Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

.nakw Ransomware Malware

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

.nakw Ransomware Malware

Unread postby Sukeshini » November 4th, 2019, 3:29 am

Hi, I have Windows 7 with Kaspersky Endpoint Security. Each and every file in C and D drives has been encrypted and appended with .nakw extension. Please HELP!!!

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 01-11-2019
Ran by CDAC (administrator) on CDAC-THINK (LENOVO 5030AM5) (04-11-2019 12:43:00)
Running from C:\Users\CDAC\Desktop
Loaded Profiles: CDAC (Available Profiles: CDAC & ExtAccess & Administrator & Guest)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Emsisoft Ltd -> Emsisoft Ltd) C:\EEK\bin64\a2emergencykit.exe
(EnigmaSoft Limited -> EnigmaSoft Limited) C:\Program Files\EnigmaSoft\SpyHunter\ShKernel.exe
(EnigmaSoft Limited -> EnigmaSoft Limited) C:\Program Files\EnigmaSoft\SpyHunter\ShMonitor.exe
(EnigmaSoft Limited -> EnigmaSoft Limited) C:\Program Files\EnigmaSoft\SpyHunter\SpyHunter5.exe
(Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel® Identity Protection Technology Software -> Intel Corporation) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
(Kaspersky Lab -> AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Endpoint Security for Windows\avp.exe
(Kaspersky Lab -> AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Endpoint Security for Windows\avp.exe
(Kaspersky Lab -> AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Endpoint Security for Windows\avpsus.exe
(Kaspersky Lab -> Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\NetworkAgent\klnagent.exe
(Kaspersky Lab -> Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\NetworkAgent\vapm.exe
(Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation -> Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation -> Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Nitro PDF Software -> ) C:\Program Files\Nitro\Pro 9\Nitro_UpdateService.exe
(Nitro PDF Software -> Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
(Nitro PDF Software -> Nitro PDF Software) C:\Program Files\Nitro\Pro 9\NitroPDFDriverService9x64.exe
(Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(PaperCut Software International Pty. Ltd. -> ) C:\Program Files (x86)\PaperCut NG Client\pc-client.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Symantec Corporation -> Symantec Corporation) C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11490408 2010-10-19] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [268680 2019-11-04] (AVAST Software s.r.o. -> AVAST Software)
HKLM-x32\...\Run: [UserLogin] => C:\Program Files (x86)\USB Pratirodh\BIN\UserLogin.Exe
HKLM-x32\...\Run: [PaperCut NG Client] => C:\Program Files (x86)\PaperCut NG Client\pc-client.exe [359872 2018-09-27] (PaperCut Software International Pty. Ltd. -> )
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [601928 2018-12-15] (Oracle America, Inc. -> Oracle Corporation)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
HKU\S-1-5-21-1804532944-4144280375-3397209908-1000\...\Run: [Web Companion] => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe --minimize
HKU\S-1-5-21-1804532944-4144280375-3397209908-1000\...\MountPoints2: {6c5f4146-cfbf-11e0-9482-806e6f6e6963} - Q:\LenovoQDrive.exe
HKU\S-1-5-21-1804532944-4144280375-3397209908-1000\...\MountPoints2: {7c34beb2-c31c-11e5-97e2-9f6b19cfd4e2} - F:\OnePlus_USB_Drivers_Setup.exe
HKLM\Software\Microsoft\Active Setup\Installed Components: [{2D46B6DC-2207-486B-B523-A557E6D54B47}] -> C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\78.0.3904.87\Installer\chrmstp.exe [2019-11-04] (Google LLC -> Google LLC)
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{2D46B6DC-2207-486B-B523-A557E6D54B47}] -> C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
HKLM\Software\...\Authentication\Credential Providers: [{F8A0B131-5F68-486c-8040-7E8FC3C85BB6}] -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDCREDPROV.DLL [2010-09-22] (Microsoft Corporation -> Microsoft Corp.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2015-10-09]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.163\SSScheduler.exe (No File)
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
CHR HKU\S-1-5-21-1804532944-4144280375-3397209908-1000\SOFTWARE\Policies\Google: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0048CEDE-6DC3-46ED-A181-5ED8A0B95B91} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\PC-Doctor\uaclauncher.exe [1007184 2011-04-01] (PC-Doctor, Inc. -> PC-Doctor, Inc.)
Task: {00A8AAA5-D569-44E0-A8DA-649F835565B3} - System32\Tasks\PCDoctorBackgroundMonitorTask-Delay => C:\Program Files\PC-Doctor\uaclauncher.exe [1007184 2011-04-01] (PC-Doctor, Inc. -> PC-Doctor, Inc.)
Task: {08F2D35B-8ABC-4801-A941-C1E989BF4DBA} - System32\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv => C:\Windows\TEMP\{BE23E92F-D94D-45E5-9C18-97C06651FB09}.exe <==== ATTENTION
Task: {11F1FD39-3291-4497-B149-E16BDAF99EC3} - System32\Tasks\MCP => C:\Program Files (x86)\LENOVO\Message Center Plus\MCPLaunch.exe
Task: {2CA0F49F-1677-4CC8-8316-2455A34EF7E0} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_270_Plugin.exe [1457720 2019-10-10] (Adobe Inc. -> Adobe)
Task: {3487B49C-0BEE-495C-924B-8DCB1202BCA3} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2019-11-04] (Google Inc -> Google Inc.)
Task: {3ECE5EE3-002D-4029-A544-F66877632D23} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe [1873288 2019-11-04] (AVAST Software s.r.o. -> AVAST Software)
Task: {4E6DD737-023F-4750-B44B-FB9BDE6BCD00} - System32\Tasks\SystemToolsDailyTest => C:\Program Files\PC-Doctor\uaclauncher.exe [1007184 2011-04-01] (PC-Doctor, Inc. -> PC-Doctor, Inc.)
Task: {56E03DC0-7733-4C50-BDDB-B127EA26B800} - System32\Tasks\PCDEventLauncher => C:\Program Files\PC-Doctor\sessionchecker.exe [33872 2011-04-01] (PC-Doctor, Inc. -> PC-Doctor, Inc.)
Task: {6B9DDB93-65A7-43B1-8DF2-00F66279570C} - System32\Tasks\{2F5A0370-BBAE-4538-99F3-2C67786A7889} => C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\USB Pratirodh\BIN\Uninstaller.exe"
Task: {6F586311-3530-4E65-A60B-69C81CE94227} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2019-10-10] (Adobe Inc. -> Adobe)
Task: {77330F3E-09F1-4140-8DE4-5C92BB19BC0B} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [3933576 2019-11-04] (AVAST Software s.r.o. -> AVAST Software)
Task: {8688F944-C78E-42F2-83D3-7B7BD3F4CE72} - System32\Tasks\{4DB642FA-17F8-45BC-98A2-483DC40C62F2} => C:\Windows\system32\pcalua.exe -a C:\Users\CDAC\Downloads\winsdk_web.exe -d C:\Users\CDAC\Downloads
Task: {94F59D93-534E-45E7-8B17-6CDF5EBBDD2C} - System32\Tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv => C:\Windows\TEMP\{08C78F10-6002-4043-B581-335C1063FA76}.exe <==== ATTENTION
Task: {B19E61F6-09A0-445E-8041-E2CA1EA7482A} - System32\Tasks\{E0569AD9-0027-470F-94D0-48AE4F01BDB1} => C:\Windows\system32\pcalua.exe -a "C:\Program Files\NetBeans 7.4\uninstall.exe"
Task: {B25CB11A-E206-4A17-AE8B-E0B04D429A9A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2019-11-04] (Google Inc -> Google Inc.)
Task: {B625D2C3-C899-41B9-B436-CDA66EABF116} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Scan => c:\program files\windows defender\MpCmdRun.exe
Task: {C3F3736D-E65E-4729-B58F-A847CD1853AA} - System32\Tasks\{C4BBB993-3581-4D5C-9EF9-E9F3A7A853F9} => C:\Program Files (x86)\Java\jre6\bin\javaws.exe
Task: {CCE82D88-6488-4C01-A67D-B77D1A7BAC94} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task => {3519154C-227E-47F3-9CC9-12C3F05817F1}

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv.job => C:\Windows\TEMP\{08C78F10-6002-4043-B581-335C1063FA76}.exe <==== ATTENTION
Task: C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job => C:\Windows\TEMP\{BE23E92F-D94D-45E5-9C18-97C06651FB09}.exe <==== ATTENTION
Task: C:\Windows\Tasks\PCDoctorBackgroundMonitorTask-Delay.job => C:\Program Files\PC-Doctor\uaclauncher.exeq-backgroundmon scripts\backgroundmon.xml
Task: C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job => C:\Program Files\PC-Doctor\uaclauncher.exeq-backgroundmon scripts\backgroundmon.xml
Task: C:\Windows\Tasks\SystemToolsDailyTest.job => C:\Program Files\PC-Doctor\uaclauncher.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 07 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280 2010-09-22] (Microsoft Corporation -> Microsoft Corp.)
Winsock: Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280 2010-09-22] (Microsoft Corporation -> Microsoft Corp.)
Winsock: Catalog5-x64 07 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [170880 2010-09-22] (Microsoft Corporation -> Microsoft Corp.)
Winsock: Catalog5-x64 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [170880 2010-09-22] (Microsoft Corporation -> Microsoft Corp.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer]
Tcpip\..\Interfaces\{250F4D51-34F4-411F-AF34-93F2F1D35D2E}: [DhcpNameServer]

