTorrent
2015-08-23 11:42 - 2015-04-13 23:59 - 00000000 ____D C:\Program Files\SecurityKISS Tunnel
2015-08-23 11:41 - 2015-02-19 11:35 - 00000000 ____D C:\ProgramData\DatacardService
2015-08-23 11:40 - 2015-06-03 15:07 - 00000000 ____D C:\Program Files (x86)\Citrix
2015-08-23 11:40 - 2015-06-03 14:19 - 00000000 ____D C:\Users\Faraz\Documents\Fiddler2
2015-08-23 11:40 - 2015-03-15 14:41 - 00000000 ____D C:\Program Files (x86)\Fiddler2
2015-08-23 11:32 - 2015-05-09 18:23 - 00000000 ____D C:\Users\Faraz\AppData\Local\Android
2015-08-23 11:31 - 2015-05-09 18:22 - 00000000 ____D C:\Program Files\Android
2015-08-23 11:13 - 2009-07-14 08:50 - 00000000 ____D C:\Windows\system32\NDF
2015-08-22 13:01 - 2015-02-19 04:52 - 00002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-08-18 23:10 - 2015-03-03 12:21 - 00775084 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2015-08-17 15:47 - 2015-05-09 21:30 - 00000000 ____D C:\ProgramData\Oracle
2015-08-17 15:41 - 2015-05-09 18:17 - 00000000 ____D C:\Program Files (x86)\Java
2015-08-14 13:07 - 2015-07-16 03:49 - 00000000 ____D C:\Windows\rescache
2015-08-13 11:37 - 2009-07-14 10:15 - 00281488 _____ C:\Windows\system32\FNTCACHE.DAT
2015-08-13 11:35 - 2015-02-21 17:31 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-08-13 11:35 - 2015-02-21 17:31 - 00000000 ____D C:\Windows\system32\appraiser
2015-08-12 19:18 - 2015-04-13 15:41 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-08-06 12:17 - 2015-03-03 14:13 - 00000000 __SHD C:\Users\Faraz\wc
2015-08-02 13:44 - 2015-02-22 01:43 - 00000000 ____D C:\Users\Faraz\AppData\Roaming\Adobe

==================== Files in the root of some directories =======

2015-03-03 11:33 - 2015-03-03 11:33 - 0000000 _____ () C:\Users\Faraz\AppData\Local\{9288891C-01E9-403D-A93B-12D4AA9F95CE}

Some files in TEMP:
====================
C:\Users\Faraz\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpg7kajn.dll
C:\Users\Faraz\AppData\Local\Temp\DseShExt-x64.dll
C:\Users\Faraz\AppData\Local\Temp\DseShExt-x86.dll
C:\Users\Faraz\AppData\Local\Temp\SDShelEx-win32.dll
C:\Users\Faraz\AppData\Local\Temp\SDShelEx-x64.dll
C:\Users\Faraz\AppData\Local\Temp\sqlite3.dll
C:\Users\Faraz\AppData\Local\Temp\vlc-2.2.1-win32.exe
C:\Users\Faraz\AppData\Local\Temp\{100F937D-BFF7-421B-BFD9-BF8F3841F7E1}-DropboxClient_3.8.5.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-08-22 13:39

==================== End of FRST.txt ============================
Attached Files
File Type: txt Addition_26-08-2015_23-17-21.txt (30.4 KB, 27 views)
MoinFaraz is offline  
Old 08-27-2015, 08:41 AM   #6
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again. MoinFaraz. Why did you uninstall avast!? Now, you have no antivirus installed.

------------------------------------------------------

Why are these services are still disabled?

Quote:
MSCONFIG\Services: avast! Antivirus => 2
MSCONFIG\Services: HWDeviceService64.exe => 2
MSCONFIG\Services: MBAMScheduler => 2
MSCONFIG\Services: MBAMService => 2
MSCONFIG\Services: Mobile Partner. RunOuc => 2
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: TuneUp.UtilitiesSvc => 2
MSCONFIG\Services: wifimansvc => 2
MSCONFIG\Services: YahooAUService => 3
Are you having trouble enabling them?

Enable them using msconfig again, and run FRST64.exe again and post/attach the logs as before.

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 08-28-2015, 03:49 AM   #7
Registered Member
 
Join Date: Aug 2015
Posts: 16
OS: Windows 7



Avast was disabled, and I saw a mention of windows defender, so thought there may be a conflict. went ahead and uninstalled that. I am reinstalling as requested.

I didn't manually or intentionally disable any service. An error pops up when I try and enable HWDeviceService64.exe 2015-08-28_1610 - FredDawsons's library

Same error popups up for wifimansvc. I don't see any reference of MBAMScheduler, MBAMService. I have uninstalled Mobile Partner, that's probably I don't have Mobile Partner. RunOuc in my list of services. Same goes for thunderbird, tuneup, yahoo.


Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:25-08-2015 02
Ran by Faraz (administrator) on FARAZ-PC (28-08-2015 16:16:35)
Running from C:\Users\Faraz\Downloads
Loaded Profiles: Faraz (Available Profiles: Faraz)
Platform: Windows 7 Home Basic Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Geeks to Go Forum

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Dell Inc.) C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE
(Dell Inc.) C:\Program Files\Dell\DW WLAN Card\BCMWLTRY.EXE
(Microsoft Corporation) C:\Windows\System32\alg.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\perfhost.exe
(Microsoft Corporation) C:\Windows\System32\Locator.exe
(Microsoft Corporation) C:\Windows\System32\UI0Detect.exe
(Connectify) C:\Program Files (x86)\Connectify\ConnectifyService.exe
(Connectify) C:\Program Files (x86)\Connectify\Connectifyd.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.1\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.1\GoogleCrashHandler64.exe
(Dell Inc.) C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IDMan.exe
(Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe
(TechSmith Corporation) C:\Program Files (x86)\TechSmith\Jing\Jing.exe
(Dropbox, Inc.) C:\Users\Faraz\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Broadcom Wireless Manager UI] => C:\Program Files\Dell\DW WLAN Card\WLTRAY.exe [5712896 2010-02-02] (Dell Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [597552 2015-08-04] (Oracle Corporation)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [6109776 2015-08-28] (AVAST Software)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-4285837406-2611494833-1162170984-1000\...\Run: [IDMan] => C:\Program Files (x86)\Internet Download Manager\IDMan.exe [3890768 2015-01-26] (Tonec Inc.)
HKU\S-1-5-21-4285837406-2611494833-1162170984-1000\...\Run: [Jing] => C:\Program Files (x86)\TechSmith\Jing\Jing.exe [2909640 2013-01-07] (TechSmith Corporation)
HKU\S-1-5-21-4285837406-2611494833-1162170984-1000\...\Run: [Dropbox Update] => C:\Users\Faraz\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-16] (Dropbox, Inc.)
Startup: C:\Users\Faraz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2015-08-26]
ShortcutTarget: Dropbox.lnk -> C:\Users\Faraz\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Faraz\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Faraz\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Faraz\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Faraz\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Faraz\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Faraz\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Faraz\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Faraz\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-08-28] (AVAST Software)
ShellIconOverlayIdentifiers: [IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll [2014-04-21] (Tonec Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Faraz\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Faraz\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Faraz\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Faraz\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Faraz\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Faraz\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Faraz\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Faraz\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-06] (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://in.yahoo.com/?fr=fp-spt_gen
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://in.yahoo.com/?fr=fp-spt_gen
HKU\S-1-5-21-4285837406-2611494833-1162170984-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://in.yahoo.com/?fr=fp-spt_gen
HKU\S-1-5-21-4285837406-2611494833-1162170984-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/en-in/?ocid=iehp
BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll [2015-01-26] (Internet Download Manager, Tonec Inc.)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_60\bin\ssv.dll [2015-08-26] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-08-28] (AVAST Software)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_60\bin\jp2ssv.dll [2015-08-26] (Oracle Corporation)
BHO-x32: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll [2015-01-26] (Internet Download Manager, Tonec Inc.)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\ssv.dll [2015-08-17] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-08-28] (AVAST Software)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\jp2ssv.dll [2015-08-17] (Oracle Corporation)
Tcpip\Parameters: [DhcpNameServer] 113.193.14.16 113.193.0.148
Tcpip\..\Interfaces\{1BF92EC9-E983-40F4-B355-894EEEFED04B}: [DhcpNameServer] 113.193.14.16 113.193.0.148
Tcpip\..\Interfaces\{4508BC6E-B16B-4ED0-BA83-6806ED4CA745}: [NameServer] 8.8.8.8,8.8.4.4

FireFox:
========
FF ProfilePath: C:\Users\Faraz\AppData\Roaming\Mozilla\Firefox\Profiles\wo1u0pdd.default
FF Plugin: @java.com/DTPlugin,version=11.60.2 -> C:\Program Files\Java\jre1.8.0_60\bin\dtplugin\npDeployJava1.dll [2015-08-26] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.60.2 -> C:\Program Files\Java\jre1.8.0_60\bin\plugin2\npjp2.dll [2015-08-26] (Oracle Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.51.2 -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\dtplugin\npDeployJava1.dll [2015-08-17] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.51.2 -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\plugin2\npjp2.dll [2015-08-17] (Oracle Corporation)
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll [2012-05-25] (Yahoo! Inc.)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-01-10] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-16] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-07-03] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-4285837406-2611494833-1162170984-1000: @citrixonline.com/appdetectorplugin -> C:\Users\Faraz\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2015-03-18] (Citrix Online)
FF Extension: Adblock Plus - C:\Users\Faraz\AppData\Roaming\Mozilla\Firefox\Profiles\wo1u0pdd.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-04-15]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-08-28]
FF HKU\S-1-5-21-4285837406-2611494833-1162170984-1000\...\Firefox\Extensions: [[email protected]] - C:\Users\Faraz\AppData\Roaming\IDM\idmmzcc5
FF Extension: IDM CC - C:\Users\Faraz\AppData\Roaming\IDM\idmmzcc5 [2015-02-19]
FF HKU\S-1-5-21-4285837406-2611494833-1162170984-1000\...\SeaMonkey\Extensions: [[email protected]] - C:\Users\Faraz\AppData\Roaming\IDM\idmmzcc5
FF Extension: No Name - C:\Program Files (x86)\Fiddler2\FiddlerHook [not found]

Chrome:
=======
CHR Profile: C:\Users\Faraz\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Faraz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-03-01]
CHR Extension: (Google Docs) - C:\Users\Faraz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-03-01]
CHR Extension: (Google Drive) - C:\Users\Faraz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-03-01]
CHR Extension: (YouTube) - C:\Users\Faraz\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-03-01]
CHR Extension: (Google Search) - C:\Users\Faraz\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-03-01]
CHR Extension: (Google Sheets) - C:\Users\Faraz\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-03-01]
CHR Extension: (AdBlock) - C:\Users\Faraz\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-03-04]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\Faraz\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2015-03-01]
CHR Extension: (IDM Integration Module) - C:\Users\Faraz\AppData\Local\Google\Chrome\User Data\Default\Extensions\jeaohhlajejodfjadcponpnjgkiikocn [2015-03-01]
CHR Extension: (Hangouts) - C:\Users\Faraz\AppData\Local\Google\Chrome\User Data\Default\Extensions\knipolnnllmklapflnccelgolnpehhpl [2015-03-10]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Faraz\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-05]
CHR Extension: (Google Dictionary (by Google)) - C:\Users\Faraz\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgijmajocgfcbeboacabfgobmjgjcoja [2015-03-15]
CHR Extension: (Google Wallet) - C:\Users\Faraz\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-03-07]
CHR Extension: (Hover Zoom) - C:\Users\Faraz\AppData\Local\Google\Chrome\User Data\Default\Extensions\nonjdcjchghhkdoolnlbekcfllmednbl [2015-03-25]
CHR Extension: (Gmail) - C:\Users\Faraz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-01]
CHR Profile: C:\Users\Faraz\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (Google Drive) - C:\Users\Faraz\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-03-01]
CHR Extension: (YouTube) - C:\Users\Faraz\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-03-01]
CHR Extension: (Google Search) - C:\Users\Faraz\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-03-01]
CHR Extension: (Full Page Screen Capture) - C:\Users\Faraz\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\fdpohaocaechififmbbbbbknoalclacl [2015-04-08]
CHR Extension: (AdBlock) - C:\Users\Faraz\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-04-08]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\Faraz\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2015-04-08]
CHR Extension: (IDM Integration Module) - C:\Users\Faraz\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\jeaohhlajejodfjadcponpnjgkiikocn [2015-03-01]
CHR Extension: (Evernote Web) - C:\Users\Faraz\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lbfehkoinhhcknnbdgnnmjhiladcgbol [2015-04-08]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Faraz\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-04-08]
CHR Extension: (Google Dictionary (by Google)) - C:\Users\Faraz\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\mgijmajocgfcbeboacabfgobmjgjcoja [2015-04-08]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Faraz\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-04-08]
CHR Extension: (Hover Zoom) - C:\Users\Faraz\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nonjdcjchghhkdoolnlbekcfllmednbl [2015-04-08]
CHR Extension: (Gmail) - C:\Users\Faraz\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-01]
CHR HKLM\...\Chrome\Extension: [jeaohhlajejodfjadcponpnjgkiikocn] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2015-01-26]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-08-28]
CHR HKLM-x32\...\Chrome\Extension: [jeaohhlajejodfjadcponpnjgkiikocn] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2015-01-26]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [146600 2015-08-28] (AVAST Software)
R2 Connectify; C:\Program Files (x86)\Connectify\ConnectifyService.exe [487936 2014-03-05] (Connectify) [File not signed]
S3 wampapache64; c:\wamp\bin\apache\apache2.4.9\bin\httpd.exe [24576 2014-05-01] (Apache Software Foundation) [File not signed]
S3 wampmysqld64; c:\wamp\bin\mysql\mysql5.6.17\bin\mysqld.exe [12942848 2014-05-01] () [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 wltrysvc; C:\Program Files\Dell\DW WLAN Card\bcmwltry.exe [5088256 2010-02-02] (Dell Inc.) [File not signed]
S2 HWDeviceService64.exe; "C:\ProgramData\DatacardService\HWDeviceService64.exe" -/service [X]
S2 wifimansvc; C:\Program Files (x86)\Mobile Partner\eap\wifimansvc.exe [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [28656 2015-08-28] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [90968 2015-08-28] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-08-28] (AVAST Software)
S0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65224 2015-08-28] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1048344 2015-08-28] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [447944 2015-08-28] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [150672 2015-08-28] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [274808 2015-08-28] (AVAST Software)
R1 cnnctfy3; C:\Windows\System32\DRIVERS\cnnctfy3.sys [35352 2015-08-26] (Connectify)
R2 PHYMEM; C:\Windows\system32\ami_ipower.sys [15992 2015-08-25] ()
S3 ewusbmbb; system32\DRIVERS\ewusbwwan.sys [X]
S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [X]
S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-08-28 16:12 - 2015-08-28 16:12 - 00000000 ____D C:\Users\Faraz\AppData\Roaming\AVAST Software
2015-08-28 16:11 - 2015-08-28 16:11 - 01048344 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2015-08-28 16:11 - 2015-08-28 16:11 - 00003924 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2015-08-28 16:11 - 2015-08-28 16:11 - 00001922 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2015-08-28 16:11 - 2015-08-28 16:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2015-08-28 16:11 - 2015-08-28 16:10 - 01048856 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys.1440758486208
2015-08-28 16:11 - 2015-08-28 16:10 - 00447944 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2015-08-28 16:11 - 2015-08-28 16:10 - 00274808 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2015-08-28 16:11 - 2015-08-28 16:10 - 00150672 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2015-08-28 16:11 - 2015-08-28 16:10 - 00093528 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2015-08-28 16:11 - 2015-08-28 16:10 - 00090968 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2015-08-28 16:11 - 2015-08-28 16:10 - 00065224 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2015-08-28 16:11 - 2015-08-28 16:10 - 00028656 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2015-08-28 16:10 - 2015-08-28 16:10 - 00378880 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2015-08-28 16:10 - 2015-08-28 16:10 - 00043112 _____ (AVAST Software) C:\Windows\avastSS.scr
2015-08-28 16:05 - 2015-08-28 16:05 - 00000000 ____D C:\Program Files\AVAST Software
2015-08-27 12:27 - 2015-08-27 12:27 - 00000000 ____D C:\Users\Faraz\Downloads\wordpress-4.3
2015-08-27 12:17 - 2015-08-27 12:18 - 07088086 _____ C:\Users\Faraz\Downloads\wordpress-4.3.zip
2015-08-27 12:13 - 2015-08-27 12:14 - 06520208 _____ (Tim Kosse) C:\Users\Faraz\Downloads\FileZilla_3.13.1_win64-setup.exe
2015-08-26 23:28 - 2015-08-26 23:28 - 00000000 ____D C:\ProgramData\Connectify
2015-08-26 20:31 - 2015-08-26 20:31 - 00000358 _____ C:\Users\Public\Desktop\Connectify Hotspot.lnk
2015-08-26 20:31 - 2015-08-26 20:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Connectify
2015-08-26 20:29 - 2015-08-26 20:29 - 00035352 _____ (Connectify) C:\Windows\system32\Drivers\cnnctfy3.sys
2015-08-26 14:59 - 2015-08-26 14:59 - 00000000 ____D C:\Users\Faraz\AppData\Local\CrashDumps
2015-08-26 14:49 - 2015-08-26 20:31 - 00000374 _____ C:\Users\Public\Desktop\Connectify Dispatch.lnk
2015-08-26 14:47 - 2015-08-26 23:28 - 00000000 ____D C:\Program Files (x86)\Connectify
2015-08-26 14:45 - 2015-08-26 14:45 - 00000000 ____D C:\Users\Faraz\Downloads\sHaRewbb_ctify733
2015-08-26 14:44 - 2015-08-26 14:45 - 09575403 _____ C:\Users\Faraz\Downloads\sHaRewbb_ctify733.rar
2015-08-26 14:09 - 2015-08-26 18:51 - 00000000 ____D C:\Program Files (x86)\PdaNet for Android
2015-08-26 14:09 - 2011-11-25 01:25 - 00015360 _____ (June Fabrics Technology Inc.) C:\Windows\system32\Drivers\pneteth.sys
2015-08-26 14:08 - 2015-08-26 14:08 - 03214808 _____ (June Fabrics Technology Inc. ) C:\Users\Faraz\Downloads\PdaNetA4181.exe
2015-08-26 13:58 - 2015-08-26 13:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Android SDK Tools
2015-08-26 13:57 - 2015-08-26 13:57 - 00000000 ____D C:\Program Files (x86)\Android
2015-08-26 13:56 - 2015-08-26 13:57 - 00000000 ____D C:\Users\Faraz\.oracle_jre_usage
2015-08-26 13:56 - 2015-08-26 13:56 - 00000000 ____D C:\Users\Faraz\AppData\Roaming\Sun
2015-08-26 13:56 - 2015-08-26 13:55 - 00110688 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2015-08-26 13:22 - 2015-08-26 13:34 - 195200088 _____ (Oracle Corporation) C:\Users\Faraz\Downloads\jdk-8u60-windows-x64.exe
2015-08-26 13:13 - 2015-08-26 13:13 - 00000000 ____D C:\adhoctablets
2015-08-26 13:12 - 2015-08-26 13:12 - 00737451 _____ C:\Users\Faraz\Downloads\adhoctablets.zip
2015-08-26 13:01 - 2015-08-26 23:17 - 00031110 _____ C:\Users\Faraz\Downloads\Addition.txt
2015-08-26 13:00 - 2015-08-28 16:17 - 00021272 _____ C:\Users\Faraz\Downloads\FRST.txt
2015-08-26 12:59 - 2015-08-28 16:16 - 00000000 ____D C:\FRST
2015-08-26 12:59 - 2015-08-26 12:59 - 02186752 _____ (Farbar) C:\Users\Faraz\Downloads\FRST64.exe
2015-08-26 12:51 - 2015-08-28 13:56 - 00000374 _____ C:\Windows\system32\Drivers\etc\hosts.ics
2015-08-26 12:43 - 2015-08-26 12:44 - 00000000 ____D C:\AdwCleaner
2015-08-26 12:42 - 2015-08-26 12:42 - 01605632 _____ C:\Users\Faraz\Downloads\AdwCleaner.exe
2015-08-25 21:19 - 2015-08-25 21:19 - 00004170 _____ C:\Windows\DPINST.LOG
2015-08-25 21:07 - 2015-08-25 21:07 - 00000000 ____D C:\Intel
2015-08-25 21:07 - 2010-09-07 19:59 - 03156504 _____ (Intel Corporation) C:\Windows\system32\GfxUI.exe
2015-08-25 21:07 - 2010-09-07 19:59 - 00508952 _____ (Intel Corporation) C:\Windows\system32\igfxsrvc.exe
2015-08-25 21:07 - 2010-09-07 19:59 - 00415256 _____ (Intel Corporation) C:\Windows\system32\igfxpers.exe
2015-08-25 21:07 - 2010-09-07 19:59 - 00386584 _____ (Intel Corporation) C:\Windows\system32\hkcmd.exe
2015-08-25 21:07 - 2010-09-07 19:59 - 00223768 _____ (Intel Corporation) C:\Windows\system32\igfxext.exe
2015-08-25 21:07 - 2010-09-07 19:59 - 00161304 _____ (Intel Corporation) C:\Windows\system32\igfxtray.exe
2015-08-25 21:07 - 2010-09-07 19:59 - 00152600 _____ C:\Windows\system32\difx64.exe
2015-08-25 21:07 - 2010-08-30 11:17 - 00289280 _____ (Intel(R) Corporation) C:\Windows\system32\Drivers\IntcDAud.sys
2015-08-25 21:07 - 2010-08-30 11:17 - 00014848 _____ (Intel(R) Corporation) C:\Windows\system32\IntcDAuC.dll
2015-08-25 21:07 - 2010-08-25 19:58 - 00005396 _____ C:\Windows\system32\iglhxs64.vp
2015-08-25 21:07 - 2010-08-25 19:40 - 00090112 _____ (Intel Corporation) C:\Windows\system32\igfxCoIn_v2202.dll
2015-08-25 21:07 - 2010-08-25 19:36 - 10611552 _____ (Intel Corporation) C:\Windows\system32\Drivers\igdkmd64.sys
2015-08-25 21:07 - 2010-08-25 19:36 - 06547968 _____ (Intel Corporation) C:\Windows\system32\igdumd64.dll
2015-08-25 21:07 - 2010-08-25 19:34 - 00127868 _____ C:\Windows\SysWOW64\igcompkrng575.bin
2015-08-25 21:07 - 2010-08-25 19:34 - 00127868 _____ C:\Windows\system32\igcompkrng575.bin
2015-08-25 21:07 - 2010-08-25 19:34 - 00104796 _____ C:\Windows\SysWOW64\igfcg575m.bin
2015-08-25 21:07 - 2010-08-25 19:34 - 00104796 _____ C:\Windows\system32\igfcg575m.bin
2015-08-25 21:07 - 2010-08-25 19:23 - 04411904 _____ (Intel Corporation) C:\Windows\SysWOW64\igd10umd32.dll
2015-08-25 21:07 - 2010-08-25 19:17 - 15032832 _____ (Intel Corporation) C:\Windows\system32\ig4icd64.dll
2015-08-25 21:07 - 2010-08-25 19:09 - 11040256 _____ (Intel Corporation) C:\Windows\SysWOW64\ig4icd32.dll
2015-08-25 21:07 - 2010-08-25 19:05 - 00189408 _____ C:\Windows\system32\Gfxres.th-TH.resources
2015-08-25 21:07 - 2010-08-25 19:05 - 00178288 _____ C:\Windows\system32\Gfxres.el-GR.resources
2015-08-25 21:07 - 2010-08-25 19:05 - 00165251 _____ C:\Windows\system32\Gfxres.ru-RU.resources
2015-08-25 21:07 - 2010-08-25 19:05 - 00139830 _____ C:\Windows\system32\Gfxres.ar-SA.resources
2015-08-25 21:07 - 2010-08-25 19:05 - 00136327 _____ C:\Windows\system32\Gfxres.ja-JP.resources
2015-08-25 21:07 - 2010-08-25 19:05 - 00133680 _____ C:\Windows\system32\Gfxres.he-IL.resources
2015-08-25 21:07 - 2010-08-25 19:05 - 00125477 _____ C:\Windows\system32\Gfxres.it-IT.resources
2015-08-25 21:07 - 2010-08-25 19:05 - 00123164 _____ C:\Windows\system32\Gfxres.ko-KR.resources
2015-08-25 21:07 - 2010-08-25 19:05 - 00122858 _____ C:\Windows\system32\Gfxres.es-ES.resources
2015-08-25 21:07 - 2010-08-25 19:05 - 00122638 _____ C:\Windows\system32\Gfxres.de-DE.resources
2015-08-25 21:07 - 2010-08-25 19:05 - 00122368 _____ (Intel Corporation) C:\Windows\system32\igfxcpl.cpl
2015-08-25 21:07 - 2010-08-25 19:05 - 00121121 _____ C:\Windows\system32\Gfxres.tr-TR.resources
2015-08-25 21:07 - 2010-08-25 19:05 - 00120695 _____ C:\Windows\system32\Gfxres.fr-FR.resources
2015-08-25 21:07 - 2010-08-25 19:05 - 00120287 _____ C:\Windows\system32\Gfxres.pt-BR.resources
2015-08-25 21:07 - 2010-08-25 19:05 - 00119533 _____ C:\Windows\system32\Gfxres.hu-HU.resources
2015-08-25 21:07 - 2010-08-25 19:05 - 00119513 _____ C:\Windows\system32\Gfxres.nl-NL.resources
2015-08-25 21:07 - 2010-08-25 19:05 - 00119286 _____ C:\Windows\system32\Gfxres.sv-SE.resources
2015-08-25 21:07 - 2010-08-25 19:05 - 00118997 _____ C:\Windows\system32\Gfxres.pt-PT.resources
2015-08-25 21:07 - 2010-08-25 19:05 - 00118684 _____ C:\Windows\system32\Gfxres.cs-CZ.resources
2015-08-25 21:07 - 2010-08-25 19:05 - 00118631 _____ C:\Windows\system32\Gfxres.fi-FI.resources
2015-08-25 21:07 - 2010-08-25 19:05 - 00118317 _____ C:\Windows\system32\Gfxres.pl-PL.resources
2015-08-25 21:07 - 2010-08-25 19:05 - 00117984 _____ C:\Windows\system32\Gfxres.sk-SK.resources
2015-08-25 21:07 - 2010-08-25 19:05 - 00114779 _____ C:\Windows\system32\Gfxres.nb-NO.resources
2015-08-25 21:07 - 2010-08-25 19:05 - 00114308 _____ C:\Windows\system32\Gfxres.sl-SI.resources
2015-08-25 21:07 - 2010-08-25 19:05 - 00114179 _____ C:\Windows\system32\Gfxres.da-DK.resources
2015-08-25 21:07 - 2010-08-25 19:05 - 00110156 _____ C:\Windows\system32\Gfxres.en-US.resources
2015-08-25 21:07 - 2010-08-25 19:05 - 00103997 _____ C:\Windows\system32\Gfxres.zh-TW.resources
2015-08-25 21:07 - 2010-08-25 19:05 - 00102843 _____ C:\Windows\system32\Gfxres.zh-CN.resources
2015-08-25 21:07 - 2010-08-25 19:05 - 00088576 _____ (Intel Corporation) C:\Windows\system32\igfxrfra.lrc
2015-08-25 21:07 - 2010-08-25 19:05 - 00088576 _____ (Intel Corporation) C:\Windows\system32\igfxresn.lrc
2015-08-25 21:07 - 2010-08-25 19:05 - 00088576 _____ (Intel Corporation) C:\Windows\system32\igfxrell.lrc
2015-08-25 21:07 - 2010-08-25 19:05 - 00088064 _____ (Intel Corporation) C:\Windows\system32\igfxrsky.lrc
2015-08-25 21:07 - 2010-08-25 19:05 - 00088064 _____ (Intel Corporation) C:\Windows\system32\igfxrrus.lrc
2015-08-25 21:07 - 2010-08-25 19:05 - 00088064 _____ (Intel Corporation) C:\Windows\system32\igfxrptg.lrc
2015-08-25 21:07 - 2010-08-25 19:05 - 00088064 _____ (Intel Corporation) C:\Windows\system32\igfxrplk.lrc
2015-08-25 21:07 - 2010-08-25 19:05 - 00088064 _____ (Intel Corporation) C:\Windows\system32\igfxrnld.lrc
2015-08-25 21:07 - 2010-08-25 19:05 - 00088064 _____ (Intel Corporation) C:\Windows\system32\igfxrita.lrc
2015-08-25 21:07 - 2010-08-25 19:05 - 00088064 _____ (Intel Corporation) C:\Windows\system32\igfxrdeu.lrc
2015-08-25 21:07 - 2010-08-25 19:05 - 00087552 _____ (Intel Corporation) C:\Windows\system32\igfxrtrk.lrc
2015-08-25 21:07 - 2010-08-25 19:05 - 00087552 _____ (Intel Corporation) C:\Windows\system32\igfxrsve.lrc
2015-08-25 21:07 - 2010-08-25 19:05 - 00087552 _____ (Intel Corporation) C:\Windows\system32\igfxrslv.lrc
2015-08-25 21:07 - 2010-08-25 19:05 - 00087552 _____ (Intel Corporation) C:\Windows\system32\igfxrptb.lrc
2015-08-25 21:07 - 2010-08-25 19:05 - 00087552 _____ (Intel Corporation) C:\Windows\system32\igfxrnor.lrc
2015-08-25 21:07 - 2010-08-25 19:05 - 00087552 _____ (Intel Corporation) C:\Windows\system32\igfxrhun.lrc
2015-08-25 21:07 - 2010-08-25 19:05 - 00087552 _____ (Intel Corporation) C:\Windows\system32\igfxrfin.lrc
2015-08-25 21:07 - 2010-08-25 19:05 - 00087552 _____ (Intel Corporation) C:\Windows\system32\igfxrcsy.lrc
2015-08-25 21:07 - 2010-08-25 19:05 - 00087040 _____ (Intel Corporation) C:\Windows\system32\igfxrtha.lrc
2015-08-25 21:07 - 2010-08-25 19:05 - 00087040 _____ (Intel Corporation) C:\Windows\system32\igfxrdan.lrc
2015-08-25 21:07 - 2010-08-25 19:05 - 00086528 _____ (Intel Corporation) C:\Windows\system32\igfxrheb.lrc
2015-08-25 21:07 - 2010-08-25 19:05 - 00086528 _____ (Intel Corporation) C:\Windows\system32\igfxrara.lrc
2015-08-25 21:07 - 2010-08-25 19:05 - 00084992 _____ (Intel Corporation) C:\Windows\system32\igfxrkor.lrc
2015-08-25 21:07 - 2010-08-25 19:05 - 00084992 _____ (Intel Corporation) C:\Windows\system32\igfxrjpn.lrc
2015-08-25 21:07 - 2010-08-25 19:05 - 00083968 _____ (Intel Corporation) C:\Windows\system32\igfxrcht.lrc
2015-08-25 21:07 - 2010-08-25 19:05 - 00083968 _____ (Intel Corporation) C:\Windows\system32\igfxrchs.lrc
2015-08-25 21:07 - 2010-08-25 19:04 - 00380416 _____ (Intel Corporation) C:\Windows\system32\igfxTMM.dll
2015-08-25 21:07 - 2010-08-25 19:04 - 00027648 _____ (Intel Corporation) C:\Windows\system32\igfxexps.dll
2015-08-25 21:07 - 2010-08-25 19:03 - 00271360 _____ (Intel Corporation) C:\Windows\system32\igfxdev.dll
2015-08-25 21:07 - 2010-08-25 19:03 - 00142336 _____ (Intel Corporation) C:\Windows\system32\igfxdo.dll
2015-08-25 21:07 - 2010-08-25 19:03 - 00119808 _____ (Intel Corporation) C:\Windows\system32\gfxSrvc.dll
2015-08-25 21:07 - 2010-08-25 19:03 - 00087552 _____ (Intel Corporation) C:\Windows\system32\igfxrenu.lrc
2015-08-25 21:07 - 2010-08-25 19:03 - 00004096 _____ ( ) C:\Windows\system32\IGFXDEVLib.dll
2015-08-25 21:07 - 2010-08-25 19:00 - 00023552 _____ (Intel Corporation) C:\Windows\SysWOW64\igfxexps32.dll
2015-08-25 21:07 - 2010-08-25 18:59 - 00228864 _____ (Intel Corporation) C:\Windows\SysWOW64\igfxdv32.dll
2015-08-25 21:05 - 2015-08-25 21:05 - 00000000 ____D C:\Program Files\ATI Technologies
2015-08-25 21:05 - 2015-08-25 21:05 - 00000000 ____D C:\Program Files\ATI
2015-08-25 19:05 - 2015-08-25 19:05 - 00417064 _____ () C:\Users\Faraz\Downloads\DellSystemDetectLauncher.exe
2015-08-25 18:38 - 2015-08-25 21:16 - 00001571 _____ C:\Users\Faraz\Downloads\DuOSSystemInfo.txt
2015-08-25 18:37 - 2015-08-25 18:37 - 00729552 _____ (American Megatrends Inc.) C:\Users\Faraz\Downloads\DuOSSystemInfo.exe
2015-08-25 18:33 - 2015-08-25 18:33 - 00015992 _____ C:\Windows\system32\ami_ipower.sys
2015-08-24 23:04 - 2015-08-24 23:04 - 00007334 _____ C:\Users\Faraz\Downloads\customers (1).csv
2015-08-24 22:54 - 2015-08-24 22:54 - 00007248 _____ C:\Users\Faraz\Downloads\customers.csv
2015-08-23 14:14 - 2015-08-23 14:14 - 00000000 ____D C:\Users\Faraz\AppData\Roaming\Microsoft\Windows\Start Menu\LeapingBrain
2015-08-23 14:14 - 2015-08-23 14:14 - 00000000 ____D C:\Users\Faraz\AppData\Roaming\LeapingBrain
2015-08-23 14:14 - 2015-08-23 14:14 - 00000000 ____D C:\Program Files (x86)\LeapingBrain
2015-08-23 14:13 - 2015-08-23 14:14 - 00000000 ____D C:\Users\Faraz\Downloads\stefangrossman_setup
2015-08-23 14:11 - 2015-08-23 14:12 - 08776196 _____ C:\Users\Faraz\Downloads\stefangrossman_setup.zip
2015-08-22 17:14 - 2015-08-22 17:15 - 35363937 _____ C:\Users\Faraz\Downloads\stefan_grossman.mov
2015-08-22 12:10 - 2015-08-22 14:27 - 00000155 _____ C:\Windows\system32\0
2015-08-20 16:34 - 2015-08-20 16:34 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-08-20 16:32 - 2015-08-20 16:33 - 24345872 _____ (Malwarebytes Corporation ) C:\Users\Faraz\Downloads\mbam-setup-2.1.8.1057.exe
2015-08-20 15:38 - 2015-08-20 15:39 - 04009167 _____ C:\Users\Faraz\Downloads\ServicesRepair.exe
2015-08-19 19:38 - 2015-08-11 06:50 - 25191936 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-08-19 19:38 - 2015-08-11 06:44 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-08-19 19:38 - 2015-08-11 06:03 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-08-19 19:38 - 2015-08-11 05:50 - 19871232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-08-19 14:24 - 2015-08-19 14:24 - 00000422 _____ C:\Users\Faraz\Downloads\mtdvanities.com.duck
2015-08-18 21:34 - 2015-08-18 21:34 - 00272440 _____ C:\Windows\Minidump\081815-14461-01.dmp
2015-08-18 16:58 - 2015-08-18 16:58 - 00000436 _____ C:\Users\Faraz\Downloads\store-gpb25.mybigcommerce.com (1).duck
2015-08-18 16:55 - 2015-08-18 16:55 - 00000436 _____ C:\Users\Faraz\Downloads\store-gpb25.mybigcommerce.com.duck
2015-08-17 18:07 - 2015-08-17 18:07 - 00007894 _____ C:\Users\Faraz\Downloads\Per.zip
2015-08-17 18:07 - 2015-08-17 18:07 - 00000000 ____D C:\Users\Faraz\Downloads\Per
2015-08-17 17:43 - 2015-08-17 17:43 - 00664576 _____ C:\Users\Faraz\Downloads\MicrosoftFixit50562.msi
2015-08-17 16:55 - 2015-08-17 16:55 - 00000000 ____D C:\Users\Faraz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-08-17 16:03 - 2015-08-17 16:03 - 10248952 _____ (Connectify) C:\Users\Faraz\Downloads\Connectify2015Installer.exe
2015-08-17 15:45 - 2015-08-17 15:45 - 00000000 _____ C:\Windows\system32\REN9FEA.tmp
2015-08-17 10:37 - 2015-08-18 21:34 - 00000000 ____D C:\Windows\Minidump
2015-08-17 10:37 - 2015-08-17 10:37 - 00272504 _____ C:\Windows\Minidump\081715-16520-01.dmp
2015-08-13 12:50 - 2015-08-13 12:50 - 00001257 _____ C:\Users\Faraz\Downloads\Product SKU (2).csv
2015-08-13 12:49 - 2015-08-13 12:49 - 00001257 _____ C:\Users\Faraz\Downloads\Product SKU (1).csv
2015-08-13 12:37 - 2015-08-13 12:37 - 00000489 _____ C:\Users\Faraz\Downloads\skus-2015-08-13.csv
2015-08-13 12:33 - 2015-08-13 12:33 - 00001269 _____ C:\Users\Faraz\Downloads\Product SKU.csv
2015-08-13 12:17 - 2015-08-13 12:17 - 00000000 ____D C:\Users\Faraz\Tracing
2015-08-13 12:13 - 2015-08-27 12:26 - 00000000 ____D C:\Users\Faraz\AppData\Roaming\Skype
2015-08-13 12:13 - 2015-08-13 12:13 - 00002697 _____ C:\Users\Public\Desktop\Skype.lnk
2015-08-13 12:13 - 2015-08-13 12:13 - 00000000 ___RD C:\Program Files (x86)\Skype
2015-08-13 12:13 - 2015-08-13 12:13 - 00000000 ____D C:\Users\Faraz\AppData\Local\Skype
2015-08-13 12:13 - 2015-08-13 12:13 - 00000000 ____D C:\ProgramData\Skype
2015-08-13 12:13 - 2015-08-13 12:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-08-13 12:10 - 2015-08-13 12:10 - 01385504 _____ (Skype Technologies S.A.) C:\Users\Faraz\Downloads\SkypeSetup.exe
2015-08-12 19:24 - 2015-07-30 18:43 - 00124624 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-08-12 19:24 - 2015-07-30 18:43 - 00103120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-08-12 13:19 - 2015-07-29 01:39 - 00017344 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2015-08-12 13:19 - 2015-07-29 01:35 - 01116672 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-08-12 13:19 - 2015-07-29 01:35 - 00774656 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-08-12 13:19 - 2015-07-29 01:35 - 00743424 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-08-12 13:19 - 2015-07-29 01:35 - 00437760 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-08-12 13:19 - 2015-07-29 01:35 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-08-12 13:19 - 2015-07-29 01:35 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-08-12 13:19 - 2015-07-29 01:25 - 01148416 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-08-12 13:19 - 2015-07-15 23:45 - 05568960 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-08-12 13:19 - 2015-07-15 23:45 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-08-12 13:19 - 2015-07-15 23:45 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-08-12 13:19 - 2015-07-15 23:45 - 00094656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2015-08-12 13:19 - 2015-07-15 23:42 - 01730496 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-08-12 13:19 - 2015-07-15 23:41 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-08-12 13:19 - 2015-07-15 23:41 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-08-12 13:19 - 2015-07-15 23:41 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-08-12 13:19 - 2015-07-15 23:41 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-08-12 13:19 - 2015-07-15 23:41 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-08-12 13:19 - 2015-07-15 23:40 - 01743360 _____ (Microsoft Corporation) C:\Windows\system32\sysmain.dll
2015-08-12 13:19 - 2015-07-15 23:40 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-08-12 13:19 - 2015-07-15 23:40 - 01216512 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-08-12 13:19 - 2015-07-15 23:40 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-08-12 13:19 - 2015-07-15 23:40 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-08-12 13:19 - 2015-07-15 23:40 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-08-12 13:19 - 2015-07-15 23:40 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-08-12 13:19 - 2015-07-15 23:40 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-08-12 13:19 - 2015-07-15 23:40 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-08-12 13:19 - 2015-07-15 23:40 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-08-12 13:19 - 2015-07-15 23:40 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-08-12 13:19 - 2015-07-15 23:40 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-08-12 13:19 - 2015-07-15 23:40 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-08-12 13:19 - 2015-07-15 23:40 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-08-12 13:19 - 2015-07-15 23:40 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-08-12 13:19 - 2015-07-15 23:40 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2015-08-12 13:19 - 2015-07-15 23:40 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-08-12 13:19 - 2015-07-15 23:40 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-08-12 13:19 - 2015-07-15 23:40 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-08-12 13:19 - 2015-07-15 23:40 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-08-12 13:19 - 2015-07-15 23:40 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-08-12 13:19 - 2015-07-15 23:40 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-08-12 13:19 - 2015-07-15 23:40 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2015-08-12 13:19 - 2015-07-15 23:39 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-08-12 13:19 - 2015-07-15 23:39 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-08-12 13:19 - 2015-07-15 23:35 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-08-12 13:19 - 2015-07-15 23:35 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-08-12 13:19 - 2015-07-15 23:30 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-08-12 13:19 - 2015-07-15 23:30 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-08-12 13:19 - 2015-07-15 23:30 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-08-12 13:19 - 2015-07-15 23:30 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-08-12 13:19 - 2015-07-15 23:30 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-08-12 13:19 - 2015-07-15 23:30 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-08-12 13:19 - 2015-07-15 23:30 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-08-12 13:19 - 2015-07-15 23:30 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-08-12 13:19 - 2015-07-15 23:30 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-08-12 13:19 - 2015-07-15 23:30 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-08-12 13:19 - 2015-07-15 23:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-08-12 13:19 - 2015-07-15 23:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-08-12 13:19 - 2015-07-15 23:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-08-12 13:19 - 2015-07-15 23:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-08-12 13:19 - 2015-07-15 23:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-08-12 13:19 - 2015-07-15 23:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-08-12 13:19 - 2015-07-15 23:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-08-12 13:19 - 2015-07-15 23:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-08-12 13:19 - 2015-07-15 23:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-08-12 13:19 - 2015-07-15 23:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-08-12 13:19 - 2015-07-15 23:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-08-12 13:19 - 2015-07-15 23:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-08-12 13:19 - 2015-07-15 23:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-08-12 13:19 - 2015-07-15 23:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-08-12 13:19 - 2015-07-15 23:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-08-12 13:19 - 2015-07-15 23:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-08-12 13:19 - 2015-07-15 23:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-08-12 13:19 - 2015-07-15 23:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-08-12 13:19 - 2015-07-15 23:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-08-12 13:19 - 2015-07-15 23:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-08-12 13:19 - 2015-07-15 23:29 - 03989952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-08-12 13:19 - 2015-07-15 23:29 - 03934656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-08-12 13:19 - 2015-07-15 23:26 - 01311768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-08-12 13:19 - 2015-07-15 23:25 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-08-12 13:19 - 2015-07-15 23:25 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-08-12 13:19 - 2015-07-15 23:25 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-08-12 13:19 - 2015-07-15 23:25 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-08-12 13:19 - 2015-07-15 23:25 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-08-12 13:19 - 2015-07-15 23:24 - 00552960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-08-12 13:19 - 2015-07-15 23:24 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-08-12 13:19 - 2015-07-15 23:24 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-08-12 13:19 - 2015-07-15 23:24 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2015-08-12 13:19 - 2015-07-15 23:24 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-08-12 13:19 - 2015-07-15 23:24 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-08-12 13:19 - 2015-07-15 23:24 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-08-12 13:19 - 2015-07-15 23:23 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-08-12 13:19 - 2015-07-15 23:23 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2015-08-12 13:19 - 2015-07-15 23:23 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-08-12 13:19 - 2015-07-15 23:23 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-08-12 13:19 - 2015-07-15 23:23 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-08-12 13:19 - 2015-07-15 23:23 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-08-12 13:19 - 2015-07-15 23:19 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-08-12 13:19 - 2015-07-15 23:18 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-08-12 13:19 - 2015-07-15 23:14 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-08-12 13:19 - 2015-07-15 23:14 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-08-12 13:19 - 2015-07-15 23:14 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-08-12 13:19 - 2015-07-15 23:14 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-08-12 13:19 - 2015-07-15 23:14 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-08-12 13:19 - 2015-07-15 23:14 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-08-12 13:19 - 2015-07-15 23:14 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-08-12 13:19 - 2015-07-15 23:14 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-08-12 13:19 - 2015-07-15 23:14 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-08-12 13:19 - 2015-07-15 23:14 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-08-12 13:19 - 2015-07-15 23:14 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-08-12 13:19 - 2015-07-15 23:14 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-08-12 13:19 - 2015-07-15 23:14 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-08-12 13:19 - 2015-07-15 23:14 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-08-12 13:19 - 2015-07-15 23:14 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-08-12 13:19 - 2015-07-15 23:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-08-12 13:19 - 2015-07-15 23:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-08-12 13:19 - 2015-07-15 23:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-08-12 13:19 - 2015-07-15 23:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-08-12 13:19 - 2015-07-15 23:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-08-12 13:19 - 2015-07-15 23:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-08-12 13:19 - 2015-07-15 23:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-08-12 13:19 - 2015-07-15 23:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-08-12 13:19 - 2015-07-15 23:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-08-12 13:19 - 2015-07-15 23:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-08-12 13:19 - 2015-07-15 23:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-08-12 13:19 - 2015-07-15 22:16 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-08-12 13:19 - 2015-07-15 22:16 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-08-12 13:19 - 2015-07-15 22:16 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-08-12 13:19 - 2015-07-15 22:07 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-08-12 13:19 - 2015-07-15 22:07 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-08-12 13:19 - 2015-07-15 22:04 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-08-12 13:19 - 2015-07-15 22:04 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-08-12 13:19 - 2015-07-15 22:04 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-08-12 13:19 - 2015-07-15 22:04 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-08-12 13:19 - 2015-07-10 23:21 - 14177280 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-08-12 13:19 - 2015-07-10 23:04 - 12875776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-08-12 13:18 - 2015-07-17 02:06 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-08-12 13:18 - 2015-07-17 02:05 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-08-12 13:18 - 2015-07-17 01:51 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-08-12 13:18 - 2015-07-17 01:20 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-08-12 13:18 - 2015-07-17 01:15 - 02279424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-08-12 13:18 - 2015-07-17 01:13 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-08-12 13:18 - 2015-07-17 00:49 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-08-12 13:18 - 2015-07-15 08:49 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\basesrv.dll
2015-08-12 13:18 - 2015-07-10 23:21 - 03722752 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2015-08-12 13:18 - 2015-07-10 23:21 - 00158720 _____ (Microsoft Corporation) C:\Windows\system32\aaclient.dll
2015-08-12 13:18 - 2015-07-10 23:21 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2015-08-12 13:18 - 2015-07-10 23:04 - 03221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2015-08-12 13:18 - 2015-07-10 23:04 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2015-08-12 13:18 - 2015-07-10 23:03 - 00131584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2015-08-12 13:17 - 2015-07-21 06:09 - 00389840 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-08-12 13:17 - 2015-07-21 05:42 - 00342736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-08-12 13:17 - 2015-07-17 02:24 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-08-12 13:17 - 2015-07-17 02:07 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-08-12 13:17 - 2015-07-17 02:06 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-08-12 13:17 - 2015-07-17 02:06 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-08-12 13:17 - 2015-07-17 02:05 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-08-12 13:17 - 2015-07-17 01:57 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-08-12 13:17 - 2015-07-17 01:56 - 05923328 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-08-12 13:17 - 2015-07-17 01:56 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-08-12 13:17 - 2015-07-17 01:53 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-08-12 13:17 - 2015-07-17 01:51 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-08-12 13:17 - 2015-07-17 01:51 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-08-12 13:17 - 2015-07-17 01:51 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-08-12 13:17 - 2015-07-17 01:42 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-08-12 13:17 - 2015-07-17 01:38 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-08-12 13:17 - 2015-07-17 01:30 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-08-12 13:17 - 2015-07-17 01:25 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-08-12 13:17 - 2015-07-17 01:24 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-08-12 13:17 - 2015-07-17 01:21 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-08-12 13:17 - 2015-07-17 01:21 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-08-12 13:17 - 2015-07-17 01:21 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-08-12 13:17 - 2015-07-17 01:20 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-08-12 13:17 - 2015-07-17 01:19 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-08-12 13:17 - 2015-07-17 01:13 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-08-12 13:17 - 2015-07-17 01:11 - 00479232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-08-12 13:17 - 2015-07-17 01:09 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-08-12 13:17 - 2015-07-17 01:09 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-08-12 13:17 - 2015-07-17 01:08 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-08-12 13:17 - 2015-07-17 01:06 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-08-12 13:17 - 2015-07-17 01:05 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-08-12 13:17 - 2015-07-17 01:04 - 14451200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-08-12 13:17 - 2015-07-17 01:03 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-08-12 13:17 - 2015-07-17 01:02 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-08-12 13:17 - 2015-07-17 00:59 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-08-12 13:17 - 2015-07-17 00:54 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-08-12 13:17 - 2015-07-17 00:50 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-08-12 13:17 - 2015-07-17 00:47 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-08-12 13:17 - 2015-07-17 00:42 - 04520448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-08-12 13:17 - 2015-07-17 00:42 - 02427904 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-08-12 13:17 - 2015-07-17 00:40 - 12856832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-08-12 13:17 - 2015-07-17 00:36 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-08-12 13:17 - 2015-07-17 00:36 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-08-12 13:17 - 2015-07-17 00:35 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-08-12 13:17 - 2015-07-17 00:31 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-08-12 13:17 - 2015-07-17 00:19 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-08-12 13:17 - 2015-07-17 00:12 - 01951232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-08-12 13:17 - 2015-07-17 00:08 - 01310720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-08-12 13:17 - 2015-07-17 00:07 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-08-12 13:15 - 2015-07-30 23:36 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2015-08-12 13:15 - 2015-07-30 23:36 - 01648128 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-08-12 13:15 - 2015-07-30 23:36 - 01180160 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-08-12 13:15 - 2015-07-30 23:36 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-08-12 13:15 - 2015-07-30 23:36 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-08-12 13:15 - 2015-07-30 23:36 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-08-12 13:15 - 2015-07-30 23:36 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-08-12 13:15 - 2015-07-30 23:27 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2015-08-12 13:15 - 2015-07-30 23:27 - 01251328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-08-12 13:15 - 2015-07-30 23:27 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2015-08-12 13:15 - 2015-07-30 23:27 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-08-12 13:15 - 2015-07-30 23:27 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2015-08-12 13:15 - 2015-07-30 23:25 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2015-08-12 13:15 - 2015-07-30 22:26 - 03208192 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-08-12 13:15 - 2015-07-30 22:22 - 00372736 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-08-12 13:15 - 2015-07-30 22:19 - 00299520 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-08-12 13:15 - 2015-07-20 23:42 - 03154944 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-08-12 13:15 - 2015-07-20 23:42 - 02606080 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-08-12 13:15 - 2015-07-20 23:42 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-08-12 13:15 - 2015-07-20 23:42 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-08-12 13:15 - 2015-07-20 23:42 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-08-12 13:15 - 2015-07-20 23:42 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-08-12 13:15 - 2015-07-20 23:42 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-08-12 13:15 - 2015-07-20 23:42 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-08-12 13:15 - 2015-07-20 23:42 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-08-12 13:15 - 2015-07-20 23:42 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-08-12 13:15 - 2015-07-20 23:42 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-08-12 13:15 - 2015-07-20 23:26 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-08-12 13:15 - 2015-07-20 23:26 - 00173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-08-12 13:15 - 2015-07-20 23:26 - 00093184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-08-12 13:15 - 2015-07-20 23:26 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-08-12 13:15 - 2015-07-20 23:26 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-08-12 13:15 - 2015-07-15 08:49 - 02004992 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2015-08-12 13:15 - 2015-07-15 08:49 - 01887232 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-08-12 13:15 - 2015-07-15 08:44 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2015-08-12 13:15 - 2015-07-15 08:43 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2015-08-12 13:15 - 2015-07-15 08:25 - 01390592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2015-08-12 13:15 - 2015-07-15 08:25 - 01241088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2015-08-12 13:15 - 2015-07-15 08:21 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
2015-08-12 13:15 - 2015-07-15 08:21 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2015-08-12 13:15 - 2015-07-09 23:27 - 00193536 _____ (Microsoft Corporation) C:\Windows\system32\notepad.exe
2015-08-12 13:15 - 2015-07-09 23:27 - 00193536 _____ (Microsoft Corporation) C:\Windows\notepad.exe
2015-08-12 13:15 - 2015-07-09 23:12 - 00179712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
2015-08-12 13:15 - 2015-07-02 02:19 - 00260096 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2015-08-12 13:15 - 2015-07-02 02:18 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2015-08-12 13:15 - 2015-07-02 02:00 - 00206848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2015-08-12 13:15 - 2015-07-02 02:00 - 00082432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
2015-08-12 13:14 - 2015-05-09 23:56 - 00493504 _____ (Microsoft Corporation) C:\Windows\system32\mcupdate_GenuineIntel.dll
2015-08-11 16:36 - 2015-08-11 16:36 - 00004544 _____ C:\Users\Faraz\Downloads\p5qzhgdwiyztrzkypgfhtc8i4qjkxnv8.zip
2015-08-11 16:36 - 2015-08-11 16:36 - 00000000 ____D C:\Users\Faraz\Downloads\p5qzhgdwiyztrzkypgfhtc8i4qjkxnv8
2015-08-11 16:06 - 2015-08-11 16:06 - 00004549 _____ C:\Users\Faraz\Downloads\ezaiphgksdg12wgvutrrvxear1k8alhy.zip
2015-08-11 16:06 - 2015-08-11 16:06 - 00000000 ____D C:\Users\Faraz\Downloads\ezaiphgksdg12wgvutrrvxear1k8alhy
2015-08-06 18:37 - 2015-08-06 18:37 - 00194885 _____ C:\Users\Faraz\Downloads\hjsplit.zip
2015-08-06 14:03 - 2015-08-06 14:03 - 00053946 _____ C:\Users\Faraz\Downloads\products-2015-08-05 (1).csv
2015-08-06 13:01 - 2015-08-06 13:03 - 00454057 _____ C:\Users\Faraz\Downloads\products-2015-08-05.csv
2015-08-06 12:58 - 2015-08-06 11:20 - 04795639 _____ C:\Users\Faraz\Downloads\attributes.csv
2015-08-06 12:46 - 2015-08-06 12:46 - 00000462 _____ C:\Users\Faraz\Downloads\www.govtechdepot.com.duck
2015-08-05 15:59 - 2015-08-05 15:59 - 00000446 _____ C:\Users\Faraz\Downloads\store-njwmv1.mybigcommerce.com.duck
2015-08-05 13:03 - 2015-08-05 13:03 - 00000441 _____ C:\Users\Faraz\Downloads\store-8jh2a5fg.mybigcommerce.com.duck
2015-08-04 19:01 - 2015-08-04 19:01 - 00000438 _____ C:\Users\Faraz\Downloads\www.savoywatches.com.duck
2015-08-04 14:32 - 2015-08-26 23:08 - 00000000 ____D C:\Windows\pss
2015-08-02 13:57 - 2015-08-02 13:57 - 00000098 _____ C:\Users\Faraz\Downloads\ohleech.com_AV-Qu33N-DR1P.rar
2015-08-02 13:45 - 2015-08-02 13:45 - 00000000 ____D C:\Users\Faraz\AppData\Local\CEF
2015-08-02 13:44 - 2015-08-03 11:16 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2015-08-02 13:43 - 2015-08-02 13:43 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2015-08-02 13:43 - 2015-08-02 13:43 - 00000000 ____D C:\Program Files (x86)\Adobe
2015-08-02 13:42 - 2015-08-02 13:45 - 00000000 ____D C:\ProgramData\Adobe
2015-08-02 13:39 - 2015-08-02 13:45 - 00000000 ____D C:\Users\Faraz\AppData\Local\Adobe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-08-28 16:09 - 2015-02-19 04:29 - 01726515 _____ C:\Windows\WindowsUpdate.log
2015-08-28 16:08 - 2015-07-06 12:25 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-08-28 16:03 - 2015-02-19 20:45 - 00000000 ____D C:\ProgramData\AVAST Software
2015-08-28 15:58 - 2015-02-19 04:41 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-08-28 15:50 - 2015-06-16 16:39 - 00000918 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-4285837406-2611494833-1162170984-1000UA.job
2015-08-28 14:06 - 2009-07-14 10:15 - 00021648 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-08-28 14:06 - 2009-07-14 10:15 - 00021648 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-08-28 14:01 - 2015-02-19 21:52 - 00000000 ___RD C:\Users\Faraz\Dropbox
2015-08-28 14:01 - 2015-02-19 21:29 - 00000000 ____D C:\Users\Faraz\AppData\Roaming\Dropbox
2015-08-28 13:59 - 2009-07-14 08:50 - 00000000 ____D C:\Windows\system32\NDF
2015-08-28 13:56 - 2015-02-19 04:41 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-08-28 13:56 - 2009-07-14 10:38 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-08-28 13:55 - 2009-07-14 10:21 - 00055705 _____ C:\Windows\setupact.log
2015-08-28 00:31 - 2015-02-19 06:00 - 00000000 ____D C:\Users\Faraz\AppData\Roaming\DMCache
2015-08-27 13:00 - 2015-04-14 03:24 - 00000000 ____D C:\Users\Faraz\AppData\Roaming\FileZilla
2015-08-27 12:55 - 2015-04-09 17:29 - 00000000 ____D C:\wamp
2015-08-27 12:50 - 2015-06-16 16:39 - 00000866 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-4285837406-2611494833-1162170984-1000Core.job
2015-08-26 23:17 - 2009-07-14 10:43 - 00782470 _____ C:\Windows\system32\PerfStringBackup.INI
2015-08-26 18:56 - 2015-02-19 04:40 - 00000000 ____D C:\Users\Faraz\AppData\Local\Deployment
2015-08-26 14:51 - 2010-11-21 09:17 - 00720238 _____ C:\Windows\PFRO.log
2015-08-26 13:56 - 2015-05-09 18:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit
2015-08-26 13:56 - 2015-05-09 18:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-08-26 13:56 - 2015-02-19 04:29 - 00000000 ____D C:\Users\Faraz
2015-08-26 13:55 - 2015-05-09 21:29 - 00000000 ____D C:\Program Files\Java
2015-08-26 12:37 - 2009-07-14 10:38 - 00032652 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-08-25 21:14 - 2015-02-19 05:48 - 00015774 _____ C:\Windows\system32\results.xml
2015-08-23 14:09 - 2015-03-05 13:48 - 00000000 ____D C:\Users\Faraz\AppData\Roaming\vlc
2015-08-23 11:45 - 2015-02-19 05:01 - 00000000 ____D C:\Users\Faraz\AppData\Roaming\uTorrent
2015-08-23 11:42 - 2015-04-13 23:59 - 00000000 ____D C:\Program Files\SecurityKISS Tunnel
2015-08-23 11:41 - 2015-02-19 11:35 - 00000000 ____D C:\ProgramData\DatacardService
2015-08-23 11:40 - 2015-06-03 15:07 - 00000000 ____D C:\Program Files (x86)\Citrix
2015-08-23 11:40 - 2015-06-03 14:19 - 00000000 ____D C:\Users\Faraz\Documents\Fiddler2
2015-08-23 11:40 - 2015-03-15 14:41 - 00000000 ____D C:\Program Files (x86)\Fiddler2
2015-08-23 11:32 - 2015-05-09 18:23 - 00000000 ____D C:\Users\Faraz\AppData\Local\Android
2015-08-23 11:31 - 2015-05-09 18:22 - 00000000 ____D C:\Program Files\Android
2015-08-22 13:01 - 2015-02-19 04:52 - 00002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-08-18 23:10 - 2015-03-03 12:21 - 00775084 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2015-08-17 15:47 - 2015-05-09 21:30 - 00000000 ____D C:\ProgramData\Oracle
2015-08-17 15:41 - 2015-05-09 18:17 - 00000000 ____D C:\Program Files (x86)\Java
2015-08-14 13:07 - 2015-07-16 03:49 - 00000000 ____D C:\Windows\rescache
2015-08-13 11:37 - 2009-07-14 10:15 - 00281488 _____ C:\Windows\system32\FNTCACHE.DAT
2015-08-13 11:35 - 2015-02-21 17:31 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-08-13 11:35 - 2015-02-21 17:31 - 00000000 ____D C:\Windows\system32\appraiser
2015-08-12 19:18 - 2015-04-13 15:41 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-08-06 12:17 - 2015-03-03 14:13 - 00000000 __SHD C:\Users\Faraz\wc
2015-08-02 13:44 - 2015-02-22 01:43 - 00000000 ____D C:\Users\Faraz\AppData\Roaming\Adobe

==================== Files in the root of some directories =======

2015-03-03 11:33 - 2015-03-03 11:33 - 0000000 _____ () C:\Users\Faraz\AppData\Local\{9288891C-01E9-403D-A93B-12D4AA9F95CE}

Some files in TEMP:
====================
C:\Users\Faraz\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmponyj_7.dll
C:\Users\Faraz\AppData\Local\Temp\DseShExt-x64.dll
C:\Users\Faraz\AppData\Local\Temp\DseShExt-x86.dll
C:\Users\Faraz\AppData\Local\Temp\SDShelEx-win32.dll
C:\Users\Faraz\AppData\Local\Temp\SDShelEx-x64.dll
C:\Users\Faraz\AppData\Local\Temp\sqlite3.dll
C:\Users\Faraz\AppData\Local\Temp\vlc-2.2.1-win32.exe
C:\Users\Faraz\AppData\Local\Temp\{100F937D-BFF7-421B-BFD9-BF8F3841F7E1}-DropboxClient_3.8.5.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-08-22 13:39

==================== End of FRST.txt ============================
Attached Files
File Type: txt Addition_28-08-2015_16-18-19.txt (29.6 KB, 29 views)
MoinFaraz is offline  
Old 08-28-2015, 05:44 AM   #8
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again. MoinFaraz.

Quote:
Same goes for thunderbird, tuneup, yahoo
How about avast!, Connectify, and Skype?

Quote:
MSCONFIG\Services: avast! Antivirus => 2
MSCONFIG\startupreg: Connectify Dispatch => C:\Program Files (x86)\Connectify\DispatchUI.exe
MSCONFIG\startupreg: Connectify Hotspot => C:\Program Files (x86)\Connectify\Connectify.exe
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
Are you able to enable those?

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 08-28-2015, 05:57 AM   #9
Registered Member
 
Join Date: Aug 2015
Posts: 16
OS: Windows 7



I have re-installed avast. I have manually disabled Connectify from start-up, as I was having trouble with it. Skype too. I have disabled it from start-up.
MoinFaraz is offline  
Old 08-28-2015, 08:53 AM   #10
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again. MoinFaraz. I'm not seeing any signs of malware in your logs so far. We'll see what turns up.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by a helper.

------------------------------------------------------

If there are any personal files, pics, etc. on your computer you cannot live without, back them up now just as a precaution.

Emergency Backup Procedure - Tech Support Forum

Also, if you haven't done so already, create a system repair disc. It's really easy and quick.

How To Create a Windows 7 System Repair Disc [Easy]

------------------------------------------------------
  • Open Notepad (Start > All Programs > Accessories > Notepad).
  • Please copy all the text in the codebox below. (To do this highlight the contents of the box, right-click on it and select Copy. Right-click in the open Notepad and select Paste).
  • Save it as fixlist.txt next to FRST64.exe
  • If asked to change 'Encoding:' to 'Unicode:', please agree and save it.

    NOTE: Both FRST64.exe and the fixlist.txt must be in the same location or the fix will not work.


    Code:
    start
    createrestorepoint:
    FirewallRules: [{A24ED92B-5B25-4DCB-A36A-1AB1C20752F4}] => (Allow) C:\Users\Faraz\AppData\Roaming\uTorrent\uTorrent.exe
    FirewallRules: [{4C9A106D-70F0-4BF4-988E-70B049D19905}] => (Allow) C:\Users\Faraz\AppData\Roaming\uTorrent\uTorrent.exe
    FirewallRules: [TCP Query User{FA865E7B-7609-4315-A46B-D74FAC01EE8E}C:\users\faraz\downloads\programs\utorrent.exe] => (Allow) C:\users\faraz\downloads\programs\utorrent.exe
    FirewallRules: [UDP Query User{2D963491-26CE-4459-A3B0-05FF9230A65B}C:\users\faraz\downloads\programs\utorrent.exe] => (Allow) C:\users\faraz\downloads\programs\utorrent.exe
    FirewallRules: [TCP Query User{819E423D-91C8-490F-A5A4-5519BE7F46C7}C:\users\faraz\downloads\programs\utorrent.exe] => (Allow) C:\users\faraz\downloads\programs\utorrent.exe
    FirewallRules: [UDP Query User{A00E975A-8B31-4FB0-B3F5-29854A8AE0E2}C:\users\faraz\downloads\programs\utorrent.exe] => (Allow) C:\users\faraz\downloads\programs\utorrent.exe
    ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
    FF Extension: No Name - C:\Program Files (x86)\Fiddler2\FiddlerHook [not found]
    S4 HWDeviceService64.exe; "C:\ProgramData\DatacardService\HWDeviceService64.exe" -/service [X]
    S4 wifimansvc; C:\Program Files (x86)\Mobile Partner\eap\wifimansvc.exe [X]
    S3 ewusbmbb; system32\DRIVERS\ewusbwwan.sys [X]
    S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [X]
    S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]
    S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
    S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
    2015-08-23 11:45 - 2015-02-19 05:01 - 00000000 ____D C:\Users\Faraz\AppData\Roaming\uTorrent
    Reg: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services\avast! Antivirus" /f
    Reg: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services\HWDeviceService64.exe" /f
    Reg: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services\MBAMScheduler" /f
    Reg: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services\MBAMService" /f
    Reg: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services\Mobile Partner. RunOuc" /f
    Reg: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services\MozillaMaintenance" /f
    Reg: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services\TuneUp.UtilitiesSvc" /f
    Reg: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services\wifimansvc" /f
    Reg: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services\YahooAUService" /f
    Reg: reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE" /s
    EmptyTemp:
    end
  • Double-click FRST64 to run the tool. If the tool warns you the version is outdated, please download and run the updated version.
  • Click the Fix button just once, and wait.
  • If you receive a message that a reboot is required, please make sure you allow it to restart normally.
  • The tool will complete its run after the restart.
  • When finished, the tool will make a log (Fixlog.txt) in the same location from where it was run. Please post the Fixlog.txt log in your reply.

NOTE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 08-28-2015, 09:30 AM   #11
Registered Member
 
Join Date: Aug 2015
Posts: 16
OS: Windows 7



Fix result of Farbar Recovery Scan Tool (x64) Version:25-08-2015 02
Ran by Faraz (2015-08-28 21:51:16) Run:1
Running from C:\Users\Faraz\Downloads
Loaded Profiles: Faraz (Available Profiles: Faraz)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start
createrestorepoint:
FirewallRules: [{A24ED92B-5B25-4DCB-A36A-1AB1C20752F4}] => (Allow) C:\Users\Faraz\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{4C9A106D-70F0-4BF4-988E-70B049D19905}] => (Allow) C:\Users\Faraz\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [TCP Query User{FA865E7B-7609-4315-A46B-D74FAC01EE8E}C:\users\faraz\downloads\programs\utorrent.exe] => (Allow) C:\users\faraz\downloads\programs\utorrent.exe
FirewallRules: [UDP Query User{2D963491-26CE-4459-A3B0-05FF9230A65B}C:\users\faraz\downloads\programs\utorrent.exe] => (Allow) C:\users\faraz\downloads\programs\utorrent.exe
FirewallRules: [TCP Query User{819E423D-91C8-490F-A5A4-5519BE7F46C7}C:\users\faraz\downloads\programs\utorrent.exe] => (Allow) C:\users\faraz\downloads\programs\utorrent.exe
FirewallRules: [UDP Query User{A00E975A-8B31-4FB0-B3F5-29854A8AE0E2}C:\users\faraz\downloads\programs\utorrent.exe] => (Allow) C:\users\faraz\downloads\programs\utorrent.exe
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
FF Extension: No Name - C:\Program Files (x86)\Fiddler2\FiddlerHook [not found]
S4 HWDeviceService64.exe; "C:\ProgramData\DatacardService\HWDeviceService64.exe" -/service [X]
S4 wifimansvc; C:\Program Files (x86)\Mobile Partner\eap\wifimansvc.exe [X]
S3 ewusbmbb; system32\DRIVERS\ewusbwwan.sys [X]
S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [X]
S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
2015-08-23 11:45 - 2015-02-19 05:01 - 00000000 ____D C:\Users\Faraz\AppData\Roaming\uTorrent
Reg: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services\avast! Antivirus" /f
Reg: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services\HWDeviceService64.exe" /f
Reg: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services\MBAMScheduler" /f
Reg: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services\MBAMService" /f
Reg: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services\Mobile Partner. RunOuc" /f
Reg: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services\MozillaMaintenance" /f
Reg: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services\TuneUp.UtilitiesSvc" /f
Reg: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services\wifimansvc" /f
Reg: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services\YahooAUService" /f
Reg: reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE" /s
EmptyTemp:
end
*****************

Restore point was successfully created.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{A24ED92B-5B25-4DCB-A36A-1AB1C20752F4} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{4C9A106D-70F0-4BF4-988E-70B049D19905} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{FA865E7B-7609-4315-A46B-D74FAC01EE8E}C:\users\faraz\downloads\programs\utorrent.exe => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{2D963491-26CE-4459-A3B0-05FF9230A65B}C:\users\faraz\downloads\programs\utorrent.exe => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{819E423D-91C8-490F-A5A4-5519BE7F46C7}C:\users\faraz\downloads\programs\utorrent.exe => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{A00E975A-8B31-4FB0-B3F5-29854A8AE0E2}C:\users\faraz\downloads\programs\utorrent.exe => value removed successfully
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast" => key removed successfully
"HKCR\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}" => key removed successfully
C:\Program Files (x86)\Fiddler2\FiddlerHook => path removed successfullyHWDeviceService64.exe => service removed successfully
wifimansvc => service removed successfully
ewusbmbb => service removed successfully
ew_hwusbdev => service removed successfully
huawei_enumerator => service removed successfully
hwdatacard => service removed successfully
MBAMSwissArmy => service removed successfully
C:\Users\Faraz\AppData\Roaming\uTorrent => moved successfully

========= reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services\avast! Antivirus" /f =========

The operation completed successfully.



========= End of Reg: =========


========= reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services\HWDeviceService64.exe" /f =========

The operation completed successfully.



========= End of Reg: =========


========= reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services\MBAMScheduler" /f =========

The operation completed successfully.



========= End of Reg: =========


========= reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services\MBAMService" /f =========

The operation completed successfully.



========= End of Reg: =========


========= reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services\Mobile Partner. RunOuc" /f =========

The operation completed successfully.



========= End of Reg: =========


========= reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services\MozillaMaintenance" /f =========

The operation completed successfully.



========= End of Reg: =========


========= reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services\TuneUp.UtilitiesSvc" /f =========

The operation completed successfully.



========= End of Reg: =========


========= reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services\wifimansvc" /f =========

The operation completed successfully.



========= End of Reg: =========


========= reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services\YahooAUService" /f =========

The operation completed successfully.



========= End of Reg: =========


========= reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE" /s =========


HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE
DisplayName REG_SZ Base Filtering Engine
Group REG_SZ NetworkProvider
ImagePath REG_EXPAND_SZ %systemroot%\system32\svchost.exe -k LocalServiceNoNetwork
Description REG_SZ @%SystemRoot%\system32\bfe.dll,-1002
ObjectName REG_SZ NT AUTHORITY\LocalService
ErrorControl REG_DWORD 0x1
Start REG_DWORD 0x2
Type REG_DWORD 0x20
DependOnService REG_MULTI_SZ RpcSs
ServiceSidType REG_DWORD 0x3
RequiredPrivileges REG_MULTI_SZ SeAuditPrivilege
FailureActions REG_BINARY 805101000000000000000000030000001400000001000000C0D4010001000000E09304000000000000000000

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE\Parameters
ServiceDll REG_EXPAND_SZ %SystemRoot%\System32\bfe.dll
ServiceDllUnloadOnStop REG_DWORD 0x1
ServiceMain REG_SZ BfeServiceMain

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE\Parameters\Policy

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE\Parameters\Policy\BootTime

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE\Parameters\Policy\BootTime\Filter
{dc95b53e-01cf-4058-821d-350b3d0d4676} REG_BINARY 01100800CCCCCCCC980000000000000000000200000000002E00000000000000000000000000000000000000000000000400020000000000010000000000000004000000040000000800020002000000020000000C000200021000000000000000000000000000000000000000000000FFFFFFFFFFFFFFFF02000000050000000000000001000000010000003A000000040000000000000002000000020000008700000000000000
{2dd96961-5757-434f-b617-34e732517c0e} REG_BINARY 01100800CCCCCCCCA80000000000000000000200000000002E00000000000000000000000000000000000000000000000400020000000000170000000000000004000000040000000800020001000000030000000C0002000110000000000000000000000000000000000000000000000000000C02000000030000001300000000000000030000000300000083000000140000000000000003000000030000000E0000000B00000008000000030000000300000001000000
{2db25e6c-f07a-44f4-b6c8-50a330d2790b} REG_BINARY 01100800CCCCCCCCA80000000000000000000200000000002E00000000000000000000000000000000000000000000000400020000000000190000000000000004000000040000000800020001000000030000000C0002000110000000000000000000000000000000000000000000000000000C0200000003000000130000000000000003000000030000008300000014000000000000000300000003000000010000000B00000008000000030000000300000001000000
{c42f1cd6-3a95-4ae2-a513-793c3ae610c7} REG_BINARY 01100800CCCCCCCCA80000000000000000000200000000002C000000000000000000000000000000000000000000000004000200000000001A0000000000000004000000040000000800020001000000030000000C000200011000000000000000000000000000000000000000000000000000300800000003000000130000000000000003000000030000008300000014000000000000000300000003000000010000000B00000008000000030000000300000001000000
{0c41d586-9c19-4e01-9d66-b5b98a97576e} REG_BINARY 01100800CCCCCCCC800000000000000000000200000000001C00000000000000000000000000000000000000000000000400020000000000030000000000000004000000040000000800020002000000010000000C000200021000000000000000000000000000000000000000000000FFFFFFFFFFFFFFFF010000001200000006000000030000000300000001000000
{12c38916-82ac-4737-8f38-b6957ffebad6} REG_BINARY 01100800CCCCCCCC800000000000000000000200000000001E00000000000000000000000000000000000000000000000400020000000000040000000000000004000000040000000800020002000000010000000C000200021000000000000000000000000000000000000000000000FFFFFFFFFFFFFFFF010000001200000006000000030000000300000001000000
{c970a45d-57f9-4e32-a5bd-886a9662641e} REG_BINARY 01100800CCCCCCCC800000000000000000000200000000002C00000000000000000000000000000000000000000000000400020000000000050000000000000004000000040000000800020002000000010000000C000200021000000000000000000000000000000000000000000000FFFFFFFFFFFFFFFF010000000B00000006000000030000000300000001000000
{0c3be01b-fe70-4cc4-89dc-c07996b67e6d} REG_BINARY 01100800CCCCCCCC800000000000000000000200000000002E00000000000000000000000000000000000000000000000400020000000000060000000000000004000000040000000800020002000000010000000C000200021000000000000000000000000000000000000000000000FFFFFFFFFFFFFFFF010000000B00000006000000030000000300000001000000
{074f7f68-ee10-428a-89d1-ba78f6c327ca} REG_BINARY 01100800CCCCCCCC680000000000000000000200000000001C000000000000000000000000000000000000000000000004000200000000000F000000000000000400000004000000080002000200000000000000000000000110000000000000000000000000000000000000000000000000000000000000
{c016105c-eb34-4519-a5fd-5f4e4ad4d18e} REG_BINARY 01100800CCCCCCCC680000000000000000000200000000001E0000000000000000000000000000000000000000000000040002000000000010000000000000000400000004000000080002000200000000000000000000000110000000000000000000000000000000000000000000000000000000000000
{a47525e2-725b-4888-8af1-ba5a60c04f4d} REG_BINARY 01100800CCCCCCCC680000000000000000000200000000002C0000000000000000000000000000000000000000000000040002000000000011000000000000000400000004000000080002000200000000000000000000000110000000000000000000000000000000000000000000000000000000000000
{0ccc96a3-8c5c-45e2-b80e-7e37b16cc1ad} REG_BINARY 01100800CCCCCCCC680000000000000000000200000000002E0000000000000000000000000000000000000000000000040002000000000012000000000000000400000004000000080002000200000000000000000000000110000000000000000000000000000000000000000000000000000000000000
{935b7f48-0ede-44dd-9bc2-e00bb635cda3} REG_BINARY 01100800CCCCCCCC800000000000000000000200000000000800000000000000000000000000000000000000000000000400020000000000E70001000000000004000000040000000800020002000000010000000C0002000110000000000000000000000000000000000000000000000200000000000000010000000900000008000000030000000300000000000C00
{941dad9d-7b1a-4354-997b-00cf1aa9b35c} REG_BINARY 01100800CCCCCCCC800000000000000000000200000000000A00000000000000000000000000000000000000000000000400020000000000E80001000000000004000000040000000800020002000000010000000C0002000110000000000000000000000000000000000000000000000200000000000000010000000900000008000000030000000300000000000C00

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE\Parameters\Policy\Persistent

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE\Parameters\Policy\Persistent\Callout

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE\Parameters\Policy\Persistent\Filter
{dc95b53e-01cf-4058-821d-350b3d0d4676} REG_BINARY 01100800CCCCCCCCC0010000000000000000020005000000A0010000040002000000000000000000A001000001100800CCCCCCCC900100000000000000000200000000003EB595DCCF015840821D350B3D0D46760400020008000200020000000C0002000800000010000200972CB4A3049F7246B87ECEE9C483257F41D4CDB390AFBA41A7457C6008FF230104000000040000001400020002000000180002000210000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000000000000004000000040000001C00020018000000000000001800000040004600690072006500770061006C006C004100500049002E0064006C006C002C002D0032003300350030003500000018000000000000001800000040004600690072006500770061006C006C004100500049002E0064006C006C002C002D00320033003500300036000000CA16CCDE333F4643BE1E8FB4AE0F3D6208000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF020000002BEF71393E629A4F8CB16E79B806B9A70000000001000000010000003A000000AFA11B0C65573F45AF22A8F791AC775B0000000002000000020000008700000000000000FFFFFFFFFFFFFFFF00000000
{f444c576-6e60-4ea2-9faa-80d57ed12cd2} REG_BINARY 01100800CCCCCCCCC0010000000000000000020005000000A0010000040002000000000000000000A001000001100800CCCCCCCC9001000000000000000002000000000076C544F4606EA24E9FAA80D57ED12CD20400020008000200010000000C0002000800000010000200972CB4A3049F7246B87ECEE9C483257F41D4CDB390AFBA41A7457C6008FF230104000000040000001400020002000000180002000210000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000000004000000040000001C00020018000000000000001800000040004600690072006500770061006C006C004100500049002E0064006C006C002C002D0032003300350030003500000018000000000000001800000040004600690072006500770061006C006C004100500049002E0064006C006C002C002D00320033003500300036000000CA16CCDE333F4643BE1E8FB4AE0F3D6208000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF020000002BEF71393E629A4F8CB16E79B806B9A70000000001000000010000003A000000AFA11B0C65573F45AF22A8F791AC775B0000000002000000020000008700000000000000FFFFFFFFFFFFFFFF00000000
{0c41d586-9c19-4e01-9d66-b5b98a97576e} REG_BINARY 01100800CCCCCCCCA0010000000000000000020005000000800100000400020000000000000000008001000001100800CCCCCCCC7001000000000000000002000000000086D5410C199C014E9D66B5B98A97576E0400020008000200020000000C000200080000001000020090994961B63C844EB95053B94B6964F341D4CDB390AFBA41A7457C6008FF230104000000040000001400020001000000180002000210000000000000000000000000000000000000000000000000000000000000000000000000000000000000030000000000000004000000040000001C00020018000000000000001800000040004600690072006500770061006C006C004100500049002E0064006C006C002C002D0032003300350030003500000018000000000000001800000040004600690072006500770061006C006C004100500049002E0064006C006C002C002D00320033003500300036000000CA16CCDE333F4643BE1E8FB4AE0F3D6208000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF010000003BE22C6367515C4386D7E903684AA80C0600000003000000030000000100000000000000FFFFFFFFFFFFFFFF00000000
{12c38916-82ac-4737-8f38-b6957ffebad6} REG_BINARY 01100800CCCCCCCCA0010000000000000000020005000000800100000400020000000000000000008001000001100800CCCCCCCC700100000000000000000200000000001689C312AC8237478F38B6957FFEBAD60400020008000200020000000C0002000800000010000200FFBDF9652D3B5D4EB8C6C720651FE89841D4CDB390AFBA41A7457C6008FF230104000000040000001400020001000000180002000210000000000000000000000000000000000000000000000000000000000000000000000000000000000000040000000000000004000000040000001C00020018000000000000001800000040004600690072006500770061006C006C004100500049002E0064006C006C002C002D0032003300350030003500000018000000000000001800000040004600690072006500770061006C006C004100500049002E0064006C006C002C002D00320033003500300036000000CA16CCDE333F4643BE1E8FB4AE0F3D6208000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF010000003BE22C6367515C4386D7E903684AA80C0600000003000000030000000100000000000000FFFFFFFFFFFFFFFF00000000
{c970a45d-57f9-4e32-a5bd-886a9662641e} REG_BINARY 01100800CCCCCCCCA0010000000000000000020005000000800100000400020000000000000000008001000001100800CCCCCCCC700100000000000000000200000000005DA470C9F957324EA5BD886A9662641E0400020008000200020000000C0002000800000010000200E79FCDE1B5F4734296C0592E487B865041D4CDB390AFBA41A7457C6008FF230104000000040000001400020001000000180002000210000000000000000000000000000000000000000000000000000000000000000000000000000000000000050000000000000004000000040000001C00020018000000000000001800000040004600690072006500770061006C006C004100500049002E0064006C006C002C002D0032003300350030003500000018000000000000001800000040004600690072006500770061006C006C004100500049002E0064006C006C002C002D00320033003500300036000000CA16CCDE333F4643BE1E8FB4AE0F3D6208000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF010000003BE22C6367515C4386D7E903684AA80C0600000003000000030000000100000000000000FFFFFFFFFFFFFFFF00000000
{0c3be01b-fe70-4cc4-89dc-c07996b67e6d} REG_BINARY 01100800CCCCCCCCA0010000000000000000020005000000800100000400020000000000000000008001000001100800CCCCCCCC700100000000000000000200000000001BE03B0C70FEC44C89DCC07996B67E6D0400020008000200020000000C0002000800000010000200972CB4A3049F7246B87ECEE9C483257F41D4CDB390AFBA41A7457C6008FF230104000000040000001400020001000000180002000210000000000000000000000000000000000000000000000000000000000000000000000000000000000000060000000000000004000000040000001C00020018000000000000001800000040004600690072006500770061006C006C004100500049002E0064006C006C002C002D0032003300350030003500000018000000000000001800000040004600690072006500770061006C006C004100500049002E0064006C006C002C002D00320033003500300036000000CA16CCDE333F4643BE1E8FB4AE0F3D6208000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF010000003BE22C6367515C4386D7E903684AA80C0600000003000000030000000100000000000000FFFFFFFFFFFFFFFF00000000
{4d9581d2-aef8-4993-84cd-b986ced80d42} REG_BINARY 01100800CCCCCCCCA0010000000000000000020005000000800100000400020000000000000000008001000001100800CCCCCCCC70010000000000000000020000000000D281954DF8AE934984CDB986CED80D420400020008000200010000000C000200080000001000020090994961B63C844EB95053B94B6964F341D4CDB390AFBA41A7457C6008FF230104000000040000001400020001000000180002000210000000000000000000000000000000000000000000000000000000000000000000000000000000000000070000000000000004000000040000001C00020018000000000000001800000040004600690072006500770061006C006C004100500049002E0064006C006C002C002D0032003300350030003500000018000000000000001800000040004600690072006500770061006C006C004100500049002E0064006C006C002C002D00320033003500300036000000CA16CCDE333F4643BE1E8FB4AE0F3D6208000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF010000003BE22C6367515C4386D7E903684AA80C0600000003000000030000000100000000000000FFFFFFFFFFFFFFFF00000000
{be7cbdf4-b192-4aa5-94f8-1fb5c5ee07bc} REG_BINARY 01100800CCCCCCCCA0010000000000000000020005000000800100000400020000000000000000008001000001100800CCCCCCCC70010000000000000000020000000000F4BD7CBE92B1A54A94F81FB5C5EE07BC0400020008000200010000000C0002000800000010000200FFBDF9652D3B5D4EB8C6C720651FE89841D4CDB390AFBA41A7457C6008FF230104000000040000001400020001000000180002000210000000000000000000000000000000000000000000000000000000000000000000000000000000000000080000000000000004000000040000001C00020018000000000000001800000040004600690072006500770061006C006C004100500049002E0064006C006C002C002D0032003300350030003500000018000000000000001800000040004600690072006500770061006C006C004100500049002E0064006C006C002C002D00320033003500300036000000CA16CCDE333F4643BE1E8FB4AE0F3D6208000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF010000003BE22C6367515C4386D7E903684AA80C0600000003000000030000000100000000000000FFFFFFFFFFFFFFFF00000000
{716b48eb-0a35-4a76-92ab-1d987230d288} REG_BINARY 01100800CCCCCCCCA0010000000000000000020005000000800100000400020000000000000000008001000001100800CCCCCCCC70010000000000000000020000000000EB486B71350A764A92AB1D987230D2880400020008000200010000000C0002000800000010000200E79FCDE1B5F4734296C0592E487B865041D4CDB390AFBA41A7457C6008FF230104000000040000001400020001000000180002000210000000000000000000000000000000000000000000000000000000000000000000000000000000000000090000000000000004000000040000001C00020018000000000000001800000040004600690072006500770061006C006C004100500049002E0064006C006C002C002D0032003300350030003500000018000000000000001800000040004600690072006500770061006C006C004100500049002E0064006C006C002C002D00320033003500300036000000CA16CCDE333F4643BE1E8FB4AE0F3D6208000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF010000003BE22C6367515C4386D7E903684AA80C0600000003000000030000000100000000000000FFFFFFFFFFFFFFFF00000000
{1165065e-4996-4338-abaf-4b8556b4d431} REG_BINARY 01100800CCCCCCCCA0010000000000000000020005000000800100000400020000000000000000008001000001100800CCCCCCCC700100000000000000000200000000005E06651196493843ABAF4B8556B4D4310400020008000200010000000C0002000800000010000200972CB4A3049F7246B87ECEE9C483257F41D4CDB390AFBA41A7457C6008FF2301040000000400000014000200010000001800020002100000000000000000000000000000000000000000000000000000000000000000000000000000000000000A0000000000000004000000040000001C00020018000000000000001800000040004600690072006500770061006C006C004100500049002E0064006C006C002C002D0032003300350030003500000018000000000000001800000040004600690072006500770061006C006C004100500049002E0064006C006C002C002D00320033003500300036000000CA16CCDE333F4643BE1E8FB4AE0F3D6208000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF010000003BE22C6367515C4386D7E903684AA80C0600000003000000030000000100000000000000FFFFFFFFFFFFFFFF00000000
{07a24961-a760-4e80-b263-6d275e1b09cb} REG_BINARY 01100800CCCCCCCCA0010000000000000000020005000000800100000400020000000000000000008001000001100800CCCCCCCC700100000000000000000200000000006149A20760A7804EB2636D275E1B09CB0400020008000200010000000C0002000800000010000200000139414C56324BBC1D718048354D7C41D4CDB390AFBA41A7457C6008FF2301040000000400000014000200010000001800020002100000000000000000000000000000000000000000000000000000000000000000000000000000000000000B0000000000000004000000040000001C00020018000000000000001800000040004600690072006500770061006C006C004100500049002E0064006C006C002C002D0032003300350030003500000018000000000000001800000040004600690072006500770061006C006C004100500049002E0064006C006C002C002D00320033003500300036000000CA16CCDE333F4643BE1E8FB4AE0F3D6208000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF010000003BE22C6367515C4386D7E903684AA80C0600000003000000030000000100000000000000FFFFFFFFFFFFFFFF00000000
{5b0cb2e2-ab87-4974-9f1c-2f22a654eeb9} REG_BINARY 01100800CCCCCCCCA0010000000000000000020005000000800100000400020000000000000000008001000001100800CCCCCCCC70010000000000000000020000000000E2B20C5B87AB74499F1C2F22A654EEB90400020008000200010000000C0002000800000010000200603BB07F8D7BFA4DBADD980176FC4E1241D4CDB390AFBA41A7457C6008FF2301040000000400000014000200010000001800020002100000000000000000000000000000000000000000000000000000000000000000000000000000000000000C0000000000000004000000040000001C00020018000000000000001800000040004600690072006500770061006C006C004100500049002E0064006C006C002C002D0032003300350030003500000018000000000000001800000040004600690072006500770061006C006C004100500049002E0064006C006C002C002D00320033003500300036000000CA16CCDE333F4643BE1E8FB4AE0F3D6208000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF010000003BE22C6367515C4386D7E903684AA80C0600000003000000030000000100000000000000FFFFFFFFFFFFFFFF00000000
{b6b2ca61-fb98-4422-adc2-e7cf56b3680c} REG_BINARY 01100800CCCCCCCCA0010000000000000000020005000000800100000400020000000000000000008001000001100800CCCCCCCC7001000000000000000002000000000061CAB2B698FB2244ADC2E7CF56B3680C0400020008000200010000000C0002000800000010000200D1578DC3A705334C904F7FBCEEE60E8241D4CDB390AFBA41A7457C6008FF2301040000000400000014000200010000001800020002100000000000000000000000000000000000000000000000000000000000000000000000000000000000000D0000000000000004000000040000001C00020018000000000000001800000040004600690072006500770061006C006C004100500049002E0064006C006C002C002D0032003300350030003500000018000000000000001800000040004600690072006500770061006C006C004100500049002E0064006C006C002C002D00320033003500300036000000CA16CCDE333F4643BE1E8FB4AE0F3D6208000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF010000003BE22C6367515C4386D7E903684AA80C0600000003000000030000000100000000000000FFFFFFFFFFFFFFFF00000000
{0aa7fff8-919f-453c-928c-28a12122ba38} REG_BINARY 01100800CCCCCCCCA0010000000000000000020005000000800100000400020000000000000000008001000001100800CCCCCCCC70010000000000000000020000000000F8FFA70A9F913C45928C28A12122BA380400020008000200010000000C00020008000000100002003B39724A9F31BC4484C3BA54DCB3B6B441D4CDB390AFBA41A7457C6008FF2301040000000400000014000200010000001800020002100000000000000000000000000000000000000000000000000000000000000000000000000000000000000E0000000000000004000000040000001C00020018000000000000001800000040004600690072006500770061006C006C004100500049002E0064006C006C002C002D0032003300350030003500000018000000000000001800000040004600690072006500770061006C006C004100500049002E0064006C006C002C002D00320033003500300036000000CA16CCDE333F4643BE1E8FB4AE0F3D6208000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF010000003BE22C6367515C4386D7E903684AA80C0600000003000000030000000100000000000000FFFFFFFFFFFFFFFF00000000
{074f7f68-ee10-428a-89d1-ba78f6c327ca} REG_BINARY 01100800CCCCCCCC78010000000000000000020005000000580100000400020000000000000000005801000001100800CCCCCCCC48010000000000000000020000000000687F4F0710EE8A4289D1BA78F6C327CA0400020008000200020000000C000200080000001000020090994961B63C844EB95053B94B6964F341D4CDB390AFBA41A7457C6008FF2301010000000100000000000000000000001400020001100000000000000000000000000000000000000000000000000000000000000000000000000000000000000F0000000000000004000000040000001800020018000000000000001800000040004600690072006500770061006C006C004100500049002E0064006C006C002C002D0032003300350030003500000018000000000000001800000040004600690072006500770061006C006C004100500049002E0064006C006C002C002D00320033003500300036000000CA16CCDE333F4643BE1E8FB4AE0F3D6208000000FFFFFFFFFFFFFFFF0000000000000000000000000000000000000000
{c016105c-eb34-4519-a5fd-5f4e4ad4d18e} REG_BINARY 01100800CCCCCCCC78010000000000000000020005000000580100000400020000000000000000005801000001100800CCCCCCCC480100000000000000000200000000005C1016C034EB1945A5FD5F4E4AD4D18E0400020008000200020000000C0002000800000010000200FFBDF9652D3B5D4EB8C6C720651FE89841D4CDB390AFBA41A7457C6008FF230101000000010000000000000000000000140002000110000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000004000000040000001800020018000000000000001800000040004600690072006500770061006C006C004100500049002E0064006C006C002C002D0032003300350030003500000018000000000000001800000040004600690072006500770061006C006C004100500049002E0064006C006C002C002D00320033003500300036000000CA16CCDE333F4643BE1E8FB4AE0F3D6208000000FFFFFFFFFFFFFFFF0000000000000000000000000000000000000000
{a47525e2-725b-4888-8af1-ba5a60c04f4d} REG_BINARY 01100800CCCCCCCC78010000000000000000020005000000580100000400020000000000000000005801000001100800CCCCCCCC48010000000000000000020000000000E22575A45B7288488AF1BA5A60C04F4D0400020008000200020000000C0002000800000010000200E79FCDE1B5F4734296C0592E487B865041D4CDB390AFBA41A7457C6008FF230101000000010000000000000000000000140002000110000000000000000000000000000000000000000000000000000000000000000000000000000000000000110000000000000004000000040000001800020018000000000000001800000040004600690072006500770061006C006C004100500049002E0064006C006C002C002D0032003300350030003500000018000000000000001800000040004600690072006500770061006C006C004100500049002E0064006C006C002C002D00320033003500300036000000CA16CCDE333F4643BE1E8FB4AE0F3D6208000000FFFFFFFFFFFFFFFF0000000000000000000000000000000000000000
{0ccc96a3-8c5c-45e2-b80e-7e37b16cc1ad} REG_BINARY 01100800CCCCCCCC78010000000000000000020005000000580100000400020000000000000000005801000001100800CCCCCCCC48010000000000000000020000000000A396CC0C5C8CE245B80E7E37B16CC1AD0400020008000200020000000C0002000800000010000200972CB4A3049F7246B87ECEE9C483257F41D4CDB390AFBA41A7457C6008FF230101000000010000000000000000000000140002000110000000000000000000000000000000000000000000000000000000000000000000000000000000000000120000000000000004000000040000001800020018000000000000001800000040004600690072006500770061006C006C004100500049002E0064006C006C002C002D0032003300350030003500000018000000000000001800000040004600690072006500770061006C006C004100500049002E0064006C006C002C002D00320033003500300036000000CA16CCDE333F4643BE1E8FB4AE0F3D6208000000FFFFFFFFFFFFFFFF0000000000000000000000000000000000000000
{91ffecf0-0a9e-4572-95f1-a7111af86967} REG_BINARY 01100800CCCCCCCC78010000000000000000020005000000580100000400020000000000000000005801000001100800CCCCCCCC48010000000000000000020000000000F0ECFF919E0A724595F1A7111AF869670400020008000200010000000C000200080000001000020090994961B63C844EB95053B94B6964F341D4CDB390AFBA41A7457C6008FF230101000000010000000000000000000000140002000110000000000000000000000000000000000000000000000000000000000000000000000000000000000000130000000000000004000000040000001800020018000000000000001800000040004600690072006500770061006C006C004100500049002E0064006C006C002C002D0032003300350030003500000018000000000000001800000040004600690072006500770061006C006C004100500049002E0064006C006C002C002D00320033003500300036000000CA16CCDE333F4643BE1E8FB4AE0F3D6208000000FFFFFFFFFFFFFFFF0000000000000000000000000000000000000000
{64e55933-15a5-495d-a928-ccca43d44875} REG_BINARY 01100800CCCCCCCC78010000000000000000020005000000580100000400020000000000000000005801000001100800CCCCCCCC480100000000000000000200000000003359E564A5155D49A928CCCA43D448750400020008000200010000000C0002000800000010000200FFBDF9652D3B5D4EB8C6C720651FE89841D4CDB390AFBA41A7457C6008FF230101000000010000000000000000000000140002000110000000000000000000000000000000000000000000000000000000000000000000000000000000000000140000000000000004000000040000001800020018000000000000001800000040004600690072006500770061006C006C004100500049002E0064006C006C002C002D0032003300350030003500000018000000000000001800000040004600690072006500770061006C006C004100500049002E0064006C006C002C002D00320033003500300036000000CA16CCDE333F4643BE1E8FB4AE0F3D6208000000FFFFFFFFFFFFFFFF0000000000000000000000000000000000000000
{13bfd422-6f75-4408-8924-9400ec0cb19c} REG_BINARY 01100800CCCCCCCC78010000000000000000020005000000580100000400020000000000000000005801000001100800CCCCCCCC4801000000000000000002000000000022D4BF13756F084489249400EC0CB19C0400020008000200010000000C0002000800000010000200E79FCDE1B5F4734296C0592E487B865041D4CDB390AFBA41A7457C6008FF230101000000010000000000000000000000140002000110000000000000000000000000000000000000000000000000000000000000000000000000000000000000150000000000000004000000040000001800020018000000000000001800000040004600690072006500770061006C006C004100500049002E0064006C006C002C002D0032003300350030003500000018000000000000001800000040004600690072006500770061006C006C004100500049002E0064006C006C002C002D00320033003500300036000000CA16CCDE333F4643BE1E8FB4AE0F3D6208000000FFFFFFFFFFFFFFFF0000000000000000000000000000000000000000
{cbfb56db-3c85-4543-9bc2-76ea28cdd74e} REG_BINARY 01100800CCCCCCCC78010000000000000000020005000000580100000400020000000000000000005801000001100800CCCCCCCC48010000000000000000020000000000DB56FBCB853C43459BC276EA28CDD74E0400020008000200010000000C0002000800000010000200972CB4A3049F7246B87ECEE9C483257F41D4CDB390AFBA41A7457C6008FF230101000000010000000000000000000000140002000110000000000000000000000000000000000000000000000000000000000000000000000000000000000000160000000000000004000000040000001800020018000000000000001800000040004600690072006500770061006C006C004100500049002E0064006C006C002C002D0032003300350030003500000018000000000000001800000040004600690072006500770061006C006C004100500049002E0064006C006C002C002D00320033003500300036000000CA16CCDE333F4643BE1E8FB4AE0F3D6208000000FFFFFFFFFFFFFFFF0000000000000000000000000000000000000000
{2dd96961-5757-434f-b617-34e732517c0e} REG_BINARY 01100800CCCCCCCCD8010000000000000000020005000000B8010000040002000000000000000000B801000001100800CCCCCCCCA80100000000000000000200000000006169D92D57574F43B61734E732517C0E0400020008000200020000000C0002000800000010000200972CB4A3049F7246B87ECEE9C483257F66DC69BA765179499C8926A7B46A832701000000010000000000000003000000140002000110000000000000000000000000000000000000000000000000000000000000000000000000000000000000170000000000000004000000040000001800020018000000000000001800000040004600690072006500770061006C006C004100500049002E0064006C006C002C002D0032003300350030003500000018000000000000001800000040004600690072006500770061006C006C004100500049002E0064006C006C002C002D00320033003500300036000000CA16CCDE333F4643BE1E8FB4AE0F3D6208000000FFFFFFFFFFFFFFFF03000000DE90F98998E76D4EAB767C9558292E6F00000000030000000300000083000000DC6611518C7AA74AB53395AB59FB03400000000003000000030000000E0000003BE22C6367515C4386D7E903684AA80C08000000030000000300000001000000000000000000000C0100000000000000
{375fb39b-08c6-40f2-bdf2-08fa63f970a2} REG_BINARY 01100800CCCCCCCCD8010000000000000000020005000000B8010000040002000000000000000000B801000001100800CCCCCCCCA80100000000000000000200000000009BB35F37C608F240BDF208FA63F970A20400020008000200010000000C0002000800000010000200972CB4A3049F7246B87ECEE9C483257F66DC69BA765179499C8926A7B46A832701000000010000000000000003000000140002000110000000000000000000000000000000000000000000000000000000000000000000000000000000000000180000000000000004000000040000001800020018000000000000001800000040004600690072006500770061006C006C004100500049002E0064006C006C002C002D0032003300350030003500000018000000000000001800000040004600690072006500770061006C006C004100500049002E0064006C006C002C002D00320033003500300036000000CA16CCDE333F4643BE1E8FB4AE0F3D6208000000FFFFFFFFFFFFFFFF03000000DE90F98998E76D4EAB767C9558292E6F00000000030000000300000083000000DC6611518C7AA74AB53395AB59FB03400000000003000000030000000E0000003BE22C6367515C4386D7E903684AA80C08000000030000000300000001000000000000000000000C0100000000000000
{2db25e6c-f07a-44f4-b6c8-50a330d2790b} REG_BINARY 01100800CCCCCCCCD8010000000000000000020005000000B8010000040002000000000000000000B801000001100800CCCCCCCCA80100000000000000000200000000006C5EB22D7AF0F444B6C850A330D2790B0400020008000200020000000C0002000800000010000200972CB4A3049F7246B87ECEE9C483257F66DC69BA765179499C8926A7B46A832701000000010000000000000003000000140002000110000000000000000000000000000000000000000000000000000000000000000000000000000000000000190000000000000004000000040000001800020018000000000000001800000040004600690072006500770061006C006C004100500049002E0064006C006C002C002D0032003300350030003500000018000000000000001800000040004600690072006500770061006C006C004100500049002E0064006C006C002C002D00320033003500300036000000CA16CCDE333F4643BE1E8FB4AE0F3D6208000000FFFFFFFFFFFFFFFF03000000DE90F98998E76D4EAB767C9558292E6F00000000030000000300000083000000DC6611518C7AA74AB53395AB59FB0340000000000300000003000000010000003BE22C6367515C4386D7E903684AA80C08000000030000000300000001000000000000000000000C0100000000000000
{c42f1cd6-3a95-4ae2-a513-793c3ae610c7} REG_BINARY 01100800CCCCCCCCD8010000000000000000020005000000B8010000040002000000000000000000B801000001100800CCCCCCCCA8010000000000000000020000000000D61C2FC4953AE24AA513793C3AE610C70400020008000200020000000C0002000800000010000200E79FCDE1B5F4734296C0592E487B865066DC69BA765179499C8926A7B46A8327010000000100000000000000030000001400020001100000000000000000000000000000000000000000000000000000000000000000000000000000000000001A0000000000000004000000040000001800020018000000000000001800000040004600690072006500770061006C006C004100500049002E0064006C006C002C002D0032003300350030003500000018000000000000001800000040004600690072006500770061006C006C004100500049002E0064006C006C002C002D00320033003500300036000000CA16CCDE333F4643BE1E8FB4AE0F3D6208000000FFFFFFFFFFFFFFFF03000000DE90F98998E76D4EAB767C9558292E6F00000000030000000300000083000000DC6611518C7AA74AB53395AB59FB0340000000000300000003000000010000003BE22C6367515C4386D7E903684AA80C0800000003000000030000000100000000000000000000180400000000000000
{b6fdab6b-dcc6-43e3-99ce-7aeca65063a4} REG_BINARY 01100800CCCCCCCCD8010000000000000000020005000000B8010000040002000000000000000000B801000001100800CCCCCCCCA80100000000000000000200000000006BABFDB6C6DCE34399CE7AECA65063A40400020008000200010000000C0002000800000010000200972CB4A3049F7246B87ECEE9C483257F66DC69BA765179499C8926A7B46A8327010000000100000000000000030000001400020001100000000000000000000000000000000000000000000000000000000000000000000000000000000000001B0000000000000004000000040000001800020018000000000000001800000040004600690072006500770061006C006C004100500049002E0064006C006C002C002D0032003300350030003500000018000000000000001800000040004600690072006500770061006C006C004100500049002E0064006C006C002C002D00320033003500300036000000CA16CCDE333F4643BE1E8FB4AE0F3D6208000000FFFFFFFFFFFFFFFF03000000DE90F98998E76D4EAB767C9558292E6F00000000030000000300000083000000DC6611518C7AA74AB53395AB59FB0340000000000300000003000000010000003BE22C6367515C4386D7E903684AA80C08000000030000000300000001000000000000000000000C0100000000000000
{3697a558-3ed3-49be-a4c1-c1a4448653b4} REG_BINARY 01100800CCCCCCCCD8010000000000000000020005000000B8010000040002000000000000000000B801000001100800CCCCCCCCA801000000000000000002000000000058A59736D33EBE49A4C1C1A4448653B40400020008000200010000000C0002000800000010000200E79FCDE1B5F4734296C0592E487B865066DC69BA765179499C8926A7B46A8327010000000100000000000000030000001400020001100000000000000000000000000000000000000000000000000000000000000000000000000000000000001C0000000000000004000000040000001800020018000000000000001800000040004600690072006500770061006C006C004100500049002E0064006C006C002C002D0032003300350030003500000018000000000000001800000040004600690072006500770061006C006C004100500049002E0064006C006C002C002D00320033003500300036000000CA16CCDE333F4643BE1E8FB4AE0F3D6208000000FFFFFFFFFFFFFFFF03000000DE90F98998E76D4EAB767C9558292E6F00000000030000000300000083000000DC6611518C7AA74AB53395AB59FB0340000000000300000003000000010000003BE22C6367515C4386D7E903684AA80C0800000003000000030000000100000000000000000000180400000000000000
{935b7f48-0ede-44dd-9bc2-e00bb635cda3} REG_BINARY 01100800CCCCCCCC00030000000000000000020005000000780100000400020068010000080002007801000001100800CCCCCCCC68010000000000000000020000000000487F5B93DE0EDD449BC2E00BB635CDA30400020008000200020000000C000200080000001000020024CC2AA8E14EE14EB465FD1D25CB10A441D4CDB390AFBA41A7457C6008FF230101000000010000000000000001000000140002000110000000000000000000000000000000000000000000000000000000000000000000000000000000000000E70001000000000004000000040000001800020018000000000000001800000040004600690072006500770061006C006C004100500049002E0064006C006C002C002D0032003300350030003500000018000000000000001800000040004600690072006500770061006C006C004100500049002E0064006C006C002C002D00320033003500300036000000CA16CCDE333F4643BE1E8FB4AE0F3D6208000000FFFFFFFFFFFFFFFF010000003BE22C6367515C4386D7E903684AA80C08000000030000000300000000000C00000000000200000000000000680100000100048C500100005C010000000000001400000002003C010900000000101800FF070F000102000000000005200000002002000000101800FF0703000102000000000005200000002C02000000102800FF070300010600000000000550000000F14110B836FC4D57A8AE0B7025210442844F113100102800FF07030001060000000000055000000049599D779156E555DCF4E20EA78BEBCA7B42135600102800F4030200010600000000000550000000443E41BB45BAA87A6CBD9268F4AD648FD5E670E900102800FF070300010600000000000550000000790978B5AFA1EDD8545E32F4FF1BC45FFDD9E04A00102800FF0703000106000000000005500000000AD8623AD9C60F181B65B5EBD66D2F8B7883395C00102800F40302000106000000000005500000006EBF1BBB45EFD2B14A3B45DB505B43270458D86B0010140050000000010100000000000100000000010100000000000513000000010100000000000513000000
{941dad9d-7b1a-4354-997b-00cf1aa9b35c} REG_BINARY 01100800CCCCCCCC00030000000000000000020005000000780100000400020068010000080002007801000001100800CCCCCCCC680100000000000000000200000000009DAD1D941A7B5443997B00CF1AA9B35C0400020008000200020000000C00020008000000100002001848967BC7193A49B71F832C3684D28C41D4CDB390AFBA41A7457C6008FF230101000000010000000000000001000000140002000110000000000000000000000000000000000000000000000000000000000000000000000000000000000000E80001000000000004000000040000001800020018000000000000001800000040004600690072006500770061006C006C004100500049002E0064006C006C002C002D0032003300350030003500000018000000000000001800000040004600690072006500770061006C006C004100500049002E0064006C006C002C002D00320033003500300036000000CA16CCDE333F4643BE1E8FB4AE0F3D6208000000FFFFFFFFFFFFFFFF010000003BE22C6367515C4386D7E903684AA80C08000000030000000300000000000C00000000000200000000000000680100000100048C500100005C010000000000001400000002003C010900000000101800FF070F000102000000000005200000002002000000101800FF0703000102000000000005200000002C02000000102800FF070300010600000000000550000000F14110B836FC4D57A8AE0B7025210442844F113100102800FF07030001060000000000055000000049599D779156E555DCF4E20EA78BEBCA7B42135600102800F4030200010600000000000550000000443E41BB45BAA87A6CBD9268F4AD648FD5E670E900102800FF070300010600000000000550000000790978B5AFA1EDD8545E32F4FF1BC45FFDD9E04A00102800FF0703000106000000000005500000000AD8623AD9C60F181B65B5EBD66D2F8B7883395C00102800F40302000106000000000005500000006EBF1BBB45EFD2B14A3B45DB505B43270458D86B0010140050000000010100000000000100000000010100000000000513000000010100000000000513000000
{b02a4013-b6b5-4859-9168-1e3299e43b24} REG_BINARY 01100800CCCCCCCCE0020000000000000000020005000000580100000400020068010000080002005801000001100800CCCCCCCC4801000000000000000002000000000013402AB0B5B6594891681E3299E43B240400020008000200010000000C0002000800000010000200972CB4A3049F7246B87ECEE9C483257F41D4CDB390AFBA41A7457C6008FF230201000000010000000000000001000000140002000110000000000000000000000000000000000000000000000000000000000000000000000000000000000000E9000100000000000400000004000000180002001F000000000000001F00000049006E007400650072006600610063006500200055006E002D00710075006100720061006E00740069006E0065002000660069006C007400650072000000000001000000000000000100000000000000CA16CCDE333F4643BE1E8FB4AE0F3D6208000000FFFFFFFFFFFFFFFF010000003BE22C6367515C4386D7E903684AA80C080000000300000003000000010000000000000002000000680100000100048C500100005C010000000000001400000002003C010900000000101800FF070F000102000000000005200000002002000000101800FF0703000102000000000005200000002C02000000102800FF070300010600000000000550000000F14110B836FC4D57A8AE0B7025210442844F113100102800FF07030001060000000000055000000049599D779156E555DCF4E20EA78BEBCA7B42135600102800F4030200010600000000000550000000443E41BB45BAA87A6CBD9268F4AD648FD5E670E900102800FF070300010600000000000550000000790978B5AFA1EDD8545E32F4FF1BC45FFDD9E04A00102800FF0703000106000000000005500000000AD8623AD9C60F181B65B5EBD66D2F8B7883395C00102800F40302000106000000000005500000006EBF1BBB45EFD2B14A3B45DB505B43270458D86B0010140050000000010100000000000100000000010100000000000513000000010100000000000513000000
{d870c96c-75ee-46a6-8a02-8e4401a73423} REG_BINARY 01100800CCCCCCCCE0020000000000000000020005000000580100000400020068010000080002005801000001100800CCCCCCCC480100000000000000000200000000006CC970D8EE75A6468A028E4401A734230400020008000200010000000C0002000800000010000200E79FCDE1B5F4734296C0592E487B865041D4CDB390AFBA41A7457C6008FF230201000000010000000000000001000000140002000110000000000000000000000000000000000000000000000000000000000000000000000000000000000000EA000100000000000400000004000000180002001F000000000000001F00000049006E007400650072006600610063006500200055006E002D00710075006100720061006E00740069006E0065002000660069006C007400650072000000000001000000000000000100000000000000CA16CCDE333F4643BE1E8FB4AE0F3D6208000000FFFFFFFFFFFFFFFF010000003BE22C6367515C4386D7E903684AA80C080000000300000003000000010000000000000008000000680100000100048C500100005C010000000000001400000002003C010900000000101800FF070F000102000000000005200000002002000000101800FF0703000102000000000005200000002C02000000102800FF070300010600000000000550000000F14110B836FC4D57A8AE0B7025210442844F113100102800FF07030001060000000000055000000049599D779156E555DCF4E20EA78BEBCA7B42135600102800F4030200010600000000000550000000443E41BB45BAA87A6CBD9268F4AD648FD5E670E900102800FF070300010600000000000550000000790978B5AFA1EDD8545E32F4FF1BC45FFDD9E04A00102800FF0703000106000000000005500000000AD8623AD9C60F181B65B5EBD66D2F8B7883395C00102800F40302000106000000000005500000006EBF1BBB45EFD2B14A3B45DB505B43270458D86B0010140050000000010100000000000100000000010100000000000513000000010100000000000513000000
{8b50e2ec-7cf0-4b71-b42e-5b0536f6cab8} REG_BINARY 01100800CCCCCCCCE0020000000000000000020005000000580100000400020068010000080002005801000001100800CCCCCCCC48010000000000000000020000000000ECE2508BF07C714BB42E5B0536F6CAB80400020008000200010000000C0002000800000010000200972CB4A3049F7246B87ECEE9C483257F41D4CDB390AFBA41A7457C6008FF230201000000010000000100000001000000140002000210000000000000000000000000000000000000000000000000000000000000000000000000000000000000EB000100000000000400000004000000180002001F000000000000001F00000049006E007400650072006600610063006500200055006E002D00710075006100720061006E00740069006E0065002000660069006C007400650072000000000001000000000000000100000000000000CA16CCDE333F4643BE1E8FB4AE0F3D6208000000FFFFFFFFFFFFFFFF01000000DE90F98998E76D4EAB767C9558292E6F000000000300000003000000830000000000000800000010680100000100048C500100005C010000000000001400000002003C010900000000101800FF070F000102000000000005200000002002000000101800FF0703000102000000000005200000002C02000000102800FF070300010600000000000550000000F14110B836FC4D57A8AE0B7025210442844F113100102800FF07030001060000000000055000000049599D779156E555DCF4E20EA78BEBCA7B42135600102800F4030200010600000000000550000000443E41BB45BAA87A6CBD9268F4AD648FD5E670E900102800FF070300010600000000000550000000790978B5AFA1EDD8545E32F4FF1BC45FFDD9E04A00102800FF0703000106000000000005500000000AD8623AD9C60F181B65B5EBD66D2F8B7883395C00102800F40302000106000000000005500000006EBF1BBB45EFD2B14A3B45DB505B43270458D86B0010140050000000010100000000000100000000010100000000000513000000010100000000000513000000
{4137b143-2770-43d4-91a2-55bb0a069830} REG_BINARY 01100800CCCCCCCCE0020000000000000000020005000000580100000400020068010000080002005801000001100800CCCCCCCC4801000000000000000002000000000043B137417027D44391A255BB0A0698300400020008000200010000000C0002000800000010000200E79FCDE1B5F4734296C0592E487B865041D4CDB390AFBA41A7457C6008FF230201000000010000000100000001000000140002000210000000000000000000000000000000000000000000000000000000000000000000000000000000000000EC000100000000000400000004000000180002001F000000000000001F00000049006E007400650072006600610063006500200055006E002D00710075006100720061006E00740069006E0065002000660069006C007400650072000000000001000000000000000100000000000000CA16CCDE333F4643BE1E8FB4AE0F3D6208000000FFFFFFFFFFFFFFFF01000000DE90F98998E76D4EAB767C9558292E6F000000000300000003000000830000000000002000000010680100000100048C500100005C010000000000001400000002003C010900000000101800FF070F000102000000000005200000002002000000101800FF0703000102000000000005200000002C02000000102800FF070300010600000000000550000000F14110B836FC4D57A8AE0B7025210442844F113100102800FF07030001060000000000055000000049599D779156E555DCF4E20EA78BEBCA7B42135600102800F4030200010600000000000550000000443E41BB45BAA87A6CBD9268F4AD648FD5E670E900102800FF070300010600000000000550000000790978B5AFA1EDD8545E32F4FF1BC45FFDD9E04A00102800FF0703000106000000000005500000000AD8623AD9C60F181B65B5EBD66D2F8B7883395C00102800F40302000106000000000005500000006EBF1BBB45EFD2B14A3B45DB505B43270458D86B0010140050000000010100000000000100000000010100000000000513000000010100000000000513000000
{3180114b-8338-4740-9a16-444134ad62f4} REG_BINARY 01100800CCCCCCCC00030000000000000000020005000000780100000400020068010000080002007801000001100800CCCCCCCC680100000000000000000200000000004B118031388340479A16444134AD62F40400020008000200010000000C0002000800000010000200972CB4A3049F7246B87ECEE9C483257F41D4CDB390AFBA41A7457C6008FF230201000000010000000100000002000000140002000210000000000000000000000000000000000000000000000000000000000000000000000000000000000000ED000100000000000400000004000000180002001F000000000000001F00000049006E007400650072006600610063006500200055006E002D00710075006100720061006E00740069006E0065002000660069006C007400650072000000000001000000000000000100000000000000CA16CCDE333F4643BE1E8FB4AE0F3D6208000000FFFFFFFFFFFFFFFF020000006C7C5397A3D96747A381E942675CD920000000000300000003000000830000003BE22C6367515C4386D7E903684AA80C060000000300000003000000040000000000000802000010680100000100048C500100005C010000000000001400000002003C010900000000101800FF070F000102000000000005200000002002000000101800FF0703000102000000000005200000002C02000000102800FF070300010600000000000550000000F14110B836FC4D57A8AE0B7025210442844F113100102800FF07030001060000000000055000000049599D779156E555DCF4E20EA78BEBCA7B42135600102800F4030200010600000000000550000000443E41BB45BAA87A6CBD9268F4AD648FD5E670E900102800FF070300010600000000000550000000790978B5AFA1EDD8545E32F4FF1BC45FFDD9E04A00102800FF0703000106000000000005500000000AD8623AD9C60F181B65B5EBD66D2F8B7883395C00102800F40302000106000000000005500000006EBF1BBB45EFD2B14A3B45DB505B43270458D86B0010140050000000010100000000000100000000010100000000000513000000010100000000000513000000
{17043d46-fac2-4561-bca1-0c7a05e95f5f} REG_BINARY 01100800CCCCCCCC00030000000000000000020005000000780100000400020068010000080002007801000001100800CCCCCCCC68010000000000000000020000000000463D0417C2FA6145BCA10C7A05E95F5F0400020008000200010000000C0002000800000010000200E79FCDE1B5F4734296C0592E487B865041D4CDB390AFBA41A7457C6008FF230201000000010000000100000002000000140002000210000000000000000000000000000000000000000000000000000000000000000000000000000000000000EE000100000000000400000004000000180002001F000000000000001F00000049006E007400650072006600610063006500200055006E002D00710075006100720061006E00740069006E0065002000660069006C007400650072000000000001000000000000000100000000000000CA16CCDE333F4643BE1E8FB4AE0F3D6208000000FFFFFFFFFFFFFFFF020000006C7C5397A3D96747A381E942675CD920000000000300000003000000830000003BE22C6367515C4386D7E903684AA80C060000000300000003000000040000000000002008000010680100000100048C500100005C010000000000001400000002003C010900000000101800FF070F000102000000000005200000002002000000101800FF0703000102000000000005200000002C02000000102800FF070300010600000000000550000000F14110B836FC4D57A8AE0B7025210442844F113100102800FF07030001060000000000055000000049599D779156E555DCF4E20EA78BEBCA7B42135600102800F4030200010600000000000550000000443E41BB45BAA87A6CBD9268F4AD648FD5E670E900102800FF070300010600000000000550000000790978B5AFA1EDD8545E32F4FF1BC45FFDD9E04A00102800FF0703000106000000000005500000000AD8623AD9C60F181B65B5EBD66D2F8B7883395C00102800F40302000106000000000005500000006EBF1BBB45EFD2B14A3B45DB505B43270458D86B0010140050000000010100000000000100000000010100000000000513000000010100000000000513000000
{567d3836-3f5b-4067-b9c4-952f677010a2} REG_BINARY 01100800CCCCCCCC00030000000000000000020005000000780100000400020068010000080002007801000001100800CCCCCCCC6801000000000000000002000000000036387D565B3F6740B9C4952F677010A20400020008000200010000000C0002000800000010000200972CB4A3049F7246B87ECEE9C483257F41D4CDB390AFBA41A7457C6008FF230201000000010000000100000002000000140002000210000000000000000000000000000000000000000000000000000000000000000000000000000000000000EF000100000000000400000004000000180002001F000000000000001F00000049006E007400650072006600610063006500200055006E002D00710075006100720061006E00740069006E0065002000660069006C007400650072000000000001000000000000000100000000000000CA16CCDE333F4643BE1E8FB4AE0F3D6208000000FFFFFFFFFFFFFFFF020000002BEF71393E629A4F8CB16E79B806B9A70000000001000000010000003A000000AFA11B0C65573F45AF22A8F791AC775B000000000200000002000000870000000000000000E00010680100000100048C500100005C010000000000001400000002003C010900000000101800FF070F000102000000000005200000002002000000101800FF0703000102000000000005200000002C02000000102800FF070300010600000000000550000000F14110B836FC4D57A8AE0B7025210442844F113100102800FF07030001060000000000055000000049599D779156E555DCF4E20EA78BEBCA7B42135600102800F4030200010600000000000550000000443E41BB45BAA87A6CBD9268F4AD648FD5E670E900102800FF070300010600000000000550000000790978B5AFA1EDD8545E32F4FF1BC45FFDD9E04A00102800FF0703000106000000000005500000000AD8623AD9C60F181B65B5EBD66D2F8B7883395C00102800F40302000106000000000005500000006EBF1BBB45EFD2B14A3B45DB505B43270458D86B0010140050000000010100000000000100000000010100000000000513000000010100000000000513000000
{4e718c57-c397-4221-9fbb-14fd51701d6a} REG_BINARY 01100800CCCCCCCC20030000000000000000020005000000980100000400020068010000080002009801000001100800CCCCCCCC88010000000000000000020000000000578C714E97C321429FBB14FD51701D6A0400020008000200010000000C0002000800000010000200E79FCDE1B5F4734296C0592E487B865041D4CDB390AFBA41A7457C6008FF230201000000010000000100000003000000140002000210000000000000000000000000000000000000000000000000000000000000000000000000000000000000F0000100000000000400000004000000180002001F000000000000001F00000049006E007400650072006600610063006500200055006E002D00710075006100720061006E00740069006E0065002000660069006C007400650072000000000001000000000000000100000000000000CA16CCDE333F4643BE1E8FB4AE0F3D6208000000FFFFFFFFFFFFFFFF030000002BEF71393E629A4F8CB16E79B806B9A700000000010000000100000011000000AFA11B0C65573F45AF22A8F791AC775B000000000200000002000000440000004D605AC32BD21A4E91B468F674EE674B000000000200000002000000430000000000000000830710680100000100048C500100005C010000000000001400000002003C010900000000101800FF070F000102000000000005200000002002000000101800FF0703000102000000000005200000002C02000000102800FF070300010600000000000550000000F14110B836FC4D57A8AE0B7025210442844F113100102800FF07030001060000000000055000000049599D779156E555DCF4E20EA78BEBCA7B42135600102800F4030200010600000000000550000000443E41BB45BAA87A6CBD9268F4AD648FD5E670E900102800FF070300010600000000000550000000790978B5AFA1EDD8545E32F4FF1BC45FFDD9E04A00102800FF0703000106000000000005500000000AD8623AD9C60F181B65B5EBD66D2F8B7883395C00102800F40302000106000000000005500000006EBF1BBB45EFD2B14A3B45DB505B43270458D86B0010140050000000010100000000000100000000010100000000000513000000010100000000000513000000
{3a90a266-1519-4d23-911b-e84cd0f02ab8} REG_BINARY 01100800CCCCCCCC20030000000000000000020005000000980100000400020068010000080002009801000001100800CCCCCCCC8801000000000000000002000000000066A2903A1915234D911BE84CD0F02AB80400020008000200010000000C0002000800000010000200972CB4A3049F7246B87ECEE9C483257F41D4CDB390AFBA41A7457C6008FF230201000000010000000100000003000000140002000210000000000000000000000000000000000000000000000000000000000000000000000000000000000000F1000100000000000400000004000000180002001F000000000000001F00000049006E007400650072006600610063006500200055006E002D00710075006100720061006E00740069006E0065002000660069006C007400650072000000000001000000000000000100000000000000CA16CCDE333F4643BE1E8FB4AE0F3D6208000000FFFFFFFFFFFFFFFF030000002BEF71393E629A4F8CB16E79B806B9A700000000010000000100000011000000AFA11B0C65573F45AF22A8F791AC775B000000000200000002000000220200004D605AC32BD21A4E91B468F674EE674B0000000002000000020000002302000000000000C0E10010680100000100048C500100005C010000000000001400000002003C010900000000101800FF070F000102000000000005200000002002000000101800FF0703000102000000000005200000002C02000000102800FF070300010600000000000550000000F14110B836FC4D57A8AE0B7025210442844F113100102800FF07030001060000000000055000000049599D779156E555DCF4E20EA78BEBCA7B42135600102800F4030200010600000000000550000000443E41BB45BAA87A6CBD9268F4AD648FD5E670E900102800FF070300010600000000000550000000790978B5AFA1EDD8545E32F4FF1BC45FFDD9E04A00102800FF0703000106000000000005500000000AD8623AD9C60F181B65B5EBD66D2F8B7883395C00102800F40302000106000000000005500000006EBF1BBB45EFD2B14A3B45DB505B43270458D86B0010140050000000010100000000000100000000010100000000000513000000010100000000000513000000

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE\Parameters\Policy\Persistent\Provider
{decc16ca-3f33-4346-be1e-8fb4ae0f3d62} REG_BINARY 01100800CCCCCCCCF0000000000000000000020000000000D0000000040002000000000000000000D000000001100800CCCCCCCCC00000000000000000000200CA16CCDE333F4643BE1E8FB4AE0F3D6204000200080002000100000000000000000000000C00020018000000000000001800000040004600690072006500770061006C006C004100500049002E0064006C006C002C002D0032003300350030003100000018000000000000001800000040004600690072006500770061006C006C004100500049002E0064006C006C002C002D003200330035003000320000000700000000000000070000006D00700073007300760063000000000000000000
{4b153735-1049-4480-aab4-d1b9bdc03710} REG_BINARY 01100800CCCCCCCCF0000000000000000000020000000000D0000000040002000000000000000000D000000001100800CCCCCCCCC000000000000000000002003537154B49108044AAB4D1B9BDC0371004000200080002000100000000000000000000000C00020018000000000000001800000040004600690072006500770061006C006C004100500049002E0064006C006C002C002D0032003300350030003100000018000000000000001800000040004600690072006500770061006C006C004100500049002E0064006C006C002C002D003200330035003000320000000700000000000000070000006D00700073007300760063000000000000000000
{1bebc969-61a5-4732-a177-847a0817862a} REG_BINARY 01100800CCCCCCCC58020000000000000000020000000000D0000000040002006801000008000200D000000001100800CCCCCCCCC0000000000000000000020069C9EB1BA5613247A177847A0817862A04000200080002000100000000000000000000000C00020018000000000000001800000040004600690072006500770061006C006C004100500049002E0064006C006C002C002D0032003300350032003100000018000000000000001800000040004600690072006500770061006C006C004100500049002E0064006C006C002C002D003200330035003200320000000700000000000000070000004D005000530053005600430000000000680100000100048C500100005C010000000000001400000002003C010900000000101800FF070F000102000000000005200000002002000000101800FF0703000102000000000005200000002C02000000102800FF070300010600000000000550000000F14110B836FC4D57A8AE0B7025210442844F113100102800FF07030001060000000000055000000049599D779156E555DCF4E20EA78BEBCA7B42135600102800F4030200010600000000000550000000443E41BB45BAA87A6CBD9268F4AD648FD5E670E900102800FF070300010600000000000550000000790978B5AFA1EDD8545E32F4FF1BC45FFDD9E04A00102800FF0703000106000000000005500000000AD8623AD9C60F181B65B5EBD66D2F8B7883395C00102800F40302000106000000000005500000006EBF1BBB45EFD2B14A3B45DB505B43270458D86B0010140050000000010100000000000100000000010100000000000513000000010100000000000513000000
{aa6a7d87-7f8f-4d2a-be53-fda555cd5fe3} REG_BINARY 01100800CCCCCCCC50020000000000000000020000000000C8000000040002006801000008000200C800000001100800CCCCCCCCB80000000000000000000200877D6AAA8F7F2A4DBE53FDA555CD5FE304000200080002000100000000000000000000000C000200140000000000000014000000400070006F006C00730074006F00720065002E0064006C006C002C002D0035003000310033000000140000000000000014000000400070006F006C00730074006F00720065002E0064006C006C002C002D00350030003100340000000C000000000000000C00000050006F006C006900630079006100670065006E0074000000680100000100048C500100005C010000000000001400000002003C010900000000101800FF070F000102000000000005200000002002000000101800FF0703000102000000000005200000002C02000000102800FF070300010600000000000550000000F14110B836FC4D57A8AE0B7025210442844F113100102800FF07030001060000000000055000000049599D779156E555DCF4E20EA78BEBCA7B42135600102800F4030200010600000000000550000000443E41BB45BAA87A6CBD9268F4AD648FD5E670E900102800FF070300010600000000000550000000790978B5AFA1EDD8545E32F4FF1BC45FFDD9E04A00102800FF0703000106000000000005500000000AD8623AD9C60F181B65B5EBD66D2F8B7883395C00102800F40302000106000000000005500000006EBF1BBB45EFD2B14A3B45DB505B43270458D86B0010140050000000010100000000000100000000010100000000000514000000010100000000000514000000
{d4bd4a0f-7591-4da2-ae67-3aa97c3c34c2} REG_BINARY 01100800CCCCCCCC2002000000000000000002000000000090000000040002006C010000080002009000000001100800CCCCCCCC8000000000000000000002000F4ABDD49175A24DAE673AA97C3C34C2040002000000000001000000000000000000000008000200160000000000000016000000530079006D0061006E0074006500630020004900500053002000500072006F00760069006400650072000000080000000000000008000000440069006E00670053007600630000006C0100000100048C5001000060010000000000001400000002003C010900000000101800FF070F000102000000000005200000002002000000101800FF0703000102000000000005200000002C02000000102800FF070300010600000000000550000000F14110B836FC4D57A8AE0B7025210442844F113100102800FF07030001060000000000055000000049599D779156E555DCF4E20EA78BEBCA7B42135600102800F4030200010600000000000550000000443E41BB45BAA87A6CBD9268F4AD648FD5E670E900102800FF070300010600000000000550000000790978B5AFA1EDD8545E32F4FF1BC45FFDD9E04A00102800FF0703000106000000000005500000000AD8623AD9C60F181B65B5EBD66D2F8B7883395C00102800F40302000106000000000005500000006EBF1BBB45EFD2B14A3B45DB505B43270458D86B00101400500000000101000000000001000000000102000000000005200000002002000001010000000000051200000000000000

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE\Parameters\Policy\Persistent\SubLayer
{b3cdd441-af90-41ba-a745-7c6008ff2300} REG_BINARY 01100800CCCCCCCCC0000000000000000000020002000000A0000000040002000000000000000000A000000001100800CCCCCCCC90000000000000000000020041D4CDB390AFBA41A7457C6008FF23000400020008000200010000000C00020000000000000000000300000018000000000000001800000040004600690072006500770061006C006C004100500049002E0064006C006C002C002D00320033003500300031000000010000000000000001000000000000003537154B49108044AAB4D1B9BDC037100000000000000000
{b3cdd441-af90-41ba-a745-7c6008ff2301} REG_BINARY 01100800CCCCCCCCC0000000000000000000020002000000A0000000040002000000000000000000A000000001100800CCCCCCCC90000000000000000000020041D4CDB390AFBA41A7457C6008FF23010400020008000200010000000C00020000000000000000000200000018000000000000001800000040004600690072006500770061006C006C004100500049002E0064006C006C002C002D0032003300350030003100000001000000000000000100000000000000CA16CCDE333F4643BE1E8FB4AE0F3D620000000000000000
{b3cdd441-af90-41ba-a745-7c6008ff2302} REG_BINARY 01100800CCCCCCCC28020000000000000000020002000000A0000000040002006801000008000200A000000001100800CCCCCCCC90000000000000000000020041D4CDB390AFBA41A7457C6008FF23020400020008000200010000000C00020000000000000000000400000018000000000000001800000040004600690072006500770061006C006C004100500049002E0064006C006C002C002D00320033003500300031000000010000000000000001000000000000003537154B49108044AAB4D1B9BDC0371000000000680100000100048C500100005C010000000000001400000002003C010900000000101800FF070F000102000000000005200000002002000000101800FF0703000102000000000005200000002C02000000102800FF070300010600000000000550000000F14110B836FC4D57A8AE0B7025210442844F113100102800FF07030001060000000000055000000049599D779156E555DCF4E20EA78BEBCA7B42135600102800F4030200010600000000000550000000443E41BB45BAA87A6CBD9268F4AD648FD5E670E900102800FF070300010600000000000550000000790978B5AFA1EDD8545E32F4FF1BC45FFDD9E04A00102800FF0703000106000000000005500000000AD8623AD9C60F181B65B5EBD66D2F8B7883395C00102800F40302000106000000000005500000006EBF1BBB45EFD2B14A3B45DB505B43270458D86B0010140050000000010100000000000100000000010100000000000513000000010100000000000513000000
{9ba30013-c84e-47e5-ac6e-1e1aed72fa69} REG_BINARY 01100800CCCCCCCC28020000000000000000020002000000A0000000040002006801000008000200A000000001100800CCCCCCCC9000000000000000000002001300A39B4EC8E547AC6E1E1AED72FA690400020008000200010000000C000200000000000000000001A0000018000000000000001800000040004600690072006500770061006C006C004100500049002E0064006C006C002C002D003200330035003200310000000100000000000000010000000000000069C9EB1BA5613247A177847A0817862A00000000680100000100048C500100005C010000000000001400000002003C010900000000101800FF070F000102000000000005200000002002000000101800FF0703000102000000000005200000002C02000000102800FF070300010600000000000550000000F14110B836FC4D57A8AE0B7025210442844F113100102800FF07030001060000000000055000000049599D779156E555DCF4E20EA78BEBCA7B42135600102800F4030200010600000000000550000000443E41BB45BAA87A6CBD9268F4AD648FD5E670E900102800FF070300010600000000000550000000790978B5AFA1EDD8545E32F4FF1BC45FFDD9E04A00102800FF0703000106000000000005500000000AD8623AD9C60F181B65B5EBD66D2F8B7883395C00102800F40302000106000000000005500000006EBF1BBB45EFD2B14A3B45DB505B43270458D86B0010140050000000010100000000000100000000010100000000000513000000010100000000000513000000



========= End of Reg: =========

EmptyTemp: => 746.6 MB temporary data Removed.


The system needed a reboot..

==== End of Fixlog 21:52:37 ====
MoinFaraz is offline  
Old 08-28-2015, 09:52 AM   #12
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again. MoinFaraz.

Please download ComboFix and Save it to your Desktop.

**Note: It is important that it is saved directly to your desktop**

* Ensure you have disabled all antivirus and antimalware programs so they do not interfere with the running of ComboFix.

Get help here

Double-click ComboFix.exe and follow the prompts to run it.

Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.

When finished, it shall produce a log for you. Please post that log, C:\ComboFix.txt, in your next reply.

Please re-enable your antivirus before posting the ComboFix.txt log.

Note: If you get an 'Illegal operation attempted on a Registry key which has been marked for deletion' error message, please open Task Manager and 'End Process' on explorer.exe

Next, go File > New Task(Run...) and type explorer then press 'Enter'.

------------------------------------------------------

Press the Windows "logo" key and "R" key then copy/paste the following entry into the Run box and press Enter:

cmd /c net start > 0 & notepad 0

A log should open. Please post the contents of the log in your next reply.

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 08-28-2015, 10:37 AM   #13
Registered Member
 
Join Date: Aug 2015
Posts: 16
OS: Windows 7



ComboFix 15-08-27.01 - Faraz 08/28/2015 22:47:00.1.4 - x64
Microsoft Windows 7 Home Basic 6.1.7601.1.1252.1.1033.18.2935.948 [GMT 5.5:30]
Running from: c:\users\Faraz\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\SysWow64\drivers\npf.sys
c:\windows\SysWow64\Temp
.
Infected copy of c:\windows\SysWow64\userinit.exe was found and disinfected
Restored copy from - c:\windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
.
.
((((((((((((((((((((((((( Files Created from 2015-07-28 to 2015-08-28 )))))))))))))))))))))))))))))))
.
.
2015-08-28 13:34 . 2015-07-31 09:21 11745192 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A51F8126-D8EE-4D5C-87E7-27E811EA5061}\mpengine.dll
2015-08-28 10:42 . 2015-08-28 10:42 -------- d-----w- c:\users\Faraz\AppData\Roaming\AVAST Software
2015-08-28 10:42 . 2015-08-28 10:42 -------- d-----w- c:\windows\system32\config\systemprofile\.oracle_jre_usage
2015-08-28 10:41 . 2015-08-28 10:40 447944 ----a-w- c:\windows\system32\drivers\aswSP.sys
2015-08-28 10:41 . 2015-08-28 10:40 274808 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2015-08-28 10:41 . 2015-08-28 10:40 150672 ----a-w- c:\windows\system32\drivers\aswStm.sys
2015-08-28 10:41 . 2015-08-28 10:40 90968 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2015-08-28 10:41 . 2015-08-28 10:40 65224 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2015-08-28 10:41 . 2015-08-28 10:40 28656 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2015-08-28 10:41 . 2015-08-28 10:40 93528 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2015-08-28 10:41 . 2015-08-28 10:41 1048344 ----a-w- c:\windows\system32\drivers\aswsnx.sys
2015-08-28 10:40 . 2015-08-28 10:40 378880 ----a-w- c:\windows\system32\aswBoot.exe
2015-08-28 10:40 . 2015-08-28 10:40 43112 ----a-w- c:\windows\avastSS.scr
2015-08-28 10:35 . 2015-08-28 10:35 -------- d-----w- c:\program files\AVAST Software
2015-08-26 17:58 . 2015-08-26 17:58 -------- d-----w- c:\programdata\Connectify
2015-08-26 14:59 . 2015-08-26 14:59 35352 ----a-w- c:\windows\system32\drivers\cnnctfy3.sys
2015-08-26 09:29 . 2015-08-26 09:29 -------- d-----w- c:\users\Faraz\AppData\Local\CrashDumps
2015-08-26 09:17 . 2015-08-26 17:58 -------- d-----w- c:\program files (x86)\Connectify
2015-08-26 08:39 . 2015-08-26 13:21 -------- d-----w- c:\program files (x86)\PdaNet for Android
2015-08-26 08:39 . 2011-11-24 19:55 15360 ----a-w- c:\windows\system32\drivers\pneteth.sys
2015-08-26 08:27 . 2015-08-26 08:27 -------- d-----w- c:\program files (x86)\Android
2015-08-26 08:26 . 2015-08-26 08:26 -------- d-----w- c:\program files (x86)\Common Files\Java
2015-08-26 08:26 . 2015-08-26 08:27 -------- d-----w- c:\users\Faraz\.oracle_jre_usage
2015-08-26 08:26 . 2015-08-26 08:25 110688 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
2015-08-26 07:43 . 2015-08-26 07:43 -------- d-----w- C:\adhoctablets
2015-08-26 07:29 . 2015-08-28 16:26 -------- d-----w- C:\FRST
2015-08-26 07:13 . 2015-08-26 07:14 -------- d-----w- C:\AdwCleaner
2015-08-25 15:35 . 2015-08-25 15:35 -------- d-----w- c:\program files\ATI Technologies
2015-08-25 15:35 . 2015-08-25 15:35 -------- d-----w- c:\program files\ATI
2015-08-25 13:03 . 2015-08-25 13:03 15992 ----a-w- c:\windows\system32\ami_ipower.sys
2015-08-23 08:44 . 2015-08-23 08:44 -------- d-----w- c:\users\Faraz\AppData\Roaming\LeapingBrain
2015-08-23 08:44 . 2015-08-23 08:44 -------- d-----w- c:\program files (x86)\LeapingBrain
2015-08-20 11:04 . 2015-08-20 11:04 -------- d-----w- c:\programdata\Malwarebytes
2015-08-19 14:08 . 2015-08-11 01:20 25191936 ----a-w- c:\windows\system32\mshtml.dll
2015-08-19 14:08 . 2015-08-11 01:14 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2015-08-19 14:08 . 2015-08-11 00:33 2724864 ----a-w- c:\windows\SysWow64\mshtml.tlb
2015-08-17 10:15 . 2015-08-17 10:15 0 ----a-w- c:\windows\system32\REN9FEA.tmp
2015-08-13 06:47 . 2015-08-13 06:47 -------- d-----w- c:\users\Faraz\Tracing
2015-08-13 06:43 . 2015-08-13 06:43 -------- d-----w- c:\users\Faraz\AppData\Local\Skype
2015-08-13 06:43 . 2015-08-27 06:56 -------- d-----w- c:\users\Faraz\AppData\Roaming\Skype
2015-08-13 06:43 . 2015-08-13 06:43 -------- d-----w- c:\program files (x86)\Common Files\Skype
2015-08-13 06:43 . 2015-08-13 06:43 -------- d-----r- c:\program files (x86)\Skype
2015-08-13 06:43 . 2015-08-13 06:43 -------- d-----w- c:\programdata\Skype
2015-08-12 13:54 . 2015-07-30 13:13 103120 ----a-w- c:\windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
2015-08-12 13:54 . 2015-07-30 13:13 124624 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-08-12 07:48 . 2015-07-10 17:51 44032 ----a-w- c:\windows\system32\tsgqec.dll
2015-08-12 07:45 . 2015-07-01 20:49 260096 ----a-w- c:\windows\system32\WebClnt.dll
2015-08-12 07:44 . 2015-05-09 18:26 493504 ----a-w- c:\windows\system32\mcupdate_GenuineIntel.dll
2015-08-04 10:21 . 2015-08-04 10:21 -------- d-----w- c:\users\Faraz\AppData\Local\ElevatedDiagnostics
2015-08-02 08:15 . 2015-08-02 08:15 -------- d-----w- c:\users\Faraz\AppData\Local\CEF
2015-08-02 08:13 . 2015-08-02 08:13 -------- d-----w- c:\program files (x86)\Common Files\Adobe
2015-08-02 08:09 . 2015-08-02 08:15 -------- d-----w- c:\users\Faraz\AppData\Local\Adobe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-07-15 17:54 . 2015-08-12 07:49 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2015-07-06 06:55 . 2015-07-06 06:55 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-07-06 06:55 . 2015-07-06 06:55 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2015-07-04 18:07 . 2015-07-15 07:38 2087424 ----a-w- c:\windows\system32\ole32.dll
2015-07-04 17:48 . 2015-07-15 07:38 1414656 ----a-w- c:\windows\SysWow64\ole32.dll
2015-06-23 08:00 . 2010-11-21 03:27 300704 ------w- c:\windows\system32\MpSigStub.exe
2015-06-17 17:47 . 2015-07-15 07:48 404992 ----a-w- c:\windows\system32\gdi32.dll
2015-06-17 17:37 . 2015-07-15 07:48 312320 ----a-w- c:\windows\SysWow64\gdi32.dll
2015-06-15 21:50 . 2015-07-15 07:37 112064 ----a-w- c:\windows\system32\consent.exe
2015-06-15 21:45 . 2015-07-15 07:37 3242496 ----a-w- c:\windows\system32\msi.dll
2015-06-15 21:45 . 2015-07-15 07:37 504320 ----a-w- c:\windows\system32\msihnd.dll
2015-06-15 21:45 . 2015-07-15 07:37 1941504 ----a-w- c:\windows\system32\authui.dll
2015-06-15 21:45 . 2015-07-15 07:37 70656 ----a-w- c:\windows\system32\appinfo.dll
2015-06-15 21:44 . 2015-07-15 07:37 128000 ----a-w- c:\windows\system32\msiexec.exe
2015-06-15 21:43 . 2015-07-15 07:37 2364416 ----a-w- c:\windows\SysWow64\msi.dll
2015-06-15 21:43 . 2015-07-15 07:37 337408 ----a-w- c:\windows\SysWow64\msihnd.dll
2015-06-15 21:43 . 2015-07-15 07:37 1805824 ----a-w- c:\windows\SysWow64\authui.dll
2015-06-15 21:42 . 2015-07-15 07:37 73216 ----a-w- c:\windows\SysWow64\msiexec.exe
2015-06-15 21:42 . 2015-07-15 07:37 25088 ----a-w- c:\windows\system32\msimsg.dll
2015-06-15 21:37 . 2015-07-15 07:37 25088 ----a-w- c:\windows\SysWow64\msimsg.dll
2015-06-02 00:07 . 2015-07-15 07:49 254976 ----a-w- c:\windows\system32\cewmdm.dll
2015-06-01 23:47 . 2015-07-15 07:49 210432 ----a-w- c:\windows\SysWow64\cewmdm.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2015-08-05 22:53 189464 ----a-w- c:\users\Faraz\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2015-08-05 22:53 189464 ----a-w- c:\users\Faraz\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt3]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
2015-08-05 22:53 189464 ----a-w- c:\users\Faraz\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt4]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
2015-08-05 22:53 189464 ----a-w- c:\users\Faraz\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt5]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2015-08-05 22:53 189464 ----a-w- c:\users\Faraz\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt6]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
2015-08-05 22:53 189464 ----a-w- c:\users\Faraz\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt7]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2015-08-05 22:53 189464 ----a-w- c:\users\Faraz\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt8]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
2015-08-05 22:53 189464 ----a-w- c:\users\Faraz\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IDMan"="c:\program files (x86)\Internet Download Manager\IDMan.exe" [2015-01-26 3890768]
"Jing"="c:\program files (x86)\TechSmith\Jing\Jing.exe" [2013-01-07 2909640]
"Dropbox Update"="c:\users\Faraz\AppData\Local\Dropbox\Update\DropboxUpdate.exe" [2015-06-16 134512]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2015-08-04 597552]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2015-08-28 6111824]
.
c:\users\Faraz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Faraz\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2015-5-5 39179912]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys;c:\windows\SYSNATIVE\Drivers\ANDROIDUSB.sys [x]
R3 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys;c:\windows\SYSNATIVE\DRIVERS\idmwfp.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 pneteth;PdaNet Broadband;c:\windows\system32\DRIVERS\pneteth.sys;c:\windows\SYSNATIVE\DRIVERS\pneteth.sys [x]
R3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\DRIVERS\ss_bbus.sys;c:\windows\SYSNATIVE\DRIVERS\ss_bbus.sys [x]
R3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\DRIVERS\ss_bmdfl.sys;c:\windows\SYSNATIVE\DRIVERS\ss_bmdfl.sys [x]
R3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\DRIVERS\ss_bmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ss_bmdm.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxNetAdp.sys [x]
R3 wampapache64;wampapache64;c:\wamp\bin\apache\apache2.4.9\bin\httpd.exe;c:\wamp\bin\apache\apache2.4.9\bin\httpd.exe [x]
R3 wampmysqld64;wampmysqld64;c:\wamp\bin\mysql\mysql5.6.17\bin\mysqld.exe wampmysqld64;c:\wamp\bin\mysql\mysql5.6.17\bin\mysqld.exe wampmysqld64 [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S1 cnnctfy3;Connectify LightWeight Filter;c:\windows\system32\DRIVERS\cnnctfy3.sys;c:\windows\SYSNATIVE\DRIVERS\cnnctfy3.sys [x]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxDrv.sys [x]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxUSBMon.sys [x]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
S2 Connectify;Connectify;c:\program files (x86)\Connectify\ConnectifyService.exe;c:\program files (x86)\Connectify\ConnectifyService.exe [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 PHYMEM;PHYMEM;c:\windows\system32\ami_ipower.sys;c:\windows\SYSNATIVE\ami_ipower.sys [x]
S3 BcmVWL;Broadcom Virtual Wireless;c:\windows\system32\DRIVERS\bcmvwl64.sys;c:\windows\SYSNATIVE\DRIVERS\bcmvwl64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys;c:\windows\SYSNATIVE\DRIVERS\Impcd.sys [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxNetFlt.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-08-22 07:28 993608 ----a-w- c:\program files (x86)\Google\Chrome\Application\44.0.2403.157\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2015-08-28 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-07-06 06:55]
.
2015-08-27 c:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-4285837406-2611494833-1162170984-1000Core.job
- c:\users\Faraz\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-16 11:09]
.
2015-08-28 c:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-4285837406-2611494833-1162170984-1000UA.job
- c:\users\Faraz\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-16 11:09]
.
2015-08-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2015-02-18 23:11]
.
2015-08-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2015-02-18 23:11]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2015-08-05 22:53 226328 ----a-w- c:\users\Faraz\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2015-08-05 22:53 226328 ----a-w- c:\users\Faraz\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt3]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
2015-08-05 22:53 226328 ----a-w- c:\users\Faraz\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt4]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
2015-08-05 22:53 226328 ----a-w- c:\users\Faraz\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt5]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2015-08-05 22:53 226328 ----a-w- c:\users\Faraz\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt6]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
2015-08-05 22:53 226328 ----a-w- c:\users\Faraz\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt7]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2015-08-05 22:53 226328 ----a-w- c:\users\Faraz\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt8]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
2015-08-05 22:53 226328 ----a-w- c:\users\Faraz\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2014-04-21 08:02 25112 ----a-w- c:\program files (x86)\Internet Download Manager\IDMShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Broadcom Wireless Manager UI"="c:\program files\Dell\DW WLAN Card\WLTRAY.exe" [2010-02-02 5712896]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-09-07 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-09-07 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-09-07 415256]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://in.yahoo.com/?fr=fp-spt_gen
mDefault_Page_URL = hxxp://in.yahoo.com/?fr=fp-spt_gen
mStart Page = hxxp://in.yahoo.com/?fr=fp-spt_gen
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Download all links with IDM - c:\program files (x86)\Internet Download Manager\IEGetAll.htm
IE: Download with IDM - c:\program files (x86)\Internet Download Manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
Trusted Zone: dell.com
TCP: DhcpNameServer = 113.193.14.16 113.193.0.148
TCP: Interfaces\{4508BC6E-B16B-4ED0-BA83-6806ED4CA745}: NameServer = 8.8.8.8,8.8.4.4
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-4285837406-2611494833-1162170984-1000_Classes\Wow6432Node\CLSID\{50356f43-4459-48ba-bea3-458af4b57fde}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:000000ab
"Therad"=dword:00000015
"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a,
1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\
.
[HKEY_USERS\S-1-5-21-4285837406-2611494833-1162170984-1000_Classes\Wow6432Node\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):54,e2,d0,87,1b,93,fd,6f,eb,47,96,69,46,f9,cf,38,e5,0b,3c,08,2e,
24,7a,c5,ab,8b,a6,aa,07,f5,95,ca,63,f9,cf,fb,27,a9,52,01,00,00,00,00,00,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Google\Update\1.3.28.1\GoogleCrashHandler.exe
c:\windows\SysWow64\perfhost.exe
c:\program files (x86)\Connectify\ConnectifyD.exe
.
**************************************************************************
.
Completion time: 2015-08-28 23:03:09 - machine was rebooted
ComboFix-quarantined-files.txt 2015-08-28 17:33
.
Pre-Run: 14,663,892,992 bytes free
Post-Run: 14,487,547,904 bytes free
.
- - End Of File - - 477A90B42203AA693689162CAC3594D2
A36C5E4F47E84449FF07ED3517B43A31


These Windows services are started:

Adaptive Brightness
Adobe Acrobat Update Service
Application Experience
Application Information
Application Layer Gateway Service
Avast Antivirus
Base Filtering Engine
CNG Key Isolation
COM+ Event System
Connectify
Cryptographic Services
DCOM Server Process Launcher
Desktop Window Manager Session Manager
DHCP Client
Diagnostic Policy Service
Diagnostic Service Host
Diagnostics Tracking Service
Distributed Link Tracking Client
DNS Client
DW WLAN Tray Service
Extensible Authentication Protocol
Function Discovery Provider Host
Function Discovery Resource Publication
Group Policy Client
HomeGroup Provider
Human Interface Device Access
IKE and AuthIP IPsec Keying Modules
Interactive Services Detection
Internet Connection Sharing (ICS)
IP Helper
Microsoft iSCSI Initiator Service
Microsoft Software Shadow Copy Provider
Multimedia Class Scheduler
Network Access Protection Agent
Network Connections
Network List Service
Network Location Awareness
Network Store Interface Service
Peer Name Resolution Protocol
Peer Networking Grouping
Peer Networking Identity Manager
Performance Counter DLL Host
Plug and Play
PnP-X IP Bus Enumerator
PNRP Machine Name Publication Service
Portable Device Enumerator Service
Power
Print Spooler
Program Compatibility Assistant Service
Remote Access Auto Connection Manager
Remote Access Connection Manager
Remote Desktop Configuration
Remote Desktop Services
Remote Procedure Call (RPC)
Remote Procedure Call (RPC) Locator
RPC Endpoint Mapper
Secondary Logon
Secure Socket Tunneling Protocol Service
Security Accounts Manager
Security Center
Server
Shell Hardware Detection
Software Protection
SSDP Discovery
Superfetch
System Event Notification Service
Task Scheduler
TCP/IP NetBIOS Helper
Telephony
Themes
UPnP Device Host
User Profile Service
Windows Audio
Windows Audio Endpoint Builder
Windows Connect Now - Config Registrar
Windows Defender
Windows Error Reporting Service
Windows Event Log
Windows Firewall
Windows Font Cache Service
Windows Management Instrumentation
Windows Media Player Network Sharing Service
Windows Modules Installer
Windows Remote Management (WS-Management)
Windows Update
WinHTTP Web Proxy Auto-Discovery Service
Wired AutoConfig
WLAN AutoConfig
Workstation
WWAN AutoConfig

The command completed successfully.
MoinFaraz is offline  
Old 08-28-2015, 12:44 PM   #14
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, MoinFaraz. It appears BFE is running now, correct?

Any remaining problems?

------------------------------------------------------

Please download Malwarebytes Anti-Malware and save it to your desktop.
  • Double-click mbam-setup-2.1.8.1057.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
    • Launch Malwarebytes Anti-Malware
    • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish
  • At the end of the installation, a database update will be performed.
  • Click on Scan Now
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Remove Selected to allow MBAM to clean what was detected.
  • In most cases, a restart will be required and a prompt will be shown.
  • Wait for the prompt to restart the computer to appear, then click on Yes
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double-click on the Scan Log which shows the Date and Time of the scan just performed.
  • Click Export
  • Click Text file (*.txt)
  • In the Save File dialog box which appears, click on Desktop.
  • In the File name: box type a name for your scan log.
  • A message box named File Saved should appear stating "Your file has been successfully exported".
  • Click Ok
  • Post that saved log in your next reply.
------------------------------------------------------

Uninstall the following via the Programs and Features Panel (Start->(Settings)->Control Panel->Programs->Programs and Features):

Java 7 Update 79
Java 8 Update 51


These are all outdated, and security risks by having them installed still. Reboot your computer once all those Java components are removed.

Leave this one as it has the latest definitions:

Java 8 Update 60 (64-bit)

Going forward, Java will overwrite existing installs, so removing older versions should not be required after this.

Go here and follow the prompts to install the latest Java > java.com: Java + You

Make sure you untick the box next to whatever free program they prompt you to install, unless you want it.
  • After the install is complete, go back to your Control Panel and click the Java icon. (looks like a coffee cup)
    • On the General tab, under Temporary Internet Files, click the Settings button.
    • Next, click on the Delete Files button.
    • There are two options checked in the window to clear the cache - Leave BOTH Checked
      • Cached Applications and Applets
      • Trace and Log Files
    • Click OK on Delete Temporary Files Window.
      Note: This deletes ALL the Downloaded Cached Applications and Applets from the CACHE
    • Click OK to leave the Temporary Files Window.
    • Click OK to leave the Java Control Panel.
------------------------------------------------------

Please run this online scan to help look for remnants. Ensure your external and/or USB drives are inserted during the scan.

In Microsoft Windows Vista/Win7, you must open the Web browser via a right-click using the Run as administrator command.

Go here and click 'Run ESET Online Scanner'.
  • If you are not using Internet Explorer, double-click esetsmartinstaller_enu.exe to install it, then click 'Run'.
  • Turn off the real-time scanner of any existing antivirus program while performing the online scan. Here's how
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • If using Internet Explorer, allow the ActiveX control to install when asked.
  • Once the components have downloaded, tick the option Enable detection of potentially unwanted applications
  • Click on Advanced Settings
  • Make sure that the option Remove found threats is unticked.
  • Ensure these options are ticked:
    • Scan Archives
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • Next to 'Current scan targets: Operating memory, Local drives', click the Change... button.
  • Tick all the boxes that correspond to your external/inserted drives.
  • Click Start
  • Wait for the scan to finish.
  • When the scan is done, if it shows a screen that says "Threats found!", click "List of found threats", and then click "Export to text file..."
  • Save that text file to your desktop, and then copy/paste the contents in your next reply.
------------------------------------------------------

Please post the following in your next reply:

MBAM log
ESET report
report on system behavior
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 09-02-2015, 11:06 AM   #15
Registered Member
 
Join Date: Aug 2015
Posts: 16
OS: Windows 7



Hi.

BFE is running now, but system somehow got dead slow. MBAM didn't find any threats.

I have uninstalled both Java updates that you have mentioned. Installed the latest by following your steps.

C:\Users\Faraz\Downloads\Programs\FileZilla_3.10.3_win64-setup.exe a variant of Win32/InstallCore.YW potentially unwanted application
C:\Users\Faraz\Downloads\Programs\PowerISO6-x64.exe a variant of Win32/OpenCandy.C potentially unsafe application
C:\Users\Faraz\Downloads\Programs\uTorrent.exe a variant of Win32/OpenCandy.C potentially unsafe application
MoinFaraz is offline  
Old 09-02-2015, 12:52 PM   #16
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, MoinFaraz. Some users complain of slowness after a cleaning. It should improve. Does rebooting help?

Open Notepad and copy/paste the entire contents of the codebox below into Notepad:

Code:
@echo off
if exist "%temp%\log.txt" del "%temp%\log.txt"

for %%g in (

"C:\Users\Faraz\Downloads\Programs\FileZilla_3.10.3_win64-setup.exe"
"C:\Users\Faraz\Downloads\Programs\PowerISO6-x64.exe"
"C:\Users\Faraz\Downloads\Programs\uTorrent.exe"

) do (
del /a/f/q %%g >nul 2>&1
if exist %%g echo.%%~g>>"%temp%\log.txt"
)


if exist "%temp%\log.txt" ( start notepad "%temp%\log.txt"
) else echo.Deleted Successfully !!

pause
del %0
Save this Notepad file as fix.bat and choose to Save as type: - All Files then close the Notepad file.
It should look like this:

Right-click on fix.bat and choose 'Run as administrator' to allow it to run.

Tell me what it says in your next reply. Press any key to continue.

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 09-02-2015, 11:39 PM   #17
Registered Member
 
Join Date: Aug 2015
Posts: 16
OS: Windows 7



It says "Deleted Successfully !!" I will reboot and see if that works.
MoinFaraz is offline  
Old 09-04-2015, 06:10 AM   #18
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Let me know.
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 09-09-2015, 05:08 AM   #19
Registered Member
 
Join Date: Aug 2015
Posts: 16
OS: Windows 7



Quote:
Originally Posted by chemist View Post
Let me know.
It looks like I am all set. appreciate your help and effort.
MoinFaraz is offline  
Old 09-09-2015, 10:09 AM   #20
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, MoinFaraz. You're very welcome.

------------------------------------------------------

Congratulations. Well done! Your logs appear clean. You should be good to go.

Please disable avast! before uninstalling ComboFix and then re-enable it after doing so.

Press the Windows "logo" key and "R" key and Copy/Paste the following single-line command into the Run box and click OK:

combofix /uninstall

This will uninstall ComboFix and delete ComboFix's quarantine folder. It will also implement some cleanup procedures, remove old System Restore Points which contain previous infections, and create a fresh, clean System Restore Point.

Please re-enable your antivirus program and any other antispyware programs disabled earlier if you haven't already.
  • Run AdwCleaner and select Uninstall
  • Confirm by clicking Yes
------------------------------------------------------

Press the Windows "logo" key and "R" key then copy/paste the following single-line command into the Run box and click OK:

cmd /c rd /s /q "C:\FRST"

A DOS window will open and close again, this is normal.

------------------------------------------------------

You can safely delete any tools downloaded or any logs, files, and any shortcuts on your desktop that were created during this fix.

Keep MBAM, update and run a Quick Scan weekly.

Empty your Recycle Bin if it does not do so automatically.

------------------------------------------------------

MICROSOFT UPDATES
It is very important that you get all of the critical updates for your Operating System and Internet Explorer. Keeping your OS and browser up to date will help make you less susceptible to attacks by Trojans and viruses. Please go to Microsoft and download all the critical updates to help prevent possible re-infection.

------------------------------------------------------

Make sure you backup your system, so possible reformatting in the future isn't necessary:

Support - Windows Help

------------------------------------------------------

SPYWARE PREVENTION
In light of your recent problem, I'm sure you'd like to avoid any future infections. Please read this well written article: To help protect your computer in the future I recommend that you get the following free programs if you do not already have them:
  • WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware, or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
    • Green to go
    • Yellow for caution
    • Red to stop
    WOT has an add-on available for IE, Firefox, and Chrome.
  • MVPS HOSTS FILE replaces your current HOSTS file with one that will restrict known ad sites from serving you unsolicited advertisements. It basically prevents your computer from connecting to those sites by redirecting them to 127.0.0.1, which is the IP of your local computer. See guide here and for Windows 7 here
Keep your antivirus program and antispyware programs updated and scan with them on a regular basis.

Please respond to this thread one more time so we can mark this thread as resolved.
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
 

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Similar Threads
Thread Thread Starter Forum Replies Last Post
stuck in safe mode
ok I was told to run dds and gmer rootkit detector and post the results here. (I think). DDS (Ver_2012-11-20.01) - NTFS_x86 NETWORK Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.21.2 Run by HP_Administrator at 21:13:36 on 2014-05-16 Microsoft Windows XP Professional ...
sheriredding Virus/Trojan/Spyware Help 107 09-17-2014 07:06 AM
Internet won't work after combo fix
Hi, had a google redirect virus. ran multiple malware programs, antimalware bytes, spybot, and a few cleaners but no success. ran combo fix and now I don't have internet. here is log file ComboFix 12-04-24.05 - Amanda 04/24/2012 23:44:10.1.4 - x86 Microsoft Windows 7 Home Premium ...
jenningsfamily Resolved HJT Threads 52 05-17-2012 08:38 AM
blue screen, laptop shuts down in safe mode help
Hello, For the last few days my computer shuts down in safe mode every time i wanna do a scan, i disabled reboot and blue screen appeared with message STOP-0x0000008E(0XC0000005,0X8054B0BA,0XEDF2B754,0X00000000) first time then second time this message pxtdrpow.sys , ...
armoni75 Virus/Trojan/Spyware Help 1 01-27-2012 10:44 AM
I can't access Facebook Part II
Ok, I read the instructions and am reposting with the requested information. To recap, I was a victim of the youtube/facebook trojan and while I have finally gotten all malware removed and restored all other functions on my computer, I cannot access Facebook no matter what I try. I have changed the...
manwtalent Virus/Trojan/Spyware Help 8 09-10-2011 05:53 PM

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2
Powered by vBadvanced CMPS v3.2.3


All times are GMT -7. The time now is 08:15 PM.


Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2020, vBulletin Solutions, Inc.
vBulletin Security provided by vBSecurity v2.2.2 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
User Alert System provided by Advanced User Tagging v3.1.0 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
Copyright 2001 - 2018, Tech Support Forum

Windows 10 - Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts