Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected by a password-stealing trojan


  • This topic is locked This topic is locked
35 replies to this topic

#1 Malickfan86

Malickfan86

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:08:33 PM

Posted 03 December 2014 - 02:22 PM

Hi,

 

This started last night when I tried downloading some software and ran a Windows Defender scan on it before opening it. That didn't really work. I found a running process called Auftrittsscheuer8. I ran Malwarebytes Anti-Malware and found out that I was infected with Spyware.Zbot.ED and Trojan.Agent.FSAVXGen. ESET Online Scanner found eight infections, including a few trojans, and Sathurbot.A and Sathurbot.D. Finally, Windows Defender told me that I have several instances of PWS:Win32/Zbot, PWS:Win32/Zbot.gen!AP, and PWS:Win32/Zbot.gen!plock. I removed them and disabled the mysterious start-up process Nezuymk. When I restarted, there were two registry errors of missing files having to do with an infected file and something to do with iTunes. I will screenshot it if I see it again.

 

I couldn't run DDS since I'm on Windows 8.1 64-bit, so logs from FRST are to follow.



BC AdBot (Login to Remove)

 


m

#2 Malickfan86

Malickfan86
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:08:33 PM

Posted 03 December 2014 - 02:44 PM

Here are the contents of FRST.txt:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-12-2014
Ran by Raj (administrator) on RAJ-PC on 03-12-2014 13:05:53
Running from C:\Users\Raj\Downloads
Loaded Profile: Raj (Available profiles: Raj & Mcx1-RAJ-PC)
Platform: Windows 8.1 Pro with Media Center (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(HP) C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Stardock Software, Inc) C:\Program Files (x86)\Stardock\Start8\Start8Srv.exe
(Stardock Software, Inc) C:\Program Files (x86)\Stardock\Start8\Start8_64.exe
(SMSC) C:\Program Files\SGFX\sgfxmgr.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
(AuthenTec Inc.) C:\Program Files (x86)\HP SimplePass\TouchControl.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corp.) C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files (x86)\Roxio\BackOnTrack\App\BService.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Rosetta Stone Ltd.) C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneDaemon.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe
() C:\Windows\System32\valWBFPolicyService.exe
(Western Digital) C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler64.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
() C:\Program Files (x86)\HP SimplePass\IEWebSiteLogon.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Incendo Technology) C:\Program Files (x86)\Vectir\Vectir.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Spotify Ltd) C:\Users\Raj\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Acronis) C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\HPNetworkCommunicatorCom.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
() C:\Program Files (x86)\Roxio Creator NXT\Roxio Burn\RoxioBurnLauncher.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(AuthenTec, Inc.) C:\Program Files\Common Files\AuthenTec\TrueService.exe
(AuthenTec, Inc.) C:\Program Files\Common Files\AuthenTec\TrueService.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\livecomm.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated)
HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [403328 2012-08-23] (Acronis)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3053808 2013-04-24] (Synaptics Incorporated)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1664000 2012-10-24] (IDT, Inc.)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [287592 2013-11-21] (Intel Corporation)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3100440 2014-05-19] (Logitech, Inc.)
HKLM-x32\...\Run: [SgfxConfig] => C:\Program Files\SGFX\sgfxconfig.exe [2233080 2013-01-11] ()
HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [580512 2012-08-24] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [AcronisTibMounterMonitor] => C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe [941440 2012-07-24] (Acronis)
HKLM-x32\...\Run: [TrueImageMonitor.exe] => C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [6010264 2012-08-23] (Acronis)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3499896 2014-05-08] (Adobe Systems Inc.)
HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [448856 2014-08-19] (DivX, LLC)
HKLM-x32\...\Run: [CLMLServer_For_P2G8] => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111576 2013-08-05] (CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [490760 2013-08-06] (CyberLink Corp.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [BingDesktop] => C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe [2368736 2014-06-04] (Microsoft Corp.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM\...\RunOnce: [NCPluginUpdater] => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [21720 2014-11-11] (Hewlett-Packard)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKU\S-1-5-21-1170371211-3377574443-1108615615-1003\...\Run: [Vectir] => C:\Program Files (x86)\Vectir\Vectir.exe [1921536 2014-10-26] (Incendo Technology)
HKU\S-1-5-21-1170371211-3377574443-1108615615-1003\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [22869088 2014-10-21] (Google)
HKU\S-1-5-21-1170371211-3377574443-1108615615-1003\...\Run: [HP Deskjet 3050 J610 series (NET)] => C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-1170371211-3377574443-1108615615-1003\...\Run: [Power2GoExpress8] => C:\Program Files (x86)\CyberLink\Power2Go8\Power2GoExpress8.exe [1713416 2013-08-06] (CyberLink Corp.)
HKU\S-1-5-21-1170371211-3377574443-1108615615-1003\...\Run: [Spotify Web Helper] => C:\Users\Raj\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1514040 2014-10-09] (Spotify Ltd)
HKU\S-1-5-21-1170371211-3377574443-1108615615-1003\...\Run: [OfficeSyncProcess] => C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE [720064 2014-10-14] (Microsoft Corporation)
HKU\S-1-5-21-1170371211-3377574443-1108615615-1003\...\Run: [YfmPack] => regsvr32.exe C:\Users\Raj\AppData\Local\YfmPack\ITunesInterval.dll <===== ATTENTION
HKU\S-1-5-21-1170371211-3377574443-1108615615-1003\...\Run: [Ugtmedia] => C:\Windows\SysWOW64\regsvr32.exe C:\Users\Raj\AppData\Local\UPmedia\vsMapObj.dll
HKU\S-1-5-21-1170371211-3377574443-1108615615-1003\...\Run: [Caymliqezeor] => "C:\Users\Raj\AppData\Roaming\Cyehmivy\nezuymk.exe"
Startup: C:\Users\Raj\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Deskjet 3050 J610 series (Network).lnk
ShortcutTarget: Monitor Ink Alerts - HP Deskjet 3050 J610 series (Network).lnk -> C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
ShellIconOverlayIdentifiers: [1SecureIconsProvider] -> {FC9D8189-520A-4417-AED7-9EAC810C6FBA} => C:\ProgramData\Microsoft\Secure\Icons\SecureIconsProvider.dll ()
ShellIconOverlayIdentifiers: [AcronisSyncError] -> {934BC6C0-FEC2-4df5-A100-961DE2C8A0ED} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll (Acronis)
ShellIconOverlayIdentifiers: [AcronisSyncInProgress] -> {00F848DC-B1D4-4892-9C25-CAADC86A215D} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll (Acronis)
ShellIconOverlayIdentifiers: [AcronisSyncOk] -> {71573297-552E-46fc-BE3D-3DFAF88D47B7} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll (Acronis)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-1170371211-3377574443-1108615615-1003\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPCON13/4
HKU\S-1-5-21-1170371211-3377574443-1108615615-1003\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPCON13/4
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPCON13/4
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPCON13/4
SearchScopes: HKLM -> {59799CB9-8EFC-4091-B4F4-5180DEEB883F} URL = http://www.amazon.ca/s/ref=azs_osd_ieaca?ie=UTF-8&tag=hp-ca2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/706-156705-11896-0/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope value is missing.
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/706-156705-11896-0/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKU\S-1-5-21-1170371211-3377574443-1108615615-1003 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/706-156705-11896-0/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll (Logitech, Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll (Logitech, Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
DPF: HKLM-x32 {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect1261.cab
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
DPF: HKLM-x32 {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.5.13.0.cab
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Winsock: Catalog5 08 C:\WINDOWS\SysWOW64\wlidNSP.dll [50176] (Microsoft Corporation)
Winsock: Catalog5 09 C:\WINDOWS\SysWOW64\wlidNSP.dll [50176] (Microsoft Corporation)
Winsock: Catalog5-x64 08 C:\WINDOWS\system32\wlidnsp.dll [74240] (Microsoft Corporation)
Winsock: Catalog5-x64 09 C:\WINDOWS\system32\wlidnsp.dll [74240] (Microsoft Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{8718928D-CBEB-45EA-A621-800A9249001D}: [NameServer] 8.8.8.8,8.8.8.8
Tcpip\..\Interfaces\{AC74E177-9AE9-48E6-A25F-D1D4D682EE94}: [NameServer] 8.8.8.8,8.8.8.8
Tcpip\..\Interfaces\{B73B1337-CE1E-4920-8E15-93DBA00FF191}: [NameServer] 8.8.8.8,8.8.8.8
Tcpip\..\Interfaces\{C3FE5B8F-58ED-41B0-BAF3-7569E9010A5D}: [NameServer] 8.8.8.8,8.8.8.8
Tcpip\..\Interfaces\{D4B0ABEC-1C9C-4E06-93EF-B1F39CFE97FC}: [NameServer] 8.8.8.8,8.8.8.8

FireFox:
========
FF ProfilePath: C:\Users\Raj\AppData\Roaming\Mozilla\Firefox\Profiles\a424ksis.default
FF SearchEngineOrder.3: Bing
FF SelectedSearchEngine: Google
FF Homepage: hxxp://news.bbc.co.uk/
FF Keyword.URL: hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_15_0_0_239.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.0.7 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_239.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1213153.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @authentec.com/ffwloplugin -> C:\Program Files (x86)\HP SimplePass\npffwloplugin.dll ( HP)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3522.0110 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin-x32: adobe.com/AdobeExManDetect -> C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll No File
FF Plugin HKU\S-1-5-21-1170371211-3377574443-1108615615-1003: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Raj\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll No File
FF Plugin HKU\S-1-5-21-1170371211-3377574443-1108615615-1003: hp.com/HPDetect -> C:\Users\Raj\AppData\Roaming\HewlettPackard\HPDetect\1.0.0.0\npHPDetect.dll (HP)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF SearchPlugin: C:\Users\Raj\AppData\Roaming\Mozilla\Firefox\Profiles\a424ksis.default\searchplugins\dictionary.xml
FF SearchPlugin: C:\Users\Raj\AppData\Roaming\Mozilla\Firefox\Profiles\a424ksis.default\searchplugins\facebook.xml
FF SearchPlugin: C:\Users\Raj\AppData\Roaming\Mozilla\Firefox\Profiles\a424ksis.default\searchplugins\firefox-add-ons.xml
FF SearchPlugin: C:\Users\Raj\AppData\Roaming\Mozilla\Firefox\Profiles\a424ksis.default\searchplugins\google-play.xml
FF SearchPlugin: C:\Users\Raj\AppData\Roaming\Mozilla\Firefox\Profiles\a424ksis.default\searchplugins\hulu.xml
FF SearchPlugin: C:\Users\Raj\AppData\Roaming\Mozilla\Firefox\Profiles\a424ksis.default\searchplugins\imdb.xml
FF SearchPlugin: C:\Users\Raj\AppData\Roaming\Mozilla\Firefox\Profiles\a424ksis.default\searchplugins\itunes.xml
FF SearchPlugin: C:\Users\Raj\AppData\Roaming\Mozilla\Firefox\Profiles\a424ksis.default\searchplugins\kickassto.xml
FF SearchPlugin: C:\Users\Raj\AppData\Roaming\Mozilla\Firefox\Profiles\a424ksis.default\searchplugins\linkedin.xml
FF SearchPlugin: C:\Users\Raj\AppData\Roaming\Mozilla\Firefox\Profiles\a424ksis.default\searchplugins\LiveSearch.xml
FF SearchPlugin: C:\Users\Raj\AppData\Roaming\Mozilla\Firefox\Profiles\a424ksis.default\searchplugins\netflixcom.xml
FF SearchPlugin: C:\Users\Raj\AppData\Roaming\Mozilla\Firefox\Profiles\a424ksis.default\searchplugins\search.xml
FF SearchPlugin: C:\Users\Raj\AppData\Roaming\Mozilla\Firefox\Profiles\a424ksis.default\searchplugins\thesaurus---referencecom.xml
FF SearchPlugin: C:\Users\Raj\AppData\Roaming\Mozilla\Firefox\Profiles\a424ksis.default\searchplugins\youtube.xml
FF Extension: Canadian English Dictionary - C:\Users\Raj\AppData\Roaming\Mozilla\Firefox\Profiles\a424ksis.default\Extensions\en-CA@dictionaries.addons.mozilla.org [2014-10-09]
FF Extension: Fast Dial - C:\Users\Raj\AppData\Roaming\Mozilla\Firefox\Profiles\a424ksis.default\Extensions\fastdial@telega.phpnet.us [2014-09-24]
FF Extension: Pocket - C:\Users\Raj\AppData\Roaming\Mozilla\Firefox\Profiles\a424ksis.default\Extensions\isreaditlater@ideashower.com [2014-07-10]
FF Extension: IE Tab 2 (FF 3.6+) - C:\Users\Raj\AppData\Roaming\Mozilla\Firefox\Profiles\a424ksis.default\Extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB} [2014-01-06]
FF Extension: AddThis - C:\Users\Raj\AppData\Roaming\Mozilla\Firefox\Profiles\a424ksis.default\Extensions\{3e0e7d2a-070f-4a47-b019-91fe5385ba79} [2013-05-15]
FF Extension: HP Detect - C:\Users\Raj\AppData\Roaming\Mozilla\Firefox\Profiles\a424ksis.default\Extensions\{ab91efd4-6975-4081-8552-1b3922ed79e2} [2013-09-09]
FF Extension: Add to Amazon Wish List Button - C:\Users\Raj\AppData\Roaming\Mozilla\Firefox\Profiles\a424ksis.default\Extensions\amznUWL2@amazon.com.xpi [2014-01-16]
FF Extension: InvisibleHand - C:\Users\Raj\AppData\Roaming\Mozilla\Firefox\Profiles\a424ksis.default\Extensions\canitbecheaper@trafficbroker.co.uk.xpi [2013-05-15]
FF Extension: feedly - C:\Users\Raj\AppData\Roaming\Mozilla\Firefox\Profiles\a424ksis.default\Extensions\feedly@devhd.xpi [2014-01-19]
FF Extension: FireGestures - C:\Users\Raj\AppData\Roaming\Mozilla\Firefox\Profiles\a424ksis.default\Extensions\firegestures@xuldev.org.xpi [2013-05-15]
FF Extension: FoxyScrobbler - C:\Users\Raj\AppData\Roaming\Mozilla\Firefox\Profiles\a424ksis.default\Extensions\foxyscrobbler@baluvaithinathan.com.xpi [2014-02-07]
FF Extension: Locationbar&#178; - C:\Users\Raj\AppData\Roaming\Mozilla\Firefox\Profiles\a424ksis.default\Extensions\locationbar2@design-noir.de.xpi [2013-05-15]
FF Extension: Personas Plus - C:\Users\Raj\AppData\Roaming\Mozilla\Firefox\Profiles\a424ksis.default\Extensions\personas@christopher.beard.xpi [2013-05-15]
FF Extension: FlashGot - C:\Users\Raj\AppData\Roaming\Mozilla\Firefox\Profiles\a424ksis.default\Extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi [2014-07-01]
FF Extension: StumbleUpon - C:\Users\Raj\AppData\Roaming\Mozilla\Firefox\Profiles\a424ksis.default\Extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}.xpi [2013-05-15]
FF Extension: Adblock Plus - C:\Users\Raj\AppData\Roaming\Mozilla\Firefox\Profiles\a424ksis.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-05-15]
FF Extension: Tab Mix Plus - C:\Users\Raj\AppData\Roaming\Mozilla\Firefox\Profiles\a424ksis.default\Extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi [2013-05-15]
FF Extension: Greasemonkey - C:\Users\Raj\AppData\Roaming\Mozilla\Firefox\Profiles\a424ksis.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2013-05-15]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-07-14]
FF Extension: TrueSuite Website Logon - C:\Program Files (x86)\Mozilla Firefox\distribution\bundles\websitelogon@truesuite.com [2014-06-16]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2014-03-24]
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2014-07-01]
FF Extension: No Name - {F003DA68-8256-4b37-A6C4-350FA04494DF} [Not Found]

Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2014-05-08]
CHR HKLM-x32\...\Chrome\Extension: [kanflfepiobnpjbljmngfgegijhdpljm] - C:\Program Files (x86)\HP SimplePass\tschrome.crx [2013-04-01]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S4 9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269; C:\Program Files (x86)\Roxio\BackOnTrack\App\SaibSVC.exe [457360 2012-06-20] ()
R2 BingDesktopUpdate; C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [173792 2014-06-04] (Microsoft Corp.)
R2 BOT4Service; C:\Program Files (x86)\Roxio\BackOnTrack\App\BService.exe [22160 2012-07-11] ()
R3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-28] (Microsoft Corporation)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 FPLService; C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe [1641768 2013-06-07] (HP)
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]
S4 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [49464 2014-05-21] (Hewlett-Packard Company)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-11-21] (Intel Corporation)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-03] (Macrovision Corporation) [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation)
R2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 PnkBstrA; C:\WINDOWS\SysWOW64\PnkBstrA.exe [76888 2013-10-28] ()
R2 RoxioBurnLauncher; C:\Program Files (x86)\Roxio Creator NXT\Roxio Burn\RoxioBurnLauncher.exe [535184 2012-07-05] ()
S4 RoxMediaDB14; C:\Program Files (x86)\Roxio Creator NXT\Common\RoxMediaDB14.exe [1096848 2012-07-18] (Corel Corporation)
S4 RoxWatch14; C:\Program Files (x86)\Roxio Creator NXT\Common\RoxWatch14.exe [341136 2012-07-18] (Corel Corporation)
S3 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1229528 2013-12-06] (Secunia)
R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [662232 2013-12-06] (Secunia)
R2 SGFXMgr; C:\Program Files\SGFX\sgfxmgr.exe [8480256 2013-01-10] (SMSC) [File not signed]
R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [327680 2012-10-24] (IDT, Inc.) [File not signed]
R2 Start8; C:\Program Files (x86)\Stardock\Start8\Start8Srv.exe [143288 2014-06-18] (Stardock Software, Inc)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R3 TrueService; C:\Program Files\Common Files\AuthenTec\TrueService.exe [401856 2013-01-07] (AuthenTec, Inc.)
R2 valWBFPolicyService; C:\Windows\system32\valWBFPolicyService.exe [28160 2012-09-06] () [File not signed]
S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2013-10-19] (Microsoft Corporation)
R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [248248 2012-09-06] (Western Digital)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-21] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-21] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 BthA2DP; C:\Windows\system32\drivers\BthA2DP.sys [131328 2014-10-08] (Microsoft Corporation)
R3 BthHFAud; C:\Windows\System32\drivers\BthHfAud.sys [32768 2014-10-08] (Microsoft Corporation)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
R3 btmaux; C:\Windows\system32\DRIVERS\btmaux.sys [140600 2013-11-07] (Motorola Solutions, Inc.)
R3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1419576 2013-12-10] (Motorola Solutions, Inc.)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91712 2013-03-05] (CyberLink)
S3 HP8207_8307; C:\Windows\System32\drivers\HP8207_8307.sys [15360 2010-02-04] (Windows ® Win 7 DDK provider) [File not signed]
S3 igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys [4185600 2013-10-03] (Intel Corporation) [File not signed]
S3 INETMON; C:\WINDOWS\System32\Drivers\INETMON.sys [23936 2014-02-03] ()
S3 IntcDAud; C:\Windows\system32\DRIVERS\IntcDAud.sys [342528 2012-06-18] (Intel® Corporation) [File not signed]
S3 ISCT; C:\Windows\System32\drivers\ISCTD64.sys [47008 2013-07-30] ()
S3 libusb0; C:\Windows\system32\DRIVERS\libusb0.sys [52320 2013-08-30] (http://libusb-win32.sourceforge.net)
R3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew00.sys [3345376 2013-09-04] (Intel Corporation)
S3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2013-12-06] (Secunia)
R0 PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [56336 2012-08-12] (Corel Corporation)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [78336 2013-01-03] (Research In Motion Limited) [File not signed]
S3 RimVSerPort; C:\Windows\system32\DRIVERS\RimSerial_AMD64.sys [44544 2012-12-10] (Research in Motion Ltd)
R0 Sahdad64; C:\Windows\System32\Drivers\Sahdad64.sys [28304 2012-06-20] (Corel Corporation)
R0 Saibad64; C:\Windows\System32\Drivers\Saibad64.sys [20112 2012-06-20] (Corel Corporation)
R1 SaibVdAd64; C:\Windows\System32\Drivers\SaibVdAd64.sys [27792 2012-06-20] (Corel Corporation)
R4 sgfxk; C:\Windows\System32\drivers\sgfxk64.sys [157432 2013-01-14] (SMSC)
R0 sgfxl; C:\Windows\System32\drivers\sgfxl64.sys [18168 2013-01-14] (SMSC)
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [41272 2012-08-24] (Synaptics Incorporated)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [33008 2013-04-24] (Synaptics Incorporated)
R0 tib; C:\Windows\System32\DRIVERS\tib.sys [1120032 2013-10-19] (Acronis International GmbH)
S3 usb3Hub; C:\Windows\System32\drivers\usb3Hub.sys [48096 2012-08-09] (Windows ® Win 7 DDK provider)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-21] (Microsoft Corporation)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2012-08-31] (Hewlett-Packard Development Company, L.P.)
S3 XHCIPort; C:\Windows\System32\drivers\XHCIPort.sys [188384 2012-08-09] (Windows ® Win 7 DDK provider)
S3 intaud_WaveExtensible; \SystemRoot\system32\drivers\intelaud.sys [X]
S3 iwdbus; \SystemRoot\System32\drivers\iwdbus.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-03 13:05 - 2014-12-03 13:06 - 00036473 _____ () C:\Users\Raj\Downloads\FRST.txt
2014-12-03 12:54 - 2014-12-03 13:06 - 00000000 ____D () C:\FRST
2014-12-03 12:54 - 2014-12-03 12:54 - 02117120 _____ (Farbar) C:\Users\Raj\Downloads\FRST64.exe
2014-12-03 12:42 - 2014-12-03 12:42 - 00001036 _____ () C:\WINDOWS\PFRO.log
2014-12-03 03:05 - 2014-12-03 12:42 - 00000000 ____D () C:\Users\Raj\AppData\Roaming\Cyehmivy
2014-12-02 23:35 - 2014-12-02 23:35 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-12-02 23:14 - 2014-12-02 23:14 - 00000761 _____ () C:\WINDOWS\system32\Drivers\etc\hosts.txt
2014-12-02 23:00 - 2014-12-02 23:00 - 00000000 __SHD () C:\Users\Raj\AppData\Local\EmieBrowserModeList
2014-12-02 22:51 - 2014-12-02 23:00 - 00000000 ____D () C:\Users\Raj\Downloads\DVD Profiler
2014-12-01 20:42 - 2014-12-01 20:42 - 00000039 _____ () C:\WINDOWS\setupact.log
2014-12-01 20:42 - 2014-12-01 20:42 - 00000000 _____ () C:\WINDOWS\setuperr.log
2014-11-23 03:32 - 2014-12-03 12:44 - 00002888 _____ () C:\WINDOWS\System32\Tasks\AutoKMS
2014-11-20 14:27 - 2014-11-20 14:30 - 06303907 _____ () C:\Users\Raj\Downloads\AdobeExtensionManager-7_3_2-mul-AdobeUpdate.zip
 

(Section omitted due to major Windows update run on Oct. 28/14)

 