Internet Explorer:
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId= ... oogle.com/
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId= ... oogle.com/
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSERBM&pc=MSERT1
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSERBM&pc=MSERT1
SearchScopes: HKU\S-1-5-21-1804532944-4144280375-3397209908-1000 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_201\bin\ssv.dll [2019-02-12] (Oracle America, Inc. -> Oracle Corporation)
BHO: No Name -> {AD74E754-1E68-4957-BC51-E1DBA64372D6} -> No File
BHO: No Name -> {B775CAAA-4AC3-4455-B579-CDB2971F00D8} -> No File
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_201\bin\jp2ssv.dll [2019-02-12] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: CheaPPMe -> {AD74E754-1E68-4957-BC51-E1DBA64372D6} -> C:\Program Files (x86)\CheaPPMe\qwAaDZr8KFjGfb.dll => No File
BHO-x32: DDigiSaVeR -> {B775CAAA-4AC3-4455-B579-CDB2971F00D8} -> C:\Program Files (x86)\DDigiSaVeR\0AvgnlHwhH1Wvh.dll => No File
Toolbar: HKU\S-1-5-21-1804532944-4144280375-3397209908-1000 -> No Name - {178F4C0B-0457-45BA-8EC5-942DB8FD1F22} - No File
Toolbar: HKU\S-1-5-21-1804532944-4144280375-3397209908-1000 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No File
Handler-x32: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\BelarcAdvisor\System\BAVoilaX.dll [2013-04-16] (Belarc, Inc. -> Belarc, Inc.)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FF DefaultProfile: a8slgk73.default-1486359908837
FF ProfilePath: C:\Users\CDAC\AppData\Roaming\Mozilla\Firefox\Profiles\a8slgk73.default-1486359908837 [2019-11-04]
FF DownloadDir: C:\Users\CDAC\Desktop
FF Homepage: Mozilla\Firefox\Profiles\a8slgk73.default-1486359908837 -> www.google.com
FF NewTab: Mozilla\Firefox\Profiles\a8slgk73.default-1486359908837 -> hxxp://securedsearch.lavasoft.com/?pr=v ... 92__191030
FF NewTabOverride: Mozilla\Firefox\Profiles\a8slgk73.default-1486359908837 -> Disabled: @new-tab
FF Extension: (Adaware Web Protection) - C:\Users\CDAC\AppData\Roaming\Mozilla\Firefox\Profiles\a8slgk73.default-1486359908837\Extensions\@adaware_webprotection.xpi [2019-10-31] [UpdateUrl:hxxps://ext.adaware.com/wp/updates.json]
FF Extension: (Adaware Secure Search) - C:\Users\CDAC\AppData\Roaming\Mozilla\Firefox\Profiles\a8slgk73.default-1486359908837\Extensions\@new-tab.xpi [2019-10-31] [UpdateUrl:hxxps://ext.adaware.com/ff_newtab_update.rdf]
FF Extension: (Adaware Ad Block) - C:\Users\CDAC\AppData\Roaming\Mozilla\Firefox\Profiles\a8slgk73.default-1486359908837\Extensions\AdBlockerLavaSoftFF@lavasoft.com.xpi [2019-10-31]
FF Extension: (uBlock Origin) - C:\Users\CDAC\AppData\Roaming\Mozilla\Firefox\Profiles\a8slgk73.default-1486359908837\Extensions\uBlock0@raymondhill.net.xpi [2019-03-14]
FF Extension: (Plus gold download) - C:\Users\CDAC\AppData\Roaming\Mozilla\Firefox\Profiles\a8slgk73.default-1486359908837\Extensions\{90cd0a56-eac7-433e-a1c4-e71a137cd011}.xpi [2019-10-31]
FF Extension: (Honey) - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\jid1-93CWPmRbVPjRQA@jetpack.xpi [2015-02-02] [Legacy] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [VIP@verisign.com] - C:\Program Files (x86)\Symantec\VIP Access Client
FF Extension: (Symantec VIP Access Add-On) - C:\Program Files (x86)\Symantec\VIP Access Client [2018-05-29] [Legacy] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_32_0_0_270.dll [2019-10-10] (Adobe Inc. -> )
FF Plugin: @java.com/DTPlugin,version=11.201.2 -> C:\Program Files\Java\jre1.8.0_201\bin\dtplugin\npDeployJava1.dll [2019-02-12] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.201.2 -> C:\Program Files\Java\jre1.8.0_201\bin\plugin2\npjp2.dll [2019-02-12] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_270.dll [2019-10-10] (Adobe Inc. -> )
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Pro 9\npnitromozilla.dll [2014-05-22] (Nitro PDF Software -> Nitro PDF)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\\npGoogleUpdate3.dll [2019-11-04] (Google Inc -> Google LLC)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\\npGoogleUpdate3.dll [2019-11-04] (Google Inc -> Google LLC)

CHR StartupUrls: Default -> "hxxps://www.google.com/"
CHR Profile: C:\Users\CDAC\AppData\Local\Google\Chrome\User Data\Default [2019-11-04]
CHR HKU\S-1-5-21-1804532944-4144280375-3397209908-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bakijjialdiiboeaknfpmflphhmljfkd] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [6085360 2019-11-04] (AVAST Software s.r.o. -> AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [996880 2019-11-04] (AVAST Software s.r.o. -> AVAST Software)
R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Endpoint Security for Windows\avp.exe [2206288 2018-03-22] (Kaspersky Lab -> AO Kaspersky Lab)
R2 avpsus; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Endpoint Security for Windows\avpsus.exe [2912040 2018-03-22] (Kaspersky Lab -> AO Kaspersky Lab)
R2 EsgShKernel; C:\Program Files\EnigmaSoft\SpyHunter\ShKernel.exe [11776224 2019-10-31] (EnigmaSoft Limited -> EnigmaSoft Limited)
R2 klnagent; C:\Program Files (x86)\Kaspersky Lab\NetworkAgent\klnagent.exe [105960 2014-11-19] (Kaspersky Lab -> Kaspersky Lab ZAO)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6744288 2019-06-26] (Malwarebytes Corporation -> Malwarebytes)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.149\McCHSvc.exe [289256 2015-06-26] (McAfee, Inc. -> McAfee, Inc.)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [50688 2016-06-15] (HP Inc.) [File not signed]
R2 NitroDriverReadSpool9; C:\Program Files\Nitro\Pro 9\NitroPDFDriverService9x64.exe [230920 2014-05-22] (Nitro PDF Software -> Nitro PDF Software)
R2 NitroUpdateService; C:\Program Files\Nitro\Pro 9\Nitro_UpdateService.exe [417800 2014-05-22] (Nitro PDF Software -> )
R2 nlsX86cc; C:\Windows\SysWOW64\NLSSRV32.EXE [69640 2014-05-22] (Nitro PDF Software -> Nalpeiron Ltd.)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [66048 2016-06-15] (HP Inc.) [File not signed]
R2 ShMonitor; C:\Program Files\EnigmaSoft\SpyHunter\ShMonitor.exe [519904 2019-10-31] (EnigmaSoft Limited -> EnigmaSoft Limited)
R2 VIPAppService; C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe [84088 2011-04-13] (Symantec Corporation -> Symantec Corporation)
R2 wlidsvc; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2286976 2010-09-22] (Microsoft Corporation -> Microsoft Corp.)
S2 sshd; C:\cygwin64\bin\cygrunsrv.exe [X]
S3 WsDrvInst; "C:\Program Files (x86)\Wondershare\Video Converter Ultimate\Transfer\DriverInstall.exe" [X]

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 androidusb; C:\Windows\System32\Drivers\ssadadb.sys [36328 2010-12-21] (MCCI Internal Testing Software -> Google Inc)
S0 aswArDisk; C:\Windows\System32\drivers\aswArDisk.sys [37616 2019-11-04] (AVAST Software s.r.o. -> AVAST Software)
S3 aswArPot; C:\Windows\System32\drivers\aswArPot.sys [204824 2019-11-04] (AVAST Software s.r.o. -> AVAST Software)
S3 aswbidsdriver; C:\Windows\System32\drivers\aswbidsdriver.sys [274456 2019-11-04] (AVAST Software s.r.o. -> AVAST Software)
S3 aswbidsh; C:\Windows\System32\drivers\aswbidsh.sys [209552 2019-11-04] (AVAST Software s.r.o. -> AVAST Software)
S3 aswbuniv; C:\Windows\System32\drivers\aswbuniv.sys [65120 2019-11-04] (AVAST Software s.r.o. -> AVAST Software)
R1 aswHdsKe; C:\Windows\System32\drivers\aswHdsKe.sys [276952 2019-11-04] (AVAST Software s.r.o. -> AVAST Software)
S3 aswKbd; C:\Windows\System32\drivers\aswKbd.sys [42736 2019-11-04] (AVAST Software s.r.o. -> AVAST Software)
R2 aswMonFlt; C:\Windows\System32\drivers\aswMonFlt.sys [171520 2019-11-04] (AVAST Software s.r.o. -> AVAST Software)
S3 aswRdr; C:\Windows\System32\drivers\aswRdr2.sys [110320 2019-11-04] (AVAST Software s.r.o. -> AVAST Software)
S0 aswRvrt; C:\Windows\System32\drivers\aswRvrt.sys [83792 2019-11-04] (AVAST Software s.r.o. -> AVAST Software)
S3 aswSnx; C:\Windows\System32\drivers\aswSnx.sys [848432 2019-11-04] (AVAST Software s.r.o. -> AVAST Software)
R1 aswSP; C:\Windows\System32\drivers\aswSP.sys [460448 2019-11-04] (AVAST Software s.r.o. -> AVAST Software)
S3 aswStm; C:\Windows\System32\drivers\aswStm.sys [236024 2019-11-04] (AVAST Software s.r.o. -> AVAST Software)
S3 aswVmm; C:\Windows\System32\drivers\aswVmm.sys [316528 2019-11-04] (AVAST Software s.r.o. -> AVAST Software)
S3 dg_ssudbus; C:\Windows\System32\DRIVERS\ssudbus.sys [99384 2012-06-04] (Samsung Electronics CO., LTD. -> DEVGURU Co., LTD.(www.devguru.co.kr))
R3 EnigmaFileMonDriver; C:\Windows\System32\drivers\EnigmaFileMonDriver.sys [68424 2019-11-04] (EnigmaSoft Limited -> EnigmaSoft Limited)
R1 epp; C:\EEK\bin64\epp.sys [176128 2019-11-04] (Emsisoft Ltd -> Emsisoft Ltd)
R1 HssDRV6; C:\Windows\System32\DRIVERS\hssdrv6.sys [41704 2012-07-10] (AnchorFree Inc -> AnchorFree Inc.)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [554408 2016-10-01] (Kaspersky Lab -> AO Kaspersky Lab)
R0 klbackupdisk; C:\Windows\System32\DRIVERS\klbackupdisk.sys [73808 2018-08-09] (Kaspersky Lab -> AO Kaspersky Lab)
R1 klbackupflt; C:\Windows\System32\DRIVERS\klbackupflt.sys [121024 2018-02-01] (Kaspersky Lab -> AO Kaspersky Lab)
R3 klflt; C:\Windows\System32\DRIVERS\klflt.sys [218936 2018-09-29] (Kaspersky Lab -> AO Kaspersky Lab)
R1 KLFLTDEV; C:\Windows\System32\DRIVERS\klfltdev.sys [62224 2017-11-21] (Kaspersky Lab -> AO Kaspersky Lab)
R1 klhk; C:\Windows\System32\DRIVERS\klhk.sys [1214752 2018-09-20] (Kaspersky Lab -> AO Kaspersky Lab)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [1154872 2018-09-29] (Kaspersky Lab -> AO Kaspersky Lab)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [57032 2018-05-18] (Kaspersky Lab -> AO Kaspersky Lab)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [50648 2017-05-30] (Kaspersky Lab -> AO Kaspersky Lab)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [81904 2017-10-15] (Kaspersky Lab -> AO Kaspersky Lab)
R1 klwtp; C:\Windows\System32\DRIVERS\klwtp.sys [177352 2018-05-22] (Kaspersky Lab -> AO Kaspersky Lab)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [204384 2018-09-17] (Kaspersky Lab -> AO Kaspersky Lab)
R0 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [275232 2019-11-01] (Malwarebytes Corporation -> Malwarebytes)
S3 ssudmdm; C:\Windows\System32\DRIVERS\ssudmdm.sys [203320 2012-06-04] (Samsung Electronics CO., LTD. -> DEVGURU Co., LTD.(www.devguru.co.kr))
R3 TVTI2C; C:\Windows\System32\DRIVERS\Tvti2c.sys [41536 2009-09-24] (Lenovo Information Products (Shenzhen) Co.,Ltd -> Lenovo (United States) Inc.)
S3 VBoxNetAdp; C:\Windows\System32\DRIVERS\VBoxNetAdp6.sys [235832 2019-01-28] (Oracle Corporation -> Oracle Corporation)
S3 WDC_SAM; C:\Windows\System32\DRIVERS\wdcsam64.sys [23200 2015-04-30] (Microsoft Windows Hardware Compatibility Publisher -> Western Digital Technologies)
U3 aswbdisk; no ImagePath
S1 BAPIDRV; system32\DRIVERS\BAPIDRV64.sys [X]
S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One month (created) ===================

