Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Laptop infected with DNS Changer Virus - Trojan.DNSChanger.


  • This topic is locked This topic is locked
4 replies to this topic

#1 gopi

gopi

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:01:58 AM

Posted 28 April 2015 - 08:19 AM

Hi,

My laptop is infected with DNS Changer Virus. When I click on any link on a webpage, I keep getting some popups. I ran the Malwarebytes Anti Malware and it found two viruses Trojan.DNSChanger and it got deleted. After the laptop was restarted and Malwarebytes Anti Malware was run again it again shows the same two viruses Trojan.DNSChanger. It is not getting deleted.

 

Now when I run Malwarebytes Anti Malware it is not even showing up.

 

I ran the AdwCleaner and Farbar Recovery Scan Tool but its still there.

 

I ran the RogueKiller and deleted the IP addresses and it says they are replaced but its still there.

 

Here is the log file.

 

RogueKiller Log File

 

RogueKiller V10.6.1.0 (x64) [Apr 24 2015] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 8.1 (6.3.9200 ) 64 bits version
Started in : Normal mode
User : Gopi [Administrator]
Started from : C:\Users\Gopi\Downloads\RogueKillerX64.exe
Mode : Scan -- Date : 04/28/2015  18:24:47

¤¤¤ Processes : 2 ¤¤¤
[Suspicious.Path] ZDServ.exe(2016) -- C:\ProgramData\ZDSupport\ZDServ\ZDServ.exe[7] -> Killed [TermProc]
[Suspicious.Path] CancelAutoPlay_Server.exe(4564) -- C:\ProgramData\ZDSupport\ZDServ\CancelAutoPlay_Server.exe[7] -> Killed [TermProc]

¤¤¤ Registry : 8 ¤¤¤
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\ZDServ ("C:\ProgramData\ZDSupport\ZDServ\ZDServ.exe") -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ZDServ ("C:\ProgramData\ZDSupport\ZDServ\ZDServ.exe") -> Found
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-4180733224-755957868-2831150804-1001\Software\Microsoft\Internet Explorer\Main | Start Page :
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-4180733224-755957868-2831150804-1001\Software\Microsoft\Internet Explorer\Main | Start Page :
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 213.163.64.81 8.8.8.8 [NETHERLANDS (NL)][-]  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 213.163.64.81 8.8.8.8 [NETHERLANDS (NL)][-]  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{081A194E-BA88-47CC-B396-D1E54B0522BF} | DhcpNameServer : 213.163.64.81 8.8.8.8 [NETHERLANDS (NL)][-]  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{081A194E-BA88-47CC-B396-D1E54B0522BF} | DhcpNameServer : 213.163.64.81 8.8.8.8 [NETHERLANDS (NL)][-]  -> Found

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 0 [Too big!] ¤¤¤

¤¤¤ Antirootkit : 1 (Driver: Loaded) ¤¤¤
[IAT:Inl(Hook.IEAT)] (explorer.exe) MSVCR100.dll - abort : Unknown @ 0x6d73cea6 (call 0x66b38ede)

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: Hitachi HTS545050A7E380 +++++
--- User ---
[MBR] 4378fb3d7c2974eb29e4b56e41f106fb
[BSP] f4f6cdff4cff0f29f811d9c7618422a5 : Empty MBR Code
Partition table:
0 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 2048 | Size: 400 MB
1 - [MAN-MOUNT] EFI system partition | Offset (sectors): 821248 | Size: 300 MB
2 - [MAN-MOUNT] Microsoft reserved partition | Offset (sectors): 1435648 | Size: 128 MB
3 - Basic data partition | Offset (sectors): 1697792 | Size: 458352 MB
4 - [SYSTEM][MAN-MOUNT]  | Offset (sectors): 940402688 | Size: 350 MB
5 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 941119488 | Size: 17409 MB
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: SATA SSD +++++
--- User ---
[MBR] 6d4d0ec76f09509db3b7bf48aa12114b
[BSP] 16ce8dd62663846ff2d4ffd4568656e7 : Empty MBR Code
Partition table:
0 - HFS | Offset (sectors): 7839744 | Size: 15259 MB
1 - [MAN-MOUNT] Basic data partition | Offset (sectors): 2048 | Size: 3826 MB
User = LL1 ... OK
User = LL2 ... OK


============================================
RKreport_SCN_04062015_172105.log - RKreport_DEL_04062015_172241.log - RKreport_SCN_04092015_125750.log - RKreport_SCN_04092015_141809.log
RKreport_SCN_04092015_143440.log - RKreport_SCN_04092015_191041.log - RKreport_DEL_04092015_191357.log - RKreport_SCN_04092015_192958.log
RKreport_SCN_04102015_171821.log - RKreport_SCN_04102015_173008.log - RKreport_DEL_04102015_173157.log - RKreport_SCN_04102015_174854.log
RKreport_SCN_04162015_170111.log - RKreport_SCN_04202015_185901.log - RKreport_DEL_04202015_190321.log - RKreport_SCN_04202015_191951.log
RKreport_DEL_04202015_192909.log - RKreport_SCN_04212015_164908.log - RKreport_DEL_04212015_171553.log - RKreport_SCN_04222015_190020.log
RKreport_DEL_04222015_190345.log - RKreport_SCN_04232015_135009.log - RKreport_DEL_04232015_135346.log - RKreport_SCN_04232015_165537.log
RKreport_DEL_04232015_175842.log

 

 

I ran the Malwarebytes Anti-Rootkit and and it say it clean but the virus is still there. When I click on something I still getting popups.

I appreciate some help on getting rid of these viruses

Thanks
Gopi


Edited by Queen-Evie, 28 April 2015 - 08:40 AM.
moved from Networking to Malware Removal Logs. RogueKiller logs are allowed only in MRL


BC AdBot (Login to Remove)

 


#2 dbrisendine

dbrisendine

  • Malware Response Team
  • 508 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:BC, Canada
  • Local time:11:58 PM

Posted 03 May 2015 - 01:29 AM

Hi gopi,

Welcome to BleepingComputer. My name is dbrisendine and I'll be helping you with this problem. Before I get into the removal of malware / correction of your problem, I need you to be aware of the following:
  • Please read all of my response through at least once before attempting to follow the procedures described.I would recommend printing them out, if you can, as you can check off each step as you complete it. Also, as some of the cleaning may be done in Safe Mode and there will be no internet connection then, you will find that having the steps printed for reference speeds the cleaning process along. If there's anything you don't understand or isn't totally clear to you, please come back to me for clarification before you start those steps.
  • All of the assistants and staff at BleepingComputer are here on a volunteer basis; please respect our time given to the cause of helping others.If you are going to be away for more than 4 days, please let me know here. (I will do the same for you.) We do realize that 'life happens' and situations arise unexpectedly; we just ask that you keep us up to date.
  • Malware removal is a complex, multiple step process; please stay with me on this thread (don't start another thread) until I declare that your logs are clean and you are good to go. The absence of apparent issues does not mean your system is clean; I will tell you when everything looks good for you to go and help you remove the tools we have used.
  • If any of the security programs on your system should give any warnings about the software tools I ask you to download and use, please do not be alarmed.All of the tools I will have you use are safe to use (as instructed) and malware free.
  • While we strive to disrupt your system as little as possible, things happen.If you can, it would be best to back up your personal files now (if you do not already have a backup). You can store these on a CD/DVD, USB drive or stick, anywhere but on your same system. This will save you from possible anguish later if something unforeseen happens.
  • Please do not run any other tools or scanners than what I ask you to.Some of the openly available software made for malware removal can make changes to your system that interfere with the cleaning of the malware, or even destroy your system. I will use only what the situation calls for and direct you in the proper use of that software.
  • Please do not attach any log files to your replies unless I specifically ask you.Instead please copy and paste so as to include the log in your reply. You can do this in separate posts if it's easier for you.


    - Save ALL Tools to your Desktop-

    All the tools that I will have you download should be placed on the desktop unless otherwise stated. If you are familiar with how to save files to the desktop then you can skip this step.

    Since you are continuing with this step then I assume you are unfamiliar with saving files to your desktop. As a result it's easiest if you configure your browser(s) to download any tools to the desktop by default. Please use the appropriate instructions below depending on the browser you are using.
    Chrome.JPGGoogle Chrome - Click the "Customize and control Google Chrome" button in the upper right-corner of the browser.Settings.JPG Choose Settings. at the bottom of the screen click the
    "Show advanced settings..." link. Scroll down to find the Downloads section and click the Change... button. Select your desktop and click OK.
    Firefox.JPGMozilla Firefox - Click the "Open Menu" button in the upper right-corner of the browser. Settings.JPG Choose Options. In the downloads section, click the Browse button, click on the Desktop folder
    and the click the "Select Folder" button. Click OK to get out of the Options menu.
    IE.jpgInternet Explorer - Click the Tools menu in the upper right-corner of the browser. Tools.JPG Select View downloads. Select the Options link in the lower left of the window. Click Browse and
    select the Desktop and then choose the Select Folder button. Click OK to get out of the download options screen and then click Close to get out of the View Downloads screen.
    NOTE: IE8 Does not support changing download locations in this manner. You will need to download the tool(s) to the default folder, usually Downloads, then copy them to the desktop.

