Jump to content


Photo

Laptop Not Responding

Started by koolsam , Jan 16 2019 04:01 AM

  • Please log in to reply
5 replies to this topic

#1 koolsam

koolsam

    SWI Junkie

  • Full Member
  • PipPipPipPip
  • 262 posts

Posted 16 January 2019 - 04:01 AM

Hi

I use a hp laptop with 64 bit windows 10 OS recently my laptop is not responding and as i check the taskmanager the disk space is at 100% I am attaching the logs

Malwarebytes
www.malwarebytes.com
 
-Log Details-
Scan Date: 1/16/19
Scan Time: 3:15 PM
Log File: 75c7c8a0-1973-11e9-898d-fc15b401f6cc.json
 
-Software Information-
Version: 3.6.1.2711
Components Version: 1.0.508
Update Package Version: 1.0.8812
License: Trial
 
-System Information-
OS: Windows 10 (Build 17134.556)
CPU: x64
File System: NTFS
User: MADDIKUNTA\MSrao
 
-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 358721
Threats Detected: 0
Threats Quarantined: 0
Time Elapsed: 7 min, 15 sec
 
-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect
 
-Scan Details-
Process: 0
(No malicious items detected)
 
Module: 0
(No malicious items detected)
 
Registry Key: 0
(No malicious items detected)
 
Registry Value: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Data Stream: 0
(No malicious items detected)
 
Folder: 0
(No malicious items detected)
 
File: 0
(No malicious items detected)
 
Physical Sector: 0
(No malicious items detected)
 
WMI: 0
(No malicious items detected)
 
 
(end)
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 28.09.2018
Ran by MSrao (administrator) on MADDIKUNTA (16-01-2019 15:03:37)
Running from C:\Users\MSrao\Downloads
Loaded Profiles: MSrao (Available Profiles: MSrao & DefaultAppPool)
Platform: Windows 10 Home Single Language Version 1803 17134.556 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
() C:\Program Files\Hewlett-Packard\SimplePass\cachesrvr.exe
(Softex Inc.) C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE64.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(HP) C:\Windows\System32\HPSIsvc.exe
(Google Inc) C:\Program Files (x86)\Google\Google Input Tools\GoogleInputService.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Windows ® Win 7 DDK provider) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Google Inc.) C:\Program Files (x86)\Google\Google Input Tools\GoogleInputHandler.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
() C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_17.10314.31700.1000_x64__8wekyb3d8bbwe\Office16\OfficeHubTaskHost.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1812.3-0\MsMpEng.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\HPSmplPass.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Piriform Software Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(PowerISO Computing, Inc.) C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
(Hewlett-Packard Company) C:\Program Files (x86)\HP\HP UT LEDM\bin\hppusg.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1812.3-0\NisSrv.exe
(Microsoft Corporation) C:\Program Files\rempl\sedsvc.exe
(Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.LockApp_cw5n1h2txyewy\LockApp.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-12] (Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7199448 2013-09-02] (Realtek Semiconductor)
HKLM\...\Run: [SimplePass] => C:\Program Files\Hewlett-Packard\SimplePass\HPSmplPass.exe [2758200 2013-10-15] (Hewlett-Packard)
HKLM\...\Run: [OPBHOBroker] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe [155704 2013-10-15] (Hewlett-Packard)
HKLM\...\Run: [OPBHOBrokerDesktop] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe [155704 2013-10-15] (Hewlett-Packard)
HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-12] (Microsoft Corporation)
HKLM-x32\...\Run: [YouCam Service] => C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe [267224 2013-09-02] (CyberLink Corp.)
HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe [1045304 2013-10-09] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [PWRISOVM.EXE] => C:\Program Files (x86)\PowerISO\PWRISOVM.EXE [307200 2011-06-15] (PowerISO Computing, Inc.)
HKLM-x32\...\Run: [HPUsageTrackingLEDM] => "C:\Program Files (x86)\HP\HP UT LEDM\bin\hppusg.exe" "C:\Program Files (x86)\HP\HP UT LEDM\"
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-12-12] (Oracle Corporation)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [261512 2019-01-16] (AVAST Software)
HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Corporation)
HKU\S-1-5-21-2396764291-716589420-1622641493-1001\...\Run: [BingSvc] => C:\Users\MSrao\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2015-11-05] (© 2015 Microsoft Corporation)
HKU\S-1-5-21-2396764291-716589420-1622641493-1001\...\Run: [McAfeeSafeConnect] => C:\Program Files (x86)\McAfee Safe Connect\McAfee Safe Connect.exe [1034160 2017-10-10] (McAfee Inc.)
HKU\S-1-5-21-2396764291-716589420-1622641493-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [19589208 2018-12-10] (Piriform Software Ltd)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2018-02-17]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.681\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\MSrao\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Deskjet 1510 series.lnk [2015-02-23]
ShortcutTarget: Monitor Ink Alerts - HP Deskjet 1510 series.lnk -> C:\Program Files\HP\HP Deskjet 1510 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: 0.0.0.1 mssplus.mcafee.com
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1
Tcpip\..\Interfaces\{25229e39-aa2b-4cc5-af4c-75ff6cc484c1}: [DhcpNameServer] 192.168.1.1 192.168.1.1
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.jp.msn.com/HPALL14/26
HKU\S-1-5-21-2396764291-716589420-1622641493-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2396764291-716589420-1622641493-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.jp.msn.com/HPALL14/26
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/4686-154348-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/4686-154348-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKU\S-1-5-21-2396764291-716589420-1622641493-1001 -> {C0C3A6C6-03BC-4195-8FCB-AEA091301353} URL = hxxps://in.search.yahoo.com/yhs/search?hspart=lvs&hsimp=yhs-awc&type=lvs__webcompa__1_0__ya__ch_WCYID10440__171203__yaie&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2396764291-716589420-1622641493-1001 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/4686-154348-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2018-12-25] (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_121\bin\ssv.dll [2017-02-18] (Oracle Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2018-05-15] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-02-18] (Oracle Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28] (Hewlett-Packard)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2017-09-12] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2018-05-15] (Microsoft Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-28] (Hewlett-Packard)
DPF: HKLM-x32 {F27237D7-93C8-44C2-AC6E-D6057B9A918F} hxxps://sca07.dstsystems.com/dana-cached/sc/JuniperSetupClient.cab
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2017-08-15] (Microsoft Corporation)
 
FireFox:
========
FF ProfilePath: C:\Users\MSrao\AppData\Roaming\Mozilla\Firefox\Profiles\ra5sp8ti.default-1487501546613 [2019-01-16]
FF Homepage: Mozilla\Firefox\Profiles\ra5sp8ti.default-1487501546613 -> hxxps://in.search.yahoo.com/yhs/web?hspart=lvs&hsimp=yhs-awc&type=lvs__webcompa__1_0__ya__hp_WCYID10440__171203__yaff
FF NewTab: Mozilla\Firefox\Profiles\ra5sp8ti.default-1487501546613 -> hxxps://in.search.yahoo.com/yhs/web?hspart=lvs&hsimp=yhs-awc&type=lvs__webcompa__1_0__ya__hp_WCYID10440__171203__yaff
FF SearchPlugin: C:\Users\MSrao\AppData\Roaming\Mozilla\Firefox\Profiles\ra5sp8ti.default-1487501546613\searchplugins\yahoo-lavasoft.xml [2017-12-03]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK => not found
FF HKU\S-1-5-21-2396764291-716589420-1622641493-1001\...\SeaMonkey\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi => not found
FF Plugin: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-02-18] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-02-18] (Oracle Corporation)
FF Plugin: @mcafee.com/MSC,version=10 -> C:\Program Files\mcafee\msc\npMcSnFFPl64.dll [No File]
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1204144.dll [2013-09-05] (Adobe Systems, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-17] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-17] (Intel Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> C:\Program Files (x86)\McAfee\msc\npMcSnFFPl.dll [No File]
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2017-09-12] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-22] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2013-02-06] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-22] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-22] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-12-05] (Adobe Systems Inc.)
 
Chrome: 
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> msn.com
CHR Profile: C:\Users\MSrao\AppData\Local\Google\Chrome\User Data\Default [2019-01-16]
CHR Extension: (Docs) - C:\Users\MSrao\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-16]
CHR Extension: (Google Drive) - C:\Users\MSrao\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-25]
CHR Extension: (YouTube) - C:\Users\MSrao\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-05]
CHR Extension: (Adblock Plus) - C:\Users\MSrao\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2018-12-16]
CHR Extension: (Google Search) - C:\Users\MSrao\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-31]
CHR Extension: (Adobe Acrobat) - C:\Users\MSrao\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-11-08]
CHR Extension: (MSN Homepage) - C:\Users\MSrao\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkkcgfbgohboipdhliafmacjnhjbhmim [2018-03-10]
CHR Extension: (Google Docs Offline) - C:\Users\MSrao\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-09-15]
CHR Extension: (Norton Identity Safe) - C:\Users\MSrao\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2017-10-09]
CHR Extension: (Chrome Web Store Payments) - C:\Users\MSrao\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-16]
CHR Extension: (Gmail) - C:\Users\MSrao\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-01]
CHR Extension: (Chrome Media Router) - C:\Users\MSrao\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-12-23]
CHR Profile: C:\Users\MSrao\AppData\Local\Google\Chrome\User Data\System Profile [2017-11-06]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [jeaohhlajejodfjadcponpnjgkiikocn] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx <not found>
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx <not found>
CHR HKU\S-1-5-21-2396764291-716589420-1622641493-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-2396764291-716589420-1622641493-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fkkcgfbgohboipdhliafmacjnhjbhmim] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [7834368 2019-01-16] (AVAST Software)
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [312448 2013-08-07] (Windows ® Win 7 DDK provider) [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [357816 2019-01-16] (AVAST Software)
S3 AvastWscReporter; C:\Program Files\AVAST Software\Avast\wsc_proxy.exe [57504 2019-01-16] (AVAST Software)
R2 Cachedrv server; C:\Program Files\Hewlett-Packard\SimplePass\cachesrvr.exe [109568 2013-10-15] () [File not signed]
R2 CyberLink PowerDVD 12 Media Server Monitor Service; C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe [77576 2013-09-05] (CyberLink)
R2 CyberLink PowerDVD 12 Media Server Service; C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe [298760 2013-09-05] (CyberLink)
S3 GoogleChromeElevationService; C:\Program Files (x86)\Google\Chrome\Application\71.0.3578.98\elevation_service.exe [443872 2018-12-12] (Google Inc.)
R2 GoogleInputService; C:\Program Files (x86)\Google\Google Input Tools\GoogleInputService.exe [164312 2017-12-17] (Google Inc)
S2 HP LaserJet Service; C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [136192 2009-10-15] (HP) [File not signed]
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-08-30] (Hewlett-Packard Company) [File not signed]
R2 HPWMISVC; C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe [1039160 2013-10-09] (Hewlett-Packard Development Company, L.P.)
R2 igfxCUIService1.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [337888 2017-02-19] (Intel Corporation)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-28] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-28] (Intel® Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-09-17] (Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6347056 2018-09-19] (Malwarebytes)
S3 McAfee Vpn Service; C:\Program Files (x86)\McAfee Safe Connect\service\VpnService.exe [320944 2017-10-10] ()
S3 MsMpiLaunchSvc; C:\Program Files\Microsoft MPI\Bin\msmpilaunchsvc.exe [27760 2016-06-13] () [File not signed]
R2 MSSQL$SQLEXPRESS; c:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [40999448 2008-07-10] (Microsoft Corporation)
R2 omniserv; C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe [87552 2013-10-15] (Softex Inc.) [File not signed]
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [289496 2013-08-23] (Realtek Semiconductor)
S3 ShareItSvc; C:\Program Files (x86)\SHAREit\SHAREit\Shareit.Service.exe [33224 2016-03-22] (SHAREit Technologies Co.Ltd)
S4 SQLAgent$SQLEXPRESS; c:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [369688 2008-07-10] (Microsoft Corporation)
S4 ssh-agent; C:\WINDOWS\System32\OpenSSH\ssh-agent.exe [495616 2018-03-10] ()
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [278616 2017-08-18] (Synaptics Incorporated)
S3 VSStandardCollectorService150; C:\Program Files (x86)\Microsoft Visual Studio\Shared\Common\DiagnosticsHub.Collection.Service\StandardCollector.Service.exe [128232 2017-02-08] (Microsoft Corporation)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1812.3-0\NisSrv.exe [3880120 2018-12-20] (Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1812.3-0\MsMpEng.exe [114208 2018-12-20] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R0 aswArDisk; C:\WINDOWS\System32\drivers\aswArDisk.sys [37304 2019-01-16] (AVAST Software)
S3 aswArPot; C:\WINDOWS\System32\drivers\aswArPot.sys [203488 2019-01-16] (AVAST Software)
S3 aswbidsdriver; C:\WINDOWS\System32\drivers\aswbidsdriver.sys [223056 2019-01-16] (AVAST Software)
S3 aswbidsh; C:\WINDOWS\System32\drivers\aswbidsh.sys [196264 2019-01-16] (AVAST Software)
S3 aswblog; C:\WINDOWS\System32\drivers\aswblog.sys [320888 2019-01-16] (AVAST Software)
S3 aswbuniv; C:\WINDOWS\System32\drivers\aswbuniv.sys [58160 2019-01-16] (AVAST Software)
R0 aswElam; C:\WINDOWS\System32\drivers\aswElam.sys [15488 2019-01-16] (AVAST Software)
R1 aswHdsKe; C:\WINDOWS\System32\drivers\aswHdsKe.sys [239808 2019-01-16] (AVAST Software)
S3 aswHwid; C:\WINDOWS\System32\drivers\aswHwid.sys [46584 2019-01-16] (AVAST Software)
R1 aswKbd; C:\WINDOWS\System32\drivers\aswKbd.sys [42488 2019-01-16] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\System32\drivers\aswMonFlt.sys [166472 2019-01-16] (AVAST Software)
S3 aswRdr; C:\WINDOWS\System32\drivers\aswRdr2.sys [111992 2019-01-16] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\System32\drivers\aswRvrt.sys [88144 2019-01-16] (AVAST Software)
S3 aswSnx; C:\WINDOWS\System32\drivers\aswSnx.sys [1034056 2019-01-16] (AVAST Software)
R1 aswSP; C:\WINDOWS\System32\drivers\aswSP.sys [474648 2019-01-16] (AVAST Software)
S3 aswStm; C:\WINDOWS\System32\drivers\aswStm.sys [218056 2019-01-16] (AVAST Software)
S3 aswVmm; C:\WINDOWS\System32\drivers\aswVmm.sys [380144 2019-01-16] (AVAST Software)
R1 CLVirtualDrive; C:\WINDOWS\system32\DRIVERS\CLVirtualDrive.sys [91712 2013-03-06] (CyberLink)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [152688 2018-12-04] (Malwarebytes)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [198512 2019-01-05] (Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [126624 2019-01-16] (Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [72536 2019-01-16] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [261032 2019-01-16] (Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [113016 2019-01-16] (Malwarebytes)
R3 MEIx64; C:\WINDOWS\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-17] (Intel Corporation)
S3 Microsoft_Bluetooth_AvrcpTransport; C:\WINDOWS\system32\DRIVERS\Microsoft.Bluetooth.AvrcpTransport.sys [46592 2018-04-12] (Microsoft Corporation)
S3 mvusbews; C:\WINDOWS\System32\Drivers\mvusbews.sys [20480 2009-11-20] (Marvell Semiconductor, Inc.)
S3 RSP2STOR; C:\WINDOWS\system32\DRIVERS\RtsP2Stor.sys [310528 2017-05-11] (Realtek Semiconductor Corp.)
S3 SmbDrv; C:\WINDOWS\System32\drivers\Smb_driver_AMDASF.sys [30448 2013-09-20] (Synaptics Incorporated)
R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [34544 2013-09-20] (Synaptics Incorporated)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [46680 2018-12-20] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [330936 2018-12-20] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [62136 2018-12-20] (Microsoft Corporation)
R3 WirelessButtonDriver64; C:\WINDOWS\System32\drivers\WirelessButtonDriver64.sys [34944 2018-05-11] (HP)
U3 aswbdisk; no ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2019-01-16 15:03 - 2019-01-16 15:05 - 000026831 _____ C:\Users\MSrao\Downloads\FRST.txt
2019-01-16 15:02 - 2019-01-16 15:03 - 000000000 ____D C:\FRST
2019-01-16 15:02 - 2019-01-16 15:02 - 002414080 _____ (Farbar) C:\Users\MSrao\Downloads\FRST64.exe
2019-01-16 14:52 - 2019-01-16 14:52 - 000004350 _____ C:\WINDOWS\System32\Tasks\Norton Security Scan for MSrao
2019-01-16 14:51 - 2019-01-16 14:51 - 000001544 _____ C:\Users\Public\Desktop\Norton Security Scan.LNK
2019-01-16 14:51 - 2019-01-16 14:51 - 000000000 ____D C:\WINDOWS\system32\Drivers\NSSx64
2019-01-16 14:51 - 2019-01-16 14:51 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security Scan
2019-01-16 14:51 - 2019-01-16 14:51 - 000000000 ____D C:\Program Files (x86)\NortonInstaller
2019-01-16 14:51 - 2019-01-16 14:51 - 000000000 ____D C:\Program Files (x86)\Norton Security Scan
2019-01-16 14:41 - 2019-01-16 14:47 - 000113016 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2019-01-16 14:41 - 2019-01-16 14:41 - 000126624 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2019-01-16 14:41 - 2019-01-16 14:41 - 000072536 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2019-01-16 14:40 - 2019-01-16 14:40 - 000261032 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2019-01-16 14:31 - 2019-01-16 14:32 - 000000208 _____ C:\Users\MSrao\Documents\cc_20190116_143154.reg
2019-01-16 14:30 - 2019-01-16 14:30 - 000028650 _____ C:\Users\MSrao\Documents\cc_20190116_143042.reg
2019-01-16 14:28 - 2019-01-16 14:29 - 000728282 _____ C:\Users\MSrao\Documents\cc_20190116_142847.reg
2019-01-16 14:23 - 2019-01-16 14:23 - 000000020 ___SH C:\Users\DefaultAppPool\ntuser.ini
2019-01-16 14:22 - 2019-01-16 14:22 - 000000000 ____D C:\Users\MSrao\AppData\Roaming\AVAST Software
2019-01-16 14:15 - 2019-01-16 14:15 - 000002095 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Free Antivirus.lnk
2019-01-16 14:15 - 2019-01-16 14:15 - 000002083 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2019-01-16 14:15 - 2019-01-16 14:15 - 000000000 ____D C:\Users\MSrao\AppData\Local\AVAST Software
2019-01-16 14:12 - 2019-01-16 14:12 - 000000000 ____D C:\WINDOWS\System32\Tasks\Avast Software
2019-01-16 14:11 - 2019-01-16 14:11 - 000003990 _____ C:\WINDOWS\System32\Tasks\Avast Emergency Update
2019-01-16 14:10 - 2019-01-16 14:12 - 000223056 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsdriver.sys
2019-01-16 14:10 - 2019-01-16 14:09 - 000474648 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2019-01-16 14:10 - 2019-01-16 14:09 - 000380144 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
2019-01-16 14:10 - 2019-01-16 14:09 - 000239808 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHdsKe.sys
2019-01-16 14:10 - 2019-01-16 14:09 - 000218056 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
2019-01-16 14:10 - 2019-01-16 14:09 - 000203488 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswArPot.sys
2019-01-16 14:10 - 2019-01-16 14:09 - 000166472 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2019-01-16 14:10 - 2019-01-16 14:09 - 000111992 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2019-01-16 14:10 - 2019-01-16 14:09 - 000088144 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2019-01-16 14:10 - 2019-01-16 14:09 - 000046584 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys
2019-01-16 14:10 - 2019-01-16 14:09 - 000042488 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswKbd.sys
2019-01-16 14:10 - 2019-01-16 14:09 - 000015488 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswElam.sys
2019-01-16 14:10 - 2019-01-16 14:08 - 001034056 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2019-01-16 14:10 - 2019-01-16 14:08 - 000320888 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswblog.sys
2019-01-16 14:10 - 2019-01-16 14:08 - 000196264 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsh.sys
2019-01-16 14:10 - 2019-01-16 14:08 - 000058160 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbuniv.sys
2019-01-16 14:10 - 2019-01-16 14:08 - 000037304 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswArDisk.sys
2019-01-16 14:09 - 2019-01-16 14:09 - 000361352 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2019-01-16 14:09 - 2019-01-16 14:09 - 000000000 ____D C:\Program Files\Common Files\AVAST Software
2019-01-16 14:08 - 2019-01-16 14:08 - 000000000 ____D C:\Program Files\AVAST Software
2019-01-16 14:07 - 2019-01-16 14:09 - 000000000 ____D C:\ProgramData\AVAST Software
2019-01-16 14:07 - 2019-01-16 14:07 - 000003936 _____ C:\WINDOWS\System32\Tasks\CCleaner Update
2019-01-16 14:07 - 2019-01-16 14:07 - 000002878 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2019-01-16 14:07 - 2019-01-16 14:07 - 000000870 _____ C:\Users\Public\Desktop\CCleaner.lnk
2019-01-16 14:07 - 2019-01-16 14:07 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2019-01-16 14:07 - 2019-01-16 14:07 - 000000000 ____D C:\Program Files\CCleaner
2019-01-16 14:06 - 2019-01-16 14:06 - 019309424 _____ (Piriform Software Ltd) C:\Users\MSrao\Downloads\cctrialsetup.exe
2019-01-16 12:30 - 2019-01-09 11:14 - 000078688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wldp.dll
2019-01-16 12:30 - 2019-01-09 11:13 - 002253480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2019-01-16 12:30 - 2019-01-09 11:12 - 000092704 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bindflt.sys
2019-01-16 12:30 - 2019-01-09 11:10 - 000090872 _____ (Microsoft Corporation) C:\WINDOWS\system32\wldp.dll
2019-01-16 12:30 - 2019-01-09 11:09 - 000085472 _____ (Microsoft Corporation) C:\WINDOWS\system32\svchost.exe
2019-01-16 12:30 - 2019-01-09 10:57 - 004710912 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
2019-01-16 12:30 - 2019-01-09 10:56 - 002966016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
2019-01-16 12:30 - 2019-01-09 10:55 - 000161792 _____ (Microsoft Corporation) C:\WINDOWS\system32\spacebridge.dll
2019-01-16 12:30 - 2019-01-09 10:54 - 000209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXApplicabilityBlob.dll
2019-01-16 12:30 - 2019-01-09 10:53 - 001189888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Globalization.dll
2019-01-16 12:30 - 2019-01-09 10:52 - 001551360 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2019-01-16 12:30 - 2019-01-09 10:52 - 001395200 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2019-01-16 12:30 - 2019-01-09 10:52 - 000808448 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
2019-01-16 12:30 - 2019-01-09 10:52 - 000392704 _____ (Microsoft Corporation) C:\WINDOWS\system32\WaaSMedicSvc.dll
2019-01-16 12:30 - 2019-01-09 10:50 - 001000448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2019-01-16 12:30 - 2019-01-09 10:50 - 000916480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
2019-01-16 12:30 - 2019-01-09 10:50 - 000135680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\smartscreenps.dll
2019-01-16 12:30 - 2019-01-09 10:49 - 000678400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll
2019-01-16 12:30 - 2019-01-09 10:49 - 000316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\GlobCollationHost.dll
2019-01-16 12:30 - 2019-01-09 10:48 - 000195584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GlobCollationHost.dll
2019-01-16 12:29 - 2019-01-09 23:27 - 004527584 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
2019-01-16 12:29 - 2019-01-09 23:12 - 004716032 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
2019-01-16 12:29 - 2019-01-09 23:11 - 012730368 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2019-01-16 12:29 - 2019-01-09 23:10 - 000171520 _____ (Microsoft Corporation) C:\WINDOWS\system32\itss.dll
2019-01-16 12:29 - 2019-01-09 23:06 - 003649024 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2019-01-16 12:29 - 2019-01-09 23:06 - 001054720 _____ (Microsoft Corporation) C:\WINDOWS\HelpPane.exe
2019-01-16 12:29 - 2019-01-09 23:05 - 002919936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2019-01-16 12:29 - 2019-01-09 15:25 - 011919872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2019-01-16 12:29 - 2019-01-09 15:25 - 000150016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\itss.dll
2019-01-16 12:29 - 2019-01-09 15:21 - 002891776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2019-01-16 12:29 - 2019-01-09 14:25 - 001285432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2019-01-16 12:29 - 2019-01-09 14:20 - 000134968 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
2019-01-16 12:29 - 2019-01-09 14:18 - 000527368 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
2019-01-16 12:29 - 2019-01-09 14:16 - 001457240 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2019-01-16 12:29 - 2019-01-09 14:16 - 001257880 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2019-01-16 12:29 - 2019-01-09 14:14 - 009084216 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2019-01-16 12:29 - 2019-01-09 13:54 - 025855488 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2019-01-16 12:29 - 2019-01-09 13:41 - 007573504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2019-01-16 12:29 - 2019-01-09 13:36 - 000154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2019-01-16 12:29 - 2019-01-09 11:29 - 000611848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
2019-01-16 12:29 - 2019-01-09 11:13 - 006567768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2019-01-16 12:29 - 2019-01-09 11:13 - 006043496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2019-01-16 12:29 - 2019-01-09 11:13 - 004789944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2019-01-16 12:29 - 2019-01-09 11:13 - 001981280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2019-01-16 12:29 - 2019-01-09 11:13 - 001620264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2019-01-16 12:29 - 2019-01-09 11:13 - 001130568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll
2019-01-16 12:29 - 2019-01-09 11:13 - 000607376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2019-01-16 12:29 - 2019-01-09 11:13 - 000287640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wintrust.dll
2019-01-16 12:29 - 2019-01-09 11:13 - 000129088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfps.dll
2019-01-16 12:29 - 2019-01-09 11:12 - 001035232 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe
2019-01-16 12:29 - 2019-01-09 11:11 - 001140680 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2019-01-16 12:29 - 2019-01-09 11:11 - 000983120 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2019-01-16 12:29 - 2019-01-09 11:11 - 000076296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvservice.sys
2019-01-16 12:29 - 2019-01-09 11:10 - 002765336 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2019-01-16 12:29 - 2019-01-09 11:10 - 001221432 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2019-01-16 12:29 - 2019-01-09 11:10 - 001063224 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2019-01-16 12:29 - 2019-01-09 11:10 - 001029944 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2019-01-16 12:29 - 2019-01-09 11:10 - 000566568 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcblaunch.exe
2019-01-16 12:29 - 2019-01-09 11:10 - 000432952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
2019-01-16 12:29 - 2019-01-09 11:09 - 007519888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2019-01-16 12:29 - 2019-01-09 11:09 - 007436016 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2019-01-16 12:29 - 2019-01-09 11:09 - 004404720 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2019-01-16 12:29 - 2019-01-09 11:09 - 002571632 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2019-01-16 12:29 - 2019-01-09 11:09 - 001943128 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2019-01-16 12:29 - 2019-01-09 11:09 - 001098056 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
2019-01-16 12:29 - 2019-01-09 11:09 - 000789696 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2019-01-16 12:29 - 2019-01-09 11:09 - 000349656 _____ (Microsoft Corporation) C:\WINDOWS\system32\wintrust.dll
2019-01-16 12:29 - 2019-01-09 11:09 - 000260800 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2019-01-16 12:29 - 2019-01-09 11:09 - 000175416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spacedump.sys
2019-01-16 12:29 - 2019-01-09 11:09 - 000164192 _____ (Microsoft Corporation) C:\WINDOWS\system32\rmclient.dll
2019-01-16 12:29 - 2019-01-09 11:04 - 022016512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2019-01-16 12:29 - 2019-01-09 11:03 - 016597504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2019-01-16 12:29 - 2019-01-09 11:02 - 013878272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2019-01-16 12:29 - 2019-01-09 10:59 - 008188928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2019-01-16 12:29 - 2019-01-09 10:57 - 004384256 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll
2019-01-16 12:29 - 2019-01-09 10:57 - 001587712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Globalization.dll
2019-01-16 12:29 - 2019-01-09 10:56 - 006661632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2019-01-16 12:29 - 2019-01-09 10:56 - 003396608 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2019-01-16 12:29 - 2019-01-09 10:54 - 000157184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\spacebridge.dll
2019-01-16 12:29 - 2019-01-09 10:53 - 005775872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2019-01-16 12:29 - 2019-01-09 10:53 - 005307392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2019-01-16 12:29 - 2019-01-09 10:53 - 002368000 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll
2019-01-16 12:29 - 2019-01-09 10:53 - 000894464 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2019-01-16 12:29 - 2019-01-09 10:52 - 000624640 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2019-01-16 12:29 - 2019-01-09 10:52 - 000608768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
2019-01-16 12:29 - 2019-01-09 10:52 - 000333824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgeIso.dll
2019-01-16 12:29 - 2019-01-09 10:51 - 002173440 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2019-01-16 12:29 - 2019-01-09 10:51 - 000578560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2019-01-16 12:29 - 2019-01-09 10:50 - 004940288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2019-01-16 12:29 - 2019-01-09 10:50 - 004516352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2019-01-16 12:29 - 2019-01-09 10:49 - 000883712 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
2019-01-16 12:29 - 2019-01-09 10:49 - 000507392 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll
2019-01-16 12:29 - 2019-01-09 10:49 - 000251904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2019-01-16 12:28 - 2019-01-09 23:38 - 000309560 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2019-01-16 12:28 - 2019-01-09 23:27 - 000720536 _____ (Microsoft Corporation) C:\WINDOWS\system32\kernel32.dll
2019-01-16 12:28 - 2019-01-09 23:11 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\iemigplugin.dll
2019-01-16 12:28 - 2019-01-09 23:05 - 001364992 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvruserservice.dll
2019-01-16 12:28 - 2019-01-09 20:20 - 001008640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.MixedRealityCapture.dll
2019-01-16 12:28 - 2019-01-09 15:44 - 000607744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kernel32.dll
2019-01-16 12:28 - 2019-01-09 12:33 - 000868864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.MixedRealityCapture.dll
2019-01-16 12:28 - 2019-01-09 11:13 - 000581592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVideoDSP.dll
2019-01-16 12:28 - 2019-01-09 11:13 - 000127744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rmclient.dll
2019-01-16 12:28 - 2019-01-09 11:13 - 000071456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\svchost.exe
2019-01-16 12:28 - 2019-01-09 11:10 - 000226104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2019-01-16 12:28 - 2019-01-09 11:09 - 000713264 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll
2019-01-16 12:28 - 2019-01-09 11:09 - 000269624 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2019-01-16 12:28 - 2019-01-09 11:09 - 000144072 _____ (Microsoft Corporation) C:\WINDOWS\system32\smss.exe
2019-01-16 12:28 - 2019-01-09 10:59 - 002500096 _____ (Microsoft Corporation) C:\WINDOWS\system32\smartscreen.exe
2019-01-16 12:28 - 2019-01-09 10:54 - 000174080 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_CapabilityAccess.dll
2019-01-16 12:28 - 2019-01-09 10:53 - 001708544 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSPhotography.dll
2019-01-16 12:28 - 2019-01-09 10:53 - 001361408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSPhotography.dll
2019-01-16 12:28 - 2019-01-09 10:53 - 000898560 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2019-01-16 12:28 - 2019-01-09 10:53 - 000145920 _____ (Microsoft Corporation) C:\WINDOWS\system32\srpapi.dll
2019-01-16 12:28 - 2019-01-09 10:53 - 000100864 _____ (Microsoft Corporation) C:\WINDOWS\system32\CapabilityAccessManagerClient.dll
2019-01-16 12:28 - 2019-01-09 10:53 - 000067072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CapabilityAccessManagerClient.dll
2019-01-16 12:28 - 2019-01-09 10:52 - 000266752 _____ (Microsoft Corporation) C:\WINDOWS\system32\CapabilityAccessManager.dll
2019-01-16 12:28 - 2019-01-09 10:52 - 000138752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.NetworkOperators.HotspotAuthentication.dll
2019-01-16 12:28 - 2019-01-09 10:52 - 000126976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\srpapi.dll
2019-01-16 12:28 - 2019-01-09 10:51 - 000197632 _____ (Microsoft Corporation) C:\WINDOWS\system32\smartscreenps.dll
2019-01-16 12:28 - 2019-01-09 10:51 - 000106496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.NetworkOperators.HotspotAuthentication.dll
2019-01-16 12:28 - 2019-01-09 10:50 - 000607232 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2019-01-16 12:28 - 2019-01-09 10:04 - 000806320 _____ C:\WINDOWS\SysWOW64\locale.nls
2019-01-16 12:28 - 2019-01-09 10:04 - 000806320 _____ C:\WINDOWS\system32\locale.nls
2019-01-16 12:28 - 2019-01-09 10:04 - 000001310 _____ C:\WINDOWS\system32\tcbres.wim
2019-01-16 12:24 - 2019-01-16 12:24 - 074907488 _____ (Oracle Corporation) C:\Users\MSrao\Downloads\jre-8u201-windows-x64.exe
2019-01-16 12:22 - 2019-01-16 12:22 - 000001059 _____ C:\Users\MSrao\Downloads\SALog.txt
2019-01-16 12:17 - 2019-01-16 12:18 - 000899584 _____ C:\Users\MSrao\Downloads\RGSA.exe
2019-01-16 11:18 - 2019-01-01 12:43 - 003292152 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2019-01-16 11:18 - 2019-01-01 12:43 - 001363536 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll
2019-01-16 11:18 - 2019-01-01 12:43 - 000709728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2019-01-16 11:18 - 2019-01-01 12:43 - 000170808 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2019-01-16 11:18 - 2019-01-01 12:42 - 002465792 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2019-01-16 11:18 - 2019-01-01 12:42 - 002421288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2019-01-16 11:18 - 2019-01-01 12:42 - 000128824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tm.sys
2019-01-16 11:18 - 2019-01-01 12:20 - 022715392 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2019-01-16 11:18 - 2019-01-01 12:15 - 000352768 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcore.dll
2019-01-16 11:18 - 2019-01-01 12:14 - 001549824 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2019-01-16 11:18 - 2019-01-01 12:13 - 001805312 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2019-01-16 11:18 - 2019-01-01 12:12 - 000717312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.dll
2019-01-16 11:18 - 2019-01-01 12:11 - 001159680 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll
2019-01-16 11:18 - 2019-01-01 12:11 - 000899072 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2019-01-16 11:18 - 2019-01-01 12:07 - 002478664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2019-01-16 11:18 - 2019-01-01 12:07 - 001989040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2019-01-16 11:18 - 2019-01-01 11:52 - 019405312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2019-01-16 11:18 - 2019-01-01 11:45 - 000317440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcore.dll
2019-01-16 11:18 - 2019-01-01 11:43 - 001628160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2019-01-16 11:17 - 2019-01-01 19:15 - 000285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidcredprov.dll
2019-01-16 11:17 - 2019-01-01 18:47 - 000231936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlidcredprov.dll
2019-01-16 11:17 - 2019-01-01 12:42 - 000043536 _____ (Microsoft Corporation) C:\WINDOWS\system32\browser_broker.exe
2019-01-16 11:17 - 2019-01-01 12:18 - 000342528 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserexport.exe
2019-01-16 11:17 - 2019-01-01 12:17 - 000433152 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2019-01-16 11:17 - 2019-01-01 12:16 - 000209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\MicrosoftAccountTokenProvider.dll
2019-01-16 11:17 - 2019-01-01 12:16 - 000153088 _____ (Microsoft Corporation) C:\WINDOWS\system32\dssvc.dll
2019-01-16 11:17 - 2019-01-01 12:14 - 000662528 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidprov.dll
2019-01-16 11:17 - 2019-01-01 12:14 - 000456192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Graphics.Printing.Workflow.dll
2019-01-16 11:17 - 2019-01-01 12:12 - 002247680 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
2019-01-16 11:17 - 2019-01-01 12:12 - 001371136 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2019-01-16 11:17 - 2019-01-01 12:11 - 000895488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.OnlineId.dll
2019-01-16 11:17 - 2019-01-01 12:07 - 000880048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinTypes.dll
2019-01-16 11:17 - 2019-01-01 11:47 - 000153088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MicrosoftAccountTokenProvider.dll
2019-01-16 11:17 - 2019-01-01 11:46 - 000310272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wincorlib.dll
2019-01-16 11:17 - 2019-01-01 11:44 - 000330752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Graphics.Printing.Workflow.dll
2019-01-16 11:17 - 2019-01-01 11:43 - 000594432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.dll
2019-01-16 11:17 - 2019-01-01 11:42 - 001036288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2019-01-16 11:17 - 2019-01-01 11:42 - 000795648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.OnlineId.dll
2019-01-16 11:17 - 2019-01-01 11:42 - 000778240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2019-01-16 11:17 - 2018-12-19 10:19 - 000352768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd3x40.dll
2019-01-16 11:16 - 2019-01-01 19:17 - 000225792 _____ (Microsoft Corporation) C:\WINDOWS\system32\windowslivelogin.dll
2019-01-16 11:16 - 2019-01-01 19:15 - 000714752 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidcli.dll
2019-01-16 11:16 - 2019-01-01 18:50 - 000165888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windowslivelogin.dll
2019-01-16 11:16 - 2019-01-01 18:48 - 000500736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlidcli.dll
2019-01-16 11:16 - 2019-01-01 12:43 - 000436024 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2019-01-16 11:16 - 2019-01-01 12:18 - 000081920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wanarp.sys
2019-01-16 11:16 - 2019-01-01 12:18 - 000079360 _____ (Microsoft Corporation) C:\WINDOWS\system32\Print.Workflow.Source.dll
2019-01-16 11:16 - 2019-01-01 12:07 - 000381240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2019-01-16 11:16 - 2019-01-01 11:42 - 000516608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlidprov.dll
2019-01-16 11:15 - 2018-09-20 09:42 - 001483576 _____ (Microsoft Corporation) C:\WINDOWS\system32\mcupdate_GenuineIntel.dll
2019-01-07 12:32 - 2019-01-07 12:32 - 001627415 _____ C:\Users\MSrao\Downloads\maxfort.pdf
2019-01-05 18:22 - 2019-01-05 18:22 - 000000000 ____D C:\Users\MSrao\AppData\Local\mbam
2019-01-05 18:20 - 2019-01-05 18:20 - 000198512 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2019-01-05 18:20 - 2019-01-05 18:20 - 000000000 ____D C:\Users\MSrao\AppData\Local\mbamtray
2019-01-05 18:19 - 2019-01-05 18:19 - 000001919 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2019-01-05 18:19 - 2019-01-05 18:19 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2019-01-05 18:19 - 2019-01-05 18:19 - 000000000 ____D C:\ProgramData\Malwarebytes
2019-01-05 18:19 - 2019-01-05 18:19 - 000000000 ____D C:\Program Files\Malwarebytes
2019-01-05 18:19 - 2018-12-04 08:09 - 000152688 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2019-01-05 18:17 - 2019-01-05 18:19 - 081227760 _____ (Malwarebytes ) C:\Users\MSrao\Downloads\mb3-setup-consumer-3.6.1.2711-1.0.508-1.0.8211.exe
2019-01-05 08:34 - 2019-01-05 08:34 - 000624279 _____ C:\Users\MSrao\Downloads\AdityaAadhar.pdf
2019-01-05 08:30 - 2019-01-05 08:34 - 000000000 ____D C:\Users\MSrao\Documents\Chinmayi_AdmissionDocs
2019-01-05 08:30 - 2019-01-05 08:31 - 003784987 _____ C:\Users\MSrao\Downloads\chinmaschooladmission.zip
2019-01-05 08:30 - 2019-01-05 08:31 - 003784987 _____ C:\Users\MSrao\Downloads\chinmaschooladmission (1).zip
2019-01-04 19:08 - 2019-01-04 19:08 - 000205854 _____ C:\Users\MSrao\Downloads\PVSamrat Ticket.pdf
2019-01-02 10:55 - 2019-01-02 19:22 - 000000000 ____D C:\Users\MSrao\Desktop\Jan 2 2019
2018-12-23 12:18 - 2018-12-14 12:40 - 001295360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVPXENC.dll
2018-12-23 12:18 - 2018-12-14 12:37 - 000669696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2018-12-23 12:18 - 2018-12-14 12:24 - 006032384 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll
2018-12-23 12:18 - 2018-12-14 12:24 - 001307648 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVPXENC.dll
2018-12-23 12:18 - 2018-12-14 12:22 - 001826816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.CloudStore.dll
2018-12-23 12:18 - 2018-12-14 12:20 - 000776192 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2018-12-23 08:50 - 2019-01-03 01:11 - 000835480 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2018-12-23 08:50 - 2019-01-03 01:11 - 000179600 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2018-12-20 20:35 - 2018-12-20 20:35 - 000043167 _____ C:\Users\MSrao\Downloads\Access Point Go Live Status 20122018 (2).xlsx
2018-12-20 20:32 - 2018-12-20 20:32 - 000043167 _____ C:\Users\MSrao\Downloads\Access Point Go Live Status 20122018 (1).xlsx
2018-12-20 20:27 - 2018-12-20 20:29 - 000000000 ____D C:\Users\MSrao\Desktop\AccessPointRollOut
2018-12-20 20:14 - 2018-12-20 20:29 - 000043167 _____ C:\Users\MSrao\Downloads\Access Point Go Live Status 20122018.xlsx
2018-12-20 20:14 - 2018-12-20 20:15 - 009020430 _____ C:\Users\MSrao\Downloads\Agent Dump 20122018 - Aditya.xlsx
2018-12-20 20:01 - 2018-12-08 18:12 - 001616824 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2018-12-20 20:01 - 2018-12-08 17:59 - 013572608 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2018-12-20 20:01 - 2018-12-08 17:58 - 006586880 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2018-12-20 20:01 - 2018-12-08 17:55 - 012500992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2018-12-20 20:01 - 2018-12-08 13:37 - 005625352 _____ (Microsoft Corporation) C:\WINDOWS\system32\StartTileData.dll
2018-12-20 20:01 - 2018-12-08 13:36 - 001017168 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2adec.dll
2018-12-20 20:01 - 2018-12-08 13:34 - 002371296 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
2018-12-20 20:01 - 2018-12-08 13:17 - 000861744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2adec.dll
2018-12-20 20:01 - 2018-12-08 13:16 - 002331480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2vdec.dll
2018-12-20 20:01 - 2018-12-08 13:15 - 001379816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll
2018-12-20 20:01 - 2018-12-08 13:11 - 007057408 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2018-12-20 20:01 - 2018-12-08 13:08 - 003392000 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2018-12-20 20:01 - 2018-12-08 13:08 - 002739200 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch

#2 koolsam

koolsam

    SWI Junkie

  • Full Member
  • PipPipPipPip
  • 262 posts

Posted 16 January 2019 - 04:03 AM

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 28.09.2018
Ran by MSrao (16-01-2019 15:07:50)
Running from C:\Users\MSrao\Downloads
Windows 10 Home Single Language Version 1803 17134.556 (X64) (2018-07-01 01:52:31)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-2396764291-716589420-1622641493-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2396764291-716589420-1622641493-503 - Limited - Disabled)
Guest (S-1-5-21-2396764291-716589420-1622641493-501 - Limited - Disabled)
MSrao (S-1-5-21-2396764291-716589420-1622641493-1001 - Administrator - Enabled) => C:\Users\MSrao
WDAGUtilityAccount (S-1-5-21-2396764291-716589420-1622641493-504 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Avast Antivirus (Disabled - Out of date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Disabled - Out of date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
.NET Core SDK 1.0.4 (x64) (HKLM\...\{11ACCE3C-C179-472C-A8CA-0F467702B2DA}) (Version: 4.1.5012 - Microsoft Corporation) Hidden
.NET Core SDK 1.0.4 (x64) (HKLM-x32\...\{c56e80af-58a4-490b-a1cd-5718290133b9}) (Version: 1.0.4 - Microsoft Corporation)
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Active Directory Authentication Library for SQL Server (HKLM\...\{32C0D7B2-1046-43AC-98AD-B748E1910916}) (Version: 13.0.1601.5 - Microsoft Corporation) Hidden
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 19.010.20069 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.4.144 - Adobe Systems, Inc.)
Android SDK Tools (HKLM-x32\...\Android SDK Tools) (Version: 1.16 - Google Inc.)
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 19.1.2360 - AVAST Software)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.51 - Piriform)
ClickOnce Bootstrapper Package for Microsoft .NET Framework (HKLM-x32\...\{E598B692-764A-413C-8530-59163D6B4AE3}) (Version: 4.6.01590 - Microsoft Corporation) Hidden
Connected Music powered by Universal Music Group version 1.0 (HKLM-x32\...\{4A3579A7-8A6A-4F07-8EFD-9E1DD7605864}_is1) (Version: 1.0 - Universal Music India)
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.5.6902 - CyberLink Corp.)
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.5.3303 - CyberLink Corp.)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.5.3228 - CyberLink Corp.)
CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.2.3305 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 5.0.2.3302 - CyberLink Corp.)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
DiagnosticsHub_CollectionService (HKLM\...\{90A561D7-0C29-464D-94E1-2A7E1C553230}) (Version: 15.0.26208 - Microsoft Corporation) Hidden
DisableMSDefender (HKLM\...\{74FE39A0-FB76-47CD-84BA-91E2BBB17EF2}) (Version: 1.0.0 - Hewlett-Packard Company) Hidden
Energy Star (HKLM-x32\...\{FC0ADA4D-8FA5-4452-8AFF-F0A0BAC97EF7}) (Version: 1.0.9 - Hewlett-Packard Company)
Entity Framework 6.1.3 Tools  for Visual Studio 15 (HKLM-x32\...\{F8C0447E-D45C-4E52-94E8-C6340AAC9DB8}) (Version: 6.1.60104.0 - Microsoft Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 71.0.3578.98 - Google Inc.)
Google Input Tools (HKLM\...\GoogleInputFramework) (Version:  - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.23 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (HKLM-x32\...\{6F340107-F9AA-47C6-B54C-C3A19F11553F}) (Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP Deskjet 1510 series Basic Device Software (HKLM\...\{C9064E5C-D5AB-4EEB-86A6-50756901038A}) (Version: 32.0.1180.44630 - Hewlett-Packard Co.)
HP Deskjet 1510 series Help (HKLM-x32\...\{2E25FCEB-EFCB-4696-AA01-D3CBAC721831}) (Version: 30.0.0 - Hewlett Packard)
HP Documentation (HKLM-x32\...\{CCE5C597-03EA-423E-BA80-6FCD280A8465}) (Version: 1.1.0.0 - Hewlett-Packard)
HP LaserJet 1020 Series (HKLM\...\HP LaserJet 1020 Series) (Version:  - )
HP LaserJet Professional M1130-M1210 MFP Series (HKLM\...\HP LaserJet Professional M1130-M1210 MFP Series) (Version:  - )
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.7127.4628 - Hewlett-Packard)
HP SimplePass (HKLM-x32\...\InstallShield_{314FAD12-F785-4471-BCE8-AB506642B9A1}) (Version: 8.00.57 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{3AF15EEA-8EDF-4393-BB6C-CF8A9986486A}) (Version: 7.3.35.20 - Hewlett-Packard Company)
HP System Event Utility (HKLM-x32\...\{C78E8F51-3EAD-4F0C-83F0-EF371075E0B4}) (Version: 1.0.10 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HP Utility Center (HKLM\...\{7A75E042-0D30-43C2-BD2A-684F4BE38FF7}) (Version: 2.3.1 - Hewlett-Packard Company)
HP Wireless Button Driver (HKLM-x32\...\{30B2D1D8-0A07-4B71-9553-0710C5D31E35}) (Version: 1.1.2.1 - Hewlett-Packard Company)
hppLaserJetService (HKLM-x32\...\{D371F551-0DB9-4CEC-844B-4C90CE91EA0B}) (Version: 001.003.000145 - Hewlett-Packard) Hidden
hppM1130M1210SeriesLaserJetService (HKLM-x32\...\{0E448256-D515-4C3E-A5BE-0A7B76CED5D4}) (Version: 001.003.00073 - Hewlett-Packard) Hidden
hppusgM1130M1210Series (HKLM-x32\...\{DA6CC3A5-1F5B-4068-8BFF-C597BB6B8158}) (Version: 1.0.0.2 - Hewlett-Packard) Hidden
HPSSupply (HKLM-x32\...\{7902E313-FF0F-4493-ACB1-A8147B78DCD0}) (Version: 2.1.1.0000 - Hewlett Packard Development Company L.P.)
icecap_collection_neutral (HKLM-x32\...\{64F3E6FC-68E3-4062-9C2C-ABD93FDFF309}) (Version: 15.0.26208 - Microsoft Corporation) Hidden
icecap_collection_x64 (HKLM\...\{0AD162D1-4973-4315-97E9-5DE9A92B4049}) (Version: 15.0.26208 - Microsoft Corporation) Hidden
icecap_collectionresources (HKLM-x32\...\{12C50688-5919-4A7A-8784-B26A7238FCEE}) (Version: 15.0.26208 - Microsoft Corporation) Hidden
icecap_collectionresourcesx64 (HKLM-x32\...\{400E7885-8851-43F1-849C-5A720CB4F001}) (Version: 15.0.26208 - Microsoft Corporation) Hidden
IIS 10.0 Express (HKLM\...\{0148E8AA-4A50-4673-B532-DB9F30F804BE}) (Version: 10.0.1737 - Microsoft Corporation)
IIS Express Application Compatibility Database for x64 (HKLM\...\{08274920-8908-45c2-9258-8ad67ff77b09}.sdb) (Version:  - )
IIS Express Application Compatibility Database for x86 (HKLM\...\{ad846bae-d44b-4722-abad-f7420e08bcd9}.sdb) (Version:  - )
Inst5675 (HKLM\...\{2DE6247C-7077-451B-8BA7-FFD1A2ABBB47}) (Version: 8.00.57 - Softex Inc.) Hidden
Inst5676 (HKLM\...\{878F6913-7421-4713-97F7-0A736EE2A188}) (Version: 8.00.57 - Softex Inc.) Hidden
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.15.1730 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.4358 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.1.1000 - Intel Corporation)
IntelliTraceProfilerProxy (HKLM-x32\...\{51783942-DFB0-4452-97CC-BDF2D4AB3A48}) (Version: 15.0.24.0 - Microsoft Corporation) Hidden
Java 8 Update 121 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180121F0}) (Version: 8.0.1210.13 - Oracle Corporation)
Juniper Networks Host Checker (HKU\S-1-5-21-2396764291-716589420-1622641493-1001\...\Neoteris_Host_Checker) (Version: 8.0.4.31475 - Juniper Networks)
Juniper Networks Setup Client (HKU\S-1-5-21-2396764291-716589420-1622641493-1001\...\Juniper_Setup_Client) (Version: 8.0.4.47117 - Juniper Networks)
Juniper Networks Setup Client 64-bit Activex Control (HKLM\...\Juniper_Setup_Client Activex Control) (Version: 2.1.1.1 - Juniper Networks)
Juniper Terminal Services Client (HKU\S-1-5-21-2396764291-716589420-1622641493-1001\...\Juniper_Term_Services) (Version: 8.0.4.31475 - Juniper Networks)
LaserJet 1020 series (HKLM-x32\...\HP-LaserJet 1020 series) (Version:  - )
Malwarebytes version 3.6.1.2711 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.6.1.2711 - Malwarebytes)
MarketResearch (HKLM-x32\...\{175F0111-2968-4935-8F70-33108C6A4DE3}) (Version: 130.0.374.000 - Hewlett-Packard) Hidden
McAfee Safe Connect (HKLM-x32\...\{F210DAEC-9E43-467E-87E8-B02DA469CFFC}) (Version: 1.4.1.150 - McAfee, Inc)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.11.681.1 - McAfee, Inc.)
Microsoft AS OLE DB Provider for SQL Server 2016 (HKLM\...\{875FD7AC-E11F-4F3D-BA4E-BCED5E4B78FF}) (Version: 13.0.1601.5 - Microsoft Corporation)
Microsoft Azure Authoring Tools - v2.9.5.3 (HKLM\...\{086C537B-DE1A-4A11-8441-6AAF076174B8}) (Version: 2.9.8699.20 - Microsoft Corporation)
Microsoft Azure Compute Emulator - v2.9.5.3 (HKLM\...\Microsoft Azure Compute Emulator - v2.9.5.3) (Version: 2.9.8699.20 - Microsoft Corporation)
Microsoft Azure Libraries for .NET – v2.9 (HKLM\...\{C5C91AA6-3E83-430E-8B7A-6B790083F28D}) (Version: 3.0.0127.060 - Microsoft Corporation)
Microsoft Azure Mobile App SDK V2.0 (HKLM-x32\...\{829D812B-3F25-4E8B-B1DF-1AD09164684C}) (Version: 2.0.50130.0 - Microsoft Corporation)
Microsoft Azure PowerShell - September 2016 (HKLM-x32\...\{CB3F8A12-1570-4964-8206-17274AB9EF4D}) (Version: 2.1.0 - Microsoft Corporation)
Microsoft Azure Storage Emulator - v5.1 (HKLM-x32\...\Microsoft Azure Storage Emulator - v5.1) (Version: 5.1.1760.1722 - Microsoft Corporation)
Microsoft Help Viewer 1.1 (HKLM\...\Microsoft Help Viewer 1.1) (Version: 1.1.40219 - Microsoft Corporation)
Microsoft MPI (7.1.12437.25) (HKLM\...\{8499ACD3-C1E3-45AB-BF96-DA491727EBE1}) (Version: 7.1.12437.25 - Microsoft Corporation)
Microsoft Office Access database engine 2007 (English) (HKLM-x32\...\{90120000-00D1-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Office Proofing Tools 2013 - తెలుగు (HKLM-x32\...\{90150000-001F-044A-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2396764291-716589420-1622641493-1001\...\OneDriveSetup.exe) (Version: 18.222.1104.0007 - Microsoft Corporation)
Microsoft R Client (HKLM\...\{08C69A2C-62DE-48DB-9C1E-562A837FBB08}) (Version: 3.3.2.1944 - Microsoft)
Microsoft Report Viewer 2012 Runtime (HKLM-x32\...\{9CCE40CE-A9E6-4916-8729-B008558EEF3F}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server 2008 (HKLM-x32\...\Microsoft SQL Server 10 Release) (Version:  - Microsoft Corporation)
Microsoft SQL Server 2008 Browser (HKLM-x32\...\{C688457E-03FD-4941-923B-A27F4D42A7DD}) (Version: 10.0.1600.22 - Microsoft Corporation)
Microsoft SQL Server 2008 Native Client (HKLM\...\{C79A7EAB-9D6F-4072-8A6D-F8F54957CD93}) (Version: 10.0.1600.22 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Management Objects (HKLM-x32\...\{83F2B8F4-5CF3-4BE9-9772-9543EAE4AC5F}) (Version: 10.51.2500.0 - Microsoft Corporation)
Microsoft SQL Server 2008 Setup Support Files  (HKLM\...\{B40EE88B-400A-4266-A17B-E3DE64E94431}) (Version: 10.1.2731.0 - Microsoft Corporation)
Microsoft SQL Server 2008 Setup Support Files (English) (HKLM-x32\...\{9D6D76A6-4328-49E8-97A7-531A74841DA5}) (Version: 10.0.1600.22 - Microsoft Corporation)
Microsoft SQL Server 2012 (64-bit) (HKLM\...\Microsoft SQL Server SQLServer2012) (Version:  - Microsoft Corporation)
Microsoft SQL Server 2012 Express LocalDB  (HKLM\...\{13D558FE-A863-402C-B115-160007277033}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client  (HKLM\...\{1385D3DB-8E80-427B-91D2-B7535862B8E4}) (Version: 11.3.6518.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Setup (English) (HKLM\...\{8CB0713F-CFE0-445D-BCB2-538465860E1A}) (Version: 11.1.3128.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Transact-SQL Compiler Service  (HKLM\...\{BEB0F91E-F2EA-48A1-B938-7857ABF2A93D}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Transact-SQL ScriptDom  (HKLM\...\{0E8670B8-3965-4930-ADA6-570348B67153}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2016 LocalDB  (HKLM\...\{E359515A-92E6-4FA3-A2C9-E1BA02D8DE6E}) (Version: 13.0.1601.5 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (HKLM-x32\...\{C3F6F200-6D7B-4879-B9EE-700C0CE1FCDA}) (Version: 10.51.2500.0 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{0826F9E4-787E-481D-83E0-BC6A57B056D5}) (Version: 10.0.1600.22 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (x64) (HKLM\...\{F1949145-EB64-4DE7-9D81-E6D27937146C}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2016 (HKLM\...\{96EB5054-C775-4BEF-B7B9-AA96A295EDCD}) (Version: 13.0.1601.5 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2016 (HKLM-x32\...\{84C23ECA-FE4D-494F-9247-3EBAD57E7F0C}) (Version: 13.0.1601.5 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974 (HKLM-x32\...\{B7E38540-E355-3503-AFD7-635B2F2F76E1}) (Version: 9.0.30729.4974 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Runtime - 10.0.40219 (HKLM-x32\...\{5D9ED403-94DE-3BA0-B1D6-71F4BDA412E6}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.10.25008 (HKLM-x32\...\{f1e7e313-06df-4c56-96a9-99fdfd149c51}) (Version: 14.10.25008.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.10.25008 (HKLM-x32\...\{c239cea1-d49e-4e16-8e87-8c055765f7ec}) (Version: 14.10.25008.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Shell (Isolated) - ENU (HKLM-x32\...\{D64B6984-242F-32BC-B008-752806E5FC44}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2017 (HKLM-x32\...\{6F320B93-EE3C-4826-85E0-ADF79F8D4C61}) (Version: 1.10.30640.0 - Microsoft Corporation)
Microsoft Web Deploy 3.6 (HKLM\...\{5CB4DD27-6252-4C08-BFCF-22F6A110CBFA}) (Version: 10.0.1972 - Microsoft Corporation)
Movie Maker (HKLM-x32\...\{45898170-E68C-4F02-AA35-C2186BF347A3}) (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{B39A6825-EA20-43EA-AB2D-A6BC0298D9A1}) (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Norton Security Scan (HKLM-x32\...\NSS) (Version: 4.6.1.175 - Symantec Corporation)
Outils de vérification linguistique 2013 de Microsoft Office - Français (HKLM\...\{90150000-001F-040C-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
PowerISO (HKLM-x32\...\PowerISO) (Version: 4.8 - PowerISO Computing, Inc.)
Product Improvement Study for HP Deskjet 1510 series (HKLM\...\{EC27E742-EB04-4A2C-BA64-20271929528A}) (Version: 32.0.1180.44630 - Hewlett-Packard Co.)
Python 3.6.0 (64-bit) (HKU\S-1-5-21-2396764291-716589420-1622641493-1001\...\{37a4e38b-baf7-4500-97f1-0f7c51d9a395}) (Version: 3.6.150.0 - Python Software Foundation)
Python 3.6.0 (Anaconda3 4.3.0 64-bit) (HKLM\...\Python 3.6.0 (Anaconda3 4.3.0 64-bit)) (Version: 4.3.0 - Continuum Analytics, Inc.)
Python 3.6.0 Core Interpreter (64-bit symbols) (HKLM\...\{DFAA81ED-540F-47B5-9113-814CC427CFD8}) (Version: 3.6.150.0 - Python Software Foundation) Hidden
Python 3.6.0 Core Interpreter (64-bit) (HKLM\...\{1944B5D6-0FFB-47C0-BFEC-5C7A2F013FA7}) (Version: 3.6.150.0 - Python Software Foundation) Hidden
Python 3.6.0 Development Libraries (64-bit) (HKLM\...\{A6A3184B-748E-46F4-9E28-6B5889506170}) (Version: 3.6.150.0 - Python Software Foundation) Hidden
Python 3.6.0 Documentation (64-bit) (HKLM\...\{5D83032F-36B5-42E4-A114-D310119C6F51}) (Version: 3.6.150.0 - Python Software Foundation) Hidden
Python 3.6.0 Executables (64-bit symbols) (HKLM\...\{4A928E09-6798-46AB-A4F7-1B52CD164B3B}) (Version: 3.6.150.0 - Python Software Foundation) Hidden
Python 3.6.0 Executables (64-bit) (HKLM\...\{C0016766-8F63-4992-9E6F-ECFB2CB12BA6}) (Version: 3.6.150.0 - Python Software Foundation) Hidden
Python 3.6.0 pip Bootstrap (64-bit) (HKLM\...\{F9C1C892-4908-41F4-900C-7B0DAAF2387B}) (Version: 3.6.150.0 - Python Software Foundation) Hidden
Python 3.6.0 Standard Library (64-bit symbols) (HKLM\...\{90676013-5216-48EE-AC8D-07AC0C16DA50}) (Version: 3.6.150.0 - Python Software Foundation) Hidden
Python 3.6.0 Standard Library (64-bit) (HKLM\...\{F3CB2257-C4C7-4C84-AF63-BADCED1E3273}) (Version: 3.6.150.0 - Python Software Foundation) Hidden
Python 3.6.0 Tcl/Tk Support (64-bit symbols) (HKLM\...\{96C2F083-44B8-4388-B2A5-F48B75A25188}) (Version: 3.6.150.0 - Python Software Foundation) Hidden
Python 3.6.0 Tcl/Tk Support (64-bit) (HKLM\...\{E24AA157-AD52-42ED-B484-CA5979D4A728}) (Version: 3.6.150.0 - Python Software Foundation) Hidden
Python 3.6.0 Test Suite (64-bit symbols) (HKLM\...\{CFF9C3A7-86C3-410B-9DD1-F1617767D2D6}) (Version: 3.6.150.0 - Python Software Foundation) Hidden
Python 3.6.0 Test Suite (64-bit) (HKLM\...\{631C7E77-5832-40D1-9D6D-7B3766D79BDF}) (Version: 3.6.150.0 - Python Software Foundation) Hidden
Python 3.6.0 Utility Scripts (64-bit) (HKLM\...\{FE905DA4-0F23-4F99-9284-50BB4913CEB4}) (Version: 3.6.150.0 - Python Software Foundation) Hidden
Python Launcher (HKLM-x32\...\{A674B2CB-13CA-437B-A215-9DD257959A49}) (Version: 3.6.5835.0 - Python Software Foundation)
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.232 - Qualcomm Atheros)
Qualcomm Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 10.0 - Qualcomm Atheros)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.29070 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller All-In-One Windows Driver (HKLM-x32\...\{F7E7F0CB-AA41-4D5A-B6F2-8E6738EB063F}) (Version: 8.20.815.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7032 - Realtek Semiconductor Corp.)
Scan To (HKLM\...\{E8A34AC8-0137-4515-A94B-0A0946DDC251}) (Version: 1.0.1 - HP)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version:  - Microsoft)
SHAREit (HKLM-x32\...\SHAREit_is1) (Version: 3.4.0.1023 - Lenovo)
SQL Server 2012 Common Files (HKLM\...\{1D411379-9CE0-4B13-A19B-72D3222DD620}) (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
SQL Server 2012 Common Files (HKLM\...\{202AAF1F-69AA-442A-B59F-6B54B1AD07C6}) (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
SQL Server 2012 Management Studio (HKLM\...\{26BFF1F1-5C03-4C55-9C7C-FD65889AFA70}) (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
SQL Server 2012 Management Studio (HKLM\...\{A7037EB2-F953-4B12-B843-195F4D988DA1}) (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
Sql Server Customer Experience Improvement Program (HKLM-x32\...\{C965F01C-76EA-4BD7-973E-46236AE312D7}) (Version: 10.0.1600.22 - Microsoft Corporation) Hidden
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.3.31.31 - Synaptics Incorporated)
TypeScript Power Tool (HKLM-x32\...\{F0B4CA92-9642-4BE6-8449-A786AD4FA628}) (Version: 2.2.3.0 - Microsoft Corporation) Hidden
Update for  (KB2504637) (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation)
Update for Skype for Business 2015 (KB4461557) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{06CB9397-D762-4A2F-8D91-DFAD58D2BAED}) (Version:  - Microsoft)
Update for Skype for Business 2015 (KB4461557) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUS_{06CB9397-D762-4A2F-8D91-DFAD58D2BAED}) (Version:  - Microsoft)
Update for Skype for Business 2015 (KB4461557) 64-Bit Edition (HKLM\...\{90150000-012B-0409-1000-0000000FF1CE}_Office15.PROPLUS_{06CB9397-D762-4A2F-8D91-DFAD58D2BAED}) (Version:  - Microsoft)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{9CBA860F-7437-4A75-941C-8EF559F2D145}) (Version: 2.52.0.0 - Microsoft Corporation)
UpdateAssistant (HKLM-x32\...\{4E67FF7F-C24E-4279-9AB2-C26D57B53742}) (Version: 1.3.0.0 - Microsoft Corporation) Hidden
vcpp_crt.redist.clickonce (HKLM-x32\...\{93FDC294-0726-48EA-989D-50E89C67ABF0}) (Version: 14.10.25008 - Microsoft Corporation) Hidden
Visual Studio 2010 Prerequisites - English (HKLM\...\{662014D2-0450-37ED-ABAE-157C88127BEB}) (Version: 10.0.40219 - Microsoft Corporation)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.6 - VideoLAN)
VS JIT Debugger (HKLM\...\{2901E697-0E9C-404B-B7D0-6E2D43F64CE5}) (Version: 16.0.59.0 - Microsoft Corporation) Hidden
VS Script Debugging Common (HKLM\...\{3B64C68E-14E0-4214-A53D-502E9FBD32E7}) (Version: 16.0.59.0 - Microsoft Corporation) Hidden
VS WCF Debugging (HKLM\...\{9E1EF6F7-ED70-4BD8-A1AE-83C5DEF0DA91}) (Version: 16.0.59.0 - Microsoft Corporation) Hidden
vs_BlendMsi (HKLM-x32\...\{1070C8E8-4DFB-419F-984A-5C835828897E}) (Version: 15.0.26208 - Microsoft Corporation) Hidden
vs_clickoncebootstrappermsi (HKLM-x32\...\{B9F4AA09-F4AC-4108-ADA0-27CDD45FCEC3}) (Version: 15.0.26208 - Microsoft Corporation) Hidden
vs_clickoncebootstrappermsires (HKLM-x32\...\{AEF5E0F2-31D1-454A-A992-C523C0007B4D}) (Version: 15.0.26208 - Microsoft Corporation) Hidden
vs_clickoncesigntoolmsi (HKLM-x32\...\{DE8B48BF-82B9-434A-B254-1EA2306E5FBA}) (Version: 15.0.26208 - Microsoft Corporation) Hidden
vs_communitymsi (HKLM-x32\...\{A041943F-C97B-48F6-8F23-C5078F99BB3A}) (Version: 15.0.26323 - Microsoft Corporation) Hidden
vs_communitymsires (HKLM-x32\...\{1210EE60-E253-407D-B537-D36898049CF0}) (Version: 15.0.26228 - Microsoft Corporation) Hidden
vs_devenvmsi (HKLM-x32\...\{581E5656-26E2-4A02-9711-48C8E4998310}) (Version: 15.0.26208 - Microsoft Corporation) Hidden
vs_filehandler_amd64 (HKLM-x32\...\{15D591B0-7B40-4957-B6C0-EB7452B5AAB6}) (Version: 15.0.26228 - Microsoft Corporation) Hidden
vs_filehandler_x86 (HKLM-x32\...\{DC296244-0701-4EDE-9696-05B9C1D017B3}) (Version: 15.0.26228 - Microsoft Corporation) Hidden
vs_FileTracker_Singleton (HKLM-x32\...\{11230C85-1813-4BC3-9C24-E0B74B59653E}) (Version: 15.0.26208 - Microsoft Corporation) Hidden
vs_minshellinteropmsi (HKLM-x32\...\{9477F337-FD16-4ACA-8217-E2D7A0F92603}) (Version: 15.0.26301 - Microsoft Corporation) Hidden
vs_minshellmsi (HKLM-x32\...\{497A5ACE-DA03-4412-A110-910B2C450720}) (Version: 15.0.26424 - Microsoft Corporation) Hidden
vs_minshellmsires (HKLM-x32\...\{A8B77523-13AB-46B9-B54F-5483E09668F9}) (Version: 15.0.26228 - Microsoft Corporation) Hidden
vs_SQLClickOnceBootstrappermsi (HKLM-x32\...\{D396CF10-5F2B-417D-9571-0B669B99440E}) (Version: 15.0.26208 - Microsoft Corporation) Hidden
vs_tipsmsi (HKLM-x32\...\{A32A9CF6-E7AA-48B8-A3D3-50C157E69F53}) (Version: 15.0.26208 - Microsoft Corporation) Hidden
vs2015_redist x86 (HKLM-x32\...\{BD46163A-0331-4A61-B65A-7B66D7C93F8E}) (Version: 1.0.0.0 - Realnetworks) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)
Windows Setup Remediations (x64) (KB4023057) (HKLM\...\{5534e02f-0f5d-40dd-ba92-bea38d22384d}.sdb) (Version:  - )
WinRAR archiver (HKLM-x32\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
WinZip 19.0 (HKLM-x32\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240E4}) (Version: 19.0.11293 - WinZip Computing, S.L. )
Xamarin PCL Profiles v1.0.9 (HKLM-x32\...\{5E6844AB-A867-419C-A376-B12B574AA5F7}) (Version: 1.0.9.0 - Xamarin) Hidden
Xamarin Workbooks and Inspector (HKLM-x32\...\{4C9771FB-6EB6-4E89-A2BE-BDE8B61C1BEC}) (Version: 1.2.2.9000 - Xamarin) Hidden
Xamarin.Bonjour v1.0.13 (HKLM-x32\...\{32B2DF61-DE93-4AF9-A7A6-79B03299A0AA}) (Version: 1.0.13.0 - Xamarin) Hidden
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-2396764291-716589420-1622641493-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-01-16] (AVAST Software)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2010-11-19] (Igor Pavlov)
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-01-16] (AVAST Software)
ContextMenuHandlers1: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll [2013-08-30] (Cyberlink)
ContextMenuHandlers1: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\Program Files (x86)\PowerISO\PWRISOSH.DLL [2011-06-15] (PowerISO Computing, Inc.)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2010-02-10] ()
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2010-02-10] ()
ContextMenuHandlers1-x32: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files (x86)\WinZip\wzshls64.dll [2014-10-21] (WinZip Computing, S.L.)
ContextMenuHandlers2: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll [2013-08-30] (Cyberlink)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-01-16] (AVAST Software)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-09-19] (Malwarebytes)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2010-11-19] (Igor Pavlov)
ContextMenuHandlers4: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\Program Files (x86)\PowerISO\PWRISOSH.DLL [2011-06-15] (PowerISO Computing, Inc.)
ContextMenuHandlers4: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2010-02-10] ()
ContextMenuHandlers4-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2010-02-10] ()
ContextMenuHandlers4-x32: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files (x86)\WinZip\wzshls64.dll [2014-10-21] (WinZip Computing, S.L.)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2017-02-19] (Intel Corporation)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-01-16] (AVAST Software)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-09-19] (Malwarebytes)
ContextMenuHandlers6: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\Program Files (x86)\PowerISO\PWRISOSH.DLL [2011-06-15] (PowerISO Computing, Inc.)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2010-02-10] ()
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2010-02-10] ()
ContextMenuHandlers6-x32: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files (x86)\WinZip\wzshls64.dll [2014-10-21] (WinZip Computing, S.L.)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {13AB4E11-94AD-42F6-BBDC-DB98BD4598ED} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2017-08-18] (Synaptics Incorporated)
Task: {305411D9-2C98-4077-8D4E-320F93045A4A} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1812.3-0\MpCmdRun.exe [2018-12-20] (Microsoft Corporation)
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\WINDOWS\System32\AutoWorkplace.exe
Task: {3B6BF414-4677-4BAE-A1B3-E979BEBB3400} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1812.3-0\MpCmdRun.exe [2018-12-20] (Microsoft Corporation)
Task: {3BBB5703-DF9F-44E4-A907-843770C515E3} - System32\Tasks\HPCustParticipation HP Deskjet 1510 series => C:\Program Files\HP\HP Deskjet 1510 series\Bin\HPCustPartic.exe [2013-08-13] (Hewlett-Packard Co.)
Task: {3FCE07DA-FA03-481A-9753-15671716A192} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe [2019-01-16] (AVAST Software)
Task: {47F31D86-1161-459F-AEC2-5F2FD23D796B} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2018-12-10] (Piriform Ltd)
Task: {488247CC-E79C-4909-BFF8-5741C785F306} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {49E1994F-18C9-4402-8A76-7EFBFBAAE08A} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {4A18A257-4F0C-4FCB-BD07-E421479D9800} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1812.3-0\MpCmdRun.exe [2018-12-20] (Microsoft Corporation)
Task: {623ADDC2-D533-4BA3-AAEF-0BCEE7D246E5} - System32\Tasks\CLVDLauncher => C:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2013-03-12] (CyberLink Corp.)
Task: {6298FF05-AE32-46EE-BB30-31FA1D549300} - System32\Tasks\Norton Security Scan for MSrao => C:\Program Files (x86)\Norton Security Scan\Engine\4.6.1.175\Nss.exe [2018-03-27] (Symantec Corporation)
Task: {65B85F6F-35B3-4459-A179-28255D5B7B25} - System32\Tasks\Microsoft\Windows\HelloFace\FODCleanupTask => C:\WINDOWS\System32\WinBioPlugIns\FaceFodUninstaller.exe [2018-04-12] ()
Task: {6DFA73EA-AAD9-4799-AA2C-5A829686E97B} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2013-08-05] (CyberLink)
Task: {6F741E8A-00D7-4315-BE71-F47FCF8EF74D} - \Optimize Start Menu Cache Files-S-1-5-21-2396764291-716589420-1622641493-1001 -> No File <==== ATTENTION
Task: {7F7E3A01-6906-49A3-ADA4-3C6B799633B4} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2012-11-30] (Hewlett-Packard Company)
Task: {85C7E195-5EE8-4818-8213-0D50ECAFDE32} - System32\Tasks\{3F53B05D-A900-4806-9BCB-3FD1DFD6DAB2} => C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\Zenographics\{8C350527-A381-4CCE-A501-35D79913F64B}\SETUP.EXE" -c -u "HPLJInstaller.dll=Hplj1020.inf"
Task: {86D16ED1-1A5C-40C7-BBC4-E31C8B45400A} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2018-12-10] (Piriform Software Ltd)
Task: {8CADBC3F-6C74-44AF-B4D1-6A8AA9FF8F8F} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {8D954178-4C36-4F51-A246-D3EDEC7A8D91} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-08-30] (Hewlett-Packard Company)
Task: {914D4594-EB06-44C8-A77E-B49628FE6FAA} - \RealDownloaderRealUpgradeScheduledTaskS-1-5-21-2396764291-716589420-1622641493-1001 -> No File <==== ATTENTION
Task: {92AC97BB-CC70-4E92-9262-78022C5163C6} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-10-05] (Google Inc.)
Task: {9F613C28-1929-4D5B-B78D-4120BB4C3AFE} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-10-05] (Google Inc.)
Task: {AE6D66B8-D996-4F00-BFE7-925DEBD11E70} - \WPD\SqmUpload_S-1-5-21-2396764291-716589420-1622641493-1001 -> No File <==== ATTENTION
Task: {C10B69E6-1419-4AD4-A820-031296D58983} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-08-14] (Adobe Systems Incorporated)
Task: {C2378BBD-F1FC-4F08-A03C-3D7D8DE60FBF} - \RealDownloader Update Check -> No File <==== ATTENTION
Task: {D42B209D-7F22-43ED-B545-FBE6B963F786} - \RealDownloaderRealUpgradeLogonTaskS-1-5-21-2396764291-716589420-1622641493-1001 -> No File <==== ATTENTION
Task: {DDAA595F-1493-4B2F-A488-EE206209FB64} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1812.3-0\MpCmdRun.exe [2018-12-20] (Microsoft Corporation)
Task: {F010DDD0-4EE2-4D6C-91EA-6EEC0684BA91} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {F7EE1A3D-3E0C-4515-A1D7-9BA10C51C460} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2019-01-16] (AVAST Software)
Task: {F7FC4DB2-DF3F-4905-8FE0-1CA27379257F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-08-30] (Hewlett-Packard Company)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
==================== Loaded Modules (Whitelisted) ==============
 
2018-04-12 05:04 - 2018-04-12 05:04 - 000491744 _____ () C:\Windows\System32\InputHost.dll
2013-10-15 00:53 - 2013-10-15 00:53 - 000109568 _____ () C:\Program Files\Hewlett-Packard\SimplePass\cachesrvr.exe
2013-10-15 00:54 - 2013-10-15 00:54 - 000627200 _____ () C:\Program Files\Hewlett-Packard\SimplePass\cachedrv.dll
2013-10-15 00:55 - 2013-10-15 00:55 - 002541056 _____ () C:\Program Files\Hewlett-Packard\SimplePass\autheng.dll
2013-10-15 00:52 - 2013-10-15 00:52 - 000035328 _____ () C:\Program Files\Hewlett-Packard\SimplePass\ssplogon.dll
2013-10-15 00:52 - 2013-10-15 00:52 - 000055296 _____ () C:\Program Files\Hewlett-Packard\SimplePass\RandomPass.dll
2013-10-15 00:52 - 2013-10-15 00:52 - 000021504 _____ () C:\Program Files\Hewlett-Packard\SimplePass\cryptodll.dll
2013-10-15 01:05 - 2013-10-15 01:05 - 000306064 _____ () C:\Program Files\Hewlett-Packard\SimplePass\mstrpwd.dll
2013-10-15 01:05 - 2013-10-15 01:05 - 001297296 _____ () C:\Program Files\Hewlett-Packard\SimplePass\GraphicalPwd.dll
2019-01-16 14:09 - 2019-01-16 14:09 - 000667016 _____ () c:\program files\avast software\avast\streamback.dll
2019-01-16 14:16 - 2019-01-16 14:16 - 006912144 _____ () c:\program files\avast software\avast\defs\19011600\algo64.dll
2019-01-16 14:09 - 2019-01-16 14:09 - 000550792 _____ () C:\Program Files\AVAST Software\Avast\gui_cache.dll
2019-01-16 14:09 - 2019-01-16 14:09 - 001175944 _____ () C:\Program Files\AVAST Software\Avast\hns_tools.dll
2019-01-16 14:09 - 2019-01-16 14:09 - 001967496 _____ () C:\Program Files\AVAST Software\Avast\shepherdsync.dll
2014-07-24 10:31 - 2012-09-18 15:27 - 000192512 _____ () C:\WINDOWS\System32\zlhp1020.dll
2015-04-03 13:02 - 2009-11-20 13:43 - 000405504 _____ () C:\WINDOWS\System32\HPM1210LM.DLL
2015-09-22 13:22 - 2012-09-18 15:27 - 000065024 _____ () C:\WINDOWS\system32\spool\PRTPROCS\x64\pphp1020.dll
2015-04-03 13:59 - 2009-11-20 13:43 - 000074240 _____ () C:\WINDOWS\system32\spool\PRTPROCS\x64\HPM1210PP.dll
2019-01-05 18:19 - 2018-11-15 11:01 - 002712432 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2019-01-05 18:19 - 2018-11-21 11:07 - 002842608 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2018-04-12 05:04 - 2018-04-12 05:04 - 000472064 _____ () C:\Windows\ShellExperiences\TileControl.dll
2018-12-20 20:00 - 2018-11-09 07:47 - 002759680 _____ () C:\Windows\ShellComponents\TaskFlowUI.dll
2018-07-21 06:43 - 2018-06-15 23:00 - 001308672 _____ () c:\windows\system32\FaceProcessor.dll
2018-07-21 06:42 - 2018-06-15 23:25 - 000542888 _____ () c:\windows\system32\FaceProcessorCore.dll
2018-04-12 05:04 - 2018-04-12 05:04 - 001348664 _____ () c:\windows\system32\FaceTrackerInternal.dll
2013-10-15 01:00 - 2013-10-15 01:00 - 000065024 _____ () C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe
2018-06-28 21:40 - 2018-06-28 21:43 - 001922224 _____ () C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_17.10314.31700.1000_x64__8wekyb3d8bbwe\Microsoft.Applications.Telemetry.Windows.dll
2019-01-16 12:29 - 2019-01-09 13:40 - 002185728 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2018-11-28 21:16 - 2018-11-28 21:16 - 000061408 _____ () C:\Program Files\CCleaner\branding.dll
2019-01-16 14:14 - 2019-01-16 14:15 - 093695912 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2018-12-22 21:31 - 2018-12-12 10:41 - 005237216 _____ () C:\Program Files (x86)\Google\Chrome\Application\71.0.3578.98\libglesv2.dll
2018-12-22 21:31 - 2018-12-12 10:41 - 000117216 _____ () C:\Program Files (x86)\Google\Chrome\Application\71.0.3578.98\libegl.dll
2014-02-13 23:59 - 2013-08-05 13:19 - 000627672 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2013-08-06 05:18 - 2013-08-06 05:18 - 000016856 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2014-02-13 23:39 - 2013-09-17 02:50 - 001242584 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
2009-10-15 18:44 - 2009-10-15 18:44 - 000067128 _____ () C:\Program Files (x86)\HP\HP UT LEDM\bin\HPTools.dll
2009-10-15 18:44 - 2009-10-15 18:44 - 000075320 _____ () C:\Program Files (x86)\HP\HP UT LEDM\bin\HPToolkit.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\S-1-5-21-2396764291-716589420-1622641493-1001\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-2396764291-716589420-1622641493-1001\...\webcompanion.com -> hxxp://webcompanion.com
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 18:55 - 2018-02-17 18:59 - 000000857 _____ C:\WINDOWS\system32\Drivers\etc\hosts
 
0.0.0.1 mssplus.mcafee.com
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-2396764291-716589420-1622641493-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\MSrao\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\PhotosAppBackground\WhatsApp Image 2018-10-27 at 19.12.50.jpeg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
If an entry is included in the fixlist, it will be removed.
 
HKLM\...\StartupApproved\StartupFolder: => "McAfee Security Scan Plus.lnk"
HKLM\...\StartupApproved\Run32: => "EaseUS Cleanup"
HKLM\...\StartupApproved\Run32: => "EaseUS EPM tray"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKU\S-1-5-21-2396764291-716589420-1622641493-1001\...\StartupApproved\Run: => "BingSvc"
HKU\S-1-5-21-2396764291-716589420-1622641493-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-2396764291-716589420-1622641493-1001\...\StartupApproved\Run: => "Skype"
HKU\S-1-5-21-2396764291-716589420-1622641493-1001\...\StartupApproved\Run: => "McAfeeSafeConnect"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{C98EB4C9-D59F-4758-9F20-C0BC6ABE2995}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{170ABE15-9325-4C37-8616-008DF5DE7482}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{3A0AF2D3-1FEB-49D6-A440-83EFE3747691}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{55CE8834-845F-4B57-A2E1-5D5D949314A3}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{018FDC5C-2CE3-4AFD-BAB6-E463C03CABE6}] => (Allow) C:\Program Files\Microsoft MPI\Bin\smpd.exe
FirewallRules: [{45BDD6BA-8DED-4D48-A5AB-D6D5CFAA8711}] => (Allow) C:\Program Files\Microsoft MPI\Bin\smpd.exe
FirewallRules: [{CCED07B5-77AE-42E0-8B43-AFC8565F3FB5}] => (Allow) C:\Program Files\Microsoft MPI\Bin\mpiexec.exe
FirewallRules: [{6216D5EF-A523-483B-A233-E27495930FA0}] => (Allow) C:\Program Files\Microsoft MPI\Bin\mpiexec.exe
FirewallRules: [{CF6E9296-BD21-427A-9D4E-CCFCD6428188}] => (Allow) C:\Program Files\Microsoft MPI\Bin\msmpilaunchsvc.exe
FirewallRules: [{AC82C43D-923F-4AAB-A122-11112B582759}] => (Allow) C:\Program Files\Microsoft MPI\Bin\msmpilaunchsvc.exe
FirewallRules: [{AF7FC192-4670-469E-AA51-6FA51AECFEB0}] => (Allow) C:\Program Files\HP\HP Deskjet 1510 series\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{E0DB41ED-6484-4E9F-B8AF-8B17C6C06F8E}] => (Allow) C:\Program Files\HP\HP Deskjet 1510 series\Bin\USBSetup.exe
FirewallRules: [{F913855A-C0F7-43BA-950B-664E55CB2C75}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD.exe
FirewallRules: [{826A178B-A753-401C-AAE9-808549BE92F9}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12ML.exe
FirewallRules: [{6E5910D8-EF3C-4659-BEFD-681A394CC06E}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
FirewallRules: [{E92726C0-4F81-4157-9A62-9DE917DB2EE1}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12.exe
FirewallRules: [{A3B3EED6-272B-4BDC-9524-3EFF49316B81}] => (Allow) LPort=1900
FirewallRules: [{82BD1C26-D295-407A-ABAA-B13B70C8E14F}] => (Allow) LPort=2869
FirewallRules: [{72611719-EE7A-4741-879E-509725C62347}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{9B433D69-3E4B-4CBA-8EA5-0DE4C3153884}] => (Allow) C:\Program Files (x86)\SHAREit\SHAREit\SHAREit.exe
FirewallRules: [{5054D19D-2922-4B43-90B6-16DDCA29F0D0}] => (Allow) C:\Program Files (x86)\SHAREit\SHAREit\SHAREit.exe
FirewallRules: [{FDB9602A-B24C-4741-BFFC-71D4423B5738}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{634C2D89-1F53-434B-9E60-47436174D999}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{972AD853-F360-40D4-A0CA-F346347CB544}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{1490138C-6036-4DDD-9CDA-CB51BA50ACD0}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{854E021B-63C5-4422-B595-1B351396543B}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{F458E83B-EBB8-4D00-A4A9-3443EC0E9C51}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe
FirewallRules: [{35E639C5-2854-4E2F-97E7-BE37C2952E57}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe
FirewallRules: [{BB80DB23-AB71-47D5-A9FC-D5314A34B58E}] => (Allow) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe
FirewallRules: [{5169239F-1ABF-4096-99EF-5A1E5FBBFF6E}] => (Allow) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe
 
==================== Restore Points =========================
 
10-01-2019 21:52:50 Windows Update
16-01-2019 11:15:34 Windows Update
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (01/16/2019 02:59:54 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Local Hostname Maddikunta.local already in use; will try Maddikunta-2.local instead
 
Error: (01/16/2019 02:59:54 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: ProbeCount 2; will deregister    4 Maddikunta.local. Addr 192.168.1.10
 
Error: (01/16/2019 02:59:54 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.1.10:5353   16 Maddikunta.local. AAAA FDC8:94BB:956C:EF00:D1DE:F904:27DC:56DE
 
Error: (01/16/2019 02:54:27 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1703
 
Error: (01/16/2019 02:54:27 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1703
 
Error: (01/16/2019 02:54:27 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (01/16/2019 02:40:38 PM) (Source: MSSQL$SQLEXPRESS) (EventID: 8317) (User: )
Description: Cannot query value 'First Counter' associated with registry key 'HKLM\SYSTEM\CurrentControlSet\Services\MSSQL$SQLEXPRESS\Performance'. SQL Server performance counters are disabled.
 
Error: (01/16/2019 02:13:30 PM) (Source: ESENT) (EventID: 489) (User: )
Description: taskhostw (6736,G,0) An attempt to open the file "C:\Users\MSrao\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat" for read only access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ".  The open file operation will fail with error -1032 (0xfffffbf8).
 
 
System errors:
=============
Error: (01/16/2019 02:54:19 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The CyberLink PowerDVD 12 Media Server Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (01/16/2019 02:51:15 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (01/16/2019 02:45:37 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Downloaded Maps Manager service hung on starting.
 
Error: (01/16/2019 02:44:16 PM) (Source: DCOM) (EventID: 10016) (User: MADDIKUNTA)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user Maddikunta\MSrao SID (S-1-5-21-2396764291-716589420-1622641493-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (01/16/2019 02:43:19 PM) (Source: DCOM) (EventID: 10001) (User: MADDIKUNTA)
Description: Unable to start a DCOM Server: microsoft.windowscommunicationsapps_16005.11029.20108.0_x64__8wekyb3d8bbwe!microsoft.windowslive.calendar.AppXwkn9j84yh1kvnt49k5r8h6y1ecsv09hs.mca as Unavailable/Unavailable. The error:
"0"
Happened while starting this command:
"C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11029.20108.0_x64__8wekyb3d8bbwe\HxTsr.exe" -ServerName:Hx.IPC.Server
 
Error: (01/16/2019 02:43:18 PM) (Source: DCOM) (EventID: 10001) (User: MADDIKUNTA)
Description: Unable to start a DCOM Server: microsoft.windowscommunicationsapps_16005.11029.20108.0_x64__8wekyb3d8bbwe!microsoft.windowslive.calendar.AppXwkn9j84yh1kvnt49k5r8h6y1ecsv09hs.mca as Unavailable/Unavailable. The error:
"0"
Happened while starting this command:
"C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11029.20108.0_x64__8wekyb3d8bbwe\HxTsr.exe" -ServerName:Hx.IPC.Server
 
Error: (01/16/2019 02:43:17 PM) (Source: DCOM) (EventID: 10001) (User: MADDIKUNTA)
Description: Unable to start a DCOM Server: microsoft.windowscommunicationsapps_16005.11029.20108.0_x64__8wekyb3d8bbwe!Windows.Networking.BackgroundTransfer.Internal.NetworkChangeTask.ClassId.4 as Unavailable/Unavailable. The error:
"298"
Happened while starting this command:
"BackgroundTransferHost.exe" -ServerName:BackgroundTransferHost.4
 
Error: (01/16/2019 02:41:26 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Presentation Foundation Font Cache 3.0.0.0 service failed to start due to the following error: 
The service did not respond to the start or control request in a timely fashion.
 
 
Windows Defender:
===================================
Date: 2018-12-23 15:45:56.640
Description: 
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {428286AD-378C-45D3-83D2-A17E70801A81}
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2018-12-23 14:33:51.024
Description: 
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {12B7ABC6-6DB3-4459-A670-863BEF673231}
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2018-11-18 14:58:14.061
Description: 
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {972E5957-16BD-4151-A114-93B79B0B8230}
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2018-11-10 09:24:58.191
Description: 
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {10DB1807-8510-4F9A-87E6-081F0234C3C6}
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2018-11-07 21:36:54.594
Description: 
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {B50CC1DB-9C95-487E-83F1-E8FF807743CE}
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2018-12-22 20:17:50.945
Description: 
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version: 
Previous Signature Version: 1.283.743.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.15500.2
Error code: 0x80070020
Error description: The process cannot access the file because it is being used by another process. 
 
Date: 2018-12-22 20:17:50.945
Description: 
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version: 
Previous Signature Version: 1.283.743.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiSpyware
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.15500.2
Error code: 0x80070020
Error description: The process cannot access the file because it is being used by another process. 
 
Date: 2018-12-22 20:17:50.945
Description: 
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version: 
Previous Signature Version: 1.283.743.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.15500.2
Error code: 0x80070020
Error description: The process cannot access the file because it is being used by another process. 
 
Date: 2018-12-22 20:14:40.459
Description: 
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version: 
Previous Signature Version: 1.283.743.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.15500.2
Error code: 0x80240016
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. 
 
Date: 2018-12-20 20:24:53.852
Description: 
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version: 
Previous Signature Version: 1.283.743.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.15500.2
Error code: 0x800705b4
Error description: This operation returned because the timeout period expired. 
 
CodeIntegrity:
===================================
 
Date: 2018-10-28 11:29:35.267
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume4\Prog

#3 koolsam

koolsam

    SWI Junkie

  • Full Member
  • PipPipPipPip
  • 262 posts

Posted 16 January 2019 - 04:04 AM

Result of Security Analysis by Rocket Grannie (x86) Updated: 16th, december 2018
Running from:C:\Users\MSrao\Downloads (15:24:37 - 01/16/2019)
***---------------------------------------------------------***
Microsoft Windows 10 Home Single Language X64
UAC is Enabled
Internet Explorer 11
Default Browser: Google Chrome
***------------Antivirus - Antispyware - Firewall-----------***
Avast Antivirus (Disabled - Not up to Date)
Windows Defender (Enabled - up to Date)
Windows Defender (Enabled - up to Date)
Avast Antivirus (Disabled - Not up to Date)
Windows Firewall (Enabled)
No other Firewall Installed
***-------Security Programs - Browsers - Miscellaneous------***
Adobe Flash Player NPAPI is not installed
Adobe Acrobat Reader DC (19.010.20069)
CCleaner (5.51)
Google Chrome (71.0.3578.98)
Java (8.0.1210.13) ==> is out of Date
Malwarebytes (3.6.1.2711)
Windows Live Essentials (16.4.3508.0205) ==> is no longer supported
 
***----------------Analysis Complete-------------------------***

#4 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,259 posts

Posted 16 January 2019 - 07:50 AM

Hello, Welcome to SpywareInfoForum.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

I suggest you remove all traces of Norton using their uninstaller.
Download and run their uninstaller tool from this site.
https://support.nort...erProfile_en_us

Restart the computer when the removal is completed.
-----

Press the windows key Press the Windows key + r on your keyboard at the same time. This will open the RUN BOX.+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

HKU\S-1-5-21-2396764291-716589420-1622641493-1001\...\Run: [BingSvc] => C:\Users\MSrao\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2015-11-05] (© 2015 Microsoft Corporation)
SearchScopes: HKU\S-1-5-21-2396764291-716589420-1622641493-1001 -> {C0C3A6C6-03BC-4195-8FCB-AEA091301353} URL = hxxps://in.search.yahoo.com/yhs/search?hspart=lvs&hsimp=yhs-awc&type=lvs__webcompa__1_0__ya__ch_WCYID10440__171203__yaie&p={searchTerms}
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK => not found
FF HKU\S-1-5-21-2396764291-716589420-1622641493-1001\...\SeaMonkey\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi => not found
CHR Extension: (MSN Homepage) - C:\Users\MSrao\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkkcgfbgohboipdhliafmacjnhjbhmim [2018-03-10]
CHR HKLM\...\Chrome\Extension: [jeaohhlajejodfjadcponpnjgkiikocn] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx <not found>
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx <not found>
CHR HKU\S-1-5-21-2396764291-716589420-1622641493-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fkkcgfbgohboipdhliafmacjnhjbhmim] - hxxps://clients2.google.com/service/update2/crx

ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
Task: {6F741E8A-00D7-4315-BE71-F47FCF8EF74D} - \Optimize Start Menu Cache Files-S-1-5-21-2396764291-716589420-1622641493-1001 -> No File <==== ATTENTION
Task: {8CADBC3F-6C74-44AF-B4D1-6A8AA9FF8F8F} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {914D4594-EB06-44C8-A77E-B49628FE6FAA} - \RealDownloaderRealUpgradeScheduledTaskS-1-5-21-2396764291-716589420-1622641493-1001 -> No File <==== ATTENTION
Task: {AE6D66B8-D996-4F00-BFE7-925DEBD11E70} - \WPD\SqmUpload_S-1-5-21-2396764291-716589420-1622641493-1001 -> No File <==== ATTENTION
Task: {C2378BBD-F1FC-4F08-A03C-3D7D8DE60FBF} - \RealDownloader Update Check -> No File <==== ATTENTION
Task: {D42B209D-7F22-43ED-B545-FBE6B963F786} - \RealDownloaderRealUpgradeLogonTaskS-1-5-21-2396764291-716589420-1622641493-1001 -> No File <==== ATTENTION
IE trusted site: HKU\S-1-5-21-2396764291-716589420-1622641493-1001\...\webcompanion.com -> hxxp://webcompanion.com

cmd: ipconfig /flushdns
cmd: IPCONFIG /release
cmd: IPCONFIG /renew

Reboot:

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Please let me know what problem persists.
If you get any error message from the operating system please post them.
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#5 koolsam

koolsam

    SWI Junkie

  • Full Member
  • PipPipPipPip
  • 262 posts

Posted 18 January 2019 - 03:20 AM

Fix result of Farbar Recovery Scan Tool (x64) Version: 28.09.2018
Ran by MSrao (18-01-2019 14:09:02) Run:1
Running from C:\Users\MSrao\Downloads
Loaded Profiles: MSrao (Available Profiles: MSrao & DefaultAppPool)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
start
 
CreateRestorePoint:
EmptyTemp:
CloseProcesses:
 
HKU\S-1-5-21-2396764291-716589420-1622641493-1001\...\Run: [BingSvc] => C:\Users\MSrao\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2015-11-05] (� 2015 Microsoft Corporation)
SearchScopes: HKU\S-1-5-21-2396764291-716589420-1622641493-1001 -> {C0C3A6C6-03BC-4195-8FCB-AEA091301353} URL = hxxps://in.search.yahoo.com/yhs/search?hspart=lvs&hsimp=yhs-awc&type=lvs__webcompa__1_0__ya__ch_WCYID10440__171203__yaie&p={searchTerms}
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK => not found
FF HKU\S-1-5-21-2396764291-716589420-1622641493-1001\...\SeaMonkey\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi => not found
CHR Extension: (MSN Homepage) - C:\Users\MSrao\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkkcgfbgohboipdhliafmacjnhjbhmim [2018-03-10]
CHR HKLM\...\Chrome\Extension: [jeaohhlajejodfjadcponpnjgkiikocn] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx <not found>
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx <not found>
CHR HKU\S-1-5-21-2396764291-716589420-1622641493-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fkkcgfbgohboipdhliafmacjnhjbhmim] - hxxps://clients2.google.com/service/update2/crx
 
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
Task: {6F741E8A-00D7-4315-BE71-F47FCF8EF74D} - \Optimize Start Menu Cache Files-S-1-5-21-2396764291-716589420-1622641493-1001 -> No File <==== ATTENTION
Task: {8CADBC3F-6C74-44AF-B4D1-6A8AA9FF8F8F} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {914D4594-EB06-44C8-A77E-B49628FE6FAA} - \RealDownloaderRealUpgradeScheduledTaskS-1-5-21-2396764291-716589420-1622641493-1001 -> No File <==== ATTENTION
Task: {AE6D66B8-D996-4F00-BFE7-925DEBD11E70} - \WPD\SqmUpload_S-1-5-21-2396764291-716589420-1622641493-1001 -> No File <==== ATTENTION
Task: {C2378BBD-F1FC-4F08-A03C-3D7D8DE60FBF} - \RealDownloader Update Check -> No File <==== ATTENTION
Task: {D42B209D-7F22-43ED-B545-FBE6B963F786} - \RealDownloaderRealUpgradeLogonTaskS-1-5-21-2396764291-716589420-1622641493-1001 -> No File <==== ATTENTION
IE trusted site: HKU\S-1-5-21-2396764291-716589420-1622641493-1001\...\webcompanion.com -> hxxp://webcompanion.com
 
cmd: ipconfig /flushdns
cmd: IPCONFIG /release
cmd: IPCONFIG /renew
 
Reboot:
 
End
*****************
 
Restore point was successfully created.
Processes closed successfully.
"HKU\S-1-5-21-2396764291-716589420-1622641493-1001\Software\Microsoft\Windows\CurrentVersion\Run\\BingSvc" => removed successfully
"HKU\S-1-5-21-2396764291-716589420-1622641493-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{C0C3A6C6-03BC-4195-8FCB-AEA091301353}" => removed successfully
HKLM\Software\Classes\CLSID\{C0C3A6C6-03BC-4195-8FCB-AEA091301353} => not found
"HKLM\Software\Wow6432Node\Mozilla\Thunderbird\Extensions\\msktbird@mcafee.com" => removed successfully
"HKU\S-1-5-21-2396764291-716589420-1622641493-1001\Software\Mozilla\SeaMonkey\Extensions\\mozilla_cc2@internetdownloadmanager.com" => removed successfully
CHR Extension: (MSN Homepage) - C:\Users\MSrao\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkkcgfbgohboipdhliafmacjnhjbhmim [2018-03-10] => Error: No automatic fix found for this entry.
"HKLM\SOFTWARE\Google\Chrome\Extensions\jeaohhlajejodfjadcponpnjgkiikocn" => removed successfully
"HKLM\SOFTWARE\Google\Chrome\Extensions\ngpampappnmepgilojfohadhhmbhlaek" => removed successfully
"HKU\S-1-5-21-2396764291-716589420-1622641493-1001\SOFTWARE\Google\Chrome\Extensions\fkkcgfbgohboipdhliafmacjnhjbhmim" => removed successfully
"HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui" => removed successfully
HKLM\Software\Classes\CLSID\{3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6F741E8A-00D7-4315-BE71-F47FCF8EF74D}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6F741E8A-00D7-4315-BE71-F47FCF8EF74D}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Optimize Start Menu Cache Files-S-1-5-21-2396764291-716589420-1622641493-1001" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8CADBC3F-6C74-44AF-B4D1-6A8AA9FF8F8F}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8CADBC3F-6C74-44AF-B4D1-6A8AA9FF8F8F}" => removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UNP\RunCampaignManager => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{914D4594-EB06-44C8-A77E-B49628FE6FAA}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{914D4594-EB06-44C8-A77E-B49628FE6FAA}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-2396764291-716589420-1622641493-1001" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AE6D66B8-D996-4F00-BFE7-925DEBD11E70}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AE6D66B8-D996-4F00-BFE7-925DEBD11E70}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WPD\SqmUpload_S-1-5-21-2396764291-716589420-1622641493-1001" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C2378BBD-F1FC-4F08-A03C-3D7D8DE60FBF}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C2378BBD-F1FC-4F08-A03C-3D7D8DE60FBF}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RealDownloader Update Check" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{D42B209D-7F22-43ED-B545-FBE6B963F786}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D42B209D-7F22-43ED-B545-FBE6B963F786}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RealDownloaderRealUpgradeLogonTaskS-1-5-21-2396764291-716589420-1622641493-1001" => removed successfully
"HKU\S-1-5-21-2396764291-716589420-1622641493-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com" => removed successfully
 
========= ipconfig /flushdns =========
 
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========= End of CMD: =========
 
 
========= IPCONFIG /release =========
 
 
Windows IP Configuration
 
No operation can be performed on Ethernet while it has its media disconnected.
No operation can be performed on Local Area Connection* 5 while it has its media disconnected.
No operation can be performed on Local Area Connection* 6 while it has its media disconnected.
No operation can be performed on Ethernet 3 while it has its media disconnected.
 
Ethernet adapter Ethernet:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
 
Wireless LAN adapter Local Area Connection* 5:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
 
Wireless LAN adapter Local Area Connection* 6:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
 
Ethernet adapter Ethernet 3:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
 
Wireless LAN adapter Wi-Fi:
 
   Connection-specific DNS Suffix  . : 
   IPv6 Address. . . . . . . . . . . : fdc8:94bb:956c:ef00:a42a:968f:53f5:e45e
   Temporary IPv6 Address. . . . . . : fdc8:94bb:956c:ef00:c4e5:33f9:d5ee:611c
   Link-local IPv6 Address . . . . . : fe80::a42a:968f:53f5:e45e%6
   Default Gateway . . . . . . . . . : 
 
========= End of CMD: =========
 
 
========= IPCONFIG /renew =========
 
 
Windows IP Configuration
 
No operation can be performed on Ethernet while it has its media disconnected.
No operation can be performed on Local Area Connection* 5 while it has its media disconnected.
No operation can be performed on Local Area Connection* 6 while it has its media disconnected.
No operation can be performed on Ethernet 3 while it has its media disconnected.
 
Ethernet adapter Ethernet:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
 
Wireless LAN adapter Local Area Connection* 5:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
 
Wireless LAN adapter Local Area Connection* 6:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
 
Ethernet adapter Ethernet 3:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
 
Wireless LAN adapter Wi-Fi:
 
   Connection-specific DNS Suffix  . : home
   IPv6 Address. . . . . . . . . . . : fdc8:94bb:956c:ef00:a42a:968f:53f5:e45e
   Temporary IPv6 Address. . . . . . : fdc8:94bb:956c:ef00:c4e5:33f9:d5ee:611c
   Link-local IPv6 Address . . . . . : fe80::a42a:968f:53f5:e45e%6
   IPv4 Address. . . . . . . . . . . : 192.168.1.10
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 192.168.1.1
 
========= End of CMD: =========
 
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 7888896 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 55655745 B
Java, Flash, Steam htmlcache => 506 B
Windows/system/drivers => 514075 B
Edge => 50140 B
Chrome => 828888953 B
Firefox => 5919007 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Default => 6656 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 8522 B
LocalService => 0 B
NetworkService => 5364912 B
NetworkService => 0 B
MSrao => 49636943 B
DefaultAppPool => 6656 B
 
RecycleBin => 0 B
EmptyTemp: => 909.7 MB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 14:15:55 ====
 
the system response is good

#6 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,259 posts

Posted 18 January 2019 - 07:02 AM

Let me know in a day or two if all is well.
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760
Back to Malware Removal


  1. SpywareInfo Forum
  2. Spyware, thiefware, browser hijackers, and other advertising parasites
  3. Malware Removal
  4. Privacy Policy
Member of UNITE
Support SpywareInfo Forum - click the button