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-11-04 12:46 - 2019-10-30 16:04 - 000348861 _____ C:\Users\CDAC\Desktop\Survey of Big Data Benchmarking.pdf.nakw
2019-11-04 12:36 - 2019-11-04 12:46 - 000027111 _____ C:\Users\CDAC\Desktop\FRST.txt
2019-11-04 12:36 - 2019-11-04 12:37 - 000000000 ____D C:\FRST
2019-11-04 12:35 - 2019-11-04 12:35 - 001619456 _____ (Farbar) C:\Users\CDAC\Desktop\FRST64.exe
2019-11-04 12:23 - 2019-11-04 12:23 - 000000000 ____D C:\ProgramData\Emsisoft
2019-11-04 12:22 - 2019-11-04 12:36 - 000000000 ____D C:\EEK
2019-11-04 12:04 - 2019-11-04 12:04 - 000002311 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2019-11-04 12:03 - 2019-11-04 12:14 - 000003334 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineUA
2019-11-04 12:03 - 2019-11-04 12:14 - 000003206 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineCore
2019-11-04 12:03 - 2019-11-04 12:03 - 000000000 ____D C:\Users\CDAC\AppData\Roaming\AVAST Software
2019-11-04 12:02 - 2019-11-04 12:02 - 000002090 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2019-11-04 12:02 - 2019-11-04 12:02 - 000002090 _____ C:\ProgramData\Desktop\Avast Free Antivirus.lnk
2019-11-04 12:02 - 2019-11-04 12:02 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2019-11-04 11:58 - 2019-11-04 11:58 - 000848432 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2019-11-04 11:58 - 2019-11-04 11:58 - 000460448 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2019-11-04 11:58 - 2019-11-04 11:58 - 000003910 _____ C:\Windows\system32\Tasks\Avast Emergency Update
2019-11-04 11:58 - 2019-11-04 11:58 - 000000000 ____D C:\Windows\system32\Tasks\Avast Software
2019-11-04 11:58 - 2019-11-04 11:58 - 000000000 ____D C:\Program Files\Common Files\AVAST Software
2019-11-04 11:58 - 2019-11-04 11:57 - 000355720 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2019-11-04 11:58 - 2019-11-04 11:57 - 000316528 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2019-11-04 11:58 - 2019-11-04 11:57 - 000276952 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHdsKe.sys
2019-11-04 11:58 - 2019-11-04 11:57 - 000274456 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbidsdriver.sys
2019-11-04 11:58 - 2019-11-04 11:57 - 000236024 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2019-11-04 11:58 - 2019-11-04 11:57 - 000209552 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbidsh.sys
2019-11-04 11:58 - 2019-11-04 11:57 - 000204824 _____ (AVAST Software) C:\Windows\system32\Drivers\aswArPot.sys
2019-11-04 11:58 - 2019-11-04 11:57 - 000171520 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2019-11-04 11:58 - 2019-11-04 11:57 - 000110320 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2019-11-04 11:58 - 2019-11-04 11:57 - 000083792 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2019-11-04 11:58 - 2019-11-04 11:57 - 000065120 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbuniv.sys
2019-11-04 11:58 - 2019-11-04 11:57 - 000042736 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2019-11-04 11:58 - 2019-11-04 11:57 - 000037616 _____ (AVAST Software) C:\Windows\system32\Drivers\aswArDisk.sys
2019-11-04 11:57 - 2019-11-04 11:58 - 000000000 ____D C:\ProgramData\AVAST Software
2019-11-04 11:57 - 2019-11-04 11:57 - 000000000 ____D C:\Program Files\AVAST Software
2019-11-04 11:48 - 2019-11-04 11:49 - 000002272 _____ C:\ShadeDecryptor.
2019-11-04 11:38 - 2019-11-04 11:44 - 000003094 _____ C:\RakhniDecryptor.
2019-11-04 10:55 - 2019-11-04 10:55 - 000000000 ____D C:\Windows\LastGood
2019-11-04 10:35 - 2019-11-04 10:35 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2019-11-04 10:35 - 2019-11-04 10:35 - 000000000 ____D C:\Program Files\Mcafee
2019-11-04 10:07 - 2019-11-04 10:07 - 000000000 _____ C:\Users\CDAC\.uc-3f3899f77d6863a61d3371971378e815.cdac.cdac-think.tmp
2019-11-04 09:04 - 2019-11-04 12:46 - 000000000 ____D C:\Users\CDAC\Desktop\Decryption_Tools
2019-11-01 14:50 - 2019-11-01 18:27 - 000000258 __RSH C:\ProgramData\ntuser.pol
2019-11-01 12:48 - 2019-11-01 12:48 - 000000000 ____D C:\Users\CDAC\AppData\Local\mbam
2019-11-01 12:47 - 2019-11-01 12:47 - 000275232 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2019-11-01 12:44 - 2019-11-01 12:44 - 000000000 ____D C:\Users\CDAC\AppData\Local\mbamtray
2019-11-01 12:43 - 2019-11-01 12:47 - 000153312 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae64.sys
2019-11-01 12:43 - 2019-11-01 12:43 - 000001878 _____ C:\Users\CDAC\Desktop\Malwarebytes.lnk
2019-11-01 12:43 - 2019-11-01 12:43 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2019-11-01 12:43 - 2019-11-01 12:43 - 000000000 ____D C:\ProgramData\Malwarebytes
2019-11-01 12:43 - 2019-11-01 12:43 - 000000000 ____D C:\Program Files\Malwarebytes
2019-10-31 17:43 - 2019-11-04 10:06 - 000068424 _____ (EnigmaSoft Limited) C:\Windows\system32\Drivers\EnigmaFileMonDriver.sys
2019-10-31 17:43 - 2019-10-31 17:43 - 000000000 ____D C:\ProgramData\EnigmaSoft Limited
2019-10-31 17:42 - 2019-10-31 17:42 - 000001021 _____ C:\Users\Public\Desktop\SpyHunter5.lnk
2019-10-31 17:42 - 2019-10-31 17:42 - 000001021 _____ C:\ProgramData\Desktop\SpyHunter5.lnk
2019-10-31 17:42 - 2019-10-31 17:42 - 000000000 ____D C:\sh5ldr
2019-10-31 17:42 - 2019-10-31 17:42 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EnigmaSoft
2019-10-31 17:42 - 2019-10-31 17:42 - 000000000 ____D C:\Program Files\EnigmaSoft
2019-10-30 17:50 - 2019-10-30 17:50 - 000000000 ____D C:\Users\CDAC\New folder
2019-10-30 16:04 - 2019-10-30 16:04 - 000001131 _____ C:\Users\Guest\_readme.txt
2019-10-30 16:04 - 2019-10-30 16:04 - 000001131 _____ C:\Users\ExtAccess\_readme.txt
2019-10-30 16:04 - 2019-10-30 16:04 - 000001131 _____ C:\Users\cyg_server\_readme.txt
2019-10-30 16:04 - 2019-10-30 16:04 - 000001131 _____ C:\Users\CDAC\_readme.txt
2019-10-30 16:04 - 2019-10-30 16:04 - 000001131 _____ C:\Users\Administrator\_readme.txt
2019-10-30 16:04 - 2019-10-30 16:04 - 000001131 _____ C:\_readme.txt
2019-10-30 15:54 - 2019-10-31 17:40 - 000000000 ____D C:\ProgramData\Mbappert
2019-10-30 15:54 - 2019-10-31 10:41 - 000000000 ____D C:\ProgramData\CloudPrinter
2019-10-30 15:54 - 2019-10-31 10:35 - 000000000 ____D C:\Users\CDAC\AppData\Local\0852586a-263d-445b-ac71-fc2c25cd1048
2019-10-30 15:54 - 2019-10-30 15:54 - 000000560 _____ C:\Users\CDAC\AppData\Local\bowsakkdestx.txt
2019-10-30 15:54 - 2019-10-30 15:54 - 000000000 ____D C:\Users\CDAC\AppData\Local\59a6e9aa-e027-490f-be4c-dda85807384b
2019-10-30 15:54 - 2019-10-30 15:54 - 000000000 ____D C:\SystemID
2019-10-30 15:53 - 2019-10-31 10:07 - 000000000 ____D C:\Program Files (x86)\Yesmin
2019-10-25 14:03 - 2019-10-31 09:46 - 000000000 ____D C:\Users\CDAC\AppData\Local\Package Cache
2019-10-18 10:11 - 2019-10-11 07:52 - 000338944 _____ (Microsoft Corporation) C:\Windows\system32\sipnotify.exe
2019-10-11 09:54 - 2019-11-01 12:30 - 000000000 ____D C:\Program Files\Mozilla Firefox
2019-10-10 11:14 - 2019-10-06 09:42 - 025753088 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2019-10-10 11:14 - 2019-10-06 09:04 - 005500928 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2019-10-10 11:14 - 2019-10-06 09:02 - 020290048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2019-10-10 11:14 - 2019-10-06 08:28 - 015413760 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2019-10-10 11:14 - 2019-10-06 08:27 - 004859904 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2019-10-10 11:14 - 2019-10-06 08:15 - 013808640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2019-10-10 11:14 - 2019-10-06 08:15 - 001566208 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2019-10-10 11:14 - 2019-10-06 08:05 - 004387840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2019-10-10 11:14 - 2019-09-10 07:24 - 003231744 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2019-10-10 11:13 - 2019-10-07 12:19 - 000390752 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2019-10-10 11:13 - 2019-10-07 11:27 - 000341896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2019-10-10 11:13 - 2019-10-06 09:30 - 002724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2019-10-10 11:13 - 2019-10-06 09:30 - 000004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2019-10-10 11:13 - 2019-10-06 09:19 - 002909184 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2019-10-10 11:13 - 2019-10-06 09:18 - 000066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2019-10-10 11:13 - 2019-10-06 09:17 - 000579584 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2019-10-10 11:13 - 2019-10-06 09:17 - 000417280 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2019-10-10 11:13 - 2019-10-06 09:17 - 000048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2019-10-10 11:13 - 2019-10-06 09:16 - 000088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2019-10-10 11:13 - 2019-10-06 09:11 - 000054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2019-10-10 11:13 - 2019-10-06 09:10 - 000034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2019-10-10 11:13 - 2019-10-06 09:08 - 000615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2019-10-10 11:13 - 2019-10-06 09:07 - 000144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2019-10-10 11:13 - 2019-10-06 09:07 - 000116224 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2019-10-10 11:13 - 2019-10-06 09:06 - 000814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2019-10-10 11:13 - 2019-10-06 09:06 - 000797696 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2019-10-10 11:13 - 2019-10-06 09:01 - 000969216 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2019-10-10 11:13 - 2019-10-06 08:58 - 002724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2019-10-10 11:13 - 2019-10-06 08:58 - 000489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2019-10-10 11:13 - 2019-10-06 08:53 - 000077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2019-10-10 11:13 - 2019-10-06 08:52 - 000107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2019-10-10 11:13 - 2019-10-06 08:52 - 000087552 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2019-10-10 11:13 - 2019-10-06 08:49 - 000199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2019-10-10 11:13 - 2019-10-06 08:49 - 000092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2019-10-10 11:13 - 2019-10-06 08:48 - 000496128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2019-10-10 11:13 - 2019-10-06 08:48 - 000062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2019-10-10 11:13 - 2019-10-06 08:47 - 000341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2019-10-10 11:13 - 2019-10-06 08:47 - 000315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2019-10-10 11:13 - 2019-10-06 08:47 - 000047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2019-10-10 11:13 - 2019-10-06 08:46 - 000152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2019-10-10 11:13 - 2019-10-06 08:46 - 000064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2019-10-10 11:13 - 2019-10-06 08:45 - 002302464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2019-10-10 11:13 - 2019-10-06 08:42 - 000047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2019-10-10 11:13 - 2019-10-06 08:42 - 000030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2019-10-10 11:13 - 2019-10-06 08:41 - 000476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2019-10-10 11:13 - 2019-10-06 08:40 - 000663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2019-10-10 11:13 - 2019-10-06 08:40 - 000620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2019-10-10 11:13 - 2019-10-06 08:40 - 000115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2019-10-10 11:13 - 2019-10-06 08:37 - 000262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2019-10-10 11:13 - 2019-10-06 08:35 - 000809472 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2019-10-10 11:13 - 2019-10-06 08:35 - 000728064 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2019-10-10 11:13 - 2019-10-06 08:33 - 002132992 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2019-10-10 11:13 - 2019-10-06 08:33 - 001359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2019-10-10 11:13 - 2019-10-06 08:33 - 000416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2019-10-10 11:13 - 2019-10-06 08:30 - 000073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2019-10-10 11:13 - 2019-10-06 08:30 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2019-10-10 11:13 - 2019-10-06 08:29 - 000091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2019-10-10 11:13 - 2019-10-06 08:27 - 000168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2019-10-10 11:13 - 2019-10-06 08:26 - 000279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2019-10-10 11:13 - 2019-10-06 08:26 - 000076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2019-10-10 11:13 - 2019-10-06 08:25 - 000130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2019-10-10 11:13 - 2019-10-06 08:23 - 004112384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2019-10-10 11:13 - 2019-10-06 08:20 - 000230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2019-10-10 11:13 - 2019-10-06 08:19 - 000696320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2019-10-10 11:13 - 2019-10-06 08:18 - 002058752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2019-10-10 11:13 - 2019-10-06 08:18 - 001155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2019-10-10 11:13 - 2019-10-06 08:04 - 000800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2019-10-10 11:13 - 2019-10-06 08:02 - 001331712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2019-10-10 11:13 - 2019-10-06 08:00 - 000710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2019-10-10 11:13 - 2019-09-19 09:57 - 000168448 _____ (Microsoft Corporation) C:\Windows\system32\umpo.dll
2019-10-10 11:13 - 2019-09-17 08:02 - 004060896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2019-10-10 11:13 - 2019-09-17 08:02 - 003966688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2019-10-10 11:13 - 2019-09-17 08:02 - 000709856 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2019-10-10 11:13 - 2019-09-17 08:02 - 000627424 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2019-10-10 11:13 - 2019-09-17 08:01 - 005552864 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2019-10-10 11:13 - 2019-09-17 08:01 - 001319496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2019-10-10 11:13 - 2019-09-17 08:01 - 000263904 _____ (Microsoft Corporation) C:\Windows\system32\hal.dll
2019-10-10 11:13 - 2019-09-17 08:01 - 000155360 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2019-10-10 11:13 - 2019-09-17 08:01 - 000096992 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2019-10-10 11:13 - 2019-09-17 08:00 - 001670784 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2019-10-10 11:13 - 2019-09-17 07:59 - 001114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2019-10-10 11:13 - 2019-09-17 07:59 - 000834048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll
2019-10-10 11:13 - 2019-09-17 07:59 - 000690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2019-10-10 11:13 - 2019-09-17 07:59 - 000666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2019-10-10 11:13 - 2019-09-17 07:59 - 000644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2019-10-10 11:13 - 2019-09-17 07:59 - 000555520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2019-10-10 11:13 - 2019-09-17 07:59 - 000342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2019-10-10 11:13 - 2019-09-17 07:59 - 000275968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2019-10-10 11:13 - 2019-09-17 07:59 - 000261632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2019-10-10 11:13 - 2019-09-17 07:59 - 000254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2019-10-10 11:13 - 2019-09-17 07:59 - 000223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2019-10-10 11:13 - 2019-09-17 07:59 - 000172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2019-10-10 11:13 - 2019-09-17 07:59 - 000146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2019-10-10 11:13 - 2019-09-17 07:59 - 000141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2019-10-10 11:13 - 2019-09-17 07:59 - 000096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2019-10-10 11:13 - 2019-09-17 07:59 - 000082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll
2019-10-10 11:13 - 2019-09-17 07:59 - 000070144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2019-10-10 11:13 - 2019-09-17 07:59 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2019-10-10 11:13 - 2019-09-17 07:59 - 000050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2019-10-10 11:13 - 2019-09-17 07:59 - 000043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2019-10-10 11:13 - 2019-09-17 07:59 - 000022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2019-10-10 11:13 - 2019-09-17 07:59 - 000017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2019-10-10 11:13 - 2019-09-17 07:59 - 000007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2019-10-10 11:13 - 2019-09-17 07:59 - 000005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2019-10-10 11:13 - 2019-09-17 07:59 - 000005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2019-10-10 11:13 - 2019-09-17 07:59 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2019-10-10 11:13 - 2019-09-17 07:59 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2019-10-10 11:13 - 2019-09-17 07:59 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2019-10-10 11:13 - 2019-09-17 07:59 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2019-10-10 11:13 - 2019-09-17 07:59 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2019-10-10 11:13 - 2019-09-17 07:59 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2019-10-10 11:13 - 2019-09-17 07:59 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2019-10-10 11:13 - 2019-09-17 07:59 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2019-10-10 11:13 - 2019-09-17 07:59 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2019-10-10 11:13 - 2019-09-17 07:59 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2019-10-10 11:13 - 2019-09-17 07:59 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2019-10-10 11:13 - 2019-09-17 07:59 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2019-10-10 11:13 - 2019-09-17 07:59 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2019-10-10 11:13 - 2019-09-17 07:59 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2019-10-10 11:13 - 2019-09-17 07:59 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2019-10-10 11:13 - 2019-09-17 07:59 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2019-10-10 11:13 - 2019-09-17 07:59 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2019-10-10 11:13 - 2019-09-17 07:59 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2019-10-10 11:13 - 2019-09-17 07:59 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2019-10-10 11:13 - 2019-09-17 07:59 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2019-10-10 11:13 - 2019-09-17 07:59 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2019-10-10 11:13 - 2019-09-17 07:59 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2019-10-10 11:13 - 2019-09-17 07:59 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2019-10-10 11:13 - 2019-09-17 07:58 - 001472512 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2019-10-10 11:13 - 2019-09-17 07:58 - 001211392 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2019-10-10 11:13 - 2019-09-17 07:58 - 001162752 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2019-10-10 11:13 - 2019-09-17 07:58 - 001010176 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll
2019-10-10 11:13 - 2019-09-17 07:58 - 000880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2019-10-10 11:13 - 2019-09-17 07:58 - 000733184 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2019-10-10 11:13 - 2019-09-17 07:58 - 000690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2019-10-10 11:13 - 2019-09-17 07:58 - 000503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2019-10-10 11:13 - 2019-09-17 07:58 - 000463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2019-10-10 11:13 - 2019-09-17 07:58 - 000408576 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2019-10-10 11:13 - 2019-09-17 07:58 - 000361984 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2019-10-10 11:13 - 2019-09-17 07:58 - 000345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2019-10-10 11:13 - 2019-09-17 07:58 - 000316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2019-10-10 11:13 - 2019-09-17 07:58 - 000312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2019-10-10 11:13 - 2019-09-17 07:58 - 000243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2019-10-10 11:13 - 2019-09-17 07:58 - 000236032 _____ (Microsoft Corporation) C:\Windows\system32\srvsvc.dll
2019-10-10 11:13 - 2019-09-17 07:58 - 000215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2019-10-10 11:13 - 2019-09-17 07:58 - 000210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2019-10-10 11:13 - 2019-09-17 07:58 - 000190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2019-10-10 11:13 - 2019-09-17 07:58 - 000146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2019-10-10 11:13 - 2019-09-17 07:58 - 000135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2019-10-10 11:13 - 2019-09-17 07:58 - 000123904 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2019-10-10 11:13 - 2019-09-17 07:58 - 000094208 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2019-10-10 11:13 - 2019-09-17 07:58 - 000063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2019-10-10 11:13 - 2019-09-17 07:58 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2019-10-10 11:13 - 2019-09-17 07:58 - 000059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2019-10-10 11:13 - 2019-09-17 07:58 - 000050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2019-10-10 11:13 - 2019-09-17 07:58 - 000044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2019-10-10 11:13 - 2019-09-17 07:58 - 000043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2019-10-10 11:13 - 2019-09-17 07:58 - 000034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2019-10-10 11:13 - 2019-09-17 07:58 - 000028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2019-10-10 11:13 - 2019-09-17 07:58 - 000028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2019-10-10 11:13 - 2019-09-17 07:58 - 000022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2019-10-10 11:13 - 2019-09-17 07:58 - 000016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2019-10-10 11:13 - 2019-09-17 07:58 - 000013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2019-10-10 11:13 - 2019-09-17 07:58 - 000013312 _____ (Microsoft Corporation) C:\Windows\system32\sscore.dll
2019-10-10 11:13 - 2019-09-17 07:58 - 000007168 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2019-10-10 11:13 - 2019-09-17 07:58 - 000006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2019-10-10 11:13 - 2019-09-17 07:58 - 000005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2019-10-10 11:13 - 2019-09-17 07:58 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2019-10-10 11:13 - 2019-09-17 07:58 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2019-10-10 11:13 - 2019-09-17 07:58 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2019-10-10 11:13 - 2019-09-17 07:58 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2019-10-10 11:13 - 2019-09-17 07:58 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2019-10-10 11:13 - 2019-09-17 07:58 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2019-10-10 11:13 - 2019-09-17 07:58 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2019-10-10 11:13 - 2019-09-17 07:58 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2019-10-10 11:13 - 2019-09-17 07:58 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2019-10-10 11:13 - 2019-09-17 07:58 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2019-10-10 11:13 - 2019-09-17 07:58 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2019-10-10 11:13 - 2019-09-17 07:58 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2019-10-10 11:13 - 2019-09-17 07:58 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2019-10-10 11:13 - 2019-09-17 07:58 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2019-10-10 11:13 - 2019-09-17 07:58 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2019-10-10 11:13 - 2019-09-17 07:58 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2019-10-10 11:13 - 2019-09-17 07:58 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2019-10-10 11:13 - 2019-09-17 07:58 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2019-10-10 11:13 - 2019-09-17 07:58 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2019-10-10 11:13 - 2019-09-17 07:58 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2019-10-10 11:13 - 2019-09-17 07:58 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2019-10-10 11:13 - 2019-09-17 07:58 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2019-10-10 11:13 - 2019-09-17 07:58 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2019-10-10 11:13 - 2019-09-17 07:58 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2019-10-10 11:13 - 2019-09-17 07:58 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2019-10-10 11:13 - 2019-09-17 07:58 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2019-10-10 11:13 - 2019-09-17 07:34 - 000009728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sscore.dll
2019-10-10 11:13 - 2019-09-17 07:33 - 000050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2019-10-10 11:13 - 2019-09-17 07:30 - 000148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2019-10-10 11:13 - 2019-09-17 07:30 - 000062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2019-10-10 11:13 - 2019-09-17 07:30 - 000017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2019-10-10 11:13 - 2019-09-17 07:29 - 000064512 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2019-10-10 11:13 - 2019-09-17 07:29 - 000025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2019-10-10 11:13 - 2019-09-17 07:29 - 000014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2019-10-10 11:13 - 2019-09-17 07:29 - 000007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2019-10-10 11:13 - 2019-09-17 07:29 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2019-10-10 11:13 - 2019-09-17 07:27 - 000036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2019-10-10 11:13 - 2019-09-17 07:27 - 000006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2019-10-10 11:13 - 2019-09-17 07:27 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2019-10-10 11:13 - 2019-09-17 07:27 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2019-10-10 11:13 - 2019-09-17 07:27 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2019-10-10 11:13 - 2019-09-17 07:26 - 000338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2019-10-10 11:13 - 2019-09-17 07:26 - 000129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\videoprt.sys
2019-10-10 11:13 - 2019-09-17 07:25 - 000296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2019-10-10 11:13 - 2019-09-17 07:23 - 000464384 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2019-10-10 11:13 - 2019-09-17 07:23 - 000161280 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2019-10-10 11:13 - 2019-09-17 07:22 - 000406016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2019-10-10 11:13 - 2019-09-17 07:22 - 000291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2019-10-10 11:13 - 2019-09-17 07:22 - 000169984 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2019-10-10 11:13 - 2019-09-17 07:22 - 000129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2019-10-10 11:13 - 2019-09-17 07:21 - 000112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2019-10-10 11:13 - 2019-09-17 07:21 - 000064512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\amdk8.sys
2019-10-10 11:13 - 2019-09-17 07:21 - 000062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\intelppm.sys
2019-10-10 11:13 - 2019-09-17 07:21 - 000060928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\processr.sys
2019-10-10 11:13 - 2019-09-17 07:21 - 000060928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\amdppm.sys
2019-10-10 11:13 - 2019-09-17 07:21 - 000044544 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\npfs.sys
2019-10-10 11:13 - 2019-09-17 07:21 - 000030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2019-10-10 11:13 - 2019-09-17 05:43 - 000455392 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2019-10-10 11:13 - 2019-09-11 10:26 - 000353792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrd3x40.dll
2019-10-10 11:13 - 2019-09-11 10:26 - 000241152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msltus40.dll
2019-10-10 11:13 - 2019-09-10 07:57 - 000383488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2019-10-10 11:13 - 2019-09-10 07:57 - 000320512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Faultrep.dll
2019-10-10 11:13 - 2019-09-10 07:57 - 000160256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\werui.dll
2019-10-10 11:13 - 2019-09-10 07:54 - 001281536 _____ (Microsoft Corporation) C:\Windows\system32\werconcpl.dll
2019-10-10 11:13 - 2019-09-10 07:54 - 000486912 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2019-10-10 11:13 - 2019-09-10 07:54 - 000355328 _____ (Microsoft Corporation) C:\Windows\system32\Faultrep.dll
2019-10-10 11:13 - 2019-09-10 07:54 - 000174080 _____ (Microsoft Corporation) C:\Windows\system32\werui.dll
2019-10-10 11:13 - 2019-09-10 07:54 - 000086016 _____ (Microsoft Corporation) C:\Windows\system32\wercplsupport.dll
2019-10-10 11:13 - 2019-09-10 07:54 - 000034304 _____ (Microsoft Corporation) C:\Windows\system32\werdiagcontroller.dll
2019-10-10 11:13 - 2019-09-10 07:30 - 000361472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WerFault.exe
2019-10-10 11:13 - 2019-09-10 07:30 - 000130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWWIN.EXE
2019-10-10 11:13 - 2019-09-10 07:30 - 000054272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wermgr.exe
2019-10-10 11:13 - 2019-09-10 07:30 - 000028672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WerFaultSecure.exe
2019-10-10 11:13 - 2019-09-10 07:30 - 000028672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\werdiagcontroller.dll
2019-10-10 11:13 - 2019-09-10 07:23 - 000416256 _____ (Microsoft Corporation) C:\Windows\system32\WerFault.exe
2019-10-10 11:13 - 2019-09-10 07:23 - 000152576 _____ (Microsoft Corporation) C:\Windows\system32\DWWIN.EXE
2019-10-10 11:13 - 2019-09-10 07:23 - 000050688 _____ (Microsoft Corporation) C:\Windows\system32\wermgr.exe
2019-10-10 11:13 - 2019-09-10 07:23 - 000026112 _____ (Microsoft Corporation) C:\Windows\system32\WerFaultSecure.exe
2019-10-10 11:13 - 2019-09-10 07:22 - 000030208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\monitor.sys
2019-10-10 11:13 - 2019-09-10 07:19 - 000317440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdbss.sys