2014-11-19 21:25 - 2014-10-10 19:10 - 00389020 _____ () C:\WINDOWS\system32\ApnDatabase.xml
2014-11-19 21:25 - 2014-10-08 02:33 - 00131328 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BthA2DP.sys
2014-11-19 21:25 - 2014-10-06 22:30 - 00026112 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sermouse.sys
2014-11-19 21:25 - 2014-10-06 22:29 - 00107520 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\i8042prt.sys
2014-11-19 21:25 - 2014-10-06 22:29 - 00032256 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\kbdhid.sys
2014-11-19 21:25 - 2014-10-06 22:29 - 00030208 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mouhid.sys
2014-11-19 21:17 - 2014-10-30 23:50 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\BulkOperationHost.exe
2014-11-19 21:17 - 2014-10-30 22:30 - 00120832 _____ (Microsoft Corporation) C:\WINDOWS\system32\winbici.dll
2014-11-19 21:17 - 2014-10-30 22:23 - 00733696 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDriveTelemetry.dll
2014-11-19 21:17 - 2014-10-30 22:22 - 00291840 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDriveShell.dll
2014-11-19 21:17 - 2014-10-30 22:18 - 04840960 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncEngine.dll
2014-11-19 21:17 - 2014-10-30 22:18 - 01091072 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
2014-11-19 21:17 - 2014-10-30 22:09 - 01154048 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDrive.exe
2014-11-19 21:17 - 2014-10-30 21:12 - 00266752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SkyDriveShell.dll
2014-11-19 21:17 - 2014-10-30 21:06 - 00790528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MrmCoreR.dll
2014-11-18 23:14 - 2014-11-09 18:19 - 00991232 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2014-11-18 23:14 - 2014-11-09 18:19 - 00806400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2014-11-18 23:14 - 2014-11-09 18:18 - 00259584 _____ (Microsoft Corporation) C:\WINDOWS\system32\pku2u.dll
2014-11-18 23:14 - 2014-11-09 18:18 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\pku2u.dll
2014-11-17 16:54 - 2014-12-03 13:03 - 01452472 _____ () C:\WINDOWS\WindowsUpdate.log
2014-11-14 02:17 - 2014-11-14 02:19 - 67874816 _____ () C:\Users\Raj\Downloads\calibre-64bit-2.10.0.msi
2014-11-13 15:20 - 2014-11-20 15:51 - 00714208 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2014-11-13 15:20 - 2014-11-20 15:51 - 00106976 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2014-11-12 02:03 - 2014-10-31 00:28 - 25110016 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-11-12 02:03 - 2014-10-30 22:42 - 19781632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-11-12 02:03 - 2014-09-21 22:06 - 00258368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdFilter.sys
2014-11-12 02:03 - 2014-09-21 22:06 - 00114496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdNisDrv.sys
2014-11-12 02:03 - 2014-09-21 21:49 - 00035320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdBoot.sys
2014-11-12 02:03 - 2014-09-02 17:08 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\system32\winshfhc.dll
2014-11-12 02:03 - 2014-09-02 17:08 - 00012800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winshfhc.dll
2014-11-12 02:02 - 2014-10-31 00:12 - 00143872 _____ (Microsoft Corporation) C:\WINDOWS\system32\wextract.exe
2014-11-12 02:02 - 2014-10-31 00:12 - 00013824 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshta.exe
2014-11-12 02:02 - 2014-10-31 00:10 - 00167424 _____ (Microsoft Corporation) C:\WINDOWS\system32\iexpress.exe
2014-11-12 02:02 - 2014-10-31 00:09 - 00064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\pngfilt.dll
2014-11-12 02:02 - 2014-10-31 00:08 - 00012800 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeedssync.exe
2014-11-12 02:02 - 2014-10-31 00:06 - 00580096 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2014-11-12 02:02 - 2014-10-31 00:06 - 00237568 _____ (Microsoft Corporation) C:\WINDOWS\system32\url.dll
2014-11-12 02:02 - 2014-10-31 00:06 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesetup.dll
2014-11-12 02:02 - 2014-10-31 00:06 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwproxystub.dll
2014-11-12 02:02 - 2014-10-31 00:05 - 02884096 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-11-12 02:02 - 2014-10-31 00:05 - 00417280 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec
2014-11-12 02:02 - 2014-10-31 00:04 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2014-11-12 02:02 - 2014-10-30 23:57 - 00054784 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2014-11-12 02:02 - 2014-10-30 23:56 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\system32\iernonce.dll
2014-11-12 02:02 - 2014-10-30 23:54 - 00132096 _____ (Microsoft Corporation) C:\WINDOWS\system32\IEAdvpack.dll
2014-11-12 02:02 - 2014-10-30 23:53 - 00633856 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll
2014-11-12 02:02 - 2014-10-30 23:52 - 00108544 _____ (Microsoft Corporation) C:\WINDOWS\system32\hlink.dll
2014-11-12 02:02 - 2014-10-30 23:51 - 00812544 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2014-11-12 02:02 - 2014-10-30 23:51 - 00144384 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieUnatt.exe
2014-11-12 02:02 - 2014-10-30 23:51 - 00114688 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwcollector.exe
2014-11-12 02:02 - 2014-10-30 23:50 - 06040064 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-11-12 02:02 - 2014-10-30 23:50 - 00814080 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2014-11-12 02:02 - 2014-10-30 23:40 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\system32\licmgr10.dll
2014-11-12 02:02 - 2014-10-30 23:38 - 00490496 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2014-11-12 02:02 - 2014-10-30 23:30 - 00077824 _____ (Microsoft Corporation) C:\WINDOWS\system32\JavaScriptCollectionAgent.dll
2014-11-12 02:02 - 2014-10-30 23:29 - 00111616 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesysprep.dll
2014-11-12 02:02 - 2014-10-30 23:29 - 00087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdc.ocx
2014-11-12 02:02 - 2014-10-30 23:28 - 00107520 _____ (Microsoft Corporation) C:\WINDOWS\system32\inseng.dll
2014-11-12 02:02 - 2014-10-30 23:25 - 00199680 _____ (Microsoft Corporation) C:\WINDOWS\system32\msrating.dll
2014-11-12 02:02 - 2014-10-30 23:24 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2014-11-12 02:02 - 2014-10-30 23:24 - 00060416 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeedsbs.dll
2014-11-12 02:02 - 2014-10-30 23:23 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2014-11-12 02:02 - 2014-10-30 23:21 - 00316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2014-11-12 02:02 - 2014-10-30 23:19 - 00152064 _____ (Microsoft Corporation) C:\WINDOWS\system32\occache.dll
2014-11-12 02:02 - 2014-10-30 23:15 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2014-11-12 02:02 - 2014-10-30 23:08 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2014-11-12 02:02 - 2014-10-30 23:06 - 00372736 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2014-11-12 02:02 - 2014-10-30 23:05 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-11-12 02:02 - 2014-10-30 23:05 - 00716800 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-11-12 02:02 - 2014-10-30 23:03 - 02124288 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2014-11-12 02:02 - 2014-10-30 22:59 - 14390272 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-11-12 02:02 - 2014-10-30 22:45 - 02365440 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-11-12 02:02 - 2014-10-30 22:44 - 02865152 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2014-11-12 02:02 - 2014-10-30 22:42 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\system32\imgutil.dll
2014-11-12 02:02 - 2014-10-30 22:32 - 01550336 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-11-12 02:02 - 2014-10-30 22:28 - 00137728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wextract.exe
2014-11-12 02:02 - 2014-10-30 22:28 - 00012800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshta.exe
2014-11-12 02:02 - 2014-10-30 22:27 - 00152064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iexpress.exe
2014-11-12 02:02 - 2014-10-30 22:26 - 00057344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\pngfilt.dll
2014-11-12 02:02 - 2014-10-30 22:25 - 00011264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeedssync.exe
2014-11-12 02:02 - 2014-10-30 22:24 - 00501248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2014-11-12 02:02 - 2014-10-30 22:24 - 00235520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\url.dll
2014-11-12 02:02 - 2014-10-30 22:24 - 00062464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesetup.dll
2014-11-12 02:02 - 2014-10-30 22:23 - 00340992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\html.iec
2014-11-12 02:02 - 2014-10-30 22:23 - 00047616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieetwproxystub.dll
2014-11-12 02:02 - 2014-10-30 22:22 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2014-11-12 02:02 - 2014-10-30 22:20 - 00799232 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2014-11-12 02:02 - 2014-10-30 22:18 - 02277376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2014-11-12 02:02 - 2014-10-30 22:16 - 00047104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll
2014-11-12 02:02 - 2014-10-30 22:15 - 00030720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iernonce.dll
2014-11-12 02:02 - 2014-10-30 22:14 - 00112128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\IEAdvpack.dll
2014-11-12 02:02 - 2014-10-30 22:13 - 00478208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieui.dll
2014-11-12 02:02 - 2014-10-30 22:13 - 00099328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hlink.dll
2014-11-12 02:02 - 2014-10-30 22:12 - 00661504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2014-11-12 02:02 - 2014-10-30 22:12 - 00115712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieUnatt.exe
2014-11-12 02:02 - 2014-10-30 22:11 - 00620032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2014-11-12 02:02 - 2014-10-30 22:03 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\licmgr10.dll
2014-11-12 02:02 - 2014-10-30 22:02 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
2014-11-12 02:02 - 2014-10-30 21:57 - 00060416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JavaScriptCollectionAgent.dll
2014-11-12 02:02 - 2014-10-30 21:56 - 00091136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inseng.dll
2014-11-12 02:02 - 2014-10-30 21:56 - 00090624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesysprep.dll
2014-11-12 02:02 - 2014-10-30 21:56 - 00073216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdc.ocx
2014-11-12 02:02 - 2014-10-30 21:53 - 00168960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrating.dll
2014-11-12 02:02 - 2014-10-30 21:53 - 00052736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeedsbs.dll
2014-11-12 02:02 - 2014-10-30 21:52 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2014-11-12 02:02 - 2014-10-30 21:51 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2014-11-12 02:02 - 2014-10-30 21:50 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2014-11-12 02:02 - 2014-10-30 21:48 - 00130048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\occache.dll
2014-11-12 02:02 - 2014-10-30 21:46 - 04298240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2014-11-12 02:02 - 2014-10-30 21:46 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2014-11-12 02:02 - 2014-10-30 21:42 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2014-11-12 02:02 - 2014-10-30 21:40 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2014-11-12 02:02 - 2014-10-30 21:40 - 00325632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2014-11-12 02:02 - 2014-10-30 21:39 - 02051072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2014-11-12 02:02 - 2014-10-30 21:30 - 12819456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2014-11-12 02:02 - 2014-10-30 21:26 - 01042944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2014-11-12 02:02 - 2014-10-30 21:24 - 00040448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\imgutil.dll
2014-11-12 02:02 - 2014-10-30 21:17 - 01892864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2014-11-12 02:02 - 2014-10-30 21:13 - 01310208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2014-11-12 02:02 - 2014-10-30 21:11 - 00708096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2014-11-12 02:02 - 2014-10-06 22:30 - 04182016 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2014-11-12 02:01 - 2014-11-04 18:38 - 00228864 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
2014-11-12 02:01 - 2014-11-03 19:10 - 00304128 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2014-11-12 02:01 - 2014-10-30 23:53 - 00098816 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2014-11-12 02:01 - 2014-10-30 23:49 - 00537088 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2014-11-12 02:01 - 2014-10-30 23:24 - 00391168 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2014-11-06 13:07 - 2014-11-06 13:07 - 00000000 ___HT () C:\Users\Raj\Desktop\RAJ-PC-2014-11-06_130439_12.zip~RF10325c.TMP
2014-11-06 13:02 - 2014-11-06 13:03 - 00314008 _____ () C:\Users\Raj\Downloads\dm log collector.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-03 13:00 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-12-03 12:58 - 2014-03-24 17:32 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-12-03 12:50 - 2013-09-29 23:15 - 00381790 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-12-03 12:50 - 2013-05-13 04:51 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1170371211-3377574443-1108615615-1003
2014-12-03 12:46 - 2014-02-28 16:22 - 00000000 ___RD () C:\Users\Raj\Documents\Google Drive
2014-12-03 12:44 - 2013-07-01 00:40 - 00000906 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-12-03 12:44 - 2013-05-24 18:11 - 00000278 _____ () C:\WINDOWS\Tasks\AutoKMS.job
2014-12-03 12:43 - 2013-08-22 09:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-12-03 12:42 - 2014-06-11 02:51 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-12-03 12:42 - 2013-08-22 10:36 - 00000000 ___RD () C:\WINDOWS\Offline Web Pages
2014-12-03 12:42 - 2013-08-22 08:25 - 00786432 ___SH () C:\WINDOWS\system32\config\BBI
2014-12-03 12:37 - 2013-05-16 13:15 - 03326176 _____ (Microsoft Corporation) C:\Users\Raj\Downloads\OutlookConnector.exe
2014-12-03 12:36 - 2013-07-01 00:40 - 00000910 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-12-03 12:35 - 2014-07-17 17:27 - 00000000 ____D () C:\Users\Raj\AppData\Roaming\Spotify
2014-12-02 23:35 - 2014-08-13 20:48 - 00000000 ____D () C:\Users\Raj\AppData\Local\Adobe
2014-12-02 23:10 - 2013-05-15 21:47 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-12-02 23:00 - 2013-05-13 12:02 - 00000000 ____D () C:\Users\Raj\AppData\Roaming\uTorrent
2014-12-02 22:49 - 2013-05-16 00:28 - 00000000 ____D () C:\Users\Raj\AppData\Local\DVD Profiler
2014-12-02 00:10 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2014-12-01 20:49 - 2014-10-29 19:38 - 00003148 _____ () C:\WINDOWS\System32\Tasks\HPCeeScheduleForRaj
2014-12-01 20:49 - 2014-10-29 19:38 - 00000338 _____ () C:\WINDOWS\Tasks\HPCeeScheduleForRaj.job
2014-12-01 20:32 - 2014-07-17 17:28 - 00000000 ____D () C:\Users\Raj\AppData\Local\Spotify
2014-12-01 17:13 - 2013-05-12 22:21 - 00000052 _____ () C:\WINDOWS\SysWOW64\DOErrors.log
2014-12-01 17:13 - 2013-05-12 22:21 - 00000000 _____ () C:\WINDOWS\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2014-11-27 21:47 - 2013-05-12 22:24 - 00000000 ____D () C:\Users\Raj\Documents\My Received Files
2014-11-26 23:49 - 2012-07-26 02:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2014-11-23 01:44 - 2013-05-16 00:15 - 00000000 ____D () C:\Users\Raj\AppData\Roaming\Skype
2014-11-21 02:08 - 2013-05-14 00:40 - 00000000 ____D () C:\WINDOWS\System32\Tasks\Games
2014-11-20 17:43 - 2013-05-15 23:15 - 00000000 ____D () C:\Users\Raj\AppData\Local\Last.fm
2014-11-20 15:21 - 2014-08-13 18:54 - 00000000 ____D () C:\Program Files (x86)\Java
2014-11-20 14:27 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\rescache
2014-11-19 22:14 - 2013-08-22 09:44 - 06072672 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-11-19 22:08 - 2013-08-22 10:36 - 00000000 ___RD () C:\WINDOWS\ToastData
2014-11-19 22:08 - 2013-08-22 10:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-11-19 22:08 - 2013-08-22 10:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-11-19 22:08 - 2013-08-22 10:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-11-19 22:08 - 2013-08-22 10:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-11-19 22:08 - 2013-08-22 10:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-11-19 22:08 - 2013-08-22 10:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-11-19 22:08 - 2013-08-22 10:36 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools
2014-11-19 22:08 - 2013-08-22 10:36 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2014-11-19 22:08 - 2013-08-22 10:36 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-11-19 22:08 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\MediaViewer
2014-11-19 22:08 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\FileManager
2014-11-19 22:08 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\Camera
2014-11-19 22:07 - 2013-09-29 22:55 - 00000000 __SHD () C:\WINDOWS\BitLockerDiscoveryVolumeContents
2014-11-19 22:07 - 2013-09-29 22:55 - 00000000 ____D () C:\Program Files\Windows Journal
2014-11-19 22:07 - 2013-08-22 10:36 - 00000000 ___SD () C:\WINDOWS\system32\dsc
2014-11-19 22:07 - 2013-08-22 10:36 - 00000000 ___RD () C:\WINDOWS\ImmersiveControlPanel
2014-11-19 22:07 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\WinStore
2014-11-19 22:07 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\sppui
2014-11-19 22:07 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\setup
2014-11-19 22:07 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\migwiz
2014-11-19 22:07 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\inetsrv
2014-11-19 22:07 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\Com
2014-11-19 22:07 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\system32\WinBioPlugIns
2014-11-19 22:07 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\system32\SystemResetPlatform
2014-11-19 22:07 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\system32\sppui
2014-11-19 22:07 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\system32\setup
2014-11-19 22:07 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\system32\migwiz
2014-11-19 22:07 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\system32\inetsrv
2014-11-19 22:07 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\system32\Com
2014-11-19 22:07 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\PolicyDefinitions
2014-11-19 22:07 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\IME
2014-11-19 22:07 - 2013-08-22 10:36 - 00000000 ____D () C:\Program Files\Windows Portable Devices
2014-11-19 22:07 - 2013-08-22 10:36 - 00000000 ____D () C:\Program Files\Windows Photo Viewer
2014-11-19 22:07 - 2013-08-22 10:36 - 00000000 ____D () C:\Program Files\Windows Multimedia Platform
2014-11-19 22:07 - 2013-08-22 10:36 - 00000000 ____D () C:\Program Files\Common Files\System
2014-11-19 22:07 - 2013-08-22 08:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\oobe
2014-11-19 22:07 - 2013-08-22 08:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\Dism
2014-11-19 22:07 - 2013-08-22 08:36 - 00000000 ____D () C:\WINDOWS\system32\Sysprep
2014-11-19 22:07 - 2013-08-22 08:36 - 00000000 ____D () C:\WINDOWS\system32\oobe
2014-11-19 22:07 - 2013-08-22 08:36 - 00000000 ____D () C:\WINDOWS\system32\Dism
2014-11-19 22:07 - 2013-08-22 08:36 - 00000000 ____D () C:\WINDOWS\servicing
2014-11-19 22:06 - 2013-08-22 10:36 - 00000000 ____D () C:\Program Files (x86)\Windows Portable Devices
2014-11-19 22:06 - 2013-08-22 10:36 - 00000000 ____D () C:\Program Files (x86)\Windows Photo Viewer
2014-11-19 22:06 - 2013-08-22 10:36 - 00000000 ____D () C:\Program Files (x86)\Windows Multimedia Platform
2014-11-19 22:05 - 2013-08-22 10:36 - 00000000 ____D () C:\Program Files\WindowsPowerShell
2014-11-19 21:38 - 2013-08-22 10:36 - 00215552 _____ (Microsoft Corporation) C:\WINDOWS\system32\msclmd.dll
2014-11-19 21:38 - 2013-08-22 10:36 - 00195072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msclmd.dll
2014-11-19 20:59 - 2012-11-21 11:06 - 00000000 ____D () C:\WINDOWS\Hewlett-Packard
2014-11-19 20:59 - 2012-08-03 19:02 - 00000000 ____D () C:\SWSetup
2014-11-19 20:52 - 2012-05-13 22:21 - 00175616 ___SH () C:\Users\Raj\Documents\Thumbs.db
2014-11-17 21:21 - 2014-05-26 18:36 - 00000000 ____D () C:\Users\Public\Documents\Adobe
2014-11-14 02:26 - 2013-05-15 23:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\calibre 64bit - E-book Management
2014-11-14 02:26 - 2013-05-15 23:24 - 00000000 ____D () C:\Program Files\Calibre2
2014-11-13 15:31 - 2013-07-01 00:40 - 00003882 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2014-11-13 15:31 - 2013-07-01 00:40 - 00003646 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2014-11-13 15:15 - 2014-07-10 14:55 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel
2014-11-13 15:15 - 2013-08-22 10:36 - 00000000 ____D () C:\Program Files\Windows Defender
2014-11-13 15:15 - 2013-08-22 10:36 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2014-11-12 04:57 - 2013-05-16 12:04 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-11-12 04:44 - 2013-07-15 10:51 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-11-12 04:38 - 2013-04-23 22:31 - 103374192 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-11-12 02:41 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\system32\NDF
2014-11-11 01:35 - 2013-10-20 06:57 - 00000000 ____D () C:\WINDOWS\Minidump
2014-11-06 16:07 - 2013-05-18 04:48 - 00156672 ___SH () C:\Users\Raj\Downloads\Thumbs.db
2014-11-06 12:50 - 2013-10-19 16:04 - 00000000 ____D () C:\Users\Raj
2014-11-06 02:38 - 2014-10-15 14:01 - 00000000 ____D () C:\Program Files (x86)\SystemRequirementsLab
2014-11-05 20:26 - 2014-02-28 16:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-11-26 22:13

==================== End Of Log ============================

 

Here are the contents of Addition.txt:

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-12-2014
Ran by Raj at 2014-12-03 13:08:55
Running from C:\Users\Raj\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

"FIFA 14" (HKLM-x32\...\{6049054B-DB11-48E1-A583-9A565D5C8856}_is1) (Version: 1.4.0.0 - )
µTorrent (HKU\S-1-5-21-1170371211-3377574443-1108615615-1003\...\uTorrent) (Version: 3.4.2.32891 - BitTorrent Inc.)
64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
Adobe Acrobat XI Pro (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-000000000006}) (Version: 11.0.07 - Adobe Systems)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 15.0.0.356 - Adobe Systems Incorporated)
Adobe Extension Manager CC (HKLM-x32\...\{244FD30F-63F1-49B9-9D98-1150FF4FFCB1}) (Version: 7.3.2 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.239 - Adobe Systems Incorporated)
Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)
Adobe Photoshop CS6 (HKLM-x32\...\{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}) (Version: 13.0 - Adobe Systems Incorporated)
Adobe Premiere Pro CS5.5 (HKLM-x32\...\{0497EAED-70DA-4BBE-BEB3-AF77FD8788EA}) (Version: 5.5 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.3.153 - Adobe Systems, Inc.)
Age of Empires III - The Asian Dynasties (HKLM-x32\...\InstallShield_{C43C1415-3DFC-4089-9A32-0BECF28A6046}) (Version: 1.00.0000 - Microsoft Game Studios)
Age of Empires III - The Asian Dynasties (x32 Version: 1.00.0000 - Microsoft Game Studios) Hidden
Age of Empires III - The WarChiefs (HKLM-x32\...\InstallShield_{1C08A24C-B168-407E-A826-68FAF5F20710}) (Version: 1.00.0000 - Microsoft Game Studios)
Age of Empires III - The WarChiefs (x32 Version: 1.00.0000 - Microsoft Game Studios) Hidden
Age of Empires III (HKLM-x32\...\InstallShield_{7B9CC60A-9B81-46A3-A953-76B6BF9EEC97}) (Version: 1.00.0000 - Microsoft Game Studios)
Age of Empires III (x32 Version: 1.00.0000 - Microsoft Game Studios) Hidden
AMD Catalyst Install Manager (HKLM\...\{8D6CCB94-05E3-753A-5ED7-97495EA8AEFF}) (Version: 8.0.881.0 - Advanced Micro Devices, Inc.)
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Audacity 2.0.6 (HKLM-x32\...\Audacity_is1) (Version: 2.0.6 - Audacity Team)
AuthenTec TrueAPI 64-bit (Version: 1.6.0.87 - AuthenTec, Inc.) Hidden
Bing Desktop (HKLM-x32\...\{7D095455-D971-4D4C-9EFD-9AF6A6584F3A}) (Version: 1.3.472.0 - Microsoft Corporation)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
BufferChm (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
calibre 64bit (HKLM\...\{98EF3B25-E714-46D7-AD9E-13CF2E29F741}) (Version: 2.10.0 - Kovid Goyal)
CCleaner (HKLM\...\CCleaner) (Version: 4.14 - Piriform)
Child of Light (HKLM-x32\...\Q2hpbGRvZkxpZ2h0_is1) (Version: 1 - )
Core Graphics Software (Version: 5.1.55.8876 - SMSC) Hidden
Corel WinDVD (x32 Version: 10.8.0.201 - Corel Inc.) Hidden
CPUID CPU-Z 1.70 (HKLM\...\CPUID CPU-Z_is1) (Version:  - )
CPUID HWMonitor 1.25 (HKLM\...\CPUID HWMonitor_is1) (Version:  - )
CueCard (remove only) (HKLM-x32\...\CueCard) (Version:  - )
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.5.6902 - CyberLink Corp.)
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.4.2928 - CyberLink Corp.)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.3.3207 - CyberLink Corp.)
CyberLink PowerDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.6.4319 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.5.6.6119 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DivX Setup (HKLM-x32\...\DivX Setup) (Version: 2.6.3.88 - DivX, LLC)
DJ_AIO_05_F4400_Software_Min (x32 Version: 140.0.841.000 - Hewlett-Packard) Hidden
Download App (HKU\S-1-5-21-1170371211-3377574443-1108615615-1003\...\Download App) (Version: 1.8.0 - CBS Interactive)
DVD Profiler Version 3.8.2 (HKLM-x32\...\InvelosDVDProfiler_is1) (Version:  - )
Energy Star (HKLM\...\{0FA995CC-C849-4755-B14B-5404CC75DC24}) (Version: 1.0.8 - Hewlett-Packard)
eReg (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
eyeQ (HKLM-x32\...\{B33CD700-6738-11D4-87FE-0080C6F974A2}) (Version:  - )
F4400 (x32 Version: 140.0.841.000 - Hewlett-Packard) Hidden
Far Cry 3 (HKLM-x32\...\{E3B9C5A9-BD7A-4B56-B754-FAEA7DD6FA88}) (Version: 1.01 - Ubisoft)
Final Draft (HKLM-x32\...\{7C3C895B-AE02-4F30-8A6A-051D37A38DD0}) (Version: 8.0.1.89 - Final Draft, Inc.)
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
GO Contact Sync Mod (HKLM-x32\...\{6CB0E739-787A-470D-875E-54F0DDB95877}) (Version: 3.7.3 - WebGear, Create Software, Stru.be, saller.NET)
Google Drive (HKLM-x32\...\{C60F3836-333A-4AE2-B526-CFDBA143A9BA}) (Version: 1.18.7821.2489 - Google, Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
Hotline Miami (HKLM-x32\...\GOGPACKHOTLINEMIAMI_is1) (Version: 2.0.0.4 - GOG.com)
Hoyle Card Games (HKLM-x32\...\{05F6571A-5205-4C81-8160-683BDCC3B272}) (Version: 1.00.0000 - Encore Software, Inc.)
Hoyle Puzzle and Board Games 2012 (HKLM-x32\...\Hoyle Puzzle and Board Games 20121.0) (Version: 1.0 - Foxy Games)
HP 3D DriveGuard (HKLM\...\{54CE68A8-4F2D-4328-B1F7-D6C720405F7F}) (Version: 4.2.9.1 - Hewlett-Packard Company)
HP CoolSense (HKLM-x32\...\{59F8C5AA-91BD-423D-BF05-09A80F39898F}) (Version: 2.10.62 - Hewlett-Packard Company)
HP Deskjet 3050 J610 series Basic Device Software (HKLM\...\{6457BD83-98CF-4267-93D7-F173FF3E7C25}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Deskjet F4400 Printer Driver Software 14.0 Rel. 5 (HKLM\...\{82D96D11-AF74-4449-8811-4D6CE66FEF63}) (Version: 14.0 - HP)
HP Documentation (HKLM-x32\...\{0EF47DBD-7E67-492F-9423-DAF028BEF627}) (Version: 1.1.0.0 - Hewlett-Packard)
HP MyRoom (HKLM-x32\...\{9C35EDE5-4B0F-45E7-A438-314BA889948E}) (Version: 9.0.0.0 - Hewlett-Packard Company)
HP Port Replicator Software Installer (HKLM-x32\...\{75BF632E-4761-4CF4-A368-E158B8A1BB1C}) (Version: 1.2.17 - HP)
HP Quick Launch (HKLM-x32\...\{77CC64F2-74CE-47D7-A4B0-5AEBA688FC69}) (Version: 3.0.5 - Hewlett-Packard Company)
HP Registration Service (HKLM\...\{E4D6CCF2-0AAF-4B9C-9DE5-893EDC9B4BAA}) (Version: 1.0.5976.4186 - Hewlett-Packard)
HP SimplePass (HKLM-x32\...\{4BACA3B8-F63A-44ED-9A8D-48B4D02AD268}) (Version: 6.0.100.276 - Hewlett-Packard)
HP Software Framework (HKLM-x32\...\{675D093B-815D-47FD-AB2C-192EC751E8E2}) (Version: 4.6.10.1 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}) (Version: 7.4.45.4 - Hewlett-Packard Company)
HP Utility Center (HKLM-x32\...\{0C57987A-A03A-4B95-A309-D23F78F406CA}) (Version: 1.0.7 - Hewlett-Packard)
HP Wireless Button Driver (HKLM-x32\...\{30B2D1D8-0A07-4B71-9553-0710C5D31E35}) (Version: 1.1.2.1 - Hewlett-Packard Company)
HPDetect (HKLM-x32\...\{CCCDD476-98F9-4B06-91DB-23F27CEC3BE1}) (Version: 1.0.0.0 - HP)
HPPhotoGadget (x32 Version: 140.0.524.000 - Hewlett-Packard) Hidden
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6433.0 - IDT)
inSSIDer Home (HKLM-x32\...\{9E54E4AE-B67A-4925-8E92-0E1F9817FD73}) (Version: 3.1.2.1 - MetaGeek, LLC)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1008 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel® PROSet/Wireless Software for Bluetooth® Technology(patch version 17.0.1412.3) (HKLM\...\{302600C1-6BDF-4FD1-1401-148929CC1385}) (Version: 17.0.1401.0428 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.9.0.1001 - Intel Corporation)
Intel® WiDi (HKLM\...\{EDBA2433-0910-4C72-8C5B-8FEDAE3EF18E}) (Version: 3.5.34.0 - Intel Corporation)
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Java 7 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Jawbone Updater (HKLM-x32\...\Jawbone Updater) (Version: 0.1 - Jawbone)
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version:  - )
Last.fm Scrobbler 2.1.36 (HKLM-x32\...\LastFM_is1) (Version:  - Last.fm)
LinkedIn Outlook Connector (HKLM\...\LinkedIn Outlook Connector) (Version: 1.1.10.0 - LinkedIn)
LinkedIn Outlook Connector (HKLM-x32\...\LinkedIn Outlook Connector) (Version: 1.1.10.0 - LinkedIn)
Logitech SetPoint 6.65 (HKLM\...\sp6) (Version: 6.65.62 - Logitech)
Logitech Unifying Software 2.50 (HKLM\...\Logitech Unifying) (Version: 2.50.25 - Logitech)
Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
Media Browser (HKLM-x32\...\{249A8819-3335-4650-9B59-3724997ECA86}) (Version: 2.6.2.0 - Media Browser)
Media Player Codec Pack 4.3.0 (HKLM-x32\...\Media Player - Codec Pack) (Version: 4.3.0 - Media Player Codec Pack)
meta<browser/> 2.3.24 (HKLM-x32\...\{2C8E1302-1889-4985-BFA9-3F45DABB37D0}) (Version: 2.3.24 - meta<browser/>)
Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-0081-0409-0000-0000000FF1CE}) (Version: 14.0.6123.5001 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Outlook Social Connector Provider for Facebook 32-bit (HKLM-x32\...\{95140000-007C-0409-0000-0000000FF1CE}) (Version: 14.0.6114.5003 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Sync Framework 2.0 Core Components (x64) ENU  (HKLM\...\{8CCBEC22-D2DB-4DC9-A58A-E1A1F3A38C8A}) (Version: 2.0.1578.0 - Microsoft Corporation)
Microsoft Sync Framework 2.0 Provider Services (x64) ENU  (HKLM\...\{03AC245F-4C64-425C-89CF-7783C1D3AB2C}) (Version: 2.0.1578.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Windows 8 ESU (HKLM-x32\...\{E7E058CF-4638-49D4-936D-AC6DAE3B002E}) (Version: 1.1.1 - Hewlett-Packard)
Movie Maker (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Mozilla Firefox 34.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 34.0 (x86 en-US)) (Version: 34.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 30.0 - Mozilla)
MPC-HC 1.7.7 (64-bit) (HKLM\...\{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1) (Version: 1.7.7 - MPC-HC Team)
MSI Afterburner 4.0.0 (HKLM-x32\...\Afterburner) (Version: 4.0.0 - MSI Co., LTD)
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Need for Speed Most Wanted (HKLM-x32\...\Need for Speed Most Wanted_is1) (Version:  - )
Origin (HKLM-x32\...\Origin) (Version: 9.1.10.2728 - Electronic Arts, Inc.)
Papers, Please (HKLM-x32\...\GOGPACKPAPERSPLEASE_is1) (Version: 2.4.0.10 - GOG.com)
PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
Photo Common (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Photo Gallery (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Plants vs. Zombies™ (HKLM-x32\...\{5E6536C2-E79A-49CF-83EA-817AD81F9FC8}) (Version: 1.2.0.1093 - Electronic Arts, Inc.)
Plex Media Server (HKLM-x32\...\{5ea93dc7-0906-47a6-8033-d26ed443f0a8}) (Version: 0.9.1101 - Plex, Inc.)
Plex Media Server (x32 Version: 0.9.1101 - Plex, Inc.) Hidden
PokerStars (HKLM-x32\...\PokerStars) (Version:  - PokerStars)
PRE10STI64Installer (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
PSE10 STI Installer (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.)
PX Profile Update (x32 Version: 1.00.1. - AMD) Hidden
PxMergeModule (x32 Version: 1.00.0000 - Your Company Name) Hidden
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
RBVirtualFolder64Inst (Version: 1.00.0000 - Roxio, Inc.) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.3.730.2012 - Realtek)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.2.8400.27025 - Realtek Semiconductor Corp.)
Recuva (HKLM\...\Recuva) (Version: 1.51 - Piriform)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
RivaTuner Statistics Server 6.2.0 (HKLM-x32\...\RTSS) (Version: 6.2.0 - Unwinder)
Rosetta Stone Ltd Services (HKLM-x32\...\{7BB2EF8A-5376-4BAE-96D0-38BE49501F40}) (Version: 3.2.17 - Rosetta Stone Ltd.)
Rosetta Stone TOTALe (HKLM-x32\...\com.rosettastone.rosettastonetotale) (Version: 4.1.15.1 - Rosetta Stone, Ltd)
Rosetta Stone TOTALe (x32 Version: 4.1.1 - Rosetta Stone, Ltd) Hidden
Rosetta Stone TOTALe (x32 Version: 4.1.15.1 - Rosetta Stone, Ltd) Hidden
Roxio Creator NXT Pro (HKLM-x32\...\{CC915001-1639-4D1B-B0A1-A7AC70C99179}) (Version: 14.0.36.0 - Roxio)
Samsung Kies3 (HKLM-x32\...\InstallShield_{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.14083.9 - Samsung Electronics Co., Ltd.)
Samsung Kies3 (x32 Version: 3.2.14083.9 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.45.0 - SAMSUNG Electronics Co., Ltd.)
Scan (x32 Version: 140.0.253.000 - Hewlett-Packard) Hidden
Secunia PSI (3.0.0.9016) (HKLM-x32\...\Secunia PSI) (Version: 3.0.0.9016 - Secunia)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
SimCity™ (HKLM-x32\...\{F70FDE4B-8F86-4eb6-8C8E-636EC89F6419}) (Version: 2.0.0.0 - Electronic Arts)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 6.21 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.21.104 - Skype Technologies S.A.)
SmartSound Common Data (HKLM-x32\...\InstallShield_{B8A2869E-30CA-40C5-9CF8-BD7354E57EF8}) (Version: 1.1.0 - SmartSound Software Inc.)
SmartSound Common Data (x32 Version: 1.1.0 - SmartSound Software Inc.) Hidden
SmartSound Quicktracks 5 (HKLM-x32\...\InstallShield_{2F8BA3FD-1FA9-4279-B696-712ABB12F09F}) (Version: 5.1.7 - SmartSound Software Inc.)
SmartSound Quicktracks 5 (x32 Version: 5.1.7 - SmartSound Software Inc.) Hidden
SMSC Core Graphics Software (HKLM-x32\...\Core Graphics Software) (Version: 5.1.55.8876 - SMSC)
SMSC LAN9500 Device Driver (HKLM\...\{A74B7E5F-C221-4303-AC85-39A5AFBDABDD}) (Version: 12.12.06.0 - SMSC)
Spotify (HKU\S-1-5-21-1170371211-3377574443-1108615615-1003\...\Spotify) (Version: 0.9.14.13.gba5645ad - Spotify AB)
Stardock Start8 (HKLM-x32\...\Stardock Start8) (Version: 1.45 - Stardock Software, Inc.)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.5.3.3 - Synaptics Incorporated)
SyncToy 2.1 (x64) (HKLM\...\{88DAAF05-5A72-46D2-A7C5-C3759697E943}) (Version: 2.1.0 - Microsoft)
System Requirements Lab CYRI (HKLM-x32\...\{6C8C4577-8E15-4C63-96ED-D40F2072FF74}) (Version: 6.0.19.0 - Husdawg, LLC)
System Requirements Lab for Intel (HKLM-x32\...\{04C4B49D-45D9-4A28-9ED1-B45CBD99B8C7}) (Version: 4.5.24.0 - Husdawg, LLC)
Toolbox (x32 Version: 140.0.596.000 - Hewlett-Packard) Hidden
Triple Scoop Music (x32 Version: 1.0.019 - Roxio) Hidden
True Image 2013 (HKLM-x32\...\{ADAEEC53-24AF-4A49-B872-75FCBDA59916}Visible) (Version: 16.0.5551 - Acronis)
True Image 2013 (x32 Version: 16.0.5551 - Acronis) Hidden
True Image 2013 Plus Pack (HKLM-x32\...\{516200E0-2043-4603-B9E7-CD87B71B6DF4}) (Version: 16.0.5551 - Acronis)
Uplay (HKLM-x32\...\Uplay) (Version: 2.0 - Ubisoft)
Validity WBF DDK (HKLM\...\{1F91C200-8F0F-4009-A75E-DB6CE151BD4E}) (Version: 4.4.234.0 - Validity Sensors, Inc.)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
Vectir 3.6.0.0 (HKLM-x32\...\Vectir_is1) (Version:  - Incendo Technology)
ViewSpan (HKLM\...\{33F3FCBA-4CC5-4A5B-A6DB-53478463D991}) (Version: 2.8.3.0 - SMSC)
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
WD Drive Utilities (HKLM-x32\...\{72E40002-8CEC-47C1-A099-83AC8E173BF0}) (Version: 1.0.3.3 - Western Digital Technologies, Inc.)
WebReg (x32 Version: 140.0.297.017 - Hewlett-Packard) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3522.0110 - Microsoft Corporation)
WinRAR 5.11 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.11.0 - win.rar GmbH)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

