Author Topic: [Inactive - K] Cannot enable or update Windows Security Essentials  (Read 5668 times)

Offline PA Bear

  • Microsoft® MVP
  • Security Expert
  • Bronze Member
  • Posts: 43
~Robear Dyer (PA Bear)
MS MVP-Windows Client (Updates, IE, Mail, Security) - since October 2002
Errabundi Saepe, Semper Certi

Offline kevinf80

  • Malware Removal Staff
  • Diamond Member
  • Posts: 7656
Re: [Inactive - K] Cannot enable or update Windows Security Essentials
« Reply #16 on: June 29, 2015, 01:18:04 PM »
Thanks for the update Robear, the system is awash with malware/infection etc.. See what happens as we progress...

Kevin... :t

Offline avs nikhil

  • Bronze Member
  • Posts: 33
Re: [Inactive - K] Cannot enable or update Windows Security Essentials
« Reply #17 on: June 29, 2015, 01:22:34 PM »
Hi Kevin,

I've run FRST and this is the content of the log file  - fixlog.txt

Fix result of Farbar Recovery Scan Tool (x64) Version:28-06-2015 01
Ran by nikhi at 2015-06-30 00:39:01 Run:1
Running from C:\Users\nikhi\Desktop
Loaded Profiles: nikhi (Available Profiles: nikhi)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
HKLM\...\Policies\Explorer: [TaskbarNoNotification] 1
HKLM\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-21-2052094510-1569341030-3252781033-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
S3 WinHttpAutoProxySvc; winhttp.dll [X]
S1 crioevuo; \??\C:\Windows\system32\drivers\crioevuo.sys [X]
S3 dgderdrv; System32\drivers\dgderdrv.sys [X]
S1 kqhtcgrc; \??\C:\Windows\system32\drivers\kqhtcgrc.sys [X]
S2 NEWDRIVER; \??\C:\Windows\SysWow64\WinVDEdrv6.sys [X]
S3 Ser2pl; system32\DRIVERS\ser2pl64.sys [X]
2015-06-29 14:30 - 2015-06-29 14:30 - 01415680 _____ (wj32) C:\Program Files\PUWY057U.exe
2015-06-29 13:00 - 2015-06-29 13:00 - 01415680 _____ (wj32) C:\Program Files\WY35ACHG.exe
2015-06-29 12:56 - 2015-06-29 12:56 - 01415680 _____ (wj32) C:\Program Files\YW8642EC.exe
2015-06-29 12:56 - 2015-06-29 12:56 - 01415680 _____ (wj32) C:\Program Files\YDIKPRT3.exe
2015-06-29 12:56 - 2015-06-29 12:56 - 01415680 _____ (wj32) C:\Program Files\U6420CAO.exe
2015-06-29 12:56 - 2015-06-29 12:56 - 01415680 _____ (wj32) C:\Program Files\35ACEGLN.exe
2015-06-29 12:55 - 2015-06-29 12:55 - 01415680 _____ (wj32) C:\Program Files\KSUZ135S.exe
2015-06-29 12:55 - 2015-06-29 12:55 - 01415680 _____ (wj32) C:\Program Files\EA62YUKA.exe
2015-06-29 12:55 - 2015-06-29 12:55 - 01415680 _____ (wj32) C:\Program Files\9EGIKPRY.exe
2015-06-29 12:55 - 2015-06-29 12:55 - 01415680 _____ (wj32) C:\Program Files\8ACEJLND.exe
2015-06-29 12:55 - 2015-06-29 12:55 - 01415680 _____ (wj32) C:\Program Files\2468APUH.exe
2015-06-29 12:54 - 2015-06-29 12:54 - 01415680 _____ (wj32) C:\Program Files\MLE7O5G3.exe
2015-06-29 12:54 - 2015-06-29 12:54 - 01415680 _____ (wj32) C:\Program Files\168ACHG6.exe
2015-06-29 12:48 - 2015-06-29 12:48 - 01415680 _____ (wj32) C:\Program Files\KOMKWUSK.exe
2015-06-29 12:48 - 2015-06-29 12:48 - 01415680 _____ (wj32) C:\Program Files\ECOMKWUU.exe
2015-06-29 12:48 - 2015-06-29 12:48 - 01415680 _____ (wj32) C:\Program Files\168ACUWJ.exe
2015-06-29 12:47 - 2015-06-29 12:47 - 01415680 _____ (wj32) C:\Program Files\YDKM68SU.exe
2015-06-29 12:47 - 2015-06-29 12:47 - 01415680 _____ (wj32) C:\Program Files\VXZ16LNX.exe
2015-06-29 12:47 - 2015-06-29 12:47 - 01415680 _____ (wj32) C:\Program Files\OKVXZEJ6.exe
2015-06-29 12:47 - 2015-06-29 12:47 - 01415680 _____ (wj32) C:\Program Files\NSXZ4MOE.exe
2015-06-29 12:47 - 2015-06-29 12:47 - 01415680 _____ (wj32) C:\Program Files\N579BGIS.exe
2015-06-29 12:47 - 2015-06-29 12:47 - 01415680 _____ (wj32) C:\Program Files\68DFHMO8.exe
2015-06-29 12:46 - 2015-06-29 12:46 - 01415680 _____ (wj32) C:\Program Files\DFHM135V.exe
2015-06-29 12:40 - 2015-06-29 12:40 - 00000774 _____ C:\Users\nikhi\Desktop\chromehtml.reg
2015-06-29 12:35 - 2015-06-29 12:35 - 01415680 _____ (wj32) C:\Program Files\X5XBXJR1.exe
2015-06-29 12:35 - 2015-06-29 12:35 - 01415680 _____ (wj32) C:\Program Files\AMKIGSK8.exe
2015-06-29 12:35 - 2015-06-29 12:35 - 01415680 _____ (wj32) C:\Program Files\9BGINPRH.exe
2015-06-29 12:34 - 2015-06-29 12:34 - 01415680 _____ (wj32) C:\Program Files\X2468D0K.exe
2015-06-29 12:34 - 2015-06-29 12:34 - 01415680 _____ (wj32) C:\Program Files\KY6HP081.exe
2015-06-29 12:34 - 2015-06-29 12:34 - 01415680 _____ (wj32) C:\Program Files\HJY357X4.exe
2015-06-29 12:34 - 2015-06-29 12:34 - 01415680 _____ (wj32) C:\Program Files\246BDFH4.exe
2015-06-29 12:34 - 2015-06-29 12:34 - 01415680 _____ (wj32) C:\Program Files\0249BT3T.exe
2015-06-29 12:33 - 2015-06-29 12:33 - 01415680 _____ (wj32) C:\Program Files\KMOKVX2V.exe
2015-06-29 12:28 - 2015-06-29 12:28 - 01415680 _____ (wj32) C:\Program Files\SUZ135AX.exe
2015-06-29 12:28 - 2015-06-29 12:28 - 01415680 _____ (wj32) C:\Program Files\KDRSF5S0.exe
2015-06-29 12:15 - 2015-06-29 12:15 - 01415680 _____ (wj32) C:\Program Files\FHMOKSAC.exe
2015-06-29 12:15 - 2015-06-29 12:15 - 01415680 _____ (wj32) C:\Program Files\BDFHMOTV.exe
2015-06-29 12:14 - 2015-06-29 12:14 - 01415680 _____ (wj32) C:\Program Files\YWUS420Y.exe
2015-06-29 12:14 - 2015-06-29 12:14 - 01415680 _____ (wj32) C:\Program Files\MOTVXZ46.exe
2015-06-29 12:14 - 2015-06-29 12:14 - 01415680 _____ (wj32) C:\Program Files\KGC2VIBR.exe
2015-06-29 12:14 - 2015-06-29 12:14 - 01415680 _____ (wj32) C:\Program Files\FHJLKSUK.exe
2015-06-29 12:14 - 2015-06-29 12:14 - 01415680 _____ (wj32) C:\Program Files\EKOMKWUS.exe
2015-06-29 12:13 - 2015-06-29 12:13 - 01415680 _____ (wj32) C:\Program Files\RTV0FHJW.exe
2015-06-29 12:13 - 2015-06-29 12:13 - 01415680 _____ (wj32) C:\Program Files\NV3ET19K.exe
2015-06-29 12:13 - 2015-06-29 12:13 - 01415680 _____ (wj32) C:\Program Files\9BDSXZ13.exe
2015-06-29 12:13 - 2015-06-29 12:13 - 01415680 _____ (wj32) C:\Program Files\13LNPRWY.exe
2015-06-29 12:10 - 2015-06-29 12:34 - 01415680 _____ (wj32) C:\Program Files\9BDIKPRE.exe
2015-06-29 12:10 - 2015-06-29 12:10 - 01415680 _____ (wj32) C:\Program Files\WYDFKMO1.exe
2015-06-29 12:10 - 2015-06-29 12:10 - 01415680 _____ (wj32) C:\Program Files\8AFHJLKA.exe
2015-06-29 12:10 - 2015-06-29 12:10 - 01415680 _____ (wj32) C:\Program Files\51XKMI5M.exe
2015-06-29 12:09 - 2015-06-29 12:09 - 01415680 _____ (wj32) C:\Program Files\4FZM9D05.exe
2015-06-29 12:03 - 2015-06-29 12:03 - 01415680 _____ (wj32) C:\Program Files\SKY3B6E4.exe
2015-06-29 12:03 - 2015-06-29 12:03 - 01415680 _____ (wj32) C:\Program Files\KD92YREJ.exe
2015-06-29 02:57 - 2015-06-29 02:57 - 01415680 _____ (wj32) C:\Program Files\PRTV027U.exe
2015-06-29 02:57 - 2015-06-29 02:57 - 01415680 _____ (wj32) C:\Program Files\5P6TAKDR.exe
2015-06-29 02:56 - 2015-06-29 02:56 - 01415680 _____ (wj32) C:\Program Files\VDFHJOKD.exe
2015-06-29 02:56 - 2015-06-29 02:56 - 01415680 _____ (wj32) C:\Program Files\SK20YWA8.exe
2015-06-29 02:56 - 2015-06-29 02:56 - 01415680 _____ (wj32) C:\Program Files\MKIUSK42.exe
2015-06-29 02:56 - 2015-06-29 02:56 - 01415680 _____ (wj32) C:\Program Files\IKMOTVXN.exe
2015-06-29 02:56 - 2015-06-29 02:56 - 01415680 _____ (wj32) C:\Program Files\GECA86II.exe
2015-06-29 02:55 - 2015-06-29 02:55 - 01415680 _____ (wj32) C:\Program Files\XZ168AC2.exe
2015-06-29 02:55 - 2015-06-29 02:55 - 01415680 _____ (wj32) C:\Program Files\W1357CE4.exe
2015-06-29 02:55 - 2015-06-29 02:55 - 01415680 _____ (wj32) C:\Program Files\KVX2468Y.exe
2015-06-29 02:55 - 2015-06-29 02:55 - 01415680 _____ (wj32) C:\Program Files\GINPRTYL.exe
2015-06-29 02:55 - 2015-06-29 02:55 - 01415680 _____ (wj32) C:\Program Files\79BGI0ZP.exe
2015-06-25 13:11 - 2015-06-25 13:11 - 01415680 _____ (wj32) C:\Program Files\YCW7C7OZ.exe
2015-06-25 13:10 - 2015-06-25 13:10 - 01415680 _____ (wj32) C:\Program Files\WY027MOY.exe
2015-06-25 13:10 - 2015-06-25 13:10 - 01415680 _____ (wj32) C:\Program Files\KWU6420E.exe
2015-06-25 13:10 - 2015-06-25 13:10 - 01415680 _____ (wj32) C:\Program Files\KVALT195.exe
2015-06-25 13:09 - 2015-06-25 13:09 - 01415680 _____ (wj32) C:\Program Files\Y0579BG3.exe
2015-06-25 13:09 - 2015-06-25 13:09 - 01415680 _____ (wj32) C:\Program Files\OKSXZ46W.exe
2015-06-25 13:09 - 2015-06-25 13:09 - 01415680 _____ (wj32) C:\Program Files\NPUWY05S.exe
2015-06-25 13:09 - 2015-06-25 13:09 - 01415680 _____ (wj32) C:\Program Files\KYGOW4F8.exe
2015-06-25 13:09 - 2015-06-25 13:09 - 01415680 _____ (wj32) C:\Program Files\KM138ACM.exe
2015-06-25 13:09 - 2015-06-25 13:09 - 01415680 _____ (wj32) C:\Program Files\GINPR6BY.exe
2015-06-25 08:06 - 2015-06-25 08:06 - 01415680 _____ (wj32) C:\Program Files\J6N1LZX2.exe
2015-06-25 08:05 - 2015-06-25 08:05 - 01415680 _____ (wj32) C:\Program Files\MYWUS42G.exe
2015-06-25 08:05 - 2015-06-25 08:05 - 01415680 _____ (wj32) C:\Program Files\JOKV02KU.exe
2015-06-25 08:05 - 2015-06-25 08:05 - 01415680 _____ (wj32) C:\Program Files\0CA8KIGU.exe
2015-06-25 08:05 - 2015-06-25 08:05 - 01415680 _____ (wj32) C:\Program Files\0AL2AL5U.exe
2015-06-25 08:04 - 2015-06-25 08:04 - 01415680 _____ (wj32) C:\Program Files\ZEGINPRA.exe
2015-06-25 08:04 - 2015-06-25 08:04 - 01415680 _____ (wj32) C:\Program Files\Y0279BD3.exe
2015-06-25 08:04 - 2015-06-25 08:04 - 01415680 _____ (wj32) C:\Program Files\SX5D27IT.exe
2015-06-25 08:04 - 2015-06-25 08:04 - 01415680 _____ (wj32) C:\Program Files\R2AIK19O.exe
2015-06-25 08:04 - 2015-06-25 08:04 - 01415680 _____ (wj32) C:\Program Files\KPRWY02M.exe
2015-06-25 08:04 - 2015-06-25 08:04 - 01415680 _____ (wj32) C:\Program Files\57MOTVXK.exe
2015-06-25 05:52 - 2015-06-25 05:52 - 01415680 _____ (wj32) C:\Program Files\CHJLNSUW.exe
2015-06-24 15:36 - 2015-06-24 15:36 - 01415680 _____ (wj32) C:\Program Files\9BDFKMOE.exe
2015-06-24 15:36 - 2015-06-24 15:36 - 01415680 _____ (wj32) C:\Program Files\79BGIKMR.exe
Hosts:
Emptytemp:
End
*****************

HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\TaskbarNoNotification => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\HideSCAHealth => value removed successfully
"HKU\S-1-5-21-2052094510-1569341030-3252781033-1001\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
WinHttpAutoProxySvc => Service stopped successfully.
WinHttpAutoProxySvc => Service removed successfully
crioevuo => Service removed successfully
dgderdrv => Service removed successfully
kqhtcgrc => Service removed successfully
NEWDRIVER => Service removed successfully
Ser2pl => Service removed successfully
C:\Program Files\PUWY057U.exe => moved successfully.
C:\Program Files\WY35ACHG.exe => moved successfully.
C:\Program Files\YW8642EC.exe => moved successfully.
C:\Program Files\YDIKPRT3.exe => moved successfully.
C:\Program Files\U6420CAO.exe => moved successfully.
C:\Program Files\35ACEGLN.exe => moved successfully.
C:\Program Files\KSUZ135S.exe => moved successfully.
C:\Program Files\EA62YUKA.exe => moved successfully.
C:\Program Files\9EGIKPRY.exe => moved successfully.
C:\Program Files\8ACEJLND.exe => moved successfully.
C:\Program Files\2468APUH.exe => moved successfully.
C:\Program Files\MLE7O5G3.exe => moved successfully.
C:\Program Files\168ACHG6.exe => moved successfully.
C:\Program Files\KOMKWUSK.exe => moved successfully.
C:\Program Files\ECOMKWUU.exe => moved successfully.
C:\Program Files\168ACUWJ.exe => moved successfully.
C:\Program Files\YDKM68SU.exe => moved successfully.
C:\Program Files\VXZ16LNX.exe => moved successfully.
C:\Program Files\OKVXZEJ6.exe => moved successfully.
C:\Program Files\NSXZ4MOE.exe => moved successfully.
C:\Program Files\N579BGIS.exe => moved successfully.
C:\Program Files\68DFHMO8.exe => moved successfully.
C:\Program Files\DFHM135V.exe => moved successfully.
C:\Users\nikhi\Desktop\chromehtml.reg => moved successfully.
C:\Program Files\X5XBXJR1.exe => moved successfully.
C:\Program Files\AMKIGSK8.exe => moved successfully.
C:\Program Files\9BGINPRH.exe => moved successfully.
C:\Program Files\X2468D0K.exe => moved successfully.
C:\Program Files\KY6HP081.exe => moved successfully.
C:\Program Files\HJY357X4.exe => moved successfully.
C:\Program Files\246BDFH4.exe => moved successfully.
C:\Program Files\0249BT3T.exe => moved successfully.
C:\Program Files\KMOKVX2V.exe => moved successfully.
C:\Program Files\SUZ135AX.exe => moved successfully.
C:\Program Files\KDRSF5S0.exe => moved successfully.
C:\Program Files\FHMOKSAC.exe => moved successfully.
C:\Program Files\BDFHMOTV.exe => moved successfully.
C:\Program Files\YWUS420Y.exe => moved successfully.
C:\Program Files\MOTVXZ46.exe => moved successfully.
C:\Program Files\KGC2VIBR.exe => moved successfully.
C:\Program Files\FHJLKSUK.exe => moved successfully.
C:\Program Files\EKOMKWUS.exe => moved successfully.
C:\Program Files\RTV0FHJW.exe => moved successfully.
C:\Program Files\NV3ET19K.exe => moved successfully.
C:\Program Files\9BDSXZ13.exe => moved successfully.
C:\Program Files\13LNPRWY.exe => moved successfully.
C:\Program Files\9BDIKPRE.exe => moved successfully.
C:\Program Files\WYDFKMO1.exe => moved successfully.
C:\Program Files\8AFHJLKA.exe => moved successfully.
C:\Program Files\51XKMI5M.exe => moved successfully.
C:\Program Files\4FZM9D05.exe => moved successfully.
C:\Program Files\SKY3B6E4.exe => moved successfully.
C:\Program Files\KD92YREJ.exe => moved successfully.
C:\Program Files\PRTV027U.exe => moved successfully.
C:\Program Files\5P6TAKDR.exe => moved successfully.
C:\Program Files\VDFHJOKD.exe => moved successfully.
C:\Program Files\SK20YWA8.exe => moved successfully.
C:\Program Files\MKIUSK42.exe => moved successfully.
C:\Program Files\IKMOTVXN.exe => moved successfully.
C:\Program Files\GECA86II.exe => moved successfully.
C:\Program Files\XZ168AC2.exe => moved successfully.
C:\Program Files\W1357CE4.exe => moved successfully.
C:\Program Files\KVX2468Y.exe => moved successfully.
C:\Program Files\GINPRTYL.exe => moved successfully.
C:\Program Files\79BGI0ZP.exe => moved successfully.
C:\Program Files\YCW7C7OZ.exe => moved successfully.
C:\Program Files\WY027MOY.exe => moved successfully.
C:\Program Files\KWU6420E.exe => moved successfully.
C:\Program Files\KVALT195.exe => moved successfully.
C:\Program Files\Y0579BG3.exe => moved successfully.
C:\Program Files\OKSXZ46W.exe => moved successfully.
C:\Program Files\NPUWY05S.exe => moved successfully.
C:\Program Files\KYGOW4F8.exe => moved successfully.
C:\Program Files\KM138ACM.exe => moved successfully.
C:\Program Files\GINPR6BY.exe => moved successfully.
C:\Program Files\J6N1LZX2.exe => moved successfully.
C:\Program Files\MYWUS42G.exe => moved successfully.
C:\Program Files\JOKV02KU.exe => moved successfully.
C:\Program Files\0CA8KIGU.exe => moved successfully.
C:\Program Files\0AL2AL5U.exe => moved successfully.
C:\Program Files\ZEGINPRA.exe => moved successfully.
C:\Program Files\Y0279BD3.exe => moved successfully.
C:\Program Files\SX5D27IT.exe => moved successfully.
C:\Program Files\R2AIK19O.exe => moved successfully.
C:\Program Files\KPRWY02M.exe => moved successfully.
C:\Program Files\57MOTVXK.exe => moved successfully.
C:\Program Files\CHJLNSUW.exe => moved successfully.
C:\Program Files\9BDFKMOE.exe => moved successfully.
"C:\Program Files\79BGIKMR.exe" => File/Folder not found.
C:\Windows\System32\Drivers\etc\hosts => moved successfully.
Hosts restored successfully.
EmptyTemp: => 1.7 GB temporary data Removed.


The system needed a reboot..

==== End of Fixlog 00:39:25 ====

I was not able to run MBAM in normal mode.

Thank you for your time,
Nikhil.


Offline avs nikhil

  • Bronze Member
  • Posts: 33
Re: [Inactive - K] Cannot enable or update Windows Security Essentials
« Reply #18 on: June 29, 2015, 01:31:09 PM »
Hi Kevin,

I've noticed one more thing.. Whenever i tried to start MSE (click on start now button in MSE GUI), a new ********.exe (for example : EWY0279B.exe) file appears in the program files folder.

I've noticed it by opening program files folder in windows explorer, MSE and clicking 'start now' button. Then MSE GUI closes automatically and this new file is created in program files.

Thanks for your time,
Nikhil

Offline kevinf80

  • Malware Removal Staff
  • Diamond Member
  • Posts: 7656
Re: [Inactive - K] Cannot enable or update Windows Security Essentials
« Reply #19 on: June 29, 2015, 01:36:14 PM »
Hello nikhil,

See if you can run the following and then try Malwarebytes, if this does not work run FRST and post the two new logs...

Download RKill from here: http://www.bleepingcomputer.com/download/rkill/

There are three buttons to choose from with different names on, select the first one and save it to your desktop.

  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7/8, right-click on it and Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • A log pops up at the end of the run. This log file is located at C:\rkill.log. Please post this in your next reply.
  • If you do not see the black box flash on the screen delete the icon from the desktop and go back to the link for the download, select the next button and try to run the tool again, continue to repeat this process using the remaining buttons until the tool runs. You will find further links if you scroll down the page with other names, try them one at a time.
  • If the tool does not run from any of the links provided, please let me know.

Thanks,

Kevin...

Offline avs nikhil

  • Bronze Member
  • Posts: 33
Re: [Inactive - K] Cannot enable or update Windows Security Essentials
« Reply #20 on: June 29, 2015, 01:49:41 PM »
Hi Kevin,

I downloaded rkill.exe from the first button in the link that u've given.

when i ran it as administrator, a black DOS box opened and when then windows crashed with a blue screen

here are the details -

Problem signature:
  Problem Event Name:   BlueScreen
  OS Version:   6.1.7601.2.1.0.768.3
  Locale ID:   3081

Additional information about the problem:
  BCCode:   f4
  BCP1:   0000000000000003
  BCP2:   FFFFFA800B807060
  BCP3:   FFFFFA800B807340
  BCP4:   FFFFF80003D79E20
  OS Version:   6_1_7601
  Service Pack:   1_0
  Product:   768_1

Files that help describe the problem:
  C:\Windows\Minidump\063015-9204-01.dmp
  C:\Users\nikhi\AppData\Local\Temp\WER-115315-0.sysdata.xml

Read our privacy statement online:
  http://go.microsoft.com/fwlink/?linkid=104288&clcid=0x0409

If the online privacy statement is not available, please read our privacy statement offline:
  C:\Windows\system32\en-US\erofflps.txt

Thanks for your time
Nikhil

Offline kevinf80

  • Malware Removal Staff
  • Diamond Member
  • Posts: 7656
Re: [Inactive - K] Cannot enable or update Windows Security Essentials
« Reply #21 on: June 29, 2015, 02:11:08 PM »
Hello nikhil,

As you have Malwarebytes installed lets see if we can get it to run through its protected folder, do the following

Select > Start > All Programs > Malwarebytes` Anti-Malware > Tools folder > Malwarebytes Anti-Malware Chameleon:





A new window will open with Chameleon Tabs to

Select tabs in turn until you get a successful run by double click on the tab,
Vista and Windows 7/8 user will have to accept UAC prompt. If successful you will see the following:





As instructed press any key to continue, you will now see the following as Malwarebytes attempts to run:





Do nothing, let MB continue, it will try to update:





You may see the following:





Then.....





MB will prompt if successful, do nothing; let it continue.





MB will try to kill known malicious processes, do nothing; let it continue.





MB will try to start a quick scan, if successful the following will open; do nothing the scan will run automatically.





When complete MB will produce a log, save that and copy to next reply.

MB will continue and remove the protective driver, you will then be given the option to "Press any key to continue" do that.





Let me see the log from Malwarebytes in your reply,

Thanks,

Kevin..


Offline avs nikhil

  • Bronze Member
  • Posts: 33
Re: [Inactive - K] Cannot enable or update Windows Security Essentials
« Reply #22 on: June 29, 2015, 02:55:51 PM »
Hi kevin,

Here is the log file of the MBAM scan -

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 30/06/2015
Scan Time: 2:01:02 AM
Logfile: mbam first scan.txt
Administrator: Yes

Version: 2.01.6.1022
Malware Database: v2015.06.29.05
Rootkit Database: v2015.06.26.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Enabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: nikhi

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 406066
Time Elapsed: 7 min, 20 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 5
PUP.Optional.MediaDrug.C, C:\Users\nikhi\AppData\Local\MediaDrug, Quarantined, [db9eedd396f490a6a01bef03857e0000],
PUP.Optional.MediaDrug.C, C:\Users\nikhi\AppData\Local\MediaDrug\cache, Quarantined, [db9eedd396f490a6a01bef03857e0000],
PUP.Optional.MediaDrug.C, C:\Users\nikhi\AppData\Local\MediaDrug\log, Quarantined, [db9eedd396f490a6a01bef03857e0000],
PUP.Optional.MediaDrug.C, C:\Users\nikhi\AppData\Local\MediaDrug\queries, Quarantined, [db9eedd396f490a6a01bef03857e0000],
PUP.Optional.APNToolBar.Gen, C:\ProgramData\APN\APN-Stub, Quarantined, [c8b1724ea3e770c661e13eb8b350bf41],

Files: 8
PUP.Optional.MediaDrug.C, C:\Users\nikhi\AppData\Local\MediaDrug\.settings, Quarantined, [db9eedd396f490a6a01bef03857e0000],
PUP.Optional.MediaDrug.C, C:\Users\nikhi\AppData\Local\MediaDrug\dm.xml, Quarantined, [db9eedd396f490a6a01bef03857e0000],
PUP.Optional.MediaDrug.C, C:\Users\nikhi\AppData\Local\MediaDrug\playlists.xml, Quarantined, [db9eedd396f490a6a01bef03857e0000],
PUP.Optional.MediaDrug.C, C:\Users\nikhi\AppData\Local\MediaDrug\radio.xml, Quarantined, [db9eedd396f490a6a01bef03857e0000],
PUP.Optional.MediaDrug.C, C:\Users\nikhi\AppData\Local\MediaDrug\log\log_2014-04-07.txt, Quarantined, [db9eedd396f490a6a01bef03857e0000],
PUP.Optional.MediaDrug.C, C:\Users\nikhi\AppData\Local\MediaDrug\log\log_2014-04-13.txt, Quarantined, [db9eedd396f490a6a01bef03857e0000],
PUP.Optional.MediaDrug.C, C:\Users\nikhi\AppData\Local\MediaDrug\queries\Lenka - Lenka.xml, Quarantined, [db9eedd396f490a6a01bef03857e0000],
PUP.Optional.MediaDrug.C, C:\Users\nikhi\AppData\Local\MediaDrug\queries\lenka.xml, Quarantined, [db9eedd396f490a6a01bef03857e0000],

Physical Sectors: 0
(No malicious items detected)


(end)

I couldn't copy the log file first time so I ran the scan again, here is the log of second scan -

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 30/06/2015
Scan Time: 2:14:40 AM
Logfile: mbam scan log.txt
Administrator: Yes

Version: 2.01.6.1022
Malware Database: v2015.06.29.05
Rootkit Database: v2015.06.26.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Enabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: nikhi

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 406067
Time Elapsed: 7 min, 11 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

Thanks for your time,
Nikhil.

Offline kevinf80

  • Malware Removal Staff
  • Diamond Member
  • Posts: 7656
Re: [Inactive - K] Cannot enable or update Windows Security Essentials
« Reply #23 on: June 29, 2015, 03:03:56 PM »
Hiya nikhil,

Thanks for the logs, continue please:

1.Download Malwarebytes Anti-Rootkit from this link:

 http://www.malwarebytes.org/products/mbar/

2. Unzip the File to a convenient location. (Recommend the Desktop)
3. Open the folder where the contents were unzipped to run mbar.exe



4. Double-click on the mbar.exe file, you may receive a User Account Control prompt asking if you are sure you wish to allow the program to run. Please allow the program to run and MBAR will now start to install any necessary drivers that are required for the program to operate correctly. If a rootkit is interfering with the installation of the drivers you will see a message that states that the DDA driver was not installed and that you should reboot your computer to install it. You will see this image:



5. If you receive this message, please click on the Yes button and Malwarebytes Anti-Rootkit will now restart your computer. Once the computer is rebooted and you login, MBAR will automatically start and you will now be at the start screen. (If no Rootkit warning you will go from step 4 to 6.)

6. The following image opens, select Next.



7. The following image opens, select Update



8. When the update completes select Next.



9. In the following window ensure "Targets" are ticked. Then select "Scan"



10. If an infection is found select the "Cleanup Button" to remove threats, Reboot if prompted. Wait while the system shuts down and the cleanup process is performed.



11. Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click "Cleanup Button" once more and repeat the process.
12. If no threats were found you will see the following image, Select Exit:



13. Verify that your system is now running normally, making sure that the following items are functional:

  • Internet access
  • Windows Update
  • Windows Firewall

14.  If there are additional problems with your system, such as any of those listed above or other system issues, then run the 'fixdamage' tool included within Malwarebytes Anti-Rootkit folder.

15. Select "Y" from your Keyboard, tap Enter.

16. The fix will be applied, select any key to Exit.

17. Let me know how your system now responds. Copy and paste the two following logs from the mbar folder:

System - log
Mbar - log   Date and time of scan will also be shown

Thanks,

Kevin...

Offline avs nikhil

  • Bronze Member
  • Posts: 33
Re: [Inactive - K] Cannot enable or update Windows Security Essentials
« Reply #24 on: June 29, 2015, 03:57:00 PM »
Hi Kevin,

I ran mbar.exe without any problems. Here is the system log file content -

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.09.1.1004

(c) Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 11.0.9600.17843

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 2.793000 GHz
Memory total: 8476565504, free: 5045964800

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.09.1.1004

(c) Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 11.0.9600.17843

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 2.793000 GHz
Memory total: 8476565504, free: 5047898112

Downloaded database version: v2015.06.29.05
Downloaded database version: v2015.06.26.01
Downloaded database version: v2015.06.26.01
=======================================
Initializing...
------------ Kernel report ------------
     06/30/2015 03:05:13
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\DRIVERS\compbatt.sys
\SystemRoot\system32\DRIVERS\BATTC.SYS
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\iaStor.sys
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\system32\DRIVERS\MpFilter.sys
\SystemRoot\System32\Drivers\PxHlpa64.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\system32\DRIVERS\stdcfltn.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\system32\DRIVERS\nvpciflt.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\system32\DRIVERS\dtsoftbus01.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\cnnctfy2.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\DRIVERS\nvkflt.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\system32\DRIVERS\wmiacpi.sys
\SystemRoot\system32\DRIVERS\nvlddmkm.sys
\SystemRoot\system32\DRIVERS\igdkmd64.sys
\SystemRoot\system32\DRIVERS\HECIx64.sys
\SystemRoot\system32\drivers\usbehci.sys
\SystemRoot\system32\drivers\USBPORT.SYS
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\NETwNs64.sys
\SystemRoot\system32\DRIVERS\vwifibus.sys
\SystemRoot\system32\DRIVERS\nusb3xhc.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\L1C62x64.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\cykbfltr.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\cymfltr.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\Accelern.sys
\SystemRoot\system32\DRIVERS\CmBatt.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\irstrtdv.sys
\SystemRoot\system32\DRIVERS\AMPPAL.sys
\SystemRoot\system32\DRIVERS\CompositeBus.sys
\SystemRoot\system32\DRIVERS\cyhid.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\iwdbus.sys
\SystemRoot\system32\drivers\DellProf.sys
\SystemRoot\system32\drivers\DDDriver64Dcsa.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\drivers\nvvad64v.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\RTKVHD64.sys
\SystemRoot\system32\DRIVERS\IntcDAud.sys
\SystemRoot\system32\DRIVERS\nusb3hub.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\Drivers\usbvideo.sys
\SystemRoot\system32\DRIVERS\CtClsFlt.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_iaStor.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\DRIVERS\TurboB.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\drivers\mrxdav.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\System32\Drivers\adfs.SYS
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\system32\DRIVERS\vwifimp.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\??\C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys
\??\C:\Program Files\kprocesshacker.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\autochk.exe
\Windows\System32\advapi32.dll
\Windows\System32\ws2_32.dll
\Windows\System32\imm32.dll
\Windows\System32\clbcatq.dll
\Windows\System32\msctf.dll
\Windows\System32\usp10.dll
\Windows\System32\shlwapi.dll
\Windows\System32\ole32.dll
\Windows\System32\normaliz.dll
\Windows\System32\lpk.dll
\Windows\System32\kernel32.dll
\Windows\System32\sechost.dll
\Windows\System32\psapi.dll
\Windows\System32\oleaut32.dll
\Windows\System32\setupapi.dll
\Windows\System32\difxapi.dll
\Windows\System32\nsi.dll
\Windows\System32\rpcrt4.dll
\Windows\System32\Wldap32.dll
\Windows\System32\urlmon.dll
\Windows\System32\gdi32.dll
\Windows\System32\iertutil.dll
\Windows\System32\user32.dll
\Windows\System32\wininet.dll
\Windows\System32\msvcrt.dll
\Windows\System32\comdlg32.dll
\Windows\System32\imagehlp.dll
\Windows\System32\shell32.dll
\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
\Windows\System32\KernelBase.dll
\Windows\System32\comctl32.dll
\Windows\System32\crypt32.dll
\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
\Windows\System32\userenv.dll
\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
\Windows\System32\devobj.dll
\Windows\System32\cfgmgr32.dll
\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
\Windows\System32\wintrust.dll
\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
\Windows\System32\msasn1.dll
\Windows\System32\profapi.dll
\Windows\SysWOW64\normaliz.dll
----------- End -----------
Done!

Scan started
Database versions:
  main:    v2015.06.29.05
  rootkit: v2015.06.26.01

<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa8008e77060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8008e77b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8008e77060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8008d79cb0, DeviceName: Unknown, DriverName: \Driver\stdcfltn\
DevicePointer: 0xfffffa8006f8c910, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xfffffa8007c75050, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
Done!
Drive 0
This is a System drive
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 7F2837E

Partition information:

    Partition 0 type is Other (0xde)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 63  Numsec = 208782

    Partition 1 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 212992  Numsec = 40960000
    Partition file system is NTFS
    Partition is bootable

    Partition 2 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 41172992  Numsec = 442164742

    Partition 3 type is Other (0x84)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 483340288  Numsec = 16775168

Disk Size: 256060514304 bytes
Sector size: 512 bytes

Done!
Scan finished
=======================================


Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-1-212992-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
Removal finished

Here is the mbar log content -

Malwarebytes Anti-Rootkit BETA 1.09.1.1004
www.malwarebytes.org

Database version:
  main:    v2015.06.29.05
  rootkit: v2015.06.26.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.17843
nikhi :: NIKHIL-PC [administrator]

30/06/2015 3:05:25 AM
mbar-log-2015-06-30 (03-05-25).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 408205
Time elapsed: 6 minute(s), 54 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)

System is running fine on the outset (like before), I am able to access internet, firewall seems fine.

But i am still not able to install updates related to MSE and also the ********.exe files in the program files folder are still there.

new ********.exe files are not getting created after running MBAM from chameleon window. I didn't try starting MSE, as this seems to be related to malware.

What should i do with ********.exe files and MSE?

Do you want me to attach some screenshots of the properties window of a ********.exe file?

Thank you for your time,
Nikhil.

Offline kevinf80

  • Malware Removal Staff
  • Diamond Member
  • Posts: 7656
Re: [Inactive - K] Cannot enable or update Windows Security Essentials
« Reply #25 on: June 29, 2015, 04:03:54 PM »
Thanks for the update nikhil, lets continue:

Run FRST one more time, ensure all boxes are checkmarked under "Whitelist" but only Addition.txt under "Optional scan" Select scan, when done post the two logs....

Next,

Download Farbar Service Scanner from here: http://www.bleepingcomputer.com/download/farbar-service-scanner/dl/62/ and run it on the computer with the issue.
Make sure the following options are checked:

  • Internet Services
  • Windows Firewall
  • System Restore
  • Security Center/Action Center
  • Windows Update
  • Windows Defender
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

Let me see those logs....

Cheers,

Kevin


Offline avs nikhil

  • Bronze Member
  • Posts: 33
Re: [Inactive - K] Cannot enable or update Windows Security Essentials
« Reply #26 on: June 29, 2015, 04:23:14 PM »
Hi Kevin,

I was able to run FRST and FSS successfully.

Here is the FRST log file content - 'part 1'

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:28-06-2015 01
Ran by nikhi (administrator) on NIKHIL-PC on 30-06-2015 03:39:34
Running from C:\Users\nikhi\Desktop
Loaded Profiles: nikhi (Available Profiles: nikhi)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Sensible Vision ) C:\Program Files (x86)\Sensible Vision\Fast Access\FAService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
() C:\Program Files (x86)\Connectify\ConnectifyService.exe
(Connectify) C:\Program Files (x86)\Connectify\Connectifyd.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Intel Corporation) C:\Windows\SysWOW64\irstrtsv.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
() C:\xampp\mysql\bin\mysqld.exe
(Dell, Inc.) C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Dell Inc.) C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(Microsoft Corporation) C:\Users\nikhi\AppData\Roaming\Microsoft\SystemCertificates\VSSVC.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.27.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.27.5\GoogleCrashHandler64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
() C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(DT Soft Ltd) C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Cypress Semiconductor, Inc.) C:\Program Files\Cypress\TrackPad\CyHidWin.exe
(Cypress Semiconductor Corporation) C:\Program Files\Cypress\TrackPad\CyCpIo.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Google Inc.) C:\Users\nikhi\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\nikhi\AppData\Local\Google\Update\1.3.27.5\GoogleCrashHandler.exe
(Google Inc.) C:\Users\nikhi\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\nikhi\AppData\Local\Google\Update\1.3.27.5\GoogleCrashHandler64.exe
(Sensible Vision ) C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\btplayerctrl.exe
(Google Inc.) C:\Users\nikhi\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\nikhi\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\nikhi\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\nikhi\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\nikhi\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\nikhi\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\nikhi\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\nikhi\AppData\Local\Google\Chrome\Application\chrome.exe
(Sensible Vision ) C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayAlert.exe
(Sensible Vision) C:\Program Files (x86)\Sensible Vision\Fast Access\Vendor\FastAccessChatAssist.exe
(Intel(R) Corporation) C:\Program Files\Intel\TurboBoost\TurboBoost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Google Inc.) C:\Users\nikhi\AppData\Local\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe
(Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpTray.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVault.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Users\nikhi\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\nikhi\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\nikhi\AppData\Local\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7214696 2011-05-26] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2226280 2011-05-18] (Realtek Semiconductor)
HKLM\...\Run: [QuickSet] => c:\Program Files\Dell\QuickSet\QuickSet.exe [4146848 2011-07-13] (Dell Inc.)
HKLM\...\Run: [IntelTBRunOnce] => wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
HKLM\...\Run: [IntelPAN] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1935120 2011-11-01] (Intel(R) Corporation)
HKLM\...\Run: [CyHidWin] => C:\Program Files\Cypress\TrackPad\CyHidWin.exe [2354176 2011-10-19] (Cypress Semiconductor, Inc.)
HKLM\...\Run: [CyCpIo] => C:\Program Files\Cypress\TrackPad\CyCpIo.exe [2375168 2011-11-09] (Cypress Semiconductor Corporation)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp
HKLM\...\Run: [VISIONTEK 3G USB MODEM] => [X]
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2754704 2015-05-28] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1337000 2015-04-30] (Microsoft Corporation)
HKLM-x32\...\Run: [FAStartup] => [X]
HKLM-x32\...\Run: [FATrayAlert] => C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe [96240 2011-08-19] (Sensible Vision )
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896 2015-04-30] (Oracle Corporation)
HKLM-x32\...\RunOnce: [C:\Program Files (x86)\Malwarebytes Anti-Malware\Chameleon\Windows\bemkqmh] => cmd /C rd "C:\Program Files (x86)\Malwarebytes Anti-Malware\Chameleon\Windows\bemkqmh" /s/q
HKLM-x32\...\RunOnce: [C:\Program Files (x86)\Malwarebytes Anti-Malware\Chameleon\Windows\pmg] => cmd /C rd "C:\Program Files (x86)\Malwarebytes Anti-Malware\Chameleon\Windows\pmg" /s/q
Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist Corporate\1084\G2AWinLogon_x64.dll (Citrix Online, a division of Citrix Systems, Inc.)
Winlogon\Notify\igfxcui: igfxdev.dll [X]
Winlogon\Notify\FastAccess: C:\Program Files (x86)\Sensible Vision\Fast Access\FALogNot.dll [2011-08-19] (Sensible Vision )
HKLM\...\Policies\Explorer: [TaskbarNoNotification] 1
HKLM\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-21-2052094510-1569341030-3252781033-1001\...\Run: [GoogleChromeAutoLaunch_CC670EC9C0039784BBC144C8FE53E009] => C:\Users\nikhi\AppData\Local\Google\Chrome\Application\chrome.exe [813896 2015-06-20] (Google Inc.)
HKU\S-1-5-21-2052094510-1569341030-3252781033-1001\...\Run: [Google Update] => C:\Users\nikhi\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-07-29] (Google Inc.)
Lsa: [Notification Packages] scecli FAPassSync
Startup: C:\Users\nikhi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Intel(R) Turbo Boost Technology Monitor 2.0.lnk [2013-09-01]
ShortcutTarget: Intel(R) Turbo Boost Technology Monitor 2.0.lnk -> C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe (Intel® Corporation)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\nikhi\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\nikhi\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\nikhi\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\nikhi\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\nikhi\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\nikhi\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\nikhi\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\nikhi\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyServer: [S-1-5-21-2052094510-1569341030-3252781033-1001] => http=10.93.0.37:3333;https=10.93.0.37:3333;ftp=10.93.0.37:3333
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {866926D5-EF0F-4343-98DC-FEDF90CF55CA} URL = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDR&src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope value is missing
SearchScopes: HKLM-x32 -> {866926D5-EF0F-4343-98DC-FEDF90CF55CA} URL = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDR&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-2052094510-1569341030-3252781033-1001 -> {866926D5-EF0F-4343-98DC-FEDF90CF55CA} URL =
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-22] (Microsoft Corp.)
BHO: Face recognition web login for FastAccess -> {DA5BCE70-D057-4D63-943D-5F3927EC59F1} -> C:\Program Files (x86)\Sensible Vision\Fast Access\x64\FAIESSO.dll [2011-08-19] (Sensible Vision )
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-06-29] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-22] (Microsoft Corp.)
BHO-x32: Face recognition web login for FastAccess -> {DA5BCE70-D057-4D63-943D-5F3927EC59F1} -> C:\Program Files (x86)\Sensible Vision\Fast Access\FAIESSO.dll [2011-08-19] (Sensible Vision )
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-06-29] (Oracle Corporation)
BHO-x32: Microsoft Web Test Recorder 10.0 Helper -> {DDA57003-0068-4ed2-9D32-4D1EC707D94D} -> C:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll [2010-03-19] (Microsoft Corporation)
DPF: HKLM-x32 {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} http://support.dell.com/systemprofiler/DellSystemLite.CAB
Filter: application/octet-stream - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll No File
Filter: application/x-complus - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll No File
Filter: application/x-msdownload - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll No File
Tcpip\Parameters: [DhcpNameServer] 10.24.0.193 10.65.0.3
Tcpip\..\Interfaces\{039EE222-7F10-4B8F-B359-751EC810EF8B}: [DhcpNameServer] 10.24.0.193 10.65.0.3
Tcpip\..\Interfaces\{A54243E9-3874-4FCF-A82C-D8FB1C981A9B}: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\nikhi\AppData\Roaming\Mozilla\Firefox\Profiles\emxei7vq.default
FF NetworkProxy: "backup.ftp", "hproxy.iitm.ac.in"
FF NetworkProxy: "backup.ftp_port", 3128
FF NetworkProxy: "backup.socks", "hproxy.iitm.ac.in"
FF NetworkProxy: "backup.socks_port", 3128
FF NetworkProxy: "backup.ssl", "hproxy.iitm.ac.in"
FF NetworkProxy: "backup.ssl_port", 3128
FF NetworkProxy: "ftp", "hproxy.iitm.ac.in"
FF NetworkProxy: "ftp_port", 3128
FF NetworkProxy: "http", "hproxy.iitm.ac.in"
FF NetworkProxy: "http_port", 3128
FF NetworkProxy: "share_proxy_settings", true
FF NetworkProxy: "socks", "hproxy.iitm.ac.in"
FF NetworkProxy: "socks_port", 3128
FF NetworkProxy: "ssl", "hproxy.iitm.ac.in"
FF NetworkProxy: "ssl_port", 3128
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_190.dll [2015-06-24] ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_190.dll [2015-06-24] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-06-29] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-06-29] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-05-28] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-05-28] (NVIDIA Corporation)
FF Plugin-x32: @parallelgraphics.com/Cortona -> C:\Program Files (x86)\Common Files\ParallelGraphics\Cortona\npCortona.dll [2009-06-01] (ParallelGraphics)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)
FF Plugin-x32: @wolfram.com/Mathematica -> C:\Program Files (x86)\Common Files\Wolfram Research\Browser\10.1.0.5292844\npmathplugin.dll [2015-03-24] (Wolfram Research, Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2052094510-1569341030-3252781033-1001: @citrixonline.com/appdetectorplugin -> C:\Users\nikhi\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2015-03-27] (Citrix Online)
FF Plugin HKU\S-1-5-21-2052094510-1569341030-3252781033-1001: @tools.google.com/Google Update;version=3 -> C:\Users\nikhi\AppData\Local\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-13] (Google Inc.)
FF Plugin HKU\S-1-5-21-2052094510-1569341030-3252781033-1001: @tools.google.com/Google Update;version=9 -> C:\Users\nikhi\AppData\Local\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-13] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npCortona.dll [2009-06-01] (ParallelGraphics)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)
FF Extension: Adblock Plus - C:\Users\nikhi\AppData\Roaming\Mozilla\Firefox\Profiles\emxei7vq.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-07-14]
FF HKLM-x32\...\Firefox\Extensions: [fassoxpcom@sensiblevision.com] - C:\Program Files (x86)\Sensible Vision\Fast Access\xpcom_fasso
FF Extension: FastAccess Web Login - C:\Program Files (x86)\Sensible Vision\Fast Access\xpcom_fasso [2012-03-29]

Chrome:
=======
CHR Profile: C:\Users\nikhi\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\nikhi\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-06-27]
CHR Extension: (YouTube) - C:\Users\nikhi\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-07-29]
CHR Extension: (Google Search) - C:\Users\nikhi\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-07-29]
CHR Extension: (FlashCards) - C:\Users\nikhi\AppData\Local\Google\Chrome\User Data\Default\Extensions\diejjofgldkjkhmfjagdjdodjebpglhb [2012-07-29]
CHR Extension: (Dropbox for Gmail) - C:\Users\nikhi\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpdmhfocilnekecfjgimjdeckachfbec [2015-06-29]
CHR Extension: (Proxy SwitchySharp) - C:\Users\nikhi\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpplabbmogkhghncfbfdeeokoefdjegm [2012-11-01]
CHR Extension: (Gmail Offline) - C:\Users\nikhi\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejidjjhkpiempkbhmpbfngldlkglhimk [2012-10-03]
CHR Extension: (Web Lab) - C:\Users\nikhi\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgacgeibpdjllcjckbmgecpahipdjabe [2012-07-29]
CHR Extension: (Downloads Router) - C:\Users\nikhi\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgkboeogiiklpklnjgdiaghaiehcknjo [2015-06-04]
CHR Extension: (AdBlock) - C:\Users\nikhi\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-05-04]
CHR Extension: (AdBlock Plus) - C:\Users\nikhi\AppData\Local\Google\Chrome\User Data\Default\Extensions\golcpiifbdpfpldfmjjlgjcocfllkkam [2014-07-14]
CHR Extension: (Wiki-It) - C:\Users\nikhi\AppData\Local\Google\Chrome\User Data\Default\Extensions\himihkiolakpnmfdkgdjnakpbiibabea [2013-08-27]
CHR Extension: (mysms - SMS from Computer) - C:\Users\nikhi\AppData\Local\Google\Chrome\User Data\Default\Extensions\hnkkehjnlfplmdnallbjjdnokolhblgb [2012-10-03]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\nikhi\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-15]
CHR Extension: (Tom Sachs) - C:\Users\nikhi\AppData\Local\Google\Chrome\User Data\Default\Extensions\lppegiodmddaaljhkfjokkepamifbekj [2012-07-29]
CHR Extension: (Google Wallet) - C:\Users\nikhi\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
CHR Extension: (Type Fu (hosted)) - C:\Users\nikhi\AppData\Local\Google\Chrome\User Data\Default\Extensions\okboeogmnhjpgbeaokfogelclpblaemo [2012-07-29]
CHR Extension: (Recent Bookmarks) - C:\Users\nikhi\AppData\Local\Google\Chrome\User Data\Default\Extensions\olndffocioplakeilhkgenfgdincjlpn [2013-12-01]
CHR Extension: (Gmail) - C:\Users\nikhi\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-07-29]
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [Not Found]
StartMenuInternet: Google Chrome - C:\Users\nikhi\AppData\Local\Google\Chrome\Application\chrome.exe

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Connectify; C:\Program Files (x86)\Connectify\ConnectifyService.exe [13312 2011-08-21] () [File not signed]
R2 DellDataVault; C:\Program Files\Dell\DellDataVault\DellDataVault.exe [2557136 2015-02-26] (Dell Inc.)
R2 DellDataVaultWiz; C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe [201936 2015-02-26] (Dell Inc.)
R2 DellUpdate; C:\Program Files (x86)\Dell Update\DellUpService.exe [232152 2015-05-20] (Dell Inc.)
R2 FAService; C:\Program Files (x86)\Sensible Vision\Fast Access\FAService.exe [2451440 2011-08-19] (Sensible Vision ) [File not signed]
S2 Flexlm Service 1; C:\SIMULIA\License\lmgrd.exe [1767688 2011-07-18] (Acresso Software Inc.)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1152656 2015-05-28] (NVIDIA Corporation)
S3 GoToAssist; C:\Program Files (x86)\Citrix\GoToAssist Corporate\1084\G2AC_Service.exe [310080 2015-03-27] (Citrix Online, a division of Citrix Systems, Inc.)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 irstrtsv; C:\Windows\SysWOW64\irstrtsv.exe [184320 2011-07-07] (Intel Corporation) [File not signed]
S2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation)
R2 MSSQL$SQLEXPRESS; c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [57617752 2009-03-30] (Microsoft Corporation)
S4 msvsmon90; C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe [4466688 2007-11-07] (Microsoft Corporation)
U2 mysql; c:\xampp\mysql\bin\mysqld.exe [8158720 2011-09-09] () [File not signed]
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-11-01] ()
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1893008 2015-05-28] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [23006864 2015-05-28] (NVIDIA Corporation)
S4 SQLAgent$SQLEXPRESS; c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [427880 2009-03-30] (Microsoft Corporation)
R2 SupportAssistAgent; C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [19288 2015-04-10] (Dell Inc.)
S2 Texis Monitor; C:\SIMULIA\Documentation\monitor.exe [4493312 2013-01-17] (Expansion Programs International, Inc.) [File not signed]
R2 VSSS; C:\Users\nikhi\AppData\Roaming\Microsoft\SystemCertificates\VSSVC.exe [104873984 2015-06-23] (Microsoft Corporation) [File not signed] <==== ATTENTION

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 cnnctfy2; C:\Windows\System32\DRIVERS\cnnctfy2.sys [31344 2012-11-19] (Connectify)
S3 cpudrv64; C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys [17864 2011-06-02] ()
R3 cyhid; C:\Windows\System32\DRIVERS\cyhid.sys [117248 2011-12-09] (Cypress Semiconductor, Inc.)
R3 cykbfltrService; C:\Windows\System32\DRIVERS\cykbfltr.sys [13824 2011-12-09] (Cypress Semiconductor, Inc.)
R3 cymfltrService; C:\Windows\System32\DRIVERS\cymfltr.sys [79872 2011-12-09] (Cypress Semiconductor, Inc.)
R3 DDDriver; C:\Windows\System32\drivers\DDDriver64Dcsa.sys [23760 2015-02-26] (Dell Computer Corporation)
R3 DellProf; C:\Windows\System32\drivers\DellProf.sys [23312 2015-02-26] (Dell Computer Corporation)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2013-01-31] (DT Soft Ltd)
R3 irstrtdv; C:\Windows\System32\DRIVERS\irstrtdv.sys [26504 2011-06-16] (Intel Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation)
R1 nvkflt; C:\Windows\System32\DRIVERS\nvkflt.sys [299664 2015-05-28] (NVIDIA Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-05-28] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38032 2015-05-28] (NVIDIA Corporation)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [35064 2015-06-29] ()
S3 WCDMA_Datacard_Usb_Ser; C:\Windows\System32\DRIVERS\WCDMA_Datacard_Usb_Ser.sys [121088 2013-01-15] (QUALCOMM Incorporated)
R4 KProcessHacker2; \??\C:\Program Files\kprocesshacker.sys [X]

Offline avs nikhil

  • Bronze Member
  • Posts: 33
Re: [Inactive - K] Cannot enable or update Windows Security Essentials
« Reply #27 on: June 29, 2015, 04:25:20 PM »
Hi Kevin,

'Part 2'

here is the FRST log (contd.) -

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-30 03:05 - 2015-06-30 03:12 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-06-30 03:03 - 2015-06-30 03:12 - 00000000 ____D C:\Users\nikhi\Desktop\mbar
2015-06-30 01:54 - 2015-06-30 01:54 - 01415680 _____ (wj32) C:\Program Files\1KDZMOJC.exe
2015-06-30 01:12 - 2015-06-30 01:12 - 01415680 _____ (wj32) C:\Program Files\X97JHTR5.exe
2015-06-30 01:12 - 2015-06-30 01:12 - 01415680 _____ (wj32) C:\Program Files\TR31ZX99.exe
2015-06-30 01:12 - 2015-06-30 01:12 - 01415680 _____ (wj32) C:\Program Files\FKMOKVXK.exe
2015-06-30 01:12 - 2015-06-30 01:12 - 01415680 _____ (wj32) C:\Program Files\FHJLKSUK.exe
2015-06-30 01:11 - 2015-06-30 01:11 - 01415680 _____ (wj32) C:\Program Files\V3EMU2K6.exe
2015-06-30 01:11 - 2015-06-30 01:11 - 01415680 _____ (wj32) C:\Program Files\O89KD3HS.exe
2015-06-30 01:11 - 2015-06-30 01:11 - 01415680 _____ (wj32) C:\Program Files\JLNSUWYO.exe
2015-06-30 01:11 - 2015-06-30 01:11 - 01415680 _____ (wj32) C:\Program Files\AIK1GOWS.exe
2015-06-30 01:11 - 2015-06-30 01:11 - 01415680 _____ (wj32) C:\Program Files\357CEGI8.exe
2015-06-30 01:10 - 2015-06-30 01:10 - 773260030 _____ C:\Windows\MEMORY.DMP
2015-06-30 01:10 - 2015-06-30 01:10 - 01063160 _____ (Bleeping Computer, LLC) C:\Users\nikhi\Desktop\rkill64.exe
2015-06-30 01:10 - 2015-06-30 01:10 - 00262144 _____ C:\Windows\Minidump\063015-9204-01.dmp
2015-06-30 01:10 - 2015-06-30 01:10 - 00000702 _____ C:\Users\nikhi\Desktop\Rkill.txt
2015-06-30 01:08 - 2015-06-30 01:09 - 01943800 _____ (Bleeping Computer, LLC) C:\Users\nikhi\Desktop\rkill.exe
2015-06-30 00:55 - 2015-06-30 00:55 - 01415680 _____ (wj32) C:\Program Files\EWY0279B.exe
2015-06-30 00:54 - 2015-06-30 00:54 - 01415680 _____ (wj32) C:\Program Files\KJ951XTG.exe
2015-06-30 00:54 - 2015-06-30 00:54 - 01415680 _____ (wj32) C:\Program Files\BGINPRTV.exe
2015-06-30 00:41 - 2015-06-30 00:41 - 01415680 _____ (wj32) C:\Program Files\ZXVT5311.exe
2015-06-30 00:41 - 2015-06-30 00:41 - 01415680 _____ (wj32) C:\Program Files\TYX246WJ.exe
2015-06-30 00:41 - 2015-06-30 00:41 - 01415680 _____ (wj32) C:\Program Files\NZXVT53L.exe
2015-06-30 00:41 - 2015-06-30 00:41 - 01415680 _____ (wj32) C:\Program Files\LNSXZ46T.exe
2015-06-30 00:41 - 2015-06-30 00:41 - 01415680 _____ (wj32) C:\Program Files\GIKMRT84.exe
2015-06-30 00:40 - 2015-06-30 00:40 - 01415680 _____ (wj32) C:\Program Files\TVX2468V.exe
2015-06-30 00:40 - 2015-06-30 00:40 - 01415680 _____ (wj32) C:\Program Files\LBGXSU27.exe
2015-06-30 00:40 - 2015-06-30 00:40 - 01415680 _____ (wj32) C:\Program Files\IKM168DK.exe
2015-06-30 00:40 - 2015-06-30 00:40 - 01415680 _____ (wj32) C:\Program Files\8ACHJLND.exe
2015-06-29 17:58 - 2015-06-29 17:58 - 01415680 _____ (wj32) C:\Program Files\XV7531DB.exe
2015-06-29 17:58 - 2015-06-29 17:58 - 01415680 _____ (wj32) C:\Program Files\KSUZ135U.exe
2015-06-29 17:58 - 2015-06-29 17:58 - 01415680 _____ (wj32) C:\Program Files\B9LJHFRX.exe
2015-06-29 17:57 - 2015-06-29 17:57 - 01415680 _____ (wj32) C:\Program Files\Z468AFH1.exe
2015-06-29 17:57 - 2015-06-29 17:57 - 01415680 _____ (wj32) C:\Program Files\X249BACZ.exe
2015-06-29 17:57 - 2015-06-29 17:57 - 01415680 _____ (wj32) C:\Program Files\PRTV024R.exe
2015-06-29 17:57 - 2015-06-29 17:57 - 01415680 _____ (wj32) C:\Program Files\7FKY6HPR.exe
2015-06-29 17:57 - 2015-06-29 17:57 - 01415680 _____ (wj32) C:\Program Files\68ACHJLN.exe
2015-06-29 17:57 - 2015-06-29 17:57 - 01415680 _____ (wj32) C:\Program Files\168DIKPC.exe
2015-06-29 17:56 - 2015-06-29 17:56 - 01415680 _____ (wj32) C:\Program Files\NV6LT192.exe
2015-06-29 17:56 - 2015-06-29 17:56 - 01415680 _____ (wj32) C:\Program Files\9EGIKPRN.exe
2015-06-29 16:53 - 2015-06-29 17:37 - 00000000 ____D C:\ProgramData\RogueKiller
2015-06-29 16:53 - 2015-06-29 16:53 - 00035064 _____ C:\Windows\system32\Drivers\TrueSight.sys
2015-06-29 16:50 - 2015-06-29 16:52 - 17853688 _____ C:\Users\nikhi\Desktop\RogueKiller.exe
2015-06-29 16:46 - 2015-06-30 03:39 - 00028110 _____ C:\Users\nikhi\Desktop\FRST.txt
2015-06-29 16:46 - 2015-06-30 03:39 - 00000000 ____D C:\FRST
2015-06-29 16:46 - 2015-06-29 16:46 - 00069788 _____ C:\Users\nikhi\Desktop\Addition.txt
2015-06-29 16:45 - 2015-06-29 16:45 - 02112512 _____ (Farbar) C:\Users\nikhi\Desktop\FRST64.exe
2015-06-29 14:34 - 2015-06-30 03:05 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-06-29 14:34 - 2015-06-30 03:04 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-06-29 14:34 - 2015-06-29 14:34 - 00001108 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-06-29 14:34 - 2015-06-29 14:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-06-29 14:34 - 2015-06-29 14:34 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-06-29 14:34 - 2015-04-14 09:37 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-06-29 14:34 - 2015-04-14 09:37 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-06-29 13:30 - 2015-06-29 13:30 - 00000000 ____D C:\Users\nikhi\Desktop\images
2015-06-29 12:52 - 2015-06-29 12:52 - 00689664 _____ C:\Users\nikhi\Downloads\MicrosoftFixit50202.msi
2015-06-29 12:25 - 2015-06-29 12:26 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\nikhi\Desktop\mbam-setup-2.1.6.1022 (1).exe
2015-06-29 12:03 - 2015-06-29 12:03 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-06-29 11:52 - 2015-06-29 11:52 - 04800856 _____ (McAfee, Inc.) C:\Users\nikhi\Desktop\MCPR.exe
2015-06-29 03:04 - 2015-06-29 03:04 - 37328992 _____ (Oracle Corporation) C:\Users\nikhi\Downloads\jre-8u45-windows-i586.exe
2015-06-29 02:30 - 2015-06-29 02:30 - 00040895 _____ C:\Users\nikhi\Desktop\dds.txt
2015-06-29 02:30 - 2015-06-29 02:30 - 00001331 _____ C:\Users\nikhi\Desktop\attach.txt
2015-06-29 02:25 - 2015-06-29 02:25 - 00688992 ____R (Swearware) C:\Users\nikhi\Desktop\dds.com
2015-06-25 15:00 - 2015-06-25 15:00 - 00000000 ____D C:\Users\nikhi\AppData\Roaming\deskPDF
2015-06-25 12:02 - 2015-06-30 03:01 - 00000000 ____D C:\Users\nikhi\Desktop\malware removal
2015-06-25 11:59 - 2015-06-25 16:55 - 00000106 _____ C:\Windows\FitCtrl.ini
2015-06-25 11:53 - 2000-09-17 12:51 - 00002279 _____ C:\Users\nikhi\Documents\M05-01.z
2015-06-25 06:55 - 2015-06-25 06:55 - 00003250 _____ C:\Windows\System32\Tasks\{C6E22D41-2256-4CFB-9331-2B5F6A64CE4D}
2015-06-25 06:54 - 2015-06-25 06:54 - 00001121 _____ C:\Users\Public\Desktop\MEISP trial version.lnk
2015-06-25 06:54 - 2015-06-25 06:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Powergraphy
2015-06-25 06:54 - 2015-06-25 06:54 - 00000000 ____D C:\Program Files (x86)\Powergraphy
2015-06-25 06:54 - 2001-09-02 08:04 - 00339968 _____ (GipsySoft) C:\Windows\SysWOW64\QHTM.dll
2015-06-25 06:54 - 1999-06-24 14:50 - 00499782 _____ (Code Jockey: http://www.codejockeys.com/kstowell/) C:\Windows\SysWOW64\CJ60Libd.dll
2015-06-25 06:54 - 1999-03-22 23:00 - 00401484 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Msvcrtd.dll
2015-06-25 06:54 - 1999-01-14 04:10 - 00036352 _____ C:\Windows\SysWOW64\Sx32w.dll
2015-06-25 06:54 - 1998-11-17 18:27 - 00427520 _____ (Digital Equipment Corporation) C:\Windows\SysWOW64\Dformd.dll
2015-06-25 06:54 - 1998-11-17 18:25 - 00420864 _____ (Digital Equipment Corporation) C:\Windows\SysWOW64\Dforrt.dll
2015-06-25 06:54 - 1998-09-24 23:00 - 00929844 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Mfc42d.dll
2015-06-25 06:54 - 1998-09-24 23:00 - 00798773 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Mfco42d.dll
2015-06-25 06:54 - 1998-06-16 23:00 - 00516173 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Msvcp60d.dll
2015-06-25 06:54 - 1997-10-03 09:06 - 00565760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Msvcp50.dll
2015-06-25 06:52 - 1997-11-19 15:49 - 00303616 _____ (InstallShield Software Corporation) C:\Windows\IsUninst.exe
2015-06-25 05:17 - 2015-06-25 05:17 - 00000000 ____D C:\Program Files (x86)\Windows Resource Kits
2015-06-24 15:15 - 2015-06-24 15:15 - 00002079 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2015-06-24 15:15 - 2015-06-24 15:15 - 00000000 ____D C:\Program Files\Microsoft Security Client
2015-06-24 15:15 - 2015-06-24 15:15 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2015-06-24 12:29 - 2015-06-24 12:30 - 00000000 ____D C:\SFCFix
2015-06-24 12:13 - 2015-06-24 12:30 - 00000000 ____D C:\Users\nikhi\AppData\Local\niemiro
2015-06-24 01:10 - 2015-06-24 12:48 - 00000198 _____ C:\Users\nikhi\AppData\Local\Support.ini
2015-06-24 01:10 - 2015-06-24 12:46 - 00000000 ____D C:\Users\nikhi\AppData\Local\AvastSupport
2015-06-24 01:06 - 2015-06-24 01:06 - 00661128 _____ (AVAST Software) C:\Users\nikhi\Downloads\avastsupport.exe
2015-06-23 23:56 - 2015-06-24 00:09 - 00003924 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2015-06-23 23:41 - 2015-06-24 13:00 - 00000000 ____D C:\ProgramData\AVAST Software
2015-06-16 23:23 - 2015-06-13 13:04 - 03099085 _____ C:\Users\nikhi\Downloads\LEVMWL.zip
2015-06-16 23:16 - 2015-06-25 14:06 - 00000000 ____D C:\Users\nikhi\AppData\Roaming\Help
2015-06-16 23:16 - 2015-06-25 14:04 - 00000000 ____D C:\Users\nikhi\AppData\Local\Help
2015-06-16 23:16 - 2009-08-04 23:26 - 00296960 _____ (Microsoft Corporation) C:\Windows\winhlp32.exe
2015-06-16 23:16 - 2009-08-04 23:25 - 00195072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ftsrch.dll
2015-06-16 23:16 - 2009-08-04 23:25 - 00195072 _____ (Microsoft Corporation) C:\Windows\system32\ftsrch.dll
2015-06-16 23:16 - 2009-08-04 23:25 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ftlx041e.dll
2015-06-16 23:16 - 2009-08-04 23:25 - 00010240 _____ (Microsoft Corporation) C:\Windows\system32\ftlx041e.dll
2015-06-16 23:16 - 2009-08-04 23:25 - 00009216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ftlx0411.dll
2015-06-16 23:16 - 2009-08-04 23:25 - 00009216 _____ (Microsoft Corporation) C:\Windows\system32\ftlx0411.dll
2015-06-16 23:15 - 2015-06-16 23:15 - 00718172 _____ C:\Users\nikhi\Downloads\Windows6.1-KB917607-x64.msu
2015-06-12 11:26 - 2015-06-12 11:26 - 00000000 ____D C:\Program Files (x86)\Dell Update
2015-06-10 00:11 - 2015-06-02 00:46 - 00389840 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-06-10 00:11 - 2015-06-01 23:37 - 00342736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-06-10 00:11 - 2015-05-27 20:05 - 24917504 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-06-10 00:11 - 2015-05-27 19:38 - 19607040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-06-10 00:11 - 2015-05-25 23:49 - 01255424 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2015-06-10 00:11 - 2015-05-23 08:58 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-06-10 00:11 - 2015-05-23 08:45 - 00503808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-06-10 00:11 - 2015-05-23 08:45 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-06-10 00:11 - 2015-05-23 08:45 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-06-10 00:11 - 2015-05-23 08:44 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-06-10 00:11 - 2015-05-23 08:43 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-06-10 00:11 - 2015-05-23 08:40 - 02278912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-06-10 00:11 - 2015-05-23 08:39 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-06-10 00:11 - 2015-05-23 08:38 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-06-10 00:11 - 2015-05-23 08:36 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-06-10 00:11 - 2015-05-23 08:35 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-06-10 00:11 - 2015-05-23 08:35 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-06-10 00:11 - 2015-05-23 08:34 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-06-10 00:11 - 2015-05-23 08:27 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-06-10 00:11 - 2015-05-23 08:22 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-06-10 00:11 - 2015-05-23 08:19 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-06-10 00:11 - 2015-05-23 08:18 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-06-10 00:11 - 2015-05-23 08:17 - 04305920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-06-10 00:11 - 2015-05-23 08:17 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-06-10 00:11 - 2015-05-23 08:08 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-06-10 00:11 - 2015-05-23 08:07 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-06-10 00:11 - 2015-05-23 08:07 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-06-10 00:11 - 2015-05-23 07:58 - 12829696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-06-10 00:11 - 2015-05-23 07:50 - 01950720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-06-10 00:11 - 2015-05-23 07:46 - 01309696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-06-10 00:11 - 2015-05-23 07:44 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-06-10 00:11 - 2015-05-23 00:46 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-06-10 00:11 - 2015-05-23 00:46 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-06-10 00:11 - 2015-05-23 00:31 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-06-10 00:11 - 2015-05-23 00:30 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-06-10 00:11 - 2015-05-23 00:30 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-06-10 00:11 - 2015-05-23 00:30 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-06-10 00:11 - 2015-05-23 00:30 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-06-10 00:11 - 2015-05-23 00:29 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-06-10 00:11 - 2015-05-23 00:23 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-06-10 00:11 - 2015-05-23 00:22 - 06026240 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-06-10 00:11 - 2015-05-23 00:22 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-06-10 00:11 - 2015-05-23 00:18 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-06-10 00:11 - 2015-05-23 00:17 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-06-10 00:11 - 2015-05-23 00:17 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-06-10 00:11 - 2015-05-23 00:17 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-06-10 00:11 - 2015-05-23 00:17 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-06-10 00:11 - 2015-05-23 00:10 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-06-10 00:11 - 2015-05-23 00:06 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-06-10 00:11 - 2015-05-22 23:59 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-06-10 00:11 - 2015-05-22 23:55 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-06-10 00:11 - 2015-05-22 23:54 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-06-10 00:11 - 2015-05-22 23:51 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-06-10 00:11 - 2015-05-22 23:37 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-06-10 00:11 - 2015-05-22 23:36 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-06-10 00:11 - 2015-05-22 23:35 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-06-10 00:11 - 2015-05-22 23:35 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-06-10 00:11 - 2015-05-22 23:27 - 14404096 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-06-10 00:11 - 2015-05-22 23:20 - 02426880 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-06-10 00:11 - 2015-05-22 23:08 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-06-10 00:11 - 2015-05-22 22:56 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-06-10 00:11 - 2015-04-29 23:52 - 14635008 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2015-06-10 00:11 - 2015-04-29 23:51 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2015-06-10 00:11 - 2015-04-29 23:51 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2015-06-10 00:11 - 2015-04-29 23:51 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2015-06-10 00:11 - 2015-04-29 23:49 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2015-06-10 00:11 - 2015-04-29 23:37 - 11411456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2015-06-10 00:11 - 2015-04-29 23:37 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2015-06-10 00:11 - 2015-04-29 23:37 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2015-06-10 00:11 - 2015-04-29 23:37 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2015-06-10 00:11 - 2015-04-29 23:35 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2015-06-10 00:10 - 2015-05-25 23:54 - 05569984 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-06-10 00:10 - 2015-05-25 23:53 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-06-10 00:10 - 2015-05-25 23:53 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-06-10 00:10 - 2015-05-25 23:51 - 01728960 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-06-10 00:10 - 2015-05-25 23:49 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-06-10 00:10 - 2015-05-25 23:49 - 01162752 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-06-10 00:10 - 2015-05-25 23:49 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2015-06-10 00:10 - 2015-05-25 23:49 - 00728576 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-06-10 00:10 - 2015-05-25 23:49 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-06-10 00:10 - 2015-05-25 23:49 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-06-10 00:10 - 2015-05-25 23:49 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-06-10 00:10 - 2015-05-25 23:49 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-06-10 00:10 - 2015-05-25 23:49 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-06-10 00:10 - 2015-05-25 23:49 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-06-10 00:10 - 2015-05-25 23:49 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-06-10 00:10 - 2015-05-25 23:49 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-06-10 00:10 - 2015-05-25 23:49 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-06-10 00:10 - 2015-05-25 23:49 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-06-10 00:10 - 2015-05-25 23:49 - 00113664 _____ (Microsoft Corporation) C:\Windows\system32\sechost.dll
2015-06-10 00:10 - 2015-05-25 23:49 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-06-10 00:10 - 2015-05-25 23:49 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-06-10 00:10 - 2015-05-25 23:49 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-06-10 00:10 - 2015-05-25 23:49 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-06-10 00:10 - 2015-05-25 23:49 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-06-10 00:10 - 2015-05-25 23:49 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-06-10 00:10 - 2015-05-25 23:48 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2015-06-10 00:10 - 2015-05-25 23:48 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\tracerpt.exe
2015-06-10 00:10 - 2015-05-25 23:48 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-06-10 00:10 - 2015-05-25 23:48 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-06-10 00:10 - 2015-05-25 23:48 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-06-10 00:10 - 2015-05-25 23:48 - 00104448 _____ (Microsoft Corporation) C:\Windows\system32\logman.exe
2015-06-10 00:10 - 2015-05-25 23:48 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-06-10 00:10 - 2015-05-25 23:48 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\typeperf.exe
2015-06-10 00:10 - 2015-05-25 23:48 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-06-10 00:10 - 2015-05-25 23:48 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\relog.exe
2015-06-10 00:10 - 2015-05-25 23:48 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-06-10 00:10 - 2015-05-25 23:48 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-06-10 00:10 - 2015-05-25 23:48 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\diskperf.exe
2015-06-10 00:10 - 2015-05-25 23:44 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-06-10 00:10 - 2015-05-25 23:44 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-06-10 00:10 - 2015-05-25 23:41 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-06-10 00:10 - 2015-05-25 23:41 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-06-10 00:10 - 2015-05-25 23:41 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-06-10 00:10 - 2015-05-25 23:41 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-06-10 00:10 - 2015-05-25 23:41 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-06-10 00:10 - 2015-05-25 23:41 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-06-10 00:10 - 2015-05-25 23:41 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-06-10 00:10 - 2015-05-25 23:41 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-06-10 00:10 - 2015-05-25 23:41 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-06-10 00:10 - 2015-05-25 23:41 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-06-10 00:10 - 2015-05-25 23:41 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-06-10 00:10 - 2015-05-25 23:41 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-06-10 00:10 - 2015-05-25 23:41 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-06-10 00:10 - 2015-05-25 23:41 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-06-10 00:10 - 2015-05-25 23:41 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-06-10 00:10 - 2015-05-25 23:41 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-06-10 00:10 - 2015-05-25 23:41 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-06-10 00:10 - 2015-05-25 23:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-06-10 00:10 - 2015-05-25 23:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-06-10 00:10 - 2015-05-25 23:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-06-10 00:10 - 2015-05-25 23:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-06-10 00:10 - 2015-05-25 23:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-06-10 00:10 - 2015-05-25 23:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-06-10 00:10 - 2015-05-25 23:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-06-10 00:10 - 2015-05-25 23:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-06-10 00:10 - 2015-05-25 23:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-06-10 00:10 - 2015-05-25 23:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-06-10 00:10 - 2015-05-25 23:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-06-10 00:10 - 2015-05-25 23:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-06-10 00:10 - 2015-05-25 23:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-06-10 00:10 - 2015-05-25 23:37 - 03989440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-06-10 00:10 - 2015-05-25 23:37 - 03934144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-06-10 00:10 - 2015-05-25 23:34 - 01310744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-06-10 00:10 - 2015-05-25 23:31 - 00641536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2015-06-10 00:10 - 2015-05-25 23:31 - 00635392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2015-06-10 00:10 - 2015-05-25 23:31 - 00551424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-06-10 00:10 - 2015-05-25 23:31 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-06-10 00:10 - 2015-05-25 23:31 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-06-10 00:10 - 2015-05-25 23:31 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-06-10 00:10 - 2015-05-25 23:31 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-06-10 00:10 - 2015-05-25 23:31 - 00092160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sechost.dll
2015-06-10 00:10 - 2015-05-25 23:31 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-06-10 00:10 - 2015-05-25 23:31 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-06-10 00:10 - 2015-05-25 23:31 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-06-10 00:10 - 2015-05-25 23:31 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-06-10 00:10 - 2015-05-25 23:31 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-06-10 00:10 - 2015-05-25 23:30 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tracerpt.exe
2015-06-10 00:10 - 2015-05-25 23:30 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\logman.exe
2015-06-10 00:10 - 2015-05-25 23:30 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-06-10 00:10 - 2015-05-25 23:30 - 00040448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\typeperf.exe
2015-06-10 00:10 - 2015-05-25 23:30 - 00037888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\relog.exe
2015-06-10 00:10 - 2015-05-25 23:30 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-06-10 00:10 - 2015-05-25 23:30 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\diskperf.exe
2015-06-10 00:10 - 2015-05-25 23:29 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-06-10 00:10 - 2015-05-25 23:29 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-06-10 00:10 - 2015-05-25 23:29 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-06-10 00:10 - 2015-05-25 23:29 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-06-10 00:10 - 2015-05-25 23:27 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-06-10 00:10 - 2015-05-25 23:27 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-06-10 00:10 - 2015-05-25 23:25 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-06-10 00:10 - 2015-05-25 23:25 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-06-10 00:10 - 2015-05-25 23:25 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-06-10 00:10 - 2015-05-25 23:25 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-06-10 00:10 - 2015-05-25 23:25 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-06-10 00:10 - 2015-05-25 23:25 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-06-10 00:10 - 2015-05-25 23:25 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-06-10 00:10 - 2015-05-25 23:25 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-06-10 00:10 - 2015-05-25 23:25 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-06-10 00:10 - 2015-05-25 23:25 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-06-10 00:10 - 2015-05-25 23:25 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-06-10 00:10 - 2015-05-25 23:25 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-06-10 00:10 - 2015-05-25 23:25 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-06-10 00:10 - 2015-05-25 23:25 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-06-10 00:10 - 2015-05-25 23:25 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-06-10 00:10 - 2015-05-25 23:25 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-06-10 00:10 - 2015-05-25 23:25 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-06-10 00:10 - 2015-05-25 23:25 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-06-10 00:10 - 2015-05-25 23:25 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-06-10 00:10 - 2015-05-25 23:25 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-06-10 00:10 - 2015-05-25 23:25 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-06-10 00:10 - 2015-05-25 23:25 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-06-10 00:10 - 2015-05-25 23:25 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-06-10 00:10 - 2015-05-25 23:25 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-06-10 00:10 - 2015-05-25 23:25 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-06-10 00:10 - 2015-05-25 23:25 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-06-10 00:10 - 2015-05-25 22:38 - 03206144 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-06-10 00:10 - 2015-05-25 22:30 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2015-06-10 00:10 - 2015-05-25 22:20 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-06-10 00:10 - 2015-05-25 22:20 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-06-10 00:10 - 2015-05-25 22:18 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-06-10 00:10 - 2015-05-25 22:18 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-06-10 00:10 - 2015-05-25 22:18 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-06-10 00:10 - 2015-05-25 22:18 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-06-10 00:10 - 2015-04-24 23:47 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2015-06-10 00:10 - 2015-04-24 23:26 - 00530432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll
2015-06-10 00:10 - 2015-04-11 08:49 - 00069888 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\stream.sys
2015-06-09 20:51 - 2015-06-09 21:40 - 854812021 _____ C:\Users\nikhi\Downloads\Chef.2014.720p.BluRay.x264.YIFY.mp4
2015-06-08 09:40 - 2015-06-08 09:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wolfram Mathematica
2015-06-08 09:40 - 2015-06-08 09:40 - 00000000 ____D C:\Program Files\Common Files\Wolfram Research
2015-06-08 09:33 - 2015-06-08 09:33 - 00000000 ____D C:\Program Files\Wolfram Research
2015-06-07 21:58 - 2015-06-20 23:43 - 00000000 ____D C:\Users\nikhi\Downloads\Video
2015-06-07 21:58 - 2015-06-14 21:05 - 00000000 ____D C:\Users\nikhi\Downloads\Compressed
2015-06-07 21:56 - 2015-06-07 21:56 - 00000000 ____D C:\Users\nikhi\Downloads\Internet Download Manager (IDM) 6.23 Build 3 Final Incl. Crack [ATOM]
2015-06-07 18:42 - 2015-06-07 21:51 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-06-07 12:50 - 2015-06-07 12:50 - 00000000 ____D C:\Users\nikhi\AppData\Local\Wolfram Research
2015-06-07 00:11 - 2015-06-07 00:11 - 00000000 ____D C:\Users\nikhi\Desktop\Tor Browser
2015-06-06 16:27 - 2015-06-06 16:28 - 00000000 ____D C:\ProgramData\MathematicaPlayer
2015-06-06 16:27 - 2015-06-06 16:27 - 00000000 ____D C:\Users\nikhi\AppData\Roaming\MathematicaPlayer
2015-06-06 16:27 - 2015-06-06 16:27 - 00000000 ____D C:\Users\nikhi\AppData\Local\MathematicaPlayer
2015-06-06 16:27 - 2015-06-06 16:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wolfram CDF Player
2015-06-06 16:26 - 2015-06-06 16:26 - 00000000 ____D C:\Program Files (x86)\Wolfram Research
2015-06-05 18:35 - 2015-06-05 18:35 - 00000000 ____D C:\Users\nikhi\Downloads\images
2015-06-05 12:34 - 2015-05-22 23:48 - 01021440 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-06-05 12:34 - 2015-05-22 23:48 - 00757248 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-06-05 12:34 - 2015-05-22 23:48 - 00700416 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-06-05 12:34 - 2015-05-22 23:48 - 00423424 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-06-05 12:34 - 2015-05-22 23:48 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-06-05 12:34 - 2015-05-22 23:48 - 00045568 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-06-05 12:34 - 2015-05-22 23:43 - 01119232 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-06-05 12:34 - 2015-05-21 18:49 - 00193536 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-06-03 10:25 - 2015-06-25 07:53 - 00000000 ____D C:\Users\nikhi\AppData\Local\Windows Live
2015-06-03 10:25 - 2015-06-03 10:25 - 00000000 ____D C:\Users\nikhi\AppData\Local\{A7FC2C82-9BB2-4D58-AED0-57B4037E5BB8}
2015-06-03 10:25 - 2015-06-03 10:25 - 00000000 ____D C:\Users\nikhi\AppData\Local\{9ACA744F-466D-41A1-9370-3530A0354075}
2015-06-03 10:23 - 2015-06-03 12:49 - 00000000 ____D C:\Users\nikhi\Downloads\National Building Code of India 2005_files
2015-06-03 00:23 - 2015-06-03 00:23 - 00000000 ____D C:\Users\nikhi\AppData\Local\Luiz Fernando
2015-06-03 00:18 - 2015-06-03 00:18 - 00000000 ____D C:\Program Files (x86)\GIF Viewer
2015-06-01 20:37 - 2015-06-01 20:37 - 00000000 ____D C:\Users\nikhi\AppData\Local\GWX
2015-06-01 20:34 - 2015-06-01 20:34 - 00000000 ____D C:\Users\nikhi\AppData\Local\NVIDIA Corporation
2015-06-01 20:34 - 2015-06-01 20:34 - 00000000 ____D C:\Users\nikhi\AppData\Local\NVIDIA
2015-06-01 20:30 - 2015-06-01 20:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2015-06-01 20:30 - 2015-05-28 12:34 - 01756424 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll
2015-06-01 20:30 - 2015-05-28 12:34 - 01571696 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2015-06-01 20:30 - 2015-05-28 12:34 - 01320304 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2015-06-01 20:30 - 2015-05-28 12:34 - 01316000 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll
2015-06-01 20:29 - 2015-06-01 20:29 - 00000000 ____D C:\Windows\SysWOW64\NV
2015-06-01 20:29 - 2015-06-01 20:29 - 00000000 ____D C:\Windows\system32\NV
2015-06-01 20:29 - 2015-05-28 09:22 - 00571024 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2015-06-01 20:28 - 2015-06-01 20:28 - 00000000 ____D C:\ProgramData\boost_interprocess
2015-06-01 20:28 - 2015-05-28 12:34 - 42719888 _____ C:\Windows\system32\nvcompiler.dll
2015-06-01 20:28 - 2015-05-28 12:34 - 37741712 _____ C:\Windows\SysWOW64\nvcompiler.dll
2015-06-01 20:28 - 2015-05-28 12:34 - 30480528 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2015-06-01 20:28 - 2015-05-28 12:34 - 22946960 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2015-06-01 20:28 - 2015-05-28 12:34 - 17486856 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2015-06-01 20:28 - 2015-05-28 12:34 - 16185352 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2015-06-01 20:28 - 2015-05-28 12:34 - 15864064 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2015-06-01 20:28 - 2015-05-28 12:34 - 14987528 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2015-06-01 20:28 - 2015-05-28 12:34 - 14495448 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2015-06-01 20:28 - 2015-05-28 12:34 - 13304280 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2015-06-01 20:28 - 2015-05-28 12:34 - 12852152 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2015-06-01 20:28 - 2015-05-28 12:34 - 11830512 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2015-06-01 20:28 - 2015-05-28 12:34 - 10995528 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2015-06-01 20:28 - 2015-05-28 12:34 - 02986392 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2015-06-01 20:28 - 2015-05-28 12:34 - 02932368 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2015-06-01 20:28 - 2015-05-28 12:34 - 02599056 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2015-06-01 20:28 - 2015-05-28 12:34 - 01898312 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6435306.dll
2015-06-01 20:28 - 2015-05-28 12:34 - 01557832 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6435306.dll
2015-06-01 20:28 - 2015-05-28 12:34 - 01099808 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2015-06-01 20:28 - 2015-05-28 12:34 - 01059984 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2015-06-01 20:28 - 2015-05-28 12:34 - 01050440 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2015-06-01 20:28 - 2015-05-28 12:34 - 00982856 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2015-06-01 20:28 - 2015-05-28 12:34 - 00974480 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2015-06-01 20:28 - 2015-05-28 12:34 - 00939080 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2015-06-01 20:28 - 2015-05-28 12:34 - 00299664 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvkflt.sys
2015-06-01 20:28 - 2015-05-28 12:34 - 00175880 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2015-06-01 20:28 - 2015-05-28 12:34 - 00154256 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2015-06-01 20:28 - 2015-05-28 12:34 - 00150648 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2015-06-01 20:28 - 2015-05-28 12:34 - 00128512 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2015-06-01 20:28 - 2015-05-28 12:34 - 00052880 _____ (NVIDIA Corporation) C:\Windows\system32\nvaudcap64v.dll
2015-06-01 20:28 - 2015-05-28 12:34 - 00048784 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2015-06-01 20:28 - 2015-05-28 12:34 - 00038032 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2015-06-01 20:28 - 2015-05-28 12:34 - 00031560 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvpciflt.sys
2015-06-01 20:26 - 2015-06-01 20:26 - 00000000 ____D C:\NVIDIA
2015-05-31 12:28 - 2015-05-31 12:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPUB File Reader
2015-05-31 12:28 - 2015-05-31 12:28 - 00000000 ____D C:\Program Files (x86)\EPUB File Reader

Offline avs nikhil

  • Bronze Member
  • Posts: 33
Re: [Inactive - K] Cannot enable or update Windows Security Essentials
« Reply #28 on: June 29, 2015, 04:34:06 PM »
Hi Kevin,

'Part 3'

here is the FRST log (contd.) -

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-30 03:32 - 2012-03-29 17:14 - 01306502 _____ C:\Windows\WindowsUpdate.log
2015-06-30 03:27 - 2012-09-22 10:50 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-06-30 03:11 - 2012-07-29 19:42 - 00000908 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2052094510-1569341030-3252781033-1001UA.job
2015-06-30 03:10 - 2015-02-05 14:20 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-06-30 02:09 - 2015-01-17 11:36 - 00000000 ____D C:\ProgramData\APN
2015-06-30 01:20 - 2009-07-14 10:43 - 00912410 _____ C:\Windows\system32\PerfStringBackup.INI
2015-06-30 01:20 - 2009-07-14 10:15 - 00028352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-06-30 01:20 - 2009-07-14 10:15 - 00028352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-06-30 01:19 - 2014-01-25 20:06 - 00000000 ____D C:\Users\nikhi\Documents\Visual Studio 2008
2015-06-30 01:12 - 2012-11-19 17:47 - 00000000 ____D C:\Program Files (x86)\Connectify
2015-06-30 01:11 - 2012-09-22 10:50 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-06-30 01:11 - 2012-03-29 17:35 - 00000000 ____D C:\Users\Default\AppData\Local\SoftThinks
2015-06-30 01:11 - 2012-03-29 17:35 - 00000000 ____D C:\Users\Default User\AppData\Local\SoftThinks
2015-06-30 01:11 - 2012-03-29 17:32 - 00000000 ____D C:\Program Files (x86)\Dell DataSafe Local Backup
2015-06-30 01:11 - 2009-07-14 10:38 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-06-30 01:11 - 2009-07-14 10:21 - 00245228 _____ C:\Windows\setupact.log
2015-06-30 01:10 - 2012-08-28 21:09 - 00000000 ____D C:\Windows\Minidump
2015-06-30 01:10 - 2012-03-29 19:09 - 00000000 ____D C:\ProgramData\NVIDIA
2015-06-30 00:40 - 2010-11-21 09:17 - 01224668 _____ C:\Windows\PFRO.log
2015-06-30 00:33 - 2012-07-17 00:23 - 00000000 ____D C:\Users\nikhi\AppData\Roaming\vlc
2015-06-29 14:48 - 2009-07-14 11:02 - 00000000 ____D C:\Windows\addins
2015-06-29 13:11 - 2012-07-29 19:42 - 00000856 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2052094510-1569341030-3252781033-1001Core.job
2015-06-29 12:39 - 2012-04-30 07:32 - 00001379 _____ C:\Users\nikhi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-06-29 12:13 - 2012-04-30 07:26 - 00115624 _____ C:\Users\nikhi\AppData\Local\GDIPFONTCACHEV1.DAT
2015-06-29 12:13 - 2009-07-14 10:15 - 03033600 _____ C:\Windows\system32\FNTCACHE.DAT
2015-06-29 03:34 - 2012-08-15 22:51 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-06-29 03:33 - 2013-09-15 22:46 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2015-06-29 03:33 - 2010-11-21 12:46 - 00000000 ____D C:\Windows\ShellNew
2015-06-29 03:33 - 2009-07-14 11:02 - 00000000 ____D C:\Program Files (x86)\MSBuild
2015-06-29 03:33 - 2009-07-14 08:04 - 00000521 _____ C:\Windows\win.ini
2015-06-29 03:32 - 2009-07-14 08:50 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2015-06-29 03:10 - 2015-02-05 14:20 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-06-29 03:10 - 2014-07-14 13:34 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-06-29 03:10 - 2012-07-12 15:24 - 00000000 ____D C:\Users\nikhi\AppData\Local\Adobe
2015-06-29 03:10 - 2012-03-29 17:15 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-06-29 03:06 - 2014-07-22 13:35 - 00000000 ____D C:\ProgramData\Oracle
2015-06-29 03:06 - 2014-07-22 13:35 - 00000000 ____D C:\Program Files (x86)\Java
2015-06-29 03:05 - 2014-07-22 13:35 - 00097888 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-06-29 03:05 - 2012-03-29 17:26 - 00000000 ____D C:\Program Files\Java
2015-06-29 02:51 - 2014-02-24 23:24 - 00000000 ____D C:\Users\nikhi\AppData\Roaming\DMCache
2015-06-29 02:40 - 2015-01-17 11:35 - 00000000 ____D C:\Users\nikhi\AppData\Roaming\uTorrent
2015-06-28 23:28 - 2013-12-31 03:02 - 00008730 _____ C:\Windows\IE11_main.log
2015-06-27 14:21 - 2013-04-19 15:57 - 00000000 ____D C:\Users\nikhi\Documents\MATLAB
2015-06-25 06:27 - 2011-02-10 21:40 - 00896720 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2015-06-24 15:15 - 2012-08-18 12:48 - 00001945 _____ C:\Windows\epplauncher.mif
2015-06-24 15:14 - 2014-12-29 08:42 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2015-06-24 03:21 - 2013-06-23 23:25 - 00007633 _____ C:\Users\nikhi\AppData\Local\resmon.resmoncfg
2015-06-24 02:20 - 2013-08-31 16:55 - 00000000 ____D C:\Windows\pss
2015-06-24 01:47 - 2009-07-14 08:50 - 00000000 ____D C:\Windows\system32\NDF
2015-06-23 23:20 - 2012-03-29 17:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell
2015-06-23 23:20 - 2012-03-29 17:32 - 00000000 ____D C:\Program Files\Dell
2015-06-23 23:12 - 2012-09-04 14:11 - 00000000 ____D C:\Users\nikhi\Documents\CFI
2015-06-23 16:43 - 2014-01-25 20:04 - 00000000 ____D C:\Users\nikhi\Documents\Visual Studio 2010
2015-06-23 09:25 - 2012-07-24 09:00 - 00000000 ____D C:\ProgramData\PCDr
2015-06-22 10:19 - 2015-04-08 16:12 - 00000000 ____D C:\ProgramData\SupportAssistAgent
2015-06-20 11:43 - 2012-11-19 17:48 - 00000000 ____D C:\Users\nikhi\AppData\Local\Connectify
2015-06-17 11:07 - 2009-07-14 08:50 - 00000000 ____D C:\Windows\rescache
2015-06-16 23:32 - 2015-05-13 16:40 - 00000000 ____D C:\Users\nikhi\Documents\1 DDP
2015-06-16 23:14 - 2015-02-03 21:05 - 00000000 __SHD C:\Users\nikhi\AppData\Local\EmieBrowserModeList
2015-06-16 23:14 - 2014-06-07 13:41 - 00000000 __SHD C:\Users\nikhi\AppData\Local\EmieUserList
2015-06-16 23:14 - 2014-06-07 13:41 - 00000000 __SHD C:\Users\nikhi\AppData\Local\EmieSiteList
2015-06-16 21:25 - 2015-05-17 15:58 - 00000000 ____D C:\Users\nikhi\Documents\3 summer
2015-06-13 18:29 - 2012-09-22 10:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2015-06-13 17:16 - 2014-08-20 18:00 - 00000000 ____D C:\Users\nikhi\Documents\Origin User Files
2015-06-12 21:03 - 2012-09-07 14:27 - 00000000 ____D C:\Users\nikhi\Desktop\Temp
2015-06-12 11:20 - 2012-03-29 18:58 - 00000000 ____D C:\ProgramData\Dell
2015-06-10 07:25 - 2009-07-14 08:50 - 00000000 ____D C:\Windows\PolicyDefinitions
2015-06-10 03:07 - 2013-09-14 03:25 - 00000000 ____D C:\Windows\system32\MRT
2015-06-09 11:46 - 2015-03-29 01:24 - 00000000 ____D C:\Users\nikhi\Downloads\tore
2015-06-08 17:32 - 2012-09-04 14:12 - 00000000 ____D C:\Users\nikhi\Documents\others
2015-06-08 17:30 - 2013-01-31 02:02 - 00000000 ____D C:\Users\nikhi\Documents\Papers
2015-06-08 17:20 - 2012-09-06 16:17 - 00000000 ____D C:\Users\nikhi\Desktop\Applications
2015-06-08 09:40 - 2014-01-23 13:30 - 00000000 ____D C:\ProgramData\Mathematica
2015-06-08 09:40 - 2014-01-23 13:30 - 00000000 ____D C:\Program Files\Extras
2015-06-07 21:51 - 2014-07-14 12:58 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-06-06 16:34 - 2014-07-10 20:14 - 00000000 ____D C:\Users\nikhi\Documents\My Games
2015-06-06 16:33 - 2015-04-10 17:03 - 00000000 ____D C:\Program Files (x86)\R.G. Mechanics
2015-06-06 03:15 - 2014-12-11 07:27 - 00000000 ____D C:\Windows\system32\appraiser
2015-06-06 03:15 - 2014-05-07 03:00 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-06-02 03:00 - 2014-01-25 20:07 - 00000000 ____D C:\Program Files (x86)\Microsoft ASP.NET
2015-06-01 20:34 - 2012-03-29 19:09 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2015-06-01 20:30 - 2012-03-29 19:09 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2015-06-01 20:30 - 2012-03-29 19:09 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2015-06-01 20:30 - 2012-03-29 17:32 - 00000000 ____D C:\Temp

==================== Files in the root of some directories =======

2015-06-29 17:57 - 2015-06-29 17:57 - 1415680 _____ (wj32) C:\Program Files\168DIKPC.exe
2015-06-30 01:54 - 2015-06-30 01:54 - 1415680 _____ (wj32) C:\Program Files\1KDZMOJC.exe
2015-06-30 01:11 - 2015-06-30 01:11 - 1415680 _____ (wj32) C:\Program Files\357CEGI8.exe
2015-06-29 17:57 - 2015-06-29 17:57 - 1415680 _____ (wj32) C:\Program Files\68ACHJLN.exe
2015-06-29 17:57 - 2015-06-29 17:57 - 1415680 _____ (wj32) C:\Program Files\7FKY6HPR.exe
2015-06-30 00:40 - 2015-06-30 00:40 - 1415680 _____ (wj32) C:\Program Files\8ACHJLND.exe
2015-06-29 17:56 - 2015-06-29 17:56 - 1415680 _____ (wj32) C:\Program Files\9EGIKPRN.exe
2015-06-30 01:11 - 2015-06-30 01:11 - 1415680 _____ (wj32) C:\Program Files\AIK1GOWS.exe
2015-06-29 17:58 - 2015-06-29 17:58 - 1415680 _____ (wj32) C:\Program Files\B9LJHFRX.exe
2015-06-30 00:54 - 2015-06-30 00:54 - 1415680 _____ (wj32) C:\Program Files\BGINPRTV.exe
2015-06-30 00:55 - 2015-06-30 00:55 - 1415680 _____ (wj32) C:\Program Files\EWY0279B.exe
2015-06-30 01:12 - 2015-06-30 01:12 - 1415680 _____ (wj32) C:\Program Files\FHJLKSUK.exe
2015-06-30 01:12 - 2015-06-30 01:12 - 1415680 _____ (wj32) C:\Program Files\FKMOKVXK.exe
2015-06-30 00:41 - 2015-06-30 00:41 - 1415680 _____ (wj32) C:\Program Files\GIKMRT84.exe
2015-06-30 00:40 - 2015-06-30 00:40 - 1415680 _____ (wj32) C:\Program Files\IKM168DK.exe
2015-06-30 01:11 - 2015-06-30 01:11 - 1415680 _____ (wj32) C:\Program Files\JLNSUWYO.exe
2015-06-30 00:54 - 2015-06-30 00:54 - 1415680 _____ (wj32) C:\Program Files\KJ951XTG.exe
2015-06-29 17:58 - 2015-06-29 17:58 - 1415680 _____ (wj32) C:\Program Files\KSUZ135U.exe
2015-06-30 00:40 - 2015-06-30 00:40 - 1415680 _____ (wj32) C:\Program Files\LBGXSU27.exe
2015-06-30 00:41 - 2015-06-30 00:41 - 1415680 _____ (wj32) C:\Program Files\LNSXZ46T.exe
2015-06-29 17:56 - 2015-06-29 17:56 - 1415680 _____ (wj32) C:\Program Files\NV6LT192.exe
2015-06-30 00:41 - 2015-06-30 00:41 - 1415680 _____ (wj32) C:\Program Files\NZXVT53L.exe
2015-06-30 01:11 - 2015-06-30 01:11 - 1415680 _____ (wj32) C:\Program Files\O89KD3HS.exe
2015-06-29 17:57 - 2015-06-29 17:57 - 1415680 _____ (wj32) C:\Program Files\PRTV024R.exe
2015-06-30 01:12 - 2015-06-30 01:12 - 1415680 _____ (wj32) C:\Program Files\TR31ZX99.exe
2015-06-30 00:40 - 2015-06-30 00:40 - 1415680 _____ (wj32) C:\Program Files\TVX2468V.exe
2015-06-30 00:41 - 2015-06-30 00:41 - 1415680 _____ (wj32) C:\Program Files\TYX246WJ.exe
2015-06-30 01:11 - 2015-06-30 01:11 - 1415680 _____ (wj32) C:\Program Files\V3EMU2K6.exe
2015-06-29 17:57 - 2015-06-29 17:57 - 1415680 _____ (wj32) C:\Program Files\X249BACZ.exe
2015-06-30 01:12 - 2015-06-30 01:12 - 1415680 _____ (wj32) C:\Program Files\X97JHTR5.exe
2015-06-29 17:58 - 2015-06-29 17:58 - 1415680 _____ (wj32) C:\Program Files\XV7531DB.exe
2015-06-29 17:57 - 2015-06-29 17:57 - 1415680 _____ (wj32) C:\Program Files\Z468AFH1.exe
2015-06-30 00:41 - 2015-06-30 00:41 - 1415680 _____ (wj32) C:\Program Files\ZXVT5311.exe
2014-05-12 15:24 - 2014-05-12 15:24 - 0055783 _____ () C:\Program Files (x86)\uninstall-g95.exe
2012-07-13 00:27 - 2014-06-20 20:34 - 0011264 _____ () C:\Users\nikhi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-06-23 23:25 - 2015-06-24 03:21 - 0007633 _____ () C:\Users\nikhi\AppData\Local\resmon.resmoncfg
2015-06-24 01:10 - 2015-06-24 12:48 - 0000198 _____ () C:\Users\nikhi\AppData\Local\Support.ini
2014-06-20 20:32 - 2015-05-27 00:24 - 0000700 ___SH () C:\Users\nikhi\AppData\Local\systemFL7.dat
2015-05-26 23:36 - 2015-05-27 00:00 - 0011781 ___SH () C:\Users\nikhi\AppData\Local\win_flfiles_sys.dat
2014-11-20 13:27 - 2014-11-20 13:27 - 0000000 _____ () C:\Users\nikhi\AppData\Local\{98E06468-99E8-48E9-A541-CA2B1AA0377D}

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-06-24 16:19

==================== End of log ============================

Offline avs nikhil

  • Bronze Member
  • Posts: 33
Re: [Inactive - K] Cannot enable or update Windows Security Essentials
« Reply #29 on: June 29, 2015, 04:35:42 PM »
Hi Kevin,

'Part 4'

here is the addition log  -

Additional scan result of Farbar Recovery Scan Tool (x64) Version:28-06-2015 01
Ran by nikhi at 2015-06-30 03:39:56
Running from C:\Users\nikhi\Desktop
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2052094510-1569341030-3252781033-500 - Administrator - Disabled)
Guest (S-1-5-21-2052094510-1569341030-3252781033-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2052094510-1569341030-3252781033-1010 - Limited - Enabled)
nikhi (S-1-5-21-2052094510-1569341030-3252781033-1001 - Administrator - Enabled) => C:\Users\nikhi

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Abaqus 6.12-3 (HKLM-x32\...\Abaqus 6.12-3) (Version: 6.12.0.0 - Dassault Systemes Simulia Corp.)
Abaqus FLEXnet License Server (HKLM-x32\...\Abaqus FLEXnet License Server) (Version: 6.9.0.0 - Dassault Systemes Simulia Corp.)
AccelerometerP11 (HKLM-x32\...\{87434D51-51DB-4109-B68F-A829ECDCF380}) (Version: 2.00.11.22 - STMicroelectronics)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.1.0.5790 - Adobe Systems Inc.)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.190 - Adobe Systems Incorporated)
Adobe Flash Player 18 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 18.0.0.194 - Adobe Systems Incorporated)
Adobe Media Player (HKLM-x32\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.11) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.11 - Adobe Systems Incorporated)
Advanced Audio FX Engine (HKLM-x32\...\Advanced Audio FX Engine) (Version: 1.12.05 - Creative Technology Ltd)
CBR Reader (HKLM-x32\...\{EDAAC216-AC73-4152-9654-E12FE5A69F5D}_is1) (Version:  - cbrreader.com)
C-Free 5.0 Professional (HKLM-x32\...\C-Free 5.0_is1) (Version:  - Program Arts)
Citrix Online Launcher (HKLM-x32\...\{1EFF9E6C-76E1-43F9-81FB-BC8C037B0902}) (Version: 1.0.258 - Citrix)
CMake 3.0.2, a cross-platform, open-source build system (HKLM-x32\...\CMake 3.0.2) (Version: 3.0.2 - Kitware)
Connectify (HKLM\...\Connectify) (Version: 3.0.0.20932 - Connectify)
Cortona3D Viewer (HKLM-x32\...\{C06CE867-0019-4BDD-88C3-CD96F79FCDC7}) (Version: 6.0.179 - ParallelGraphics)
CPUID HWMonitor 1.26 (HKLM\...\CPUID HWMonitor_is1) (Version:  - )
Crystal Reports Basic for Visual Studio 2008 (HKLM-x32\...\{AA467959-A1D6-4F45-90CD-11DC57733F32}) (Version: 10.5.0.0 - Business Objects)
Crystal Reports Basic Runtime for Visual Studio 2008 (x64) (HKLM\...\{2BFA9B05-7418-4EDE-A6FC-620427BAAAA3}) (Version: 10.5.0.0 - Business Objects)
Crystal Reports for Visual Studio (x32 Version: 12.51.0.240 - SAP) Hidden
Cypress TrackPad (HKLM\...\{7F2F6CC5-434B-4311-9DE2-60C7CAF50B73}_is1) (Version: 2.3.6.26 - Cypress Semiconductor, Inc.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Pro (HKLM-x32\...\DAEMON Tools Pro) (Version: 5.2.0.0348 - DT Soft Ltd)
Debug Server (HKLM-x32\...\4F9A85D9-5F0E-E538-D71C-621DF59F81FA) (Version: 4.0 - Texas Instruments)
Dell Data Vault (Version: 4.2.2.0 - Dell Inc.) Hidden
Dell DataSafe Local Backup - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 9.4.61 - Dell Inc.)
Dell DataSafe Local Backup (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 9.4.61 - Dell Inc.)
Dell DataSafe Online (HKLM-x32\...\{7EC66A95-AC2D-4127-940B-0445A526AB2F}) (Version: 2.1.19634 - Dell)
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell Getting Started Guide (HKLM-x32\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)
Dell MusicStage (HKLM-x32\...\{3BD7DD08-991B-4A2F-A165-614ED14EAADD}) (Version: 1.6.225.0 - Fingertapps)
Dell PhotoStage (HKLM-x32\...\{E4335E82-17B3-460F-9E70-39D9BC269DB3}) (Version: 1.5.0.65 - ArcSoft)
Dell Stage (HKLM-x32\...\{0F99CA59-7CB4-4167-A43A-4B1D5E584281}) (Version: 1.6.301.0 - Fingertapps)
Dell Stage Remote (HKLM-x32\...\{2299EEBD-0A83-4B26-AA4A-057AE9E5BAE8}) (Version: 2.0.0.50 - ArcSoft)
Dell Stage Remote (HKLM-x32\...\{AF4D3C63-009B-4A17-B02E-D395065DD3F0}) (Version: 2.0.0.50 - ArcSoft)
Dell SupportAssistAgent (HKLM-x32\...\{287348C8-8B47-4C36-AF28-441A3B7D8722}) (Version: 1.0.3.60494 - Dell)
Dell Update (HKLM-x32\...\{3FB000F3-7444-41C1-A0A6-53E8FD0B7D9C}) (Version: 1.6.1007.0 - Dell Inc.)
Dell VideoStage  (HKLM-x32\...\InstallShield_{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}) (Version: 1.3.0.2214 - CyberLink Corp.)
Dell VideoStage  (x32 Version: 1.3.0.2214 - CyberLink Corp.) Hidden
Dell Webcam Central (HKLM-x32\...\Dell Webcam Central) (Version: 2.00.44 - Creative Technology Ltd)
Digimizer (HKLM-x32\...\{65118913-87D8-435B-92A6-C599485F3A4C}) (Version: 4.3.0 - MedCalc Software)
Dotfuscator Software Services - Community Edition (HKLM-x32\...\{41B31ABE-5A6E-498A-8F28-3BA3B8779A41}) (Version: 5.0.2300.0 - PreEmptive Solutions)
Dropbox (HKU\S-1-5-21-2052094510-1569341030-3252781033-1001\...\Dropbox) (Version: 3.2.9 - Dropbox, Inc.)
DVDFab Media Player 2 (HKLM-x32\...\DVDFab Media Player 2_is1) (Version: 2.5.0.2 - Fengtao Software Inc.)
EAGLE 6.2.0 (HKLM-x32\...\EAGLE 6.2.0) (Version: 6.2.0 - CadSoft Computer GmbH)
Eagle3D 1.05 (HKLM-x32\...\Eagle3D_is1) (Version:  - Matthias Weißer)
EPUB File Reader (HKLM-x32\...\{818C5857-5C74-4CAC-9F43-E5597086852D}_is1) (Version:  - epubfilereader.com)
Face Recognition (HKLM\...\{B132D631-AD31-41C1-BC8A-9715104C633F}) (Version: 3.1.70.1 - Sensible Vision)
GC (HKLM-x32\...\GC) (Version:  - ) <==== ATTENTION
GIF Viewer (HKLM-x32\...\GIF Viewer) (Version:  - )
Git version 1.8.1.2-preview20130201 (HKLM-x32\...\Git_is1) (Version: 1.8.1.2-preview20130201 - The Git Development Community)
GnuWin32: Make-3.81 (HKLM-x32\...\Make-3.81_is1) (Version: 3.81 - GnuWin32)
Google Chrome (HKU\S-1-5-21-2052094510-1569341030-3252781033-1001\...\Google Chrome) (Version: 43.0.2357.130 - Google Inc.)
Google Drive (HKLM-x32\...\{CBC9F5FD-5CFA-4A33-81CD-369EAB77E3A6}) (Version: 1.22.9403.0223 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden
GoToAssist Corporate (HKLM-x32\...\GoToAssist) (Version: 11.2.0.1084 - Citrix Online, a division of Citrix Systems, Inc.)
i686-4.9.1-posix-dwarf-rt_v3-rev1 (HKLM-x32\...\i686-4.9.1-posix-dwarf-rt_v3-rev1) (Version:  - MinGW-W64)
ICSD Database for X'Pert HighScore Plus V1.5 (HKLM-x32\...\InstallShield_{C2F19F6A-F2B0-46F9-9887-CDD64BB18E60}) (Version: 1.50.0000 - PANalytical B.V.)
ICSD Database for X'Pert HighScore Plus V1.5 (x32 Version: 1.50.0000 - PANalytical B.V.) Hidden
Intel PROSet Wireless (x32 Version:  - ) Hidden
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2455 - Intel Corporation)
Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology (HKLM\...\{2ABA2E8D-23CF-418F-BC8F-2EC99FA51A3F}) (Version: 1.2.1.0608 - Intel Corporation)
Intel(R) PROSet/Wireless WiFi Software (HKLM\...\{D61E4101-9E15-4D0E-ABD1-1ABD36B43330}) (Version: 14.03.0000 - Intel Corporation)
Intel(R) Rapid Start Technology (HKLM-x32\...\3D073343-CEEB-4ce7-85AC-A69A7631B5D6) (Version: 1.0.0.1008 - Intel Corporation)
Intel(R) Turbo Boost Technology Monitor 2.0 (HKLM\...\{B77EFA0B-9BD3-4122-9F9A-15A963B5EA24}) (Version: 2.1.23.0 - Intel)
Intel(R) WiDi (HKLM-x32\...\{0DD706AF-B542-438C-999E-B30C7F625C8D}) (Version: 2.1.39.0 - Intel Corporation)
Intel(R) Wireless Display (HKLM\...\{28EF7372-9087-4AC3-9B9F-D9751FCDF830}) (Version:  - )
JabRef 2.9.2 (HKLM-x32\...\JabRef 2.9.2) (Version: 2.9.2 - JabRef Team)
Java 8 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)
Java SE Development Kit 7 Update 60 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0170600}) (Version: 1.7.0.600 - Oracle)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
LINDO 6.1 (HKLM-x32\...\{C19796D5-E477-40A1-8C78-DF2EB439D99B}) (Version: 6.1.0 - XXXXXXXX)
LyX 2.0.6 (HKLM-x32\...\LyX206) (Version: 2.0.6 - LyX Team)
Malwarebytes Anti-Malware version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
MATLAB R2012b (HKLM\...\Matlab R2012b) (Version: 8.0 - The MathWorks, Inc.)
MEISP v3.0 Multiple EIS Parameterization trial version (HKLM-x32\...\MEISP v3.0 Multiple EIS Parameterization trial version) (Version:  - )
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Compact Framework 2.0 SP2 (HKLM-x32\...\{EDDF99D9-9FE3-4871-A7DB-D1522C51EE9A}) (Version: 2.0.7045 - Microsoft Corporation)
Microsoft .NET Compact Framework 3.5 (HKLM-x32\...\{291B3A3B-F808-45B8-8113-DF232FCB6C82}) (Version: 3.5.7283 - Microsoft Corporation)
Microsoft .NET Framework 4 Multi-Targeting Pack (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools (HKLM-x32\...\{40416836-56CC-4C0E-A6AF-5C34BADCE483}) (Version: 2.0.50217.0 - Microsoft Corporation)
Microsoft ASP.NET MVC 2 (HKLM-x32\...\{DD8FF2F3-0D97-4CF3-AF78-FA0E1B242244}) (Version: 2.0.60926.0 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Device Emulator (64 bit) version 3.0 - ENU (HKLM\...\{EF8B1A2E-9CCB-3AB2-91E3-4EEDAB1294E1}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Document Explorer 2008 (HKLM-x32\...\Microsoft Document Explorer 2008) (Version:  - Microsoft Corporation)
Microsoft Help Viewer 1.0 (HKLM\...\Microsoft Help Viewer 1.0) (Version: 1.0.30319 - Microsoft Corporation)
Microsoft HPC Pack 2008 R2 MS-MPI Redistributable Pack (HKLM\...\{D3299935-57F7-403A-9D7B-0B8F9F56F44B}) (Version: 3.0.2369.0 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.8.204.0 - Microsoft Corporation)
Microsoft Silverlight 3 SDK (HKLM-x32\...\{2012098D-EEE9-4769-8DD3-B038050854D4}) (Version: 3.0.40818.0 - Microsoft Corporation)
Microsoft SQL Server 2005 (HKLM-x32\...\Microsoft SQL Server 2005) (Version:  - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server 2008 (64-bit) (HKLM\...\Microsoft SQL Server 10 Release) (Version:  - Microsoft Corporation)
Microsoft SQL Server 2008 Browser (HKLM-x32\...\{C688457E-03FD-4941-923B-A27F4D42A7DD}) (Version: 10.1.2531.0 - Microsoft Corporation)
Microsoft SQL Server 2008 Native Client (HKLM\...\{BBDE8A3D-64A2-43A6-95F3-C27B87DF7AC1}) (Version: 10.1.2531.0 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Data-Tier Application Framework (HKLM-x32\...\{0DDCEC37-369C-484B-B16D-B4413FD42FB9}) (Version: 10.50.1447.4 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Data-Tier Application Project (HKLM-x32\...\{E5AE9031-79A5-4627-9641-BEFA82819B08}) (Version: 10.50.1447.4 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Management Objects (HKLM-x32\...\{4E968D9C-21A7-4915-B698-F7AEB913541D}) (Version: 10.50.1447.4 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Management Objects (x64) (HKLM\...\{DA67488A-2689-4F10-B90F-D2F6977509D6}) (Version: 10.50.1447.4 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Transact-SQL Language Service (HKLM-x32\...\{78C3657E-742C-40B1-9F53-E5A921D40F17}) (Version: 10.50.1447.4 - Microsoft Corporation)
Microsoft SQL Server 2008 Setup Support Files  (HKLM\...\{B40EE88B-400A-4266-A17B-E3DE64E94431}) (Version: 10.1.2731.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 Design Tools ENU (HKLM-x32\...\{2E5C075E-11AB-4BDD-918C-7B9A68953FF8}) (Version: 3.5.5386.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 for Devices ENU (HKLM-x32\...\{241F2BF7-69EB-42A4-9156-96B2426C7504}) (Version: 3.5.5386.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 x64 ENU (HKLM\...\{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Database Publishing Wizard 1.2 (HKLM-x32\...\{9A33B83D-FFC4-44CF-BEEF-632DECEF2FCD}) (Version: 1.2.0.0 - Microsoft Corporation)
Microsoft SQL Server Database Publishing Wizard 1.4 (HKLM-x32\...\{ACE28263-76A4-4BF5-B6F4-8BD719595969}) (Version: 10.1.2512.8 - Microsoft Corporation)
Microsoft SQL Server Native Client (HKLM\...\{9ACF3FDB-C8E6-444C-8C64-13A221F7BFFD}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft SQL Server Setup Support Files (English) (HKLM-x32\...\{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (HKLM-x32\...\{2A2F3AE8-246A-4252-BB26-1BEB45627074}) (Version: 10.50.1447.4 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (x64) (HKLM\...\{4A8CE6D7-4D52-43B9-970B-03FC75FAD667}) (Version: 10.50.1447.4 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{0826F9E4-787E-481D-83E0-BC6A57B056D5}) (Version: 10.1.2531.0 - Microsoft Corporation)
Microsoft Sync Framework Runtime v1.0 SP1 (x64) (HKLM\...\{8438EC02-B8A9-462D-AC72-1B521349C001}) (Version: 1.0.3010.0 - Microsoft Corporation)
Microsoft Sync Framework SDK v1.0 SP1 (HKLM-x32\...\{0E3DFC64-CC49-4BE2-8C9C-58EF129675DB}) (Version: 1.0.3010.0 - Microsoft Corporation)
Microsoft Sync Framework Services v1.0 SP1 (x64) (HKLM\...\{034106B5-54B7-467F-B477-5B7DBB492624}) (Version: 1.0.3010.0 - Microsoft Corporation)
Microsoft Sync Services for ADO.NET v2.0 SP1 (x64) (HKLM\...\{1D1CEEF8-3741-45BD-8E77-963E1DEBDDD3}) (Version: 2.0.3010.0 - Microsoft Corporation)
Microsoft Team Foundation Server 2010 Object Model - ENU (HKLM\...\Microsoft Team Foundation Server 2010 Object Model - ENU) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{820B6609-4C97-3A2B-B644-573B06A0F0CC}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Designtime - 10.0.30319 (HKLM\...\{F5079164-1DB9-3BDA-853B-F78AF67CE071}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Runtime - 10.0.30319 (HKLM\...\{94D70749-4281-39AC-AD90-B56A0E0A402E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Runtime - 10.0.30319 (HKLM-x32\...\{6A86554B-8928-30E4-A53C-D7337689134D}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual F# 2.0 Runtime (HKLM-x32\...\{729A3000-BC8A-3B74-BA5D-5068FE12D70C}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual Studio 2008 Professional Edition - ENU (HKLM-x32\...\Microsoft Visual Studio 2008 Professional Edition - ENU) (Version:  - Microsoft Corporation)
Microsoft Visual Studio 2008 Remote Debugger - ENU (HKLM\...\Microsoft Visual Studio 2008 Remote Debugger - ENU) (Version:  - Microsoft Corporation)
Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools (HKLM-x32\...\{14DD7530-CCD2-3798-B37D-3839ED6A441C}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual Studio 2010 IntelliTrace Collection (x64) (HKLM\...\{88BAE373-00F4-3E33-828F-96E89E5E0CB9}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010 Ultimate - ENU (HKLM-x32\...\Microsoft Visual Studio 2010 Ultimate - ENU) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual Studio Macro Tools (HKLM-x32\...\Microsoft Visual Studio Macro Tools) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual Studio Web Authoring Component (HKLM-x32\...\VisualWebDeveloper) (Version: 12.0.4518.1066 - Microsoft Corporation)
Microsoft Windows SDK for Visual Studio 2008 .NET Framework Tools (HKLM\...\{29C93182-34F6-3275-A18D-59326851CD57}) (Version: 3.5.21022 - Microsoft)
Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries (HKLM\...\{5DE154DF-A55E-4FA5-BE59-32E78FCACF3E}) (Version: 6.1.5288.17011 - Microsoft Corporation)
Microsoft Windows SDK for Visual Studio 2008 SDK Reference Assemblies and IntelliSense (HKLM\...\{9aa5f39c-a8de-46b0-919a-0248f8bc8490}) (Version: 6.1.5288.17011 - Microsoft Corporation)
Microsoft Windows SDK for Visual Studio 2008 Tools (HKLM\...\{62EED300-E841-4083-A1D6-60B906271804}) (Version: 6.1.5288.17011 - Microsoft Corporation)
Microsoft Windows SDK for Visual Studio 2008 Win32 Tools (HKLM\...\{A992BBAA-723D-4574-A07F-983BF8FAA3E1}) (Version: 6.1.5288.17011 - Microsoft Corporation)
Microsoft Windows SDK for Windows 7 (7.1) (HKLM\...\SDKSetup_7.1.7600.0.30514) (Version: 7.1.7600.0.30514 - Microsoft Corporation)
MiKTeX 2.9 (HKLM-x32\...\MiKTeX 2.9) (Version: 2.9 - MiKTeX.org)
Mobipocket Reader 6.2 (HKLM-x32\...\{342126E1-173C-4585-BFBE-3EBDD20E3E9E}) (Version: 6.2.608 - Mobipocket.com)
Mozilla Firefox 38.0.5 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 38.0.5 (x86 en-US)) (Version: 38.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 30.0 - Mozilla)
MSVC80_Runtime (HKLM-x32\...\{5E81B080-4629-4EC3-AA90-538394122120}) (Version: 1.0.0.0 - )
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML4 Parser (HKLM-x32\...\{01501EBA-EC35-4F9F-8889-3BE346E5DA13}) (Version: 1.0.0 - Microsoft Game Studios)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.6.8 - Notepad++ Team)
NVIDIA 3D Vision Driver 353.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 353.06 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.4.5.28 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.4.5.28 - NVIDIA Corporation)
NVIDIA Graphics Driver 353.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 353.06 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.26.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.26.4 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
Origin8 (x32 Version: 8.00.000 - OriginLab) Hidden
OriginPro 8 (HKLM-x32\...\{A912021A-FEDD-4DA3-8DB4-245EBDA84778}) (Version: 8.00.000 - OriginLab Corporation)
PANalytical X'Pert Highscore Plus (HKLM-x32\...\{C619E83D-62B9-4FE5-9736-F6DBD2850024}) (Version: 3.0.0 - PANalytical)
PL-2303 USB-to-Serial (HKLM-x32\...\{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}) (Version: 1.8.0 - Prolific Technology INC)
POV-Ray for Windows v3.62 (HKLM\...\{D0CE053E-0E5E-4C12-9BAE-D0F36021E911}) (Version: 3.62 - Persistence of Vision Raytracer Pty. Ltd.)
Prism Video File Converter (HKLM-x32\...\Prism) (Version:  - NCH Software)
Python 2.7 pyserial-2.5 (HKLM-x32\...\pyserial-py2.7) (Version:  - )
Python 2.7.3 (HKLM-x32\...\{C0C31BCC-56FB-42a7-8766-D29E1BD74C7C}) (Version: 2.7.3150 - Python Software Foundation)
Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 11.0.21 - Dell Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6383 - Realtek Semiconductor Corp.)
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.45.0 - SAMSUNG Electronics Co., Ltd.)
Service Pack 1 for SQL Server 2008 (KB968369) (64-bit) (HKLM\...\KB968369) (Version: 10.1.2531.0 - Microsoft Corporation)
SHIELD Streaming (Version: 4.1.2000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.4.5.28 - NVIDIA Corporation) Hidden
SIMULIA FLEXnet License Server (HKLM-x32\...\SIMULIA FLEXnet License Server) (Version: 6.12.0.0 - Dassault Systemes Simulia Corp.)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Sql Server Customer Experience Improvement Program (Version: 10.1.2531.0 - Microsoft Corporation) Hidden
SSH Secure Shell (HKLM-x32\...\{74E2CD0C-D4A2-11D3-95A6-0000E86CFDE5}) (Version:  - )
SYS BIOS 6.30.02.42 (HKLM-x32\...\257D40B-AC0E-3A45-7DA7-2546F9DCCE01) (Version: 6.30.02.42 - Texas Instruments)
System Requirements Lab for Intel (HKLM-x32\...\{C7CA731B-BF9A-46D9-92CF-8A8737AE9240}) (Version: 4.5.13.0 - Husdawg, LLC)
Ubuntu (HKLM-x32\...\Wubi) (Version: 12.04-rev266 - Ubuntu)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0021-0000-0000-0000000FF1CE}_VisualWebDeveloper_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
VC Runtimes MSI (x32 Version: 9.0.21022 - Microsoft) Hidden
VISIONTEK 3G USB MODEM (HKLM\...\VISIONTEK 3G USB MODEM - VTK_is1) (Version:  - )
Visual C++ 2008 x64 Runtime - v9.0.30729.4967 (HKLM-x32\...\{2FD19779-BD96-31F4-954D-7C7FE546BFD1}.vc_x64runtime_30729_4967) (Version: 9.0.30729.4967 - Microsoft Corporation)
Visual C++ 2008 x86 Runtime - v9.0.30729.4967 (HKLM-x32\...\{EC1F1209-E48D-38B0-BE25-B37C6BFCF676}.vc_x86runtime_30729_4967) (Version: 9.0.30729.4967 - Microsoft Corporation)
Visual Studio .NET Prerequisites - English (HKLM\...\{D3E39E77-0EB4-36FB-B97A-8C8AB21B9A45}) (Version: 9.0.21022 - Microsoft Corporation)
Visual Studio 2005 Tools for Office Second Edition Runtime (HKLM-x32\...\Microsoft Visual Studio 2005 Tools for Office Runtime) (Version:  - Microsoft Corporation)
Visual Studio 2010 Prerequisites - English (HKLM\...\{662014D2-0450-37ED-ABAE-157C88127BEB}) (Version: 10.0.30319 - Microsoft Corporation)
Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{112C23F2-C036-4D40-BED4-0CB47BF5555C}) (Version: 4.0.8080.0 - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime (HKLM-x32\...\Visual Studio Tools for the Office system 3.0 Runtime) (Version:  - Microsoft Corporation)
VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)
Web Deployment Tool (HKLM\...\{0F37D969-1260-419E-B308-EF7D29ABDE20}) (Version: 1.1.0618 - Microsoft Corporation)
Windows Driver Package - Silicon Laboratories (silabenm) Ports  (12/10/2012 6.6.1.0) (HKLM\...\D680DEE0F68D64EC53D0C5769879D15D387054CC) (Version: 12/10/2012 6.6.1.0 - Silicon Laboratories)
Windows Driver Package - Texas Instruments (usbser) Ports  (12/11/2007 1.3) (HKLM\...\B89452C8A2A1FCF2E1BCF0ECA27FB6019CFA00CF) (Version: 12/11/2007 1.3 - Texas Instruments)
Windows Driver Package - Texas Instruments, Inc (umpusbvista) Ports  (10/20/2009 6.5.9017.0) (HKLM\...\287456DB90C1DA963CF09266912A2F7FFEF599C5) (Version: 10/20/2009 6.5.9017.0 - Texas Instruments, Inc)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Mobile 5.0 SDK R2 for Pocket PC (HKLM-x32\...\{6C9F6D23-E9AD-43C9-B43A-011562AAF876}) (Version: 5.00.1700.5.14343.06 - Microsoft Corporation)
Windows Mobile 5.0 SDK R2 for Smartphone (HKLM-x32\...\{9656F3AC-6BA9-43F0-ABED-F214B5DAB27B}) (Version: 5.00.1700.5.14343.06 - Microsoft Corporation)
Windows Movie Maker 2.6 (HKLM-x32\...\{B3DAF54F-DB25-4586-9EF1-96D24BB14088}) (Version: 2.6.4037.0 - Microsoft Corporation)
Windows Resource Kit Tools - SubInAcl.exe (HKLM-x32\...\{D3EE034D-5B92-4A55-AA02-2E6D0A6A96EE}) (Version: 5.2.3790.1164 - Microsoft Corporation)
WinRAR 4.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
Wolfram CDF Player (M-WIN-D 8.0.4 2609533) (HKLM-x32\...\M-WIN-D 8.0.4 2609533_is1) (Version: 8.0.4 - Wolfram Research, Inc.)
Wolfram Extras 10.1 (5292844) (HKLM\...\A-WIN-Extras 10.1.0 5292844_is1) (Version: 10.1.0 - Wolfram Research, Inc.)
Wolfram Mathematica 10.1 (M-WIN-L 10.1.0 5292918) (HKLM\...\M-WIN-L 10.1.0 5292918_is1) (Version: 10.1.0 - Wolfram Research, Inc.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2052094510-1569341030-3252781033-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\nikhi\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2052094510-1569341030-3252781033-1001_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\nikhi\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2052094510-1569341030-3252781033-1001_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\nikhi\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2052094510-1569341030-3252781033-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\nikhi\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2052094510-1569341030-3252781033-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\nikhi\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2052094510-1569341030-3252781033-1001_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\nikhi\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2052094510-1569341030-3252781033-1001_Classes\CLSID\{ca586c80-7c84-4b88-8537-726724df6929}\InprocServer32 -> C:\Program Files (x86)\Git\git-cheetah\git_shell_ext64.dll ()
CustomCLSID: HKU\S-1-5-21-2052094510-1569341030-3252781033-1001_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\nikhi\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2052094510-1569341030-3252781033-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\nikhi\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2052094510-1569341030-3252781033-1001_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\nikhi\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2052094510-1569341030-3252781033-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\nikhi\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2052094510-1569341030-3252781033-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\nikhi\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2052094510-1569341030-3252781033-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\nikhi\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2052094510-1569341030-3252781033-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\nikhi\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2052094510-1569341030-3252781033-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\nikhi\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2052094510-1569341030-3252781033-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\nikhi\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2052094510-1569341030-3252781033-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\nikhi\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2052094510-1569341030-3252781033-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\nikhi\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2052094510-1569341030-3252781033-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\nikhi\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File