Let's get started....

If you still would like some help with this problem and are not recieving any help anywhere else then please provide a set of fresh FRST logs.

Please download Farbar Recovery Scan Tool 64bit and save it to your Desktop.
If you still have the old logs on your desktop, please delete them now.
  • Right click the FRST file on your desktop and select "Run as Administrator..." (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • If an update is available, the program will inform you and download the update. Allow it do this please.
  • Once the tool shows "The tool is ready to use." message, please check the Addition.txt in the Optional Scan section.
  • Press the Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

unite_blue_zpsba2e96f7.png
 
Please do not ask for Malware help via PM (Private Messages).  Please post in the forum boards instead.  Thanks.

My help is always free but if you would like to help encourage me or show your thanks -----> btn_donate_LG.gif


#3 gopi

gopi
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:01:58 AM

Posted 11 May 2015 - 08:55 AM

Hi Mr.Dbrisendine,

 

Sorry for the delayed reply. I was sick for almost a week so couldn't get hold of a computer.

 

I reconfigured the router and I don't have the popups. I ran RogueKiller and now I don't get those strange IP addresses, but I am still not sure if my computer is clean.

 

I ran FRST and I am attaching the FRST log file and the Addition.txt file below.

 

FRST Log File

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 09-05-2015
Ran by Gopi (administrator) on ACER-LAPTOP on 11-05-2015 19:08:14
Running from C:\Users\Gopi\Desktop
Loaded Profiles: UpdatusUser & Gopi (Available profiles: UpdatusUser & Gopi & Guest)
Platform: Windows 8.1 Single Language (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgcsrva.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\AdminService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
(Condusiv Technologies) C:\Program Files\Condusiv Technologies\ExpressCache\ExpressCache.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Instant Service\Sleep Memory Optimizer\FFSService.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
(Intuit) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
(Dritek System INC.) C:\Windows\RfBtnSvc64.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe
() C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Dolby Laboratories Inc.) C:\Dolby PCEE4\pcee4.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgui.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerTray.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerEvent.exe
(CyberLink) C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe
(WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
() C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe
() C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Theft Shield\USecuAppClient.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2876304 2013-01-18] (ELAN Microelectronics Corp.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12937872 2012-07-27] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1214608 2012-07-10] (Realtek Semiconductor)
HKLM-x32\...\Run: [mcui_exe] => "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
HKLM-x32\...\Run: [Dolby Home Theater v4] => C:\Dolby PCEE4\pcee4.exe [508656 2012-07-25] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [Norton Online Backup] => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [2994880 2012-08-15] (Symantec Corporation)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-11-20] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Intuit SyncManager] => C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe [2771832 2012-12-07] (Intuit Inc. All rights reserved.)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2015\avgui.exe [3723728 2015-03-06] (AVG Technologies CZ, s.r.o.)
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe [132736 2013-01-28] (Qualcomm Atheros Commnucations)
HKU\S-1-5-21-4180733224-755957868-2831150804-1001\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [516608 2014-10-29] (Microsoft Corporation)
HKU\S-1-5-21-4180733224-755957868-2831150804-1002\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7806744 2015-03-24] (SUPERAntiSpyware)
HKU\S-1-5-21-4180733224-755957868-2831150804-1002\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7451928 2015-03-13] (Piriform Ltd)
HKU\S-1-5-21-4180733224-755957868-2831150804-1002\...\MountPoints2: {e9bc4324-9cfa-11e4-bede-7c05079eabca} - "E:\AutoRun.exe" 
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk [2014-02-26]
ShortcutTarget: QuickBooks Update Agent.lnk -> C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
Startup: C:\Users\Gopi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk [2015-03-30]
ShortcutTarget: ERUNT AutoBackup.lnk -> C:\Program Files (x86)\ERUNT\AUTOBACK.EXE ()
Startup: C:\Users\Gopi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Deskjet 1510 series.lnk [2014-01-31]
ShortcutTarget: Monitor Ink Alerts - HP Deskjet 1510 series.lnk -> C:\Program Files\HP\HP Deskjet 1510 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKU\S-1-5-21-4180733224-755957868-2831150804-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://acer13.msn.com
HKU\S-1-5-21-4180733224-755957868-2831150804-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer13.msn.com
HKU\S-1-5-21-4180733224-755957868-2831150804-1002\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/en-in/?ocid=iehp
HKU\S-1-5-21-4180733224-755957868-2831150804-1002\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-4180733224-755957868-2831150804-1002 -> {45276C57-47CC-4A63-A679-D5B04338C339} URL = 
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-03-10] (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_45\bin\ssv.dll [2015-04-17] (Oracle Corporation)
BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\IEPlugIn.dll [2013-01-28] (Qualcomm Atheros Commnucations)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-03-10] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-04-17] (Oracle Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-04-17] (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-04-17] (Oracle Corporation)
Handler-x32: intu-help-qb3 - {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - C:\Program Files (x86)\Intuit\QuickBooks 2010\HelpAsyncPluggableProtocol.dll [2014-02-27] (Intuit, Inc.)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-03-11] (Microsoft Corporation)
Handler-x32: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\WINDOWS\SysWOW64\mscoree.dll [2013-08-22] (Microsoft Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 203.145.184.40 203.145.184.32
 
FireFox:
========
FF ProfilePath: C:\Users\Gopi\AppData\Roaming\Mozilla\Firefox\Profiles\e4zlhpco.default-1428500989997
FF Homepage: www.google.com
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-15] ()
FF Plugin: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-04-17] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-04-17] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-15] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1218158.dll [2015-04-17] (Adobe Systems, Inc.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-03-30] (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-04-17] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-04-17] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-04-14] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-06] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-06] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll [2014-03-21] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
 
Chrome: 
=======
CHR StartupUrls: Profile 2 -> "https://www.google.com/"
CHR Profile: C:\Users\Gopi\AppData\Local\Google\Chrome\User Data\Profile 2
CHR Extension: (Bookmark Manager) - C:\Users\Gopi\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-05-01]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Gopi\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-26]
CHR Extension: (Google Wallet) - C:\Users\Gopi\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-03-26]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-23] (SUPERAntiSpyware.com)
R2 AtherosSvc; C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe [227456 2013-01-28] (Qualcomm Atheros Commnucations) [File not signed]
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [3416016 2015-03-06] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [309232 2015-03-06] (AVG Technologies CZ, s.r.o.)
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-29] (Microsoft Corporation)
R2 CCDMonitorService; C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe [2615368 2013-02-19] (Acer Incorporated)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2719928 2015-04-22] (Microsoft Corporation)
S3 DeviceFastLaneService; C:\Program Files\Acer\Acer Device Fast-lane\DeviceFastLaneSvc.exe [469648 2012-11-17] (Acer Incorporated)
R3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [662088 2013-03-15] (Acer Incorporated)
R2 ExpressCache; C:\Program Files\Condusiv Technologies\ExpressCache\ExpressCache.exe [107944 2013-01-08] (Condusiv Technologies)
R2 FFSOpzSvc; C:\Program Files\Acer\Acer Instant Service\Sleep Memory Optimizer\FFSService.exe [161384 2012-03-12] (Acer Incorporated)
R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [227904 2014-03-12] (WildTangent)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [319376 2014-10-01] (Intel Corporation)
S3 irstrtsv; C:\Windows\SysWOW64\irstrtsv.exe [193576 2012-07-19] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation)
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [3943104 2012-08-15] (Symantec Corporation)
R2 QBCFMonitorService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [45056 2013-02-01] (Intuit) [File not signed]
S3 QBFCService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [61440 2009-07-23] (Intuit Inc.) [File not signed]
R2 RfButtonDriverService; C:\Windows\RfBtnSvc64.exe [93296 2013-05-21] (Dritek System INC.)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S3 USecuAppSvc; C:\Program Files\Acer\Acer Theft Shield\USecuAppSvc.exe [345744 2012-11-13] (Acer Incorporated)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-04] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-04] (Microsoft Corporation)
S2 ZDServ; C:\ProgramData\ZDSupport\ZDServ\ZDServ.exe [427264 2014-04-22] ()
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S0 Avgboota; C:\Windows\System32\DRIVERS\avgboota.sys [20496 2013-09-04] (AVG Technologies CZ, s.r.o.)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [153368 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [280544 2015-02-24] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [203544 2014-11-18] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [243480 2014-08-28] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [341472 2015-02-03] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [133088 2015-02-05] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgwfpa; C:\Windows\system32\DRIVERS\avgwfpa.sys [289248 2015-02-20] (AVG Technologies CZ, s.r.o.)
S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-01-28] (Qualcomm Atheros)
S3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-05] (Microsoft Corporation)
R1 ccSet_NARA; C:\Windows\system32\drivers\NARAx64\0401000.00E\ccSetx64.sys [168608 2012-05-26] (Symantec Corporation)
R1 excfs; C:\Windows\System32\DRIVERS\excfs.sys [26024 2013-01-08] (Condusiv Technologies)
R0 excsd; C:\Windows\System32\DRIVERS\excsd.sys [112552 2013-01-08] (Condusiv Technologies)
R3 irstrtdv; C:\Windows\System32\drivers\irstrtdv.sys [43800 2012-07-20] (Intel Corporation)
S3 mbamchameleon; C:\WINDOWS\system32\drivers\mbamchameleon.sys [107736 2015-04-22] (Malwarebytes Corporation)
R3 Ps2Kb2Hid; C:\Windows\System32\drivers\aPs2Kb2Hid.sys [26736 2013-05-21] (Dritek System Inc.)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-13] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-04] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-05-11 19:08 - 2015-05-11 19:09 - 00020751 _____ () C:\Users\Gopi\Desktop\FRST.txt
2015-05-11 19:06 - 2015-05-11 19:06 - 02102784 _____ (Farbar) C:\Users\Gopi\Desktop\FRST64.exe
2015-05-11 18:54 - 2015-05-11 18:54 - 00000056 _____ () C:\Users\Gopi\Desktop\DHCP Name Server.txt
2015-05-11 18:42 - 2015-05-11 18:42 - 00496680 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2015-05-11 18:42 - 2015-05-11 18:42 - 00000077 _____ () C:\WINDOWS\setupact.log
2015-05-11 18:42 - 2015-05-11 18:42 - 00000000 _____ () C:\WINDOWS\setuperr.log
2015-05-11 15:16 - 2015-05-11 15:17 - 20726872 _____ () C:\Users\Gopi\Desktop\RogueKillerX64.exe
2015-05-11 14:33 - 2015-05-11 14:46 - 186165736 _____ (AVG Technologies) C:\Users\Gopi\Downloads\avg_free_x64_all_2015_ltst_221.exe
2015-05-11 14:28 - 2015-05-11 14:31 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\Gopi\Downloads\mbam-setup-2.1.6.1022.exe
2015-05-11 14:28 - 2015-05-11 14:28 - 01384064 _____ (Skype Technologies S.A.) C:\Users\Gopi\Downloads\SkypeSetup.exe
2015-05-11 14:27 - 2015-05-11 14:29 - 06484352 _____ (Piriform Ltd) C:\Users\Gopi\Downloads\ccsetup505.exe
2015-05-11 14:23 - 2015-05-11 17:07 - 00040739 _____ () C:\WINDOWS\WindowsUpdate.log
2015-05-06 15:58 - 2015-04-23 18:18 - 00450831 ____R () C:\WINDOWS\system32\Drivers\etc\hosts.20150506-155811.backup
2015-05-05 16:47 - 2015-05-05 16:47 - 00000977 _____ () C:\Users\Gopi\Downloads\CHEA12957A050515.csi
2015-04-30 18:58 - 2015-05-05 17:02 - 00010766 _____ () C:\Users\Gopi\Desktop\TDS For Gokul and Gopi For FY 2014-2015.xlsx
2015-04-30 17:22 - 2015-04-30 17:23 - 12713553 _____ () C:\Users\Gopi\Desktop\To Ramesh.zip
2015-04-30 17:02 - 2015-04-30 17:22 - 00000000 ____D () C:\Users\Gopi\Desktop\To Ramesh
2015-04-29 14:36 - 2015-04-29 14:37 - 00448512 _____ (OldTimer Tools) C:\Users\Gopi\Downloads\TFC.exe
2015-04-28 17:22 - 2015-04-28 17:25 - 20594776 _____ () C:\Users\Gopi\Downloads\RogueKillerX64.exe
2015-04-28 16:42 - 2015-04-28 16:42 - 00000091 _____ () C:\Users\Gopi\Desktop\bleeping.txt
2015-04-27 13:33 - 2015-04-27 17:13 - 00000000 ____D () C:\Users\Gopi\Desktop\mbar
2015-04-23 18:18 - 2015-04-21 18:50 - 00450831 ____R () C:\WINDOWS\system32\Drivers\etc\hosts.20150423-181857.backup
2015-04-23 17:59 - 2015-04-23 17:59 - 00003132 _____ () C:\WINDOWS\System32\Tasks\{F2324E76-1712-443B-9CBC-7C6EAE1E32D7}
2015-04-23 17:57 - 2015-04-23 17:57 - 00002180 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth.lnk
2015-04-23 17:56 - 2015-04-23 17:57 - 03164444 _____ () C:\Users\Gopi\Downloads\googleearthinstall.log
2015-04-23 16:36 - 2015-04-23 17:05 - 13835576 _____ (Adobe Systems Inc.) C:\Users\Gopi\Downloads\Shockwave_Installer_Full.exe
2015-04-23 16:35 - 2015-04-23 16:46 - 04426120 _____ (Piriform Ltd) C:\Users\Gopi\Downloads\rcsetup152.exe
2015-04-23 16:30 - 2015-04-23 16:47 - 36191048 _____ () C:\Users\Gopi\Downloads\GoogleEarthWin.exe
2015-04-23 16:29 - 2015-04-23 17:57 - 01722906 _____ (AVG Technologies) C:\Users\Gopi\Downloads\avg_free_x64_all_2015_ltst_221.exe.p8y996o.partial
2015-04-22 19:24 - 2015-04-27 17:13 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-04-22 19:08 - 2015-04-22 19:14 - 16502728 _____ (Malwarebytes Corp.) C:\Users\Gopi\Downloads\mbar-1.09.1.1004.exe
2015-04-21 22:23 - 2015-04-21 22:23 - 00002028 _____ () C:\Users\Public\Desktop\HP Print and Scan Doctor.lnk
2015-04-21 18:50 - 2015-04-09 12:10 - 00450831 ____R () C:\WINDOWS\system32\Drivers\etc\hosts.20150421-185050.backup
2015-04-21 13:24 - 2015-04-21 13:24 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-04-20 16:01 - 2015-04-20 16:01 - 00000430 _____ () C:\Users\Gopi\Desktop\bleeping computer.txt
2015-04-17 14:38 - 2015-04-17 14:38 - 00000000 ____D () C:\Program Files (x86)\Java
2015-04-17 13:26 - 2015-04-17 13:26 - 00561576 _____ (Oracle Corporation) C:\Users\Gopi\Downloads\chromeinstall-8u45.exe
2015-04-17 13:25 - 2015-04-17 13:28 - 43159464 _____ (Oracle Corporation) C:\Users\Gopi\Downloads\jre-8u45-windows-x64.exe
2015-04-15 19:54 - 2015-04-15 19:54 - 00000000 ____D () C:\WINDOWS\system32\appraiser
2015-04-15 19:17 - 2015-03-24 03:29 - 07476032 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-04-15 19:17 - 2015-03-24 03:29 - 01733952 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2015-04-15 19:17 - 2015-03-24 03:29 - 00360480 _____ (Microsoft Corporation) C:\WINDOWS\system32\sechost.dll
2015-04-15 19:17 - 2015-03-24 03:28 - 01498872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2015-04-15 19:17 - 2015-03-24 03:15 - 00257216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sechost.dll
2015-04-15 19:17 - 2015-03-20 09:42 - 00246272 _____ (Microsoft Corporation) C:\WINDOWS\system32\microsoft-windows-system-events.dll
2015-04-15 19:17 - 2015-03-20 09:40 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64.dll
2015-04-15 19:17 - 2015-03-20 09:40 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64cpu.dll
2015-04-15 19:17 - 2015-03-20 08:47 - 00411648 _____ (Microsoft Corporation) C:\WINDOWS\system32\tracerpt.exe
2015-04-15 19:17 - 2015-03-20 08:11 - 00369152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tracerpt.exe
2015-04-15 19:17 - 2015-03-20 08:10 - 00950784 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdh.dll
2015-04-15 19:17 - 2015-03-20 07:46 - 00749568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdh.dll
2015-04-15 19:17 - 2015-03-13 08:28 - 00259072 _____ (Microsoft Corporation) C:\WINDOWS\system32\pku2u.dll
2015-04-15 19:17 - 2015-03-13 08:07 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\pku2u.dll
2015-04-15 19:17 - 2015-02-21 05:19 - 00780800 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsm.dll
2015-04-15 19:16 - 2015-03-13 10:02 - 24980480 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-04-15 19:16 - 2015-03-13 09:38 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-04-15 19:16 - 2015-03-13 09:37 - 02886144 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-04-15 19:16 - 2015-03-13 09:23 - 00816128 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-04-15 19:16 - 2015-03-13 09:20 - 06025216 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-04-15 19:16 - 2015-03-13 09:12 - 19695616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-04-15 19:16 - 2015-03-13 08:58 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-04-15 19:16 - 2015-03-13 08:56 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2015-04-15 19:16 - 2015-03-13 08:52 - 02278400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-04-15 19:16 - 2015-03-13 08:47 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-04-15 19:16 - 2015-03-13 08:46 - 00664064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-04-15 19:16 - 2015-03-13 08:38 - 00720384 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2015-04-15 19:16 - 2015-03-13 08:37 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-04-15 19:16 - 2015-03-13 08:30 - 14397440 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-04-15 19:16 - 2015-03-13 08:20 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-04-15 19:16 - 2015-03-13 08:19 - 04305408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-04-15 19:16 - 2015-03-13 08:15 - 02358784 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-04-15 19:16 - 2015-03-13 08:14 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-04-15 19:16 - 2015-03-13 08:04 - 12825600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-04-15 19:16 - 2015-03-13 08:03 - 01548288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-04-15 19:16 - 2015-03-13 07:52 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-04-15 19:16 - 2015-03-13 07:50 - 01888256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-04-15 19:16 - 2015-03-13 07:46 - 01311232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-04-15 19:16 - 2015-03-13 07:44 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-04-15 19:15 - 2015-03-23 04:15 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
2015-04-15 19:15 - 2015-03-23 03:39 - 01111552 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2015-04-15 19:15 - 2015-03-23 03:39 - 00957440 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2015-04-15 19:15 - 2015-03-23 03:39 - 00769024 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2015-04-15 19:15 - 2015-03-23 03:39 - 00726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2015-04-15 19:15 - 2015-03-23 03:39 - 00419328 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2015-04-15 19:15 - 2015-03-23 03:39 - 00030720 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2015-04-15 19:15 - 2015-03-14 14:24 - 00133256 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2015-04-15 19:15 - 2015-03-14 07:26 - 00066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2015-04-15 19:15 - 2015-03-14 07:26 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
2015-04-15 19:15 - 2015-03-14 07:21 - 00015360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wu.upgrade.ps.dll
2015-04-15 19:15 - 2015-03-14 07:07 - 00267264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSetupUI.dll
2015-04-15 19:15 - 2015-03-14 06:44 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wups.dll
2015-04-15 19:15 - 2015-03-14 05:52 - 03678720 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2015-04-15 19:15 - 2015-03-14 05:42 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2015-04-15 19:15 - 2015-03-14 05:42 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2015-04-15 19:15 - 2015-03-14 05:39 - 00200192 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2015-04-15 19:15 - 2015-03-14 05:38 - 00408064 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2015-04-15 19:15 - 2015-03-14 05:38 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2015-04-15 19:15 - 2015-03-14 05:36 - 02373632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2015-04-15 19:15 - 2015-03-14 05:36 - 00891392 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2015-04-15 19:15 - 2015-03-14 05:32 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
2015-04-15 19:15 - 2015-03-14 05:32 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
2015-04-15 19:15 - 2015-03-14 05:29 - 00721920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2015-04-15 19:15 - 2015-03-14 05:29 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2015-04-15 19:15 - 2015-03-04 15:55 - 00377152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2015-04-15 19:15 - 2015-03-04 08:34 - 00075264 _____ (Microsoft Corporation) C:\WINDOWS\system32\clfsw32.dll
2015-04-15 19:15 - 2015-03-04 07:49 - 00058880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\clfsw32.dll
2015-04-15 19:15 - 2015-02-24 14:02 - 00991552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2015-04-15 19:15 - 2014-12-03 04:39 - 00192000 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2015-04-14 13:41 - 2015-04-14 13:41 - 00222208 _____ () C:\Users\Gopi\Desktop\Approgence Account - 602705037599 - 1 April 2014 - 31 March 2015.xls
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-05-11 19:08 - 2015-03-31 19:35 - 00000000 ____D () C:\FRST
2015-05-11 18:54 - 2014-02-06 14:47 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-05-11 18:47 - 2013-12-30 01:59 - 00000930 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-05-11 18:43 - 2015-04-06 17:15 - 00037624 _____ () C:\WINDOWS\system32\Drivers\TrueSight.sys
2015-05-11 18:43 - 2013-12-30 01:58 - 00000926 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-05-11 18:42 - 2013-08-22 20:15 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-05-11 18:41 - 2013-08-22 18:55 - 00524288 ___SH () C:\WINDOWS\system32\config\BBI
2015-05-11 18:32 - 2013-08-22 21:06 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-05-11 16:48 - 2014-01-08 03:58 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-4180733224-755957868-2831150804-1002
2015-05-11 14:27 - 2015-03-25 16:28 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2015-05-11 14:25 - 2014-02-27 13:46 - 00000000 ____D () C:\ProgramData\MFAData
2015-05-11 14:21 - 2014-01-31 13:54 - 00632320 ___SH () C:\Users\Gopi\Desktop\Thumbs.db
2015-05-11 00:59 - 2013-08-22 21:06 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-05-07 02:16 - 2014-07-29 01:01 - 00136408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-05-07 00:26 - 2014-01-08 03:50 - 00000000 ____D () C:\Users\Gopi\AppData\Local\CrashDumps
2015-05-06 19:30 - 2013-08-22 21:06 - 00000000 ____D () C:\WINDOWS\system32\NDF
2015-05-06 17:06 - 2014-01-16 04:08 - 00000000 ____D () C:\Users\Gopi
2015-05-06 00:54 - 2014-04-14 12:17 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2015-05-06 00:14 - 2013-08-22 18:55 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2015-05-05 16:49 - 2014-01-17 01:37 - 00000000 ____D () C:\Users\Gopi\AppData\Roaming\PrimoPDF
2015-05-01 20:48 - 2013-12-30 02:01 - 00002207 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-04-30 17:32 - 2013-12-28 19:26 - 00000000 ____D () C:\Users\Gopi\AppData\Local\Packages
2015-04-23 18:06 - 2015-03-26 14:55 - 00000000 ____D () C:\Users\Gopi\AppData\Roaming\Skype
2015-04-23 18:05 - 2014-04-22 17:39 - 00000000 ____D () C:\Program Files\Recuva
2015-04-23 17:57 - 2013-12-30 01:58 - 00000000 ____D () C:\Program Files (x86)\Google
2015-04-22 19:24 - 2014-07-29 01:00 - 00107736 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-04-21 22:43 - 2015-04-04 14:30 - 00000000 ____D () C:\Users\Gopi\Desktop\St. George's
2015-04-21 22:22 - 2014-01-08 03:01 - 00000000 ____D () C:\Program Files (x86)\HP
2015-04-21 22:10 - 2014-02-06 14:26 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-04-21 18:41 - 2014-01-16 18:52 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2015-04-21 16:51 - 2015-03-24 15:40 - 00000000 ____D () C:\Users\Gopi\Documents\samsung
2015-04-21 16:48 - 2015-03-24 15:40 - 00001989 _____ () C:\Users\Public\Desktop\Samsung Kies 3.lnk
2015-04-20 19:29 - 2013-08-22 21:06 - 00000000 ____D () C:\WINDOWS\rescache
2015-04-17 13:23 - 2014-05-08 16:44 - 00000000 ____D () C:\ProgramData\Oracle
2015-04-17 13:22 - 2014-07-21 15:12 - 00000000 ____D () C:\Program Files\Java
2015-04-17 13:16 - 2014-07-21 15:12 - 00111016 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge-64.dll
2015-04-16 16:48 - 2012-07-26 13:29 - 00000000 ____D () C:\WINDOWS\CbsTemp
2015-04-16 14:00 - 2013-08-22 21:06 - 00000000 ____D () C:\WINDOWS\AppCompat
2015-04-15 19:54 - 2015-03-13 14:55 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel
2015-04-15 19:48 - 2014-01-05 23:20 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-04-15 19:44 - 2014-01-05 23:20 - 128913832 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-04-15 00:58 - 2014-02-06 14:47 - 00003718 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2015-04-14 04:54 - 2015-03-12 13:40 - 00792056 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-04-14 04:54 - 2015-03-12 13:40 - 00178168 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
 
==================== Files in the root of some directories =======
 
2015-03-12 16:39 - 2015-03-13 02:02 - 0188632 _____ () C:\Users\Gopi\AppData\Local\ars.cache
2015-03-12 16:39 - 2015-03-13 02:02 - 0519696 _____ () C:\Users\Gopi\AppData\Local\census.cache
2015-03-12 16:26 - 2015-03-12 16:26 - 0000036 _____ () C:\Users\Gopi\AppData\Local\housecall.guid.cache
2015-03-12 16:35 - 2015-03-12 16:35 - 0000010 _____ () C:\Users\Gopi\AppData\Local\sponge.last.runtime.cache
2014-01-08 03:00 - 2014-01-08 03:00 - 0000057 _____ () C:\ProgramData\Ament.ini
2013-05-21 11:13 - 2013-05-21 11:13 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
 
Some content of TEMP:
====================
C:\Users\Gopi\AppData\Local\Temp\dllnt_dump.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-05-07 02:25
 
==================== End Of Log ============================
 
 
Addition.txt File
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 09-05-2015
Ran by Gopi at 2015-05-11 19:10:38
Running from C:\Users\Gopi\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-4180733224-755957868-2831150804-500 - Administrator - Disabled)
Gopi (S-1-5-21-4180733224-755957868-2831150804-1002 - Administrator - Enabled) => C:\Users\Gopi
Guest (S-1-5-21-4180733224-755957868-2831150804-501 - Limited - Enabled) => C:\Users\Guest
HomeGroupUser$ (S-1-5-21-4180733224-755957868-2831150804-1006 - Limited - Enabled)
UpdatusUser (S-1-5-21-4180733224-755957868-2831150804-1001 - Limited - Enabled) => C:\Users\UpdatusUser
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: AVG AntiVirus Free Edition 2015 (Enabled - Up to date) {4D41356F-32AD-7C42-C820-63775EE4F413}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
AS: AVG AntiVirus Free Edition 2015 (Enabled - Up to date) {F620D48B-1497-73CC-F290-58052563BEAE}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
3G Mobile Hotspot (HKLM-x32\...\{708972A3-CE01-4543-A312-3D46062C1B2D}) (Version: 1.0.0.2 - ZTE Corporation)
7-Zip 9.22beta (HKLM-x32\...\7-Zip) (Version:  - )
Acer Device Fast-lane (HKLM\...\{3F62D2FD-13C1-49A2-8B5D-47623D9460D7}) (Version: 1.00.3011 - Acer Incorporated)
Acer Instant Update Service (HKLM\...\{81C6F800-A69B-4E70-9DC0-74732F8B00E7}) (Version: 1.00.3015 - Acer Incorporated)
Acer Power Management (HKLM\...\{91F52DE4-B789-42B0-9311-A349F10E5479}) (Version: 7.00.3013 - Acer Incorporated)
Acer Recovery Management (HKLM\...\{07F2005A-8CAC-4A4B-83A2-DA98A722CA61}) (Version: 6.00.3016 - Acer Incorporated)
Acer Theft Shield (HKLM\...\{8ADB0CD2-4E5A-452F-BB3B-3A2984CAC749}) (Version: 1.01.3006 - Acer Incorporated)
Acer USB Charge Manager (HKLM\...\{07E867C5-0C48-40FF-A013-DDAF4565AD47}) (Version: 2.00.3003 - Acer Incorporated)
AcerCloud Docs (HKLM-x32\...\{CA4FE8B0-298C-4E5D-A486-F33B126D6A0A}) (Version: 1.01.2008 - Acer Incorporated)
AcerCloud Portal (HKLM-x32\...\{A5AD0B17-F34D-49BE-A157-C8B3D52ACD13}) (Version: 2.02.2021 - Acer Incorporated)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.8.158 - Adobe Systems, Inc.)
AVG 2015 (HKLM\...\AVG) (Version: 2015.0.5856 - AVG Technologies)
AVG 2015 (Version: 15.0.4342 - AVG Technologies) Hidden
AVG 2015 (Version: 15.0.5856 - AVG Technologies) Hidden
Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.04 - Piriform)
clear.fi Media (HKLM-x32\...\{E9AF1707-3F3A-49E2-8345-4F2D629D0876}) (Version: 2.02.2012 - Acer Incorporated)
clear.fi Photo (HKLM-x32\...\{B5AD89F2-03D3-4206-8487-018298007DD0}) (Version: 2.02.2016 - Acer Incorporated)
clear.fi SDK - Video 2 (x32 Version: 2.1.2606 - CyberLink Corp.) Hidden
clear.fi SDK- Movie 2 (x32 Version: 2.1.2606 - CyberLink Corp.) Hidden
CyberLink MediaEspresso 6.5 (HKLM-x32\...\InstallShield_{E3739848-5329-48E3-8D28-5BBD6E8BE384}) (Version: 6.5.3729_45993 - CyberLink Corp.)
Delicious: Emily's Childhood Memories Premium Edition (x32 Version: 3.0.2.32 - WildTangent) Hidden
Dolby Home Theater v4 (HKLM-x32\...\{B26438B4-BF51-49C3-9567-7F14A5E40CB9}) (Version: 7.2.8000.16 - Dolby Laboratories Inc)
eBay Worldwide (HKLM-x32\...\{91589413-6675-4C27-8AFC-EFB9103B90A5}) (Version: 2.4.0105 - OEM)
ERUNT 1.1j (HKLM-x32\...\ERUNT_is1) (Version:  - Lars Hederer)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
ETDWare PS/2-X64 11.6.19.204_WHQL (HKLM\...\Elantech) (Version: 11.6.19.204 - ELAN Microelectronic Corp.)
ExpressCache (HKLM\...\{C123584F-9C84-45E8-AE5F-522328BB79A0}) (Version: 1.0.100.0 - Condusiv Technologies)
FileHippo App Manager (HKLM-x32\...\FileHippo.com) (Version:  - FileHippo.com)
Game Channels (HKLM-x32\...\WildTangentGameProvider-acer-genres) (Version: 8.1.0.17 - WildTangent, Inc.)
Game Channels (HKLM-x32\...\WildTangentGameProvider-acer-main) (Version: 8.1.0.17 - WildTangent, Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 42.0.2311.135 - Google Inc.)
Google Earth (HKLM-x32\...\{1A295C25-6E02-49FB-826B-F0D2C56FFA4E}) (Version: 7.1.4.1529 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.110 - WildTangent) Hidden
HP Deskjet 1510 series Basic Device Software (HKLM\...\{C9064E5C-D5AB-4EEB-86A6-50756901038A}) (Version: 32.0.1180.44630 - Hewlett-Packard Co.)
HP Deskjet 1510 series Help (HKLM-x32\...\{2E25FCEB-EFCB-4696-AA01-D3CBAC721831}) (Version: 30.0.0 - Hewlett Packard)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
Identity Card (HKLM-x32\...\{3D9CB654-99AD-4301-89C6-0D12A790767C}) (Version: 2.00.3006 - Acer Incorporated)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3958 - Intel Corporation)
Intel® Rapid Start Technology (HKLM-x32\...\3D073343-CEEB-4ce7-85AC-A69A7631B5D6) (Version: 2.1.0.1002 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.5.4.1001 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Java 8 Update 45 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418045F0}) (Version: 8.0.450 - Oracle Corporation)
Java 8 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)
Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
John Deere Drive Green (x32 Version: 2.2.0.95 - WildTangent) Hidden
Launch Manager (HKLM-x32\...\LManager) (Version: 7.0.10 - Acer Inc.)
Live Updater (HKLM-x32\...\{EE26E302-876A-48D9-9058-3129E5B99999}) (Version: 2.00.3010 - Acer Incorporated)
Magic Academy (x32 Version: 2.2.0.98 - WildTangent) Hidden
Malwarebytes Anti-Malware version 2.1.4.1018 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.4.1018 - Malwarebytes Corporation)
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 15.0.4711.1003 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-4180733224-755957868-2831150804-1002\...\OneDriveSetup.exe) (Version: 17.3.4726.0226 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 37.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 37.0.2 (x86 en-US)) (Version: 37.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 36.0.4 - Mozilla)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
Nero BackItUp 12 Essentials OEM.a01 (HKLM-x32\...\{4CA8F973-6377-4ABF-9ED5-CC2323B3C000}) (Version: 12.5.00500 - Nero AG)
Norton Online Backup (HKLM-x32\...\{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}) (Version: 2.2.3.51r2 - Symantec Corporation)
Norton Online Backup ARA (x32 Version: 4.1.0.14 - Symantec Corporation) Hidden
NOW (HKLM-x32\...\{FB99AFEA-0B85-4FDB-8026-3B073033CC6D}) (Version: 1.13.2.0 - Dotex International)
NVIDIA Graphics Driver 327.02 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 327.02 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.12.1031 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.1031 - NVIDIA Corporation)
NVIDIA Update 1.14.17 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.14.17 - NVIDIA Corporation)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4711.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4711.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4711.1003 - Microsoft Corporation) Hidden
Office Addin (HKLM-x32\...\{6D2BBE1D-E600-4695-BA37-0B0E605542CC}) (Version: 2.02.2008 - Acer)
PDFill FREE PDF Tools (HKLM\...\{735A3951-E139-4E4A-AFAE-BA25E9FF5E6A}) (Version: 11.0 - PlotSoft LLC)
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
Prerequisite installer (x32 Version: 12.0.0003 - Nero AG) Hidden
PrimoPDF -- brought to you by Nitro PDF Software (HKLM-x32\...\PrimoPDF) (Version: 5 - Nitro PDF Software)
Product Improvement Study for HP Deskjet 1510 series (HKLM\...\{EC27E742-EB04-4A2C-BA64-20271929528A}) (Version: 32.0.1180.44630 - Hewlett-Packard Co.)
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.220 - Qualcomm Atheros Communications)
Qualcomm Atheros WLAN and Bluetooth Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 11.41 - Qualcomm Atheros)
QuickBooks (x32 Version: 20.0.4017.807 - Intuit Inc.) Hidden
QuickBooks Simple Start 2010 Free Edition (HKLM-x32\...\{0700E22B-A419-40A5-BD20-04BF618CA0F9}) (Version: 20.0.4017.807 - Intuit Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6695 - Realtek Semiconductor Corp.)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.2.8400.28124 - Realtek Semiconductor Corp.)
Recuva (HKLM\...\Recuva) (Version: 1.52 - Piriform)
Samsung Kies3 (HKLM-x32\...\InstallShield_{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.15041.2 - Samsung Electronics Co., Ltd.)
Samsung Kies3 (x32 Version: 3.2.15041.2 - Samsung Electronics Co., Ltd.) Hidden
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Sleep Memory Optimizer (HKLM\...\{BF63C2C3-9A5B-4366-AA5F-015292B919F0}) (Version: 1.01.3000 - Acer Incorporated)
Smart Timer (HKLM-x32\...\{89DB52FC-EA72-468F-A0C7-150AF8B7AB74}) (Version: 1.00.3007 - Acer Incorporated)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1186 - SUPERAntiSpyware.com)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
System Requirements Lab for Intel (HKLM-x32\...\{04C4B49D-45D9-4A28-9ED1-B45CBD99B8C7}) (Version: 4.5.24.0 - Husdawg, LLC)
Tales of Lagoona (x32 Version: 2.2.0.110 - WildTangent) Hidden
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
Visual Studio 2005 Tools for Office Second Edition Runtime (HKLM-x32\...\Microsoft Visual Studio 2005 Tools for Office Runtime) (Version:  - Microsoft Corporation)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Visual Studio Tools for the Office system 3.0 Runtime (HKLM-x32\...\Visual Studio Tools for the Office system 3.0 Runtime) (Version:  - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258) (HKLM-x32\...\{8FB53850-246A-3507-8ADE-0060093FFEA6}.KB949258) (Version: 1 - Microsoft Corporation)
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
WildTangent Games App (x32 Version: 4.0.11.2 - WildTangent) Hidden
WinRAR 5.21 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)
ZDServer (HKLM-x32\...\{C8197F5F-E0DC-44f1-8AF2-1AA5A84F695D}) (Version: 1.0.1.2 - ZTE Corporation)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-4180733224-755957868-2831150804-1002_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)
CustomCLSID: HKU\S-1-5-21-4180733224-755957868-2831150804-1002_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Gopi\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\amd64\FileSyncApi64.dll (Microsoft Corporation)
 
==================== Restore Points  =========================
 
21-04-2015 16:42:38 Installed Samsung Kies3
28-04-2015 19:29:29 Scheduled Checkpoint
11-05-2015 17:10:52 Scheduled Checkpoint
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 18:55 - 2015-05-06 15:58 - 00450831 ____R C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123moviedownload.com
 
There are 1000 more lines.
 
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {018D597C-68D9-407A-9BC1-C19FC4FEDAFD} - System32\Tasks\HP AR Program Upload - 782d28b9b7c64bad9f47657f0882a20f05557cfb3e254e0ea9b59b1608661391 => C:\Program Files\HP\HP Deskjet 1510 series\bin\HPRewards.exe [2013-08-13] (TODO: <Company name>)
Task: {0E63E5C1-6814-49D1-A79F-B941254771D7} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: {0F16D160-72CE-413E-96E0-97DB4BB84868} - System32\Tasks\{F2324E76-1712-443B-9CBC-7C6EAE1E32D7} => Iexplore.exe http://ui.skype.com/ui/0/7.3.0.101/en/abandoninstall?source=lightinstaller&amp;page=tsPlugin
Task: {11AB92F5-4137-475F-B50F-8D3D6A43A6C9} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: {1B7D91F0-0F32-4CA2-994D-5E0BF15B84D6} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-03-13] (Piriform Ltd)
Task: {1B864CC0-1E32-471C-95C2-0C71179BAC10} - System32\Tasks\HP AR Program Upload - 6883565352c84e51b66c544325966128b3f466d7768d4f2282e995d9ebd3b13e => C:\Program Files\HP\HP Deskjet 1510 series\bin\HPRewards.exe [2013-08-13] (TODO: <Company name>)
Task: {1CC39774-1FF5-4D89-90F7-99D88155DC90} - System32\Tasks\HP AR Program Upload - 367fcbebd01844dfac649bbd677bd768b1091ea6f41642d2b02c3a242f6befe9 => C:\Program Files\HP\HP Deskjet 1510 series\bin\HPRewards.exe [2013-08-13] (TODO: <Company name>)
Task: {2A6A27D4-58B4-49B2-8B07-35414FB441CA} - System32\Tasks\HP AR Program Upload - ca86a6107e304aca8a4353384c8abd48d7b3e0032bd9423b96433fa6751acc1a => C:\Program Files\HP\HP Deskjet 1510 series\bin\HPRewards.exe [2013-08-13] (TODO: <Company name>)
Task: {2C3B096E-B33B-48BF-86B5-1441520FD8D4} - System32\Tasks\iuBrowserIEAgent => C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe [2013-02-09] ()
Task: {2DFA8D2F-7350-49F0-A293-E700210EF955} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-15] (Adobe Systems Incorporated)
Task: {33731F4D-1CF6-4CE9-84AB-9FFD240D3898} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: {38D683C4-1390-4F3F-8A0F-AE36E7C70027} - System32\Tasks\HP AR Program Upload - a48c9b7f4976486e9482434ae118335e49fa8498ee63437d808ea9df07d84149 => C:\Program Files\HP\HP Deskjet 1510 series\bin\HPRewards.exe [2013-08-13] (TODO: <Company name>)
Task: {5451FF85-C6BD-44B7-8135-3612121265D8} - System32\Tasks\ALUAgent => C:\Program Files (x86)\Acer\Live Updater\liveupdater_agent.exe [2013-01-22] ()
Task: {5761C5B8-7866-4818-981A-0A83A6DCE96A} - System32\Tasks\Smart Timer Task Scheduler => C:\Program Files\Smart Timer\Smart_Timer.exe [2012-06-22] (Acer Incorporated)
Task: {60946A0F-3EF7-4969-A4CD-D8F31068FA12} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-12-30] (Google Inc.)
Task: {86496034-97CC-4E76-AB67-2673FD0E6893} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-24] (Microsoft Corporation)
Task: {9A2B4832-417D-4E53-A62A-37E08850BAA8} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2014-06-27] (Safer-Networking Ltd.)
Task: {A53734AC-74AB-426F-85AD-82B95E898931} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-04-22] (Microsoft Corporation)
Task: {A908CC48-080B-4E59-97D5-3A16CBE9AA10} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2015-04-22] (Microsoft Corporation)
Task: {B091314E-FA59-41D9-A5D6-936A1562BA8F} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-04-15] (Microsoft Corporation)
Task: {BDF742E6-B837-4FC1-B828-620ADF42D450} - System32\Tasks\ALU => C:\Program Files (x86)\Acer\Live Updater\updater.exe [2013-03-13] ()
Task: {D7408A75-9A8F-4FAB-B811-DF85FF989A29} - System32\Tasks\{CCE8897A-3A67-421B-A17A-4BA552C92859} => Iexplore.exe http://ui.skype.com/ui/0/7.0.0.102/en/abandoninstall?page=tsMain
Task: {DE241C21-D363-4135-A21A-081F0AA80489} - System32\Tasks\DeviceDetector => C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe [2013-02-08] (CyberLink)
Task: {E049E38C-7DC4-431E-A812-E16471488BC9} - System32\Tasks\HPCustParticipation HP Deskjet 1510 series => C:\Program Files\HP\HP Deskjet 1510 series\Bin\HPCustPartic.exe [2013-08-13] (Hewlett-Packard Co.)
Task: {E1205CD0-A4A2-4F6D-8E90-047DD12C74EB} - System32\Tasks\Theft Shield\AcerTheftShieldTask => C:\Program Files\Acer\Acer Theft Shield\USecuAppLauncher.exe [2012-11-13] (Acer Incorporated)
Task: {E3AAB912-AD7F-4FDB-8F8C-6FBA8F8F03F3} - System32\Tasks\iuEmailOutlookAgent => C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe [2013-02-09] ()
Task: {E7E5F3BA-4F42-4E99-A458-2AF10FA3A063} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2014-06-24] (Safer-Networking Ltd.)
Task: {EC67BC0F-447E-495D-A1BB-D8BE843456BA} - System32\Tasks\HP AR Program Upload - 67b2a2b2eb5d4f0e9c957d2e4e2fe024eaf1b2fe9f114064bb11f704dbbeffe7 => C:\Program Files\HP\HP Deskjet 1510 series\bin\HPRewards.exe [2013-08-13] (TODO: <Company name>)
Task: {ED15149A-1A79-4448-A60B-69293C0AFC19} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-04-22] (Microsoft Corporation)
Task: {EE2B9E8D-55A1-449A-AB45-4BC0899DC2DC} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2014-06-24] (Safer-Networking Ltd.)
Task: {EE53110E-C3FF-4BF1-BAA3-7CD484D2CB6A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-12-30] (Google Inc.)
Task: {FC2769A6-49E2-4547-9CD6-76E3E8B9CF9D} - System32\Tasks\Power Management => C:\Program Files\Acer\Acer Power Management\ePowerTray.exe [2013-03-15] (Acer Incorporated)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) ==============
 
2013-09-05 02:36 - 2013-09-05 02:36 - 00013088 _____ () C:\Program Files\NVIDIA Corporation\CoProcManager\detoured.dll
2014-01-17 01:35 - 2009-12-21 07:12 - 00090624 _____ () C:\WINDOWS\System32\Primomonnt.dll
2014-04-14 12:18 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2015-03-11 22:14 - 2015-03-11 22:14 - 08898720 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2013-01-28 13:15 - 2013-01-28 13:15 - 00011264 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll
2013-01-28 13:12 - 2013-01-28 13:12 - 00084992 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\Map\MAP.dll
2013-01-28 13:17 - 2013-01-28 13:17 - 00012928 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe
2013-02-09 02:54 - 2013-02-09 02:54 - 00044616 _____ () C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe
2013-02-09 02:54 - 2013-02-09 02:54 - 00025672 _____ () C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe
2014-07-21 15:22 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2014-07-21 15:22 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2014-07-21 15:22 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2014-07-21 15:22 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2014-07-21 15:22 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2013-05-21 11:06 - 2012-06-25 08:11 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll
2013-05-21 11:39 - 2013-02-20 21:28 - 00089672 _____ () C:\Program Files (x86)\Acer\clear.fi plug-in\Clearfishellext.dll
2015-05-01 20:48 - 2015-04-28 07:37 - 01252680 _____ () C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.135\libglesv2.dll
2015-05-01 20:48 - 2015-04-28 07:37 - 00080712 _____ () C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.135\libegl.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\Users\Gopi\SkyDrive:ms-properties
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
 
==================== EXE Association (whitelisted) ===============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, the associated entry will be removed from the registry.)
 
IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com
 
There are 7867 more restricted sites.
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-4180733224-755957868-2831150804-1001\Control Panel\Desktop\\Wallpaper -> 
HKU\S-1-5-21-4180733224-755957868-2831150804-1002\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\acer01.jpg
DNS Servers: 203.145.184.40 - 203.145.184.32
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
HKLM\...\StartupApproved\StartupFolder: => "QuickBooks Update Agent.lnk"
HKLM\...\StartupApproved\Run: => "ETDCtrl"
HKLM\...\StartupApproved\Run: => "RtHDVBg_Dolby"
HKLM\...\StartupApproved\Run: => "RtHDVCpl"
HKLM\...\StartupApproved\Run: => "AdAwareTray"
HKLM\...\StartupApproved\Run32: => "Adobe ARM"
HKLM\...\StartupApproved\Run32: => "Norton Online Backup"
HKLM\...\StartupApproved\Run32: => "Intuit SyncManager"
HKLM\...\StartupApproved\Run32: => "SDTray"
HKU\S-1-5-21-4180733224-755957868-2831150804-1002\...\StartupApproved\Run: => "SUPERAntiSpyware"
HKU\S-1-5-21-4180733224-755957868-2831150804-1002\...\StartupApproved\Run: => "CCleaner Monitoring"
 
==================== FirewallRules (whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{A1A39D22-18B5-4C76-9002-6EA32B08F142}] => (Allow) C:\Program Files\HP\HP Deskjet 1510 series\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{29A2FFA0-CF9A-4864-93B9-101F7779D45B}] => (Allow) C:\Program Files\HP\HP Deskjet 1510 series\Bin\USBSetup.exe
FirewallRules: [{7AE8DBE4-3F5F-450D-9312-DB5437910C8D}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{657D7AA7-7BBF-42E0-A3A5-289805F60016}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{21D7E70D-2F3F-4035-9C65-1661FD3317F8}] => (Allow) C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe
FirewallRules: [{EB8B6D2E-AA6A-4C48-A60A-0A4F727CD6DE}] => (Allow) C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe
FirewallRules: [{E82023F4-5C2A-438F-BF6D-C24835A5A6E1}] => (Allow) C:\Program Files (x86)\Acer\Acer Cloud\virtualdrive.exe
FirewallRules: [{FADF20A2-28D0-426E-B73B-136BC5F7C06E}] => (Allow) C:\Program Files (x86)\Acer\Acer Cloud\virtualdrive.exe
FirewallRules: [{87638DDE-9A1A-4E6D-BBF4-476C48609A97}] => (Allow) C:\Program Files (x86)\Acer\Acer Cloud\Sdd.exe
FirewallRules: [{F81CD588-5D8F-47BD-B99B-EBE2279D894D}] => (Allow) C:\Program Files (x86)\Acer\Acer Cloud\Sdd.exe
FirewallRules: [{777B9694-79F1-4AB0-A8EC-8A2774547780}] => (Allow) C:\Program Files (x86)\Acer\Acer Cloud\ccd.exe
FirewallRules: [{3099F2E0-F124-4322-8BA2-1772D8E1EE4F}] => (Allow) C:\Program Files (x86)\Acer\Acer Cloud\ccd.exe
FirewallRules: [{2A937075-4457-46CD-A1C6-8DD53034EDAE}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Photo\WindowsUpnp.exe
FirewallRules: [{F7675F35-1ECC-448F-ABC1-D1872FFE5C2C}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Photo\WindowsUpnp.exe
FirewallRules: [{5616132D-017B-48C1-A94F-8B44600701AE}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Photo\DMCDaemon.exe
FirewallRules: [{CFED4E98-9C76-440B-91B7-BF6E9106A1A0}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Photo\DMCDaemon.exe
FirewallRules: [{74A5BB4F-3FDC-4762-96B1-BA63D9B6CB1E}] => (Allow) C:\Program Files (x86)\Acer\clear.fi SDK21\Movie\PlayMovie.exe
FirewallRules: [{DC8FB94C-9B6A-4925-BD5C-664686B48CE6}] => (Allow) C:\Program Files (x86)\Acer\clear.fi SDK21\Video\MusicPlayer.exe
FirewallRules: [{143591B1-274E-455B-AE55-006A81D5664C}] => (Allow) C:\Program Files (x86)\Acer\clear.fi SDK21\Video\VideoPlayer.exe
FirewallRules: [{7AEF64AE-5932-4A98-B22D-7C21026990EB}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Media\WindowsUpnpMV.exe
FirewallRules: [{B3F2CE51-3048-4978-9BCE-3ED7F7415F0F}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Media\WindowsUpnpMV.exe
FirewallRules: [{14EF7F14-B2A4-4643-9FF6-E63C58ACA604}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Media\DMCDaemon.exe
FirewallRules: [{BAFE8B23-16BE-4B31-9139-052F5DD7CD5E}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Media\DMCDaemon.exe
FirewallRules: [{C04D9F27-4E45-46C5-A2FD-0714EAB0394A}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{3E70B8ED-1B4A-4530-AF96-DA4C2F28A546}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{CC1D5D0D-8DCC-4AD6-8393-7336DF600828}] => (Allow) C:\Program Files (x86)\Nero\Nero 12\Nero BackItUp\BackItUp.exe
FirewallRules: [{407E9CC1-546A-4D3B-8A25-FFD42C047636}] => (Allow) C:\Program Files (x86)\Nero\Nero 12\Nero BackItUp\BackItUp.exe
FirewallRules: [{8291E669-84C9-4E06-A344-8B4ADE47717C}] => (Allow) C:\Program Files\Acer\Acer Theft Shield\USecuAppClient.exe
FirewallRules: [{37D8332A-B0AD-4B54-B9E8-0DFA6DC92174}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
FirewallRules: [{B91BC3A4-CF64-427E-8A49-2BDA3AA0C002}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
FirewallRules: [{89C02982-0971-4A22-A4E0-C4596BAFECEF}] => (Allow) C:\Users\Gopi\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [{0A43C172-3953-4A98-B746-A52C049AA2A6}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
FirewallRules: [TCP Query User{47B02730-BC91-48C2-822F-A649BF69FBF4}C:\program files\now\now.exe] => (Allow) C:\program files\now\now.exe
FirewallRules: [UDP Query User{238D1BA9-5658-4C62-943D-8F02B2854672}C:\program files\now\now.exe] => (Allow) C:\program files\now\now.exe
FirewallRules: [{2F62A2F0-1665-44B4-9951-41046409D2BD}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgmfapx.exe
FirewallRules: [{25CDA086-808D-4883-A390-A58D5664AD9B}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgmfapx.exe
FirewallRules: [{149E7D90-1554-49E4-B011-5498C1F1886F}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
FirewallRules: [{357A6829-E7EB-4DEF-8001-4240096D67BD}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
FirewallRules: [{4A10BCA5-DD3B-47D8-94AB-1ABCA5EE5B52}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgdiagex.exe
FirewallRules: [{8130415D-E7D4-4DAE-ADE7-8F49F1C1A77B}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgdiagex.exe
FirewallRules: [{A843CF99-3DD8-4EFF-A9AF-CFCB1C46559C}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
FirewallRules: [{81396E80-5547-4336-9E87-C70C3DF58E30}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
FirewallRules: [{B9E6799B-B6C7-4CC8-8AF9-309359215A8A}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{F0184FB4-CF17-4A1E-BDC8-74BFEBDA4845}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{47D392EA-869F-472C-AB6A-1FAACB47B39D}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{9907FCCA-A043-4829-9C53-E7611A05506E}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{F56871C9-196E-4E27-AF3E-C1AC877469D5}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
FirewallRules: [{7445DAF7-9C6F-4640-9054-2906CBB5DE7D}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
FirewallRules: [{D91139CB-9C9A-4B21-8166-C7EC5631C9DF}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgdiagex.exe
FirewallRules: [{E1BCDA4E-EDCF-4FD6-AFFB-5A90309FD244}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgdiagex.exe
FirewallRules: [{60159C7D-3397-4A9E-8EC0-439B7FCE7037}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe
FirewallRules: [{D5F58CEE-7FDF-4C74-A267-3CA95138F553}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe
FirewallRules: [{7A9FEEA1-6BDD-4CFE-BB58-3309E238F144}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
FirewallRules: [{09BC8A0C-87DF-4FD0-844F-BD4EA0626650}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
FirewallRules: [{38F2096F-9F5E-45EE-BDC1-F6ADE877D038}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
FirewallRules: [{F0F61A55-2701-4550-89C2-119180D6C150}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
FirewallRules: [{D1C3F566-BCCD-492F-89D4-A3C1C0B5D8E2}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgdiagex.exe
FirewallRules: [{58C5DD1F-3507-49EA-AE5C-B105C14BFD59}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgdiagex.exe
FirewallRules: [{DE6E3544-3892-4B4D-81A0-31B5171BEC5C}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe
FirewallRules: [{EB4895E0-CDC9-4CEF-A23B-D3267DFA4E75}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe
FirewallRules: [{E0DCD587-ABCC-4AC0-A16B-DBD353E5D2C4}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
FirewallRules: [{88C5C8A6-775C-42FF-ABB0-664565236523}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
FirewallRules: [{409F3CEA-D214-48F2-9A1F-501083054F21}] => (Allow) C:\Users\Gopi\AppData\Local\Temp\7zS7BAC\HPDiagnosticCoreUI.exe
FirewallRules: [{78743183-7D71-4DC9-91A8-C1E56F2863CC}] => (Allow) C:\Users\Gopi\AppData\Local\Temp\7zS7BAC\HPDiagnosticCoreUI.exe
FirewallRules: [TCP Query User{6AF9AF66-0AF9-4C89-8492-47C4366721DF}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{FED72F24-06B8-4CAE-B84C-58B18B6D5093}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{4F259BF0-BEB1-4054-BC44-87580B48FF4E}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (05/11/2015 04:52:15 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest2" on line C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_a9ed7f470139b3c1.manifest.
 
Error: (05/11/2015 02:29:23 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest2" on line C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_a9ed7f470139b3c1.manifest.
 
Error: (05/08/2015 04:19:07 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest2" on line C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_a9ed7f470139b3c1.manifest.
 
Error: (05/07/2015 01:45:50 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program IEXPLORE.EXE version 11.0.9600.17416 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 15f8
 
Start Time: 01d0889355e1e5f8
 
Termination Time: 62
 
Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
 
Report Id: 43002dc9-f491-11e4-bf30-7c05079eabca
 
Faulting package full name: 
 
Faulting package-relative application ID:
 
Error: (05/06/2015 05:58:35 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.17416, time stamp: 0x5452eed9
Faulting module name: MSHTML.dll, version: 11.0.9600.17728, time stamp: 0x55025c47
Exception code: 0xc0000005
Fault offset: 0x01039a59
Faulting process id: 0xcb4
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3
Faulting package full name: IEXPLORE.EXE4
Faulting package-relative application ID: IEXPLORE.EXE5
 
Error: (05/06/2015 04:56:13 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Explorer.EXE, version: 6.3.9600.17667, time stamp: 0x54c6f7c2
Faulting module name: twinui.dll, version: 6.3.9600.17415, time stamp: 0x54503c45
Exception code: 0xc0000005
Fault offset: 0x000000000027587f
Faulting process id: 0x1c0
Faulting application start time: 0xExplorer.EXE0
Faulting application path: Explorer.EXE1
Faulting module path: Explorer.EXE2
Report Id: Explorer.EXE3
Faulting package full name: Explorer.EXE4
Faulting package-relative application ID: Explorer.EXE5
 
Error: (05/04/2015 03:35:22 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest2" on line C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_a9ed7f470139b3c1.manifest.
 
Error: (05/04/2015 02:44:20 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest2" on line C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_a9ed7f470139b3c1.manifest.
 
Error: (05/04/2015 02:29:44 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest2" on line C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_a9ed7f470139b3c1.manifest.
 
Error: (05/02/2015 06:47:33 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest2" on line C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_a9ed7f470139b3c1.manifest.
 
 
System errors:
=============
Error: (05/11/2015 06:44:44 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The ZDServ service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (05/11/2015 06:42:13 PM) (Source: Ntfs) (EventID: 137) (User: )
Description: The default transaction resource manager on volume \\?\Volume{1c91e3ff-e0ee-46db-891c-bdd9ae6554a4} encountered a non-retryable error and could not start.  The data contains the error code.
 
Error: (05/11/2015 06:41:43 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ClickToRunSvc service.
 
Error: (05/11/2015 05:08:09 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Dnscache service.
 
Error: (05/11/2015 04:49:04 PM) (Source: DCOM) (EventID: 10010) (User: ACER-LAPTOP)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}
 
Error: (05/11/2015 04:48:34 PM) (Source: DCOM) (EventID: 10010) (User: ACER-LAPTOP)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}
 
Error: (05/11/2015 04:46:58 PM) (Source: BTHUSB) (EventID: 17) (User: )
Description: The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded.
 
Error: (05/11/2015 03:21:23 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The ZDServ service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (05/08/2015 06:04:37 PM) (Source: BTHUSB) (EventID: 17) (User: )
Description: The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded.
 
Error: (05/08/2015 04:15:35 PM) (Source: DCOM) (EventID: 10010) (User: ACER-LAPTOP)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}
 
 
Microsoft Office Sessions:
=========================
Error: (05/11/2015 04:52:15 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_a9ed7f470139b3c1.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe
 
Error: (05/11/2015 02:29:23 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_a9ed7f470139b3c1.manifestC:\Users\Gopi\Downloads\esetsmartinstaller_enu.exe
 
Error: (05/08/2015 04:19:07 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_a9ed7f470139b3c1.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe
 
Error: (05/07/2015 01:45:50 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: IEXPLORE.EXE11.0.9600.1741615f801d0889355e1e5f862C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE43002dc9-f491-11e4-bf30-7c05079eabca
 
Error: (05/06/2015 05:58:35 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: IEXPLORE.EXE11.0.9600.174165452eed9MSHTML.dll11.0.9600.1772855025c47c000000501039a59cb401d087f80d28a454C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\WINDOWS\SYSTEM32\MSHTML.dll69d021cb-f3eb-11e4-bf2f-7c05079eabca
 
Error: (05/06/2015 04:56:13 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Explorer.EXE6.3.9600.1766754c6f7c2twinui.dll6.3.9600.1741554503c45c0000005000000000027587f1c001d087ea818f2198C:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\twinui.dllb3659f3e-f3e2-11e4-bf2c-7c05079eabca
 
Error: (05/04/2015 03:35:22 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_a9ed7f470139b3c1.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe
 
Error: (05/04/2015 02:44:20 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_a9ed7f470139b3c1.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe
 
Error: (05/04/2015 02:29:44 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_a9ed7f470139b3c1.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe
 
Error: (05/02/2015 06:47:33 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_a9ed7f470139b3c1.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5-3337U CPU @ 1.80GHz
Percentage of memory in use: 67%
Total physical RAM: 3911.27 MB
Available physical RAM: 1265.13 MB
Total Pagefile: 7879.27 MB
Available Pagefile: 4912.52 MB
Total Virtual: 131072 MB
Available Virtual: 131071.83 MB
 
==================== Drives ================================
 
Drive c: (Acer) (Fixed) (Total:447.61 GB) (Free:322.91 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 19B89E86)
 
Partition: GPT Partition Type.
 
========================================================
Disk: 1 (Size: 18.6 GB) (Disk ID: BCFDD097)
 
Partition: GPT Partition Type.
 
==================== End Of Log ============================
 
 
Thanks in advance.
 


#4 dbrisendine

dbrisendine

  • Malware Response Team
  • 508 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:BC, Canada
  • Local time:11:58 PM

Posted 11 May 2015 - 05:32 PM

Thank you for the update and your logs.  I'm glad you got your problem sorted.

 

The only issue I see with the FRST logs are some errant remains of McAfee products on your system.  You can clean that up by using the McAfee Consumer Products Removal (MCPR) tool found here.

 

Surf safe and come back if you need anything.


unite_blue_zpsba2e96f7.png
 
Please do not ask for Malware help via PM (Private Messages).  Please post in the forum boards instead.  Thanks.

My help is always free but if you would like to help encourage me or show your thanks -----> btn_donate_LG.gif


#5 dbrisendine

dbrisendine

  • Malware Response Team
  • 508 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:BC, Canada
  • Local time:11:58 PM

Posted 11 May 2015 - 05:32 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

unite_blue_zpsba2e96f7.png
 
Please do not ask for Malware help via PM (Private Messages).  Please post in the forum boards instead.  Thanks.

My help is always free but if you would like to help encourage me or show your thanks -----> btn_donate_LG.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users