14-11-2014 07:25:38 Installed calibre 64bit
19-11-2014 07:08:27 Windows Update
27-11-2014 04:48:37 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2014-08-07 19:57 - 2014-12-02 23:14 - 00001509 _RASH C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1       localhost
195.162.68.60 www.google-analytics.com.
195.162.68.60 google-analytics.com.
195.162.68.60 connect.facebook.net.
192.95.55.228 www.google-analytics.com.
192.95.55.228 google-analytics.com.
192.95.55.228 connect.facebook.net.
192.99.206.114 www.google-analytics.com.
192.99.206.114 google-analytics.com.
192.99.206.114 connect.facebook.net.


==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0D5F6A21-3261-4035-B249-88F631F312B4} - System32\Tasks\HPCeeScheduleForRaj => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
Task: {3B7CE8BF-6C62-43F1-8686-2D73ABBA29A2} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
Task: {465F13AA-6E56-4207-9C3C-08C71E9D29DD} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-07-01] (Google Inc.)
Task: {47C2AC9C-3C4F-4565-9D64-6F933BE0CFA4} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {4ED79940-15AD-4C7C-ABFB-B953AE82B02F} - System32\Tasks\Microsoft\Windows\RestartManager\{0E66DE35-6D0F-4585-80D4-93774CDC7F49} => C:\WINDOWS\system32\rmclient.exe [2014-10-28] (Microsoft Corporation)
Task: {696EA1A9-B78D-4E8C-BDAA-1F736D042E24} - \Security Center Update - 1405891998 No Task File <==== ATTENTION
Task: {6A32FB0E-640F-47BE-8002-5D879669CD4F} - System32\Tasks\Hewlett-Packard\HP CoolSense\HP CoolSense Start at Logon => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [2012-11-05] (Hewlett-Packard Development Company, L.P.)
Task: {6E31FDE6-086B-4205-A275-D09E4CA5001B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {944E6C51-0DCC-4561-9A2B-E40453939459} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
Task: {A6FE60B1-AF7C-4631-BA67-F079EAED6280} - System32\Tasks\Games\UpdateCheck_S-1-5-21-1170371211-3377574443-1108615615-1003
Task: {B05A8AC0-60E6-4023-9A3D-8F701CA28C88} - System32\Tasks\AutoKMS => C:\WINDOWS\AutoKMS\AutoKMS.exe [2013-05-24] ()
Task: {C1B6516A-C0BC-4211-96C4-EA0D74D23788} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2014-11-12] (Microsoft Corporation)
Task: {C4DEFFFC-5065-4942-86A1-6848AED4A49A} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-05-20] (Piriform Ltd)
Task: {D018EE03-BE9F-4DF0-93F6-C341E435F136} - System32\Tasks\Microsoft\Windows\Media Center\Extender\Update media permissions for Mcx1-RAJ-PC => C:\Windows\ehome\McxTask.exe [2013-09-29] (Microsoft Corporation)
Task: {D03D796F-F66B-4253-94F7-BFEE54B03EA6} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-07-01] (Google Inc.)
Task: {D6ADE6DB-C2C4-4243-9655-2A0077813A36} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-10-21] (Hewlett-Packard)
Task: {EFEDC91A-6BD4-43B5-8962-3A184308D970} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2013-04-24] (Synaptics Incorporated)
Task: {F6D2C881-C958-46C2-8780-71FB8978264D} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: C:\WINDOWS\Tasks\AutoKMS.job => C:\WINDOWS\AutoKMS\AutoKMS.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\HPCeeScheduleForRaj.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

==================== Loaded Modules (whitelisted) =============

2014-12-02 22:59 - 2014-12-02 22:59 - 02736640 _____ () C:\ProgramData\Microsoft\Secure\Icons\SecureIconsProvider.dll
2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 14:23 - 2010-10-20 14:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2014-12-03 12:46 - 2014-12-03 12:46 - 02246144 _____ () C:\ProgramData\Microsoft\Secure\Icons\IconsCacheHelper.dll
2012-07-11 00:04 - 2012-07-11 00:04 - 00022160 _____ () C:\Program Files (x86)\Roxio\BackOnTrack\App\BService.exe
2013-05-24 19:40 - 2013-10-28 18:50 - 00076888 _____ () C:\WINDOWS\SysWOW64\PnkBstrA.exe
2012-09-06 04:47 - 2012-09-06 04:47 - 00028160 _____ () C:\Windows\system32\valWBFPolicyService.exe
2013-06-07 04:16 - 2013-06-07 04:16 - 04073768 _____ () C:\Program Files (x86)\HP SimplePass\IEWebSiteLogon.exe
2013-10-03 22:42 - 2013-10-03 22:42 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2012-07-05 18:47 - 2012-07-05 18:47 - 00535184 _____ () C:\Program Files (x86)\Roxio Creator NXT\Roxio Burn\RoxioBurnLauncher.exe
2014-01-20 13:17 - 2014-01-20 13:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 12:05 - 2014-10-11 12:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2012-07-11 00:04 - 2012-07-11 00:04 - 03306128 _____ () C:\Program Files (x86)\Roxio\BackOnTrack\App\BEngine.dll
2012-07-11 00:04 - 2012-07-11 00:04 - 00523920 _____ () C:\Program Files (x86)\Roxio\BackOnTrack\App\TRREngine.dll
2012-07-11 00:04 - 2012-07-11 00:04 - 00108176 _____ () C:\Program Files (x86)\Roxio\BackOnTrack\App\Logging.dll
2013-05-13 15:11 - 2014-10-25 11:46 - 00227840 _____ () C:\Program Files (x86)\Vectir\Plugins\Hardware\NetworkLib.dll
2013-05-13 15:11 - 2010-11-01 04:25 - 00034304 _____ () C:\Program Files (x86)\Vectir\Plugins\Hardware\BSTest.dll
2012-08-22 23:32 - 2012-08-22 23:32 - 01525120 _____ () C:\Program Files (x86)\Common Files\Acronis\Home\icudt38.dll
2014-12-03 12:45 - 2014-12-03 12:45 - 00098816 _____ () C:\Users\Raj\AppData\Local\Temp\_MEI19882\win32api.pyd
2014-12-03 12:45 - 2014-12-03 12:45 - 00110080 _____ () C:\Users\Raj\AppData\Local\Temp\_MEI19882\pywintypes27.dll
2014-12-03 12:45 - 2014-12-03 12:45 - 00364544 _____ () C:\Users\Raj\AppData\Local\Temp\_MEI19882\pythoncom27.dll
2014-12-03 12:45 - 2014-12-03 12:45 - 00045568 _____ () C:\Users\Raj\AppData\Local\Temp\_MEI19882\_socket.pyd
2014-12-03 12:45 - 2014-12-03 12:45 - 01160704 _____ () C:\Users\Raj\AppData\Local\Temp\_MEI19882\_ssl.pyd
2014-12-03 12:45 - 2014-12-03 12:45 - 00320512 _____ () C:\Users\Raj\AppData\Local\Temp\_MEI19882\win32com.shell.shell.pyd
2014-12-03 12:45 - 2014-12-03 12:45 - 00713216 _____ () C:\Users\Raj\AppData\Local\Temp\_MEI19882\_hashlib.pyd
2014-12-03 12:45 - 2014-12-03 12:45 - 01175040 _____ () C:\Users\Raj\AppData\Local\Temp\_MEI19882\wx._core_.pyd
2014-12-03 12:45 - 2014-12-03 12:45 - 00805888 _____ () C:\Users\Raj\AppData\Local\Temp\_MEI19882\wx._gdi_.pyd
2014-12-03 12:45 - 2014-12-03 12:45 - 00811008 _____ () C:\Users\Raj\AppData\Local\Temp\_MEI19882\wx._windows_.pyd
2014-12-03 12:45 - 2014-12-03 12:45 - 01062400 _____ () C:\Users\Raj\AppData\Local\Temp\_MEI19882\wx._controls_.pyd
2014-12-03 12:45 - 2014-12-03 12:45 - 00735232 _____ () C:\Users\Raj\AppData\Local\Temp\_MEI19882\wx._misc_.pyd
2014-12-03 12:45 - 2014-12-03 12:45 - 00128512 _____ () C:\Users\Raj\AppData\Local\Temp\_MEI19882\_elementtree.pyd
2014-12-03 12:45 - 2014-12-03 12:45 - 00127488 _____ () C:\Users\Raj\AppData\Local\Temp\_MEI19882\pyexpat.pyd
2014-12-03 12:45 - 2014-12-03 12:45 - 00557056 _____ () C:\Users\Raj\AppData\Local\Temp\_MEI19882\pysqlite2._sqlite.pyd
2014-12-03 12:45 - 2014-12-03 12:45 - 00087552 _____ () C:\Users\Raj\AppData\Local\Temp\_MEI19882\_ctypes.pyd
2014-12-03 12:45 - 2014-12-03 12:45 - 00119808 _____ () C:\Users\Raj\AppData\Local\Temp\_MEI19882\win32file.pyd
2014-12-03 12:45 - 2014-12-03 12:45 - 00108544 _____ () C:\Users\Raj\AppData\Local\Temp\_MEI19882\win32security.pyd
2014-12-03 12:45 - 2014-12-03 12:45 - 00007168 _____ () C:\Users\Raj\AppData\Local\Temp\_MEI19882\hashobjs_ext.pyd
2014-12-03 12:45 - 2014-12-03 12:45 - 00167936 _____ () C:\Users\Raj\AppData\Local\Temp\_MEI19882\win32gui.pyd
2014-12-03 12:45 - 2014-12-03 12:45 - 00018432 _____ () C:\Users\Raj\AppData\Local\Temp\_MEI19882\win32event.pyd
2014-12-03 12:45 - 2014-12-03 12:45 - 00038912 _____ () C:\Users\Raj\AppData\Local\Temp\_MEI19882\win32inet.pyd
2014-12-03 12:45 - 2014-12-03 12:45 - 00011264 _____ () C:\Users\Raj\AppData\Local\Temp\_MEI19882\win32crypt.pyd
2014-12-03 12:45 - 2014-12-03 12:45 - 00070656 _____ () C:\Users\Raj\AppData\Local\Temp\_MEI19882\wx._html2.pyd
2014-12-03 12:45 - 2014-12-03 12:45 - 00027136 _____ () C:\Users\Raj\AppData\Local\Temp\_MEI19882\_multiprocessing.pyd
2014-12-03 12:45 - 2014-12-03 12:45 - 00035840 _____ () C:\Users\Raj\AppData\Local\Temp\_MEI19882\win32process.pyd
2014-12-03 12:45 - 2014-12-03 12:45 - 00686080 _____ () C:\Users\Raj\AppData\Local\Temp\_MEI19882\unicodedata.pyd
2014-12-03 12:45 - 2014-12-03 12:45 - 00122368 _____ () C:\Users\Raj\AppData\Local\Temp\_MEI19882\wx._wizard.pyd
2014-12-03 12:45 - 2014-12-03 12:45 - 00024064 _____ () C:\Users\Raj\AppData\Local\Temp\_MEI19882\win32pipe.pyd
2014-12-03 12:45 - 2014-12-03 12:45 - 00025600 _____ () C:\Users\Raj\AppData\Local\Temp\_MEI19882\win32pdh.pyd
2014-12-03 12:45 - 2014-12-03 12:45 - 00525640 _____ () C:\Users\Raj\AppData\Local\Temp\_MEI19882\windows._lib_cacheinvalidation.pyd
2014-12-03 12:45 - 2014-12-03 12:45 - 00010240 _____ () C:\Users\Raj\AppData\Local\Temp\_MEI19882\select.pyd
2014-12-03 12:45 - 2014-12-03 12:45 - 00017408 _____ () C:\Users\Raj\AppData\Local\Temp\_MEI19882\win32profile.pyd
2014-12-03 12:45 - 2014-12-03 12:45 - 00022528 _____ () C:\Users\Raj\AppData\Local\Temp\_MEI19882\win32ts.pyd
2014-12-03 12:45 - 2014-12-03 12:45 - 00078336 _____ () C:\Users\Raj\AppData\Local\Temp\_MEI19882\wx._animate.pyd
2014-06-11 02:51 - 2014-12-02 23:10 - 03758192 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2012-08-22 23:42 - 2012-08-22 23:42 - 00435584 _____ () C:\Program Files (x86)\Common Files\Acronis\Home\ulxmlrpcpp.dll
2012-11-21 10:56 - 2012-06-25 13:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Program Files (x86)\Vectir:{7A004600-3600-4100-3800-520058003400}
AlternateDataStreams: C:\Users\Raj\SkyDrive:ms-properties

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: 9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269 => 2
MSCONFIG\Services: AMD External Events Utility => 2
MSCONFIG\Services: IviRegMgr => 2
MSCONFIG\Services: PSI_SVC_2 => 2
MSCONFIG\Services: RoxMediaDB14 => 3
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe
MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe
MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exe
HKLM\...\StartupApproved\StartupFolder: => "CodecPackUpdateChecker.lnk"
HKLM\...\StartupApproved\Run: => "Malwarebytes Anti-Malware (cleanup)"
HKLM\...\StartupApproved\Run: => "ISCT Tray"
HKLM\...\StartupApproved\Run: => "Logitech Download Assistant"
HKLM\...\StartupApproved\Run32: => "APSDaemon"
HKLM\...\StartupApproved\Run32: => "ISUSPM"
HKLM\...\StartupApproved\Run32: => "RoxWatchTray"
HKLM\...\StartupApproved\Run32: => "SgfxConfig"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "QuickTime Task"
HKLM\...\StartupApproved\Run32: => "MessengerPlusForSkypeService"
HKLM\...\StartupApproved\Run32: => "Acrobat Assistant 8.0"
HKLM\...\StartupApproved\Run32: => "Adobe ARM"
HKLM\...\StartupApproved\Run32: => "DivXMediaServer"
HKLM\...\StartupApproved\Run32: => "DivXUpdate"
HKLM\...\StartupApproved\Run32: => "AdobeCS5.5ServiceManager"
HKLM\...\StartupApproved\Run32: => "AdobeCS6ServiceManager"
HKLM\...\StartupApproved\Run32: => "BingDesktop"
HKLM\...\StartupApproved\Run32: => "Malwarebytes Anti-Malware"
HKLM\...\StartupApproved\Run32: => "CLMLServer_For_P2G8"
HKU\S-1-5-21-1170371211-3377574443-1108615615-1003\...\StartupApproved\StartupFolder: => "Logitech . Product Registration.lnk"
HKU\S-1-5-21-1170371211-3377574443-1108615615-1003\...\StartupApproved\Run: => "Power2GoExpress8"
HKU\S-1-5-21-1170371211-3377574443-1108615615-1003\...\StartupApproved\Run: => "icq"
HKU\S-1-5-21-1170371211-3377574443-1108615615-1003\...\StartupApproved\Run: => "RGSC"
HKU\S-1-5-21-1170371211-3377574443-1108615615-1003\...\StartupApproved\Run: => "HP Deskjet 3050 J610 series (NET)"
HKU\S-1-5-21-1170371211-3377574443-1108615615-1003\...\StartupApproved\Run: => "OfficeSyncProcess"

========================= Accounts: ==========================

Administrator (S-1-5-21-1170371211-3377574443-1108615615-500 - Administrator - Disabled)
Guest (S-1-5-21-1170371211-3377574443-1108615615-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-1170371211-3377574443-1108615615-1015 - Limited - Enabled)
Mcx1-RAJ-PC (S-1-5-21-1170371211-3377574443-1108615615-1018 - Limited - Enabled) => C:\Users\Mcx1-RAJ-PC
Raj (S-1-5-21-1170371211-3377574443-1108615615-1003 - Administrator - Enabled) => C:\Users\Raj

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (12/03/2014 00:50:04 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program LiveComm.exe version 17.5.9600.20689 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: eb8

Start Time: 01d00f20cf2ba87f

Termination Time: 4294967295

Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exe

Report Id: bd9541d7-7b14-11e4-bf5e-84a6c885c293

Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe

Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1

Error: (12/03/2014 00:45:11 PM) (Source: Windows Search Service) (EventID: 10021) (User: )
Description: Could not get performance counter registry info for WSearchIdxPi for instance   due to the following error: The operation completed successfully.   0x0.

Error: (12/03/2014 00:45:10 PM) (Source: Windows Search Service) (EventID: 3007) (User: )
Description: Performance monitoring cannot be initialized for the gatherer object, because the counters are not loaded or the shared memory object cannot be opened. This only affects availability of the perfmon counters. Restart the computer.

Context:  Application, SystemIndex Catalog

Error: (12/03/2014 00:45:09 PM) (Source: Windows Search Service) (EventID: 3006) (User: )
Description: Performance monitoring cannot be initialized for the gatherer service, because the counters are not loaded or the shared memory object cannot be opened. This only affects availability of the perfmon counters. Restart the computer.

Error: (12/03/2014 00:39:48 PM) (Source: Windows Search Service) (EventID: 10021) (User: )
Description: Could not get performance counter registry info for WSearchIdxPi for instance   due to the following error: The operation completed successfully.   0x0.

Error: (12/03/2014 00:39:47 PM) (Source: Windows Search Service) (EventID: 3007) (User: )
Description: Performance monitoring cannot be initialized for the gatherer object, because the counters are not loaded or the shared memory object cannot be opened. This only affects availability of the perfmon counters. Restart the computer.

Context:  Application, SystemIndex Catalog

Error: (12/03/2014 00:39:46 PM) (Source: Windows Search Service) (EventID: 3006) (User: )
Description: Performance monitoring cannot be initialized for the gatherer service, because the counters are not loaded or the shared memory object cannot be opened. This only affects availability of the perfmon counters. Restart the computer.

Error: (12/03/2014 00:39:17 PM) (Source: Microsoft-Windows-RestartManager) (EventID: 10006) (User: RAJ-PC)
Description: Application or service 'Microsoft Windows Search Protocol Host' could not be shut down.

Error: (12/03/2014 04:19:09 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program wwahost.exe version 6.3.9600.17415 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 2f04

Start Time: 01d00eda07d31d88

Termination Time: 4294967295

Application Path: C:\WINDOWS\syswow64\wwahost.exe

Report Id: 6e859e1e-7acd-11e4-bf5d-84a6c885c293

Faulting package full name: Microsoft.SkypeApp_3.1.0.1005_x86__kzf8qxf38zg5c

Faulting package-relative application ID: App

Error: (12/03/2014 04:19:09 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program backgroundTaskHost.exe version 6.3.9600.17415 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 41a4

Start Time: 01d00eda082c6fd4

Termination Time: 4294967295

Application Path: C:\WINDOWS\system32\backgroundTaskHost.exe

Report Id: 6e73b03d-7acd-11e4-bf5d-84a6c885c293

Faulting package full name: 588E6FFA.CNNAppforWindows_1.2.0.0_neutral__cs8eyncph15zy

Faulting package-relative application ID: App


System errors:
=============
Error: (12/03/2014 00:43:26 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has failed to start.

Module Path: C:\WINDOWS\System32\IWMSSvc.dll
Error Code: 126

Error: (12/03/2014 00:41:03 PM) (Source: DCOM) (EventID: 10010) (User: RAJ-PC)
Description: {9BA05972-F6A8-11CF-A442-00A0C90A8F39}

Error: (12/02/2014 05:44:26 PM) (Source: DCOM) (EventID: 10001) (User: RAJ-PC)
Description: "C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exe" -ServerName:Microsoft.WindowsLive.Platform.Server31Microsoft.WindowsLive.Mail.AppXj3e9v0xw9sf8t58nqr15tqqb2yq4zsfg.mcaUnavailableUnavailable

Error: (12/02/2014 05:44:26 PM) (Source: DCOM) (EventID: 10001) (User: RAJ-PC)
Description: "BackgroundTransferHost.exe" -ServerName:BackgroundTransferHost.431Windows.Networking.BackgroundTransfer.Internal.NetworkChangeTask.ClassId.4UnavailableUnavailable

Error: (12/02/2014 05:44:08 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has failed to start.

Module Path: C:\WINDOWS\System32\IWMSSvc.dll
Error Code: 126

Error: (12/01/2014 04:41:52 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has failed to start.

Module Path: C:\WINDOWS\System32\IWMSSvc.dll
Error Code: 126

Error: (11/28/2014 06:32:08 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has failed to start.

Module Path: C:\WINDOWS\System32\IWMSSvc.dll
Error Code: 126

Error: (11/27/2014 01:55:17 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has failed to start.

Module Path: C:\WINDOWS\System32\IWMSSvc.dll
Error Code: 126

Error: (11/26/2014 10:10:49 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has failed to start.

Module Path: C:\WINDOWS\System32\IWMSSvc.dll
Error Code: 126

Error: (11/25/2014 02:44:17 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has failed to start.

Module Path: C:\WINDOWS\System32\IWMSSvc.dll
Error Code: 126


Microsoft Office Sessions:
=========================
Error: (12/03/2014 00:50:04 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: LiveComm.exe17.5.9600.20689eb801d00f20cf2ba87f4294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exebd9541d7-7b14-11e4-bf5e-84a6c885c293microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1

Error: (12/03/2014 00:45:11 PM) (Source: Windows Search Service) (EventID: 10021) (User: )
Description: WSearchIdxPiThe operation completed successfully.   0x0

Error: (12/03/2014 00:45:10 PM) (Source: Windows Search Service) (EventID: 3007) (User: )
Description: Context:  Application, SystemIndex Catalog

Error: (12/03/2014 00:45:09 PM) (Source: Windows Search Service) (EventID: 3006) (User: )
Description:

Error: (12/03/2014 00:39:48 PM) (Source: Windows Search Service) (EventID: 10021) (User: )
Description: WSearchIdxPiThe operation completed successfully.   0x0

Error: (12/03/2014 00:39:47 PM) (Source: Windows Search Service) (EventID: 3007) (User: )
Description: Context:  Application, SystemIndex Catalog

Error: (12/03/2014 00:39:46 PM) (Source: Windows Search Service) (EventID: 3006) (User: )
Description:

Error: (12/03/2014 00:39:17 PM) (Source: Microsoft-Windows-RestartManager) (EventID: 10006) (User: RAJ-PC)
Description: 1C:\Windows\SysWOW64\SearchProtocolHost.exeMicrosoft Windows Search Protocol Host05117133880

Error: (12/03/2014 04:19:09 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: wwahost.exe6.3.9600.174152f0401d00eda07d31d884294967295C:\WINDOWS\syswow64\wwahost.exe6e859e1e-7acd-11e4-bf5d-84a6c885c293Microsoft.SkypeApp_3.1.0.1005_x86__kzf8qxf38zg5cApp

Error: (12/03/2014 04:19:09 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: backgroundTaskHost.exe6.3.9600.1741541a401d00eda082c6fd44294967295C:\WINDOWS\system32\backgroundTaskHost.exe6e73b03d-7acd-11e4-bf5d-84a6c885c293588E6FFA.CNNAppforWindows_1.2.0.0_neutral__cs8eyncph15zyApp


CodeIntegrity Errors:
===================================
  Date: 2014-12-03 03:28:21.884
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-12-03 03:28:21.730
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-12-03 03:28:21.518
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-12-03 03:28:21.331
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-12-03 03:28:20.856
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-12-03 03:28:20.524
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-12-03 03:28:20.309
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-12-03 03:28:20.154
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-12-03 03:28:19.963
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-12-03 03:28:13.378
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info ===========================

Processor: Intel® Core™ i7-3632QM CPU @ 2.20GHz
Percentage of memory in use: 37%
Total physical RAM: 8088.28 MB
Available physical RAM: 5036.25 MB
Total Pagefile: 8600.28 MB
Available Pagefile: 6020.37 MB
Total Virtual: 131072 MB
Available Virtual: 131071.77 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:901.31 GB) (Free:609.64 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (RECOVERY) (Fixed) (Total:29.08 GB) (Free:3.32 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: AB60B972)

Partition: GPT Partition Type.

==================== End Of Log ============================


Edited by Malickfan86, 03 December 2014 - 03:47 PM.


#3 Jo*

Jo*

  • Malware Response Team
  • 3,269 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:08:33 PM

Posted 04 December 2014 - 03:24 AM

:welcome:

Hello Malickfan86,

my name is Jo and I will help you with your computer problems.


Please follow these guidelines:
  • Logs can take a while to research, so please be patient.
  • Read and follow the instructions in the sequence they are posted.
  • print or copy & save instructions.
  • back up all your private data / important files on another (external) drive before using our tools.
  • Do not install / uninstall any applications, unless otherwise instructed.
  • Use only that tools you have been instructed to use.
  • Copy and Paste the log files inside your post, unless otherwise instructed.
  • Ask for clarification, if you have any questions.
  • Stay with this topic til you get the all clean post.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

***


1. Download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
    Vista / Windows 7/8 users right-click and select Run As Administrator.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

***


Please download Malwarebytes Anti-Rootkit and save it to your desktop.
  • Be sure to print out and follow the instructions provided on that same page.
  • Caution: This is a beta version so please be sure to read the disclaimer and back up all your data before using.
  • Scan your system for malware
With some infections, you may see two messages boxes.
  • 'Could not load protection driver'. Click 'OK'.
  • 'Could not load DDA driver'. Click 'Yes' to this message, to allow the driver to load after a restart. Allow the computer to restart. Continue with the rest of these instructions.
  • If malware is found - do not press the Clean up button, please go to the MBAR folder and then copy/paste the contents of the MBAR-log-***.txt file to your next reply.
  • If there is no malware found, please let me know as well.

***


Please download AdwCleaner by Xplode and save to your Desktop.
Double-click AdwCleaner.exe
Vista / Windows 7/8 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
    When the scan has finished, the actual line should say "Pending. Please uncheck elements you do not want to remove" => scan is complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it.
    If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

***


Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#4 Malickfan86

Malickfan86
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:08:33 PM

Posted 04 December 2014 - 03:29 PM

Hi Jo,

 

Thank you for helping!

 

Here are the contents of [Security Check] checkup.txt:

 

 Results of screen317's Security Check version 0.99.91  
   x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
Windows Defender   
 WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
 Secunia PSI (3.0.0.9016)   
 Java 8 Update 25  
 Java version 32-bit out of Date!
 Adobe Flash Player     15.0.0.239  
 Mozilla Firefox (34.0)
````````Process Check: objlist.exe by Laurent````````  
 Windows Defender MSMpEng.exe
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:  %
````````````````````End of Log``````````````````````
 

Here are the contents of [MBAR] system-log.txt:

 

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.08.2.1001

© Malwarebytes Corporation 2011-2012

OS version: 6.3.9200 Windows 8.1 x64

Account is Administrative

Internet Explorer version: 11.0.9600.17416

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 2.195000 GHz
Memory total: 8481173504, free: 5835792384

Downloaded database version: v2014.12.04.08
Downloaded database version: v2014.12.03.01
=======================================
Initializing...
------------ Kernel report ------------
     12/04/2014 14:16:06
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kd.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\System32\drivers\werkernel.sys
\SystemRoot\System32\drivers\CLFS.SYS
\SystemRoot\System32\drivers\tm.sys
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\BOOTVID.dll
\SystemRoot\system32\CI.dll
\SystemRoot\System32\drivers\msrpc.sys
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\System32\Drivers\acpiex.sys
\SystemRoot\System32\Drivers\WppRecorder.sys
\SystemRoot\System32\drivers\ACPI.sys
\SystemRoot\System32\drivers\WMILIB.SYS
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\msisadrv.sys
\SystemRoot\System32\drivers\pci.sys
\SystemRoot\System32\drivers\vdrvroot.sys
\SystemRoot\system32\drivers\pdc.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\System32\drivers\spaceport.sys
\SystemRoot\System32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\System32\drivers\iaStorA.sys
\SystemRoot\System32\drivers\storport.sys
\SystemRoot\System32\drivers\EhStorClass.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\System32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Wof.sys
\SystemRoot\system32\drivers\WdFilter.sys
\SystemRoot\System32\Drivers\PxHlpa64.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\DRIVERS\wfplwfs.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\DRIVERS\hpdskflt.sys
\SystemRoot\System32\drivers\volsnap.sys
\SystemRoot\system32\DRIVERS\tib.sys
\SystemRoot\system32\DRIVERS\snapman.sys
\SystemRoot\system32\drivers\sgfxl64.sys
\SystemRoot\System32\Drivers\Saibad64.sys
\SystemRoot\System32\Drivers\Sahdad64.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\intelpep.sys
\SystemRoot\system32\DRIVERS\fltsrv.sys
\SystemRoot\System32\drivers\disk.sys
\SystemRoot\System32\drivers\CLASSPNP.SYS
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\drivers\cdrom.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\BasicRender.sys
\SystemRoot\system32\drivers\sgfxk64.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\System32\drivers\BasicDisplay.sys
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\csc.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\System32\Drivers\SaibVdAd64.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\System32\drivers\npsvctrig.sys
\SystemRoot\System32\drivers\mssmbios.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\CLVirtualDrive.sys
\SystemRoot\system32\DRIVERS\ahcache.sys
\SystemRoot\System32\drivers\CompositeBus.sys
\SystemRoot\System32\drivers\serscan.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\drivers\ks.sys
\SystemRoot\system32\DRIVERS\kdnic.sys
\SystemRoot\System32\drivers\umbus.sys
\SystemRoot\system32\DRIVERS\atikmpag.sys
\SystemRoot\system32\DRIVERS\atikmdag.sys
\SystemRoot\system32\DRIVERS\igdpmd64.sys
\SystemRoot\System32\drivers\USBXHCI.SYS
\SystemRoot\System32\drivers\ucx01000.sys
\SystemRoot\System32\drivers\HECIx64.sys
\SystemRoot\System32\drivers\usbehci.sys
\SystemRoot\System32\drivers\USBPORT.SYS
\SystemRoot\System32\drivers\HDAudBus.sys
\SystemRoot\system32\DRIVERS\RtsBaStor.sys
\SystemRoot\system32\DRIVERS\Rt630x64.sys
\SystemRoot\system32\DRIVERS\NETwew00.sys
\SystemRoot\System32\drivers\vwifibus.sys
\SystemRoot\System32\drivers\i8042prt.sys
\SystemRoot\system32\DRIVERS\SynTP.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\System32\drivers\kbdclass.sys
\SystemRoot\System32\Drivers\fastfat.SYS
\SystemRoot\System32\drivers\mouclass.sys
\SystemRoot\System32\drivers\CmBatt.sys
\SystemRoot\System32\drivers\BATTC.SYS
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\system32\DRIVERS\Smb_driver_Intel.sys
\SystemRoot\system32\DRIVERS\Accelerometer.sys
\SystemRoot\System32\drivers\wmiacpi.sys
\SystemRoot\System32\drivers\WirelessButtonDriver64.sys
\SystemRoot\System32\drivers\HIDCLASS.SYS
\SystemRoot\System32\drivers\HIDPARSE.SYS
\SystemRoot\System32\drivers\intelppm.sys
\SystemRoot\System32\drivers\NdisVirtualBus.sys
\SystemRoot\System32\drivers\swenum.sys
\SystemRoot\System32\drivers\rdpbus.sys
\SystemRoot\System32\drivers\usbhub.sys
\SystemRoot\System32\drivers\UsbHub3.sys
\SystemRoot\system32\DRIVERS\stwrt64.sys
\SystemRoot\system32\DRIVERS\portcls.sys
\SystemRoot\system32\DRIVERS\drmk.sys
\SystemRoot\system32\drivers\HdAudio.sys
\SystemRoot\System32\Drivers\dump_diskdump.sys
\SystemRoot\System32\Drivers\dump_iaStorA.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\drivers\usbccgp.sys
\SystemRoot\System32\Drivers\usbvideo.sys
\SystemRoot\system32\DRIVERS\iBtFltCoex.sys
\SystemRoot\system32\DRIVERS\btmhsf.sys
\SystemRoot\System32\Drivers\BTHUSB.sys
\SystemRoot\System32\Drivers\bthport.sys
\SystemRoot\System32\drivers\hidusb.sys
\SystemRoot\system32\DRIVERS\LEqdUsb.Sys
\SystemRoot\System32\drivers\kbdhid.sys
\SystemRoot\System32\drivers\mouhid.sys
\SystemRoot\system32\DRIVERS\LHidEqd.Sys
\SystemRoot\system32\DRIVERS\LHidFilt.Sys
\SystemRoot\system32\DRIVERS\LMouFilt.Sys
\SystemRoot\System32\win32k.sys
\SystemRoot\system32\DRIVERS\BthLEEnum.sys
\SystemRoot\System32\drivers\rfcomm.sys
\SystemRoot\System32\drivers\BthEnum.sys
\SystemRoot\System32\drivers\bthpan.sys
\SystemRoot\System32\drivers\bthmodem.sys
\SystemRoot\system32\drivers\BthA2DP.sys
\SystemRoot\system32\drivers\btampm.sys
\SystemRoot\System32\drivers\bthhfenum.sys
\SystemRoot\system32\DRIVERS\btmaux.sys
\SystemRoot\System32\drivers\BthHfAud.sys
\SystemRoot\System32\drivers\BthHFHid.sys
\SystemRoot\System32\drivers\mshidkmdf.sys
\SystemRoot\System32\drivers\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\System32\drivers\WinUsb.sys
\SystemRoot\System32\drivers\WUDFRd.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\System32\drivers\condrv.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\vwifimp.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\drivers\Ndu.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\system32\drivers\qwavedrv.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\afcdp.sys
\SystemRoot\System32\drivers\rdpvideominiport.sys
\SystemRoot\System32\drivers\rdpdr.sys
\SystemRoot\system32\Drivers\WdNisDrv.sys
\SystemRoot\system32\DRIVERS\asyncmac.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\??\C:\WINDOWS\system32\drivers\mbamchameleon.sys
\??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xffffe001b80e0060
Upper Device Driver Name: \Driver\disk\
Lower Device Name: \Device\00000039\
Lower Device Object: 0xffffe001b459c060
Lower Device Driver Name: \Driver\iaStorA\
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffe001b80e0060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xffffe001b80e0b20, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffe001b80e0060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
DevicePointer: 0xffffe001b80e1b20, DeviceName: Unknown, DriverName: \Driver\hpdskflt\
DevicePointer: 0xffffe001b80e1040, DeviceName: Unknown, DriverName: \Driver\Sahdad64\
DevicePointer: 0xffffe001b459c060, DeviceName: \Device\00000039\, DriverName: \Driver\iaStorA\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
File "C:\Windows\System32\drivers\1394ohci.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\1394ohci.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\acpi.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\acpi.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\acpipagr.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\acpipagr.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\acpipmi.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\acpipmi.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\acpitime.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\acpitime.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\AGP440.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\AGP440.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\amdk8.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\amdk8.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\amdppm.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\amdppm.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\atapi.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\atapi.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\ataport.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\ataport.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\intelpep.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\intelpep.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\intelppm.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\intelppm.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\BasicRender.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\BasicRender.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\battc.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\battc.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\BtaMPM.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\BtaMPM.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\BthA2DP.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\BthA2DP.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\BthAvrcpTg.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\BthAvrcpTg.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\bthenum.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\bthenum.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\BthHfAud.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\BthHfAud.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\bthhfenum.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\bthhfenum.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\BthhfHid.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\BthhfHid.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\BthLEEnum.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\BthLEEnum.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\bthmodem.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\bthmodem.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\bthpan.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\bthpan.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\bthport.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\bthport.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\BTHUSB.SYS" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\BTHUSB.SYS" is compressed (flags = 1)
File "C:\Windows\System32\drivers\dumpsd.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\dumpsd.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\EhStorTcgDrv.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\EhStorTcgDrv.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\errdev.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\errdev.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\fdc.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\fdc.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\flpydisk.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\flpydisk.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\parport.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\parport.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\pci.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\pci.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\pciide.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\pciide.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\pciidex.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\pciidex.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\pcmcia.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\pcmcia.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\portcls.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\portcls.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\processr.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\processr.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\monitor.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\monitor.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\mouclass.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\mouclass.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\mouhid.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\mouhid.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\BasicDisplay.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\BasicDisplay.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\cdrom.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\cdrom.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\isapnp.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\isapnp.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\sdbus.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\sdbus.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\sdstor.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\sdstor.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\serenum.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\serenum.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\serial.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\serial.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\sermouse.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\sermouse.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\sfloppy.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\sfloppy.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\terminpt.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\terminpt.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\tpm.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\tpm.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\TsUsbGD.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\TsUsbGD.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\uaspstor.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\uaspstor.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\UCX01000.SYS" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\UCX01000.SYS" is compressed (flags = 1)
File "C:\Windows\System32\drivers\uefi.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\uefi.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\umbus.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\umbus.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\umpass.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\umpass.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\usbccgp.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\usbccgp.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\usbcir.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\usbcir.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\usbd.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\usbd.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\usbehci.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\usbehci.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\usbhub.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\usbhub.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\USBHUB3.SYS" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\USBHUB3.SYS" is compressed (flags = 1)
File "C:\Windows\System32\drivers\usbohci.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\usbohci.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\usbport.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\usbport.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\usbprint.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\usbprint.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\USBSTOR.SYS" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\USBSTOR.SYS" is compressed (flags = 1)
File "C:\Windows\System32\drivers\usbuhci.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\usbuhci.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\usbvideo.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\usbvideo.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\USBXHCI.SYS" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\USBXHCI.SYS" is compressed (flags = 1)
File "C:\Windows\System32\drivers\vdrvroot.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\vdrvroot.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\vhdmp.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\vhdmp.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\volmgr.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\volmgr.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\fxppm.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\fxppm.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\hdaudbus.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\hdaudbus.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\HdAudio.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\HdAudio.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\hidbatt.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\hidbatt.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\hidbth.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\hidbth.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\hidclass.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\hidclass.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\hidi2c.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\hidi2c.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\hidparse.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\hidparse.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\hidusb.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\hidusb.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\i8042prt.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\i8042prt.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\mssmbios.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\mssmbios.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\MTConfig.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\MTConfig.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\npsvctrig.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\npsvctrig.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\volsnap.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\volsnap.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\vwifibus.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\vwifibus.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\wacompen.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\wacompen.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\rdpbus.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\rdpbus.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\rfcomm.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\rfcomm.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\sbp2port.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\sbp2port.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\circlass.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\circlass.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\CmBatt.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\CmBatt.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\CompositeBus.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\CompositeBus.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\disk.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\disk.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\drmk.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\drmk.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\drmkaud.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\drmkaud.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\kbdclass.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\kbdclass.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\kbdhid.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\kbdhid.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\kdnic.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\kdnic.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\msgpiowin32.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\msgpiowin32.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\msisadrv.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\msisadrv.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\msiscsi.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\msiscsi.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\winusb.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\winusb.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\wmiacpi.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\wmiacpi.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\WSDPrint.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\WSDPrint.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\spaceport.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\spaceport.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\stornvme.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\stornvme.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\swenum.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\swenum.sys" is compressed (flags = 1)
Done!
Drive 0
This is a System drive
Scanning MBR on drive 0...
Inspecting partition table:
This drive is a GPT Drive.
MBR Signature: 55AA
Disk Signature: AB60B972

GPT Protective MBR Partition information:

    Partition 0 type is EFI-GPT (0xee)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 1  Numsec = 1953525167

    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

GPT Partition information:

    GPT Header Signature 4546492050415254
    GPT Header Revision 65536 Size 92 CRC 2993185495
    GPT Header CurrentLba = 1 BackupLba 1953525167
    GPT Header FirstUsableLba 34  LastUsableLba 1953525134
    GPT Header Guid 51d5e3a0-ee7e-48a0-8e34-9131c79cd39a
    GPT Header Contains 128 partition entries starting at LBA 2
    GPT Header Partition entry size = 128

    Backup GPT header Signature 4546492050415254
    Backup GPT header Revision 65536 Size 92 CRC 2993185495
    Backup GPT header CurrentLba = 1953525167 BackupLba 1
    Backup GPT header FirstUsableLba 34  LastUsableLba 1953525134
    Backup GPT header Guid 51d5e3a0-ee7e-48a0-8e34-9131c79cd39a
    Backup GPT header Contains 128 partition entries starting at LBA 1953525135
    Backup GPT header Partition entry size = 128

    Partition 0 Type de94bba4-6d1-4d40-a16a-bfd5179d6ac
    Partition ID 8bf0ada7-3939-40c6-aa7d-addef11524a6
    FirstLBA 2048  Last LBA 821247
    Attributes 1
    Partition Name                 Basic data partition

    Partition 1 Type c12a7328-f81f-11d2-ba4b-0a0c93ec93b
    Partition ID 4d43f0e4-4bf8-4d96-be1d-26b8af5d68f6
    FirstLBA 821248  Last LBA 1353727
    Attributes 0
    Partition Name                                     

    GPT Partition 1 is bootable
    Partition 2 Type e3c9e316-b5c-4db8-817d-f92df0215ae
    Partition ID 6ee23b8f-ba91-4784-8da0-ed2a26c462
    FirstLBA 1353728  Last LBA 1615871
    Attributes 0
    Partition Name         Microsoft reserved partition

    Partition 3 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7
    Partition ID 3440b5e2-1dfd-4e26-8ddd-31f3b31623e3
    FirstLBA 1615872  Last LBA 1891803135
    Attributes 0
    Partition Name                                     

    Partition 4 Type de94bba4-6d1-4d40-a16a-bfd5179d6ac
    Partition ID bb3fba89-a470-4d12-a8b9-924fde552c48
    FirstLBA 1891803136  Last LBA 1892519935
    Attributes 1
    Partition Name                                     

    Partition 5 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7
    Partition ID be7aa75c-3238-4259-b3de-161f7843c0e4
    FirstLBA 1892519936  Last LBA 1953511423
    Attributes 1
    Partition Name                 Basic data partition

Disk Size: 1000204886016 bytes
Sector size: 512 bytes

Done!
Scan finished
=======================================


Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
Removal finished
 

Here are the contents of AdwCleaner[R0].txt:

 

# AdwCleaner v4.103 - Report created 04/12/2014 at 15:09:56
# Updated 01/12/2014 by Xplode
# Database : 2014-12-03.1 [Live]
# Operating System : Windows 8.1 Pro with Media Center  (64 bits)
# Username : Raj - RAJ-PC
# Running from : C:\Users\Raj\Desktop\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****

Service Found : valWBFPolicyService

***** [ Files / Folders ] *****

File Found : C:\Users\Raj\AppData\Roaming\Mozilla\Firefox\Profiles\a424ksis.default\searchplugins\search.xml
File Found : C:\WINDOWS\System32\valWBFPolicyService.exe
Folder Found : C:\Users\Raj\AppData\Roaming\Mozilla\Firefox\Profiles\a424ksis.default\Extensions\isreaditlater@ideashower.com
Folder Found : C:\Users\Raj\AppData\Roaming\Systweak

***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\systweak
Key Found : [x64] HKCU\Software\Conduit
Key Found : [x64] HKCU\Software\systweak
Key Found : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Key Found : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Key Found : HKLM\SOFTWARE\Classes\CLSID\{05FDF47C-E0BD-434E-8740-4B77961252C6}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{103F0905-ECCB-4605-81F0-CCF2A91D94B4}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{2130307D-A080-4301-884E-C94C34736DBC}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{257625CC-AD7D-4C65-AC90-00987B0305E4}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3BC48320-AF28-4A5A-96E4-0C440D05814D}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{405703AA-28EA-4244-B968-482FDD6C56F6}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{57D9A59D-FC7D-48B9-A1A1-EB9D8F289E83}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{6007991A-A5C7-41D4-B403-03A4359AC36A}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{DDE04D16-F4A9-41A9-A4C0-B19CA0C8CBDC}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E2B88ED7-39FA-4B89-BB0D-0A2C3A5BC8CD}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{F343045E-E20A-46E1-82D8-9962C43EFC9E}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{F3B32220-EB4C-4601-B258-E9AE4BED5EDF}
Key Found : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Found : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Key Found : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager
Key Found : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager.1
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Key Found : HKLM\SOFTWARE\systweak
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17416


-\\ Mozilla Firefox v34.0 (x86 en-US)


-\\ Google Chrome v


*************************

AdwCleaner[R0].txt - [3002 octets] - [04/12/2014 15:09:56]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [3062 octets] ##########
 

I would like to keep everything having to do with Validity Sensors, since it pertains to my laptop's fingerprint reader, which I use often.

 

Here are the error messages that I get upon start-up:

 

The module "C:\Users\Raj\AppData\Local\UPmedia\vsMapObj.dll" failed to load."

 

The module "C:\Users\Raj\AppData\Local\Yf...\ITunesInterval.dll" failed to load."



#5 Jo*

Jo*

  • Malware Response Team
  • 3,269 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:08:33 PM

Posted 04 December 2014 - 04:27 PM

Hello Malickfan86,

If AdwCleaner finds something about Validity Sensors you can uncheck it (but your latest log did not...).

Double click on AdwCleaner.exe to run the tool again.
Vista / Windows 7/8 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin to scan your computer like it did before.
  • When the scan has finished, the actual line should say "Pending. Please uncheck elements you do not want to remove". Look through the scan results and uncheck any entries that you do not wish to remove.
  • This time, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.

***


Please download Junkware Removal Tool from HERE and save it to your desktop.
Shutdown your antivirus to avoid any potential conflicts.
Double click JRT.exe to run the tool.
Vista / Windows 7/8 users right-click and select Run As Administrator.
  • JRT will begin to backup your registry and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, the log JRT.txt is saved on your desktop and will automatically open.
Enable your antivirus!
Post the contents of JRT.txt into your next reply.



***


Run the Farbar Recovery Scan Tool again.
  • Double-click to run FSRT / FSRT64. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

***


How the computer is running now?



***


Edited by Jo*, 04 December 2014 - 04:27 PM.

Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#6 Malickfan86

Malickfan86
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:08:33 PM

Posted 04 December 2014 - 05:34 PM

Here are the contents of AdwCleaner[S0].txt:

 

# AdwCleaner v4.103 - Report created 04/12/2014 at 17:02:28
# Updated 01/12/2014 by Xplode
# Database : 2014-12-03.1 [Live]
# Operating System : Windows 8.1 Pro with Media Center  (64 bits)
# Username : Raj - RAJ-PC
# Running from : C:\Users\Raj\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

[x] Not Deleted : valWBFPolicyService

***** [ Files / Folders ] *****

Folder Deleted : C:\Users\Raj\AppData\Roaming\Systweak
Folder Deleted : C:\Users\Raj\AppData\Roaming\Mozilla\Firefox\Profiles\a424ksis.default\Extensions\isreaditlater@ideashower.com
[x] Not Deleted : C:\WINDOWS\System32\valWBFPolicyService.exe
File Deleted : C:\Users\Raj\AppData\Roaming\Mozilla\Firefox\Profiles\a424ksis.default\searchplugins\search.xml

***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Key Deleted : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager
Key Deleted : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager.1
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{05FDF47C-E0BD-434E-8740-4B77961252C6}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{103F0905-ECCB-4605-81F0-CCF2A91D94B4}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2130307D-A080-4301-884E-C94C34736DBC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{257625CC-AD7D-4C65-AC90-00987B0305E4}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3BC48320-AF28-4A5A-96E4-0C440D05814D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{405703AA-28EA-4244-B968-482FDD6C56F6}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{57D9A59D-FC7D-48B9-A1A1-EB9D8F289E83}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6007991A-A5C7-41D4-B403-03A4359AC36A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DDE04D16-F4A9-41A9-A4C0-B19CA0C8CBDC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E2B88ED7-39FA-4B89-BB0D-0A2C3A5BC8CD}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F343045E-E20A-46E1-82D8-9962C43EFC9E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F3B32220-EB4C-4601-B258-E9AE4BED5EDF}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\systweak
Key Deleted : HKLM\SOFTWARE\systweak

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17416


-\\ Mozilla Firefox v34.0 (x86 en-US)


-\\ Google Chrome v


*************************

AdwCleaner[R0].txt - [3158 octets] - [04/12/2014 15:09:56]
AdwCleaner[R1].txt - [3218 octets] - [04/12/2014 16:52:57]
AdwCleaner[S0].txt - [3113 octets] - [04/12/2014 17:02:28]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [3173 octets] ##########

Here are the contents of JRT.txt:

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.0 (11.29.2014:1)
OS: Windows 8.1 Pro with Media Center x64
Ran by Raj on 2014-12-04 at 17:12:00.70
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files

Successfully deleted: [File] "C:\WINDOWS\wininit.ini"



~~~ Folders



~~~ FireFox

Successfully deleted: [File] C:\Users\Raj\AppData\Roaming\mozilla\firefox\profiles\a424ksis.default\searchplugins\search.xml



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 2014-12-04 at 17:24:00.32
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

Here are the contents of FRST.txt:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 03-12-2014

Ran by Raj (administrator) on RAJ-PC on 04-12-2014 17:28:33

Running from C:\Users\Raj\Desktop

Loaded Profile: Raj (Available profiles: Raj & Mcx1-RAJ-PC)

Platform: Windows 8.1 Pro with Media Center (X64) OS Language: English (United States)

Internet Explorer Version 11

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

 

==================== Processes (Whitelisted) =================

 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

 

(HP) C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe

(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe

(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe

(Stardock Software, Inc) C:\Program Files (x86)\Stardock\Start8\Start8Srv.exe

(Stardock Software, Inc) C:\Program Files (x86)\Stardock\Start8\Start8_64.exe

(SMSC) C:\Program Files\SGFX\sgfxmgr.exe

(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

(AuthenTec Inc.) C:\Program Files (x86)\HP SimplePass\TouchControl.exe

(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe

(Acronis) C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe

(Microsoft Corp.) C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe

(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe

(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe

(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe

(Microsoft Corporation) C:\Windows\System32\dasHost.exe

(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler64.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe

() C:\Windows\SysWOW64\PnkBstrA.exe

(Rosetta Stone Ltd.) C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneDaemon.exe

(Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe

() C:\Windows\System32\valWBFPolicyService.exe

(Western Digital) C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe

(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe

() C:\Program Files (x86)\HP SimplePass\IEWebSiteLogon.exe

(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe

(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe

(Intel Corporation) C:\Windows\System32\igfxsrvc.exe

(Intel Corporation) C:\Windows\System32\hkcmd.exe

(Intel Corporation) C:\Windows\System32\igfxpers.exe

(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe

(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe

(Incendo Technology) C:\Program Files (x86)\Vectir\Vectir.exe

(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe

(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe

(AuthenTec, Inc.) C:\Program Files\Common Files\AuthenTec\TrueService.exe

(Spotify Ltd) C:\Users\Raj\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe

(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe

(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe

(Acronis) C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe

(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe

(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe

(AuthenTec, Inc.) C:\Program Files\Common Files\AuthenTec\TrueService.exe

(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe

(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe

(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe

(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

() C:\Program Files (x86)\Roxio Creator NXT\Roxio Burn\RoxioBurnLauncher.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

(Acronis) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

(Microsoft Corporation) C:\Windows\System32\rundll32.exe

(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\LogiAppBroker.exe

(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe

 

 

==================== Registry (Whitelisted) ==================

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

 

HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated)

HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [403328 2012-08-23] (Acronis)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3053808 2013-04-24] (Synaptics Incorporated)

HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1664000 2012-10-24] (IDT, Inc.)

HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [287592 2013-11-21] (Intel Corporation)

HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp

HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch

HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3100440 2014-05-19] (Logitech, Inc.)

HKLM-x32\...\Run: [SgfxConfig] => C:\Program Files\SGFX\sgfxconfig.exe [2233080 2013-01-11] ()

HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [580512 2012-08-24] (Hewlett-Packard Development Company, L.P.)

HKLM-x32\...\Run: [AcronisTibMounterMonitor] => C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe [941440 2012-07-24] (Acronis)

HKLM-x32\...\Run: [TrueImageMonitor.exe] => C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [6010264 2012-08-23] (Acronis)

HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3499920 2014-09-12] (Adobe Systems Inc.)

HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [448856 2014-11-17] (DivX, LLC)

HKLM-x32\...\Run: [CLMLServer_For_P2G8] => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111576 2013-08-05] (CyberLink)

HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [490760 2013-08-06] (CyberLink Corp.)

HKLM-x32\...\Run: [] => [X]

HKLM-x32\...\Run: [BingDesktop] => C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe [2368736 2014-06-04] (Microsoft Corp.)

HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)

HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)

HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation)

HKLM\...\RunOnce: [NCPluginUpdater] => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [21720 2014-11-11] (Hewlett-Packard)

Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)

Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)

HKU\S-1-5-21-1170371211-3377574443-1108615615-1003\...\Run: [Vectir] => C:\Program Files (x86)\Vectir\Vectir.exe [1921536 2014-10-26] (Incendo Technology)

HKU\S-1-5-21-1170371211-3377574443-1108615615-1003\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [22869088 2014-10-21] (Google)

HKU\S-1-5-21-1170371211-3377574443-1108615615-1003\...\Run: [HP Deskjet 3050 J610 series (NET)] => C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)

HKU\S-1-5-21-1170371211-3377574443-1108615615-1003\...\Run: [Power2GoExpress8] => C:\Program Files (x86)\CyberLink\Power2Go8\Power2GoExpress8.exe [1713416 2013-08-06] (CyberLink Corp.)

HKU\S-1-5-21-1170371211-3377574443-1108615615-1003\...\Run: [Spotify Web Helper] => C:\Users\Raj\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1514040 2014-10-09] (Spotify Ltd)

HKU\S-1-5-21-1170371211-3377574443-1108615615-1003\...\Run: [OfficeSyncProcess] => C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE [720064 2014-10-14] (Microsoft Corporation)

HKU\S-1-5-21-1170371211-3377574443-1108615615-1003\...\Run: [YfmPack] => regsvr32.exe C:\Users\Raj\AppData\Local\YfmPack\ITunesInterval.dll <===== ATTENTION

HKU\S-1-5-21-1170371211-3377574443-1108615615-1003\...\Run: [Ugtmedia] => C:\Windows\SysWOW64\regsvr32.exe C:\Users\Raj\AppData\Local\UPmedia\vsMapObj.dll

Startup: C:\Users\Raj\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Deskjet 3050 J610 series (Network).lnk

ShortcutTarget: Monitor Ink Alerts - HP Deskjet 3050 J610 series (Network).lnk -> C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)

ShellIconOverlayIdentifiers: [1SecureIconsProvider] -> {FC9D8189-520A-4417-AED7-9EAC810C6FBA} => C:\ProgramData\Microsoft\Secure\Icons\SecureIconsProvider.dll ()

ShellIconOverlayIdentifiers: [AcronisSyncError] -> {934BC6C0-FEC2-4df5-A100-961DE2C8A0ED} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll (Acronis)

ShellIconOverlayIdentifiers: [AcronisSyncInProgress] -> {00F848DC-B1D4-4892-9C25-CAADC86A215D} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll (Acronis)

ShellIconOverlayIdentifiers: [AcronisSyncOk] -> {71573297-552E-46fc-BE3D-3DFAF88D47B7} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll (Acronis)

 

==================== Internet (Whitelisted) ====================

 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

 

HKU\S-1-5-21-1170371211-3377574443-1108615615-1003\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPCON13/4

HKU\S-1-5-21-1170371211-3377574443-1108615615-1003\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPCON13/4

HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPCON13/4

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPCON13/4

SearchScopes: HKLM -> {59799CB9-8EFC-4091-B4F4-5180DEEB883F} URL = http://www.amazon.ca/s/ref=azs_osd_ieaca?ie=UTF-8&tag=hp-ca2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}

SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/706-156705-11896-0/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}

SearchScopes: HKLM-x32 -> DefaultScope value is missing.

SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/706-156705-11896-0/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}

SearchScopes: HKU\S-1-5-21-1170371211-3377574443-1108615615-1003 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/706-156705-11896-0/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}

BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)

BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)

BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)

BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll (Logitech, Inc.)

BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)

BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)

BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)

BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)

BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)

BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll (Logitech, Inc.)

BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)

BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)

BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)

Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

DPF: HKLM-x32 {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect1261.cab

DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab

DPF: HKLM-x32 {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.5.13.0.cab

Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)

Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)

Winsock: Catalog5 08 C:\WINDOWS\SysWOW64\wlidNSP.dll [50176] (Microsoft Corporation)

Winsock: Catalog5 09 C:\WINDOWS\SysWOW64\wlidNSP.dll [50176] (Microsoft Corporation)

Winsock: Catalog5-x64 08 C:\WINDOWS\system32\wlidnsp.dll [74240] (Microsoft Corporation)

Winsock: Catalog5-x64 09 C:\WINDOWS\system32\wlidnsp.dll [74240] (Microsoft Corporation)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

Tcpip\..\Interfaces\{8718928D-CBEB-45EA-A621-800A9249001D}: [NameServer] 8.8.8.8,8.8.8.8

Tcpip\..\Interfaces\{AC74E177-9AE9-48E6-A25F-D1D4D682EE94}: [NameServer] 8.8.8.8,8.8.8.8

Tcpip\..\Interfaces\{B73B1337-CE1E-4920-8E15-93DBA00FF191}: [NameServer] 8.8.8.8,8.8.8.8

Tcpip\..\Interfaces\{C3FE5B8F-58ED-41B0-BAF3-7569E9010A5D}: [NameServer] 8.8.8.8,8.8.8.8

Tcpip\..\Interfaces\{D4B0ABEC-1C9C-4E06-93EF-B1F39CFE97FC}: [NameServer] 8.8.8.8,8.8.8.8

 

FireFox:

========

FF ProfilePath: C:\Users\Raj\AppData\Roaming\Mozilla\Firefox\Profiles\a424ksis.default

FF SearchEngineOrder.3: Bing

FF SelectedSearchEngine: Google

FF Homepage: hxxp://news.bbc.co.uk/

FF Keyword.URL: hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=

FF NetworkProxy: "type", 0

FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_15_0_0_239.dll ()

FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)

FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF Plugin: @videolan.org/vlc,version=2.0.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF Plugin: @videolan.org/vlc,version=2.0.7 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF Plugin: @videolan.org/vlc,version=2.1.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF Plugin: @videolan.org/vlc,version=2.1.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)

FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_239.dll ()

FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1213153.dll (Adobe Systems, Inc.)

FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF Plugin-x32: @authentec.com/ffwloplugin -> C:\Program Files (x86)\HP SimplePass\npffwloplugin.dll ( HP)

FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)

FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)

FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)

FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3522.0110 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)

FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)

FF Plugin-x32: adobe.com/AdobeExManDetect -> C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll No File

FF Plugin HKU\S-1-5-21-1170371211-3377574443-1108615615-1003: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Raj\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll No File

FF Plugin HKU\S-1-5-21-1170371211-3377574443-1108615615-1003: hp.com/HPDetect -> C:\Users\Raj\AppData\Roaming\HewlettPackard\HPDetect\1.0.0.0\npHPDetect.dll (HP)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)

FF SearchPlugin: C:\Users\Raj\AppData\Roaming\Mozilla\Firefox\Profiles\a424ksis.default\searchplugins\dictionary.xml

FF SearchPlugin: C:\Users\Raj\AppData\Roaming\Mozilla\Firefox\Profiles\a424ksis.default\searchplugins\facebook.xml

FF SearchPlugin: C:\Users\Raj\AppData\Roaming\Mozilla\Firefox\Profiles\a424ksis.default\searchplugins\firefox-add-ons.xml

FF SearchPlugin: C:\Users\Raj\AppData\Roaming\Mozilla\Firefox\Profiles\a424ksis.default\searchplugins\google-play.xml

FF SearchPlugin: C:\Users\Raj\AppData\Roaming\Mozilla\Firefox\Profiles\a424ksis.default\searchplugins\hulu.xml

FF SearchPlugin: C:\Users\Raj\AppData\Roaming\Mozilla\Firefox\Profiles\a424ksis.default\searchplugins\imdb.xml

FF SearchPlugin: C:\Users\Raj\AppData\Roaming\Mozilla\Firefox\Profiles\a424ksis.default\searchplugins\itunes.xml

FF SearchPlugin: C:\Users\Raj\AppData\Roaming\Mozilla\Firefox\Profiles\a424ksis.default\searchplugins\kickassto.xml

FF SearchPlugin: C:\Users\Raj\AppData\Roaming\Mozilla\Firefox\Profiles\a424ksis.default\searchplugins\linkedin.xml

FF SearchPlugin: C:\Users\Raj\AppData\Roaming\Mozilla\Firefox\Profiles\a424ksis.default\searchplugins\LiveSearch.xml

FF SearchPlugin: C:\Users\Raj\AppData\Roaming\Mozilla\Firefox\Profiles\a424ksis.default\searchplugins\netflixcom.xml

FF SearchPlugin: C:\Users\Raj\AppData\Roaming\Mozilla\Firefox\Profiles\a424ksis.default\searchplugins\search.xml

FF SearchPlugin: C:\Users\Raj\AppData\Roaming\Mozilla\Firefox\Profiles\a424ksis.default\searchplugins\thesaurus---referencecom.xml

FF SearchPlugin: C:\Users\Raj\AppData\Roaming\Mozilla\Firefox\Profiles\a424ksis.default\searchplugins\youtube.xml

FF Extension: Canadian English Dictionary - C:\Users\Raj\AppData\Roaming\Mozilla\Firefox\Profiles\a424ksis.default\Extensions\en-CA@dictionaries.addons.mozilla.org [2014-10-09]

FF Extension: Fast Dial - C:\Users\Raj\AppData\Roaming\Mozilla\Firefox\Profiles\a424ksis.default\Extensions\fastdial@telega.phpnet.us [2014-09-24]

FF Extension: IE Tab 2 (FF 3.6+) - C:\Users\Raj\AppData\Roaming\Mozilla\Firefox\Profiles\a424ksis.default\Extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB} [2014-01-06]

FF Extension: AddThis - C:\Users\Raj\AppData\Roaming\Mozilla\Firefox\Profiles\a424ksis.default\Extensions\{3e0e7d2a-070f-4a47-b019-91fe5385ba79} [2013-05-15]

FF Extension: HP Detect - C:\Users\Raj\AppData\Roaming\Mozilla\Firefox\Profiles\a424ksis.default\Extensions\{ab91efd4-6975-4081-8552-1b3922ed79e2} [2013-09-09]

FF Extension: Add to Amazon Wish List Button - C:\Users\Raj\AppData\Roaming\Mozilla\Firefox\Profiles\a424ksis.default\Extensions\amznUWL2@amazon.com.xpi [2014-01-16]

FF Extension: InvisibleHand - C:\Users\Raj\AppData\Roaming\Mozilla\Firefox\Profiles\a424ksis.default\Extensions\canitbecheaper@trafficbroker.co.uk.xpi [2013-05-15]

FF Extension: feedly - C:\Users\Raj\AppData\Roaming\Mozilla\Firefox\Profiles\a424ksis.default\Extensions\feedly@devhd.xpi [2014-01-19]

FF Extension: FireGestures - C:\Users\Raj\AppData\Roaming\Mozilla\Firefox\Profiles\a424ksis.default\Extensions\firegestures@xuldev.org.xpi [2013-05-15]

FF Extension: FoxyScrobbler - C:\Users\Raj\AppData\Roaming\Mozilla\Firefox\Profiles\a424ksis.default\Extensions\foxyscrobbler@baluvaithinathan.com.xpi [2014-02-07]

FF Extension: Locationbar&#178; - C:\Users\Raj\AppData\Roaming\Mozilla\Firefox\Profiles\a424ksis.default\Extensions\locationbar2@design-noir.de.xpi [2013-05-15]

FF Extension: Personas Plus - C:\Users\Raj\AppData\Roaming\Mozilla\Firefox\Profiles\a424ksis.default\Extensions\personas@christopher.beard.xpi [2013-05-15]

FF Extension: FlashGot - C:\Users\Raj\AppData\Roaming\Mozilla\Firefox\Profiles\a424ksis.default\Extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi [2014-07-01]

FF Extension: StumbleUpon - C:\Users\Raj\AppData\Roaming\Mozilla\Firefox\Profiles\a424ksis.default\Extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}.xpi [2013-05-15]

FF Extension: Adblock Plus - C:\Users\Raj\AppData\Roaming\Mozilla\Firefox\Profiles\a424ksis.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-05-15]

FF Extension: Tab Mix Plus - C:\Users\Raj\AppData\Roaming\Mozilla\Firefox\Profiles\a424ksis.default\Extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi [2013-05-15]

FF Extension: Greasemonkey - C:\Users\Raj\AppData\Roaming\Mozilla\Firefox\Profiles\a424ksis.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2013-05-15]

FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-07-14]

FF Extension: TrueSuite Website Logon - C:\Program Files (x86)\Mozilla Firefox\distribution\bundles\websitelogon@truesuite.com [2014-06-16]

FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn

FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2014-03-24]

FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt

FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2014-07-01]

FF Extension: No Name - {F003DA68-8256-4b37-A6C4-350FA04494DF} [Not Found]

 

Chrome:

=======

CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2014-09-12]

CHR HKLM-x32\...\Chrome\Extension: [kanflfepiobnpjbljmngfgegijhdpljm] - C:\Program Files (x86)\HP SimplePass\tschrome.crx [2013-04-01]

 

==================== Services (Whitelisted) =================

 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

 

S4 9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269; C:\Program Files (x86)\Roxio\BackOnTrack\App\SaibSVC.exe [457360 2012-06-20] ()

R2 BingDesktopUpdate; C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [173792 2014-06-04] (Microsoft Corp.)

S2 BOT4Service; C:\Program Files (x86)\Roxio\BackOnTrack\App\BService.exe [22160 2012-07-11] ()

R3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-28] (Microsoft Corporation)

R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)

R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)

R2 FPLService; C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe [1641768 2013-06-07] (HP)

R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]

S4 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [49464 2014-05-21] (Hewlett-Packard Company)

R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-11-21] (Intel Corporation)

S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-03] (Macrovision Corporation) [File not signed]

R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation)

R2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]

S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1900400 2014-12-03] (Electronic Arts)

R2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]

R2 PnkBstrA; C:\WINDOWS\SysWOW64\PnkBstrA.exe [76888 2013-10-28] ()

R2 RoxioBurnLauncher; C:\Program Files (x86)\Roxio Creator NXT\Roxio Burn\RoxioBurnLauncher.exe [535184 2012-07-05] ()

S4 RoxMediaDB14; C:\Program Files (x86)\Roxio Creator NXT\Common\RoxMediaDB14.exe [1096848 2012-07-18] (Corel Corporation)

S4 RoxWatch14; C:\Program Files (x86)\Roxio Creator NXT\Common\RoxWatch14.exe [341136 2012-07-18] (Corel Corporation)

S3 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1229528 2013-12-06] (Secunia)

R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [662232 2013-12-06] (Secunia)

R2 SGFXMgr; C:\Program Files\SGFX\sgfxmgr.exe [8480256 2013-01-10] (SMSC) [File not signed]

R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [327680 2012-10-24] (IDT, Inc.) [File not signed]

R2 Start8; C:\Program Files (x86)\Stardock\Start8\Start8Srv.exe [143288 2014-06-12] (Stardock Software, Inc)

S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]

R3 TrueService; C:\Program Files\Common Files\AuthenTec\TrueService.exe [401856 2013-01-07] (AuthenTec, Inc.)

R2 valWBFPolicyService; C:\Windows\system32\valWBFPolicyService.exe [28160 2012-09-06] () [File not signed]

S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2013-10-19] (Microsoft Corporation)

R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [248248 2012-09-06] (Western Digital)

R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-21] (Microsoft Corporation)

R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-21] (Microsoft Corporation)

 

==================== Drivers (Whitelisted) ====================

 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

 

R3 BthA2DP; C:\Windows\system32\drivers\BthA2DP.sys [131328 2014-10-08] (Microsoft Corporation)

R3 BthHFAud; C:\Windows\System32\drivers\BthHfAud.sys [32768 2014-10-08] (Microsoft Corporation)

R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)

R3 btmaux; C:\Windows\system32\DRIVERS\btmaux.sys [140600 2013-11-07] (Motorola Solutions, Inc.)

R3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1419576 2013-12-10] (Motorola Solutions, Inc.)

R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91712 2013-03-05] (CyberLink)

S3 HP8207_8307; C:\Windows\System32\drivers\HP8207_8307.sys [15360 2010-02-04] (Windows ® Win 7 DDK provider) [File not signed]

S3 igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys [4185600 2013-10-03] (Intel Corporation) [File not signed]

S3 INETMON; C:\WINDOWS\System32\Drivers\INETMON.sys [23936 2014-02-03] ()

S3 IntcDAud; C:\Windows\system32\DRIVERS\IntcDAud.sys [342528 2012-06-18] (Intel® Corporation) [File not signed]

S3 ISCT; C:\Windows\System32\drivers\ISCTD64.sys [47008 2013-07-30] ()

S3 libusb0; C:\Windows\system32\DRIVERS\libusb0.sys [52320 2013-08-30] (http://libusb-win32.sourceforge.net)

R3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew00.sys [3345376 2013-09-04] (Intel Corporation)

S3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2013-12-06] (Secunia)

R0 PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [56336 2012-08-12] (Corel Corporation)

S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [78336 2013-01-03] (Research In Motion Limited) [File not signed]

S3 RimVSerPort; C:\Windows\system32\DRIVERS\RimSerial_AMD64.sys [44544 2012-12-10] (Research in Motion Ltd)

R0 Sahdad64; C:\Windows\System32\Drivers\Sahdad64.sys [28304 2012-06-20] (Corel Corporation)

R0 Saibad64; C:\Windows\System32\Drivers\Saibad64.sys [20112 2012-06-20] (Corel Corporation)

R1 SaibVdAd64; C:\Windows\System32\Drivers\SaibVdAd64.sys [27792 2012-06-20] (Corel Corporation)

R4 sgfxk; C:\Windows\System32\drivers\sgfxk64.sys [157432 2013-01-14] (SMSC)

R0 sgfxl; C:\Windows\System32\drivers\sgfxl64.sys [18168 2013-01-14] (SMSC)

S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [41272 2012-08-24] (Synaptics Incorporated)

R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [33008 2013-04-24] (Synaptics Incorporated)

R0 tib; C:\Windows\System32\DRIVERS\tib.sys [1120032 2013-10-19] (Acronis International GmbH)

S3 usb3Hub; C:\Windows\System32\drivers\usb3Hub.sys [48096 2012-08-09] (Windows ® Win 7 DDK provider)

R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-21] (Microsoft Corporation)

R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2012-08-31] (Hewlett-Packard Development Company, L.P.)

S3 XHCIPort; C:\Windows\System32\drivers\XHCIPort.sys [188384 2012-08-09] (Windows ® Win 7 DDK provider)

S3 intaud_WaveExtensible; \SystemRoot\system32\drivers\intelaud.sys [X]

S3 iwdbus; \SystemRoot\System32\drivers\iwdbus.sys [X]

 

==================== NetSvcs (Whitelisted) ===================

 

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

 

 

==================== One Month Created Files and Folders ========

 

(If an entry is included in the fixlist, the file\folder will be moved.)

 

2014-12-04 17:28 - 2014-12-04 17:28 - 00000000 ____D () C:\Users\Raj\Desktop\FRST-OlderVersion

2014-12-04 17:24 - 2014-12-04 17:27 - 00000838 _____ () C:\Users\Raj\Desktop\JRT.txt

2014-12-04 17:11 - 2014-12-04 17:11 - 00000000 ____D () C:\WINDOWS\ERUNT

2014-12-04 17:09 - 2014-12-04 17:09 - 01707646 _____ (Thisisu) C:\Users\Raj\Desktop\JRT.exe

2014-12-04 17:08 - 2014-12-04 17:08 - 00003261 _____ () C:\Users\Raj\Desktop\AdwCleaner[S0].txt

2014-12-04 15:37 - 2014-12-04 15:37 - 00098216 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll

2014-12-04 15:37 - 2014-12-04 15:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java

2014-12-04 15:37 - 2014-12-04 15:37 - 00000000 ____D () C:\Program Files (x86)\Java

2014-12-04 15:13 - 2014-12-04 15:13 - 00003158 _____ () C:\Users\Raj\Desktop\AdwCleaner[R0].txt

2014-12-04 15:09 - 2014-12-04 17:02 - 00000000 ____D () C:\AdwCleaner

2014-12-04 15:09 - 2014-12-04 15:09 - 02154496 _____ () C:\Users\Raj\Desktop\AdwCleaner.exe

2014-12-04 14:15 - 2014-12-04 15:08 - 00000000 ____D () C:\Users\Raj\Desktop\mbar

2014-12-04 14:13 - 2014-12-04 14:14 - 16448208 _____ (Malwarebytes Corp.) C:\Users\Raj\Desktop\mbar-1.08.2.1001.exe

2014-12-04 14:13 - 2014-12-04 14:13 - 00000841 _____ () C:\Users\Raj\Desktop\checkup.txt

2014-12-04 14:12 - 2014-12-04 14:12 - 00852487 _____ () C:\Users\Raj\Desktop\SecurityCheck.exe

2014-12-03 19:41 - 2014-12-03 19:41 - 01012544 _____ (DivX, LLC) C:\Users\Raj\Downloads\DivXInstaller.exe

2014-12-03 19:35 - 2014-12-03 19:37 - 68530176 _____ () C:\Users\Raj\Downloads\calibre-64bit-2.12.0.msi

2014-12-03 19:31 - 2014-12-03 19:31 - 01941064 _____ () C:\Users\Raj\Downloads\winrar-x64-520.exe

2014-12-03 19:27 - 2014-12-03 19:27 - 10794784 _____ () C:\Users\Raj\Downloads\Start8_setup_sd.exe

2014-12-03 19:22 - 2014-12-03 19:23 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Raj\Downloads\mbam-setup-2.0.4.1028.exe

2014-12-03 13:08 - 2014-12-03 13:09 - 00048916 _____ () C:\Users\Raj\Desktop\Addition.txt

2014-12-03 13:05 - 2014-12-04 17:28 - 00036057 _____ () C:\Users\Raj\Desktop\FRST.txt

2014-12-03 12:54 - 2014-12-04 17:28 - 02117632 _____ (Farbar) C:\Users\Raj\Desktop\FRST64.exe

2014-12-03 12:54 - 2014-12-04 17:28 - 00000000 ____D () C:\FRST

2014-12-03 12:42 - 2014-12-04 17:03 - 00001970 _____ () C:\WINDOWS\PFRO.log

2014-12-03 03:05 - 2014-12-03 12:42 - 00000000 ____D () C:\Users\Raj\AppData\Roaming\Cyehmivy

2014-12-02 23:35 - 2014-12-02 23:35 - 00000000 ____D () C:\Program Files (x86)\ESET

2014-12-02 23:14 - 2014-12-02 23:14 - 00000761 _____ () C:\WINDOWS\system32\Drivers\etc\hosts.txt

2014-12-02 23:00 - 2014-12-02 23:00 - 00000000 __SHD () C:\Users\Raj\AppData\Local\EmieBrowserModeList

2014-12-01 20:42 - 2014-12-01 20:42 - 00000039 _____ () C:\WINDOWS\setupact.log

2014-12-01 20:42 - 2014-12-01 20:42 - 00000000 _____ () C:\WINDOWS\setuperr.log

2014-11-23 03:32 - 2014-12-04 17:04 - 00002888 _____ () C:\WINDOWS\System32\Tasks\AutoKMS

2014-11-20 14:27 - 2014-11-20 14:30 - 06303907 _____ () C:\Users\Raj\Downloads\AdobeExtensionManager-7_3_2-mul-AdobeUpdate.zip

 

(Section omitted due to major Windows update run on Oct. 28/14)

 

2014-11-19 21:25 - 2014-10-10 19:10 - 00389020 _____ () C:\WINDOWS\system32\ApnDatabase.xml

2014-11-19 21:25 - 2014-10-08 02:33 - 00131328 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BthA2DP.sys

2014-11-19 21:25 - 2014-10-06 22:30 - 00026112 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sermouse.sys

2014-11-19 21:25 - 2014-10-06 22:29 - 00107520 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\i8042prt.sys

2014-11-19 21:25 - 2014-10-06 22:29 - 00032256 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\kbdhid.sys

2014-11-19 21:25 - 2014-10-06 22:29 - 00030208 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mouhid.sys

2014-11-19 21:17 - 2014-10-30 23:50 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\BulkOperationHost.exe

2014-11-19 21:17 - 2014-10-30 22:30 - 00120832 _____ (Microsoft Corporation) C:\WINDOWS\system32\winbici.dll

2014-11-19 21:17 - 2014-10-30 22:23 - 00733696 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDriveTelemetry.dll

2014-11-19 21:17 - 2014-10-30 22:22 - 00291840 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDriveShell.dll

2014-11-19 21:17 - 2014-10-30 22:18 - 04840960 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncEngine.dll

2014-11-19 21:17 - 2014-10-30 22:18 - 01091072 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll

2014-11-19 21:17 - 2014-10-30 22:09 - 01154048 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDrive.exe

2014-11-19 21:17 - 2014-10-30 21:12 - 00266752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SkyDriveShell.dll

2014-11-19 21:17 - 2014-10-30 21:06 - 00790528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MrmCoreR.dll

2014-11-18 23:14 - 2014-11-09 18:19 - 00991232 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll

2014-11-18 23:14 - 2014-11-09 18:19 - 00806400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll

2014-11-18 23:14 - 2014-11-09 18:18 - 00259584 _____ (Microsoft Corporation) C:\WINDOWS\system32\pku2u.dll

2014-11-18 23:14 - 2014-11-09 18:18 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\pku2u.dll

2014-11-17 16:54 - 2014-12-04 17:23 - 01769979 _____ () C:\WINDOWS\WindowsUpdate.log

2014-11-13 15:20 - 2014-11-20 15:51 - 00714208 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe

2014-11-13 15:20 - 2014-11-20 15:51 - 00106976 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl

2014-11-12 02:03 - 2014-10-31 00:28 - 25110016 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll

2014-11-12 02:03 - 2014-10-30 22:42 - 19781632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll

2014-11-12 02:03 - 2014-09-21 22:06 - 00258368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdFilter.sys

2014-11-12 02:03 - 2014-09-21 22:06 - 00114496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdNisDrv.sys

2014-11-12 02:03 - 2014-09-21 21:49 - 00035320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdBoot.sys

2014-11-12 02:03 - 2014-09-02 17:08 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\system32\winshfhc.dll

2014-11-12 02:03 - 2014-09-02 17:08 - 00012800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winshfhc.dll

2014-11-12 02:02 - 2014-10-31 00:12 - 00143872 _____ (Microsoft Corporation) C:\WINDOWS\system32\wextract.exe

2014-11-12 02:02 - 2014-10-31 00:12 - 00013824 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshta.exe

2014-11-12 02:02 - 2014-10-31 00:10 - 00167424 _____ (Microsoft Corporation) C:\WINDOWS\system32\iexpress.exe

2014-11-12 02:02 - 2014-10-31 00:09 - 00064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\pngfilt.dll

2014-11-12 02:02 - 2014-10-31 00:08 - 00012800 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeedssync.exe

2014-11-12 02:02 - 2014-10-31 00:06 - 00580096 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll

2014-11-12 02:02 - 2014-10-31 00:06 - 00237568 _____ (Microsoft Corporation) C:\WINDOWS\system32\url.dll

2014-11-12 02:02 - 2014-10-31 00:06 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesetup.dll

2014-11-12 02:02 - 2014-10-31 00:06 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwproxystub.dll

2014-11-12 02:02 - 2014-10-31 00:05 - 02884096 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll

2014-11-12 02:02 - 2014-10-31 00:05 - 00417280 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec

2014-11-12 02:02 - 2014-10-31 00:04 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll

2014-11-12 02:02 - 2014-10-30 23:57 - 00054784 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll

2014-11-12 02:02 - 2014-10-30 23:56 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\system32\iernonce.dll

2014-11-12 02:02 - 2014-10-30 23:54 - 00132096 _____ (Microsoft Corporation) C:\WINDOWS\system32\IEAdvpack.dll

2014-11-12 02:02 - 2014-10-30 23:53 - 00633856 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll

2014-11-12 02:02 - 2014-10-30 23:52 - 00108544 _____ (Microsoft Corporation) C:\WINDOWS\system32\hlink.dll

2014-11-12 02:02 - 2014-10-30 23:51 - 00812544 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll

2014-11-12 02:02 - 2014-10-30 23:51 - 00144384 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieUnatt.exe

2014-11-12 02:02 - 2014-10-30 23:51 - 00114688 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwcollector.exe

2014-11-12 02:02 - 2014-10-30 23:50 - 06040064 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll

2014-11-12 02:02 - 2014-10-30 23:50 - 00814080 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll

2014-11-12 02:02 - 2014-10-30 23:40 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\system32\licmgr10.dll

2014-11-12 02:02 - 2014-10-30 23:38 - 00490496 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll

2014-11-12 02:02 - 2014-10-30 23:30 - 00077824 _____ (Microsoft Corporation) C:\WINDOWS\system32\JavaScriptCollectionAgent.dll

2014-11-12 02:02 - 2014-10-30 23:29 - 00111616 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesysprep.dll

2014-11-12 02:02 - 2014-10-30 23:29 - 00087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdc.ocx

2014-11-12 02:02 - 2014-10-30 23:28 - 00107520 _____ (Microsoft Corporation) C:\WINDOWS\system32\inseng.dll

2014-11-12 02:02 - 2014-10-30 23:25 - 00199680 _____ (Microsoft Corporation) C:\WINDOWS\system32\msrating.dll

2014-11-12 02:02 - 2014-10-30 23:24 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll

2014-11-12 02:02 - 2014-10-30 23:24 - 00060416 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeedsbs.dll

2014-11-12 02:02 - 2014-10-30 23:23 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll

2014-11-12 02:02 - 2014-10-30 23:21 - 00316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll

2014-11-12 02:02 - 2014-10-30 23:19 - 00152064 _____ (Microsoft Corporation) C:\WINDOWS\system32\occache.dll

2014-11-12 02:02 - 2014-10-30 23:15 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll

2014-11-12 02:02 - 2014-10-30 23:08 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll

2014-11-12 02:02 - 2014-10-30 23:06 - 00372736 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll

2014-11-12 02:02 - 2014-10-30 23:05 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll

2014-11-12 02:02 - 2014-10-30 23:05 - 00716800 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe

2014-11-12 02:02 - 2014-10-30 23:03 - 02124288 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl

2014-11-12 02:02 - 2014-10-30 22:59 - 14390272 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll

2014-11-12 02:02 - 2014-10-30 22:45 - 02365440 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll

2014-11-12 02:02 - 2014-10-30 22:44 - 02865152 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll

2014-11-12 02:02 - 2014-10-30 22:42 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\system32\imgutil.dll

2014-11-12 02:02 - 2014-10-30 22:32 - 01550336 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll

2014-11-12 02:02 - 2014-10-30 22:28 - 00137728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wextract.exe

2014-11-12 02:02 - 2014-10-30 22:28 - 00012800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshta.exe

2014-11-12 02:02 - 2014-10-30 22:27 - 00152064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iexpress.exe

2014-11-12 02:02 - 2014-10-30 22:26 - 00057344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\pngfilt.dll

2014-11-12 02:02 - 2014-10-30 22:25 - 00011264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeedssync.exe

2014-11-12 02:02 - 2014-10-30 22:24 - 00501248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll

2014-11-12 02:02 - 2014-10-30 22:24 - 00235520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\url.dll

2014-11-12 02:02 - 2014-10-30 22:24 - 00062464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesetup.dll

2014-11-12 02:02 - 2014-10-30 22:23 - 00340992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\html.iec

2014-11-12 02:02 - 2014-10-30 22:23 - 00047616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieetwproxystub.dll

2014-11-12 02:02 - 2014-10-30 22:22 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll

2014-11-12 02:02 - 2014-10-30 22:20 - 00799232 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll

2014-11-12 02:02 - 2014-10-30 22:18 - 02277376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll

2014-11-12 02:02 - 2014-10-30 22:16 - 00047104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll

2014-11-12 02:02 - 2014-10-30 22:15 - 00030720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iernonce.dll

2014-11-12 02:02 - 2014-10-30 22:14 - 00112128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\IEAdvpack.dll

2014-11-12 02:02 - 2014-10-30 22:13 - 00478208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieui.dll

2014-11-12 02:02 - 2014-10-30 22:13 - 00099328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hlink.dll

2014-11-12 02:02 - 2014-10-30 22:12 - 00661504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll

2014-11-12 02:02 - 2014-10-30 22:12 - 00115712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieUnatt.exe

2014-11-12 02:02 - 2014-10-30 22:11 - 00620032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll

2014-11-12 02:02 - 2014-10-30 22:03 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\licmgr10.dll

2014-11-12 02:02 - 2014-10-30 22:02 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll

2014-11-12 02:02 - 2014-10-30 21:57 - 00060416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JavaScriptCollectionAgent.dll

2014-11-12 02:02 - 2014-10-30 21:56 - 00091136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inseng.dll

2014-11-12 02:02 - 2014-10-30 21:56 - 00090624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesysprep.dll

2014-11-12 02:02 - 2014-10-30 21:56 - 00073216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdc.ocx

2014-11-12 02:02 - 2014-10-30 21:53 - 00168960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrating.dll

2014-11-12 02:02 - 2014-10-30 21:53 - 00052736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeedsbs.dll

2014-11-12 02:02 - 2014-10-30 21:52 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll

2014-11-12 02:02 - 2014-10-30 21:51 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll

2014-11-12 02:02 - 2014-10-30 21:50 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll

2014-11-12 02:02 - 2014-10-30 21:48 - 00130048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\occache.dll

2014-11-12 02:02 - 2014-10-30 21:46 - 04298240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll

2014-11-12 02:02 - 2014-10-30 21:46 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll

2014-11-12 02:02 - 2014-10-30 21:42 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll

2014-11-12 02:02 - 2014-10-30 21:40 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll

2014-11-12 02:02 - 2014-10-30 21:40 - 00325632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll

2014-11-12 02:02 - 2014-10-30 21:39 - 02051072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl

2014-11-12 02:02 - 2014-10-30 21:30 - 12819456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll

2014-11-12 02:02 - 2014-10-30 21:26 - 01042944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll

2014-11-12 02:02 - 2014-10-30 21:24 - 00040448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\imgutil.dll

2014-11-12 02:02 - 2014-10-30 21:17 - 01892864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll

2014-11-12 02:02 - 2014-10-30 21:13 - 01310208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll

2014-11-12 02:02 - 2014-10-30 21:11 - 00708096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll

2014-11-12 02:02 - 2014-10-06 22:30 - 04182016 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys

2014-11-12 02:01 - 2014-11-04 18:38 - 00228864 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll

2014-11-12 02:01 - 2014-11-03 19:10 - 00304128 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll

2014-11-12 02:01 - 2014-10-30 23:53 - 00098816 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll

2014-11-12 02:01 - 2014-10-30 23:49 - 00537088 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll

2014-11-12 02:01 - 2014-10-30 23:24 - 00391168 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll

2014-11-06 13:07 - 2014-11-06 13:07 - 00000000 ___HT () C:\Users\Raj\Desktop\RAJ-PC-2014-11-06_130439_12.zip~RF10325c.TMP

2014-11-06 13:02 - 2014-11-06 13:03 - 00314008 _____ () C:\Users\Raj\Downloads\dm log collector.exe

2014-11-06 00:42 - 2014-11-06 00:42 - 00341848 _____ (DivX, LLC) C:\WINDOWS\SysWOW64\DivXControlPanelApplet.cpl

 

==================== One Month Modified Files and Folders =======

 

(If an entry is included in the fixlist, the file\folder will be moved.)

 

2014-12-04 17:27 - 2014-10-29 19:38 - 00003148 _____ () C:\WINDOWS\System32\Tasks\HPCeeScheduleForRaj

2014-12-04 17:27 - 2014-10-29 19:38 - 00000338 _____ () C:\WINDOWS\Tasks\HPCeeScheduleForRaj.job

2014-12-04 17:27 - 2013-10-19 16:04 - 00000000 ____D () C:\Users\Raj

2014-12-04 17:10 - 2013-09-29 23:15 - 00381790 _____ () C:\WINDOWS\system32\PerfStringBackup.INI

2014-12-04 17:10 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\AppReadiness

2014-12-04 17:10 - 2013-05-13 04:51 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1170371211-3377574443-1108615615-1003

2014-12-04 17:06 - 2014-02-28 16:22 - 00000000 ___RD () C:\Users\Raj\Documents\Google Drive

2014-12-04 17:04 - 2013-07-01 00:40 - 00000906 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job

2014-12-04 17:04 - 2013-05-24 18:11 - 00000278 _____ () C:\WINDOWS\Tasks\AutoKMS.job

2014-12-04 17:03 - 2013-08-22 09:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT

2014-12-04 17:03 - 2013-08-22 08:25 - 00786432 ___SH () C:\WINDOWS\system32\config\BBI

2014-12-04 17:00 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\system32\sru

2014-12-04 16:36 - 2013-07-01 00:40 - 00000910 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job

2014-12-04 15:37 - 2013-09-12 15:38 - 00000000 ____D () C:\ProgramData\Oracle

2014-12-04 15:35 - 2014-10-16 01:36 - 00638888 _____ (Oracle Corporation) C:\Users\Raj\Downloads\jxpiinstall.exe

2014-12-04 15:08 - 2013-09-09 13:02 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)

2014-12-04 14:16 - 2014-03-24 17:32 - 00135384 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys

2014-12-04 14:15 - 2014-02-26 19:02 - 00096472 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys

2014-12-04 13:48 - 2013-05-13 12:56 - 00000000 ____D () C:\Program Files\WinRAR

2014-12-04 00:51 - 2014-07-17 17:27 - 00000000 ____D () C:\Users\Raj\AppData\Roaming\Spotify

2014-12-03 23:51 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\system32\NDF

2014-12-03 23:41 - 2013-05-17 14:19 - 00000000 ____D () C:\ProgramData\Origin

2014-12-03 23:32 - 2013-05-17 14:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin

2014-12-03 23:32 - 2013-05-17 14:19 - 00000000 ____D () C:\Program Files (x86)\Origin

2014-12-03 21:27 - 2014-07-17 17:28 - 00000000 ____D () C:\Users\Raj\AppData\Local\Spotify

2014-12-03 21:27 - 2013-05-13 00:52 - 00000000 ____D () C:\Users\Raj\Downloads\Serials

2014-12-03 21:22 - 2014-03-24 19:15 - 00002469 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat XI Pro.lnk

2014-12-03 21:22 - 2014-03-24 19:15 - 00002230 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe FormsCentral.lnk

2014-12-03 21:22 - 2014-03-24 19:15 - 00002069 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller XI.lnk

2014-12-03 21:22 - 2013-05-16 21:06 - 00001486 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Application Manager.lnk

2014-12-03 21:15 - 2013-05-13 12:02 - 00000000 ____D () C:\Users\Raj\AppData\Roaming\uTorrent

2014-12-03 19:47 - 2013-09-08 18:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX

2014-12-03 19:47 - 2013-05-16 11:58 - 00000000 ____D () C:\Program Files (x86)\DivX

2014-12-03 19:47 - 2013-05-16 11:56 - 00000000 ____D () C:\ProgramData\DivX

2014-12-03 19:43 - 2013-05-15 23:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\calibre 64bit - E-book Management

2014-12-03 19:43 - 2013-05-15 23:24 - 00000000 ____D () C:\Program Files\Calibre2

2014-12-03 19:34 - 2013-06-13 15:49 - 00000000 ____D () C:\Users\Raj\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR

2014-12-03 19:34 - 2013-06-13 15:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR

2014-12-03 19:28 - 2013-05-13 20:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Stardock

2014-12-03 19:24 - 2014-03-24 17:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2014-12-03 19:24 - 2014-03-24 17:07 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware

2014-12-03 12:42 - 2014-06-11 02:51 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service

2014-12-03 12:42 - 2013-08-22 10:36 - 00000000 ___RD () C:\WINDOWS\Offline Web Pages

2014-12-03 12:37 - 2013-05-16 13:15 - 03326176 _____ (Microsoft Corporation) C:\Users\Raj\Downloads\OutlookConnector.exe

2014-12-02 23:35 - 2014-08-13 20:48 - 00000000 ____D () C:\Users\Raj\AppData\Local\Adobe

2014-12-02 23:10 - 2013-05-15 21:47 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox

2014-12-02 22:49 - 2013-05-16 00:28 - 00000000 ____D () C:\Users\Raj\AppData\Local\DVD Profiler

2014-12-01 17:13 - 2013-05-12 22:21 - 00000052 _____ () C:\WINDOWS\SysWOW64\DOErrors.log

2014-12-01 17:13 - 2013-05-12 22:21 - 00000000 _____ () C:\WINDOWS\system32\HP_ActiveX_Patch_NOT_DETECTED.txt

2014-11-27 21:47 - 2013-05-12 22:24 - 00000000 ____D () C:\Users\Raj\Documents\My Received Files

2014-11-26 23:49 - 2012-07-26 02:59 - 00000000 ____D () C:\WINDOWS\CbsTemp

2014-11-23 01:44 - 2013-05-16 00:15 - 00000000 ____D () C:\Users\Raj\AppData\Roaming\Skype

2014-11-21 06:14 - 2014-03-24 17:07 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys

2014-11-21 06:14 - 2013-09-04 21:15 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys

2014-11-21 02:08 - 2013-05-14 00:40 - 00000000 ____D () C:\WINDOWS\System32\Tasks\Games

2014-11-20 17:43 - 2013-05-15 23:15 - 00000000 ____D () C:\Users\Raj\AppData\Local\Last.fm

2014-11-20 14:27 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\rescache

2014-11-19 22:14 - 2013-08-22 09:44 - 06072672 _____ () C:\WINDOWS\system32\FNTCACHE.DAT

2014-11-19 22:08 - 2013-08-22 10:36 - 00000000 ___RD () C:\WINDOWS\ToastData

2014-11-19 22:08 - 2013-08-22 10:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools

2014-11-19 22:08 - 2013-08-22 10:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories

2014-11-19 22:08 - 2013-08-22 10:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility

2014-11-19 22:08 - 2013-08-22 10:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools

2014-11-19 22:08 - 2013-08-22 10:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories

2014-11-19 22:08 - 2013-08-22 10:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility

2014-11-19 22:08 - 2013-08-22 10:36 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools

2014-11-19 22:08 - 2013-08-22 10:36 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories

2014-11-19 22:08 - 2013-08-22 10:36 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessibility

2014-11-19 22:08 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\MediaViewer

2014-11-19 22:08 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\FileManager

2014-11-19 22:08 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\Camera

2014-11-19 22:07 - 2013-09-29 22:55 - 00000000 __SHD () C:\WINDOWS\BitLockerDiscoveryVolumeContents

2014-11-19 22:07 - 2013-09-29 22:55 - 00000000 ____D () C:\Program Files\Windows Journal

2014-11-19 22:07 - 2013-08-22 10:36 - 00000000 ___SD () C:\WINDOWS\system32\dsc

2014-11-19 22:07 - 2013-08-22 10:36 - 00000000 ___RD () C:\WINDOWS\ImmersiveControlPanel

2014-11-19 22:07 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\WinStore

2014-11-19 22:07 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\sppui

2014-11-19 22:07 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\setup

2014-11-19 22:07 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\migwiz

2014-11-19 22:07 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\inetsrv

2014-11-19 22:07 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\Com

2014-11-19 22:07 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\system32\WinBioPlugIns

2014-11-19 22:07 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\system32\SystemResetPlatform

2014-11-19 22:07 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\system32\sppui

2014-11-19 22:07 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\system32\setup

2014-11-19 22:07 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\system32\migwiz

2014-11-19 22:07 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\system32\inetsrv

2014-11-19 22:07 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\system32\Com

2014-11-19 22:07 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\PolicyDefinitions

2014-11-19 22:07 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\IME

2014-11-19 22:07 - 2013-08-22 10:36 - 00000000 ____D () C:\Program Files\Windows Portable Devices

2014-11-19 22:07 - 2013-08-22 10:36 - 00000000 ____D () C:\Program Files\Windows Photo Viewer

2014-11-19 22:07 - 2013-08-22 10:36 - 00000000 ____D () C:\Program Files\Windows Multimedia Platform

2014-11-19 22:07 - 2013-08-22 10:36 - 00000000 ____D () C:\Program Files\Common Files\System

2014-11-19 22:07 - 2013-08-22 08:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\oobe

2014-11-19 22:07 - 2013-08-22 08:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\Dism

2014-11-19 22:07 - 2013-08-22 08:36 - 00000000 ____D () C:\WINDOWS\system32\Sysprep

2014-11-19 22:07 - 2013-08-22 08:36 - 00000000 ____D () C:\WINDOWS\system32\oobe

2014-11-19 22:07 - 2013-08-22 08:36 - 00000000 ____D () C:\WINDOWS\system32\Dism

2014-11-19 22:07 - 2013-08-22 08:36 - 00000000 ____D () C:\WINDOWS\servicing

2014-11-19 22:06 - 2013-08-22 10:36 - 00000000 ____D () C:\Program Files (x86)\Windows Portable Devices

2014-11-19 22:06 - 2013-08-22 10:36 - 00000000 ____D () C:\Program Files (x86)\Windows Photo Viewer

2014-11-19 22:06 - 2013-08-22 10:36 - 00000000 ____D () C:\Program Files (x86)\Windows Multimedia Platform

2014-11-19 22:05 - 2013-08-22 10:36 - 00000000 ____D () C:\Program Files\WindowsPowerShell

2014-11-19 21:38 - 2013-08-22 10:36 - 00215552 _____ (Microsoft Corporation) C:\WINDOWS\system32\msclmd.dll

2014-11-19 21:38 - 2013-08-22 10:36 - 00195072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msclmd.dll

2014-11-19 20:59 - 2012-11-21 11:06 - 00000000 ____D () C:\WINDOWS\Hewlett-Packard

2014-11-19 20:59 - 2012-08-03 19:02 - 00000000 ____D () C:\SWSetup

2014-11-19 20:52 - 2012-05-13 22:21 - 00175616 ___SH () C:\Users\Raj\Documents\Thumbs.db

2014-11-17 21:21 - 2014-05-26 18:36 - 00000000 ____D () C:\Users\Public\Documents\Adobe

2014-11-13 15:31 - 2013-07-01 00:40 - 00003882 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA

2014-11-13 15:31 - 2013-07-01 00:40 - 00003646 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore

2014-11-13 15:15 - 2014-07-10 14:55 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel

2014-11-13 15:15 - 2013-08-22 10:36 - 00000000 ____D () C:\Program Files\Windows Defender

2014-11-13 15:15 - 2013-08-22 10:36 - 00000000 ____D () C:\Program Files (x86)\Windows Defender

2014-11-12 04:57 - 2013-05-16 12:04 - 00000000 ____D () C:\ProgramData\Microsoft Help

2014-11-12 04:44 - 2013-07-15 10:51 - 00000000 ____D () C:\WINDOWS\system32\MRT

2014-11-12 04:38 - 2013-04-23 22:31 - 103374192 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe

2014-11-11 01:35 - 2013-10-20 06:57 - 00000000 ____D () C:\WINDOWS\Minidump

2014-11-06 16:07 - 2013-05-18 04:48 - 00156672 ___SH () C:\Users\Raj\Downloads\Thumbs.db

2014-11-06 02:38 - 2014-10-15 14:01 - 00000000 ____D () C:\Program Files (x86)\SystemRequirementsLab

2014-11-05 20:26 - 2014-02-28 16:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive

 

Some content of TEMP:

====================

C:\Users\Raj\AppData\Local\Temp\bassmod.dll

C:\Users\Raj\AppData\Local\Temp\Quarantine.exe

C:\Users\Raj\AppData\Local\Temp\sqlite3.dll

 

 

==================== Bamital & volsnap Check =================

 

(There is no automatic fix for files that do not pass verification.)

 

C:\Windows\System32\winlogon.exe => File is digitally signed

C:\Windows\System32\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\System32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\System32\services.exe => File is digitally signed

C:\Windows\System32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\System32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\System32\rpcss.dll => File is digitally signed

C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

 

 

LastRegBack: 2014-12-04 14:00

 

==================== End Of Log ============================

 

It seems that my computer is running better, although even before, the virus was not incredibly obvious. I think the random web=page changes have stopped. I probably still get those errors upon start-up, though.


Edited by Malickfan86, 04 December 2014 - 05:40 PM.


#7 Malickfan86

Malickfan86
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:08:33 PM

Posted 04 December 2014 - 08:07 PM

PYfti5I.jpg

 

I disabled these two from starting up. That should end the start-up errors. It seems I'm clean now, but I guess we should make sure.



#8 Malickfan86

Malickfan86
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:08:33 PM

Posted 05 December 2014 - 01:23 AM

I was just using my computer normally and I got a strange pop-up saying that my Java needs to be updated. I've been getting browser redirects asking for the same thing. I ignored it and disallowed admin permissions. Then Windows Defender claimed it had found something. It quarantined a Backdoor:Win32/Simda.AT with process:pid:8640,ProcessStart:130622272614857813 (whatever that means) and asked me to restart. After that, it asked me to do a full scan, which I'm doing now. Sorry for taking action on my own but it seemed important that I do it right away.



#9 Jo*

Jo*

  • Malware Response Team
  • 3,269 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:08:33 PM

Posted 05 December 2014 - 04:38 AM

Hello Malickfan86,
 

***


Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad.
Save it in the same location as / FSRT / FSRT64 (usually your desktop) as fixlist.txt

 
start
EmptyTemp:
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-1170371211-3377574443-1108615615-1003\...\Run: [YfmPack] => regsvr32.exe C:\Users\Raj\AppData\Local\YfmPack\ITunesInterval.dll <===== ATTENTION
HKU\S-1-5-21-1170371211-3377574443-1108615615-1003\...\Run: [Ugtmedia] => C:\Windows\SysWOW64\regsvr32.exe C:\Users\Raj\AppData\Local\UPmedia\vsMapObj.dll
S3 intaud_WaveExtensible; \SystemRoot\system32\drivers\intelaud.sys [X]
S3 iwdbus; \SystemRoot\System32\drivers\iwdbus.sys [X]
end


NOTICE: This script was written specifically for this user, for use on that particular machine.
Running this on another machine may cause damage to your operating system


Run FRST / FSRT64 again like we did before but this time press the Fix button just once and wait.
The tool will make a log (Fixlog.txt) please post it to your reply.


***


FRST / FSRT64: run it again.
  • Right-click FRST / FSRT64 then click "Run as administrator" (XP users: click run after receipt of Windows Security Warning - Open File).
  • When the tool opens, click Yes to disclaimer.
  • Press the Scan button.
  • When finished, it will produce a log called FRST.txt in the same directory the tool was run from.
  • Please copy and paste the log in your next reply.

***


Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#10 Malickfan86

Malickfan86
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:08:33 PM

Posted 05 December 2014 - 02:05 PM

Here are the contents of fixlog.txt:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 03-12-2014
Ran by Raj at 2014-12-05 13:13:19 Run:1
Running from C:\Users\Raj\Desktop
Loaded Profile: Raj (Available profiles: Raj & Mcx1-RAJ-PC)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start
EmptyTemp:
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-1170371211-3377574443-1108615615-1003\...\Run: [YfmPack] => regsvr32.exe C:\Users\Raj\AppData\Local\YfmPack\ITunesInterval.dll <===== ATTENTION
HKU\S-1-5-21-1170371211-3377574443-1108615615-1003\...\Run: [Ugtmedia] => C:\Windows\SysWOW64\regsvr32.exe C:\Users\Raj\AppData\Local\UPmedia\vsMapObj.dll
S3 intaud_WaveExtensible; \SystemRoot\system32\drivers\intelaud.sys [X]
S3 iwdbus; \SystemRoot\System32\drivers\iwdbus.sys [X]
end
*****************

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
HKU\S-1-5-21-1170371211-3377574443-1108615615-1003\Software\Microsoft\Windows\CurrentVersion\Run\\YfmPack => value deleted successfully.
HKU\S-1-5-21-1170371211-3377574443-1108615615-1003\Software\Microsoft\Windows\CurrentVersion\Run\\Ugtmedia => value deleted successfully.
intaud_WaveExtensible => Service deleted successfully.
iwdbus => Service deleted successfully.
EmptyTemp: => Removed 1.3 GB temporary data.


The system needed a reboot.

==== End of Fixlog ====

 

Here are the contents of FRST.txt:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 03-12-2014

Ran by Raj (administrator) on RAJ-PC on 05-12-2014 13:43:00

Running from C:\Users\Raj\Desktop

Loaded Profile: Raj (Available profiles: Raj & Mcx1-RAJ-PC)

Platform: Windows 8.1 Pro with Media Center (X64) OS Language: English (United States)

Internet Explorer Version 11

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

 

==================== Processes (Whitelisted) =================

 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

 

(HP) C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe

(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe

(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe

(Stardock Software, Inc) C:\Program Files (x86)\Stardock\Start8\Start8Srv.exe

(Stardock Software, Inc) C:\Program Files (x86)\Stardock\Start8\Start8_64.exe

(SMSC) C:\Program Files\SGFX\sgfxmgr.exe

(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe

(Acronis) C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

(Microsoft Corp.) C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

() C:\Program Files (x86)\Roxio\BackOnTrack\App\BService.exe

(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe

(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe

(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe

(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe

(Microsoft Corporation) C:\Windows\System32\dasHost.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe

(AuthenTec Inc.) C:\Program Files (x86)\HP SimplePass\TouchControl.exe

() C:\Windows\SysWOW64\PnkBstrA.exe

(Rosetta Stone Ltd.) C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneDaemon.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

(Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe

() C:\Windows\System32\valWBFPolicyService.exe

(Western Digital) C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe

(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe

(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler64.exe

() C:\Program Files (x86)\HP SimplePass\IEWebSiteLogon.exe

(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe

(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe

(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe

(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe

(Intel Corporation) C:\Windows\System32\igfxsrvc.exe

(Intel Corporation) C:\Windows\System32\hkcmd.exe

(Intel Corporation) C:\Windows\System32\igfxpers.exe

(Microsoft Corporation) C:\Windows\System32\rundll32.exe

(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe

(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe

(Incendo Technology) C:\Program Files (x86)\Vectir\Vectir.exe

(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe

(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe

(Spotify Ltd) C:\Users\Raj\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe

(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe

(Microsoft Corporation) C:\Windows\System32\rundll32.exe

(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe

(Acronis) C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe

(Hewlett-Packard Co.) C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\HPNetworkCommunicatorCom.exe

(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe

(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe

() C:\Users\Raj\AppData\Local\UPmedia\tmpD389.exe

(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe

(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe

(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe

(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

() C:\Program Files (x86)\Roxio Creator NXT\Roxio Burn\RoxioBurnLauncher.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

(Acronis) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\livecomm.exe

(Microsoft Corporation) C:\Windows\System32\dllhost.exe

(Microsoft Corporation) C:\Windows\System32\dllhost.exe

 

 

==================== Registry (Whitelisted) ==================

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

 

HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated)

HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [403328 2012-08-23] (Acronis)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3053808 2013-04-24] (Synaptics Incorporated)

HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1664000 2012-10-24] (IDT, Inc.)

HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [287592 2013-11-21] (Intel Corporation)

HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp

HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch

HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3100440 2014-05-19] (Logitech, Inc.)

HKLM-x32\...\Run: [SgfxConfig] => C:\Program Files\SGFX\sgfxconfig.exe [2233080 2013-01-11] ()

HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [580512 2012-08-24] (Hewlett-Packard Development Company, L.P.)

HKLM-x32\...\Run: [AcronisTibMounterMonitor] => C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe [941440 2012-07-24] (Acronis)

HKLM-x32\...\Run: [TrueImageMonitor.exe] => C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [6010264 2012-08-23] (Acronis)

HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3499920 2014-09-12] (Adobe Systems Inc.)

HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [448856 2014-11-17] (DivX, LLC)

HKLM-x32\...\Run: [CLMLServer_For_P2G8] => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111576 2013-08-05] (CyberLink)

HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [490760 2013-08-06] (CyberLink Corp.)

HKLM-x32\...\Run: [BingDesktop] => C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe [2368736 2014-06-04] (Microsoft Corp.)

HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)

HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)

HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation)

HKLM\...\RunOnce: [NCPluginUpdater] => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [21720 2014-11-11] (Hewlett-Packard)

Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)

Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)

HKU\S-1-5-21-1170371211-3377574443-1108615615-1003\...\Run: [Vectir] => C:\Program Files (x86)\Vectir\Vectir.exe [1921536 2014-10-26] (Incendo Technology)

HKU\S-1-5-21-1170371211-3377574443-1108615615-1003\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [22869088 2014-10-21] (Google)

HKU\S-1-5-21-1170371211-3377574443-1108615615-1003\...\Run: [HP Deskjet 3050 J610 series (NET)] => C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)

HKU\S-1-5-21-1170371211-3377574443-1108615615-1003\...\Run: [Power2GoExpress8] => C:\Program Files (x86)\CyberLink\Power2Go8\Power2GoExpress8.exe [1713416 2013-08-06] (CyberLink Corp.)

HKU\S-1-5-21-1170371211-3377574443-1108615615-1003\...\Run: [Spotify Web Helper] => C:\Users\Raj\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1514040 2014-10-09] (Spotify Ltd)

HKU\S-1-5-21-1170371211-3377574443-1108615615-1003\...\Run: [OfficeSyncProcess] => C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE [720064 2014-10-14] (Microsoft Corporation)

HKU\S-1-5-21-1170371211-3377574443-1108615615-1003\...\Run: [UPmedia] => C:\Users\Raj\AppData\Local\UPmedia\tmpD389.exe [361296 2014-12-04] ()

Startup: C:\Users\Raj\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Deskjet 3050 J610 series (Network).lnk

ShortcutTarget: Monitor Ink Alerts - HP Deskjet 3050 J610 series (Network).lnk -> C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)

ShellIconOverlayIdentifiers: [1SecureIconsProvider] -> {FC9D8189-520A-4417-AED7-9EAC810C6FBA} => C:\ProgramData\Microsoft\Secure\Icons\SecureIconsProvider.dll ()

ShellIconOverlayIdentifiers: [AcronisSyncError] -> {934BC6C0-FEC2-4df5-A100-961DE2C8A0ED} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll (Acronis)

ShellIconOverlayIdentifiers: [AcronisSyncInProgress] -> {00F848DC-B1D4-4892-9C25-CAADC86A215D} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll (Acronis)

ShellIconOverlayIdentifiers: [AcronisSyncOk] -> {71573297-552E-46fc-BE3D-3DFAF88D47B7} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll (Acronis)

 

==================== Internet (Whitelisted) ====================

 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

 

HKU\S-1-5-21-1170371211-3377574443-1108615615-1003\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPCON13/4

HKU\S-1-5-21-1170371211-3377574443-1108615615-1003\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPCON13/4

HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPCON13/4

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPCON13/4

SearchScopes: HKLM -> {59799CB9-8EFC-4091-B4F4-5180DEEB883F} URL = http://www.amazon.ca/s/ref=azs_osd_ieaca?ie=UTF-8&tag=hp-ca2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}

SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/706-156705-11896-0/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}

SearchScopes: HKLM-x32 -> DefaultScope value is missing.

SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/706-156705-11896-0/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}

SearchScopes: HKU\S-1-5-21-1170371211-3377574443-1108615615-1003 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/706-156705-11896-0/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}

BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)

BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)

BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)

BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll (Logitech, Inc.)

BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)

BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)

BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)

BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)

BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)

BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll (Logitech, Inc.)

BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)

BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)

BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)

Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

DPF: HKLM-x32 {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect1261.cab

DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab

DPF: HKLM-x32 {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.5.13.0.cab

Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)

Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)

Winsock: Catalog5 08 C:\WINDOWS\SysWOW64\wlidNSP.dll [50176] (Microsoft Corporation)

Winsock: Catalog5 09 C:\WINDOWS\SysWOW64\wlidNSP.dll [50176] (Microsoft Corporation)

Winsock: Catalog5-x64 08 C:\WINDOWS\system32\wlidnsp.dll [74240] (Microsoft Corporation)

Winsock: Catalog5-x64 09 C:\WINDOWS\system32\wlidnsp.dll [74240] (Microsoft Corporation)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

Tcpip\..\Interfaces\{8718928D-CBEB-45EA-A621-800A9249001D}: [NameServer] 8.8.8.8,8.8.8.8

Tcpip\..\Interfaces\{AC74E177-9AE9-48E6-A25F-D1D4D682EE94}: [NameServer] 8.8.8.8,8.8.8.8

Tcpip\..\Interfaces\{B73B1337-CE1E-4920-8E15-93DBA00FF191}: [NameServer] 8.8.8.8,8.8.8.8

Tcpip\..\Interfaces\{C3FE5B8F-58ED-41B0-BAF3-7569E9010A5D}: [NameServer] 8.8.8.8,8.8.8.8

Tcpip\..\Interfaces\{D4B0ABEC-1C9C-4E06-93EF-B1F39CFE97FC}: [NameServer] 8.8.8.8,8.8.8.8

 

FireFox:

========

FF ProfilePath: C:\Users\Raj\AppData\Roaming\Mozilla\Firefox\Profiles\a424ksis.default

FF SearchEngineOrder.3: Bing

FF SelectedSearchEngine: Google

FF Homepage: hxxp://news.bbc.co.uk/

FF Keyword.URL: hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=

FF NetworkProxy: "type", 0

FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_15_0_0_239.dll ()

FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)

FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF Plugin: @videolan.org/vlc,version=2.0.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF Plugin: @videolan.org/vlc,version=2.0.7 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF Plugin: @videolan.org/vlc,version=2.1.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF Plugin: @videolan.org/vlc,version=2.1.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)

FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_239.dll ()

FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1213153.dll (Adobe Systems, Inc.)

FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF Plugin-x32: @authentec.com/ffwloplugin -> C:\Program Files (x86)\HP SimplePass\npffwloplugin.dll ( HP)

FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)

FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)

FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)

FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3522.0110 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)

FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)

FF Plugin-x32: adobe.com/AdobeExManDetect -> C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll No File

FF Plugin HKU\S-1-5-21-1170371211-3377574443-1108615615-1003: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Raj\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll No File

FF Plugin HKU\S-1-5-21-1170371211-3377574443-1108615615-1003: hp.com/HPDetect -> C:\Users\Raj\AppData\Roaming\HewlettPackard\HPDetect\1.0.0.0\npHPDetect.dll (HP)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)

FF SearchPlugin: C:\Users\Raj\AppData\Roaming\Mozilla\Firefox\Profiles\a424ksis.default\searchplugins\dictionary.xml

FF SearchPlugin: C:\Users\Raj\AppData\Roaming\Mozilla\Firefox\Profiles\a424ksis.default\searchplugins\facebook.xml

FF SearchPlugin: C:\Users\Raj\AppData\Roaming\Mozilla\Firefox\Profiles\a424ksis.default\searchplugins\firefox-add-ons.xml

FF SearchPlugin: C:\Users\Raj\AppData\Roaming\Mozilla\Firefox\Profiles\a424ksis.default\searchplugins\google-play.xml

FF SearchPlugin: C:\Users\Raj\AppData\Roaming\Mozilla\Firefox\Profiles\a424ksis.default\searchplugins\hulu.xml

FF SearchPlugin: C:\Users\Raj\AppData\Roaming\Mozilla\Firefox\Profiles\a424ksis.default\searchplugins\imdb.xml

FF SearchPlugin: C:\Users\Raj\AppData\Roaming\Mozilla\Firefox\Profiles\a424ksis.default\searchplugins\itunes.xml

FF SearchPlugin: C:\Users\Raj\AppData\Roaming\Mozilla\Firefox\Profiles\a424ksis.default\searchplugins\kickassto.xml

FF SearchPlugin: C:\Users\Raj\AppData\Roaming\Mozilla\Firefox\Profiles\a424ksis.default\searchplugins\linkedin.xml

FF SearchPlugin: C:\Users\Raj\AppData\Roaming\Mozilla\Firefox\Profiles\a424ksis.default\searchplugins\LiveSearch.xml

FF SearchPlugin: C:\Users\Raj\AppData\Roaming\Mozilla\Firefox\Profiles\a424ksis.default\searchplugins\netflixcom.xml

FF SearchPlugin: C:\Users\Raj\AppData\Roaming\Mozilla\Firefox\Profiles\a424ksis.default\searchplugins\search.xml

FF SearchPlugin: C:\Users\Raj\AppData\Roaming\Mozilla\Firefox\Profiles\a424ksis.default\searchplugins\thesaurus---referencecom.xml

FF SearchPlugin: C:\Users\Raj\AppData\Roaming\Mozilla\Firefox\Profiles\a424ksis.default\searchplugins\youtube.xml

FF Extension: Canadian English Dictionary - C:\Users\Raj\AppData\Roaming\Mozilla\Firefox\Profiles\a424ksis.default\Extensions\en-CA@dictionaries.addons.mozilla.org [2014-10-09]

FF Extension: Fast Dial - C:\Users\Raj\AppData\Roaming\Mozilla\Firefox\Profiles\a424ksis.default\Extensions\fastdial@telega.phpnet.us [2014-09-24]

FF Extension: IE Tab 2 (FF 3.6+) - C:\Users\Raj\AppData\Roaming\Mozilla\Firefox\Profiles\a424ksis.default\Extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB} [2014-01-06]

FF Extension: AddThis - C:\Users\Raj\AppData\Roaming\Mozilla\Firefox\Profiles\a424ksis.default\Extensions\{3e0e7d2a-070f-4a47-b019-91fe5385ba79} [2013-05-15]

FF Extension: HP Detect - C:\Users\Raj\AppData\Roaming\Mozilla\Firefox\Profiles\a424ksis.default\Extensions\{ab91efd4-6975-4081-8552-1b3922ed79e2} [2013-09-09]

FF Extension: Shell Library API - C:\Users\Raj\AppData\Roaming\Mozilla\Firefox\Profiles\a424ksis.default\Extensions\{D9ACF5A8-5BBE-019E-4135-E8D5ABFECBD0} [2014-12-04]

FF Extension: Add to Amazon Wish List Button - C:\Users\Raj\AppData\Roaming\Mozilla\Firefox\Profiles\a424ksis.default\Extensions\amznUWL2@amazon.com.xpi [2014-01-16]

FF Extension: InvisibleHand - C:\Users\Raj\AppData\Roaming\Mozilla\Firefox\Profiles\a424ksis.default\Extensions\canitbecheaper@trafficbroker.co.uk.xpi [2013-05-15]

FF Extension: feedly - C:\Users\Raj\AppData\Roaming\Mozilla\Firefox\Profiles\a424ksis.default\Extensions\feedly@devhd.xpi [2014-01-19]

FF Extension: FireGestures - C:\Users\Raj\AppData\Roaming\Mozilla\Firefox\Profiles\a424ksis.default\Extensions\firegestures@xuldev.org.xpi [2013-05-15]

FF Extension: FoxyScrobbler - C:\Users\Raj\AppData\Roaming\Mozilla\Firefox\Profiles\a424ksis.default\Extensions\foxyscrobbler@baluvaithinathan.com.xpi [2014-02-07]

FF Extension: Locationbar&#178; - C:\Users\Raj\AppData\Roaming\Mozilla\Firefox\Profiles\a424ksis.default\Extensions\locationbar2@design-noir.de.xpi [2013-05-15]

FF Extension: Personas Plus - C:\Users\Raj\AppData\Roaming\Mozilla\Firefox\Profiles\a424ksis.default\Extensions\personas@christopher.beard.xpi [2013-05-15]

FF Extension: FlashGot - C:\Users\Raj\AppData\Roaming\Mozilla\Firefox\Profiles\a424ksis.default\Extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi [2014-07-01]

FF Extension: StumbleUpon - C:\Users\Raj\AppData\Roaming\Mozilla\Firefox\Profiles\a424ksis.default\Extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}.xpi [2013-05-15]

FF Extension: Adblock Plus - C:\Users\Raj\AppData\Roaming\Mozilla\Firefox\Profiles\a424ksis.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-05-15]

FF Extension: Tab Mix Plus - C:\Users\Raj\AppData\Roaming\Mozilla\Firefox\Profiles\a424ksis.default\Extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi [2013-05-15]

FF Extension: Greasemonkey - C:\Users\Raj\AppData\Roaming\Mozilla\Firefox\Profiles\a424ksis.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2013-05-15]

FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-07-14]

FF Extension: TrueSuite Website Logon - C:\Program Files (x86)\Mozilla Firefox\distribution\bundles\websitelogon@truesuite.com [2014-06-16]

FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn

FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2014-03-24]

FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt

FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2014-07-01]

FF Extension: No Name - {F003DA68-8256-4b37-A6C4-350FA04494DF} [Not Found]

 

Chrome:

=======

CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2014-09-12]

CHR HKLM-x32\...\Chrome\Extension: [kanflfepiobnpjbljmngfgegijhdpljm] - C:\Program Files (x86)\HP SimplePass\tschrome.crx [2013-04-01]

 

==================== Services (Whitelisted) =================

 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

 

S4 9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269; C:\Program Files (x86)\Roxio\BackOnTrack\App\SaibSVC.exe [457360 2012-06-20] ()

R2 BingDesktopUpdate; C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [173792 2014-06-04] (Microsoft Corp.)

R2 BOT4Service; C:\Program Files (x86)\Roxio\BackOnTrack\App\BService.exe [22160 2012-07-11] ()

R3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-28] (Microsoft Corporation)

R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)

R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)

R2 FPLService; C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe [1641768 2013-06-07] (HP)

R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]

S4 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [49464 2014-05-21] (Hewlett-Packard Company)

R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-11-21] (Intel Corporation)

S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-03] (Macrovision Corporation) [File not signed]

R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation)

R2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]

S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1900400 2014-12-03] (Electronic Arts)

R2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]

R2 PnkBstrA; C:\WINDOWS\SysWOW64\PnkBstrA.exe [76888 2013-10-28] ()

R2 RoxioBurnLauncher; C:\Program Files (x86)\Roxio Creator NXT\Roxio Burn\RoxioBurnLauncher.exe [535184 2012-07-05] ()

S4 RoxMediaDB14; C:\Program Files (x86)\Roxio Creator NXT\Common\RoxMediaDB14.exe [1096848 2012-07-18] (Corel Corporation)

S4 RoxWatch14; C:\Program Files (x86)\Roxio Creator NXT\Common\RoxWatch14.exe [341136 2012-07-18] (Corel Corporation)

S3 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1229528 2013-12-06] (Secunia)

R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [662232 2013-12-06] (Secunia)

R2 SGFXMgr; C:\Program Files\SGFX\sgfxmgr.exe [8480256 2013-01-10] (SMSC) [File not signed]

R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [327680 2012-10-24] (IDT, Inc.) [File not signed]

R2 Start8; C:\Program Files (x86)\Stardock\Start8\Start8Srv.exe [143288 2014-06-12] (Stardock Software, Inc)

S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]

S3 TrueService; C:\Program Files\Common Files\AuthenTec\TrueService.exe [401856 2013-01-07] (AuthenTec, Inc.)

R2 valWBFPolicyService; C:\Windows\system32\valWBFPolicyService.exe [28160 2012-09-06] () [File not signed]

S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2013-10-19] (Microsoft Corporation)

R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [248248 2012-09-06] (Western Digital)

R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-21] (Microsoft Corporation)

R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-21] (Microsoft Corporation)

 

==================== Drivers (Whitelisted) ====================

 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

 

R3 BthA2DP; C:\Windows\system32\drivers\BthA2DP.sys [131328 2014-10-08] (Microsoft Corporation)

R3 BthHFAud; C:\Windows\System32\drivers\BthHfAud.sys [32768 2014-10-08] (Microsoft Corporation)

R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)

R3 btmaux; C:\Windows\system32\DRIVERS\btmaux.sys [140600 2013-11-07] (Motorola Solutions, Inc.)

R3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1419576 2013-12-10] (Motorola Solutions, Inc.)

R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91712 2013-03-05] (CyberLink)

S3 HP8207_8307; C:\Windows\System32\drivers\HP8207_8307.sys [15360 2010-02-04] (Windows ® Win 7 DDK provider) [File not signed]

S3 igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys [4185600 2013-10-03] (Intel Corporation) [File not signed]

S3 INETMON; C:\WINDOWS\System32\Drivers\INETMON.sys [23936 2014-02-03] ()

S3 IntcDAud; C:\Windows\system32\DRIVERS\IntcDAud.sys [342528 2012-06-18] (Intel® Corporation) [File not signed]

S3 ISCT; C:\Windows\System32\drivers\ISCTD64.sys [47008 2013-07-30] ()

S3 libusb0; C:\Windows\system32\DRIVERS\libusb0.sys [52320 2013-08-30] (http://libusb-win32.sourceforge.net)

R3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew00.sys [3345376 2013-09-04] (Intel Corporation)

S3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2013-12-06] (Secunia)

R0 PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [56336 2012-08-12] (Corel Corporation)

S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [78336 2013-01-03] (Research In Motion Limited) [File not signed]

S3 RimVSerPort; C:\Windows\system32\DRIVERS\RimSerial_AMD64.sys [44544 2012-12-10] (Research in Motion Ltd)

R0 Sahdad64; C:\Windows\System32\Drivers\Sahdad64.sys [28304 2012-06-20] (Corel Corporation)

R0 Saibad64; C:\Windows\System32\Drivers\Saibad64.sys [20112 2012-06-20] (Corel Corporation)

R1 SaibVdAd64; C:\Windows\System32\Drivers\SaibVdAd64.sys [27792 2012-06-20] (Corel Corporation)

R4 sgfxk; C:\Windows\System32\drivers\sgfxk64.sys [157432 2013-01-14] (SMSC)

R0 sgfxl; C:\Windows\System32\drivers\sgfxl64.sys [18168 2013-01-14] (SMSC)

S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [41272 2012-08-24] (Synaptics Incorporated)

R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [33008 2013-04-24] (Synaptics Incorporated)

R0 tib; C:\Windows\System32\DRIVERS\tib.sys [1120032 2013-10-19] (Acronis International GmbH)

S3 usb3Hub; C:\Windows\System32\drivers\usb3Hub.sys [48096 2012-08-09] (Windows ® Win 7 DDK provider)

R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-21] (Microsoft Corporation)

R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2012-08-31] (Hewlett-Packard Development Company, L.P.)

S3 XHCIPort; C:\Windows\System32\drivers\XHCIPort.sys [188384 2012-08-09] (Windows ® Win 7 DDK provider)

 

==================== NetSvcs (Whitelisted) ===================

 

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

 

 

==================== One Month Created Files and Folders ========

 

(If an entry is included in the fixlist, the file\folder will be moved.)

 

2014-12-05 05:16 - 2014-12-05 13:06 - 00000338 _____ () C:\WINDOWS\Tasks\HPCeeScheduleForRaj.job

2014-12-05 05:16 - 2014-12-05 05:16 - 00003148 _____ () C:\WINDOWS\System32\Tasks\HPCeeScheduleForRaj

2014-12-05 03:19 - 2014-12-05 13:05 - 00000000 ____D () C:\Users\Raj\AppData\Roaming\Fedaxia

2014-12-04 23:46 - 2014-12-04 23:46 - 32507072 _____ (Microsoft Corporation) C:\Users\Raj\Downloads\Windows-KB890830-x64-V5.18.exe

2014-12-04 23:13 - 2014-12-05 11:40 - 00000000 ____D () C:\Users\Raj\AppData\Local\UPmedia

2014-12-04 23:13 - 2014-12-04 23:13 - 00000000 ____D () C:\Users\Raj\AppData\Local\YfmPack

2014-12-04 17:28 - 2014-12-04 17:28 - 00000000 ____D () C:\Users\Raj\Desktop\FRST-OlderVersion

2014-12-04 17:24 - 2014-12-04 17:27 - 00000838 _____ () C:\Users\Raj\Desktop\JRT.txt

2014-12-04 17:11 - 2014-12-04 17:11 - 00000000 ____D () C:\WINDOWS\ERUNT

2014-12-04 17:09 - 2014-12-04 17:09 - 01707646 _____ (Thisisu) C:\Users\Raj\Desktop\JRT.exe

2014-12-04 17:08 - 2014-12-04 17:08 - 00003261 _____ () C:\Users\Raj\Desktop\AdwCleaner[S0].txt

2014-12-04 15:37 - 2014-12-04 15:37 - 00098216 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll

2014-12-04 15:37 - 2014-12-04 15:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java

2014-12-04 15:37 - 2014-12-04 15:37 - 00000000 ____D () C:\Program Files (x86)\Java

2014-12-04 15:13 - 2014-12-04 15:13 - 00003158 _____ () C:\Users\Raj\Desktop\AdwCleaner[R0].txt

2014-12-04 15:09 - 2014-12-04 17:02 - 00000000 ____D () C:\AdwCleaner

2014-12-04 15:09 - 2014-12-04 15:09 - 02154496 _____ () C:\Users\Raj\Desktop\AdwCleaner.exe

2014-12-04 14:15 - 2014-12-04 15:08 - 00000000 ____D () C:\Users\Raj\Desktop\mbar

2014-12-04 14:13 - 2014-12-04 14:14 - 16448208 _____ (Malwarebytes Corp.) C:\Users\Raj\Desktop\mbar-1.08.2.1001.exe

2014-12-04 14:13 - 2014-12-04 14:13 - 00000841 _____ () C:\Users\Raj\Desktop\checkup.txt

2014-12-04 14:12 - 2014-12-04 14:12 - 00852487 _____ () C:\Users\Raj\Desktop\SecurityCheck.exe

2014-12-03 19:41 - 2014-12-03 19:41 - 01012544 _____ (DivX, LLC) C:\Users\Raj\Downloads\DivXInstaller.exe

2014-12-03 19:35 - 2014-12-03 19:37 - 68530176 _____ () C:\Users\Raj\Downloads\calibre-64bit-2.12.0.msi

2014-12-03 19:31 - 2014-12-03 19:31 - 01941064 _____ () C:\Users\Raj\Downloads\winrar-x64-520.exe

2014-12-03 19:27 - 2014-12-03 19:27 - 10794784 _____ () C:\Users\Raj\Downloads\Start8_setup_sd.exe

2014-12-03 19:22 - 2014-12-03 19:23 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Raj\Downloads\mbam-setup-2.0.4.1028.exe

2014-12-03 13:08 - 2014-12-03 13:09 - 00048916 _____ () C:\Users\Raj\Desktop\Addition.txt

2014-12-03 13:05 - 2014-12-05 13:43 - 00036057 _____ () C:\Users\Raj\Desktop\FRST.txt

2014-12-03 12:54 - 2014-12-05 13:43 - 00000000 ____D () C:\FRST

2014-12-03 12:54 - 2014-12-04 17:28 - 02117632 _____ (Farbar) C:\Users\Raj\Desktop\FRST64.exe

2014-12-03 12:42 - 2014-12-05 13:21 - 00006614 _____ () C:\WINDOWS\PFRO.log

2014-12-03 03:05 - 2014-12-03 12:42 - 00000000 ____D () C:\Users\Raj\AppData\Roaming\Cyehmivy

2014-12-02 23:35 - 2014-12-02 23:35 - 00000000 ____D () C:\Program Files (x86)\ESET

2014-12-02 23:14 - 2014-12-02 23:14 - 00000761 _____ () C:\WINDOWS\system32\Drivers\etc\hosts.txt

2014-12-02 23:00 - 2014-12-02 23:00 - 00000000 __SHD () C:\Users\Raj\AppData\Local\EmieBrowserModeList

2014-12-01 20:42 - 2014-12-01 20:42 - 00000039 _____ () C:\WINDOWS\setupact.log

2014-12-01 20:42 - 2014-12-01 20:42 - 00000000 _____ () C:\WINDOWS\setuperr.log

2014-11-23 03:32 - 2014-12-05 13:22 - 00002888 _____ () C:\WINDOWS\System32\Tasks\AutoKMS

2014-11-20 14:27 - 2014-11-20 14:30 - 06303907 _____ () C:\Users\Raj\Downloads\AdobeExtensionManager-7_3_2-mul-AdobeUpdate.zip

(Section omitted due to major Windows update run on Oct. 28/14)

2014-11-19 21:25 - 2014-10-10 19:10 - 00389020 _____ () C:\WINDOWS\system32\ApnDatabase.xml

2014-11-19 21:25 - 2014-10-08 02:33 - 00131328 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BthA2DP.sys

2014-11-19 21:25 - 2014-10-06 22:30 - 00026112 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sermouse.sys

2014-11-19 21:25 - 2014-10-06 22:29 - 00107520 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\i8042prt.sys

2014-11-19 21:25 - 2014-10-06 22:29 - 00032256 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\kbdhid.sys

2014-11-19 21:25 - 2014-10-06 22:29 - 00030208 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mouhid.sys

2014-11-19 21:17 - 2014-10-30 23:50 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\BulkOperationHost.exe

2014-11-19 21:17 - 2014-10-30 22:30 - 00120832 _____ (Microsoft Corporation) C:\WINDOWS\system32\winbici.dll

2014-11-19 21:17 - 2014-10-30 22:23 - 00733696 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDriveTelemetry.dll

2014-11-19 21:17 - 2014-10-30 22:22 - 00291840 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDriveShell.dll

2014-11-19 21:17 - 2014-10-30 22:18 - 04840960 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncEngine.dll

2014-11-19 21:17 - 2014-10-30 22:18 - 01091072 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll

2014-11-19 21:17 - 2014-10-30 22:09 - 01154048 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDrive.exe

2014-11-19 21:17 - 2014-10-30 21:12 - 00266752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SkyDriveShell.dll

2014-11-19 21:17 - 2014-10-30 21:06 - 00790528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MrmCoreR.dll

2014-11-18 23:14 - 2014-11-09 18:19 - 00991232 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll

2014-11-18 23:14 - 2014-11-09 18:19 - 00806400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll

2014-11-18 23:14 - 2014-11-09 18:18 - 00259584 _____ (Microsoft Corporation) C:\WINDOWS\system32\pku2u.dll

2014-11-18 23:14 - 2014-11-09 18:18 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\pku2u.dll

2014-11-17 16:54 - 2014-12-05 13:39 - 01964734 _____ () C:\WINDOWS\WindowsUpdate.log

2014-11-13 15:20 - 2014-11-20 15:51 - 00714208 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe

2014-11-13 15:20 - 2014-11-20 15:51 - 00106976 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl

2014-11-12 02:03 - 2014-10-31 00:28 - 25110016 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll

2014-11-12 02:03 - 2014-10-30 22:42 - 19781632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll

2014-11-12 02:03 - 2014-09-21 22:06 - 00258368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdFilter.sys

2014-11-12 02:03 - 2014-09-21 22:06 - 00114496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdNisDrv.sys

2014-11-12 02:03 - 2014-09-21 21:49 - 00035320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdBoot.sys

2014-11-12 02:03 - 2014-09-02 17:08 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\system32\winshfhc.dll

2014-11-12 02:03 - 2014-09-02 17:08 - 00012800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winshfhc.dll

2014-11-12 02:02 - 2014-10-31 00:12 - 00143872 _____ (Microsoft Corporation) C:\WINDOWS\system32\wextract.exe

2014-11-12 02:02 - 2014-10-31 00:12 - 00013824 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshta.exe

2014-11-12 02:02 - 2014-10-31 00:10 - 00167424 _____ (Microsoft Corporation) C:\WINDOWS\system32\iexpress.exe

2014-11-12 02:02 - 2014-10-31 00:09 - 00064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\pngfilt.dll

2014-11-12 02:02 - 2014-10-31 00:08 - 00012800 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeedssync.exe

2014-11-12 02:02 - 2014-10-31 00:06 - 00580096 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll

2014-11-12 02:02 - 2014-10-31 00:06 - 00237568 _____ (Microsoft Corporation) C:\WINDOWS\system32\url.dll

2014-11-12 02:02 - 2014-10-31 00:06 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesetup.dll

2014-11-12 02:02 - 2014-10-31 00:06 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwproxystub.dll

2014-11-12 02:02 - 2014-10-31 00:05 - 02884096 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll

2014-11-12 02:02 - 2014-10-31 00:05 - 00417280 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec

2014-11-12 02:02 - 2014-10-31 00:04 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll

2014-11-12 02:02 - 2014-10-30 23:57 - 00054784 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll

2014-11-12 02:02 - 2014-10-30 23:56 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\system32\iernonce.dll

2014-11-12 02:02 - 2014-10-30 23:54 - 00132096 _____ (Microsoft Corporation) C:\WINDOWS\system32\IEAdvpack.dll

2014-11-12 02:02 - 2014-10-30 23:53 - 00633856 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll

2014-11-12 02:02 - 2014-10-30 23:52 - 00108544 _____ (Microsoft Corporation) C:\WINDOWS\system32\hlink.dll

2014-11-12 02:02 - 2014-10-30 23:51 - 00812544 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll

2014-11-12 02:02 - 2014-10-30 23:51 - 00144384 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieUnatt.exe

2014-11-12 02:02 - 2014-10-30 23:51 - 00114688 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwcollector.exe

2014-11-12 02:02 - 2014-10-30 23:50 - 06040064 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll

2014-11-12 02:02 - 2014-10-30 23:50 - 00814080 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll

2014-11-12 02:02 - 2014-10-30 23:40 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\system32\licmgr10.dll

2014-11-12 02:02 - 2014-10-30 23:38 - 00490496 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll

2014-11-12 02:02 - 2014-10-30 23:30 - 00077824 _____ (Microsoft Corporation) C:\WINDOWS\system32\JavaScriptCollectionAgent.dll

2014-11-12 02:02 - 2014-10-30 23:29 - 00111616 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesysprep.dll

2014-11-12 02:02 - 2014-10-30 23:29 - 00087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdc.ocx

2014-11-12 02:02 - 2014-10-30 23:28 - 00107520 _____ (Microsoft Corporation) C:\WINDOWS\system32\inseng.dll

2014-11-12 02:02 - 2014-10-30 23:25 - 00199680 _____ (Microsoft Corporation) C:\WINDOWS\system32\msrating.dll

2014-11-12 02:02 - 2014-10-30 23:24 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll

2014-11-12 02:02 - 2014-10-30 23:24 - 00060416 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeedsbs.dll

2014-11-12 02:02 - 2014-10-30 23:23 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll

2014-11-12 02:02 - 2014-10-30 23:21 - 00316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll

2014-11-12 02:02 - 2014-10-30 23:19 - 00152064 _____ (Microsoft Corporation) C:\WINDOWS\system32\occache.dll

2014-11-12 02:02 - 2014-10-30 23:15 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll

2014-11-12 02:02 - 2014-10-30 23:08 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll

2014-11-12 02:02 - 2014-10-30 23:06 - 00372736 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll

2014-11-12 02:02 - 2014-10-30 23:05 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll

2014-11-12 02:02 - 2014-10-30 23:05 - 00716800 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe

2014-11-12 02:02 - 2014-10-30 23:03 - 02124288 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl

2014-11-12 02:02 - 2014-10-30 22:59 - 14390272 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll

2014-11-12 02:02 - 2014-10-30 22:45 - 02365440 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll

2014-11-12 02:02 - 2014-10-30 22:44 - 02865152 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll

2014-11-12 02:02 - 2014-10-30 22:42 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\system32\imgutil.dll

2014-11-12 02:02 - 2014-10-30 22:32 - 01550336 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll

2014-11-12 02:02 - 2014-10-30 22:28 - 00137728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wextract.exe

2014-11-12 02:02 - 2014-10-30 22:28 - 00012800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshta.exe

2014-11-12 02:02 - 2014-10-30 22:27 - 00152064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iexpress.exe

2014-11-12 02:02 - 2014-10-30 22:26 - 00057344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\pngfilt.dll

2014-11-12 02:02 - 2014-10-30 22:25 - 00011264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeedssync.exe

2014-11-12 02:02 - 2014-10-30 22:24 - 00501248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll

2014-11-12 02:02 - 2014-10-30 22:24 - 00235520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\url.dll

2014-11-12 02:02 - 2014-10-30 22:24 - 00062464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesetup.dll

2014-11-12 02:02 - 2014-10-30 22:23 - 00340992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\html.iec

2014-11-12 02:02 - 2014-10-30 22:23 - 00047616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieetwproxystub.dll

2014-11-12 02:02 - 2014-10-30 22:22 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll

2014-11-12 02:02 - 2014-10-30 22:20 - 00799232 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll

2014-11-12 02:02 - 2014-10-30 22:18 - 02277376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll

2014-11-12 02:02 - 2014-10-30 22:16 - 00047104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll

2014-11-12 02:02 - 2014-10-30 22:15 - 00030720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iernonce.dll

2014-11-12 02:02 - 2014-10-30 22:14 - 00112128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\IEAdvpack.dll

2014-11-12 02:02 - 2014-10-30 22:13 - 00478208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieui.dll

2014-11-12 02:02 - 2014-10-30 22:13 - 00099328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hlink.dll

2014-11-12 02:02 - 2014-10-30 22:12 - 00661504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll

2014-11-12 02:02 - 2014-10-30 22:12 - 00115712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieUnatt.exe

2014-11-12 02:02 - 2014-10-30 22:11 - 00620032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll

2014-11-12 02:02 - 2014-10-30 22:03 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\licmgr10.dll

2014-11-12 02:02 - 2014-10-30 22:02 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll

2014-11-12 02:02 - 2014-10-30 21:57 - 00060416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JavaScriptCollectionAgent.dll

2014-11-12 02:02 - 2014-10-30 21:56 - 00091136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inseng.dll

2014-11-12 02:02 - 2014-10-30 21:56 - 00090624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesysprep.dll

2014-11-12 02:02 - 2014-10-30 21:56 - 00073216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdc.ocx

2014-11-12 02:02 - 2014-10-30 21:53 - 00168960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrating.dll

2014-11-12 02:02 - 2014-10-30 21:53 - 00052736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeedsbs.dll

2014-11-12 02:02 - 2014-10-30 21:52 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll

2014-11-12 02:02 - 2014-10-30 21:51 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll

2014-11-12 02:02 - 2014-10-30 21:50 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll

2014-11-12 02:02 - 2014-10-30 21:48 - 00130048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\occache.dll

2014-11-12 02:02 - 2014-10-30 21:46 - 04298240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll

2014-11-12 02:02 - 2014-10-30 21:46 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll

2014-11-12 02:02 - 2014-10-30 21:42 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll

2014-11-12 02:02 - 2014-10-30 21:40 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll

2014-11-12 02:02 - 2014-10-30 21:40 - 00325632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll

2014-11-12 02:02 - 2014-10-30 21:39 - 02051072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl

2014-11-12 02:02 - 2014-10-30 21:30 - 12819456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll

2014-11-12 02:02 - 2014-10-30 21:26 - 01042944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll

2014-11-12 02:02 - 2014-10-30 21:24 - 00040448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\imgutil.dll

2014-11-12 02:02 - 2014-10-30 21:17 - 01892864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll

2014-11-12 02:02 - 2014-10-30 21:13 - 01310208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll

2014-11-12 02:02 - 2014-10-30 21:11 - 00708096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll

2014-11-12 02:02 - 2014-10-06 22:30 - 04182016 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys

2014-11-12 02:01 - 2014-11-04 18:38 - 00228864 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll

2014-11-12 02:01 - 2014-11-03 19:10 - 00304128 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll

2014-11-12 02:01 - 2014-10-30 23:53 - 00098816 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll

2014-11-12 02:01 - 2014-10-30 23:49 - 00537088 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll

2014-11-12 02:01 - 2014-10-30 23:24 - 00391168 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll

2014-11-06 13:07 - 2014-11-06 13:07 - 00000000 ___HT () C:\Users\Raj\Desktop\RAJ-PC-2014-11-06_130439_12.zip~RF10325c.TMP

2014-11-06 13:02 - 2014-11-06 13:03 - 00314008 _____ () C:\Users\Raj\Downloads\dm log collector.exe

2014-11-06 00:42 - 2014-11-06 00:42 - 00341848 _____ (DivX, LLC) C:\WINDOWS\SysWOW64\DivXControlPanelApplet.cpl

 

==================== One Month Modified Files and Folders =======

 

(If an entry is included in the fixlist, the file\folder will be moved.)

 

2014-12-05 13:44 - 2012-05-13 22:21 - 00175616 ___SH () C:\Users\Raj\Documents\Thumbs.db

2014-12-05 13:36 - 2013-07-01 00:40 - 00000910 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job

2014-12-05 13:33 - 2013-05-13 04:51 - 00003600 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1170371211-3377574443-1108615615-1003

2014-12-05 13:29 - 2013-09-29 23:15 - 00381790 _____ () C:\WINDOWS\system32\PerfStringBackup.INI

2014-12-05 13:24 - 2014-02-28 16:22 - 00000000 ___RD () C:\Users\Raj\Documents\Google Drive

2014-12-05 13:22 - 2013-08-22 09:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT

2014-12-05 13:22 - 2013-07-01 00:40 - 00000906 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job

2014-12-05 13:22 - 2013-05-24 18:11 - 00000278 _____ () C:\WINDOWS\Tasks\AutoKMS.job

2014-12-05 13:05 - 2013-08-22 08:25 - 00786432 ___SH () C:\WINDOWS\system32\config\BBI

2014-12-05 13:00 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\system32\sru

2014-12-05 05:17 - 2013-10-19 16:04 - 00000000 ____D () C:\Users\Raj

2014-12-05 01:11 - 2014-07-17 17:27 - 00000000 ____D () C:\Users\Raj\AppData\Roaming\Spotify

2014-12-04 18:59 - 2014-03-24 17:32 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys

2014-12-04 18:29 - 2013-05-16 00:15 - 00000000 ____D () C:\Users\Raj\AppData\Roaming\Skype

2014-12-04 18:26 - 2013-05-16 00:15 - 00000000 ___RD () C:\Program Files (x86)\Skype

2014-12-04 18:26 - 2013-05-16 00:15 - 00000000 ____D () C:\ProgramData\Skype

2014-12-04 17:10 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\AppReadiness

2014-12-04 15:37 - 2013-09-12 15:38 - 00000000 ____D () C:\ProgramData\Oracle

2014-12-04 15:35 - 2014-10-16 01:36 - 00638888 _____ (Oracle Corporation) C:\Users\Raj\Downloads\jxpiinstall.exe

2014-12-04 15:08 - 2013-09-09 13:02 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)

2014-12-04 14:15 - 2014-02-26 19:02 - 00096472 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys

2014-12-04 13:48 - 2013-05-13 12:56 - 00000000 ____D () C:\Program Files\WinRAR

2014-12-03 23:51 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\system32\NDF

2014-12-03 23:41 - 2013-05-17 14:19 - 00000000 ____D () C:\ProgramData\Origin

2014-12-03 23:32 - 2013-05-17 14:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin

2014-12-03 23:32 - 2013-05-17 14:19 - 00000000 ____D () C:\Program Files (x86)\Origin

2014-12-03 21:27 - 2014-07-17 17:28 - 00000000 ____D () C:\Users\Raj\AppData\Local\Spotify

2014-12-03 21:27 - 2013-05-13 00:52 - 00000000 ____D () C:\Users\Raj\Downloads\Serials

2014-12-03 21:22 - 2014-03-24 19:15 - 00002469 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat XI Pro.lnk

2014-12-03 21:22 - 2014-03-24 19:15 - 00002230 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe FormsCentral.lnk

2014-12-03 21:22 - 2014-03-24 19:15 - 00002069 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller XI.lnk

2014-12-03 21:22 - 2013-05-16 21:06 - 00001486 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Application Manager.lnk

2014-12-03 21:15 - 2013-05-13 12:02 - 00000000 ____D () C:\Users\Raj\AppData\Roaming\uTorrent

2014-12-03 19:47 - 2013-09-08 18:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX

2014-12-03 19:47 - 2013-05-16 11:58 - 00000000 ____D () C:\Program Files (x86)\DivX

2014-12-03 19:47 - 2013-05-16 11:56 - 00000000 ____D () C:\ProgramData\DivX

2014-12-03 19:43 - 2013-05-15 23:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\calibre 64bit - E-book Management

2014-12-03 19:43 - 2013-05-15 23:24 - 00000000 ____D () C:\Program Files\Calibre2

2014-12-03 19:34 - 2013-06-13 15:49 - 00000000 ____D () C:\Users\Raj\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR

2014-12-03 19:34 - 2013-06-13 15:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR

2014-12-03 19:28 - 2013-05-13 20:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Stardock

2014-12-03 19:24 - 2014-03-24 17:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2014-12-03 19:24 - 2014-03-24 17:07 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware

2014-12-03 12:42 - 2014-06-11 02:51 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service

2014-12-03 12:42 - 2013-08-22 10:36 - 00000000 ___RD () C:\WINDOWS\Offline Web Pages

2014-12-03 12:37 - 2013-05-16 13:15 - 03326176 _____ (Microsoft Corporation) C:\Users\Raj\Downloads\OutlookConnector.exe

2014-12-02 23:35 - 2014-08-13 20:48 - 00000000 ____D () C:\Users\Raj\AppData\Local\Adobe

2014-12-02 23:10 - 2013-05-15 21:47 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox

2014-12-02 22:49 - 2013-05-16 00:28 - 00000000 ____D () C:\Users\Raj\AppData\Local\DVD Profiler

2014-12-01 17:13 - 2013-05-12 22:21 - 00000052 _____ () C:\WINDOWS\SysWOW64\DOErrors.log

2014-12-01 17:13 - 2013-05-12 22:21 - 00000000 _____ () C:\WINDOWS\system32\HP_ActiveX_Patch_NOT_DETECTED.txt

2014-11-27 21:47 - 2013-05-12 22:24 - 00000000 ____D () C:\Users\Raj\Documents\My Received Files

2014-11-26 23:49 - 2012-07-26 02:59 - 00000000 ____D () C:\WINDOWS\CbsTemp

2014-11-21 06:14 - 2014-03-24 17:07 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys

2014-11-21 06:14 - 2013-09-04 21:15 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys

2014-11-21 02:08 - 2013-05-14 00:40 - 00000000 ____D () C:\WINDOWS\System32\Tasks\Games

2014-11-20 17:43 - 2013-05-15 23:15 - 00000000 ____D () C:\Users\Raj\AppData\Local\Last.fm

2014-11-20 14:27 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\rescache

2014-11-19 22:14 - 2013-08-22 09:44 - 06072672 _____ () C:\WINDOWS\system32\FNTCACHE.DAT

2014-11-19 22:08 - 2013-08-22 10:36 - 00000000 ___RD () C:\WINDOWS\ToastData

2014-11-19 22:08 - 2013-08-22 10:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools

2014-11-19 22:08 - 2013-08-22 10:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories

2014-11-19 22:08 - 2013-08-22 10:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility

2014-11-19 22:08 - 2013-08-22 10:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools

2014-11-19 22:08 - 2013-08-22 10:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories

2014-11-19 22:08 - 2013-08-22 10:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility

2014-11-19 22:08 - 2013-08-22 10:36 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools

2014-11-19 22:08 - 2013-08-22 10:36 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories

2014-11-19 22:08 - 2013-08-22 10:36 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessibility

2014-11-19 22:08 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\MediaViewer

2014-11-19 22:08 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\FileManager

2014-11-19 22:08 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\Camera

2014-11-19 22:07 - 2013-09-29 22:55 - 00000000 __SHD () C:\WINDOWS\BitLockerDiscoveryVolumeContents

2014-11-19 22:07 - 2013-09-29 22:55 - 00000000 ____D () C:\Program Files\Windows Journal

2014-11-19 22:07 - 2013-08-22 10:36 - 00000000 ___SD () C:\WINDOWS\system32\dsc

2014-11-19 22:07 - 2013-08-22 10:36 - 00000000 ___RD () C:\WINDOWS\ImmersiveControlPanel

2014-11-19 22:07 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\WinStore

2014-11-19 22:07 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\sppui

2014-11-19 22:07 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\setup

2014-11-19 22:07 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\migwiz

2014-11-19 22:07 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\inetsrv

2014-11-19 22:07 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\Com

2014-11-19 22:07 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\system32\WinBioPlugIns

2014-11-19 22:07 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\system32\SystemResetPlatform

2014-11-19 22:07 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\system32\sppui

2014-11-19 22:07 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\system32\setup

2014-11-19 22:07 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\system32\migwiz

2014-11-19 22:07 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\system32\inetsrv

2014-11-19 22:07 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\system32\Com

2014-11-19 22:07 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\PolicyDefinitions

2014-11-19 22:07 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\IME

2014-11-19 22:07 - 2013-08-22 10:36 - 00000000 ____D () C:\Program Files\Windows Portable Devices

2014-11-19 22:07 - 2013-08-22 10:36 - 00000000 ____D () C:\Program Files\Windows Photo Viewer

2014-11-19 22:07 - 2013-08-22 10:36 - 00000000 ____D () C:\Program Files\Windows Multimedia Platform

2014-11-19 22:07 - 2013-08-22 10:36 - 00000000 ____D () C:\Program Files\Common Files\System

2014-11-19 22:07 - 2013-08-22 08:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\oobe

2014-11-19 22:07 - 2013-08-22 08:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\Dism

2014-11-19 22:07 - 2013-08-22 08:36 - 00000000 ____D () C:\WINDOWS\system32\Sysprep

2014-11-19 22:07 - 2013-08-22 08:36 - 00000000 ____D () C:\WINDOWS\system32\oobe

2014-11-19 22:07 - 2013-08-22 08:36 - 00000000 ____D () C:\WINDOWS\system32\Dism

2014-11-19 22:07 - 2013-08-22 08:36 - 00000000 ____D () C:\WINDOWS\servicing

2014-11-19 22:06 - 2013-08-22 10:36 - 00000000 ____D () C:\Program Files (x86)\Windows Portable Devices

2014-11-19 22:06 - 2013-08-22 10:36 - 00000000 ____D () C:\Program Files (x86)\Windows Photo Viewer

2014-11-19 22:06 - 2013-08-22 10:36 - 00000000 ____D () C:\Program Files (x86)\Windows Multimedia Platform

2014-11-19 22:05 - 2013-08-22 10:36 - 00000000 ____D () C:\Program Files\WindowsPowerShell

2014-11-19 21:38 - 2013-08-22 10:36 - 00215552 _____ (Microsoft Corporation) C:\WINDOWS\system32\msclmd.dll

2014-11-19 21:38 - 2013-08-22 10:36 - 00195072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msclmd.dll

2014-11-19 20:59 - 2012-11-21 11:06 - 00000000 ____D () C:\WINDOWS\Hewlett-Packard

2014-11-19 20:59 - 2012-08-03 19:02 - 00000000 ____D () C:\SWSetup

2014-11-17 21:21 - 2014-05-26 18:36 - 00000000 ____D () C:\Users\Public\Documents\Adobe

2014-11-13 15:31 - 2013-07-01 00:40 - 00003882 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA

2014-11-13 15:31 - 2013-07-01 00:40 - 00003646 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore

2014-11-13 15:15 - 2014-07-10 14:55 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel

2014-11-13 15:15 - 2013-08-22 10:36 - 00000000 ____D () C:\Program Files\Windows Defender

2014-11-13 15:15 - 2013-08-22 10:36 - 00000000 ____D () C:\Program Files (x86)\Windows Defender

2014-11-12 04:57 - 2013-05-16 12:04 - 00000000 ____D () C:\ProgramData\Microsoft Help

2014-11-12 04:44 - 2013-07-15 10:51 - 00000000 ____D () C:\WINDOWS\system32\MRT

2014-11-11 01:35 - 2013-10-20 06:57 - 00000000 ____D () C:\WINDOWS\Minidump

2014-11-06 16:07 - 2013-05-18 04:48 - 00156672 ___SH () C:\Users\Raj\Downloads\Thumbs.db

2014-11-06 02:38 - 2014-10-15 14:01 - 00000000 ____D () C:\Program Files (x86)\SystemRequirementsLab

2014-11-05 20:26 - 2014-02-28 16:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive

 

==================== Bamital & volsnap Check =================

 

(There is no automatic fix for files that do not pass verification.)

 

C:\Windows\System32\winlogon.exe => File is digitally signed

C:\Windows\System32\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\System32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\System32\services.exe => File is digitally signed

C:\Windows\System32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\System32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\System32\rpcss.dll => File is digitally signed

C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

 

 

LastRegBack: 2014-12-05 13:33

 

==================== End Of Log ============================



#11 Malickfan86

Malickfan86
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:08:33 PM

Posted 05 December 2014 - 02:20 PM

Are not intaud_WaveExtensible and iwdbus legitimate processes? They seem like they're related to Intel WiDi.



#12 Jo*

Jo*

  • Malware Response Team
  • 3,269 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:08:33 PM

Posted 05 December 2014 - 03:06 PM

Hello Malickfan86,

that's true, but [X] means, the files do not exist or were deleted.
We delete such orphans from the registry.

S3 intaud_WaveExtensible; \SystemRoot\system32\drivers\intelaud.sys [X]
S3 iwdbus; \SystemRoot\System32\drivers\iwdbus.sys [X]


Important Note: Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system.

- Kaspersky Lab report: Evaluating the threat level of software vulnerabilities
- Microsoft: Unprecedented Wave of Java Exploitation
- Ghosts of Java Haunt Users

Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 8 and save it to your desktop.
  • Under "Java Platform, Standard Edition"...click the "Download JRE" button to the right.
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • From the list, select (click on) the download link for your operating system (Windows x86 Offline: jre-8u25-windows-i586.exe or Windows x64: jre-8u25-windows-x64.exe) and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to StartBtn.gif > Control Panel, double-click on Add/Remove Programs or Programs and Features in Vista/Windows 7/8 and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java version.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-8u25-windows-i586.exe (or jre-8u25-windows-x64.exe for 64-bit) to install the newest version.
  • If using Windows 7/8 or Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
  • When the Java Setup - Welcome window opens, click the Install > button.
  • If offered any unwanted software or toolbars during installation, just uncheck the box before continuing unless you want it. The McAfee Security Scan Plus may be installed unless you uncheck the McAfee installation box when updating Java.
-- Java is updated frequently. If you want to be automatically notified of future updates, just turn on the Java Automatic Update feature and you will not have to remember to update when Java releases a new version.

Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications but it's not necessary. To disable the JQS service if you don't want to use it:
  • Go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter.
  • Click Ok and reboot your computer.

---


Malwarebytes' Anti-Malware
If this program is already installed: Skip the installation and run only the scan!
Download and install: Please download Malwarebytes Anti-Malware to your desktop.
  • Double-click mb3-setup-1878.1878-3.3.1.2183.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
    • Launch Malwarebytes Anti-Malware
    • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish.
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.
How to get logs: (Export log to save as txt)
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Export'.
  • Click 'Text file (*.txt)'
  • In the Save File dialog box which appears, click on Desktop.
  • In the File name: box type a name for your scan log.
  • A message box named 'File Saved' should appear stating "Your file has been successfully exported".
  • Click Ok
  • Attach that saved log to your next reply.
(Copy to clipboard for pasting into forum replies or tickets)
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply.

---


ESET Online Scanner

Connect any existing external hard drives and / or other removable media.

Note:
It is recommended to disable onboard antivirus program and antispyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your antivirus along with your antispyware programs.



If this program is already installed: Skip the installation and run only the scan!
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the esetOnline.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on esetSmartInstall.png to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the esetSmartInstallDesktopIcon.png icon on your desktop.
  • Check esetAcceptTerms.png
  • Click the esetStart.png button.
  • Accept any security warnings from your browser.
  • Check esetScanArchives.png
  • Make sure that the option "Remove found threats" is Unchecked
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push esetListThreats.png
  • Push esetExport.png, and save the file to your desktop using a unique name, such as MyEsetScan. Alternatively, look for report in C:\Program Files\ESET\ESET Online Scanner\log.txt. Include the contents of this report in your next reply.
  • Push the Back button.
  • Select Uninstall application on close check box and push esetFinish.png

---


How the computer is running now?


---


Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#13 Malickfan86

Malickfan86
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:08:33 PM

Posted 05 December 2014 - 04:31 PM

Is there a way to restore my recent file history? I keep a backup of my internet history so I'm good there.



#14 Malickfan86

Malickfan86
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:08:33 PM

Posted 05 December 2014 - 10:52 PM

It seems those logs were wrong or deceived by the viruses somehow. There were no older versions of Java in the Windows uninstall menu. I only found Java 8.25, which it seems is current. I reinstalled the 32-bit anyway and installed the 64-bit as well, even though I don't use a 64-bit web browser.

 

Here are the contents of MBAM.txt:

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 2014-12-05
Scan Time: 3:55:08 PM
Logfile: MBAM.txt
Administrator: Yes

Version: 2.00.4.1028
Malware Database: v2014.12.05.11
Rootkit Database: v2014.12.03.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 8.1
CPU: x64
File System: NTFS
User: Raj

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 456029
Time Elapsed: 39 min, 11 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled

Processes: 1
Spyware.Zbot.ED, C:\Users\Raj\AppData\Local\UPmedia\tmpD389.exe, 2672, Delete-on-Reboot, [152afb643844f64056616431fc09c838]

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 1
Spyware.Zbot.ED, HKU\S-1-5-21-1170371211-3377574443-1108615615-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|UPmedia, C:\Users\Raj\AppData\Local\UPmedia\tmpD389.exe, Quarantined, [152afb643844f64056616431fc09c838]

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 1
Spyware.Zbot.ED, C:\Users\Raj\AppData\Local\UPmedia\tmpD389.exe, Delete-on-Reboot, [152afb643844f64056616431fc09c838],

Physical Sectors: 0
(No malicious items detected)


(end)

 

Here are the contents of MyEsetScan.txt:

 

C:\$Recycle.Bin\S-1-5-21-1170371211-3377574443-1108615615-1003\$R2S2QP6.dll    a variant of Win32/Boaxxe.BY trojan
C:\$Recycle.Bin\S-1-5-21-1170371211-3377574443-1108615615-1003\$R6L6GWQ.dll    a variant of Win32/Boaxxe.BY trojan
C:\$Recycle.Bin\S-1-5-21-1170371211-3377574443-1108615615-1003\$RGXC0LU.dll    a variant of Win32/Boaxxe.BY trojan
C:\$Recycle.Bin\S-1-5-21-1170371211-3377574443-1108615615-1003\$RKJAPD9.dll    a variant of Win32/Boaxxe.BY trojan
C:\$Recycle.Bin\S-1-5-21-1170371211-3377574443-1108615615-1003\$RU827H8.old    a variant of Win32/Boaxxe.BY trojan
C:\$Recycle.Bin\S-1-5-21-1170371211-3377574443-1108615615-1003\$RZR1XHE.old    a variant of Win32/Boaxxe.BY trojan
C:\$Recycle.Bin\S-1-5-21-1170371211-3377574443-1108615615-1003\$RKPAV57\UCommsInterval.dll    a variant of Win32/Boaxxe.BY trojan
C:\ProgramData\Microsoft\Secure\Icons\IconsCacheHelper.dll    a variant of Win64/Sathurbot.A trojan
C:\ProgramData\Microsoft\Secure\Icons\temp\tmpA6E8.exe    a variant of Win32/Kryptik.CSCJ trojan
C:\ProgramData\Microsoft\Secure\Icons\temp\tmpD389.exe    Win32/Boaxxe.BR trojan
C:\Users\All Users\Microsoft\Secure\Icons\IconsCacheHelper.dll    a variant of Win64/Sathurbot.A trojan
C:\Users\All Users\Microsoft\Secure\Icons\temp\tmpA6E8.exe    a variant of Win32/Kryptik.CSCJ trojan
C:\Users\All Users\Microsoft\Secure\Icons\temp\tmpD389.exe    Win32/Boaxxe.BR trojan

 

I don't see any pop-ups or browser redirects so that's good, but clearly I'm still infected and this will probably be a problem again.


Edited by Malickfan86, 05 December 2014 - 10:53 PM.


#15 Jo*

Jo*

  • Malware Response Team
  • 3,269 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:08:33 PM

Posted 06 December 2014 - 05:31 AM

Is there a way to restore my recent file history? I keep a backup of my internet history so I'm good there.


http://www.dummies.com/how-to/content/how-to-restore-files-with-file-history-in-windows-.html?cid=RSS_DUMMIES2_CONTENT


***


Hello Malickfan86,
 

***


Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad.
Save it in the same location as / FSRT / FSRT64 (usually your desktop) as fixlist.txt

 
start
EmptyTemp:
C:\$Recycle.Bin\S-1-5-21-1170371211-3377574443-1108615615-1003\$R2S2QP6.dll
C:\$Recycle.Bin\S-1-5-21-1170371211-3377574443-1108615615-1003\$R6L6GWQ.dll
C:\$Recycle.Bin\S-1-5-21-1170371211-3377574443-1108615615-1003\$RGXC0LU.dll
C:\$Recycle.Bin\S-1-5-21-1170371211-3377574443-1108615615-1003\$RKJAPD9.dll
C:\$Recycle.Bin\S-1-5-21-1170371211-3377574443-1108615615-1003\$RU827H8.old
C:\$Recycle.Bin\S-1-5-21-1170371211-3377574443-1108615615-1003\$RZR1XHE.old
C:\$Recycle.Bin\S-1-5-21-1170371211-3377574443-1108615615-1003\$RKPAV57\UCommsInterval.dll
C:\ProgramData\Microsoft\Secure\Icons\IconsCacheHelper.dll
C:\ProgramData\Microsoft\Secure\Icons\temp\tmpA6E8.exe
C:\ProgramData\Microsoft\Secure\Icons\temp\tmpD389.exe
C:\Users\All Users\Microsoft\Secure\Icons\IconsCacheHelper.dll
C:\Users\All Users\Microsoft\Secure\Icons\temp\tmpA6E8.exe
C:\Users\All Users\Microsoft\Secure\Icons\temp\tmpD389.exe
end


NOTICE: This script was written specifically for this user, for use on that particular machine.
Running this on another machine may cause damage to your operating system


Run FRST / FSRT64 again like we did before but this time press the Fix button just once and wait.
The tool will make a log (Fixlog.txt) please post it to your reply.


***


FRST / FSRT64: run it again.
  • Right-click FRST / FSRT64 then click "Run as administrator" (XP users: click run after receipt of Windows Security Warning - Open File).
  • When the tool opens, click Yes to disclaimer.
  • Press the Scan button.
  • When finished, it will produce a log called FRST.txt in the same directory the tool was run from.
  • Please copy and paste the log in your next reply.

***


Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users