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-11-04 12:48 - 2011-08-26 14:23 - 000000528 _____ C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
2019-11-04 12:43 - 2011-08-26 14:23 - 000000466 _____ C:\Windows\Tasks\SystemToolsDailyTest.job
2019-11-04 12:19 - 2011-09-05 12:53 - 000000000 ____D C:\Users\CDAC
2019-11-04 12:10 - 2011-09-22 14:28 - 000000000 ____D C:\Program Files (x86)\Google
2019-11-04 12:04 - 2011-09-22 14:29 - 000000000 ____D C:\Users\CDAC\AppData\Local\Google
2019-11-04 11:24 - 2019-01-10 15:23 - 000000000 ____D C:\SUKESHINI-PERSONAL
2019-11-04 11:20 - 2015-02-02 11:44 - 000000000 __SHD C:\$360Section
2019-11-04 11:20 - 2014-03-12 16:40 - 000000000 ____D C:\cygwin64
2019-11-04 11:20 - 2012-03-13 11:19 - 000000000 ____D C:\hp LaserJet 3015-3020-3030-3380
2019-11-04 11:20 - 2011-08-26 13:20 - 000000000 ____D C:\mfg
2019-11-04 11:18 - 2009-07-14 10:15 - 000031296 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2019-11-04 11:18 - 2009-07-14 10:15 - 000031296 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2019-11-04 11:16 - 2015-05-22 11:49 - 000000000 ____D C:\ProgramData\Kaspersky Lab
2019-11-04 11:06 - 2016-05-13 12:24 - 000000000 ____D C:\Users\CDAC\AppData\Roaming\WhatsApp
2019-11-04 10:55 - 2019-01-02 14:43 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Endpoint Security for Windows
2019-11-04 10:55 - 2009-07-14 08:50 - 000000000 ____D C:\Windows\inf
2019-11-04 10:08 - 2017-02-07 18:07 - 000000000 ____D C:\Users\CDAC\AppData\LocalLow\Mozilla
2019-11-04 10:04 - 2013-06-10 09:34 - 000000350 _____ C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv.job
2019-11-04 10:04 - 2013-06-03 09:55 - 000000350 _____ C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job
2019-11-04 10:04 - 2009-07-14 10:38 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2019-11-01 18:27 - 2009-07-14 10:43 - 000786730 _____ C:\Windows\system32\PerfStringBackup.INI
2019-11-01 18:19 - 2015-03-23 13:58 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2019-11-01 14:50 - 2011-08-26 14:25 - 000002028 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo ThinkVantage Tools.lnk
2019-11-01 14:45 - 2015-02-02 11:30 - 000000000 ____D C:\Program Files (x86)\XTab
2019-11-01 14:44 - 2013-08-19 10:53 - 000000000 ____D C:\ProgramData\APN
2019-11-01 10:20 - 2014-06-05 13:42 - 000002270 _____ C:\Users\ExtAccess\Desktop\Google Chrome.lnk
2019-11-01 10:20 - 2014-06-05 13:42 - 000001129 _____ C:\Users\ExtAccess\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2019-11-01 10:20 - 2014-06-05 13:36 - 000002266 _____ C:\Users\Guest\Desktop\Google Chrome.lnk
2019-11-01 10:20 - 2014-03-20 15:27 - 000001129 _____ C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2019-11-01 10:20 - 2013-03-01 18:14 - 000001129 _____ C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2019-11-01 10:20 - 2011-09-05 12:55 - 000001129 _____ C:\Users\CDAC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2019-10-31 10:52 - 2015-01-22 12:27 - 000000000 ____D C:\ProgramData\{f73bbec4-bca3-98cf-f73b-bbec4bcafb12}
2019-10-31 10:47 - 2015-01-22 12:29 - 000000000 ____D C:\ProgramData\nialldkckmmokipbpkfocmngfblbjfkg
2019-10-31 10:41 - 2015-08-06 18:50 - 000000000 ____D C:\ProgramData\bdecoijdafbkbhihjjijodahdiifgjlb
2019-10-31 10:41 - 2015-07-30 09:59 - 000000000 ____D C:\ProgramData\fmhcpjeijcocfbldjfonigfoglmbihii
2019-10-31 10:41 - 2015-01-22 12:28 - 000000000 ____D C:\ProgramData\bbmdikgjidhcohknelkhdbcncmceapla
2019-10-31 10:35 - 2011-02-15 15:12 - 000008192 _____ C:\BOOTSECT.BAK
2019-10-31 10:00 - 2009-07-14 10:38 - 000032548 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2019-10-31 09:40 - 2019-08-01 10:12 - 000000000 ____D C:\Users\CDAC\AppData\Local\IIIQF
2019-10-31 09:37 - 2011-09-05 12:54 - 000000000 ____D C:\Users\CDAC\AppData\LocalLow\VeriSign
2019-10-30 17:08 - 2014-06-05 13:42 - 000000000 ____D C:\Users\ExtAccess\AppData\Roaming\Subversion
2019-10-30 17:08 - 2014-06-05 13:42 - 000000000 ____D C:\Users\ExtAccess\AppData\LocalLow\VeriSign
2019-10-30 17:08 - 2014-03-20 15:27 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\Subversion
2019-10-30 17:08 - 2014-03-20 15:27 - 000000000 ____D C:\Users\Administrator\AppData\LocalLow\VeriSign
2019-10-30 17:08 - 2013-03-01 18:14 - 000000000 ____D C:\Users\Guest\AppData\Roaming\Subversion
2019-10-30 17:08 - 2013-03-01 18:14 - 000000000 ____D C:\Users\Guest\AppData\LocalLow\VeriSign
2019-10-30 17:08 - 2011-09-20 10:49 - 000000000 ___SD C:\Users\CDAC\AppData\LocalLow\Temp
2019-10-30 17:05 - 2014-06-05 13:43 - 001147576 ____H C:\Users\ExtAccess\AppData\Local\IconCache.db.nakw
2019-10-30 17:05 - 2014-03-21 13:25 - 001563682 ____H C:\Users\Administrator\AppData\Local\IconCache.db.nakw
2019-10-30 17:05 - 2014-03-20 15:29 - 000109630 _____ C:\Users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT.nakw
2019-10-30 17:05 - 2013-09-05 18:09 - 001310179 ____H C:\Users\Guest\AppData\Local\IconCache.db.nakw
2019-10-30 17:02 - 2019-03-12 15:29 - 000000496 ____H C:\Users\CDAC\Desktop\~$door Plants.docx.nakw
2019-10-30 17:02 - 2019-01-04 09:52 - 000854406 _____ C:\Users\CDAC\Desktop\putty.exe
2019-10-30 17:02 - 2018-09-12 09:58 - 000000496 ____H C:\Users\CDAC\Desktop\~$_Testing_Basic_Analytics_Usecases.doc.nakw
2019-10-30 17:02 - 2018-07-02 16:27 - 000000000 ____D C:\Users\CDAC\.idlerc
2019-10-30 17:02 - 2015-05-11 14:01 - 000012239 ___SH C:\Users\CDAC\Desktop\Folder.jpg.nakw
2019-10-30 16:57 - 2019-06-03 17:34 - 000003597 _____ C:\GUDownLoaddebug.txt.nakw
2019-10-30 16:57 - 2019-01-02 14:45 - 000000390 _____ C:\Users\CDAC\pc-client.properties.nakw
2019-10-30 16:57 - 2015-02-02 11:27 - 000243737 _____ C:\logFile.txt.nakw
2019-10-30 16:57 - 2011-10-19 10:04 - 000000411 _____ C:\ualoc.inf.nakw
2019-10-30 16:57 - 2011-08-26 14:22 - 000000000 ____D C:\swshare
2019-10-30 16:57 - 2011-08-26 14:18 - 000002638 _____ C:\RHDSetup.log.nakw
2019-10-30 16:57 - 2011-02-15 15:12 - 000000000 ____D C:\SWTOOLS
2019-10-30 16:04 - 2019-01-02 14:35 - 000000000 ____D C:\HP Universal Print Driver
2019-10-30 16:04 - 2014-06-05 13:42 - 000000000 ____D C:\Users\ExtAccess
2019-10-30 16:04 - 2014-03-20 15:27 - 000000000 ____D C:\Users\Administrator
2019-10-30 16:04 - 2014-03-13 10:43 - 000000000 ____D C:\Users\cyg_server
2019-10-30 16:04 - 2013-03-01 18:14 - 000000000 ____D C:\Users\Guest
2019-10-30 16:04 - 2012-10-30 17:48 - 000000000 ____D C:\temp
2019-10-25 14:19 - 2014-06-23 13:30 - 000000000 ____D C:\ProgramData\Package Cache
2019-10-24 14:02 - 2016-05-13 14:13 - 000000000 ____D C:\Users\CDAC\AppData\Local\WhatsApp
2019-10-23 10:22 - 2011-09-20 11:52 - 000000600 _____ C:\Users\CDAC\AppData\Local\PUTTY.RND
2019-10-14 13:31 - 2009-07-14 08:50 - 000000000 ____D C:\Windows\rescache
2019-10-14 09:43 - 2009-07-14 10:15 - 000437608 _____ C:\Windows\system32\FNTCACHE.DAT
2019-10-11 18:41 - 2009-07-14 08:50 - 000000000 ____D C:\Windows\PolicyDefinitions
2019-10-10 11:30 - 2011-09-20 10:41 - 000770596 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2019-10-10 11:28 - 2014-07-23 13:24 - 000000000 ____D C:\Windows\system32\MRT
2019-10-10 11:06 - 2014-07-23 13:24 - 127230528 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2019-10-10 09:55 - 2018-05-21 09:34 - 000004464 _____ C:\Windows\system32\Tasks\Adobe Flash Player NPAPI Notifier
2019-10-10 09:55 - 2016-08-29 15:21 - 000004312 _____ C:\Windows\system32\Tasks\Adobe Flash Player Updater
2019-10-10 09:55 - 2015-09-03 12:56 - 000842296 _____ (Adobe) C:\Windows\SysWOW64\FlashPlayerApp.exe
2019-10-10 09:55 - 2015-09-03 12:56 - 000175160 _____ (Adobe) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2019-10-10 09:55 - 2011-10-12 10:40 - 000000000 ____D C:\Windows\system32\Macromed
2019-10-10 09:55 - 2011-09-26 17:19 - 000000000 ____D C:\Windows\SysWOW64\Macromed

==================== Files in the root of some directories ========

2015-08-11 18:00 - 2015-08-24 19:15 - 000000102 _____ () C:\Users\CDAC\AppData\Roaming\Camdata.ini
2015-08-11 18:00 - 2015-08-24 19:15 - 000000408 _____ () C:\Users\CDAC\AppData\Roaming\CamLayout.ini
2015-08-11 18:00 - 2015-08-24 19:15 - 000000408 _____ () C:\Users\CDAC\AppData\Roaming\CamShapes.ini
2015-08-11 16:41 - 2015-08-24 19:15 - 000004509 _____ () C:\Users\CDAC\AppData\Roaming\CamStudio.cfg
2015-08-17 10:16 - 2015-08-17 10:16 - 000000000 _____ () C:\Users\CDAC\AppData\Roaming\CamStudio.Producer.Data.ini
2015-08-17 10:16 - 2015-08-17 10:16 - 000001206 _____ () C:\Users\CDAC\AppData\Roaming\CamStudio.Producer.ini
2014-05-27 15:00 - 2015-02-02 12:42 - 000000102 _____ () C:\Users\CDAC\AppData\Roaming\WB.CFG
2011-09-20 10:37 - 2019-07-29 09:46 - 000000600 _____ () C:\Users\CDAC\AppData\Roaming\winscp.rnd
2019-10-30 15:54 - 2019-10-30 15:54 - 000000560 _____ () C:\Users\CDAC\AppData\Local\bowsakkdestx.txt
2015-05-20 17:49 - 2016-11-10 14:08 - 000008192 _____ () C:\Users\CDAC\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-10-10 18:09 - 2013-10-10 18:09 - 000004096 ____H () C:\Users\CDAC\AppData\Local\keyfile3.drm
2011-09-20 11:52 - 2019-10-23 10:22 - 000000600 _____ () C:\Users\CDAC\AppData\Local\PUTTY.RND
2015-01-07 15:10 - 2015-01-07 15:10 - 000007602 _____ () C:\Users\CDAC\AppData\Local\Resmon.ResmonCfg
2011-09-27 14:23 - 2011-09-27 14:23 - 000000000 _____ () C:\Users\CDAC\AppData\Local\{0DCDAE10-1796-458E-83B7-8F4D7756789F}

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

ATTENTION: ==> Could not access BCD. ->

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01-11-2019
Ran by CDAC (04-11-2019 12:51:04)
Running from C:\Users\CDAC\Desktop
Windows 7 Professional Service Pack 1 (X64) (2011-09-05 07:23:06)
Boot Mode: Normal

==================== Accounts: =============================

Administrator (S-1-5-21-1804532944-4144280375-3397209908-500 - Administrator - Enabled) => C:\Users\Administrator
CDAC (S-1-5-21-1804532944-4144280375-3397209908-1000 - Administrator - Enabled) => C:\Users\CDAC
cyg_server (S-1-5-21-1804532944-4144280375-3397209908-1002 - Administrator - Enabled)
ExtAccess (S-1-5-21-1804532944-4144280375-3397209908-1001 - Limited - Enabled) => C:\Users\ExtAccess
Guest (S-1-5-21-1804532944-4144280375-3397209908-501 - Limited - Disabled) => C:\Users\Guest

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Disabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Kaspersky Endpoint Security for Windows (Enabled - Up to date) {0AB30972-4BAC-7BEE-CBCA-B8F9E68797D8}
AS: Kaspersky Endpoint Security for Windows (Enabled - Up to date) {B1D2E896-6D96-7460-F17A-838B9D00DD65}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Disabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
FW: Kaspersky Endpoint Security for Windows (Enabled) {32888857-01C3-7AB6-E095-11CC1854D0A3}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

64 Bit HP CIO Components Installer (HKLM\...\{13DA9C7C-EBFB-40D0-94A1-55B42883DF21}) (Version: 21.2.1 - HP Inc.) Hidden
Adobe Flash Player 32 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: - Adobe)
ApowerRecover V1.0.7.0 (HKLM-x32\...\{09532c8c-61a2-444a-b201-55d90b0019b6}_is1) (Version: - Apowersoft LIMITED)
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 19.8.2393 - AVAST Software)
Belarc Advisor 8.4 (HKLM-x32\...\Belarc Advisor) (Version: - Belarc Inc.)
Create Recovery Media (HKLM-x32\...\{50DC5136-21E8-48BC-97E5-1AD055F6B0B6}) (Version: - Lenovo Group Limited)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
doPDF 7.3 printer (HKLM\...\doPDF 7 printer_is1) (Version: - Softland)
GOM Player (HKLM-x32\...\GOM Player) (Version: - Gretech Corporation)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 78.0.3904.87 - Google LLC)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: - Google LLC) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: - Google Inc.) Hidden
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: - Intel Corporation)
Intel(R) Identity Protection Technology (HKLM-x32\...\{C01A86F5-56E7-101F-9BC9-E3F1025EB779}) (Version: - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: - Intel Corporation)
Intel(R) Network Connections (HKLM\...\PROSetDX) (Version: - Intel)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: - Intel Corporation)
Java 8 Update 201 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180201F0}) (Version: 8.0.2010.9 - Oracle Corporation)
Junk Mail filter update (HKLM-x32\...\{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Kaspersky Endpoint Security for Windows (HKLM-x32\...\{E7012AFE-DB97-4B8B-9513-E98C0C3AACE3}) (Version: - AO Kaspersky Lab)
Kaspersky Security Center Network Agent (HKLM-x32\...\{BCF4CF24-88AB-45E1-A6E6-40C8278A70C5}) (Version: 10.2.434 - Kaspersky Lab) Hidden
Kaspersky Security Center Network Agent (HKLM-x32\...\InstallWIX_{BCF4CF24-88AB-45E1-A6E6-40C8278A70C5}) (Version: 10.2.434 - Kaspersky Lab)
Lenovo ThinkVantage Toolbox (HKLM\...\PC-Doctor for Windows) (Version: 6.0.5802.24 - PC-Doctor, Inc.)
Main service (HKLM-x32\...\{EF758C50-5FA2-4B0A-86D3-8B65B176BC53}) (Version: - )
Malwarebytes version (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: - Malwarebytes)
McAfee Ransomware Decryption Tool (HKLM\...\{3D05780B-9745-4E84-9004-B1B45C8BC511}) (Version: 1.0.0 - Mcafee)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: - McAfee, Inc.)
Mesh Runtime (HKLM-x32\...\{8C6D6116-B724-4810-8F2D-D047E6B7D68E}) (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.7.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.03062 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Professional Plus 2007 (HKLM-x32\...\PROPLUS) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Mozilla Firefox 70.0.1 (x64 en-US) (HKLM\...\Mozilla Firefox 70.0.1 (x64 en-US)) (Version: 70.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 60.0.1 - Mozilla)
Nitro Pro 9 (HKLM\...\{CADDD0B5-441A-4D92-81FE-995247045A2B}) (Version: - Nitro) Hidden
Nitro Pro 9 (HKLM-x32\...\{0e40cd18-c342-4b40-9838-21a952006ffb}) (Version: - Nitro)
OnePlus USB Drivers 1.00 (HKLM-x32\...\OnePlus USB Drivers 1.00) (Version: 1.00 - OnePlus, Inc)
PaperCut NG Client (HKLM-x32\...\PaperCut NG Client_is1) (Version: - PaperCut Software International Pty Ltd)
QuickWordtoPDF (HKLM-x32\...\QuickWordtoPDF) (Version: - QuickWordtoPDF)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: - Realtek Semiconductor Corp.)
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: - SAMSUNG Electronics Co., Ltd.)
SpyHunter 5 (HKLM-x32\...\SpyHunter5) (Version: - EnigmaSoft Limited)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
VIPAccess (HKLM-x32\...\{E8D46836-CD55-453C-A107-A59EC51CB8DC}) (Version: - VeriSign)
WhatsApp (HKU\S-1-5-21-1804532944-4144280375-3397209908-1000\...\WhatsApp) (Version: 0.3.5374 - WhatsApp)
Windows Driver Package - Intel (e1cexpress) Net (10/28/2010 (HKLM\...\33578DFEAE1902A99A8B4BCA152C575FAD4F89AB) (Version: 10/28/2010 - Intel)
Windows Driver Package - Intel (MEIx64) System (10/19/2010 (HKLM\...\90FD26A77B849AE03FF5F07A1CDA7F950406A8D8) (Version: 10/19/2010 - Intel)
Windows Driver Package - Intel (Serial) Ports (09/11/2010 (HKLM\...\60AA07B90120773D0136B9053062BA64BF91E74E) (Version: 09/11/2010 - Intel)
Windows Driver Package - Intel Corporation (igfx) Display (01/07/2011 (HKLM\...\812A7B18A108DDFB30CF501D85DF544856235AE0) (Version: 01/07/2011 - Intel Corporation)
Windows Driver Package - Intel System (09/10/2010 (HKLM\...\0CDBDD444A1F5FFEA227B4E7DCE195F11F08240A) (Version: 09/10/2010 - Intel)
Windows Driver Package - Intel System (09/10/2010 (HKLM\...\A513FC5E5A08D4EF27F234E91E0E942A0234210B) (Version: 09/10/2010 - Intel)
Windows Driver Package - Intel System (10/04/2010 (HKLM\...\FE1BEBFD475BB832AAF104F5C63348E98A9286DF) (Version: 10/04/2010 - Intel)
Windows Driver Package - Intel USB (09/16/2010 (HKLM\...\D97688B8E3830BF9820E15EB8D9552DCBF988CFD) (Version: 09/16/2010 - Intel)
Windows Driver Package - Intel(R) Corporation (IntcDAud) MEDIA (10/15/2010 (HKLM\...\890C043ACD460E71DEA497811D5B5FEEA1938DBC) (Version: 10/15/2010 - Intel(R) Corporation)
Windows Driver Package - OnePlus, Inc. (WinUSB) AndroidUsbDeviceClass (05/24/2012 6.0.0000.00000) (HKLM\...\45F0494FFE4F917A43E7F8EC9B2D43560396A625) (Version: 05/24/2012 6.0.0000.00000 - OnePlus, Inc.)
Windows Driver Package - Realtek Semiconductor Corp. HD Audio Driver (10/19/2010 (HKLM\...\3FEEA27704F3229321FB15D4362791365C3B41E6) (Version: 10/19/2010 - Realtek Semiconductor Corp.)
Windows Driver Package - Realtek Semiconductor Corp. HD Audio Driver (10/19/2010 (HKLM\...\ABEA5F45A25946E4C919F3EB9D7BEB633A0148B2) (Version: 10/19/2010 - Realtek Semiconductor Corp.)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
WinSCP 4.3.5 (HKLM-x32\...\winscp3_is1) (Version: 4.3.5 - Martin Prikryl)
Xmanager Enterprise 5 (HKLM-x32\...\{6B122522-0A5C-455F-A0C2-C5700F66FDF5}) (Version: 5.0.0662 - NetSarang Computer, Inc.) Hidden
Xmanager Enterprise 5 (HKLM-x32\...\InstallShield_{6B122522-0A5C-455F-A0C2-C5700F66FDF5}) (Version: 5.0.0662 - NetSarang Computer, Inc.)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-11-04] (AVAST Software s.r.o. -> AVAST Software)
ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => -> No File
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-11-04] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [DSCtxMenu] -> {209158E9-FF14-41D6-B3C4-70861BB3FFFA} => -> No File
ContextMenuHandlers1: [Glary Utilities] -> {B3C418F8-922B-4faf-915E-59BC14448CF7} => C:\Program Files (x86)\Glary Utilities 5\x64\ContextHandler.dll -> No File
ContextMenuHandlers1: [Kaspersky Anti-Virus] -> {dd230880-495a-11d1-b064-008048ec2fc5} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Endpoint Security for Windows\x64\ShellEx.dll [2018-03-22] (Kaspersky Lab -> AO Kaspersky Lab)
ContextMenuHandlers1: [NP8ShellExtension] -> {9C4B85B8-956C-49BF-9BA5-101384E562B2} => C:\Program Files\Nitro\Pro 9\NPShellExtension.dll [2014-05-22] (Nitro PDF Software -> Nitro PDF)
ContextMenuHandlers2: [Glary Utilities] -> {B3C418F8-922B-4faf-915E-59BC14448CF7} => C:\Program Files (x86)\Glary Utilities 5\x64\ContextHandler.dll -> No File
ContextMenuHandlers2: [Kaspersky Anti-Virus] -> {dd230880-495a-11d1-b064-008048ec2fc5} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Endpoint Security for Windows\x64\ShellEx.dll [2018-03-22] (Kaspersky Lab -> AO Kaspersky Lab)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-11-04] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-06-26] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers4: [Kaspersky Anti-Virus] -> {dd230880-495a-11d1-b064-008048ec2fc5} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Endpoint Security for Windows\x64\ShellEx.dll [2018-03-22] (Kaspersky Lab -> AO Kaspersky Lab)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2011-01-07] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-11-04] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers6: [Glary Utilities] -> {B3C418F8-922B-4faf-915E-59BC14448CF7} => C:\Program Files (x86)\Glary Utilities 5\x64\ContextHandler.dll -> No File
ContextMenuHandlers6: [Kaspersky Anti-Virus] -> {dd230880-495a-11d1-b064-008048ec2fc5} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Endpoint Security for Windows\x64\ShellEx.dll [2018-03-22] (Kaspersky Lab -> AO Kaspersky Lab)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-06-26] (Malwarebytes Corporation -> Malwarebytes)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

WMI:subscription\__EventFilter->BVTFilter::[Query => SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99]
WMI:subscription\CommandLineEventConsumer->BVTConsumer::[CommandLineTemplate => cscript KernCap.vbs][WorkingDirectory => C:\\tools\\kernrate]

==================== Loaded Modules (Whitelisted) =============
Active Member
Posts: 1
Joined: November 4th, 2019, 3:11 am
Register to Remove

Re: .nakw Ransomware Malware

Unread postby pgmigg » November 5th, 2019, 2:25 pm

Hello Sukeshini,

.NAKW is one of the latest variations of STOP Ransomware which is an infection which encrypts your files, and then extracts a Ransom for decrypting them.

The experts with this particular type of infection can be found at Bleeping Computer and THIS link to their support topic for StopRansomware.

As far as I'm aware, at present there is no decryptor available for NAKW infections, and the only way to decrypt the files is by paying the ransom. Personally I would not recommend anyone doing that, as there is no guarantee that payment of the ransom will result in the restoration of your files. The people who have created this infection are criminals, and are definitely not to be trusted. Paying them also motivates them to perpetuate their criminal activities.

Lastly, the situation with Ransomware infections is always fluid, and I am not fully conversant with what decryptors may or may not be currently available, so please follow the instructions in the topic I've linked you to, and then open a help topic at Bleeping Computer, and wait for assistance.

Good luck,
User avatar
Posts: 5501
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

  • Similar Topics
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!

Who is online

Users browsing this forum: No registered users and 145 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware