Page 1 of 2 12 Last
  1. #1

    Join Date
    Jun 2015
    Location
    Kerala, India
    Posts
    27
    • specs System Specs
      • Manufacturer:
        Lenovo
      • Model Number:
        Y50 FHD
      • CPU:
        Intel i7 i7-4710 @2.50 GHz
      • Memory:
        DDR3 8Gb
      • Graphics:
        Nvidia GTX 860M
      • Sound Card:
        Realtek
      • Hard Drives:
        1 Tb
      • Disk Drives:
        N/A
      • Power Supply:
        N/A
      • Case:
        N/A
      • Cooling:
        Inbuilt fans
      • Display:
        LCD 1920 X 1080
      • Operating System:
        Windows 10

    Exclamation URGENT! Help malware attack cant RUN almost all of the softwares

    My constant pestering with my usb dongle and to somehow do port-forwarding led me to a certain software which i blindly installed and ran. By my guesses it messed with my registry values. After a restart I sensed something wrong my net connection dropped down and the dongle was not getting detected anymore, as usual I ran Anti-Malware by malware bytes. Thats when I noticed how bad the infection was. The software refused to open even when in admin mode. Tried many other software and still the same result it wont run. Even FRST wont run.

    Unfortunately I forgot the name of the software I used and while in panic mode used JRT to clean my pc of junkware and the log file showed deletion of a certain file. Sadly though I over wrote the file by constantly running the software whenever I restarted. The only thing it solved was that it stopped the opening up of a certain website as soon as I signed into my pc. Guessing that's an adware.

    Since I couldn't run FRST i wont be able to post the log for it but i did manage to run Security check and here is the log for it.

    Results of screen317's Security Check version 1.008
    x64 (UAC is enabled)
    Internet Explorer 11
    ``````````````Antivirus/Firewall Check:``````````````
    Windows Firewall Enabled!
    Windows Defender
    WMI entry may not exist for antivirus; attempting automatic update.
    `````````Anti-malware/Other Utilities Check:`````````
    Java version 32-bit out of Date!
    Adobe Flash Player 18.0.0.232
    Mozilla Firefox 39.0.3 Firefox out of Date!
    Google Chrome (45.0.2454.85)
    Google Chrome (45.0.2454.93)
    ````````Process Check: objlist.exe by Laurent````````
    Windows Defender MSMpEng.exe
    Windows Defender MpCmdRun.exe
    `````````````````System Health check`````````````````
    Total Fragmentation on Drive C: %
    ````````````````````End of Log``````````````````````



    Hoping there is a way to fix this

    Thanks
    DONKILLER


    • Ad Bot

      advertising
      Beep.

        
       

  2. #2
    Corrine's Avatar
    Join Date
    Feb 2012
    Location
    Upstate, NY
    Posts
    8,481

    Re: URGENT! Help malware attack cant RUN almost all of the softwares

    Hi, DONKILLER.

    Am I correct in understanding that your post in your other topic was only in reference to the one issue and not the problem you are having now?

    Quote Originally Posted by DONKILLER View Post
    The issue regarding the file has been solved Following the steps helped.
    Thanks
    Donkiller
    Please download rkill from one of the following links and save to your Desktop:

    One, Two,Three or Four
    • Right-click rkill and run as administrator.
    • A command window will open then disappear upon completion, this is normal.
    • Please leave rkill on the Desktop until otherwise advised.
    • Do NOT restart your computer after running rkill as the malware program(s) will start again.


    Notes:

    If you receive security warnings about rkill, please ignore and allow the download to continue.

    Now see if you can run FRST. There will be a brief "pause" while the tool updates. After receiving the notice that the update is complete, please also check the box for Addition.txt.


    Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

    Remember - A day without laughter is a day wasted.
    May the wind sing to you and the sun rise in your heart.

  3. #3

    Join Date
    Jun 2015
    Location
    Kerala, India
    Posts
    27
    • specs System Specs
      • Manufacturer:
        Lenovo
      • Model Number:
        Y50 FHD
      • CPU:
        Intel i7 i7-4710 @2.50 GHz
      • Memory:
        DDR3 8Gb
      • Graphics:
        Nvidia GTX 860M
      • Sound Card:
        Realtek
      • Hard Drives:
        1 Tb
      • Disk Drives:
        N/A
      • Power Supply:
        N/A
      • Case:
        N/A
      • Cooling:
        Inbuilt fans
      • Display:
        LCD 1920 X 1080
      • Operating System:
        Windows 10

    Re: URGENT! Help malware attack cant RUN almost all of the softwares

    Yes the issue in that topic was solved. This issue is not related to it.

    I have run rkill on my pc and then tried to run FRST but its of no use I still cant get the program started.

    I am posting the log file of rkill below

    Rkill 2.8.2 by Lawrence Abrams (Grinler)
    Bleeping Computer - Technical Support and Computer Help
    Copyright 2008-2015 BleepingComputer.com
    More Information about Rkill can be found at this link:
    RKill - What it does and What it Doesn't - A brief introduction to the program - Anti-Virus and Anti-Malware Software

    Program started at: 09/19/2015 01:50:16 PM in x64 mode.
    Windows Version: Windows 10 Home Single Language

    Checking for Windows services to stop:

    * No malware services found to stop.

    Checking for processes to terminate:

    * No malware processes found to kill.

    Checking Registry for malware related settings:

    * hijackthis.exe debugger. [IFEO Debugger Deleted]
    * mbam.exe debugger. [IFEO Debugger Deleted]
    * regedit.exe debugger. [IFEO Debugger Deleted]

    Backup Registry file created at:
    C:\Users\ArunPc\Desktop\rkill\rkill-09-19-2015-01-50-26.reg

    Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

    Performing miscellaneous checks:

    * No issues found.

    Checking Windows Service Integrity:

    * HdAudAddService [Missing Service]
    * AppMgmt [Missing Service]
    * CSC [Missing Service]
    * CscService [Missing Service]
    * PeerDistSvc [Missing Service]

    Searching for Missing Digital Signatures:

    * No issues found.

    Checking HOSTS File:

    * Cannot edit the HOSTS file.
    * Permissions Fixed. Administrators can now edit the HOSTS file.

    * HOSTS file entries found:

    127.0.0.1 skipthislinenow.com
    128.199.121.125 onhax.net
    128.199.121.125 www.onhax.net
    128.199.121.125 forum.onhax.net
    128.199.121.125 sanet.me
    128.199.121.125 do2dear.net
    128.199.121.125 fullsoft24u.net
    128.199.121.125 p30world.com
    128.199.121.125 brarstuff.com
    128.199.121.125 rsload.net
    128.199.121.125 cloudanna.com
    128.199.121.125 keyscity.net
    128.199.121.125 piratecity.net
    128.199.121.125 www.idm-crack-patch.com
    128.199.121.125 www.fullstuff.net
    127.0.0.1 secure.registeridm.com
    127.0.0.1 mirror.InternetDownloadManager.com
    127.0.0.1 mirror2.InternetDownloadManager.com
    127.0.0.1 secure.InternetDownloadManager.com
    127.0.0.1 www.InternetDownloadManager.com

    20 out of 24 HOSTS entries shown.
    Please review HOSTS file for further entries.

    Program finished at: 09/19/2015 01:51:52 PM
    Execution time: 0 hours(s), 1 minute(s), and 36 seconds(s)

    Thanks
    DONKILLER

  4. #4
    Corrine's Avatar
    Join Date
    Feb 2012
    Location
    Upstate, NY
    Posts
    8,481

    Re: URGENT! Help malware attack cant RUN almost all of the softwares

    Please download MGADiag and save it to your desktop.
    • Double-click the icon on your desktop.
    • Click Continue to product the report.
    • Click Copy (Ignore any error messages at this point)
    • Copy and paste that log here.


    Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

    Remember - A day without laughter is a day wasted.
    May the wind sing to you and the sun rise in your heart.

  5. #5

    Join Date
    Jun 2015
    Location
    Kerala, India
    Posts
    27
    • specs System Specs
      • Manufacturer:
        Lenovo
      • Model Number:
        Y50 FHD
      • CPU:
        Intel i7 i7-4710 @2.50 GHz
      • Memory:
        DDR3 8Gb
      • Graphics:
        Nvidia GTX 860M
      • Sound Card:
        Realtek
      • Hard Drives:
        1 Tb
      • Disk Drives:
        N/A
      • Power Supply:
        N/A
      • Case:
        N/A
      • Cooling:
        Inbuilt fans
      • Display:
        LCD 1920 X 1080
      • Operating System:
        Windows 10

    Re: URGENT! Help malware attack cant RUN almost all of the softwares

    I have pasted below the diagnostics log


    Diagnostic Report (1.9.0027.0):
    -----------------------------------------
    Windows Validation Data-->
    Validation Status: Validation unsupported OS
    Validation Code: 6
    Cached Online Validation Code: N/A, hr = 0xc004f012
    Windows Product Key: *****-*****-PGBYW-4YWX6-6F4BT
    Windows Product Key Hash: wB5vSiRlR3bfpPcZeV/82p4b4GY=
    Windows Product ID: 00327-60000-00000-AA352
    Windows Product ID Type: 0
    Windows License Type: Unknown
    Windows OS version: N/A, hr=0x8007007a
    ID: {9B8A6C42-2549-4594-9948-87F9E343A163}(1)
    Is Admin: Yes
    TestCab: 0x0
    LegitcheckControl ActiveX: N/A, hr = 0x80070002
    Signed By: N/A, hr = 0x80070002
    Product Name: Windows 10 Home Single Language
    Architecture: 0x00000009
    Build lab: 10240.th1.150819-1946
    TTS Error:
    Validation Diagnostic:
    Resolution Status: N/A

    Vista WgaER Data-->
    ThreatID(s): N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002

    Windows XP Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    File Exists: No
    Version: N/A, hr = 0x80070002
    WgaTray.exe Signed By: N/A, hr = 0x80070002
    WgaLogon.dll Signed By: N/A, hr = 0x80070002

    OGA Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002
    OGAExec.exe Signed By: N/A, hr = 0x80070002
    OGAAddin.dll Signed By: N/A, hr = 0x80070002

    OGA Data-->
    Office Status: 111 Unsupported OS
    OGA Version: N/A, 0x80070002
    Signed By: N/A, hr = 0x80070002
    Office Diagnostics:

    Browser Data-->
    Proxy settings: N/A
    User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
    Default Browser: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    Download signed ActiveX controls: Prompt
    Download unsigned ActiveX controls: Disabled
    Run ActiveX controls and plug-ins: Allowed
    Initialize and script ActiveX controls not marked as safe: Disabled
    Allow scripting of Internet Explorer Webbrowser control: Disabled
    Active scripting: Allowed
    Script ActiveX controls marked as safe for scripting: Allowed

    File Scan Data-->
    File Mismatch: C:\WINDOWS\system32\licdll.dll[Hr = 0x80070002]
    File Mismatch: C:\WINDOWS\system32\oembios.bin[Hr = 0x80070002]
    File Mismatch: C:\WINDOWS\system32\oembios.dat[Hr = 0x80070002]
    File Mismatch: C:\WINDOWS\system32\oembios.sig[Hr = 0x80070002]

    Other data-->
    Office Details: <GenuineResults><MachineData><UGUID>{9B8A6C42-2549-4594-9948-87F9E343A163}</UGUID><Version>1.9.0027.0</Version><Architecture>x64</Architecture><PKey>*****-*****-*****-*****-6F4BT</PKey><PID>00327-60000-00000-AA352</PID><PIDType>0</PIDType><SID>S-1-5-21-3533856717-1996590830-672907801</SID><SYSTEM><Manufacturer>LENOVO</Manufacturer><Model>20378</Model></SYSTEM><BIOS><Manufacturer>LENOVO</Manufacturer><Version>9ECN31WW(V1.14)</Version><SMBIOSVersion major="2" minor="7"/><Date>20140818000000.000000+000</Date></BIOS><HWID>AA2F3A07018400F4</HWID><UserLCID>4009</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>China Standard Time(GMT+08:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM/><GANotification/></MachineData><Software><Office><Result>111</Result><Products/><Applications><App Id="01" Version="10" Result="32"/><App Id="02" Version="10" Result="17301892"/><App Id="03" Version="10" Result="33554431"/><App Id="04" Version="10" Result="13438944"/><App Id="05" Version="10" Result="17301864"/><App Id="06" Version="10" Result="13434880"/><App Id="07" Version="10" Result="3"/><App Id="08" Version="10" Result="14212332"/><App Id="09" Version="10" Result="2009652136"/><App Id="0A" Version="10" Result="72"/><App Id="0C" Version="10" Result="14213088"/><App Id="0E" Version="10" Result="34078782"/><App Id="0F" Version="10" Result="14212448"/><App Id="10" Version="10" Result="80"/><App Id="12" Version="10" Result="2"/><App Id="14" Version="10" Result="10"/><App Id="16" Version="10" Result="17302704"/><App Id="17" Version="10" Result="14212348"/><App Id="18" Version="10" Result="2009651896"/><App Id="19" Version="10" Result="14213088"/><App Id="1A" Version="10" Result="62"/><App Id="1B" Version="10" Result="14212976"/><App Id="1C" Version="10" Result="2009640108"/><App Id="1D" Version="10" Result="17302712"/><App Id="1E" Version="10" Result="14212448"/><App Id="1F" Version="10" Result="62"/><App Id="20" Version="10" Result="14213872"/><App Id="21" Version="10" Result="17404432"/><App Id="22" Version="10" Result="2009640243"/><App Id="24" Version="10" Result="14212448"/><App Id="25" Version="10" Result="2009414740"/><App Id="26" Version="10" Result="65536"/><App Id="28" Version="10" Result="34078782"/><App Id="29" Version="10" Result="14212448"/><App Id="2A" Version="10" Result="14155838"/><App Id="2B" Version="10" Result="8"/><App Id="2D" Version="10" Result="17302712"/><App Id="30" Version="10" Result="14212468"/><App Id="31" Version="10" Result="2009850261"/><App Id="32" Version="10" Result="14212556"/><App Id="33" Version="10" Result="14289752"/><App Id="34" Version="10" Result="14212680"/><App Id="35" Version="10" Result="14289728"/><App Id="36" Version="10" Result="14289684"/><App Id="37" Version="10" Result="14289728"/><App Id="39" Version="10" Result="14212584"/><App Id="3A" Version="10" Result="14212508"/><App Id="3B" Version="10" Result="2009850206"/><App Id="3C" Version="10" Result="14212572"/><App Id="3D" Version="10" Result="14221564"/><App Id="3E" Version="10" Result="9"/><App Id="3F" Version="10" Result="14221312"/><App Id="40" Version="10" Result="14227356"/><App Id="42" Version="10" Result="2009637682"/><App Id="43" Version="10" Result="14212596"/><App Id="44" Version="10" Result="14212744"/><App Id="45" Version="10" Result="1952"/><App Id="46" Version="10" Result="14221313"/><App Id="47" Version="10" Result="9"/><App Id="48" Version="10" Result="16"/><App Id="49" Version="10" Result="14229148"/><App Id="4A" Version="10" Result="14229236"/><App Id="4B" Version="10" Result="14212828"/><App Id="4D" Version="10" Result="14212680"/><App Id="4E" Version="10" Result="16899620"/><App Id="4F" Version="10" Result="-194488364"/><App Id="50" Version="10" Result="380"/><App Id="52" Version="10" Result="236"/><App Id="53" Version="10" Result="2"/><App Id="55" Version="10" Result="541974525"/><App Id="56" Version="10" Result="14212700"/><App Id="57" Version="10" Result="2009636172"/><App Id="58" Version="10" Result="14212828"/><App Id="59" Version="10" Result="14212744"/><App Id="5A" Version="10" Result="14212688"/><App Id="5B" Version="10" Result="14212680"/><App Id="5C" Version="10" Result="2009636562"/><App Id="5E" Version="10" Result="14213044"/><App Id="5F" Version="10" Result="14212928"/><App Id="60" Version="10" Result="2009636298"/><App Id="65" Version="10" Result="1952"/><App Id="66" Version="10" Result="14227356"/><App Id="67" Version="10" Result="2144399360"/><App Id="68" Version="10" Result="24"/><App Id="69" Version="10" Result="3"/><App Id="6B" Version="10" Result="2"/><App Id="6C" Version="10" Result="3"/><App Id="6D" Version="10" Result="2"/><App Id="6E" Version="10" Result="-194488364"/><App Id="6F" Version="10" Result="2144387072"/><App Id="70" Version="10" Result="1"/><App Id="71" Version="10" Result="541973505"/><App Id="73" Version="10" Result="14212892"/><App Id="74" Version="10" Result="2009634959"/><App Id="75" Version="10" Result="3"/><App Id="77" Version="10" Result="2"/><App Id="78" Version="10" Result="14212828"/><App Id="79" Version="10" Result="14212744"/><App Id="7A" Version="10" Result="14213384"/><App Id="7C" Version="10" Result="2009635056"/><App Id="7E" Version="10" Result="64"/><App Id="8E" Version="10" Result="14212980"/><App Id="90" Version="10" Result="14212976"/><App Id="93" Version="10" Result="1310738"/><App Id="94" Version="10" Result="17420832"/><App Id="97" Version="10" Result="2"/><App Id="9A" Version="10" Result="131072"/><App Id="9B" Version="10" Result="14212880"/><App Id="9C" Version="10" Result="14212880"/><App Id="9D" Version="10" Result="14212880"/><App Id="9E" Version="10" Result="2"/><App Id="9F" Version="10" Result="2"/><App Id="A1" Version="10" Result="541973769"/><App Id="A2" Version="10" Result="14213260"/><App Id="A3" Version="10" Result="14213384"/><App Id="A4" Version="10" Result="2009638797"/><App Id="A5" Version="10" Result="14213044"/><App Id="A7" Version="10" Result="44"/><App Id="A8" Version="10" Result="14214440"/><App Id="A9" Version="10" Result="17420832"/><App Id="AA" Version="10" Result="2009638911"/><App Id="AB" Version="10" Result="360"/><App Id="AC" Version="10" Result="1310738"/><App Id="AD" Version="10" Result="17420832"/><App Id="B0" Version="10" Result="17170432"/><App Id="B5" Version="10" Result="5"/><App Id="B9" Version="10" Result="10"/><App Id="BA" Version="10" Result="8388608"/><App Id="BB" Version="10" Result="14213120"/><App Id="BC" Version="10" Result="2009908794"/><App Id="BD" Version="10" Result="17170432"/><App Id="BE" Version="10" Result="14213872"/><App Id="BF" Version="10" Result="-1073741809"/><App Id="C0" Version="10" Result="541973929"/><App Id="C1" Version="10" Result="14213872"/><App Id="C2" Version="10" Result="2097152"/><App Id="C3" Version="10" Result="14213088"/><App Id="C4" Version="10" Result="14213088"/><App Id="C5" Version="10" Result="14213088"/><App Id="C6" Version="10" Result="32"/><App Id="C7" Version="10" Result="32"/><App Id="C8" Version="10" Result="2009861440"/><App Id="D4" Version="10" Result="3145728"/><App Id="D5" Version="10" Result="17302704"/><App Id="D6" Version="10" Result="696"/><App Id="D7" Version="10" Result="1441814"/><App Id="D8" Version="10" Result="17302752"/><App Id="D9" Version="10" Result="17302704"/><App Id="DA" Version="10" Result="4"/><App Id="DB" Version="10" Result="4194366"/><App Id="DC" Version="10" Result="17404432"/><App Id="DD" Version="10" Result="14213872"/><App Id="E3" Version="10" Result="1"/><App Id="E4" Version="10" Result="24"/><App Id="E6" Version="10" Result="14213088"/><App Id="E7" Version="10" Result="64"/><App Id="F2" Version="10" Result="1"/><App Id="F4" Version="10" Result="14227356"/><App Id="F5" Version="10" Result="14214820"/><App Id="F6" Version="10" Result="14214448"/><App Id="F7" Version="10" Result="14214676"/><App Id="F8" Version="10" Result="14214404"/><App Id="FA" Version="10" Result="541975229"/><App Id="FB" Version="10" Result="14213984"/><App Id="FC" Version="10" Result="14214008"/><App Id="00" Version="11" Result="14213240"/><App

    Spsys.log Content: 0x80070002

    Licensing Data-->
    N/A, hr = 0x80070424

    Windows Activation Technologies-->
    N/A

    HWID Data-->
    HWID Hash Current: NgAAAAEAAQABAAIAAQABAAAABQABAAEAln1O83cWHP0ooqq3kkcQAv5YKIRiQXzxrYGw+Mj2

    OEM Activation 1.0 Data-->
    N/A

    OEM Activation 2.0 Data-->
    BIOS valid for OA 2.0: yes, but no SLIC table
    Windows marker version: N/A
    OEMID and OEMTableID Consistent: N/A
    BIOS Information:
    ACPI Table Name OEMID Value OEMTableID Value
    DBGP LENOVO CB-01
    MCFG LENOVO CB-01
    FACP LENOVO CB-01
    APIC LENOVO CB-01
    BOOT LENOVO CB-01
    DMAR LENOVO CB-01
    HPET LENOVO CB-01
    FPDT LENOVO CB-01
    UEFI LENOVO CB-01
    MSDM LENOVO CB-01
    ASF! LENOVO CB-01
    SSDT LENOVO CB-01
    LPIT LENOVO CB-01
    ASPT LENOVO CB-01
    SSDT LENOVO CB-01
    SSDT LENOVO CB-01
    SSDT LENOVO CB-01
    SSDT LENOVO CB-01
    BGRT LENOVO CB-01

  6. #6
    Corrine's Avatar
    Join Date
    Feb 2012
    Location
    Upstate, NY
    Posts
    8,481

    Re: URGENT! Help malware attack cant RUN almost all of the softwares

    I forgot from your other thread that this is Windows 8.1.

    See if you an run FRST from Safe Mode.


    Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

    Remember - A day without laughter is a day wasted.
    May the wind sing to you and the sun rise in your heart.

  7. #7

    Join Date
    Jun 2015
    Location
    Kerala, India
    Posts
    27
    • specs System Specs
      • Manufacturer:
        Lenovo
      • Model Number:
        Y50 FHD
      • CPU:
        Intel i7 i7-4710 @2.50 GHz
      • Memory:
        DDR3 8Gb
      • Graphics:
        Nvidia GTX 860M
      • Sound Card:
        Realtek
      • Hard Drives:
        1 Tb
      • Disk Drives:
        N/A
      • Power Supply:
        N/A
      • Case:
        N/A
      • Cooling:
        Inbuilt fans
      • Display:
        LCD 1920 X 1080
      • Operating System:
        Windows 10

    Re: URGENT! Help malware attack cant RUN almost all of the softwares

    That was before I have upgraded from 8.1 to 10

  8. #8
    Corrine's Avatar
    Join Date
    Feb 2012
    Location
    Upstate, NY
    Posts
    8,481

    Re: URGENT! Help malware attack cant RUN almost all of the softwares

    I forgot your other thread is Windows 8.1. Are you saying between the other thread and the problem you're having now that you upgraded from Windows 8.1 to Windows 10?

    See if you an run FRST from Safe Mode.


    Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

    Remember - A day without laughter is a day wasted.
    May the wind sing to you and the sun rise in your heart.

  9. #9

    Join Date
    Jun 2015
    Location
    Kerala, India
    Posts
    27
    • specs System Specs
      • Manufacturer:
        Lenovo
      • Model Number:
        Y50 FHD
      • CPU:
        Intel i7 i7-4710 @2.50 GHz
      • Memory:
        DDR3 8Gb
      • Graphics:
        Nvidia GTX 860M
      • Sound Card:
        Realtek
      • Hard Drives:
        1 Tb
      • Disk Drives:
        N/A
      • Power Supply:
        N/A
      • Case:
        N/A
      • Cooling:
        Inbuilt fans
      • Display:
        LCD 1920 X 1080
      • Operating System:
        Windows 10

    Re: URGENT! Help malware attack cant RUN almost all of the softwares

    YEAH well once the other problem was solved I had upgraded to Windows 10 and never mind the date on the other thread I had just forgot to reply to it.
    I tried to run it on safe mode and it didnt work
    I have noticed that whenever i boot up there is this window that pops up really fast, a black one must be CMD. This quickly closes down. Hope thats helpful

  10. #10
    Corrine's Avatar
    Join Date
    Feb 2012
    Location
    Upstate, NY
    Posts
    8,481

    Re: URGENT! Help malware attack cant RUN almost all of the softwares

    Sorry, no, it doesn't help. Without logs I cannot research what malware is on the computer. That said, the reason I asked you to run MGADiag was because of the entries in the HOSTS file when you ran RKill. Going back to the log you posted before the upgrade, this is what the HOSTS file had -- the standard HOSTS file:

    2013-08-22 18:55 - 2013-08-22 18:55 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts
    However, the logs from RKill shows many links in the HOSTS file to hacking/piracy sites. Please follow the instructions at How can I reset the Hosts file back to the default? to reset the HOSTS file.

    If after that, you still can't scan with FRST, see if you can get Malwarebytes to run using Chameleon: What should I do if Malwarebytes Anti-Malware won't open because of an infection? and post the resultant log.


    Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

    Remember - A day without laughter is a day wasted.
    May the wind sing to you and the sun rise in your heart.

  11. #11

    Join Date
    Jun 2015
    Location
    Kerala, India
    Posts
    27
    • specs System Specs
      • Manufacturer:
        Lenovo
      • Model Number:
        Y50 FHD
      • CPU:
        Intel i7 i7-4710 @2.50 GHz
      • Memory:
        DDR3 8Gb
      • Graphics:
        Nvidia GTX 860M
      • Sound Card:
        Realtek
      • Hard Drives:
        1 Tb
      • Disk Drives:
        N/A
      • Power Supply:
        N/A
      • Case:
        N/A
      • Cooling:
        Inbuilt fans
      • Display:
        LCD 1920 X 1080
      • Operating System:
        Windows 10

    Re: URGENT! Help malware attack cant RUN almost all of the softwares


    OH Finally did it after resetting the host files everything seems to work I got anti malware to run and then FRST too. Here are the logs

    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:15-09-2015
    Ran by ArunPc (administrator) on ARUN (20-09-2015 11:54:02)
    Running from C:\Users\ArunPc\Downloads\Programs
    Loaded Profiles: ArunPc (Available Profiles: ArunPc)
    Platform: Windows 10 Home Single Language (X64) Language: English (United States)
    Internet Explorer Version 11 (Default browser: FF)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Geeks to Go Forum

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
    (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
    (Intel Corporation) C:\Windows\System32\igfxCUIService.exe
    (Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
    (Nitro PDF Software) C:\Program Files\Common Files\Nitro\Pro\9.0\NitroPDFDriverService9x64.exe
    (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
    () C:\Program Files (x86)\Mblaze_Mylink\FI_Eject.exe
    (LENOVO INCORPORATED.) C:\Program Files\Lenovo\iMController\SystemAgentService.exe
    (Lenovo(beijing) Limited) C:\Windows\System32\LenovoWiFiHotspotSvr.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
    (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
    (Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
    (Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
    () C:\Program Files\CyberLink\Shared files\RichVideo64.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
    (Microsoft Corporation) C:\Windows\System32\alg.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
    (Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
    (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
    (Intel Corporation) C:\Windows\System32\igfxEM.exe
    (Intel Corporation) C:\Windows\System32\igfxHK.exe
    (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
    (NVIDIA Corporation) C:\Users\ArunPc\AppData\Local\NVIDIA\NvBackend\ApplicationOntology\NvOAWrapperCache.exe
    (Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe
    (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (Realtek semiconductor) C:\Windows\RTFTrack.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
    () C:\Program Files\Realtek\Audio\HDA\FMAPP.exe
    (Flux Software LLC) C:\Users\ArunPc\AppData\Local\FluxSoftware\Flux\flux.exe
    (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
    (Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.10240.16464_none_116100d161f6ab1d\TiWorker.exe
    () C:\Program Files\Lenovo\iMController\AutoUpdate.exe


    ==================== Registry (Whitelisted) ===========================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [RtsFT] => C:\windows\RTFTrack.exe [5060864 2015-06-16] (Realtek semiconductor)
    HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13885696 2015-06-24] (Realtek Semiconductor)
    HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1402624 2015-06-24] (Realtek Semiconductor)
    HKLM\...\Run: [RtHDVBg_LENOVO_DOLBYDRAGON] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1402624 2015-06-24] (Realtek Semiconductor)
    HKLM\...\Run: [RtHDVBg_LENOVO_MICPKEY] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1402624 2015-06-24] (Realtek Semiconductor)
    HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2634872 2015-08-27] (NVIDIA Corporation)
    HKLM\...\Run: [ShadowPlay] => C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
    HKLM\...\Run: [OnekeyStudio] => C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe [4196432 2012-09-15] (Lenovo)
    HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
    HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
    HKLM-x32\...\Run: [UpdateP2GShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [214312 2011-12-07] (CyberLink Corp.)
    HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [41360 2015-06-27] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [840592 2015-06-27] (Adobe Systems Inc.)
    HKLM-x32\...\Run: [] => [X]
    HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [597552 2015-08-04] (Oracle Corporation)
    HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
    HKLM\...\Policies\Explorer: [NoFolderOptions] 0
    HKLM\...\Policies\Explorer: [NoControlPanel] 0
    HKU\S-1-5-21-3533856717-1996590830-672907801-1001\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3672640 2013-03-14] (Disc Soft Ltd)
    HKU\S-1-5-21-3533856717-1996590830-672907801-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2899136 2015-08-20] (Valve Corporation)
    HKU\S-1-5-21-3533856717-1996590830-672907801-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [31344744 2015-02-26] (Skype Technologies S.A.)
    HKU\S-1-5-21-3533856717-1996590830-672907801-1001\...\Run: [Web Freer] => C:\Program Files (x86)\WebFreer\webfreer.exe [973824 2014-04-02] (Appaxy Inc.)
    HKU\S-1-5-21-3533856717-1996590830-672907801-1001\...\Run: [Messenger (Yahoo!)] => C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe [6595928 2012-05-25] (Yahoo! Inc.)
    HKU\S-1-5-21-3533856717-1996590830-672907801-1001\...\Run: [Internet Download Accelerator] => C:\Program Files (x86)\IDA\ida.exe [5710736 2015-06-26] (WestByte)
    HKU\S-1-5-21-3533856717-1996590830-672907801-1001\...\Run: [IDMan] => C:\Program Files (x86)\Internet Download Manager\IDMan.exe [3907152 2015-09-13] (Tonec Inc.)
    HKU\S-1-5-21-3533856717-1996590830-672907801-1001\...\Run: [f.lux] => C:\Users\ArunPc\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-24] (Flux Software LLC)
    IFEO\RegWorks.exe: [Debugger] svchost.exe
    IFEO\RSITx64.exe: [Debugger] svchost.exe
    ShellIconOverlayIdentifiers: [ IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll [2015-08-14] (Tonec Inc.)
    ShellIconOverlayIdentifiers: [00001LenovoSyncComplete] -> {1E9CED2C-E7B4-4C47-B07A-25416393B67B} => C:\Program Files\Hightail\Hightail for Lenovo\YSINSE64.dll [2014-06-23] (Hightail Inc.)
    ShellIconOverlayIdentifiers: [00002LenovoSyncActive] -> {C1285F4D-918F-4EF2-BC94-CAD5B118C835} => C:\Program Files\Hightail\Hightail for Lenovo\YSINSE64.dll [2014-06-23] (Hightail Inc.)
    ShellIconOverlayIdentifiers: [00003LenovoSyncError] -> {CE5633DA-1488-4D1D-9A9B-B500297D4A8C} => C:\Program Files\Hightail\Hightail for Lenovo\YSINSE64.dll [2014-06-23] (Hightail Inc.)
    ShellIconOverlayIdentifiers: [00004LenovoLocalOnly] -> {C7362DA9-D3AC-4C17-B2F5-2F1823FA04C3} => C:\Program Files\Hightail\Hightail for Lenovo\YSINSE64.dll [2014-06-23] (Hightail Inc.)
    ShellIconOverlayIdentifiers-x32: [00001LenovoSyncComplete] -> {1E9CED2C-E7B4-4C47-B07A-25416393B67B} => C:\Program Files (x86)\Hightail\Hightail for Lenovo\YSINSE.dll [2014-06-23] (Hightail Inc.)
    ShellIconOverlayIdentifiers-x32: [00002LenovoSyncActive] -> {C1285F4D-918F-4EF2-BC94-CAD5B118C835} => C:\Program Files (x86)\Hightail\Hightail for Lenovo\YSINSE.dll [2014-06-23] (Hightail Inc.)
    ShellIconOverlayIdentifiers-x32: [00003LenovoSyncError] -> {CE5633DA-1488-4D1D-9A9B-B500297D4A8C} => C:\Program Files (x86)\Hightail\Hightail for Lenovo\YSINSE.dll [2014-06-23] (Hightail Inc.)
    ShellIconOverlayIdentifiers-x32: [00004LenovoLocalOnly] -> {C7362DA9-D3AC-4C17-B2F5-2F1823FA04C3} => C:\Program Files (x86)\Hightail\Hightail for Lenovo\YSINSE.dll [2014-06-23] (Hightail Inc.)
    ShellIconOverlayIdentifiers-x32: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\windows\SysWOW64\AcSignIcon.dll [2006-03-05] (Autodesk)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AutoCAD Startup Accelerator.lnk [2015-04-15]
    ShortcutTarget: AutoCAD Startup Accelerator.lnk -> C:\Program Files (x86)\Common Files\Autodesk Shared\acstart17.exe (Autodesk, Inc)

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1
    Tcpip\..\Interfaces\{4e309883-ec27-46cf-8af5-a03a278a9ba3}: [DhcpNameServer] 192.168.1.1 192.168.1.1
    Tcpip\..\Interfaces\{74a6adc7-e999-4c17-aa24-ac9d5226d23b}: [DhcpNameServer] 192.168.42.129
    Tcpip\..\Interfaces\{ad1fcfc0-1689-41e6-92db-5cefac2eafaa}: [DhcpNameServer] 192.168.1.1 192.168.1.1

    Internet Explorer:
    ==================
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    HKU\S-1-5-21-3533856717-1996590830-672907801-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13.msn.com/?pc=LCJB
    HKU\S-1-5-21-3533856717-1996590830-672907801-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = Google
    hxxp://www.lenovo.com
    HKU\S-1-5-21-3533856717-1996590830-672907801-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com
    BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll [2015-08-28] (Internet Download Manager, Tonec Inc.)
    BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_60\bin\ssv.dll [2015-09-13] (Oracle Corporation)
    BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
    BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_60\bin\jp2ssv.dll [2015-09-13] (Oracle Corporation)
    BHO-x32: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll [2015-08-28] (Internet Download Manager, Tonec Inc.)
    BHO-x32: IE 4.x-6.x BHO for Internet Download Accelerator -> {2A646672-9C3A-4C28-9A7A-1FB0F63F28B6} -> C:\Program Files (x86)\IDA\idaiehlp.dll [2015-06-26] (WestByte)
    BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2015-06-27] (Adobe Systems Incorporated)
    BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
    BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2015-06-27] (Adobe Systems Incorporated)
    Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2015-06-27] (Adobe Systems Incorporated)
    Toolbar: HKU\S-1-5-21-3533856717-1996590830-672907801-1001 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File

    FireFox:
    ========
    FF ProfilePath: C:\Users\ArunPc\AppData\Roaming\Mozilla\Firefox\Profiles\er57oayn.default
    FF SelectedSearchEngine: Yahoo!
    FF Homepage: about:home
    FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_18_0_0_232.dll [2015-08-17] ()
    FF Plugin: @java.com/DTPlugin,version=11.60.2 -> C:\Program Files\Java\jre1.8.0_60\bin\dtplugin\npDeployJava1.dll [2015-09-13] (Oracle Corporation)
    FF Plugin: @java.com/JavaPlugin,version=11.60.2 -> C:\Program Files\Java\jre1.8.0_60\bin\plugin2\npjp2.dll [2015-09-13] (Oracle Corporation)
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
    FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_232.dll [2015-08-17] ()
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-17] (Intel Corporation)
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-17] (Intel Corporation)
    FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll [2012-05-25] (Yahoo! Inc.)
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
    FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Pro 9\npnitromozilla.dll [2013-12-13] (Nitro PDF)
    FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-08-25] (NVIDIA Corporation)
    FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-08-25] (NVIDIA Corporation)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-19] (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-19] (Google Inc.)
    FF Plugin-x32: @videolan.org/vlc,version=2.2.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-02-27] (VideoLAN)
    FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll [2015-06-27] (Adobe Systems Inc.)
    FF Plugin HKU\S-1-5-21-3533856717-1996590830-672907801-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\ArunPc\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-06-08] (Unity Technologies ApS)
    FF Extension: Internet Download Accelerator Media Monitor - C:\Users\ArunPc\AppData\Roaming\Mozilla\Firefox\Profiles\er57oayn.default\Extensions\idamm@westbyte.com [2015-06-05]
    FF Extension: Adblock Plus Pop-up Addon - C:\Users\ArunPc\AppData\Roaming\Mozilla\Firefox\Profiles\er57oayn.default\Extensions\adblockpopups@jessehakanen.net.xpi [2014-12-30]
    FF Extension: YouTube mp3 - C:\Users\ArunPc\AppData\Roaming\Mozilla\Firefox\Profiles\er57oayn.default\Extensions\info@youtube-mp3.org.xpi [2014-11-23]
    FF Extension: Adblock Plus - C:\Users\ArunPc\AppData\Roaming\Mozilla\Firefox\Profiles\er57oayn.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-12-30]
    FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
    FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2014-11-05]
    FF HKU\S-1-5-21-3533856717-1996590830-672907801-1001\...\Firefox\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi
    FF Extension: No Name - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi [2015-08-28]
    FF HKU\S-1-5-21-3533856717-1996590830-672907801-1001\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\ArunPc\AppData\Roaming\IDM\idmmzcc5
    FF Extension: IDM CC - C:\Users\ArunPc\AppData\Roaming\IDM\idmmzcc5 [2015-09-13]

    Chrome:
    =======
    CHR HomePage: Default -> hxxps://in.search.yahoo.com/?type=926458&fr=yo-yhp-ch
    CHR Profile: C:\Users\ArunPc\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (Internet Download Accelerator) - C:\Users\ArunPc\AppData\Local\Google\Chrome\User Data\Default\Extensions\ccpokhmgacfkdaelielfljggjbbmmdpi [2015-08-11]
    CHR Extension: (Chrome Hotword Shared Module) - C:\Users\ArunPc\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-04-24]
    CHR Extension: (IDM Integration Module) - C:\Users\ArunPc\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngpampappnmepgilojfohadhhmbhlaek [2015-09-13]
    CHR Extension: (Chrome Web Store Payments) - C:\Users\ArunPc\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-04-24]
    CHR HKLM\...\Chrome\Extension: [jeaohhlajejodfjadcponpnjgkiikocn] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2015-08-28]
    CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2015-08-28]
    CHR HKLM-x32\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2015-08-28]

    Opera:
    =======
    OPR Extension: (Internet Download Accelerator) - C:\Users\ArunPc\AppData\Roaming\Opera Software\Opera Stable\Extensions\faehphipoljdginnjklhakadmiaehgod [2015-08-11]

    ==================== Services (Whitelisted) ========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    S3 Autodesk Licensing Service; C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe [77944 2015-04-15] (Autodesk)
    R2 CDROM_Eject_FI; C:\Program Files (x86)\Mblaze_Mylink\FI_Eject.exe [2198016 2014-07-31] () [File not signed]
    R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1155192 2015-08-27] (NVIDIA Corporation)
    R2 igfxCUIService2.0.0.0; C:\Windows\system32\igfxCUIService.exe [351120 2015-07-18] (Intel Corporation)
    R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-28] (Intel(R) Corporation) [File not signed]
    S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-28] (Intel(R) Corporation)
    R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-09-17] (Intel Corporation)
    S3 iumsvc; C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [174368 2014-02-28] ()
    R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-17] (Intel Corporation)
    S3 Lenovo EasyPlus Hotspot; C:\Program Files (x86)\Common Files\LENOVO\easyplussdk\bin\EPHotspot64.exe [619776 2014-12-24] (Lenovo)
    R2 Lenovo System Agent Service; C:\Program Files\Lenovo\iMController\SystemAgentService.exe [584632 2015-03-06] (LENOVO INCORPORATED.)
    R2 LenovoWiFiHotspotSvr; C:\Windows\System32\LenovoWiFiHotspotSvr.exe [198192 2014-09-17] (Lenovo(beijing) Limited)
    S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
    R2 NitroDriverReadSpool9; C:\Program Files\Common Files\Nitro\Pro\9.0\NitroPDFDriverService9x64.exe [230920 2013-12-13] (Nitro PDF Software)
    R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1872504 2015-08-27] (NVIDIA Corporation)
    R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [5544568 2015-08-27] (NVIDIA Corporation)
    R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [390632 2012-04-24] ()
    S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
    R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [362928 2015-07-10] (Microsoft Corporation)
    R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-07-10] (Microsoft Corporation)
    R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2013-12-24] (Atheros) [File not signed]

    ===================== Drivers (Whitelisted) ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R3 athr; C:\Windows\System32\drivers\athwbx.sys [3880448 2013-11-13] (Qualcomm Atheros Communications, Inc.)
    S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [237568 2015-07-10] (Microsoft Corporation)
    R1 dtsoftbus01; C:\Windows\System32\drivers\dtsoftbus01.sys [283200 2014-11-05] (DT Soft Ltd)
    R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
    S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-06-18] (Malwarebytes Corporation)
    R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-17] (Intel Corporation)
    S3 mtkmbim; C:\Windows\system32\DRIVERS\mtkmbim7_x64.sys [208896 2012-10-30] (MediaTek Inc.) [File not signed]
    R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19576 2015-08-27] (NVIDIA Corporation)
    R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [50472 2015-08-11] (NVIDIA Corporation)
    R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [886528 2015-07-22] (Realtek )
    R3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [761600 2015-06-15] (Realsil Semiconductor Corporation)
    R3 rtsuvc; C:\Windows\system32\DRIVERS\rtsuvc.sys [3068160 2015-06-16] (Realtek Semiconductor Corp.)
    S3 UdeCx; C:\Windows\System32\drivers\udecx.sys [44032 2015-07-10] ()
    S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44568 2015-07-10] (Microsoft Corporation)
    R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [291680 2015-07-10] (Microsoft Corporation)
    S3 wdf_usb; C:\Windows\system32\DRIVERS\usb2ser.sys [81408 2013-10-22] (MediaTek Inc.) [File not signed]
    R2 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [119648 2015-07-10] (Microsoft Corporation)
    S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-14] ("CyberLink)
    S3 SmbDrvI; \SystemRoot\system32\DRIVERS\Smb_driver_Intel.sys [X]
    S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]

    ========================== Drivers MD5 =======================

    C:\Windows\System32\drivers\1394ohci.sys 22CE801AD25C51E2553F41A076BB0CB2
    C:\Windows\System32\drivers\3ware.sys 2C49A2441EBB24C6ACFB524C1459115F
    C:\Windows\System32\drivers\ACPI.sys B87D3D07FE6F15328C6860D542F0E2BD
    C:\Windows\System32\Drivers\acpiex.sys 1E3C4EDBB7F3F668B7205E351010BB79
    C:\Windows\System32\drivers\acpipagr.sys 13B1C26AEDCB40082CDD97506F968129
    C:\Windows\System32\drivers\acpipmi.sys B3D64FF927D611721DA73A61BF3A18B3
    C:\Windows\System32\drivers\acpitime.sys 19F793B2203D94AC1F8AEDB08B494E2E
    C:\Windows\System32\drivers\AcpiVpc.sys E13DE7CD2B62254DD4FF658B7798A37D
    C:\Windows\System32\drivers\ADP80XX.SYS 2A24E10C1A1DE0E0035E353EED494A1C
    C:\Windows\system32\drivers\afd.sys 6C12C7E01A4F64E0AA9C88AF66955CC9
    C:\Windows\System32\drivers\agp440.sys EF09D07626820F7F89519514C17FE768
    C:\Windows\System32\DRIVERS\ahcache.sys 8A289EF0721F95267BF2404BABEE146D
    C:\Windows\System32\drivers\amdk8.sys 6763084E8322A4876D1613854640F914
    C:\Windows\System32\drivers\amdppm.sys DE29D8AB57AD67D4940CAB4A48B3E230
    C:\Windows\System32\drivers\amdsata.sys 4C1F9BBAF5CCD76D4642F3B92B97B454
    C:\Windows\System32\drivers\amdsbs.sys F8195C1A15955180DD663E7FF4C2F6DD
    C:\Windows\System32\drivers\amdxata.sys DD2F5BBCFAC4D8E48DB1A95A7EEBFF08
    C:\Windows\system32\drivers\appid.sys 46AAF119090573A80D603745582229ED
    C:\Windows\System32\drivers\arcsas.sys 0756EECAC010BE449D07502DF27E7701
    C:\Windows\System32\drivers\asyncmac.sys A5792F971EFE86B7F56EE7299ED1082B
    C:\Windows\System32\drivers\atapi.sys 8921DF6060DB5C7700AA48CB12E9EA08
    C:\Windows\System32\drivers\athwbx.sys 7ABEEA176A840449BFA7A766DFE1085E
    C:\Windows\System32\drivers\bxvbda.sys 00D64E82900E4EC9062805ED87C2D75A
    C:\Windows\System32\drivers\BasicDisplay.sys 5164A66EC1565711A7B4CF2F143B4979
    C:\Windows\System32\drivers\BasicRender.sys F4C58BBF2972BD84C73F6A14CA35AC4E
    C:\Windows\System32\drivers\bcmfn2.sys 25349D0B334E528667980948ED107D89
    C:\Windows\System32\Drivers\Beep.sys 1E8A9267F8886803AAE02982FC1B5BC4
    C:\Windows\System32\DRIVERS\bowser.sys C9FD65687EF89715999C582D3E568812
    C:\Windows\System32\drivers\btath_bus.sys C6978F7EBA6F37D626482AC6B9390630
    C:\Windows\system32\DRIVERS\btfilter.sys 239A81CC18170F3369D389DA65E74342
    C:\Windows\System32\drivers\BthAvrcpTg.sys F8DD3B0EAC1EF1D087AE47E5819540AC
    C:\Windows\System32\drivers\BthEnum.sys 74C9D52F3F594529465E18B2BFF80487
    C:\Windows\System32\drivers\bthhfenum.sys 647E2A425AD43637EAA01096A58B7089
    C:\Windows\System32\drivers\BthHFHid.sys B95040CAD3434D9EE003065363A0FAFF
    C:\Windows\system32\DRIVERS\BthLEEnum.sys 986F756D10B5A2B3971A03BD6308B94F
    C:\Windows\System32\drivers\bthmodem.sys 29AEE352AED4FCD2191436D263D75347
    C:\Windows\System32\drivers\bthpan.sys 38C97371F058E889F730BF35530732F4
    C:\Windows\System32\Drivers\BTHport.sys A9991032F00FDE9D344FF95C01DBD390
    C:\Windows\System32\Drivers\BTHUSB.sys 5866AE46EEF644E6DE5C95942AE419D7
    C:\Windows\System32\drivers\buttonconverter.sys F34AD5A9F944D91BD285D1C29EEECB2B
    C:\Windows\System32\drivers\capimg.sys A10A1E05A943B10ECE5D57D131B7404D
    C:\Windows\System32\DRIVERS\cdfs.sys F2829DC6D292DCAC5029893BB2E9FEE3
    C:\Windows\System32\drivers\cdrom.sys CA160E02F35A61C6F5C681FB4669C519
    C:\Windows\System32\drivers\circlass.sys 60D7D304DF75DFF6A46CF633F583B592
    C:\Windows\System32\drivers\CLFS.sys FF9D4BCE19E5D36CB3A845A3286DA6C3
    C:\Windows\System32\drivers\CmBatt.sys 8EBA63416EC166EBA6EF6D34A505D8C8
    C:\Windows\System32\Drivers\cng.sys 3B64DA873CEA5BEC42570BFF1054A014
    C:\Windows\System32\DRIVERS\cnghwassist.sys 5EEA0856000F81B3D709BC81B3AA1EF2
    C:\Windows\System32\DriverStore\FileRepository\compositebus.inf_amd64_98334ba6e76853ba\CompositeBus.sys 74CD3BF688E2B408227FE012A2F2D8ED
    C:\Windows\System32\drivers\condrv.sys D38774D1D383A2CDB9A4F64B7206913B
    C:\Windows\System32\drivers\dam.sys F038EAF73AAB72A4A89185A5A7B9FD75
    C:\Windows\System32\drivers\dc3d.sys 7AF9DAC504FBD047CBC3E64AE52C92BF
    C:\Windows\System32\Drivers\dfsc.sys 25435407D97419627F4B10653433BF2B
    C:\Windows\system32\DRIVERS\ssudbus.sys 73BDD44A6088916964945886F9025409
    C:\Windows\System32\drivers\disk.sys FDCD449AE9E75D7690593D16ADAF4DB4
    C:\Windows\System32\drivers\dmvsc.sys F10A8F6D036CEDD14A5471782C52F041
    C:\Windows\system32\drivers\drmkaud.sys 45771610FF181434073B5A0A00F20F8D
    C:\Windows\System32\drivers\dtsoftbus01.sys 46571ED73AE84469DCA53081D33CF3C8
    C:\Windows\System32\drivers\dxgkrnl.sys 310334DAF2C455744703E2D582942DF3
    C:\Windows\System32\drivers\evbda.sys 3070013B01EDA42C7EB67D731340C396
    C:\Windows\System32\drivers\EhStorClass.sys 59EE187E333EE9914DD9BEA5F4E0D85D
    C:\Windows\System32\drivers\EhStorTcgDrv.sys 9297F1CC486F24BDFD2874156AC5430F
    C:\Windows\System32\drivers\errdev.sys F7FCCA6300485EF60CEA6D991D6C8C78
    C:\Windows\System32\Drivers\exfat.sys DCCDC3F35F0618692117DF90800A4284
    C:\Windows\System32\Drivers\fastfat.sys 435FC0D25ADFD1A2FBA8C98BD4D79E23
    C:\Windows\System32\drivers\fcvsc.sys 4E4B7D935DBF522B2F23D3573596181D
    C:\Windows\System32\drivers\fdc.sys 583EB1C7690E361213BBD0472155128B
    C:\Windows\System32\drivers\filecrypt.sys CDFD81CACE0E11596A3BB61EC4CF6467
    C:\Windows\System32\drivers\fileinfo.sys 3F02FEDAE894CBF4BAADDF8C8E1D53A8
    C:\Windows\System32\drivers\filetrace.sys 2824933386E30DE5BA089DF539CE19A3
    C:\Windows\System32\drivers\flpydisk.sys 6A598249640F8BEDD79EC73917E1664F
    C:\Windows\System32\drivers\fltmgr.sys 44B6A6832134DF651E887E941478CA35
    C:\Windows\System32\drivers\FsDepends.sys 3F3B9E8CECD5604BC7746EF3A852EB67
    C:\Windows\System32\Drivers\Fs_Rec.sys A60583221C7BB7CEC35C63285A297BE1
    C:\Windows\System32\DRIVERS\fvevol.sys 58013A50225174EEF1410E37795D7908
    C:\Windows\System32\drivers\gagp30kx.sys 0DAAE3EFCE00133AB3E383A36C47CDAF
    C:\Windows\System32\drivers\vmgencounter.sys F59155B95D01C08F9ED774B626B504A1
    C:\Windows\System32\drivers\genericusbfn.sys AE24452F55C6F1784CBD7489D0CDDB02
    C:\Windows\System32\Drivers\msgpioclx.sys 96F0D3A583A91B634EE2AC2507356EDC
    C:\Windows\System32\drivers\gpuenergydrv.sys BA2455D93BD57989A04FE4094AA6F941
    C:\Windows\System32\drivers\HDAudBus.sys C277A49F8A8295840DEBC9240B75A282
    C:\Windows\System32\drivers\HidBatt.sys D5A57EF4822A0388352FFF9F5CD53495
    C:\Windows\System32\drivers\hidbth.sys 39575B53EB80C77FF2A3F1449D00B7F5
    C:\Windows\System32\drivers\hidi2c.sys 35C3B602664116E737FF729F9A7156AD
    C:\Windows\System32\drivers\hidinterrupt.sys C4ABE526BBF2A18E8AF70177FBAD9C6E
    C:\Windows\System32\drivers\hidir.sys 348416C7D7EB05BC3099FE2F2B27985C
    C:\Windows\System32\drivers\hidusb.sys 01F732724AF6EFE69886DA95A4E51820
    C:\Windows\System32\drivers\HpSAMD.sys 3844CE7DD23530CAD59D8CABA57CCB05
    C:\Windows\System32\drivers\HTTP.sys CA6EADBB8731CA27BDA4037BF290AC14
    C:\Windows\System32\drivers\hwpolicy.sys 8841D927EB1F7FFC8B1805BC0CF190ED
    C:\Windows\System32\drivers\hyperkbd.sys 53436C3835E80F4421652A67F44D6313
    C:\Windows\system32\DRIVERS\HyperVideo.sys B2DC6C2F313EBB967B556B4E73A75451
    C:\Windows\System32\drivers\i8042prt.sys D4CDEE4A62BDFFF6E8558A9552148EA7
    C:\Windows\System32\drivers\iaLPSSi_GPIO.sys 16A10CCEDCF5AC4CAAE43DC9FC40392F
    C:\Windows\System32\drivers\iaLPSSi_I2C.sys F1DF87463AC308047B089E9F0456B4C8
    C:\Windows\System32\drivers\iaStorAV.sys 9FDD4763A115D04F565C38183DE4646F
    C:\Windows\System32\drivers\iaStorV.sys 4E69EE8F8E5DA036535D433C544AF9E2
    C:\Windows\System32\drivers\ibbus.sys 15C59DF20F74A0C2C764B991FED7F4A5
    C:\Windows\system32\DRIVERS\idmwfp.sys BF02D8EF91CEF81DEB20260FE796B0F7
    C:\Windows\system32\DRIVERS\igdkmd64.sys 6FFC445E0D38C3C880125F2C201C9BC6
    C:\Windows\system32\drivers\intelaud.sys FC7C456AF9B9811499EDBD10616832EE
    C:\Windows\system32\drivers\RTKVHD64.sys 622868E4BAE8FBCD22CB1A5901A2C824
    C:\Windows\system32\DRIVERS\IntcDAud.sys 890144FA6AB42F2B54EE633BF96A019A
    C:\Windows\System32\drivers\intelide.sys 498759139F71142888CF7EFA1ABE18C8
    C:\Windows\System32\drivers\intelpep.sys DC270DDCDDC2EF65D484A65CC5166222
    C:\Windows\System32\drivers\intelppm.sys B4D9C777762B1F7356958B9C0AA93BEB
    C:\Windows\System32\drivers\ioqos.sys 22BD83268B80A8C89AAC0BDF46E4EB5D
    C:\Windows\System32\DRIVERS\ipfltdrv.sys A49E47A6E1429123F46A7CA9C05AEFC1
    C:\Windows\System32\drivers\IPMIDrv.sys E0C276985AF968CE295B8E09C121321F
    C:\Windows\System32\drivers\ipnat.sys 5D3744E6FDEC1A6FB3FA9B1DD4AF0694
    C:\Windows\System32\drivers\irenum.sys B18202D72C0EF4B53CEC6F59E3E1B955
    C:\Windows\System32\drivers\isapnp.sys CD04CBCCCB4C0E4BB06B98E0F45C888A
    C:\Windows\System32\drivers\msiscsi.sys 5D90E942C94B20E0F321015C0ABF3EEA
    C:\Windows\System32\drivers\iwdbus.sys A90C843F4FDD7A07129BA73C6BE13976
    C:\Windows\System32\drivers\kbdclass.sys 4192DFE6CA143C0AD8AF42C51A82BECA
    C:\Windows\System32\drivers\kbdhid.sys B63C0DB341DCB46CF7AA259333A737DD
    C:\Windows\System32\drivers\kdnic.sys 53C79A7FABDAAFD11EAB31963FB2CED7
    C:\Windows\System32\Drivers\ksecdd.sys 1E99B26BDB9B9C9BC775ED4543558560
    C:\Windows\System32\Drivers\ksecpkg.sys 6198A79011C67497B324798B3D4272CE
    C:\Windows\system32\drivers\ksthunk.sys 503597D9B72DBD9998F722F12A51ACFC
    C:\Windows\System32\drivers\lltdio.sys DB789F57CE94C827FBFF709CA5ABD29E
    C:\Windows\System32\drivers\lsi_sas.sys 3BB39166E446D456C277C17DFEA3DAC6
    C:\Windows\System32\drivers\lsi_sas2i.sys 25CF625E46307A5D6674C8DFA1A289AA
    C:\Windows\System32\drivers\lsi_sas3i.sys 722C52B12EA4C198D56994934C9DDAB6
    C:\Windows\System32\drivers\lsi_sss.sys 3371FF1D5D745C3306C6A2C4E99C25A9
    C:\Windows\system32\drivers\luafv.sys C692B9C0352315417CF49FFA664957A3
    C:\WINDOWS\system32\drivers\mbam.sys A8D28D5B3E2A528D1EF0E338E44F2820
    C:\WINDOWS\system32\drivers\mwac.sys 85CFE7AB85B43B6B7AC7961AA3983A9F
    C:\Windows\System32\drivers\megasas.sys B2ED9A7A5587A128A0EFD0DBE7662E95
    C:\Windows\System32\drivers\megasr.sys 083F71488E6780A67290273180256EA5
    C:\Windows\system32\DRIVERS\TeeDriverx64.sys E0EF6C1399A9B1AAA0B28590411BED04
    C:\Windows\System32\drivers\mlx4_bus.sys 5907A10D46747A2B6DBFD6A198254DC2
    C:\Windows\system32\drivers\mmcss.sys 91ED6F0EDF4158D63C52194F17D4F42E
    C:\Windows\System32\drivers\modem.sys 2C4CC9F6ADBED5A6D131FDB97A78FF68
    C:\Windows\System32\drivers\monitor.sys D8DB13529C8AD6FBAF8E2F382024374F
    C:\Windows\System32\drivers\mouclass.sys 2DAAF1EE1C30F2FCF59851A64ADA0422
    C:\Windows\System32\drivers\mouhid.sys D30FE074503283829ED194BCAE6239C3
    C:\Windows\System32\drivers\mountmgr.sys D5EC9413527B286CFEEB0294C53ABB95
    C:\Windows\System32\drivers\mpsdrv.sys 989A1BBD9C49B107B4A47D06E6827A69
    C:\Windows\system32\drivers\mrxdav.sys C1E74DD1D84861D8F12FF8BC0BA11975
    C:\Windows\System32\DRIVERS\mrxsmb.sys 1DF2C5FD2710A13B07E663A12F0E0EEA
    C:\Windows\System32\DRIVERS\mrxsmb10.sys 185932B1149BD707F8A13174CDAB365B
    C:\Windows\System32\DRIVERS\mrxsmb20.sys 99E24D4DBACBC569833B9A67710D65E7
    C:\Windows\System32\drivers\bridge.sys 6F8BE4FB6262012E61BBADB5444628DC
    C:\Windows\System32\Drivers\Msfs.sys 7C55F1751CAC199680D4489D1EE46544
    C:\Windows\System32\drivers\msgpiowin32.sys 988588C16A53C2581488C15FF18934BF
    C:\Windows\System32\drivers\mshidkmdf.sys 09622DBC24D0178F15DB8461BB6970DF
    C:\Windows\System32\drivers\mshidumdf.sys 34BB07495C0159BE4189841E16F3BC2F
    C:\Windows\System32\drivers\msisadrv.sys 7BF3F0DA362C053918F5F2EC43CE39E2
    C:\Windows\system32\drivers\MSKSSRV.sys B2D0FD21FE67D6434769CC6F7A7883CA
    C:\Windows\System32\drivers\mslldp.sys FB3801F176376286A3F8F20FFB8CDC53
    C:\Windows\system32\drivers\MSPCLOCK.sys 8CBDF0E7A6CD824352F37A682A33DF7E
    C:\Windows\system32\drivers\MSPQM.sys 33E5B6261D69ACD4948A5C64B9D8F29F
    C:\Windows\System32\Drivers\MsRPC.sys 557DF8C0DBBBF518AC395C6EB1B179AE
    C:\Windows\System32\drivers\mssmbios.sys 0A29AFA668F5DD50482A98ECE70C77A7
    C:\Windows\system32\drivers\MSTEE.sys 30CE30877FD5BFADE74FA27D7829BF89
    C:\Windows\System32\drivers\MTConfig.sys 13D88C0B8A2FA001CD72D454955A6974
    C:\Windows\system32\DRIVERS\mtkmbim7_x64.sys 81AB6B6A13CD0FF378FC8EAE61B21E4D
    C:\Windows\System32\Drivers\mup.sys 00C7F0F06A0A48B9CDB6B3AC3BE288F0
    C:\Windows\System32\drivers\mvumis.sys 8E237527CA260C71D39ED4081BDF3419
    C:\Windows\System32\DRIVERS\nwifi.sys 48D0587A8302FD3302CFE6F59F7345B0
    C:\Windows\System32\drivers\ndfltr.sys CF8296427834CF8BBB3EE1444C17362D
    C:\Windows\System32\drivers\ndis.sys D43EAFF4887321A07D9F9A9DD7225E07
    C:\Windows\System32\drivers\ndiscap.sys A0719D1EBA971DFC5DF5F7CC010385F8
    C:\Windows\System32\drivers\NdisImPlatform.sys 0C557932CCCC65AEB37326DD36504527
    C:\Windows\System32\DRIVERS\ndistapi.sys 56F9345D1945826135FBAB7589592B1F
    C:\Windows\System32\drivers\ndisuio.sys AADFC340939D99E5D756E713E1D452EB
    C:\Windows\System32\drivers\NdisVirtualBus.sys 312DFD787D99D3BF1427B0388BC04F71
    C:\Windows\System32\drivers\ndiswan.sys 2103F43E0A1ECFB14B7E1B889F5F24D7
    C:\Windows\System32\DRIVERS\ndiswan.sys 2103F43E0A1ECFB14B7E1B889F5F24D7
    C:\Windows\System32\DRIVERS\NDProxy.sys 6E98F16983C4AE8703FF9F90AB4B31DD
    C:\Windows\System32\drivers\Ndu.sys F1B7CC77F412C8D45B2DDCF76EDA4F9D
    C:\Windows\System32\drivers\netbios.sys 824FDC990A3F79069BE468A132EB6888
    C:\Windows\System32\DRIVERS\netbt.sys F0D791348AD254360CC3C3E501CCB745
    C:\Windows\System32\drivers\netvsc.sys 46E862DA2CF8F351375EF537276B69B5
    C:\Windows\System32\Drivers\Npfs.sys 41557BE174E9EC6AC703A8A4ADBC6650
    C:\Windows\System32\drivers\npsvctrig.sys AC3F70FCFBCE97AA2F12BA43EE13B86E
    C:\Windows\System32\drivers\nsiproxy.sys 66A98C407085B8920DF1E6D722F1ADB8
    C:\Windows\System32\Drivers\NTFS.sys 466EC5659C02ED53DBD47DC1BC2B8086
    C:\Windows\System32\Drivers\Null.sys 383E546EF4982262A0EF6CC2B6E9D525
    C:\Windows\system32\DRIVERS\nvlddmkm.sys A5EE0530F8B4AEF6B319AC4E7190D766
    C:\Windows\System32\drivers\nvraid.sys 466F875F1D4C6ABB46AF28007009237C
    C:\Windows\System32\drivers\nvstor.sys 76F19EAE7A52CBAF7B8EC428BE6E0DA0
    C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys 4680DDDDDBA1CB1D56D49B4A6134155C
    C:\Windows\system32\drivers\nvvad64v.sys 35DFC12FD7E44B7CB8CCD7E5A2B3975A
    C:\Windows\System32\drivers\nv_agp.sys 0D0CB77D74B38E0EC62341C19E469D8D
    C:\Windows\System32\drivers\parport.sys 38F1AE32339731F6E5A7281AE8042545
    C:\Windows\System32\drivers\partmgr.sys 707889D2F95AAE8C9DD254D8767AD908
    C:\Windows\System32\drivers\pci.sys 2834089EA4E550FF3B96E61FB4AA34ED
    C:\Windows\System32\drivers\pciide.sys 3D587E4295B11B8480F7ACB09A89D718
    C:\Windows\System32\drivers\pcmcia.sys B8F07002B5F1DA23CFF979C2806B09F3
    C:\Windows\System32\drivers\pcw.sys FF588077D0C6AC2EA3FCBF1903CE08D0
    C:\Windows\System32\drivers\pdc.sys 5A4426450501534666F9E6157E258A0B
    C:\Windows\System32\drivers\peauth.sys 688F47C342E1BBC87A48AB71D316233E
    C:\Windows\System32\drivers\percsas2i.sys 189265498945593D5256CFF7FEBB9665
    C:\Windows\System32\drivers\percsas3i.sys 9B86965114F6831A5130EFE6657B17D9
    C:\Windows\system32\DRIVERS\pneteth.sys A010F13D27C1033A8BE09D5FA9BF348B
    C:\Windows\System32\drivers\raspptp.sys 1433EB7908E5E1E20FFD50E4126C3484
    C:\Windows\System32\drivers\processr.sys 22DE54C3974E4FD98F61D095C22C59B7
    C:\Windows\System32\drivers\pacer.sys EDD52C352CBAAAD13FD7BD5DCEA309B3
    C:\Windows\system32\drivers\qwavedrv.sys 51590F442C6E5D43244BA30DDB0CE79D
    C:\Windows\System32\DRIVERS\rasacd.sys E951E70019865B06126AF850BCCA2026
    C:\Windows\System32\drivers\AgileVpn.sys 0BF8607133AE264BC3C41A5BAA5FFB7B
    C:\Windows\System32\drivers\rasl2tp.sys CA60F6C03611AF1710BC903ED9F566FB
    C:\Windows\System32\drivers\raspppoe.sys E5FA41160F5A3D78D8F7765E5C5F6BB0
    C:\Windows\System32\drivers\rassstp.sys DF0834AE921E633E05D1FDC55C318957
    C:\Windows\System32\DRIVERS\rdbss.sys FC9B7AC6E2B837EF7CD6C64F7068D41D
    C:\Windows\System32\drivers\rdpbus.sys FB7375657F8A5932C35EAA45E9B4B416
    C:\Windows\System32\drivers\rdpdr.sys A32AED8C644734B283A7C9D08D76064D
    C:\Windows\System32\drivers\rdpvideominiport.sys 37CC7E41243EFBB4FBC0510E5CA32A02
    C:\Windows\System32\drivers\rdyboost.sys DAF957B25A35757E9D814611FAE8FE3B
    C:\Windows\System32\Drivers\ReFSv1.sys 2C72E029C153D25325CA182A669E4ADE
    C:\Windows\System32\drivers\rfcomm.sys 67E83C0C9A2B5ACEE9EF690E6B7E9189
    C:\Windows\System32\drivers\rspndr.sys DC66C1D262D64E30A30B68E9F21AC74B
    C:\Windows\System32\drivers\rt640x64.sys CF0F908B50CD8FB12B7B69DA56A44681
    C:\Windows\system32\DRIVERS\RtsPer.sys BE7E1D29CD6DAF79EF08A24A03E10D38
    C:\Windows\system32\DRIVERS\rtsuvc.sys 14F73F34745B8EEF780181910B3BF41F
    C:\Windows\System32\drivers\vms3cap.sys 88F7703F2A4677C828124AE2110D3EBC
    C:\Windows\System32\drivers\sbp2port.sys B467E932FE4E16E201DC7E56870CB559
    C:\Windows\System32\DRIVERS\scfilter.sys 31DDA0716EC265CA57DAF9D2295FD76F
    C:\Windows\System32\drivers\sdbus.sys CC41D16FB823F9BE167BE773F225CD1F
    C:\Windows\System32\drivers\sdstor.sys F4BF50A7D16A97A887BFA0F193693C42
    C:\Windows\System32\drivers\SerCx.sys 9DB0BBE3ABE1F49651AE51EC5BCABE58
    C:\Windows\System32\drivers\SerCx2.sys C4AF79C37334D995D95C22C14FDBF7FD
    C:\Windows\System32\drivers\serenum.sys FC541A272F47BE03E67A9FCB87FA8C3E
    C:\Windows\System32\drivers\serial.sys 2A5F5F95FCA123DCBF53B5F603B64789
    C:\Windows\System32\drivers\sermouse.sys C8738887228B7BFA3B1A906816A8BB12
    C:\Windows\System32\drivers\sfloppy.sys 67832B68752CDF7FDE56949E4A2E70BF
    C:\Windows\System32\drivers\SiSRaid2.sys ED058030296CF9B79C8D48BF43724323
    C:\Windows\System32\drivers\sisraid4.sys 633D3D1581E9DCCD5A2D8F039104C9A5
    C:\Windows\System32\drivers\spaceport.sys 187B4AD4446C59F8FCC4A10F473EE3D1
    C:\Windows\System32\drivers\SpbCx.sys 2799FCA215919FDC9A87C5FCAB530828
    C:\Windows\System32\DRIVERS\srv.sys AA1F23501511EFE9CF9771F6B20E8D45
    C:\Windows\System32\DRIVERS\srv2.sys F5B169EDF9D5E3C7200D89D30E065D13
    C:\Windows\System32\DRIVERS\srvnet.sys 2E142E027F0AA698BA4DCE49CBDB43CD
    C:\Windows\system32\DRIVERS\ssudmdm.sys 5252D7BC56E5E0ED715AEA8FE173A455
    C:\Windows\System32\drivers\stexstor.sys DDE064A4298FD1FBF804D3ED691E7EDB
    C:\Windows\System32\drivers\storahci.sys 32C95F44108C3E7DB58F773346E3C9D0
    C:\Windows\System32\drivers\vmstorfl.sys 8883C8CE4942A99B84E1CC6EFA19738E
    C:\Windows\System32\drivers\stornvme.sys AE7B7E1E95BFB9340B1956C98CA52C81
    C:\Windows\System32\drivers\storqosflt.sys 63513EF3121689B3A59BD217618A2E42
    C:\Windows\System32\drivers\storufs.sys 000F5CFCEF0F06DC8FD1D2F568E48AE4
    C:\Windows\System32\drivers\storvsc.sys 7415087F9006D6818F85F3CBD79B1A50
    C:\Windows\System32\DriverStore\FileRepository\swenum.inf_amd64_2a699e44676b7781\swenum.sys 802278EE4ACCE9EA1F1481DF20EB1667
    C:\Windows\System32\drivers\Synth3dVsc.sys 12D0CB1DCAE6725B6CA54CC2038C4C8C
    C:\Windows\System32\drivers\tcpip.sys BA8CDF0FC9469005A84453A128EEB6AE
    C:\Windows\System32\drivers\tcpip.sys BA8CDF0FC9469005A84453A128EEB6AE
    C:\Windows\System32\drivers\tcpipreg.sys D378A1AF58AFA84BB6AC753F2C1BE9F4
    C:\Windows\system32\DRIVERS\tdx.sys 28E1E63A1AC65E17B3194238FA2CF3BF
    C:\Windows\System32\drivers\terminpt.sys CCDBD2817C10A4F631280CBB3AE44FFB
    C:\Windows\system32\drivers\tpm.sys F4AEDABC8F3A9D632F8206D0C7F8CA09
    C:\Windows\System32\drivers\TsUsbFlt.sys 676C801CAA61AADD0C918CC536A74B78
    C:\Windows\System32\drivers\TsUsbGD.sys 2BB6CC0DD1CEE86330743B56FA9FE91F
    C:\Windows\System32\drivers\tunnel.sys 14B46248612DF1B1A695040FFFBCFAFC
    C:\Windows\System32\drivers\uagp35.sys D0BE5EA1652D55029C9A898FB8ACFCE0
    C:\Windows\System32\drivers\uaspstor.sys 13C15E4B238895FE4731DB1D612EEB5F
    C:\Windows\System32\Drivers\UcmCx.sys BEBB8B55C5F99B69EEE39A9D7BADB21E
    C:\Windows\System32\drivers\UcmUcsi.sys DE3EDAF609D00EA2E54986E6459796A6
    C:\Windows\System32\drivers\ucx01000.sys FB1C1D8B96A482F3581338D6752E1D6C
    C:\Windows\System32\drivers\udecx.sys 4E1543ACE2F6E2846713E5123D9D4159
    C:\Windows\System32\DRIVERS\udfs.sys CDCA9CC1D8293E75218D8FF85F2337A4
    C:\Windows\System32\drivers\UEFI.sys BC683E19307C533C7161DB7A58051347
    C:\Windows\System32\drivers\ufx01000.sys D14B42C26DE402F316D49667D15446F0
    C:\Windows\System32\drivers\UfxChipidea.sys 192470BE4321791FBB25F379D0141D6F
    C:\Windows\System32\drivers\ufxsynopsys.sys F7BD838E84E6B286DBCE068EFB8C0800
    C:\Windows\System32\drivers\uliagpkx.sys A25842AC180F0E8B02380ECB8ADA1AF5
    C:\Windows\System32\drivers\umbus.sys 21088F43172525C7E02D335A3327F46C
    C:\Windows\System32\drivers\umpass.sys 294A291B5D48FE8F38DD94B7272442C5
    C:\Windows\System32\drivers\urschipidea.sys A7A52EDDC3FAF183D6AC4774690ADF13
    C:\Windows\System32\drivers\urscx01000.sys 2EEA0897DD9E30E958B508D557F0B5E4
    C:\Windows\System32\drivers\urssynopsys.sys DC54D775A3A61E4CDE871B4E38A1459A
    C:\Windows\System32\drivers\usbccgp.sys 18B63A0980F4AA1E6D7879B253980E37
    C:\Windows\System32\drivers\usbcir.sys 1C60A1A3C8E1E819E16F12BAEB1C83F8
    C:\Windows\System32\drivers\usbehci.sys 9A3E39F85DC6E3B9F792F1095ACFF788
    C:\Windows\System32\drivers\usbhub.sys 15FE07A404C8A0CD306661433027FFE4
    C:\Windows\System32\drivers\UsbHub3.sys 7E51F2AD1D729F5CDBB6BE21CB58FEB7
    C:\Windows\System32\drivers\usbohci.sys 72EA850B59F40C25A4FEDDA5FE84EFEB
    C:\Windows\System32\drivers\usbprint.sys 47B2B2DE152E25546944049CA1170BB1
    C:\Windows\System32\drivers\usbser.sys 1F72E1A7E1858B7B3FF81522FCEBDE95
    C:\Windows\System32\drivers\USBSTOR.SYS CD35467670DF1E6FBF36DA308F0C872B
    C:\Windows\System32\drivers\usbuhci.sys DFA92EA105DD1073B43FB210EEB03DD4
    C:\Windows\System32\drivers\USBXHCI.SYS C67A03F54A1EA683F4880A481EE5FF6C
    C:\Windows\System32\drivers\usb8023x.sys 21F376A4E05EAAA1690C0897352C2B3B
    C:\Windows\System32\drivers\vdrvroot.sys 26223003DDFB347B5CF3EC0B56DB066B
    C:\Windows\System32\drivers\VerifierExt.sys A417284BC6B5C2EEF63F2C5154473530
    C:\Windows\System32\drivers\vhdmp.sys 4C39C05A72EB14C0567501C7E087E564
    C:\Windows\System32\drivers\vhf.sys C42206A15078596FDE8E89BB629DE342
    C:\Windows\System32\drivers\vmbus.sys 248D9F911A5C94CF8477125DD0C3A291
    C:\Windows\System32\drivers\VMBusHID.sys 3E98DD4E0CBD6B4F9CBD0E9E0EDF541E
    C:\Windows\System32\drivers\volmgr.sys 91F165C5D71D9DCB18D4661CF10D1084
    C:\Windows\System32\drivers\volmgrx.sys 17042748AC05862A0283D32575220080
    C:\Windows\System32\drivers\volsnap.sys 823A237D871CD652C6BFD47BECB6810A
    C:\Windows\System32\drivers\vpci.sys 78727FA284C2095EED660D71CD3C9AEF
    C:\Windows\System32\drivers\vsmraid.sys 2415961D561E02F5E46B7C1C687A6788
    C:\Windows\System32\drivers\vstxraid.sys 6AE9A843AE979F2DCCA5A25C07C7A5F8
    C:\Windows\System32\drivers\vwifibus.sys BD232C761C59FA8D8EF626CA630E2D2E
    C:\Windows\System32\drivers\vwififlt.sys 3039687AB65CEE26CF478C1F42FFCD7D
    C:\Windows\System32\drivers\vwifimp.sys 37C868DDE3103130B00AD1313DAB5ACB
    C:\Windows\System32\drivers\wacompen.sys FC40A7527D39F06D032A6553D22E4BF6
    C:\Windows\System32\DRIVERS\wanarp.sys E9E22E116F810DAC98C5EC207F24C916
    C:\Windows\System32\DRIVERS\wanarp.sys E9E22E116F810DAC98C5EC207F24C916
    C:\Windows\System32\drivers\WdBoot.sys C8BA574B3BA6AE88741AC86B1FE3C1DC
    C:\Windows\System32\drivers\Wdf01000.sys 796D1C95894BC15B3FEF090C107CBA31
    C:\Windows\System32\drivers\WdFilter.sys C5BB7C612B4C852836BEA39593BA5F46
    C:\Windows\system32\DRIVERS\usb2ser.sys CABA2C0BBBDA1410EB18D4C7C574F355
    C:\Windows\System32\DRIVERS\wdiwifi.sys 9B2039C5673EEBF1D4E34ABC0AFB88C7
    C:\Windows\System32\Drivers\WdNisDrv.sys BD193A7BD34B2E829FAF56306FEE3B09
    C:\Windows\System32\drivers\wfplwfs.sys DBF5255B759212E5217A2748567A0B5C
    C:\Windows\System32\drivers\wimmount.sys 4375BCBA419D19695CF566082CEF27D3
    C:\Windows\System32\drivers\WindowsTrustedRT.sys 037BC6DE5F58D4A74A5BB0C12DCECDCA
    C:\Windows\System32\drivers\WindowsTrustedRTProxy.sys 70BCD70BD53F2FE660ED94B025A043EB
    C:\Windows\System32\drivers\winmad.sys 7792AE5403BF8975B6460DFC3428D129
    C:\Windows\System32\drivers\WinUsb.sys 811F30EB6EE8318C4171CB95AE30B9BD
    C:\Windows\System32\drivers\winverbs.sys DF00381AB8665D48DE3FF794BC6760AB
    C:\Windows\System32\drivers\wmiacpi.sys 623ED8E10DFEEAB7AE2CD11A0451DB79
    C:\Windows\System32\Drivers\Wof.sys 78CA1FF6FE37EEFAFF99DD1C956AF60A
    C:\Windows\System32\DRIVERS\wpcfltr.sys 388F2A3C771B8BEE76FD1AAF9614D08E
    C:\Windows\System32\drivers\WpdUpFltr.sys 37DCE976B3935380F2F6E39ABB6BF40D
    C:\Windows\system32\drivers\ws2ifsl.sys 3CD22DD5A790CF7C24D65455E565EA83
    C:\Windows\system32\DRIVERS\wsvd.sys 72B4E9DF6456C43C42A1419B09486045
    C:\Windows\System32\drivers\WudfPf.sys 835F60262E7E310080EA05F6752BF248
    C:\Windows\System32\drivers\WUDFRd.sys 4E848DE29E4279C7F25EF5B34ED94FDD
    C:\Windows\system32\DRIVERS\WUDFRd.sys 4E848DE29E4279C7F25EF5B34ED94FDD
    C:\Windows\System32\drivers\WUDFRd.sys 4E848DE29E4279C7F25EF5B34ED94FDD
    C:\Windows\System32\drivers\xboxgip.sys 30021D1E0407B71E8D5D4F8DAE4E656A
    C:\Windows\System32\drivers\xinputhid.sys 6851673B90D8CB332439E0339F81A6B6
    C:\Windows\System32\drivers\xusb22.sys 1E80EDF59994925D6AF76D87564588E1

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One Month Created files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2015-09-20 11:52 - 2015-09-20 11:52 - 00000000 ___HD C:\OneDriveTemp
    2015-09-20 11:50 - 2015-09-20 11:50 - 00016148 _____ C:\WINDOWS\system32\ARUN_ArunPc_HistoryPrediction.bin
    2015-09-20 11:19 - 2015-09-20 11:23 - 00113880 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
    2015-09-20 11:18 - 2015-09-20 11:18 - 00001182 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2015-09-20 11:18 - 2015-09-20 11:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
    2015-09-20 11:18 - 2015-09-20 11:18 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
    2015-09-20 11:18 - 2015-06-18 08:42 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
    2015-09-20 11:18 - 2015-06-18 08:41 - 00109272 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
    2015-09-20 11:18 - 2015-06-18 08:41 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
    2015-09-20 11:08 - 2015-09-20 11:08 - 00000831 _____ C:\Users\ArunPc\Documents\hosts.txt
    2015-09-20 11:08 - 2015-09-20 11:08 - 00000831 _____ C:\Users\ArunPc\Desktop\hosts.txt
    2015-09-19 23:00 - 2015-09-19 23:00 - 00000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
    2015-09-19 22:59 - 2015-09-19 22:59 - 00000000 ____D C:\WINDOWS\pss
    2015-09-19 22:34 - 2015-09-19 22:34 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
    2015-09-19 22:03 - 2015-09-19 22:04 - 00000000 ____D C:\Users\ArunPc\Downloads\METAL.GEAR.SOLID.5.TPP.V1.01.PLUS22TRN.FLING
    2015-09-19 21:58 - 2015-09-19 21:58 - 00002217 _____ C:\Users\Public\Desktop\3D Vision Photo Viewer.lnk
    2015-09-19 21:57 - 2015-09-19 21:57 - 00000000 ____D C:\WINDOWS\LastGood.Tmp
    2015-09-19 21:57 - 2015-08-25 19:48 - 00574072 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvStreaming.exe
    2015-09-19 21:56 - 2015-08-26 00:08 - 42840184 _____ C:\WINDOWS\system32\nvcompiler.dll
    2015-09-19 21:56 - 2015-08-26 00:08 - 37819184 _____ C:\WINDOWS\SysWOW64\nvcompiler.dll
    2015-09-19 21:56 - 2015-08-26 00:08 - 22559352 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglv64.dll
    2015-09-19 21:56 - 2015-08-26 00:08 - 18569336 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglv32.dll
    2015-09-19 21:56 - 2015-08-26 00:08 - 17932648 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvwgf2umx.dll
    2015-09-19 21:56 - 2015-08-26 00:08 - 16646624 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvopencl.dll
    2015-09-19 21:56 - 2015-08-26 00:08 - 15630616 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvd3dumx.dll
    2015-09-19 21:56 - 2015-08-26 00:08 - 15334976 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvwgf2um.dll
    2015-09-19 21:56 - 2015-08-26 00:08 - 14945552 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
    2015-09-19 21:56 - 2015-08-26 00:08 - 13667032 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvopencl.dll
    2015-09-19 21:56 - 2015-08-26 00:08 - 12611824 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvd3dum.dll
    2015-09-19 21:56 - 2015-08-26 00:08 - 12192048 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
    2015-09-19 21:56 - 2015-08-26 00:08 - 02354808 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
    2015-09-19 21:56 - 2015-08-26 00:08 - 02105976 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
    2015-09-19 21:56 - 2015-08-26 00:08 - 01898104 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6435582.dll
    2015-09-19 21:56 - 2015-08-26 00:08 - 01558648 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6435582.dll
    2015-09-19 21:56 - 2015-08-26 00:08 - 01075320 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
    2015-09-19 21:56 - 2015-08-26 00:08 - 01064752 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
    2015-09-19 21:56 - 2015-08-26 00:08 - 00986232 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
    2015-09-19 21:56 - 2015-08-26 00:08 - 00945272 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
    2015-09-19 21:56 - 2015-08-26 00:08 - 00787200 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncMFTH264.dll
    2015-09-19 21:56 - 2015-08-26 00:08 - 00632848 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncMFTH264.dll
    2015-09-19 21:56 - 2015-08-26 00:08 - 00408368 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll
    2015-09-19 21:56 - 2015-08-26 00:08 - 00387536 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
    2015-09-19 21:56 - 2015-08-26 00:08 - 00364152 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll
    2015-09-19 21:56 - 2015-08-26 00:08 - 00316120 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
    2015-09-19 21:56 - 2015-08-26 00:08 - 00176904 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvinitx.dll
    2015-09-19 21:56 - 2015-08-26 00:08 - 00155976 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvinit.dll
    2015-09-19 20:52 - 2015-09-19 20:52 - 00000000 ____D C:\ProgramData\Office Genuine Advantage
    2015-09-19 20:51 - 2015-09-19 20:51 - 02031992 _____ (Microsoft Corporation) C:\Users\ArunPc\Desktop\MGADiag.exe
    2015-09-19 11:20 - 2015-09-19 23:02 - 00007208 _____ C:\Users\ArunPc\Desktop\Rkill.txt
    2015-09-19 11:20 - 2015-09-19 11:20 - 00000000 ____D C:\Users\ArunPc\Desktop\rkill
    2015-09-18 16:43 - 2015-09-18 16:43 - 00000547 _____ C:\WINDOWS\SynInst.log
    2015-09-18 16:43 - 2015-09-18 16:43 - 00000000 ____D C:\Users\ArunPc\AppData\Roaming\Synaptics
    2015-09-18 15:56 - 2015-09-18 15:56 - 00000000 ____D C:\Users\ArunPc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Flux
    2015-09-17 21:18 - 2015-09-17 21:18 - 00000486 _____ C:\WINDOWS\Synaptics.PD.log
    2015-09-17 21:18 - 2015-09-17 21:18 - 00000486 _____ C:\WINDOWS\Synaptics.log
    2015-09-17 20:05 - 2015-09-18 16:52 - 00000000 ___HD C:\$SysReset
    2015-09-17 19:42 - 2015-09-02 05:55 - 03586560 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
    2015-09-17 19:42 - 2015-08-27 11:34 - 21874688 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
    2015-09-17 19:42 - 2015-08-27 11:29 - 02880032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
    2015-09-17 19:42 - 2015-08-27 11:25 - 24594944 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
    2015-09-17 19:42 - 2015-08-27 11:21 - 02350592 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
    2015-09-17 19:42 - 2015-08-27 11:21 - 01774592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
    2015-09-17 19:42 - 2015-08-27 11:17 - 12503552 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
    2015-09-17 19:42 - 2015-08-27 10:53 - 19324416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
    2015-09-17 19:42 - 2015-08-27 10:46 - 18806272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
    2015-09-17 19:42 - 2015-08-27 10:46 - 02153472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
    2015-09-17 19:42 - 2015-08-27 10:46 - 01612288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll
    2015-09-17 19:42 - 2015-08-27 10:39 - 11262464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
    2015-09-17 19:42 - 2015-08-20 11:37 - 08019296 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
    2015-09-17 19:42 - 2015-08-20 11:36 - 00609592 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
    2015-09-17 19:42 - 2015-08-20 11:32 - 22324656 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
    2015-09-17 19:42 - 2015-08-20 10:46 - 20857848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
    2015-09-17 19:42 - 2015-08-20 10:43 - 02235904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
    2015-09-17 19:42 - 2015-08-18 13:26 - 02498808 _____ C:\WINDOWS\system32\CoreUIComponents.dll
    2015-09-17 19:42 - 2015-08-18 13:24 - 01396064 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
    2015-09-17 19:42 - 2015-08-18 12:57 - 01771592 _____ C:\WINDOWS\SysWOW64\CoreUIComponents.dll
    2015-09-17 19:42 - 2015-08-18 12:54 - 00963920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
    2015-09-17 19:42 - 2015-08-18 12:43 - 00387584 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupShim.dll
    2015-09-17 19:42 - 2015-08-18 12:42 - 02225664 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
    2015-09-17 19:42 - 2015-08-18 12:22 - 01888768 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
    2015-09-17 19:42 - 2015-08-18 11:59 - 01593344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
    2015-09-17 19:41 - 2015-09-02 06:50 - 00077400 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
    2015-09-17 19:41 - 2015-09-02 05:55 - 01382912 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
    2015-09-17 19:41 - 2015-08-27 12:06 - 03620736 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
    2015-09-17 19:41 - 2015-08-27 12:02 - 00608936 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
    2015-09-17 19:41 - 2015-08-27 11:24 - 00541248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
    2015-09-17 19:41 - 2015-08-27 11:24 - 00365568 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
    2015-09-17 19:41 - 2015-08-27 11:19 - 01008640 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
    2015-09-17 19:41 - 2015-08-27 11:13 - 00826880 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
    2015-09-17 19:41 - 2015-08-27 11:13 - 00576000 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
    2015-09-17 19:41 - 2015-08-27 11:12 - 00596480 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSync.dll
    2015-09-17 19:41 - 2015-08-27 11:12 - 00578560 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
    2015-09-17 19:41 - 2015-08-27 11:12 - 00187904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.PicturePassword.dll
    2015-09-17 19:41 - 2015-08-27 11:12 - 00184320 _____ (Microsoft Corporation) C:\WINDOWS\system32\shacct.dll
    2015-09-17 19:41 - 2015-08-27 11:09 - 00045568 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
    2015-09-17 19:41 - 2015-08-27 10:53 - 00303104 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
    2015-09-17 19:41 - 2015-08-27 10:42 - 00650752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
    2015-09-17 19:41 - 2015-08-27 10:42 - 00504320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
    2015-09-17 19:41 - 2015-08-27 10:41 - 00484352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSync.dll
    2015-09-17 19:41 - 2015-08-27 10:41 - 00139776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shacct.dll
    2015-09-17 19:41 - 2015-08-27 10:38 - 00037376 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
    2015-09-17 19:41 - 2015-08-20 10:56 - 00168960 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
    2015-09-17 19:41 - 2015-08-20 10:51 - 00193024 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseModernAppMgmtCSP.dll
    2015-09-17 19:41 - 2015-08-20 10:39 - 00929280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
    2015-09-17 19:41 - 2015-08-18 13:25 - 00373072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
    2015-09-17 19:41 - 2015-08-18 12:43 - 00497664 _____ (Microsoft Corporation) C:\WINDOWS\system32\WlanMediaManager.dll
    2015-09-17 19:41 - 2015-08-18 12:37 - 02226688 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
    2015-09-17 19:41 - 2015-08-18 12:34 - 01234944 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
    2015-09-17 19:41 - 2015-08-18 12:34 - 00859136 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
    2015-09-17 19:41 - 2015-08-18 12:29 - 01294336 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcnwiz.dll
    2015-09-17 19:41 - 2015-08-18 12:29 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\WcnApi.dll
    2015-09-17 19:41 - 2015-08-18 12:28 - 00187392 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
    2015-09-17 19:41 - 2015-08-18 12:28 - 00117760 _____ (Microsoft Corporation) C:\WINDOWS\system32\dafWCN.dll
    2015-09-17 19:41 - 2015-08-18 12:28 - 00112640 _____ (Microsoft Corporation) C:\WINDOWS\system32\fdWCN.dll
    2015-09-17 19:41 - 2015-08-18 12:28 - 00050176 _____ (Microsoft Corporation) C:\WINDOWS\system32\WcnNetsh.dll
    2015-09-17 19:41 - 2015-08-18 12:27 - 00045568 _____ (Microsoft Corporation) C:\WINDOWS\system32\wfdprov.dll
    2015-09-17 19:41 - 2015-08-18 12:26 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\BthRadioMedia.dll
    2015-09-17 19:41 - 2015-08-18 12:25 - 02178560 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
    2015-09-17 19:41 - 2015-08-18 12:24 - 00322048 _____ (Microsoft Corporation) C:\WINDOWS\system32\vaultsvc.dll
    2015-09-17 19:41 - 2015-08-18 12:24 - 00247296 _____ C:\WINDOWS\system32\facecredentialprovider.dll
    2015-09-17 19:41 - 2015-08-18 12:20 - 01795072 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
    2015-09-17 19:41 - 2015-08-18 12:19 - 01061888 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
    2015-09-17 19:41 - 2015-08-18 12:19 - 00274432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupShim.dll
    2015-09-17 19:41 - 2015-08-18 12:19 - 00246272 _____ (Microsoft Corporation) C:\WINDOWS\system32\PackageStateRoaming.dll
    2015-09-17 19:41 - 2015-08-18 12:06 - 01226752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wcnwiz.dll
    2015-09-17 19:41 - 2015-08-18 12:05 - 00100352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WcnApi.dll
    2015-09-17 19:41 - 2015-08-18 12:05 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fdWCN.dll
    2015-09-17 19:41 - 2015-08-18 12:04 - 00037376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wfdprov.dll
    2015-09-17 19:41 - 2015-08-18 11:56 - 00195584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PackageStateRoaming.dll
    2015-09-17 19:41 - 2015-08-18 10:14 - 00008847 _____ C:\WINDOWS\system32\ResPriHMImageList
    2015-09-17 19:30 - 2015-09-17 19:30 - 00000000 ____D C:\Users\ArunPc\AppData\Local\niemiro
    2015-09-17 14:15 - 2015-09-17 14:15 - 00000000 ____D C:\Users\ArunPc\AppData\Local\FluxSoftware
    2015-09-16 16:28 - 2015-09-18 16:38 - 00000000 ____D C:\Users\ArunPc\3D Objects
    2015-09-16 16:16 - 2015-09-16 16:24 - 31389027 _____ C:\Users\ArunPc\Downloads\Nicki Minaj - Anaconda.mp4
    2015-09-16 16:07 - 2015-09-16 16:10 - 22631158 _____ C:\Users\ArunPc\Downloads\Dan Balan - Chica Bomb (Chew Fu Full Length Remix) - Out Now!!!.mp4
    2015-09-15 19:20 - 2015-09-15 19:21 - 00592693 _____ C:\Users\ArunPc\Downloads\METAL.GEAR.SOLID.5.TPP.V1.01.PLUS22TRN.FLING.ZIP
    2015-09-14 18:08 - 2015-09-14 18:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
    2015-09-13 22:25 - 2015-09-13 22:25 - 00000000 ____D C:\Users\ArunPc\AppData\Roaming\Sun
    2015-09-13 22:25 - 2015-09-13 22:25 - 00000000 ____D C:\Users\ArunPc\.oracle_jre_usage
    2015-09-13 11:35 - 2015-09-17 20:17 - 00000000 ____D C:\Users\ArunPc\AppData\Roaming\IDM
    2015-09-13 11:35 - 2015-09-13 11:38 - 00000000 ____D C:\Program Files (x86)\Internet Download Manager
    2015-09-13 11:35 - 2015-09-13 11:35 - 00001089 _____ C:\Users\ArunPc\Desktop\Internet Download Manager.lnk
    2015-09-13 11:35 - 2015-09-13 11:35 - 00000000 ____D C:\Users\ArunPc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Download Manager
    2015-09-13 11:35 - 2015-09-13 11:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Download Manager
    2015-09-11 00:11 - 2015-09-11 00:11 - 00000000 ____D C:\Users\ArunPc\AppData\Local\CEF
    2015-09-10 01:07 - 2015-09-10 20:46 - 00000000 ____D C:\Users\ArunPc\Downloads\DEADPOOL.PLUS12TRN.LINGON
    2015-09-10 00:57 - 2015-09-10 00:57 - 00000000 ____D C:\Users\ArunPc\Downloads\DEADPOOL.PLUS10TRN.DANIK
    2015-09-10 00:56 - 2015-09-10 00:57 - 03888097 _____ C:\Users\ArunPc\Downloads\DEADPOOL.PLUS10TRN.DANIK.ZIP
    2015-09-09 19:00 - 2015-09-09 19:37 - 54095832 _____ C:\Users\ArunPc\Downloads\TVF Pitchers _ S01E03 - 'The Jury Room'.mp4.part
    2015-09-05 11:55 - 2015-09-17 20:30 - 00000000 ____D C:\Users\ArunPc\Documents\FLiNGTrainer
    2015-09-05 11:54 - 2015-09-05 11:55 - 00000000 ____D C:\Users\ArunPc\Desktop\gamesaves
    2015-08-28 18:06 - 2015-06-12 07:30 - 00197616 _____ (Tonec Inc.) C:\WINDOWS\system32\Drivers\idmwfp.sys
    2015-08-27 16:05 - 2015-08-07 16:37 - 01898288 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6435560.dll
    2015-08-27 16:05 - 2015-08-07 16:37 - 01558832 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6435560.dll
    2015-08-27 09:07 - 2015-08-27 09:07 - 00024576 ___SH C:\Users\ArunPc\Downloads\Thumbs.db
    2015-08-26 20:10 - 2015-08-26 20:10 - 00000000 ____D C:\Users\ArunPc\AppData\Roaming\2K Sports
    2015-08-26 19:57 - 2015-09-13 15:19 - 00000911 _____ C:\Users\ArunPc\Desktop\NBA 2K15.lnk
    2015-08-26 19:57 - 2015-08-26 19:57 - 00000000 ____D C:\Users\ArunPc\AppData\Roaming\NBA 2K15
    2015-08-26 17:28 - 2015-08-26 17:28 - 00000000 ____D C:\WINDOWS\PCHEALTH
    2015-08-26 17:26 - 2015-08-26 17:35 - 00000000 ____D C:\Users\ArunPc\AppData\Roaming\PortForward.com
    2015-08-26 17:26 - 2015-08-26 17:26 - 00000000 ____D C:\Users\ArunPc\AppData\Local\Downloaded Installations
    2015-08-25 12:24 - 2015-08-25 12:25 - 02921782 _____ C:\Users\ArunPc\Downloads\panthea-v0-06.swf
    2015-08-25 12:08 - 2015-08-25 12:08 - 00038011 _____ C:\Users\ArunPc\Downloads\boobs_shake.swf
    2015-08-24 22:06 - 2015-08-24 22:06 - 00466456 _____ (Creative Labs) C:\WINDOWS\system32\wrap_oal.dll
    2015-08-24 22:06 - 2015-08-24 22:06 - 00444952 _____ (Creative Labs) C:\WINDOWS\SysWOW64\wrap_oal.dll
    2015-08-24 22:06 - 2015-08-24 22:06 - 00122904 _____ (Portions (C) Creative Labs Inc. and NVIDIA Corp.) C:\WINDOWS\system32\OpenAL32.dll
    2015-08-24 22:06 - 2015-08-24 22:06 - 00109080 _____ (Portions (C) Creative Labs Inc. and NVIDIA Corp.) C:\WINDOWS\SysWOW64\OpenAL32.dll
    2015-08-24 22:06 - 2015-08-24 22:06 - 00000000 ____D C:\ProgramData\Codemasters
    2015-08-24 22:06 - 2015-08-24 22:06 - 00000000 ____D C:\Program Files (x86)\OpenAL
    2015-08-24 21:02 - 2015-08-11 10:22 - 00069416 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvaudcap32v.dll
    2015-08-22 17:07 - 2015-08-03 07:48 - 08613200 _____ (Microsoft Corp.) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
    2015-08-22 17:07 - 2015-08-03 07:26 - 06878256 _____ (Microsoft Corp.) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
    2015-08-22 17:06 - 2015-08-13 09:52 - 02093056 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
    2015-08-22 17:06 - 2015-08-13 09:50 - 00414208 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
    2015-08-22 17:06 - 2015-08-13 09:23 - 00311808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
    2015-08-22 17:06 - 2015-08-11 15:34 - 04532304 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
    2015-08-22 17:06 - 2015-08-11 15:34 - 02462648 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
    2015-08-22 17:06 - 2015-08-11 15:34 - 01087296 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
    2015-08-22 17:06 - 2015-08-11 15:33 - 00442208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
    2015-08-22 17:06 - 2015-08-11 15:32 - 00554744 _____ (Microsoft Corporation) C:\WINDOWS\system32\directmanipulation.dll
    2015-08-22 17:06 - 2015-08-11 15:32 - 00292856 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppHost.exe
    2015-08-22 17:06 - 2015-08-11 15:32 - 00080720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\stornvme.sys
    2015-08-22 17:06 - 2015-08-11 15:22 - 00993104 _____ (Microsoft Corporation) C:\WINDOWS\system32\ReAgent.dll
    2015-08-22 17:06 - 2015-08-11 15:20 - 01643872 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
    2015-08-22 17:06 - 2015-08-11 15:10 - 04048808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
    2015-08-22 17:06 - 2015-08-11 15:10 - 02151208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
    2015-08-22 17:06 - 2015-08-11 15:10 - 00918320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
    2015-08-22 17:06 - 2015-08-11 15:08 - 00454000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\directmanipulation.dll
    2015-08-22 17:06 - 2015-08-11 15:07 - 00243800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppHost.exe
    2015-08-22 17:06 - 2015-08-11 14:56 - 00845664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ReAgent.dll
    2015-08-22 17:06 - 2015-08-11 14:53 - 16706560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
    2015-08-22 17:06 - 2015-08-11 14:51 - 00148992 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringservice.dll
    2015-08-22 17:06 - 2015-08-11 14:51 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringclient.dll
    2015-08-22 17:06 - 2015-08-11 14:50 - 00483328 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneDriveSettingSyncProvider.dll
    2015-08-22 17:06 - 2015-08-11 14:49 - 00235520 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Notifications.dll
    2015-08-22 17:06 - 2015-08-11 14:48 - 00235008 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserMgrProxy.dll
    2015-08-22 17:06 - 2015-08-11 14:46 - 02416640 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
    2015-08-22 17:06 - 2015-08-11 14:44 - 00404480 _____ C:\WINDOWS\system32\diagtrack_wininternal.dll
    2015-08-22 17:06 - 2015-08-11 14:43 - 00413184 _____ C:\WINDOWS\system32\diagtrack_win.dll
    2015-08-22 17:06 - 2015-08-11 14:41 - 02446336 _____ C:\WINDOWS\system32\InputService.dll
    2015-08-22 17:06 - 2015-08-11 14:41 - 00553472 _____ (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe
    2015-08-22 17:06 - 2015-08-11 14:40 - 00778752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
    2015-08-22 17:06 - 2015-08-11 14:40 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
    2015-08-22 17:06 - 2015-08-11 14:40 - 00293376 _____ C:\WINDOWS\system32\TextInputFramework.dll
    2015-08-22 17:06 - 2015-08-11 14:39 - 00032768 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuautoappupdate.dll
    2015-08-22 17:06 - 2015-08-11 14:38 - 00893440 _____ (Microsoft Corporation) C:\WINDOWS\system32\MbaeApiPublic.dll
    2015-08-22 17:06 - 2015-08-11 14:38 - 00563200 _____ (Microsoft Corporation) C:\WINDOWS\system32\MbaeApi.dll
    2015-08-22 17:06 - 2015-08-11 14:37 - 01178112 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
    2015-08-22 17:06 - 2015-08-11 14:37 - 00593920 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
    2015-08-22 17:06 - 2015-08-11 14:37 - 00115712 _____ (Microsoft Corporation) C:\WINDOWS\system32\MbaeParserTask.exe
    2015-08-22 17:06 - 2015-08-11 14:36 - 07523328 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
    2015-08-22 17:06 - 2015-08-11 14:36 - 02662400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
    2015-08-22 17:06 - 2015-08-11 14:35 - 03527168 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
    2015-08-22 17:06 - 2015-08-11 14:35 - 00996352 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
    2015-08-22 17:06 - 2015-08-11 14:35 - 00342016 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationGeofences.dll
    2015-08-22 17:06 - 2015-08-11 14:35 - 00269312 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationFramework.dll
    2015-08-22 17:06 - 2015-08-11 14:35 - 00137216 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationPermissions.dll
    2015-08-22 17:06 - 2015-08-11 14:35 - 00078848 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationFrameworkInternalPS.dll
    2015-08-22 17:06 - 2015-08-11 14:33 - 02558976 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
    2015-08-22 17:06 - 2015-08-11 14:32 - 00621056 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
    2015-08-22 17:06 - 2015-08-11 14:32 - 00186368 _____ (Microsoft Corporation) C:\WINDOWS\system32\cloudAP.dll
    2015-08-22 17:06 - 2015-08-11 14:31 - 01334784 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll
    2015-08-22 17:06 - 2015-08-11 14:30 - 00336384 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe
    2015-08-22 17:06 - 2015-08-11 14:30 - 00274432 _____ (Microsoft Corporation) C:\WINDOWS\system32\syncutil.dll
    2015-08-22 17:06 - 2015-08-11 14:29 - 01106432 _____ (Microsoft Corporation) C:\WINDOWS\system32\sysmain.dll
    2015-08-22 17:06 - 2015-08-11 14:29 - 00642560 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdbui.dll
    2015-08-22 17:06 - 2015-08-11 14:29 - 00123392 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
    2015-08-22 17:06 - 2015-08-11 14:29 - 00042496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tetheringclient.dll
    2015-08-22 17:06 - 2015-08-11 14:28 - 00372224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneDriveSettingSyncProvider.dll
    2015-08-22 17:06 - 2015-08-11 14:27 - 13024768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
    2015-08-22 17:06 - 2015-08-11 14:27 - 00159744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserMgrProxy.dll
    2015-08-22 17:06 - 2015-08-11 14:21 - 01916928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
    2015-08-22 17:06 - 2015-08-11 14:21 - 01823232 _____ C:\WINDOWS\SysWOW64\InputService.dll
    2015-08-22 17:06 - 2015-08-11 14:20 - 00420352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GamePanel.exe
    2015-08-22 17:06 - 2015-08-11 14:20 - 00200704 _____ C:\WINDOWS\SysWOW64\TextInputFramework.dll
    2015-08-22 17:06 - 2015-08-11 14:20 - 00131584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll
    2015-08-22 17:06 - 2015-08-11 14:19 - 00586752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll
    2015-08-22 17:06 - 2015-08-11 14:19 - 00247808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
    2015-08-22 17:06 - 2015-08-11 14:18 - 00671232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MbaeApiPublic.dll
    2015-08-22 17:06 - 2015-08-11 14:17 - 00448512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MbaeApi.dll
    2015-08-22 17:06 - 2015-08-11 14:15 - 01820672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
    2015-08-22 17:06 - 2015-08-11 14:13 - 02748416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
    2015-08-22 17:06 - 2015-08-11 14:12 - 05454848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
    2015-08-22 17:06 - 2015-08-11 14:10 - 01964544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
    2015-08-22 17:06 - 2015-08-11 14:10 - 01112064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll
    2015-08-22 17:06 - 2015-08-11 14:09 - 00280576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchProtocolHost.exe
    2015-08-22 17:06 - 2015-08-11 14:08 - 00162304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ReInfo.dll
    2015-08-22 17:06 - 2015-08-08 12:59 - 01822280 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
    2015-08-22 17:06 - 2015-08-08 12:31 - 01533496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
    2015-08-22 17:06 - 2015-08-08 11:54 - 02415104 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
    2015-08-22 17:06 - 2015-08-08 11:54 - 01679360 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
    2015-08-22 17:06 - 2015-08-08 11:30 - 01985024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
    2015-08-22 17:06 - 2015-08-06 08:47 - 00237392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdyboost.sys
    2015-08-22 17:06 - 2015-08-06 08:47 - 00200528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wof.sys
    2015-08-22 17:06 - 2015-08-06 07:52 - 00685568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdiWiFi.sys
    2015-08-22 17:06 - 2015-08-05 10:19 - 00783112 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
    2015-08-22 17:06 - 2015-08-05 09:59 - 00644128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
    2015-08-22 17:06 - 2015-08-05 09:30 - 00310784 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActionCenter.dll
    2015-08-22 17:06 - 2015-08-05 09:24 - 01274880 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll
    2015-08-22 17:06 - 2015-08-05 09:09 - 00261632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActionCenter.dll
    2015-08-22 17:06 - 2015-08-04 09:37 - 00102752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mountmgr.sys
    2015-08-22 17:06 - 2015-08-04 09:36 - 00583128 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf.dll
    2015-08-22 17:06 - 2015-08-04 09:36 - 00243248 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
    2015-08-22 17:06 - 2015-08-04 08:53 - 00078848 _____ (Microsoft Corporation) C:\WINDOWS\system32\VPNv2CSP.dll
    2015-08-22 17:06 - 2015-08-04 08:29 - 01212416 _____ (Microsoft Corporation) C:\WINDOWS\system32\RemoteNaturalLanguage.dll
    2015-08-22 17:06 - 2015-08-04 08:17 - 00898560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RemoteNaturalLanguage.dll
    2015-08-22 17:06 - 2015-08-03 08:02 - 00306688 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationObjFactory.dll
    2015-08-22 17:06 - 2015-08-03 07:58 - 00268800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NotificationObjFactory.dll
    2015-08-22 17:06 - 2015-08-03 07:49 - 00505696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
    2015-08-22 17:06 - 2015-08-03 07:49 - 00393568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
    2015-08-22 17:06 - 2015-08-03 07:48 - 01983840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
    2015-08-22 17:06 - 2015-08-03 07:48 - 00594472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Shell.Broker.dll
    2015-08-22 17:06 - 2015-08-03 07:48 - 00046432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msgpiowin32.sys
    2015-08-22 17:06 - 2015-08-03 07:47 - 00516960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
    2015-08-22 17:06 - 2015-08-03 07:47 - 00052264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wpcfltr.sys
    2015-08-22 17:06 - 2015-08-03 07:42 - 00801632 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
    2015-08-22 17:06 - 2015-08-03 07:19 - 00700256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
    2015-08-22 17:06 - 2015-08-03 07:01 - 00911360 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedStartModel.dll
    2015-08-22 17:06 - 2015-08-03 06:54 - 00193536 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedStartModelShim.dll
    2015-08-22 17:06 - 2015-08-03 06:52 - 01601536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Speech.dll
    2015-08-22 17:06 - 2015-08-03 06:52 - 00317440 _____ (Microsoft Corporation) C:\WINDOWS\system32\configmanager2.dll
    2015-08-22 17:06 - 2015-08-03 06:51 - 00179712 _____ (Microsoft Corporation) C:\WINDOWS\system32\coredpus.dll
    2015-08-22 17:06 - 2015-08-03 06:49 - 00215040 _____ (Microsoft Corporation) C:\WINDOWS\system32\notepad.exe
    2015-08-22 17:06 - 2015-08-03 06:49 - 00215040 _____ (Microsoft Corporation) C:\WINDOWS\notepad.exe
    2015-08-22 17:06 - 2015-08-03 06:48 - 03780096 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
    2015-08-22 17:06 - 2015-08-03 06:48 - 00162304 _____ (Microsoft Corporation) C:\WINDOWS\system32\SubscriptionMgr.dll
    2015-08-22 17:06 - 2015-08-03 06:48 - 00120832 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkStatus.dll
    2015-08-22 17:06 - 2015-08-03 06:45 - 01290752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll
    2015-08-22 17:06 - 2015-08-03 06:45 - 00595456 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
    2015-08-22 17:06 - 2015-08-03 06:45 - 00573440 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Cortana.Desktop.dll
    2015-08-22 17:06 - 2015-08-03 06:45 - 00384000 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppBroker.dll
    2015-08-22 17:06 - 2015-08-03 06:45 - 00171520 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinBioDataModel.dll
    2015-08-22 17:06 - 2015-08-03 06:44 - 00273920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.LockScreen.dll
    2015-08-22 17:06 - 2015-08-03 06:41 - 00814080 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctfuimanager.dll
    2015-08-22 17:06 - 2015-08-03 06:40 - 01162240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Speech.dll
    2015-08-22 17:06 - 2015-08-03 06:36 - 00207872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\notepad.exe
    2015-08-22 17:06 - 2015-08-03 06:33 - 00494592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LogonController.dll
    2015-08-22 17:06 - 2015-08-03 06:32 - 00311808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppBroker.dll
    2015-08-22 17:06 - 2015-08-03 06:32 - 00195072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.LockScreen.dll
    2015-08-22 17:06 - 2015-08-03 06:29 - 00752640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctfuimanager.dll
    2015-08-22 17:05 - 2015-08-03 07:00 - 00253952 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_UserAccount.dll
    2015-08-22 17:05 - 2015-08-03 06:54 - 00503808 _____ (Microsoft Corporation) C:\WINDOWS\system32\tileobjserver.dll
    2015-08-22 17:05 - 2015-08-03 06:54 - 00282112 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEEventDispatcher.dll
    2015-08-22 17:05 - 2015-08-03 06:53 - 00122880 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEDataLayerHelpers.dll
    2015-08-22 17:05 - 2015-08-03 06:42 - 00217088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEEventDispatcher.dll
    2015-08-22 17:05 - 2015-08-03 06:42 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEDataLayerHelpers.dll
    2015-08-22 15:32 - 2015-09-14 18:07 - 00000000 ____D C:\Users\ArunPc\AppData\Roaming\bizarre creations
    2015-08-22 15:30 - 2015-08-22 15:30 - 00003342 _____ C:\WINDOWS\System32\Tasks\{A4F7503C-AC48-446D-9B65-82D015F47443}
    2015-08-22 14:59 - 2015-08-22 14:59 - 00336968 _____ C:\WINDOWS\Minidump\082215-11796-01.dmp
    2015-08-22 14:59 - 2015-08-22 14:59 - 00000000 ____D C:\WINDOWS\Minidump
    2015-08-22 00:07 - 2015-08-22 00:07 - 00000000 ____D C:\CPY_SAVES
    2015-08-22 00:02 - 2015-08-25 12:56 - 00125952 ___SH C:\Users\ArunPc\Desktop\Thumbs.db

    ==================== One Month Modified files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2015-09-20 11:54 - 2015-07-04 23:02 - 00000000 ____D C:\FRST
    2015-09-20 11:52 - 2014-11-15 13:37 - 00000912 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
    2015-09-20 11:52 - 2014-11-05 11:20 - 00000000 ___DO C:\Users\ArunPc\OneDrive
    2015-09-20 11:51 - 2015-08-08 12:52 - 00000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
    2015-09-20 11:51 - 2015-07-10 17:52 - 00000275 _____ C:\WINDOWS\WindowsUpdate.log
    2015-09-20 11:50 - 2015-08-08 12:51 - 00000000 ____D C:\ProgramData\NVIDIA
    2015-09-20 11:50 - 2015-08-08 12:48 - 00017256 _____ C:\WINDOWS\PFRO.log
    2015-09-20 11:50 - 2015-07-10 17:51 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
    2015-09-20 11:50 - 2015-07-10 16:34 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
    2015-09-20 11:49 - 2015-07-10 16:34 - 00000000 ____D C:\WINDOWS\system32\sru
    2015-09-20 11:49 - 2015-07-10 14:35 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
    2015-09-20 11:49 - 2014-12-05 01:41 - 00000000 ____D C:\Users\ArunPc\AppData\Roaming\DMCache
    2015-09-20 11:26 - 2014-11-29 13:21 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
    2015-09-20 11:08 - 2015-08-08 13:12 - 00875126 _____ C:\WINDOWS\system32\PerfStringBackup.INI
    2015-09-20 11:08 - 2014-11-15 13:37 - 00000916 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
    2015-09-20 11:08 - 2014-11-05 10:30 - 00004146 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{076AB7FA-818B-4F9C-983D-E8EC67CFC650}
    2015-09-19 23:27 - 2015-07-10 16:34 - 00000000 ____D C:\WINDOWS\rescache
    2015-09-19 22:59 - 2014-11-05 12:53 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
    2015-09-19 21:58 - 2015-08-08 12:51 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
    2015-09-19 20:56 - 2015-07-10 16:34 - 00000000 ____D C:\WINDOWS\AppReadiness
    2015-09-19 20:48 - 2015-04-12 21:55 - 00001461 _____ C:\Users\Public\Desktop\GeForce Experience.lnk
    2015-09-19 20:47 - 2015-07-10 17:50 - 00047047 _____ C:\WINDOWS\setupact.log
    2015-09-19 20:46 - 2015-08-06 17:30 - 00000000 ____D C:\Program Files (x86)\Opera
    2015-09-19 11:51 - 2015-08-08 12:55 - 00000000 ____D C:\Users\ArunPc
    2015-09-19 08:53 - 2014-11-14 14:18 - 00000600 _____ C:\Users\ArunPc\AppData\Local\PUTTY.RND
    2015-09-19 08:33 - 2014-11-15 13:37 - 00003974 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
    2015-09-19 08:33 - 2014-11-15 13:37 - 00003742 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
    2015-09-19 08:17 - 2014-11-05 06:29 - 00000000 ____D C:\ProgramData\Microsoft Help
    2015-09-18 16:34 - 2014-11-15 13:46 - 00002271 _____ C:\Users\Public\Desktop\Google Chrome.lnk
    2015-09-18 16:16 - 2015-07-10 17:50 - 05065824 _____ C:\WINDOWS\system32\FNTCACHE.DAT
    2015-09-18 16:14 - 2015-07-10 18:46 - 00000000 ____D C:\Program Files\Windows Journal
    2015-09-18 16:14 - 2015-07-10 16:34 - 00000000 ____D C:\WINDOWS\system32\oobe
    2015-09-18 16:14 - 2015-07-10 16:34 - 00000000 ____D C:\WINDOWS\system32\appraiser
    2015-09-18 16:02 - 2015-07-10 16:34 - 00000000 ____D C:\WINDOWS\system32\NDF
    2015-09-17 21:17 - 2015-07-10 16:25 - 00000000 ____D C:\WINDOWS\CbsTemp
    2015-09-17 20:30 - 2015-08-11 20:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Download Accelerator
    2015-09-17 20:30 - 2015-08-11 20:06 - 00000000 ____D C:\Program Files (x86)\IDA
    2015-09-17 20:30 - 2015-07-10 18:46 - 00000000 ____D C:\WINDOWS\ShellNew
    2015-09-17 20:30 - 2015-07-10 14:35 - 00000000 ____D C:\WINDOWS\system32\Sysprep
    2015-09-17 20:30 - 2015-06-19 01:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
    2015-09-17 20:30 - 2015-03-22 11:33 - 00000000 ____D C:\Users\ArunPc\AppData\Roaming\vlc
    2015-09-17 20:30 - 2014-09-17 08:32 - 00000000 ____D C:\Program Files\Lenovo
    2015-09-17 20:30 - 2014-09-17 08:28 - 00000000 ____D C:\Program Files\Common Files\Nitro
    2015-09-17 20:30 - 2014-09-17 08:28 - 00000000 ____D C:\Program Files (x86)\Nitro
    2015-09-17 20:30 - 2014-09-17 08:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo
    2015-09-17 20:30 - 2014-09-17 08:26 - 00000000 ____D C:\Program Files (x86)\Lenovo
    2015-09-17 20:30 - 2014-09-17 07:36 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
    2015-09-17 20:19 - 2015-07-10 16:34 - 00000000 ____D C:\WINDOWS\registration
    2015-09-17 20:17 - 2014-11-05 06:04 - 00000000 ____D C:\Users\ArunPc\AppData\Local\Packages
    2015-09-17 20:16 - 2014-09-17 08:28 - 00000000 ____D C:\ProgramData\Nitro
    2015-09-17 20:08 - 2015-08-08 13:31 - 00002383 _____ C:\Users\ArunPc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
    2015-09-17 19:04 - 2015-08-06 17:38 - 00003932 _____ C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1438862732
    2015-09-17 19:04 - 2015-08-06 17:35 - 00001131 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
    2015-09-16 21:45 - 2015-07-10 16:34 - 00000000 ____D C:\WINDOWS\LiveKernelReports
    2015-09-16 21:30 - 2014-11-06 14:08 - 00000000 ____D C:\WINDOWS\system32\MRT
    2015-09-14 18:08 - 2015-07-05 18:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Counter-Strike 1.6
    2015-09-14 08:15 - 2014-12-05 01:41 - 00000000 ____D C:\Users\ArunPc\Downloads\Video
    2015-09-13 22:28 - 2015-06-19 01:05 - 00000000 ____D C:\ProgramData\Oracle
    2015-09-13 22:25 - 2015-07-17 18:36 - 00110688 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge-64.dll
    2015-09-13 22:25 - 2015-07-17 18:35 - 00000000 ____D C:\Program Files\Java
    2015-09-13 12:06 - 2015-05-21 10:01 - 00000000 ____D C:\Users\ArunPc\Desktop\Bangalore
    2015-09-13 11:53 - 2015-06-09 21:38 - 00000000 ____D C:\Users\ArunPc\Desktop\Anand dance
    2015-09-13 11:38 - 2013-08-22 18:55 - 00002052 ____R C:\WINDOWS\system32\Drivers\etc\hosts.old
    2015-09-12 08:43 - 2014-11-09 13:49 - 00000000 ____D C:\Users\ArunPc\Documents\My Games
    2015-09-12 08:31 - 2015-02-01 18:16 - 00000000 ____D C:\Program Files (x86)\Steam
    2015-09-12 08:30 - 2015-08-08 13:25 - 00000000 ____D C:\Users\ArunPc\AppData\Local\Comms
    2015-09-06 15:04 - 2015-05-29 17:20 - 00000000 ____D C:\Users\ArunPc\Documents\The Witcher 3
    2015-09-06 01:26 - 2015-04-19 00:17 - 00000080 _____ C:\Users\ArunPc\AppData\Local剜捯獫慴⁲慇敭屳呇⁁屖湥楴汴浥湥⹴湩潦
    2015-09-05 21:23 - 2015-07-10 16:34 - 00000000 ____D C:\WINDOWS\system32\WinBioDatabase
    2015-09-03 16:47 - 2015-06-26 15:16 - 00000000 ____D C:\Users\ArunPc\Desktop\New folder
    2015-08-31 04:17 - 2015-07-23 04:02 - 11188880 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvlddmkm.sys
    2015-08-27 16:21 - 2015-01-24 13:53 - 00000000 ____D C:\Users\ArunPc\AppData\Roaming\SecondLife
    2015-08-27 06:07 - 2014-11-05 10:43 - 01316000 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspbridge.dll
    2015-08-27 06:07 - 2014-09-17 07:43 - 01423120 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspcap.dll
    2015-08-27 06:06 - 2014-11-05 10:43 - 01756424 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspbridge64.dll
    2015-08-27 06:06 - 2014-09-17 07:43 - 01710568 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspcap64.dll
    2015-08-26 00:08 - 2015-07-23 04:02 - 03480792 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll
    2015-08-26 00:08 - 2015-07-23 04:02 - 03074776 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
    2015-08-26 00:08 - 2015-07-23 04:02 - 00034044 _____ C:\WINDOWS\system32\nvinfo.pb
    2015-08-25 21:27 - 2015-08-08 12:51 - 06884984 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
    2015-08-25 21:27 - 2015-08-08 12:51 - 03496752 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll
    2015-08-25 21:27 - 2015-08-08 12:51 - 02558584 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll
    2015-08-25 21:27 - 2015-08-08 12:51 - 01062520 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshext.dll
    2015-08-25 21:27 - 2015-08-08 12:51 - 00937592 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvvsvc.exe
    2015-08-25 21:27 - 2015-08-08 12:51 - 00582448 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\oemdspif.dll
    2015-08-25 21:27 - 2015-08-08 12:51 - 00385144 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll
    2015-08-25 21:27 - 2015-08-08 12:51 - 00075056 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshextr.dll
    2015-08-25 21:27 - 2015-08-08 12:51 - 00062584 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll
    2015-08-25 18:32 - 2015-08-08 12:51 - 05165808 _____ C:\WINDOWS\system32\nvcoproc.bin
    2015-08-25 14:03 - 2015-06-14 12:48 - 00000000 ____D C:\Users\ArunPc\Desktop\hangout
    2015-08-24 21:08 - 2014-11-05 06:04 - 00000000 ____D C:\Users\ArunPc\AppData\Local\NVIDIA
    2015-08-24 14:33 - 2015-04-18 23:56 - 00000000 ____D C:\Program Files\Rockstar Games
    2015-08-24 14:33 - 2015-04-18 23:56 - 00000000 ____D C:\Program Files (x86)\Rockstar Games
    2015-08-23 16:18 - 2015-07-10 16:34 - 00000000 ___RD C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
    2015-08-23 16:18 - 2015-07-10 16:34 - 00000000 ___RD C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
    2015-08-23 16:18 - 2015-07-10 16:34 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
    2015-08-23 16:18 - 2014-11-21 23:53 - 00000000 ____D C:\Program Files\Microsoft Silverlight
    2015-08-23 16:18 - 2014-11-21 23:53 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
    2015-08-23 03:14 - 2014-11-21 23:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
    2015-08-23 03:08 - 2014-11-06 14:08 - 132483416 ____N (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
    2015-08-23 03:04 - 2013-08-22 18:55 - 00000199 _____ C:\WINDOWS\win.ini
    2015-08-22 17:29 - 2015-07-18 18:42 - 00000886 _____ C:\Users\ArunPc\Desktop\Play COD4 MultiPlayer.lnk
    2015-08-22 14:59 - 2015-07-01 20:22 - 826717331 _____ C:\WINDOWS\MEMORY.DMP

    ==================== Files in the root of some directories =======

    2014-11-05 12:42 - 2014-11-14 00:30 - 1249792 _____ (http://www.ruby-lang.org/) C:\Users\ArunPc\AppData\Roaming\msvcr90-ruby191.dll
    2015-07-15 22:32 - 2015-07-15 22:32 - 0000000 ___SH () C:\Users\ArunPc\AppData\Local\LumaEmu
    2014-11-14 14:18 - 2015-09-19 08:53 - 0000600 _____ () C:\Users\ArunPc\AppData\Local\PUTTY.RND
    2015-08-08 12:53 - 2015-08-08 12:53 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

    Some files in TEMP:
    ====================
    C:\Users\ArunPc\AppData\Local\Temp\jre-8u60-windows-au.exe
    C:\Users\ArunPc\AppData\Local\Temp\nvSCPAPI.dll
    C:\Users\ArunPc\AppData\Local\Temp\nvStInst.exe


    ==================== Bamital & volsnap =================

    (There is no automatic fix for files that do not pass verification.)

    C:\WINDOWS\system32\winlogon.exe => File is digitally signed
    C:\WINDOWS\system32\wininit.exe => File is digitally signed
    C:\WINDOWS\explorer.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
    C:\WINDOWS\system32\svchost.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
    C:\WINDOWS\system32\services.exe => File is digitally signed
    C:\WINDOWS\system32\User32.dll => File is digitally signed
    C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
    C:\WINDOWS\system32\userinit.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
    C:\WINDOWS\system32\rpcss.dll => File is digitally signed
    C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
    C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
    C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2015-09-19 21:03

    ==================== End of FRST.txt ============================

    Also posting addition.txt log
    Additional scan result of Farbar Recovery Scan Tool (x64) Version:15-09-2015
    Ran by ArunPc (2015-09-20 11:55:19)
    Running from C:\Users\ArunPc\Downloads\Programs
    Windows 10 Home Single Language (X64) (2015-08-08 07:53:46)
    Boot Mode: Normal
    ==========================================================


    ==================== Accounts: =============================

    Administrator (S-1-5-21-3533856717-1996590830-672907801-500 - Administrator - Disabled)
    ArunPc (S-1-5-21-3533856717-1996590830-672907801-1001 - Administrator - Enabled) => C:\Users\ArunPc
    DefaultAccount (S-1-5-21-3533856717-1996590830-672907801-503 - Limited - Disabled)
    Guest (S-1-5-21-3533856717-1996590830-672907801-501 - Limited - Disabled)
    HomeGroupUser$ (S-1-5-21-3533856717-1996590830-672907801-1003 - Limited - Enabled)

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    ==================== Installed Programs ======================

    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version: - )
    Adobe Acrobat X Pro - English, Français, Deutsch (HKLM-x32\...\{AC76BA86-1033-F400-7760-000000000005}) (Version: 10.1.15 - Adobe Systems)
    Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated)
    Adobe Creative Suite 6 Master Collection (HKLM-x32\...\{E8AD3069-9EB7-4BA8-8BFE-83F4E69355C0}) (Version: 6 - Adobe Systems Incorporated)
    Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.232 - Adobe Systems Incorporated)
    Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)
    Adobe Widget Browser (HKLM-x32\...\com.adobe.WidgetBrowser) (Version: 2.0 Build 348 - Adobe Systems Incorporated.)
    Audacity 2.0.5 (HKLM-x32\...\Audacity_is1) (Version: 2.0.5 - Audacity Team)
    AutoCAD 2007 - English (HKLM-x32\...\{5783F2D7-5001-0409-0002-0060B0CE6BBA}) (Version: 17.0.54.110 - Autodesk)
    Autodesk DWF Viewer (HKLM-x32\...\Autodesk DWF Viewer) (Version: 6.5 - Autodesk, Inc.)
    Cheat Engine 6.2 (HKLM-x32\...\Cheat Engine 6.2_is1) (Version: - Dark Byte)
    CodeBlocks (HKU\S-1-5-21-3533856717-1996590830-672907801-1001\...\CodeBlocks) (Version: 13.12 - The Code::Blocks Team)
    CyberLink MediaStory (HKLM-x32\...\InstallShield_{55762F9A-FCE3-45d5-817B-051218658423}) (Version: 1.0.1314 - CyberLink Corp.)
    CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.0.2810 - CyberLink Corp.)
    CyberLink PowerDirector 10 (Version: 10.0.0.2810 - CyberLink Corp.) Hidden
    DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.47.1.0333 - Disc Soft Ltd)
    Dependency Package Update (Version: 1.6.25.00 - Lenovo Inc.) Hidden
    Dependency Package Update (Version: 1.6.29.00 - Lenovo Inc.) Hidden
    Dependency Package Update (Version: 1.6.36.00 - Lenovo Inc.) Hidden
    Dependency Package Update (x32 Version: 1.6.32.00 - Lenovo Group Limited) Hidden
    Dolby Digital Plus Home Theater (HKLM\...\{7E3D8FA1-6092-469A-955B-68FC4A2C67CA}) (Version: 7.5.1.1 - Dolby Laboratories Inc)
    f.lux (HKU\S-1-5-21-3533856717-1996590830-672907801-1001\...\Flux) (Version: - )
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 45.0.2454.93 - Google Inc.)
    Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
    Google Update Helper (x32 Version: 1.3.28.15 - Google Inc.) Hidden
    Grand Theft Auto V (HKLM-x32\...\{E01FA564-2094-4833-8F2F-1FFEC6AFCC46}) (Version: "1.00.0000" - Rockstar Games)
    Hightail for Lenovo (HKLM\...\{2F10E937-F6D7-4174-8AB9-B299E8FC5CEC}) (Version: 2.4.97.2857 - Hightail, Inc.)
    Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.15.1730 - Intel Corporation)
    Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3540 - Intel Corporation)
    Intel(R) Update Manager (HKLM-x32\...\{12914061-EB9B-4AE7-AC7E-0B8A607C7DF4}) (Version: 2.3.1338 - Intel Corporation)
    Internet Download Accelerator version 6.5 (HKLM-x32\...\Internet Download Accelerator_is1) (Version: 6.5 - WestByte)
    Internet Download Manager (HKLM-x32\...\Internet Download Manager) (Version: - Tonec Inc.)
    Java 8 Update 60 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418060F0}) (Version: 8.0.600.27 - Oracle Corporation)
    LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version: - )
    Lenovo Dependency Package (HKLM\...\Lenovo Dependency Package_is1) (Version: 1.6.36.00 - Lenovo Group Limited)
    Lenovo EasyCamera (HKLM-x32\...\{E0A7ED39-8CD6-4351-93C3-69CCA00D12B4}) (Version: 6.2.9200.10279 - Realtek Semiconductor Corp.)
    Lenovo EasyCamera (HKLM-x32\...\{E399A5B3-ED53-4DEA-AF04-8011E1EB1EAC}) (Version: 6.3.9600.11105 - Realtek Semiconductor Corp.)
    Lenovo FusionEngine (HKLM-x32\...\Lenovo FusionEngine) (Version: 1.0.13.0 - Lenovo, Inc.)
    Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.1.0.2619 - CyberLink Corp.)
    Lenovo OneKey Recovery (Version: 8.1.0.2619 - CyberLink Corp.) Hidden
    Lenovo Web Start (HKU\S-1-5-21-3533856717-1996590830-672907801-1001\...\Pokki_04bb6df446330549a2cb8d67fbd1a745025b7bd1) (Version: 1.0.2.53457 - Pokki)
    Macromedia Flash Player 8 (HKLM-x32\...\ShockwaveFlash) (Version: 8 - Macromedia)
    Magic Transfer (HKLM\...\{AD2B2BD1-A1D7-4798-8FDD-B2A58FD94E68}) (Version: 1.1.1.11 - )
    Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
    Mblaze_Mylink (HKLM-x32\...\Mblaze_Mylink_is1) (Version: - )
    Metal Gear Solid V The Phantom Pain (HKLM-x32\...\Metal Gear Solid V The Phantom Pain_is1) (Version: 1.0.0.5 - Релиз от R.G. Steamgames)
    Metric Collection SDK 35 (x32 Version: 1.2.0006.00 - Lenovo Group Limited) Hidden
    Micromax A116 Drivers(x64) (HKLM-x32\...\{C3F57607-592D-458F-81AE-349FD05DFA74}) (Version: 1.00 - Micromax)
    Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
    Microsoft Games for Windows - LIVE (HKLM-x32\...\{4D243BA7-9AC4-46D1-90E5-EEB88974F501}) (Version: 2.0.687.0 - Microsoft Corporation)
    Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{05B49229-22A2-4F88-842A-BBC2EBE1CCF6}) (Version: 2.0.687.0 - Microsoft Corporation)
    Microsoft Office Professional 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable - x64 8.0.61000 (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable - x86 8.0.61001 (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 Redistributable - x64 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010 Redistributable - x86 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{a2199617-3609-410f-a8e8-e8806c73545b}) (Version: 11.0.61030.0 - Корпорация Майкрософт)
    Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{f0080ca2-80ae-4958-b6eb-e8fa916d744a}) (Version: 11.0.61030.0 - Корпорация Майкрософт)
    Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{51adbf11-493f-431c-a862-967a0fae2944}) (Version: 12.0.21005.1 - Корпорация Майкрософт)
    Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{2af972c7-13b0-4978-92a8-fee26a4fb4e9}) (Version: 12.0.21005.1 - Корпорация Майкрософт)
    Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
    MixPad Multitrack Recording Software (HKLM-x32\...\MixPad) (Version: 3.78 - NCH Software)
    Mozilla Firefox 40.0.3 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 40.0.3 (x86 en-US)) (Version: 40.0.3 - Mozilla)
    Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 40.0.3.5716 - Mozilla)
    MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
    MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
    NBA 2K15 (HKLM-x32\...\NBA 2K15_R.G. Mechanics_is1) (Version: - R.G. Mechanics, ProZorg_tm)
    Nitro Pro 9 (HKLM\...\{70B831B7-A8EE-4C5F-8F34-F383D24B3A04}) (Version: 9.0.5.9 - Nitro)
    Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.7.8.2 - Notepad++ Team)
    NVIDIA 3D Vision Driver 355.82 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 355.82 - NVIDIA Corporation)
    NVIDIA GeForce Experience 2.5.14.5 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.5.14.5 - NVIDIA Corporation)
    NVIDIA Graphics Driver 355.82 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 355.82 - NVIDIA Corporation)
    NVIDIA PhysX (HKLM-x32\...\{81C42533-F5A8-46CE-9013-ECF783A4CBD4}) (Version: 9.09.0121 - NVIDIA Corporation)
    NVIDIA PhysX System Software 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
    Onekey Theater (HKLM-x32\...\{91CC5BAE-A098-40D3-A43B-C0DC7CE263FE}) (Version: 3.0.1.2 - Lenovo)
    OpenAL (HKLM-x32\...\OpenAL) (Version: - )
    Opera Stable 32.0.1948.25 (HKLM-x32\...\Opera 32.0.1948.25) (Version: 32.0.1948.25 - Opera Software)
    PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
    Power2Go (HKLM-x32\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 5.6.0.10525 - CyberLink Corp.)
    PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.986 - Even Balance, Inc.)
    Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.314 - Qualcomm Atheros Communications)
    Qualcomm Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm Atheros)
    RAD Video Tools (HKLM-x32\...\RADVideo) (Version: - )
    Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9600.21243 - Realtek Semiconductor Corp.)
    Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.20.815.2013 - Realtek)
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7535 - Realtek Semiconductor Corp.)
    Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.1.6.5 - Rockstar Games)
    Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
    SHAREit (HKLM-x32\...\SHAREit_is1) (Version: 2.1.14.0 - Lenovo Group Limited)
    SHIELD Streaming (Version: 4.1.3000 - NVIDIA Corporation) Hidden
    SHIELD Wireless Controller Driver (Version: 2.5.14.5 - NVIDIA Corporation) Hidden
    Skype™ 7.2 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.2.103 - Skype Technologies S.A.)
    Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
    System Requirements Lab (HKLM-x32\...\{FEE1F166-EAE4-4C4B-8988-D82521F9F63F}) (Version: 6.1.5.0 - Husdawg, LLC)
    Unity Web Player (HKU\S-1-5-21-3533856717-1996590830-672907801-1001\...\UnityWebPlayer) (Version: 5.0.3f2 - Unity Technologies ApS)
    VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.0 - VideoLAN)
    WavePad Sound Editor (HKLM-x32\...\WavePad) (Version: 6.18 - NCH Software)
    Web Freer (HKLM-x32\...\WebFreer) (Version: - )
    Windows Driver Package - Google, Inc. (WinUSB) AndroidUsbDeviceClass (08/28/2014 11.0.0000.00000) (HKLM\...\092555911492C6959D2596D612F52DCA71881CA2) (Version: 08/28/2014 11.0.0000.00000 - Google, Inc.)
    WinRAR 5.11 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.11.0 - win.rar GmbH)
    Yahoo! Messenger (HKLM-x32\...\Yahoo! Messenger) (Version: - Yahoo! Inc.)

    ==================== Custom CLSID (Whitelisted): ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== Restore Points =========================

    13-09-2015 10:43:59 Windows Defender Checkpoint
    14-09-2015 18:09:36 Removed Lenovo Updates
    17-09-2015 17:13:33 Windows Defender Checkpoint
    17-09-2015 20:12:02 Restore Operation
    20-09-2015 11:36:09 Windows Defender Checkpoint

    ==================== Hosts content: ===============================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2015-09-20 11:12 - 2015-09-20 11:12 - 00000831 ____A C:\WINDOWS\system32\Drivers\etc\hosts

    ==================== Scheduled Tasks (Whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    Task: {02A8E01B-9159-4896-88C0-658305DE58A6} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
    Task: {0EAA7CB6-5D74-4908-9792-B779D7A558BB} - \Cassiopesa sadi -> No File <==== ATTENTION
    Task: {0EBC7A40-FEC2-4E9A-9104-3E062E9525DE} - \Optimize Start Menu Cache Files-S-1-5-21-3533856717-1996590830-672907801-1001 -> No File <==== ATTENTION
    Task: {36FBF9F7-0174-4757-BF5C-29DD8E248DF9} - \Optimize Start Menu Cache Files-S-1-5-21-3533856717-1996590830-672907801-500 -> No File <==== ATTENTION
    Task: {3834C71D-C2A7-4DFA-A3AA-CF4631B55BA4} - System32\Tasks\{D5E5BD32-4978-426F-AA72-65356E115212} => pcalua.exe -a "F:\Games\Call of Duty Modern Warfare\iw3mp.exe" -d "F:\Games\Call of Duty Modern Warfare"
    Task: {3A7BF910-5449-4CA3-BA12-737EC48ECD9B} - System32\Tasks\Steam_x64-S-2-106-91 => C:\Users\ArunPc\AppData\Roaming\IDM\CODEXi\Steam <==== ATTENTION
    Task: {3D1D72CD-D5E0-486F-961D-993EAFFDBD55} - System32\Tasks\{3A84642B-22B0-437C-9E7E-6B44371A100A} => pcalua.exe -a "F:\Split Second\SplitSecond.exe" -d "F:\Split Second"
    Task: {434820BC-17EC-42A4-9525-F61A152800A9} - System32\Tasks\Opera scheduled Autoupdate 1438862732 => C:\Program Files (x86)\Opera\launcher.exe [2015-09-11] (Opera Software)
    Task: {4B649E8A-B799-448F-9EFF-0A9C6358A16B} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
    Task: {510C1592-BA7A-4FBA-9E2E-A4054B917392} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
    Task: {559BC28E-33CC-4BAD-A3F1-40CCB2C6268C} - System32\Tasks\{DEF87447-7277-4ACE-9465-0B712AA51823} => pcalua.exe -a "F:\Ubisoft Far Cry 2\bin\FarCry2.exe" -d "F:\Ubisoft Far Cry 2\bin"
    Task: {55C48ADD-CB50-4941-8501-E880C33C0AA6} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-08-17] (Adobe Systems Incorporated)
    Task: {5B8A396A-F030-44EE-95EA-ECC19F9D924E} - System32\Tasks\{979DE109-D812-4AEB-970A-2E9A6CB02A4E} => pcalua.exe -a G:\forgame\dotnet2\dotnetfx.exe -d G:\forgame\dotnet2
    Task: {7A66E628-C757-4450-B14D-E4BAD682CB0A} - System32\Tasks\{62ADEE53-037C-4D1E-9427-D9DF5CDD1F71} => pcalua.exe -a "F:\Alan Wake\Launcher.exe" -d "F:\Alan Wake"
    Task: {8F65C35C-2650-4321-A64A-34279852487A} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
    Task: {91D6E4A9-D013-439F-AEC6-F443AEE8A3DB} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-08-23] (Microsoft Corporation)
    Task: {A3A5D34D-DBD9-4CFE-A8EC-9180D20A86B0} - System32\Tasks\{A4F7503C-AC48-446D-9B65-82D015F47443} => pcalua.exe -a "F:\Program Files (x86)\R.G. Mechanics\Blur\Blur.exe" -d "F:\Program Files (x86)\R.G. Mechanics\Blur"
    Task: {A920993B-66F8-4134-B75D-F3AD306DF3B9} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
    Task: {A9A54073-965D-4E3E-B6ED-73467244A645} - System32\Tasks\{660D050B-2024-4581-907B-87C46C75CC3B} => pcalua.exe -a "F:\Call of Duty Advanced Warfare\s1_sp64_ship.exe" -d "F:\Call of Duty Advanced Warfare"
    Task: {AC5B1AD9-E368-4E42-B0D4-0F9C885A56B4} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
    Task: {AC958691-5B46-499D-87DA-8FF1F4706F97} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2014-02-28] ()
    Task: {ACE0DC6E-754D-4E8B-AA2E-CBD9D0DA9BAD} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
    Task: {B0E5FFEC-F2EB-4667-9167-4626C7D10565} - System32\Tasks\{69741DB7-17EA-4D6F-9CCC-C12A5EB97760} => pcalua.exe -a "F:\Assassin's Creed Rogue\ACC.exe" -d "F:\Assassin's Creed Rogue"
    Task: {BF7FEC25-F92C-4B41-B974-A5F770A890AA} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 35 => C:\Program Files (x86)\Lenovo\Customer Feedback Program 35\Lenovo.TVT.CustomerFeedback.Agent35.exe [2014-09-10] (Lenovo)
    Task: {C57B1FCA-27CE-43FC-99B6-150D1F29365D} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
    Task: {C8913561-E020-4D2F-BEE3-B9A8DE35FB52} - System32\Tasks\Lenovo\Dependency Package Auto Update => C:\Program Files\Lenovo\iMController\AutoUpdate.exe [2015-03-06] ()
    Task: {C8BE42A3-A726-4D2F-A2D7-00EF1EECBBA5} - \TweakBit\PCCleaner\Start PCCleaner оn logon -> No File <==== ATTENTION
    Task: {CA6FEB1F-DC44-4EF3-A5C6-2E69F5D3CC34} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-07-07] (Adobe Systems Incorporated)
    Task: {CBB137BA-56AF-465F-942E-FF46838C5CD4} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
    Task: {CC4F45E9-7B84-4283-B990-AD78DC614FDD} - System32\Tasks\DolbySelectorTask => C:\Program Files\Dolby Digital Plus\ddp.exe
    Task: {CF3C41FD-184F-45D0-8D11-C785681459BD} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2014-02-28] ()
    Task: {CFF58BFE-86E2-4B84-AA5C-1BA4205EF0E9} - System32\Tasks\PDVDServ Task => C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.EXE
    Task: {D7BFA6BB-E84B-45C3-9818-557182B9B57D} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
    Task: {D8E64591-B135-40DC-ACAF-D407176EAFB6} - \TweakBit\FixMyPC\Start FixMyPC automatic scanning -> No File <==== ATTENTION
    Task: {DDE20B8E-E27A-4325-A91B-739B7E497158} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
    Task: {EDA372DD-CD28-48E2-87AD-4CA73F160A46} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-03] (Google Inc.)
    Task: {F3DDEAD6-11C9-45CC-9AB7-5348B2290FD2} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-03] (Google Inc.)

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

    Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
    Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

    ==================== Loaded Modules (Whitelisted) ==============

    2015-07-10 16:30 - 2015-07-10 16:30 - 00028160 _____ () C:\WINDOWS\SYSTEM32\efsext.dll
    2015-08-08 14:09 - 2015-07-15 07:34 - 00032768 _____ () C:\WINDOWS\SYSTEM32\licensemanagerapi.dll
    2015-08-08 12:51 - 2015-08-25 21:27 - 00116344 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
    2015-08-22 17:06 - 2015-08-11 14:44 - 00404480 _____ () C:\WINDOWS\System32\diagtrack_wininternal.dll
    2015-05-28 20:21 - 2014-07-31 15:27 - 02198016 _____ () C:\Program Files (x86)\Mblaze_Mylink\FI_Eject.exe
    2014-09-17 08:37 - 2012-04-24 16:13 - 00390632 ____N () C:\Program Files\CyberLink\Shared files\RichVideo64.exe
    2015-09-17 19:42 - 2015-08-18 13:26 - 02498808 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
    2015-09-17 19:42 - 2015-08-18 13:26 - 02498808 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
    2015-04-16 01:43 - 2015-04-16 01:43 - 00222720 _____ () C:\Program Files (x86)\Notepad++\NppShell_06.dll
    2015-07-10 16:29 - 2015-07-10 16:29 - 00429056 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
    2015-08-22 17:05 - 2015-08-03 06:41 - 06569472 _____ () C:\WINDOWS\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
    2015-07-10 16:30 - 2015-07-10 18:45 - 00471040 _____ () C:\WINDOWS\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
    2015-08-22 17:06 - 2015-08-11 14:28 - 01808384 _____ () C:\WINDOWS\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
    2015-08-22 17:05 - 2015-08-03 06:39 - 02274816 _____ () C:\WINDOWS\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
    2015-06-24 22:57 - 2015-06-24 22:57 - 00133184 _____ () C:\Program Files\Realtek\Audio\HDA\FMAPP.exe
    2015-03-06 20:53 - 2015-03-06 20:53 - 00074168 _____ () C:\Program Files\Lenovo\iMController\AutoUpdate.exe
    2015-04-12 21:55 - 2015-08-27 06:07 - 00011896 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
    2015-03-06 20:53 - 2015-03-06 20:53 - 00020920 _____ () C:\Program Files\Lenovo\iMController\LegacyFeatures.exe
    2015-03-06 20:53 - 2015-03-06 20:53 - 00026552 _____ () C:\Program Files\Lenovo\iMController\PluginCommunication.exe

    ==================== Alternate Data Streams (Whitelisted) =========

    (If an entry is included in the fixlist, only the ADS will be removed.)

    AlternateDataStreams: C:\Users\ArunPc\OneDrive:ms-properties

    ==================== Safe Mode (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


    ==================== EXE Association (Whitelisted) ===============

    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)


    ==================== Internet Explorer trusted/restricted ===============

    (If an entry is included in the fixlist, it will be removed from the registry.)


    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-3533856717-1996590830-672907801-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\ArunPc\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\PhotosAppBackground\DSC00990.JPG
    DNS Servers: 192.168.1.1
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
    Windows Firewall is enabled.

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    (Currently there is no automatic fix for this section.)

    HKLM\...\StartupApproved\StartupFolder: => "AutoCAD Startup Accelerator.lnk"
    HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
    HKLM\...\StartupApproved\Run: => "OnekeyStudio"
    HKLM\...\StartupApproved\Run: => "PhoneCompanion"
    HKLM\...\StartupApproved\Run: => "Connectify Hotspot"
    HKLM\...\StartupApproved\Run32: => "Acrobat Assistant 8.0"
    HKLM\...\StartupApproved\Run32: => "BlueStacks Agent"
    HKLM\...\StartupApproved\Run32: => "BaiduAnTray"
    HKLM\...\StartupApproved\Run32: => "baidusdTray"
    HKLM\...\StartupApproved\Run32: => " QQPCTray"
    HKU\S-1-5-21-3533856717-1996590830-672907801-1001\...\StartupApproved\Run: => "DAEMON Tools Lite"
    HKU\S-1-5-21-3533856717-1996590830-672907801-1001\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_AC7A5EA1298D3AF4E65BC27172554B03"
    HKU\S-1-5-21-3533856717-1996590830-672907801-1001\...\StartupApproved\Run: => "uTorrent"
    HKU\S-1-5-21-3533856717-1996590830-672907801-1001\...\StartupApproved\Run: => "IDMan"
    HKU\S-1-5-21-3533856717-1996590830-672907801-1001\...\StartupApproved\Run: => "SandboxieControl"
    HKU\S-1-5-21-3533856717-1996590830-672907801-1001\...\StartupApproved\Run: => "Skype"
    HKU\S-1-5-21-3533856717-1996590830-672907801-1001\...\StartupApproved\Run: => "Steam"
    HKU\S-1-5-21-3533856717-1996590830-672907801-1001\...\StartupApproved\Run: => "Internet Download Accelerator"
    HKU\S-1-5-21-3533856717-1996590830-672907801-1001\...\StartupApproved\Run: => "Web Freer"
    HKU\S-1-5-21-3533856717-1996590830-672907801-1001\...\StartupApproved\Run: => "apphide"
    HKU\S-1-5-21-3533856717-1996590830-672907801-1001\...\StartupApproved\Run: => "Messenger (Yahoo!)"

    ==================== FirewallRules (Whitelisted) ===============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
    FirewallRules: [UDP Query User{D2A5A145-1E8D-4D57-9307-F0D5456F1BDB}F:\activision\call of duty black ops ii\t6zm.exe] => (Allow) F:\activision\call of duty black ops ii\t6zm.exe
    FirewallRules: [TCP Query User{1919FF67-6CDE-41F3-B0A4-BC32EA2AAD14}F:\activision\call of duty black ops ii\t6zm.exe] => (Allow) F:\activision\call of duty black ops ii\t6zm.exe
    FirewallRules: [UDP Query User{B0486D68-64D6-497B-9C6E-5B0CD47F0B01}F:\activision\call of duty black ops ii\t6sp.exe] => (Allow) F:\activision\call of duty black ops ii\t6sp.exe
    FirewallRules: [TCP Query User{7BDDF7FF-9E11-4C7E-B860-344D5407B263}F:\activision\call of duty black ops ii\t6sp.exe] => (Allow) F:\activision\call of duty black ops ii\t6sp.exe
    FirewallRules: [UDP Query User{486ADB66-8DA5-416B-B1B9-BE9C37DC4A36}F:\new folder (2)\need for speed most wanted\speed.exe] => (Allow) F:\new folder (2)\need for speed most wanted\speed.exe
    FirewallRules: [TCP Query User{AE6E319C-E67D-4D0C-AA14-CE829274D672}F:\new folder (2)\need for speed most wanted\speed.exe] => (Allow) F:\new folder (2)\need for speed most wanted\speed.exe
    FirewallRules: [UDP Query User{9642472F-C5C1-402F-A1AB-7F38A8181FF9}C:\program files (x86)\secondlifeviewer\slvoice.exe] => (Allow) C:\program files (x86)\secondlifeviewer\slvoice.exe
    FirewallRules: [TCP Query User{9F228661-C247-4D4C-8CEC-E1C6DD37A5FD}C:\program files (x86)\secondlifeviewer\slvoice.exe] => (Allow) C:\program files (x86)\secondlifeviewer\slvoice.exe
    FirewallRules: [{C23C4748-523B-400C-83A4-BE5CB8769F84}] => (Allow) C:\Program Files (x86)\mHotspot\mHotspot.exe
    FirewallRules: [{6F715707-CEBF-4EE2-8CEC-4E80A2EC3B17}] => (Allow) C:\Program Files (x86)\mHotspot\mHotspot.exe
    FirewallRules: [{E52DA131-2A57-4258-9D6B-515829B83A52}] => (Allow) C:\Program Files (x86)\mHotspot\mHotspot.exe
    FirewallRules: [{47498DD3-91E1-4BF2-B0D1-89EB2385E675}] => (Allow) C:\Program Files (x86)\mHotspot\mHotspot.exe
    FirewallRules: [{9A535EC5-93F5-47E8-8C49-45D1BD58D10C}] => (Allow) C:\Users\ArunPc\AppData\Local\Temp\nsdCE4F.tmp\Installer-75452123.exe
    FirewallRules: [{A013D47A-8D45-4C29-881A-B5AAAF1513B6}] => (Allow) C:\Users\ArunPc\AppData\Local\Temp\nsdCE4F.tmp\Installer-75452123.exe
    FirewallRules: [UDP Query User{E2E17F51-4AA9-4184-BD58-1B7560C2D7E3}F:\games\call of duty modern warfare\iw3mp.exe] => (Allow) F:\games\call of duty modern warfare\iw3mp.exe
    FirewallRules: [TCP Query User{1F18F746-599D-4715-B555-57E7134BAC83}F:\games\call of duty modern warfare\iw3mp.exe] => (Allow) F:\games\call of duty modern warfare\iw3mp.exe
    FirewallRules: [UDP Query User{0329C85E-54E5-4449-91B2-1A376D372378}F:\split second\splitsecond.exe] => (Allow) F:\split second\splitsecond.exe
    FirewallRules: [TCP Query User{D0986468-73A5-4599-8448-714043505049}F:\split second\splitsecond.exe] => (Allow) F:\split second\splitsecond.exe
    FirewallRules: [UDP Query User{979AE692-051B-4CF8-9AE1-CFC14FAD350A}F:\games\call of duty modern warfare\iw3mp.exe] => (Allow) F:\games\call of duty modern warfare\iw3mp.exe
    FirewallRules: [TCP Query User{BF37913B-65E5-46E9-B4B9-99558687CBE0}F:\games\call of duty modern warfare\iw3mp.exe] => (Allow) F:\games\call of duty modern warfare\iw3mp.exe
    FirewallRules: [UDP Query User{DCC7D6BF-FB87-4C6C-BC87-595C31C07B85}C:\program files (x86)\connectify\connectify.exe] => (Allow) C:\program files (x86)\connectify\connectify.exe
    FirewallRules: [TCP Query User{681612B7-2462-4AAD-B19E-783567801942}C:\program files (x86)\connectify\connectify.exe] => (Allow) C:\program files (x86)\connectify\connectify.exe
    FirewallRules: [{4E42E2B7-AC65-44A1-A6CF-E9D89ED20A6B}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
    FirewallRules: [{F59FAF9C-EBAA-401B-894B-412E7CB9C426}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
    FirewallRules: [{D42733A4-F040-4B0D-9F23-30ADFFAC4C1F}] => (Block) F:\program files (x86)\counter-strike 1.6\hl.exe
    FirewallRules: [{534ECBA9-6A5D-422F-A201-5410D8DBDE85}] => (Block) F:\program files (x86)\counter-strike 1.6\hl.exe
    FirewallRules: [UDP Query User{3A61D752-B17A-41A7-9475-AC8DCFF196A9}F:\program files (x86)\counter-strike 1.6\hl.exe] => (Allow) F:\program files (x86)\counter-strike 1.6\hl.exe
    FirewallRules: [TCP Query User{5CD2A4DD-A14A-40A9-AAD5-2102D30E195E}F:\program files (x86)\counter-strike 1.6\hl.exe] => (Allow) F:\program files (x86)\counter-strike 1.6\hl.exe
    FirewallRules: [{B740F5FF-2635-485A-A016-A5C26BFD4DA7}] => (Block) F:\cod\call of duty modern warfare\iw3mp.exe
    FirewallRules: [{2B2D5FE3-4D51-4F5E-8597-1BE0140482C8}] => (Block) F:\cod\call of duty modern warfare\iw3mp.exe
    FirewallRules: [UDP Query User{A1D2D3D5-5746-4AE7-AABB-C1B66AE3EBA6}F:\cod\call of duty modern warfare\iw3mp.exe] => (Allow) F:\cod\call of duty modern warfare\iw3mp.exe
    FirewallRules: [TCP Query User{4DFAD437-2322-4092-A49C-3A676391C341}F:\cod\call of duty modern warfare\iw3mp.exe] => (Allow) F:\cod\call of duty modern warfare\iw3mp.exe
    FirewallRules: [{2958F2E8-124E-4827-AADE-0F4E6B0EBDED}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
    FirewallRules: [{F093BD70-B1FA-43F8-A059-C94E4F53CAEC}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
    FirewallRules: [UDP Query User{D04D7012-BA48-48C9-A630-88ED392FAB4D}F:\dis\dishonored\binaries\win32\dishonored.exe] => (Allow) F:\dis\dishonored\binaries\win32\dishonored.exe
    FirewallRules: [TCP Query User{C74E44B4-FCA4-4D09-B60C-2D4E4FA3504E}F:\dis\dishonored\binaries\win32\dishonored.exe] => (Allow) F:\dis\dishonored\binaries\win32\dishonored.exe
    FirewallRules: [{9CFFF1C3-E868-4289-9949-03590B30FA94}] => (Allow) C:\program files (x86)\common files\tencent\qqdownload\132\bugreport_xf.exe
    FirewallRules: [{DC7691E9-32C8-4363-876A-B32C2D8282EA}] => (Allow) C:\program files (x86)\common files\tencent\qqdownload\132\tencentdl.exe
    FirewallRules: [{E8378FB7-CD21-474E-9C02-DE8C4C31AE5A}] => (Allow) C:\program files (x86)\common files\tencent\qqdownload\132\tencentdl.exe
    FirewallRules: [{9081A504-6D04-4C35-9DC5-397A41A84F13}] => (Allow) C:\program files (x86)\common files\tencent\qqdownload\132\bugreport_xf.exe
    FirewallRules: [UDP Query User{92E0CA47-926E-41B6-8213-1B68710E0AAB}F:\program files\rockstar games\grand theft auto v\gta5.exe] => (Allow) F:\program files\rockstar games\grand theft auto v\gta5.exe
    FirewallRules: [TCP Query User{83816D12-7235-4685-A192-2D004CDD50A3}F:\program files\rockstar games\grand theft auto v\gta5.exe] => (Allow) F:\program files\rockstar games\grand theft auto v\gta5.exe
    FirewallRules: [UDP Query User{46184A1D-A3A8-424D-BA11-358F32AE358F}C:\program files (x86)\connectify\connectify.exe] => (Allow) C:\program files (x86)\connectify\connectify.exe
    FirewallRules: [TCP Query User{E3139A8C-4190-48AB-B4B5-5A380FEB08A1}C:\program files (x86)\connectify\connectify.exe] => (Allow) C:\program files (x86)\connectify\connectify.exe
    FirewallRules: [{D04F47E0-3AD9-49B2-A304-75523FE1142A}] => (Allow) C:\Program Files (x86)\WebFreer\webfreer.exe
    FirewallRules: [{450228C5-1D8F-4929-932A-118667347697}] => (Allow) C:\Program Files (x86)\WebFreer\webfreer.exe
    FirewallRules: [UDP Query User{AF731795-B57B-4ECF-B2F2-69FB863FA0AE}C:\program files (x86)\lenovo\shareit\shareit.exe] => (Allow) C:\program files (x86)\lenovo\shareit\shareit.exe
    FirewallRules: [TCP Query User{7D7AC30B-8103-4DF7-97B0-4F54315B2606}C:\program files (x86)\lenovo\shareit\shareit.exe] => (Allow) C:\program files (x86)\lenovo\shareit\shareit.exe
    FirewallRules: [UDP Query User{CD6627F3-5597-41EF-B19E-A8747B97489E}E:\g_setup\fifa 15\fifa15.exe] => (Allow) E:\g_setup\fifa 15\fifa15.exe
    FirewallRules: [TCP Query User{64E1799D-0751-4CB6-864C-7803EB04B77F}E:\g_setup\fifa 15\fifa15.exe] => (Allow) E:\g_setup\fifa 15\fifa15.exe
    FirewallRules: [{FBFCF565-9BFA-4D28-AE32-4F66CB826570}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
    FirewallRules: [UDP Query User{FA683097-A058-4CD7-9010-FEC87904E33D}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
    FirewallRules: [TCP Query User{FBFE15C5-E6CD-42F7-93ED-0EA984CFEA76}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
    FirewallRules: [{FBAC964D-F22A-4C49-A5CD-6CC62119ED73}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{C94F49E7-A2DD-48E1-84B0-C76537287E69}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [UDP Query User{6342E333-3E74-48DD-87DE-18CA89FF1E6A}F:\split second\splitsecond.exe] => (Allow) F:\split second\splitsecond.exe
    FirewallRules: [TCP Query User{06EA8E45-47FE-45B4-A66A-3D4ED66F597A}F:\split second\splitsecond.exe] => (Allow) F:\split second\splitsecond.exe
    FirewallRules: [{6BB933CC-D5E8-41CA-BC06-FD445DA30470}] => (Block) F:\call of duty 4 - modern warfare\iw3mp.exe
    FirewallRules: [{D2883CAB-AC12-4FA2-96EF-A94E02836388}] => (Block) F:\call of duty 4 - modern warfare\iw3mp.exe
    FirewallRules: [UDP Query User{FD3D2F15-919F-4088-8F15-F85C1BEBC69E}F:\call of duty 4 - modern warfare\iw3mp.exe] => (Allow) F:\call of duty 4 - modern warfare\iw3mp.exe
    FirewallRules: [TCP Query User{299EB18A-7ECD-4C6E-8420-683B3EED3E34}F:\call of duty 4 - modern warfare\iw3mp.exe] => (Allow) F:\call of duty 4 - modern warfare\iw3mp.exe
    FirewallRules: [{FC09699A-D54E-45E5-BD65-CEBCC426D669}] => (Allow) C:\Users\ArunPc\AppData\Roaming\uTorrent\uTorrent.exe
    FirewallRules: [{49B8411B-0BFF-44ED-A224-CA5943023310}] => (Allow) C:\Users\ArunPc\AppData\Roaming\uTorrent\uTorrent.exe
    FirewallRules: [{FC67A2FB-837E-466E-8BC9-48C4A2CA98E7}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
    FirewallRules: [{4B02A06F-7087-478C-B3F3-DAC060B59A0A}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
    FirewallRules: [UDP Query User{8C109E6B-627B-49D7-B457-45A67F748D34}C:\program files (x86)\lenovo\shareit\shareit.exe] => (Allow) C:\program files (x86)\lenovo\shareit\shareit.exe
    FirewallRules: [TCP Query User{2B871534-C06B-4A05-8741-D5D2C9E0203C}C:\program files (x86)\lenovo\shareit\shareit.exe] => (Allow) C:\program files (x86)\lenovo\shareit\shareit.exe
    FirewallRules: [{6E12136F-8408-43A9-82B3-43CD0BEB65D9}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
    FirewallRules: [{042FBA14-8025-433A-955D-4E90764F5A3D}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
    FirewallRules: [TCP Query User{529BF8D6-6427-4DE3-99D7-E99878C962BD}F:\program files (x86)\r.g. mechanics\blur\blur.exe] => (Allow) F:\program files (x86)\r.g. mechanics\blur\blur.exe
    FirewallRules: [UDP Query User{54EF80F0-EF7C-416F-A982-FE56EF70C710}F:\program files (x86)\r.g. mechanics\blur\blur.exe] => (Allow) F:\program files (x86)\r.g. mechanics\blur\blur.exe
    FirewallRules: [{97CD868E-51F5-4F57-B2E6-F41B27ABFDA2}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
    FirewallRules: [{EE0CE41B-A5A1-4BE8-A2B6-A5A96EE417EA}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
    FirewallRules: [{14FE0803-EDFD-45B2-A884-82E4DE57E444}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
    FirewallRules: [{E1642D6E-41F0-43B6-B882-5E292A02A13B}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
    FirewallRules: [{1CC8A7E1-B0EB-47ED-B0EF-3F7AA74AC10F}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
    FirewallRules: [TCP Query User{A364A3C3-EB80-4A33-A584-4445CA87B11C}C:\program files (x86)\portforward\port forward network utilities\pfportchecker.exe] => (Allow) C:\program files (x86)\portforward\port forward network utilities\pfportchecker.exe
    FirewallRules: [UDP Query User{EAC70B5E-AEB1-466E-AA69-159E45411A10}C:\program files (x86)\portforward\port forward network utilities\pfportchecker.exe] => (Allow) C:\program files (x86)\portforward\port forward network utilities\pfportchecker.exe
    FirewallRules: [TCP Query User{4E36775F-9302-4FED-B90A-19625CF6DAB5}F:\dirt 3 complete edition\dirt3_game.exe] => (Allow) F:\dirt 3 complete edition\dirt3_game.exe
    FirewallRules: [UDP Query User{26DC02FF-3478-48F7-8A43-01EA5F24E003}F:\dirt 3 complete edition\dirt3_game.exe] => (Allow) F:\dirt 3 complete edition\dirt3_game.exe
    FirewallRules: [TCP Query User{84515C52-EA82-4CE7-8461-3861046FD4BE}F:\program files (x86)\r.g. mechanics\blur\blur.exe] => (Allow) F:\program files (x86)\r.g. mechanics\blur\blur.exe
    FirewallRules: [UDP Query User{F77D63CA-69F8-47A0-9F95-54979288F6F1}F:\program files (x86)\r.g. mechanics\blur\blur.exe] => (Allow) F:\program files (x86)\r.g. mechanics\blur\blur.exe
    FirewallRules: [{5F958D96-E85B-4D50-A6FA-FA5B68DF0C14}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

    ==================== Faulty Device Manager Devices =============


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (09/20/2015 11:36:43 AM) (Source: VSS) (EventID: 12305) (User: )
    Description: Volume Shadow Copy Service error: Volume/disk not connected or not found.
    Error context: DeviceIoControl(\\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy1 - 000000000000010C,0x00530194,0000000000000000,0,0000003965E0A7A0,4096,[0]).


    Operation:
    Query Shadow Copies

    Error: (09/20/2015 11:36:27 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
    Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

    Details:
    AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

    System Error:
    Access is denied.
    .

    Error: (09/20/2015 11:36:08 AM) (Source: VSS) (EventID: 8194) (User: )
    Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied.
    .
    This is often caused by incorrect security settings in either the writer or requestor process.


    Operation:
    Gathering Writer Data

    Context:
    Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
    Writer Name: System Writer
    Writer Instance ID: {078eae33-8117-4386-877f-53da7ecd2077}

    Error: (09/20/2015 11:08:10 AM) (Source: ESENT) (EventID: 413) (User: )
    Description: SettingSyncHost (4740) Unable to create a new logfile because the database cannot write to the log drive. The drive may be read-only, out of disk space, misconfigured, or corrupted. Error -1032.

    Error: (09/20/2015 11:08:10 AM) (Source: ESENT) (EventID: 488) (User: )
    Description: SettingSyncHost (4740) An attempt to create the file "C:\WINDOWS\system32\edbtmp.log" failed with system error 5 (0x00000005): "Access is denied. ". The create file operation will fail with error -1032 (0xfffffbf8).

    Error: (09/20/2015 11:07:59 AM) (Source: ESENT) (EventID: 413) (User: )
    Description: SettingSyncHost (4740) Unable to create a new logfile because the database cannot write to the log drive. The drive may be read-only, out of disk space, misconfigured, or corrupted. Error -1032.

    Error: (09/20/2015 11:07:59 AM) (Source: ESENT) (EventID: 488) (User: )
    Description: SettingSyncHost (4740) An attempt to create the file "C:\WINDOWS\system32\edbtmp.log" failed with system error 5 (0x00000005): "Access is denied. ". The create file operation will fail with error -1032 (0xfffffbf8).

    Error: (09/20/2015 11:07:49 AM) (Source: ESENT) (EventID: 413) (User: )
    Description: SettingSyncHost (4740) Unable to create a new logfile because the database cannot write to the log drive. The drive may be read-only, out of disk space, misconfigured, or corrupted. Error -1032.

    Error: (09/20/2015 11:07:49 AM) (Source: ESENT) (EventID: 488) (User: )
    Description: SettingSyncHost (4740) An attempt to create the file "C:\WINDOWS\system32\edbtmp.log" failed with system error 5 (0x00000005): "Access is denied. ". The create file operation will fail with error -1032 (0xfffffbf8).

    Error: (09/20/2015 11:07:39 AM) (Source: ESENT) (EventID: 413) (User: )
    Description: SettingSyncHost (4740) Unable to create a new logfile because the database cannot write to the log drive. The drive may be read-only, out of disk space, misconfigured, or corrupted. Error -1032.


    System errors:
    =============
    Error: (09/20/2015 11:54:22 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable

    Error: (09/20/2015 11:54:19 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable

    Error: (09/20/2015 11:54:16 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable

    Error: (09/20/2015 11:54:14 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable

    Error: (09/20/2015 11:54:11 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable

    Error: (09/20/2015 11:54:10 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable

    Error: (09/20/2015 11:54:09 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable

    Error: (09/20/2015 11:54:07 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable

    Error: (09/20/2015 11:54:05 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable

    Error: (09/20/2015 11:54:03 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable


    CodeIntegrity:
    ===================================
    Date: 2015-09-19 21:57:48.630
    Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2015-09-19 21:57:48.621
    Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2015-09-19 21:57:48.608
    Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2015-09-19 21:57:48.595
    Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2015-09-19 21:57:48.522
    Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2015-09-19 21:56:42.473
    Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2015-09-19 21:56:42.458
    Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2015-09-19 21:56:42.434
    Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2015-09-19 21:56:41.559
    Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2015-09-19 21:56:41.385
    Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.


    ==================== Memory info ===========================

    Processor: Intel(R) Core(TM) i7-4710HQ CPU @ 2.50GHz
    Percentage of memory in use: 23%
    Total physical RAM: 8104.27 MB
    Available physical RAM: 6204.49 MB
    Total Virtual: 11688.27 MB
    Available Virtual: 9858.98 MB

    ==================== Drives ================================

    Drive c: (Windows8_OS) (Fixed) (Total:400.29 GB) (Free:202.79 GB) NTFS ==>[system with boot components (obtained from reading drive)]
    Drive d: (LENOVO) (Fixed) (Total:25 GB) (Free:22.16 GB) NTFS
    Drive e: () (Fixed) (Total:244.14 GB) (Free:42.92 GB) NTFS
    Drive f: () (Fixed) (Total:244.14 GB) (Free:87.8 GB) NTFS

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (Size: 931.5 GB) (Disk ID: 9CBB20DD)

    Partition: GPT.

    ==================== End of Addition.txt ============================

  12. #12
    Corrine's Avatar
    Join Date
    Feb 2012
    Location
    Upstate, NY
    Posts
    8,481

    Re: URGENT! Help malware attack cant RUN almost all of the softwares

    Excellent! Must have been that next cup of coffee that helped me see what I missed before.

    Please do the following to run FRST:

    Note: If the tool warns you about the version you're using being an outdated version please download and run the updated version.

    NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system
    • Open Notepad (Start =>All Programs => Accessories => Notepad).
    • Copy/Paste the entire contents of the code box below into Notepad.
    Code:
    start
    CreateRestorePoint:
    CloseProcesses:
    HKLM-x32\...\Run: [] => [X]
    IFEO\RegWorks.exe: [Debugger] svchost.exe
    IFEO\RSITx64.exe: [Debugger] svchost.exe
    Toolbar: HKU\S-1-5-21-3533856717-1996590830-672907801-1001 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
    S3 SmbDrvI; \SystemRoot\system32\DRIVERS\Smb_driver_Intel.sys [X]
    S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]
    C:\Users\ArunPc\AppData\Local剜捯獫慴⁲慇敭屳呇⁁屖湥楴汴浥湥⹴湩潦
    Task: {02A8E01B-9159-4896-88C0-658305DE58A6} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
    Task: {0EAA7CB6-5D74-4908-9792-B779D7A558BB} - \Cassiopesa sadi -> No File <==== ATTENTION
    Task: {0EBC7A40-FEC2-4E9A-9104-3E062E9525DE} - \Optimize Start Menu Cache Files-S-1-5-21-3533856717-1996590830-672907801-1001 -> No File <==== ATTENTION
    Task: {36FBF9F7-0174-4757-BF5C-29DD8E248DF9} - \Optimize Start Menu Cache Files-S-1-5-21-3533856717-1996590830-672907801-500 -> No File <==== ATTENTION
    Task: {3A7BF910-5449-4CA3-BA12-737EC48ECD9B} - System32\Tasks\Steam_x64-S-2-106-91 => C:\Users\ArunPc\AppData\Roaming\IDM\CODEXi\Steam <==== ATTENTION
    Task: {4B649E8A-B799-448F-9EFF-0A9C6358A16B} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
    Task: {510C1592-BA7A-4FBA-9E2E-A4054B917392} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
    Task: {8F65C35C-2650-4321-A64A-34279852487A} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
    Task: {A920993B-66F8-4134-B75D-F3AD306DF3B9} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
    Task: {AC5B1AD9-E368-4E42-B0D4-0F9C885A56B4} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
    Task: {ACE0DC6E-754D-4E8B-AA2E-CBD9D0DA9BAD} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
    Task: {C57B1FCA-27CE-43FC-99B6-150D1F29365D} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
    Task: {C8BE42A3-A726-4D2F-A2D7-00EF1EECBBA5} - \TweakBit\PCCleaner\Start PCCleaner оn logon -> No File <==== ATTENTION
    Task: {CBB137BA-56AF-465F-942E-FF46838C5CD4} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
    Task: {CFF58BFE-86E2-4B84-AA5C-1BA4205EF0E9} - System32\Tasks\PDVDServ Task => C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.EXE
    Task: {D7BFA6BB-E84B-45C3-9818-557182B9B57D} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
    Task: {D8E64591-B135-40DC-ACAF-D407176EAFB6} - \TweakBit\FixMyPC\Start FixMyPC automatic scanning -> No File <==== ATTENTION
    Task: {DDE20B8E-E27A-4325-A91B-739B7E497158} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
    FirewallRules: [{9A535EC5-93F5-47E8-8C49-45D1BD58D10C}] => (Allow) C:\Users\ArunPc\AppData\Local\Temp\nsdCE4F.tmp\Installer-75452123.exe
    FirewallRules: [{A013D47A-8D45-4C29-881A-B5AAAF1513B6}] => (Allow) C:\Users\ArunPc\AppData\Local\Temp\nsdCE4F.tmp\Installer-75452123.exe
    Folder: C:\Users\ArunPc\AppData\Local\Temp\nsdCE4F.tmp
    EmptyTemp:
    end
    • Click Format and ensure Wordwrap is unchecked.
    • Important: Save the code to the same folder/directory that FRST.exe is located in, naming it as fixlist.txt
    • Start FRST in a similar manner to when you ran a scan earlier, but this time when it opens ....
      • Press the Fix button once and wait.
      • FRST will process fixlist.txt
      • When finished, it will produce a log fixlog.txt in the same folder/directory as FRST64.exe
      • Please post the log in your next reply.


    Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

    Remember - A day without laughter is a day wasted.
    May the wind sing to you and the sun rise in your heart.

  13. #13

    Join Date
    Jun 2015
    Location
    Kerala, India
    Posts
    27
    • specs System Specs
      • Manufacturer:
        Lenovo
      • Model Number:
        Y50 FHD
      • CPU:
        Intel i7 i7-4710 @2.50 GHz
      • Memory:
        DDR3 8Gb
      • Graphics:
        Nvidia GTX 860M
      • Sound Card:
        Realtek
      • Hard Drives:
        1 Tb
      • Disk Drives:
        N/A
      • Power Supply:
        N/A
      • Case:
        N/A
      • Cooling:
        Inbuilt fans
      • Display:
        LCD 1920 X 1080
      • Operating System:
        Windows 10

    Red face Re: URGENT! Help malware attack cant RUN almost all of the softwares

    Ok I did as you asked, If Im not wrong there is something written in Chinese, is that in any way related to the issue ?

    Here is the fixlog

    Fix result of Farbar Recovery Scan Tool (x64) Version:15-09-2015
    Ran by ArunPc (2015-09-21 00:51:13) Run:2
    Running from C:\Users\ArunPc\Downloads\Programs
    Loaded Profiles: ArunPc (Available Profiles: ArunPc)
    Boot Mode: Normal
    ==============================================

    fixlist content:
    *****************
    start
    CreateRestorePoint:
    CloseProcesses:
    HKLM-x32\...\Run: [] => [X]
    IFEO\RegWorks.exe: [Debugger] svchost.exe
    IFEO\RSITx64.exe: [Debugger] svchost.exe
    Toolbar: HKU\S-1-5-21-3533856717-1996590830-672907801-1001 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
    S3 SmbDrvI; \SystemRoot\system32\DRIVERS\Smb_driver_Intel.sys [X]
    S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]
    C:\Users\ArunPc\AppData\Local???????????????????
    Task: {02A8E01B-9159-4896-88C0-658305DE58A6} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
    Task: {0EAA7CB6-5D74-4908-9792-B779D7A558BB} - \Cassiopesa sadi -> No File <==== ATTENTION
    Task: {0EBC7A40-FEC2-4E9A-9104-3E062E9525DE} - \Optimize Start Menu Cache Files-S-1-5-21-3533856717-1996590830-672907801-1001 -> No File <==== ATTENTION
    Task: {36FBF9F7-0174-4757-BF5C-29DD8E248DF9} - \Optimize Start Menu Cache Files-S-1-5-21-3533856717-1996590830-672907801-500 -> No File <==== ATTENTION
    Task: {3A7BF910-5449-4CA3-BA12-737EC48ECD9B} - System32\Tasks\Steam_x64-S-2-106-91 => C:\Users\ArunPc\AppData\Roaming\IDM\CODEXi\Steam <==== ATTENTION
    Task: {4B649E8A-B799-448F-9EFF-0A9C6358A16B} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
    Task: {510C1592-BA7A-4FBA-9E2E-A4054B917392} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
    Task: {8F65C35C-2650-4321-A64A-34279852487A} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
    Task: {A920993B-66F8-4134-B75D-F3AD306DF3B9} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
    Task: {AC5B1AD9-E368-4E42-B0D4-0F9C885A56B4} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
    Task: {ACE0DC6E-754D-4E8B-AA2E-CBD9D0DA9BAD} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
    Task: {C57B1FCA-27CE-43FC-99B6-150D1F29365D} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
    Task: {C8BE42A3-A726-4D2F-A2D7-00EF1EECBBA5} - \TweakBit\PCCleaner\Start PCCleaner ?n logon -> No File <==== ATTENTION
    Task: {CBB137BA-56AF-465F-942E-FF46838C5CD4} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
    Task: {CFF58BFE-86E2-4B84-AA5C-1BA4205EF0E9} - System32\Tasks\PDVDServ Task => C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.EXE
    Task: {D7BFA6BB-E84B-45C3-9818-557182B9B57D} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
    Task: {D8E64591-B135-40DC-ACAF-D407176EAFB6} - \TweakBit\FixMyPC\Start FixMyPC automatic scanning -> No File <==== ATTENTION
    Task: {DDE20B8E-E27A-4325-A91B-739B7E497158} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
    FirewallRules: [{9A535EC5-93F5-47E8-8C49-45D1BD58D10C}] => (Allow) C:\Users\ArunPc\AppData\Local\Temp\nsdCE4F.tmp\Installer-75452123.exe
    FirewallRules: [{A013D47A-8D45-4C29-881A-B5AAAF1513B6}] => (Allow) C:\Users\ArunPc\AppData\Local\Temp\nsdCE4F.tmp\Installer-75452123.exe
    Folder: C:\Users\ArunPc\AppData\Local\Temp\nsdCE4F.tmp
    EmptyTemp:
    end
    *****************

    Restore point was successfully created.
    Processes closed successfully.
    HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
    "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\RegWorks.exe" => key removed successfully
    "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\RSITx64.exe" => key removed successfully
    HKU\S-1-5-21-3533856717-1996590830-672907801-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} => value removed successfully
    HKCR\CLSID\{47833539-D0C5-4125-9FA8-0819E2EAAC93} => key not found.
    SmbDrvI => service removed successfully
    wfpcapture => service removed successfully

    "C:\Users\ArunPc\AppData\Local???????????????????" folder move:

    Could not move "C:\Users\ArunPc\AppData\Local???????????????????" => Scheduled to move on reboot.

    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{02A8E01B-9159-4896-88C0-658305DE58A6}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{02A8E01B-9159-4896-88C0-658305DE58A6}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0EAA7CB6-5D74-4908-9792-B779D7A558BB}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0EAA7CB6-5D74-4908-9792-B779D7A558BB}" => key removed successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Cassiopesa sadi => key not found.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0EBC7A40-FEC2-4E9A-9104-3E062E9525DE}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0EBC7A40-FEC2-4E9A-9104-3E062E9525DE}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Optimize Start Menu Cache Files-S-1-5-21-3533856717-1996590830-672907801-1001" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{36FBF9F7-0174-4757-BF5C-29DD8E248DF9}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{36FBF9F7-0174-4757-BF5C-29DD8E248DF9}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Optimize Start Menu Cache Files-S-1-5-21-3533856717-1996590830-672907801-500" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{3A7BF910-5449-4CA3-BA12-737EC48ECD9B}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3A7BF910-5449-4CA3-BA12-737EC48ECD9B}" => key removed successfully
    C:\WINDOWS\System32\Tasks\Steam_x64-S-2-106-91 => moved successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Steam_x64-S-2-106-91" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4B649E8A-B799-448F-9EFF-0A9C6358A16B}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4B649E8A-B799-448F-9EFF-0A9C6358A16B}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{510C1592-BA7A-4FBA-9E2E-A4054B917392}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{510C1592-BA7A-4FBA-9E2E-A4054B917392}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8F65C35C-2650-4321-A64A-34279852487A}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8F65C35C-2650-4321-A64A-34279852487A}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A920993B-66F8-4134-B75D-F3AD306DF3B9}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A920993B-66F8-4134-B75D-F3AD306DF3B9}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{AC5B1AD9-E368-4E42-B0D4-0F9C885A56B4}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AC5B1AD9-E368-4E42-B0D4-0F9C885A56B4}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{ACE0DC6E-754D-4E8B-AA2E-CBD9D0DA9BAD}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{ACE0DC6E-754D-4E8B-AA2E-CBD9D0DA9BAD}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C57B1FCA-27CE-43FC-99B6-150D1F29365D}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C57B1FCA-27CE-43FC-99B6-150D1F29365D}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{C8BE42A3-A726-4D2F-A2D7-00EF1EECBBA5}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C8BE42A3-A726-4D2F-A2D7-00EF1EECBBA5}" => key removed successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\TweakBit\PCCleaner\Start PCCleaner ?n logon => key not found.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{CBB137BA-56AF-465F-942E-FF46838C5CD4}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CBB137BA-56AF-465F-942E-FF46838C5CD4}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{CFF58BFE-86E2-4B84-AA5C-1BA4205EF0E9}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CFF58BFE-86E2-4B84-AA5C-1BA4205EF0E9}" => key removed successfully
    C:\WINDOWS\System32\Tasks\PDVDServ Task => moved successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PDVDServ Task" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D7BFA6BB-E84B-45C3-9818-557182B9B57D}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D7BFA6BB-E84B-45C3-9818-557182B9B57D}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D8E64591-B135-40DC-ACAF-D407176EAFB6}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D8E64591-B135-40DC-ACAF-D407176EAFB6}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\TweakBit\FixMyPC\Start FixMyPC automatic scanning" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DDE20B8E-E27A-4325-A91B-739B7E497158}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DDE20B8E-E27A-4325-A91B-739B7E497158}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d" => key removed successfully
    HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{9A535EC5-93F5-47E8-8C49-45D1BD58D10C} => value removed successfully
    HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{A013D47A-8D45-4C29-881A-B5AAAF1513B6} => value removed successfully

    ========================= Folder: C:\Users\ArunPc\AppData\Local\Temp\nsdCE4F.tmp ========================

    not found.

    ====== End of Folder: ======

    EmptyTemp: => 4.9 GB temporary data Removed.

    Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 2015-09-21 00:55:43)<=

    "C:\Users\ArunPc\AppData\Local???????????????????" => Could not move

    ==== End of Fixlog 00:55:43 ====


    Oh and by the way Im really for keeping you up with this issue hope its not much trouble. And Yeah Coffee is awesome

    Thanks
    DONKILLER

    Your a lifesaver

  14. #14
    Corrine's Avatar
    Join Date
    Feb 2012
    Location
    Upstate, NY
    Posts
    8,481

    Re: URGENT! Help malware attack cant RUN almost all of the softwares

    Actually, opinions vary on the Chinese character file. It is reportedly related to Grand Theft Auto but ESET identifies it as a trojan: Home | ESET Virusradar.

    I was happy to help. The question is whether your computer is working correctly now. If everything is back to normal, l clean up the tools and logs:

    Please download Delfix from here.

    Ensure the following boxes are checked:
    • Remove disinfection tools
    • Create registry backup
    • Purge system restore
    • Click Run

    The program will run for a few moments and then notepad will open with a log. Please paste the log in your next reply.


    Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

    Remember - A day without laughter is a day wasted.
    May the wind sing to you and the sun rise in your heart.

  15. #15

    Join Date
    Jun 2015
    Location
    Kerala, India
    Posts
    27
    • specs System Specs
      • Manufacturer:
        Lenovo
      • Model Number:
        Y50 FHD
      • CPU:
        Intel i7 i7-4710 @2.50 GHz
      • Memory:
        DDR3 8Gb
      • Graphics:
        Nvidia GTX 860M
      • Sound Card:
        Realtek
      • Hard Drives:
        1 Tb
      • Disk Drives:
        N/A
      • Power Supply:
        N/A
      • Case:
        N/A
      • Cooling:
        Inbuilt fans
      • Display:
        LCD 1920 X 1080
      • Operating System:
        Windows 10

    Re: URGENT! Help malware attack cant RUN almost all of the softwares

    Hmm strange though I havent seen it before.

    But do check this out its a screenshot I took right after I plugged in my Dongle. See the chinese language on top. Is that meant to be there. It wasnt there before. This quickly vanishes in about 5 seconds or less.

    URGENT! Help malware attack cant RUN almost all of the softwares-errorscreenshot-jpg

    So I havent done the delfix yet thinking there is more to it, hope you can fix this

    Thanks
    DONKILLER

  16. #16
    Corrine's Avatar
    Join Date
    Feb 2012
    Location
    Upstate, NY
    Posts
    8,481

    Re: URGENT! Help malware attack cant RUN almost all of the softwares

    Based on the findings here, Malware scan of mblaze_mylink.exe 174af6ab3e5136bd23893c6b97ef85ee4e0adfdb - herdProtect and Malware scan of fi_eject.exe 6e706e4095debc8cc50ae4ec9fa135be65aa4269 - herdProtect, that would explain it. It is listed in installed programs, Mblaze_Mylink (HKLM-x32\...\Mblaze_Mylink_is1) (Version: - ).

    1. Uninstall Mblace_Mylink.

    2. Please do the following to run FRST:

    Note: If the tool warns you about the version you're using being an outdated version please download and run the updated version.

    NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system
    • Open Notepad (Start =>All Programs => Accessories => Notepad).
    • Copy/Paste the entire contents of the code box below into Notepad.
    Code:
    start
    CreateRestorePoint:
    CloseProcesses:
    R2 CDROM_Eject_FI; C:\Program Files (x86)\Mblaze_Mylink\FI_Eject.exe [2198016 2014-07-31] () [File not signed]
    EmptyTemp:
    end
    • Click Format and ensure Wordwrap is unchecked.
    • Important: Save the code to the same folder/directory that FRST.exe is located in, naming it as fixlist.txt
    • Start FRST in a similar manner to when you ran a scan earlier, but this time when it opens ....
      • Press the Fix button once and wait.
      • FRST will process fixlist.txt
      • When finished, it will produce a log fixlog.txt in the same folder/directory as FRST64.exe
      • Please post the log in your next reply.


    Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

    Remember - A day without laughter is a day wasted.
    May the wind sing to you and the sun rise in your heart.

  17. #17

    Join Date
    Jun 2015
    Location
    Kerala, India
    Posts
    27
    • specs System Specs
      • Manufacturer:
        Lenovo
      • Model Number:
        Y50 FHD
      • CPU:
        Intel i7 i7-4710 @2.50 GHz
      • Memory:
        DDR3 8Gb
      • Graphics:
        Nvidia GTX 860M
      • Sound Card:
        Realtek
      • Hard Drives:
        1 Tb
      • Disk Drives:
        N/A
      • Power Supply:
        N/A
      • Case:
        N/A
      • Cooling:
        Inbuilt fans
      • Display:
        LCD 1920 X 1080
      • Operating System:
        Windows 10

    Re: URGENT! Help malware attack cant RUN almost all of the softwares

    Well I do need the driver for internet purposes as mts mblaze is the network i use. Will reinstalling solve the problem ?

    Fix result of Farbar Recovery Scan Tool (x64) Version:15-09-2015
    Ran by ArunPc (2015-09-21 20:47:56) Run:3
    Running from C:\Users\ArunPc\Downloads\Programs
    Loaded Profiles: ArunPc (Available Profiles: ArunPc)
    Boot Mode: Normal
    ==============================================

    fixlist content:
    *****************
    start
    CreateRestorePoint:
    CloseProcesses:
    R2 CDROM_Eject_FI; C:\Program Files (x86)\Mblaze_Mylink\FI_Eject.exe [2198016 2014-07-31] () [File not signed]
    EmptyTemp:
    end
    *****************

    Restore point was successfully created.
    Processes closed successfully.
    CDROM_Eject_FI => Service stopped successfully.
    CDROM_Eject_FI => service removed successfully
    EmptyTemp: => 176.5 MB temporary data Removed.


    The system needed a reboot..

    ==== End of Fixlog 20:48:32 ====

  18. #18
    Corrine's Avatar
    Join Date
    Feb 2012
    Location
    Upstate, NY
    Posts
    8,481

    Re: URGENT! Help malware attack cant RUN almost all of the softwares

    I suggest you first do a custom scan with Malwarebytes of the downloaded installation file. When that is complete, do a custom install, installing only what you need to use the service. After the installation is complete, update Malwarebytes and do a fresh scan of your computer. (Remember the Chinese characters are reportedly related to Grand Theft Auto.)


    Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

    Remember - A day without laughter is a day wasted.
    May the wind sing to you and the sun rise in your heart.

  19. #19

    Join Date
    Jun 2015
    Location
    Kerala, India
    Posts
    27
    • specs System Specs
      • Manufacturer:
        Lenovo
      • Model Number:
        Y50 FHD
      • CPU:
        Intel i7 i7-4710 @2.50 GHz
      • Memory:
        DDR3 8Gb
      • Graphics:
        Nvidia GTX 860M
      • Sound Card:
        Realtek
      • Hard Drives:
        1 Tb
      • Disk Drives:
        N/A
      • Power Supply:
        N/A
      • Case:
        N/A
      • Cooling:
        Inbuilt fans
      • Display:
        LCD 1920 X 1080
      • Operating System:
        Windows 10

    Re: URGENT! Help malware attack cant RUN almost all of the softwares

    Ok so the file came in with the dongle and is pre-installed so I don't think it has a virus. Nevertheless I will run a scan. Is there anything else I should do.

  20. #20
    Corrine's Avatar
    Join Date
    Feb 2012
    Location
    Upstate, NY
    Posts
    8,481

    Re: URGENT! Help malware attack cant RUN almost all of the softwares

    When ever possible, avoid download sites such as C|Net since they bundle software in their installer, adding PUPs. Instead, find the vendor/developer site.

    Not knowing what you downloaded/clicked for whatever it was that took over your HOSTS file, I can only advise you to be very careful what you click -- especially if sent any files while playing games.
    Evyatar says thanks for this.


    Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

    Remember - A day without laughter is a day wasted.
    May the wind sing to you and the sun rise in your heart.

Page 1 of 2 12 Last

Similar Threads

  1. Revealed: POS Malware Used in Target Attack
    By JMH in forum Security News
    Replies: 0
    Last Post: 01-17-2014, 11:01 PM
  2. Yahoo.com Malware Attack
    By Corrine in forum Security News
    Replies: 0
    Last Post: 01-05-2014, 01:47 PM
  3. Replies: 1
    Last Post: 02-27-2013, 10:18 PM
  4. Replies: 0
    Last Post: 08-18-2012, 03:38 PM

Log in

Log in