Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:05-11-2015
- Ran by nuworld (administrator) on NUWORLD-PC (07-11-2015 19:34:10)
- Running from C:\Users\nuworld\Desktop
- Loaded Profiles: nuworld (Available Profiles: nuworld & Administrator & DefaultAppPool)
- Platform: Windows 10 Pro (X64) Language: English (United States)
- Internet Explorer Version 11 (Default browser: "C:\Program Files (x86)\SeaMonkey\seamonkey.exe" -requestPending -osint -url "%1")
- Boot Mode: Normal
- Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
- ==================== Processes (Whitelisted) =================
- (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
- (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
- (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
- (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
- (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
- (Logitech, Inc.) C:\Program Files\Logitech\SolarApp\L4301_Solar.exe
- (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
- (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
- (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\avp.exe
- (Acronis) C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
- (DTS, Inc) C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe
- (Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
- (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
- (ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe
- (ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsusFanControlService\1.01.04\AsusFanControlService.exe
- (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
- (Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS64.exe
- (Microsoft Corporation) C:\Windows\System32\mqsvc.exe
- () C:\Program Files (x86)\ASUS\AXSP\1.00.18\atkexComSvc.exe
- (ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe
- (Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
- (Raxco Software, Inc.) C:\Program Files\Common Files\Raxco\Shared\PDEngine.exe
- (Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe
- (Secunia) C:\Program Files (x86)\Secunia\PSI\psia.exe
- (Cyber Power Systems, Inc.) C:\Program Files (x86)\CyberPower PowerPanel Personal Edition\ppped.exe
- (Paramount Software UK Ltd) C:\Program Files\Macrium\Reflect\ReflectService.exe
- (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
- (Raxco Software, Inc.) C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
- (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.15\GoogleCrashHandler.exe
- (Raxco Software, Inc.) C:\Program Files\Raxco\PerfectDisk\PDAgentS1.exe
- (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
- (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
- (Microsoft Corporation) C:\Windows\System32\dllhost.exe
- (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.15\GoogleCrashHandler64.exe
- (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
- (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
- (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
- (Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
- (Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe
- (Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
- () C:\ProgramData\PPEZR\EZGoRun.exe
- (VueSoft) C:\Program Files (x86)\VueSoft\VueMinder\VueMinder.exe
- (Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe
- (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\avpui.exe
- (Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
- (Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe
- (Acronis) C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
- (Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\BrYNSvc.exe
- (Acronis International GmbH) C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe
- (Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe
- (mozilla.org) C:\Program Files (x86)\SeaMonkey\seamonkey.exe
- (Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.10240.16565_none_1162030161f5c19b\TiWorker.exe
- (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
- (Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
- (Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
- (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
- (Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
- (Acronis) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
- (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
- ==================== Registry (Whitelisted) ===========================
- (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
- HKLM\...\Run: [VX6000] => C:\WINDOWS\vVX6000.exe [764784 2010-05-20] (Microsoft Corporation
- )
- HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8492800 2015-06-24] (Realtek Semiconductor)
- HKLM\...\Run: [RtHDVBg_DTS] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1402624 2015-06-24] (Realtek Semiconductor)
- HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
- HKLM\...\Run: [Persistence] => C:\Windows\system32\igfxpers.exe
- HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [1794704 2015-02-20] (NVIDIA Corporation)
- HKLM\...\Run: [IgfxTray] => C:\Windows\system32\igfxtray.exe
- HKLM\...\Run: [HotKeysCmds] => C:\Windows\system32\hkcmd.exe
- HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3100440 2014-05-19] (Logitech, Inc.)
- HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [557768 2014-10-14] (Adobe Systems Incorporated)
- HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-08-13] (Apple Inc.)
- HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [570152 2014-08-14] (Acronis)
- HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-03-26] (Intel Corporation)
- HKLM-x32\...\Run: [PowerPDFInboxMonitor] => C:\Program Files (x86)\Nuance\Power PDF\InboxMonitor.exe [110920 2014-03-14] (Nuance Communications, Inc.)
- HKLM-x32\...\Run: [PowerPDF Registry Controller] => C:\Program Files (x86)\Nuance\Power PDF\RegistryController.exe [193560 2014-07-07] (Nuance Communications, Inc.)
- HKLM-x32\...\Run: [PowerPanel Personal Edition User Interaction] => C:\Program Files (x86)\CyberPower PowerPanel Personal Edition\pppeuser.exe [350144 2012-03-27] (Cyber Power Systems, Inc.)
- HKLM-x32\...\Run: [PaperPort PTD] => C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe [30568 2011-08-02] (Nuance Communications, Inc.)
- HKLM-x32\...\Run: [NuanPowerPdf1NPDFLM] => C:\Program Files (x86)\Nuance\Power PDF\NPDFLM.exe [2971672 2014-07-07] (Nuance Communications, Inc.)
- HKLM-x32\...\Run: [Nuance Power PDF Advanced-reminder] => C:\Program Files (x86)\Nuance\Power PDF\Ereg\Ereg.exe [330056 2014-02-25] (Nuance Communications, Inc.)
- HKLM-x32\...\Run: [LifeCam] => C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe [119152 2010-05-20] (Microsoft Corporation)
- HKLM-x32\...\Run: [IndexSearch] => C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe [46952 2011-08-02] (Nuance Communications, Inc.)
- HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2012-02-01] (Intel Corporation)
- HKLM-x32\...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [139776 2014-06-16] (Brother Industries, Ltd.)
- HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [3076096 2012-04-12] (Brother Industries, Ltd.)
- HKLM-x32\...\Run: [TrueImageMonitor.exe] => C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [5343664 2015-07-20] (Acronis)
- HKLM-x32\...\Run: [AcronisTibMounterMonitor] => C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe [691056 2015-07-19] (Acronis International GmbH)
- Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
- HKU\S-1-5-21-323302487-4014843972-3913409306-1000\...\Run: [Sidebar] => C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
- HKU\S-1-5-21-323302487-4014843972-3913409306-1000\...\Run: [EZGoRun] => C:\ProgramData\PPEZR\EZGoRun.exe [55824 2010-05-07] ()
- HKU\S-1-5-21-323302487-4014843972-3913409306-1000\...\Run: [Octoshape Streaming Services] => C:\Users\nuworld\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe [500016 2014-08-01] (Octoshape ApS)
- HKU\S-1-5-21-323302487-4014843972-3913409306-1000\...\Run: [VueMinder] => C:\Program Files (x86)\VueSoft\VueMinder\VueMinder.exe [8045056 2015-10-21] (VueSoft)
- HKU\S-1-5-21-323302487-4014843972-3913409306-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8551848 2015-10-19] (Piriform Ltd)
- HKU\S-1-5-21-323302487-4014843972-3913409306-1000\...\RunOnce: [Uninstall C:\Users\nuworld\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\nuworld\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64"
- HKU\S-1-5-21-323302487-4014843972-3913409306-1000\...\RunOnce: [Uninstall C:\Users\nuworld\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\nuworld\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64"
- HKU\S-1-5-21-323302487-4014843972-3913409306-1000\...\RunOnce: [Uninstall C:\Users\nuworld\AppData\Local\Microsoft\OneDrive\17.3.5951.0827_1\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\nuworld\AppData\Local\Microsoft\OneDrive\17.3.5951.0827_1\amd64"
- ShellIconOverlayIdentifiers: [AcronisSyncError] -> {934BC6C0-FEC2-4df5-A100-961DE2C8A0ED} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2014-09-09] (Acronis)
- ShellIconOverlayIdentifiers: [AcronisSyncInProgress] -> {00F848DC-B1D4-4892-9C25-CAADC86A215D} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2014-09-09] (Acronis)
- ShellIconOverlayIdentifiers: [AcronisSyncOk] -> {71573297-552E-46fc-BE3D-3DFAF88D47B7} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2014-09-09] (Acronis)
- Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk [2014-03-01]
- ShortcutTarget: Microsoft Office.lnk -> C:\Program Files (x86)\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
- Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk [2014-11-23]
- ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia)
- BootExecute: PDBoot.exeautocheck autochk *
- ==================== Internet (Whitelisted) ====================
- (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
- Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
- Tcpip\..\Interfaces\{6356D16E-55D6-485D-896B-864EE28FC2F1}: [DhcpNameServer] 8.8.8.8
- Tcpip\..\Interfaces\{685a323b-41e5-4762-9b2e-8f09517d868f}: [DhcpNameServer] 192.168.1.1
- Internet Explorer:
- ==================
- HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
- HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
- HKU\S-1-5-21-323302487-4014843972-3913409306-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
- BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll [2014-05-19] (Logitech, Inc.)
- BHO: Kaspersky Protection plugin -> {C66D064F-82FE-4E1A-B06A-B2490BA48B18} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\x64\IEExt\ie_plugin.dll [2015-10-20] (AO Kaspersky Lab)
- BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\ssv.dll [2015-07-17] (Oracle Corporation)
- BHO-x32: Nuance PDF Toolbar Helper -> {940361F8-7F16-4498-AB43-2EFFE0235AFA} -> C:\Program Files (x86)\Nuance\Power PDF\Bin\SZeonIEFavClient.dll [2014-02-27] (Zeon Corporation)
- BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll [2014-05-19] (Logitech, Inc.)
- BHO-x32: Kaspersky Protection plugin -> {C66D064F-82FE-4E1A-B06A-B2490BA48B18} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\IEExt\ie_plugin.dll [2015-10-20] (AO Kaspersky Lab)
- BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\jp2ssv.dll [2015-07-17] (Oracle Corporation)
- Toolbar: HKLM - Kaspersky Protection toolbar - {3507FA00-ADA2-4A02-99B9-51AD26CA9120} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\x64\IEExt\ie_plugin.dll [2015-10-20] (AO Kaspersky Lab)
- Toolbar: HKLM-x32 - Nuance PDF - {BED78D9C-A025-4FE9-B3BA-27E6D376A3D5} - C:\Program Files (x86)\Nuance\Power PDF\Bin\SZeonIEFavClient.dll [2014-02-27] (Zeon Corporation)
- Toolbar: HKLM-x32 - Kaspersky Protection toolbar - {3507FA00-ADA2-4A02-99B9-51AD26CA9120} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\IEExt\ie_plugin.dll [2015-10-20] (AO Kaspersky Lab)
- DPF: HKLM-x32 {0D41B8C5-2599-4893-8183-00195EC8D5F9} hxxp://support.asus.com/select/asusTek_sys_ctrl3.cab
- DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
- Handler-x32: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\BelarcAdvisor\System\BAVoilaX.dll [2013-04-16] (Belarc, Inc.)
- FireFox:
- ========
- FF ProfilePath: C:\Users\nuworld\AppData\Roaming\Mozilla\Firefox\Profiles\yujzwgc6.default
- FF DefaultSearchEngine: Search Here
- FF SelectedSearchEngine: Search Here
- FF Homepage: hxxp://cn.yahoo.com
- FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_19_0_0_226.dll [2015-10-16] ()
- FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
- FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_226.dll [2015-10-16] ()
- FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-07-30] ()
- FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-20] (Google)
- FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-01-06] (Intel Corporation)
- FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-01-06] (Intel Corporation)
- FF Plugin-x32: @java.com/DTPlugin,version=11.51.2 -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\dtplugin\npDeployJava1.dll [2015-07-17] (Oracle Corporation)
- FF Plugin-x32: @java.com/JavaPlugin,version=11.51.2 -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\plugin2\npjp2.dll [2015-07-17] (Oracle Corporation)
- FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
- FF Plugin-x32: @Nero.com/KM -> C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL [2012-10-24] (Nero AG)
- FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-08-06] (NVIDIA Corporation)
- FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-08-06] (NVIDIA Corporation)
- FF Plugin-x32: @qq.com/npchrome -> C:\Program Files (x86)\Common Files\Tencent\Npchrome\npchrome.dll [No File]
- FF Plugin-x32: @qq.com/npqscall -> C:\Program Files (x86)\Common Files\Tencent\NPQSCALL\npqscall.dll [No File]
- FF Plugin-x32: @qq.com/QQPhotoDrawEx -> C:\Program Files (x86)\Tencent\Qzone\npQQPhotoDrawEx.dll [No File]
- FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-20] (Google Inc.)
- FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-20] (Google Inc.)
- FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-09-26] (Adobe Systems Inc.)
- FF Plugin-x32: ZEON/PDF,version=2.0 -> C:\Program Files (x86)\Nuance\Power PDF\bin\nppdf.dll [2014-03-07] (Zeon Corporation)
- FF Plugin HKU\S-1-5-21-323302487-4014843972-3913409306-1000: @octoshape.com/Octoshape Streaming Services,version=1.0 -> C:\Users\nuworld\AppData\Roaming\Octoshape\Octoshape Streaming Services\sua-1411300-0-npoctoshape.dll [2014-11-30] (Octoshape ApS)
- FF Plugin ProgramFiles/Appdata: C:\Users\nuworld\AppData\Roaming\mozilla\plugins\npoctoshape.dll [2015-10-11] (Octoshape ApS)
- FF Extension: VideoFileDownload - Download YouTube Videos - C:\Users\nuworld\AppData\Roaming\Mozilla\Firefox\Profiles\yujzwgc6.default\Extensions\plugin@vfd.com [2012-08-28] [not signed]
- FF Extension: Microsoft .NET Framework Assistant - C:\Users\nuworld\AppData\Roaming\Mozilla\Firefox\Profiles\yujzwgc6.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2012-08-28] [not signed]
- FF Extension: ShopToWin12 - C:\Users\nuworld\AppData\Roaming\Mozilla\Firefox\Profiles\yujzwgc6.default\Extensions\{70263cf9-d46a-4be4-adc6-29500ba884e1} [2012-11-20] [not signed]
- FF Extension: Blekko search bar - C:\Users\nuworld\AppData\Roaming\Mozilla\Firefox\Profiles\yujzwgc6.default\Extensions\{7d9e1adc-7db1-4eaf-b6c7-7e062074e6be} [2012-08-28] [not signed]
- FF Extension: fcreward.100770.b - C:\Users\nuworld\AppData\Roaming\Mozilla\Firefox\Profiles\yujzwgc6.default\Extensions\{003e1c8f-ebd6-f074-7551-4b31c0f547ec}.xpi [2013-03-05] [not signed]
- FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
- FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2014-08-13] [not signed]
- FF HKLM-x32\...\Firefox\Extensions: [light_plugin_D772DC8D6FAF43A29B25C4EBAA5AD1DE@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\FFExt\light_plugin_firefox
- FF Extension: Kaspersky Protection - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\FFExt\light_plugin_firefox [2015-10-20] [not signed]
- FF Extension: Nuance PDF Convert - C:\Program Files (x86)\Nuance\Power PDF\FireFox [2015-08-06] [not signed]
- FF Extension: No Name - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\anti_banner@kaspersky.com [not found]
- FF Extension: No Name - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\FFExt\content_blocker@kaspersky.com [not found]
- FF Extension: No Name - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\FFExt\online_banking@kaspersky.com [not found]
- FF Extension: No Name - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\FFExt\virtual_keyboard@kaspersky.com [not found]
- Chrome:
- =======
- CHR Profile: C:\Users\nuworld\AppData\Local\Google\Chrome\User Data\Default
- CHR Extension: (Google Slides) - C:\Users\nuworld\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-12-17]
- CHR Extension: (Google Docs) - C:\Users\nuworld\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-12-17]
- CHR Extension: (Google Drive) - C:\Users\nuworld\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-12-17]
- CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\nuworld\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-12-17]
- CHR Extension: (YouTube) - C:\Users\nuworld\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-12-17]
- CHR Extension: (Google Search) - C:\Users\nuworld\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-12-17]
- CHR Extension: (Kaspersky URL Advisor) - C:\Users\nuworld\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj [2014-12-17]
- CHR Extension: (Google Sheets) - C:\Users\nuworld\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-12-17]
- CHR Extension: (Safe Money) - C:\Users\nuworld\AppData\Local\Google\Chrome\User Data\Default\Extensions\hakdifolhalapjijoafobooafbilfakh [2014-12-17]
- CHR Extension: (Content Blocker) - C:\Users\nuworld\AppData\Local\Google\Chrome\User Data\Default\Extensions\hghkgaeecgjhjkannahfamoehjmkjail [2014-12-17]
- CHR Extension: (Virtual Keyboard) - C:\Users\nuworld\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh [2014-12-17]
- CHR Extension: (Kaspersky Protection) - C:\Users\nuworld\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpoimibckejjdjcfbdnajaicnklhfplh [2014-12-17]
- CHR Extension: (Unblock Youku) - C:\Users\nuworld\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdnfnkhpgegpcingjbfihlkjeighnddk [2014-12-17]
- CHR Extension: (Gmail) - C:\Users\nuworld\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-12-17]
- CHR Extension: (Anti-Banner) - C:\Users\nuworld\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman [2014-12-17]
- CHR HKLM\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - hxxps://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho
- CHR HKLM\...\Chrome\Extension: [eahebamiopdhefndnmappcihfajigkka] - hxxps://chrome.google.com/webstore/detail/eahebamiopdhefndnmappcihfajigkka
- CHR HKLM-x32\...\Chrome\Extension: [eahebamiopdhefndnmappcihfajigkka] - hxxps://chrome.google.com/webstore/detail/eahebamiopdhefndnmappcihfajigkka
- ==================== Services (Whitelisted) ========================
- (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
- R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-05-29] (Apple Inc.)
- R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.00.18\atkexComSvc.exe [918448 2011-10-28] () [File not signed]
- R2 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe [951936 2012-02-02] (ASUSTeK Computer Inc.)
- R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe [149120 2012-02-17] (ASUSTeK Computer Inc.)
- R2 AsusFanControlService; C:\Program Files (x86)\ASUS\AsusFanControlService\1.01.04\AsusFanControlService.exe [1473664 2012-04-09] (ASUSTeK Computer Inc.)
- R2 AVP16.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\avp.exe [194000 2015-08-16] (Kaspersky Lab ZAO)
- R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [266240 2012-06-05] (Brother Industries, Ltd.) [File not signed]
- R2 DTSAudioSvc; C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe [249328 2015-06-24] (DTS, Inc)
- S3 ICCS; C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [160768 2011-05-27] (Intel Corporation) [File not signed]
- R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560 2012-02-07] (Intel Corporation)
- R2 L4301_Solar; C:\Program Files\Logitech\SolarApp\L4301_Solar.exe [405744 2013-01-30] (Logitech, Inc.)
- S4 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-06-18] (Malwarebytes Corporation)
- S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
- R2 MSMQ; C:\Windows\system32\mqsvc.exe [26112 2015-08-22] (Microsoft Corporation)
- R2 PDFProFiltSrvPP; C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [145256 2011-08-02] (Nuance Communications, Inc.)
- R2 ppped; C:\Program Files (x86)\CyberPower PowerPanel Personal Edition\ppped.exe [1013696 2012-03-27] (Cyber Power Systems, Inc.)
- R2 ReflectService.exe; C:\Program Files\Macrium\Reflect\ReflectService.exe [3272656 2014-07-21] (Paramount Software UK Ltd)
- R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1229528 2013-12-06] (Secunia)
- R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [662232 2013-12-06] (Secunia)
- S3 vssbrigde64; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\x64\vssbridge64.exe [144640 2015-07-08] (AO Kaspersky Lab)
- S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [84480 2015-08-22] (Microsoft Corporation)
- R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [578560 2015-08-22] (Microsoft Corporation)
- S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [362928 2015-07-10] (Microsoft Corporation)
- S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-07-10] (Microsoft Corporation)
- ===================== Drivers (Whitelisted) ==========================
- (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
- R0 asahci64; C:\Windows\System32\drivers\asahci64.sys [49760 2012-01-06] (Asmedia Technology)
- R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2010-08-24] ()
- R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2010-08-03] ()
- S3 asusgsb; C:\Windows\System32\drivers\asusgsb.sys [17792 2009-02-17] (ASUSTeK Computer Inc.) [File not signed]
- R0 cm_km; C:\Windows\System32\DRIVERS\cm_km.sys [389816 2015-07-05] (Kaspersky Lab ZAO)
- R0 CSCrySec; C:\Windows\System32\DRIVERS\CSCrySec.sys [84536 2011-06-02] (Infowatch)
- R1 CSVirtualDiskDrv; C:\Windows\System32\DRIVERS\CSVirtualDiskDrv.sys [66616 2011-06-02] (Infowatch)
- R0 file_tracker; C:\Windows\System32\DRIVERS\file_tracker.sys [296736 2015-09-22] (Acronis International GmbH)
- R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [478392 2015-06-22] (Kaspersky Lab ZAO)
- R0 klbackupdisk; C:\Windows\System32\DRIVERS\klbackupdisk.sys [53432 2015-06-06] (Kaspersky Lab ZAO)
- R1 klbackupflt; C:\Windows\System32\DRIVERS\klbackupflt.sys [70512 2015-06-27] (Kaspersky Lab ZAO)
- R2 kldisk; C:\Windows\system32\DRIVERS\kldisk.sys [68280 2015-06-06] (Kaspersky Lab ZAO)
- S0 klelam; C:\Windows\System32\DRIVERS\klelam.sys [30328 2015-06-24] (Kaspersky Lab)
- R3 klflt; C:\Windows\system32\DRIVERS\klflt.sys [181640 2015-10-20] (AO Kaspersky Lab)
- R1 klhk; C:\Windows\system32\DRIVERS\klhk.sys [227512 2015-10-20] (AO Kaspersky Lab)
- R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [925064 2015-10-20] (AO Kaspersky Lab)
- R1 KLIM6; C:\Windows\system32\DRIVERS\klim6.sys [39608 2015-06-11] (Kaspersky Lab ZAO)
- R3 klkbdflt; C:\Windows\system32\DRIVERS\klkbdflt.sys [41656 2015-06-06] (Kaspersky Lab ZAO)
- R3 klmouflt; C:\Windows\system32\DRIVERS\klmouflt.sys [41656 2015-06-07] (Kaspersky Lab ZAO)
- R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [41352 2015-09-26] (AO Kaspersky Lab)
- R1 klwfp; C:\Windows\system32\DRIVERS\klwfp.sys [87944 2015-10-20] (Kaspersky Lab ZAO)
- R1 Klwtp; C:\Windows\system32\DRIVERS\klwtp.sys [102584 2015-06-16] (Kaspersky Lab ZAO)
- R1 kneps; C:\Windows\system32\DRIVERS\kneps.sys [187056 2015-06-23] (Kaspersky Lab ZAO)
- R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
- S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [113880 2015-11-07] (Malwarebytes Corporation)
- S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-06-18] (Malwarebytes Corporation)
- R3 MQAC; C:\Windows\System32\drivers\mqac.sys [175104 2015-08-22] (Microsoft Corporation)
- S3 PcaSp60; C:\Windows\SysWOW64\DRIVERS\PcaSp60.sys [38912 2010-09-07] (Printing Communications Assoc., Inc. (PCAUSA))
- R3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2013-12-06] (Secunia)
- S3 pwdrvio; C:\Windows\system32\pwdrvio.sys [19152 2013-09-30] ()
- S3 pwdspio; C:\Windows\system32\pwdspio.sys [12504 2013-09-30] ()
- R2 tib; C:\Windows\system32\DRIVERS\tib.sys [1058632 2015-09-24] (Acronis International GmbH)
- R2 tib_mounter; C:\Windows\system32\DRIVERS\tib_mounter.sys [248648 2015-09-24] (Acronis International GmbH)
- S3 UdeCx; C:\Windows\System32\drivers\udecx.sys [44032 2015-07-10] ()
- R3 VX6000; C:\Windows\system32\DRIVERS\VX6000Xp.sys [2143600 2010-05-20] (Microsoft Corporation
- )
- S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-07-10] (Microsoft Corporation)
- S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [291680 2015-07-10] (Microsoft Corporation)
- S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [119648 2015-07-10] (Microsoft Corporation)
- U4 idsvc; no ImagePath
- S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]
- U3 wpcsvc; no ImagePath
- ==================== NetSvcs (Whitelisted) ===================
- (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
- ==================== One Month Created files and folders ========
- (If an entry is included in the fixlist, the file/folder will be moved.)
- 2015-11-07 19:34 - 2015-11-07 19:34 - 00030526 _____ C:\Users\nuworld\Desktop\FRST.txt
- 2015-11-07 19:33 - 2015-11-07 19:33 - 00000894 _____ C:\Users\nuworld\Desktop\AdwCleaner[C1].txt
- 2015-11-07 19:30 - 2015-11-07 19:30 - 00016148 _____ C:\WINDOWS\system32\NUWORLD-PC_nuworld_HistoryPrediction.bin
- 2015-11-07 19:24 - 2015-11-07 19:26 - 00000000 ____D C:\AdwCleaner
- 2015-11-07 19:21 - 2015-11-07 19:21 - 00002086 _____ C:\Users\nuworld\Desktop\JRT.txt
- 2015-11-07 18:47 - 2015-11-07 18:47 - 01713664 _____ C:\Users\nuworld\Desktop\AdwCleaner.exe
- 2015-11-07 18:46 - 2015-11-07 18:46 - 01801288 _____ (Malwarebytes) C:\Users\nuworld\Desktop\JRT.exe
- 2015-11-06 20:24 - 2015-11-06 20:23 - 02198528 _____ (Farbar) C:\Users\nuworld\Desktop\FRST64.exe
- 2015-11-06 19:13 - 2015-11-06 19:13 - 00104448 ___SH C:\Users\nuworld\Downloads\Thumbs.db
- 2015-11-06 18:04 - 2015-11-07 18:38 - 00043008 ___SH C:\Users\nuworld\Desktop\Thumbs.db
- 2015-11-06 17:55 - 2015-11-07 18:37 - 00001112 _____ C:\WINDOWS\PFRO.log
- 2015-11-05 21:53 - 2015-11-07 19:30 - 00000275 _____ C:\WINDOWS\WindowsUpdate.log
- 2015-11-05 19:52 - 2015-10-27 18:38 - 21871616 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
- 2015-11-05 19:52 - 2015-10-21 07:00 - 24595968 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
- 2015-11-05 19:51 - 2015-10-27 18:16 - 18801664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
- 2015-11-05 19:51 - 2015-10-21 07:45 - 00541024 _____ (Microsoft Corporation) C:\WINDOWS\system32\mcupdate_GenuineIntel.dll
- 2015-11-05 19:51 - 2015-10-21 07:44 - 00459104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netio.sys
- 2015-11-05 19:51 - 2015-10-21 07:43 - 01392480 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
- 2015-11-05 19:51 - 2015-10-21 07:39 - 03621248 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
- 2015-11-05 19:51 - 2015-10-21 07:00 - 03248128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
- 2015-11-05 19:51 - 2015-10-21 06:57 - 02418688 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
- 2015-11-05 19:51 - 2015-10-21 06:52 - 02987520 _____ (Microsoft Corporation) C:\WINDOWS\system32\esent.dll
- 2015-11-05 19:51 - 2015-10-21 06:50 - 00333312 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
- 2015-11-05 19:51 - 2015-10-21 06:48 - 01068032 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
- 2015-11-05 19:51 - 2015-10-21 06:46 - 02179584 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
- 2015-11-05 19:51 - 2015-10-21 06:46 - 01602560 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
- 2015-11-05 19:51 - 2015-10-21 06:44 - 00713216 _____ (Microsoft Corporation) C:\WINDOWS\system32\usermgr.dll
- 2015-11-05 19:51 - 2015-10-21 06:44 - 00579072 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
- 2015-11-05 19:51 - 2015-10-21 06:43 - 02675200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepository.dll
- 2015-11-05 19:51 - 2015-10-21 06:42 - 00627712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll
- 2015-11-05 19:51 - 2015-10-21 06:41 - 01795072 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
- 2015-11-05 19:51 - 2015-10-21 06:40 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\dssvc.dll
- 2015-11-05 19:51 - 2015-10-21 06:38 - 00502272 _____ (Microsoft Corporation) C:\WINDOWS\system32\dlnashext.dll
- 2015-11-05 19:51 - 2015-10-21 00:53 - 00961376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
- 2015-11-05 19:51 - 2015-10-21 00:49 - 02878512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
- 2015-11-05 19:51 - 2015-10-21 00:13 - 19326464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
- 2015-11-05 19:51 - 2015-10-21 00:11 - 02647040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
- 2015-11-05 19:51 - 2015-10-21 00:08 - 01918976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
- 2015-11-05 19:51 - 2015-10-21 00:05 - 02639872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\esent.dll
- 2015-11-05 19:51 - 2015-10-21 00:03 - 01380864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
- 2015-11-05 19:51 - 2015-10-20 23:58 - 02049536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepository.dll
- 2015-11-05 19:51 - 2015-10-20 23:58 - 00464896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll
- 2015-11-05 19:50 - 2015-10-21 06:59 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
- 2015-11-05 19:50 - 2015-10-21 06:47 - 00453120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Usb.dll
- 2015-11-05 19:50 - 2015-10-21 00:03 - 00311296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Usb.dll
- 2015-11-05 19:50 - 2015-10-20 23:55 - 00441344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dlnashext.dll
- 2015-11-05 18:06 - 2015-11-05 18:06 - 00002864 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
- 2015-11-05 18:05 - 2015-11-05 18:05 - 00000863 _____ C:\Users\Public\Desktop\CCleaner.lnk
- 2015-11-05 18:05 - 2015-11-05 18:05 - 00000000 ____D C:\Program Files\CCleaner
- 2015-11-05 18:03 - 2015-11-05 18:02 - 06762072 _____ (Piriform Ltd) C:\Users\nuworld\Downloads\ccsetup511.exe
- 2015-11-05 17:17 - 2015-11-07 19:31 - 00001224 _____ C:\Users\nuworld\Desktop\Penpower EZ Go Jr.LNK
- 2015-10-31 20:08 - 2015-10-31 20:08 - 00000000 ____D C:\Users\nuworld\AppData\Local\Comms
- 2015-10-27 21:50 - 2015-10-27 21:50 - 00000154 _____ C:\Users\nuworld\Desktop\licences.lic
- 2015-10-25 18:03 - 2015-10-25 18:03 - 00337058 _____ C:\Users\nuworld\Desktop\iTunes Library.itl
- 2015-10-22 16:40 - 2015-10-22 16:41 - 06539752 _____ (Tim Kosse) C:\Users\nuworld\Downloads\FileZilla_3.14.1_win64-setup.exe
- 2015-10-22 16:30 - 2015-10-22 16:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VueMinder Lite
- 2015-10-22 16:30 - 2015-10-22 16:30 - 00000000 ____D C:\Program Files (x86)\VueSoft
- 2015-10-19 17:41 - 2015-10-19 17:41 - 00001122 _____ C:\Users\Public\Desktop\Jeta Logo Designer.lnk
- 2015-10-19 17:41 - 2015-10-19 17:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Jeta Logo Designer
- 2015-10-19 17:41 - 2015-10-19 17:41 - 00000000 ____D C:\Program Files (x86)\Jeta Logo Designer
- 2015-10-19 17:37 - 2015-10-19 17:37 - 08285962 _____ C:\Users\nuworld\Downloads\jeta130free.zip
- 2015-10-13 18:11 - 2015-10-24 21:59 - 00000000 ____D C:\Users\nuworld\Desktop\WHF Theme
- 2015-10-13 16:17 - 2015-10-10 02:12 - 00078528 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
- 2015-10-13 16:17 - 2015-10-05 22:03 - 16708608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
- 2015-10-13 16:17 - 2015-10-05 21:46 - 13027840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
- 2015-10-13 16:17 - 2015-09-30 23:01 - 01294352 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
- 2015-10-13 16:17 - 2015-09-30 23:01 - 01123400 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
- 2015-10-13 16:17 - 2015-09-30 23:01 - 01018568 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
- 2015-10-13 16:17 - 2015-09-30 23:01 - 00858408 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
- 2015-10-13 16:17 - 2015-09-30 23:00 - 08020320 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
- 2015-10-13 16:17 - 2015-09-30 22:03 - 00757760 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
- 2015-10-13 16:17 - 2015-09-24 23:01 - 02573768 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
- 2015-10-13 16:17 - 2015-09-24 23:01 - 00498016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbhub.sys
- 2015-10-13 16:17 - 2015-09-24 22:56 - 22322624 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
- 2015-10-13 16:17 - 2015-09-24 22:52 - 00980832 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
- 2015-10-13 16:17 - 2015-09-24 22:33 - 01997336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
- 2015-10-13 16:17 - 2015-09-24 22:26 - 20858360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
- 2015-10-13 16:17 - 2015-09-24 22:11 - 00257024 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataAccountApis.dll
- 2015-10-13 16:17 - 2015-09-24 22:11 - 00223232 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneCallHistoryApis.dll
- 2015-10-13 16:17 - 2015-09-24 22:09 - 12504064 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
- 2015-10-13 16:17 - 2015-09-24 22:07 - 01276416 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll
- 2015-10-13 16:17 - 2015-09-24 22:04 - 00826880 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
- 2015-10-13 16:17 - 2015-09-24 22:04 - 00771072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
- 2015-10-13 16:17 - 2015-09-24 22:03 - 00796160 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
- 2015-10-13 16:17 - 2015-09-24 22:03 - 00576000 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
- 2015-10-13 16:17 - 2015-09-24 22:02 - 07523840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
- 2015-10-13 16:17 - 2015-09-24 22:02 - 00949248 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
- 2015-10-13 16:17 - 2015-09-24 22:02 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
- 2015-10-13 16:17 - 2015-09-24 22:01 - 04792320 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
- 2015-10-13 16:17 - 2015-09-24 22:01 - 03586560 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
- 2015-10-13 16:17 - 2015-09-24 22:00 - 01423872 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataService.dll
- 2015-10-13 16:17 - 2015-09-24 22:00 - 01382400 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
- 2015-10-13 16:17 - 2015-09-24 22:00 - 00856576 _____ (Microsoft Corporation) C:\WINDOWS\system32\ContactApis.dll
- 2015-10-13 16:17 - 2015-09-24 22:00 - 00752640 _____ (Microsoft Corporation) C:\WINDOWS\system32\ChatApis.dll
- 2015-10-13 16:17 - 2015-09-24 21:59 - 01205248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Unistore.dll
- 2015-10-13 16:17 - 2015-09-24 21:59 - 00720896 _____ (Microsoft Corporation) C:\WINDOWS\system32\EmailApis.dll
- 2015-10-13 16:17 - 2015-09-24 21:59 - 00685568 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppointmentApis.dll
- 2015-10-13 16:17 - 2015-09-24 21:59 - 00590336 _____ (Microsoft Corporation) C:\WINDOWS\system32\MessagingDataModel2.dll
- 2015-10-13 16:17 - 2015-09-24 21:59 - 00288256 _____ (Microsoft Corporation) C:\WINDOWS\system32\PimIndexMaintenance.dll
- 2015-10-13 16:17 - 2015-09-24 21:59 - 00163840 _____ (Microsoft Corporation) C:\WINDOWS\system32\CallHistoryClient.dll
- 2015-10-13 16:17 - 2015-09-24 21:58 - 01871360 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
- 2015-10-13 16:17 - 2015-09-24 21:47 - 00195584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataAccountApis.dll
- 2015-10-13 16:17 - 2015-09-24 21:47 - 00172032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhoneCallHistoryApis.dll
- 2015-10-13 16:17 - 2015-09-24 21:38 - 03580416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
- 2015-10-13 16:17 - 2015-09-24 21:38 - 00650240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
- 2015-10-13 16:17 - 2015-09-24 21:38 - 00574464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
- 2015-10-13 16:17 - 2015-09-24 21:38 - 00504320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
- 2015-10-13 16:17 - 2015-09-24 21:37 - 00766976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
- 2015-10-13 16:17 - 2015-09-24 21:37 - 00613376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
- 2015-10-13 16:17 - 2015-09-24 21:37 - 00480256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll
- 2015-10-13 16:17 - 2015-09-24 21:36 - 11262976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
- 2015-10-13 16:17 - 2015-09-24 21:36 - 05454848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
- 2015-10-13 16:17 - 2015-09-24 21:34 - 00928256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Unistore.dll
- 2015-10-13 16:17 - 2015-09-24 21:34 - 00625152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ContactApis.dll
- 2015-10-13 16:17 - 2015-09-24 21:34 - 00579584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppointmentApis.dll
- 2015-10-13 16:17 - 2015-09-24 21:34 - 00557568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ChatApis.dll
- 2015-10-13 16:17 - 2015-09-24 21:34 - 00525312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EmailApis.dll
- 2015-10-13 16:17 - 2015-09-24 21:33 - 00131072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CallHistoryClient.dll
- 2015-10-13 16:17 - 2015-09-24 21:32 - 01594368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
- 2015-10-13 16:17 - 2015-09-24 21:32 - 00466432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MessagingDataModel2.dll
- 2015-10-12 21:44 - 2015-10-12 21:44 - 00000000 ____D C:\Users\nuworld\AppData\Roaming\Macromedia
- 2015-10-12 21:44 - 2015-10-12 21:44 - 00000000 ____D C:\Users\nuworld\AppData\Local\Macromedia
- 2015-10-12 21:43 - 2015-11-07 19:09 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
- 2015-10-12 21:43 - 2015-10-13 16:09 - 00003816 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
- 2015-10-12 21:43 - 2015-10-12 21:43 - 00000000 ____D C:\WINDOWS\system32\Macromed
- 2015-10-11 22:11 - 2015-10-11 22:11 - 15622640 _____ (DIRECTV) C:\Users\nuworld\Downloads\DIRECTV_Player_12.1.exe
- 2015-10-11 22:11 - 2015-10-11 22:11 - 00000000 ____D C:\Users\nuworld\AppData\Roaming\Octoshape
- 2015-10-11 22:11 - 2015-10-11 22:11 - 00000000 ____D C:\Users\nuworld\AppData\LocalLow\DTV
- 2015-10-11 22:11 - 2015-10-11 22:11 - 00000000 ____D C:\Users\nuworld\AppData\Local\Octoshape
- 2015-10-11 21:56 - 2015-10-11 21:56 - 28849904 _____ C:\Users\nuworld\Downloads\vlc-2.2.1-win32.exe
- 2015-10-11 20:13 - 2015-10-11 22:01 - 00000000 ____D C:\Users\nuworld\AppData\Local\DIRECTV
- 2015-10-11 20:12 - 2015-10-11 22:01 - 00000000 ____D C:\Users\nuworld\AppData\Roaming\DIRECTV
- 2015-10-11 20:12 - 2015-10-11 20:12 - 24647352 _____ (DIRECTV, LLC) C:\Users\nuworld\Downloads\DirectvGenieGOSetup.exe
- ==================== One Month Modified files and folders ========
- (If an entry is included in the fixlist, the file/folder will be moved.)
- 2015-11-07 19:34 - 2015-07-14 22:08 - 00000000 ____D C:\FRST
- 2015-11-07 19:32 - 2012-09-06 20:04 - 00000924 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
- 2015-11-07 19:31 - 2015-08-02 00:06 - 00000000 ____D C:\ProgramData\Kaspersky Lab
- 2015-11-07 19:30 - 2015-08-21 22:45 - 00000000 ____D C:\ProgramData\NVIDIA
- 2015-11-07 19:30 - 2015-07-10 07:21 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
- 2015-11-07 19:30 - 2012-08-29 18:13 - 00000000 ____D C:\Program Files (x86)\CyberPower PowerPanel Personal Edition
- 2015-11-07 19:29 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\system32\sru
- 2015-11-07 19:29 - 2015-07-10 04:05 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
- 2015-11-07 19:20 - 2015-08-21 22:50 - 00000000 ____D C:\Users\nuworld
- 2015-11-07 19:02 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\AppReadiness
- 2015-11-07 18:55 - 2012-09-06 20:04 - 00000928 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
- 2015-11-07 17:55 - 2015-08-17 19:14 - 00113880 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
- 2015-11-07 17:36 - 2014-06-08 22:13 - 00000000 ____D C:\Users\nuworld\AppData\Local\Adobe
- 2015-11-06 23:31 - 2012-09-28 18:46 - 00000000 ____D C:\Users\nuworld\AppData\Roaming\Skype
- 2015-11-06 19:51 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\rescache
- 2015-11-06 19:08 - 2014-11-16 21:46 - 00121344 ___SH C:\Users\nuworld\Thumbs.db
- 2015-11-05 22:03 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\system32\appraiser
- 2015-11-05 21:33 - 2015-07-10 05:55 - 00000000 ____D C:\WINDOWS\CbsTemp
- 2015-11-05 20:33 - 2014-08-18 18:20 - 00000000 ____D C:\Users\nuworld\AppData\Roaming\TeamViewer
- 2015-11-05 19:42 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\system32\NDF
- 2015-11-05 18:34 - 2015-08-17 19:14 - 11337112 _____ (SurfRight B.V.) C:\Users\nuworld\Downloads\hitmanpro_x64.exe
- 2015-11-05 17:49 - 2012-09-28 18:46 - 00000000 ____D C:\ProgramData\Skype
- 2015-11-05 17:28 - 2015-08-22 02:27 - 00000000 ____D C:\WINDOWS\system32\msmq
- 2015-11-05 16:33 - 2015-08-21 22:47 - 01005642 _____ C:\WINDOWS\system32\PerfStringBackup.INI
- 2015-11-05 00:29 - 2012-08-27 20:08 - 00000000 ____D C:\ProgramData\TEMP
- 2015-11-05 00:03 - 2015-08-21 23:23 - 00000000 ____D C:\Users\nuworld\AppData\Local\Packages
- 2015-11-04 23:32 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\registration
- 2015-11-04 23:04 - 2015-09-20 22:01 - 00000000 ____D C:\Users\DefaultAppPool.IIS APPPOOL
- 2015-11-04 23:04 - 2015-08-21 22:50 - 00000000 ____D C:\Users\Administrator
- 2015-11-04 23:04 - 2015-08-19 19:59 - 00000000 ___RD C:\Program Files (x86)\Skype
- 2015-11-04 23:04 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\SystemResources
- 2015-11-04 23:04 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\Globalization
- 2015-11-04 23:04 - 2015-07-10 06:04 - 00000000 ____D C:\Program Files\Windows Defender
- 2015-11-04 23:04 - 2015-07-10 04:05 - 00000000 ____D C:\WINDOWS\system32\Sysprep
- 2015-11-04 23:04 - 2015-07-10 04:05 - 00000000 ____D C:\WINDOWS\servicing
- 2015-11-04 23:04 - 2012-08-31 20:36 - 00000000 ____D C:\Users\nuworld\AppData\Roaming\EditPlus 3
- 2015-11-04 23:03 - 2013-12-29 21:44 - 00000000 ____D C:\WINDOWS\pss
- 2015-11-04 22:56 - 2015-08-17 19:14 - 00000000 ____D C:\ProgramData\Malwarebytes
- 2015-11-04 22:06 - 2015-08-17 19:14 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
- 2015-11-02 20:58 - 2014-06-08 16:48 - 00268288 ___SH C:\Users\nuworld\Documents\Thumbs.db
- 2015-11-02 20:15 - 2012-08-28 19:36 - 00000000 ____D C:\Users\nuworld\AppData\Roaming\FileZilla
- 2015-11-01 04:33 - 2012-08-26 22:55 - 00000000 ____D C:\Users\nuworld\Documents\Tencent Files
- 2015-10-30 19:21 - 2015-08-21 23:27 - 00002380 _____ C:\Users\nuworld\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
- 2015-10-30 19:21 - 2015-08-21 23:27 - 00000000 ___RD C:\Users\nuworld\OneDrive
- 2015-10-29 21:40 - 2015-09-04 20:21 - 00000000 ____D C:\Users\nuworld\Downloads\phpbb 3.1.5
- 2015-10-29 21:02 - 2015-08-27 11:46 - 00000000 ____D C:\Users\nuworld\Desktop\we_universal
- 2015-10-27 21:21 - 2015-09-03 18:20 - 00000000 ____D C:\Users\nuworld\Documents\phpbb 3.1.5
- 2015-10-23 20:58 - 2012-08-28 19:36 - 00002069 _____ C:\Users\nuworld\Desktop\FileZilla Client.lnk
- 2015-10-23 20:58 - 2012-08-28 19:36 - 00000000 ____D C:\Users\nuworld\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
- 2015-10-23 20:58 - 2012-08-28 19:36 - 00000000 ____D C:\Program Files (x86)\FileZilla FTP Client
- 2015-10-20 15:36 - 2015-08-16 19:27 - 00181640 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klflt.sys
- 2015-10-20 15:36 - 2015-06-30 00:05 - 00925064 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klif.sys
- 2015-10-20 15:36 - 2015-06-26 22:58 - 00087944 _____ (Kaspersky Lab ZAO) C:\WINDOWS\system32\Drivers\klwfp.sys
- 2015-10-20 15:35 - 2015-08-16 19:27 - 00227512 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klhk.sys
- 2015-10-18 06:42 - 2015-08-23 16:46 - 00708081 _____ C:\Users\nuworld\Downloads\SysPerf.zip
- 2015-10-15 22:10 - 2015-10-01 16:18 - 00810488 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
- 2015-10-15 22:10 - 2015-10-01 16:18 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
- 2015-10-13 19:43 - 2014-06-08 22:13 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
- 2015-10-13 17:44 - 2015-10-05 20:28 - 00000000 ____D C:\Users\nuworld\Desktop\WHF sigs
- 2015-10-13 16:29 - 2013-07-23 16:19 - 00000000 ____D C:\WINDOWS\system32\MRT
- 2015-10-13 16:21 - 2012-08-25 10:46 - 143481208 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
- 2015-10-11 22:14 - 2015-07-10 07:20 - 00214680 _____ C:\WINDOWS\system32\FNTCACHE.DAT
- 2015-10-11 22:11 - 2012-08-25 10:42 - 00000000 ____D C:\Users\nuworld\AppData\Roaming\Mozilla
- 2015-10-11 20:12 - 2015-02-27 03:08 - 00000000 ____D C:\Users\nuworld\AppData\Local\Downloaded Installations
- ==================== Files in the root of some directories =======
- 2015-08-06 17:20 - 2015-08-06 17:20 - 0002070 _____ () C:\Users\nuworld\AppData\Roaming\.DEFAULT
- 2015-08-06 17:20 - 2015-08-06 17:20 - 0011128 _____ () C:\Users\nuworld\AppData\Roaming\.DEFAULT-dm2
- 2015-08-06 17:20 - 2015-08-06 17:20 - 0011138 _____ () C:\Users\nuworld\AppData\Roaming\.DEFAULT-dmpu
- 2014-12-07 02:44 - 2014-12-15 20:32 - 0000033 _____ () C:\Users\nuworld\AppData\Roaming\AdobeWLCMCache.dat
- 2015-08-06 17:20 - 2015-08-06 17:20 - 0020392 _____ () C:\Users\nuworld\AppData\Roaming\nuanreg
- 2015-08-06 17:20 - 2015-08-06 17:20 - 0041700 _____ () C:\Users\nuworld\AppData\Roaming\nuanreg-dm2
- 2015-08-06 17:20 - 2015-08-06 17:20 - 0040238 _____ () C:\Users\nuworld\AppData\Roaming\nuanreg-dmpu
- 2015-08-06 17:20 - 2015-08-06 17:20 - 0002070 _____ () C:\Users\nuworld\AppData\Roaming\S-1-5-18
- 2015-08-06 17:20 - 2015-08-06 17:20 - 0011128 _____ () C:\Users\nuworld\AppData\Roaming\S-1-5-18-dm2
- 2015-08-06 17:20 - 2015-08-06 17:20 - 0011138 _____ () C:\Users\nuworld\AppData\Roaming\S-1-5-18-dmpu
- 2015-08-06 17:20 - 2015-08-06 17:20 - 0000170 _____ () C:\Users\nuworld\AppData\Roaming\S-1-5-19-dm2
- 2015-08-06 17:20 - 2015-08-06 17:20 - 0000180 _____ () C:\Users\nuworld\AppData\Roaming\S-1-5-19-dmpu
- 2015-08-06 17:20 - 2015-08-06 17:20 - 0000170 _____ () C:\Users\nuworld\AppData\Roaming\S-1-5-20-dm2
- 2015-08-06 17:20 - 2015-08-06 17:20 - 0000180 _____ () C:\Users\nuworld\AppData\Roaming\S-1-5-20-dmpu
- 2015-08-06 17:20 - 2015-08-06 17:20 - 0023746 _____ () C:\Users\nuworld\AppData\Roaming\S-1-5-21-323302487-4014843972-3913409306-1000
- 2015-08-06 17:20 - 2015-08-06 17:20 - 0041778 _____ () C:\Users\nuworld\AppData\Roaming\S-1-5-21-323302487-4014843972-3913409306-1000-dm2
- 2015-08-06 17:20 - 2015-08-06 17:20 - 0040316 _____ () C:\Users\nuworld\AppData\Roaming\S-1-5-21-323302487-4014843972-3913409306-1000-dmpu
- 2012-08-25 23:29 - 2015-08-11 20:09 - 0007686 _____ () C:\Users\nuworld\AppData\Local\resmon.resmoncfg
- 2013-03-28 20:30 - 2013-03-28 20:30 - 0000080 _____ () C:\Users\nuworld\AppData\Local\X-Plane Installer.prf
- 2013-03-28 20:31 - 2013-03-28 20:41 - 0000015 _____ () C:\Users\nuworld\AppData\Local\X-Plane_drm.prf
- 2013-03-28 18:17 - 2013-03-28 18:17 - 0000043 _____ () C:\Users\nuworld\AppData\Local\x-plane_install_10.txt
- 2015-08-21 22:45 - 2015-08-21 22:45 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
- 2012-08-27 22:20 - 2012-08-30 18:25 - 0001294 _____ () C:\ProgramData\Gpu.log
- 2013-02-20 18:20 - 2015-02-08 04:25 - 0001385 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
- Some files in TEMP:
- ====================
- C:\Users\nuworld\AppData\Local\Temp\sqlite3.dll
- ==================== Bamital & volsnap =================
- (There is no automatic fix for files that do not pass verification.)
- C:\WINDOWS\system32\winlogon.exe => File is digitally signed
- C:\WINDOWS\system32\wininit.exe => File is digitally signed
- C:\WINDOWS\explorer.exe => File is digitally signed
- C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
- C:\WINDOWS\system32\svchost.exe => File is digitally signed
- C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
- C:\WINDOWS\system32\services.exe => File is digitally signed
- C:\WINDOWS\system32\User32.dll => File is digitally signed
- C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
- C:\WINDOWS\system32\userinit.exe => File is digitally signed
- C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
- C:\WINDOWS\system32\rpcss.dll => File is digitally signed
- C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
- C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
- C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
- LastRegBack: 2015-10-31 04:02
- ==================== End of FRST.txt ============================
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement