Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Unable to connect to internet Proxy error 127.0.0.1 5050 keeps coming up


  • This topic is locked This topic is locked
16 replies to this topic

#1 hlingam

hlingam

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:08:51 PM

Posted 31 May 2015 - 05:23 PM

Hello,
 
When I am trying to connect to internet getting the below error:
 
Unable to connect to the proxy server.
 
I verfied the LAN settings, Proxy server setting is enabled for (Use a proxy server for LAN(These seting will no apply to dial-up or VPN connections.)). Address 127.0.0.1 Port 5050.
 
I tried following options:
 
1. Deleted ProxyEnable and ProxyServer file entries from internet seeting.
2. For proxy enable modified Value data from 1 to 0 and deleted ProxyServer.
3. Ran FRST 64 bit in Administrator mode and fixlist.txt files is not generated. Please find the log detaiLS:
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 29-05-2015
Ran by Pradeepa (administrator) on DEEPAM on 31-05-2015 17:51:27
Running from C:\FRST
Loaded Profiles: Pradeepa (Available Profiles: Pradeepa)
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(PriceMeter) C:\Program Files (x86)\PriceMeterLiveUpdate\Update\PriceMeterLiveUpdate.exe
(FlashBeat) C:\ProgramData\FlashBeat\FlashBeat.exe
(FlashBeat) C:\ProgramData\FlashBeat\FlashBeat.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
() C:\Program Files (x86)\Common Files\Diagnostics\node\service.exe
() C:\Users\Pradeepa\AppData\Roaming\5D46E0FF-1432837580-E211-A330-208984ECA4BC\hnsi5FC1.tmp
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Joyent, Inc) C:\Program Files (x86)\Common Files\Diagnostics\node\node.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
() C:\ProgramData\boostwebapp\1.1.0.31\ikuwmys.EXE
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
() C:\ProgramData\boostwebapp\1.1.0.31\TouhJoisa.exe
(myradioplayer) C:\Program Files (x86)\myradioplayer\myradioplayer.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
() C:\Program Files (x86)\Common Files\Diagnostics\node\service.exe
() C:\Users\Pradeepa\AppData\Roaming\5D46E0FF-1432837580-E211-A330-208984ECA4BC\jnst4784.tmp
(Joyent, Inc) C:\Program Files (x86)\Common Files\Diagnostics\node\node.exe
() C:\ProgramData\boostwebapp\1.1.0.31\ikuamys.EXE
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe
(McAfee, Inc.) C:\Program Files\mcafee\msc\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe
(myradioplayer) C:\Program Files (x86)\myradioplayer\myradioplayerSvc.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe
() C:\ProgramData\boostwebapp\1.1.0.31\ikudmys.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
() C:\ProgramData\boostwebapp\1.1.0.31\Wefhiuli.EXE
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
(myradioplayer) C:\Program Files (x86)\myradioplayer\myradioplayerTray.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\Platform\McUICnt.exe
(Power Software Ltd) C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Windows\System32\WWAHost.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Just Develop It) C:\Program Files (x86)\MyPC Backup\BackupStack.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Intel® Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(altanov) C:\Program Files (x86)\myradioplayer\myradioplayer.Service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Joyent, Inc) C:\Program Files (x86)\Common Files\Diagnostics\node\node.exe
(Joyent, Inc) C:\Program Files (x86)\Common Files\Diagnostics\node\node.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [HotKeysCmds] => C:\windows\system32\hkcmd.exe
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [286192 2013-01-31] (Intel Corporation)
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [900704 2013-03-15] (Conexant Systems, Inc.)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [17097200 2013-08-16] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [193008 2013-08-16] (Lenovo(beijing) Limited)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated)
HKLM\...\Run: [myradioplayer Tray] => C:\Program Files (x86)\myradioplayer\myradioplayerTray.exe [113912 2014-10-16] (myradioplayer)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-02-13] (Apple Inc.)
HKLM-x32\...\Run: [YouCam Tray] => C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe [168464 2012-10-30] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateP2GShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [217088 2012-04-18] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)
HKLM-x32\...\Run: [mcui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [537992 2014-04-25] (McAfee, Inc.)
HKLM-x32\...\Run: [Intel AppUp(SM) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-07-12] (Intel Corporation)
HKLM-x32\...\Run: [mcpltui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [537992 2014-04-25] (McAfee, Inc.)
HKLM-x32\...\Run: [fst_us_203] => [X]
HKLM-x32\...\Run: [PC HealthFix] => "C:\ProgramData\PC HealthFix\PCHealthFix.exe" /runscan
HKLM-x32\...\Run: [BlockAndSurf] => C:\Program Files (x86)\ver7BlockAndSurf\BlockAndSurf.exe
HKLM-x32\...\Run: [AnyProtect Scanner] => "C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe"
HKLM-x32\...\Run: [PWRISOVM.EXE] => C:\Program Files (x86)\PowerISO\PWRISOVM.EXE [337432 2013-07-21] (Power Software Ltd)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896 2015-04-30] (Oracle Corporation)
HKLM-x32\...\Run: [gmsd_us_627] => [X]
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-21-3688121889-113363352-3167696593-1001\...\RunOnce: [Application Restart #5] => C:\Users\Pradeepa\AppData\Local\Pokki\Engine\HostAppService.exe  /openmenu --disable-internal-flash --noerrdialogs --no-message-box --disable-extensions --disable-web-security --disable-web-resources  (the data entry has 565 more characters).
HKU\S-1-5-21-3688121889-113363352-3167696593-1001\...\MountPoints2: {7a7642b8-cbf2-11e4-bf23-0cd2926109df} - "G:\LaunchU3.exe" -a
AppInit_DLLs: C:\ProgramData\FlashBeat\FlashBeat64.dll => C:\ProgramData\FlashBeat\FlashBeat64.dll [1022464 2015-05-27] (FlashBeat)
AppInit_DLLs-x32: C:\ProgramData\FlashBeat\FlashBeat32.dll => C:\ProgramData\FlashBeat\FlashBeat32.dll [817664 2015-05-27] (FlashBeat)
AppInit_DLLs-x32:  C:\PROGRA~3\{0420E~1\1172~1.1\nore.dll => "C:\PROGRA~3\{0420E~1\1172~1.1\nore.dll" File not found
IFEO\DatamngrCoordinator.exe: [Debugger] tasklist.exe
Startup: C:\Users\Pradeepa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Ok_Bangaram_(2015)_-_320_-_[www.SouthMp3.CO].zip.lnk [2015-04-09]
ShortcutTarget: Ok_Bangaram_(2015)_-_320_-_[www.SouthMp3.CO].zip.lnk -> C:\ProgramData\{361ea319-36f5-66df-361e-ea31936f8c64}\Ok_Bangaram_(2015)_-_320_-_[www.SouthMp3.CO].zip.exe ()
ShellIconOverlayIdentifiers: [SugarSyncBackedUp] -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll No File
ShellIconOverlayIdentifiers: [SugarSyncPending] -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll No File
ShellIconOverlayIdentifiers: [SugarSyncRoot] -> {A759AFF6-5851-457D-A540-F4ECED148351} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll No File
ShellIconOverlayIdentifiers: [SugarSyncShared] -> {1574C9EF-7D58-488F-B358-8B78C1538F51} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll No File
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-3688121889-113363352-3167696593-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
ProxyEnable: [HKLM-x32] => ProxyEnable is set
ProxyServer: [HKLM-x32] => http=127.0.0.1:58091;https=127.0.0.1:58091
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled
ProxyServer: [.DEFAULT] => 127.0.0.1:5050
ProxyEnable: [S-1-5-19] => Internet Explorer proxy is enabled
ProxyServer: [S-1-5-19] => 127.0.0.1:5050
ProxyEnable: [S-1-5-20] => Internet Explorer proxy is enabled
ProxyServer: [S-1-5-20] => 127.0.0.1:5050
ProxyEnable: [S-1-5-21-3688121889-113363352-3167696593-1001] => Internet Explorer proxy is enabled
ProxyServer: [S-1-5-21-3688121889-113363352-3167696593-1001] => 127.0.0.1:5050
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.istart123.com/web/?type=ds&ts=1407974641&from=tugs&uid=ST1000LM024XHN-M101MBB_S2SMJ9FD709247&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.istart123.com/?type=hp&ts=1407974641&from=tugs&uid=ST1000LM024XHN-M101MBB_S2SMJ9FD709247
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.istart123.com/web/?type=ds&ts=1407974641&from=tugs&uid=ST1000LM024XHN-M101MBB_S2SMJ9FD709247&q={searchTerms}
HKU\S-1-5-21-3688121889-113363352-3167696593-1001\Software\Microsoft\Internet Explorer\Main,Search Page = http://feed.safefinder.com/?p=mKO_AwFzXIpYRak5VLd2-qQdkN5729vVFWxou9ho1IAoH5LYnFv7JfoYs6ZpG6R1WwslpORMb-WHYaAZoye0ha22XyWIqGMz2Xh1mYihn7RcXmqPcywSBTt5gjBKfhQIVNvl69hkml9tuYI7YHYO1rUdn3ELXdDv3-nR6VGa_nuODZKua14LPj1HnM7e67h8L4v2R7hVHQ,,&q={searchTerms}
HKU\S-1-5-21-3688121889-113363352-3167696593-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo13.msn.com
HKU\S-1-5-21-3688121889-113363352-3167696593-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://home.lenovo.com
HKU\S-1-5-21-3688121889-113363352-3167696593-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://home.lenovo.com
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.istart123.com/web/?type=ds&ts=1407974641&from=tugs&uid=ST1000LM024XHN-M101MBB_S2SMJ9FD709247&q={searchTerms}
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.cassiopesa.com/results.php?f=4&q={searchTerms}&a=csp_otbrw5_15_22&cd=2XzuyEtN2Y1L1QzutD0C0DtBzytByCtCtDzy0D0CyEtB0C0BtN0D0Tzu0StCtByEtAtN1L2XzutAtFtCtDtFtCtDtFtDtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2SyByBzytCtDtA0DzztGtAtBzzyEtG0A0AtD0CtGyDzytAyCtGtCyCtBtByC0AzytDyB0A0A0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyByC0EyDyEzzyE0EtG0EzzyDyBtGyEyE0EzytG0AtAtD0FtG0CtD0A0ByD0AyCyBtDtD0C0B2QtN0A0LzuyE&cr=1420432219&ir=
SearchScopes: HKLM -> {2E00D31D-D171-423D-836D-1A4D7EA7F1A9} URL =
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.istart123.com/web/?type=ds&ts=1407974641&from=tugs&uid=ST1000LM024XHN-M101MBB_S2SMJ9FD709247&q={searchTerms}
SearchScopes: HKLM -> {A25AC313-DD19-4238-ACA2-401D6BEE4321} URL =
SearchScopes: HKLM -> {CC865B26-C31D-4D23-B17B-96548EEF03F6} URL = http://groovorio.com/results.php?f=4&q={searchTerms}&a=grv_tight3_14_33&cd=2XzuyEtN2Y1L1QzutBtDzzzyzzyE0E0C0AyE0B0CyEtB0C0BtN0D0Tzu0StCtDyEtBtN1L2XzutAtFyCtFtCtFtDtN1L1Czu2Z1L1N1M2Z1VtCyE1VtCzztN1L1G1B1V1N2Y1L1Qzu2SyBtDtB0F0Dzy0D0DtGtAzzyC0BtGyB0E0AtCtG0DyC0BtCtGyDyD0AtAyBtAyE0B0D0CtDzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyByC0EyDyEzzyE0EtG0EzzyDyBtGyEyE0EzytG0AtAtD0FtG0CtD0A0ByD0AyCyBtDtD0C0B2Q&cr=1779137969&ir=
SearchScopes: HKLM-x32 -> DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://feed.safefinder.com/?p=mKO_AwFzXIpYRak5VLd2-qQdkN5729vVFWxou9ho1IAoH5LYnFv7JfoYs6ZpG6R1WwslpORMb-WHYaAZoye0ha22XyWIqGMz2Xh1mYihn7RcXmqPcywSBTt5gjBKfhQIVNvl69hkml9tuYI7YHYO1rUdn3ELXdDv3-nR6VGa_nuODZKua14M6JcTbBj6U5PgHhB6YHXKxA,,&q={searchTerms}
SearchScopes: HKLM-x32 -> {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://feed.safefinder.com/?p=mKO_AwFzXIpYRak5VLd2-qQdkN5729vVFWxou9ho1IAoH5LYnFv7JfoYs6ZpG6R1WwslpORMb-WHYaAZoye0ha22XyWIqGMz2Xh1mYihn7RcXmqPcywSBTt5gjBKfhQIVNvl69hkml9tuYI7YHYO1rUdn3ELXdDv3-nR6VGa_nuODZKua14M6JcTbBj6U5PgHhB6YHXKxA,,&q={searchTerms}
SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.istart123.com/web/?type=ds&ts=1407974641&from=tugs&uid=ST1000LM024XHN-M101MBB_S2SMJ9FD709247&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3688121889-113363352-3167696593-1001 -> DefaultScope {015DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://www.trovi.com/Results.aspx?gd=&ctid=CT3333887&octid=EB_ORIGINAL_CTID&ISID=M6581F3BF-CDC7-430B-9E54-F449661DFCF8&SearchSource=58&CUI=&UM=8&UP=SP224FAC1A-04E9-4FA1-841B-1D61BE51640E&D=052815&q={searchTerms}&SSPV=SP22340TA_sp_ie
SearchScopes: HKU\S-1-5-21-3688121889-113363352-3167696593-1001 -> {015DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://www.trovi.com/Results.aspx?gd=&ctid=CT3333887&octid=EB_ORIGINAL_CTID&ISID=M6581F3BF-CDC7-430B-9E54-F449661DFCF8&SearchSource=58&CUI=&UM=8&UP=SP224FAC1A-04E9-4FA1-841B-1D61BE51640E&D=052815&q={searchTerms}&SSPV=SP22340TA_sp_ie
SearchScopes: HKU\S-1-5-21-3688121889-113363352-3167696593-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.cassiopesa.com/results.php?f=4&q={searchTerms}&a=csp_otbrw5_15_22&cd=2XzuyEtN2Y1L1QzutD0C0DtBzytByCtCtDzy0D0CyEtB0C0BtN0D0Tzu0StCtByEtAtN1L2XzutAtFtCtDtFtCtDtFtDtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2SyByBzytCtDtA0DzztGtAtBzzyEtG0A0AtD0CtGyDzytAyCtGtCyCtBtByC0AzytDyB0A0A0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyByC0EyDyEzzyE0EtG0EzzyDyBtGyEyE0EzytG0AtAtD0FtG0CtD0A0ByD0AyCyBtDtD0C0B2QtN0A0LzuyE&cr=1420432219&ir=
SearchScopes: HKU\S-1-5-21-3688121889-113363352-3167696593-1001 -> {3B6E5E72-A483-436F-828E-8DFB0CD9D188} URL = http://www.search.ask.com/web?tpid=ORJ-SPE&o=APN11405&pf=V7&p2=^BBD^OSJ000^YY^US&gct=&itbv=12.24.1.51&apn_uid=08885414-998A-4295-9E99-885BDE47F77B&apn_ptnrs=BBD&apn_dtid=^OSJ000^YY^US&apn_dbr=ie_11.0.9600.17416&doi=2015-02-26&trgb=IE&q={searchTerms}&psv=&pt=tb
SearchScopes: HKU\S-1-5-21-3688121889-113363352-3167696593-1001 -> {8304A897-E2BF-433C-A8B4-A3FEAC03F4BF} URL =
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-05-23] (Oracle Corporation)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-05-23] (Oracle Corporation)
DPF: HKLM-x32 {4FF78044-96B4-4312-A5B7-FDA3CB328095}
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll [2014-04-25] (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll [2014-04-25] (McAfee, Inc.)
Winsock: Catalog9 01 C:\WINDOWS\SysWOW64\Wefhiuli.dll [286720 2015-05-28] ()
Winsock: Catalog9 02 C:\WINDOWS\SysWOW64\Wefhiuli.dll [286720 2015-05-28] ()
Winsock: Catalog9 03 C:\WINDOWS\SysWOW64\Wefhiuli.dll [286720 2015-05-28] ()
Winsock: Catalog9 04 C:\WINDOWS\SysWOW64\Wefhiuli.dll [286720 2015-05-28] ()
Winsock: Catalog9 16 C:\WINDOWS\SysWOW64\Wefhiuli.dll [286720 2015-05-28] ()
Tcpip\Parameters: [DhcpNameServer] 167.206.245.135 167.206.245.136 192.168.1.1
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF ProfilePath: C:\Users\Pradeepa\AppData\Roaming\Mozilla\Firefox\Profiles\pgx74g70.default
FF DefaultSearchEngine: Cassiopesa
FF DefaultSearchEngine.US: Cassiopesa
FF SelectedSearchEngine: Cassiopesa
FF Homepage: hxxp://www.google.com/
FF NetworkProxy: "type", 0
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2014-04-25] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2013-12-10] (VideoLAN)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2014-02-27] (Adobe Systems)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2014-03-11] (Google, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-11-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-11-06] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-05-23] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-05-23] (Oracle Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2014-04-25] ()
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Pro 8\npnitromozilla.dll [2012-12-14] (Nitro PDF)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll [2015-04-25] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll [2015-04-25] (Google Inc.)
FF Plugin-x32: @tools.updatepm.com/PriceMeterLiveUpdate Update;version=3 -> C:\Program Files (x86)\PriceMeterLiveUpdate\Update\1.3.23.0\npGoogleUpdate3.dll No File
FF Plugin-x32: @tools.updatepm.com/PriceMeterLiveUpdate Update;version=9 -> C:\Program Files (x86)\PriceMeterLiveUpdate\Update\1.3.23.0\npGoogleUpdate3.dll No File
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2014-02-27] (Adobe Systems)
FF Plugin HKU\S-1-5-21-3688121889-113363352-3167696593-1001: @talk.google.com/GoogleTalkPlugin -> C:\Users\Pradeepa\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2014-06-06] (Google)
FF Plugin HKU\S-1-5-21-3688121889-113363352-3167696593-1001: @talk.google.com/O1DPlugin -> C:\Users\Pradeepa\AppData\Roaming\Mozilla\plugins\npo1d.dll [2014-06-06] (Google)
FF Plugin HKU\S-1-5-21-3688121889-113363352-3167696593-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Pradeepa\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File
FF Plugin HKU\S-1-5-21-3688121889-113363352-3167696593-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Pradeepa\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File
FF Plugin ProgramFiles/Appdata: C:\Users\Pradeepa\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2014-06-06] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Pradeepa\AppData\Roaming\mozilla\plugins\npMeetingJoinPluginAOCUser.dll [2014-05-01] ()
FF Plugin ProgramFiles/Appdata: C:\Users\Pradeepa\AppData\Roaming\mozilla\plugins\npo1d.dll [2014-06-06] (Google)
FF SearchPlugin: C:\Users\Pradeepa\AppData\Roaming\Mozilla\Firefox\Profiles\pgx74g70.default\searchplugins\cassiopesa.xml [2015-05-28]
FF SearchPlugin: C:\Users\Pradeepa\AppData\Roaming\Mozilla\Firefox\Profiles\pgx74g70.default\searchplugins\trovi.xml [2015-05-28]
FF Extension: NNIuceOffers - C:\Users\Pradeepa\AppData\Roaming\Mozilla\Firefox\Profiles\pgx74g70.default\Extensions\U404T@4l.com [2015-04-20]
FF HKLM\...\Firefox\Extensions: [{21EAF666-26B3-4a3c-ABD0-CA2F5A326744}] - C:\Program Files\V-bates\Firefox
FF HKLM-x32\...\Firefox\Extensions: [{21EAF666-26B3-4a3c-ABD0-CA2F5A326744}] - C:\Program Files\V-bates\Firefox
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2013-08-16]
FF Extension: No Name - C:\Users\Pradeepa\AppData\Roaming\Mozilla\Firefox\Profiles\pgx74g70.default\extensions\d4db60df25f14dae9dd18@185c395f9e794c9ab86be3eb.com [not found]
StartMenuInternet: FIREFOX.EXE - firefox.exe

Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\Pradeepa\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Pradeepa\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-04-25]
CHR Extension: (Google Docs) - C:\Users\Pradeepa\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-04-25]
CHR Extension: (Google Drive) - C:\Users\Pradeepa\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-04-25]
CHR Extension: (YouTube) - C:\Users\Pradeepa\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-04-25]
CHR Extension: (Adblock Plus) - C:\Users\Pradeepa\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-04-25]
CHR Extension: (Google Search) - C:\Users\Pradeepa\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-04-25]
CHR Extension: (Google Sheets) - C:\Users\Pradeepa\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-04-25]
CHR Extension: (Bookmark Manager) - C:\Users\Pradeepa\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-04-26]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Pradeepa\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-04-26]
CHR Extension: (Skype Click to Call) - C:\Users\Pradeepa\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2015-04-25]
CHR Extension: (Google Wallet) - C:\Users\Pradeepa\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-04-25]
CHR Extension: (Gmail) - C:\Users\Pradeepa\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-25]
CHR HKLM\...\Chrome\Extension: [blmchfpimpbbdmgpcieclabeafkljbhm] - https://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [pfkfdlcdbajamklbneflfbcmfgddmpae] - https://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-3688121889-113363352-3167696593-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [blmchfpimpbbdmgpcieclabeafkljbhm] - https://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-3688121889-113363352-3167696593-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [pfkfdlcdbajamklbneflfbcmfgddmpae] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [blmchfpimpbbdmgpcieclabeafkljbhm] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [ehhlaekjfiiojlddgndcnefflngfmhen] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2015-05-01]
CHR HKLM-x32\...\Chrome\Extension: [nbljechdpodpbchbmjcoamidppmpnmlc] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [pfkfdlcdbajamklbneflfbcmfgddmpae] - https://clients2.google.com/service/update2/crx
StartMenuInternet: Google Chrome - chrome.exe

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Locked "Givceb119" service could not be unlocked. <===== ATTENTION
Locked "lucherbou" service could not be unlocked. <===== ATTENTION
Locked "Malguwl119" service could not be unlocked. <===== ATTENTION
Locked "MigteRyfdis" service could not be unlocked. <===== ATTENTION
Locked "raifkoncut" service could not be unlocked. <===== ATTENTION

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.)
R2 BackupStack; C:\Program Files (x86)\MyPC Backup\BackupStack.exe [53320 2014-11-13] (Just Develop It) <==== ATTENTION
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-28] (Microsoft Corporation)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1394816 2015-05-01] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1772672 2015-05-01] (Microsoft Corporation)
R2 Diagnostics; C:\Program Files (x86)\Common Files\Diagnostics\node\service.exe [154624 2014-10-27] () [File not signed] <==== ATTENTION
R2 dyvehiqu; C:\Users\Pradeepa\AppData\Roaming\5D46E0FF-1432837580-E211-A330-208984ECA4BC\hnsi5FC1.tmp [311808 2015-05-28] () [File not signed]
S4 GlobalUpdater; C:\Program Files (x86)\Common Files\IMGUpdater\IMGUpdater.exe [378152 2014-08-13] () [File not signed]
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15344 2013-01-31] (Intel Corporation)
S4 IePluginService; C:\ProgramData\IePluginService\PluginService.exe [705136 2014-04-10] () [File not signed]
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [319376 2014-10-01] (Intel Corporation)
R2 Intel® Wireless Bluetooth® 4.0 Radio Management; C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe [161736 2013-04-15] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165760 2012-11-06] (Intel Corporation)
S3 LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [1662424 2014-02-19] ()
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [178528 2014-04-25] (McAfee, Inc.)
S3 McAWFwk; C:\Program Files\mcafee\msc\McAWFwk.exe [332080 2012-01-26] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [602944 2013-08-02] (McAfee, Inc.)
S2 McOobeSv; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [200728 2012-05-11] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1025712 2014-01-20] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219752 2014-03-17] (McAfee, Inc.)
R2 mfevtp; C:\windows\system32\mfevtps.exe [185792 2014-03-17] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 myradioplayer; C:\Program Files (x86)\myradioplayer\myradioplayer.exe [3818744 2014-10-16] (myradioplayer)
R2 myradioplayerV1; C:\Program Files (x86)\myradioplayer\myradioplayerSvc.exe [118520 2014-10-16] (myradioplayer)
R2 myradioplayerV2; C:\Program Files (x86)\myradioplayer\myradioplayer.Service.exe [22264 2014-10-16] (altanov)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273136 2013-04-18] ()
R2 NitroDriverReadSpool8; C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe [230408 2012-12-14] (Nitro PDF Software)
R2 Proxy; C:\Program Files (x86)\Common Files\Diagnostics\node\service.exe [154624 2014-10-27] () [File not signed] <==== ATTENTION
R2 qelejify; C:\Users\Pradeepa\AppData\Roaming\5D46E0FF-1432837580-E211-A330-208984ECA4BC\jnst4784.tmp [231424 2015-05-28] () [File not signed]
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [390632 2012-04-24] ()
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-03] (Microsoft Corporation)
R3 Wefhiuli; C:\ProgramData\boostwebapp\1.1.0.31\Wefhiuli.exe [0 ] () <==== ATTENTION (zero byte File/Folder)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-03] (Microsoft Corporation)
S4 Wpm; C:\ProgramData\WPM\wprotectmanager.exe [566272 2014-04-19] () [File not signed]
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3388144 2013-04-18] (Intel® Corporation)
S2 UpdateCheck; C:\Program Files (x86)\Coupoon\UpdateCheck.exe run  [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1366328 2013-03-28] (Motorola Solutions, Inc.)
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [70592 2014-03-17] (McAfee, Inc.)
R5 Givceb119; C:\Windows\System32\Drivers\Givceb119.sys [36472 2015-05-28] () [File not signed]
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)
R5 Malguwl119; C:\Windows\System32\Drivers\Malguwl119.sys [37496 2015-05-28] () [File not signed]
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [180272 2014-03-17] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [311600 2014-03-17] (McAfee, Inc.)
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [69344 2014-03-17] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [522360 2014-03-17] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [783864 2014-03-17] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\system32\DRIVERS\mfencbdc.sys [422712 2014-01-20] (McAfee, Inc.)
S3 mfencrk; C:\Windows\system32\DRIVERS\mfencrk.sys [96592 2014-01-20] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [345456 2014-03-17] (McAfee, Inc.)
R3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew00.sys [3344352 2013-07-08] (Intel Corporation)
R3 rtsuvc; C:\Windows\system32\DRIVERS\rtsuvc.sys [8243272 2013-04-10] (Realtek Semiconductor Corp.)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-03] (Microsoft Corporation)
S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-13] ("CyberLink)
R1 {2635ac50-5488-40bf-9bfd-accb158f8f3f}w64; C:\Windows\System32\drivers\{2635ac50-5488-40bf-9bfd-accb158f8f3f}w64.sys [61120 2014-05-27] (StdLib)
R1 {55dce8ba-9dec-4013-937e-adbf9317d990}Gw64; C:\Windows\System32\drivers\{55dce8ba-9dec-4013-937e-adbf9317d990}Gw64.sys [61584 2014-08-04] (StdLib)
R1 {55dce8ba-9dec-4013-937e-adbf9317d990}w64; C:\Windows\System32\drivers\{55dce8ba-9dec-4013-937e-adbf9317d990}w64.sys [61584 2014-08-07] (StdLib)
R5 Givceb119;  <===== ATTENTION Locked Service
S1 innfd_1_10_0_14; system32\drivers\innfd_1_10_0_14.sys [X]
R5 lucherbou;  <===== ATTENTION Locked Service
R5 Malguwl119;  <===== ATTENTION Locked Service
R5 MigteRyfdis;  <===== ATTENTION Locked Service
R5 raifkoncut;  <===== ATTENTION Locked Service

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-05-31 17:40 - 2015-05-31 17:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2015-05-31 17:36 - 2015-05-31 17:51 - 00000000 ____D () C:\FRST
2015-05-30 23:11 - 2015-05-30 23:11 - 728781599 _____ () C:\WINDOWS\MEMORY.DMP
2015-05-30 23:11 - 2015-05-30 23:11 - 00290448 _____ () C:\WINDOWS\Minidump\053015-29734-01.dmp
2015-05-30 23:11 - 2015-05-30 23:11 - 00000000 ____D () C:\WINDOWS\Minidump
2015-05-29 14:31 - 2015-05-29 14:31 - 04963958 _____ () C:\WINDOWS\shost.bin
2015-05-29 00:41 - 2015-05-31 11:00 - 00000000 ____D () C:\WINDOWS\pss
2015-05-28 20:27 - 2015-05-28 20:31 - 00002231 _____ () C:\Users\Pradeepa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
2015-05-28 20:27 - 2015-05-28 20:27 - 00002127 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-05-28 18:31 - 2015-05-28 18:31 - 00003186 _____ () C:\WINDOWS\System32\Tasks\{6015F274-DF5B-41B4-BB18-85DC0DCEC752}
2015-05-28 14:49 - 2015-05-30 23:08 - 00000112 _____ () C:\ProgramData\H2NmLy.dat
2015-05-28 14:45 - 2015-05-31 17:34 - 00001038 _____ () C:\WINDOWS\Tasks\hafPwBCY41nK7GdUOXVl.job
2015-05-28 14:45 - 2015-05-31 17:34 - 00001036 _____ () C:\WINDOWS\Tasks\X1J5Mh6BdzxCv9rZmVR.job
2015-05-28 14:45 - 2015-05-28 14:45 - 00004048 _____ () C:\WINDOWS\System32\Tasks\hafPwBCY41nK7GdUOXVl
2015-05-28 14:45 - 2015-05-28 14:45 - 00004046 _____ () C:\WINDOWS\System32\Tasks\X1J5Mh6BdzxCv9rZmVR
2015-05-28 14:43 - 2015-05-28 17:43 - 00000004 _____ () C:\WINDOWS\SysWOW64\029B560A371F4E00AB32838EBC01B9E7
2015-05-28 14:41 - 2015-05-31 09:53 - 00000000 ____D () C:\ProgramData\abc
2015-05-28 14:41 - 2015-05-28 14:41 - 00004078 _____ () C:\WINDOWS\System32\Tasks\Crossbrowse
2015-05-28 14:41 - 2015-05-28 14:41 - 00000000 ____D () C:\Users\Guest\AppData\Local\Crossbrowse
2015-05-28 14:41 - 2015-05-28 14:41 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Crossbrowse
2015-05-28 14:39 - 2015-05-28 20:27 - 00000000 ____D () C:\Users\Pradeepa\AppData\Local\SmartWeb
2015-05-28 14:38 - 2015-05-31 17:33 - 00000350 _____ () C:\WINDOWS\Tasks\JJYMKAFR1.job
2015-05-28 14:38 - 2015-05-28 14:38 - 00002864 _____ () C:\WINDOWS\System32\Tasks\JJYMKAFR1
2015-05-28 14:38 - 2015-05-28 14:38 - 00000000 ____D () C:\ProgramData\FlashBeat
2015-05-28 14:38 - 2015-05-28 14:38 - 00000000 ____D () C:\ProgramData\28341ff220e0446c9fff27c4493d622e
2015-05-28 14:38 - 2015-05-28 14:38 - 00000000 ____D () C:\ProgramData\0f8be51fc7a84a16a49ae00b238d2a95
2015-05-28 14:31 - 2015-05-28 14:31 - 00000064 _____ () C:\Users\Pradeepa\AppData\Local\d611a977fc6d24361b8e49f489329352
2015-05-28 14:29 - 2015-05-28 17:26 - 00000000 ____D () C:\Users\Pradeepa\AppData\Local\5D46E0FF-1432823376-E211-A330-208984ECA4BC
2015-05-28 14:29 - 2015-05-28 14:31 - 00000000 ____D () C:\data_from_forms
2015-05-28 14:26 - 2015-05-31 17:35 - 00004656 _____ () C:\WINDOWS\SysWOW64\Wefhiuli.ini
2015-05-28 14:26 - 2015-05-31 17:35 - 00002560 _____ () C:\WINDOWS\SysWOW64\WefhiuliOff.ini
2015-05-28 14:26 - 2015-05-31 17:35 - 00002560 _____ () C:\WINDOWS\system32\WefhiuliOff.ini
2015-05-28 14:26 - 2015-05-29 07:53 - 00000000 ____D () C:\Users\Pradeepa\AppData\Roaming\5D46E0FF-1432837580-E211-A330-208984ECA4BC
2015-05-28 14:26 - 2015-05-28 14:26 - 00037496 _____ () C:\WINDOWS\system32\Drivers\Malguwl119.sys
2015-05-28 14:26 - 2015-05-28 14:26 - 00036472 _____ () C:\WINDOWS\system32\Drivers\Givceb119.sys
2015-05-28 14:26 - 2015-05-28 14:26 - 00000000 ____D () C:\ProgramData\boostwebapp
2015-05-28 14:26 - 2015-05-28 04:17 - 00360448 _____ () C:\WINDOWS\system32\Wefhiuli64.dll
2015-05-28 14:26 - 2015-05-28 04:17 - 00286720 _____ () C:\WINDOWS\SysWOW64\Wefhiuli.dll
2015-05-28 14:26 - 2013-08-22 09:25 - 00000824 _____ () C:\WINDOWS\system32\Drivers\etc\hp.bak
2015-05-28 14:25 - 2015-05-28 14:25 - 00000000 ____D () C:\Users\Pradeepa\AppData\Local\Downloaded Installations
2015-05-28 14:14 - 2015-05-28 14:17 - 149173944 _____ (ETS) C:\Users\Pradeepa\Downloads\TOEFL_Sampler_2014.exe
2015-05-27 21:18 - 2015-05-27 21:18 - 01515024 _____ (Dummy, Ltd.) C:\Users\Pradeepa\Downloads\Barron'S Toefl Ibt 12th Edition Pdf_10924_i12897749_il345.exe
2015-05-26 08:28 - 2015-05-26 08:28 - 00000165 ____H () C:\Users\Pradeepa\Desktop\~$pradee.xlsx
2015-05-23 21:15 - 2015-05-23 21:16 - 00562272 _____ (Oracle Corporation) C:\Users\Pradeepa\Downloads\chromeinstall-8u45.exe
2015-05-19 15:41 - 2015-05-19 15:41 - 00016465 _____ () C:\Users\Pradeepa\Desktop\pradee (Autosaved).xlsx
2015-05-19 10:54 - 2015-05-19 10:54 - 01213478 _____ () C:\Users\Pradeepa\Downloads\OS03691745_AppForm (7).zip
2015-05-19 10:54 - 2015-05-19 10:54 - 01213478 _____ () C:\Users\Pradeepa\Downloads\OS03691745_AppForm (6).zip
2015-05-19 10:54 - 2015-05-19 10:54 - 01213478 _____ () C:\Users\Pradeepa\Downloads\OS03691745_AppForm (5).zip
2015-05-19 10:53 - 2015-05-19 10:53 - 02026257 _____ () C:\Users\Pradeepa\Downloads\importantinformationaboutyouriciciprupolicyno_1919615.zip
2015-05-19 10:53 - 2015-05-19 10:53 - 02026257 _____ () C:\Users\Pradeepa\Downloads\importantinformationaboutyouriciciprupolicyno_1919615 (3).zip
2015-05-19 10:53 - 2015-05-19 10:53 - 02026257 _____ () C:\Users\Pradeepa\Downloads\importantinformationaboutyouriciciprupolicyno_1919615 (2).zip
2015-05-19 10:53 - 2015-05-19 10:53 - 02026257 _____ () C:\Users\Pradeepa\Downloads\importantinformationaboutyouriciciprupolicyno_1919615 (1).zip
2015-05-19 10:53 - 2015-05-19 10:53 - 01213478 _____ () C:\Users\Pradeepa\Downloads\OS03691745_AppForm (4).zip
2015-05-19 10:53 - 2015-05-19 10:53 - 01213478 _____ () C:\Users\Pradeepa\Downloads\OS03691745_AppForm (3).zip
2015-05-19 10:53 - 2015-05-19 10:53 - 00811853 _____ () C:\Users\Pradeepa\Downloads\OS03691745_UA6_PCPNPC5333 (7).zip
2015-05-19 10:53 - 2015-05-19 10:53 - 00811853 _____ () C:\Users\Pradeepa\Downloads\OS03691745_UA6_PCPNPC5333 (6).zip
2015-05-19 10:52 - 2015-05-19 10:53 - 00811853 _____ () C:\Users\Pradeepa\Downloads\OS03691745_UA6_PCPNPC5333 (5).zip
2015-05-19 10:52 - 2015-05-19 10:52 - 01213478 _____ () C:\Users\Pradeepa\Downloads\OS03691745_AppForm.zip
2015-05-19 10:52 - 2015-05-19 10:52 - 01213478 _____ () C:\Users\Pradeepa\Downloads\OS03691745_AppForm (2).zip
2015-05-19 10:52 - 2015-05-19 10:52 - 01213478 _____ () C:\Users\Pradeepa\Downloads\OS03691745_AppForm (1).zip
2015-05-19 10:52 - 2015-05-19 10:52 - 00811853 _____ () C:\Users\Pradeepa\Downloads\OS03691745_UA6_PCPNPC5333.zip
2015-05-19 10:52 - 2015-05-19 10:52 - 00811853 _____ () C:\Users\Pradeepa\Downloads\OS03691745_UA6_PCPNPC5333 (4).zip
2015-05-19 10:52 - 2015-05-19 10:52 - 00811853 _____ () C:\Users\Pradeepa\Downloads\OS03691745_UA6_PCPNPC5333 (3).zip
2015-05-19 10:52 - 2015-05-19 10:52 - 00811853 _____ () C:\Users\Pradeepa\Downloads\OS03691745_UA6_PCPNPC5333 (2).zip
2015-05-19 10:52 - 2015-05-19 10:52 - 00811853 _____ () C:\Users\Pradeepa\Downloads\OS03691745_UA6_PCPNPC5333 (1).zip
2015-05-19 10:37 - 2015-05-19 11:08 - 00140288 _____ () C:\Users\Pradeepa\Downloads\1403773165463_35433797.xls
2015-05-18 21:51 - 2015-05-18 21:51 - 00000100 _____ () C:\Users\Pradeepa\Desktop\123.txt
2015-05-15 23:40 - 2015-05-05 13:59 - 00792568 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-05-15 23:40 - 2015-05-05 13:59 - 00178168 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-05-13 17:30 - 2015-04-24 17:32 - 00036864 _____ (Microsoft Corporation) C:\WINDOWS\system32\UtcResources.dll
2015-05-13 17:30 - 2015-03-04 19:09 - 01429504 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2015-05-12 19:34 - 2015-04-30 16:35 - 00124112 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-12 19:34 - 2015-04-30 16:35 - 00102608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-05-12 18:30 - 2015-05-12 18:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-05-12 18:29 - 2015-05-12 18:29 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2015-05-12 18:29 - 2015-05-12 18:29 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2015-05-12 17:46 - 2015-04-09 20:34 - 02256896 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2015-05-12 17:46 - 2015-04-09 20:11 - 01943040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2015-05-12 17:46 - 2015-03-17 13:26 - 00467776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2015-05-12 17:46 - 2015-03-08 22:02 - 00057856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthhfenum.sys
2015-05-12 17:44 - 2015-04-30 19:05 - 00429568 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2015-05-12 17:44 - 2015-04-30 18:48 - 00358912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2015-05-12 17:44 - 2015-04-08 18:55 - 00410128 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe
2015-05-12 17:44 - 2015-04-01 18:22 - 02985984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2015-05-12 17:44 - 2015-04-01 18:20 - 04417536 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2015-05-12 17:44 - 2015-03-31 23:45 - 01491456 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbghelp.dll
2015-05-12 17:44 - 2015-03-31 22:31 - 01207296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbghelp.dll
2015-05-12 17:44 - 2015-03-30 01:47 - 00561928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2015-05-12 17:44 - 2015-03-26 23:27 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2015-05-12 17:44 - 2015-03-26 22:50 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2015-05-12 17:44 - 2015-03-26 22:48 - 01441792 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2015-05-12 17:44 - 2015-03-19 21:56 - 00080384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ahcache.sys
2015-05-12 17:44 - 2015-03-13 00:03 - 00239424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2015-05-12 17:44 - 2015-03-13 00:03 - 00154432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2015-05-12 17:44 - 2015-03-12 21:11 - 02162176 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2015-05-12 17:44 - 2015-03-12 20:39 - 01812992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRH.dll
2015-05-12 17:44 - 2015-03-12 20:29 - 00410017 _____ () C:\WINDOWS\system32\ApnDatabase.xml
2015-05-12 17:44 - 2015-03-10 21:49 - 00024576 _____ (Microsoft Corporation) C:\WINDOWS\system32\sdbinst.exe
2015-05-12 17:44 - 2015-03-10 21:09 - 00021504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sdbinst.exe
2015-05-12 17:44 - 2015-03-05 23:08 - 02067968 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpdshext.dll
2015-05-12 17:44 - 2015-03-05 22:47 - 01696256 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll
2015-05-12 17:44 - 2015-03-05 22:43 - 01969664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wpdshext.dll
2015-05-12 17:44 - 2015-03-03 21:32 - 00172544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Input.Inking.dll
2015-05-12 17:44 - 2015-03-03 21:12 - 00141824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Input.Inking.dll
2015-05-12 17:44 - 2015-02-17 19:19 - 00186368 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpapisrv.dll
2015-05-12 17:44 - 2015-01-29 20:53 - 02819584 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers.dll
2015-05-12 17:44 - 2014-11-14 02:58 - 00116736 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsDatabase.dll
2015-05-12 17:43 - 2015-04-13 18:48 - 04180480 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-05-12 17:43 - 2015-04-09 21:00 - 01996800 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2015-05-12 17:43 - 2015-04-09 20:50 - 01387008 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2015-05-12 17:43 - 2015-04-09 20:26 - 01560576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
2015-05-12 17:43 - 2015-04-02 20:35 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhotoMetadataHandler.dll
2015-05-12 17:43 - 2015-04-02 20:14 - 00364544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhotoMetadataHandler.dll
2015-05-12 17:43 - 2015-03-12 22:02 - 00316416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\udfs.sys
2015-05-12 17:42 - 2015-04-21 13:14 - 24971776 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-05-12 17:42 - 2015-04-21 12:50 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-05-12 17:42 - 2015-04-21 12:50 - 00417792 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec
2015-05-12 17:42 - 2015-04-21 12:49 - 02885120 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-05-12 17:42 - 2015-04-21 12:37 - 00633856 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll
2015-05-12 17:42 - 2015-04-21 12:35 - 00816640 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-05-12 17:42 - 2015-04-21 12:31 - 06025728 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-05-12 17:42 - 2015-04-21 12:24 - 19691008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-05-12 17:42 - 2015-04-21 12:13 - 00107520 _____ (Microsoft Corporation) C:\WINDOWS\system32\inseng.dll
2015-05-12 17:42 - 2015-04-21 12:11 - 00504320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-05-12 17:42 - 2015-04-21 12:09 - 00341504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\html.iec
2015-05-12 17:42 - 2015-04-21 12:08 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2015-05-12 17:42 - 2015-04-21 12:07 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2015-05-12 17:42 - 2015-04-21 12:05 - 00316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2015-05-12 17:42 - 2015-04-21 12:04 - 02278400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-05-12 17:42 - 2015-04-21 11:59 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-05-12 17:42 - 2015-04-21 11:58 - 00664576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-05-12 17:42 - 2015-04-21 11:52 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2015-05-12 17:42 - 2015-04-21 11:49 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-05-12 17:42 - 2015-04-21 11:49 - 00720384 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2015-05-12 17:42 - 2015-04-21 11:49 - 00374272 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2015-05-12 17:42 - 2015-04-21 11:46 - 02125824 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-05-12 17:42 - 2015-04-21 11:40 - 14401536 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-05-12 17:42 - 2015-04-21 11:38 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2015-05-12 17:42 - 2015-04-21 11:37 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2015-05-12 17:42 - 2015-04-21 11:36 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2015-05-12 17:42 - 2015-04-21 11:32 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-05-12 17:42 - 2015-04-21 11:31 - 04305920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-05-12 17:42 - 2015-04-21 11:28 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2015-05-12 17:42 - 2015-04-21 11:27 - 02352128 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-05-12 17:42 - 2015-04-21 11:26 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-05-12 17:42 - 2015-04-21 11:26 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2015-05-12 17:42 - 2015-04-21 11:25 - 02052608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2015-05-12 17:42 - 2015-04-21 11:17 - 12828672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-05-12 17:42 - 2015-04-21 11:15 - 01547264 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-05-12 17:42 - 2015-04-21 11:03 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-05-12 17:42 - 2015-04-21 11:02 - 01882112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-05-12 17:42 - 2015-04-21 10:58 - 01310208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-05-12 17:42 - 2015-04-21 10:56 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-05-09 09:18 - 2015-05-09 09:18 - 00056977 _____ () C:\Users\Pradeepa\Downloads\srivishnusahasra015436mbp_daisy.zip
2015-05-06 22:09 - 2015-05-06 22:19 - 00060928 _____ () C:\Users\Pradeepa\Downloads\CEF_Ahmed.XLS
2015-05-06 10:36 - 2015-05-06 10:36 - 00019456 _____ () C:\Users\Pradeepa\Downloads\1430922999232_35433797.xls
2015-05-03 13:47 - 2015-05-26 14:24 - 00015586 _____ () C:\Users\Pradeepa\Desktop\pradee.xlsx
2015-05-03 13:47 - 2015-05-18 21:51 - 00000410 _____ () C:\Users\Pradeepa\Desktop\notes.txt

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-05-31 17:51 - 2014-12-03 14:24 - 01349728 _____ () C:\WINDOWS\WindowsUpdate.log
2015-05-31 17:45 - 2014-04-20 01:08 - 00003596 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3688121889-113363352-3167696593-1001
2015-05-31 17:45 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-05-31 17:38 - 2014-09-24 03:15 - 00865408 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-05-31 17:35 - 2013-08-22 10:46 - 00308923 _____ () C:\WINDOWS\setupact.log
2015-05-31 17:33 - 2015-04-25 18:27 - 00000912 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-05-31 17:33 - 2014-08-13 21:53 - 00000302 _____ () C:\WINDOWS\Tasks\FF Watcher {2A8BF2EF-BA9F-48BF-896F-97E00DF5E9F2}.job
2015-05-31 17:33 - 2014-04-19 01:49 - 00000980 _____ () C:\WINDOWS\Tasks\PriceMeterLiveUpdateUpdateTaskMachineCore.job
2015-05-31 17:33 - 2013-08-22 10:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-05-31 17:32 - 2015-04-25 18:27 - 00000916 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-05-31 17:32 - 2014-03-22 00:27 - 29090636 _____ () C:\Users\Public\CAFADEBUG.log
2015-05-31 17:26 - 2014-04-19 01:49 - 00000984 _____ () C:\WINDOWS\Tasks\PriceMeterLiveUpdateUpdateTaskMachineUA.job
2015-05-31 17:14 - 2014-12-08 00:59 - 00003930 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{DD07D13C-5A28-496D-9E46-B5A2B164563C}
2015-05-31 17:13 - 2014-08-10 13:38 - 00000934 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3688121889-113363352-3167696593-1001UA.job
2015-05-31 17:12 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-05-31 12:53 - 2014-08-05 07:23 - 00000318 _____ () C:\WINDOWS\Tasks\Astromenda.job
2015-05-31 00:58 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\system32\NDF
2015-05-30 23:25 - 2014-09-24 03:03 - 00043326 _____ () C:\WINDOWS\PFRO.log
2015-05-30 23:25 - 2013-08-22 09:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2015-05-30 23:19 - 2015-02-24 23:38 - 00000000 ___HD () C:\ProgramData\CanonIJScan
2015-05-30 23:19 - 2015-02-24 23:26 - 00000000 ____D () C:\Users\Pradeepa\AppData\Roaming\Canon
2015-05-30 23:18 - 2015-02-24 22:48 - 00000000 ____D () C:\Program Files (x86)\Canon
2015-05-30 23:14 - 2014-03-22 00:47 - 00000000 ___RD () C:\Program Files (x86)\Skype
2015-05-30 23:13 - 2014-08-10 13:38 - 00000882 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3688121889-113363352-3167696593-1001Core.job
2015-05-30 23:12 - 2014-12-03 14:04 - 00000000 ____D () C:\Users\Pradeepa
2015-05-30 23:12 - 2013-08-22 09:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2015-05-29 17:56 - 2014-04-25 14:26 - 00000000 ____D () C:\Users\Pradeepa\AppData\Roaming\vlc
2015-05-28 22:50 - 2013-08-16 05:25 - 00000000 ____D () C:\ProgramData\Package Cache
2015-05-28 20:27 - 2015-04-25 18:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-05-28 18:27 - 2015-03-17 21:54 - 00000000 ____D () C:\Program Files (x86)\Apple Software Update
2015-05-28 17:22 - 2014-04-19 11:20 - 00000000 ____D () C:\Users\Pradeepa\Desktop\My Photos
2015-05-28 14:30 - 2014-11-17 22:44 - 00001158 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-05-28 14:29 - 2014-03-21 22:54 - 00000000 ____D () C:\Users\Pradeepa\AppData\Roaming\Macromedia
2015-05-26 13:42 - 2014-03-22 00:47 - 00000000 ____D () C:\Users\Pradeepa\AppData\Roaming\Skype
2015-05-23 21:18 - 2015-04-25 18:34 - 00000000 ____D () C:\Program Files (x86)\Java
2015-05-23 21:16 - 2015-04-25 18:35 - 00097888 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2015-05-21 17:12 - 2015-01-02 17:21 - 02516992 ___SH () C:\Users\Pradeepa\Downloads\Thumbs.db
2015-05-16 02:34 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\rescache
2015-05-16 01:38 - 2014-04-18 01:09 - 00002457 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-05-15 23:39 - 2013-08-22 11:37 - 00005217 _____ () C:\WINDOWS\DtcInstall.log
2015-05-15 23:37 - 2013-08-22 10:44 - 00510400 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2015-05-15 23:22 - 2015-04-04 06:02 - 00000000 ___SD () C:\WINDOWS\SysWOW64\GWX
2015-05-15 23:22 - 2015-04-04 06:02 - 00000000 ___SD () C:\WINDOWS\system32\GWX
2015-05-15 23:22 - 2013-08-22 11:36 - 00000000 ___RD () C:\WINDOWS\ImmersiveControlPanel
2015-05-15 23:21 - 2014-09-24 02:53 - 00000000 ____D () C:\Program Files\Windows Journal
2015-05-15 23:21 - 2013-08-22 11:36 - 00000000 ___RD () C:\WINDOWS\ToastData
2015-05-15 23:21 - 2013-08-22 11:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-05-15 23:21 - 2013-08-22 11:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-05-15 23:21 - 2013-08-22 11:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-05-15 23:21 - 2013-08-22 11:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-05-15 23:21 - 2013-08-22 11:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-05-15 23:21 - 2013-08-22 11:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-05-15 23:21 - 2013-08-22 11:36 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools
2015-05-15 23:21 - 2013-08-22 11:36 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2015-05-15 23:21 - 2013-08-22 11:36 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-05-15 23:21 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\MediaViewer
2015-05-15 23:21 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\FileManager
2015-05-15 23:21 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\Camera
2015-05-15 23:21 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\system32\AdvancedInstallers
2015-05-15 23:19 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\sppui
2015-05-15 23:19 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\setup
2015-05-15 23:19 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\migwiz
2015-05-15 23:19 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\Com
2015-05-15 23:19 - 2013-08-22 11:36 - 00000000 ____D () C:\Program Files\Windows Portable Devices
2015-05-15 23:19 - 2013-08-22 11:36 - 00000000 ____D () C:\Program Files\Windows Photo Viewer
2015-05-15 23:19 - 2013-08-22 11:36 - 00000000 ____D () C:\Program Files\Windows Multimedia Platform
2015-05-15 23:19 - 2013-08-22 11:36 - 00000000 ____D () C:\Program Files\Common Files\System
2015-05-15 23:19 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\oobe
2015-05-15 23:19 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\Dism
2015-05-15 23:19 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\servicing
2015-05-15 23:12 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\system32\WinBioPlugIns
2015-05-15 23:12 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\system32\sppui
2015-05-15 23:12 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\system32\setup
2015-05-15 23:12 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\system32\Com
2015-05-15 23:12 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\IME
2015-05-15 23:12 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\system32\Sysprep
2015-05-15 23:12 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\system32\oobe
2015-05-15 23:11 - 2013-08-22 11:36 - 00000000 ___SD () C:\WINDOWS\system32\dsc
2015-05-15 23:11 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\system32\SystemResetPlatform
2015-05-15 23:11 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\system32\migwiz
2015-05-15 23:11 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\system32\Dism
2015-05-15 23:04 - 2013-08-22 11:36 - 00000000 ____D () C:\Program Files (x86)\Windows Portable Devices
2015-05-15 23:04 - 2013-08-22 11:36 - 00000000 ____D () C:\Program Files (x86)\Windows Photo Viewer
2015-05-15 23:04 - 2013-08-22 11:36 - 00000000 ____D () C:\Program Files (x86)\Windows Multimedia Platform
2015-05-15 23:03 - 2013-08-22 11:36 - 00000000 ____D () C:\Program Files\WindowsPowerShell
2015-05-15 22:59 - 2012-07-26 03:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2015-05-12 20:34 - 2014-12-01 19:02 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-05-12 19:20 - 2014-04-18 12:08 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-05-12 19:07 - 2014-04-18 12:08 - 140425016 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-05-05 00:24 - 2014-03-22 00:47 - 00000000 ____D () C:\ProgramData\Skype

==================== Files in the root of some directories =======

2014-08-13 21:54 - 2014-08-13 21:54 - 0001200 _____ () C:\Users\Pradeepa\AppData\Roaming\aps.scan.quick.results
2014-08-13 21:54 - 2014-08-13 21:54 - 0002928 _____ () C:\Users\Pradeepa\AppData\Roaming\aps.scan.results
2014-08-13 21:54 - 2014-08-13 21:54 - 0000318 _____ () C:\Users\Pradeepa\AppData\Roaming\aps.uninstall.scan.results
2015-04-14 12:28 - 2015-04-14 12:28 - 0004387 _____ () C:\Users\Pradeepa\AppData\Roaming\hafPwBCY41nK7GdUOXVl
2015-04-20 10:05 - 2015-04-20 10:05 - 1246720 _____ () C:\Users\Pradeepa\AppData\Roaming\hafPwBCY41nK7GdUOXVl.exe
2014-11-07 20:14 - 2014-11-07 20:14 - 1490864 _____ (Cinema PlusV07.11) C:\Users\Pradeepa\AppData\Roaming\SBIRUWJ.exe
2014-08-24 13:23 - 2014-11-09 00:28 - 0000117 _____ () C:\Users\Pradeepa\AppData\Roaming\WB.CFG
2015-04-19 08:20 - 2015-04-19 08:20 - 0005872 _____ () C:\Users\Pradeepa\AppData\Roaming\X1J5Mh6BdzxCv9rZmVR
2015-04-20 10:05 - 2015-04-20 10:05 - 1579520 _____ () C:\Users\Pradeepa\AppData\Roaming\X1J5Mh6BdzxCv9rZmVR.exe
2014-11-07 20:14 - 2014-11-07 20:14 - 1977264 _____ (Cinema PlusV07.11) C:\Users\Pradeepa\AppData\Roaming\YWNEQGCS.exe
2015-05-28 14:31 - 2015-05-28 14:31 - 0000064 _____ () C:\Users\Pradeepa\AppData\Local\d611a977fc6d24361b8e49f489329352
2014-08-13 21:53 - 2014-08-13 21:53 - 0575544 _____ (ClickMeIn Limited) C:\Users\Pradeepa\AppData\Local\nss6409.tmp
2015-05-28 23:01 - 2015-05-28 23:01 - 0011790 _____ () C:\Users\Pradeepa\AppData\Local\Temp-log.txt
2013-08-16 05:22 - 2013-08-16 05:22 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2015-05-28 14:49 - 2015-05-30 23:08 - 0000112 _____ () C:\ProgramData\H2NmLy.dat

Files to move or delete:
====================
C:\ProgramData\H2NmLy.dat


Some files in TEMP:
====================
C:\Users\Pradeepa\AppData\Local\Temp\1980.exe
C:\Users\Pradeepa\AppData\Local\Temp\420.exe
C:\Users\Pradeepa\AppData\Local\Temp\52C8.exe
C:\Users\Pradeepa\AppData\Local\Temp\6128.exe
C:\Users\Pradeepa\AppData\Local\Temp\6880.exe
C:\Users\Pradeepa\AppData\Local\Temp\8007.exe
C:\Users\Pradeepa\AppData\Local\Temp\APNSetup.exe
C:\Users\Pradeepa\AppData\Local\Temp\B6D8.exe
C:\Users\Pradeepa\AppData\Local\Temp\Barron'S Toefl Ibt 12th Edition Pdf__10924_i1525695266_il1002705.exe
C:\Users\Pradeepa\AppData\Local\Temp\Barron'S Toefl Ibt 12th Edition Pdf__10924_i1525714799_il1002705.exe
C:\Users\Pradeepa\AppData\Local\Temp\bitool.dll
C:\Users\Pradeepa\AppData\Local\Temp\C22E.exe
C:\Users\Pradeepa\AppData\Local\Temp\D00.exe
C:\Users\Pradeepa\AppData\Local\Temp\F3C0.exe
C:\Users\Pradeepa\AppData\Local\Temp\i4jdel0.exe
C:\Users\Pradeepa\AppData\Local\Temp\MSETUP4.EXE
C:\Users\Pradeepa\AppData\Local\Temp\mVO37EE.exe
C:\Users\Pradeepa\AppData\Local\Temp\nitro_pro8_x64.exe
C:\Users\Pradeepa\AppData\Local\Temp\oct2D25.tmp.exe
C:\Users\Pradeepa\AppData\Local\Temp\oct3B5A.tmp.exe
C:\Users\Pradeepa\AppData\Local\Temp\oct4437.tmp.exe
C:\Users\Pradeepa\AppData\Local\Temp\oct4E9.tmp.exe
C:\Users\Pradeepa\AppData\Local\Temp\oct6CAC.tmp.exe
C:\Users\Pradeepa\AppData\Local\Temp\octB884.tmp.exe
C:\Users\Pradeepa\AppData\Local\Temp\octC147.tmp.exe
C:\Users\Pradeepa\AppData\Local\Temp\octE48D.tmp.exe
C:\Users\Pradeepa\AppData\Local\Temp\octEDEC.tmp.exe
C:\Users\Pradeepa\AppData\Local\Temp\setup.exe
C:\Users\Pradeepa\AppData\Local\Temp\setup_644.exe
C:\Users\Pradeepa\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Pradeepa\AppData\Local\Temp\SpOrder.dll
C:\Users\Pradeepa\AppData\Local\Temp\uninstall.exe
C:\Users\Pradeepa\AppData\Local\Temp\vlc-2.1.5-win64.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-05-31 12:12

==================== End of log ============================
 
Could you please help us how to resove this issue.
 
Thanks,
Harish

Edit: Topic moved from Am I infected? What do I do? to the more appropriate forum. Due to the included FRST Log. ~ Animal

BC AdBot (Login to Remove)

 


#2 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:02:51 AM

Posted 01 June 2015 - 10:16 AM

Hi & :welcome: to Bleeping Computer Forums!
My name is Jürgen and I will be assisting you with your Malware related problems. :warrior:

Before we move on, please read the following points carefully: :exclame:
  • My native language isn't English. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.
  • Please read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.
  • If you have illegal/cracked software, cracks, keygens, etc. on the system, please remove or uninstall them now!
  • Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 5 days from this initial or any subsequent post, then this thread will be closed.
  • If I don't reply within 24 hours please PM me!
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
The Addition.txt is missing. Please re-run FRST:

Step 1

frst.pngfrstscan.png

Start FRST with administator privileges.
  • Make sure the following option is checked: addition.png
  • Press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
    Please copy and paste these logs in your next reply.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#3 hlingam

hlingam
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:08:51 PM

Posted 01 June 2015 - 06:40 PM

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 29-05-2015
Ran by Pradeepa (administrator) on DEEPAM on 01-06-2015 19:24:04
Running from C:\FRST
Loaded Profiles: Pradeepa (Available Profiles: Pradeepa)
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(PriceMeter) C:\Program Files (x86)\PriceMeterLiveUpdate\Update\PriceMeterLiveUpdate.exe
(FlashBeat) C:\ProgramData\FlashBeat\FlashBeat.exe
(FlashBeat) C:\ProgramData\FlashBeat\FlashBeat.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
() C:\Program Files (x86)\Common Files\Diagnostics\node\service.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
() C:\Users\Pradeepa\AppData\Roaming\5D46E0FF-1432837580-E211-A330-208984ECA4BC\hnsi5FC1.tmp
(Joyent, Inc) C:\Program Files (x86)\Common Files\Diagnostics\node\node.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
() C:\ProgramData\boostwebapp\1.1.0.31\ikuwmys.EXE
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
() C:\ProgramData\boostwebapp\1.1.0.31\TouhJoisa.exe
(myradioplayer) C:\Program Files (x86)\myradioplayer\myradioplayer.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
() C:\Program Files (x86)\Common Files\Diagnostics\node\service.exe
() C:\Users\Pradeepa\AppData\Roaming\5D46E0FF-1432837580-E211-A330-208984ECA4BC\jnst4784.tmp
(Joyent, Inc) C:\Program Files (x86)\Common Files\Diagnostics\node\node.exe
() C:\ProgramData\boostwebapp\1.1.0.31\ikuamys.EXE
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(McAfee, Inc.) C:\Program Files\mcafee\msc\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe
(myradioplayer) C:\Program Files (x86)\myradioplayer\myradioplayerSvc.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
() C:\ProgramData\boostwebapp\1.1.0.31\Wefhiuli.EXE
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
(myradioplayer) C:\Program Files (x86)\myradioplayer\myradioplayerTray.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe
(Power Software Ltd) C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\Platform\McUICnt.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Just Develop It) C:\Program Files (x86)\MyPC Backup\BackupStack.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Intel® Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(altanov) C:\Program Files (x86)\myradioplayer\myradioplayer.Service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(McAfee, Inc.) C:\Program Files\mcafee\msm\McSmtFwk.exe
() C:\ProgramData\boostwebapp\1.1.0.31\ikudmys.exe
(Joyent, Inc) C:\Program Files (x86)\Common Files\Diagnostics\node\node.exe
(Joyent, Inc) C:\Program Files (x86)\Common Files\Diagnostics\node\node.exe
(PriceMeter) C:\Program Files (x86)\PriceMeterLiveUpdate\Update\PriceMeterLiveUpdate.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [HotKeysCmds] => C:\windows\system32\hkcmd.exe
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [286192 2013-01-31] (Intel Corporation)
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [900704 2013-03-15] (Conexant Systems, Inc.)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [17097200 2013-08-16] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [193008 2013-08-16] (Lenovo(beijing) Limited)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated)
HKLM\...\Run: [myradioplayer Tray] => C:\Program Files (x86)\myradioplayer\myradioplayerTray.exe [113912 2014-10-16] (myradioplayer)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-02-13] (Apple Inc.)
HKLM-x32\...\Run: [YouCam Tray] => C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe [168464 2012-10-30] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateP2GShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [217088 2012-04-18] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)
HKLM-x32\...\Run: [mcui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [537992 2014-04-25] (McAfee, Inc.)
HKLM-x32\...\Run: [Intel AppUp(SM) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-07-12] (Intel Corporation)
HKLM-x32\...\Run: [mcpltui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [537992 2014-04-25] (McAfee, Inc.)
HKLM-x32\...\Run: [fst_us_203] => [X]
HKLM-x32\...\Run: [PC HealthFix] => "C:\ProgramData\PC HealthFix\PCHealthFix.exe" /runscan
HKLM-x32\...\Run: [BlockAndSurf] => C:\Program Files (x86)\ver7BlockAndSurf\BlockAndSurf.exe
HKLM-x32\...\Run: [AnyProtect Scanner] => "C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe"
HKLM-x32\...\Run: [PWRISOVM.EXE] => C:\Program Files (x86)\PowerISO\PWRISOVM.EXE [337432 2013-07-21] (Power Software Ltd)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896 2015-04-30] (Oracle Corporation)
HKLM-x32\...\Run: [gmsd_us_627] => [X]
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-21-3688121889-113363352-3167696593-1001\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [479744 2014-10-28] (Microsoft Corporation)
HKU\S-1-5-21-3688121889-113363352-3167696593-1001\...\RunOnce: [Application Restart #5] => C:\Users\Pradeepa\AppData\Local\Pokki\Engine\HostAppService.exe  /openmenu --disable-internal-flash --noerrdialogs --no-message-box --disable-extensions --disable-web-security --disable-web-resources  (the data entry has 565 more characters).
HKU\S-1-5-21-3688121889-113363352-3167696593-1001\...\MountPoints2: {7a7642b8-cbf2-11e4-bf23-0cd2926109df} - "G:\LaunchU3.exe" -a
AppInit_DLLs: C:\ProgramData\FlashBeat\FlashBeat64.dll => C:\ProgramData\FlashBeat\FlashBeat64.dll [1022464 2015-05-27] (FlashBeat)
AppInit_DLLs-x32: C:\ProgramData\FlashBeat\FlashBeat32.dll => C:\ProgramData\FlashBeat\FlashBeat32.dll [817664 2015-05-27] (FlashBeat)
AppInit_DLLs-x32:  C:\PROGRA~3\{0420E~1\1172~1.1\nore.dll => "C:\PROGRA~3\{0420E~1\1172~1.1\nore.dll" File not found
IFEO\DatamngrCoordinator.exe: [Debugger] tasklist.exe
Startup: C:\Users\Pradeepa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Ok_Bangaram_(2015)_-_320_-_[www.SouthMp3.CO].zip.lnk [2015-04-09]
ShortcutTarget: Ok_Bangaram_(2015)_-_320_-_[www.SouthMp3.CO].zip.lnk -> C:\ProgramData\{361ea319-36f5-66df-361e-ea31936f8c64}\Ok_Bangaram_(2015)_-_320_-_[www.SouthMp3.CO].zip.exe ()
ShellIconOverlayIdentifiers: [SugarSyncBackedUp] -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll No File
ShellIconOverlayIdentifiers: [SugarSyncPending] -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll No File
ShellIconOverlayIdentifiers: [SugarSyncRoot] -> {A759AFF6-5851-457D-A540-F4ECED148351} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll No File
ShellIconOverlayIdentifiers: [SugarSyncShared] -> {1574C9EF-7D58-488F-B358-8B78C1538F51} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll No File
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-3688121889-113363352-3167696593-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
ProxyEnable: [HKLM-x32] => ProxyEnable is set
ProxyServer: [HKLM-x32] => http=127.0.0.1:58091;https=127.0.0.1:58091
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled
ProxyServer: [.DEFAULT] => 127.0.0.1:5050
ProxyEnable: [S-1-5-19] => Internet Explorer proxy is enabled
ProxyServer: [S-1-5-19] => 127.0.0.1:5050
ProxyEnable: [S-1-5-20] => Internet Explorer proxy is enabled
ProxyServer: [S-1-5-20] => 127.0.0.1:5050
ProxyEnable: [S-1-5-21-3688121889-113363352-3167696593-1001] => Internet Explorer proxy is enabled
ProxyServer: [S-1-5-21-3688121889-113363352-3167696593-1001] => 127.0.0.1:5050
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.istart123.com/web/?type=ds&ts=1407974641&from=tugs&uid=ST1000LM024XHN-M101MBB_S2SMJ9FD709247&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.istart123.com/?type=hp&ts=1407974641&from=tugs&uid=ST1000LM024XHN-M101MBB_S2SMJ9FD709247
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.istart123.com/web/?type=ds&ts=1407974641&from=tugs&uid=ST1000LM024XHN-M101MBB_S2SMJ9FD709247&q={searchTerms}
HKU\S-1-5-21-3688121889-113363352-3167696593-1001\Software\Microsoft\Internet Explorer\Main,Search Page = http://feed.safefinder.com/?p=mKO_AwFzXIpYRak5VLd2-qQdkN5729vVFWxou9ho1IAoH5LYnFv7JfoYs6ZpG6R1WwslpORMb-WHYaAZoye0ha22XyWIqGMz2Xh1mYihn7RcXmqPcywSBTt5gjBKfhQIVNvl69hkml9tuYI7YHYO1rUdn3ELXdDv3-nR6VGa_nuODZKua14LPj1HnM7e67h8L4v2R7hVHQ,,&q={searchTerms}
HKU\S-1-5-21-3688121889-113363352-3167696593-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3688121889-113363352-3167696593-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo13.msn.com
HKU\S-1-5-21-3688121889-113363352-3167696593-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://home.lenovo.com
HKU\S-1-5-21-3688121889-113363352-3167696593-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://home.lenovo.com
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.istart123.com/web/?type=ds&ts=1407974641&from=tugs&uid=ST1000LM024XHN-M101MBB_S2SMJ9FD709247&q={searchTerms}
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.cassiopesa.com/results.php?f=4&q={searchTerms}&a=csp_otbrw5_15_22&cd=2XzuyEtN2Y1L1QzutD0C0DtBzytByCtCtDzy0D0CyEtB0C0BtN0D0Tzu0StCtByEtAtN1L2XzutAtFtCtDtFtCtDtFtDtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2SyByBzytCtDtA0DzztGtAtBzzyEtG0A0AtD0CtGyDzytAyCtGtCyCtBtByC0AzytDyB0A0A0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyByC0EyDyEzzyE0EtG0EzzyDyBtGyEyE0EzytG0AtAtD0FtG0CtD0A0ByD0AyCyBtDtD0C0B2QtN0A0LzuyE&cr=1420432219&ir=
SearchScopes: HKLM -> {2E00D31D-D171-423D-836D-1A4D7EA7F1A9} URL =
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.istart123.com/web/?type=ds&ts=1407974641&from=tugs&uid=ST1000LM024XHN-M101MBB_S2SMJ9FD709247&q={searchTerms}
SearchScopes: HKLM -> {A25AC313-DD19-4238-ACA2-401D6BEE4321} URL =
SearchScopes: HKLM -> {CC865B26-C31D-4D23-B17B-96548EEF03F6} URL = http://groovorio.com/results.php?f=4&q={searchTerms}&a=grv_tight3_14_33&cd=2XzuyEtN2Y1L1QzutBtDzzzyzzyE0E0C0AyE0B0CyEtB0C0BtN0D0Tzu0StCtDyEtBtN1L2XzutAtFyCtFtCtFtDtN1L1Czu2Z1L1N1M2Z1VtCyE1VtCzztN1L1G1B1V1N2Y1L1Qzu2SyBtDtB0F0Dzy0D0DtGtAzzyC0BtGyB0E0AtCtG0DyC0BtCtGyDyD0AtAyBtAyE0B0D0CtDzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyByC0EyDyEzzyE0EtG0EzzyDyBtGyEyE0EzytG0AtAtD0FtG0CtD0A0ByD0AyCyBtDtD0C0B2Q&cr=1779137969&ir=
SearchScopes: HKLM-x32 -> DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://feed.safefinder.com/?p=mKO_AwFzXIpYRak5VLd2-qQdkN5729vVFWxou9ho1IAoH5LYnFv7JfoYs6ZpG6R1WwslpORMb-WHYaAZoye0ha22XyWIqGMz2Xh1mYihn7RcXmqPcywSBTt5gjBKfhQIVNvl69hkml9tuYI7YHYO1rUdn3ELXdDv3-nR6VGa_nuODZKua14M6JcTbBj6U5PgHhB6YHXKxA,,&q={searchTerms}
SearchScopes: HKLM-x32 -> {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://feed.safefinder.com/?p=mKO_AwFzXIpYRak5VLd2-qQdkN5729vVFWxou9ho1IAoH5LYnFv7JfoYs6ZpG6R1WwslpORMb-WHYaAZoye0ha22XyWIqGMz2Xh1mYihn7RcXmqPcywSBTt5gjBKfhQIVNvl69hkml9tuYI7YHYO1rUdn3ELXdDv3-nR6VGa_nuODZKua14M6JcTbBj6U5PgHhB6YHXKxA,,&q={searchTerms}
SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.istart123.com/web/?type=ds&ts=1407974641&from=tugs&uid=ST1000LM024XHN-M101MBB_S2SMJ9FD709247&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3688121889-113363352-3167696593-1001 -> DefaultScope {015DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://www.trovi.com/Results.aspx?gd=&ctid=CT3333887&octid=EB_ORIGINAL_CTID&ISID=M6581F3BF-CDC7-430B-9E54-F449661DFCF8&SearchSource=58&CUI=&UM=8&UP=SP224FAC1A-04E9-4FA1-841B-1D61BE51640E&D=052815&q={searchTerms}&SSPV=SP22340TA_sp_ie
SearchScopes: HKU\S-1-5-21-3688121889-113363352-3167696593-1001 -> {015DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://www.trovi.com/Results.aspx?gd=&ctid=CT3333887&octid=EB_ORIGINAL_CTID&ISID=M6581F3BF-CDC7-430B-9E54-F449661DFCF8&SearchSource=58&CUI=&UM=8&UP=SP224FAC1A-04E9-4FA1-841B-1D61BE51640E&D=052815&q={searchTerms}&SSPV=SP22340TA_sp_ie
SearchScopes: HKU\S-1-5-21-3688121889-113363352-3167696593-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.cassiopesa.com/results.php?f=4&q={searchTerms}&a=csp_otbrw5_15_22&cd=2XzuyEtN2Y1L1QzutD0C0DtBzytByCtCtDzy0D0CyEtB0C0BtN0D0Tzu0StCtByEtAtN1L2XzutAtFtCtDtFtCtDtFtDtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2SyByBzytCtDtA0DzztGtAtBzzyEtG0A0AtD0CtGyDzytAyCtGtCyCtBtByC0AzytDyB0A0A0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyByC0EyDyEzzyE0EtG0EzzyDyBtGyEyE0EzytG0AtAtD0FtG0CtD0A0ByD0AyCyBtDtD0C0B2QtN0A0LzuyE&cr=1420432219&ir=
SearchScopes: HKU\S-1-5-21-3688121889-113363352-3167696593-1001 -> {3B6E5E72-A483-436F-828E-8DFB0CD9D188} URL = http://www.search.ask.com/web?tpid=ORJ-SPE&o=APN11405&pf=V7&p2=^BBD^OSJ000^YY^US&gct=&itbv=12.24.1.51&apn_uid=08885414-998A-4295-9E99-885BDE47F77B&apn_ptnrs=BBD&apn_dtid=^OSJ000^YY^US&apn_dbr=ie_11.0.9600.17416&doi=2015-02-26&trgb=IE&q={searchTerms}&psv=&pt=tb
SearchScopes: HKU\S-1-5-21-3688121889-113363352-3167696593-1001 -> {8304A897-E2BF-433C-A8B4-A3FEAC03F4BF} URL =
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-05-23] (Oracle Corporation)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-05-23] (Oracle Corporation)
DPF: HKLM-x32 {4FF78044-96B4-4312-A5B7-FDA3CB328095}
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll [2014-04-25] (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll [2014-04-25] (McAfee, Inc.)
Winsock: Catalog9 01 C:\WINDOWS\SysWOW64\Wefhiuli.dll [286720 2015-05-28] ()
Winsock: Catalog9 02 C:\WINDOWS\SysWOW64\Wefhiuli.dll [286720 2015-05-28] ()
Winsock: Catalog9 03 C:\WINDOWS\SysWOW64\Wefhiuli.dll [286720 2015-05-28] ()
Winsock: Catalog9 04 C:\WINDOWS\SysWOW64\Wefhiuli.dll [286720 2015-05-28] ()
Winsock: Catalog9 16 C:\WINDOWS\SysWOW64\Wefhiuli.dll [286720 2015-05-28] ()
Tcpip\Parameters: [DhcpNameServer] 167.206.245.135 167.206.245.136 192.168.1.1
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF ProfilePath: C:\Users\Pradeepa\AppData\Roaming\Mozilla\Firefox\Profiles\pgx74g70.default
FF DefaultSearchEngine: Cassiopesa
FF DefaultSearchEngine.US: Cassiopesa
FF SelectedSearchEngine: Cassiopesa
FF Homepage: hxxp://www.google.com/
FF NetworkProxy: "type", 0
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2014-04-25] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2013-12-10] (VideoLAN)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2014-02-27] (Adobe Systems)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2014-03-11] (Google, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-11-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-11-06] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-05-23] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-05-23] (Oracle Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2014-04-25] ()
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Pro 8\npnitromozilla.dll [2012-12-14] (Nitro PDF)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll [2015-04-25] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll [2015-04-25] (Google Inc.)
FF Plugin-x32: @tools.updatepm.com/PriceMeterLiveUpdate Update;version=3 -> C:\Program Files (x86)\PriceMeterLiveUpdate\Update\1.3.23.0\npGoogleUpdate3.dll No File
FF Plugin-x32: @tools.updatepm.com/PriceMeterLiveUpdate Update;version=9 -> C:\Program Files (x86)\PriceMeterLiveUpdate\Update\1.3.23.0\npGoogleUpdate3.dll No File
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2014-02-27] (Adobe Systems)
FF Plugin HKU\S-1-5-21-3688121889-113363352-3167696593-1001: @talk.google.com/GoogleTalkPlugin -> C:\Users\Pradeepa\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2014-06-06] (Google)
FF Plugin HKU\S-1-5-21-3688121889-113363352-3167696593-1001: @talk.google.com/O1DPlugin -> C:\Users\Pradeepa\AppData\Roaming\Mozilla\plugins\npo1d.dll [2014-06-06] (Google)
FF Plugin HKU\S-1-5-21-3688121889-113363352-3167696593-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Pradeepa\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File
FF Plugin HKU\S-1-5-21-3688121889-113363352-3167696593-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Pradeepa\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File
FF Plugin ProgramFiles/Appdata: C:\Users\Pradeepa\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2014-06-06] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Pradeepa\AppData\Roaming\mozilla\plugins\npMeetingJoinPluginAOCUser.dll [2014-05-01] ()
FF Plugin ProgramFiles/Appdata: C:\Users\Pradeepa\AppData\Roaming\mozilla\plugins\npo1d.dll [2014-06-06] (Google)
FF SearchPlugin: C:\Users\Pradeepa\AppData\Roaming\Mozilla\Firefox\Profiles\pgx74g70.default\searchplugins\cassiopesa.xml [2015-05-28]
FF SearchPlugin: C:\Users\Pradeepa\AppData\Roaming\Mozilla\Firefox\Profiles\pgx74g70.default\searchplugins\trovi.xml [2015-05-28]
FF Extension: NNIuceOffers - C:\Users\Pradeepa\AppData\Roaming\Mozilla\Firefox\Profiles\pgx74g70.default\Extensions\U404T@4l.com [2015-04-20]
FF HKLM\...\Firefox\Extensions: [{21EAF666-26B3-4a3c-ABD0-CA2F5A326744}] - C:\Program Files\V-bates\Firefox
FF HKLM-x32\...\Firefox\Extensions: [{21EAF666-26B3-4a3c-ABD0-CA2F5A326744}] - C:\Program Files\V-bates\Firefox
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2013-08-16]
FF Extension: No Name - C:\Users\Pradeepa\AppData\Roaming\Mozilla\Firefox\Profiles\pgx74g70.default\extensions\d4db60df25f14dae9dd18@185c395f9e794c9ab86be3eb.com [not found]
StartMenuInternet: FIREFOX.EXE - firefox.exe

Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\Pradeepa\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Pradeepa\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-04-25]
CHR Extension: (Google Docs) - C:\Users\Pradeepa\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-04-25]
CHR Extension: (Google Drive) - C:\Users\Pradeepa\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-04-25]
CHR Extension: (YouTube) - C:\Users\Pradeepa\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-04-25]
CHR Extension: (Adblock Plus) - C:\Users\Pradeepa\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-04-25]
CHR Extension: (Google Search) - C:\Users\Pradeepa\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-04-25]
CHR Extension: (Google Sheets) - C:\Users\Pradeepa\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-04-25]
CHR Extension: (Bookmark Manager) - C:\Users\Pradeepa\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-04-26]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Pradeepa\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-04-26]
CHR Extension: (Skype Click to Call) - C:\Users\Pradeepa\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2015-04-25]
CHR Extension: (Google Wallet) - C:\Users\Pradeepa\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-04-25]
CHR Extension: (Gmail) - C:\Users\Pradeepa\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-25]
CHR HKLM\...\Chrome\Extension: [blmchfpimpbbdmgpcieclabeafkljbhm] - https://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [pfkfdlcdbajamklbneflfbcmfgddmpae] - https://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-3688121889-113363352-3167696593-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [blmchfpimpbbdmgpcieclabeafkljbhm] - https://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-3688121889-113363352-3167696593-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [pfkfdlcdbajamklbneflfbcmfgddmpae] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [blmchfpimpbbdmgpcieclabeafkljbhm] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [ehhlaekjfiiojlddgndcnefflngfmhen] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2015-05-01]
CHR HKLM-x32\...\Chrome\Extension: [nbljechdpodpbchbmjcoamidppmpnmlc] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [pfkfdlcdbajamklbneflfbcmfgddmpae] - https://clients2.google.com/service/update2/crx
StartMenuInternet: Google Chrome - chrome.exe

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Locked "Givceb119" service could not be unlocked. <===== ATTENTION
Locked "lucherbou" service could not be unlocked. <===== ATTENTION
Locked "Malguwl119" service could not be unlocked. <===== ATTENTION
Locked "MigteRyfdis" service could not be unlocked. <===== ATTENTION
Locked "raifkoncut" service could not be unlocked. <===== ATTENTION

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.)
R2 BackupStack; C:\Program Files (x86)\MyPC Backup\BackupStack.exe [53320 2014-11-13] (Just Develop It) <==== ATTENTION
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-28] (Microsoft Corporation)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1394816 2015-05-01] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1772672 2015-05-01] (Microsoft Corporation)
R2 Diagnostics; C:\Program Files (x86)\Common Files\Diagnostics\node\service.exe [154624 2014-10-27] () [File not signed] <==== ATTENTION
R2 dyvehiqu; C:\Users\Pradeepa\AppData\Roaming\5D46E0FF-1432837580-E211-A330-208984ECA4BC\hnsi5FC1.tmp [311808 2015-05-28] () [File not signed]
S4 GlobalUpdater; C:\Program Files (x86)\Common Files\IMGUpdater\IMGUpdater.exe [378152 2014-08-13] () [File not signed]
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15344 2013-01-31] (Intel Corporation)
S4 IePluginService; C:\ProgramData\IePluginService\PluginService.exe [705136 2014-04-10] () [File not signed]
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [319376 2014-10-01] (Intel Corporation)
R2 Intel® Wireless Bluetooth® 4.0 Radio Management; C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe [161736 2013-04-15] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165760 2012-11-06] (Intel Corporation)
S3 LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [1662424 2014-02-19] ()
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [178528 2014-04-25] (McAfee, Inc.)
S3 McAWFwk; C:\Program Files\mcafee\msc\McAWFwk.exe [332080 2012-01-26] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [602944 2013-08-02] (McAfee, Inc.)
S2 McOobeSv; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [200728 2012-05-11] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1025712 2014-01-20] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219752 2014-03-17] (McAfee, Inc.)
R2 mfevtp; C:\windows\system32\mfevtps.exe [185792 2014-03-17] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 myradioplayer; C:\Program Files (x86)\myradioplayer\myradioplayer.exe [3818744 2014-10-16] (myradioplayer)
R2 myradioplayerV1; C:\Program Files (x86)\myradioplayer\myradioplayerSvc.exe [118520 2014-10-16] (myradioplayer)
R2 myradioplayerV2; C:\Program Files (x86)\myradioplayer\myradioplayer.Service.exe [22264 2014-10-16] (altanov)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273136 2013-04-18] ()
R2 NitroDriverReadSpool8; C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe [230408 2012-12-14] (Nitro PDF Software)
R2 Proxy; C:\Program Files (x86)\Common Files\Diagnostics\node\service.exe [154624 2014-10-27] () [File not signed] <==== ATTENTION
R2 qelejify; C:\Users\Pradeepa\AppData\Roaming\5D46E0FF-1432837580-E211-A330-208984ECA4BC\jnst4784.tmp [231424 2015-05-28] () [File not signed]
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [390632 2012-04-24] ()
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-03] (Microsoft Corporation)
R3 Wefhiuli; C:\ProgramData\boostwebapp\1.1.0.31\Wefhiuli.exe [0 ] () <==== ATTENTION (zero byte File/Folder)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-03] (Microsoft Corporation)
S4 Wpm; C:\ProgramData\WPM\wprotectmanager.exe [566272 2014-04-19] () [File not signed]
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3388144 2013-04-18] (Intel® Corporation)
S2 UpdateCheck; C:\Program Files (x86)\Coupoon\UpdateCheck.exe run  [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1366328 2013-03-28] (Motorola Solutions, Inc.)
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [70592 2014-03-17] (McAfee, Inc.)
R5 Givceb119; C:\Windows\System32\Drivers\Givceb119.sys [36472 2015-05-28] () [File not signed]
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)
R5 Malguwl119; C:\Windows\System32\Drivers\Malguwl119.sys [37496 2015-05-28] () [File not signed]
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [180272 2014-03-17] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [311600 2014-03-17] (McAfee, Inc.)
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [69344 2014-03-17] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [522360 2014-03-17] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [783864 2014-03-17] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\system32\DRIVERS\mfencbdc.sys [422712 2014-01-20] (McAfee, Inc.)
S3 mfencrk; C:\Windows\system32\DRIVERS\mfencrk.sys [96592 2014-01-20] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [345456 2014-03-17] (McAfee, Inc.)
R3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew00.sys [3344352 2013-07-08] (Intel Corporation)
R3 rtsuvc; C:\Windows\system32\DRIVERS\rtsuvc.sys [8243272 2013-04-10] (Realtek Semiconductor Corp.)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-03] (Microsoft Corporation)
S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-13] ("CyberLink)
R1 {2635ac50-5488-40bf-9bfd-accb158f8f3f}w64; C:\Windows\System32\drivers\{2635ac50-5488-40bf-9bfd-accb158f8f3f}w64.sys [61120 2014-05-27] (StdLib)
R1 {55dce8ba-9dec-4013-937e-adbf9317d990}Gw64; C:\Windows\System32\drivers\{55dce8ba-9dec-4013-937e-adbf9317d990}Gw64.sys [61584 2014-08-04] (StdLib)
R1 {55dce8ba-9dec-4013-937e-adbf9317d990}w64; C:\Windows\System32\drivers\{55dce8ba-9dec-4013-937e-adbf9317d990}w64.sys [61584 2014-08-07] (StdLib)
R5 Givceb119;  <===== ATTENTION Locked Service
S1 innfd_1_10_0_14; system32\drivers\innfd_1_10_0_14.sys [X]
R5 lucherbou;  <===== ATTENTION Locked Service
R5 Malguwl119;  <===== ATTENTION Locked Service
R5 MigteRyfdis;  <===== ATTENTION Locked Service
R5 raifkoncut;  <===== ATTENTION Locked Service

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-01 17:37 - 2015-06-01 17:37 - 00000000 ____D () C:\Users\Pradeepa\Desktop\It's My Love Story (2011). telugu movie.DvdRip.XviD. ESubs.nanda36
2015-06-01 16:15 - 2014-02-17 22:22 - 656451053 _____ () C:\Users\Pradeepa\Desktop\Biriyani (2013) Lotus Telugu Tamil DVDRip 1CD By Team TQR.mkv
2015-06-01 15:39 - 2015-06-01 15:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2015-06-01 15:31 - 2015-06-01 15:31 - 00290392 _____ () C:\WINDOWS\Minidump\060115-21203-01.dmp
2015-06-01 12:58 - 2015-06-01 12:58 - 00000000 ____D () C:\Users\Pradeepa\Desktop\Data
2015-06-01 11:42 - 2015-06-01 11:47 - 00000000 ____D () C:\Users\Pradeepa\Desktop\Rang De Basanti 2006 DVDRip{Dare~Devils }
2015-06-01 11:42 - 2015-06-01 11:42 - 00000000 ____D () C:\Users\Pradeepa\Desktop\7 Khoon Maaf - DVDScr - XviD - 1CDRip - [DDR]
2015-05-31 18:36 - 2015-05-31 18:36 - 00000000 ____D () C:\Program Files (x86)\ESET
2015-05-31 17:36 - 2015-06-01 19:24 - 00000000 ____D () C:\FRST
2015-05-30 23:11 - 2015-06-01 15:31 - 753279719 _____ () C:\WINDOWS\MEMORY.DMP
2015-05-30 23:11 - 2015-06-01 15:31 - 00000000 ____D () C:\WINDOWS\Minidump
2015-05-30 23:11 - 2015-05-30 23:11 - 00290448 _____ () C:\WINDOWS\Minidump\053015-29734-01.dmp
2015-05-29 14:31 - 2015-05-29 14:31 - 04963958 _____ () C:\WINDOWS\shost.bin
2015-05-29 00:41 - 2015-05-31 11:00 - 00000000 ____D () C:\WINDOWS\pss
2015-05-28 20:27 - 2015-05-28 20:31 - 00002231 _____ () C:\Users\Pradeepa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
2015-05-28 20:27 - 2015-05-28 20:27 - 00002127 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-05-28 18:31 - 2015-05-28 18:31 - 00003186 _____ () C:\WINDOWS\System32\Tasks\{6015F274-DF5B-41B4-BB18-85DC0DCEC752}
2015-05-28 14:49 - 2015-05-30 23:08 - 00000112 _____ () C:\ProgramData\H2NmLy.dat
2015-05-28 14:45 - 2015-06-01 15:32 - 00001038 _____ () C:\WINDOWS\Tasks\hafPwBCY41nK7GdUOXVl.job
2015-05-28 14:45 - 2015-06-01 15:32 - 00001036 _____ () C:\WINDOWS\Tasks\X1J5Mh6BdzxCv9rZmVR.job
2015-05-28 14:45 - 2015-05-28 14:45 - 00004048 _____ () C:\WINDOWS\System32\Tasks\hafPwBCY41nK7GdUOXVl
2015-05-28 14:45 - 2015-05-28 14:45 - 00004046 _____ () C:\WINDOWS\System32\Tasks\X1J5Mh6BdzxCv9rZmVR
2015-05-28 14:43 - 2015-05-28 17:43 - 00000004 _____ () C:\WINDOWS\SysWOW64\029B560A371F4E00AB32838EBC01B9E7
2015-05-28 14:41 - 2015-05-31 09:53 - 00000000 ____D () C:\ProgramData\abc
2015-05-28 14:41 - 2015-05-28 14:41 - 00004078 _____ () C:\WINDOWS\System32\Tasks\Crossbrowse
2015-05-28 14:41 - 2015-05-28 14:41 - 00000000 ____D () C:\Users\Guest\AppData\Local\Crossbrowse
2015-05-28 14:41 - 2015-05-28 14:41 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Crossbrowse
2015-05-28 14:39 - 2015-05-28 20:27 - 00000000 ____D () C:\Users\Pradeepa\AppData\Local\SmartWeb
2015-05-28 14:38 - 2015-06-01 15:32 - 00000350 _____ () C:\WINDOWS\Tasks\JJYMKAFR1.job
2015-05-28 14:38 - 2015-05-28 14:38 - 00002864 _____ () C:\WINDOWS\System32\Tasks\JJYMKAFR1
2015-05-28 14:38 - 2015-05-28 14:38 - 00000000 ____D () C:\ProgramData\FlashBeat
2015-05-28 14:38 - 2015-05-28 14:38 - 00000000 ____D () C:\ProgramData\28341ff220e0446c9fff27c4493d622e
2015-05-28 14:38 - 2015-05-28 14:38 - 00000000 ____D () C:\ProgramData\0f8be51fc7a84a16a49ae00b238d2a95
2015-05-28 14:31 - 2015-05-28 14:31 - 00000064 _____ () C:\Users\Pradeepa\AppData\Local\d611a977fc6d24361b8e49f489329352
2015-05-28 14:29 - 2015-05-28 17:26 - 00000000 ____D () C:\Users\Pradeepa\AppData\Local\5D46E0FF-1432823376-E211-A330-208984ECA4BC
2015-05-28 14:29 - 2015-05-28 14:31 - 00000000 ____D () C:\data_from_forms
2015-05-28 14:26 - 2015-06-01 15:33 - 00004656 _____ () C:\WINDOWS\SysWOW64\Wefhiuli.ini
2015-05-28 14:26 - 2015-06-01 15:33 - 00002560 _____ () C:\WINDOWS\SysWOW64\WefhiuliOff.ini
2015-05-28 14:26 - 2015-06-01 15:33 - 00002560 _____ () C:\WINDOWS\system32\WefhiuliOff.ini
2015-05-28 14:26 - 2015-05-29 07:53 - 00000000 ____D () C:\Users\Pradeepa\AppData\Roaming\5D46E0FF-1432837580-E211-A330-208984ECA4BC
2015-05-28 14:26 - 2015-05-28 14:26 - 00037496 _____ () C:\WINDOWS\system32\Drivers\Malguwl119.sys
2015-05-28 14:26 - 2015-05-28 14:26 - 00036472 _____ () C:\WINDOWS\system32\Drivers\Givceb119.sys
2015-05-28 14:26 - 2015-05-28 14:26 - 00000000 ____D () C:\ProgramData\boostwebapp
2015-05-28 14:26 - 2015-05-28 04:17 - 00360448 _____ () C:\WINDOWS\system32\Wefhiuli64.dll
2015-05-28 14:26 - 2015-05-28 04:17 - 00286720 _____ () C:\WINDOWS\SysWOW64\Wefhiuli.dll
2015-05-28 14:26 - 2013-08-22 09:25 - 00000824 _____ () C:\WINDOWS\system32\Drivers\etc\hp.bak
2015-05-28 14:25 - 2015-05-28 14:25 - 00000000 ____D () C:\Users\Pradeepa\AppData\Local\Downloaded Installations
2015-05-28 14:14 - 2015-05-28 14:17 - 149173944 _____ (ETS) C:\Users\Pradeepa\Downloads\TOEFL_Sampler_2014.exe
2015-05-27 21:18 - 2015-05-27 21:18 - 01515024 _____ (Dummy, Ltd.) C:\Users\Pradeepa\Downloads\Barron'S Toefl Ibt 12th Edition Pdf_10924_i12897749_il345.exe
2015-05-19 10:54 - 2015-05-19 10:54 - 01213478 _____ () C:\Users\Pradeepa\Downloads\OS03691745_AppForm (7).zip
2015-05-19 10:54 - 2015-05-19 10:54 - 01213478 _____ () C:\Users\Pradeepa\Downloads\OS03691745_AppForm (6).zip
2015-05-19 10:54 - 2015-05-19 10:54 - 01213478 _____ () C:\Users\Pradeepa\Downloads\OS03691745_AppForm (5).zip
2015-05-19 10:53 - 2015-05-19 10:53 - 01213478 _____ () C:\Users\Pradeepa\Downloads\OS03691745_AppForm (4).zip
2015-05-19 10:53 - 2015-05-19 10:53 - 01213478 _____ () C:\Users\Pradeepa\Downloads\OS03691745_AppForm (3).zip
2015-05-15 23:40 - 2015-05-05 13:59 - 00792568 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-05-15 23:40 - 2015-05-05 13:59 - 00178168 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-05-13 17:30 - 2015-04-24 17:32 - 00036864 _____ (Microsoft Corporation) C:\WINDOWS\system32\UtcResources.dll
2015-05-13 17:30 - 2015-03-04 19:09 - 01429504 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2015-05-12 19:34 - 2015-04-30 16:35 - 00124112 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-12 19:34 - 2015-04-30 16:35 - 00102608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-05-12 18:30 - 2015-05-12 18:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-05-12 18:29 - 2015-05-12 18:29 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2015-05-12 18:29 - 2015-05-12 18:29 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2015-05-12 17:46 - 2015-04-09 20:34 - 02256896 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2015-05-12 17:46 - 2015-04-09 20:11 - 01943040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2015-05-12 17:46 - 2015-03-17 13:26 - 00467776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2015-05-12 17:46 - 2015-03-08 22:02 - 00057856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthhfenum.sys
2015-05-12 17:44 - 2015-04-30 19:05 - 00429568 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2015-05-12 17:44 - 2015-04-30 18:48 - 00358912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2015-05-12 17:44 - 2015-04-08 18:55 - 00410128 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe
2015-05-12 17:44 - 2015-04-01 18:22 - 02985984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2015-05-12 17:44 - 2015-04-01 18:20 - 04417536 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2015-05-12 17:44 - 2015-03-31 23:45 - 01491456 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbghelp.dll
2015-05-12 17:44 - 2015-03-31 22:31 - 01207296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbghelp.dll
2015-05-12 17:44 - 2015-03-30 01:47 - 00561928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2015-05-12 17:44 - 2015-03-26 23:27 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2015-05-12 17:44 - 2015-03-26 22:50 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2015-05-12 17:44 - 2015-03-26 22:48 - 01441792 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2015-05-12 17:44 - 2015-03-19 21:56 - 00080384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ahcache.sys
2015-05-12 17:44 - 2015-03-13 00:03 - 00239424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2015-05-12 17:44 - 2015-03-13 00:03 - 00154432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2015-05-12 17:44 - 2015-03-12 21:11 - 02162176 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2015-05-12 17:44 - 2015-03-12 20:39 - 01812992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRH.dll
2015-05-12 17:44 - 2015-03-12 20:29 - 00410017 _____ () C:\WINDOWS\system32\ApnDatabase.xml
2015-05-12 17:44 - 2015-03-10 21:49 - 00024576 _____ (Microsoft Corporation) C:\WINDOWS\system32\sdbinst.exe
2015-05-12 17:44 - 2015-03-10 21:09 - 00021504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sdbinst.exe
2015-05-12 17:44 - 2015-03-05 23:08 - 02067968 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpdshext.dll
2015-05-12 17:44 - 2015-03-05 22:47 - 01696256 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll
2015-05-12 17:44 - 2015-03-05 22:43 - 01969664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wpdshext.dll
2015-05-12 17:44 - 2015-03-03 21:32 - 00172544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Input.Inking.dll
2015-05-12 17:44 - 2015-03-03 21:12 - 00141824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Input.Inking.dll
2015-05-12 17:44 - 2015-02-17 19:19 - 00186368 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpapisrv.dll
2015-05-12 17:44 - 2015-01-29 20:53 - 02819584 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers.dll
2015-05-12 17:44 - 2014-11-14 02:58 - 00116736 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsDatabase.dll
2015-05-12 17:43 - 2015-04-13 18:48 - 04180480 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-05-12 17:43 - 2015-04-09 21:00 - 01996800 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2015-05-12 17:43 - 2015-04-09 20:50 - 01387008 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2015-05-12 17:43 - 2015-04-09 20:26 - 01560576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
2015-05-12 17:43 - 2015-04-02 20:35 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhotoMetadataHandler.dll
2015-05-12 17:43 - 2015-04-02 20:14 - 00364544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhotoMetadataHandler.dll
2015-05-12 17:43 - 2015-03-12 22:02 - 00316416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\udfs.sys
2015-05-12 17:42 - 2015-04-21 13:14 - 24971776 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-05-12 17:42 - 2015-04-21 12:50 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-05-12 17:42 - 2015-04-21 12:50 - 00417792 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec
2015-05-12 17:42 - 2015-04-21 12:49 - 02885120 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-05-12 17:42 - 2015-04-21 12:37 - 00633856 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll
2015-05-12 17:42 - 2015-04-21 12:35 - 00816640 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-05-12 17:42 - 2015-04-21 12:31 - 06025728 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-05-12 17:42 - 2015-04-21 12:24 - 19691008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-05-12 17:42 - 2015-04-21 12:13 - 00107520 _____ (Microsoft Corporation) C:\WINDOWS\system32\inseng.dll
2015-05-12 17:42 - 2015-04-21 12:11 - 00504320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-05-12 17:42 - 2015-04-21 12:09 - 00341504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\html.iec
2015-05-12 17:42 - 2015-04-21 12:08 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2015-05-12 17:42 - 2015-04-21 12:07 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2015-05-12 17:42 - 2015-04-21 12:05 - 00316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2015-05-12 17:42 - 2015-04-21 12:04 - 02278400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-05-12 17:42 - 2015-04-21 11:59 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-05-12 17:42 - 2015-04-21 11:58 - 00664576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-05-12 17:42 - 2015-04-21 11:52 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2015-05-12 17:42 - 2015-04-21 11:49 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-05-12 17:42 - 2015-04-21 11:49 - 00720384 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2015-05-12 17:42 - 2015-04-21 11:49 - 00374272 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2015-05-12 17:42 - 2015-04-21 11:46 - 02125824 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-05-12 17:42 - 2015-04-21 11:40 - 14401536 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-05-12 17:42 - 2015-04-21 11:38 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2015-05-12 17:42 - 2015-04-21 11:37 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2015-05-12 17:42 - 2015-04-21 11:36 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2015-05-12 17:42 - 2015-04-21 11:32 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-05-12 17:42 - 2015-04-21 11:31 - 04305920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-05-12 17:42 - 2015-04-21 11:28 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2015-05-12 17:42 - 2015-04-21 11:27 - 02352128 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-05-12 17:42 - 2015-04-21 11:26 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-05-12 17:42 - 2015-04-21 11:26 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2015-05-12 17:42 - 2015-04-21 11:25 - 02052608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2015-05-12 17:42 - 2015-04-21 11:17 - 12828672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-05-12 17:42 - 2015-04-21 11:15 - 01547264 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-05-12 17:42 - 2015-04-21 11:03 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-05-12 17:42 - 2015-04-21 11:02 - 01882112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-05-12 17:42 - 2015-04-21 10:58 - 01310208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-05-12 17:42 - 2015-04-21 10:56 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-05-06 22:09 - 2015-05-06 22:19 - 00060928 _____ () C:\Users\Pradeepa\Downloads\CEF_Ahmed.XLS

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-01 19:24 - 2014-04-19 01:49 - 00000984 _____ () C:\WINDOWS\Tasks\PriceMeterLiveUpdateUpdateTaskMachineUA.job
2015-06-01 19:23 - 2014-08-13 21:53 - 00000302 _____ () C:\WINDOWS\Tasks\FF Watcher {2A8BF2EF-BA9F-48BF-896F-97E00DF5E9F2}.job
2015-06-01 19:13 - 2014-08-10 13:38 - 00000934 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3688121889-113363352-3167696593-1001UA.job
2015-06-01 19:09 - 2014-04-25 14:26 - 00000000 ____D () C:\Users\Pradeepa\AppData\Roaming\vlc
2015-06-01 19:02 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-06-01 18:53 - 2014-08-05 07:23 - 00000318 _____ () C:\WINDOWS\Tasks\Astromenda.job
2015-06-01 18:40 - 2014-12-03 14:24 - 01543418 _____ () C:\WINDOWS\WindowsUpdate.log
2015-06-01 18:32 - 2015-04-25 18:27 - 00000916 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-06-01 18:32 - 2015-04-25 18:27 - 00000912 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-06-01 18:04 - 2014-12-08 00:59 - 00003930 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{DD07D13C-5A28-496D-9E46-B5A2B164563C}
2015-06-01 17:29 - 2015-01-02 17:21 - 02792448 ___SH () C:\Users\Pradeepa\Downloads\Thumbs.db
2015-06-01 16:16 - 2014-09-24 03:15 - 00865408 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-06-01 15:39 - 2014-04-20 01:08 - 00003596 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3688121889-113363352-3167696593-1001
2015-06-01 15:32 - 2014-12-03 14:04 - 00000000 ____D () C:\Users\Pradeepa
2015-06-01 15:32 - 2014-04-19 01:49 - 00000980 _____ () C:\WINDOWS\Tasks\PriceMeterLiveUpdateUpdateTaskMachineCore.job
2015-06-01 15:32 - 2013-08-22 10:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-06-01 15:31 - 2014-09-24 03:03 - 00052310 _____ () C:\WINDOWS\PFRO.log
2015-06-01 15:31 - 2013-08-22 10:46 - 00309077 _____ () C:\WINDOWS\setupact.log
2015-06-01 12:41 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-05-31 17:56 - 2014-03-22 00:27 - 29137608 _____ () C:\Users\Public\CAFADEBUG.log
2015-05-31 00:58 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\system32\NDF
2015-05-30 23:25 - 2013-08-22 09:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2015-05-30 23:19 - 2015-02-24 23:38 - 00000000 ___HD () C:\ProgramData\CanonIJScan
2015-05-30 23:19 - 2015-02-24 23:26 - 00000000 ____D () C:\Users\Pradeepa\AppData\Roaming\Canon
2015-05-30 23:18 - 2015-02-24 22:48 - 00000000 ____D () C:\Program Files (x86)\Canon
2015-05-30 23:14 - 2014-03-22 00:47 - 00000000 ___RD () C:\Program Files (x86)\Skype
2015-05-30 23:13 - 2014-08-10 13:38 - 00000882 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3688121889-113363352-3167696593-1001Core.job
2015-05-30 23:12 - 2013-08-22 09:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2015-05-28 22:50 - 2013-08-16 05:25 - 00000000 ____D () C:\ProgramData\Package Cache
2015-05-28 20:27 - 2015-04-25 18:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-05-28 18:27 - 2015-03-17 21:54 - 00000000 ____D () C:\Program Files (x86)\Apple Software Update
2015-05-28 14:30 - 2014-11-17 22:44 - 00001158 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-05-28 14:29 - 2014-03-21 22:54 - 00000000 ____D () C:\Users\Pradeepa\AppData\Roaming\Macromedia
2015-05-26 13:42 - 2014-03-22 00:47 - 00000000 ____D () C:\Users\Pradeepa\AppData\Roaming\Skype
2015-05-23 21:18 - 2015-04-25 18:34 - 00000000 ____D () C:\Program Files (x86)\Java
2015-05-23 21:16 - 2015-04-25 18:35 - 00097888 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2015-05-16 02:34 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\rescache
2015-05-16 01:38 - 2014-04-18 01:09 - 00002457 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-05-15 23:39 - 2013-08-22 11:37 - 00005217 _____ () C:\WINDOWS\DtcInstall.log
2015-05-15 23:37 - 2013-08-22 10:44 - 00510400 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2015-05-15 23:22 - 2015-04-04 06:02 - 00000000 ___SD () C:\WINDOWS\SysWOW64\GWX
2015-05-15 23:22 - 2015-04-04 06:02 - 00000000 ___SD () C:\WINDOWS\system32\GWX
2015-05-15 23:22 - 2013-08-22 11:36 - 00000000 ___RD () C:\WINDOWS\ImmersiveControlPanel
2015-05-15 23:21 - 2014-09-24 02:53 - 00000000 ____D () C:\Program Files\Windows Journal
2015-05-15 23:21 - 2013-08-22 11:36 - 00000000 ___RD () C:\WINDOWS\ToastData
2015-05-15 23:21 - 2013-08-22 11:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-05-15 23:21 - 2013-08-22 11:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-05-15 23:21 - 2013-08-22 11:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-05-15 23:21 - 2013-08-22 11:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-05-15 23:21 - 2013-08-22 11:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-05-15 23:21 - 2013-08-22 11:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-05-15 23:21 - 2013-08-22 11:36 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools
2015-05-15 23:21 - 2013-08-22 11:36 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2015-05-15 23:21 - 2013-08-22 11:36 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-05-15 23:21 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\MediaViewer
2015-05-15 23:21 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\FileManager
2015-05-15 23:21 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\Camera
2015-05-15 23:21 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\system32\AdvancedInstallers
2015-05-15 23:19 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\sppui
2015-05-15 23:19 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\setup
2015-05-15 23:19 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\migwiz
2015-05-15 23:19 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\Com
2015-05-15 23:19 - 2013-08-22 11:36 - 00000000 ____D () C:\Program Files\Windows Portable Devices
2015-05-15 23:19 - 2013-08-22 11:36 - 00000000 ____D () C:\Program Files\Windows Photo Viewer
2015-05-15 23:19 - 2013-08-22 11:36 - 00000000 ____D () C:\Program Files\Windows Multimedia Platform
2015-05-15 23:19 - 2013-08-22 11:36 - 00000000 ____D () C:\Program Files\Common Files\System
2015-05-15 23:19 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\oobe
2015-05-15 23:19 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\Dism
2015-05-15 23:19 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\servicing
2015-05-15 23:12 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\system32\WinBioPlugIns
2015-05-15 23:12 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\system32\sppui
2015-05-15 23:12 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\system32\setup
2015-05-15 23:12 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\system32\Com
2015-05-15 23:12 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\IME
2015-05-15 23:12 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\system32\Sysprep
2015-05-15 23:12 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\system32\oobe
2015-05-15 23:11 - 2013-08-22 11:36 - 00000000 ___SD () C:\WINDOWS\system32\dsc
2015-05-15 23:11 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\system32\SystemResetPlatform
2015-05-15 23:11 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\system32\migwiz
2015-05-15 23:11 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\system32\Dism
2015-05-15 23:04 - 2013-08-22 11:36 - 00000000 ____D () C:\Program Files (x86)\Windows Portable Devices
2015-05-15 23:04 - 2013-08-22 11:36 - 00000000 ____D () C:\Program Files (x86)\Windows Photo Viewer
2015-05-15 23:04 - 2013-08-22 11:36 - 00000000 ____D () C:\Program Files (x86)\Windows Multimedia Platform
2015-05-15 23:03 - 2013-08-22 11:36 - 00000000 ____D () C:\Program Files\WindowsPowerShell
2015-05-15 22:59 - 2012-07-26 03:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2015-05-12 20:34 - 2014-12-01 19:02 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-05-12 19:20 - 2014-04-18 12:08 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-05-12 19:07 - 2014-04-18 12:08 - 140425016 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-05-05 00:24 - 2014-03-22 00:47 - 00000000 ____D () C:\ProgramData\Skype

==================== Files in the root of some directories =======

2014-08-13 21:54 - 2014-08-13 21:54 - 0001200 _____ () C:\Users\Pradeepa\AppData\Roaming\aps.scan.quick.results
2014-08-13 21:54 - 2014-08-13 21:54 - 0002928 _____ () C:\Users\Pradeepa\AppData\Roaming\aps.scan.results
2014-08-13 21:54 - 2014-08-13 21:54 - 0000318 _____ () C:\Users\Pradeepa\AppData\Roaming\aps.uninstall.scan.results
2015-04-14 12:28 - 2015-04-14 12:28 - 0004387 _____ () C:\Users\Pradeepa\AppData\Roaming\hafPwBCY41nK7GdUOXVl
2015-04-20 10:05 - 2015-04-20 10:05 - 1246720 _____ () C:\Users\Pradeepa\AppData\Roaming\hafPwBCY41nK7GdUOXVl.exe
2014-11-07 20:14 - 2014-11-07 20:14 - 1490864 _____ (Cinema PlusV07.11) C:\Users\Pradeepa\AppData\Roaming\SBIRUWJ.exe
2014-08-24 13:23 - 2014-11-09 00:28 - 0000117 _____ () C:\Users\Pradeepa\AppData\Roaming\WB.CFG
2015-04-19 08:20 - 2015-04-19 08:20 - 0005872 _____ () C:\Users\Pradeepa\AppData\Roaming\X1J5Mh6BdzxCv9rZmVR
2015-04-20 10:05 - 2015-04-20 10:05 - 1579520 _____ () C:\Users\Pradeepa\AppData\Roaming\X1J5Mh6BdzxCv9rZmVR.exe
2014-11-07 20:14 - 2014-11-07 20:14 - 1977264 _____ (Cinema PlusV07.11) C:\Users\Pradeepa\AppData\Roaming\YWNEQGCS.exe
2015-05-28 14:31 - 2015-05-28 14:31 - 0000064 _____ () C:\Users\Pradeepa\AppData\Local\d611a977fc6d24361b8e49f489329352
2014-08-13 21:53 - 2014-08-13 21:53 - 0575544 _____ (ClickMeIn Limited) C:\Users\Pradeepa\AppData\Local\nss6409.tmp
2015-05-28 23:01 - 2015-05-28 23:01 - 0011790 _____ () C:\Users\Pradeepa\AppData\Local\Temp-log.txt
2013-08-16 05:22 - 2013-08-16 05:22 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2015-05-28 14:49 - 2015-05-30 23:08 - 0000112 _____ () C:\ProgramData\H2NmLy.dat

Files to move or delete:
====================
C:\ProgramData\H2NmLy.dat


Some files in TEMP:
====================
C:\Users\Pradeepa\AppData\Local\Temp\1980.exe
C:\Users\Pradeepa\AppData\Local\Temp\420.exe
C:\Users\Pradeepa\AppData\Local\Temp\52C8.exe
C:\Users\Pradeepa\AppData\Local\Temp\6128.exe
C:\Users\Pradeepa\AppData\Local\Temp\6880.exe
C:\Users\Pradeepa\AppData\Local\Temp\8007.exe
C:\Users\Pradeepa\AppData\Local\Temp\APNSetup.exe
C:\Users\Pradeepa\AppData\Local\Temp\B6D8.exe
C:\Users\Pradeepa\AppData\Local\Temp\Barron'S Toefl Ibt 12th Edition Pdf__10924_i1525695266_il1002705.exe
C:\Users\Pradeepa\AppData\Local\Temp\Barron'S Toefl Ibt 12th Edition Pdf__10924_i1525714799_il1002705.exe
C:\Users\Pradeepa\AppData\Local\Temp\bitool.dll
C:\Users\Pradeepa\AppData\Local\Temp\C22E.exe
C:\Users\Pradeepa\AppData\Local\Temp\D00.exe
C:\Users\Pradeepa\AppData\Local\Temp\F3C0.exe
C:\Users\Pradeepa\AppData\Local\Temp\i4jdel0.exe
C:\Users\Pradeepa\AppData\Local\Temp\MSETUP4.EXE
C:\Users\Pradeepa\AppData\Local\Temp\mVO37EE.exe
C:\Users\Pradeepa\AppData\Local\Temp\nitro_pro8_x64.exe
C:\Users\Pradeepa\AppData\Local\Temp\oct2D25.tmp.exe
C:\Users\Pradeepa\AppData\Local\Temp\oct3B5A.tmp.exe
C:\Users\Pradeepa\AppData\Local\Temp\oct4437.tmp.exe
C:\Users\Pradeepa\AppData\Local\Temp\oct4E9.tmp.exe
C:\Users\Pradeepa\AppData\Local\Temp\oct6CAC.tmp.exe
C:\Users\Pradeepa\AppData\Local\Temp\octB884.tmp.exe
C:\Users\Pradeepa\AppData\Local\Temp\octC147.tmp.exe
C:\Users\Pradeepa\AppData\Local\Temp\octE48D.tmp.exe
C:\Users\Pradeepa\AppData\Local\Temp\octEDEC.tmp.exe
C:\Users\Pradeepa\AppData\Local\Temp\setup.exe
C:\Users\Pradeepa\AppData\Local\Temp\setup_644.exe
C:\Users\Pradeepa\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Pradeepa\AppData\Local\Temp\SpOrder.dll
C:\Users\Pradeepa\AppData\Local\Temp\uninstall.exe
C:\Users\Pradeepa\AppData\Local\Temp\vlc-2.1.5-win64.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-06-01 15:29

==================== End of log ============================

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 29-05-2015
Ran by Pradeepa at 2015-06-01 19:26:19
Running from C:\FRST
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3688121889-113363352-3167696593-500 - Administrator - Disabled)
Guest (S-1-5-21-3688121889-113363352-3167696593-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3688121889-113363352-3167696593-1003 - Limited - Enabled)
Pradeepa (S-1-5-21-3688121889-113363352-3167696593-1001 - Administrator - Enabled) => C:\Users\Pradeepa

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: McAfee Anti-Virus and Anti-Spyware (Disabled - Up to date) {ADA629C7-7F48-5689-624A-3B76997E0892}
AS: McAfee Anti-Virus and Anti-Spyware (Disabled - Out of date) {16C7C823-5972-5907-58FA-0004E2F9422F}
FW: McAfee Firewall (Disabled) {959DA8E2-3527-57D1-4915-924367AD4FE9}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-3688121889-113363352-3167696593-1001\...\uTorrent) (Version: 1.8.1 - )
Adobe Reader XI (11.0.11) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.11 - Adobe Systems Incorporated)
Apple Application Support (32-bit) (HKLM-x32\...\{447CDCE5-F555-429B-BFA6-642C3C6D684F}) (Version: 3.1.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{0DF7096B-715A-4233-8633-C7A16ED6D616}) (Version: 3.1.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{C4123106-B685-48E6-B9BD-E4F911841EB4}) (Version: 8.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.64.52.0 - Conexant)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.0.2810 - CyberLink Corp.)
CyberLink PowerDirector 10 (Version: 10.0.0.2810 - CyberLink Corp.) Hidden
Dolby Advanced Audio v2 (HKLM-x32\...\{B9E70C7A-9F85-4A39-A4A3-BFA3C3BF7613}) (Version: 7.2.8000.17 - Dolby Laboratories Inc)
EditiX-Free XML Editor free-2008-sp2 (HKLM-x32\...\EditiX-Free XML Editor free-2008-sp2) (Version:  - JAPISoft)
Energy Management (HKLM-x32\...\InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}) (Version: 8.0.2.11 - Lenovo)
Energy Management (x32 Version: 8.0.2.11 - Lenovo) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 42.0.2311.90 - Google Inc.)
Google Talk Plugin (HKLM-x32\...\{C1E3DFE7-4EAD-3E9E-A826-E06055BA5921}) (Version: 5.4.2.18903 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Intel AppUp(SM) center (HKLM-x32\...\Intel AppUp(SM) center 33057) (Version: 3.6.1.33057.10 - Intel)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1281 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3958 - Intel Corporation)
Intel® PROSet/Wireless Software for Bluetooth® Technology (HKLM\...\{302600C1-6BDF-4FD1-1305-148929CC1385}) (Version: 3.0.1305.0340 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.0.0.1083 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{e6d17d96-ddaa-476f-bb07-db601024ffb1}) (Version: 15.8.0 - Intel Corporation)
iTunes (HKLM\...\{D227565A-0033-40AD-89BA-653A205CDC11}) (Version: 12.1.1.4 - Apple Inc.)
Java 8 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)
Lenovo EasyCamera (HKLM-x32\...\{E0A7ED39-8CD6-4351-93C3-69CCA00D12B4}) (Version: 6.2.9200.10227 - Realtek Semiconductor Corp.)
Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.0.0.1219 - CyberLink Corp.)
Lenovo OneKey Recovery (Version: 8.0.0.1219 - CyberLink Corp.) Hidden
Lenovo pointing device (HKLM\...\Elantech) (Version: 11.4.14.1 - ELAN Microelectronic Corp.)
Lenovo PowerDVD10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.4331.52 - CyberLink Corp.)
Lenovo PowerDVD10 (x32 Version: 10.0.4331.52 - CyberLink Corp.) Hidden
Lenovo Solution Center (HKLM\...\{C51863E5-EB09-43A5-9D43-26A32587EEAC}) (Version: 2.4.002.00 - Lenovo Group Limited)
Lenovo YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 4.1.3423 - CyberLink Corp.)
Lenovo YouCam (x32 Version: 4.1.3423 - CyberLink Corp.) Hidden
McAfee Internet Security (HKLM-x32\...\MSC) (Version: 12.8.957 - McAfee, Inc.)
Microsoft Lync 2010 Attendee (HKLM-x32\...\{6F72D695-5188-4484-B21E-E16CD89C4008}) (Version: 4.0.7577.4446 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Visio Professional 2003 (HKLM-x32\...\{90510409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 38.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 38.0 (x86 en-US)) (Version: 38.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 34.0 - Mozilla)
MyPC Backup  (HKLM\...\MyPC Backup) (Version:  - JDi Backup Ltd) <==== ATTENTION
myradioplayer (HKLM-x32\...\myradioplayer) (Version: 4.0.0 - myradioplayer)
Nitro Pro 8 (HKLM\...\{34BE77EE-B563-49D7-A8A0-FFD76D29BBD3}) (Version: 8.0.10.7 - Nitro)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Power2Go (HKLM-x32\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 5.6.0.9109 - CyberLink Corp.)
PowerISO (HKLM-x32\...\PowerISO) (Version: 5.7 - Power Software Ltd)
Qualcomm Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.15 - Qualcomm Atheros Communications Inc.)
Realtek USB Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.2.9200.39036 - Realtek Semiconductor Corp.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.4.0.9058 - Microsoft Corporation)
Skype™ 7.4 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.4.102 - Skype Technologies S.A.)
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.32494 - TeamViewer)
UserGuide (HKLM-x32\...\InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 1.0.0.15 - Lenovo)
UserGuide (x32 Version: 1.0.0.15 - Lenovo) Hidden
VLC media player 2.1.2 (HKLM\...\VLC media player) (Version: 2.1.2 - VideoLAN)
Windows Driver Package - Lenovo (ACPIVPC) System  (06/15/2012 8.1.0.1) (HKLM\...\71BC3FD63F450BA0A957AAECBDB4A000C4F2BE42) (Version: 06/15/2012 8.1.0.1 - Lenovo)
Windows Driver Package - Lenovo (WUDFRd) LenovoVhid  (06/19/2012 10.13.29.733) (HKLM\...\8A223E56FB1ED4F697B54E5BF96F1EB63B512684) (Version: 06/19/2012 10.13.29.733 - Lenovo)
WinRAR 5.21 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)
WPM18.8.0.212 (HKLM-x32\...\WPM) (Version: 18.8.0.212 - Cherished Technololgy LIMITED) <==== ATTENTION

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3688121889-113363352-3167696593-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)
CustomCLSID: HKU\S-1-5-21-3688121889-113363352-3167696593-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Pradeepa\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-3688121889-113363352-3167696593-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Pradeepa\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File

==================== Restore Points =========================

15-05-2015 22:57:10 Windows Update
24-05-2015 08:33:42 Scheduled Checkpoint
28-05-2015 14:25:53 Installed TOEFL Sampler.
31-05-2015 01:05:23 Restore Operation

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 09:25 - 2013-08-22 09:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {03EDDA8E-E32D-4C30-92AE-BCCD7D5BB4A0} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3688121889-113363352-3167696593-1001Core => C:\Users\Pradeepa\AppData\Local\Google\Update\GoogleUpdate.exe
Task: {04CC19A3-CFB1-4D59-BB00-CF14E359C78A} - System32\Tasks\PriceMeterLiveUpdateUpdateTaskMachineCore => C:\Program Files (x86)\PriceMeterLiveUpdate\Update\PriceMeterLiveUpdate.exe [2014-04-19] (PriceMeter) <==== ATTENTION
Task: {07C6E9B4-24F2-4321-8A7A-DF39931A65ED} - System32\Tasks\PCSB_Pradeepa_PCSpeedBoost_RS_WeeklyTask => C:\Program Files (x86)\PC SpeedBoost\PCSpeedBoost.exe
Task: {0C896AE7-3213-4261-A8A0-27908A3FCBA4} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program => C:\Program Files\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2014-02-19] (Lenovo)
Task: {0D8AA707-E11E-405A-BA3F-628BA05D71AE} - System32\Tasks\ProPCCleaner_Start => C:\Program Files (x86)\Pro PC Cleaner\ProPCCleaner.exe <==== ATTENTION
Task: {1A684D52-F88C-49EB-B946-6AE0A01C2A59} - System32\Tasks\Lenovo\LSC\LSCTaskService => C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCTaskService.exe [2014-02-19] ()
Task: {2A587C89-D90B-4098-89D8-057D79E5518D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-04-25] (Google Inc.)
Task: {2E6CBEEB-F3F5-44A6-98BF-F61911AEBB67} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => schtasks
Task: {364002F4-34F0-4175-ADCE-13D25251FB14} - System32\Tasks\FF Watcher {2A8BF2EF-BA9F-48BF-896F-97E00DF5E9F2} => C:\Program Files\V-bates\PrefHelper.exe <==== ATTENTION
Task: {36CB9F6E-F5F3-4DCE-A76D-7F7DF78FF5E1} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {3E119BC4-ECE3-4360-A829-35DB73389304} - System32\Tasks\ProPCCleaner_Popup => C:\Program Files (x86)\Pro PC Cleaner\Splash.exe <==== ATTENTION
Task: {40ED1B52-96F4-4583-AEE8-EDDD2295AF0F} - System32\Tasks\APSnotifierPP3 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: {46B7EB8C-967C-4AE1-9006-B0B8061C296C} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle => C:\Windows\system32\GWX\GWX.exe [2015-05-06] (Microsoft Corporation)
Task: {4A5E06D0-BAEF-4812-9F83-E068D9A59A93} - System32\Tasks\hafPwBCY41nK7GdUOXVl => C:\Users\Pradeepa\AppData\Roaming\hafPwBCY41nK7GdUOXVl.exe [2015-04-20] () <==== ATTENTION
Task: {4B1A0B83-26A6-41E1-9B85-98418AEA44FD} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\Logon => C:\Windows\system32\GWX\GWX.exe [2015-05-06] (Microsoft Corporation)
Task: {5069CBA7-BA23-45F5-834C-A4069CBBFC08} - System32\Tasks\Lenovo\Lenovo Solution Center Launcher => C:\Program Files\lenovo\lenovo solution center\App\LSCService.exe [2014-02-19] (Lenovo)
Task: {61B16785-5AA0-4117-A293-3AE828DF8426} - System32\Tasks\PriceMeterLiveUpdateUpdateTaskMachineUA => C:\Program Files (x86)\PriceMeterLiveUpdate\Update\PriceMeterLiveUpdate.exe [2014-04-19] (PriceMeter) <==== ATTENTION
Task: {6CD19AF4-5704-480C-8FC2-5ECDB7CAFE44} - System32\Tasks\Crossbrowse => C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\utility.exe <==== ATTENTION
Task: {723FD4A3-F643-4CE0-A372-60B84E8BF281} - System32\Tasks\JJYMKAFR1 => C:\ProgramData\FlashBeat\FlashBeat.exe [2015-05-27] (FlashBeat) <==== ATTENTION
Task: {76098051-B023-4CD5-B8AB-4FC67B151530} - System32\Tasks\PastaQuotes => C:\Program Files (x86)\pastaleads\ScheduledTask.exe <==== ATTENTION
Task: {84AD8E10-7878-4987-AEEB-53A67A332684} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-05-06] (Microsoft Corporation)
Task: {86B9962E-FE22-493F-9986-D32675CED8B7} - System32\Tasks\ASP => C:\Program Files (x86)\RCP\systweakasp.exe
Task: {8D85CDE4-1D14-47DB-8D93-29BD14E5DD86} - System32\Tasks\LaunchSignup => C:\Program Files (x86)\MyPC Backup\Signup Wizard.exe [2014-11-13] (MyPC Backup) <==== ATTENTION
Task: {8D9B8E3E-D892-44E9-B835-FCBAC6BC0A53} - System32\Tasks\Dolby Selector => C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe [2012-08-31] (Dolby Laboratories Inc.)
Task: {9E91AF71-B9E2-43CA-A45A-8E3EC5779C16} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-05-06] (Microsoft Corporation)
Task: {A380FA02-F152-4B7A-9667-80692A996A6E} - System32\Tasks\PCSB_Pradeepa_PCSpeedBoost_LogonTask => C:\Program Files (x86)\PC SpeedBoost\PCSpeedBoost.exe
Task: {A9146D45-6546-4A3C-A37A-4C515E3E1D77} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3688121889-113363352-3167696593-1001UA => C:\Users\Pradeepa\AppData\Local\Google\Update\GoogleUpdate.exe
Task: {AB8EC2BC-4CAE-41F0-AAE6-98D588AA7586} - System32\Tasks\X1J5Mh6BdzxCv9rZmVR => C:\Users\Pradeepa\AppData\Roaming\X1J5Mh6BdzxCv9rZmVR.exe [2015-04-20] () <==== ATTENTION
Task: {AD305BC8-1B89-48BF-ABB2-DF389AC995BD} - System32\Tasks\{6015F274-DF5B-41B4-BB18-85DC0DCEC752} => pcalua.exe -a C:\Users\Pradeepa\AppData\Local\SmartWeb\__u.exe -c _?=C:\Users\Pradeepa\AppData\Local\SmartWeb
Task: {B2183EF8-D1D2-4907-BA04-02C9AE8A5A07} - System32\Tasks\APSnotifierPP1 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: {B35DAA05-6AA5-4297-B008-FAB18F31DB31} - System32\Tasks\PCSB_Pradeepa_PCSpeedBoost_RS_DailyTask => C:\Program Files (x86)\PC SpeedBoost\PCSpeedBoost.exe
Task: {C84EF921-C502-4DFE-84C8-C14719CB25D1} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-05-12] (Microsoft Corporation)
Task: {D37D4A63-F121-41D8-A8C4-CA4504374374} - System32\Tasks\Lenovo\LSC\LSCHardwareScan => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2014-02-19] ()
Task: {E1BEDD20-36EA-409D-9D98-CA4BACB33105} - System32\Tasks\Astromenda => C:\Users\Pradeepa\AppData\Roaming\ASTROM~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: {EB6682D6-7C33-4EA3-9711-E4ECD9287540} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-04-25] (Google Inc.)
Task: {F50F0D9C-B8AB-487E-9657-DB309C9FAAB8} - System32\Tasks\APSnotifierPP2 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\APSnotifierPP1.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\APSnotifierPP2.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\APSnotifierPP3.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Astromenda.job => C:\Users\Pradeepa\AppData\Roaming\ASTROM~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: C:\WINDOWS\Tasks\FF Watcher {2A8BF2EF-BA9F-48BF-896F-97E00DF5E9F2}.job => C:\Program Files\V-bates\PrefHelper.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3688121889-113363352-3167696593-1001Core.job => C:\Users\Pradeepa\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3688121889-113363352-3167696593-1001UA.job => C:\Users\Pradeepa\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\hafPwBCY41nK7GdUOXVl.job => C:\Users\Pradeepa\AppData\Roaming\hafPwBCY41nK7GdUOXVl.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\JJYMKAFR1.job => C:\ProgramData\FlashBeat\FlashBeat.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\PriceMeterLiveUpdateUpdateTaskMachineCore.job => C:\Program Files (x86)\PriceMeterLiveUpdate\Update\PriceMeterLiveUpdate.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\PriceMeterLiveUpdateUpdateTaskMachineUA.job => C:\Program Files (x86)\PriceMeterLiveUpdate\Update\PriceMeterLiveUpdate.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\X1J5Mh6BdzxCv9rZmVR.job => C:\Users\Pradeepa\AppData\Roaming\X1J5Mh6BdzxCv9rZmVR.exe <==== ATTENTION

==================== Loaded Modules (Whitelisted) ==============

2015-02-13 04:20 - 2015-02-13 04:20 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-02-13 04:20 - 2015-02-13 04:20 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2013-09-05 01:17 - 2013-09-05 01:17 - 04300456 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 16:23 - 2010-10-20 16:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2014-10-27 17:31 - 2014-10-27 17:31 - 00154624 _____ () C:\Program Files (x86)\Common Files\Diagnostics\node\service.exe
2015-05-28 14:26 - 2015-05-28 14:26 - 00311808 _____ () C:\Users\Pradeepa\AppData\Roaming\5D46E0FF-1432837580-E211-A330-208984ECA4BC\hnsi5FC1.tmp
2015-05-28 14:26 - 2015-05-28 14:26 - 00231424 _____ () C:\Users\Pradeepa\AppData\Roaming\5D46E0FF-1432837580-E211-A330-208984ECA4BC\jnst4784.tmp
2013-08-16 05:42 - 2012-04-24 06:43 - 00390632 _____ () C:\Program Files\CyberLink\Shared files\RichVideo64.exe
2014-11-13 05:59 - 2014-11-13 05:57 - 00270336 _____ () C:\Program Files (x86)\MyPC Backup\AlphaFS.dll
2014-11-13 05:59 - 2014-11-13 05:57 - 00060928 _____ () C:\Program Files (x86)\MyPC Backup\LinqBridge.dll
2014-10-27 17:31 - 2014-10-27 17:31 - 00071168 _____ () C:\Program Files (x86)\Common Files\Diagnostics\node\sys.node
2013-08-16 05:18 - 2012-11-06 01:31 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Windows:nlsPreferences
AlternateDataStreams: C:\WINDOWS\system32\Drivers\btmhsf.sys:Microsoft_Appcompat_ReinstallUpgrade

==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wefhiuli => ""="service"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3688121889-113363352-3167696593-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Pradeepa\Desktop\My Photos\USA_2015\Sea Girt Beach_1005\IMG_0724.JPG
DNS Servers: 167.206.245.135 - 167.206.245.136

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\Run: => "BTMTrayAgent"
HKLM\...\StartupApproved\Run: => "HotKeysCmds"
HKLM\...\StartupApproved\Run32: => "AnyProtect Scanner"
HKLM\...\StartupApproved\Run32: => "PC HealthFix"
HKLM\...\StartupApproved\Run32: => "BlockAndSurf"
HKU\S-1-5-21-3688121889-113363352-3167696593-1001\...\StartupApproved\StartupFolder: => "Ok_Bangaram_(2015)_-_320_-_[www.SouthMp3.CO].zip.lnk"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{15D53714-7A89-4798-AA55-DF931DDDBD41}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
FirewallRules: [{55E6D168-923B-4D65-986A-E932060471A1}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
FirewallRules: [{38BFF3A2-14AC-4F54-AEB6-EF7AB0537901}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
FirewallRules: [{18E57BE9-953E-41F9-9749-D1B9BD9DD532}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
FirewallRules: [{31EE546C-09F0-4032-847F-6A4BD67B3DAE}] => (Allow) C:\Program Files (x86)\uTorrent\uTorrent.exe
FirewallRules: [{F3676875-92B8-4A40-B818-81076A08104D}] => (Allow) C:\Program Files (x86)\uTorrent\uTorrent.exe
FirewallRules: [{FB33F8AB-4D13-4518-905C-000039F9E0C4}] => (Allow) C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe
FirewallRules: [{AB612F04-0F86-455E-B463-7C3548ED96F6}] => (Allow) C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe
FirewallRules: [{D58D3DAD-7507-49C9-AE57-1B7B0530E484}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{3D31DB7C-9014-4A44-B2FF-365CCD7DC970}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
FirewallRules: [{8EAE4F36-C1EA-4887-A585-B7C708C50010}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
FirewallRules: [{94BA6CE9-02ED-4AB6-A5CB-F9ED1D838884}] => (Allow) C:\Program Files (x86)\Lenovo\PowerDVD10\PowerDVD10.EXE
FirewallRules: [{2018520F-0503-44FD-9DCD-2735625B7EDA}] => (Allow) C:\Program Files (x86)\Lenovo\PowerDVD10\PowerDVD Cinema\PowerDVDCinema10.exe
FirewallRules: [{99C70D39-A5BE-4D78-B474-8778EC2E74E1}] => (Allow) C:\Program Files\CyberLink\PowerDirector10\PDR10.EXE
FirewallRules: [{96AB2F4C-B2F9-4B13-BE60-48F90E621EB5}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{768E7E40-0839-40BB-947A-9CC7D28A8C16}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{B01A85F1-BE27-4A73-9687-8124844C36ED}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{BD30CF13-4987-4B3A-B30A-9B54C8BD07A0}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{34F19DB5-9526-4711-8311-93BCA3ABD1A8}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{87DF2906-7614-4985-9372-14B0367CB2C3}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{2AB08BB5-171C-4889-BC12-075E5538EF1D}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{108EDEEB-A71E-4590-9C1D-99438DEBA3D1}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{ECB6CBA2-A5D9-400F-8418-D82FCEA3B1BE}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{3E175CC0-86EF-46FC-8537-CFF578AA04CA}] => (Allow) C:\ProgramData\boostwebapp\1.1.0.31\ikuamys.EXE
FirewallRules: [{AF1D8777-20E7-4BBF-9FCE-3066B608F82F}] => (Allow) C:\ProgramData\boostwebapp\1.1.0.31\ikuamys.EXE
FirewallRules: [{53AAD0C0-E94E-4EE5-810B-E98F3510F770}] => (Allow) C:\ProgramData\boostwebapp\1.1.0.31\ikuamys.EXE
FirewallRules: [{2D98279B-D429-4515-85F5-F8A1721D1FA8}] => (Allow) C:\ProgramData\boostwebapp\1.1.0.31\ikuamys.EXE
FirewallRules: [{72BA4AF2-101A-49CF-AE99-100305039436}] => (Allow) C:\ProgramData\boostwebapp\1.1.0.31\ikuamys.EXE
FirewallRules: [{D49A1E62-A31C-4818-9FD1-629B6E610416}] => (Allow) C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\crossbrowse.exe

==================== Faulty Device Manager Devices =============

Name: Intel® Centrino® Wireless Bluetooth® 4.0 + High Speed Adapter
Description: Intel® Centrino® Wireless Bluetooth® 4.0 + High Speed Adapter
Class Guid: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}
Manufacturer: Intel Corporation
Service: BTHUSB
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Qualcomm Atheros AR8172/8176/8178 PCI-E Fast Ethernet Controller (NDIS 6.30)
Description: Qualcomm Atheros AR8172/8176/8178 PCI-E Fast Ethernet Controller (NDIS 6.30)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Qualcomm Atheros
Service: L1C
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (06/01/2015 00:54:18 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program WordViewer.exe version 1.0.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 140c

Start Time: 01d09c8b89bc0a69

Termination Time: 4294967295

Application Path: C:\Program Files\WindowsApps\9323vladw.WordViewer_1.0.0.0_neutral__1za3b51bhh22y\WordViewer.exe

Report Id: d1696c91-087e-11e5-bf56-811258cf24a9

Faulting package full name: 9323vladw.WordViewer_1.0.0.0_neutral__1za3b51bhh22y

Faulting package-relative application ID: App

Error: (06/01/2015 00:54:07 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2486) (User: Deepam)
Description: App 9323vladw.WordViewer_1.0.0.0_neutral__1za3b51bhh22y+App did not launch within its allotted time.

Error: (05/31/2015 06:36:06 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17784_none_624760d1ecb7236e.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17784_none_624760d1ecb7236e.manifest2" on line C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17784_none_624760d1ecb7236e.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17784_none_624760d1ecb7236e.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17784_none_a9f497a901334c74.manifest.

Error: (05/31/2015 06:36:06 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17784_none_624760d1ecb7236e.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17784_none_624760d1ecb7236e.manifest2" on line C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17784_none_624760d1ecb7236e.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17784_none_624760d1ecb7236e.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17784_none_a9f497a901334c74.manifest.

Error: (05/31/2015 06:36:06 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17784_none_624760d1ecb7236e.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17784_none_624760d1ecb7236e.manifest2" on line C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17784_none_624760d1ecb7236e.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17784_none_624760d1ecb7236e.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17784_none_a9f497a901334c74.manifest.

Error: (05/31/2015 06:36:04 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17784_none_624760d1ecb7236e.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17784_none_624760d1ecb7236e.manifest2" on line C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17784_none_624760d1ecb7236e.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17784_none_624760d1ecb7236e.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17784_none_a9f497a901334c74.manifest.

Error: (05/31/2015 06:35:48 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17784_none_624760d1ecb7236e.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17784_none_624760d1ecb7236e.manifest2" on line C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17784_none_624760d1ecb7236e.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17784_none_624760d1ecb7236e.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17784_none_a9f497a901334c74.manifest.

Error: (05/31/2015 05:56:07 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe_iphlpsvc, version: 6.3.9600.17415, time stamp: 0x54504177
Faulting module name: ntdll.dll, version: 6.3.9600.17736, time stamp: 0x550f4336
Exception code: 0xc0000005
Fault offset: 0x000000000003d85e
Faulting process id: 0x204
Faulting application start time: 0xsvchost.exe_iphlpsvc0
Faulting application path: svchost.exe_iphlpsvc1
Faulting module path: svchost.exe_iphlpsvc2
Report Id: svchost.exe_iphlpsvc3
Faulting package full name: svchost.exe_iphlpsvc4
Faulting package-relative application ID: svchost.exe_iphlpsvc5

Error: (05/31/2015 05:32:45 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe_iphlpsvc, version: 6.3.9600.17415, time stamp: 0x54504177
Faulting module name: ntdll.dll, version: 6.3.9600.17736, time stamp: 0x550f4336
Exception code: 0xc0000005
Fault offset: 0x000000000003d85e
Faulting process id: 0x17a8
Faulting application start time: 0xsvchost.exe_iphlpsvc0
Faulting application path: svchost.exe_iphlpsvc1
Faulting module path: svchost.exe_iphlpsvc2
Report Id: svchost.exe_iphlpsvc3
Faulting package full name: svchost.exe_iphlpsvc4
Faulting package-relative application ID: svchost.exe_iphlpsvc5

Error: (05/31/2015 05:26:03 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 41922


System errors:
=============
Error: (06/01/2015 05:46:26 PM) (Source: DCOM) (EventID: 10000) (User: Deepam)
Description: c:\PROGRA~1\mcafee\msc\mcmscsub.dll -Embedding193{9B3BEB4E-1C5E-4A5F-BB36-2F6587DD34E2}

Error: (06/01/2015 03:42:12 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The pcicsa.sys service failed to start due to the following error:
%%2

Error: (06/01/2015 03:33:40 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The IP Helper service hung on starting.

Error: (06/01/2015 03:32:13 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The UpdateCheck service failed to start due to the following error:
%%2

Error: (06/01/2015 03:31:49 PM) (Source: BugCheck) (EventID: 1001) (User: )
Description: 0x0000000a (0xffffb00172600265, 0x0000000000000002, 0x0000000000000000, 0xfffff80111f0242a)C:\WINDOWS\MEMORY.DMP060115-21203-01

Error: (06/01/2015 03:31:45 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 2:59:15 PM on ‎6/‎1/‎2015 was unexpected.

Error: (06/01/2015 02:46:25 PM) (Source: DCOM) (EventID: 10000) (User: Deepam)
Description: c:\PROGRA~1\mcafee\msc\mcmscsub.dll -Embedding193{9B3BEB4E-1C5E-4A5F-BB36-2F6587DD34E2}

Error: (06/01/2015 11:46:26 AM) (Source: DCOM) (EventID: 10000) (User: Deepam)
Description: c:\PROGRA~1\mcafee\msc\mcmscsub.dll -Embedding193{9B3BEB4E-1C5E-4A5F-BB36-2F6587DD34E2}

Error: (06/01/2015 11:40:22 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The myradioplayerV2 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (06/01/2015 11:39:49 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The pcicsa.sys service failed to start due to the following error:
%%2


Microsoft Office:
=========================
Error: (06/01/2015 00:54:18 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: WordViewer.exe1.0.0.0140c01d09c8b89bc0a694294967295C:\Program Files\WindowsApps\9323vladw.WordViewer_1.0.0.0_neutral__1za3b51bhh22y\WordViewer.exed1696c91-087e-11e5-bf56-811258cf24a99323vladw.WordViewer_1.0.0.0_neutral__1za3b51bhh22yApp

Error: (06/01/2015 00:54:07 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2486) (User: Deepam)
Description: 9323vladw.WordViewer_1.0.0.0_neutral__1za3b51bhh22y+App

Error: (05/31/2015 06:36:06 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17784_none_624760d1ecb7236e.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17784_none_a9f497a901334c74.manifestG:\Hareesh\esetsmartinstaller_enu.exe

Error: (05/31/2015 06:36:06 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17784_none_624760d1ecb7236e.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17784_none_a9f497a901334c74.manifestG:\Hareesh\esetsmartinstaller_enu.exe

Error: (05/31/2015 06:36:06 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17784_none_624760d1ecb7236e.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17784_none_a9f497a901334c74.manifestG:\Hareesh\esetsmartinstaller_enu.exe

Error: (05/31/2015 06:36:04 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17784_none_624760d1ecb7236e.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17784_none_a9f497a901334c74.manifestG:\Hareesh\esetsmartinstaller_enu.exe

Error: (05/31/2015 06:35:48 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17784_none_624760d1ecb7236e.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17784_none_a9f497a901334c74.manifestG:\Hareesh\esetsmartinstaller_enu.exe

Error: (05/31/2015 05:56:07 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: svchost.exe_iphlpsvc6.3.9600.1741554504177ntdll.dll6.3.9600.17736550f4336c0000005000000000003d85e20401d09be97750b53aC:\WINDOWS\system32\svchost.exeC:\WINDOWS\SYSTEM32\ntdll.dlld698dc91-07df-11e5-bf55-ecad2cab7ebf

Error: (05/31/2015 05:32:45 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: svchost.exe_iphlpsvc6.3.9600.1741554504177ntdll.dll6.3.9600.17736550f4336c0000005000000000003d85e17a801d09be84f33f140C:\WINDOWS\system32\svchost.exeC:\WINDOWS\SYSTEM32\ntdll.dll931290dd-07dc-11e5-bf54-8f9a1300e9a5

Error: (05/31/2015 05:26:03 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 41922


CodeIntegrity Errors:
===================================
  Date: 2014-12-11 22:10:51.710
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Windows\System32\myradioplayer64.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-12-11 22:10:51.319
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Windows\System32\myradioplayer64.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-12-10 16:40:31.181
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info ===========================

Processor: Intel® Core™ i5-3230M CPU @ 2.60GHz
Percentage of memory in use: 28%
Total physical RAM: 8057.77 MB
Available physical RAM: 5741.97 MB
Total Pagefile: 26489.77 MB
Available Pagefile: 24066.87 MB
Total Virtual: 131072 MB
Available Virtual: 131071.83 MB

==================== Drives ================================

Drive c: (Windows8_OS) (Fixed) (Total:890.38 GB) (Free:799.3 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (LENOVO) (Fixed) (Total:25 GB) (Free:24.9 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 387BD561)

Partition: GPT Partition Type.

==================== End of log ============================



#4 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:02:51 AM

Posted 02 June 2015 - 05:39 AM

warning.gif P2P warning

Going over your logs I noticed that you have µTorrent installed.

  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a wide variety of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.

It is pretty much certain that if you continue to use P2P programs, you will get infected again.
I would recommend that you uninstall µTorrent, however that choice is up to you.

If you wish to keep it, please do not use it until your computer is cleaned.


Step 1

  • Please download and install revouninstaller.pngRevo Uninstaller Free
    note: there is no need to click anything on that page, the download will start automatically
  • Double click Revo Uninstaller to run it
  • From the list of programs double click on the listed program(s) to remove it:
    MyPC Backup
    WPM18.8.0.212
  • When prompted if you want to uninstall click Yes
  • Be sure the Moderate option is selected then click Next
  • The program will run, If prompted again click Yes
  • When the built-in uninstaller is finished click on Next
  • Once the program has searched for leftovers click Next
  • Check the items in bold only on the list then click Delete
    note: you may have to expand some folders by clicking the "+" mark
  • When prompted click on Yes and then on Next
  • Put a check on any folders that are found and select Delete
  • When prompted select Yes then Next
  • Once done click Finish

Step 2

Scan with TDSStdsskiller.pngiller .

  • Start tdsskiller.exe with administrator privileges.
  • Accept the EULA and the KSN Statement.
  • Click on Change parameters.
  • Make sure that all available options (except "Loaded modules" & "use KSN to scan objects") are checked and click OK.
  • Click on Start scan.
  • If any threats are found don't delete them but choose the Skip option for all of them.
  • Click on Report to open the log file. (It is also saved at C:\TDSSKiller.<version_date_time>_log.txt).
    Copy and paste its contents in your next reply.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#5 hlingam

hlingam
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:08:51 PM

Posted 02 June 2015 - 08:03 AM

Removed µTorrent installed

Followed Step1

Log file for tdsskiller.exe is as below:

 

08:51:06.0179 0x1d88  TDSS rootkit removing tool 3.0.0.44 Jan 22 2015 08:27:04
08:51:06.0179 0x1d88  UEFI system
08:51:10.0259 0x1d88  ============================================================
08:51:10.0259 0x1d88  Current date / time: 2015/06/02 08:51:10.0259
08:51:10.0259 0x1d88  SystemInfo:
08:51:10.0259 0x1d88  
08:51:10.0259 0x1d88  OS Version: 6.3.9600 ServicePack: 0.0
08:51:10.0259 0x1d88  Product type: Workstation
08:51:10.0259 0x1d88  ComputerName: DEEPAM
08:51:10.0259 0x1d88  UserName: Pradeepa
08:51:10.0259 0x1d88  Windows directory: C:\WINDOWS
08:51:10.0259 0x1d88  System windows directory: C:\WINDOWS
08:51:10.0259 0x1d88  Running under WOW64
08:51:10.0259 0x1d88  Processor architecture: Intel x64
08:51:10.0259 0x1d88  Number of processors: 4
08:51:10.0259 0x1d88  Page size: 0x1000
08:51:10.0259 0x1d88  Boot type: Normal boot
08:51:10.0259 0x1d88  ============================================================
08:51:10.0509 0x1d88  System UUID: {48BE2F15-5965-F183-1E81-017C1246ED65}
08:51:11.0259 0x1d88  Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 ( 931.51 Gb ), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
08:51:11.0259 0x1d88  ============================================================
08:51:11.0259 0x1d88  \Device\Harddisk0\DR0:
08:51:11.0259 0x1d88  GPT partitions:
08:51:11.0259 0x1d88  \Device\Harddisk0\DR0\Partition1: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {75687AC2-7824-47CD-B2B6-59A668CFA789}, Name: Basic data partition, StartLBA 0x800, BlocksNum 0x1F4000
08:51:11.0259 0x1d88  \Device\Harddisk0\DR0\Partition2: GPT, TypeGUID: {C12A7328-F81F-11D2-BA4B-00A0C93EC93B}, UniqueGUID: {E709FC72-CA84-4873-988B-89AD582E1F6E}, Name: EFI system partition, StartLBA 0x1F4800, BlocksNum 0x82000
08:51:11.0259 0x1d88  \Device\Harddisk0\DR0\Partition3: GPT, TypeGUID: {BFBFAFE7-A34F-448A-9A5B-6213EB736C22}, UniqueGUID: {10CF3811-6E52-4050-8328-0F238A145BB0}, Name: Basic data partition, StartLBA 0x276800, BlocksNum 0x1F4000
08:51:11.0259 0x1d88  \Device\Harddisk0\DR0\Partition4: GPT, TypeGUID: {E3C9E316-0B5C-4DB8-817D-F92DF00215AE}, UniqueGUID: {27D29AFA-B87C-420D-891B-F50430276211}, Name: Microsoft reserved partition, StartLBA 0x46A800, BlocksNum 0x40000
08:51:11.0259 0x1d88  \Device\Harddisk0\DR0\Partition5: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {66442FF1-348C-4CE2-8141-CF2FA17F419B}, Name: Basic data partition, StartLBA 0x4AA800, BlocksNum 0x6F4C3800
08:51:11.0259 0x1d88  \Device\Harddisk0\DR0\Partition6: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {37313CD7-0DC4-4264-849C-3C417E888A75}, Name: , StartLBA 0x6F96E000, BlocksNum 0xE1000
08:51:11.0259 0x1d88  \Device\Harddisk0\DR0\Partition7: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {270DB98D-64A9-41A7-9D04-9990E5E833CA}, Name: Basic data partition, StartLBA 0x6FA4F000, BlocksNum 0x3200000
08:51:11.0259 0x1d88  \Device\Harddisk0\DR0\Partition8: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {B7D1FADF-134F-435C-8C43-BB00144AB015}, Name: Basic data partition, StartLBA 0x72C4F000, BlocksNum 0x1AB7800
08:51:11.0259 0x1d88  MBR partitions:
08:51:11.0259 0x1d88  ============================================================
08:51:11.0290 0x1d88  C: <-> \Device\Harddisk0\DR0\Partition5
08:51:11.0337 0x1d88  D: <-> \Device\Harddisk0\DR0\Partition7
08:51:11.0337 0x1d88  ============================================================
08:51:11.0337 0x1d88  Initialize success
08:51:11.0337 0x1d88  ============================================================
08:51:20.0604 0x06d0  ============================================================
08:51:20.0604 0x06d0  Scan started
08:51:20.0604 0x06d0  Mode: Manual; SigCheck; TDLFS;
08:51:20.0604 0x06d0  ============================================================
08:51:20.0604 0x06d0  KSN ping started
08:51:20.0636 0x06d0  KSN ping finished: false
08:51:21.0901 0x06d0  ================ Scan system memory ========================
08:51:21.0901 0x06d0  System memory - ok
08:51:21.0901 0x06d0  ================ Scan services =============================
08:51:22.0104 0x06d0  [ E1832BD9FD7E0FC2DC9FA5935DE3E8C1, 41FF7418887AFC8B9C96EF21C5950DD342CC9E3C0D87AFD60A05B988C1D6CC23 ] 1394ohci        C:\WINDOWS\System32\drivers\1394ohci.sys
08:51:22.0261 0x06d0  1394ohci - ok
08:51:22.0276 0x06d0  [ AD508A1A46EC21B740AB31C28EFDFDB1, 9B1046CF0B80723149BD359B55CC0B8B3ABBEAA9038469F542A4C345C503FB02 ] 3ware           C:\WINDOWS\system32\drivers\3ware.sys
08:51:22.0308 0x06d0  3ware - ok
08:51:22.0370 0x06d0  [ E796AE43DDD1844281DB4D57294D17C0, 21AE69615044A96041E46476BE814B52C22624B6C7EA6BFC77BB64F69C3C21F5 ] ACPI            C:\WINDOWS\system32\drivers\ACPI.sys
08:51:22.0433 0x06d0  ACPI - ok
08:51:22.0448 0x06d0  [ AC8279D229398BCF05C3154ADCA86813, 083E86CBE53244D24C334DB1511C77025133AE7875191845764B890A8CA5AFA9 ] acpiex          C:\WINDOWS\system32\Drivers\acpiex.sys
08:51:22.0495 0x06d0  acpiex - ok
08:51:22.0511 0x06d0  [ A8970D9BF23CD309E0403978A1B58F3F, 9946C8477104EEC7DB197E2222F9905307F101C398CCED4B5FD0F86A5622C791 ] acpipagr        C:\WINDOWS\System32\drivers\acpipagr.sys
08:51:22.0589 0x06d0  acpipagr - ok
08:51:22.0620 0x06d0  [ 111A89C99C5B4F1A7BCE5F643DD86F65, 41A2E49FF443927D05F7EF638518108227852984E68D4663C8761178C0B84A45 ] AcpiPmi         C:\WINDOWS\System32\drivers\acpipmi.sys
08:51:22.0667 0x06d0  AcpiPmi - ok
08:51:22.0683 0x06d0  [ 5758387D68A20AE7D3245011B07E36E7, 77832E200E8B0D259552F6F60FE454A887E3EBBB9EA2F3590E6645289A04E293 ] acpitime        C:\WINDOWS\System32\drivers\acpitime.sys
08:51:22.0730 0x06d0  acpitime - ok
08:51:22.0777 0x06d0  [ 3B42D95D20CD2AACDB0564471AE43ED7, BF49568D7060159F61D5F6DE7ECDECCCD1F920A2881544BA83CF420C822F6653 ] ACPIVPC         C:\WINDOWS\System32\drivers\AcpiVpc.sys
08:51:24.0857 0x06d0  ACPIVPC - ok
08:51:24.0966 0x06d0  [ FC5B75CA6A1DA31EDD4F8D53F5540B98, CDC445F2790ADFC4C5568C40D4DA8BB95CD71991665B38AEC3D84571C99C3520 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
08:51:24.0997 0x06d0  AdobeARMservice - ok
08:51:25.0044 0x06d0  [ 7C1FDF1B48298CBA7CE4BDD4978951AD, 80F4D536E1231B30E836F72ADC8814AE6AA9FEC573FB5F3F965FAC8ABCCAF0F8 ] ADP80XX         C:\WINDOWS\system32\drivers\ADP80XX.SYS
08:51:25.0122 0x06d0  ADP80XX - ok
08:51:25.0154 0x06d0  [ BCD58DACAA1EAAADC115EDD940478F6D, F31613F583C302F62A00E6766B031531C9E193CAED563689B178BA257715B992 ] AeLookupSvc     C:\WINDOWS\System32\aelupsvc.dll
08:51:25.0232 0x06d0  AeLookupSvc - ok
08:51:25.0263 0x06d0  [ 374E27295F0A9DCAA8FC96370F9BEEA5, 51C394E0C2322D7D093941A1B8766171B5D1F47DF2FE0834209492891EA7D999 ] AFD             C:\WINDOWS\system32\drivers\afd.sys
08:51:25.0372 0x06d0  AFD - ok
08:51:25.0388 0x06d0  [ 7DFAEBA9AD62D20102B576D5CAC45EC8, 9FA5207335303D1E8E9A3C9E1FB82C09AD21B04382F69D777A67E48EE91D2093 ] agp440          C:\WINDOWS\system32\drivers\agp440.sys
08:51:25.0435 0x06d0  agp440 - ok
08:51:25.0482 0x06d0  [ FE14D249D39368CA62D8DA6BC94AC694, E1036E22BFBD3750FD2D3DA6AB939B2DD54E824F4BD3E6539EF0E45AB5453DD1 ] ahcache         C:\WINDOWS\system32\DRIVERS\ahcache.sys
08:51:25.0529 0x06d0  ahcache - ok
08:51:25.0560 0x06d0  [ 14A45BE6F5678339F0EC5752D9849410, DD0F60E96FAC68FBD5B86382E541408C613BD0F871D0E0A1EF9AB6E7B26E545C ] ALG             C:\WINDOWS\System32\alg.exe
08:51:25.0607 0x06d0  ALG - ok
08:51:25.0638 0x06d0  [ 7589DE749DB6F71A68489DCE04158729, 5F35EDD50737985595C9D6703237CA2ADE49AA5443331020899698EB5114A0FB ] AmdK8           C:\WINDOWS\System32\drivers\amdk8.sys
08:51:25.0685 0x06d0  AmdK8 - ok
08:51:25.0716 0x06d0  [ B46D2D89AFF8A9490FA8C98C7A5616E3, BE0765B5423B690E0F097FECD9717FAA95BFDFFDC6CF1B93DE5A19A1B7797879 ] AmdPPM          C:\WINDOWS\System32\drivers\amdppm.sys
08:51:25.0794 0x06d0  AmdPPM - ok
08:51:25.0810 0x06d0  [ D2BF2F94A47D332814910FD47C6BBCD2, FE273D77D119D958676E1197D9EA7B008E3B05C6192B1962A81D4223ED204C35 ] amdsata         C:\WINDOWS\system32\drivers\amdsata.sys
08:51:25.0857 0x06d0  amdsata - ok
08:51:25.0904 0x06d0  [ A8E04943C7BBA7219AA50400272C3C6E, 794C0BD12DF0392654E9A37AE4A24B5BE2D83F1F24F74DD48A1A0BF3AB8B1FF8 ] amdsbs          C:\WINDOWS\system32\drivers\amdsbs.sys
08:51:25.0950 0x06d0  amdsbs - ok
08:51:26.0013 0x06d0  [ CEA5F4F27CFC08E3A44D576811B35F50, 89DF64B81BD109BAABAE93A4603C1617241219F38DDAF325EFE6BD35FF6FD717 ] amdxata         C:\WINDOWS\system32\drivers\amdxata.sys
08:51:26.0044 0x06d0  amdxata - ok
08:51:26.0091 0x06d0  [ 5451A638FACAA57F2F179837BC29A543, E0BDBC13D84D97985983307E7D780E3FD29AE9EF2612C36FC2A92AF3566DA40B ] AMPPAL          C:\WINDOWS\System32\drivers\AMPPAL.sys
08:51:26.0122 0x06d0  AMPPAL - ok
08:51:26.0279 0x06d0  [ CCB61487A9D9416EC8985279E37608BF, 02097150E4C80F58417E7FF8617B14452F2B3B183ABE8075BC7EB1C1F08B5DA8 ] AMPPALR3        C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
08:51:26.0341 0x06d0  AMPPALR3 - ok
08:51:26.0389 0x06d0  [ 415DD71628795197F7AFC176CBADC74E, 5F0359053A6CD6EE239139E0E6F46E1FA9A73F017C0CE9B7BC052216B2C846EC ] AppID           C:\WINDOWS\system32\drivers\appid.sys
08:51:26.0437 0x06d0  AppID - ok
08:51:26.0469 0x06d0  [ 34B2E222F82D05398DAE7203B36B6A2B, AC04BC6B5A36A6807FFE302E9ACF073342B4D76B0BB386249251CB3CA1852CE8 ] AppIDSvc        C:\WINDOWS\System32\appidsvc.dll
08:51:26.0515 0x06d0  AppIDSvc - ok
08:51:26.0547 0x06d0  [ 680BFB820C5A943AB709BAA2B1EF27F2, A51D2A7976A762FE470C13C6D1BA0319A0FB19C9E66BF02AA44F83EAEC7130F8 ] Appinfo         C:\WINDOWS\System32\appinfo.dll
08:51:26.0609 0x06d0  Appinfo - ok
08:51:26.0687 0x06d0  [ 612CB66D93ED0F2F21BB109840C7D813, 75484123DA27B8942B13148FCF061C75A08A50386A095143736B593E9C772173 ] Apple Mobile Device Service C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
08:51:26.0719 0x06d0  Apple Mobile Device Service - ok
08:51:26.0781 0x06d0  [ 35E28923A23ADABAA5A1B43256D0AB58, A5F3AF8BBEE58B2165BAFACC5FF8B167B55B020998D3D1565C2229ED8753B269 ] AppReadiness    C:\WINDOWS\system32\AppReadiness.dll
08:51:26.0859 0x06d0  AppReadiness - ok
08:51:26.0953 0x06d0  [ 573542B5E97772021B73E854DA861DAA, C3FD00FA28060F8D7CDFD455BBB5FF8239CB76DDFFF2BDAE6AA944674DD993D3 ] AppXSvc         C:\WINDOWS\system32\appxdeploymentserver.dll
08:51:27.0062 0x06d0  AppXSvc - ok
08:51:27.0109 0x06d0  [ 65045784366F7EC5FB4E71BCF923187B, 53C215C64FF12E44B097F7CB88E8482438CE0ACBD3C68D8FD38BA0D0D8747FAA ] arcsas          C:\WINDOWS\system32\drivers\arcsas.sys
08:51:27.0156 0x06d0  arcsas - ok
08:51:27.0172 0x06d0  [ 74B14192CF79A72F7536B27CB8814FBD, 0CF6BBB63FFE0C12777664D80B2797923844C8392D0FD81D7962EE5EE2C3C3D9 ] atapi           C:\WINDOWS\system32\drivers\atapi.sys
08:51:27.0219 0x06d0  atapi - ok
08:51:27.0265 0x06d0  [ 8779FDAE68BC948B0FE152E758CC8DA7, 13070C2073F8E7546B48AE9CF54067B9BB75DFCD98F2987B90FFAD20D40D54CF ] AudioEndpointBuilder C:\WINDOWS\System32\AudioEndpointBuilder.dll
08:51:27.0312 0x06d0  AudioEndpointBuilder - ok
08:51:27.0390 0x06d0  [ 61EA45A645854FE81D8A924E2D93DFFE, 34F79532297F609CA93C380B68BB8B7B0F027F9C8F4FB8E02A9A43EA3D155F1B ] Audiosrv        C:\WINDOWS\System32\Audiosrv.dll
08:51:27.0484 0x06d0  Audiosrv - ok
08:51:27.0531 0x06d0  [ 3C6ED74AF41DD1A5585CE5EF3D00915F, A742F576407776634E5A8E49C60023FFDF395DE0B2DE36662A23F85B79405ED2 ] AxInstSV        C:\WINDOWS\System32\AxInstSV.dll
08:51:27.0594 0x06d0  AxInstSV - ok
08:51:27.0640 0x06d0  [ A4A73F631FE2AA2826FBE4A399B04DEF, 973AACE8DC8DA669D0DF20F17EFDEEABB90AA046AC980948D16A62D39A606A79 ] b06bdrv         C:\WINDOWS\system32\drivers\bxvbda.sys
08:51:27.0719 0x06d0  b06bdrv - ok
08:51:27.0797 0x06d0  [ 350C147D2269E227627FDAF3A9F871EE, 4040800ED37957CD1EFF2CFC717D8AA322A7E83FAE7491368AC76E83327722B7 ] BackupStack     C:\Program Files (x86)\MyPC Backup\BackupStack.exe
08:51:27.0828 0x06d0  BackupStack - ok
08:51:27.0844 0x06d0  [ 8CC7F7E4AFCBA605921B137ED7992C68, 71406E6D6E9964740A6D90B05329D5492BB90AF40E0630CF2FBF4BA4BA14F2DD ] BasicDisplay    C:\WINDOWS\System32\drivers\BasicDisplay.sys
08:51:27.0937 0x06d0  BasicDisplay - ok
08:51:27.0937 0x06d0  [ 38A82F4EE8C416A6744B6D30381ED768, 9EAAE5F43BA09359130AC04B1DCA0F5D4DF32ED89C02DC5CEB640918948847F7 ] BasicRender     C:\WINDOWS\System32\drivers\BasicRender.sys
08:51:28.0000 0x06d0  BasicRender - ok
08:51:28.0016 0x06d0  [ C1ABB0F7E3BEA48A0417BDF6FF14AB21, 1CAC63A1A0FB9855A27EE977794576A860F6650C9EF7667FFB27F2A2FF721857 ] bcmfn2          C:\WINDOWS\System32\drivers\bcmfn2.sys
08:51:28.0047 0x06d0  bcmfn2 - ok
08:51:28.0094 0x06d0  [ 77D760E9B477C21487C171F561497F98, 2393D466CEC863C771C5BB4CD81B251635DC084386134B8E13F74F3E1C6D68DF ] BDESVC          C:\WINDOWS\System32\bdesvc.dll
08:51:28.0156 0x06d0  BDESVC - ok
08:51:28.0187 0x06d0  [ EC19013E4CF87609534165DF897274D6, 8ED45537CF2D58D759A587CCBFDADD5580C7447B0C3B172CF19ECC7585E073FC ] Beep            C:\WINDOWS\system32\drivers\Beep.sys
08:51:28.0219 0x06d0  Beep - ok
08:51:28.0297 0x06d0  [ 7BCB00EA702F78EC74CD9699D85CE80B, 17241ADAA13051B560DB9FA9079CAE6321D5B49788B596C125DC912443B00421 ] BFE             C:\WINDOWS\System32\bfe.dll
08:51:28.0391 0x06d0  BFE - ok
08:51:28.0532 0x06d0  [ 48554994279BFE17A3D2B00076D0CB1A, 6521B1EC0BC6B01F63976370D89FE7DC2E7404899F68B6FAC37A9173B9C5D489 ] BITS            C:\WINDOWS\System32\qmgr.dll
08:51:28.0610 0x06d0  BITS - ok
08:51:28.0735 0x06d0  [ EBBFB0846A9E6EC2C8EB37D5159E4A32, CE04E2008F0DA9A51A67727B9C9C2B780DC04535A8C1042D63214F6D3256A8BF ] Bluetooth Device Monitor C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
08:51:28.0797 0x06d0  Bluetooth Device Monitor - ok
08:51:28.0860 0x06d0  [ 0CDC62421FAF23ECA85DDF6F6560F690, E74CD783FBBD6CBD55E8A2ADA315922C1ED8F78405448A56C34C0697816D82EC ] Bluetooth OBEX Service C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
08:51:28.0922 0x06d0  Bluetooth OBEX Service - ok
08:51:28.0985 0x06d0  [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD, 17BFFC5DF609CE3B2F0CAB4BD6C118608C66A3AD86116A47E90B2BB7D8954122 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
08:51:29.0032 0x06d0  Bonjour Service - ok
08:51:29.0063 0x06d0  [ 6B4FFFDDC618FCF64473CAA86E305697, 29EA66071D5822920F5C50533673ADAB5204F8B25C11027AD27450D881F1142D ] bowser          C:\WINDOWS\system32\DRIVERS\bowser.sys
08:51:29.0110 0x06d0  bowser - ok
08:51:29.0157 0x06d0  [ FA601515FF2B59F25FDD8EDB1D2A1104, 21DFB53241F8E880F7546B9ADF38F47D6AD0782EC7F8F0284ED69DE7CEF7DCB9 ] BrokerInfrastructure C:\WINDOWS\System32\bisrv.dll
08:51:29.0203 0x06d0  BrokerInfrastructure - ok
08:51:29.0250 0x06d0  [ BC111AADACD0BF59D56547461D13AB6E, 91E3619930C29EE4B2683683888BA7EE3CF6B1DDB0C19A14E0880470CBE40EF4 ] Browser         C:\WINDOWS\System32\browser.dll
08:51:29.0297 0x06d0  Browser - ok
08:51:29.0328 0x06d0  [ A8F23D453A424FF4DE04989C4727ECC7, AE4A9081395C7379F1C947EF8243F7609F90C843E086B8E77E1A2C06E36D4381 ] BthAvrcpTg      C:\WINDOWS\System32\drivers\BthAvrcpTg.sys
08:51:29.0375 0x06d0  BthAvrcpTg - ok
08:51:29.0391 0x06d0  [ 1104A31260CCF4318C884E0AE6C513BF, A8F83B558944DEF0F84414A11DC3CB90C3A92377B46760EC0A9B8BC22FB0D5C7 ] BthEnum         C:\WINDOWS\System32\drivers\BthEnum.sys
08:51:29.0454 0x06d0  BthEnum - ok
08:51:29.0469 0x06d0  [ 272A62B660A48AEF366F8A1836CED19F, 78EFAC6B1B2313482329BBFFBF0DDA6462BD88E5BE3C817C5E8E0EAF3074C925 ] BthHFEnum       C:\WINDOWS\System32\drivers\bthhfenum.sys
08:51:29.0532 0x06d0  BthHFEnum - ok
08:51:29.0548 0x06d0  [ 71FE2A48E4C93DDB9798C024880B6C07, 8E93DE29C61A5FA64216231228CB3C4A1A693FE87CAA2C070BCAD7BE2D8ED000 ] bthhfhid        C:\WINDOWS\System32\drivers\BthHFHid.sys
08:51:29.0594 0x06d0  bthhfhid - ok
08:51:29.0641 0x06d0  [ 9307A4B743D277C499CDA8E19E5687AC, 7A01989EC3D54581F292BDEDC9B9445F2ABD50165102617E3089BDD061C63A19 ] BthHFSrv        C:\WINDOWS\System32\BthHFSrv.dll
08:51:29.0704 0x06d0  BthHFSrv - ok
08:51:29.0735 0x06d0  [ EF4B9E7C9AD88C00C18A12B0D22D1894, 672537E75201E690D86CD65252B8AEF887C76EBD37AB0C419462D69164B350CC ] BTHMODEM        C:\WINDOWS\System32\drivers\bthmodem.sys
08:51:29.0766 0x06d0  BTHMODEM - ok
08:51:29.0798 0x06d0  [ 25BB93167DEF270188072603F92A1EF5, CE4637CE4B63420E218F53CAF89A8C85D036B879B80456FEF3C7C395590E26BB ] BthPan          C:\WINDOWS\system32\DRIVERS\bthpan.sys
08:51:29.0829 0x06d0  BthPan - ok
08:51:29.0891 0x06d0  [ C37F4930795B771400C63C3C87E7A6C2, 0D0F54184B2DAA45F646E4F69B85C4411E8DFA88EB4763BB0F386055A420F217 ] BTHPORT         C:\WINDOWS\System32\Drivers\BTHport.sys
08:51:29.0985 0x06d0  BTHPORT - ok
08:51:30.0032 0x06d0  [ 043A0F37631BF453F16D478B71320F46, C368296B802984F438852927B8A40EA3F4205724A05828F3173F08EC17228356 ] bthserv         C:\WINDOWS\system32\bthserv.dll
08:51:30.0079 0x06d0  bthserv - ok
08:51:30.0094 0x06d0  [ D30286FF3C7B6318C024D2BC2955C1BF, 47863D046C94A5C19F7D4E0BA393E6FE1E249C78FAB9B8705F7DD2CD87EAC16C ] BTHSSecurityMgr C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
08:51:30.0126 0x06d0  BTHSSecurityMgr - ok
08:51:30.0157 0x06d0  [ 08EA90955AED2D959EE67DF6EDF0E2B6, 0A70AA67E5DD24C473C66A570C0FEBA9D398A0F0AD8386FE05D01C4D16346968 ] BTHUSB          C:\WINDOWS\System32\Drivers\BTHUSB.sys
08:51:30.0188 0x06d0  BTHUSB - ok
08:51:30.0282 0x06d0  [ 8669DE4D76C48D8DC09B6034ABEBEB1A, 96BEF747846D2276B50A19C60CD71629ECCBB66BF6CA8CAE333773030FFB588C ] btmhsf          C:\WINDOWS\system32\DRIVERS\btmhsf.sys
08:51:30.0360 0x06d0  btmhsf - ok
08:51:30.0501 0x06d0  [ FECA9F830A5C6BAB9978E6781A26AE2B, CA1681A2F4FA849815B8E823805E078DB9C050CEE86E9E394B2A37B57CC474A6 ] c2cautoupdatesvc C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
08:51:30.0594 0x06d0  c2cautoupdatesvc - ok
08:51:30.0688 0x06d0  [ 5B33709F7FE59BB625F113EED86AFC5C, 8D29FE242D55526FDEB2CB4009B5DE19C93972E872BE6328AD3305E360A3D44B ] c2cpnrsvc       C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
08:51:30.0798 0x06d0  c2cpnrsvc - ok
08:51:30.0813 0x06d0  [ 2FA6510E33F7DEFEC03658B74101A9B9, 61C8C8E3F09B427711464C974EE22E1E01C48E10DB54A4EC9901F482FC36C978 ] cdfs            C:\WINDOWS\system32\DRIVERS\cdfs.sys
08:51:30.0860 0x06d0  cdfs - ok
08:51:30.0891 0x06d0  [ C6796EA22B513E3457514D92DCDB1A3D, 2B893F3950C6B913B934C2089B69F3B0B77F229AE1820907E598455CBB78139C ] cdrom           C:\WINDOWS\System32\drivers\cdrom.sys
08:51:30.0938 0x06d0  cdrom - ok
08:51:30.0985 0x06d0  [ 41C0D7B1A6D4AD119BA6AC0487EA5C8E, 516C2B34BA7507D0DA4148B4ABC0A8C36286570D4EA5C60B28647B1249C15018 ] CertPropSvc     C:\WINDOWS\System32\certprop.dll
08:51:31.0032 0x06d0  CertPropSvc - ok
08:51:31.0079 0x06d0  [ 0C48BDA498B0109F21729A556F1B21FF, 81392C6D585D5BA048E4D9616CAE316B334687456394BEF847FBD04D3F5E3F88 ] cfwids          C:\WINDOWS\system32\drivers\cfwids.sys
08:51:31.0094 0x06d0  cfwids - ok
08:51:31.0141 0x06d0  [ BE9936EDD3267FAAFF94A7835867F00B, 3CEEF2377D45ED38C7CD3CE4C746EC5EA7277EFEC728A5438F0EF5F62FC7C859 ] circlass        C:\WINDOWS\System32\drivers\circlass.sys
08:51:31.0188 0x06d0  circlass - ok
08:51:31.0235 0x06d0  [ 8EB7E70C2D348FE2476A2E3F2D585E3D, 2B5D407FACF1D049261026CC552A7C93B028A661B0F4E959815EAE7670054127 ] CLFS            C:\WINDOWS\system32\drivers\CLFS.sys
08:51:31.0282 0x06d0  CLFS - ok
08:51:31.0313 0x06d0  [ EF6EF85DADC3184A10D8F2F7159973CB, 42FCB286CED95A5DEBC5C0C894FCBC4818A2C818BB71087142FB51A08A0BE96B ] CmBatt          C:\WINDOWS\System32\drivers\CmBatt.sys
08:51:31.0360 0x06d0  CmBatt - ok
08:51:31.0408 0x06d0  [ 5E5AB950693F2C6D6ACBEE3A74697ED7, 3790A7DD0AC65F47A697A577744FDFA4CC1CA3422884C84E499F97AC91BA84F3 ] CNG             C:\WINDOWS\system32\Drivers\cng.sys
08:51:31.0470 0x06d0  CNG - ok
08:51:31.0580 0x06d0  [ 91C3294F26B430FD84215C50849CC055, DBFF561A1D874654FAEA4621A94180B5CE26F82E3D173FF361357BEC68D31B47 ] CnxtHdAudService C:\WINDOWS\system32\drivers\CHDRT64.sys
08:51:31.0689 0x06d0  CnxtHdAudService - ok
08:51:31.0720 0x06d0  [ 03AAED827C36F35D70900558B8274905, 8E44A23C6013FFAE7769F99CAA3B1D6288DE00A38937F9056903AC265B503AFA ] CompositeBus    C:\WINDOWS\System32\drivers\CompositeBus.sys
08:51:31.0767 0x06d0  CompositeBus - ok
08:51:31.0767 0x06d0  COMSysApp - ok
08:51:31.0798 0x06d0  [ A1FF7DFBFBE164CF92603C651D304DD2, 470ACE5A75E64FC62C950037201199857E974803625DC73BEDBCF6FA4DDD496C ] condrv          C:\WINDOWS\system32\drivers\condrv.sys
08:51:31.0845 0x06d0  condrv - ok
08:51:31.0939 0x06d0  [ D8724B606616B2B75AF54096119580F5, 53E1DEF9F966FDE5898759A33FB62B5062A941E97B235D6F6EF79A5AD1283BDE ] cphs            C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe
08:51:31.0970 0x06d0  cphs - ok
08:51:32.0033 0x06d0  [ 6324F0D18FB52833BA64BC828E29054C, 04118FA1BDFC512F76E4A81FEF34C78B6BD98429DB1D65123B6802B4A1E30584 ] CryptSvc        C:\WINDOWS\system32\cryptsvc.dll
08:51:32.0080 0x06d0  CryptSvc - ok
08:51:32.0111 0x06d0  [ 0BF56545D2E82A48579A633DC65B9494, 2BB6C682A46FB8BAF0AB9ACB3C6BEE1F20A4BB2910676BB08FEA506A47D76A57 ] CxAudMsg        C:\windows\system32\CxAudMsg64.exe
08:51:32.0142 0x06d0  CxAudMsg - ok
08:51:32.0158 0x06d0  [ 315BA4BC19316D72B2E037534E048B93, 69613635DB23E6A935673B1025C2010ED3E195473D25368CF74234C4C36910BE ] dam             C:\WINDOWS\system32\drivers\dam.sys
08:51:32.0189 0x06d0  dam - ok
08:51:32.0267 0x06d0  [ A6F17C299A03BAFEFB9257C462A19E00, EB68967D28355271897166D7B6FD963D1E546D3C24AE1AEAAC561F94357A9345 ] DcomLaunch      C:\WINDOWS\system32\rpcss.dll
08:51:32.0330 0x06d0  DcomLaunch - ok
08:51:32.0392 0x06d0  [ 95E1ABFB27F8A62ED764805775F0D2F3, 692865DA60C93481E01592883678B2C51FD9AC9A835DFB00A8E3F2DFEE7AB0ED ] defragsvc       C:\WINDOWS\System32\defragsvc.dll
08:51:32.0455 0x06d0  defragsvc - ok
08:51:32.0517 0x06d0  [ FF086DEF5995558CCB1B5AAC2110195D, CED52FF01F9247BFDAFC5C7EFC538F8638146ED715574A422496EE0F846CB079 ] DeviceAssociationService C:\WINDOWS\system32\das.dll
08:51:32.0580 0x06d0  DeviceAssociationService - ok
08:51:32.0611 0x06d0  [ 2C02AFF8383D893F8DBEB07A84F6E77C, 7CC34BAC67E2988E3D16DD6EB6F6785CD2460E3EF7FBD0BD5F86E49793BD473E ] DeviceInstall   C:\WINDOWS\system32\umpnpmgr.dll
08:51:32.0689 0x06d0  DeviceInstall - ok
08:51:32.0736 0x06d0  [ A03F362C5557E238CBFA914689C77248, BAD0A1124E6A384C15028FBE121ADF650F7716442555AD3737B9EA1F58A69246 ] Dfsc            C:\WINDOWS\system32\Drivers\dfsc.sys
08:51:32.0798 0x06d0  Dfsc - ok
08:51:32.0830 0x06d0  [ 73BDD44A6088916964945886F9025409, 8E2ECC9AAEF3C6EBA2E61D25F657FDFCC72AB517CC4FD5FFF992E1F9EB942662 ] dg_ssudbus      C:\WINDOWS\system32\DRIVERS\ssudbus.sys
08:51:32.0861 0x06d0  dg_ssudbus - ok
08:51:32.0908 0x06d0  [ 3EEAADA3125431980E5804ED7143458A, 381E12C83E3211C255B321D35536F4049D67E31061F8D82155E4D4509E97F43D ] Dhcp            C:\WINDOWS\system32\dhcpcore.dll
08:51:32.0986 0x06d0  Dhcp - ok
08:51:33.0048 0x06d0  [ 2EF590B1064A1720CEADBB69F6AE4B46, 049F07E8506349F6C10330CC1BAB998EFA243A4656738EAA2CFF6930EABCA72C ] Diagnostics     C:\Program Files (x86)\Common Files\Diagnostics\node\service.exe
08:51:33.0064 0x06d0  Diagnostics - detected UnsignedFile.Multi.Generic ( 1 )
08:51:33.0189 0x06d0  Diagnostics ( UnsignedFile.Multi.Generic ) - warning
08:51:33.0298 0x06d0  [ 9703EC57F5BBB94F89CA80A5D0C12221, 29639F73AA86AA42401A1DB0AF4E76012E617879EC03AD7591210164BA105EBF ] DiagTrack       C:\WINDOWS\system32\diagtrack.dll
08:51:33.0408 0x06d0  DiagTrack - ok
08:51:33.0439 0x06d0  [ 4D40C9B33F738797CF50E77CB7C53E85, 7BA341342A47DEB15B51971C97A5237ACD8BDAD9033F63DF0000892BE43F8E13 ] disk            C:\WINDOWS\system32\drivers\disk.sys
08:51:33.0471 0x06d0  disk - ok
08:51:33.0502 0x06d0  [ EB70A894708D1BC176AFD690FF06085F, 0DD2A97F5E1B38D1F7C0D44E50F09EA222B18B3B074CC9C8CD25A7526CB1A112 ] dmvsc           C:\WINDOWS\System32\drivers\dmvsc.sys
08:51:33.0549 0x06d0  dmvsc - ok
08:51:33.0596 0x06d0  [ 33ADFB7453BF3271463712C4BCE61AD1, A1DB30F874BA7B2C4C653494D70B46B94BF7D39D0DD8559F6CA7A14B676FD617 ] Dnscache        C:\WINDOWS\System32\dnsrslvr.dll
08:51:33.0642 0x06d0  Dnscache - ok
08:51:33.0705 0x06d0  [ 811EACBCC7C51A03AE11F13CC27B2AB6, FAB94F84950FFB7D3649BAFB8D96D43B880D7FDE8D5B879472AE26C4BC4203B0 ] dot3svc         C:\WINDOWS\System32\dot3svc.dll
08:51:33.0752 0x06d0  dot3svc - ok
08:51:33.0799 0x06d0  [ B99CB575986789A93A683DCF292A43A1, 6ACEA31C723B74003E106FC8303542FCC6DBC4952B6B523F6590D006BE57238D ] DPS             C:\WINDOWS\system32\dps.dll
08:51:33.0846 0x06d0  DPS - ok
08:51:33.0877 0x06d0  [ 00C594D5A1DBD22AD8B2902B9F6EFF94, 2920D62B5F7C49A8AFA80FCAD1E834BBAA670AEBDD7E6F21F0496D1D3CCB4E90 ] drmkaud         C:\WINDOWS\system32\drivers\drmkaud.sys
08:51:33.0908 0x06d0  drmkaud - ok
08:51:33.0939 0x06d0  [ 263625A4F616538EB867B6306A6590DB, 2A064720C247EAA3446EFDCC9E01D84CBA875905D78DFED0FBD62D1EE422D416 ] DsmSvc          C:\WINDOWS\System32\DeviceSetupManager.dll
08:51:33.0986 0x06d0  DsmSvc - ok
08:51:34.0111 0x06d0  [ E1BB0B6F00F470B451AB45EA13EBA0B3, 3A2FC2175B69A5EB98D6C2D563DBFDCB320647AB87A14E47FAE800423DCACDAB ] DXGKrnl         C:\WINDOWS\System32\drivers\dxgkrnl.sys
08:51:34.0252 0x06d0  DXGKrnl - ok
08:51:34.0377 0x06d0  [ 6E258D12953A2C313F6DB72E91C67750, 78B85D6120D591A69782449D064DD2C9FC1AA44FC865E7F1A947064F9999450C ] dyvehiqu        C:\Users\Pradeepa\AppData\Roaming\5D46E0FF-1432837580-E211-A330-208984ECA4BC\hnsi5FC1.tmp
08:51:34.0408 0x06d0  dyvehiqu - detected UnsignedFile.Multi.Generic ( 1 )
08:51:34.0408 0x06d0  dyvehiqu ( UnsignedFile.Multi.Generic ) - warning
08:51:34.0455 0x06d0  [ E253530BD5EDE28F1FF6AF93C4D8034D, 787A70C3E946348F066FB8EB81FCE60157217D93FD78ADC631B5835E8D76A253 ] Eaphost         C:\WINDOWS\System32\eapsvc.dll
08:51:34.0486 0x06d0  Eaphost - ok
08:51:34.0689 0x06d0  [ 114BCFDF367FF37C3F1B0A96AF542E4D, D385BC1D91BC1406091C8C3691C07A90BD60EDE05B1384E5AA3506FCB909C857 ] ebdrv           C:\WINDOWS\system32\drivers\evbda.sys
08:51:34.0893 0x06d0  ebdrv - ok
08:51:34.0924 0x06d0  [ 382100E75B6F4668AEAEF228C6CEFFAD, 9C7229F10F11D18E1FED6395391A46225A84B421034B9AB6F81AF7430FDC556F ] EFS             C:\WINDOWS\System32\lsass.exe
08:51:34.0955 0x06d0  EFS - ok
08:51:34.0971 0x06d0  [ 43531A5993380CC5113242C29D265FD9, EE0076D96F7F3CF29884AC7A67C08A429115A7201354A1FB5DE45FD63ABB4960 ] EhStorClass     C:\WINDOWS\system32\drivers\EhStorClass.sys
08:51:35.0002 0x06d0  EhStorClass - ok
08:51:35.0033 0x06d0  [ 6F8E738A9505A388B1157FDDE7B3101B, 3696CA634102B41EEA11EB9DCA0B24439D8636AED4A7190C138C5E64A2EFB514 ] EhStorTcgDrv    C:\WINDOWS\system32\drivers\EhStorTcgDrv.sys
08:51:35.0064 0x06d0  EhStorTcgDrv - ok
08:51:35.0080 0x06d0  [ DFFFAE1442BA4076E18EED5E406FA0D3, 329FC6FB8D14BEACDBE2A5D4C496EDEA485E838B1DF27566E278F8F8E0D8E82E ] ErrDev          C:\WINDOWS\System32\drivers\errdev.sys
08:51:35.0127 0x06d0  ErrDev - ok
08:51:35.0174 0x06d0  [ 9CBBFB1953562BCAE1B1F351F17E32D8, D6118C5F782262916D2481BAEE25017123953F66D550BF29CCA4258FF6C3BC2D ] ETD             C:\WINDOWS\system32\DRIVERS\ETD.sys
08:51:35.0205 0x06d0  ETD - ok
08:51:35.0268 0x06d0  [ F00C593994D57C75273F820653440536, 2DC986D9890EC907405FB2045E6F55ACC384169B45F0B56CCB1A953CF71D9A5D ] EventSystem     C:\WINDOWS\system32\es.dll
08:51:35.0314 0x06d0  EventSystem - ok
08:51:35.0409 0x06d0  [ E7ECD510AED32C19477976310173FAC3, BC68505D654D3742FB59C51715C51B5DBDF89574A0A446B16E612E17058A89ED ] EvtEng          C:\Program Files\Intel\WiFi\bin\EvtEng.exe
08:51:35.0455 0x06d0  EvtEng - ok
08:51:35.0487 0x06d0  [ 7729D294A555C7AEB281ED8E4D0E01E4, 7269E79D72CCE477AC108294D0DDFB59CF533B03C587599C5AB0507C43A0B6D4 ] exfat           C:\WINDOWS\system32\drivers\exfat.sys
08:51:35.0534 0x06d0  exfat - ok
08:51:35.0565 0x06d0  [ 7C4E0D5900B2A1D11EDD626D6DDB937B, 732F310F8F6016C56F432A81636B13CE0124A802FE8DD91287B618EED22C9A1D ] fastfat         C:\WINDOWS\system32\drivers\fastfat.sys
08:51:35.0612 0x06d0  fastfat - ok
08:51:35.0674 0x06d0  [ 304B6AEC4639A7CCCCF544C6BA6177B2, B75CDD52FD3890B3008E06C503945D1E36478F0EC5E067C8DBC2822D7935D24B ] Fax             C:\WINDOWS\system32\fxssvc.exe
08:51:35.0752 0x06d0  Fax - ok
08:51:35.0784 0x06d0  [ 5D8402613E778B3BD45E687A8372710B, EE9EA10805168D309A609B9019AEC5961EE46D18207B5E0EA2DE4064A5770AF8 ] fdc             C:\WINDOWS\System32\drivers\fdc.sys
08:51:35.0830 0x06d0  fdc - ok
08:51:35.0846 0x06d0  [ 020D2F29009F893ADEFF4405B4B44565, 9F8501064C72933D1442DA00E70392B30D0207EB7D60F50E6648FF363799E6F1 ] fdPHost         C:\WINDOWS\system32\fdPHost.dll
08:51:35.0893 0x06d0  fdPHost - ok
08:51:35.0924 0x06d0  [ E80D2EDD2F88B6E20076A0A4F5A5A245, E3CD6E0BE152B22E8A7340EFFD10CCDB1B632CD3EDF487E83F697D2E22A7D594 ] FDResPub        C:\WINDOWS\system32\fdrespub.dll
08:51:35.0971 0x06d0  FDResPub - ok
08:51:36.0018 0x06d0  [ 47AB7D16EDE434B934AA4D661456C2D5, D375A92FB3E4BB0A8DA5270DACC888E53FB9F514516039FE6DAE4D4EF6B9A970 ] fhsvc           C:\WINDOWS\system32\fhsvc.dll
08:51:36.0049 0x06d0  fhsvc - ok
08:51:36.0080 0x06d0  [ BCFD8B149B3ADF92D0DB1E909CAF0265, 002B085C131473642450176B4B8359F3E5B04350AFB659B9C0F9EB587D1181E7 ] FileInfo        C:\WINDOWS\system32\drivers\fileinfo.sys
08:51:36.0112 0x06d0  FileInfo - ok
08:51:36.0143 0x06d0  [ A1A66C4FDAFD6B0289523232AFB7D8AF, 0F5832F626BB62190D5F3A088CE6E048D8A400CCF9EA527F06973CAD96D3A81C ] Filetrace       C:\WINDOWS\system32\drivers\filetrace.sys
08:51:36.0205 0x06d0  Filetrace - ok
08:51:36.0221 0x06d0  [ BE743083CF7063C486A4398E3AEFE59A, 85796D89943DD6FE3932C1ED6CF01470C1B4DFD243C390B07055FFDA3C231551 ] flpydisk        C:\WINDOWS\System32\drivers\flpydisk.sys
08:51:36.0268 0x06d0  flpydisk - ok
08:51:36.0315 0x06d0  [ C1FB505A73FA2E9019D32444AB33B75A, 765F0635C18295855CA4C0394192E8B94BA2EA1C4D74F86B720358ABA019FFAA ] FltMgr          C:\WINDOWS\system32\drivers\fltmgr.sys
08:51:36.0377 0x06d0  FltMgr - ok
08:51:36.0456 0x06d0  [ 6C068E7207F183FF3647E45D2599E80C, D65C9888522CA29596D5C8BEFF42356F0310E812117E72C1D612BA089C0940D9 ] FontCache       C:\WINDOWS\system32\FntCache.dll
08:51:36.0550 0x06d0  FontCache - ok
08:51:36.0675 0x06d0  [ 1C52387BF5A127F5F3BFB31288F30D93, 90D13F60170CD74304F3036A90D596AA3E1E134455A780310BDF67AC7815F2E7 ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
08:51:36.0706 0x06d0  FontCache3.0.0.0 - ok
08:51:36.0737 0x06d0  [ A7C31B168F371E8E6796219F23E354DB, C51C9BF568F1E96CBBE57D2432B38F93F40520086DDB6AAAAC48CBCD1691B441 ] FsDepends       C:\WINDOWS\system32\drivers\FsDepends.sys
08:51:36.0769 0x06d0  FsDepends - ok
08:51:36.0784 0x06d0  [ 09F460AFEDCA03F3BF6E07D1CCC9AC42, B832091BC9B2C2FE38A4BCA132ABB58251E851F21EC6F39636E73777AB9A5791 ] Fs_Rec          C:\WINDOWS\system32\drivers\Fs_Rec.sys
08:51:36.0815 0x06d0  Fs_Rec - ok
08:51:36.0878 0x06d0  [ F152D55E497E12256290C43B31C7D0CE, FFC54B14CCFBC1548948C07FB3866E40A11D0C05AC352BD000E71CEF053F6A6E ] fvevol          C:\WINDOWS\system32\DRIVERS\fvevol.sys
08:51:36.0940 0x06d0  fvevol - ok
08:51:36.0956 0x06d0  [ 9591D0B9351ED489EAFD9D1CE52A8015, AC64C236C3AE545FCE8ED44A4A87FB86265A453BA60026EC9A4DE2B631E99996 ] FxPPM           C:\WINDOWS\System32\drivers\fxppm.sys
08:51:37.0003 0x06d0  FxPPM - ok
08:51:37.0019 0x06d0  [ FC3EF65EE20D39F8749C2218DBA681CA, 12980F1DE99B25E6920A33556F3ABDA5EC9BFE4757BE602130B5E939D8D25CE3 ] gagp30kx        C:\WINDOWS\system32\drivers\gagp30kx.sys
08:51:37.0050 0x06d0  gagp30kx - ok
08:51:37.0065 0x06d0  [ 8E98D21EE06192492A5671A6144D092F, B8F656B34D361EA5AFB47F3A67AB2221580DADA59C8CD0CB83181E4AD8B562B4 ] GEARAspiWDM     C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
08:51:37.0097 0x06d0  GEARAspiWDM - ok
08:51:37.0128 0x06d0  [ 0BF5CAD281E25F1418E5B8875DC5ADD1, 0929AD8437DD78234553D8B2CDF0D6838FD54ACDE1918AFEBE48684EB32A07A3 ] gencounter      C:\WINDOWS\System32\drivers\vmgencounter.sys
08:51:37.0175 0x06d0  gencounter - ok
08:51:37.0175 0x06d0  Suspicious service (NoAccess): Givceb119
08:51:37.0206 0x06d0  [ 4E866ABB7C67936F0B5D11A833CB4088, E656D2DAC68762C446C0C780BAAE6AC632C0A6A39AE50D13503E02402DA7A077 ] Givceb119       C:\WINDOWS\system32\Drivers\Givceb119.sys
08:51:37.0206 0x06d0  Suspicious file ( NoAccess ): C:\WINDOWS\system32\Drivers\Givceb119.sys. md5: 4E866ABB7C67936F0B5D11A833CB4088, sha256: E656D2DAC68762C446C0C780BAAE6AC632C0A6A39AE50D13503E02402DA7A077
08:51:37.0237 0x06d0  Givceb119 - detected LockedService.Multi.Generic ( 1 )
08:51:37.0237 0x06d0  Givceb119 ( LockedService.Multi.Generic ) - warning
08:51:37.0237 0x06d0  Force sending object to P2P due to detect: Givceb119
08:51:37.0237 0x06d0  Object send P2P result: false
08:51:37.0300 0x06d0  [ 91D1015685F88C5CB8938F6D1F7A8A11, A53B29AAC50D01EE25394D7B466D5B3E70A70CD4EDB7F1505927EBF7AE1647AF ] GlobalUpdater   C:\Program Files (x86)\Common Files\IMGUpdater\IMGUpdater.exe
08:51:37.0300 0x06d0  Suspicious file ( NoAccess ): C:\Program Files (x86)\Common Files\IMGUpdater\IMGUpdater.exe. md5: 91D1015685F88C5CB8938F6D1F7A8A11, sha256: A53B29AAC50D01EE25394D7B466D5B3E70A70CD4EDB7F1505927EBF7AE1647AF
08:51:37.0300 0x06d0  GlobalUpdater - detected LockedFile.Multi.Generic ( 1 )
08:51:37.0300 0x06d0  GlobalUpdater ( LockedFile.Multi.Generic ) - warning
08:51:37.0347 0x06d0  [ 8DF1254093B5C354CE725EB6B9B0DE19, DE6C5661CC076DA44B8A5D044FDB7280EDCF38D322A98C14FDC82E25586B3014 ] GPIOClx0101     C:\WINDOWS\system32\Drivers\msgpioclx.sys
08:51:37.0378 0x06d0  GPIOClx0101 - ok
08:51:37.0472 0x06d0  [ 0D03F87D4FF4ADBAF8336DD80548155A, BC10CFA88EA2F41A8D96CB810B7953A4C168B79273A3E804A9F020F49AB58CD3 ] gpsvc           C:\WINDOWS\System32\gpsvc.dll
08:51:37.0565 0x06d0  gpsvc - ok
08:51:37.0644 0x06d0  [ F172AD4E906D97ED8F071896FC6789DC, FC10B3CE3DB0D3BF84DFD28E900EB6A11EDAAE32AC50F23CB03AACC6AA496911 ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
08:51:37.0675 0x06d0  gupdate - ok
08:51:37.0690 0x06d0  [ F172AD4E906D97ED8F071896FC6789DC, FC10B3CE3DB0D3BF84DFD28E900EB6A11EDAAE32AC50F23CB03AACC6AA496911 ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
08:51:37.0706 0x06d0  gupdatem - ok
08:51:37.0753 0x06d0  [ C1B577B2169900F4CF7190C39F085794, 73E104B96A48F4C80D8C37254ECB0891D15C0D2F0C251B57C168F90D60316447 ] gusvc           C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
08:51:37.0784 0x06d0  gusvc - ok
08:51:37.0800 0x06d0  [ D4B7ED39C7900384D9E5C1283F1E7926, F93F98858067B40F1C071EAD0F8E85442A78B95342BC692AF4D726540634923F ] HDAudBus        C:\WINDOWS\System32\drivers\HDAudBus.sys
08:51:37.0831 0x06d0  HDAudBus - ok
08:51:37.0862 0x06d0  [ 10A70BC1871CD955D85CD88372724906, 2480A74854D0A89FF028EE9BA41224D4B2F9B0863066BFC43097920794FEE08D ] HidBatt         C:\WINDOWS\System32\drivers\HidBatt.sys
08:51:37.0909 0x06d0  HidBatt - ok
08:51:37.0940 0x06d0  [ 42F88B57CAE42FC10059C887B3FCFCEA, 9363AA2B8E839A6935A7C6A36C491938DF78024886DCCE6D29CB18E1D6A6D806 ] HidBth          C:\WINDOWS\System32\drivers\hidbth.sys
08:51:37.0972 0x06d0  HidBth - ok
08:51:37.0987 0x06d0  [ C241A8BAFBBFC90176EA0F5240EACC17, 571E20B87818618BE9179986177D55739A240F04D1F740B3C1B7809B9427B767 ] hidi2c          C:\WINDOWS\System32\drivers\hidi2c.sys
08:51:38.0034 0x06d0  hidi2c - ok
08:51:38.0066 0x06d0  [ 9BDDEE26255421017E161CCB9D5EDA95, B766FD5E31708F29384F69418FC33C4BCC6E3064AA553D5B1D30EE0B8B1BFB40 ] HidIr           C:\WINDOWS\System32\drivers\hidir.sys
08:51:38.0097 0x06d0  HidIr - ok
08:51:38.0144 0x06d0  [ EA85B5093DF7B5C3E80362B053740AE2, 1D4251385402A2ADEE8FA1642F54180304F88337DA74989BDE44025ABB145FE5 ] hidserv         C:\WINDOWS\system32\hidserv.dll
08:51:38.0175 0x06d0  hidserv - ok
08:51:38.0206 0x06d0  [ 8DB8EAB9D0C6A5DF0BDCADEA239220B4, EDA23E6909EB83E5E148816DFB16CC29EA01BD6BD2F73AA46B3D820B85FB9C83 ] HidUsb          C:\WINDOWS\System32\drivers\hidusb.sys
08:51:38.0253 0x06d0  HidUsb - ok
08:51:38.0284 0x06d0  [ 29F981739E50305128022CBE10B3659C, 25060937145B0DCA8CD088E78993BFEF1430CDDFF433E606AFC93993CBBF4B3E ] HipShieldK      C:\WINDOWS\system32\drivers\HipShieldK.sys
08:51:38.0331 0x06d0  HipShieldK - ok
08:51:38.0362 0x06d0  [ 93C4315F47F8D635C6DB0DF49FCE10EE, 70C52B8927D54ACD23F27948780B522974250FD5CD81AA9801C3F158C402889F ] hkmsvc          C:\WINDOWS\system32\kmsvc.dll
08:51:38.0411 0x06d0  hkmsvc - ok
08:51:38.0443 0x06d0  [ AC49522ED106BD4B545D6614D71C2445, 40BD738A301170378ECFC031635EB04E2F812B676376CADDD6607ECABEC9255F ] HomeGroupListener C:\WINDOWS\system32\ListSvc.dll
08:51:38.0489 0x06d0  HomeGroupListener - ok
08:51:38.0552 0x06d0  [ 99932E30CE0283B73BB6E5019E150394, 1F88C2F56A7B8E1F75E6359281F418F9661DA4FB7B7D7B14FA7F718B15D4DCE0 ] HomeGroupProvider C:\WINDOWS\system32\provsvc.dll
08:51:38.0614 0x06d0  HomeGroupProvider - ok
08:51:38.0708 0x06d0  [ FB11715EEB23D0999C2295177EBBA5C0, 533754A3591B5852253C793CE08ADA6CAD0545E3A11F42430EFA9D959B6BF4F7 ] HomeNetSvc      C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
08:51:38.0755 0x06d0  HomeNetSvc - ok
08:51:38.0771 0x06d0  [ A6AACEA4C785789BDA5912AD1FEDA80D, D197012A5DA6AB3F76FF298336DF0CF027C07ECC71267BAEF5912DE12893E096 ] HpSAMD          C:\WINDOWS\system32\drivers\HpSAMD.sys
08:51:38.0818 0x06d0  HpSAMD - ok
08:51:38.0896 0x06d0  [ E87A6D3B8FECD5B93BC0CFBB48C27970, 55C49B6F3822450447C082B40A263F3370694DB53AD0018ADEB911E4A9F65A88 ] HTTP            C:\WINDOWS\system32\drivers\HTTP.sys
08:51:38.0974 0x06d0  HTTP - ok
08:51:39.0005 0x06d0  [ 90656C0B3864804B090434EFC582404F, BDB60050B729AACB9E009AC7129BEBD6298BBD8A9DB14B817D02E8E13669BD6E ] hwpolicy        C:\WINDOWS\system32\drivers\hwpolicy.sys
08:51:39.0036 0x06d0  hwpolicy - ok
08:51:39.0068 0x06d0  [ 6D6F9E3BF0484967E52F7E846BFF1CA1, C982966BDE6A3E6773D9441ADA7A3B08D13511DFC68D04DF303248B942423F38 ] hyperkbd        C:\WINDOWS\System32\drivers\hyperkbd.sys
08:51:39.0114 0x06d0  hyperkbd - ok
08:51:39.0130 0x06d0  [ 907C870F8C31F8DDD6F090857B46AB25, 308664A31717383D06185875E76C6612407A9F04E7DB28404F574A5706C6715D ] HyperVideo      C:\WINDOWS\system32\DRIVERS\HyperVideo.sys
08:51:39.0161 0x06d0  HyperVideo - ok
08:51:39.0208 0x06d0  [ D887446F3F6051C60C26F4FD1FC8D43F, A3235C64E9D5378E3409FA7CDD9DB0DD1B3CE6A6EB018F2C40558EB9C427A498 ] i8042prt        C:\WINDOWS\System32\drivers\i8042prt.sys
08:51:39.0255 0x06d0  i8042prt - ok
08:51:39.0271 0x06d0  [ 5D90E32E36CE5D4C535D17CE08AEAF05, 976A463343E8C8308AFBE9E64DF56C430D2241DE002430D00318AB065EB72E4A ] iaLPSSi_GPIO    C:\WINDOWS\System32\drivers\iaLPSSi_GPIO.sys
08:51:39.0302 0x06d0  iaLPSSi_GPIO - ok
08:51:39.0333 0x06d0  [ DD05E7E80F52ADE9AEB292819920F32C, E71AB6A50B0F90C8F94569CE89F66F915A0A4A00D4AC091B2E5E750D88CFC334 ] iaLPSSi_I2C     C:\WINDOWS\System32\drivers\iaLPSSi_I2C.sys
08:51:39.0380 0x06d0  iaLPSSi_I2C - ok
08:51:39.0443 0x06d0  [ FA4C48E36F0B24E7E33D3E7E1844B9C9, F61F448B8E305DEFDDA5D4A6FC4E57C798C11ED4DA0ACB885847DC8A9A7B4E98 ] iaStorA         C:\WINDOWS\system32\drivers\iaStorA.sys
08:51:39.0489 0x06d0  iaStorA - ok
08:51:39.0536 0x06d0  [ 08BFE413B0B4AA8DFA4B5684CE06D3DC, 95DEEBB203E12EE6E191F5247A74C04AEC0E16DE981FADDC4D6C42EE41D8D079 ] iaStorAV        C:\WINDOWS\system32\drivers\iaStorAV.sys
08:51:39.0599 0x06d0  iaStorAV - ok
08:51:39.0661 0x06d0  [ D5854F77CEEAFC5A8405F8ECCBEC09DF, 06D94EAF55787F807FB40E95011E90B0A719AC1A1529C2C110C1EABC5BE02C5B ] IAStorDataMgrSvc C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
08:51:39.0693 0x06d0  IAStorDataMgrSvc - ok
08:51:39.0724 0x06d0  [ A2200C3033FA4EF249FC096A7A7D02A2, 5819F5C2020DE2EEE339B0C08CD4B1E3490EAFBBEA1277CE649DB5A5150986B0 ] iaStorV         C:\WINDOWS\system32\drivers\iaStorV.sys
08:51:39.0786 0x06d0  iaStorV - ok
08:51:39.0818 0x06d0  [ 7274E304EACD1FE0A4F5047CE6B4DC61, 2FD0FBE52359080DCA9D7F94177680A304B0C5E0B701AD3F9E6F09E8E5D5D7D7 ] iBtFltCoex      C:\WINDOWS\system32\DRIVERS\iBtFltCoex.sys
08:51:39.0833 0x06d0  iBtFltCoex - ok
08:51:39.0911 0x06d0  [ 83FF82FE209E7997067B375DAD6CF23D, E312DD068E51DBF96A8232D7D1C9F158652FDA23649655F1102928B320795091 ] ICCS            C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe
08:51:39.0943 0x06d0  ICCS - ok
08:51:39.0943 0x06d0  IEEtwCollectorService - ok
08:51:39.0990 0x06d0  IePluginService - ok
08:51:40.0177 0x06d0  [ 076023219E918D34585B231029A44571, C2AB0DE0D80D0BC6595C9F9655A890531E7952599714DC03B4ECB46947D833A8 ] igfx            C:\WINDOWS\system32\DRIVERS\igdkmd64.sys
08:51:40.0412 0x06d0  igfx - ok
08:51:40.0475 0x06d0  [ C814D4A0B7B91E936B2DC0828C69ACAB, A19B503CB3C598474C61DA6F1AC087CCF287F7523D2F932B21EF21E7CA1809B1 ] igfxCUIService1.0.0.0 C:\WINDOWS\system32\igfxCUIService.exe
08:51:40.0522 0x06d0  igfxCUIService1.0.0.0 - ok
08:51:40.0600 0x06d0  [ 3DBDBD9581C015F02651D6A89801FAD5, 81B6D302C9CD29AD8319515056CFBCD0BD25619B2B166937ACD5F1416B568837 ] IKEEXT          C:\WINDOWS\System32\ikeext.dll
08:51:40.0678 0x06d0  IKEEXT - ok
08:51:40.0693 0x06d0  innfd_1_10_0_14 - ok
08:51:40.0725 0x06d0  [ FC7C456AF9B9811499EDBD10616832EE, CA2D8B0E672D3AE449C2FF0B9E142D74E8C72FD877D11162A9F7CC51AF58220F ] intaud_WaveExtensible C:\WINDOWS\system32\drivers\intelaud.sys
08:51:40.0756 0x06d0  intaud_WaveExtensible - ok
08:51:40.0818 0x06d0  [ F5495B38BFB9149925F54F65AB40EFBF, 7CBB72C41E2343DACBFB967A39CA04788561EDECB289C41BC2D6A06B80882AC4 ] IntcDAud        C:\WINDOWS\system32\DRIVERS\IntcDAud.sys
08:51:40.0881 0x06d0  IntcDAud - ok
08:51:40.0975 0x06d0  [ B353F1834FCD36D77BE3F74992C147D4, BFBC42B500FC7D6D2B523F988DD54156D2B6132CBE366EB591BF45556959A8E9 ] Intel® Capability Licensing Service Interface C:\Program Files\Intel\iCLS Client\HeciServer.exe
08:51:41.0022 0x06d0  Intel® Capability Licensing Service Interface - ok
08:51:41.0068 0x06d0  [ AFAEDA5684C47DE1C07AB6A0F6790DB9, C1F5AFAA2DFFCE695CF396B64F02FF9B355FB5FC2CD11ABDB964AF503DFE124A ] Intel® Wireless Bluetooth® 4.0 Radio Management C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe
08:51:41.0100 0x06d0  Intel® Wireless Bluetooth® 4.0 Radio Management - ok
08:51:41.0131 0x06d0  [ 4E448FCFFD00E8D657CD9E48D3E47157, 4A958CF0BF8DAEAE5E008500BA67CE89B21388592811274331EE39CAC1043A00 ] intelide        C:\WINDOWS\system32\drivers\intelide.sys
08:51:41.0162 0x06d0  intelide - ok
08:51:41.0193 0x06d0  [ A770340FC02B999EF0DE6C2A6BC8437C, 214567BE706B21BEA7EC13AF6B10FBFF658000511DBBA79BAA28D1D4EFD029A7 ] intelpep        C:\WINDOWS\system32\drivers\intelpep.sys
08:51:41.0225 0x06d0  intelpep - ok
08:51:41.0240 0x06d0  [ 47E74A8E53C7C24DCE38311E1451C1D9, 79B06E37A552C8A847404D4C572CDB8CF525354D8AE3BEBC06892B7C3B330761 ] intelppm        C:\WINDOWS\System32\drivers\intelppm.sys
08:51:41.0287 0x06d0  intelppm - ok
08:51:41.0303 0x06d0  [ 9DB76D7F9E4E53EFE5DD8C53DE837514, 07BA4EDA9BE9139A689A2C3EFC1D1A4F3D1216625ED145F313398292A2CD5703 ] IpFilterDriver  C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
08:51:41.0350 0x06d0  IpFilterDriver - ok
08:51:41.0428 0x06d0  [ A5800036E4EA06697A34742A24ACFBE1, BA67060526E9213000B4206F86A74F904999AD7018EFCBE4FE9708650DA9D973 ] iphlpsvc        C:\WINDOWS\System32\iphlpsvc.dll
08:51:41.0506 0x06d0  iphlpsvc - ok
08:51:41.0522 0x06d0  [ 9C096BF5E10CA8BFA56F32522A89FAF1, 6C1151160799338DA351C7237AB049926C6C15F24F5E154BBF5929B4A96C0B8D ] IPMIDRV         C:\WINDOWS\System32\drivers\IPMIDrv.sys
08:51:41.0568 0x06d0  IPMIDRV - ok
08:51:41.0600 0x06d0  [ B7342B3C58E91107F6E946A93D9D4EFD, D5DA3C02C5C5A343785745EF6983CC9B5FBD3FB8D49FE9B450523E50212D1A32 ] IPNAT           C:\WINDOWS\system32\drivers\ipnat.sys
08:51:41.0647 0x06d0  IPNAT - ok
08:51:41.0693 0x06d0  [ A4857E8B1DEB9740FB5ADEDF05ED69E0, 24FC7A188D32B08CE4F10EEEF17F37C45DB5433158A7A97A07D43F6BEE58DFFC ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
08:51:41.0740 0x06d0  iPod Service - ok
08:51:41.0756 0x06d0  [ AE44C526AB5F8A487D941CEB57B10C97, A783A2EAF7A6FF450FB3F189A5930036FA60D125C42171AC44B6FE2E3DBD6F7A ] IRENUM          C:\WINDOWS\system32\drivers\irenum.sys
08:51:41.0803 0x06d0  IRENUM - ok
08:51:41.0818 0x06d0  [ 8AFEEA3955AA43616A60F133B1D25F21, E99359A4F1D653790133F145CF7C9F97399FD75C5E135AA7E5F989BB660789AF ] isapnp          C:\WINDOWS\system32\drivers\isapnp.sys
08:51:41.0850 0x06d0  isapnp - ok
08:51:41.0881 0x06d0  [ D90AB68D0FAC9F357F663670FDBB511E, A82AAA5DF1B38EFBDCF834535A0C520D1BB2D7A4A906C18CFDD22BCF16BDB97D ] iScsiPrt        C:\WINDOWS\System32\drivers\msiscsi.sys
08:51:41.0928 0x06d0  iScsiPrt - ok
08:51:41.0959 0x06d0  [ A90C843F4FDD7A07129BA73C6BE13976, A76DEA9F09E3B2F18D3B646A0DD39E2773EC62E2F3C55421BA61C12190D78C1C ] iwdbus          C:\WINDOWS\System32\drivers\iwdbus.sys
08:51:41.0990 0x06d0  iwdbus - ok
08:51:42.0037 0x06d0  [ B2AAF45E83CAFA49A34EB2F2D6D7609C, 1AE9FEE38D295F485165F2BA53F2D7CED5D9845D98F9EAC23ABF2244D3CB1D96 ] jhi_service     C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
08:51:42.0068 0x06d0  jhi_service - ok
08:51:42.0100 0x06d0  [ A1D4D34A56DF1D5122CDB265038A2E72, AE061BA1A65C98AF875FA18878B014B57E33594D4AC4C39B050AA532E2220F83 ] kbdclass        C:\WINDOWS\System32\drivers\kbdclass.sys
08:51:42.0131 0x06d0  kbdclass - ok
08:51:42.0162 0x06d0  [ 4A34D7084B862A92F3ABC4969166B3D3, 87B2635873DA4DD06D9E3B8E4313CBDBDC1488E4E340EC2101393EC65823771F ] kbdhid          C:\WINDOWS\System32\drivers\kbdhid.sys
08:51:42.0193 0x06d0  kbdhid - ok
08:51:42.0225 0x06d0  [ 813871C7D402A05F2E3A7075F9584A05, FF0C2F87EB083F8CE74C679D80C845CDFBFBBC70BE818F899F3336BBB54A3FFB ] kdnic           C:\WINDOWS\system32\DRIVERS\kdnic.sys
08:51:42.0272 0x06d0  kdnic - ok
08:51:42.0287 0x06d0  [ 382100E75B6F4668AEAEF228C6CEFFAD, 9C7229F10F11D18E1FED6395391A46225A84B421034B9AB6F81AF7430FDC556F ] KeyIso          C:\WINDOWS\system32\lsass.exe
08:51:42.0318 0x06d0  KeyIso - ok
08:51:42.0350 0x06d0  [ 4E829B18D5BAEC29893792A3C671A847, 64C3B99F53A9D1ACA802B46B09E820AD210B667D5A1CD0ADAF1F12944B15B52E ] KSecDD          C:\WINDOWS\system32\Drivers\ksecdd.sys
08:51:42.0397 0x06d0  KSecDD - ok
08:51:42.0428 0x06d0  [ 15C8C65CEA018C02EA0F648448C491C5, DF909704D22D891BE439B2E3D8386EA659444F91DC92AABFF9766446AEE5EBC0 ] KSecPkg         C:\WINDOWS\system32\Drivers\ksecpkg.sys
08:51:42.0475 0x06d0  KSecPkg - ok
08:51:42.0491 0x06d0  [ 11AFB527AA370B1DAFD5C36F35F6D45F, 757AD234284467ADB826F7CA0251F58D48866B91995BC867DEA4BAF676947163 ] ksthunk         C:\WINDOWS\system32\drivers\ksthunk.sys
08:51:42.0538 0x06d0  ksthunk - ok
08:51:42.0585 0x06d0  [ C1591A66028C71147A3E2EAB0B1CCB7E, 82F3D5DCC1614398A144D9791E4BAA814DBA9112677341FD57D5E9834CEDEB41 ] KtmRm           C:\WINDOWS\system32\msdtckrm.dll
08:51:42.0663 0x06d0  KtmRm - ok
08:51:42.0694 0x06d0  [ 50AECF8C21AB2A6428A6E1E10549D8E5, 6BC7C60CF5E8AFB9972619EE1C78357756E9C0A3EC783C3056CEB600DCBB1555 ] L1C             C:\WINDOWS\system32\DRIVERS\L1C63x64.sys
08:51:42.0725 0x06d0  L1C - ok
08:51:42.0772 0x06d0  [ CA2828DDE4B09FEFFDB7CE68B3D8D00A, B514792FF1EF36C678BB51644A1C420105D5E2CD6DD5A89A3FB252D08277A40C ] LanmanServer    C:\WINDOWS\system32\srvsvc.dll
08:51:42.0819 0x06d0  LanmanServer - ok
08:51:42.0882 0x06d0  [ 3DBD9100745F9B8506B8FEC6FE6CCDE3, C3EF2856A1680AFDE133887E48946CF9CAB6755C3BDC07F0326965DCD4096F62 ] LanmanWorkstation C:\WINDOWS\System32\wkssvc.dll
08:51:42.0928 0x06d0  LanmanWorkstation - ok
08:51:42.0991 0x06d0  [ 2B7479EB47731A8ACBA28AF4C4BDA32D, 67AEB98E7B41337FEFD92CC81BFAD25FBB679998B318C110A4873B1AD8927A97 ] lfsvc           C:\WINDOWS\System32\GeofenceMonitorService.dll
08:51:43.0054 0x06d0  lfsvc - ok
08:51:43.0085 0x06d0  [ BE166935083F9C38EDFDC21B9A7A679B, 89C64DBE58E1B974208AAAA5CC757C599B1439C205C3C48BF16BA054A06DBC94 ] LHDmgr          C:\WINDOWS\system32\DRIVERS\LhdX64.sys
08:51:43.0116 0x06d0  LHDmgr - ok
08:51:43.0147 0x06d0  [ C09010B3680860131631F53E8FE7BAD8, 35F2A06D5F29478D22ABDCC20DA893EF9D96504C65594A0CEA674D1C21B04FF8 ] lltdio          C:\WINDOWS\system32\DRIVERS\lltdio.sys
08:51:43.0194 0x06d0  lltdio - ok
08:51:43.0225 0x06d0  [ DAE98CC96C5EE308BF4EA7B18F226CB8, 7A6CC56BF075010707715AB6608764291E358EDF27C806A025532869004C686B ] lltdsvc         C:\WINDOWS\System32\lltdsvc.dll
08:51:43.0272 0x06d0  lltdsvc - ok
08:51:43.0304 0x06d0  [ 1E2662D847B7D9995C65D90D254A7E0F, AFD4063D2071FFCB6B0EAC0715276D986F42326919C86E525DCE12E1109A93E2 ] lmhosts         C:\WINDOWS\System32\lmhsvc.dll
08:51:43.0350 0x06d0  lmhosts - ok
08:51:43.0397 0x06d0  [ 9CA9CB0E115418F90FFC67973462280A, E3B25C360A9F5A614206B6AD07E67B2AF71D667E3CDC56BAC11F4C5AD0BACAA6 ] LMS             C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
08:51:43.0429 0x06d0  LMS - ok
08:51:43.0554 0x06d0  [ 6A49967EE909349DE796BC443FF3EE33, 2BDA309775DF2680D25E4695B0B1EA9092965C96677EFEDFCDBAED7101E5EA4C ] LSCWinService   C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe
08:51:43.0647 0x06d0  LSCWinService - ok
08:51:43.0679 0x06d0  [ C755AE4635457AA2A11F79C0DF857ABC, E03D1ACAC155287291FE1BD0B653953ADC94279A74D0152088D698FAA796460F ] LSI_SAS         C:\WINDOWS\system32\drivers\lsi_sas.sys
08:51:43.0710 0x06d0  LSI_SAS - ok
08:51:43.0741 0x06d0  [ ADAC09CBE7A2040B7F68B5E5C9A75141, 7865DA7E91404F3642BC444B97F6B7AA42B9523D5EDD7F6365DA236B8EC3410F ] LSI_SAS2        C:\WINDOWS\system32\drivers\lsi_sas2.sys
08:51:43.0772 0x06d0  LSI_SAS2 - ok
08:51:43.0804 0x06d0  [ 04D1274BB9BBCCF12BD12374002AA191, 4B9618F8D25F2278DE1610A70ACAADB074D171D162C3AF27D464F5DC800A8E60 ] LSI_SAS3        C:\WINDOWS\system32\drivers\lsi_sas3.sys
08:51:43.0835 0x06d0  LSI_SAS3 - ok
08:51:43.0850 0x06d0  [ 327469EEF3833D0C584B7E88A76AEC0C, 3D88B5A2D68F93F01B39C6E3D8D5C7A2A20686EFC756086E66AFFF1BC3019B85 ] LSI_SSS         C:\WINDOWS\system32\drivers\lsi_sss.sys
08:51:43.0882 0x06d0  LSI_SSS - ok
08:51:43.0944 0x06d0  [ 9A7A7E45DAED2E8C2816716D8D28236A, C94787988826E546A8DC752BD6BE4EA7423DC3762B2D371DB297A63F865A95FF ] LSM             C:\WINDOWS\System32\lsm.dll
08:51:44.0022 0x06d0  LSM - ok
08:51:44.0038 0x06d0  [ DDEE191AB32DFC22C6465002ECDF5EE4, 190C3930A8449118F9FEDF43C482837EF1C255E6D67F9651156E66A1E2BC6553 ] luafv           C:\WINDOWS\system32\drivers\luafv.sys
08:51:44.0085 0x06d0  luafv - ok
08:51:44.0085 0x06d0  Suspicious service (NoAccess): lucherbou
08:51:44.0179 0x06d0  [ D57CDAE499FA78213726075B25233CF0, B12BC05E9F51DCB8FD4B1C6803EC0CA14E323FA7A427E9F632B49269E3F9CBE9 ] lucherbou       C:\ProgramData\boostwebapp\1.1.0.31\ikuwmys.exe
08:51:44.0179 0x06d0  Suspicious file ( Hidden ): C:\ProgramData\boostwebapp\1.1.0.31\ikuwmys.exe. md5: D57CDAE499FA78213726075B25233CF0, sha256: B12BC05E9F51DCB8FD4B1C6803EC0CA14E323FA7A427E9F632B49269E3F9CBE9
08:51:44.0179 0x06d0  lucherbou - detected LockedService.Multi.Generic ( 1 )
08:51:44.0179 0x06d0  lucherbou ( LockedService.Multi.Generic ) - warning
08:51:44.0179 0x06d0  Force sending object to P2P due to detect: lucherbou
08:51:44.0194 0x06d0  Object send P2P result: false
08:51:44.0194 0x06d0  Suspicious service (NoAccess): Malguwl119
08:51:44.0225 0x06d0  [ 92B4209F8A679B0172B9FA6A3B3ECADB, C5EB7DEB1AEF6964A169F2B543598E4FDD20E937FEAD8E81D95409A0B020F7E1 ] Malguwl119      C:\WINDOWS\system32\Drivers\Malguwl119.sys
08:51:44.0225 0x06d0  Suspicious file ( NoAccess ): C:\WINDOWS\system32\Drivers\Malguwl119.sys. md5: 92B4209F8A679B0172B9FA6A3B3ECADB, sha256: C5EB7DEB1AEF6964A169F2B543598E4FDD20E937FEAD8E81D95409A0B020F7E1
08:51:44.0257 0x06d0  Malguwl119 - detected LockedService.Multi.Generic ( 1 )
08:51:44.0257 0x06d0  Malguwl119 ( LockedService.Multi.Generic ) - warning
08:51:44.0257 0x06d0  Force sending object to P2P due to detect: Malguwl119
08:51:44.0257 0x06d0  Object send P2P result: false
08:51:44.0335 0x06d0  [ 96E7AA538AB0EDECCAB3862BA4B66232, 8AF460093B4DC1FD81C4508A57B6A80A7FB2E1818A3405506B8DB5B521615FB6 ] McAPExe         C:\Program Files\McAfee\MSC\McAPExe.exe
08:51:44.0366 0x06d0  McAPExe - ok
08:51:44.0413 0x06d0  [ 1E3AF124A3405EEE594BB9FFD4640F48, 7916D86433A6A305CC9699A8901795E74A22C99A2C6B091BAC951E30F7510FF7 ] McAWFwk         C:\Program Files\mcafee\msc\McAWFwk.exe
08:51:44.0444 0x06d0  McAWFwk - ok
08:51:44.0476 0x06d0  [ FB11715EEB23D0999C2295177EBBA5C0, 533754A3591B5852253C793CE08ADA6CAD0545E3A11F42430EFA9D959B6BF4F7 ] McMPFSvc        C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
08:51:44.0522 0x06d0  McMPFSvc - ok
08:51:44.0538 0x06d0  [ FB11715EEB23D0999C2295177EBBA5C0, 533754A3591B5852253C793CE08ADA6CAD0545E3A11F42430EFA9D959B6BF4F7 ] McNaiAnn        C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe
08:51:44.0585 0x06d0  McNaiAnn - ok
08:51:44.0663 0x06d0  [ 63D93A440E7AC015D85B9A3DA0C1BBAF, 849A13E91B041DEC2A47F5BE65ADBA6CAC8AF01675D0D8E13730724B54B4DD15 ] McODS           C:\Program Files\mcafee\VirusScan\mcods.exe
08:51:44.0710 0x06d0  McODS - ok
08:51:44.0741 0x06d0  [ C121367D21599367F2ADB9C11B7BABAA, 752993437AB2C797B5C0FFD397BC8FAC575886857C61BCCCCF169DA54BEE911C ] McOobeSv        C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
08:51:44.0772 0x06d0  McOobeSv - ok
08:51:44.0804 0x06d0  [ FB11715EEB23D0999C2295177EBBA5C0, 533754A3591B5852253C793CE08ADA6CAD0545E3A11F42430EFA9D959B6BF4F7 ] mcpltsvc        C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe
08:51:44.0835 0x06d0  mcpltsvc - ok
08:51:44.0851 0x06d0  [ FB11715EEB23D0999C2295177EBBA5C0, 533754A3591B5852253C793CE08ADA6CAD0545E3A11F42430EFA9D959B6BF4F7 ] McProxy         C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe
08:51:44.0897 0x06d0  McProxy - ok
08:51:44.0913 0x06d0  [ EB5C03A070F30D64A6DF80E53B22F53F, 12051B6AEBDEE1E28F24364F25A52BA3A6E282ECF86D6290E34BD38E6D4E066D ] megasas         C:\WINDOWS\system32\drivers\megasas.sys
08:51:44.0960 0x06d0  megasas - ok
08:51:45.0007 0x06d0  [ F6F13533196DE7A582D422B0241E4363, B3CD9B08937AFFF12141B38634AF3A56F5AC5FF3EF03941802B9841DEC559469 ] megasr          C:\WINDOWS\system32\drivers\megasr.sys
08:51:45.0054 0x06d0  megasr - ok
08:51:45.0101 0x06d0  [ 772A1DEEDFDBC244183B5C805D1B7D85, 7D821B8DF1F174E5414FFDEAB5207DB687740E9842F7203600AEBA086945AFC9 ] MEIx64          C:\WINDOWS\System32\drivers\HECIx64.sys
08:51:45.0132 0x06d0  MEIx64 - ok
08:51:45.0147 0x06d0  [ 4800829B6DA07ED8818EBC3AB4ECB2AF, B75BC9838B4A4CEB65AFE246B01FD545DC7AACA192AC0F7B4E7A0F5DF6A454E3 ] mfeapfk         C:\WINDOWS\system32\drivers\mfeapfk.sys
08:51:45.0194 0x06d0  mfeapfk - ok
08:51:45.0226 0x06d0  [ 001EF965C2869723E5929255E7F4BDB0, E9F6DC7842DAE743881F7DC9AE9CDBF2DBD1DD48A387AF92E32AA13CAEFCBEF6 ] mfeavfk         C:\WINDOWS\system32\drivers\mfeavfk.sys
08:51:45.0257 0x06d0  mfeavfk - ok
08:51:45.0351 0x06d0  [ E85AC33B3E5D81BF750AC8FFBE7FD46F, 5F62E2732B234176A94E8E3F34A125935FC8D52F608CB4F38FE0DE3E7B25E3D5 ] mfecore         C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
08:51:45.0429 0x06d0  mfecore - ok
08:51:45.0460 0x06d0  [ C43A22B878D5B92D9A5D748BD808F171, 989DBFF36CBC33320C46A60FB592156568914B0D76DBD0DB7C6E37B83ECAF90D ] mfeelamk        C:\WINDOWS\system32\drivers\mfeelamk.sys
08:51:45.0491 0x06d0  mfeelamk - ok
08:51:45.0538 0x06d0  [ A769FABF6F9B5E72450F9E161C83D495, 3601A1242885B778B81AB2ABA95F6EAA026427A3F8072427A0A4DF7B93CF4CE1 ] mfefire         C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
08:51:45.0569 0x06d0  mfefire - ok
08:51:45.0616 0x06d0  [ F153129E35F2D1C893A099368B55E530, 08D5F93CF2A6994700D1F29239BF7F5B4EA48793211E24601B1FE4A8BC96F092 ] mfefirek        C:\WINDOWS\system32\drivers\mfefirek.sys
08:51:45.0663 0x06d0  mfefirek - ok
08:51:45.0726 0x06d0  [ 63835C12B7B9E1B8EA1D195E9A2A786A, C25CFAE33178AE0CB84F078113F328308FB107D574A27653323F909B41B41C01 ] mfehidk         C:\WINDOWS\system32\drivers\mfehidk.sys
08:51:45.0788 0x06d0  mfehidk - ok
08:51:45.0851 0x06d0  [ 9BBE68D37302E191788058ECA974B870, 9D1034097328A4E83479594DD2AFA857B58D758C227F952FDCED7DEEF23B8D5D ] mfencbdc        C:\WINDOWS\system32\DRIVERS\mfencbdc.sys
08:51:45.0898 0x06d0  mfencbdc - ok
08:51:45.0929 0x06d0  [ 5A0A092F04A83505799F857371E4A3FF, 1BD7726CB3CDFA7B5C225B695B07AC143B7BE2A3DBD596B30DB2816D407A6C9E ] mfencrk         C:\WINDOWS\system32\DRIVERS\mfencrk.sys
08:51:45.0960 0x06d0  mfencrk - ok
08:51:45.0991 0x06d0  [ FAB7B6D571B810B73F5BB286AB439687, D1898B16E9FCABFF1BC937427B18B1083018B4F5DED6A04A2967352FF5857218 ] mfevtp          C:\windows\system32\mfevtps.exe
08:51:46.0023 0x06d0  mfevtp - ok
08:51:46.0054 0x06d0  [ 57CC9413361359476B844339417F1CFF, 87093104871F8B6A6336404F0C497A6B5473AA0E770C54ABF233428FB151FD4C ] mfewfpk         C:\WINDOWS\system32\drivers\mfewfpk.sys
08:51:46.0101 0x06d0  mfewfpk - ok
08:51:46.0148 0x06d0  Microsoft SharePoint Workspace Audit Service - ok
08:51:46.0148 0x06d0  Suspicious service (NoAccess): MigteRyfdis
08:51:46.0210 0x06d0  [ 90EF2EE8BD78B672865F149B19EA9B74, 4C9A3E537D7B3AF2FDE85EAB68E863085FFFEAB7E2EC6136DC41C29C619C2400 ] MigteRyfdis     C:\ProgramData\boostwebapp\1.1.0.31\TouhJoisa.exe
08:51:46.0210 0x06d0  Suspicious file ( Hidden ): C:\ProgramData\boostwebapp\1.1.0.31\TouhJoisa.exe. md5: 90EF2EE8BD78B672865F149B19EA9B74, sha256: 4C9A3E537D7B3AF2FDE85EAB68E863085FFFEAB7E2EC6136DC41C29C619C2400
08:51:46.0210 0x06d0  MigteRyfdis - detected LockedService.Multi.Generic ( 1 )
08:51:46.0210 0x06d0  MigteRyfdis ( LockedService.Multi.Generic ) - warning
08:51:46.0210 0x06d0  Force sending object to P2P due to detect: MigteRyfdis
08:51:46.0210 0x06d0  Object send P2P result: false
08:51:46.0241 0x06d0  [ 4C5179DB61B9E14BEC15CDC4B152B2E9, 9048BEC7AD6A3F4B640E99B1F0365AC9A46740B188758FBB2C160EF30AD6E64B ] MMCSS           C:\WINDOWS\system32\mmcss.dll
08:51:46.0288 0x06d0  MMCSS - ok
08:51:46.0319 0x06d0  [ 8B38C44F69259987C95135C9627E2378, E698B82D4EFFF56D66C7FC9866369BA5736FDBDBE2028CC421C51E70DEA74727 ] Modem           C:\WINDOWS\system32\drivers\modem.sys
08:51:46.0366 0x06d0  Modem - ok
08:51:46.0398 0x06d0  [ 601589000CC90F0DF8DA2CC254A3CCC9, D1238A386C41B6C368D9A44B7C112C943995B5403E2A5B4B7346B266DDB0C5A0 ] monitor         C:\WINDOWS\System32\drivers\monitor.sys
08:51:46.0429 0x06d0  monitor - ok
08:51:46.0460 0x06d0  [ 2A2F8D5284E59815169A88F1FC9CEE28, 58EFBCF3C849FD088CFB7FE287FC7D9DD7E03D4E6AA98F0497C09E4596E42538 ] mouclass        C:\WINDOWS\System32\drivers\mouclass.sys
08:51:46.0491 0x06d0  mouclass - ok
08:51:46.0523 0x06d0  [ 91223A2AE2955B3E0DA3DB79C3A897A6, 32B59CF1586C2300D60AF8A1D819515033ACC7F7A1F3523FC4AC7725E29B5A90 ] mouhid          C:\WINDOWS\System32\drivers\mouhid.sys
08:51:46.0570 0x06d0  mouhid - ok
08:51:46.0601 0x06d0  [ D1D82F007A079A4D623DBD1F36EF30A1, 7901F81B62C5A4196D75A10C05386B16831CB290EFB9A1611CECF281068C520F ] mountmgr        C:\WINDOWS\system32\drivers\mountmgr.sys
08:51:46.0632 0x06d0  mountmgr - ok
08:51:46.0679 0x06d0  [ D360D521F0A5C30C7B257D66A084665C, CEB2A4317F2E9A0935162D4C71912268B8722752109174FDC77C76A638776262 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
08:51:46.0710 0x06d0  MozillaMaintenance - ok
08:51:46.0757 0x06d0  [ 6FC047578785B0435F4E2660946D1ADC, 8AEA5659F01FC2F75160922C69622502DABA39F33CB90D5178DD679A1CDE617D ] mpsdrv          C:\WINDOWS\system32\drivers\mpsdrv.sys
08:51:46.0804 0x06d0  mpsdrv - ok
08:51:46.0866 0x06d0  [ C18AA14126ADC66478E8E962B2DFAA98, A6F8CE9D88D590DC083253004392572C3BD02C33433CD6C0D9117D2AA7171EEC ] MpsSvc          C:\WINDOWS\system32\mpssvc.dll
08:51:46.0945 0x06d0  MpsSvc - ok
08:51:46.0976 0x06d0  [ DB32958F0E704EFBF7F15161A569E39F, 8A26448B954F8A16EE9BA72EF47F6C549A75B30BD13FEB5A29EB099A74D8F678 ] MRxDAV          C:\WINDOWS\system32\drivers\mrxdav.sys
08:51:47.0023 0x06d0  MRxDAV - ok
08:51:47.0070 0x06d0  [ 31233271EDE50D1BBB220F78AFA60486, 2122FAB5BD353DF63CF0FE9CEDBD5DFD1F26F2DE04303E1B3FFB03AA02AECED9 ] mrxsmb          C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
08:51:47.0117 0x06d0  mrxsmb - ok
08:51:47.0163 0x06d0  [ 3E28B99198B514DFEB152EACF913025E, 6C1D8353DCD5F811F39C0C3CB5DF3D2457F0D17EE80FB06196AA169E3D19E9B2 ] mrxsmb10        C:\WINDOWS\system32\DRIVERS\mrxsmb10.sys
08:51:47.0210 0x06d0  mrxsmb10 - ok
08:51:47.0257 0x06d0  [ 6276AC2AA203CF47811F6EFBBD214FBF, AE55D87D863A626347B0074F4E962080F1989A94153DAF8475593249F616DA2F ] mrxsmb20        C:\WINDOWS\system32\DRIVERS\mrxsmb20.sys
08:51:47.0304 0x06d0  mrxsmb20 - ok
08:51:47.0335 0x06d0  [ F3C060444777A59FC63D920719E43CCD, 8766A2746E3DFB0749E902F458141269335CA6F0CEDCA3D5F8C204637C19E783 ] MsBridge        C:\WINDOWS\system32\DRIVERS\bridge.sys
08:51:47.0382 0x06d0  MsBridge - ok
08:51:47.0429 0x06d0  [ 915747E010A9414B069173284A9B93F4, 8A335C28FE1EF96DD71485877F2E86155D24B5614ACE05468F4B07E2ACD56331 ] MSDTC           C:\WINDOWS\System32\msdtc.exe
08:51:47.0476 0x06d0  MSDTC - ok
08:51:47.0507 0x06d0  [ D13329FBF8345B28AB30F44CC247DC08, 9C7EC2D4D65E6510EB5B9E61BB0D14F725D7E8FE98D65161C3971E43EF1AB6EB ] Msfs            C:\WINDOWS\system32\drivers\Msfs.sys
08:51:47.0554 0x06d0  Msfs - ok
08:51:47.0585 0x06d0  [ C6B474E46F9E543B875981ED3FFE6ADD, E16687E52FB649C23D92159A1F036CB662202C1E58D961EECDAA528AA4FA669A ] msgpiowin32     C:\WINDOWS\System32\drivers\msgpiowin32.sys
08:51:47.0648 0x06d0  msgpiowin32 - ok
08:51:47.0679 0x06d0  [ 65C92EB9D08DB5C69F28C7FFD4E84E31, D709BA4723225321F665B1157A33A4AE230420752308EF535DA9A41CAC164628 ] mshidkmdf       C:\WINDOWS\System32\drivers\mshidkmdf.sys
08:51:47.0726 0x06d0  mshidkmdf - ok
08:51:47.0742 0x06d0  [ 52299F086AC2DAFD100DD5DC4A8614BA, B36BE0FC96798E5EB8C193C318970E3906961E3ABC3BFAAD73138C76D9A95B0B ] mshidumdf       C:\WINDOWS\System32\drivers\mshidumdf.sys
08:51:47.0788 0x06d0  mshidumdf - ok
08:51:47.0804 0x06d0  [ 36D92AF3343C3A3E57FEF11C449AEA4C, ECC85AA1E530DF55B4A4545798219F87F0FCA66DDD2E37BCEF0850D3C9129DD2 ] msisadrv        C:\WINDOWS\system32\drivers\msisadrv.sys
08:51:47.0835 0x06d0  msisadrv - ok
08:51:47.0882 0x06d0  [ 4EAEEBAC8CFF4E0D717DFA920BC58A90, A65CB1BB3392B6A04B978348CAC18A414560A6B04A727F22DFC0ADB20DD3AF6B ] MSiSCSI         C:\WINDOWS\system32\iscsiexe.dll
08:51:47.0929 0x06d0  MSiSCSI - ok
08:51:47.0945 0x06d0  msiserver - ok
08:51:47.0976 0x06d0  [ FB11715EEB23D0999C2295177EBBA5C0, 533754A3591B5852253C793CE08ADA6CAD0545E3A11F42430EFA9D959B6BF4F7 ] MSK80Service    C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
08:51:48.0007 0x06d0  MSK80Service - ok
08:51:48.0038 0x06d0  [ A9BBBD2BAE6142253B9195E949AC2E8D, 599D2952D4E0B0B3E02D91E38A30F4900B1ADA330716B887B156A1CB9A3E6EE9 ] MSKSSRV         C:\WINDOWS\system32\drivers\MSKSSRV.sys
08:51:48.0070 0x06d0  MSKSSRV - ok
08:51:48.0101 0x06d0  [ 51B3AC0560848CD6D65AC2033E293113, 73A27E88774C6929328E6C9FC9C389F4DF76D4D4D5CBFC4F51651CC308829628 ] MsLldp          C:\WINDOWS\system32\DRIVERS\mslldp.sys
08:51:48.0148 0x06d0  MsLldp - ok
08:51:48.0163 0x06d0  [ 7B2128EB875DCBC006E6A913211006D6, 97BBD7FF770741FBFC0F181A609AD0954EA926DA203B742E8F08C89AD8FE476E ] MSPCLOCK        C:\WINDOWS\system32\drivers\MSPCLOCK.sys
08:51:48.0195 0x06d0  MSPCLOCK - ok
08:51:48.0226 0x06d0  [ 1E88171579B218115C7A772F8DE04BD8, B9EAA835D0BF8F9C4DF8403D95EF1400E8AE38F28F9DBA87657DE2129FEF02D2 ] MSPQM           C:\WINDOWS\system32\drivers\MSPQM.sys
08:51:48.0257 0x06d0  MSPQM - ok
08:51:48.0288 0x06d0  [ BBE2A455053E63BECBF42C2F9B21FAE0, 7C5DF563499DF59DF9895A1581E47ADF5FD54C94ECEF6C886CDB60E5E95A6DAE ] MsRPC           C:\WINDOWS\system32\drivers\MsRPC.sys
08:51:48.0335 0x06d0  MsRPC - ok
08:51:48.0367 0x06d0  [ 8D6B7D515C5CBCDB75B928A0B73C3C5E, 1EB4DC3DD21D2627C78EC3F9931D9E5D033169087E43B5D7C17BF1FF2A0028CD ] mssmbios        C:\WINDOWS\System32\drivers\mssmbios.sys
08:51:48.0399 0x06d0  mssmbios - ok
08:51:48.0414 0x06d0  [ 115019AE01E0EB9C048530D2928AB4A2, 6E2275E85EACF2D0FC784792E0D72A165589D33CBAB3BCFA8E271CA09566C925 ] MSTEE           C:\WINDOWS\system32\drivers\MSTEE.sys
08:51:48.0446 0x06d0  MSTEE - ok
08:51:48.0461 0x06d0  [ 96D604A35070360F0DD4A7A8AF410B5E, F94DD1A3566C7C8D0A76D6E1E2530552A9B7F99C5DA0DE11829325EAB9F8B7ED ] MTConfig        C:\WINDOWS\System32\drivers\MTConfig.sys
08:51:48.0493 0x06d0  MTConfig - ok
08:51:48.0508 0x06d0  [ 619CA29326B82372621DB2C0964D8365, 4091F08E266DB45A6E33A4A8B1CE9FA78BB294B3111526AA9E3868620F30AFDF ] Mup             C:\WINDOWS\system32\Drivers\mup.sys
08:51:48.0555 0x06d0  Mup - ok
08:51:48.0571 0x06d0  [ B8C35C94DCB2DFEAF03BB42131F2F77F, F0FCF367CA8F722D6ABCF7F363CD406D890D71452E91C3FC6677B47AD74D6324 ] mvumis          C:\WINDOWS\system32\drivers\mvumis.sys
08:51:48.0602 0x06d0  mvumis - ok
08:51:48.0805 0x06d0  [ 8EE59A79D270E445B2D358E12EA628A8, C7F0FD66845C31A9B9D4E007D773F36C05B3C74D80F7229F531C1B7686FA36A3 ] myradioplayer   C:\Program Files (x86)\myradioplayer\myradioplayer.exe
08:51:49.0008 0x06d0  myradioplayer - ok
08:51:49.0039 0x06d0  [ 66204911D626BAC7DF9EB3E05963C95D, B9EFB2F667701DE759F5877596EED1A2B52F8C7B8F0E0108CE31BB7B8554F0A8 ] myradioplayerV1 C:\Program Files (x86)\myradioplayer\myradioplayerSvc.exe
08:51:49.0071 0x06d0  myradioplayerV1 - ok
08:51:49.0086 0x06d0  [ 2A313E41752A1C610C0F6983D83D8AFF, 8A1FD3333F9FA2DF7C02D8844263B5FAD20AE796F5F279B31A79D657E36F14ED ] myradioplayerV2 C:\Program Files (x86)\myradioplayer\myradioplayer.Service.exe
08:51:49.0118 0x06d0  myradioplayerV2 - ok
08:51:49.0149 0x06d0  [ DF3D9BD8DE05798CE1D7C52C150FAC71, 77EE6D9B28BDBD914C062AB0FB439B3336297EDCD76CE1E78437B5AE924500EE ] MyWiFiDHCPDNS   C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
08:51:49.0196 0x06d0  MyWiFiDHCPDNS - ok
08:51:49.0243 0x06d0  [ 8DF30698BDD9492A9D45A4B94FB4A82A, 26B1B2D7E785E29B8BCB74C467C66AE4EBDD481ACFF36334F3BDF4506B778244 ] napagent        C:\WINDOWS\system32\qagentRT.dll
08:51:49.0305 0x06d0  napagent - ok
08:51:49.0352 0x06d0  [ 008F7CED69FD5B30CBDE1E03C6F36A27, D4ADA7834C470B17A3CD976012DC5A511B32545B9F91D23D09A85722E0B75320 ] NativeWifiP     C:\WINDOWS\system32\DRIVERS\nwifi.sys
08:51:49.0414 0x06d0  NativeWifiP - ok
08:51:49.0446 0x06d0  [ BFCE1225D10619029E68946929CEB64C, 499F560331FFBA82E3D673B47F027FDAB7BEE4F2CB5B811D69E0218839F6E6A5 ] NcaSvc          C:\WINDOWS\System32\ncasvc.dll
08:51:49.0493 0x06d0  NcaSvc - ok
08:51:49.0539 0x06d0  [ 267C97373110B7AFD3B46DF60B6CBB85, CEBB99F71D47634BB9C04DF2836DF6B47F15B3073FEFC237F85526DF01E4E38B ] NcbService      C:\WINDOWS\System32\ncbservice.dll
08:51:49.0586 0x06d0  NcbService - ok
08:51:49.0618 0x06d0  [ 9ACED0F5B458C9011F39143326494E93, 9DFFC7EE7DE6FD92545EC6A203213C498A01EEFB0BC55460D339BCE498E56A7F ] NcdAutoSetup    C:\WINDOWS\System32\NcdAutoSetup.dll
08:51:49.0664 0x06d0  NcdAutoSetup - ok
08:51:49.0743 0x06d0  [ 6D3A2565E01B3E4B0F1BEDB0D4B00B3F, 95F2608E17CA3E25BD7958D1A49F7030EC8088BC1DF12422F1DAC5BA99113E34 ] NDIS            C:\WINDOWS\system32\drivers\ndis.sys
08:51:49.0821 0x06d0  NDIS - ok
08:51:49.0836 0x06d0  [ 8CECC8DA55F3274181FD1EA28AD76664, 188112424CEF97FB926A0FB915260B803555A775DD2E1846725A9C8616300F42 ] NdisCap         C:\WINDOWS\system32\DRIVERS\ndiscap.sys
08:51:49.0883 0x06d0  NdisCap - ok
08:51:49.0914 0x06d0  [ 269882812E9A68FFF1AFE1283D428322, 50B99EBC42DA9B46A8C2C28C9BADCF58AE3079535CDD1227D0F5C86291C715FF ] NdisImPlatform  C:\WINDOWS\system32\DRIVERS\NdisImPlatform.sys
08:51:49.0961 0x06d0  NdisImPlatform - ok
08:51:49.0977 0x06d0  [ 82821F4EEC776B4CF11695A38F3ABA46, 23184F9D31E662855DC4D23EFE7C2FE00E5487D3762B6024704A5D8C87762E1C ] NdisTapi        C:\WINDOWS\system32\DRIVERS\ndistapi.sys
08:51:50.0024 0x06d0  NdisTapi - ok
08:51:50.0055 0x06d0  [ B832B35055BA2B7B4181861FF94D8E59, 2E60E5D503E88D27E35ECFEE265D51328E93A9C7B9B931F86D9CBC947636BB00 ] Ndisuio         C:\WINDOWS\system32\DRIVERS\ndisuio.sys
08:51:50.0086 0x06d0  Ndisuio - ok
08:51:50.0102 0x06d0  [ 1F58E48EF75F34C35D8E93A0DC535CFE, D65619A6C4B1747F8B05DA08A44EF0E46B5CC384880E04E4755A2BA6CDB3C4EA ] NdisVirtualBus  C:\WINDOWS\System32\drivers\NdisVirtualBus.sys
08:51:50.0149 0x06d0  NdisVirtualBus - ok
08:51:50.0180 0x06d0  [ DEC29080202D4F9F17F55E18BCFCC41A, F7E543741B1F4F637A99C40543D6AEC6EBF893F74359BBA769D1F882E0AFB571 ] NdisWan         C:\WINDOWS\system32\DRIVERS\ndiswan.sys
08:51:50.0243 0x06d0  NdisWan - ok
08:51:50.0258 0x06d0  [ DEC29080202D4F9F17F55E18BCFCC41A, F7E543741B1F4F637A99C40543D6AEC6EBF893F74359BBA769D1F882E0AFB571 ] NdisWanLegacy   C:\WINDOWS\system32\DRIVERS\ndiswan.sys
08:51:50.0305 0x06d0  NdisWanLegacy - ok
08:51:50.0336 0x06d0  [ DDD7F92A83F74D1476B71FBA9530A8DC, D3F94FC9F48854E09B0B77CE5E1C1DB948D54EAC63C5583437051BB893B5A386 ] NDProxy         C:\WINDOWS\system32\drivers\NDProxy.sys
08:51:50.0383 0x06d0  NDProxy - ok
08:51:50.0399 0x06d0  [ 3083926D1CC5B56EA0786527B557DD1B, 3C3F0CA0D43398576DBE8F677B353ADDA7E8F56829874958CE668E31261C1590 ] Ndu             C:\WINDOWS\system32\drivers\Ndu.sys
08:51:50.0446 0x06d0  Ndu - ok
08:51:50.0477 0x06d0  [ 42FF4975D032CAE558AE4BB8448F6E5A, 0B8FACF3382443DED79A8004A6AA14C32471A6A1C6BAA543AA9F3FEC52620A6D ] NetBIOS         C:\WINDOWS\system32\DRIVERS\netbios.sys
08:51:50.0524 0x06d0  NetBIOS - ok
08:51:50.0555 0x06d0  [ 0217532E19A748F0E5D569307363D5FD, C40C2E7AFA276057E7327A7BB173122689D6CEC9AE443C3850C3F94AF03DFBF5 ] NetBT           C:\WINDOWS\system32\DRIVERS\netbt.sys
08:51:50.0602 0x06d0  NetBT - ok
08:51:50.0633 0x06d0  [ 382100E75B6F4668AEAEF228C6CEFFAD, 9C7229F10F11D18E1FED6395391A46225A84B421034B9AB6F81AF7430FDC556F ] Netlogon        C:\WINDOWS\system32\lsass.exe
08:51:50.0665 0x06d0  Netlogon - ok
08:51:50.0711 0x06d0  [ 8F074B62E66B6117D9598C62A12069C5, 5FDB19045D3E2F6D0F0C5158AC2ECB0D5404CD2AF7A319755D7E3753CA3B7CF3 ] Netman          C:\WINDOWS\System32\netman.dll
08:51:50.0758 0x06d0  Netman - ok
08:51:50.0837 0x06d0  [ 4A04B1CD5BFB4A978C5F60E86D6C3E45, A946922C1C38ADD3CF9D3B09DDCC301AE4DAC960A081B2F42B32BE1E7095B3FD ] netprofm        C:\WINDOWS\System32\netprofmsvc.dll
08:51:50.0915 0x06d0  netprofm - ok
08:51:50.0977 0x06d0  [ 1092B3190E69E0C5ECBCE90F171DE047, C16106EEFC324EE80E5F659CB71A5DD69FA800D36D829F5B0E6AD3393BD1BAF7 ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
08:51:51.0024 0x06d0  NetTcpPortSharing - ok
08:51:51.0055 0x06d0  [ D4DCE03870314D3354F3501F9DDD4123, 5BFE8299B3F72B8C39A4965365CBF5BA151024451F02DD872FAD1CC35CF94CEA ] netvsc          C:\WINDOWS\System32\drivers\netvsc63.sys
08:51:51.0102 0x06d0  netvsc - ok
08:51:51.0290 0x06d0  [ 3483D44E1B24F17E622870801403AD13, EF9C5290777A4E277D47C87A174FF9441BE23CAD2F456D35B808463041F4675C ] NETwNe64        C:\WINDOWS\system32\DRIVERS\NETwew00.sys
08:51:51.0462 0x06d0  NETwNe64 - ok
08:51:51.0524 0x06d0  [ FC91D7804B8FE5C2F0B12585C612F592, 0F43466D0F52D6A5282BD076005AC5F615C8CFCAC0D4B17B152E8AD0F556CB08 ] NitroDriverReadSpool8 C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe
08:51:51.0555 0x06d0  NitroDriverReadSpool8 - ok
08:51:51.0602 0x06d0  [ E94EB2A95D7D016E119C4D6868788831, 3E4A925D23262FBA0A6432DD635FBE94B0CEF76BD9BB323254B66977497FEE2A ] NlaSvc          C:\WINDOWS\System32\nlasvc.dll
08:51:51.0649 0x06d0  NlaSvc - ok
08:51:51.0743 0x06d0  [ 21D28C3448983A072B907E9BAC93D223, 27EF785F8A26E461EE9CDA18445E4896EB5BAE73ABE77262639320D45BC6A512 ] nlsX86cc        C:\windows\SysWOW64\NLSSRV32.EXE
08:51:51.0774 0x06d0  nlsX86cc - ok
08:51:51.0821 0x06d0  [ 8F44A2F57C9F1A19AC9C6288C10FB351, 310274DDBAC0FE4BE54ECD3B90C97D82A0F9F5CFCA7A35711A36164DE4B94074 ] Npfs            C:\WINDOWS\system32\drivers\Npfs.sys
08:51:51.0852 0x06d0  Npfs - ok
08:51:51.0883 0x06d0  [ CBDB4F0871C88DF930FC0E8588CA67FC, 7E4AA3EA81A9D532F236FD7896744F07ED07CA9B37A9F18A9778BCCCC67490F2 ] npsvctrig       C:\WINDOWS\System32\drivers\npsvctrig.sys
08:51:51.0915 0x06d0  npsvctrig - ok
08:51:51.0946 0x06d0  [ 0F12A72A753CFD7FB0631EE8D08FE983, 860A96471F6CD90DDA9AB3A48E95CEAD826C87D2FA98A00EF91B61C44A4C8B82 ] nsi             C:\WINDOWS\system32\nsisvc.dll
08:51:52.0008 0x06d0  nsi - ok
08:51:52.0040 0x06d0  [ 0E046FF5823B95326D10CF1B4AF23541, 39D22715003746527AB4BFEDED8C34B695DAF589091AE7F3A2A2C4B8A35675A9 ] nsiproxy        C:\WINDOWS\system32\drivers\nsiproxy.sys
08:51:52.0087 0x06d0  nsiproxy - ok
08:51:52.0212 0x06d0  [ 7F68063A5A0461E02BC860CE0E6BFDDC, 47E9F75D27B97278B74034B7D3951A26B1644911ED321455E08D935731C858DE ] Ntfs            C:\WINDOWS\system32\drivers\Ntfs.sys
08:51:52.0352 0x06d0  Ntfs - ok
08:51:52.0383 0x06d0  [ EF1B290FC9F0E47CC0B537292BEE5904, DBC07BBC54EBC2D2E576B23A4CE116B3DA988577AD0D96CB7289A6748A60F9EA ] Null            C:\WINDOWS\system32\drivers\Null.sys
08:51:52.0415 0x06d0  Null - ok
08:51:52.0446 0x06d0  [ BC6B5942AFF25EBAF62DE43C3807EDF8, CB0FA194084B8C309039D571B5760FDA800E9531B8660C499B4F9977BA5C36D5 ] nvraid          C:\WINDOWS\system32\drivers\nvraid.sys
08:51:52.0478 0x06d0  nvraid - ok
08:51:52.0509 0x06d0  [ 1F43ABFFAC3D6CA356851D517392966E, 6FD7621F67BA94B0E1D8F43BEC2951DBCDEEA1E848BB265AC169E27C01DA68F2 ] nvstor          C:\WINDOWS\system32\drivers\nvstor.sys
08:51:52.0556 0x06d0  nvstor - ok
08:51:52.0587 0x06d0  [ 6934A936A7369DFE37B7DBA93F5E5E49, 0900FEEB0CE8D09F0FC60630B5B986034A8BCD3882ED66E47170810C32492892 ] nv_agp          C:\WINDOWS\system32\drivers\nv_agp.sys
08:51:52.0634 0x06d0  nv_agp - ok
08:51:52.0696 0x06d0  [ 9D10F99A6712E28F8ACD5641E3A7EA6B, 70964A0ED9011EA94044E15FA77EDD9CF535CC79ED8E03A3721FF007E69595CC ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
08:51:52.0743 0x06d0  ose - ok
08:51:53.0025 0x06d0  [ 61BFFB5F57AD12F83AB64B7181829B34, 1DD0DD35E4158F95765EE6639F217DF03A0A19E624E020DBA609268C08A13846 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
08:51:53.0275 0x06d0  osppsvc - ok
08:51:53.0337 0x06d0  [ 26657F3B4F39A0E64AF859278B599C4E, 3DD65E0BCEF3045DBA29FB8171CA3FCC9781AED3A1C7A160CF26388CE80A3683 ] p2pimsvc        C:\WINDOWS\system32\pnrpsvc.dll
08:51:53.0401 0x06d0  p2pimsvc - ok
08:51:53.0463 0x06d0  [ FD8F61F0D1F64BBB3D835F39A3F979C9, E5C5F86576488EA7F605E26C06EE5AFB36506A446F60C894D55E0A148BF7F02D ] p2psvc          C:\WINDOWS\system32\p2psvc.dll
08:51:53.0510 0x06d0  p2psvc - ok
08:51:53.0541 0x06d0  [ 764B1121867B2D9B31C491668AC72B2B, 32C04B6FCE1DDD09697B81473A23BDCED8BEEFBCD0D2D58DDC9A11A33C756967 ] Parport         C:\WINDOWS\System32\drivers\parport.sys
08:51:53.0572 0x06d0  Parport - ok
08:51:53.0619 0x06d0  [ BAFF6122CFC9F95CA175AD8C348179A4, 079A912D951DF6A57BC1BDB0D182977EE9592751EC9DDCDA2932BDEDB333850C ] partmgr         C:\WINDOWS\system32\drivers\partmgr.sys
08:51:53.0651 0x06d0  partmgr - ok
08:51:53.0697 0x06d0  [ ABE95ABE27A8BD9701782BBCD82C9925, AE3BA1E9ECDE692374D8DAC95A8DAA289DD2470E3D8D58EFAD9F83A37F3AC8E5 ] PcaSvc          C:\WINDOWS\System32\pcasvc.dll
08:51:53.0760 0x06d0  PcaSvc - ok
08:51:53.0822 0x06d0  [ 91ED124E261EA8FAA1C0FFDF2A71B0C4, 20E41A38067395D03184938983A9BE459717A1941352972DBC28D83D542319EC ] pci             C:\WINDOWS\system32\drivers\pci.sys
08:51:53.0869 0x06d0  pci - ok
08:51:53.0885 0x06d0  [ 346E38FCC6859A727DD28AFAD1F0AFF4, FF3DA26F79B3BC3A5B8A8AA0B9139B9EF70297F4EA1203B1E68FB5A212C3AA58 ] pciide          C:\WINDOWS\system32\drivers\pciide.sys
08:51:53.0932 0x06d0  pciide - ok
08:51:53.0947 0x06d0  [ 4D3BDCC1C7B40C9D7B6AD990E6DEC397, 27A7AF2127B699F4579CB77936F38DC102211E26E5E2947DB808756FE06FC98E ] pcmcia          C:\WINDOWS\system32\drivers\pcmcia.sys
08:51:53.0994 0x06d0  pcmcia - ok
08:51:54.0010 0x06d0  [ BF28771D1436C88BE1D297D3098B0F7D, 5F7630916A76A8CF31289E9C577F522B999C74C39E541CD40E62BD53004BEF74 ] pcw             C:\WINDOWS\system32\drivers\pcw.sys
08:51:54.0041 0x06d0  pcw - ok
08:51:54.0088 0x06d0  [ 24A8DFC07E4BAF29AEA26E383D4CC886, 1B903FE52CD816662D37A8113930B4B7019B6996D49F1982D8F42933A3525A67 ] pdc             C:\WINDOWS\system32\drivers\pdc.sys
08:51:54.0119 0x06d0  pdc - ok
08:51:54.0182 0x06d0  [ 0ECEE590F2E2EF969FB74A6FC583A1E6, 1C611D9225C863CF32125F684B324C58BDE1942F4F283F5674133200AC505D44 ] PEAUTH          C:\WINDOWS\system32\drivers\peauth.sys
08:51:54.0276 0x06d0  PEAUTH - ok
08:51:54.0322 0x06d0  [ 8E3C640FFF5A963F570233AE99C0FFF3, 3DE978B005BF2E88BA858CE37D9E27BD3584642B8412E22C300A1E739743838A ] PerfHost        C:\WINDOWS\SysWow64\perfhost.exe
08:51:54.0369 0x06d0  PerfHost - ok
08:51:54.0494 0x06d0  [ 70B39E7241F750A248798CE82C44596D, 54A72199EB277EE586611DCBC21654786FD2196F91D5884C4F531297893CC3EC ] pla             C:\WINDOWS\system32\pla.dll
08:51:54.0604 0x06d0  pla - ok
08:51:54.0651 0x06d0  [ 2C02AFF8383D893F8DBEB07A84F6E77C, 7CC34BAC67E2988E3D16DD6EB6F6785CD2460E3EF7FBD0BD5F86E49793BD473E ] PlugPlay        C:\WINDOWS\system32\umpnpmgr.dll
08:51:54.0713 0x06d0  PlugPlay - ok
08:51:54.0744 0x06d0  [ 4570F8A37D221660F3A09D6F4DD4BA94, 0EA190CFFA53DF9CCA2D53A4EF1BCB837BA3F2489A3AC5BD11F6D6ED811D118E ] PNRPAutoReg     C:\WINDOWS\system32\pnrpauto.dll
08:51:54.0791 0x06d0  PNRPAutoReg - ok
08:51:54.0823 0x06d0  [ 26657F3B4F39A0E64AF859278B599C4E, 3DD65E0BCEF3045DBA29FB8171CA3FCC9781AED3A1C7A160CF26388CE80A3683 ] PNRPsvc         C:\WINDOWS\system32\pnrpsvc.dll
08:51:54.0869 0x06d0  PNRPsvc - ok
08:51:54.0932 0x06d0  [ BDD52AB4AEBB8B1904568DBD0CCB70CB, C3D1DBA349C79B43DCDD9EF5255C5EE973EFB844235B808B5EF9B63A51FF00AA ] PolicyAgent     C:\WINDOWS\System32\ipsecsvc.dll
08:51:54.0994 0x06d0  PolicyAgent - ok
08:51:55.0026 0x06d0  [ C8DD82C3035E60D671B8CC5DF128D3A9, 6AABF632CBEDA9A7B553BC9134FF100CB6FDC88000D499D2883408FCEDD97576 ] Power           C:\WINDOWS\system32\umpo.dll
08:51:55.0088 0x06d0  Power - ok
08:51:55.0260 0x06d0  [ 3C96A45CA3403A276B0F045C448EC27B, C0011DB8C5A85817CAF815CC0095EE2C1CDD5964DCD8EAF4C35A2495D6A873CC ] PrintNotify     C:\WINDOWS\system32\spool\drivers\x64\3\PrintConfig.dll
08:51:55.0432 0x06d0  PrintNotify - ok
08:51:55.0464 0x06d0  [ ECD373F9571C745894367CC2635EA44F, E08B2A1017DAE1BF10B986DAFAD14BDE20D79703E0EF3A8C700A3753908C1392 ] Processor       C:\WINDOWS\System32\drivers\processr.sys
08:51:55.0495 0x06d0  Processor - ok
08:51:55.0542 0x06d0  [ 19424364D8C03B990C4281BE53963FD0, 958FC8436E6B754858E20BC48B0D4B269991E8CA94C15C2761BF04ED52591907 ] ProfSvc         C:\WINDOWS\system32\profsvc.dll
08:51:55.0589 0x06d0  ProfSvc - ok
08:51:55.0667 0x06d0  [ 2EF590B1064A1720CEADBB69F6AE4B46, 049F07E8506349F6C10330CC1BAB998EFA243A4656738EAA2CFF6930EABCA72C ] Proxy           C:\Program Files (x86)\Common Files\Diagnostics\node\service.exe
08:51:55.0682 0x06d0  Proxy - detected UnsignedFile.Multi.Generic ( 1 )
08:51:55.0682 0x06d0  Proxy ( UnsignedFile.Multi.Generic ) - warning
08:51:55.0776 0x06d0  [ FC0141B4A5AD6D637D883C1A89FC45C5, DCE8942C02EEDAE7A57707CA60CAC3A8CD6BA68E6571E405CA882D4DD6D69E43 ] Psched          C:\WINDOWS\system32\DRIVERS\pacer.sys
08:51:55.0823 0x06d0  Psched - ok
08:51:55.0932 0x06d0  [ 9B2C6DF4FA4BE3574EAAE673F0CD5C2A, 3C4E2AD278B155F800C4AB3703135E470896EFBED629870B95DDC613B9BD04FD ] qelejify        C:\Users\Pradeepa\AppData\Roaming\5D46E0FF-1432837580-E211-A330-208984ECA4BC\jnst4784.tmp
08:51:55.0964 0x06d0  qelejify - detected UnsignedFile.Multi.Generic ( 1 )
08:51:55.0964 0x06d0  qelejify ( UnsignedFile.Multi.Generic ) - warning
08:51:56.0026 0x06d0  [ DAA9DEE0A5D5F238C4EE54C2C7FB67C5, 7EC8C603BD92699AC35BDCD294F13BEE90D5C2C195FD93A3F16928BFCF53CA93 ] QWAVE           C:\WINDOWS\system32\qwave.dll
08:51:56.0073 0x06d0  QWAVE - ok
08:51:56.0104 0x06d0  [ 83868EB2924E6BC21A54337C65D614D1, 8D1BE01EBD190231153B867C32120DC8FBFBD32050448A778134D435D76A0B07 ] QWAVEdrv        C:\WINDOWS\system32\drivers\qwavedrv.sys
08:51:56.0167 0x06d0  QWAVEdrv - ok
08:51:56.0167 0x06d0  Suspicious service (NoAccess): raifkoncut
08:51:56.0354 0x06d0  [ C416AEDAE3FDCCDE18411B475AEEB6A4, A3DEA84AFB4F77A75EE4EC185DB101E6B47F8BD0DE8274D85035EC06FEA75A30 ] raifkoncut      C:\ProgramData\boostwebapp\1.1.0.31\ikuamys.exe
08:51:56.0354 0x06d0  Suspicious file ( Hidden ): C:\ProgramData\boostwebapp\1.1.0.31\ikuamys.exe. md5: C416AEDAE3FDCCDE18411B475AEEB6A4, sha256: A3DEA84AFB4F77A75EE4EC185DB101E6B47F8BD0DE8274D85035EC06FEA75A30
08:51:56.0370 0x06d0  raifkoncut - detected LockedService.Multi.Generic ( 1 )
08:51:56.0370 0x06d0  raifkoncut ( LockedService.Multi.Generic ) - warning
08:51:56.0370 0x06d0  Force sending object to P2P due to detect: raifkoncut
08:51:56.0370 0x06d0  Object send P2P result: false
08:51:56.0385 0x06d0  [ B337B1F1E82A83E20A1743E008E25C0F, A2E8AF041B4CAB78AEE28A2147A189FF0F9D2FCEFB167D60FBBA0A787A5A5BE7 ] RasAcd          C:\WINDOWS\system32\DRIVERS\rasacd.sys
08:51:56.0433 0x06d0  RasAcd - ok
08:51:56.0464 0x06d0  [ 044638489B4A5FE5334F46C5314A0826, E06CC2A9EF369794DAD69FBB5AFD1676D4283DDAB2AD5E3EFE454C473F62F955 ] RasAuto         C:\WINDOWS\System32\rasauto.dll
08:51:56.0511 0x06d0  RasAuto - ok
08:51:56.0574 0x06d0  [ F83B38FCD4F69157B3D158433FA149CC, AB103BD3E2B3B134CB355C556DF70BCF0CF4DB11EFF7DB4A9876D5AA43D81293 ] RasMan          C:\WINDOWS\System32\rasmans.dll
08:51:56.0636 0x06d0  RasMan - ok
08:51:56.0652 0x06d0  [ 5247F308C4103CDC4FE12AE1D235800A, E567CD33CA1897D53795E071B7AFBAF98B2C8F725F8BED0BA90F5EF611520E48 ] RasPppoe        C:\WINDOWS\system32\DRIVERS\raspppoe.sys
08:51:56.0699 0x06d0  RasPppoe - ok
08:51:56.0745 0x06d0  [ A1A5E79C0D1352AFDC08328A623DA051, 01546DDE6F1FF159A7EB7F2BF104910445D3D863F1F37DEA695579BA60D84280 ] rdbss           C:\WINDOWS\system32\DRIVERS\rdbss.sys
08:51:56.0808 0x06d0  rdbss - ok
08:51:56.0839 0x06d0  [ 6B21EBF892CD8CACB71669B35AB5DE32, 0AD8E14FEF16FB2559F5FC8AFBC9D49E4E24F43CF65F480DBF9FAB593269B419 ] rdpbus          C:\WINDOWS\System32\drivers\rdpbus.sys
08:51:56.0886 0x06d0  rdpbus - ok
08:51:56.0902 0x06d0  [ 680C1DAE268B6FB67FA21B389A8B79EF, 856911F77BDD8830C3D683EBE8AF399FB3A54C7D8D0B34EA37D903377F0A39BD ] RDPDR           C:\WINDOWS\system32\drivers\rdpdr.sys
08:51:56.0949 0x06d0  RDPDR - ok
08:51:56.0980 0x06d0  [ BC8A79C625568DDB7DCA49D0C2741A64, AB0A7ED9EC2282EC0356D27EA4F70515943E41C2112428B787636B8BEC278933 ] RdpVideoMiniport C:\WINDOWS\system32\drivers\rdpvideominiport.sys
08:51:57.0011 0x06d0  RdpVideoMiniport - ok
08:51:57.0042 0x06d0  [ A26AEC49F318FEE141DDDB2C5F99B3E6, 246AD79FF27E79DEDCB0AAA7C22A8EA6349DEDAC863413A1E378E68FD94C9C4F ] rdyboost        C:\WINDOWS\system32\drivers\rdyboost.sys
08:51:57.0089 0x06d0  rdyboost - ok
08:51:57.0136 0x06d0  [ 615DFD97DEA56CE1C3A52185A3038FF8, 707BF5F9FAE478A12656D15013F507CC1335E7B72BD21CA99BB813CB95E37BC0 ] ReFS            C:\WINDOWS\system32\drivers\ReFS.sys
08:51:57.0230 0x06d0  ReFS - ok
08:51:57.0292 0x06d0  [ 46D01172EDDACDD1EB75648D5E17D5E2, 74D91D53A63ABF3FD3C44B410AABDB8BCFBC16E9BD419B0AA8DF36F775CC33B6 ] RegSrvc         C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
08:51:57.0324 0x06d0  RegSrvc - ok
08:51:57.0370 0x06d0  [ 0CF7CB56BF2D5E9DBCEE0185CB626FAD, 2BD2E2FB1D2EADD1F70EF55E8523C353F95D4FEB1BAD5017FA4D94F790F27825 ] RemoteAccess    C:\WINDOWS\System32\mprdim.dll
08:51:57.0433 0x06d0  RemoteAccess - ok
08:51:57.0480 0x06d0  [ AC8785B53F8436058C90450DA1840AE7, CC1FFC2713910211F8A6AD532DBB9253ACD188CBD784F1BE6613DF382825A3C1 ] RemoteRegistry  C:\WINDOWS\system32\regsvc.dll
08:51:57.0542 0x06d0  RemoteRegistry - ok
08:51:57.0589 0x06d0  [ DC66AE45816614D2999DCD3834DCCC4E, 1C26225135E851DDD1307F52401DD7055B26B3F3B8FDD693B21042C2896E235A ] RFCOMM          C:\WINDOWS\System32\drivers\rfcomm.sys
08:51:57.0620 0x06d0  RFCOMM - ok
08:51:57.0699 0x06d0  [ FBA61BB4C484A01A655AFB18FF86C417, D53B2110CB09D0A909C4E330C468351BFE076BB056CCDDCB8ADA2FB91E96352E ] RichVideo64     C:\Program Files\CyberLink\Shared files\RichVideo64.exe
08:51:57.0730 0x06d0  RichVideo64 - ok
08:51:57.0777 0x06d0  [ 65B9FDE300A6DECC03BA44C4616DCAD6, CAD992982733DD20282A3453DC4E554AE1FC077C35479C0CA4E8BC3A9DCD3BB0 ] RpcEptMapper    C:\WINDOWS\System32\RpcEpMap.dll
08:51:57.0824 0x06d0  RpcEptMapper - ok
08:51:57.0855 0x06d0  [ A737B433ABAF3F2DCB2BD7B4CC582B26, 3B5706B0CF0969A9F82060FD4DCC745F2D83C066B663FE8A4F0F493B64032C9C ] RpcLocator      C:\WINDOWS\system32\locator.exe
08:51:57.0902 0x06d0  RpcLocator - ok
08:51:57.0964 0x06d0  [ A6F17C299A03BAFEFB9257C462A19E00, EB68967D28355271897166D7B6FD963D1E546D3C24AE1AEAAC561F94357A9345 ] RpcSs           C:\WINDOWS\system32\rpcss.dll
08:51:58.0042 0x06d0  RpcSs - ok
08:51:58.0074 0x06d0  [ 2D05A5508F4685412F2B89E8C2189ABC, 82F12B4E0E73411A121EFD35FBD3B44CBBC0AE96ACFBB45D8C3C3777E2EA320D ] rspndr          C:\WINDOWS\system32\DRIVERS\rspndr.sys
08:51:58.0120 0x06d0  rspndr - ok
08:51:58.0152 0x06d0  [ 55D45B4B7EC9C5DE2DE8C61C592463CF, 6DFFCFCD1761B72A88E36D55642B8A1951DBD71B0621EE26D82399DF6D05C2DE ] RSUSBVSTOR      C:\WINDOWS\System32\Drivers\RtsUVStor.sys
08:51:58.0199 0x06d0  RSUSBVSTOR - ok
08:51:58.0575 0x06d0  [ 72DD449BAFC25BBFA48040CE5337092A, 102D64976874C682FCA806D66379F655FCC5F73AD9476DC485325BB963932393 ] rtsuvc          C:\WINDOWS\system32\DRIVERS\rtsuvc.sys
08:51:58.0997 0x06d0  rtsuvc - ok
08:51:59.0044 0x06d0  [ 1A063730F221B2746FF00457AE17E4F0, 39A3C258CBFE3BC566C63528C9020A3BC9409736AE5289C08A7BA471D8409263 ] s3cap           C:\WINDOWS\System32\drivers\vms3cap.sys
08:51:59.0091 0x06d0  s3cap - ok
08:51:59.0122 0x06d0  [ 382100E75B6F4668AEAEF228C6CEFFAD, 9C7229F10F11D18E1FED6395391A46225A84B421034B9AB6F81AF7430FDC556F ] SamSs           C:\WINDOWS\system32\lsass.exe
08:51:59.0153 0x06d0  SamSs - ok
08:51:59.0200 0x06d0  [ C624A1B32211C3166EDB3F4AB02A30B7, 6B2A4607DB52D74242787ED9DF9067058983D310431D8612D2B0236E6201E681 ] sbp2port        C:\WINDOWS\system32\drivers\sbp2port.sys
08:51:59.0247 0x06d0  sbp2port - ok
08:51:59.0294 0x06d0  [ 74A3B67F03877D06B09B1B40C5ED582E, A8FF9BF416F0BF365BFB4E1796859825C811A74B5E54DDDCE8345193BEEBE206 ] SCardSvr        C:\WINDOWS\System32\SCardSvr.dll
08:51:59.0356 0x06d0  SCardSvr - ok
08:51:59.0388 0x06d0  [ 0E3B268357B750D93584981766FA0816, CCDFF71FF75D6E062952E677290CDC98C56BE921B2B9B6B2B388F07A8A5AEC1F ] SCDEmu          C:\WINDOWS\system32\drivers\SCDEmu.sys
08:51:59.0434 0x06d0  SCDEmu - ok
08:51:59.0466 0x06d0  [ 8B9C4D55B4A536FB01C360DDB9533574, 9B939FE68F6F9C171ED0D91E2CE1E67515295D34EC23606BCDFD097DCC8CFD4A ] ScDeviceEnum    C:\WINDOWS\System32\ScDeviceEnum.dll
08:51:59.0513 0x06d0  ScDeviceEnum - ok
08:51:59.0544 0x06d0  [ 13BEA6C882D4D877A5A85CA149C86BC1, 8E9BE5C2A36D5881D9985C3A31309FE03966EA13A3541D3C5B542AB67FA0D55F ] scfilter        C:\WINDOWS\system32\DRIVERS\scfilter.sys
08:51:59.0591 0x06d0  scfilter - ok
08:51:59.0669 0x06d0  [ A626F5E446860F22835E783142D7AE33, 3A786639E1FABCA512F4F91A10811DD3C4D9C9C9BB893362E4D019219D0BD8E2 ] Schedule        C:\WINDOWS\system32\schedsvc.dll
08:51:59.0763 0x06d0  Schedule - ok
08:51:59.0810 0x06d0  [ 41C0D7B1A6D4AD119BA6AC0487EA5C8E, 516C2B34BA7507D0DA4148B4ABC0A8C36286570D4EA5C60B28647B1249C15018 ] SCPolicySvc     C:\WINDOWS\System32\certprop.dll
08:51:59.0856 0x06d0  SCPolicySvc - ok
08:51:59.0903 0x06d0  [ C54B6B2170BF628FD42F799A66956D75, BCF460A124CAA6F1F1A9A7BCBDCC2D5E39B0404D96B7C9FFAC806E041782B91E ] sdbus           C:\WINDOWS\System32\drivers\sdbus.sys
08:51:59.0934 0x06d0  sdbus - ok
08:51:59.0966 0x06d0  [ 0B1E929D11A8E358106955603FAC65E8, A5EC91BFC0873EC6AB1D0DB4E91654BD35339BD680E7E82DA2DC64996B4AE515 ] sdstor          C:\WINDOWS\System32\drivers\sdstor.sys
08:52:00.0013 0x06d0  sdstor - ok
08:52:00.0044 0x06d0  [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv          C:\WINDOWS\system32\drivers\secdrv.sys
08:52:00.0075 0x06d0  secdrv - ok
08:52:00.0122 0x06d0  [ BA24CEA7152239F42ECD04AFB7C89D24, A2A11EABB0C283772B74667C7544B61BEB1B9745FBF065E831542129EB585AFA ] seclogon        C:\WINDOWS\system32\seclogon.dll
08:52:00.0153 0x06d0  seclogon - ok
08:52:00.0169 0x06d0  [ 81FE9A81EDF8016816C9E91FBFBF7D35, 87FB92A3D15F312F0B9C423EF851061A944B013E5668D8C9A441B4DC0EB690AF ] SENS            C:\WINDOWS\System32\sens.dll
08:52:00.0216 0x06d0  SENS - ok
08:52:00.0263 0x06d0  [ 6E4012AE67F09F867EF620C8D5524C0B, 63933E51F8E413E63481369CE2F9FD224560550FBD3BD2B4573E9F4AD88708A2 ] SensrSvc        C:\WINDOWS\system32\sensrsvc.dll
08:52:00.0309 0x06d0  SensrSvc - ok
08:52:00.0325 0x06d0  [ DB2FF24CE0BDD15FE75870AFE312BA89, 7DB0D978C92CD0A0A81F7AB46FE323B4929CEA01585B0F330921E6DFA7DE1B85 ] SerCx           C:\WINDOWS\system32\drivers\SerCx.sys
08:52:00.0356 0x06d0  SerCx - ok
08:52:00.0388 0x06d0  [ 0044B31F93946D5D41982314381FE431, 95B8A94BA9EF770F29ACD5B23D447EC2B6CF1CB3D0030343BA1550AC31F6E2A5 ] SerCx2          C:\WINDOWS\system32\drivers\SerCx2.sys
08:52:00.0419 0x06d0  SerCx2 - ok
08:52:00.0450 0x06d0  [ 3CD600C089C1251BEEB4CD4CD5164F9E, D9F81951B4454B24E821E33ACA53A851A61F3135E8EC6FBE6761A1A3E1CDCBE2 ] Serenum         C:\WINDOWS\System32\drivers\serenum.sys
08:52:00.0497 0x06d0  Serenum - ok
08:52:00.0528 0x06d0  [ D864381BC9C725FAB01D94C060660166, 132FED95222BBE3B0B25B3F1F0EFC5903D04564BD047BA4D2042AD51E3FDA724 ] Serial          C:\WINDOWS\System32\drivers\serial.sys
08:52:00.0575 0x06d0  Serial - ok
08:52:00.0606 0x06d0  [ 96B01F117057FB4DAE0FF919ACB55770, D0F58F1CAE4F81D60FCE60BB0065A34B4F897E8105DF17B6DAA334938CD25A56 ] sermouse        C:\WINDOWS\System32\drivers\sermouse.sys
08:52:00.0653 0x06d0  sermouse - ok
08:52:00.0731 0x06d0  [ 3A2F1A7472C3B7CC9B89C8516C726488, 9BCBBAC10C900EA7B30822B463A77EE5067F217C4B490857A09E5277983CB89B ] SessionEnv      C:\WINDOWS\system32\sessenv.dll
08:52:00.0810 0x06d0  SessionEnv - ok
08:52:00.0825 0x06d0  [ 472B7A5AC181C050888DB454663DD764, C950A8615D57BFD455E18880398350642B2E1D6B951EC9754FD8D429F3418835 ] sfloppy         C:\WINDOWS\System32\drivers\sfloppy.sys
08:52:00.0888 0x06d0  sfloppy - ok
08:52:00.0950 0x06d0  [ 8081FF3DAE8159FE8956B09BC29CE983, AC0F305AEE8B1AB2E1275F1D33EC1D2F3E23F234F831BD9D41F415A94A19D3AB ] SharedAccess    C:\WINDOWS\System32\ipnathlp.dll
08:52:01.0044 0x06d0  SharedAccess - ok
08:52:01.0106 0x06d0  [ 7FD9A61A3523A61FC135D61D6E160314, 409E1CF7A62FD90CBC31AEAFBB7230B02DBEC6CFCA2D266D221A7643FAEBA13B ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
08:52:01.0185 0x06d0  ShellHWDetection - ok
08:52:01.0200 0x06d0  [ 2F518D13DD6F3053837FE606F1A2EA1F, 64109296CE95BD233525688A350D575CF97B9464659AA07CF78B307B6ADBC835 ] SiSRaid2        C:\WINDOWS\system32\drivers\SiSRaid2.sys
08:52:01.0231 0x06d0  SiSRaid2 - ok
08:52:01.0231 0x06d0  [ 1AC9A200A9C49C4508F04AAFFCA34A3F, 972BCB2A39169155F74111FAC74ACCD8F50E34EADCF087833B0980827627BBF4 ] SiSRaid4        C:\WINDOWS\system32\drivers\sisraid4.sys
08:52:01.0263 0x06d0  SiSRaid4 - ok
08:52:01.0341 0x06d0  [ 704B4F81729F676BBF034529FC334D82, 1E50DAF97836807A500284385D99272780A8B69CA88761250451060B207824F8 ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
08:52:01.0388 0x06d0  SkypeUpdate - ok
08:52:01.0450 0x06d0  [ 3C84DCCE5B322F745A75CA8BA3A0F6B3, 1FB94A8A1C63D6FDB82E28ED5B696B3CB1F64183A89A3B5153B266C292CB7815 ] smphost         C:\WINDOWS\System32\smphost.dll
08:52:01.0497 0x06d0  smphost - ok
08:52:01.0528 0x06d0  [ D0EB0DF8C603BBA084351A92732B1CBE, E24ED8F78EF41C1BC17386AE4BBCE0DC892C5B89B12C03FC9FB61D359B13F1B4 ] SNMPTRAP        C:\WINDOWS\System32\snmptrap.exe
08:52:01.0575 0x06d0  SNMPTRAP - ok
08:52:01.0622 0x06d0  [ D24B1945ED1F9C96DA786DBBF1E983CE, B46CB0B72B7A3DF94A46B8D65E38535C5F8E72A55CF2DC48EFA1F9A0108691C4 ] spaceport       C:\WINDOWS\system32\drivers\spaceport.sys
08:52:01.0669 0x06d0  spaceport - ok
08:52:01.0700 0x06d0  [ F337BE11071818FC3F5DC2940B6BDE34, D5CFF00E5DF37045F71AEE101AC9B270EBB29F372F404757B58600E9966C7E4D ] SpbCx           C:\WINDOWS\system32\drivers\SpbCx.sys
08:52:01.0732 0x06d0  SpbCx - ok
08:52:01.0794 0x06d0  [ FCB156A6745631A67DEA61827061D483, 9275ABFA1E1E595969A71C0DA228D18D1B868BF46E097E1276142BD80F8A32C9 ] Spooler         C:\WINDOWS\System32\spoolsv.exe
08:52:01.0857 0x06d0  Spooler - ok
08:52:02.0169 0x06d0  [ C993A0B97BECD3AAF5158E3869878465, 8B86F37DEFCBE55DE507D830EC4980EBB39B3CCA30C2B3E76B588AAB282A50FC ] sppsvc          C:\WINDOWS\system32\sppsvc.exe
08:52:02.0607 0x06d0  sppsvc - ok
08:52:02.0669 0x06d0  [ 6416E79A58A8FCC33A447A4DDDD3BF04, 839E3107ACCD520C309BD6C8324DF7A8EB724EAD442AB1F1CACB0D83F84BE488 ] srv             C:\WINDOWS\system32\DRIVERS\srv.sys
08:52:02.0747 0x06d0  srv - ok
08:52:02.0825 0x06d0  [ 00D8AC8E3053290BDE6EA2FB6810D2FC, 957FEF84CBBAE71829529AE99A1B24F52D7831BD666442D0132FBB825409A75D ] srv2            C:\WINDOWS\system32\DRIVERS\srv2.sys
08:52:02.0888 0x06d0  srv2 - ok
08:52:02.0919 0x06d0  [ D047CD668E6277FD80F0C613946F034C, BD0209E7FD89F9295D4DE48C9652DF2A2990277C16AFA473B96704B1CBD2F338 ] srvnet          C:\WINDOWS\system32\DRIVERS\srvnet.sys
08:52:02.0966 0x06d0  srvnet - ok
08:52:03.0044 0x06d0  [ CF6C3037839CF78421A94F9060C2886F, CA98C180AE03F5BE8FEFFBA75BD98DEE2AD4FA975E1EF83215C9CD2476946811 ] SSDPSRV         C:\WINDOWS\System32\ssdpsrv.dll
08:52:03.0091 0x06d0  SSDPSRV - ok
08:52:03.0122 0x06d0  [ 198A737DBA666F4808D62E9A8277A6B7, 90B6E5E2ACE95D850C913A3A1DA1F966C44955C530004C228FA93B2A536F5C27 ] SstpSvc         C:\WINDOWS\system32\sstpsvc.dll
08:52:03.0169 0x06d0  SstpSvc - ok
08:52:03.0216 0x06d0  [ 5252D7BC56E5E0ED715AEA8FE173A455, 1408B3E98B35A449434718777EE70595F0D306197A428279C6281D2F1953F259 ] ssudmdm         C:\WINDOWS\system32\DRIVERS\ssudmdm.sys
08:52:03.0247 0x06d0  ssudmdm - ok
08:52:03.0263 0x06d0  [ 366DEA74BBA65B362BCCFC6FC2ADFD8B, 4D28122AB9D8DAB724021E6513B4474BD34FCEDF47769B1D27AC7551FCA002F8 ] stexstor        C:\WINDOWS\system32\drivers\stexstor.sys
08:52:03.0294 0x06d0  stexstor - ok
08:52:03.0372 0x06d0  [ 63E9CE568CF1192771A5F0460DE7D2B9, C27B21FD2C14AD41A59EF62EB8AC95C08EB13CCB1CEECD8378B8CDD4DC352E69 ] stisvc          C:\WINDOWS\System32\wiaservc.dll
08:52:03.0435 0x06d0  stisvc - ok
08:52:03.0467 0x06d0  [ 0ED2E318ABB68C1A35A8B8038BDB4C90, 5C3ABC245F4BCFE64E646D9C0E2F5E211244956C84D03084C71FF6A7E0CDED30 ] storahci        C:\WINDOWS\system32\drivers\storahci.sys
08:52:03.0498 0x06d0  storahci - ok
08:52:03.0529 0x06d0  [ 8B9486B64E5FC17FB9CC04CA10B77A34, C1EAC9D27DC83E4C56B890D97988C3CCFAE3877309610601F2E3FFFE97686D43 ] storflt         C:\WINDOWS\system32\drivers\vmstorfl.sys
08:52:03.0576 0x06d0  storflt - ok
08:52:03.0592 0x06d0  [ 6B06E2D11E604BE2B1A406C4CB3B90DE, 2DDEA1568A85AD64FCE5D10D348304FCD9BE6E96C2313353EF70A2933306D188 ] stornvme        C:\WINDOWS\system32\drivers\stornvme.sys
08:52:03.0623 0x06d0  stornvme - ok
08:52:03.0654 0x06d0  [ A45F5AC9D8069D0EC66E3CA73103073B, 996788F1C58E016E8E5CF3FD1D220A3C40AFFD6C21361A34636415DB12E0D381 ] StorSvc         C:\WINDOWS\system32\storsvc.dll
08:52:03.0717 0x06d0  StorSvc - ok
08:52:03.0732 0x06d0  [ 548759755BC73DAD663250239D7E0B9F, D31A05A8CE800B539420B6E545F1F4BF6E4B02EAF8366DE89CAF13A83C6CA48D ] storvsc         C:\WINDOWS\system32\drivers\storvsc.sys
08:52:03.0748 0x06d0  storvsc - ok
08:52:03.0779 0x06d0  [ E395BE02F80A79A6CF973BA38DBB8135, 4C6F85B0EB8E7725BA720F9742561D229726C0D7C17505D1E79F19A5626F6325 ] svsvc           C:\WINDOWS\system32\svsvc.dll
08:52:03.0826 0x06d0  svsvc - ok
08:52:03.0857 0x06d0  [ 65454187E0F8B6C0DCECB0287D06EC43, 87550000CF5B3C1DF3E69633934AFE8554AE40B6638F190D3185AD63F1D7A2EE ] swenum          C:\WINDOWS\System32\drivers\swenum.sys
08:52:03.0888 0x06d0  swenum - ok
08:52:03.0967 0x06d0  [ 1C71D72D4997A284128FBEE770726330, 21682BDE74A1108FED1124FB1EA35A03CBFA94ABE1B89CC0FADB4DD82596C43E ] swprv           C:\WINDOWS\System32\swprv.dll
08:52:04.0045 0x06d0  swprv - ok
08:52:04.0138 0x06d0  [ 3114CB46C2853CA71525428CB0C7CB58, A9CC51506AABBC23BAB2B90E30AB13197A72268A3DE6D2F281C1C367ED7118AE ] SysMain         C:\WINDOWS\system32\sysmain.dll
08:52:04.0248 0x06d0  SysMain - ok
08:52:04.0295 0x06d0  [ 23BECB70654B192A7E378DEE3DBD8D42, 7596174AE7508B62C40A429645198F6A420D0CD5B62A10AB78516113584E7EDB ] SystemEventsBroker C:\WINDOWS\System32\SystemEventsBrokerServer.dll
08:52:04.0357 0x06d0  SystemEventsBroker - ok
08:52:04.0404 0x06d0  [ D6A71B95ACF71ACA63B67232059F1BCD, C5CEC032E7AB507500D1CC7A4E65DA6322412C798201A9D770CBDE892E50DFC8 ] TabletInputService C:\WINDOWS\System32\TabSvc.dll
08:52:04.0467 0x06d0  TabletInputService - ok
08:52:04.0529 0x06d0  [ 5A5BAB1CA9621E73E25EE4744B67CDA6, 479EBD7BAE1E2AD431153FDC016742F7A8D824716EAB1A4CA87EBBD21D61DECD ] TapiSrv         C:\WINDOWS\System32\tapisrv.dll
08:52:04.0607 0x06d0  TapiSrv - ok
08:52:04.0748 0x06d0  [ 468273F7089A3A33D149955F0F203FA4, 18FD0B73FBD63550E904EE76D4323EFE163BFF8C3DC6DE67F4BE6003C7DC6879 ] Tcpip           C:\WINDOWS\system32\drivers\tcpip.sys
08:52:04.0889 0x06d0  Tcpip - ok
08:52:04.0998 0x06d0  [ 468273F7089A3A33D149955F0F203FA4, 18FD0B73FBD63550E904EE76D4323EFE163BFF8C3DC6DE67F4BE6003C7DC6879 ] TCPIP6          C:\WINDOWS\system32\DRIVERS\tcpip.sys
08:52:05.0154 0x06d0  TCPIP6 - ok
08:52:05.0217 0x06d0  [ 41CF802064F72E55F50CA0A221FD36D4, 70ABCDF9E96611E8C83042C581575E26649FE479475E8E118CD3FF6CB1C84C3F ] tcpipreg        C:\WINDOWS\system32\drivers\tcpipreg.sys
08:52:05.0248 0x06d0  tcpipreg - ok
08:52:05.0295 0x06d0  [ FFF28F9F6823EB1756C60F1649560BBF, 208DFF8BF0329D0D4761C7E31527AEED7FF5F3C36C5005953D01477F35408D5C ] tdx             C:\WINDOWS\system32\DRIVERS\tdx.sys
08:52:05.0342 0x06d0  tdx - ok
08:52:05.0623 0x06d0  [ 4ACFC5853A3F0C6C2F54E537C23EE90F, 47D81F471A250696A1A0D19294FC553EB88D813612A8351C89F65D7BF99C8532 ] TeamViewer9     C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
08:52:05.0857 0x06d0  TeamViewer9 - ok
08:52:05.0889 0x06d0  [ 232D185D2337F141311D0CF1983E1431, 02EB56D3F26174AF1741C1A444CE30DE84D5BAF583C1A52C7A953BCC52445547 ] terminpt        C:\WINDOWS\System32\drivers\terminpt.sys
08:52:05.0904 0x06d0  terminpt - ok
08:52:05.0998 0x06d0  [ C50997E282576DA492EBA66B059D4196, EBD793CB396F9503376207FA60353F5672DEDB620C8E01C8D6AE0030B3B03339 ] TermService     C:\WINDOWS\System32\termsrv.dll
08:52:06.0092 0x06d0  TermService - ok
08:52:06.0123 0x06d0  [ 2180DBCE75B914E5E5BBFFFAAE97AA21, 8000AECC8855903DB50ABA7E304396D1FCEAE8DC9ADD4FC50275CF24B4D914DE ] Themes          C:\WINDOWS\system32\themeservice.dll
08:52:06.0170 0x06d0  Themes - ok
08:52:06.0217 0x06d0  [ 4C5179DB61B9E14BEC15CDC4B152B2E9, 9048BEC7AD6A3F4B640E99B1F0365AC9A46740B188758FBB2C160EF30AD6E64B ] THREADORDER     C:\WINDOWS\system32\mmcss.dll
08:52:06.0248 0x06d0  THREADORDER - ok
08:52:06.0295 0x06d0  [ B5ED9CC61798C7D44BD535D40B89EFB5, 1BDCEAA9AF2096381870D92129C748F4EE06A1167ABA9367B9DD43BAF27E3F5B ] TimeBroker      C:\WINDOWS\System32\TimeBrokerServer.dll
08:52:06.0342 0x06d0  TimeBroker - ok
08:52:06.0373 0x06d0  [ 82F909359600D3603FE852DB7F135626, 2EB2BB9D81AC9A2E432B2628E296B7B21F1C82EAE8009300EEF1B8596A9F418D ] TPM             C:\WINDOWS\system32\drivers\tpm.sys
08:52:06.0404 0x06d0  TPM - ok
08:52:06.0451 0x06d0  [ 884113C2BB703FE806C8608B75F34831, 24DE5750CA4363455412BABB0B1FAB08497153E8F158ED44958F100410F93506 ] TrkWks          C:\WINDOWS\System32\trkwks.dll
08:52:06.0498 0x06d0  TrkWks - ok
08:52:06.0545 0x06d0  [ 44A94FB4C76528D2382FFE04B05827C3, B0BCDF7CD1D65E61A9061D539D83527A89B69583958F8A26C6BF9766C1B61E0C ] TrustedInstaller C:\WINDOWS\servicing\TrustedInstaller.exe
08:52:06.0592 0x06d0  TrustedInstaller - ok
08:52:06.0607 0x06d0  [ BF8F54CA37E9C9D6582C31C5761F8C93, 337C566792F6FB9B7FD5D1D4384B767CFE4CF5DBB2E4688CCC36CBB018A0DD0F ] TsUsbFlt        C:\WINDOWS\system32\drivers\tsusbflt.sys
08:52:06.0654 0x06d0  TsUsbFlt - ok
08:52:06.0686 0x06d0  [ 20185BEB7512EDE4EFECDFA148AC9F99, 6F539478493C0F87F3DDF67A4A6D4D41E9474EEF21434E856350CE149A34EA9F ] TsUsbGD         C:\WINDOWS\System32\drivers\TsUsbGD.sys
08:52:06.0732 0x06d0  TsUsbGD - ok
08:52:06.0764 0x06d0  [ C8E0E78B5D284C2FF59BDFFDAF997242, BA1576C491A1246EF9866762426D110F4570F9DB42A68C174943C7D5020FE3E2 ] tunnel          C:\WINDOWS\system32\DRIVERS\tunnel.sys
08:52:06.0811 0x06d0  tunnel - ok
08:52:06.0858 0x06d0  [ F6EEAD052943B5A3104C1405BB856C54, FE422813E6C1012E9F392EFF2AE4C6D3A4DBD9CB2BD5E6A5CAB57D4E89A29468 ] uagp35          C:\WINDOWS\system32\drivers\uagp35.sys
08:52:06.0889 0x06d0  uagp35 - ok
08:52:06.0920 0x06d0  [ FE6067B1FD4E63650C667B33D080565B, 2C330ED00E49BA55E25564230E0DFB8A35F2B5320EB18D4AF7CAACFA9A449044 ] UASPStor        C:\WINDOWS\System32\drivers\uaspstor.sys
08:52:06.0951 0x06d0  UASPStor - ok
08:52:06.0982 0x06d0  [ 807F8CF3E973305FC435C61CBBEE2A49, 43CDEAC2BFC5091C11DFC0E7F7171AF9A598AE56CB056C3CF382AE7807F79EF0 ] UCX01000        C:\WINDOWS\System32\drivers\ucx01000.sys
08:52:07.0029 0x06d0  UCX01000 - ok
08:52:07.0076 0x06d0  [ C61EAF8E1E4B2F62BA4FDF457440B2C6, 961F76A789925234AC27F56AAE34556FA06088D71580B42C24B0BC209EAFD67E ] udfs            C:\WINDOWS\system32\DRIVERS\udfs.sys
08:52:07.0123 0x06d0  udfs - ok
08:52:07.0139 0x06d0  [ 9578691F297E1B1F519970FE6D47CB21, 080C352AAF22A16A4F3C4AB4DCEA5BFA656457C73F735CEBA30516FDACCF6301 ] UEFI            C:\WINDOWS\System32\drivers\UEFI.sys
08:52:07.0170 0x06d0  UEFI - ok
08:52:07.0201 0x06d0  [ A867F0F978EE64C87FADC3B100869EE4, 2686BE85F963D0D0BB275E92E5B543280D8742CF10772303E3189D0719B6A277 ] UI0Detect       C:\WINDOWS\system32\UI0Detect.exe
08:52:07.0248 0x06d0  UI0Detect - ok
08:52:07.0279 0x06d0  [ 5EAB5117DDB24FC4D39E6FFFCF1837B9, 2BC709240867F161E94BE6625A04F478EAAA3EEE7BC7C37ED0DFA9EEA5928E98 ] uliagpkx        C:\WINDOWS\system32\drivers\uliagpkx.sys
08:52:07.0311 0x06d0  uliagpkx - ok
08:52:07.0326 0x06d0  [ DA34C39A18E60E7C3FA0630566408034, 2F162504214053894C72760D9933D01DBF3578609FE5E2376C3272818599FE32 ] umbus           C:\WINDOWS\System32\drivers\umbus.sys
08:52:07.0373 0x06d0  umbus - ok
08:52:07.0389 0x06d0  [ AE8294875E5446E359B1E8035D40C05E, AE0357BAB47C07C3576BC76951CD258C009BC5A1B93259D2122A841BD9CDA8FA ] UmPass          C:\WINDOWS\System32\drivers\umpass.sys
08:52:07.0436 0x06d0  UmPass - ok
08:52:07.0483 0x06d0  [ A023F267A262D5DA6CE1436D9C5E8FD9, 92AD7AF91184C244A7E392F49663143193A80D5D81114546A00F18227DE31D23 ] UmRdpService    C:\WINDOWS\System32\umrdp.dll
08:52:07.0545 0x06d0  UmRdpService - ok
08:52:07.0655 0x06d0  [ 6EE394F8BFDC59D51E1C347246867004, DDD2A7CF321A4EF0BA2F87EDA61E477CBC8A63D99D52CDBFA71CA28140DA780D ] UNS             C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
08:52:07.0686 0x06d0  UNS - ok
08:52:07.0701 0x06d0  UpdateCheck - ok
08:52:07.0764 0x06d0  [ C98493DD8E6A50154FAC75C15E1C36BB, CECD1C826C8F7AF05468871BF6A0ACDBB6B0202F4F87F48C6D367E5BD699E800 ] upnphost        C:\WINDOWS\System32\upnphost.dll
08:52:07.0826 0x06d0  upnphost - ok
08:52:07.0858 0x06d0  [ 5C3BE22E485B9BF11FCEFDC676C728D0, F55061066ECF6920D56518A677BB538C18B7F1BB150ED6DB3591408F44E8D53A ] USBAAPL64       C:\WINDOWS\System32\Drivers\usbaapl64.sys
08:52:07.0889 0x06d0  USBAAPL64 - ok
08:52:07.0936 0x06d0  [ DF355EB0199198728027962DCFCDE5FB, 9E158BD07389B4CFF99674716647FA3AABEECBD1A98EDF20E544E099A99A8768 ] usbaudio        C:\WINDOWS\system32\drivers\usbaudio.sys
08:52:07.0998 0x06d0  usbaudio - ok
08:52:08.0014 0x06d0  [ FF78D053A05E5A394F4E3C1816CC65A8, 5DAE02414271231F5FDBB751AFEB99874779B467947020815D4AE54432D4269D ] usbccgp         C:\WINDOWS\System32\drivers\usbccgp.sys
08:52:08.0061 0x06d0  usbccgp - ok
08:52:08.0092 0x06d0  [ 0139248F6B95CF0D837B5B46A2722D40, 38E3E704E0364F07732DB418AEBD126B040FB3CDB7D78EA36E8605D50D528A80 ] usbcir          C:\WINDOWS\System32\drivers\usbcir.sys
08:52:08.0123 0x06d0  usbcir - ok
08:52:08.0139 0x06d0  [ 48BA326A3DBA5B5BEB5F2777F4618696, B9EC8155F11A3A7644BD9DC8910681B46AE44AE3BF53F052DF50E9C5555E3229 ] usbehci         C:\WINDOWS\System32\drivers\usbehci.sys
08:52:08.0186 0x06d0  usbehci - ok
08:52:08.0217 0x06d0  [ FEF0BC107812B36849741C3211BA6B60, B3EF738BE1E6B6027F29C9713CD3F367EA067D2BE46580AFBC0FB58046EF6BBD ] usbhub          C:\WINDOWS\System32\drivers\usbhub.sys
08:52:08.0280 0x06d0  usbhub - ok
08:52:08.0311 0x06d0  [ 95B0179BDA907252025DEEA183699FB3, A6BDFB93EE9418A83407024204A41640A08638C60E2BE75C249D102601DC1D80 ] USBHUB3         C:\WINDOWS\System32\drivers\UsbHub3.sys
08:52:08.0373 0x06d0  USBHUB3 - ok
08:52:08.0389 0x06d0  [ 3019097FB6C985EF24C058090FF3BDBD, 24AC518D34E338D94BF3D5B3F72E53F8A1369BAA7F32FEA3EDBCF928C4FF1D17 ] usbohci         C:\WINDOWS\System32\drivers\usbohci.sys
08:52:08.0436 0x06d0  usbohci - ok
08:52:08.0451 0x06d0  [ 4D655E3B684BE9B0F7FFD8A2935C348C, 3A7FC1748C5AEA8CFE0E7C22ADC77E3DCA475455FC16D9C6A5C16EB5E949A516 ] usbprint        C:\WINDOWS\System32\drivers\usbprint.sys
08:52:08.0498 0x06d0  usbprint - ok
08:52:08.0530 0x06d0  [ 66732C13628BDB1AB0D6FD46027327C2, B582C0F348D8F79419CA5A58F10CA151E06D7CA3BE162344CADA46D9D7FED97C ] USBSTOR         C:\WINDOWS\System32\drivers\USBSTOR.SYS
08:52:08.0576 0x06d0  USBSTOR - ok
08:52:08.0592 0x06d0  [ 064260B3A5868AC894A4943543BC7AB7, D3534E98B34C4AC9A430D7E0AB301A0E5E1511E3117C2FEA392636B0DE2C38E2 ] usbuhci         C:\WINDOWS\System32\drivers\usbuhci.sys
08:52:08.0639 0x06d0  usbuhci - ok
08:52:08.0686 0x06d0  [ 1A20F03700D2B2ED775E38D751EF2F63, 76F8BE9F412D4397437E60A7E6231C80EA9B4F5436C9A8FAB967C78604994AE9 ] USBXHCI         C:\WINDOWS\System32\drivers\USBXHCI.SYS
08:52:08.0733 0x06d0  USBXHCI - ok
08:52:08.0748 0x06d0  [ 382100E75B6F4668AEAEF228C6CEFFAD, 9C7229F10F11D18E1FED6395391A46225A84B421034B9AB6F81AF7430FDC556F ] VaultSvc        C:\WINDOWS\system32\lsass.exe
08:52:08.0795 0x06d0  VaultSvc - ok
08:52:08.0811 0x06d0  [ FEB26E3B8345A7E8D62F945C4AE86562, 3AAFE87C402FC8E92542DFE60EC9540559863065F88D429A16D7B1BF829223FF ] vdrvroot        C:\WINDOWS\system32\drivers\vdrvroot.sys
08:52:08.0842 0x06d0  vdrvroot - ok
08:52:08.0936 0x06d0  [ 8A4D808D1EC7C1C47B2C8BF488A9A07A, 63C07312ADB6F8A8BDE93361C30AC63DAB4DE1141AF54630EEF11E54B0BF983D ] vds             C:\WINDOWS\System32\vds.exe
08:52:09.0045 0x06d0  vds - ok
08:52:09.0076 0x06d0  [ A026EDEAA5EECAE0B08E2748B616D4BD, 2525A54DC7F49DDFBB999C22BF3FAB6D9E9F70C0806E58D81E90AC59F9F46089 ] VerifierExt     C:\WINDOWS\system32\drivers\VerifierExt.sys
08:52:09.0123 0x06d0  VerifierExt - ok
08:52:09.0186 0x06d0  [ C06E8481E068F170A258441639AC5792, 2F550530BACB511A195D5047F003B01CB6E04FA9A0DCCF638CB3D51FF5467DC7 ] vhdmp           C:\WINDOWS\System32\drivers\vhdmp.sys
08:52:09.0248 0x06d0  vhdmp - ok
08:52:09.0280 0x06d0  [ 06D38968028E9AB19DE9B618C7B6D199, 62022297A47F440D1C82CA0B0E57C0C8E9D5033D83DD3B40492B218DF65EBF68 ] viaide          C:\WINDOWS\system32\drivers\viaide.sys
08:52:09.0311 0x06d0  viaide - ok
08:52:09.0342 0x06d0  [ 511AD3FF957A0127E6BD336FF6F89C38, 55325BFD0857A1204F7F6F8ED8C91C07B0E20A50402105708E7365ECD9E25A21 ] vmbus           C:\WINDOWS\system32\drivers\vmbus.sys
08:52:09.0373 0x06d0  vmbus - ok
08:52:09.0405 0x06d0  [ DA40BEA0A863CE768C940CA9723BF81F, 567C0C3F422325635808B0CF76E05D3B6187F96845C33F85F92F98C9FE53A5B8 ] VMBusHID        C:\WINDOWS\System32\drivers\VMBusHID.sys
08:52:09.0436 0x06d0  VMBusHID - ok
08:52:09.0514 0x06d0  [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmicguestinterface C:\WINDOWS\System32\ICSvc.dll
08:52:09.0592 0x06d0  vmicguestinterface - ok
08:52:09.0608 0x06d0  [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmicheartbeat   C:\WINDOWS\System32\ICSvc.dll
08:52:09.0670 0x06d0  vmicheartbeat - ok
08:52:09.0717 0x06d0  [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmickvpexchange C:\WINDOWS\System32\ICSvc.dll
08:52:09.0780 0x06d0  vmickvpexchange - ok
08:52:09.0811 0x06d0  [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmicrdv         C:\WINDOWS\System32\ICSvc.dll
08:52:09.0874 0x06d0  vmicrdv - ok
08:52:09.0889 0x06d0  [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmicshutdown    C:\WINDOWS\System32\ICSvc.dll
08:52:09.0952 0x06d0  vmicshutdown - ok
08:52:09.0983 0x06d0  [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmictimesync    C:\WINDOWS\System32\ICSvc.dll
08:52:10.0030 0x06d0  vmictimesync - ok
08:52:10.0061 0x06d0  [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmicvss         C:\WINDOWS\System32\ICSvc.dll
08:52:10.0124 0x06d0  vmicvss - ok
08:52:10.0155 0x06d0  [ 55D7D963DE85162F1C49721E502F9744, 5AD34D6DB707EF3E5242BD8CA67B21D6258EE7E7FC477D5227BD15500AE7F45F ] volmgr          C:\WINDOWS\system32\drivers\volmgr.sys
08:52:10.0186 0x06d0  volmgr - ok
08:52:10.0217 0x06d0  [ CCB9E901F7254BF96D28EB1B0E5329B7, F0E3CA4EFA544CDAEF4092284CF3EC7DF07F806A770285E281816457AD8813F5 ] volmgrx         C:\WINDOWS\system32\drivers\volmgrx.sys
08:52:10.0264 0x06d0  volmgrx - ok
08:52:10.0295 0x06d0  [ 64CA2B4A49A8EAF495E435623ECCE7DB, 81151F295A54DE2B8B88C7F48C86BF58CDFF96F98493509C06D6F41484594386 ] volsnap         C:\WINDOWS\system32\drivers\volsnap.sys
08:52:10.0342 0x06d0  volsnap - ok
08:52:10.0374 0x06d0  [ EF31713EE4C7CCFE4049F7E7F15645A2, 35D198D3F1061E19A7EF89FA1E75377049CD6BCA9702F8076B9F95BB8737E0D4 ] vpci            C:\WINDOWS\System32\drivers\vpci.sys
08:52:10.0405 0x06d0  vpci - ok
08:52:10.0420 0x06d0  [ 4539F45F9F4C9757A86A56C949421E07, DEC362314B2C66414F39354AFE79C02B18BF4EEF90787FB58307F6EB62237E2C ] vsmraid         C:\WINDOWS\system32\drivers\vsmraid.sys
08:52:10.0467 0x06d0  vsmraid - ok
08:52:10.0545 0x06d0  [ 94FAFD473CDD80CE19A21FB9503D7ED1, 953E5E8C753C0017E1258695A76F60CC05D283F7476B9D9C5C8AC78B8E3FCE18 ] VSS             C:\WINDOWS\system32\vssvc.exe
08:52:10.0655 0x06d0  VSS - ok
08:52:10.0702 0x06d0  [ 0849B7260F26FE05EA56DED0672E2F4B, 7EAC0E7988F45CB4133A15932955B7B03CE715C967A3BAC9999D81543EBCAEC5 ] VSTXRAID        C:\WINDOWS\system32\drivers\vstxraid.sys
08:52:10.0749 0x06d0  VSTXRAID - ok
08:52:10.0811 0x06d0  [ BE970C369E43B509C1EDA2B8FA7CECB0, 18951F2AA842A0795AA79A4E164EE925A35E6270EBE4C4CDB19D0A891830E383 ] vwifibus        C:\WINDOWS\System32\drivers\vwifibus.sys
08:52:10.0858 0x06d0  vwifibus - ok
08:52:10.0889 0x06d0  [ 35BF5C5F5E3C9902C98978C7640574DA, C61E50B04000DCEC72365723F0C0725C2E005529DAF2777A59E624C14DA29E55 ] vwififlt        C:\WINDOWS\system32\DRIVERS\vwififlt.sys
08:52:10.0920 0x06d0  vwififlt - ok
08:52:10.0952 0x06d0  [ 65ED7B9CFEA893DF7748D5FF692690DE, 73AB9D8BB928B3247BDFC7BB47AD7FCA763B375DC250C251DB4E0573531040E8 ] vwifimp         C:\WINDOWS\system32\DRIVERS\vwifimp.sys
08:52:10.0983 0x06d0  vwifimp - ok
08:52:11.0046 0x06d0  [ DC821E811EFBB65CDD77FBB8B6ECA385, B7C8AACDF81DBA298F2F384983D36B269876C31F0398D89BF9070217A069B96F ] W32Time         C:\WINDOWS\system32\w32time.dll
08:52:11.0092 0x06d0  W32Time - ok
08:52:11.0124 0x06d0  [ 0910AB9ED404C1434E2D0376C2AD5D8B, 62585CA5F1375BDA440D28D5DF1ADDC9DE3DDFA196D49BBFF3456A5A09EE1C6B ] WacomPen        C:\WINDOWS\System32\drivers\wacompen.sys
08:52:11.0155 0x06d0  WacomPen - ok
08:52:11.0264 0x06d0  [ A81988DCC4FA440AA88B84CA452F5E22, 3573AAA09971E8ADB6FEFA778E02B2D8EE5E4249267CF37A524D9F019CC836FB ] wbengine        C:\WINDOWS\system32\wbengine.exe
08:52:11.0374 0x06d0  wbengine - ok
08:52:11.0421 0x06d0  [ 0F1DFA2FED73FA78B8C3CDE332A870F6, 1089F6F585F5350D349A640EBD3117832DF6B3657EB6667CB00AE217E04ACA17 ] WbioSrvc        C:\WINDOWS\System32\wbiosrvc.dll
08:52:11.0483 0x06d0  WbioSrvc - ok
08:52:11.0514 0x06d0  [ 0EAEC313B24837613621B4A2536ED382, 61C194ED7FA7D65BBE61A546D5FCA52F52AB08324E084D3EC23C9706E9BF0175 ] Wcmsvc          C:\WINDOWS\System32\wcmsvc.dll
08:52:11.0577 0x06d0  Wcmsvc - ok
08:52:11.0639 0x06d0  [ F6B4C2280FF7C7156AC8A4687B9DA35E, 1899D584D7469BB49355D84080051E2575B033E6312009D9C6C1DD3F7F9AA4C5 ] wcncsvc         C:\WINDOWS\System32\wcncsvc.dll
08:52:11.0686 0x06d0  wcncsvc - ok
08:52:11.0733 0x06d0  [ B7BF1D783F5B2484E8CE1C0C78257F16, 468601199FCCF63DBAE86EE6B8825EA85B2A1EE177413353FFA2CC9CA5249FCD ] WcsPlugInService C:\WINDOWS\System32\WcsPlugInService.dll
08:52:11.0780 0x06d0  WcsPlugInService - ok
08:52:11.0811 0x06d0  [ 1751F6B031ADAC34724511057D2E455D, BCBC77DE02718868302F7469E8FBB8F2E7E0F8A5D3E46A5B4D48713E829FBAF6 ] WdBoot          C:\WINDOWS\system32\drivers\WdBoot.sys
08:52:11.0842 0x06d0  WdBoot - ok
08:52:11.0905 0x06d0  [ CB6C63FF8342B467E2EF76E98D5B934D, BE017CE91E3BAB293DE6ECF143797CCE3F33CC63024437472B4E38C6961AD884 ] Wdf01000        C:\WINDOWS\system32\drivers\Wdf01000.sys
08:52:11.0967 0x06d0  Wdf01000 - ok
08:52:11.0983 0x06d0  [ D296D0F0DB2CD1504F90405603664493, 9531034AE2E027B5C7366713AA9003085501800B35F971D1CE7FFB8E5DAE3825 ] WdFilter        C:\WINDOWS\system32\drivers\WdFilter.sys
08:52:12.0030 0x06d0  WdFilter - ok
08:52:12.0077 0x06d0  [ F581F9C9D6953FABFA24E67105F0B614, 5A7BB72523D1C53BBE68700537D7AE0D150BC7E4B8227A916B2E29EE4CA267A9 ] WdiServiceHost  C:\WINDOWS\system32\wdi.dll
08:52:12.0124 0x06d0  WdiServiceHost - ok
08:52:12.0139 0x06d0  [ F581F9C9D6953FABFA24E67105F0B614, 5A7BB72523D1C53BBE68700537D7AE0D150BC7E4B8227A916B2E29EE4CA267A9 ] WdiSystemHost   C:\WINDOWS\system32\wdi.dll
08:52:12.0186 0x06d0  WdiSystemHost - ok
08:52:12.0202 0x06d0  [ 9F4DF0043965808973023A9B51A11136, 3A799125CBC5C214D9FBB91C348B39563B1FDB7403B520270752E9A177464723 ] WdNisDrv        C:\WINDOWS\system32\Drivers\WdNisDrv.sys
08:52:12.0249 0x06d0  WdNisDrv - ok
08:52:12.0280 0x06d0  WdNisSvc - ok
08:52:12.0327 0x06d0  [ 185E4111627F7AA6799E1366B5E91D65, 7A02C816DFBCCF47EDB49E5E2005A3D0B80719FAC94F9298D2DBAC63950EDA05 ] WebClient       C:\WINDOWS\System32\webclnt.dll
08:52:12.0389 0x06d0  WebClient - ok
08:52:12.0421 0x06d0  [ 384E1D04FE20845B2559D292F17A9FA1, AD3B0B2B2219691AC30FEEC8AFDB3BBB74B51BB7D02038AE2B4DEA514E245315 ] Wecsvc          C:\WINDOWS\system32\wecsvc.dll
08:52:12.0483 0x06d0  Wecsvc - ok
08:52:12.0702 0x06d0  [ D2C6F47316CE3882DE447D2B9801BC15, 1FB35A7924DEA8D44F5ED5458BC063B875D8DD501469A8AD786D48F3A3701781 ] Wefhiuli        C:\ProgramData\boostwebapp\1.1.0.31\Wefhiuli.exe
08:52:12.0702 0x06d0  Suspicious file ( Hidden ): C:\ProgramData\boostwebapp\1.1.0.31\Wefhiuli.exe. md5: D2C6F47316CE3882DE447D2B9801BC15, sha256: 1FB35A7924DEA8D44F5ED5458BC063B875D8DD501469A8AD786D48F3A3701781
08:52:12.0702 0x06d0  Wefhiuli - detected HiddenFile.Multi.Generic ( 1 )
08:52:12.0702 0x06d0  Wefhiuli ( HiddenFile.Multi.Generic ) - warning
08:52:12.0702 0x06d0  Force sending object to P2P due to detect: Wefhiuli
08:52:12.0733 0x06d0  Object send P2P result: false
08:52:12.0780 0x06d0  [ 455014F4E48B67EBE0F032E2B0E06BF2, A36435784A034B27056A0E606683A20C69F1B0AB2B6BAEDEAEAA190F6287CAEF ] WEPHOSTSVC      C:\WINDOWS\system32\wephostsvc.dll
08:52:12.0811 0x06d0  WEPHOSTSVC - ok
08:52:12.0874 0x06d0  [ F13DBA57CEA9B7074B95EDCA6AD2635E, 1D9BA4841EF1343A5D9096B5FE27FC65DC1901D6683DD13516171638549666B5 ] wercplsupport   C:\WINDOWS\System32\wercplsupport.dll
08:52:12.0905 0x06d0  wercplsupport - ok
08:52:12.0952 0x06d0  [ FD7E58B6AA3EABF2D12B9762A20E11E4, 4C5E2E246C5C70074866BB3DBC2AAF483ECE4345004CCB8D1FE285047268685D ] WerSvc          C:\WINDOWS\System32\WerSvc.dll
08:52:12.0999 0x06d0  WerSvc - ok
08:52:13.0030 0x06d0  [ BAB713B409258DB7B5D9F9693F802B0E, C0D0391EC4FDC07E0A07F4EEB2DC9CC5B2BE5D2E292E7D01929E8D39D6F73EA5 ] WFPLWFS         C:\WINDOWS\system32\DRIVERS\wfplwfs.sys
08:52:13.0077 0x06d0  WFPLWFS - ok
08:52:13.0124 0x06d0  [ 8C840E1FD7584E74BD0CC1EA581EC187, 148E534A94B4882E7396B13FABE17407802292E7890713540080D03D5629C81D ] WiaRpc          C:\WINDOWS\System32\wiarpc.dll
08:52:13.0171 0x06d0  WiaRpc - ok
08:52:13.0218 0x06d0  [ 5F66B7BB330AA80067FC66149A692620, 92C5D7115A168A23108B65EEEB5FBA8FA43D781855355792596D2419160263C2 ] WIMMount        C:\WINDOWS\system32\drivers\wimmount.sys
08:52:13.0249 0x06d0  WIMMount - ok
08:52:13.0249 0x06d0  WinDefend - ok
08:52:13.0311 0x06d0  [ 10DAD6A7FC617A221313BD584E3C3A00, F139B878668ECF38FE59831E8595A207D5CEEE76C6FFDA8C9F735435E601A763 ] WinHttpAutoProxySvc C:\WINDOWS\system32\winhttp.dll
08:52:13.0390 0x06d0  WinHttpAutoProxySvc - ok
08:52:13.0468 0x06d0  [ FC8BD690321216C32BB58B035B6D5674, D61698DB19D9DB2593B60B6BA13F7B7735667206F41D751D507135469D6D3CDD ] Winmgmt         C:\WINDOWS\system32\wbem\WMIsvc.dll
08:52:13.0530 0x06d0  Winmgmt - ok
08:52:13.0655 0x06d0  [ 75436315AA383CF527695C6D49D0CA59, E3D55F2ACBD45D4D031FA6CA799394459C89BE50FF6ADE4FE36F2CAB2D2E63D0 ] WinRM           C:\WINDOWS\system32\WsmSvc.dll
08:52:13.0827 0x06d0  WinRM - ok
08:52:13.0874 0x06d0  [ AC263C2F66405589528995AA41040599, 81B46E551D6130A2C3D113EC3B563CEDB5A06BB340986C0E03136CE5BE729481 ] WinUsb          C:\WINDOWS\System32\drivers\WinUsb.sys
08:52:13.0921 0x06d0  WinUsb - ok
08:52:14.0015 0x06d0  [ DC079BA8390089E4EBCA63D27EEA3ECB, 4D549217A68292E2B16C09FD9F84317011EE54A2DAF4E2AB85554267DF0D3249 ] WlanSvc         C:\WINDOWS\System32\wlansvc.dll
08:52:14.0155 0x06d0  WlanSvc - ok
08:52:14.0249 0x06d0  [ 06BF5897949A8F24893F792E876B71F5, 9D3719492A86BF52A56E2EA798FD6FDB5862A03F6D360FCC4B0CEA9BE9792AE4 ] wlidsvc         C:\WINDOWS\system32\wlidsvc.dll
08:52:14.0374 0x06d0  wlidsvc - ok
08:52:14.0405 0x06d0  [ 2834D9D3B4F554A39C72F00EA3F0E128, D10124343C67FE9A0B711AD569BB8080495FCEA0ECEF9AC3F3FBD6865F436A44 ] WmiAcpi         C:\WINDOWS\System32\drivers\wmiacpi.sys
08:52:14.0436 0x06d0  WmiAcpi - ok
08:52:14.0483 0x06d0  [ B96F7A1236C3F21212DE2C40A3DDB005, 5A29EBB6DA036E303611EB1304192655021405BB05452FD37886DDE604FF0D9D ] wmiApSrv        C:\WINDOWS\system32\wbem\WmiApSrv.exe
08:52:14.0530 0x06d0  wmiApSrv - ok
08:52:14.0561 0x06d0  WMPNetworkSvc - ok
08:52:14.0577 0x06d0  [ 7FC5667DF73D4B04AA457CC3A4180E09, CB7B014945DCA16B6D120DBE0E5876C4C867A4ACD3C3536AEADC14B908613D4E ] Wof             C:\WINDOWS\system32\drivers\Wof.sys
08:52:14.0624 0x06d0  Wof - ok
08:52:14.0718 0x06d0  [ 588040D595BBF0856CA1ADD941A8ED17, CBC92BB5453FE1BEA6F33239B7CE884F312559591383408EA5F95A006156C5D3 ] workfolderssvc  C:\WINDOWS\system32\workfolderssvc.dll
08:52:14.0827 0x06d0  workfolderssvc - ok
08:52:14.0874 0x06d0  [ A2468CC3509394A33C4C32F99563D845, 62690C7D41F382DF74B8F4B942647842858E37DE35FF2DE028192E4D09ABB2C5 ] wpcfltr         C:\WINDOWS\system32\DRIVERS\wpcfltr.sys
08:52:14.0905 0x06d0  wpcfltr - ok
08:52:14.0952 0x06d0  [ 19F4DF69876DA7E9C4965351560FE6B7, 127247A7964F55EE3AF842D25120F5ACD387632BEE2BF3D28FAC05840CEA19BA ] WPCSvc          C:\WINDOWS\System32\wpcsvc.dll
08:52:14.0983 0x06d0  WPCSvc - ok
08:52:15.0030 0x06d0  [ 2ADE11F3D84709C5F6781E4C59F11683, F003C43396CF8FCF44EAB87583650DB4D2A233322D28D6A78D1694945D9073BB ] WPDBusEnum      C:\WINDOWS\system32\wpdbusenum.dll
08:52:15.0077 0x06d0  WPDBusEnum - ok
08:52:15.0108 0x06d0  [ 9F2904B55F6CECCD1A8D986B5CE2609A, E19ED4DD3CEF3A22C058FC324824604FB3FC98A029C94E6C2A3389F938D680B6 ] WpdUpFltr       C:\WINDOWS\system32\drivers\WpdUpFltr.sys
08:52:15.0140 0x06d0  WpdUpFltr - ok
08:52:15.0155 0x06d0  Wpm - ok
08:52:15.0171 0x06d0  [ AE072B0339D0A18E455DC21666CAD572, AB1DAEA25E2C7AD610818D4B4783F6D4190D85EBB3963BBAD410E8CEA7899EDB ] ws2ifsl         C:\WINDOWS\system32\drivers\ws2ifsl.sys
08:52:15.0218 0x06d0  ws2ifsl - ok
08:52:15.0265 0x06d0  [ 5596C0960ED6ED7494BF2A55DE428684, C95CF09A657F37F421CC80E16F2F95B8EC59A8D5D48F104551155EAC8E53DCB2 ] wscsvc          C:\WINDOWS\System32\wscsvc.dll
08:52:15.0311 0x06d0  wscsvc - ok
08:52:15.0327 0x06d0  [ F586F3F1BF962FE9AE4316E0D896B22F, 8D0AD48D79294567123D943D0F5B6D5A32D7A82B129A24DC821D3095AFAA100B ] WSDPrintDevice  C:\WINDOWS\System32\drivers\WSDPrint.sys
08:52:15.0374 0x06d0  WSDPrintDevice - ok
08:52:15.0405 0x06d0  [ 58035FD3369879E02D65989C44D27450, B9245DB5C17F7CE94FAA20AB4B0D06A4DFB6133C6E82343758CDC713EB64DFEF ] WSDScan         C:\WINDOWS\System32\drivers\WSDScan.sys
08:52:15.0452 0x06d0  WSDScan - ok
08:52:15.0468 0x06d0  WSearch - ok
08:52:15.0671 0x06d0  [ 6B2D71124C1EA86B74412F414C42431D, 078CC6C9667EF6BDA3E6900BC26A5A5B030CAA66928A6BBB7B7DC43C5C199EDC ] WSService       C:\WINDOWS\System32\WSService.dll
08:52:15.0968 0x06d0  WSService - ok
08:52:15.0999 0x06d0  [ 72B4E9DF6456C43C42A1419B09486045, 536BA7377B5BEA7EA46864453933111DB88DB8FB689C68915ACD7261A996E61D ] wsvd            C:\WINDOWS\system32\DRIVERS\wsvd.sys
08:52:16.0030 0x06d0  wsvd - ok
08:52:16.0234 0x06d0  [ 5F3D70B19BCAC985DA90F22CA2FF45E4, BBD82BAEF0DCA2C6361F8D1ADF5BED36D0F1AB1A2AEADB0E4526B917F40C2E52 ] wuauserv        C:\WINDOWS\system32\wuaueng.dll
08:52:16.0421 0x06d0  wuauserv - ok
08:52:16.0468 0x06d0  [ 481286719402E4BAEFEA0604AB1B5113, F3CF65DF2AB39F79AE4C1335831408418E40726706E0242677E8B96B0FAD988F ] WudfPf          C:\WINDOWS\system32\drivers\WudfPf.sys
08:52:16.0499 0x06d0  WudfPf - ok
08:52:16.0546 0x06d0  [ D7B4859227B02BCC1055B279A63C937F, 82C99844CC596C2723523B1B98573488FF23337947B78AA04BA21E58394BB751 ] WUDFRd          C:\WINDOWS\System32\drivers\WUDFRd.sys
08:52:16.0593 0x06d0  WUDFRd - ok
08:52:16.0609 0x06d0  [ D7B4859227B02BCC1055B279A63C937F, 82C99844CC596C2723523B1B98573488FF23337947B78AA04BA21E58394BB751 ] WUDFSensorLP    C:\WINDOWS\System32\drivers\WUDFRd.sys
08:52:16.0640 0x06d0  WUDFSensorLP - ok
08:52:16.0687 0x06d0  [ 51D28F7F1F888DDCF2C67DCF3B79A5D3, 74FF2936AFCEB9A36175D5B00EB91A5AD614B52BE3FB3FA9B994A025A484D2B7 ] wudfsvc         C:\WINDOWS\System32\WUDFSvc.dll
08:52:16.0734 0x06d0  wudfsvc - ok
08:52:16.0749 0x06d0  [ D7B4859227B02BCC1055B279A63C937F, 82C99844CC596C2723523B1B98573488FF23337947B78AA04BA21E58394BB751 ] WUDFWpdFs       C:\WINDOWS\System32\drivers\WUDFRd.sys
08:52:16.0796 0x06d0  WUDFWpdFs - ok
08:52:16.0812 0x06d0  [ D7B4859227B02BCC1055B279A63C937F, 82C99844CC596C2723523B1B98573488FF23337947B78AA04BA21E58394BB751 ] WUDFWpdMtp      C:\WINDOWS\System32\drivers\WUDFRd.sys
08:52:16.0859 0x06d0  WUDFWpdMtp - ok
08:52:16.0906 0x06d0  [ A0900F8F628B5AF6841414EB3CF11E50, 8A531F2472FF4B4D895D469D28C215C834ECADBEF539894B8F3F606079A86184 ] WwanSvc         C:\WINDOWS\System32\wwansvc.dll
08:52:16.0968 0x06d0  WwanSvc - ok
08:52:17.0187 0x06d0  [ 17E44886E695DBC78AC33854BD5EA6D2, BC764274363B8042326042DC0872ED30BDD76C7516FD0BFEB7280FB76B66DED4 ] ZeroConfigService C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
08:52:17.0406 0x06d0  ZeroConfigService - ok
08:52:17.0452 0x06d0  [ CB153F62C674818699F3691F0E24D272, 31C976C1D1DEDE197CBCECBAB5F8DCEB1862FF3F9625627A2737A09AAFD95C80 ] {2635ac50-5488-40bf-9bfd-accb158f8f3f}w64 C:\WINDOWS\system32\drivers\{2635ac50-5488-40bf-9bfd-accb158f8f3f}w64.sys
08:52:17.0468 0x06d0  {2635ac50-5488-40bf-9bfd-accb158f8f3f}w64 - ok
08:52:17.0484 0x06d0  [ 75F93B35CCC1BADA0B7D26DD6490EAF8, 6BAF648F7317260C3BED5C854AF806EC666C22566FF302454A660C5D691A8ED0 ] {55dce8ba-9dec-4013-937e-adbf9317d990}Gw64 C:\WINDOWS\system32\drivers\{55dce8ba-9dec-4013-937e-adbf9317d990}Gw64.sys
08:52:17.0515 0x06d0  {55dce8ba-9dec-4013-937e-adbf9317d990}Gw64 - ok
08:52:17.0562 0x06d0  [ 48CBBAE1594B514DF22BC24E057F7676, 2CC6331C733FF46F0C04DD89D2C048606053F3ADAE286EC4420C019E14EBAD24 ] {55dce8ba-9dec-4013-937e-adbf9317d990}w64 C:\WINDOWS\system32\drivers\{55dce8ba-9dec-4013-937e-adbf9317d990}w64.sys
08:52:17.0593 0x06d0  {55dce8ba-9dec-4013-937e-adbf9317d990}w64 - ok
08:52:17.0609 0x06d0  ================ Scan global ===============================
08:52:17.0671 0x06d0  [ 243F54DBA6EB48A369CA465E263ABA4A, 9D9F9DE783D000F3EA130EB68FD71319F21E4F1CD4232FB8B2F8A9A67E08F5F4 ] C:\WINDOWS\system32\basesrv.dll
08:52:17.0749 0x06d0  [ EAB311B0A7A8EA0346F14F08D4BC8F46, 11168E4074679F8A69DA714C0ABD0C68BA49D171B379343F14783C9C563202CA ] C:\WINDOWS\system32\winsrv.dll
08:52:17.0781 0x06d0  [ 3600ED7EA8AED849E20700551C0BD63B, 4A8C346C1646E80B58EF93F87F915A41E05CA2E993BB1C96955AE62A0669AF66 ] C:\WINDOWS\system32\sxssrv.dll
08:52:17.0827 0x06d0  [ E0C7813A97CA7947FF5C18A8F3B61A45, 083BB4F3B20419C87DB656F1465E5F782ACDE76838CDE6207F26AAD035C69DE0 ] C:\WINDOWS\system32\services.exe
08:52:17.0843 0x06d0  [ Global ] - ok
08:52:17.0843 0x06d0  ================ Scan MBR ==================================
08:52:17.0859 0x06d0  [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk0\DR0
08:52:17.0952 0x06d0  \Device\Harddisk0\DR0 - ok
08:52:17.0952 0x06d0  ================ Scan VBR ==================================
08:52:17.0984 0x06d0  [ 6C414DE19427483EA02524B0372FEA78 ] \Device\Harddisk0\DR0\Partition1
08:52:18.0046 0x06d0  \Device\Harddisk0\DR0\Partition1 - ok
08:52:18.0062 0x06d0  [ 00D414620057385CAACCC5E601AABB29 ] \Device\Harddisk0\DR0\Partition2
08:52:18.0124 0x06d0  \Device\Harddisk0\DR0\Partition2 - ok
08:52:18.0124 0x06d0  [ 385F0A9732C20B1076C26A7F1571B4F1 ] \Device\Harddisk0\DR0\Partition3
08:52:18.0187 0x06d0  \Device\Harddisk0\DR0\Partition3 - ok
08:52:18.0203 0x06d0  [ D30099DECA1F763E013607D54A610BCE ] \Device\Harddisk0\DR0\Partition4
08:52:18.0203 0x06d0  \Device\Harddisk0\DR0\Partition4 - ok
08:52:18.0218 0x06d0  [ 3BF254FFFE027A3D89EF7D2FAD2D5641 ] \Device\Harddisk0\DR0\Partition5
08:52:18.0281 0x06d0  \Device\Harddisk0\DR0\Partition5 - ok
08:52:18.0312 0x06d0  [ EA97F6453983162CCF34F364618E7C74 ] \Device\Harddisk0\DR0\Partition6
08:52:18.0328 0x06d0  \Device\Harddisk0\DR0\Partition6 - ok
08:52:18.0343 0x06d0  [ CC12911543E35D0561318083F23BE41E ] \Device\Harddisk0\DR0\Partition7
08:52:18.0374 0x06d0  \Device\Harddisk0\DR0\Partition7 - ok
08:52:18.0390 0x06d0  [ 21ED07E6E77429B8B1A665E96C229204 ] \Device\Harddisk0\DR0\Partition8
08:52:18.0406 0x06d0  \Device\Harddisk0\DR0\Partition8 - ok
08:52:18.0406 0x06d0  ================ Scan generic autorun ======================
08:52:18.0406 0x06d0  HotKeysCmds - ok
08:52:18.0468 0x06d0  [ D94BCD3B86F5220BEFC277B395EEE845, 61D3DE5621CE855F8EA5BF2308D0DFFB3B517BF7187AEE1FEF6785C5880E7D49 ] C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe
08:52:18.0484 0x06d0  IAStorIcon - detected UnsignedFile.Multi.Generic ( 1 )
08:52:18.0484 0x06d0  IAStorIcon ( UnsignedFile.Multi.Generic ) - warning
08:52:18.0578 0x06d0  [ 9E1738D18C61E6935AD0E8EE19D100D8, C2864677359A977CB67F16664DF44C4001CF4C04AD29401450D1BC3CDD9421AD ] C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe
08:52:18.0640 0x06d0  cAudioFilterAgent - ok
08:52:18.0640 0x06d0  BTMTrayAgent - ok
08:52:19.0500 0x06d0  [ B0F2C94368921643D3E256C07B93C391, 705E96BBB7D87ECEF333BEC857B6C1FA97AE91D5C3D5102EE1687BC7382DFF92 ] C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
08:52:20.0375 0x06d0  Energy Management - ok
08:52:20.0531 0x06d0  [ 7F19FEF6B2172A2A872B3FF350CCD213, 772CC5F9B28602A7C8554AFBD085D9B7BDC26D8039F041D6945426834565C106 ] C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe
08:52:20.0562 0x06d0  EnergyUtility - ok
08:52:20.0703 0x06d0  [ F5A5DBADCD24BDF33BFDAA789E39C876, A0D931FA339CA1FB6198BF5DF327ECEB0881796FFF92BDE0F9FC2C233C46E83C ] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe
08:52:20.0750 0x06d0  AdobeAAMUpdater-1.0 - ok
08:52:20.0812 0x06d0  [ E0833C587DC87DA9060972A12AAA988A, 73858F19559A856BB22E9ABD84FF7F5E8E2269765507B7FE7839F2F7B150A78B ] C:\Program Files (x86)\myradioplayer\myradioplayerTray.exe
08:52:20.0844 0x06d0  myradioplayer Tray - ok
08:52:20.0875 0x06d0  [ D0B542256A968DFCB8896C140FCE6047, 3F92A9871B521BCCCDFE6D9BFF88930B26C5DB86F6F6578554A3F2ECC5C5EBA0 ] C:\Program Files\iTunes\iTunesHelper.exe
08:52:20.0906 0x06d0  iTunesHelper - ok
08:52:20.0953 0x06d0  [ C2513AEB3F326B8811E2A37C9A7F930B, E3D9C0BB1A31367E7E3E0ED71F04068DF09F57CA293293B24D841331A1F9ADCB ] C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe
08:52:20.0984 0x06d0  YouCam Tray - ok
08:52:21.0015 0x06d0  [ 16D807D8B07A868298A8044E576BE419, 148399752A497E7FEA07C59C89834E266652AC1C0793B5C9C429FDBB37AB7617 ] C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe
08:52:21.0047 0x06d0  UpdateP2GShortCut - detected UnsignedFile.Multi.Generic ( 1 )
08:52:21.0047 0x06d0  UpdateP2GShortCut ( UnsignedFile.Multi.Generic ) - warning
08:52:21.0047 0x06d0  Force sending object to P2P due to detect: C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe
08:52:21.0047 0x06d0  Object send P2P result: false
08:52:21.0078 0x06d0  [ B7995C675014EEBE77A0BEB7AFCCFC08, 41D186C63273301CF0A1C1EE7B6EB0BB75A251DD441532C5CEB7A4095FB103CD ] C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe
08:52:21.0094 0x06d0  RemoteControl10 - ok
08:52:21.0187 0x06d0  [ 04679E0DC30077EC1164BE82F2A2ADC9, E0193F0AE484DED0DD7F81407F0D98AC071F34358B9EA554DE3ADFC3BA1CBD60 ] C:\Program Files\McAfee.com\Agent\mcagent.exe
08:52:21.0234 0x06d0  mcui_exe - ok
08:52:21.0297 0x06d0  [ 43E946AAD268FEAFB1E286677E70CB5D, 7798926B3CF11D1CF7DFF9B3D67AD3DC67010A62F3132CAEA273EB299A61B176 ] C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe
08:52:21.0312 0x06d0  Intel AppUp(SM) center - ok
08:52:21.0344 0x06d0  [ 04679E0DC30077EC1164BE82F2A2ADC9, E0193F0AE484DED0DD7F81407F0D98AC071F34358B9EA554DE3ADFC3BA1CBD60 ] C:\Program Files\McAfee.com\Agent\mcagent.exe
08:52:21.0390 0x06d0  mcpltui_exe - ok
08:52:21.0390 0x06d0  PC HealthFix - ok
08:52:21.0390 0x06d0  BlockAndSurf - ok
08:52:21.0406 0x06d0  AnyProtect Scanner - ok
08:52:21.0469 0x06d0  [ CB29284AB4B18CA0D23CB0CDC0A6B022, 4478450A2EE4CE694FFE53CDDE4E42821508BD983A8778606C6F6A241D00CA43 ] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
08:52:21.0516 0x06d0  PWRISOVM.EXE - ok
08:52:21.0594 0x06d0  [ 187F4C75A89E3F412322C94526320074, D78FA7EF93C8C7B4326A5B6DB04A92ADD091DF00658FA8731D07C5D3BE29ED04 ] C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe
08:52:21.0625 0x06d0  BCSSync - ok
08:52:21.0719 0x06d0  [ 3E04F1E482357B1FC8B088197C3D9FF8, 85524ADDC27ADC831EBBD24E079B412CFDC69E5F594BD153319087665A28D546 ] C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
08:52:21.0781 0x06d0  Adobe ARM - ok
08:52:21.0813 0x06d0  [ 34084D25BE6F48D072AA54DE630438FD, 522C96429FC679C2D07E9254E8D1793FEC018D65CD43D88FE9851CC8CEB61A07 ] C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
08:52:21.0859 0x06d0  SunJavaUpdateSched - ok
08:52:21.0922 0x06d0  [ 6F94A57D1F05A1A68C33D49B6751C8C6, D37ADB69E8FB2209F6DBD9A55E67800AAED35973DE0830878C6177BDCC073676 ] C:\Windows\System32\StikyNot.exe
08:52:21.0969 0x06d0  RESTART_STICKY_NOTES - ok
08:52:22.0000 0x06d0  AV detected via SS2: McAfee Anti-Virus and Anti-Spyware, C:\Program Files\McAfee.com\Agent\mcupdate.exe ( 12.8.0.0 ), 0x54000 ( disabled : updated )
08:52:22.0016 0x06d0  FW detected via SS2: McAfee Firewall, C:\Program Files\McAfee.com\Agent\mcupdate.exe ( 12.8.0.0 ), 0x52010 ( disabled )
08:52:22.0016 0x06d0  Win FW state via NFP2: enabled
08:52:22.0016 0x06d0  ============================================================
08:52:22.0016 0x06d0  Scan finished
08:52:22.0016 0x06d0  ============================================================
08:52:22.0031 0x0dfc  Detected object count: 13
08:52:22.0031 0x0dfc  Actual detected object count: 13
08:52:49.0754 0x0dfc  Diagnostics ( UnsignedFile.Multi.Generic ) - skipped by user
08:52:49.0754 0x0dfc  Diagnostics ( UnsignedFile.Multi.Generic ) - User select action: Skip
08:52:49.0754 0x0dfc  dyvehiqu ( UnsignedFile.Multi.Generic ) - skipped by user
08:52:49.0754 0x0dfc  dyvehiqu ( UnsignedFile.Multi.Generic ) - User select action: Skip
08:52:49.0754 0x0dfc  Givceb119 ( LockedService.Multi.Generic ) - skipped by user
08:52:49.0754 0x0dfc  Givceb119 ( LockedService.Multi.Generic ) - User select action: Skip
08:52:49.0754 0x0dfc  GlobalUpdater ( LockedFile.Multi.Generic ) - skipped by user
08:52:49.0754 0x0dfc  GlobalUpdater ( LockedFile.Multi.Generic ) - User select action: Skip
08:52:49.0754 0x0dfc  lucherbou ( LockedService.Multi.Generic ) - skipped by user
08:52:49.0754 0x0dfc  lucherbou ( LockedService.Multi.Generic ) - User select action: Skip
08:52:49.0754 0x0dfc  Malguwl119 ( LockedService.Multi.Generic ) - skipped by user
08:52:49.0754 0x0dfc  Malguwl119 ( LockedService.Multi.Generic ) - User select action: Skip
08:52:49.0754 0x0dfc  MigteRyfdis ( LockedService.Multi.Generic ) - skipped by user
08:52:49.0754 0x0dfc  MigteRyfdis ( LockedService.Multi.Generic ) - User select action: Skip
08:52:49.0754 0x0dfc  Proxy ( UnsignedFile.Multi.Generic ) - skipped by user
08:52:49.0754 0x0dfc  Proxy ( UnsignedFile.Multi.Generic ) - User select action: Skip
08:52:49.0769 0x0dfc  qelejify ( UnsignedFile.Multi.Generic ) - skipped by user
08:52:49.0769 0x0dfc  qelejify ( UnsignedFile.Multi.Generic ) - User select action: Skip
08:52:49.0769 0x0dfc  raifkoncut ( LockedService.Multi.Generic ) - skipped by user
08:52:49.0769 0x0dfc  raifkoncut ( LockedService.Multi.Generic ) - User select action: Skip
08:52:49.0769 0x0dfc  Wefhiuli ( HiddenFile.Multi.Generic ) - skipped by user
08:52:49.0769 0x0dfc  Wefhiuli ( HiddenFile.Multi.Generic ) - User select action: Skip
08:52:49.0769 0x0dfc  IAStorIcon ( UnsignedFile.Multi.Generic ) - skipped by user
08:52:49.0769 0x0dfc  IAStorIcon ( UnsignedFile.Multi.Generic ) - User select action: Skip
08:52:49.0769 0x0dfc  UpdateP2GShortCut ( UnsignedFile.Multi.Generic ) - skipped by user
08:52:49.0769 0x0dfc  UpdateP2GShortCut ( UnsignedFile.Multi.Generic ) - User select action: Skip
 



#6 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:02:51 AM

Posted 02 June 2015 - 11:39 AM

Step 1

Fix with TDSStdsskiller.pngiller.
  • Start tdsskiller.exe with administrator privileges.
  • Accept the EULA and the KSN Statement.
  • Click on Change parameters.
  • Make sure that all available options (except "Use KSN to scan objects" and "Loaded modules") are checked and click OK.
  • Click on Start scan.
  • This time select for the following threats the option Cure (or Delete).
    Wefhiuli ( HiddenFile.Multi.Generic )
    
    raifkoncu ( LockedService.Multi.Generic ) 
    
    qelejify ( UnsignedFile.Multi.Generic )
    
    Proxy ( UnsignedFile.Multi.Generic )
    
    MigteRyfdis ( LockedService.Multi.Generic )
    
    Malguwl119 ( LockedService.Multi.Generic )
    
    lucherbou ( LockedService.Multi.Generic ) 
    
    GlobalUpdater ( LockedFile.Multi.Generic )
    
    Givceb119 ( LockedService.Multi.Generic ) 
    
    dyvehiqu ( UnsignedFile.Multi.Generic )
    
    Diagnostics ( UnsignedFile.Multi.Generic )
    
  • Click on Continue and allow the reboot.
  • Copy and paste the log file (C:\TDSSKiller.<version_date_time>_log.txt) of this run in your next reply.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#7 hlingam

hlingam
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:08:51 PM

Posted 02 June 2015 - 12:15 PM

Here is the log:

 

12:54:28.0746 0x20f0  TDSS rootkit removing tool 3.0.0.44 Jan 22 2015 08:27:04
12:54:28.0746 0x20f0  UEFI system
12:54:32.0934 0x20f0  ============================================================
12:54:32.0934 0x20f0  Current date / time: 2015/06/02 12:54:32.0934
12:54:32.0934 0x20f0  SystemInfo:
12:54:32.0934 0x20f0  
12:54:32.0934 0x20f0  OS Version: 6.3.9600 ServicePack: 0.0
12:54:32.0934 0x20f0  Product type: Workstation
12:54:32.0934 0x20f0  ComputerName: DEEPAM
12:54:32.0934 0x20f0  UserName: Pradeepa
12:54:32.0934 0x20f0  Windows directory: C:\WINDOWS
12:54:32.0934 0x20f0  System windows directory: C:\WINDOWS
12:54:32.0934 0x20f0  Running under WOW64
12:54:32.0934 0x20f0  Processor architecture: Intel x64
12:54:32.0934 0x20f0  Number of processors: 4
12:54:32.0934 0x20f0  Page size: 0x1000
12:54:32.0934 0x20f0  Boot type: Normal boot
12:54:32.0934 0x20f0  ============================================================
12:54:33.0371 0x20f0  System UUID: {48BE2F15-5965-F183-1E81-017C1246ED65}
12:54:34.0121 0x20f0  Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 ( 931.51 Gb ), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
12:54:34.0137 0x20f0  ============================================================
12:54:34.0137 0x20f0  \Device\Harddisk0\DR0:
12:54:34.0137 0x20f0  GPT partitions:
12:54:34.0152 0x20f0  \Device\Harddisk0\DR0\Partition1: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {75687AC2-7824-47CD-B2B6-59A668CFA789}, Name: Basic data partition, StartLBA 0x800, BlocksNum 0x1F4000
12:54:34.0152 0x20f0  \Device\Harddisk0\DR0\Partition2: GPT, TypeGUID: {C12A7328-F81F-11D2-BA4B-00A0C93EC93B}, UniqueGUID: {E709FC72-CA84-4873-988B-89AD582E1F6E}, Name: EFI system partition, StartLBA 0x1F4800, BlocksNum 0x82000
12:54:34.0152 0x20f0  \Device\Harddisk0\DR0\Partition3: GPT, TypeGUID: {BFBFAFE7-A34F-448A-9A5B-6213EB736C22}, UniqueGUID: {10CF3811-6E52-4050-8328-0F238A145BB0}, Name: Basic data partition, StartLBA 0x276800, BlocksNum 0x1F4000
12:54:34.0152 0x20f0  \Device\Harddisk0\DR0\Partition4: GPT, TypeGUID: {E3C9E316-0B5C-4DB8-817D-F92DF00215AE}, UniqueGUID: {27D29AFA-B87C-420D-891B-F50430276211}, Name: Microsoft reserved partition, StartLBA 0x46A800, BlocksNum 0x40000
12:54:34.0152 0x20f0  \Device\Harddisk0\DR0\Partition5: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {66442FF1-348C-4CE2-8141-CF2FA17F419B}, Name: Basic data partition, StartLBA 0x4AA800, BlocksNum 0x6F4C3800
12:54:34.0152 0x20f0  \Device\Harddisk0\DR0\Partition6: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {37313CD7-0DC4-4264-849C-3C417E888A75}, Name: , StartLBA 0x6F96E000, BlocksNum 0xE1000
12:54:34.0152 0x20f0  \Device\Harddisk0\DR0\Partition7: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {270DB98D-64A9-41A7-9D04-9990E5E833CA}, Name: Basic data partition, StartLBA 0x6FA4F000, BlocksNum 0x3200000
12:54:34.0152 0x20f0  \Device\Harddisk0\DR0\Partition8: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {B7D1FADF-134F-435C-8C43-BB00144AB015}, Name: Basic data partition, StartLBA 0x72C4F000, BlocksNum 0x1AB7800
12:54:34.0152 0x20f0  MBR partitions:
12:54:34.0152 0x20f0  ============================================================
12:54:34.0230 0x20f0  C: <-> \Device\Harddisk0\DR0\Partition5
12:54:34.0371 0x20f0  D: <-> \Device\Harddisk0\DR0\Partition7
12:54:34.0371 0x20f0  ============================================================
12:54:34.0371 0x20f0  Initialize success
12:54:34.0371 0x20f0  ============================================================
12:54:58.0888 0x17ac  ============================================================
12:54:58.0888 0x17ac  Scan started
12:54:58.0888 0x17ac  Mode: Manual; SigCheck; TDLFS;
12:54:58.0888 0x17ac  ============================================================
12:54:58.0888 0x17ac  KSN ping started
12:54:58.0904 0x17ac  KSN ping finished: false
12:55:00.0561 0x17ac  ================ Scan system memory ========================
12:55:00.0561 0x17ac  System memory - ok
12:55:00.0561 0x17ac  ================ Scan services =============================
12:55:01.0154 0x17ac  [ E1832BD9FD7E0FC2DC9FA5935DE3E8C1, 41FF7418887AFC8B9C96EF21C5950DD342CC9E3C0D87AFD60A05B988C1D6CC23 ] 1394ohci        C:\WINDOWS\System32\drivers\1394ohci.sys
12:55:01.0311 0x17ac  1394ohci - ok
12:55:01.0357 0x17ac  [ AD508A1A46EC21B740AB31C28EFDFDB1, 9B1046CF0B80723149BD359B55CC0B8B3ABBEAA9038469F542A4C345C503FB02 ] 3ware           C:\WINDOWS\system32\drivers\3ware.sys
12:55:01.0389 0x17ac  3ware - ok
12:55:01.0529 0x17ac  [ E796AE43DDD1844281DB4D57294D17C0, 21AE69615044A96041E46476BE814B52C22624B6C7EA6BFC77BB64F69C3C21F5 ] ACPI            C:\WINDOWS\system32\drivers\ACPI.sys
12:55:01.0607 0x17ac  ACPI - ok
12:55:01.0623 0x17ac  [ AC8279D229398BCF05C3154ADCA86813, 083E86CBE53244D24C334DB1511C77025133AE7875191845764B890A8CA5AFA9 ] acpiex          C:\WINDOWS\system32\Drivers\acpiex.sys
12:55:01.0670 0x17ac  acpiex - ok
12:55:01.0686 0x17ac  [ A8970D9BF23CD309E0403978A1B58F3F, 9946C8477104EEC7DB197E2222F9905307F101C398CCED4B5FD0F86A5622C791 ] acpipagr        C:\WINDOWS\System32\drivers\acpipagr.sys
12:55:01.0732 0x17ac  acpipagr - ok
12:55:01.0779 0x17ac  [ 111A89C99C5B4F1A7BCE5F643DD86F65, 41A2E49FF443927D05F7EF638518108227852984E68D4663C8761178C0B84A45 ] AcpiPmi         C:\WINDOWS\System32\drivers\acpipmi.sys
12:55:01.0826 0x17ac  AcpiPmi - ok
12:55:01.0873 0x17ac  [ 5758387D68A20AE7D3245011B07E36E7, 77832E200E8B0D259552F6F60FE454A887E3EBBB9EA2F3590E6645289A04E293 ] acpitime        C:\WINDOWS\System32\drivers\acpitime.sys
12:55:01.0920 0x17ac  acpitime - ok
12:55:01.0967 0x17ac  [ 3B42D95D20CD2AACDB0564471AE43ED7, BF49568D7060159F61D5F6DE7ECDECCCD1F920A2881544BA83CF420C822F6653 ] ACPIVPC         C:\WINDOWS\System32\drivers\AcpiVpc.sys
12:55:03.0358 0x17ac  ACPIVPC - ok
12:55:03.0577 0x17ac  [ FC5B75CA6A1DA31EDD4F8D53F5540B98, CDC445F2790ADFC4C5568C40D4DA8BB95CD71991665B38AEC3D84571C99C3520 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
12:55:03.0608 0x17ac  AdobeARMservice - ok
12:55:03.0733 0x17ac  [ 7C1FDF1B48298CBA7CE4BDD4978951AD, 80F4D536E1231B30E836F72ADC8814AE6AA9FEC573FB5F3F965FAC8ABCCAF0F8 ] ADP80XX         C:\WINDOWS\system32\drivers\ADP80XX.SYS
12:55:03.0811 0x17ac  ADP80XX - ok
12:55:03.0905 0x17ac  [ BCD58DACAA1EAAADC115EDD940478F6D, F31613F583C302F62A00E6766B031531C9E193CAED563689B178BA257715B992 ] AeLookupSvc     C:\WINDOWS\System32\aelupsvc.dll
12:55:03.0967 0x17ac  AeLookupSvc - ok
12:55:04.0061 0x17ac  [ 374E27295F0A9DCAA8FC96370F9BEEA5, 51C394E0C2322D7D093941A1B8766171B5D1F47DF2FE0834209492891EA7D999 ] AFD             C:\WINDOWS\system32\drivers\afd.sys
12:55:04.0124 0x17ac  AFD - ok
12:55:04.0155 0x17ac  [ 7DFAEBA9AD62D20102B576D5CAC45EC8, 9FA5207335303D1E8E9A3C9E1FB82C09AD21B04382F69D777A67E48EE91D2093 ] agp440          C:\WINDOWS\system32\drivers\agp440.sys
12:55:04.0186 0x17ac  agp440 - ok
12:55:04.0249 0x17ac  [ FE14D249D39368CA62D8DA6BC94AC694, E1036E22BFBD3750FD2D3DA6AB939B2DD54E824F4BD3E6539EF0E45AB5453DD1 ] ahcache         C:\WINDOWS\system32\DRIVERS\ahcache.sys
12:55:04.0280 0x17ac  ahcache - ok
12:55:04.0327 0x17ac  [ 14A45BE6F5678339F0EC5752D9849410, DD0F60E96FAC68FBD5B86382E541408C613BD0F871D0E0A1EF9AB6E7B26E545C ] ALG             C:\WINDOWS\System32\alg.exe
12:55:04.0358 0x17ac  ALG - ok
12:55:04.0405 0x17ac  [ 7589DE749DB6F71A68489DCE04158729, 5F35EDD50737985595C9D6703237CA2ADE49AA5443331020899698EB5114A0FB ] AmdK8           C:\WINDOWS\System32\drivers\amdk8.sys
12:55:04.0452 0x17ac  AmdK8 - ok
12:55:04.0499 0x17ac  [ B46D2D89AFF8A9490FA8C98C7A5616E3, BE0765B5423B690E0F097FECD9717FAA95BFDFFDC6CF1B93DE5A19A1B7797879 ] AmdPPM          C:\WINDOWS\System32\drivers\amdppm.sys
12:55:04.0530 0x17ac  AmdPPM - ok
12:55:04.0546 0x17ac  [ D2BF2F94A47D332814910FD47C6BBCD2, FE273D77D119D958676E1197D9EA7B008E3B05C6192B1962A81D4223ED204C35 ] amdsata         C:\WINDOWS\system32\drivers\amdsata.sys
12:55:04.0592 0x17ac  amdsata - ok
12:55:04.0639 0x17ac  [ A8E04943C7BBA7219AA50400272C3C6E, 794C0BD12DF0392654E9A37AE4A24B5BE2D83F1F24F74DD48A1A0BF3AB8B1FF8 ] amdsbs          C:\WINDOWS\system32\drivers\amdsbs.sys
12:55:04.0686 0x17ac  amdsbs - ok
12:55:04.0702 0x17ac  [ CEA5F4F27CFC08E3A44D576811B35F50, 89DF64B81BD109BAABAE93A4603C1617241219F38DDAF325EFE6BD35FF6FD717 ] amdxata         C:\WINDOWS\system32\drivers\amdxata.sys
12:55:04.0749 0x17ac  amdxata - ok
12:55:04.0811 0x17ac  [ 5451A638FACAA57F2F179837BC29A543, E0BDBC13D84D97985983307E7D780E3FD29AE9EF2612C36FC2A92AF3566DA40B ] AMPPAL          C:\WINDOWS\System32\drivers\AMPPAL.sys
12:55:04.0842 0x17ac  AMPPAL - ok
12:55:05.0127 0x17ac  [ CCB61487A9D9416EC8985279E37608BF, 02097150E4C80F58417E7FF8617B14452F2B3B183ABE8075BC7EB1C1F08B5DA8 ] AMPPALR3        C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
12:55:05.0194 0x17ac  AMPPALR3 - ok
12:55:05.0241 0x17ac  [ 415DD71628795197F7AFC176CBADC74E, 5F0359053A6CD6EE239139E0E6F46E1FA9A73F017C0CE9B7BC052216B2C846EC ] AppID           C:\WINDOWS\system32\drivers\appid.sys
12:55:05.0304 0x17ac  AppID - ok
12:55:05.0350 0x17ac  [ 34B2E222F82D05398DAE7203B36B6A2B, AC04BC6B5A36A6807FFE302E9ACF073342B4D76B0BB386249251CB3CA1852CE8 ] AppIDSvc        C:\WINDOWS\System32\appidsvc.dll
12:55:05.0382 0x17ac  AppIDSvc - ok
12:55:05.0429 0x17ac  [ 680BFB820C5A943AB709BAA2B1EF27F2, A51D2A7976A762FE470C13C6D1BA0319A0FB19C9E66BF02AA44F83EAEC7130F8 ] Appinfo         C:\WINDOWS\System32\appinfo.dll
12:55:05.0475 0x17ac  Appinfo - ok
12:55:05.0616 0x17ac  [ 612CB66D93ED0F2F21BB109840C7D813, 75484123DA27B8942B13148FCF061C75A08A50386A095143736B593E9C772173 ] Apple Mobile Device Service C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
12:55:05.0632 0x17ac  Apple Mobile Device Service - ok
12:55:05.0757 0x17ac  [ 35E28923A23ADABAA5A1B43256D0AB58, A5F3AF8BBEE58B2165BAFACC5FF8B167B55B020998D3D1565C2229ED8753B269 ] AppReadiness    C:\WINDOWS\system32\AppReadiness.dll
12:55:05.0819 0x17ac  AppReadiness - ok
12:55:06.0054 0x17ac  [ 573542B5E97772021B73E854DA861DAA, C3FD00FA28060F8D7CDFD455BBB5FF8239CB76DDFFF2BDAE6AA944674DD993D3 ] AppXSvc         C:\WINDOWS\system32\appxdeploymentserver.dll
12:55:06.0148 0x17ac  AppXSvc - ok
12:55:06.0211 0x17ac  [ 65045784366F7EC5FB4E71BCF923187B, 53C215C64FF12E44B097F7CB88E8482438CE0ACBD3C68D8FD38BA0D0D8747FAA ] arcsas          C:\WINDOWS\system32\drivers\arcsas.sys
12:55:06.0258 0x17ac  arcsas - ok
12:55:06.0273 0x17ac  [ 74B14192CF79A72F7536B27CB8814FBD, 0CF6BBB63FFE0C12777664D80B2797923844C8392D0FD81D7962EE5EE2C3C3D9 ] atapi           C:\WINDOWS\system32\drivers\atapi.sys
12:55:06.0289 0x17ac  atapi - ok
12:55:06.0367 0x17ac  [ 8779FDAE68BC948B0FE152E758CC8DA7, 13070C2073F8E7546B48AE9CF54067B9BB75DFCD98F2987B90FFAD20D40D54CF ] AudioEndpointBuilder C:\WINDOWS\System32\AudioEndpointBuilder.dll
12:55:06.0414 0x17ac  AudioEndpointBuilder - ok
12:55:06.0492 0x17ac  [ 61EA45A645854FE81D8A924E2D93DFFE, 34F79532297F609CA93C380B68BB8B7B0F027F9C8F4FB8E02A9A43EA3D155F1B ] Audiosrv        C:\WINDOWS\System32\Audiosrv.dll
12:55:06.0586 0x17ac  Audiosrv - ok
12:55:06.0633 0x17ac  [ 3C6ED74AF41DD1A5585CE5EF3D00915F, A742F576407776634E5A8E49C60023FFDF395DE0B2DE36662A23F85B79405ED2 ] AxInstSV        C:\WINDOWS\System32\AxInstSV.dll
12:55:06.0695 0x17ac  AxInstSV - ok
12:55:06.0726 0x17ac  [ A4A73F631FE2AA2826FBE4A399B04DEF, 973AACE8DC8DA669D0DF20F17EFDEEABB90AA046AC980948D16A62D39A606A79 ] b06bdrv         C:\WINDOWS\system32\drivers\bxvbda.sys
12:55:06.0805 0x17ac  b06bdrv - ok
12:55:06.0961 0x17ac  [ 350C147D2269E227627FDAF3A9F871EE, 4040800ED37957CD1EFF2CFC717D8AA322A7E83FAE7491368AC76E83327722B7 ] BackupStack     C:\Program Files (x86)\MyPC Backup\BackupStack.exe
12:55:06.0992 0x17ac  BackupStack - ok
12:55:07.0023 0x17ac  [ 8CC7F7E4AFCBA605921B137ED7992C68, 71406E6D6E9964740A6D90B05329D5492BB90AF40E0630CF2FBF4BA4BA14F2DD ] BasicDisplay    C:\WINDOWS\System32\drivers\BasicDisplay.sys
12:55:07.0070 0x17ac  BasicDisplay - ok
12:55:07.0101 0x17ac  [ 38A82F4EE8C416A6744B6D30381ED768, 9EAAE5F43BA09359130AC04B1DCA0F5D4DF32ED89C02DC5CEB640918948847F7 ] BasicRender     C:\WINDOWS\System32\drivers\BasicRender.sys
12:55:07.0148 0x17ac  BasicRender - ok
12:55:07.0195 0x17ac  [ C1ABB0F7E3BEA48A0417BDF6FF14AB21, 1CAC63A1A0FB9855A27EE977794576A860F6650C9EF7667FFB27F2A2FF721857 ] bcmfn2          C:\WINDOWS\System32\drivers\bcmfn2.sys
12:55:07.0226 0x17ac  bcmfn2 - ok
12:55:07.0305 0x17ac  [ 77D760E9B477C21487C171F561497F98, 2393D466CEC863C771C5BB4CD81B251635DC084386134B8E13F74F3E1C6D68DF ] BDESVC          C:\WINDOWS\System32\bdesvc.dll
12:55:07.0367 0x17ac  BDESVC - ok
12:55:07.0398 0x17ac  [ EC19013E4CF87609534165DF897274D6, 8ED45537CF2D58D759A587CCBFDADD5580C7447B0C3B172CF19ECC7585E073FC ] Beep            C:\WINDOWS\system32\drivers\Beep.sys
12:55:07.0430 0x17ac  Beep - ok
12:55:07.0492 0x17ac  [ 7BCB00EA702F78EC74CD9699D85CE80B, 17241ADAA13051B560DB9FA9079CAE6321D5B49788B596C125DC912443B00421 ] BFE             C:\WINDOWS\System32\bfe.dll
12:55:07.0586 0x17ac  BFE - ok
12:55:07.0680 0x17ac  [ 48554994279BFE17A3D2B00076D0CB1A, 6521B1EC0BC6B01F63976370D89FE7DC2E7404899F68B6FAC37A9173B9C5D489 ] BITS            C:\WINDOWS\System32\qmgr.dll
12:55:07.0758 0x17ac  BITS - ok
12:55:08.0055 0x17ac  [ EBBFB0846A9E6EC2C8EB37D5159E4A32, CE04E2008F0DA9A51A67727B9C9C2B780DC04535A8C1042D63214F6D3256A8BF ] Bluetooth Device Monitor C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
12:55:08.0133 0x17ac  Bluetooth Device Monitor - ok
12:55:08.0336 0x17ac  [ 0CDC62421FAF23ECA85DDF6F6560F690, E74CD783FBBD6CBD55E8A2ADA315922C1ED8F78405448A56C34C0697816D82EC ] Bluetooth OBEX Service C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
12:55:08.0414 0x17ac  Bluetooth OBEX Service - ok
12:55:08.0555 0x17ac  [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD, 17BFFC5DF609CE3B2F0CAB4BD6C118608C66A3AD86116A47E90B2BB7D8954122 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
12:55:08.0602 0x17ac  Bonjour Service - ok
12:55:08.0633 0x17ac  [ 6B4FFFDDC618FCF64473CAA86E305697, 29EA66071D5822920F5C50533673ADAB5204F8B25C11027AD27450D881F1142D ] bowser          C:\WINDOWS\system32\DRIVERS\bowser.sys
12:55:08.0695 0x17ac  bowser - ok
12:55:08.0789 0x17ac  [ FA601515FF2B59F25FDD8EDB1D2A1104, 21DFB53241F8E880F7546B9ADF38F47D6AD0782EC7F8F0284ED69DE7CEF7DCB9 ] BrokerInfrastructure C:\WINDOWS\System32\bisrv.dll
12:55:08.0836 0x17ac  BrokerInfrastructure - ok
12:55:08.0883 0x17ac  [ BC111AADACD0BF59D56547461D13AB6E, 91E3619930C29EE4B2683683888BA7EE3CF6B1DDB0C19A14E0880470CBE40EF4 ] Browser         C:\WINDOWS\System32\browser.dll
12:55:08.0945 0x17ac  Browser - ok
12:55:08.0977 0x17ac  [ A8F23D453A424FF4DE04989C4727ECC7, AE4A9081395C7379F1C947EF8243F7609F90C843E086B8E77E1A2C06E36D4381 ] BthAvrcpTg      C:\WINDOWS\System32\drivers\BthAvrcpTg.sys
12:55:09.0024 0x17ac  BthAvrcpTg - ok
12:55:09.0070 0x17ac  [ 1104A31260CCF4318C884E0AE6C513BF, A8F83B558944DEF0F84414A11DC3CB90C3A92377B46760EC0A9B8BC22FB0D5C7 ] BthEnum         C:\WINDOWS\System32\drivers\BthEnum.sys
12:55:09.0117 0x17ac  BthEnum - ok
12:55:09.0149 0x17ac  [ 272A62B660A48AEF366F8A1836CED19F, 78EFAC6B1B2313482329BBFFBF0DDA6462BD88E5BE3C817C5E8E0EAF3074C925 ] BthHFEnum       C:\WINDOWS\System32\drivers\bthhfenum.sys
12:55:09.0195 0x17ac  BthHFEnum - ok
12:55:09.0211 0x17ac  [ 71FE2A48E4C93DDB9798C024880B6C07, 8E93DE29C61A5FA64216231228CB3C4A1A693FE87CAA2C070BCAD7BE2D8ED000 ] bthhfhid        C:\WINDOWS\System32\drivers\BthHFHid.sys
12:55:09.0242 0x17ac  bthhfhid - ok
12:55:09.0289 0x17ac  [ 9307A4B743D277C499CDA8E19E5687AC, 7A01989EC3D54581F292BDEDC9B9445F2ABD50165102617E3089BDD061C63A19 ] BthHFSrv        C:\WINDOWS\System32\BthHFSrv.dll
12:55:09.0352 0x17ac  BthHFSrv - ok
12:55:09.0383 0x17ac  [ EF4B9E7C9AD88C00C18A12B0D22D1894, 672537E75201E690D86CD65252B8AEF887C76EBD37AB0C419462D69164B350CC ] BTHMODEM        C:\WINDOWS\System32\drivers\bthmodem.sys
12:55:09.0430 0x17ac  BTHMODEM - ok
12:55:09.0461 0x17ac  [ 25BB93167DEF270188072603F92A1EF5, CE4637CE4B63420E218F53CAF89A8C85D036B879B80456FEF3C7C395590E26BB ] BthPan          C:\WINDOWS\system32\DRIVERS\bthpan.sys
12:55:09.0508 0x17ac  BthPan - ok
12:55:09.0586 0x17ac  [ C37F4930795B771400C63C3C87E7A6C2, 0D0F54184B2DAA45F646E4F69B85C4411E8DFA88EB4763BB0F386055A420F217 ] BTHPORT         C:\WINDOWS\System32\Drivers\BTHport.sys
12:55:09.0680 0x17ac  BTHPORT - ok
12:55:09.0742 0x17ac  [ 043A0F37631BF453F16D478B71320F46, C368296B802984F438852927B8A40EA3F4205724A05828F3173F08EC17228356 ] bthserv         C:\WINDOWS\system32\bthserv.dll
12:55:09.0789 0x17ac  bthserv - ok
12:55:09.0820 0x17ac  [ D30286FF3C7B6318C024D2BC2955C1BF, 47863D046C94A5C19F7D4E0BA393E6FE1E249C78FAB9B8705F7DD2CD87EAC16C ] BTHSSecurityMgr C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
12:55:09.0852 0x17ac  BTHSSecurityMgr - ok
12:55:09.0867 0x17ac  [ 08EA90955AED2D959EE67DF6EDF0E2B6, 0A70AA67E5DD24C473C66A570C0FEBA9D398A0F0AD8386FE05D01C4D16346968 ] BTHUSB          C:\WINDOWS\System32\Drivers\BTHUSB.sys
12:55:09.0914 0x17ac  BTHUSB - ok
12:55:10.0211 0x17ac  [ 8669DE4D76C48D8DC09B6034ABEBEB1A, 96BEF747846D2276B50A19C60CD71629ECCBB66BF6CA8CAE333773030FFB588C ] btmhsf          C:\WINDOWS\system32\DRIVERS\btmhsf.sys
12:55:10.0321 0x17ac  btmhsf - ok
12:55:10.0664 0x17ac  [ FECA9F830A5C6BAB9978E6781A26AE2B, CA1681A2F4FA849815B8E823805E078DB9C050CEE86E9E394B2A37B57CC474A6 ] c2cautoupdatesvc C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
12:55:10.0774 0x17ac  c2cautoupdatesvc - ok
12:55:11.0024 0x17ac  [ 5B33709F7FE59BB625F113EED86AFC5C, 8D29FE242D55526FDEB2CB4009B5DE19C93972E872BE6328AD3305E360A3D44B ] c2cpnrsvc       C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
12:55:11.0165 0x17ac  c2cpnrsvc - ok
12:55:11.0180 0x17ac  [ 2FA6510E33F7DEFEC03658B74101A9B9, 61C8C8E3F09B427711464C974EE22E1E01C48E10DB54A4EC9901F482FC36C978 ] cdfs            C:\WINDOWS\system32\DRIVERS\cdfs.sys
12:55:11.0227 0x17ac  cdfs - ok
12:55:11.0290 0x17ac  [ C6796EA22B513E3457514D92DCDB1A3D, 2B893F3950C6B913B934C2089B69F3B0B77F229AE1820907E598455CBB78139C ] cdrom           C:\WINDOWS\System32\drivers\cdrom.sys
12:55:11.0336 0x17ac  cdrom - ok
12:55:11.0399 0x17ac  [ 41C0D7B1A6D4AD119BA6AC0487EA5C8E, 516C2B34BA7507D0DA4148B4ABC0A8C36286570D4EA5C60B28647B1249C15018 ] CertPropSvc     C:\WINDOWS\System32\certprop.dll
12:55:11.0446 0x17ac  CertPropSvc - ok
12:55:11.0477 0x17ac  [ 0C48BDA498B0109F21729A556F1B21FF, 81392C6D585D5BA048E4D9616CAE316B334687456394BEF847FBD04D3F5E3F88 ] cfwids          C:\WINDOWS\system32\drivers\cfwids.sys
12:55:11.0508 0x17ac  cfwids - ok
12:55:11.0555 0x17ac  [ BE9936EDD3267FAAFF94A7835867F00B, 3CEEF2377D45ED38C7CD3CE4C746EC5EA7277EFEC728A5438F0EF5F62FC7C859 ] circlass        C:\WINDOWS\System32\drivers\circlass.sys
12:55:11.0602 0x17ac  circlass - ok
12:55:11.0696 0x17ac  [ 8EB7E70C2D348FE2476A2E3F2D585E3D, 2B5D407FACF1D049261026CC552A7C93B028A661B0F4E959815EAE7670054127 ] CLFS            C:\WINDOWS\system32\drivers\CLFS.sys
12:55:11.0743 0x17ac  CLFS - ok
12:55:11.0805 0x17ac  [ EF6EF85DADC3184A10D8F2F7159973CB, 42FCB286CED95A5DEBC5C0C894FCBC4818A2C818BB71087142FB51A08A0BE96B ] CmBatt          C:\WINDOWS\System32\drivers\CmBatt.sys
12:55:11.0852 0x17ac  CmBatt - ok
12:55:11.0993 0x17ac  [ 5E5AB950693F2C6D6ACBEE3A74697ED7, 3790A7DD0AC65F47A697A577744FDFA4CC1CA3422884C84E499F97AC91BA84F3 ] CNG             C:\WINDOWS\system32\Drivers\cng.sys
12:55:12.0055 0x17ac  CNG - ok
12:55:12.0383 0x17ac  [ 91C3294F26B430FD84215C50849CC055, DBFF561A1D874654FAEA4621A94180B5CE26F82E3D173FF361357BEC68D31B47 ] CnxtHdAudService C:\WINDOWS\system32\drivers\CHDRT64.sys
12:55:12.0508 0x17ac  CnxtHdAudService - ok
12:55:12.0524 0x17ac  [ 03AAED827C36F35D70900558B8274905, 8E44A23C6013FFAE7769F99CAA3B1D6288DE00A38937F9056903AC265B503AFA ] CompositeBus    C:\WINDOWS\System32\drivers\CompositeBus.sys
12:55:12.0571 0x17ac  CompositeBus - ok
12:55:12.0571 0x17ac  COMSysApp - ok
12:55:12.0602 0x17ac  [ A1FF7DFBFBE164CF92603C651D304DD2, 470ACE5A75E64FC62C950037201199857E974803625DC73BEDBCF6FA4DDD496C ] condrv          C:\WINDOWS\system32\drivers\condrv.sys
12:55:12.0649 0x17ac  condrv - ok
12:55:13.0212 0x17ac  [ D8724B606616B2B75AF54096119580F5, 53E1DEF9F966FDE5898759A33FB62B5062A941E97B235D6F6EF79A5AD1283BDE ] cphs            C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe
12:55:13.0258 0x17ac  cphs - ok
12:55:13.0337 0x17ac  [ 6324F0D18FB52833BA64BC828E29054C, 04118FA1BDFC512F76E4A81FEF34C78B6BD98429DB1D65123B6802B4A1E30584 ] CryptSvc        C:\WINDOWS\system32\cryptsvc.dll
12:55:13.0399 0x17ac  CryptSvc - ok
12:55:13.0477 0x17ac  [ 0BF56545D2E82A48579A633DC65B9494, 2BB6C682A46FB8BAF0AB9ACB3C6BEE1F20A4BB2910676BB08FEA506A47D76A57 ] CxAudMsg        C:\windows\system32\CxAudMsg64.exe
12:55:13.0524 0x17ac  CxAudMsg - ok
12:55:13.0540 0x17ac  [ 315BA4BC19316D72B2E037534E048B93, 69613635DB23E6A935673B1025C2010ED3E195473D25368CF74234C4C36910BE ] dam             C:\WINDOWS\system32\drivers\dam.sys
12:55:13.0587 0x17ac  dam - ok
12:55:13.0790 0x17ac  [ A6F17C299A03BAFEFB9257C462A19E00, EB68967D28355271897166D7B6FD963D1E546D3C24AE1AEAAC561F94357A9345 ] DcomLaunch      C:\WINDOWS\system32\rpcss.dll
12:55:13.0868 0x17ac  DcomLaunch - ok
12:55:14.0024 0x17ac  [ 95E1ABFB27F8A62ED764805775F0D2F3, 692865DA60C93481E01592883678B2C51FD9AC9A835DFB00A8E3F2DFEE7AB0ED ] defragsvc       C:\WINDOWS\System32\defragsvc.dll
12:55:14.0087 0x17ac  defragsvc - ok
12:55:14.0196 0x17ac  [ FF086DEF5995558CCB1B5AAC2110195D, CED52FF01F9247BFDAFC5C7EFC538F8638146ED715574A422496EE0F846CB079 ] DeviceAssociationService C:\WINDOWS\system32\das.dll
12:55:14.0259 0x17ac  DeviceAssociationService - ok
12:55:14.0290 0x17ac  [ 2C02AFF8383D893F8DBEB07A84F6E77C, 7CC34BAC67E2988E3D16DD6EB6F6785CD2460E3EF7FBD0BD5F86E49793BD473E ] DeviceInstall   C:\WINDOWS\system32\umpnpmgr.dll
12:55:14.0337 0x17ac  DeviceInstall - ok
12:55:14.0399 0x17ac  [ A03F362C5557E238CBFA914689C77248, BAD0A1124E6A384C15028FBE121ADF650F7716442555AD3737B9EA1F58A69246 ] Dfsc            C:\WINDOWS\system32\Drivers\dfsc.sys
12:55:14.0446 0x17ac  Dfsc - ok
12:55:14.0477 0x17ac  [ 73BDD44A6088916964945886F9025409, 8E2ECC9AAEF3C6EBA2E61D25F657FDFCC72AB517CC4FD5FFF992E1F9EB942662 ] dg_ssudbus      C:\WINDOWS\system32\DRIVERS\ssudbus.sys
12:55:14.0509 0x17ac  dg_ssudbus - ok
12:55:14.0556 0x17ac  [ 3EEAADA3125431980E5804ED7143458A, 381E12C83E3211C255B321D35536F4049D67E31061F8D82155E4D4509E97F43D ] Dhcp            C:\WINDOWS\system32\dhcpcore.dll
12:55:14.0618 0x17ac  Dhcp - ok
12:55:14.0774 0x17ac  [ 2EF590B1064A1720CEADBB69F6AE4B46, 049F07E8506349F6C10330CC1BAB998EFA243A4656738EAA2CFF6930EABCA72C ] Diagnostics     C:\Program Files (x86)\Common Files\Diagnostics\node\service.exe
12:55:14.0790 0x17ac  Diagnostics - detected UnsignedFile.Multi.Generic ( 1 )
12:55:14.0915 0x17ac  Diagnostics ( UnsignedFile.Multi.Generic ) - warning
12:55:15.0259 0x17ac  [ 9703EC57F5BBB94F89CA80A5D0C12221, 29639F73AA86AA42401A1DB0AF4E76012E617879EC03AD7591210164BA105EBF ] DiagTrack       C:\WINDOWS\system32\diagtrack.dll
12:55:15.0384 0x17ac  DiagTrack - ok
12:55:15.0462 0x17ac  [ 4D40C9B33F738797CF50E77CB7C53E85, 7BA341342A47DEB15B51971C97A5237ACD8BDAD9033F63DF0000892BE43F8E13 ] disk            C:\WINDOWS\system32\drivers\disk.sys
12:55:15.0509 0x17ac  disk - ok
12:55:15.0540 0x17ac  [ EB70A894708D1BC176AFD690FF06085F, 0DD2A97F5E1B38D1F7C0D44E50F09EA222B18B3B074CC9C8CD25A7526CB1A112 ] dmvsc           C:\WINDOWS\System32\drivers\dmvsc.sys
12:55:15.0587 0x17ac  dmvsc - ok
12:55:15.0634 0x17ac  [ 33ADFB7453BF3271463712C4BCE61AD1, A1DB30F874BA7B2C4C653494D70B46B94BF7D39D0DD8559F6CA7A14B676FD617 ] Dnscache        C:\WINDOWS\System32\dnsrslvr.dll
12:55:15.0681 0x17ac  Dnscache - ok
12:55:15.0759 0x17ac  [ 811EACBCC7C51A03AE11F13CC27B2AB6, FAB94F84950FFB7D3649BAFB8D96D43B880D7FDE8D5B879472AE26C4BC4203B0 ] dot3svc         C:\WINDOWS\System32\dot3svc.dll
12:55:15.0806 0x17ac  dot3svc - ok
12:55:15.0884 0x17ac  [ B99CB575986789A93A683DCF292A43A1, 6ACEA31C723B74003E106FC8303542FCC6DBC4952B6B523F6590D006BE57238D ] DPS             C:\WINDOWS\system32\dps.dll
12:55:15.0946 0x17ac  DPS - ok
12:55:15.0978 0x17ac  [ 00C594D5A1DBD22AD8B2902B9F6EFF94, 2920D62B5F7C49A8AFA80FCAD1E834BBAA670AEBDD7E6F21F0496D1D3CCB4E90 ] drmkaud         C:\WINDOWS\system32\drivers\drmkaud.sys
12:55:16.0009 0x17ac  drmkaud - ok
12:55:16.0056 0x17ac  [ 263625A4F616538EB867B6306A6590DB, 2A064720C247EAA3446EFDCC9E01D84CBA875905D78DFED0FBD62D1EE422D416 ] DsmSvc          C:\WINDOWS\System32\DeviceSetupManager.dll
12:55:16.0103 0x17ac  DsmSvc - ok
12:55:16.0243 0x17ac  [ E1BB0B6F00F470B451AB45EA13EBA0B3, 3A2FC2175B69A5EB98D6C2D563DBFDCB320647AB87A14E47FAE800423DCACDAB ] DXGKrnl         C:\WINDOWS\System32\drivers\dxgkrnl.sys
12:55:16.0368 0x17ac  DXGKrnl - ok
12:55:16.0634 0x17ac  [ 6E258D12953A2C313F6DB72E91C67750, 78B85D6120D591A69782449D064DD2C9FC1AA44FC865E7F1A947064F9999450C ] dyvehiqu        C:\Users\Pradeepa\AppData\Roaming\5D46E0FF-1432837580-E211-A330-208984ECA4BC\hnsi5FC1.tmp
12:55:16.0681 0x17ac  dyvehiqu - detected UnsignedFile.Multi.Generic ( 1 )
12:55:16.0681 0x17ac  dyvehiqu ( UnsignedFile.Multi.Generic ) - warning
12:55:16.0712 0x17ac  [ E253530BD5EDE28F1FF6AF93C4D8034D, 787A70C3E946348F066FB8EB81FCE60157217D93FD78ADC631B5835E8D76A253 ] Eaphost         C:\WINDOWS\System32\eapsvc.dll
12:55:16.0774 0x17ac  Eaphost - ok
12:55:17.0525 0x17ac  [ 114BCFDF367FF37C3F1B0A96AF542E4D, D385BC1D91BC1406091C8C3691C07A90BD60EDE05B1384E5AA3506FCB909C857 ] ebdrv           C:\WINDOWS\system32\drivers\evbda.sys
12:55:17.0728 0x17ac  ebdrv - ok
12:55:17.0775 0x17ac  [ 382100E75B6F4668AEAEF228C6CEFFAD, 9C7229F10F11D18E1FED6395391A46225A84B421034B9AB6F81AF7430FDC556F ] EFS             C:\WINDOWS\System32\lsass.exe
12:55:17.0822 0x17ac  EFS - ok
12:55:17.0853 0x17ac  [ 43531A5993380CC5113242C29D265FD9, EE0076D96F7F3CF29884AC7A67C08A429115A7201354A1FB5DE45FD63ABB4960 ] EhStorClass     C:\WINDOWS\system32\drivers\EhStorClass.sys
12:55:17.0884 0x17ac  EhStorClass - ok
12:55:17.0915 0x17ac  [ 6F8E738A9505A388B1157FDDE7B3101B, 3696CA634102B41EEA11EB9DCA0B24439D8636AED4A7190C138C5E64A2EFB514 ] EhStorTcgDrv    C:\WINDOWS\system32\drivers\EhStorTcgDrv.sys
12:55:17.0947 0x17ac  EhStorTcgDrv - ok
12:55:17.0962 0x17ac  [ DFFFAE1442BA4076E18EED5E406FA0D3, 329FC6FB8D14BEACDBE2A5D4C496EDEA485E838B1DF27566E278F8F8E0D8E82E ] ErrDev          C:\WINDOWS\System32\drivers\errdev.sys
12:55:17.0993 0x17ac  ErrDev - ok
12:55:18.0056 0x17ac  [ 9CBBFB1953562BCAE1B1F351F17E32D8, D6118C5F782262916D2481BAEE25017123953F66D550BF29CCA4258FF6C3BC2D ] ETD             C:\WINDOWS\system32\DRIVERS\ETD.sys
12:55:18.0103 0x17ac  ETD - ok
12:55:18.0165 0x17ac  [ F00C593994D57C75273F820653440536, 2DC986D9890EC907405FB2045E6F55ACC384169B45F0B56CCB1A953CF71D9A5D ] EventSystem     C:\WINDOWS\system32\es.dll
12:55:18.0243 0x17ac  EventSystem - ok
12:55:18.0322 0x17ac  [ E7ECD510AED32C19477976310173FAC3, BC68505D654D3742FB59C51715C51B5DBDF89574A0A446B16E612E17058A89ED ] EvtEng          C:\Program Files\Intel\WiFi\bin\EvtEng.exe
12:55:18.0369 0x17ac  EvtEng - ok
12:55:18.0400 0x17ac  [ 7729D294A555C7AEB281ED8E4D0E01E4, 7269E79D72CCE477AC108294D0DDFB59CF533B03C587599C5AB0507C43A0B6D4 ] exfat           C:\WINDOWS\system32\drivers\exfat.sys
12:55:18.0462 0x17ac  exfat - ok
12:55:18.0494 0x17ac  [ 7C4E0D5900B2A1D11EDD626D6DDB937B, 732F310F8F6016C56F432A81636B13CE0124A802FE8DD91287B618EED22C9A1D ] fastfat         C:\WINDOWS\system32\drivers\fastfat.sys
12:55:18.0540 0x17ac  fastfat - ok
12:55:18.0619 0x17ac  [ 304B6AEC4639A7CCCCF544C6BA6177B2, B75CDD52FD3890B3008E06C503945D1E36478F0EC5E067C8DBC2822D7935D24B ] Fax             C:\WINDOWS\system32\fxssvc.exe
12:55:18.0697 0x17ac  Fax - ok
12:55:18.0712 0x17ac  [ 5D8402613E778B3BD45E687A8372710B, EE9EA10805168D309A609B9019AEC5961EE46D18207B5E0EA2DE4064A5770AF8 ] fdc             C:\WINDOWS\System32\drivers\fdc.sys
12:55:18.0759 0x17ac  fdc - ok
12:55:18.0790 0x17ac  [ 020D2F29009F893ADEFF4405B4B44565, 9F8501064C72933D1442DA00E70392B30D0207EB7D60F50E6648FF363799E6F1 ] fdPHost         C:\WINDOWS\system32\fdPHost.dll
12:55:18.0837 0x17ac  fdPHost - ok
12:55:18.0884 0x17ac  [ E80D2EDD2F88B6E20076A0A4F5A5A245, E3CD6E0BE152B22E8A7340EFFD10CCDB1B632CD3EDF487E83F697D2E22A7D594 ] FDResPub        C:\WINDOWS\system32\fdrespub.dll
12:55:18.0915 0x17ac  FDResPub - ok
12:55:18.0947 0x17ac  [ 47AB7D16EDE434B934AA4D661456C2D5, D375A92FB3E4BB0A8DA5270DACC888E53FB9F514516039FE6DAE4D4EF6B9A970 ] fhsvc           C:\WINDOWS\system32\fhsvc.dll
12:55:18.0994 0x17ac  fhsvc - ok
12:55:19.0009 0x17ac  [ BCFD8B149B3ADF92D0DB1E909CAF0265, 002B085C131473642450176B4B8359F3E5B04350AFB659B9C0F9EB587D1181E7 ] FileInfo        C:\WINDOWS\system32\drivers\fileinfo.sys
12:55:19.0040 0x17ac  FileInfo - ok
12:55:19.0072 0x17ac  [ A1A66C4FDAFD6B0289523232AFB7D8AF, 0F5832F626BB62190D5F3A088CE6E048D8A400CCF9EA527F06973CAD96D3A81C ] Filetrace       C:\WINDOWS\system32\drivers\filetrace.sys
12:55:19.0119 0x17ac  Filetrace - ok
12:55:19.0134 0x17ac  [ BE743083CF7063C486A4398E3AEFE59A, 85796D89943DD6FE3932C1ED6CF01470C1B4DFD243C390B07055FFDA3C231551 ] flpydisk        C:\WINDOWS\System32\drivers\flpydisk.sys
12:55:19.0181 0x17ac  flpydisk - ok
12:55:19.0228 0x17ac  [ C1FB505A73FA2E9019D32444AB33B75A, 765F0635C18295855CA4C0394192E8B94BA2EA1C4D74F86B720358ABA019FFAA ] FltMgr          C:\WINDOWS\system32\drivers\fltmgr.sys
12:55:19.0291 0x17ac  FltMgr - ok
12:55:19.0369 0x17ac  [ 6C068E7207F183FF3647E45D2599E80C, D65C9888522CA29596D5C8BEFF42356F0310E812117E72C1D612BA089C0940D9 ] FontCache       C:\WINDOWS\system32\FntCache.dll
12:55:19.0478 0x17ac  FontCache - ok
12:55:19.0603 0x17ac  [ 1C52387BF5A127F5F3BFB31288F30D93, 90D13F60170CD74304F3036A90D596AA3E1E134455A780310BDF67AC7815F2E7 ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
12:55:19.0634 0x17ac  FontCache3.0.0.0 - ok
12:55:19.0666 0x17ac  [ A7C31B168F371E8E6796219F23E354DB, C51C9BF568F1E96CBBE57D2432B38F93F40520086DDB6AAAAC48CBCD1691B441 ] FsDepends       C:\WINDOWS\system32\drivers\FsDepends.sys
12:55:19.0697 0x17ac  FsDepends - ok
12:55:19.0712 0x17ac  [ 09F460AFEDCA03F3BF6E07D1CCC9AC42, B832091BC9B2C2FE38A4BCA132ABB58251E851F21EC6F39636E73777AB9A5791 ] Fs_Rec          C:\WINDOWS\system32\drivers\Fs_Rec.sys
12:55:19.0744 0x17ac  Fs_Rec - ok
12:55:19.0806 0x17ac  [ F152D55E497E12256290C43B31C7D0CE, FFC54B14CCFBC1548948C07FB3866E40A11D0C05AC352BD000E71CEF053F6A6E ] fvevol          C:\WINDOWS\system32\DRIVERS\fvevol.sys
12:55:19.0884 0x17ac  fvevol - ok
12:55:19.0900 0x17ac  [ 9591D0B9351ED489EAFD9D1CE52A8015, AC64C236C3AE545FCE8ED44A4A87FB86265A453BA60026EC9A4DE2B631E99996 ] FxPPM           C:\WINDOWS\System32\drivers\fxppm.sys
12:55:19.0947 0x17ac  FxPPM - ok
12:55:19.0962 0x17ac  [ FC3EF65EE20D39F8749C2218DBA681CA, 12980F1DE99B25E6920A33556F3ABDA5EC9BFE4757BE602130B5E939D8D25CE3 ] gagp30kx        C:\WINDOWS\system32\drivers\gagp30kx.sys
12:55:19.0994 0x17ac  gagp30kx - ok
12:55:20.0025 0x17ac  [ 8E98D21EE06192492A5671A6144D092F, B8F656B34D361EA5AFB47F3A67AB2221580DADA59C8CD0CB83181E4AD8B562B4 ] GEARAspiWDM     C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
12:55:20.0056 0x17ac  GEARAspiWDM - ok
12:55:20.0087 0x17ac  [ 0BF5CAD281E25F1418E5B8875DC5ADD1, 0929AD8437DD78234553D8B2CDF0D6838FD54ACDE1918AFEBE48684EB32A07A3 ] gencounter      C:\WINDOWS\System32\drivers\vmgencounter.sys
12:55:20.0119 0x17ac  gencounter - ok
12:55:20.0119 0x17ac  Suspicious service (NoAccess): Givceb119
12:55:20.0166 0x17ac  [ 4E866ABB7C67936F0B5D11A833CB4088, E656D2DAC68762C446C0C780BAAE6AC632C0A6A39AE50D13503E02402DA7A077 ] Givceb119       C:\WINDOWS\system32\Drivers\Givceb119.sys
12:55:20.0166 0x17ac  Suspicious file ( NoAccess ): C:\WINDOWS\system32\Drivers\Givceb119.sys. md5: 4E866ABB7C67936F0B5D11A833CB4088, sha256: E656D2DAC68762C446C0C780BAAE6AC632C0A6A39AE50D13503E02402DA7A077
12:55:20.0197 0x17ac  Givceb119 - detected LockedService.Multi.Generic ( 1 )
12:55:20.0197 0x17ac  Givceb119 ( LockedService.Multi.Generic ) - warning
12:55:20.0197 0x17ac  Force sending object to P2P due to detect: Givceb119
12:55:20.0197 0x17ac  Object send P2P result: false
12:55:20.0259 0x17ac  [ 91D1015685F88C5CB8938F6D1F7A8A11, A53B29AAC50D01EE25394D7B466D5B3E70A70CD4EDB7F1505927EBF7AE1647AF ] GlobalUpdater   C:\Program Files (x86)\Common Files\IMGUpdater\IMGUpdater.exe
12:55:20.0259 0x17ac  Suspicious file ( NoAccess ): C:\Program Files (x86)\Common Files\IMGUpdater\IMGUpdater.exe. md5: 91D1015685F88C5CB8938F6D1F7A8A11, sha256: A53B29AAC50D01EE25394D7B466D5B3E70A70CD4EDB7F1505927EBF7AE1647AF
12:55:20.0259 0x17ac  GlobalUpdater - detected LockedFile.Multi.Generic ( 1 )
12:55:20.0259 0x17ac  GlobalUpdater ( LockedFile.Multi.Generic ) - warning
12:55:20.0259 0x17ac  Force sending object to P2P due to detect: GlobalUpdater
12:55:20.0275 0x17ac  Object send P2P result: false
12:55:20.0306 0x17ac  [ 8DF1254093B5C354CE725EB6B9B0DE19, DE6C5661CC076DA44B8A5D044FDB7280EDCF38D322A98C14FDC82E25586B3014 ] GPIOClx0101     C:\WINDOWS\system32\Drivers\msgpioclx.sys
12:55:20.0353 0x17ac  GPIOClx0101 - ok
12:55:20.0447 0x17ac  [ 0D03F87D4FF4ADBAF8336DD80548155A, BC10CFA88EA2F41A8D96CB810B7953A4C168B79273A3E804A9F020F49AB58CD3 ] gpsvc           C:\WINDOWS\System32\gpsvc.dll
12:55:20.0541 0x17ac  gpsvc - ok
12:55:20.0603 0x17ac  [ F172AD4E906D97ED8F071896FC6789DC, FC10B3CE3DB0D3BF84DFD28E900EB6A11EDAAE32AC50F23CB03AACC6AA496911 ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
12:55:20.0634 0x17ac  gupdate - ok
12:55:20.0634 0x17ac  [ F172AD4E906D97ED8F071896FC6789DC, FC10B3CE3DB0D3BF84DFD28E900EB6A11EDAAE32AC50F23CB03AACC6AA496911 ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
12:55:20.0666 0x17ac  gupdatem - ok
12:55:20.0697 0x17ac  [ C1B577B2169900F4CF7190C39F085794, 73E104B96A48F4C80D8C37254ECB0891D15C0D2F0C251B57C168F90D60316447 ] gusvc           C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
12:55:20.0728 0x17ac  gusvc - ok
12:55:20.0759 0x17ac  [ D4B7ED39C7900384D9E5C1283F1E7926, F93F98858067B40F1C071EAD0F8E85442A78B95342BC692AF4D726540634923F ] HDAudBus        C:\WINDOWS\System32\drivers\HDAudBus.sys
12:55:20.0791 0x17ac  HDAudBus - ok
12:55:20.0837 0x17ac  [ 10A70BC1871CD955D85CD88372724906, 2480A74854D0A89FF028EE9BA41224D4B2F9B0863066BFC43097920794FEE08D ] HidBatt         C:\WINDOWS\System32\drivers\HidBatt.sys
12:55:20.0884 0x17ac  HidBatt - ok
12:55:20.0900 0x17ac  [ 42F88B57CAE42FC10059C887B3FCFCEA, 9363AA2B8E839A6935A7C6A36C491938DF78024886DCCE6D29CB18E1D6A6D806 ] HidBth          C:\WINDOWS\System32\drivers\hidbth.sys
12:55:20.0947 0x17ac  HidBth - ok
12:55:20.0962 0x17ac  [ C241A8BAFBBFC90176EA0F5240EACC17, 571E20B87818618BE9179986177D55739A240F04D1F740B3C1B7809B9427B767 ] hidi2c          C:\WINDOWS\System32\drivers\hidi2c.sys
12:55:21.0009 0x17ac  hidi2c - ok
12:55:21.0041 0x17ac  [ 9BDDEE26255421017E161CCB9D5EDA95, B766FD5E31708F29384F69418FC33C4BCC6E3064AA553D5B1D30EE0B8B1BFB40 ] HidIr           C:\WINDOWS\System32\drivers\hidir.sys
12:55:21.0072 0x17ac  HidIr - ok
12:55:21.0103 0x17ac  [ EA85B5093DF7B5C3E80362B053740AE2, 1D4251385402A2ADEE8FA1642F54180304F88337DA74989BDE44025ABB145FE5 ] hidserv         C:\WINDOWS\system32\hidserv.dll
12:55:21.0150 0x17ac  hidserv - ok
12:55:21.0181 0x17ac  [ 8DB8EAB9D0C6A5DF0BDCADEA239220B4, EDA23E6909EB83E5E148816DFB16CC29EA01BD6BD2F73AA46B3D820B85FB9C83 ] HidUsb          C:\WINDOWS\System32\drivers\hidusb.sys
12:55:21.0212 0x17ac  HidUsb - ok
12:55:21.0259 0x17ac  [ 29F981739E50305128022CBE10B3659C, 25060937145B0DCA8CD088E78993BFEF1430CDDFF433E606AFC93993CBBF4B3E ] HipShieldK      C:\WINDOWS\system32\drivers\HipShieldK.sys
12:55:21.0306 0x17ac  HipShieldK - ok
12:55:21.0353 0x17ac  [ 93C4315F47F8D635C6DB0DF49FCE10EE, 70C52B8927D54ACD23F27948780B522974250FD5CD81AA9801C3F158C402889F ] hkmsvc          C:\WINDOWS\system32\kmsvc.dll
12:55:21.0400 0x17ac  hkmsvc - ok
12:55:21.0478 0x17ac  [ AC49522ED106BD4B545D6614D71C2445, 40BD738A301170378ECFC031635EB04E2F812B676376CADDD6607ECABEC9255F ] HomeGroupListener C:\WINDOWS\system32\ListSvc.dll
12:55:21.0541 0x17ac  HomeGroupListener - ok
12:55:21.0603 0x17ac  [ 99932E30CE0283B73BB6E5019E150394, 1F88C2F56A7B8E1F75E6359281F418F9661DA4FB7B7D7B14FA7F718B15D4DCE0 ] HomeGroupProvider C:\WINDOWS\system32\provsvc.dll
12:55:21.0681 0x17ac  HomeGroupProvider - ok
12:55:21.0775 0x17ac  [ FB11715EEB23D0999C2295177EBBA5C0, 533754A3591B5852253C793CE08ADA6CAD0545E3A11F42430EFA9D959B6BF4F7 ] HomeNetSvc      C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
12:55:21.0806 0x17ac  HomeNetSvc - ok
12:55:21.0822 0x17ac  [ A6AACEA4C785789BDA5912AD1FEDA80D, D197012A5DA6AB3F76FF298336DF0CF027C07ECC71267BAEF5912DE12893E096 ] HpSAMD          C:\WINDOWS\system32\drivers\HpSAMD.sys
12:55:21.0869 0x17ac  HpSAMD - ok
12:55:21.0947 0x17ac  [ E87A6D3B8FECD5B93BC0CFBB48C27970, 55C49B6F3822450447C082B40A263F3370694DB53AD0018ADEB911E4A9F65A88 ] HTTP            C:\WINDOWS\system32\drivers\HTTP.sys
12:55:22.0041 0x17ac  HTTP - ok
12:55:22.0072 0x17ac  [ 90656C0B3864804B090434EFC582404F, BDB60050B729AACB9E009AC7129BEBD6298BBD8A9DB14B817D02E8E13669BD6E ] hwpolicy        C:\WINDOWS\system32\drivers\hwpolicy.sys
12:55:22.0103 0x17ac  hwpolicy - ok
12:55:22.0150 0x17ac  [ 6D6F9E3BF0484967E52F7E846BFF1CA1, C982966BDE6A3E6773D9441ADA7A3B08D13511DFC68D04DF303248B942423F38 ] hyperkbd        C:\WINDOWS\System32\drivers\hyperkbd.sys
12:55:22.0181 0x17ac  hyperkbd - ok
12:55:22.0197 0x17ac  [ 907C870F8C31F8DDD6F090857B46AB25, 308664A31717383D06185875E76C6612407A9F04E7DB28404F574A5706C6715D ] HyperVideo      C:\WINDOWS\system32\DRIVERS\HyperVideo.sys
12:55:22.0244 0x17ac  HyperVideo - ok
12:55:22.0275 0x17ac  [ D887446F3F6051C60C26F4FD1FC8D43F, A3235C64E9D5378E3409FA7CDD9DB0DD1B3CE6A6EB018F2C40558EB9C427A498 ] i8042prt        C:\WINDOWS\System32\drivers\i8042prt.sys
12:55:22.0322 0x17ac  i8042prt - ok
12:55:22.0353 0x17ac  [ 5D90E32E36CE5D4C535D17CE08AEAF05, 976A463343E8C8308AFBE9E64DF56C430D2241DE002430D00318AB065EB72E4A ] iaLPSSi_GPIO    C:\WINDOWS\System32\drivers\iaLPSSi_GPIO.sys
12:55:22.0369 0x17ac  iaLPSSi_GPIO - ok
12:55:22.0400 0x17ac  [ DD05E7E80F52ADE9AEB292819920F32C, E71AB6A50B0F90C8F94569CE89F66F915A0A4A00D4AC091B2E5E750D88CFC334 ] iaLPSSi_I2C     C:\WINDOWS\System32\drivers\iaLPSSi_I2C.sys
12:55:22.0431 0x17ac  iaLPSSi_I2C - ok
12:55:22.0541 0x17ac  [ FA4C48E36F0B24E7E33D3E7E1844B9C9, F61F448B8E305DEFDDA5D4A6FC4E57C798C11ED4DA0ACB885847DC8A9A7B4E98 ] iaStorA         C:\WINDOWS\system32\drivers\iaStorA.sys
12:55:22.0588 0x17ac  iaStorA - ok
12:55:22.0635 0x17ac  [ 08BFE413B0B4AA8DFA4B5684CE06D3DC, 95DEEBB203E12EE6E191F5247A74C04AEC0E16DE981FADDC4D6C42EE41D8D079 ] iaStorAV        C:\WINDOWS\system32\drivers\iaStorAV.sys
12:55:22.0697 0x17ac  iaStorAV - ok
12:55:22.0760 0x17ac  [ D5854F77CEEAFC5A8405F8ECCBEC09DF, 06D94EAF55787F807FB40E95011E90B0A719AC1A1529C2C110C1EABC5BE02C5B ] IAStorDataMgrSvc C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
12:55:22.0775 0x17ac  IAStorDataMgrSvc - ok
12:55:22.0822 0x17ac  [ A2200C3033FA4EF249FC096A7A7D02A2, 5819F5C2020DE2EEE339B0C08CD4B1E3490EAFBBEA1277CE649DB5A5150986B0 ] iaStorV         C:\WINDOWS\system32\drivers\iaStorV.sys
12:55:22.0869 0x17ac  iaStorV - ok
12:55:22.0900 0x17ac  [ 7274E304EACD1FE0A4F5047CE6B4DC61, 2FD0FBE52359080DCA9D7F94177680A304B0C5E0B701AD3F9E6F09E8E5D5D7D7 ] iBtFltCoex      C:\WINDOWS\system32\DRIVERS\iBtFltCoex.sys
12:55:22.0931 0x17ac  iBtFltCoex - ok
12:55:23.0010 0x17ac  [ 83FF82FE209E7997067B375DAD6CF23D, E312DD068E51DBF96A8232D7D1C9F158652FDA23649655F1102928B320795091 ] ICCS            C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe
12:55:23.0041 0x17ac  ICCS - ok
12:55:23.0056 0x17ac  IEEtwCollectorService - ok
12:55:23.0088 0x17ac  IePluginService - ok
12:55:23.0356 0x17ac  [ 076023219E918D34585B231029A44571, C2AB0DE0D80D0BC6595C9F9655A890531E7952599714DC03B4ECB46947D833A8 ] igfx            C:\WINDOWS\system32\DRIVERS\igdkmd64.sys
12:55:23.0700 0x17ac  igfx - ok
12:55:23.0778 0x17ac  [ C814D4A0B7B91E936B2DC0828C69ACAB, A19B503CB3C598474C61DA6F1AC087CCF287F7523D2F932B21EF21E7CA1809B1 ] igfxCUIService1.0.0.0 C:\WINDOWS\system32\igfxCUIService.exe
12:55:23.0841 0x17ac  igfxCUIService1.0.0.0 - ok
12:55:23.0934 0x17ac  [ 3DBDBD9581C015F02651D6A89801FAD5, 81B6D302C9CD29AD8319515056CFBCD0BD25619B2B166937ACD5F1416B568837 ] IKEEXT          C:\WINDOWS\System32\ikeext.dll
12:55:24.0059 0x17ac  IKEEXT - ok
12:55:24.0075 0x17ac  innfd_1_10_0_14 - ok
12:55:24.0106 0x17ac  [ FC7C456AF9B9811499EDBD10616832EE, CA2D8B0E672D3AE449C2FF0B9E142D74E8C72FD877D11162A9F7CC51AF58220F ] intaud_WaveExtensible C:\WINDOWS\system32\drivers\intelaud.sys
12:55:24.0137 0x17ac  intaud_WaveExtensible - ok
12:55:24.0184 0x17ac  [ F5495B38BFB9149925F54F65AB40EFBF, 7CBB72C41E2343DACBFB967A39CA04788561EDECB289C41BC2D6A06B80882AC4 ] IntcDAud        C:\WINDOWS\system32\DRIVERS\IntcDAud.sys
12:55:24.0247 0x17ac  IntcDAud - ok
12:55:24.0341 0x17ac  [ B353F1834FCD36D77BE3F74992C147D4, BFBC42B500FC7D6D2B523F988DD54156D2B6132CBE366EB591BF45556959A8E9 ] Intel® Capability Licensing Service Interface C:\Program Files\Intel\iCLS Client\HeciServer.exe
12:55:24.0403 0x17ac  Intel® Capability Licensing Service Interface - ok
12:55:24.0466 0x17ac  [ AFAEDA5684C47DE1C07AB6A0F6790DB9, C1F5AFAA2DFFCE695CF396B64F02FF9B355FB5FC2CD11ABDB964AF503DFE124A ] Intel® Wireless Bluetooth® 4.0 Radio Management C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe
12:55:24.0512 0x17ac  Intel® Wireless Bluetooth® 4.0 Radio Management - ok
12:55:24.0528 0x17ac  [ 4E448FCFFD00E8D657CD9E48D3E47157, 4A958CF0BF8DAEAE5E008500BA67CE89B21388592811274331EE39CAC1043A00 ] intelide        C:\WINDOWS\system32\drivers\intelide.sys
12:55:24.0575 0x17ac  intelide - ok
12:55:24.0606 0x17ac  [ A770340FC02B999EF0DE6C2A6BC8437C, 214567BE706B21BEA7EC13AF6B10FBFF658000511DBBA79BAA28D1D4EFD029A7 ] intelpep        C:\WINDOWS\system32\drivers\intelpep.sys
12:55:24.0637 0x17ac  intelpep - ok
12:55:24.0684 0x17ac  [ 47E74A8E53C7C24DCE38311E1451C1D9, 79B06E37A552C8A847404D4C572CDB8CF525354D8AE3BEBC06892B7C3B330761 ] intelppm        C:\WINDOWS\System32\drivers\intelppm.sys
12:55:24.0731 0x17ac  intelppm - ok
12:55:24.0747 0x17ac  [ 9DB76D7F9E4E53EFE5DD8C53DE837514, 07BA4EDA9BE9139A689A2C3EFC1D1A4F3D1216625ED145F313398292A2CD5703 ] IpFilterDriver  C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
12:55:24.0809 0x17ac  IpFilterDriver - ok
12:55:24.0887 0x17ac  [ A5800036E4EA06697A34742A24ACFBE1, BA67060526E9213000B4206F86A74F904999AD7018EFCBE4FE9708650DA9D973 ] iphlpsvc        C:\WINDOWS\System32\iphlpsvc.dll
12:55:24.0981 0x17ac  iphlpsvc - ok
12:55:24.0997 0x17ac  [ 9C096BF5E10CA8BFA56F32522A89FAF1, 6C1151160799338DA351C7237AB049926C6C15F24F5E154BBF5929B4A96C0B8D ] IPMIDRV         C:\WINDOWS\System32\drivers\IPMIDrv.sys
12:55:25.0059 0x17ac  IPMIDRV - ok
12:55:25.0106 0x17ac  [ B7342B3C58E91107F6E946A93D9D4EFD, D5DA3C02C5C5A343785745EF6983CC9B5FBD3FB8D49FE9B450523E50212D1A32 ] IPNAT           C:\WINDOWS\system32\drivers\ipnat.sys
12:55:25.0169 0x17ac  IPNAT - ok
12:55:25.0247 0x17ac  [ A4857E8B1DEB9740FB5ADEDF05ED69E0, 24FC7A188D32B08CE4F10EEEF17F37C45DB5433158A7A97A07D43F6BEE58DFFC ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
12:55:25.0325 0x17ac  iPod Service - ok
12:55:25.0341 0x17ac  [ AE44C526AB5F8A487D941CEB57B10C97, A783A2EAF7A6FF450FB3F189A5930036FA60D125C42171AC44B6FE2E3DBD6F7A ] IRENUM          C:\WINDOWS\system32\drivers\irenum.sys
12:55:25.0403 0x17ac  IRENUM - ok
12:55:25.0419 0x17ac  [ 8AFEEA3955AA43616A60F133B1D25F21, E99359A4F1D653790133F145CF7C9F97399FD75C5E135AA7E5F989BB660789AF ] isapnp          C:\WINDOWS\system32\drivers\isapnp.sys
12:55:25.0466 0x17ac  isapnp - ok
12:55:25.0512 0x17ac  [ D90AB68D0FAC9F357F663670FDBB511E, A82AAA5DF1B38EFBDCF834535A0C520D1BB2D7A4A906C18CFDD22BCF16BDB97D ] iScsiPrt        C:\WINDOWS\System32\drivers\msiscsi.sys
12:55:25.0606 0x17ac  iScsiPrt - ok
12:55:25.0637 0x17ac  [ A90C843F4FDD7A07129BA73C6BE13976, A76DEA9F09E3B2F18D3B646A0DD39E2773EC62E2F3C55421BA61C12190D78C1C ] iwdbus          C:\WINDOWS\System32\drivers\iwdbus.sys
12:55:25.0669 0x17ac  iwdbus - ok
12:55:25.0731 0x17ac  [ B2AAF45E83CAFA49A34EB2F2D6D7609C, 1AE9FEE38D295F485165F2BA53F2D7CED5D9845D98F9EAC23ABF2244D3CB1D96 ] jhi_service     C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
12:55:25.0762 0x17ac  jhi_service - ok
12:55:25.0794 0x17ac  [ A1D4D34A56DF1D5122CDB265038A2E72, AE061BA1A65C98AF875FA18878B014B57E33594D4AC4C39B050AA532E2220F83 ] kbdclass        C:\WINDOWS\System32\drivers\kbdclass.sys
12:55:25.0841 0x17ac  kbdclass - ok
12:55:25.0872 0x17ac  [ 4A34D7084B862A92F3ABC4969166B3D3, 87B2635873DA4DD06D9E3B8E4313CBDBDC1488E4E340EC2101393EC65823771F ] kbdhid          C:\WINDOWS\System32\drivers\kbdhid.sys
12:55:25.0903 0x17ac  kbdhid - ok
12:55:25.0919 0x17ac  [ 813871C7D402A05F2E3A7075F9584A05, FF0C2F87EB083F8CE74C679D80C845CDFBFBBC70BE818F899F3336BBB54A3FFB ] kdnic           C:\WINDOWS\system32\DRIVERS\kdnic.sys
12:55:25.0966 0x17ac  kdnic - ok
12:55:25.0997 0x17ac  [ 382100E75B6F4668AEAEF228C6CEFFAD, 9C7229F10F11D18E1FED6395391A46225A84B421034B9AB6F81AF7430FDC556F ] KeyIso          C:\WINDOWS\system32\lsass.exe
12:55:26.0044 0x17ac  KeyIso - ok
12:55:26.0075 0x17ac  [ 4E829B18D5BAEC29893792A3C671A847, 64C3B99F53A9D1ACA802B46B09E820AD210B667D5A1CD0ADAF1F12944B15B52E ] KSecDD          C:\WINDOWS\system32\Drivers\ksecdd.sys
12:55:26.0122 0x17ac  KSecDD - ok
12:55:26.0156 0x17ac  [ 15C8C65CEA018C02EA0F648448C491C5, DF909704D22D891BE439B2E3D8386EA659444F91DC92AABFF9766446AEE5EBC0 ] KSecPkg         C:\WINDOWS\system32\Drivers\ksecpkg.sys
12:55:26.0203 0x17ac  KSecPkg - ok
12:55:26.0234 0x17ac  [ 11AFB527AA370B1DAFD5C36F35F6D45F, 757AD234284467ADB826F7CA0251F58D48866B91995BC867DEA4BAF676947163 ] ksthunk         C:\WINDOWS\system32\drivers\ksthunk.sys
12:55:26.0281 0x17ac  ksthunk - ok
12:55:26.0312 0x17ac  [ C1591A66028C71147A3E2EAB0B1CCB7E, 82F3D5DCC1614398A144D9791E4BAA814DBA9112677341FD57D5E9834CEDEB41 ] KtmRm           C:\WINDOWS\system32\msdtckrm.dll
12:55:26.0375 0x17ac  KtmRm - ok
12:55:26.0390 0x17ac  [ 50AECF8C21AB2A6428A6E1E10549D8E5, 6BC7C60CF5E8AFB9972619EE1C78357756E9C0A3EC783C3056CEB600DCBB1555 ] L1C             C:\WINDOWS\system32\DRIVERS\L1C63x64.sys
12:55:26.0422 0x17ac  L1C - ok
12:55:26.0469 0x17ac  [ CA2828DDE4B09FEFFDB7CE68B3D8D00A, B514792FF1EF36C678BB51644A1C420105D5E2CD6DD5A89A3FB252D08277A40C ] LanmanServer    C:\WINDOWS\system32\srvsvc.dll
12:55:26.0531 0x17ac  LanmanServer - ok
12:55:26.0578 0x17ac  [ 3DBD9100745F9B8506B8FEC6FE6CCDE3, C3EF2856A1680AFDE133887E48946CF9CAB6755C3BDC07F0326965DCD4096F62 ] LanmanWorkstation C:\WINDOWS\System32\wkssvc.dll
12:55:26.0640 0x17ac  LanmanWorkstation - ok
12:55:26.0703 0x17ac  [ 2B7479EB47731A8ACBA28AF4C4BDA32D, 67AEB98E7B41337FEFD92CC81BFAD25FBB679998B318C110A4873B1AD8927A97 ] lfsvc           C:\WINDOWS\System32\GeofenceMonitorService.dll
12:55:26.0781 0x17ac  lfsvc - ok
12:55:26.0812 0x17ac  [ BE166935083F9C38EDFDC21B9A7A679B, 89C64DBE58E1B974208AAAA5CC757C599B1439C205C3C48BF16BA054A06DBC94 ] LHDmgr          C:\WINDOWS\system32\DRIVERS\LhdX64.sys
12:55:26.0844 0x17ac  LHDmgr - ok
12:55:26.0890 0x17ac  [ C09010B3680860131631F53E8FE7BAD8, 35F2A06D5F29478D22ABDCC20DA893EF9D96504C65594A0CEA674D1C21B04FF8 ] lltdio          C:\WINDOWS\system32\DRIVERS\lltdio.sys
12:55:26.0937 0x17ac  lltdio - ok
12:55:26.0984 0x17ac  [ DAE98CC96C5EE308BF4EA7B18F226CB8, 7A6CC56BF075010707715AB6608764291E358EDF27C806A025532869004C686B ] lltdsvc         C:\WINDOWS\System32\lltdsvc.dll
12:55:27.0062 0x17ac  lltdsvc - ok
12:55:27.0109 0x17ac  [ 1E2662D847B7D9995C65D90D254A7E0F, AFD4063D2071FFCB6B0EAC0715276D986F42326919C86E525DCE12E1109A93E2 ] lmhosts         C:\WINDOWS\System32\lmhsvc.dll
12:55:27.0156 0x17ac  lmhosts - ok
12:55:27.0203 0x17ac  [ 9CA9CB0E115418F90FFC67973462280A, E3B25C360A9F5A614206B6AD07E67B2AF71D667E3CDC56BAC11F4C5AD0BACAA6 ] LMS             C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
12:55:27.0250 0x17ac  LMS - ok
12:55:27.0375 0x17ac  [ 6A49967EE909349DE796BC443FF3EE33, 2BDA309775DF2680D25E4695B0B1EA9092965C96677EFEDFCDBAED7101E5EA4C ] LSCWinService   C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe
12:55:27.0500 0x17ac  LSCWinService - ok
12:55:27.0562 0x17ac  [ C755AE4635457AA2A11F79C0DF857ABC, E03D1ACAC155287291FE1BD0B653953ADC94279A74D0152088D698FAA796460F ] LSI_SAS         C:\WINDOWS\system32\drivers\lsi_sas.sys
12:55:27.0609 0x17ac  LSI_SAS - ok
12:55:27.0625 0x17ac  [ ADAC09CBE7A2040B7F68B5E5C9A75141, 7865DA7E91404F3642BC444B97F6B7AA42B9523D5EDD7F6365DA236B8EC3410F ] LSI_SAS2        C:\WINDOWS\system32\drivers\lsi_sas2.sys
12:55:27.0672 0x17ac  LSI_SAS2 - ok
12:55:27.0687 0x17ac  [ 04D1274BB9BBCCF12BD12374002AA191, 4B9618F8D25F2278DE1610A70ACAADB074D171D162C3AF27D464F5DC800A8E60 ] LSI_SAS3        C:\WINDOWS\system32\drivers\lsi_sas3.sys
12:55:27.0734 0x17ac  LSI_SAS3 - ok
12:55:27.0766 0x17ac  [ 327469EEF3833D0C584B7E88A76AEC0C, 3D88B5A2D68F93F01B39C6E3D8D5C7A2A20686EFC756086E66AFFF1BC3019B85 ] LSI_SSS         C:\WINDOWS\system32\drivers\lsi_sss.sys
12:55:27.0797 0x17ac  LSI_SSS - ok
12:55:27.0875 0x17ac  [ 9A7A7E45DAED2E8C2816716D8D28236A, C94787988826E546A8DC752BD6BE4EA7423DC3762B2D371DB297A63F865A95FF ] LSM             C:\WINDOWS\System32\lsm.dll
12:55:27.0969 0x17ac  LSM - ok
12:55:27.0984 0x17ac  [ DDEE191AB32DFC22C6465002ECDF5EE4, 190C3930A8449118F9FEDF43C482837EF1C255E6D67F9651156E66A1E2BC6553 ] luafv           C:\WINDOWS\system32\drivers\luafv.sys
12:55:28.0031 0x17ac  luafv - ok
12:55:28.0031 0x17ac  Suspicious service (NoAccess): lucherbou
12:55:28.0250 0x17ac  [ D57CDAE499FA78213726075B25233CF0, B12BC05E9F51DCB8FD4B1C6803EC0CA14E323FA7A427E9F632B49269E3F9CBE9 ] lucherbou       C:\ProgramData\boostwebapp\1.1.0.31\ikuwmys.exe
12:55:28.0250 0x17ac  Suspicious file ( Hidden ): C:\ProgramData\boostwebapp\1.1.0.31\ikuwmys.exe. md5: D57CDAE499FA78213726075B25233CF0, sha256: B12BC05E9F51DCB8FD4B1C6803EC0CA14E323FA7A427E9F632B49269E3F9CBE9
12:55:28.0250 0x17ac  lucherbou - detected LockedService.Multi.Generic ( 1 )
12:55:28.0250 0x17ac  lucherbou ( LockedService.Multi.Generic ) - warning
12:55:28.0250 0x17ac  Force sending object to P2P due to detect: lucherbou
12:55:28.0250 0x17ac  Object send P2P result: false
12:55:28.0250 0x17ac  Suspicious service (NoAccess): Malguwl119
12:55:28.0281 0x17ac  [ 92B4209F8A679B0172B9FA6A3B3ECADB, C5EB7DEB1AEF6964A169F2B543598E4FDD20E937FEAD8E81D95409A0B020F7E1 ] Malguwl119      C:\WINDOWS\system32\Drivers\Malguwl119.sys
12:55:28.0281 0x17ac  Suspicious file ( NoAccess ): C:\WINDOWS\system32\Drivers\Malguwl119.sys. md5: 92B4209F8A679B0172B9FA6A3B3ECADB, sha256: C5EB7DEB1AEF6964A169F2B543598E4FDD20E937FEAD8E81D95409A0B020F7E1
12:55:28.0313 0x17ac  Malguwl119 - detected LockedService.Multi.Generic ( 1 )
12:55:28.0313 0x17ac  Malguwl119 ( LockedService.Multi.Generic ) - warning
12:55:28.0313 0x17ac  Force sending object to P2P due to detect: Malguwl119
12:55:28.0313 0x17ac  Object send P2P result: false
12:55:28.0469 0x17ac  [ 96E7AA538AB0EDECCAB3862BA4B66232, 8AF460093B4DC1FD81C4508A57B6A80A7FB2E1818A3405506B8DB5B521615FB6 ] McAPExe         C:\Program Files\McAfee\MSC\McAPExe.exe
12:55:28.0516 0x17ac  McAPExe - ok
12:55:28.0547 0x17ac  [ 1E3AF124A3405EEE594BB9FFD4640F48, 7916D86433A6A305CC9699A8901795E74A22C99A2C6B091BAC951E30F7510FF7 ] McAWFwk         C:\Program Files\mcafee\msc\McAWFwk.exe
12:55:28.0594 0x17ac  McAWFwk - ok
12:55:28.0625 0x17ac  [ FB11715EEB23D0999C2295177EBBA5C0, 533754A3591B5852253C793CE08ADA6CAD0545E3A11F42430EFA9D959B6BF4F7 ] McMPFSvc        C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
12:55:28.0672 0x17ac  McMPFSvc - ok
12:55:28.0688 0x17ac  [ FB11715EEB23D0999C2295177EBBA5C0, 533754A3591B5852253C793CE08ADA6CAD0545E3A11F42430EFA9D959B6BF4F7 ] McNaiAnn        C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe
12:55:28.0750 0x17ac  McNaiAnn - ok
12:55:28.0969 0x17ac  [ 63D93A440E7AC015D85B9A3DA0C1BBAF, 849A13E91B041DEC2A47F5BE65ADBA6CAC8AF01675D0D8E13730724B54B4DD15 ] McODS           C:\Program Files\mcafee\VirusScan\mcods.exe
12:55:29.0031 0x17ac  McODS - ok
12:55:29.0063 0x17ac  [ C121367D21599367F2ADB9C11B7BABAA, 752993437AB2C797B5C0FFD397BC8FAC575886857C61BCCCCF169DA54BEE911C ] McOobeSv        C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
12:55:29.0110 0x17ac  McOobeSv - ok
12:55:29.0141 0x17ac  [ FB11715EEB23D0999C2295177EBBA5C0, 533754A3591B5852253C793CE08ADA6CAD0545E3A11F42430EFA9D959B6BF4F7 ] mcpltsvc        C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe
12:55:29.0188 0x17ac  mcpltsvc - ok
12:55:29.0219 0x17ac  [ FB11715EEB23D0999C2295177EBBA5C0, 533754A3591B5852253C793CE08ADA6CAD0545E3A11F42430EFA9D959B6BF4F7 ] McProxy         C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe
12:55:29.0281 0x17ac  McProxy - ok
12:55:29.0313 0x17ac  [ EB5C03A070F30D64A6DF80E53B22F53F, 12051B6AEBDEE1E28F24364F25A52BA3A6E282ECF86D6290E34BD38E6D4E066D ] megasas         C:\WINDOWS\system32\drivers\megasas.sys
12:55:29.0360 0x17ac  megasas - ok
12:55:29.0422 0x17ac  [ F6F13533196DE7A582D422B0241E4363, B3CD9B08937AFFF12141B38634AF3A56F5AC5FF3EF03941802B9841DEC559469 ] megasr          C:\WINDOWS\system32\drivers\megasr.sys
12:55:29.0500 0x17ac  megasr - ok
12:55:29.0563 0x17ac  [ 772A1DEEDFDBC244183B5C805D1B7D85, 7D821B8DF1F174E5414FFDEAB5207DB687740E9842F7203600AEBA086945AFC9 ] MEIx64          C:\WINDOWS\System32\drivers\HECIx64.sys
12:55:29.0594 0x17ac  MEIx64 - ok
12:55:29.0656 0x17ac  [ 4800829B6DA07ED8818EBC3AB4ECB2AF, B75BC9838B4A4CEB65AFE246B01FD545DC7AACA192AC0F7B4E7A0F5DF6A454E3 ] mfeapfk         C:\WINDOWS\system32\drivers\mfeapfk.sys
12:55:29.0688 0x17ac  mfeapfk - ok
12:55:29.0719 0x17ac  [ 001EF965C2869723E5929255E7F4BDB0, E9F6DC7842DAE743881F7DC9AE9CDBF2DBD1DD48A387AF92E32AA13CAEFCBEF6 ] mfeavfk         C:\WINDOWS\system32\drivers\mfeavfk.sys
12:55:29.0766 0x17ac  mfeavfk - ok
12:55:30.0047 0x17ac  [ E85AC33B3E5D81BF750AC8FFBE7FD46F, 5F62E2732B234176A94E8E3F34A125935FC8D52F608CB4F38FE0DE3E7B25E3D5 ] mfecore         C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
12:55:30.0142 0x17ac  mfecore - ok
12:55:30.0157 0x17ac  [ C43A22B878D5B92D9A5D748BD808F171, 989DBFF36CBC33320C46A60FB592156568914B0D76DBD0DB7C6E37B83ECAF90D ] mfeelamk        C:\WINDOWS\system32\drivers\mfeelamk.sys
12:55:30.0189 0x17ac  mfeelamk - ok
12:55:30.0298 0x17ac  [ A769FABF6F9B5E72450F9E161C83D495, 3601A1242885B778B81AB2ABA95F6EAA026427A3F8072427A0A4DF7B93CF4CE1 ] mfefire         C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
12:55:30.0329 0x17ac  mfefire - ok
12:55:30.0454 0x17ac  [ F153129E35F2D1C893A099368B55E530, 08D5F93CF2A6994700D1F29239BF7F5B4EA48793211E24601B1FE4A8BC96F092 ] mfefirek        C:\WINDOWS\system32\drivers\mfefirek.sys
12:55:30.0517 0x17ac  mfefirek - ok
12:55:30.0704 0x17ac  [ 63835C12B7B9E1B8EA1D195E9A2A786A, C25CFAE33178AE0CB84F078113F328308FB107D574A27653323F909B41B41C01 ] mfehidk         C:\WINDOWS\system32\drivers\mfehidk.sys
12:55:30.0798 0x17ac  mfehidk - ok
12:55:30.0861 0x17ac  [ 9BBE68D37302E191788058ECA974B870, 9D1034097328A4E83479594DD2AFA857B58D758C227F952FDCED7DEEF23B8D5D ] mfencbdc        C:\WINDOWS\system32\DRIVERS\mfencbdc.sys
12:55:30.0923 0x17ac  mfencbdc - ok
12:55:30.0939 0x17ac  [ 5A0A092F04A83505799F857371E4A3FF, 1BD7726CB3CDFA7B5C225B695B07AC143B7BE2A3DBD596B30DB2816D407A6C9E ] mfencrk         C:\WINDOWS\system32\DRIVERS\mfencrk.sys
12:55:30.0986 0x17ac  mfencrk - ok
12:55:31.0017 0x17ac  [ FAB7B6D571B810B73F5BB286AB439687, D1898B16E9FCABFF1BC937427B18B1083018B4F5DED6A04A2967352FF5857218 ] mfevtp          C:\windows\system32\mfevtps.exe
12:55:31.0064 0x17ac  mfevtp - ok
12:55:31.0142 0x17ac  [ 57CC9413361359476B844339417F1CFF, 87093104871F8B6A6336404F0C497A6B5473AA0E770C54ABF233428FB151FD4C ] mfewfpk         C:\WINDOWS\system32\drivers\mfewfpk.sys
12:55:31.0189 0x17ac  mfewfpk - ok
12:55:31.0376 0x17ac  Microsoft SharePoint Workspace Audit Service - ok
12:55:31.0376 0x17ac  Suspicious service (NoAccess): MigteRyfdis
12:55:31.0470 0x17ac  [ 90EF2EE8BD78B672865F149B19EA9B74, 4C9A3E537D7B3AF2FDE85EAB68E863085FFFEAB7E2EC6136DC41C29C619C2400 ] MigteRyfdis     C:\ProgramData\boostwebapp\1.1.0.31\TouhJoisa.exe
12:55:31.0470 0x17ac  Suspicious file ( Hidden ): C:\ProgramData\boostwebapp\1.1.0.31\TouhJoisa.exe. md5: 90EF2EE8BD78B672865F149B19EA9B74, sha256: 4C9A3E537D7B3AF2FDE85EAB68E863085FFFEAB7E2EC6136DC41C29C619C2400
12:55:31.0470 0x17ac  MigteRyfdis - detected LockedService.Multi.Generic ( 1 )
12:55:31.0470 0x17ac  MigteRyfdis ( LockedService.Multi.Generic ) - warning
12:55:31.0532 0x17ac  [ 4C5179DB61B9E14BEC15CDC4B152B2E9, 9048BEC7AD6A3F4B640E99B1F0365AC9A46740B188758FBB2C160EF30AD6E64B ] MMCSS           C:\WINDOWS\system32\mmcss.dll
12:55:31.0579 0x17ac  MMCSS - ok
12:55:31.0626 0x17ac  [ 8B38C44F69259987C95135C9627E2378, E698B82D4EFFF56D66C7FC9866369BA5736FDBDBE2028CC421C51E70DEA74727 ] Modem           C:\WINDOWS\system32\drivers\modem.sys
12:55:31.0689 0x17ac  Modem - ok
12:55:31.0720 0x17ac  [ 601589000CC90F0DF8DA2CC254A3CCC9, D1238A386C41B6C368D9A44B7C112C943995B5403E2A5B4B7346B266DDB0C5A0 ] monitor         C:\WINDOWS\System32\drivers\monitor.sys
12:55:31.0767 0x17ac  monitor - ok
12:55:31.0814 0x17ac  [ 2A2F8D5284E59815169A88F1FC9CEE28, 58EFBCF3C849FD088CFB7FE287FC7D9DD7E03D4E6AA98F0497C09E4596E42538 ] mouclass        C:\WINDOWS\System32\drivers\mouclass.sys
12:55:31.0876 0x17ac  mouclass - ok
12:55:31.0892 0x17ac  [ 91223A2AE2955B3E0DA3DB79C3A897A6, 32B59CF1586C2300D60AF8A1D819515033ACC7F7A1F3523FC4AC7725E29B5A90 ] mouhid          C:\WINDOWS\System32\drivers\mouhid.sys
12:55:31.0954 0x17ac  mouhid - ok
12:55:31.0986 0x17ac  [ D1D82F007A079A4D623DBD1F36EF30A1, 7901F81B62C5A4196D75A10C05386B16831CB290EFB9A1611CECF281068C520F ] mountmgr        C:\WINDOWS\system32\drivers\mountmgr.sys
12:55:32.0032 0x17ac  mountmgr - ok
12:55:32.0111 0x17ac  [ D360D521F0A5C30C7B257D66A084665C, CEB2A4317F2E9A0935162D4C71912268B8722752109174FDC77C76A638776262 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
12:55:32.0157 0x17ac  MozillaMaintenance - ok
12:55:32.0204 0x17ac  [ 6FC047578785B0435F4E2660946D1ADC, 8AEA5659F01FC2F75160922C69622502DABA39F33CB90D5178DD679A1CDE617D ] mpsdrv          C:\WINDOWS\system32\drivers\mpsdrv.sys
12:55:32.0236 0x17ac  mpsdrv - ok
12:55:32.0376 0x17ac  [ C18AA14126ADC66478E8E962B2DFAA98, A6F8CE9D88D590DC083253004392572C3BD02C33433CD6C0D9117D2AA7171EEC ] MpsSvc          C:\WINDOWS\system32\mpssvc.dll
12:55:32.0470 0x17ac  MpsSvc - ok
12:55:32.0533 0x17ac  [ DB32958F0E704EFBF7F15161A569E39F, 8A26448B954F8A16EE9BA72EF47F6C549A75B30BD13FEB5A29EB099A74D8F678 ] MRxDAV          C:\WINDOWS\system32\drivers\mrxdav.sys
12:55:32.0595 0x17ac  MRxDAV - ok
12:55:32.0689 0x17ac  [ 31233271EDE50D1BBB220F78AFA60486, 2122FAB5BD353DF63CF0FE9CEDBD5DFD1F26F2DE04303E1B3FFB03AA02AECED9 ] mrxsmb          C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
12:55:32.0767 0x17ac  mrxsmb - ok
12:55:32.0861 0x17ac  [ 3E28B99198B514DFEB152EACF913025E, 6C1D8353DCD5F811F39C0C3CB5DF3D2457F0D17EE80FB06196AA169E3D19E9B2 ] mrxsmb10        C:\WINDOWS\system32\DRIVERS\mrxsmb10.sys
12:55:32.0923 0x17ac  mrxsmb10 - ok
12:55:32.0954 0x17ac  [ 6276AC2AA203CF47811F6EFBBD214FBF, AE55D87D863A626347B0074F4E962080F1989A94153DAF8475593249F616DA2F ] mrxsmb20        C:\WINDOWS\system32\DRIVERS\mrxsmb20.sys
12:55:33.0001 0x17ac  mrxsmb20 - ok
12:55:33.0033 0x17ac  [ F3C060444777A59FC63D920719E43CCD, 8766A2746E3DFB0749E902F458141269335CA6F0CEDCA3D5F8C204637C19E783 ] MsBridge        C:\WINDOWS\system32\DRIVERS\bridge.sys
12:55:33.0079 0x17ac  MsBridge - ok
12:55:33.0111 0x17ac  [ 915747E010A9414B069173284A9B93F4, 8A335C28FE1EF96DD71485877F2E86155D24B5614ACE05468F4B07E2ACD56331 ] MSDTC           C:\WINDOWS\System32\msdtc.exe
12:55:33.0158 0x17ac  MSDTC - ok
12:55:33.0189 0x17ac  [ D13329FBF8345B28AB30F44CC247DC08, 9C7EC2D4D65E6510EB5B9E61BB0D14F725D7E8FE98D65161C3971E43EF1AB6EB ] Msfs            C:\WINDOWS\system32\drivers\Msfs.sys
12:55:33.0251 0x17ac  Msfs - ok
12:55:33.0283 0x17ac  [ C6B474E46F9E543B875981ED3FFE6ADD, E16687E52FB649C23D92159A1F036CB662202C1E58D961EECDAA528AA4FA669A ] msgpiowin32     C:\WINDOWS\System32\drivers\msgpiowin32.sys
12:55:33.0330 0x17ac  msgpiowin32 - ok
12:55:33.0345 0x17ac  [ 65C92EB9D08DB5C69F28C7FFD4E84E31, D709BA4723225321F665B1157A33A4AE230420752308EF535DA9A41CAC164628 ] mshidkmdf       C:\WINDOWS\System32\drivers\mshidkmdf.sys
12:55:33.0408 0x17ac  mshidkmdf - ok
12:55:33.0423 0x17ac  [ 52299F086AC2DAFD100DD5DC4A8614BA, B36BE0FC96798E5EB8C193C318970E3906961E3ABC3BFAAD73138C76D9A95B0B ] mshidumdf       C:\WINDOWS\System32\drivers\mshidumdf.sys
12:55:33.0455 0x17ac  mshidumdf - ok
12:55:33.0486 0x17ac  [ 36D92AF3343C3A3E57FEF11C449AEA4C, ECC85AA1E530DF55B4A4545798219F87F0FCA66DDD2E37BCEF0850D3C9129DD2 ] msisadrv        C:\WINDOWS\system32\drivers\msisadrv.sys
12:55:33.0517 0x17ac  msisadrv - ok
12:55:33.0548 0x17ac  [ 4EAEEBAC8CFF4E0D717DFA920BC58A90, A65CB1BB3392B6A04B978348CAC18A414560A6B04A727F22DFC0ADB20DD3AF6B ] MSiSCSI         C:\WINDOWS\system32\iscsiexe.dll
12:55:33.0611 0x17ac  MSiSCSI - ok
12:55:33.0611 0x17ac  msiserver - ok
12:55:33.0705 0x17ac  [ FB11715EEB23D0999C2295177EBBA5C0, 533754A3591B5852253C793CE08ADA6CAD0545E3A11F42430EFA9D959B6BF4F7 ] MSK80Service    C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
12:55:33.0751 0x17ac  MSK80Service - ok
12:55:33.0767 0x17ac  [ A9BBBD2BAE6142253B9195E949AC2E8D, 599D2952D4E0B0B3E02D91E38A30F4900B1ADA330716B887B156A1CB9A3E6EE9 ] MSKSSRV         C:\WINDOWS\system32\drivers\MSKSSRV.sys
12:55:33.0814 0x17ac  MSKSSRV - ok
12:55:33.0845 0x17ac  [ 51B3AC0560848CD6D65AC2033E293113, 73A27E88774C6929328E6C9FC9C389F4DF76D4D4D5CBFC4F51651CC308829628 ] MsLldp          C:\WINDOWS\system32\DRIVERS\mslldp.sys
12:55:33.0892 0x17ac  MsLldp - ok
12:55:33.0923 0x17ac  [ 7B2128EB875DCBC006E6A913211006D6, 97BBD7FF770741FBFC0F181A609AD0954EA926DA203B742E8F08C89AD8FE476E ] MSPCLOCK        C:\WINDOWS\system32\drivers\MSPCLOCK.sys
12:55:33.0955 0x17ac  MSPCLOCK - ok
12:55:33.0986 0x17ac  [ 1E88171579B218115C7A772F8DE04BD8, B9EAA835D0BF8F9C4DF8403D95EF1400E8AE38F28F9DBA87657DE2129FEF02D2 ] MSPQM           C:\WINDOWS\system32\drivers\MSPQM.sys
12:55:34.0033 0x17ac  MSPQM - ok
12:55:34.0064 0x17ac  [ BBE2A455053E63BECBF42C2F9B21FAE0, 7C5DF563499DF59DF9895A1581E47ADF5FD54C94ECEF6C886CDB60E5E95A6DAE ] MsRPC           C:\WINDOWS\system32\drivers\MsRPC.sys
12:55:34.0126 0x17ac  MsRPC - ok
12:55:34.0158 0x17ac  [ 8D6B7D515C5CBCDB75B928A0B73C3C5E, 1EB4DC3DD21D2627C78EC3F9931D9E5D033169087E43B5D7C17BF1FF2A0028CD ] mssmbios        C:\WINDOWS\System32\drivers\mssmbios.sys
12:55:34.0189 0x17ac  mssmbios - ok
12:55:34.0205 0x17ac  [ 115019AE01E0EB9C048530D2928AB4A2, 6E2275E85EACF2D0FC784792E0D72A165589D33CBAB3BCFA8E271CA09566C925 ] MSTEE           C:\WINDOWS\system32\drivers\MSTEE.sys
12:55:34.0252 0x17ac  MSTEE - ok
12:55:34.0267 0x17ac  [ 96D604A35070360F0DD4A7A8AF410B5E, F94DD1A3566C7C8D0A76D6E1E2530552A9B7F99C5DA0DE11829325EAB9F8B7ED ] MTConfig        C:\WINDOWS\System32\drivers\MTConfig.sys
12:55:34.0298 0x17ac  MTConfig - ok
12:55:34.0330 0x17ac  [ 619CA29326B82372621DB2C0964D8365, 4091F08E266DB45A6E33A4A8B1CE9FA78BB294B3111526AA9E3868620F30AFDF ] Mup             C:\WINDOWS\system32\Drivers\mup.sys
12:55:34.0377 0x17ac  Mup - ok
12:55:34.0408 0x17ac  [ B8C35C94DCB2DFEAF03BB42131F2F77F, F0FCF367CA8F722D6ABCF7F363CD406D890D71452E91C3FC6677B47AD74D6324 ] mvumis          C:\WINDOWS\system32\drivers\mvumis.sys
12:55:34.0439 0x17ac  mvumis - ok
12:55:35.0330 0x17ac  [ 8EE59A79D270E445B2D358E12EA628A8, C7F0FD66845C31A9B9D4E007D773F36C05B3C74D80F7229F531C1B7686FA36A3 ] myradioplayer   C:\Program Files (x86)\myradioplayer\myradioplayer.exe
12:55:35.0564 0x17ac  myradioplayer - ok
12:55:35.0595 0x17ac  [ 66204911D626BAC7DF9EB3E05963C95D, B9EFB2F667701DE759F5877596EED1A2B52F8C7B8F0E0108CE31BB7B8554F0A8 ] myradioplayerV1 C:\Program Files (x86)\myradioplayer\myradioplayerSvc.exe
12:55:35.0627 0x17ac  myradioplayerV1 - ok
12:55:35.0658 0x17ac  [ 2A313E41752A1C610C0F6983D83D8AFF, 8A1FD3333F9FA2DF7C02D8844263B5FAD20AE796F5F279B31A79D657E36F14ED ] myradioplayerV2 C:\Program Files (x86)\myradioplayer\myradioplayer.Service.exe
12:55:35.0689 0x17ac  myradioplayerV2 - ok
12:55:35.0783 0x17ac  [ DF3D9BD8DE05798CE1D7C52C150FAC71, 77EE6D9B28BDBD914C062AB0FB439B3336297EDCD76CE1E78437B5AE924500EE ] MyWiFiDHCPDNS   C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
12:55:35.0814 0x17ac  MyWiFiDHCPDNS - ok
12:55:35.0908 0x17ac  [ 8DF30698BDD9492A9D45A4B94FB4A82A, 26B1B2D7E785E29B8BCB74C467C66AE4EBDD481ACFF36334F3BDF4506B778244 ] napagent        C:\WINDOWS\system32\qagentRT.dll
12:55:35.0970 0x17ac  napagent - ok
12:55:36.0127 0x17ac  [ 008F7CED69FD5B30CBDE1E03C6F36A27, D4ADA7834C470B17A3CD976012DC5A511B32545B9F91D23D09A85722E0B75320 ] NativeWifiP     C:\WINDOWS\system32\DRIVERS\nwifi.sys
12:55:36.0189 0x17ac  NativeWifiP - ok
12:55:36.0267 0x17ac  [ BFCE1225D10619029E68946929CEB64C, 499F560331FFBA82E3D673B47F027FDAB7BEE4F2CB5B811D69E0218839F6E6A5 ] NcaSvc          C:\WINDOWS\System32\ncasvc.dll
12:55:36.0330 0x17ac  NcaSvc - ok
12:55:36.0361 0x17ac  [ 267C97373110B7AFD3B46DF60B6CBB85, CEBB99F71D47634BB9C04DF2836DF6B47F15B3073FEFC237F85526DF01E4E38B ] NcbService      C:\WINDOWS\System32\ncbservice.dll
12:55:36.0408 0x17ac  NcbService - ok
12:55:36.0455 0x17ac  [ 9ACED0F5B458C9011F39143326494E93, 9DFFC7EE7DE6FD92545EC6A203213C498A01EEFB0BC55460D339BCE498E56A7F ] NcdAutoSetup    C:\WINDOWS\System32\NcdAutoSetup.dll
12:55:36.0517 0x17ac  NcdAutoSetup - ok
12:55:36.0580 0x17ac  [ 6D3A2565E01B3E4B0F1BEDB0D4B00B3F, 95F2608E17CA3E25BD7958D1A49F7030EC8088BC1DF12422F1DAC5BA99113E34 ] NDIS            C:\WINDOWS\system32\drivers\ndis.sys
12:55:36.0674 0x17ac  NDIS - ok
12:55:36.0721 0x17ac  [ 8CECC8DA55F3274181FD1EA28AD76664, 188112424CEF97FB926A0FB915260B803555A775DD2E1846725A9C8616300F42 ] NdisCap         C:\WINDOWS\system32\DRIVERS\ndiscap.sys
12:55:36.0767 0x17ac  NdisCap - ok
12:55:36.0799 0x17ac  [ 269882812E9A68FFF1AFE1283D428322, 50B99EBC42DA9B46A8C2C28C9BADCF58AE3079535CDD1227D0F5C86291C715FF ] NdisImPlatform  C:\WINDOWS\system32\DRIVERS\NdisImPlatform.sys
12:55:36.0861 0x17ac  NdisImPlatform - ok
12:55:36.0893 0x17ac  [ 82821F4EEC776B4CF11695A38F3ABA46, 23184F9D31E662855DC4D23EFE7C2FE00E5487D3762B6024704A5D8C87762E1C ] NdisTapi        C:\WINDOWS\system32\DRIVERS\ndistapi.sys
12:55:36.0939 0x17ac  NdisTapi - ok
12:55:36.0971 0x17ac  [ B832B35055BA2B7B4181861FF94D8E59, 2E60E5D503E88D27E35ECFEE265D51328E93A9C7B9B931F86D9CBC947636BB00 ] Ndisuio         C:\WINDOWS\system32\DRIVERS\ndisuio.sys
12:55:37.0018 0x17ac  Ndisuio - ok
12:55:37.0033 0x17ac  [ 1F58E48EF75F34C35D8E93A0DC535CFE, D65619A6C4B1747F8B05DA08A44EF0E46B5CC384880E04E4755A2BA6CDB3C4EA ] NdisVirtualBus  C:\WINDOWS\System32\drivers\NdisVirtualBus.sys
12:55:37.0080 0x17ac  NdisVirtualBus - ok
12:55:37.0111 0x17ac  [ DEC29080202D4F9F17F55E18BCFCC41A, F7E543741B1F4F637A99C40543D6AEC6EBF893F74359BBA769D1F882E0AFB571 ] NdisWan         C:\WINDOWS\system32\DRIVERS\ndiswan.sys
12:55:37.0158 0x17ac  NdisWan - ok
12:55:37.0174 0x17ac  [ DEC29080202D4F9F17F55E18BCFCC41A, F7E543741B1F4F637A99C40543D6AEC6EBF893F74359BBA769D1F882E0AFB571 ] NdisWanLegacy   C:\WINDOWS\system32\DRIVERS\ndiswan.sys
12:55:37.0236 0x17ac  NdisWanLegacy - ok
12:55:37.0268 0x17ac  [ DDD7F92A83F74D1476B71FBA9530A8DC, D3F94FC9F48854E09B0B77CE5E1C1DB948D54EAC63C5583437051BB893B5A386 ] NDProxy         C:\WINDOWS\system32\drivers\NDProxy.sys
12:55:37.0314 0x17ac  NDProxy - ok
12:55:37.0330 0x17ac  [ 3083926D1CC5B56EA0786527B557DD1B, 3C3F0CA0D43398576DBE8F677B353ADDA7E8F56829874958CE668E31261C1590 ] Ndu             C:\WINDOWS\system32\drivers\Ndu.sys
12:55:37.0393 0x17ac  Ndu - ok
12:55:37.0439 0x17ac  [ 42FF4975D032CAE558AE4BB8448F6E5A, 0B8FACF3382443DED79A8004A6AA14C32471A6A1C6BAA543AA9F3FEC52620A6D ] NetBIOS         C:\WINDOWS\system32\DRIVERS\netbios.sys
12:55:37.0486 0x17ac  NetBIOS - ok
12:55:37.0518 0x17ac  [ 0217532E19A748F0E5D569307363D5FD, C40C2E7AFA276057E7327A7BB173122689D6CEC9AE443C3850C3F94AF03DFBF5 ] NetBT           C:\WINDOWS\system32\DRIVERS\netbt.sys
12:55:37.0564 0x17ac  NetBT - ok
12:55:37.0596 0x17ac  [ 382100E75B6F4668AEAEF228C6CEFFAD, 9C7229F10F11D18E1FED6395391A46225A84B421034B9AB6F81AF7430FDC556F ] Netlogon        C:\WINDOWS\system32\lsass.exe
12:55:37.0643 0x17ac  Netlogon - ok
12:55:37.0736 0x17ac  [ 8F074B62E66B6117D9598C62A12069C5, 5FDB19045D3E2F6D0F0C5158AC2ECB0D5404CD2AF7A319755D7E3753CA3B7CF3 ] Netman          C:\WINDOWS\System32\netman.dll
12:55:37.0814 0x17ac  Netman - ok
12:55:37.0955 0x17ac  [ 4A04B1CD5BFB4A978C5F60E86D6C3E45, A946922C1C38ADD3CF9D3B09DDCC301AE4DAC960A081B2F42B32BE1E7095B3FD ] netprofm        C:\WINDOWS\System32\netprofmsvc.dll
12:55:38.0033 0x17ac  netprofm - ok
12:55:38.0205 0x17ac  [ 1092B3190E69E0C5ECBCE90F171DE047, C16106EEFC324EE80E5F659CB71A5DD69FA800D36D829F5B0E6AD3393BD1BAF7 ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
12:55:38.0236 0x17ac  NetTcpPortSharing - ok
12:55:38.0283 0x17ac  [ D4DCE03870314D3354F3501F9DDD4123, 5BFE8299B3F72B8C39A4965365CBF5BA151024451F02DD872FAD1CC35CF94CEA ] netvsc          C:\WINDOWS\System32\drivers\netvsc63.sys
12:55:38.0330 0x17ac  netvsc - ok
12:55:38.0893 0x17ac  [ 3483D44E1B24F17E622870801403AD13, EF9C5290777A4E277D47C87A174FF9441BE23CAD2F456D35B808463041F4675C ] NETwNe64        C:\WINDOWS\system32\DRIVERS\NETwew00.sys
12:55:39.0080 0x17ac  NETwNe64 - ok
12:55:39.0174 0x17ac  [ FC91D7804B8FE5C2F0B12585C612F592, 0F43466D0F52D6A5282BD076005AC5F615C8CFCAC0D4B17B152E8AD0F556CB08 ] NitroDriverReadSpool8 C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe
12:55:39.0221 0x17ac  NitroDriverReadSpool8 - ok
12:55:39.0315 0x17ac  [ E94EB2A95D7D016E119C4D6868788831, 3E4A925D23262FBA0A6432DD635FBE94B0CEF76BD9BB323254B66977497FEE2A ] NlaSvc          C:\WINDOWS\System32\nlasvc.dll
12:55:39.0393 0x17ac  NlaSvc - ok
12:55:39.0659 0x17ac  [ 21D28C3448983A072B907E9BAC93D223, 27EF785F8A26E461EE9CDA18445E4896EB5BAE73ABE77262639320D45BC6A512 ] nlsX86cc        C:\windows\SysWOW64\NLSSRV32.EXE
12:55:39.0705 0x17ac  nlsX86cc - ok
12:55:39.0752 0x17ac  [ 8F44A2F57C9F1A19AC9C6288C10FB351, 310274DDBAC0FE4BE54ECD3B90C97D82A0F9F5CFCA7A35711A36164DE4B94074 ] Npfs            C:\WINDOWS\system32\drivers\Npfs.sys
12:55:39.0799 0x17ac  Npfs - ok
12:55:39.0830 0x17ac  [ CBDB4F0871C88DF930FC0E8588CA67FC, 7E4AA3EA81A9D532F236FD7896744F07ED07CA9B37A9F18A9778BCCCC67490F2 ] npsvctrig       C:\WINDOWS\System32\drivers\npsvctrig.sys
12:55:39.0893 0x17ac  npsvctrig - ok
12:55:39.0940 0x17ac  [ 0F12A72A753CFD7FB0631EE8D08FE983, 860A96471F6CD90DDA9AB3A48E95CEAD826C87D2FA98A00EF91B61C44A4C8B82 ] nsi             C:\WINDOWS\system32\nsisvc.dll
12:55:39.0971 0x17ac  nsi - ok
12:55:40.0018 0x17ac  [ 0E046FF5823B95326D10CF1B4AF23541, 39D22715003746527AB4BFEDED8C34B695DAF589091AE7F3A2A2C4B8A35675A9 ] nsiproxy        C:\WINDOWS\system32\drivers\nsiproxy.sys
12:55:40.0065 0x17ac  nsiproxy - ok
12:55:40.0393 0x17ac  [ 7F68063A5A0461E02BC860CE0E6BFDDC, 47E9F75D27B97278B74034B7D3951A26B1644911ED321455E08D935731C858DE ] Ntfs            C:\WINDOWS\system32\drivers\Ntfs.sys
12:55:40.0534 0x17ac  Ntfs - ok
12:55:40.0580 0x17ac  [ EF1B290FC9F0E47CC0B537292BEE5904, DBC07BBC54EBC2D2E576B23A4CE116B3DA988577AD0D96CB7289A6748A60F9EA ] Null            C:\WINDOWS\system32\drivers\Null.sys
12:55:40.0643 0x17ac  Null - ok
12:55:40.0659 0x17ac  [ BC6B5942AFF25EBAF62DE43C3807EDF8, CB0FA194084B8C309039D571B5760FDA800E9531B8660C499B4F9977BA5C36D5 ] nvraid          C:\WINDOWS\system32\drivers\nvraid.sys
12:55:40.0705 0x17ac  nvraid - ok
12:55:40.0737 0x17ac  [ 1F43ABFFAC3D6CA356851D517392966E, 6FD7621F67BA94B0E1D8F43BEC2951DBCDEEA1E848BB265AC169E27C01DA68F2 ] nvstor          C:\WINDOWS\system32\drivers\nvstor.sys
12:55:40.0784 0x17ac  nvstor - ok
12:55:40.0815 0x17ac  [ 6934A936A7369DFE37B7DBA93F5E5E49, 0900FEEB0CE8D09F0FC60630B5B986034A8BCD3882ED66E47170810C32492892 ] nv_agp          C:\WINDOWS\system32\drivers\nv_agp.sys
12:55:40.0862 0x17ac  nv_agp - ok
12:55:40.0971 0x17ac  [ 9D10F99A6712E28F8ACD5641E3A7EA6B, 70964A0ED9011EA94044E15FA77EDD9CF535CC79ED8E03A3721FF007E69595CC ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
12:55:41.0018 0x17ac  ose - ok
12:55:41.0643 0x17ac  [ 61BFFB5F57AD12F83AB64B7181829B34, 1DD0DD35E4158F95765EE6639F217DF03A0A19E624E020DBA609268C08A13846 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
12:55:41.0987 0x17ac  osppsvc - ok
12:55:42.0081 0x17ac  [ 26657F3B4F39A0E64AF859278B599C4E, 3DD65E0BCEF3045DBA29FB8171CA3FCC9781AED3A1C7A160CF26388CE80A3683 ] p2pimsvc        C:\WINDOWS\system32\pnrpsvc.dll
12:55:42.0159 0x17ac  p2pimsvc - ok
12:55:42.0206 0x17ac  [ FD8F61F0D1F64BBB3D835F39A3F979C9, E5C5F86576488EA7F605E26C06EE5AFB36506A446F60C894D55E0A148BF7F02D ] p2psvc          C:\WINDOWS\system32\p2psvc.dll
12:55:42.0284 0x17ac  p2psvc - ok
12:55:42.0315 0x17ac  [ 764B1121867B2D9B31C491668AC72B2B, 32C04B6FCE1DDD09697B81473A23BDCED8BEEFBCD0D2D58DDC9A11A33C756967 ] Parport         C:\WINDOWS\System32\drivers\parport.sys
12:55:42.0362 0x17ac  Parport - ok
12:55:42.0393 0x17ac  [ BAFF6122CFC9F95CA175AD8C348179A4, 079A912D951DF6A57BC1BDB0D182977EE9592751EC9DDCDA2932BDEDB333850C ] partmgr         C:\WINDOWS\system32\drivers\partmgr.sys
12:55:42.0456 0x17ac  partmgr - ok
12:55:42.0581 0x17ac  [ ABE95ABE27A8BD9701782BBCD82C9925, AE3BA1E9ECDE692374D8DAC95A8DAA289DD2470E3D8D58EFAD9F83A37F3AC8E5 ] PcaSvc          C:\WINDOWS\System32\pcasvc.dll
12:55:42.0659 0x17ac  PcaSvc - ok
12:55:42.0753 0x17ac  [ 91ED124E261EA8FAA1C0FFDF2A71B0C4, 20E41A38067395D03184938983A9BE459717A1941352972DBC28D83D542319EC ] pci             C:\WINDOWS\system32\drivers\pci.sys
12:55:42.0815 0x17ac  pci - ok
12:55:42.0831 0x17ac  [ 346E38FCC6859A727DD28AFAD1F0AFF4, FF3DA26F79B3BC3A5B8A8AA0B9139B9EF70297F4EA1203B1E68FB5A212C3AA58 ] pciide          C:\WINDOWS\system32\drivers\pciide.sys
12:55:42.0862 0x17ac  pciide - ok
12:55:42.0909 0x17ac  [ 4D3BDCC1C7B40C9D7B6AD990E6DEC397, 27A7AF2127B699F4579CB77936F38DC102211E26E5E2947DB808756FE06FC98E ] pcmcia          C:\WINDOWS\system32\drivers\pcmcia.sys
12:55:42.0956 0x17ac  pcmcia - ok
12:55:42.0972 0x17ac  [ BF28771D1436C88BE1D297D3098B0F7D, 5F7630916A76A8CF31289E9C577F522B999C74C39E541CD40E62BD53004BEF74 ] pcw             C:\WINDOWS\system32\drivers\pcw.sys
12:55:43.0018 0x17ac  pcw - ok
12:55:43.0050 0x17ac  [ 24A8DFC07E4BAF29AEA26E383D4CC886, 1B903FE52CD816662D37A8113930B4B7019B6996D49F1982D8F42933A3525A67 ] pdc             C:\WINDOWS\system32\drivers\pdc.sys
12:55:43.0081 0x17ac  pdc - ok
12:55:43.0253 0x17ac  [ 0ECEE590F2E2EF969FB74A6FC583A1E6, 1C611D9225C863CF32125F684B324C58BDE1942F4F283F5674133200AC505D44 ] PEAUTH          C:\WINDOWS\system32\drivers\peauth.sys
12:55:43.0315 0x17ac  PEAUTH - ok
12:55:43.0378 0x17ac  [ 8E3C640FFF5A963F570233AE99C0FFF3, 3DE978B005BF2E88BA858CE37D9E27BD3584642B8412E22C300A1E739743838A ] PerfHost        C:\WINDOWS\SysWow64\perfhost.exe
12:55:43.0425 0x17ac  PerfHost - ok
12:55:43.0644 0x17ac  [ 70B39E7241F750A248798CE82C44596D, 54A72199EB277EE586611DCBC21654786FD2196F91D5884C4F531297893CC3EC ] pla             C:\WINDOWS\system32\pla.dll
12:55:43.0831 0x17ac  pla - ok
12:55:43.0894 0x17ac  [ 2C02AFF8383D893F8DBEB07A84F6E77C, 7CC34BAC67E2988E3D16DD6EB6F6785CD2460E3EF7FBD0BD5F86E49793BD473E ] PlugPlay        C:\WINDOWS\system32\umpnpmgr.dll
12:55:44.0019 0x17ac  PlugPlay - ok
12:55:44.0050 0x17ac  [ 4570F8A37D221660F3A09D6F4DD4BA94, 0EA190CFFA53DF9CCA2D53A4EF1BCB837BA3F2489A3AC5BD11F6D6ED811D118E ] PNRPAutoReg     C:\WINDOWS\system32\pnrpauto.dll
12:55:44.0128 0x17ac  PNRPAutoReg - ok
12:55:44.0175 0x17ac  [ 26657F3B4F39A0E64AF859278B599C4E, 3DD65E0BCEF3045DBA29FB8171CA3FCC9781AED3A1C7A160CF26388CE80A3683 ] PNRPsvc         C:\WINDOWS\system32\pnrpsvc.dll
12:55:44.0284 0x17ac  PNRPsvc - ok
12:55:44.0347 0x17ac  [ BDD52AB4AEBB8B1904568DBD0CCB70CB, C3D1DBA349C79B43DCDD9EF5255C5EE973EFB844235B808B5EF9B63A51FF00AA ] PolicyAgent     C:\WINDOWS\System32\ipsecsvc.dll
12:55:44.0456 0x17ac  PolicyAgent - ok
12:55:44.0503 0x17ac  [ C8DD82C3035E60D671B8CC5DF128D3A9, 6AABF632CBEDA9A7B553BC9134FF100CB6FDC88000D499D2883408FCEDD97576 ] Power           C:\WINDOWS\system32\umpo.dll
12:55:44.0581 0x17ac  Power - ok
12:55:44.0831 0x17ac  [ 3C96A45CA3403A276B0F045C448EC27B, C0011DB8C5A85817CAF815CC0095EE2C1CDD5964DCD8EAF4C35A2495D6A873CC ] PrintNotify     C:\WINDOWS\system32\spool\drivers\x64\3\PrintConfig.dll
12:55:45.0162 0x17ac  PrintNotify - ok
12:55:45.0190 0x17ac  [ ECD373F9571C745894367CC2635EA44F, E08B2A1017DAE1BF10B986DAFAD14BDE20D79703E0EF3A8C700A3753908C1392 ] Processor       C:\WINDOWS\System32\drivers\processr.sys
12:55:45.0283 0x17ac  Processor - ok
12:55:45.0330 0x17ac  [ 19424364D8C03B990C4281BE53963FD0, 958FC8436E6B754858E20BC48B0D4B269991E8CA94C15C2761BF04ED52591907 ] ProfSvc         C:\WINDOWS\system32\profsvc.dll
12:55:45.0408 0x17ac  ProfSvc - ok
12:55:45.0533 0x17ac  [ 2EF590B1064A1720CEADBB69F6AE4B46, 049F07E8506349F6C10330CC1BAB998EFA243A4656738EAA2CFF6930EABCA72C ] Proxy           C:\Program Files (x86)\Common Files\Diagnostics\node\service.exe
12:55:45.0565 0x17ac  Proxy - detected UnsignedFile.Multi.Generic ( 1 )
12:55:45.0565 0x17ac  Proxy ( UnsignedFile.Multi.Generic ) - warning
12:55:45.0612 0x17ac  [ FC0141B4A5AD6D637D883C1A89FC45C5, DCE8942C02EEDAE7A57707CA60CAC3A8CD6BA68E6571E405CA882D4DD6D69E43 ] Psched          C:\WINDOWS\system32\DRIVERS\pacer.sys
12:55:45.0690 0x17ac  Psched - ok
12:55:45.0846 0x17ac  [ 9B2C6DF4FA4BE3574EAAE673F0CD5C2A, 3C4E2AD278B155F800C4AB3703135E470896EFBED629870B95DDC613B9BD04FD ] qelejify        C:\Users\Pradeepa\AppData\Roaming\5D46E0FF-1432837580-E211-A330-208984ECA4BC\jnst4784.tmp
12:55:45.0877 0x17ac  qelejify - detected UnsignedFile.Multi.Generic ( 1 )
12:55:45.0877 0x17ac  qelejify ( UnsignedFile.Multi.Generic ) - warning
12:55:45.0940 0x17ac  [ DAA9DEE0A5D5F238C4EE54C2C7FB67C5, 7EC8C603BD92699AC35BDCD294F13BEE90D5C2C195FD93A3F16928BFCF53CA93 ] QWAVE           C:\WINDOWS\system32\qwave.dll
12:55:46.0018 0x17ac  QWAVE - ok
12:55:46.0049 0x17ac  [ 83868EB2924E6BC21A54337C65D614D1, 8D1BE01EBD190231153B867C32120DC8FBFBD32050448A778134D435D76A0B07 ] QWAVEdrv        C:\WINDOWS\system32\drivers\qwavedrv.sys
12:55:46.0096 0x17ac  QWAVEdrv - ok
12:55:46.0096 0x17ac  Suspicious service (NoAccess): raifkoncut
12:55:46.0396 0x17ac  [ C416AEDAE3FDCCDE18411B475AEEB6A4, A3DEA84AFB4F77A75EE4EC185DB101E6B47F8BD0DE8274D85035EC06FEA75A30 ] raifkoncut      C:\ProgramData\boostwebapp\1.1.0.31\ikuamys.exe
12:55:46.0412 0x17ac  Suspicious file ( Hidden ): C:\ProgramData\boostwebapp\1.1.0.31\ikuamys.exe. md5: C416AEDAE3FDCCDE18411B475AEEB6A4, sha256: A3DEA84AFB4F77A75EE4EC185DB101E6B47F8BD0DE8274D85035EC06FEA75A30
12:55:46.0412 0x17ac  raifkoncut - detected LockedService.Multi.Generic ( 1 )
12:55:46.0412 0x17ac  raifkoncut ( LockedService.Multi.Generic ) - warning
12:55:46.0427 0x17ac  [ B337B1F1E82A83E20A1743E008E25C0F, A2E8AF041B4CAB78AEE28A2147A189FF0F9D2FCEFB167D60FBBA0A787A5A5BE7 ] RasAcd          C:\WINDOWS\system32\DRIVERS\rasacd.sys
12:55:46.0490 0x17ac  RasAcd - ok
12:55:46.0521 0x17ac  [ 044638489B4A5FE5334F46C5314A0826, E06CC2A9EF369794DAD69FBB5AFD1676D4283DDAB2AD5E3EFE454C473F62F955 ] RasAuto         C:\WINDOWS\System32\rasauto.dll
12:55:46.0584 0x17ac  RasAuto - ok
12:55:46.0709 0x17ac  [ F83B38FCD4F69157B3D158433FA149CC, AB103BD3E2B3B134CB355C556DF70BCF0CF4DB11EFF7DB4A9876D5AA43D81293 ] RasMan          C:\WINDOWS\System32\rasmans.dll
12:55:46.0771 0x17ac  RasMan - ok
12:55:46.0834 0x17ac  [ 5247F308C4103CDC4FE12AE1D235800A, E567CD33CA1897D53795E071B7AFBAF98B2C8F725F8BED0BA90F5EF611520E48 ] RasPppoe        C:\WINDOWS\system32\DRIVERS\raspppoe.sys
12:55:46.0881 0x17ac  RasPppoe - ok
12:55:46.0943 0x17ac  [ A1A5E79C0D1352AFDC08328A623DA051, 01546DDE6F1FF159A7EB7F2BF104910445D3D863F1F37DEA695579BA60D84280 ] rdbss           C:\WINDOWS\system32\DRIVERS\rdbss.sys
12:55:47.0006 0x17ac  rdbss - ok
12:55:47.0052 0x17ac  [ 6B21EBF892CD8CACB71669B35AB5DE32, 0AD8E14FEF16FB2559F5FC8AFBC9D49E4E24F43CF65F480DBF9FAB593269B419 ] rdpbus          C:\WINDOWS\System32\drivers\rdpbus.sys
12:55:47.0099 0x17ac  rdpbus - ok
12:55:47.0131 0x17ac  [ 680C1DAE268B6FB67FA21B389A8B79EF, 856911F77BDD8830C3D683EBE8AF399FB3A54C7D8D0B34EA37D903377F0A39BD ] RDPDR           C:\WINDOWS\system32\drivers\rdpdr.sys
12:55:47.0196 0x17ac  RDPDR - ok
12:55:47.0234 0x17ac  [ BC8A79C625568DDB7DCA49D0C2741A64, AB0A7ED9EC2282EC0356D27EA4F70515943E41C2112428B787636B8BEC278933 ] RdpVideoMiniport C:\WINDOWS\system32\drivers\rdpvideominiport.sys
12:55:47.0250 0x17ac  RdpVideoMiniport - ok
12:55:47.0281 0x17ac  [ A26AEC49F318FEE141DDDB2C5F99B3E6, 246AD79FF27E79DEDCB0AAA7C22A8EA6349DEDAC863413A1E378E68FD94C9C4F ] rdyboost        C:\WINDOWS\system32\drivers\rdyboost.sys
12:55:47.0312 0x17ac  rdyboost - ok
12:55:47.0406 0x17ac  [ 615DFD97DEA56CE1C3A52185A3038FF8, 707BF5F9FAE478A12656D15013F507CC1335E7B72BD21CA99BB813CB95E37BC0 ] ReFS            C:\WINDOWS\system32\drivers\ReFS.sys
12:55:47.0484 0x17ac  ReFS - ok
12:55:47.0578 0x17ac  [ 46D01172EDDACDD1EB75648D5E17D5E2, 74D91D53A63ABF3FD3C44B410AABDB8BCFBC16E9BD419B0AA8DF36F775CC33B6 ] RegSrvc         C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
12:55:47.0609 0x17ac  RegSrvc - ok
12:55:47.0656 0x17ac  [ 0CF7CB56BF2D5E9DBCEE0185CB626FAD, 2BD2E2FB1D2EADD1F70EF55E8523C353F95D4FEB1BAD5017FA4D94F790F27825 ] RemoteAccess    C:\WINDOWS\System32\mprdim.dll
12:55:47.0687 0x17ac  RemoteAccess - ok
12:55:47.0781 0x17ac  [ AC8785B53F8436058C90450DA1840AE7, CC1FFC2713910211F8A6AD532DBB9253ACD188CBD784F1BE6613DF382825A3C1 ] RemoteRegistry  C:\WINDOWS\system32\regsvc.dll
12:55:47.0828 0x17ac  RemoteRegistry - ok
12:55:47.0859 0x17ac  [ DC66AE45816614D2999DCD3834DCCC4E, 1C26225135E851DDD1307F52401DD7055B26B3F3B8FDD693B21042C2896E235A ] RFCOMM          C:\WINDOWS\System32\drivers\rfcomm.sys
12:55:47.0937 0x17ac  RFCOMM - ok
12:55:48.0078 0x17ac  [ FBA61BB4C484A01A655AFB18FF86C417, D53B2110CB09D0A909C4E330C468351BFE076BB056CCDDCB8ADA2FB91E96352E ] RichVideo64     C:\Program Files\CyberLink\Shared files\RichVideo64.exe
12:55:48.0125 0x17ac  RichVideo64 - ok
12:55:48.0172 0x17ac  [ 65B9FDE300A6DECC03BA44C4616DCAD6, CAD992982733DD20282A3453DC4E554AE1FC077C35479C0CA4E8BC3A9DCD3BB0 ] RpcEptMapper    C:\WINDOWS\System32\RpcEpMap.dll
12:55:48.0219 0x17ac  RpcEptMapper - ok
12:55:48.0250 0x17ac  [ A737B433ABAF3F2DCB2BD7B4CC582B26, 3B5706B0CF0969A9F82060FD4DCC745F2D83C066B663FE8A4F0F493B64032C9C ] RpcLocator      C:\WINDOWS\system32\locator.exe
12:55:48.0281 0x17ac  RpcLocator - ok
12:55:48.0500 0x17ac  [ A6F17C299A03BAFEFB9257C462A19E00, EB68967D28355271897166D7B6FD963D1E546D3C24AE1AEAAC561F94357A9345 ] RpcSs           C:\WINDOWS\system32\rpcss.dll
12:55:48.0562 0x17ac  RpcSs - ok
12:55:48.0609 0x17ac  [ 2D05A5508F4685412F2B89E8C2189ABC, 82F12B4E0E73411A121EFD35FBD3B44CBBC0AE96ACFBB45D8C3C3777E2EA320D ] rspndr          C:\WINDOWS\system32\DRIVERS\rspndr.sys
12:55:48.0641 0x17ac  rspndr - ok
12:55:48.0719 0x17ac  [ 55D45B4B7EC9C5DE2DE8C61C592463CF, 6DFFCFCD1761B72A88E36D55642B8A1951DBD71B0621EE26D82399DF6D05C2DE ] RSUSBVSTOR      C:\WINDOWS\System32\Drivers\RtsUVStor.sys
12:55:48.0734 0x17ac  RSUSBVSTOR - ok
12:55:50.0462 0x17ac  [ 72DD449BAFC25BBFA48040CE5337092A, 102D64976874C682FCA806D66379F655FCC5F73AD9476DC485325BB963932393 ] rtsuvc          C:\WINDOWS\system32\DRIVERS\rtsuvc.sys
12:55:50.0993 0x17ac  rtsuvc - ok
12:55:51.0040 0x17ac  [ 1A063730F221B2746FF00457AE17E4F0, 39A3C258CBFE3BC566C63528C9020A3BC9409736AE5289C08A7BA471D8409263 ] s3cap           C:\WINDOWS\System32\drivers\vms3cap.sys
12:55:51.0087 0x17ac  s3cap - ok
12:55:51.0134 0x17ac  [ 382100E75B6F4668AEAEF228C6CEFFAD, 9C7229F10F11D18E1FED6395391A46225A84B421034B9AB6F81AF7430FDC556F ] SamSs           C:\WINDOWS\system32\lsass.exe
12:55:51.0181 0x17ac  SamSs - ok
12:55:51.0243 0x17ac  [ C624A1B32211C3166EDB3F4AB02A30B7, 6B2A4607DB52D74242787ED9DF9067058983D310431D8612D2B0236E6201E681 ] sbp2port        C:\WINDOWS\system32\drivers\sbp2port.sys
12:55:51.0290 0x17ac  sbp2port - ok
12:55:51.0368 0x17ac  [ 74A3B67F03877D06B09B1B40C5ED582E, A8FF9BF416F0BF365BFB4E1796859825C811A74B5E54DDDCE8345193BEEBE206 ] SCardSvr        C:\WINDOWS\System32\SCardSvr.dll
12:55:51.0447 0x17ac  SCardSvr - ok
12:55:51.0493 0x17ac  [ 0E3B268357B750D93584981766FA0816, CCDFF71FF75D6E062952E677290CDC98C56BE921B2B9B6B2B388F07A8A5AEC1F ] SCDEmu          C:\WINDOWS\system32\drivers\SCDEmu.sys
12:55:51.0556 0x17ac  SCDEmu - ok
12:55:51.0603 0x17ac  [ 8B9C4D55B4A536FB01C360DDB9533574, 9B939FE68F6F9C171ED0D91E2CE1E67515295D34EC23606BCDFD097DCC8CFD4A ] ScDeviceEnum    C:\WINDOWS\System32\ScDeviceEnum.dll
12:55:51.0665 0x17ac  ScDeviceEnum - ok
12:55:51.0712 0x17ac  [ 13BEA6C882D4D877A5A85CA149C86BC1, 8E9BE5C2A36D5881D9985C3A31309FE03966EA13A3541D3C5B542AB67FA0D55F ] scfilter        C:\WINDOWS\system32\DRIVERS\scfilter.sys
12:55:51.0775 0x17ac  scfilter - ok
12:55:52.0040 0x17ac  [ A626F5E446860F22835E783142D7AE33, 3A786639E1FABCA512F4F91A10811DD3C4D9C9C9BB893362E4D019219D0BD8E2 ] Schedule        C:\WINDOWS\system32\schedsvc.dll
12:55:52.0165 0x17ac  Schedule - ok
12:55:52.0244 0x17ac  [ 41C0D7B1A6D4AD119BA6AC0487EA5C8E, 516C2B34BA7507D0DA4148B4ABC0A8C36286570D4EA5C60B28647B1249C15018 ] SCPolicySvc     C:\WINDOWS\System32\certprop.dll
12:55:52.0290 0x17ac  SCPolicySvc - ok
12:55:52.0384 0x17ac  [ C54B6B2170BF628FD42F799A66956D75, BCF460A124CAA6F1F1A9A7BCBDCC2D5E39B0404D96B7C9FFAC806E041782B91E ] sdbus           C:\WINDOWS\System32\drivers\sdbus.sys
12:55:52.0431 0x17ac  sdbus - ok
12:55:52.0494 0x17ac  [ 0B1E929D11A8E358106955603FAC65E8, A5EC91BFC0873EC6AB1D0DB4E91654BD35339BD680E7E82DA2DC64996B4AE515 ] sdstor          C:\WINDOWS\System32\drivers\sdstor.sys
12:55:52.0540 0x17ac  sdstor - ok
12:55:52.0572 0x17ac  [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv          C:\WINDOWS\system32\drivers\secdrv.sys
12:55:52.0634 0x17ac  secdrv - ok
12:55:52.0681 0x17ac  [ BA24CEA7152239F42ECD04AFB7C89D24, A2A11EABB0C283772B74667C7544B61BEB1B9745FBF065E831542129EB585AFA ] seclogon        C:\WINDOWS\system32\seclogon.dll
12:55:52.0728 0x17ac  seclogon - ok
12:55:52.0759 0x17ac  [ 81FE9A81EDF8016816C9E91FBFBF7D35, 87FB92A3D15F312F0B9C423EF851061A944B013E5668D8C9A441B4DC0EB690AF ] SENS            C:\WINDOWS\System32\sens.dll
12:55:52.0806 0x17ac  SENS - ok
12:55:52.0900 0x17ac  [ 6E4012AE67F09F867EF620C8D5524C0B, 63933E51F8E413E63481369CE2F9FD224560550FBD3BD2B4573E9F4AD88708A2 ] SensrSvc        C:\WINDOWS\system32\sensrsvc.dll
12:55:52.0978 0x17ac  SensrSvc - ok
12:55:53.0009 0x17ac  [ DB2FF24CE0BDD15FE75870AFE312BA89, 7DB0D978C92CD0A0A81F7AB46FE323B4929CEA01585B0F330921E6DFA7DE1B85 ] SerCx           C:\WINDOWS\system32\drivers\SerCx.sys
12:55:53.0103 0x17ac  SerCx - ok
12:55:53.0166 0x17ac  [ 0044B31F93946D5D41982314381FE431, 95B8A94BA9EF770F29ACD5B23D447EC2B6CF1CB3D0030343BA1550AC31F6E2A5 ] SerCx2          C:\WINDOWS\system32\drivers\SerCx2.sys
12:55:53.0212 0x17ac  SerCx2 - ok
12:55:53.0244 0x17ac  [ 3CD600C089C1251BEEB4CD4CD5164F9E, D9F81951B4454B24E821E33ACA53A851A61F3135E8EC6FBE6761A1A3E1CDCBE2 ] Serenum         C:\WINDOWS\System32\drivers\serenum.sys
12:55:53.0291 0x17ac  Serenum - ok
12:55:53.0337 0x17ac  [ D864381BC9C725FAB01D94C060660166, 132FED95222BBE3B0B25B3F1F0EFC5903D04564BD047BA4D2042AD51E3FDA724 ] Serial          C:\WINDOWS\System32\drivers\serial.sys
12:55:53.0400 0x17ac  Serial - ok
12:55:53.0447 0x17ac  [ 96B01F117057FB4DAE0FF919ACB55770, D0F58F1CAE4F81D60FCE60BB0065A34B4F897E8105DF17B6DAA334938CD25A56 ] sermouse        C:\WINDOWS\System32\drivers\sermouse.sys
12:55:53.0509 0x17ac  sermouse - ok
12:55:53.0603 0x17ac  [ 3A2F1A7472C3B7CC9B89C8516C726488, 9BCBBAC10C900EA7B30822B463A77EE5067F217C4B490857A09E5277983CB89B ] SessionEnv      C:\WINDOWS\system32\sessenv.dll
12:55:53.0712 0x17ac  SessionEnv - ok
12:55:53.0728 0x17ac  [ 472B7A5AC181C050888DB454663DD764, C950A8615D57BFD455E18880398350642B2E1D6B951EC9754FD8D429F3418835 ] sfloppy         C:\WINDOWS\System32\drivers\sfloppy.sys
12:55:53.0791 0x17ac  sfloppy - ok
12:55:53.0931 0x17ac  [ 8081FF3DAE8159FE8956B09BC29CE983, AC0F305AEE8B1AB2E1275F1D33EC1D2F3E23F234F831BD9D41F415A94A19D3AB ] SharedAccess    C:\WINDOWS\System32\ipnathlp.dll
12:55:53.0994 0x17ac  SharedAccess - ok
12:55:54.0072 0x17ac  [ 7FD9A61A3523A61FC135D61D6E160314, 409E1CF7A62FD90CBC31AEAFBB7230B02DBEC6CFCA2D266D221A7643FAEBA13B ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
12:55:54.0150 0x17ac  ShellHWDetection - ok
12:55:54.0197 0x17ac  [ 2F518D13DD6F3053837FE606F1A2EA1F, 64109296CE95BD233525688A350D575CF97B9464659AA07CF78B307B6ADBC835 ] SiSRaid2        C:\WINDOWS\system32\drivers\SiSRaid2.sys
12:55:54.0244 0x17ac  SiSRaid2 - ok
12:55:54.0260 0x17ac  [ 1AC9A200A9C49C4508F04AAFFCA34A3F, 972BCB2A39169155F74111FAC74ACCD8F50E34EADCF087833B0980827627BBF4 ] SiSRaid4        C:\WINDOWS\system32\drivers\sisraid4.sys
12:55:54.0291 0x17ac  SiSRaid4 - ok
12:55:54.0478 0x17ac  [ 704B4F81729F676BBF034529FC334D82, 1E50DAF97836807A500284385D99272780A8B69CA88761250451060B207824F8 ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
12:55:54.0541 0x17ac  SkypeUpdate - ok
12:55:54.0557 0x17ac  [ 3C84DCCE5B322F745A75CA8BA3A0F6B3, 1FB94A8A1C63D6FDB82E28ED5B696B3CB1F64183A89A3B5153B266C292CB7815 ] smphost         C:\WINDOWS\System32\smphost.dll
12:55:54.0619 0x17ac  smphost - ok
12:55:54.0682 0x17ac  [ D0EB0DF8C603BBA084351A92732B1CBE, E24ED8F78EF41C1BC17386AE4BBCE0DC892C5B89B12C03FC9FB61D359B13F1B4 ] SNMPTRAP        C:\WINDOWS\System32\snmptrap.exe
12:55:54.0760 0x17ac  SNMPTRAP - ok
12:55:54.0900 0x17ac  [ D24B1945ED1F9C96DA786DBBF1E983CE, B46CB0B72B7A3DF94A46B8D65E38535C5F8E72A55CF2DC48EFA1F9A0108691C4 ] spaceport       C:\WINDOWS\system32\drivers\spaceport.sys
12:55:54.0963 0x17ac  spaceport - ok
12:55:54.0994 0x17ac  [ F337BE11071818FC3F5DC2940B6BDE34, D5CFF00E5DF37045F71AEE101AC9B270EBB29F372F404757B58600E9966C7E4D ] SpbCx           C:\WINDOWS\system32\drivers\SpbCx.sys
12:55:55.0025 0x17ac  SpbCx - ok
12:55:55.0103 0x17ac  [ FCB156A6745631A67DEA61827061D483, 9275ABFA1E1E595969A71C0DA228D18D1B868BF46E097E1276142BD80F8A32C9 ] Spooler         C:\WINDOWS\System32\spoolsv.exe
12:55:55.0213 0x17ac  Spooler - ok
12:55:55.0557 0x17ac  [ C993A0B97BECD3AAF5158E3869878465, 8B86F37DEFCBE55DE507D830EC4980EBB39B3CCA30C2B3E76B588AAB282A50FC ] sppsvc          C:\WINDOWS\system32\sppsvc.exe
12:55:56.0025 0x17ac  sppsvc - ok
12:55:56.0104 0x17ac  [ 6416E79A58A8FCC33A447A4DDDD3BF04, 839E3107ACCD520C309BD6C8324DF7A8EB724EAD442AB1F1CACB0D83F84BE488 ] srv             C:\WINDOWS\system32\DRIVERS\srv.sys
12:55:56.0182 0x17ac  srv - ok
12:55:56.0360 0x17ac  [ 00D8AC8E3053290BDE6EA2FB6810D2FC, 957FEF84CBBAE71829529AE99A1B24F52D7831BD666442D0132FBB825409A75D ] srv2            C:\WINDOWS\system32\DRIVERS\srv2.sys
12:55:56.0453 0x17ac  srv2 - ok
12:55:56.0516 0x17ac  [ D047CD668E6277FD80F0C613946F034C, BD0209E7FD89F9295D4DE48C9652DF2A2990277C16AFA473B96704B1CBD2F338 ] srvnet          C:\WINDOWS\system32\DRIVERS\srvnet.sys
12:55:56.0594 0x17ac  srvnet - ok
12:55:56.0656 0x17ac  [ CF6C3037839CF78421A94F9060C2886F, CA98C180AE03F5BE8FEFFBA75BD98DEE2AD4FA975E1EF83215C9CD2476946811 ] SSDPSRV         C:\WINDOWS\System32\ssdpsrv.dll
12:55:56.0735 0x17ac  SSDPSRV - ok
12:55:56.0797 0x17ac  [ 198A737DBA666F4808D62E9A8277A6B7, 90B6E5E2ACE95D850C913A3A1DA1F966C44955C530004C228FA93B2A536F5C27 ] SstpSvc         C:\WINDOWS\system32\sstpsvc.dll
12:55:56.0875 0x17ac  SstpSvc - ok
12:55:56.0906 0x17ac  [ 5252D7BC56E5E0ED715AEA8FE173A455, 1408B3E98B35A449434718777EE70595F0D306197A428279C6281D2F1953F259 ] ssudmdm         C:\WINDOWS\system32\DRIVERS\ssudmdm.sys
12:55:56.0953 0x17ac  ssudmdm - ok
12:55:56.0969 0x17ac  [ 366DEA74BBA65B362BCCFC6FC2ADFD8B, 4D28122AB9D8DAB724021E6513B4474BD34FCEDF47769B1D27AC7551FCA002F8 ] stexstor        C:\WINDOWS\system32\drivers\stexstor.sys
12:55:57.0016 0x17ac  stexstor - ok
12:55:57.0094 0x17ac  [ 63E9CE568CF1192771A5F0460DE7D2B9, C27B21FD2C14AD41A59EF62EB8AC95C08EB13CCB1CEECD8378B8CDD4DC352E69 ] stisvc          C:\WINDOWS\System32\wiaservc.dll
12:55:57.0219 0x17ac  stisvc - ok
12:55:57.0250 0x17ac  [ 0ED2E318ABB68C1A35A8B8038BDB4C90, 5C3ABC245F4BCFE64E646D9C0E2F5E211244956C84D03084C71FF6A7E0CDED30 ] storahci        C:\WINDOWS\system32\drivers\storahci.sys
12:55:57.0297 0x17ac  storahci - ok
12:55:57.0328 0x17ac  [ 8B9486B64E5FC17FB9CC04CA10B77A34, C1EAC9D27DC83E4C56B890D97988C3CCFAE3877309610601F2E3FFFE97686D43 ] storflt         C:\WINDOWS\system32\drivers\vmstorfl.sys
12:55:57.0375 0x17ac  storflt - ok
12:55:57.0406 0x17ac  [ 6B06E2D11E604BE2B1A406C4CB3B90DE, 2DDEA1568A85AD64FCE5D10D348304FCD9BE6E96C2313353EF70A2933306D188 ] stornvme        C:\WINDOWS\system32\drivers\stornvme.sys
12:55:57.0438 0x17ac  stornvme - ok
12:55:57.0469 0x17ac  [ A45F5AC9D8069D0EC66E3CA73103073B, 996788F1C58E016E8E5CF3FD1D220A3C40AFFD6C21361A34636415DB12E0D381 ] StorSvc         C:\WINDOWS\system32\storsvc.dll
12:55:57.0531 0x17ac  StorSvc - ok
12:55:57.0547 0x17ac  [ 548759755BC73DAD663250239D7E0B9F, D31A05A8CE800B539420B6E545F1F4BF6E4B02EAF8366DE89CAF13A83C6CA48D ] storvsc         C:\WINDOWS\system32\drivers\storvsc.sys
12:55:57.0594 0x17ac  storvsc - ok
12:55:57.0625 0x17ac  [ E395BE02F80A79A6CF973BA38DBB8135, 4C6F85B0EB8E7725BA720F9742561D229726C0D7C17505D1E79F19A5626F6325 ] svsvc           C:\WINDOWS\system32\svsvc.dll
12:55:57.0672 0x17ac  svsvc - ok
12:55:57.0719 0x17ac  [ 65454187E0F8B6C0DCECB0287D06EC43, 87550000CF5B3C1DF3E69633934AFE8554AE40B6638F190D3185AD63F1D7A2EE ] swenum          C:\WINDOWS\System32\drivers\swenum.sys
12:55:57.0750 0x17ac  swenum - ok
12:55:57.0828 0x17ac  [ 1C71D72D4997A284128FBEE770726330, 21682BDE74A1108FED1124FB1EA35A03CBFA94ABE1B89CC0FADB4DD82596C43E ] swprv           C:\WINDOWS\System32\swprv.dll
12:55:57.0938 0x17ac  swprv - ok
12:55:58.0016 0x17ac  [ 3114CB46C2853CA71525428CB0C7CB58, A9CC51506AABBC23BAB2B90E30AB13197A72268A3DE6D2F281C1C367ED7118AE ] SysMain         C:\WINDOWS\system32\sysmain.dll
12:55:58.0157 0x17ac  SysMain - ok
12:55:58.0203 0x17ac  [ 23BECB70654B192A7E378DEE3DBD8D42, 7596174AE7508B62C40A429645198F6A420D0CD5B62A10AB78516113584E7EDB ] SystemEventsBroker C:\WINDOWS\System32\SystemEventsBrokerServer.dll
12:55:58.0282 0x17ac  SystemEventsBroker - ok
12:55:58.0329 0x17ac  [ D6A71B95ACF71ACA63B67232059F1BCD, C5CEC032E7AB507500D1CC7A4E65DA6322412C798201A9D770CBDE892E50DFC8 ] TabletInputService C:\WINDOWS\System32\TabSvc.dll
12:55:58.0407 0x17ac  TabletInputService - ok
12:55:58.0454 0x17ac  [ 5A5BAB1CA9621E73E25EE4744B67CDA6, 479EBD7BAE1E2AD431153FDC016742F7A8D824716EAB1A4CA87EBBD21D61DECD ] TapiSrv         C:\WINDOWS\System32\tapisrv.dll
12:55:58.0563 0x17ac  TapiSrv - ok
12:55:58.0719 0x17ac  [ 468273F7089A3A33D149955F0F203FA4, 18FD0B73FBD63550E904EE76D4323EFE163BFF8C3DC6DE67F4BE6003C7DC6879 ] Tcpip           C:\WINDOWS\system32\drivers\tcpip.sys
12:55:58.0938 0x17ac  Tcpip - ok
12:55:59.0079 0x17ac  [ 468273F7089A3A33D149955F0F203FA4, 18FD0B73FBD63550E904EE76D4323EFE163BFF8C3DC6DE67F4BE6003C7DC6879 ] TCPIP6          C:\WINDOWS\system32\DRIVERS\tcpip.sys
12:55:59.0267 0x17ac  TCPIP6 - ok
12:55:59.0314 0x17ac  [ 41CF802064F72E55F50CA0A221FD36D4, 70ABCDF9E96611E8C83042C581575E26649FE479475E8E118CD3FF6CB1C84C3F ] tcpipreg        C:\WINDOWS\system32\drivers\tcpipreg.sys
12:55:59.0345 0x17ac  tcpipreg - ok
12:55:59.0392 0x17ac  [ FFF28F9F6823EB1756C60F1649560BBF, 208DFF8BF0329D0D4761C7E31527AEED7FF5F3C36C5005953D01477F35408D5C ] tdx             C:\WINDOWS\system32\DRIVERS\tdx.sys
12:55:59.0439 0x17ac  tdx - ok
12:56:00.0158 0x17ac  [ 4ACFC5853A3F0C6C2F54E537C23EE90F, 47D81F471A250696A1A0D19294FC553EB88D813612A8351C89F65D7BF99C8532 ] TeamViewer9     C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
12:56:00.0486 0x17ac  TeamViewer9 - ok
12:56:00.0517 0x17ac  [ 232D185D2337F141311D0CF1983E1431, 02EB56D3F26174AF1741C1A444CE30DE84D5BAF583C1A52C7A953BCC52445547 ] terminpt        C:\WINDOWS\System32\drivers\terminpt.sys
12:56:00.0564 0x17ac  terminpt - ok
12:56:00.0814 0x17ac  [ C50997E282576DA492EBA66B059D4196, EBD793CB396F9503376207FA60353F5672DEDB620C8E01C8D6AE0030B3B03339 ] TermService     C:\WINDOWS\System32\termsrv.dll
12:56:00.0939 0x17ac  TermService - ok
12:56:00.0986 0x17ac  [ 2180DBCE75B914E5E5BBFFFAAE97AA21, 8000AECC8855903DB50ABA7E304396D1FCEAE8DC9ADD4FC50275CF24B4D914DE ] Themes          C:\WINDOWS\system32\themeservice.dll
12:56:01.0033 0x17ac  Themes - ok
12:56:01.0064 0x17ac  [ 4C5179DB61B9E14BEC15CDC4B152B2E9, 9048BEC7AD6A3F4B640E99B1F0365AC9A46740B188758FBB2C160EF30AD6E64B ] THREADORDER     C:\WINDOWS\system32\mmcss.dll
12:56:01.0111 0x17ac  THREADORDER - ok
12:56:01.0189 0x17ac  [ B5ED9CC61798C7D44BD535D40B89EFB5, 1BDCEAA9AF2096381870D92129C748F4EE06A1167ABA9367B9DD43BAF27E3F5B ] TimeBroker      C:\WINDOWS\System32\TimeBrokerServer.dll
12:56:01.0252 0x17ac  TimeBroker - ok
12:56:01.0268 0x17ac  [ 82F909359600D3603FE852DB7F135626, 2EB2BB9D81AC9A2E432B2628E296B7B21F1C82EAE8009300EEF1B8596A9F418D ] TPM             C:\WINDOWS\system32\drivers\tpm.sys
12:56:01.0299 0x17ac  TPM - ok
12:56:01.0361 0x17ac  [ 884113C2BB703FE806C8608B75F34831, 24DE5750CA4363455412BABB0B1FAB08497153E8F158ED44958F100410F93506 ] TrkWks          C:\WINDOWS\System32\trkwks.dll
12:56:01.0408 0x17ac  TrkWks - ok
12:56:01.0471 0x17ac  [ 44A94FB4C76528D2382FFE04B05827C3, B0BCDF7CD1D65E61A9061D539D83527A89B69583958F8A26C6BF9766C1B61E0C ] TrustedInstaller C:\WINDOWS\servicing\TrustedInstaller.exe
12:56:01.0518 0x17ac  TrustedInstaller - ok
12:56:01.0549 0x17ac  [ BF8F54CA37E9C9D6582C31C5761F8C93, 337C566792F6FB9B7FD5D1D4384B767CFE4CF5DBB2E4688CCC36CBB018A0DD0F ] TsUsbFlt        C:\WINDOWS\system32\drivers\tsusbflt.sys
12:56:01.0611 0x17ac  TsUsbFlt - ok
12:56:01.0627 0x17ac  [ 20185BEB7512EDE4EFECDFA148AC9F99, 6F539478493C0F87F3DDF67A4A6D4D41E9474EEF21434E856350CE149A34EA9F ] TsUsbGD         C:\WINDOWS\System32\drivers\TsUsbGD.sys
12:56:01.0674 0x17ac  TsUsbGD - ok
12:56:01.0721 0x17ac  [ C8E0E78B5D284C2FF59BDFFDAF997242, BA1576C491A1246EF9866762426D110F4570F9DB42A68C174943C7D5020FE3E2 ] tunnel          C:\WINDOWS\system32\DRIVERS\tunnel.sys
12:56:01.0768 0x17ac  tunnel - ok
12:56:01.0814 0x17ac  [ F6EEAD052943B5A3104C1405BB856C54, FE422813E6C1012E9F392EFF2AE4C6D3A4DBD9CB2BD5E6A5CAB57D4E89A29468 ] uagp35          C:\WINDOWS\system32\drivers\uagp35.sys
12:56:01.0846 0x17ac  uagp35 - ok
12:56:01.0877 0x17ac  [ FE6067B1FD4E63650C667B33D080565B, 2C330ED00E49BA55E25564230E0DFB8A35F2B5320EB18D4AF7CAACFA9A449044 ] UASPStor        C:\WINDOWS\System32\drivers\uaspstor.sys
12:56:01.0908 0x17ac  UASPStor - ok
12:56:01.0986 0x17ac  [ 807F8CF3E973305FC435C61CBBEE2A49, 43CDEAC2BFC5091C11DFC0E7F7171AF9A598AE56CB056C3CF382AE7807F79EF0 ] UCX01000        C:\WINDOWS\System32\drivers\ucx01000.sys
12:56:02.0018 0x17ac  UCX01000 - ok
12:56:02.0127 0x17ac  [ C61EAF8E1E4B2F62BA4FDF457440B2C6, 961F76A789925234AC27F56AAE34556FA06088D71580B42C24B0BC209EAFD67E ] udfs            C:\WINDOWS\system32\DRIVERS\udfs.sys
12:56:02.0189 0x17ac  udfs - ok
12:56:02.0205 0x17ac  [ 9578691F297E1B1F519970FE6D47CB21, 080C352AAF22A16A4F3C4AB4DCEA5BFA656457C73F735CEBA30516FDACCF6301 ] UEFI            C:\WINDOWS\System32\drivers\UEFI.sys
12:56:02.0236 0x17ac  UEFI - ok
12:56:02.0299 0x17ac  [ A867F0F978EE64C87FADC3B100869EE4, 2686BE85F963D0D0BB275E92E5B543280D8742CF10772303E3189D0719B6A277 ] UI0Detect       C:\WINDOWS\system32\UI0Detect.exe
12:56:02.0346 0x17ac  UI0Detect - ok
12:56:02.0361 0x17ac  [ 5EAB5117DDB24FC4D39E6FFFCF1837B9, 2BC709240867F161E94BE6625A04F478EAAA3EEE7BC7C37ED0DFA9EEA5928E98 ] uliagpkx        C:\WINDOWS\system32\drivers\uliagpkx.sys
12:56:02.0408 0x17ac  uliagpkx - ok
12:56:02.0439 0x17ac  [ DA34C39A18E60E7C3FA0630566408034, 2F162504214053894C72760D9933D01DBF3578609FE5E2376C3272818599FE32 ] umbus           C:\WINDOWS\System32\drivers\umbus.sys
12:56:02.0486 0x17ac  umbus - ok
12:56:02.0518 0x17ac  [ AE8294875E5446E359B1E8035D40C05E, AE0357BAB47C07C3576BC76951CD258C009BC5A1B93259D2122A841BD9CDA8FA ] UmPass          C:\WINDOWS\System32\drivers\umpass.sys
12:56:02.0580 0x17ac  UmPass - ok
12:56:02.0689 0x17ac  [ A023F267A262D5DA6CE1436D9C5E8FD9, 92AD7AF91184C244A7E392F49663143193A80D5D81114546A00F18227DE31D23 ] UmRdpService    C:\WINDOWS\System32\umrdp.dll
12:56:02.0768 0x17ac  UmRdpService - ok
12:56:02.0955 0x17ac  [ 6EE394F8BFDC59D51E1C347246867004, DDD2A7CF321A4EF0BA2F87EDA61E477CBC8A63D99D52CDBFA71CA28140DA780D ] UNS             C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
12:56:02.0986 0x17ac  UNS - ok
12:56:03.0002 0x17ac  UpdateCheck - ok
12:56:03.0127 0x17ac  [ C98493DD8E6A50154FAC75C15E1C36BB, CECD1C826C8F7AF05468871BF6A0ACDBB6B0202F4F87F48C6D367E5BD699E800 ] upnphost        C:\WINDOWS\System32\upnphost.dll
12:56:03.0190 0x17ac  upnphost - ok
12:56:03.0252 0x17ac  [ 5C3BE22E485B9BF11FCEFDC676C728D0, F55061066ECF6920D56518A677BB538C18B7F1BB150ED6DB3591408F44E8D53A ] USBAAPL64       C:\WINDOWS\System32\Drivers\usbaapl64.sys
12:56:03.0315 0x17ac  USBAAPL64 - ok
12:56:03.0346 0x17ac  [ DF355EB0199198728027962DCFCDE5FB, 9E158BD07389B4CFF99674716647FA3AABEECBD1A98EDF20E544E099A99A8768 ] usbaudio        C:\WINDOWS\system32\drivers\usbaudio.sys
12:56:03.0409 0x17ac  usbaudio - ok
12:56:03.0424 0x17ac  [ FF78D053A05E5A394F4E3C1816CC65A8, 5DAE02414271231F5FDBB751AFEB99874779B467947020815D4AE54432D4269D ] usbccgp         C:\WINDOWS\System32\drivers\usbccgp.sys
12:56:03.0471 0x17ac  usbccgp - ok
12:56:03.0503 0x17ac  [ 0139248F6B95CF0D837B5B46A2722D40, 38E3E704E0364F07732DB418AEBD126B040FB3CDB7D78EA36E8605D50D528A80 ] usbcir          C:\WINDOWS\System32\drivers\usbcir.sys
12:56:03.0565 0x17ac  usbcir - ok
12:56:03.0596 0x17ac  [ 48BA326A3DBA5B5BEB5F2777F4618696, B9EC8155F11A3A7644BD9DC8910681B46AE44AE3BF53F052DF50E9C5555E3229 ] usbehci         C:\WINDOWS\System32\drivers\usbehci.sys
12:56:03.0627 0x17ac  usbehci - ok
12:56:03.0674 0x17ac  [ FEF0BC107812B36849741C3211BA6B60, B3EF738BE1E6B6027F29C9713CD3F367EA067D2BE46580AFBC0FB58046EF6BBD ] usbhub          C:\WINDOWS\System32\drivers\usbhub.sys
12:56:03.0737 0x17ac  usbhub - ok
12:56:03.0831 0x17ac  [ 95B0179BDA907252025DEEA183699FB3, A6BDFB93EE9418A83407024204A41640A08638C60E2BE75C249D102601DC1D80 ] USBHUB3         C:\WINDOWS\System32\drivers\UsbHub3.sys
12:56:03.0893 0x17ac  USBHUB3 - ok
12:56:03.0956 0x17ac  [ 3019097FB6C985EF24C058090FF3BDBD, 24AC518D34E338D94BF3D5B3F72E53F8A1369BAA7F32FEA3EDBCF928C4FF1D17 ] usbohci         C:\WINDOWS\System32\drivers\usbohci.sys
12:56:04.0018 0x17ac  usbohci - ok
12:56:04.0034 0x17ac  [ 4D655E3B684BE9B0F7FFD8A2935C348C, 3A7FC1748C5AEA8CFE0E7C22ADC77E3DCA475455FC16D9C6A5C16EB5E949A516 ] usbprint        C:\WINDOWS\System32\drivers\usbprint.sys
12:56:04.0081 0x17ac  usbprint - ok
12:56:04.0128 0x17ac  [ 66732C13628BDB1AB0D6FD46027327C2, B582C0F348D8F79419CA5A58F10CA151E06D7CA3BE162344CADA46D9D7FED97C ] USBSTOR         C:\WINDOWS\System32\drivers\USBSTOR.SYS
12:56:04.0174 0x17ac  USBSTOR - ok
12:56:04.0190 0x17ac  [ 064260B3A5868AC894A4943543BC7AB7, D3534E98B34C4AC9A430D7E0AB301A0E5E1511E3117C2FEA392636B0DE2C38E2 ] usbuhci         C:\WINDOWS\System32\drivers\usbuhci.sys
12:56:04.0253 0x17ac  usbuhci - ok
12:56:04.0300 0x17ac  [ 1A20F03700D2B2ED775E38D751EF2F63, 76F8BE9F412D4397437E60A7E6231C80EA9B4F5436C9A8FAB967C78604994AE9 ] USBXHCI         C:\WINDOWS\System32\drivers\USBXHCI.SYS
12:56:04.0347 0x17ac  USBXHCI - ok
12:56:04.0363 0x17ac  [ 382100E75B6F4668AEAEF228C6CEFFAD, 9C7229F10F11D18E1FED6395391A46225A84B421034B9AB6F81AF7430FDC556F ] VaultSvc        C:\WINDOWS\system32\lsass.exe
12:56:04.0394 0x17ac  VaultSvc - ok
12:56:04.0425 0x17ac  [ FEB26E3B8345A7E8D62F945C4AE86562, 3AAFE87C402FC8E92542DFE60EC9540559863065F88D429A16D7B1BF829223FF ] vdrvroot        C:\WINDOWS\system32\drivers\vdrvroot.sys
12:56:04.0456 0x17ac  vdrvroot - ok
12:56:04.0753 0x17ac  [ 8A4D808D1EC7C1C47B2C8BF488A9A07A, 63C07312ADB6F8A8BDE93361C30AC63DAB4DE1141AF54630EEF11E54B0BF983D ] vds             C:\WINDOWS\System32\vds.exe
12:56:04.0863 0x17ac  vds - ok
12:56:04.0910 0x17ac  [ A026EDEAA5EECAE0B08E2748B616D4BD, 2525A54DC7F49DDFBB999C22BF3FAB6D9E9F70C0806E58D81E90AC59F9F46089 ] VerifierExt     C:\WINDOWS\system32\drivers\VerifierExt.sys
12:56:04.0972 0x17ac  VerifierExt - ok
12:56:05.0128 0x17ac  [ C06E8481E068F170A258441639AC5792, 2F550530BACB511A195D5047F003B01CB6E04FA9A0DCCF638CB3D51FF5467DC7 ] vhdmp           C:\WINDOWS\System32\drivers\vhdmp.sys
12:56:05.0191 0x17ac  vhdmp - ok
12:56:05.0238 0x17ac  [ 06D38968028E9AB19DE9B618C7B6D199, 62022297A47F440D1C82CA0B0E57C0C8E9D5033D83DD3B40492B218DF65EBF68 ] viaide          C:\WINDOWS\system32\drivers\viaide.sys
12:56:05.0285 0x17ac  viaide - ok
12:56:05.0347 0x17ac  [ 511AD3FF957A0127E6BD336FF6F89C38, 55325BFD0857A1204F7F6F8ED8C91C07B0E20A50402105708E7365ECD9E25A21 ] vmbus           C:\WINDOWS\system32\drivers\vmbus.sys
12:56:05.0394 0x17ac  vmbus - ok
12:56:05.0425 0x17ac  [ DA40BEA0A863CE768C940CA9723BF81F, 567C0C3F422325635808B0CF76E05D3B6187F96845C33F85F92F98C9FE53A5B8 ] VMBusHID        C:\WINDOWS\System32\drivers\VMBusHID.sys
12:56:05.0472 0x17ac  VMBusHID - ok
12:56:05.0644 0x17ac  [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmicguestinterface C:\WINDOWS\System32\ICSvc.dll
12:56:05.0738 0x17ac  vmicguestinterface - ok
12:56:05.0769 0x17ac  [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmicheartbeat   C:\WINDOWS\System32\ICSvc.dll
12:56:05.0832 0x17ac  vmicheartbeat - ok
12:56:05.0878 0x17ac  [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmickvpexchange C:\WINDOWS\System32\ICSvc.dll
12:56:05.0925 0x17ac  vmickvpexchange - ok
12:56:05.0988 0x17ac  [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmicrdv         C:\WINDOWS\System32\ICSvc.dll
12:56:06.0050 0x17ac  vmicrdv - ok
12:56:06.0082 0x17ac  [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmicshutdown    C:\WINDOWS\System32\ICSvc.dll
12:56:06.0144 0x17ac  vmicshutdown - ok
12:56:06.0191 0x17ac  [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmictimesync    C:\WINDOWS\System32\ICSvc.dll
12:56:06.0254 0x17ac  vmictimesync - ok
12:56:06.0285 0x17ac  [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmicvss         C:\WINDOWS\System32\ICSvc.dll
12:56:06.0363 0x17ac  vmicvss - ok
12:56:06.0410 0x17ac  [ 55D7D963DE85162F1C49721E502F9744, 5AD34D6DB707EF3E5242BD8CA67B21D6258EE7E7FC477D5227BD15500AE7F45F ] volmgr          C:\WINDOWS\system32\drivers\volmgr.sys
12:56:06.0441 0x17ac  volmgr - ok
12:56:06.0488 0x17ac  [ CCB9E901F7254BF96D28EB1B0E5329B7, F0E3CA4EFA544CDAEF4092284CF3EC7DF07F806A770285E281816457AD8813F5 ] volmgrx         C:\WINDOWS\system32\drivers\volmgrx.sys
12:56:06.0535 0x17ac  volmgrx - ok
12:56:06.0566 0x17ac  [ 64CA2B4A49A8EAF495E435623ECCE7DB, 81151F295A54DE2B8B88C7F48C86BF58CDFF96F98493509C06D6F41484594386 ] volsnap         C:\WINDOWS\system32\drivers\volsnap.sys
12:56:06.0613 0x17ac  volsnap - ok
12:56:06.0676 0x17ac  [ EF31713EE4C7CCFE4049F7E7F15645A2, 35D198D3F1061E19A7EF89FA1E75377049CD6BCA9702F8076B9F95BB8737E0D4 ] vpci            C:\WINDOWS\System32\drivers\vpci.sys
12:56:06.0707 0x17ac  vpci - ok
12:56:06.0769 0x17ac  [ 4539F45F9F4C9757A86A56C949421E07, DEC362314B2C66414F39354AFE79C02B18BF4EEF90787FB58307F6EB62237E2C ] vsmraid         C:\WINDOWS\system32\drivers\vsmraid.sys
12:56:06.0801 0x17ac  vsmraid - ok
12:56:07.0098 0x17ac  [ 94FAFD473CDD80CE19A21FB9503D7ED1, 953E5E8C753C0017E1258695A76F60CC05D283F7476B9D9C5C8AC78B8E3FCE18 ] VSS             C:\WINDOWS\system32\vssvc.exe
12:56:07.0223 0x17ac  VSS - ok
12:56:07.0332 0x17ac  [ 0849B7260F26FE05EA56DED0672E2F4B, 7EAC0E7988F45CB4133A15932955B7B03CE715C967A3BAC9999D81543EBCAEC5 ] VSTXRAID        C:\WINDOWS\system32\drivers\vstxraid.sys
12:56:07.0394 0x17ac  VSTXRAID - ok
12:56:07.0488 0x17ac  [ BE970C369E43B509C1EDA2B8FA7CECB0, 18951F2AA842A0795AA79A4E164EE925A35E6270EBE4C4CDB19D0A891830E383 ] vwifibus        C:\WINDOWS\System32\drivers\vwifibus.sys
12:56:07.0535 0x17ac  vwifibus - ok
12:56:07.0582 0x17ac  [ 35BF5C5F5E3C9902C98978C7640574DA, C61E50B04000DCEC72365723F0C0725C2E005529DAF2777A59E624C14DA29E55 ] vwififlt        C:\WINDOWS\system32\DRIVERS\vwififlt.sys
12:56:07.0629 0x17ac  vwififlt - ok
12:56:07.0644 0x17ac  [ 65ED7B9CFEA893DF7748D5FF692690DE, 73AB9D8BB928B3247BDFC7BB47AD7FCA763B375DC250C251DB4E0573531040E8 ] vwifimp         C:\WINDOWS\system32\DRIVERS\vwifimp.sys
12:56:07.0691 0x17ac  vwifimp - ok
12:56:07.0816 0x17ac  [ DC821E811EFBB65CDD77FBB8B6ECA385, B7C8AACDF81DBA298F2F384983D36B269876C31F0398D89BF9070217A069B96F ] W32Time         C:\WINDOWS\system32\w32time.dll
12:56:07.0879 0x17ac  W32Time - ok
12:56:07.0910 0x17ac  [ 0910AB9ED404C1434E2D0376C2AD5D8B, 62585CA5F1375BDA440D28D5DF1ADDC9DE3DDFA196D49BBFF3456A5A09EE1C6B ] WacomPen        C:\WINDOWS\System32\drivers\wacompen.sys
12:56:07.0941 0x17ac  WacomPen - ok
12:56:08.0285 0x17ac  [ A81988DCC4FA440AA88B84CA452F5E22, 3573AAA09971E8ADB6FEFA778E02B2D8EE5E4249267CF37A524D9F019CC836FB ] wbengine        C:\WINDOWS\system32\wbengine.exe
12:56:08.0395 0x17ac  wbengine - ok
12:56:08.0520 0x17ac  [ 0F1DFA2FED73FA78B8C3CDE332A870F6, 1089F6F585F5350D349A640EBD3117832DF6B3657EB6667CB00AE217E04ACA17 ] WbioSrvc        C:\WINDOWS\System32\wbiosrvc.dll
12:56:08.0598 0x17ac  WbioSrvc - ok
12:56:08.0629 0x17ac  [ 0EAEC313B24837613621B4A2536ED382, 61C194ED7FA7D65BBE61A546D5FCA52F52AB08324E084D3EC23C9706E9BF0175 ] Wcmsvc          C:\WINDOWS\System32\wcmsvc.dll
12:56:08.0692 0x17ac  Wcmsvc - ok
12:56:08.0817 0x17ac  [ F6B4C2280FF7C7156AC8A4687B9DA35E, 1899D584D7469BB49355D84080051E2575B033E6312009D9C6C1DD3F7F9AA4C5 ] wcncsvc         C:\WINDOWS\System32\wcncsvc.dll
12:56:08.0895 0x17ac  wcncsvc - ok
12:56:08.0957 0x17ac  [ B7BF1D783F5B2484E8CE1C0C78257F16, 468601199FCCF63DBAE86EE6B8825EA85B2A1EE177413353FFA2CC9CA5249FCD ] WcsPlugInService C:\WINDOWS\System32\WcsPlugInService.dll
12:56:09.0004 0x17ac  WcsPlugInService - ok
12:56:09.0051 0x17ac  [ 1751F6B031ADAC34724511057D2E455D, BCBC77DE02718868302F7469E8FBB8F2E7E0F8A5D3E46A5B4D48713E829FBAF6 ] WdBoot          C:\WINDOWS\system32\drivers\WdBoot.sys
12:56:09.0098 0x17ac  WdBoot - ok
12:56:09.0254 0x17ac  [ CB6C63FF8342B467E2EF76E98D5B934D, BE017CE91E3BAB293DE6ECF143797CCE3F33CC63024437472B4E38C6961AD884 ] Wdf01000        C:\WINDOWS\system32\drivers\Wdf01000.sys
12:56:09.0332 0x17ac  Wdf01000 - ok
12:56:09.0364 0x17ac  [ D296D0F0DB2CD1504F90405603664493, 9531034AE2E027B5C7366713AA9003085501800B35F971D1CE7FFB8E5DAE3825 ] WdFilter        C:\WINDOWS\system32\drivers\WdFilter.sys
12:56:09.0411 0x17ac  WdFilter - ok
12:56:09.0457 0x17ac  [ F581F9C9D6953FABFA24E67105F0B614, 5A7BB72523D1C53BBE68700537D7AE0D150BC7E4B8227A916B2E29EE4CA267A9 ] WdiServiceHost  C:\WINDOWS\system32\wdi.dll
12:56:09.0504 0x17ac  WdiServiceHost - ok
12:56:09.0520 0x17ac  [ F581F9C9D6953FABFA24E67105F0B614, 5A7BB72523D1C53BBE68700537D7AE0D150BC7E4B8227A916B2E29EE4CA267A9 ] WdiSystemHost   C:\WINDOWS\system32\wdi.dll
12:56:09.0567 0x17ac  WdiSystemHost - ok
12:56:09.0582 0x17ac  [ 9F4DF0043965808973023A9B51A11136, 3A799125CBC5C214D9FBB91C348B39563B1FDB7403B520270752E9A177464723 ] WdNisDrv        C:\WINDOWS\system32\Drivers\WdNisDrv.sys
12:56:09.0629 0x17ac  WdNisDrv - ok
12:56:09.0661 0x17ac  WdNisSvc - ok
12:56:09.0801 0x17ac  [ 185E4111627F7AA6799E1366B5E91D65, 7A02C816DFBCCF47EDB49E5E2005A3D0B80719FAC94F9298D2DBAC63950EDA05 ] WebClient       C:\WINDOWS\System32\webclnt.dll
12:56:09.0848 0x17ac  WebClient - ok
12:56:09.0911 0x17ac  [ 384E1D04FE20845B2559D292F17A9FA1, AD3B0B2B2219691AC30FEEC8AFDB3BBB74B51BB7D02038AE2B4DEA514E245315 ] Wecsvc          C:\WINDOWS\system32\wecsvc.dll
12:56:09.0957 0x17ac  Wecsvc - ok
12:56:10.0911 0x17ac  [ D2C6F47316CE3882DE447D2B9801BC15, 1FB35A7924DEA8D44F5ED5458BC063B875D8DD501469A8AD786D48F3A3701781 ] Wefhiuli        C:\ProgramData\boostwebapp\1.1.0.31\Wefhiuli.exe
12:56:10.0911 0x17ac  Suspicious file ( Hidden ): C:\ProgramData\boostwebapp\1.1.0.31\Wefhiuli.exe. md5: D2C6F47316CE3882DE447D2B9801BC15, sha256: 1FB35A7924DEA8D44F5ED5458BC063B875D8DD501469A8AD786D48F3A3701781
12:56:10.0926 0x17ac  Wefhiuli - detected HiddenFile.Multi.Generic ( 1 )
12:56:10.0926 0x17ac  Wefhiuli ( HiddenFile.Multi.Generic ) - warning
12:56:10.0989 0x17ac  [ 455014F4E48B67EBE0F032E2B0E06BF2, A36435784A034B27056A0E606683A20C69F1B0AB2B6BAEDEAEAA190F6287CAEF ] WEPHOSTSVC      C:\WINDOWS\system32\wephostsvc.dll
12:56:11.0036 0x17ac  WEPHOSTSVC - ok
12:56:11.0067 0x17ac  [ F13DBA57CEA9B7074B95EDCA6AD2635E, 1D9BA4841EF1343A5D9096B5FE27FC65DC1901D6683DD13516171638549666B5 ] wercplsupport   C:\WINDOWS\System32\wercplsupport.dll
12:56:11.0130 0x17ac  wercplsupport - ok
12:56:11.0192 0x17ac  [ FD7E58B6AA3EABF2D12B9762A20E11E4, 4C5E2E246C5C70074866BB3DBC2AAF483ECE4345004CCB8D1FE285047268685D ] WerSvc          C:\WINDOWS\System32\WerSvc.dll
12:56:11.0239 0x17ac  WerSvc - ok
12:56:11.0286 0x17ac  [ BAB713B409258DB7B5D9F9693F802B0E, C0D0391EC4FDC07E0A07F4EEB2DC9CC5B2BE5D2E292E7D01929E8D39D6F73EA5 ] WFPLWFS         C:\WINDOWS\system32\DRIVERS\wfplwfs.sys
12:56:11.0317 0x17ac  WFPLWFS - ok
12:56:11.0380 0x17ac  [ 8C840E1FD7584E74BD0CC1EA581EC187, 148E534A94B4882E7396B13FABE17407802292E7890713540080D03D5629C81D ] WiaRpc          C:\WINDOWS\System32\wiarpc.dll
12:56:11.0426 0x17ac  WiaRpc - ok
12:56:11.0458 0x17ac  [ 5F66B7BB330AA80067FC66149A692620, 92C5D7115A168A23108B65EEEB5FBA8FA43D781855355792596D2419160263C2 ] WIMMount        C:\WINDOWS\system32\drivers\wimmount.sys
12:56:11.0505 0x17ac  WIMMount - ok
12:56:11.0505 0x17ac  WinDefend - ok
12:56:11.0661 0x17ac  [ 10DAD6A7FC617A221313BD584E3C3A00, F139B878668ECF38FE59831E8595A207D5CEEE76C6FFDA8C9F735435E601A763 ] WinHttpAutoProxySvc C:\WINDOWS\system32\winhttp.dll
12:56:11.0755 0x17ac  WinHttpAutoProxySvc - ok
12:56:11.0942 0x17ac  [ FC8BD690321216C32BB58B035B6D5674, D61698DB19D9DB2593B60B6BA13F7B7735667206F41D751D507135469D6D3CDD ] Winmgmt         C:\WINDOWS\system32\wbem\WMIsvc.dll
12:56:12.0005 0x17ac  Winmgmt - ok
12:56:12.0192 0x17ac  [ 75436315AA383CF527695C6D49D0CA59, E3D55F2ACBD45D4D031FA6CA799394459C89BE50FF6ADE4FE36F2CAB2D2E63D0 ] WinRM           C:\WINDOWS\system32\WsmSvc.dll
12:56:12.0411 0x17ac  WinRM - ok
12:56:12.0458 0x17ac  [ AC263C2F66405589528995AA41040599, 81B46E551D6130A2C3D113EC3B563CEDB5A06BB340986C0E03136CE5BE729481 ] WinUsb          C:\WINDOWS\System32\drivers\WinUsb.sys
12:56:12.0505 0x17ac  WinUsb - ok
12:56:12.0614 0x17ac  [ DC079BA8390089E4EBCA63D27EEA3ECB, 4D549217A68292E2B16C09FD9F84317011EE54A2DAF4E2AB85554267DF0D3249 ] WlanSvc         C:\WINDOWS\System32\wlansvc.dll
12:56:12.0724 0x17ac  WlanSvc - ok
12:56:12.0864 0x17ac  [ 06BF5897949A8F24893F792E876B71F5, 9D3719492A86BF52A56E2EA798FD6FDB5862A03F6D360FCC4B0CEA9BE9792AE4 ] wlidsvc         C:\WINDOWS\system32\wlidsvc.dll
12:56:12.0989 0x17ac  wlidsvc - ok
12:56:13.0020 0x17ac  [ 2834D9D3B4F554A39C72F00EA3F0E128, D10124343C67FE9A0B711AD569BB8080495FCEA0ECEF9AC3F3FBD6865F436A44 ] WmiAcpi         C:\WINDOWS\System32\drivers\wmiacpi.sys
12:56:13.0067 0x17ac  WmiAcpi - ok
12:56:13.0114 0x17ac  [ B96F7A1236C3F21212DE2C40A3DDB005, 5A29EBB6DA036E303611EB1304192655021405BB05452FD37886DDE604FF0D9D ] wmiApSrv        C:\WINDOWS\system32\wbem\WmiApSrv.exe
12:56:13.0161 0x17ac  wmiApSrv - ok
12:56:13.0192 0x17ac  WMPNetworkSvc - ok
12:56:13.0224 0x17ac  [ 7FC5667DF73D4B04AA457CC3A4180E09, CB7B014945DCA16B6D120DBE0E5876C4C867A4ACD3C3536AEADC14B908613D4E ] Wof             C:\WINDOWS\system32\drivers\Wof.sys
12:56:13.0270 0x17ac  Wof - ok
12:56:13.0380 0x17ac  [ 588040D595BBF0856CA1ADD941A8ED17, CBC92BB5453FE1BEA6F33239B7CE884F312559591383408EA5F95A006156C5D3 ] workfolderssvc  C:\WINDOWS\system32\workfolderssvc.dll
12:56:13.0520 0x17ac  workfolderssvc - ok
12:56:13.0552 0x17ac  [ A2468CC3509394A33C4C32F99563D845, 62690C7D41F382DF74B8F4B942647842858E37DE35FF2DE028192E4D09ABB2C5 ] wpcfltr         C:\WINDOWS\system32\DRIVERS\wpcfltr.sys
12:56:13.0583 0x17ac  wpcfltr - ok
12:56:13.0614 0x17ac  [ 19F4DF69876DA7E9C4965351560FE6B7, 127247A7964F55EE3AF842D25120F5ACD387632BEE2BF3D28FAC05840CEA19BA ] WPCSvc          C:\WINDOWS\System32\wpcsvc.dll
12:56:13.0661 0x17ac  WPCSvc - ok
12:56:13.0708 0x17ac  [ 2ADE11F3D84709C5F6781E4C59F11683, F003C43396CF8FCF44EAB87583650DB4D2A233322D28D6A78D1694945D9073BB ] WPDBusEnum      C:\WINDOWS\system32\wpdbusenum.dll
12:56:13.0755 0x17ac  WPDBusEnum - ok
12:56:13.0802 0x17ac  [ 9F2904B55F6CECCD1A8D986B5CE2609A, E19ED4DD3CEF3A22C058FC324824604FB3FC98A029C94E6C2A3389F938D680B6 ] WpdUpFltr       C:\WINDOWS\system32\drivers\WpdUpFltr.sys
12:56:13.0833 0x17ac  WpdUpFltr - ok
12:56:13.0864 0x17ac  Wpm - ok
12:56:13.0895 0x17ac  [ AE072B0339D0A18E455DC21666CAD572, AB1DAEA25E2C7AD610818D4B4783F6D4190D85EBB3963BBAD410E8CEA7899EDB ] ws2ifsl         C:\WINDOWS\system32\drivers\ws2ifsl.sys
12:56:13.0942 0x17ac  ws2ifsl - ok
12:56:13.0989 0x17ac  [ 5596C0960ED6ED7494BF2A55DE428684, C95CF09A657F37F421CC80E16F2F95B8EC59A8D5D48F104551155EAC8E53DCB2 ] wscsvc          C:\WINDOWS\System32\wscsvc.dll
12:56:14.0036 0x17ac  wscsvc - ok
12:56:14.0067 0x17ac  [ F586F3F1BF962FE9AE4316E0D896B22F, 8D0AD48D79294567123D943D0F5B6D5A32D7A82B129A24DC821D3095AFAA100B ] WSDPrintDevice  C:\WINDOWS\System32\drivers\WSDPrint.sys
12:56:14.0114 0x17ac  WSDPrintDevice - ok
12:56:14.0146 0x17ac  [ 58035FD3369879E02D65989C44D27450, B9245DB5C17F7CE94FAA20AB4B0D06A4DFB6133C6E82343758CDC713EB64DFEF ] WSDScan         C:\WINDOWS\System32\drivers\WSDScan.sys
12:56:14.0177 0x17ac  WSDScan - ok
12:56:14.0192 0x17ac  WSearch - ok
12:56:14.0380 0x17ac  [ 6B2D71124C1EA86B74412F414C42431D, 078CC6C9667EF6BDA3E6900BC26A5A5B030CAA66928A6BBB7B7DC43C5C199EDC ] WSService       C:\WINDOWS\System32\WSService.dll
12:56:14.0599 0x17ac  WSService - ok
12:56:14.0646 0x17ac  [ 72B4E9DF6456C43C42A1419B09486045, 536BA7377B5BEA7EA46864453933111DB88DB8FB689C68915ACD7261A996E61D ] wsvd            C:\WINDOWS\system32\DRIVERS\wsvd.sys
12:56:14.0661 0x17ac  wsvd - ok
12:56:14.0849 0x17ac  [ 5F3D70B19BCAC985DA90F22CA2FF45E4, BBD82BAEF0DCA2C6361F8D1ADF5BED36D0F1AB1A2AEADB0E4526B917F40C2E52 ] wuauserv        C:\WINDOWS\system32\wuaueng.dll
12:56:15.0036 0x17ac  wuauserv - ok
12:56:15.0083 0x17ac  [ 481286719402E4BAEFEA0604AB1B5113, F3CF65DF2AB39F79AE4C1335831408418E40726706E0242677E8B96B0FAD988F ] WudfPf          C:\WINDOWS\system32\drivers\WudfPf.sys
12:56:15.0130 0x17ac  WudfPf - ok
12:56:15.0177 0x17ac  [ D7B4859227B02BCC1055B279A63C937F, 82C99844CC596C2723523B1B98573488FF23337947B78AA04BA21E58394BB751 ] WUDFRd          C:\WINDOWS\System32\drivers\WUDFRd.sys
12:56:15.0239 0x17ac  WUDFRd - ok
12:56:15.0255 0x17ac  [ D7B4859227B02BCC1055B279A63C937F, 82C99844CC596C2723523B1B98573488FF23337947B78AA04BA21E58394BB751 ] WUDFSensorLP    C:\WINDOWS\System32\drivers\WUDFRd.sys
12:56:15.0318 0x17ac  WUDFSensorLP - ok
12:56:15.0349 0x17ac  [ 51D28F7F1F888DDCF2C67DCF3B79A5D3, 74FF2936AFCEB9A36175D5B00EB91A5AD614B52BE3FB3FA9B994A025A484D2B7 ] wudfsvc         C:\WINDOWS\System32\WUDFSvc.dll
12:56:15.0427 0x17ac  wudfsvc - ok
12:56:15.0443 0x17ac  [ D7B4859227B02BCC1055B279A63C937F, 82C99844CC596C2723523B1B98573488FF23337947B78AA04BA21E58394BB751 ] WUDFWpdFs       C:\WINDOWS\System32\drivers\WUDFRd.sys
12:56:15.0489 0x17ac  WUDFWpdFs - ok
12:56:15.0505 0x17ac  [ D7B4859227B02BCC1055B279A63C937F, 82C99844CC596C2723523B1B98573488FF23337947B78AA04BA21E58394BB751 ] WUDFWpdMtp      C:\WINDOWS\System32\drivers\WUDFRd.sys
12:56:15.0568 0x17ac  WUDFWpdMtp - ok
12:56:15.0708 0x17ac  [ A0900F8F628B5AF6841414EB3CF11E50, 8A531F2472FF4B4D895D469D28C215C834ECADBEF539894B8F3F606079A86184 ] WwanSvc         C:\WINDOWS\System32\wwansvc.dll
12:56:15.0786 0x17ac  WwanSvc - ok
12:56:17.0021 0x17ac  [ 17E44886E695DBC78AC33854BD5EA6D2, BC764274363B8042326042DC0872ED30BDD76C7516FD0BFEB7280FB76B66DED4 ] ZeroConfigService C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
12:56:17.0224 0x17ac  ZeroConfigService - ok
12:56:17.0302 0x17ac  [ CB153F62C674818699F3691F0E24D272, 31C976C1D1DEDE197CBCECBAB5F8DCEB1862FF3F9625627A2737A09AAFD95C80 ] {2635ac50-5488-40bf-9bfd-accb158f8f3f}w64 C:\WINDOWS\system32\drivers\{2635ac50-5488-40bf-9bfd-accb158f8f3f}w64.sys
12:56:17.0349 0x17ac  {2635ac50-5488-40bf-9bfd-accb158f8f3f}w64 - ok
12:56:17.0412 0x17ac  [ 75F93B35CCC1BADA0B7D26DD6490EAF8, 6BAF648F7317260C3BED5C854AF806EC666C22566FF302454A660C5D691A8ED0 ] {55dce8ba-9dec-4013-937e-adbf9317d990}Gw64 C:\WINDOWS\system32\drivers\{55dce8ba-9dec-4013-937e-adbf9317d990}Gw64.sys
12:56:17.0459 0x17ac  {55dce8ba-9dec-4013-937e-adbf9317d990}Gw64 - ok
12:56:17.0521 0x17ac  [ 48CBBAE1594B514DF22BC24E057F7676, 2CC6331C733FF46F0C04DD89D2C048606053F3ADAE286EC4420C019E14EBAD24 ] {55dce8ba-9dec-4013-937e-adbf9317d990}w64 C:\WINDOWS\system32\drivers\{55dce8ba-9dec-4013-937e-adbf9317d990}w64.sys
12:56:17.0568 0x17ac  {55dce8ba-9dec-4013-937e-adbf9317d990}w64 - ok
12:56:17.0584 0x17ac  ================ Scan global ===============================
12:56:17.0646 0x17ac  [ 243F54DBA6EB48A369CA465E263ABA4A, 9D9F9DE783D000F3EA130EB68FD71319F21E4F1CD4232FB8B2F8A9A67E08F5F4 ] C:\WINDOWS\system32\basesrv.dll
12:56:17.0693 0x17ac  [ EAB311B0A7A8EA0346F14F08D4BC8F46, 11168E4074679F8A69DA714C0ABD0C68BA49D171B379343F14783C9C563202CA ] C:\WINDOWS\system32\winsrv.dll
12:56:17.0724 0x17ac  [ 3600ED7EA8AED849E20700551C0BD63B, 4A8C346C1646E80B58EF93F87F915A41E05CA2E993BB1C96955AE62A0669AF66 ] C:\WINDOWS\system32\sxssrv.dll
12:56:17.0771 0x17ac  [ E0C7813A97CA7947FF5C18A8F3B61A45, 083BB4F3B20419C87DB656F1465E5F782ACDE76838CDE6207F26AAD035C69DE0 ] C:\WINDOWS\system32\services.exe
12:56:17.0802 0x17ac  [ Global ] - ok
12:56:17.0802 0x17ac  ================ Scan MBR ==================================
12:56:17.0818 0x17ac  [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk0\DR0
12:56:18.0412 0x17ac  \Device\Harddisk0\DR0 - ok
12:56:18.0428 0x17ac  ================ Scan VBR ==================================
12:56:18.0443 0x17ac  [ 6C414DE19427483EA02524B0372FEA78 ] \Device\Harddisk0\DR0\Partition1
12:56:18.0521 0x17ac  \Device\Harddisk0\DR0\Partition1 - ok
12:56:18.0568 0x17ac  [ 00D414620057385CAACCC5E601AABB29 ] \Device\Harddisk0\DR0\Partition2
12:56:18.0646 0x17ac  \Device\Harddisk0\DR0\Partition2 - ok
12:56:18.0693 0x17ac  [ 385F0A9732C20B1076C26A7F1571B4F1 ] \Device\Harddisk0\DR0\Partition3
12:56:18.0771 0x17ac  \Device\Harddisk0\DR0\Partition3 - ok
12:56:18.0803 0x17ac  [ D30099DECA1F763E013607D54A610BCE ] \Device\Harddisk0\DR0\Partition4
12:56:18.0834 0x17ac  \Device\Harddisk0\DR0\Partition4 - ok
12:56:18.0865 0x17ac  [ 3BF254FFFE027A3D89EF7D2FAD2D5641 ] \Device\Harddisk0\DR0\Partition5
12:56:18.0990 0x17ac  \Device\Harddisk0\DR0\Partition5 - ok
12:56:19.0037 0x17ac  [ EA97F6453983162CCF34F364618E7C74 ] \Device\Harddisk0\DR0\Partition6
12:56:19.0131 0x17ac  \Device\Harddisk0\DR0\Partition6 - ok
12:56:19.0162 0x17ac  [ CC12911543E35D0561318083F23BE41E ] \Device\Harddisk0\DR0\Partition7
12:56:19.0209 0x17ac  \Device\Harddisk0\DR0\Partition7 - ok
12:56:19.0256 0x17ac  [ 21ED07E6E77429B8B1A665E96C229204 ] \Device\Harddisk0\DR0\Partition8
12:56:19.0303 0x17ac  \Device\Harddisk0\DR0\Partition8 - ok
12:56:19.0303 0x17ac  ================ Scan generic autorun ======================
12:56:19.0318 0x17ac  HotKeysCmds - ok
12:56:19.0428 0x17ac  [ D94BCD3B86F5220BEFC277B395EEE845, 61D3DE5621CE855F8EA5BF2308D0DFFB3B517BF7187AEE1FEF6785C5880E7D49 ] C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe
12:56:19.0459 0x17ac  IAStorIcon - detected UnsignedFile.Multi.Generic ( 1 )
12:56:19.0459 0x17ac  IAStorIcon ( UnsignedFile.Multi.Generic ) - warning
12:56:19.0459 0x17ac  Force sending object to P2P due to detect: C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe
12:56:19.0459 0x17ac  Object send P2P result: false
12:56:19.0631 0x17ac  [ 9E1738D18C61E6935AD0E8EE19D100D8, C2864677359A977CB67F16664DF44C4001CF4C04AD29401450D1BC3CDD9421AD ] C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe
12:56:19.0693 0x17ac  cAudioFilterAgent - ok
12:56:19.0709 0x17ac  BTMTrayAgent - ok
12:56:20.0600 0x17ac  [ B0F2C94368921643D3E256C07B93C391, 705E96BBB7D87ECEF333BEC857B6C1FA97AE91D5C3D5102EE1687BC7382DFF92 ] C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
12:56:21.0537 0x17ac  Energy Management - ok
12:56:21.0600 0x17ac  [ 7F19FEF6B2172A2A872B3FF350CCD213, 772CC5F9B28602A7C8554AFBD085D9B7BDC26D8039F041D6945426834565C106 ] C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe
12:56:21.0631 0x17ac  EnergyUtility - ok
12:56:21.0881 0x17ac  [ F5A5DBADCD24BDF33BFDAA789E39C876, A0D931FA339CA1FB6198BF5DF327ECEB0881796FFF92BDE0F9FC2C233C46E83C ] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe
12:56:21.0944 0x17ac  AdobeAAMUpdater-1.0 - ok
12:56:21.0990 0x17ac  [ E0833C587DC87DA9060972A12AAA988A, 73858F19559A856BB22E9ABD84FF7F5E8E2269765507B7FE7839F2F7B150A78B ] C:\Program Files (x86)\myradioplayer\myradioplayerTray.exe
12:56:22.0037 0x17ac  myradioplayer Tray - ok
12:56:22.0084 0x17ac  [ D0B542256A968DFCB8896C140FCE6047, 3F92A9871B521BCCCDFE6D9BFF88930B26C5DB86F6F6578554A3F2ECC5C5EBA0 ] C:\Program Files\iTunes\iTunesHelper.exe
12:56:22.0115 0x17ac  iTunesHelper - ok
12:56:22.0162 0x17ac  [ C2513AEB3F326B8811E2A37C9A7F930B, E3D9C0BB1A31367E7E3E0ED71F04068DF09F57CA293293B24D841331A1F9ADCB ] C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe
12:56:22.0194 0x17ac  YouCam Tray - ok
12:56:22.0241 0x17ac  [ 16D807D8B07A868298A8044E576BE419, 148399752A497E7FEA07C59C89834E266652AC1C0793B5C9C429FDBB37AB7617 ] C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe
12:56:22.0272 0x17ac  UpdateP2GShortCut - detected UnsignedFile.Multi.Generic ( 1 )
12:56:22.0272 0x17ac  UpdateP2GShortCut ( UnsignedFile.Multi.Generic ) - warning
12:56:22.0288 0x17ac  [ B7995C675014EEBE77A0BEB7AFCCFC08, 41D186C63273301CF0A1C1EE7B6EB0BB75A251DD441532C5CEB7A4095FB103CD ] C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe
12:56:22.0319 0x17ac  RemoteControl10 - ok
12:56:22.0413 0x17ac  [ 04679E0DC30077EC1164BE82F2A2ADC9, E0193F0AE484DED0DD7F81407F0D98AC071F34358B9EA554DE3ADFC3BA1CBD60 ] C:\Program Files\McAfee.com\Agent\mcagent.exe
12:56:22.0460 0x17ac  mcui_exe - ok
12:56:22.0522 0x17ac  [ 43E946AAD268FEAFB1E286677E70CB5D, 7798926B3CF11D1CF7DFF9B3D67AD3DC67010A62F3132CAEA273EB299A61B176 ] C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe
12:56:22.0569 0x17ac  Intel AppUp(SM) center - ok
12:56:22.0600 0x17ac  [ 04679E0DC30077EC1164BE82F2A2ADC9, E0193F0AE484DED0DD7F81407F0D98AC071F34358B9EA554DE3ADFC3BA1CBD60 ] C:\Program Files\McAfee.com\Agent\mcagent.exe
12:56:22.0647 0x17ac  mcpltui_exe - ok
12:56:22.0663 0x17ac  PC HealthFix - ok
12:56:22.0663 0x17ac  BlockAndSurf - ok
12:56:22.0663 0x17ac  AnyProtect Scanner - ok
12:56:22.0725 0x17ac  [ CB29284AB4B18CA0D23CB0CDC0A6B022, 4478450A2EE4CE694FFE53CDDE4E42821508BD983A8778606C6F6A241D00CA43 ] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
12:56:22.0788 0x17ac  PWRISOVM.EXE - ok
12:56:22.0866 0x17ac  [ 187F4C75A89E3F412322C94526320074, D78FA7EF93C8C7B4326A5B6DB04A92ADD091DF00658FA8731D07C5D3BE29ED04 ] C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe
12:56:22.0897 0x17ac  BCSSync - ok
12:56:22.0991 0x17ac  [ 3E04F1E482357B1FC8B088197C3D9FF8, 85524ADDC27ADC831EBBD24E079B412CFDC69E5F594BD153319087665A28D546 ] C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
12:56:23.0069 0x17ac  Adobe ARM - ok
12:56:23.0132 0x17ac  [ 34084D25BE6F48D072AA54DE630438FD, 522C96429FC679C2D07E9254E8D1793FEC018D65CD43D88FE9851CC8CEB61A07 ] C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
12:56:23.0179 0x17ac  SunJavaUpdateSched - ok
12:56:23.0241 0x17ac  [ 6F94A57D1F05A1A68C33D49B6751C8C6, D37ADB69E8FB2209F6DBD9A55E67800AAED35973DE0830878C6177BDCC073676 ] C:\Windows\System32\StikyNot.exe
12:56:23.0304 0x17ac  RESTART_STICKY_NOTES - ok
12:56:23.0335 0x17ac  AV detected via SS2: McAfee Anti-Virus and Anti-Spyware, C:\Program Files\McAfee.com\Agent\mcupdate.exe ( 12.8.0.0 ), 0x54000 ( disabled : updated )
12:56:23.0350 0x17ac  FW detected via SS2: McAfee Firewall, C:\Program Files\McAfee.com\Agent\mcupdate.exe ( 12.8.0.0 ), 0x52010 ( disabled )
12:56:23.0350 0x17ac  Win FW state via NFP2: enabled
12:56:23.0350 0x17ac  ============================================================
12:56:23.0350 0x17ac  Scan finished
12:56:23.0350 0x17ac  ============================================================
12:56:23.0366 0x0558  Detected object count: 13
12:56:23.0366 0x0558  Actual detected object count: 13
13:00:04.0721 0x0558  C:\Program Files (x86)\Common Files\Diagnostics\node\service.exe - copied to quarantine
13:00:04.0736 0x0558  HKLM\SYSTEM\ControlSet001\services\Diagnostics - will be deleted on reboot
13:00:04.0940 0x0558  C:\Program Files (x86)\Common Files\Diagnostics\node\service.exe - will be deleted on reboot
13:00:04.0940 0x0558  Diagnostics ( UnsignedFile.Multi.Generic ) - User select action: Delete
13:00:05.0080 0x0558  C:\Users\Pradeepa\AppData\Roaming\5D46E0FF-1432837580-E211-A330-208984ECA4BC\hnsi5FC1.tmp - copied to quarantine
13:00:05.0080 0x0558  HKLM\SYSTEM\ControlSet001\services\dyvehiqu - will be deleted on reboot
13:00:05.0111 0x0558  C:\Users\Pradeepa\AppData\Roaming\5D46E0FF-1432837580-E211-A330-208984ECA4BC\hnsi5FC1.tmp - will be deleted on reboot
13:00:05.0111 0x0558  dyvehiqu ( UnsignedFile.Multi.Generic ) - User select action: Delete
13:00:05.0158 0x0558  C:\WINDOWS\system32\Drivers\Givceb119.sys - copied to quarantine
13:00:05.0158 0x0558  HKLM\SYSTEM\ControlSet001\services\Givceb119 - will be deleted on reboot
13:00:05.0174 0x0558  C:\WINDOWS\system32\Drivers\Givceb119.sys - will be deleted on reboot
13:00:05.0174 0x0558  Givceb119 ( LockedService.Multi.Generic ) - User select action: Delete
13:00:05.0252 0x0558  C:\Program Files (x86)\Common Files\IMGUpdater\IMGUpdater.exe - copied to quarantine
13:00:05.0252 0x0558  HKLM\SYSTEM\ControlSet001\services\GlobalUpdater - will be deleted on reboot
13:00:05.0299 0x0558  C:\Program Files (x86)\Common Files\IMGUpdater\IMGUpdater.exe - will be deleted on reboot
13:00:05.0299 0x0558  GlobalUpdater ( LockedFile.Multi.Generic ) - User select action: Delete
13:00:05.0377 0x0558  C:\ProgramData\boostwebapp\1.1.0.31\ikuwmys.exe - copied to quarantine
13:00:05.0377 0x0558  HKLM\SYSTEM\ControlSet001\services\lucherbou - will be deleted on reboot
13:00:05.0424 0x0558  C:\ProgramData\boostwebapp\1.1.0.31\ikuwmys.exe - will be deleted on reboot
13:00:05.0424 0x0558  lucherbou ( LockedService.Multi.Generic ) - User select action: Delete
13:00:05.0440 0x0558  C:\WINDOWS\system32\Drivers\Malguwl119.sys - copied to quarantine
13:00:05.0440 0x0558  HKLM\SYSTEM\ControlSet001\services\Malguwl119 - will be deleted on reboot
13:00:05.0471 0x0558  C:\WINDOWS\system32\Drivers\Malguwl119.sys - will be deleted on reboot
13:00:05.0471 0x0558  Malguwl119 ( LockedService.Multi.Generic ) - User select action: Delete
13:00:05.0549 0x0558  C:\ProgramData\boostwebapp\1.1.0.31\TouhJoisa.exe - copied to quarantine
13:00:05.0549 0x0558  HKLM\SYSTEM\ControlSet001\services\MigteRyfdis - will be deleted on reboot
13:00:05.0596 0x0558  C:\ProgramData\boostwebapp\1.1.0.31\TouhJoisa.exe - will be deleted on reboot
13:00:05.0596 0x0558  MigteRyfdis ( LockedService.Multi.Generic ) - User select action: Delete
13:00:05.0643 0x0558  C:\Program Files (x86)\Common Files\Diagnostics\node\service.exe - copied to quarantine
13:00:05.0643 0x0558  HKLM\SYSTEM\ControlSet001\services\Proxy - will be deleted on reboot
13:00:05.0690 0x0558  C:\Program Files (x86)\Common Files\Diagnostics\node\service.exe - will be deleted on reboot
13:00:05.0690 0x0558  Proxy ( UnsignedFile.Multi.Generic ) - User select action: Delete
13:00:05.0752 0x0558  C:\Users\Pradeepa\AppData\Roaming\5D46E0FF-1432837580-E211-A330-208984ECA4BC\jnst4784.tmp - copied to quarantine
13:00:05.0768 0x0558  HKLM\SYSTEM\ControlSet001\services\qelejify - will be deleted on reboot
13:00:05.0799 0x0558  C:\Users\Pradeepa\AppData\Roaming\5D46E0FF-1432837580-E211-A330-208984ECA4BC\jnst4784.tmp - will be deleted on reboot
13:00:05.0799 0x0558  qelejify ( UnsignedFile.Multi.Generic ) - User select action: Delete
13:00:05.0940 0x0558  C:\ProgramData\boostwebapp\1.1.0.31\ikuamys.exe - copied to quarantine
13:00:05.0940 0x0558  HKLM\SYSTEM\ControlSet001\services\raifkoncut - will be deleted on reboot
13:00:05.0986 0x0558  C:\ProgramData\boostwebapp\1.1.0.31\ikuamys.exe - will be deleted on reboot
13:00:05.0986 0x0558  raifkoncut ( LockedService.Multi.Generic ) - User select action: Delete
13:00:06.0315 0x0558  C:\ProgramData\boostwebapp\1.1.0.31\Wefhiuli.exe - copied to quarantine
13:00:06.0315 0x0558  HKLM\SYSTEM\ControlSet001\services\Wefhiuli - will be deleted on reboot
13:00:06.0330 0x0558  HKLM\SYSTEM\ControlSet001\control\safeboot\Network\Wefhiuli - will be deleted on reboot
13:00:06.0393 0x0558  C:\ProgramData\boostwebapp\1.1.0.31\Wefhiuli.exe - will be deleted on reboot
13:00:06.0393 0x0558  Wefhiuli ( HiddenFile.Multi.Generic ) - User select action: Delete
13:00:06.0393 0x0558  IAStorIcon ( UnsignedFile.Multi.Generic ) - skipped by user
13:00:06.0393 0x0558  IAStorIcon ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:00:06.0408 0x0558  UpdateP2GShortCut ( UnsignedFile.Multi.Generic ) - skipped by user
13:00:06.0408 0x0558  UpdateP2GShortCut ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:00:06.0736 0x0558  KLMD registered as C:\WINDOWS\system32\drivers\14949842.sys
 



#8 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:02:51 AM

Posted 02 June 2015 - 12:18 PM

Step 1

frst.pngfrstscan.png

Start FRST with administator privileges.
  • Press the Scan button.
  • When finished, FRST will produce a log (FRST.txt) in the same directory the tool was run from.
    Please copy and paste the log in your next reply.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#9 hlingam

hlingam
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:08:51 PM

Posted 02 June 2015 - 12:51 PM

Here is the log file:-

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 29-05-2015
Ran by Pradeepa (administrator) on DEEPAM on 02-06-2015 13:46:12
Running from C:\FRST
Loaded Profiles: Pradeepa (Available Profiles: Pradeepa)
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(PriceMeter) C:\Program Files (x86)\PriceMeterLiveUpdate\Update\PriceMeterLiveUpdate.exe
(FlashBeat) C:\ProgramData\FlashBeat\FlashBeat.exe
(FlashBeat) C:\ProgramData\FlashBeat\FlashBeat.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(myradioplayer) C:\Program Files (x86)\myradioplayer\myradioplayer.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(McAfee, Inc.) C:\Program Files\mcafee\msc\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe
(myradioplayer) C:\Program Files (x86)\myradioplayer\myradioplayerSvc.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
(myradioplayer) C:\Program Files (x86)\myradioplayer\myradioplayerTray.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\Platform\McUICnt.exe
(Power Software Ltd) C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Just Develop It) C:\Program Files (x86)\MyPC Backup\BackupStack.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Intel® Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(altanov) C:\Program Files (x86)\myradioplayer\myradioplayer.Service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Kaspersky Lab ZAO) C:\Users\Pradeepa\Desktop\tdsskiller.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [HotKeysCmds] => C:\windows\system32\hkcmd.exe
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [286192 2013-01-31] (Intel Corporation)
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [900704 2013-03-15] (Conexant Systems, Inc.)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [17097200 2013-08-16] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [193008 2013-08-16] (Lenovo(beijing) Limited)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated)
HKLM\...\Run: [myradioplayer Tray] => C:\Program Files (x86)\myradioplayer\myradioplayerTray.exe [113912 2014-10-16] (myradioplayer)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-02-13] (Apple Inc.)
HKLM-x32\...\Run: [YouCam Tray] => C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe [168464 2012-10-30] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateP2GShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [217088 2012-04-18] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)
HKLM-x32\...\Run: [mcui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [537992 2014-04-25] (McAfee, Inc.)
HKLM-x32\...\Run: [Intel AppUp(SM) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-07-12] (Intel Corporation)
HKLM-x32\...\Run: [mcpltui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [537992 2014-04-25] (McAfee, Inc.)
HKLM-x32\...\Run: [fst_us_203] => [X]
HKLM-x32\...\Run: [PC HealthFix] => "C:\ProgramData\PC HealthFix\PCHealthFix.exe" /runscan
HKLM-x32\...\Run: [BlockAndSurf] => C:\Program Files (x86)\ver7BlockAndSurf\BlockAndSurf.exe
HKLM-x32\...\Run: [AnyProtect Scanner] => "C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe"
HKLM-x32\...\Run: [PWRISOVM.EXE] => C:\Program Files (x86)\PowerISO\PWRISOVM.EXE [337432 2013-07-21] (Power Software Ltd)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896 2015-04-30] (Oracle Corporation)
HKLM-x32\...\Run: [gmsd_us_627] => [X]
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-21-3688121889-113363352-3167696593-1001\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [479744 2014-10-28] (Microsoft Corporation)
HKU\S-1-5-21-3688121889-113363352-3167696593-1001\...\RunOnce: [Application Restart #5] => C:\Users\Pradeepa\AppData\Local\Pokki\Engine\HostAppService.exe  /openmenu --disable-internal-flash --noerrdialogs --no-message-box --disable-extensions --disable-web-security --disable-web-resources  (the data entry has 565 more characters).
HKU\S-1-5-21-3688121889-113363352-3167696593-1001\...\MountPoints2: {7a7642b8-cbf2-11e4-bf23-0cd2926109df} - "G:\LaunchU3.exe" -a
AppInit_DLLs: C:\ProgramData\FlashBeat\FlashBeat64.dll => C:\ProgramData\FlashBeat\FlashBeat64.dll [1022464 2015-05-27] (FlashBeat)
AppInit_DLLs-x32: C:\ProgramData\FlashBeat\FlashBeat32.dll => C:\ProgramData\FlashBeat\FlashBeat32.dll [817664 2015-05-27] (FlashBeat)
AppInit_DLLs-x32:  C:\PROGRA~3\{0420E~1\1172~1.1\nore.dll => "C:\PROGRA~3\{0420E~1\1172~1.1\nore.dll" File not found
IFEO\DatamngrCoordinator.exe: [Debugger] tasklist.exe
Startup: C:\Users\Pradeepa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Ok_Bangaram_(2015)_-_320_-_[www.SouthMp3.CO].zip.lnk [2015-04-09]
ShortcutTarget: Ok_Bangaram_(2015)_-_320_-_[www.SouthMp3.CO].zip.lnk -> C:\ProgramData\{361ea319-36f5-66df-361e-ea31936f8c64}\Ok_Bangaram_(2015)_-_320_-_[www.SouthMp3.CO].zip.exe ()
ShellIconOverlayIdentifiers: [SugarSyncBackedUp] -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll No File
ShellIconOverlayIdentifiers: [SugarSyncPending] -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll No File
ShellIconOverlayIdentifiers: [SugarSyncRoot] -> {A759AFF6-5851-457D-A540-F4ECED148351} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll No File
ShellIconOverlayIdentifiers: [SugarSyncShared] -> {1574C9EF-7D58-488F-B358-8B78C1538F51} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll No File
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-3688121889-113363352-3167696593-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
ProxyEnable: [HKLM-x32] => ProxyEnable is set
ProxyServer: [HKLM-x32] => http=127.0.0.1:58091;https=127.0.0.1:58091
ProxyEnable: [S-1-5-19] => Internet Explorer proxy is enabled
ProxyServer: [S-1-5-19] => 127.0.0.1:5050
ProxyEnable: [S-1-5-20] => Internet Explorer proxy is enabled
ProxyServer: [S-1-5-20] => 127.0.0.1:5050
ProxyEnable: [S-1-5-21-3688121889-113363352-3167696593-1001] => Internet Explorer proxy is enabled
ProxyServer: [S-1-5-21-3688121889-113363352-3167696593-1001] => 127.0.0.1:5050
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.istart123.com/web/?type=ds&ts=1407974641&from=tugs&uid=ST1000LM024XHN-M101MBB_S2SMJ9FD709247&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.istart123.com/?type=hp&ts=1407974641&from=tugs&uid=ST1000LM024XHN-M101MBB_S2SMJ9FD709247
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.istart123.com/web/?type=ds&ts=1407974641&from=tugs&uid=ST1000LM024XHN-M101MBB_S2SMJ9FD709247&q={searchTerms}
HKU\S-1-5-21-3688121889-113363352-3167696593-1001\Software\Microsoft\Internet Explorer\Main,Search Page = http://feed.safefinder.com/?p=mKO_AwFzXIpYRak5VLd2-qQdkN5729vVFWxou9ho1IAoH5LYnFv7JfoYs6ZpG6R1WwslpORMb-WHYaAZoye0ha22XyWIqGMz2Xh1mYihn7RcXmqPcywSBTt5gjBKfhQIVNvl69hkml9tuYI7YHYO1rUdn3ELXdDv3-nR6VGa_nuODZKua14LPj1HnM7e67h8L4v2R7hVHQ,,&q={searchTerms}
HKU\S-1-5-21-3688121889-113363352-3167696593-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3688121889-113363352-3167696593-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo13.msn.com
HKU\S-1-5-21-3688121889-113363352-3167696593-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://home.lenovo.com
HKU\S-1-5-21-3688121889-113363352-3167696593-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://home.lenovo.com
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.istart123.com/web/?type=ds&ts=1407974641&from=tugs&uid=ST1000LM024XHN-M101MBB_S2SMJ9FD709247&q={searchTerms}
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.cassiopesa.com/results.php?f=4&q={searchTerms}&a=csp_otbrw5_15_22&cd=2XzuyEtN2Y1L1QzutD0C0DtBzytByCtCtDzy0D0CyEtB0C0BtN0D0Tzu0StCtByEtAtN1L2XzutAtFtCtDtFtCtDtFtDtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2SyByBzytCtDtA0DzztGtAtBzzyEtG0A0AtD0CtGyDzytAyCtGtCyCtBtByC0AzytDyB0A0A0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyByC0EyDyEzzyE0EtG0EzzyDyBtGyEyE0EzytG0AtAtD0FtG0CtD0A0ByD0AyCyBtDtD0C0B2QtN0A0LzuyE&cr=1420432219&ir=
SearchScopes: HKLM -> {2E00D31D-D171-423D-836D-1A4D7EA7F1A9} URL =
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.istart123.com/web/?type=ds&ts=1407974641&from=tugs&uid=ST1000LM024XHN-M101MBB_S2SMJ9FD709247&q={searchTerms}
SearchScopes: HKLM -> {A25AC313-DD19-4238-ACA2-401D6BEE4321} URL =
SearchScopes: HKLM -> {CC865B26-C31D-4D23-B17B-96548EEF03F6} URL = http://groovorio.com/results.php?f=4&q={searchTerms}&a=grv_tight3_14_33&cd=2XzuyEtN2Y1L1QzutBtDzzzyzzyE0E0C0AyE0B0CyEtB0C0BtN0D0Tzu0StCtDyEtBtN1L2XzutAtFyCtFtCtFtDtN1L1Czu2Z1L1N1M2Z1VtCyE1VtCzztN1L1G1B1V1N2Y1L1Qzu2SyBtDtB0F0Dzy0D0DtGtAzzyC0BtGyB0E0AtCtG0DyC0BtCtGyDyD0AtAyBtAyE0B0D0CtDzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyByC0EyDyEzzyE0EtG0EzzyDyBtGyEyE0EzytG0AtAtD0FtG0CtD0A0ByD0AyCyBtDtD0C0B2Q&cr=1779137969&ir=
SearchScopes: HKLM-x32 -> DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://feed.safefinder.com/?p=mKO_AwFzXIpYRak5VLd2-qQdkN5729vVFWxou9ho1IAoH5LYnFv7JfoYs6ZpG6R1WwslpORMb-WHYaAZoye0ha22XyWIqGMz2Xh1mYihn7RcXmqPcywSBTt5gjBKfhQIVNvl69hkml9tuYI7YHYO1rUdn3ELXdDv3-nR6VGa_nuODZKua14M6JcTbBj6U5PgHhB6YHXKxA,,&q={searchTerms}
SearchScopes: HKLM-x32 -> {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://feed.safefinder.com/?p=mKO_AwFzXIpYRak5VLd2-qQdkN5729vVFWxou9ho1IAoH5LYnFv7JfoYs6ZpG6R1WwslpORMb-WHYaAZoye0ha22XyWIqGMz2Xh1mYihn7RcXmqPcywSBTt5gjBKfhQIVNvl69hkml9tuYI7YHYO1rUdn3ELXdDv3-nR6VGa_nuODZKua14M6JcTbBj6U5PgHhB6YHXKxA,,&q={searchTerms}
SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.istart123.com/web/?type=ds&ts=1407974641&from=tugs&uid=ST1000LM024XHN-M101MBB_S2SMJ9FD709247&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3688121889-113363352-3167696593-1001 -> DefaultScope {015DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://www.trovi.com/Results.aspx?gd=&ctid=CT3333887&octid=EB_ORIGINAL_CTID&ISID=M6581F3BF-CDC7-430B-9E54-F449661DFCF8&SearchSource=58&CUI=&UM=8&UP=SP224FAC1A-04E9-4FA1-841B-1D61BE51640E&D=052815&q={searchTerms}&SSPV=SP22340TA_sp_ie
SearchScopes: HKU\S-1-5-21-3688121889-113363352-3167696593-1001 -> {015DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://www.trovi.com/Results.aspx?gd=&ctid=CT3333887&octid=EB_ORIGINAL_CTID&ISID=M6581F3BF-CDC7-430B-9E54-F449661DFCF8&SearchSource=58&CUI=&UM=8&UP=SP224FAC1A-04E9-4FA1-841B-1D61BE51640E&D=052815&q={searchTerms}&SSPV=SP22340TA_sp_ie
SearchScopes: HKU\S-1-5-21-3688121889-113363352-3167696593-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.cassiopesa.com/results.php?f=4&q={searchTerms}&a=csp_otbrw5_15_22&cd=2XzuyEtN2Y1L1QzutD0C0DtBzytByCtCtDzy0D0CyEtB0C0BtN0D0Tzu0StCtByEtAtN1L2XzutAtFtCtDtFtCtDtFtDtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2SyByBzytCtDtA0DzztGtAtBzzyEtG0A0AtD0CtGyDzytAyCtGtCyCtBtByC0AzytDyB0A0A0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyByC0EyDyEzzyE0EtG0EzzyDyBtGyEyE0EzytG0AtAtD0FtG0CtD0A0ByD0AyCyBtDtD0C0B2QtN0A0LzuyE&cr=1420432219&ir=
SearchScopes: HKU\S-1-5-21-3688121889-113363352-3167696593-1001 -> {3B6E5E72-A483-436F-828E-8DFB0CD9D188} URL = http://www.search.ask.com/web?tpid=ORJ-SPE&o=APN11405&pf=V7&p2=^BBD^OSJ000^YY^US&gct=&itbv=12.24.1.51&apn_uid=08885414-998A-4295-9E99-885BDE47F77B&apn_ptnrs=BBD&apn_dtid=^OSJ000^YY^US&apn_dbr=ie_11.0.9600.17416&doi=2015-02-26&trgb=IE&q={searchTerms}&psv=&pt=tb
SearchScopes: HKU\S-1-5-21-3688121889-113363352-3167696593-1001 -> {8304A897-E2BF-433C-A8B4-A3FEAC03F4BF} URL =
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-05-23] (Oracle Corporation)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-05-23] (Oracle Corporation)
DPF: HKLM-x32 {4FF78044-96B4-4312-A5B7-FDA3CB328095}
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll [2014-04-25] (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll [2014-04-25] (McAfee, Inc.)
Winsock: Catalog9 01 C:\WINDOWS\SysWOW64\Wefhiuli.dll [286720 2015-05-28] ()
Winsock: Catalog9 02 C:\WINDOWS\SysWOW64\Wefhiuli.dll [286720 2015-05-28] ()
Winsock: Catalog9 03 C:\WINDOWS\SysWOW64\Wefhiuli.dll [286720 2015-05-28] ()
Winsock: Catalog9 04 C:\WINDOWS\SysWOW64\Wefhiuli.dll [286720 2015-05-28] ()
Winsock: Catalog9 16 C:\WINDOWS\SysWOW64\Wefhiuli.dll [286720 2015-05-28] ()
Tcpip\Parameters: [DhcpNameServer] 167.206.245.135 167.206.245.136 192.168.1.1
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF ProfilePath: C:\Users\Pradeepa\AppData\Roaming\Mozilla\Firefox\Profiles\pgx74g70.default
FF DefaultSearchEngine: Cassiopesa
FF DefaultSearchEngine.US: Cassiopesa
FF SelectedSearchEngine: Cassiopesa
FF Homepage: hxxp://www.google.com/
FF NetworkProxy: "type", 0
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2014-04-25] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2013-12-10] (VideoLAN)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2014-02-27] (Adobe Systems)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2014-03-11] (Google, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-11-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-11-06] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-05-23] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-05-23] (Oracle Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2014-04-25] ()
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Pro 8\npnitromozilla.dll [2012-12-14] (Nitro PDF)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll [2015-04-25] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll [2015-04-25] (Google Inc.)
FF Plugin-x32: @tools.updatepm.com/PriceMeterLiveUpdate Update;version=3 -> C:\Program Files (x86)\PriceMeterLiveUpdate\Update\1.3.23.0\npGoogleUpdate3.dll No File
FF Plugin-x32: @tools.updatepm.com/PriceMeterLiveUpdate Update;version=9 -> C:\Program Files (x86)\PriceMeterLiveUpdate\Update\1.3.23.0\npGoogleUpdate3.dll No File
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2014-02-27] (Adobe Systems)
FF Plugin HKU\S-1-5-21-3688121889-113363352-3167696593-1001: @talk.google.com/GoogleTalkPlugin -> C:\Users\Pradeepa\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2014-06-06] (Google)
FF Plugin HKU\S-1-5-21-3688121889-113363352-3167696593-1001: @talk.google.com/O1DPlugin -> C:\Users\Pradeepa\AppData\Roaming\Mozilla\plugins\npo1d.dll [2014-06-06] (Google)
FF Plugin HKU\S-1-5-21-3688121889-113363352-3167696593-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Pradeepa\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File
FF Plugin HKU\S-1-5-21-3688121889-113363352-3167696593-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Pradeepa\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File
FF Plugin ProgramFiles/Appdata: C:\Users\Pradeepa\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2014-06-06] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Pradeepa\AppData\Roaming\mozilla\plugins\npMeetingJoinPluginAOCUser.dll [2014-05-01] ()
FF Plugin ProgramFiles/Appdata: C:\Users\Pradeepa\AppData\Roaming\mozilla\plugins\npo1d.dll [2014-06-06] (Google)
FF SearchPlugin: C:\Users\Pradeepa\AppData\Roaming\Mozilla\Firefox\Profiles\pgx74g70.default\searchplugins\cassiopesa.xml [2015-05-28]
FF SearchPlugin: C:\Users\Pradeepa\AppData\Roaming\Mozilla\Firefox\Profiles\pgx74g70.default\searchplugins\trovi.xml [2015-05-28]
FF Extension: NNIuceOffers - C:\Users\Pradeepa\AppData\Roaming\Mozilla\Firefox\Profiles\pgx74g70.default\Extensions\U404T@4l.com [2015-04-20]
FF HKLM\...\Firefox\Extensions: [{21EAF666-26B3-4a3c-ABD0-CA2F5A326744}] - C:\Program Files\V-bates\Firefox
FF HKLM-x32\...\Firefox\Extensions: [{21EAF666-26B3-4a3c-ABD0-CA2F5A326744}] - C:\Program Files\V-bates\Firefox
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2013-08-16]
FF Extension: No Name - C:\Users\Pradeepa\AppData\Roaming\Mozilla\Firefox\Profiles\pgx74g70.default\extensions\d4db60df25f14dae9dd18@185c395f9e794c9ab86be3eb.com [not found]
StartMenuInternet: FIREFOX.EXE - firefox.exe

Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\Pradeepa\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Pradeepa\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-04-25]
CHR Extension: (Google Docs) - C:\Users\Pradeepa\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-04-25]
CHR Extension: (Google Drive) - C:\Users\Pradeepa\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-04-25]
CHR Extension: (YouTube) - C:\Users\Pradeepa\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-04-25]
CHR Extension: (Adblock Plus) - C:\Users\Pradeepa\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-04-25]
CHR Extension: (Google Search) - C:\Users\Pradeepa\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-04-25]
CHR Extension: (Google Sheets) - C:\Users\Pradeepa\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-04-25]
CHR Extension: (Bookmark Manager) - C:\Users\Pradeepa\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-04-26]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Pradeepa\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-04-26]
CHR Extension: (Skype Click to Call) - C:\Users\Pradeepa\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2015-04-25]
CHR Extension: (Google Wallet) - C:\Users\Pradeepa\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-04-25]
CHR Extension: (Gmail) - C:\Users\Pradeepa\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-25]
CHR HKLM\...\Chrome\Extension: [blmchfpimpbbdmgpcieclabeafkljbhm] - https://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [pfkfdlcdbajamklbneflfbcmfgddmpae] - https://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-3688121889-113363352-3167696593-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [blmchfpimpbbdmgpcieclabeafkljbhm] - https://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-3688121889-113363352-3167696593-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [pfkfdlcdbajamklbneflfbcmfgddmpae] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [blmchfpimpbbdmgpcieclabeafkljbhm] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [ehhlaekjfiiojlddgndcnefflngfmhen] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2015-05-01]
CHR HKLM-x32\...\Chrome\Extension: [nbljechdpodpbchbmjcoamidppmpnmlc] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [pfkfdlcdbajamklbneflfbcmfgddmpae] - https://clients2.google.com/service/update2/crx
StartMenuInternet: Google Chrome - chrome.exe

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.)
R2 BackupStack; C:\Program Files (x86)\MyPC Backup\BackupStack.exe [53320 2014-11-13] (Just Develop It) <==== ATTENTION
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-28] (Microsoft Corporation)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1394816 2015-05-01] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1772672 2015-05-01] (Microsoft Corporation)
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15344 2013-01-31] (Intel Corporation)
S4 IePluginService; C:\ProgramData\IePluginService\PluginService.exe [705136 2014-04-10] () [File not signed]
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [319376 2014-10-01] (Intel Corporation)
R2 Intel® Wireless Bluetooth® 4.0 Radio Management; C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe [161736 2013-04-15] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165760 2012-11-06] (Intel Corporation)
S3 LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [1662424 2014-02-19] ()
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [178528 2014-04-25] (McAfee, Inc.)
S3 McAWFwk; C:\Program Files\mcafee\msc\McAWFwk.exe [332080 2012-01-26] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [602944 2013-08-02] (McAfee, Inc.)
S2 McOobeSv; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [200728 2012-05-11] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1025712 2014-01-20] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219752 2014-03-17] (McAfee, Inc.)
R2 mfevtp; C:\windows\system32\mfevtps.exe [185792 2014-03-17] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 myradioplayer; C:\Program Files (x86)\myradioplayer\myradioplayer.exe [3818744 2014-10-16] (myradioplayer)
R2 myradioplayerV1; C:\Program Files (x86)\myradioplayer\myradioplayerSvc.exe [118520 2014-10-16] (myradioplayer)
R2 myradioplayerV2; C:\Program Files (x86)\myradioplayer\myradioplayer.Service.exe [22264 2014-10-16] (altanov)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273136 2013-04-18] ()
R2 NitroDriverReadSpool8; C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe [230408 2012-12-14] (Nitro PDF Software)
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [390632 2012-04-24] ()
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-03] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-03] (Microsoft Corporation)
S4 Wpm; C:\ProgramData\WPM\wprotectmanager.exe [566272 2014-04-19] () [File not signed]
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3388144 2013-04-18] (Intel® Corporation)
S2 UpdateCheck; C:\Program Files (x86)\Coupoon\UpdateCheck.exe run  [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1366328 2013-03-28] (Motorola Solutions, Inc.)
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [70592 2014-03-17] (McAfee, Inc.)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [180272 2014-03-17] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [311600 2014-03-17] (McAfee, Inc.)
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [69344 2014-03-17] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [522360 2014-03-17] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [783864 2014-03-17] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\system32\DRIVERS\mfencbdc.sys [422712 2014-01-20] (McAfee, Inc.)
S3 mfencrk; C:\Windows\system32\DRIVERS\mfencrk.sys [96592 2014-01-20] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [345456 2014-03-17] (McAfee, Inc.)
R3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew00.sys [3344352 2013-07-08] (Intel Corporation)
R3 rtsuvc; C:\Windows\system32\DRIVERS\rtsuvc.sys [8243272 2013-04-10] (Realtek Semiconductor Corp.)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-03] (Microsoft Corporation)
S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-13] ("CyberLink)
R1 {2635ac50-5488-40bf-9bfd-accb158f8f3f}w64; C:\Windows\System32\drivers\{2635ac50-5488-40bf-9bfd-accb158f8f3f}w64.sys [61120 2014-05-27] (StdLib)
R1 {55dce8ba-9dec-4013-937e-adbf9317d990}Gw64; C:\Windows\System32\drivers\{55dce8ba-9dec-4013-937e-adbf9317d990}Gw64.sys [61584 2014-08-04] (StdLib)
R1 {55dce8ba-9dec-4013-937e-adbf9317d990}w64; C:\Windows\System32\drivers\{55dce8ba-9dec-4013-937e-adbf9317d990}w64.sys [61584 2014-08-07] (StdLib)
S1 innfd_1_10_0_14; system32\drivers\innfd_1_10_0_14.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-02 13:10 - 2015-06-02 13:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2015-06-02 13:00 - 2015-06-02 13:00 - 00000000 ____D () C:\TDSSKiller_Quarantine
2015-06-02 08:33 - 2015-06-02 08:33 - 00001291 _____ () C:\Users\Pradeepa\Desktop\Revo Uninstaller.lnk
2015-06-02 08:33 - 2015-06-02 08:33 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2015-06-02 08:30 - 2015-06-02 08:24 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Pradeepa\Desktop\revosetup.exe
2015-06-02 08:29 - 2015-06-02 08:25 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\Pradeepa\Desktop\tdsskiller.exe
2015-06-01 19:30 - 2015-06-01 19:30 - 00000000 ____D () C:\Users\Pradeepa\AppData\Local\GWX
2015-06-01 17:37 - 2015-06-01 20:02 - 00000000 ____D () C:\Users\Pradeepa\Desktop\It's My Love Story (2011). telugu movie.DvdRip.XviD. ESubs.nanda36
2015-06-01 16:15 - 2014-02-17 22:22 - 656451053 _____ () C:\Users\Pradeepa\Desktop\Biriyani (2013) Lotus Telugu Tamil DVDRip 1CD By Team TQR.mkv
2015-06-01 15:31 - 2015-06-01 15:31 - 00290392 _____ () C:\WINDOWS\Minidump\060115-21203-01.dmp
2015-06-01 12:58 - 2015-06-01 12:58 - 00000000 ____D () C:\Users\Pradeepa\Desktop\Data
2015-06-01 11:42 - 2015-06-01 11:47 - 00000000 ____D () C:\Users\Pradeepa\Desktop\Rang De Basanti 2006 DVDRip{Dare~Devils }
2015-06-01 11:42 - 2015-06-01 11:42 - 00000000 ____D () C:\Users\Pradeepa\Desktop\7 Khoon Maaf - DVDScr - XviD - 1CDRip - [DDR]
2015-05-31 18:36 - 2015-05-31 18:36 - 00000000 ____D () C:\Program Files (x86)\ESET
2015-05-31 17:36 - 2015-06-02 13:46 - 00000000 ____D () C:\FRST
2015-05-30 23:11 - 2015-06-01 15:31 - 753279719 _____ () C:\WINDOWS\MEMORY.DMP
2015-05-30 23:11 - 2015-06-01 15:31 - 00000000 ____D () C:\WINDOWS\Minidump
2015-05-30 23:11 - 2015-05-30 23:11 - 00290448 _____ () C:\WINDOWS\Minidump\053015-29734-01.dmp
2015-05-29 14:31 - 2015-05-29 14:31 - 04963958 _____ () C:\WINDOWS\shost.bin
2015-05-29 00:41 - 2015-05-31 11:00 - 00000000 ____D () C:\WINDOWS\pss
2015-05-28 20:27 - 2015-05-28 20:31 - 00002231 _____ () C:\Users\Pradeepa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
2015-05-28 20:27 - 2015-05-28 20:27 - 00002127 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-05-28 18:31 - 2015-05-28 18:31 - 00003186 _____ () C:\WINDOWS\System32\Tasks\{6015F274-DF5B-41B4-BB18-85DC0DCEC752}
2015-05-28 14:49 - 2015-05-30 23:08 - 00000112 _____ () C:\ProgramData\H2NmLy.dat
2015-05-28 14:45 - 2015-06-02 13:03 - 00001038 _____ () C:\WINDOWS\Tasks\hafPwBCY41nK7GdUOXVl.job
2015-05-28 14:45 - 2015-06-02 13:03 - 00001036 _____ () C:\WINDOWS\Tasks\X1J5Mh6BdzxCv9rZmVR.job
2015-05-28 14:45 - 2015-05-28 14:45 - 00004048 _____ () C:\WINDOWS\System32\Tasks\hafPwBCY41nK7GdUOXVl
2015-05-28 14:45 - 2015-05-28 14:45 - 00004046 _____ () C:\WINDOWS\System32\Tasks\X1J5Mh6BdzxCv9rZmVR
2015-05-28 14:43 - 2015-05-28 17:43 - 00000004 _____ () C:\WINDOWS\SysWOW64\029B560A371F4E00AB32838EBC01B9E7
2015-05-28 14:41 - 2015-05-31 09:53 - 00000000 ____D () C:\ProgramData\abc
2015-05-28 14:41 - 2015-05-28 14:41 - 00004078 _____ () C:\WINDOWS\System32\Tasks\Crossbrowse
2015-05-28 14:41 - 2015-05-28 14:41 - 00000000 ____D () C:\Users\Guest\AppData\Local\Crossbrowse
2015-05-28 14:41 - 2015-05-28 14:41 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Crossbrowse
2015-05-28 14:39 - 2015-05-28 20:27 - 00000000 ____D () C:\Users\Pradeepa\AppData\Local\SmartWeb
2015-05-28 14:38 - 2015-06-02 13:03 - 00000350 _____ () C:\WINDOWS\Tasks\JJYMKAFR1.job
2015-05-28 14:38 - 2015-05-28 14:38 - 00002864 _____ () C:\WINDOWS\System32\Tasks\JJYMKAFR1
2015-05-28 14:38 - 2015-05-28 14:38 - 00000000 ____D () C:\ProgramData\FlashBeat
2015-05-28 14:38 - 2015-05-28 14:38 - 00000000 ____D () C:\ProgramData\28341ff220e0446c9fff27c4493d622e
2015-05-28 14:38 - 2015-05-28 14:38 - 00000000 ____D () C:\ProgramData\0f8be51fc7a84a16a49ae00b238d2a95
2015-05-28 14:31 - 2015-05-28 14:31 - 00000064 _____ () C:\Users\Pradeepa\AppData\Local\d611a977fc6d24361b8e49f489329352
2015-05-28 14:29 - 2015-05-28 17:26 - 00000000 ____D () C:\Users\Pradeepa\AppData\Local\5D46E0FF-1432823376-E211-A330-208984ECA4BC
2015-05-28 14:29 - 2015-05-28 14:31 - 00000000 ____D () C:\data_from_forms
2015-05-28 14:26 - 2015-06-02 13:03 - 00000000 ____D () C:\Users\Pradeepa\AppData\Roaming\5D46E0FF-1432837580-E211-A330-208984ECA4BC
2015-05-28 14:26 - 2015-06-01 15:33 - 00004656 _____ () C:\WINDOWS\SysWOW64\Wefhiuli.ini
2015-05-28 14:26 - 2015-06-01 15:33 - 00002560 _____ () C:\WINDOWS\SysWOW64\WefhiuliOff.ini
2015-05-28 14:26 - 2015-06-01 15:33 - 00002560 _____ () C:\WINDOWS\system32\WefhiuliOff.ini
2015-05-28 14:26 - 2015-05-28 14:26 - 00000000 ____D () C:\ProgramData\boostwebapp
2015-05-28 14:26 - 2015-05-28 04:17 - 00360448 _____ () C:\WINDOWS\system32\Wefhiuli64.dll
2015-05-28 14:26 - 2015-05-28 04:17 - 00286720 _____ () C:\WINDOWS\SysWOW64\Wefhiuli.dll
2015-05-28 14:26 - 2013-08-22 09:25 - 00000824 _____ () C:\WINDOWS\system32\Drivers\etc\hp.bak
2015-05-28 14:25 - 2015-05-28 14:25 - 00000000 ____D () C:\Users\Pradeepa\AppData\Local\Downloaded Installations
2015-05-28 14:14 - 2015-05-28 14:17 - 149173944 _____ (ETS) C:\Users\Pradeepa\Downloads\TOEFL_Sampler_2014.exe
2015-05-27 21:18 - 2015-05-27 21:18 - 01515024 _____ (Dummy, Ltd.) C:\Users\Pradeepa\Downloads\Barron'S Toefl Ibt 12th Edition Pdf_10924_i12897749_il345.exe
2015-05-19 10:54 - 2015-05-19 10:54 - 01213478 _____ () C:\Users\Pradeepa\Downloads\OS03691745_AppForm (7).zip
2015-05-19 10:54 - 2015-05-19 10:54 - 01213478 _____ () C:\Users\Pradeepa\Downloads\OS03691745_AppForm (6).zip
2015-05-19 10:54 - 2015-05-19 10:54 - 01213478 _____ () C:\Users\Pradeepa\Downloads\OS03691745_AppForm (5).zip
2015-05-19 10:53 - 2015-05-19 10:53 - 01213478 _____ () C:\Users\Pradeepa\Downloads\OS03691745_AppForm (4).zip
2015-05-19 10:53 - 2015-05-19 10:53 - 01213478 _____ () C:\Users\Pradeepa\Downloads\OS03691745_AppForm (3).zip
2015-05-15 23:40 - 2015-05-05 13:59 - 00792568 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-05-15 23:40 - 2015-05-05 13:59 - 00178168 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-05-13 17:30 - 2015-04-24 17:32 - 00036864 _____ (Microsoft Corporation) C:\WINDOWS\system32\UtcResources.dll
2015-05-13 17:30 - 2015-03-04 19:09 - 01429504 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2015-05-12 19:34 - 2015-04-30 16:35 - 00124112 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-12 19:34 - 2015-04-30 16:35 - 00102608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-05-12 18:30 - 2015-05-12 18:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-05-12 18:29 - 2015-05-12 18:29 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2015-05-12 18:29 - 2015-05-12 18:29 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2015-05-12 17:46 - 2015-04-09 20:34 - 02256896 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2015-05-12 17:46 - 2015-04-09 20:11 - 01943040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2015-05-12 17:46 - 2015-03-17 13:26 - 00467776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2015-05-12 17:46 - 2015-03-08 22:02 - 00057856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthhfenum.sys
2015-05-12 17:44 - 2015-04-30 19:05 - 00429568 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2015-05-12 17:44 - 2015-04-30 18:48 - 00358912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2015-05-12 17:44 - 2015-04-08 18:55 - 00410128 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe
2015-05-12 17:44 - 2015-04-01 18:22 - 02985984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2015-05-12 17:44 - 2015-04-01 18:20 - 04417536 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2015-05-12 17:44 - 2015-03-31 23:45 - 01491456 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbghelp.dll
2015-05-12 17:44 - 2015-03-31 22:31 - 01207296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbghelp.dll
2015-05-12 17:44 - 2015-03-30 01:47 - 00561928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2015-05-12 17:44 - 2015-03-26 23:27 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2015-05-12 17:44 - 2015-03-26 22:50 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2015-05-12 17:44 - 2015-03-26 22:48 - 01441792 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2015-05-12 17:44 - 2015-03-19 21:56 - 00080384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ahcache.sys
2015-05-12 17:44 - 2015-03-13 00:03 - 00239424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2015-05-12 17:44 - 2015-03-13 00:03 - 00154432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2015-05-12 17:44 - 2015-03-12 21:11 - 02162176 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2015-05-12 17:44 - 2015-03-12 20:39 - 01812992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRH.dll
2015-05-12 17:44 - 2015-03-12 20:29 - 00410017 _____ () C:\WINDOWS\system32\ApnDatabase.xml
2015-05-12 17:44 - 2015-03-10 21:49 - 00024576 _____ (Microsoft Corporation) C:\WINDOWS\system32\sdbinst.exe
2015-05-12 17:44 - 2015-03-10 21:09 - 00021504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sdbinst.exe
2015-05-12 17:44 - 2015-03-05 23:08 - 02067968 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpdshext.dll
2015-05-12 17:44 - 2015-03-05 22:47 - 01696256 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll
2015-05-12 17:44 - 2015-03-05 22:43 - 01969664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wpdshext.dll
2015-05-12 17:44 - 2015-03-03 21:32 - 00172544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Input.Inking.dll
2015-05-12 17:44 - 2015-03-03 21:12 - 00141824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Input.Inking.dll
2015-05-12 17:44 - 2015-02-17 19:19 - 00186368 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpapisrv.dll
2015-05-12 17:44 - 2015-01-29 20:53 - 02819584 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers.dll
2015-05-12 17:44 - 2014-11-14 02:58 - 00116736 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsDatabase.dll
2015-05-12 17:43 - 2015-04-13 18:48 - 04180480 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-05-12 17:43 - 2015-04-09 21:00 - 01996800 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2015-05-12 17:43 - 2015-04-09 20:50 - 01387008 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2015-05-12 17:43 - 2015-04-09 20:26 - 01560576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
2015-05-12 17:43 - 2015-04-02 20:35 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhotoMetadataHandler.dll
2015-05-12 17:43 - 2015-04-02 20:14 - 00364544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhotoMetadataHandler.dll
2015-05-12 17:43 - 2015-03-12 22:02 - 00316416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\udfs.sys
2015-05-12 17:42 - 2015-04-21 13:14 - 24971776 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-05-12 17:42 - 2015-04-21 12:50 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-05-12 17:42 - 2015-04-21 12:50 - 00417792 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec
2015-05-12 17:42 - 2015-04-21 12:49 - 02885120 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-05-12 17:42 - 2015-04-21 12:37 - 00633856 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll
2015-05-12 17:42 - 2015-04-21 12:35 - 00816640 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-05-12 17:42 - 2015-04-21 12:31 - 06025728 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-05-12 17:42 - 2015-04-21 12:24 - 19691008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-05-12 17:42 - 2015-04-21 12:13 - 00107520 _____ (Microsoft Corporation) C:\WINDOWS\system32\inseng.dll
2015-05-12 17:42 - 2015-04-21 12:11 - 00504320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-05-12 17:42 - 2015-04-21 12:09 - 00341504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\html.iec
2015-05-12 17:42 - 2015-04-21 12:08 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2015-05-12 17:42 - 2015-04-21 12:07 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2015-05-12 17:42 - 2015-04-21 12:05 - 00316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2015-05-12 17:42 - 2015-04-21 12:04 - 02278400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-05-12 17:42 - 2015-04-21 11:59 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-05-12 17:42 - 2015-04-21 11:58 - 00664576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-05-12 17:42 - 2015-04-21 11:52 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2015-05-12 17:42 - 2015-04-21 11:49 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-05-12 17:42 - 2015-04-21 11:49 - 00720384 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2015-05-12 17:42 - 2015-04-21 11:49 - 00374272 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2015-05-12 17:42 - 2015-04-21 11:46 - 02125824 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-05-12 17:42 - 2015-04-21 11:40 - 14401536 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-05-12 17:42 - 2015-04-21 11:38 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2015-05-12 17:42 - 2015-04-21 11:37 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2015-05-12 17:42 - 2015-04-21 11:36 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2015-05-12 17:42 - 2015-04-21 11:32 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-05-12 17:42 - 2015-04-21 11:31 - 04305920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-05-12 17:42 - 2015-04-21 11:28 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2015-05-12 17:42 - 2015-04-21 11:27 - 02352128 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-05-12 17:42 - 2015-04-21 11:26 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-05-12 17:42 - 2015-04-21 11:26 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2015-05-12 17:42 - 2015-04-21 11:25 - 02052608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2015-05-12 17:42 - 2015-04-21 11:17 - 12828672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-05-12 17:42 - 2015-04-21 11:15 - 01547264 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-05-12 17:42 - 2015-04-21 11:03 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-05-12 17:42 - 2015-04-21 11:02 - 01882112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-05-12 17:42 - 2015-04-21 10:58 - 01310208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-05-12 17:42 - 2015-04-21 10:56 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-05-06 22:09 - 2015-05-06 22:19 - 00060928 _____ () C:\Users\Pradeepa\Downloads\CEF_Ahmed.XLS

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-02 13:43 - 2014-12-03 14:24 - 01630749 _____ () C:\WINDOWS\WindowsUpdate.log
2015-06-02 13:18 - 2014-04-20 01:08 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3688121889-113363352-3167696593-1001
2015-06-02 13:13 - 2014-08-10 13:38 - 00000934 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3688121889-113363352-3167696593-1001UA.job
2015-06-02 13:09 - 2014-09-24 03:15 - 00865408 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-06-02 13:03 - 2015-04-25 18:27 - 00000912 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-06-02 13:03 - 2014-09-24 03:03 - 00052754 _____ () C:\WINDOWS\PFRO.log
2015-06-02 13:03 - 2014-08-13 21:53 - 00000302 _____ () C:\WINDOWS\Tasks\FF Watcher {2A8BF2EF-BA9F-48BF-896F-97E00DF5E9F2}.job
2015-06-02 13:03 - 2014-04-19 01:49 - 00000980 _____ () C:\WINDOWS\Tasks\PriceMeterLiveUpdateUpdateTaskMachineCore.job
2015-06-02 13:03 - 2013-08-22 10:46 - 00309154 _____ () C:\WINDOWS\setupact.log
2015-06-02 13:03 - 2013-08-22 10:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-06-02 13:02 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-06-02 13:01 - 2014-03-22 00:27 - 29217436 _____ () C:\Users\Public\CAFADEBUG.log
2015-06-02 12:53 - 2014-08-05 07:23 - 00000318 _____ () C:\WINDOWS\Tasks\Astromenda.job
2015-06-02 08:46 - 2014-04-19 01:48 - 00000000 ____D () C:\ProgramData\WPM
2015-06-02 08:32 - 2015-04-25 18:27 - 00000916 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-06-02 08:11 - 2014-12-08 00:59 - 00003930 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{DD07D13C-5A28-496D-9E46-B5A2B164563C}
2015-06-01 19:27 - 2014-04-19 01:49 - 00000984 _____ () C:\WINDOWS\Tasks\PriceMeterLiveUpdateUpdateTaskMachineUA.job
2015-06-01 19:09 - 2014-04-25 14:26 - 00000000 ____D () C:\Users\Pradeepa\AppData\Roaming\vlc
2015-06-01 17:29 - 2015-01-02 17:21 - 02792448 ___SH () C:\Users\Pradeepa\Downloads\Thumbs.db
2015-06-01 15:32 - 2014-12-03 14:04 - 00000000 ____D () C:\Users\Pradeepa
2015-06-01 12:41 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-05-31 00:58 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\system32\NDF
2015-05-30 23:25 - 2013-08-22 09:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2015-05-30 23:19 - 2015-02-24 23:38 - 00000000 ___HD () C:\ProgramData\CanonIJScan
2015-05-30 23:19 - 2015-02-24 23:26 - 00000000 ____D () C:\Users\Pradeepa\AppData\Roaming\Canon
2015-05-30 23:18 - 2015-02-24 22:48 - 00000000 ____D () C:\Program Files (x86)\Canon
2015-05-30 23:14 - 2014-03-22 00:47 - 00000000 ___RD () C:\Program Files (x86)\Skype
2015-05-30 23:13 - 2014-08-10 13:38 - 00000882 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3688121889-113363352-3167696593-1001Core.job
2015-05-30 23:12 - 2013-08-22 09:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2015-05-28 22:50 - 2013-08-16 05:25 - 00000000 ____D () C:\ProgramData\Package Cache
2015-05-28 20:27 - 2015-04-25 18:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-05-28 18:27 - 2015-03-17 21:54 - 00000000 ____D () C:\Program Files (x86)\Apple Software Update
2015-05-28 14:30 - 2014-11-17 22:44 - 00001158 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-05-28 14:29 - 2014-03-21 22:54 - 00000000 ____D () C:\Users\Pradeepa\AppData\Roaming\Macromedia
2015-05-26 13:42 - 2014-03-22 00:47 - 00000000 ____D () C:\Users\Pradeepa\AppData\Roaming\Skype
2015-05-23 21:18 - 2015-04-25 18:34 - 00000000 ____D () C:\Program Files (x86)\Java
2015-05-23 21:16 - 2015-04-25 18:35 - 00097888 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2015-05-16 02:34 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\rescache
2015-05-16 01:38 - 2014-04-18 01:09 - 00002457 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-05-15 23:39 - 2013-08-22 11:37 - 00005217 _____ () C:\WINDOWS\DtcInstall.log
2015-05-15 23:37 - 2013-08-22 10:44 - 00510400 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2015-05-15 23:22 - 2015-04-04 06:02 - 00000000 ___SD () C:\WINDOWS\SysWOW64\GWX
2015-05-15 23:22 - 2015-04-04 06:02 - 00000000 ___SD () C:\WINDOWS\system32\GWX
2015-05-15 23:22 - 2013-08-22 11:36 - 00000000 ___RD () C:\WINDOWS\ImmersiveControlPanel
2015-05-15 23:21 - 2014-09-24 02:53 - 00000000 ____D () C:\Program Files\Windows Journal
2015-05-15 23:21 - 2013-08-22 11:36 - 00000000 ___RD () C:\WINDOWS\ToastData
2015-05-15 23:21 - 2013-08-22 11:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-05-15 23:21 - 2013-08-22 11:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-05-15 23:21 - 2013-08-22 11:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-05-15 23:21 - 2013-08-22 11:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-05-15 23:21 - 2013-08-22 11:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-05-15 23:21 - 2013-08-22 11:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-05-15 23:21 - 2013-08-22 11:36 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools
2015-05-15 23:21 - 2013-08-22 11:36 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2015-05-15 23:21 - 2013-08-22 11:36 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-05-15 23:21 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\MediaViewer
2015-05-15 23:21 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\FileManager
2015-05-15 23:21 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\Camera
2015-05-15 23:21 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\system32\AdvancedInstallers
2015-05-15 23:19 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\sppui
2015-05-15 23:19 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\setup
2015-05-15 23:19 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\migwiz
2015-05-15 23:19 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\Com
2015-05-15 23:19 - 2013-08-22 11:36 - 00000000 ____D () C:\Program Files\Windows Portable Devices
2015-05-15 23:19 - 2013-08-22 11:36 - 00000000 ____D () C:\Program Files\Windows Photo Viewer
2015-05-15 23:19 - 2013-08-22 11:36 - 00000000 ____D () C:\Program Files\Windows Multimedia Platform
2015-05-15 23:19 - 2013-08-22 11:36 - 00000000 ____D () C:\Program Files\Common Files\System
2015-05-15 23:19 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\oobe
2015-05-15 23:19 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\Dism
2015-05-15 23:19 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\servicing
2015-05-15 23:12 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\system32\WinBioPlugIns
2015-05-15 23:12 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\system32\sppui
2015-05-15 23:12 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\system32\setup
2015-05-15 23:12 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\system32\Com
2015-05-15 23:12 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\IME
2015-05-15 23:12 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\system32\Sysprep
2015-05-15 23:12 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\system32\oobe
2015-05-15 23:11 - 2013-08-22 11:36 - 00000000 ___SD () C:\WINDOWS\system32\dsc
2015-05-15 23:11 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\system32\SystemResetPlatform
2015-05-15 23:11 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\system32\migwiz
2015-05-15 23:11 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\system32\Dism
2015-05-15 23:04 - 2013-08-22 11:36 - 00000000 ____D () C:\Program Files (x86)\Windows Portable Devices
2015-05-15 23:04 - 2013-08-22 11:36 - 00000000 ____D () C:\Program Files (x86)\Windows Photo Viewer
2015-05-15 23:04 - 2013-08-22 11:36 - 00000000 ____D () C:\Program Files (x86)\Windows Multimedia Platform
2015-05-15 23:03 - 2013-08-22 11:36 - 00000000 ____D () C:\Program Files\WindowsPowerShell
2015-05-15 22:59 - 2012-07-26 03:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2015-05-12 20:34 - 2014-12-01 19:02 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-05-12 19:20 - 2014-04-18 12:08 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-05-12 19:07 - 2014-04-18 12:08 - 140425016 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-05-05 00:24 - 2014-03-22 00:47 - 00000000 ____D () C:\ProgramData\Skype

==================== Files in the root of some directories =======

2014-08-13 21:54 - 2014-08-13 21:54 - 0001200 _____ () C:\Users\Pradeepa\AppData\Roaming\aps.scan.quick.results
2014-08-13 21:54 - 2014-08-13 21:54 - 0002928 _____ () C:\Users\Pradeepa\AppData\Roaming\aps.scan.results
2014-08-13 21:54 - 2014-08-13 21:54 - 0000318 _____ () C:\Users\Pradeepa\AppData\Roaming\aps.uninstall.scan.results
2015-04-14 12:28 - 2015-04-14 12:28 - 0004387 _____ () C:\Users\Pradeepa\AppData\Roaming\hafPwBCY41nK7GdUOXVl
2015-04-20 10:05 - 2015-04-20 10:05 - 1246720 _____ () C:\Users\Pradeepa\AppData\Roaming\hafPwBCY41nK7GdUOXVl.exe
2014-11-07 20:14 - 2014-11-07 20:14 - 1490864 _____ (Cinema PlusV07.11) C:\Users\Pradeepa\AppData\Roaming\SBIRUWJ.exe
2014-08-24 13:23 - 2014-11-09 00:28 - 0000117 _____ () C:\Users\Pradeepa\AppData\Roaming\WB.CFG
2015-04-19 08:20 - 2015-04-19 08:20 - 0005872 _____ () C:\Users\Pradeepa\AppData\Roaming\X1J5Mh6BdzxCv9rZmVR
2015-04-20 10:05 - 2015-04-20 10:05 - 1579520 _____ () C:\Users\Pradeepa\AppData\Roaming\X1J5Mh6BdzxCv9rZmVR.exe
2014-11-07 20:14 - 2014-11-07 20:14 - 1977264 _____ (Cinema PlusV07.11) C:\Users\Pradeepa\AppData\Roaming\YWNEQGCS.exe
2015-05-28 14:31 - 2015-05-28 14:31 - 0000064 _____ () C:\Users\Pradeepa\AppData\Local\d611a977fc6d24361b8e49f489329352
2014-08-13 21:53 - 2014-08-13 21:53 - 0575544 _____ (ClickMeIn Limited) C:\Users\Pradeepa\AppData\Local\nss6409.tmp
2015-05-28 23:01 - 2015-05-28 23:01 - 0011790 _____ () C:\Users\Pradeepa\AppData\Local\Temp-log.txt
2013-08-16 05:22 - 2013-08-16 05:22 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2015-05-28 14:49 - 2015-05-30 23:08 - 0000112 _____ () C:\ProgramData\H2NmLy.dat

Files to move or delete:
====================
C:\ProgramData\H2NmLy.dat


Some files in TEMP:
====================
C:\Users\Pradeepa\AppData\Local\Temp\1980.exe
C:\Users\Pradeepa\AppData\Local\Temp\420.exe
C:\Users\Pradeepa\AppData\Local\Temp\52C8.exe
C:\Users\Pradeepa\AppData\Local\Temp\6128.exe
C:\Users\Pradeepa\AppData\Local\Temp\6880.exe
C:\Users\Pradeepa\AppData\Local\Temp\8007.exe
C:\Users\Pradeepa\AppData\Local\Temp\APNSetup.exe
C:\Users\Pradeepa\AppData\Local\Temp\B6D8.exe
C:\Users\Pradeepa\AppData\Local\Temp\Barron'S Toefl Ibt 12th Edition Pdf__10924_i1525695266_il1002705.exe
C:\Users\Pradeepa\AppData\Local\Temp\Barron'S Toefl Ibt 12th Edition Pdf__10924_i1525714799_il1002705.exe
C:\Users\Pradeepa\AppData\Local\Temp\bitool.dll
C:\Users\Pradeepa\AppData\Local\Temp\C22E.exe
C:\Users\Pradeepa\AppData\Local\Temp\D00.exe
C:\Users\Pradeepa\AppData\Local\Temp\F3C0.exe
C:\Users\Pradeepa\AppData\Local\Temp\i4jdel0.exe
C:\Users\Pradeepa\AppData\Local\Temp\MSETUP4.EXE
C:\Users\Pradeepa\AppData\Local\Temp\mVO37EE.exe
C:\Users\Pradeepa\AppData\Local\Temp\nitro_pro8_x64.exe
C:\Users\Pradeepa\AppData\Local\Temp\oct2D25.tmp.exe
C:\Users\Pradeepa\AppData\Local\Temp\oct3B5A.tmp.exe
C:\Users\Pradeepa\AppData\Local\Temp\oct4437.tmp.exe
C:\Users\Pradeepa\AppData\Local\Temp\oct4E9.tmp.exe
C:\Users\Pradeepa\AppData\Local\Temp\oct6CAC.tmp.exe
C:\Users\Pradeepa\AppData\Local\Temp\octB884.tmp.exe
C:\Users\Pradeepa\AppData\Local\Temp\octC147.tmp.exe
C:\Users\Pradeepa\AppData\Local\Temp\octE48D.tmp.exe
C:\Users\Pradeepa\AppData\Local\Temp\octEDEC.tmp.exe
C:\Users\Pradeepa\AppData\Local\Temp\setup.exe
C:\Users\Pradeepa\AppData\Local\Temp\setup_644.exe
C:\Users\Pradeepa\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Pradeepa\AppData\Local\Temp\SpOrder.dll
C:\Users\Pradeepa\AppData\Local\Temp\uninstall.exe
C:\Users\Pradeepa\AppData\Local\Temp\vlc-2.1.5-win64.exe
C:\Users\Pradeepa\AppData\Local\Temp\{A776FF5E-7056-4E5B-B415-EFD7A96346CD}.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-06-01 15:29

==================== End of log ============================



#10 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:02:51 AM

Posted 02 June 2015 - 12:56 PM

:thumbup2:
 

Next round:

Step 1

Please download adwcleaner.png AdwCleaner (by Xplode) and save it to your Desktop.

  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select "Run As Administrator"
  • Click on the Scan button.
  • After the scan has finished, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • After rebooting, a log file (that is saved in C:\AdwCleaner[S#].txt) will open automatically.
    Copy and paste the contents of that logfile in your next reply.

Step 2

v21logo.PNG

Please download and install Malwarebytes Anti-Malware.

  • Please open Malwarebytes Anti-Malware and update the database.
  • Click "Settings" [1] and go to "Detection and Protection" [2]
  • Make sure "Scan for Rootkits" is checked.
  • Click on Dashboard [3], then click on Scan Now [4] to start the scan.
    :exclame: If Malware or Potentially Unwanted Programs [PUPs] are found, you will receive a prompt:
    m21p.png
  • Click on "Remove Selected" [5].
  • Then click "Save Results" [6] and select
    m21p4.png
  • Return to our forum. Paste your log into your next reply and then click Finish [7].

mbamv21.gif

Step 3

frst.pngfrstscan.png

Start FRST with administator privileges.

  • Make sure the following option is checked: addition.png
  • Press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
    Please copy and paste these logs in your next reply.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#11 hlingam

hlingam
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:08:51 PM

Posted 02 June 2015 - 02:51 PM

Followed Step1 , Log file after running AdwCleaner

 

# AdwCleaner v4.206 - Logfile created 02/06/2015 at 14:26:52
# Updated 01/06/2015 by Xplode
# Database : 2015-05-31.5 [Local]
# Operating system : Windows 8.1  (x64)
# Username : Pradeepa - DEEPAM
# Running from : C:\Users\Pradeepa\Desktop\AdwCleaner.exe
# Option : Cleaning

***** [ Services ] *****

[#] Service Deleted : BackupStack
[#] Service Deleted : IePluginService
[#] Service Deleted : Wpm
Service Deleted : {2635ac50-5488-40bf-9bfd-accb158f8f3f}w64
Service Deleted : {55dce8ba-9dec-4013-937e-adbf9317d990}Gw64
Service Deleted : {55dce8ba-9dec-4013-937e-adbf9317d990}w64
[#] Service Deleted : innfd_1_10_0_14

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\apn
Folder Deleted : C:\ProgramData\Browser
Folder Deleted : C:\ProgramData\IePluginService
Folder Deleted : C:\ProgramData\IePluginServices
Folder Deleted : C:\ProgramData\pastaleads
Folder Deleted : C:\ProgramData\PriceMeterLiveUpdate
Folder Deleted : C:\ProgramData\Systweak
Folder Deleted : C:\ProgramData\WindowsMangerProtect
Folder Deleted : C:\ProgramData\WPM
Folder Deleted : C:\ProgramData\FlashBeat
Folder Deleted : C:\ProgramData\BoostSoftware
Folder Deleted : C:\ProgramData\cosstminn
Folder Deleted : C:\ProgramData\201b196fcb09de3a
Folder Deleted : C:\ProgramData\2313470801523367482
Folder Deleted : C:\ProgramData\{1f9ca189-3f43-6789-1f9c-ca1893f48624}
Folder Deleted : C:\ProgramData\{361ea319-36f5-66df-361e-ea31936f8c64}
Folder Deleted : C:\ProgramData\{5cf97880-2e60-a565-5cf9-978802e6e200}
Folder Deleted : C:\ProgramData\{b3c7ae85-476d-187b-b3c7-7ae85476ba15}
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PepperZip
Folder Deleted : C:\Program Files (x86)\Astromenda
Folder Deleted : C:\Program Files (x86)\FLVM Player
Folder Deleted : C:\Program Files (x86)\globalUpdate
Folder Deleted : C:\Program Files (x86)\MyPC Backup
Folder Deleted : C:\Program Files (x86)\pastaleads
Folder Deleted : C:\Program Files (x86)\predm
Folder Deleted : C:\Program Files (x86)\PriceMeterLiveUpdate
Folder Deleted : C:\Program Files (x86)\SupTab
Folder Deleted : C:\Program Files (x86)\cosstminn
Folder Deleted : C:\Program Files (x86)\Common Files\IMGUpdater
Folder Deleted : C:\Program Files (x86)\Common Files\Umbrella
Folder Deleted : C:\Program Files (x86)\Common Files\DealAlly
Folder Deleted : C:\Program Files (x86)\Common Files\Hoist Search
Folder Deleted : C:\Users\Pradeepa\AppData\Local\Temp\apn
Folder Deleted : C:\Program Files\V-bates
Folder Deleted : C:\Program Files\005
Folder Deleted : C:\Users\Administrator\AppData\Local\Chromatic Browser
Folder Deleted : C:\Users\Administrator\AppData\Local\torch
Folder Deleted : C:\Users\Administrator\AppData\Local\Crossbrowse
Folder Deleted : C:\Users\Guest\AppData\Local\Chromatic Browser
Folder Deleted : C:\Users\Guest\AppData\Local\torch
Folder Deleted : C:\Users\Guest\AppData\Local\Crossbrowse
Folder Deleted : C:\Users\Pradeepa\AppData\Local\Browsersafeguard
Folder Deleted : C:\Users\Pradeepa\AppData\Local\Chromatic Browser
Folder Deleted : C:\Users\Pradeepa\AppData\Local\Gameo
Folder Deleted : C:\Users\Pradeepa\AppData\Local\globalUpdate
Folder Deleted : C:\Users\Pradeepa\AppData\Local\PriceMeterLiveUpdate
Folder Deleted : C:\Users\Pradeepa\AppData\Local\torch
Folder Deleted : C:\Users\Pradeepa\AppData\Local\SmartWeb
Folder Deleted : C:\Users\Pradeepa\AppData\Local\StormFall
Folder Deleted : C:\Users\Pradeepa\AppData\Local\5D46E0FF-1432823376-E211-A330-208984ECA4BC
Folder Deleted : C:\Users\Pradeepa\AppData\Roaming\ap_logs
Folder Deleted : C:\Users\Pradeepa\AppData\Roaming\Astromenda
Folder Deleted : C:\Users\Pradeepa\AppData\Roaming\Gameo
Folder Deleted : C:\Users\Pradeepa\AppData\Roaming\OpenCandy
Folder Deleted : C:\Users\Pradeepa\AppData\Roaming\SupTab
Folder Deleted : C:\Users\Pradeepa\AppData\Roaming\Systweak
Folder Deleted : C:\Users\Pradeepa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AnyProtect PC Backup
Folder Deleted : C:\Users\Pradeepa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FLVM Player
Folder Deleted : C:\Users\Pradeepa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup
Folder Deleted : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pleonnglfkoengjplaomdpjbdcdbgdfm
Folder Deleted : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\pleonnglfkoengjplaomdpjbdcdbgdfm
[/!\] Not Deleted ( Junction ) : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pleonnglfkoengjplaomdpjbdcdbgdfm
[/!\] Not Deleted ( Junction ) : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\pleonnglfkoengjplaomdpjbdcdbgdfm
Folder Deleted : C:\Users\Pradeepa\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\bpffalghigmkdghibgickgcnkbcaidch
Folder Deleted : C:\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\pleonnglfkoengjplaomdpjbdcdbgdfm
Folder Deleted : C:\Users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\pleonnglfkoengjplaomdpjbdcdbgdfm
Folder Deleted : C:\Users\Pradeepa\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\pleonnglfkoengjplaomdpjbdcdbgdfm
Folder Deleted : C:\Users\Pradeepa\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\bpffalghigmkdghibgickgcnkbcaidch
Folder Deleted : C:\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pleonnglfkoengjplaomdpjbdcdbgdfm
Folder Deleted : C:\Users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pleonnglfkoengjplaomdpjbdcdbgdfm
Folder Deleted : C:\Users\Pradeepa\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pleonnglfkoengjplaomdpjbdcdbgdfm
File Deleted : C:\WINDOWS\shost.bin
File Deleted : C:\Users\Pradeepa\AppData\Local\Temp\Uninstall.exe
File Deleted : C:\WINDOWS\System32\roboot64.exe
File Deleted : C:\WINDOWS\System32\drivers\{2635ac50-5488-40bf-9bfd-accb158f8f3f}w64.sys
File Deleted : C:\WINDOWS\System32\drivers\{55dce8ba-9dec-4013-937e-adbf9317d990}Gw64.sys
File Deleted : C:\WINDOWS\System32\drivers\{55dce8ba-9dec-4013-937e-adbf9317d990}w64.sys
File Deleted : C:\Users\Pradeepa\AppData\Roaming\aps.scan.quick.results
File Deleted : C:\Users\Pradeepa\AppData\Roaming\aps.scan.results
File Deleted : C:\Users\Pradeepa\AppData\Roaming\aps.uninstall.scan.results
File Deleted : C:\Users\Pradeepa\AppData\Roaming\hafPwBCY41nK7GdUOXVl
File Deleted : C:\Users\Pradeepa\AppData\Roaming\hafPwBCY41nK7GdUOXVl.exe
File Deleted : C:\Users\Pradeepa\AppData\Roaming\SBIRUWJ.exe
File Deleted : C:\Users\Pradeepa\AppData\Roaming\X1J5Mh6BdzxCv9rZmVR
File Deleted : C:\Users\Pradeepa\AppData\Roaming\X1J5Mh6BdzxCv9rZmVR.exe
File Deleted : C:\Users\Pradeepa\AppData\Roaming\YWNEQGCS.exe
File Deleted : C:\Users\Pradeepa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Play Games Online.url
File Deleted : C:\Users\Pradeepa\AppData\Roaming\Mozilla\Firefox\Profiles\pgx74g70.default\searchplugins\trovi.xml

***** [ Scheduled tasks ] *****

Task Deleted : APSnotifierPP1
Task Deleted : APSnotifierPP2
Task Deleted : APSnotifierPP3
Task Deleted : ASP
Task Deleted : Astromenda
Task Deleted : Crossbrowse
Task Deleted : LaunchSignup
Task Deleted : PastaQuotes
Task Deleted : PriceMeterLiveUpdateUpdateTaskMachineCore
Task Deleted : PriceMeterLiveUpdateUpdateTaskMachineUA
Task Deleted : Sparta W1
Task Deleted : Sparta N
Task Deleted : Sparta D1
Task Deleted : hafPwBCY41nK7GdUOXVl
Task Deleted : X1J5Mh6BdzxCv9rZmVR
Task Deleted : FF Watcher {2A8BF2EF-BA9F-48BF-896F-97E00DF5E9F2}

***** [ Shortcuts ] *****


***** [ Registry ] *****

Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{21EAF666-26B3-4a3c-ABD0-CA2F5A326744}]
Value Deleted : [x64] HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{21EAF666-26B3-4a3c-ABD0-CA2F5A326744}]
Key Deleted : HKCU\Software\Google\Chrome\Extensions\blmchfpimpbbdmgpcieclabeafkljbhm
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\blmchfpimpbbdmgpcieclabeafkljbhm
Key Deleted : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\blmchfpimpbbdmgpcieclabeafkljbhm
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ehhlaekjfiiojlddgndcnefflngfmhen
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\nbljechdpodpbchbmjcoamidppmpnmlc
Key Deleted : HKCU\Software\Google\Chrome\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae
Key Deleted : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae
Key Deleted : HKCU\Software\Classes\pokki
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\superfish.com
Key Deleted : HKLM\SOFTWARE\Classes\AppID\Iminent.WebBooster.InternetExplorer.DLL
Key Deleted : HKLM\SOFTWARE\Classes\Iminent
Key Deleted : HKLM\SOFTWARE\Classes\IminentWebBooster.BrowserHelperObject
Key Deleted : HKLM\SOFTWARE\Classes\IminentWebBooster.BrowserHelperObject.1
Key Deleted : HKLM\SOFTWARE\Classes\IminentWebBooster.ScriptExtender
Key Deleted : HKLM\SOFTWARE\Classes\IminentWebBooster.ScriptExtender.1
Key Deleted : HKLM\SOFTWARE\Classes\PCProxy.DataContainer
Key Deleted : HKLM\SOFTWARE\Classes\PriceMeterLiveUpdate.OneClickCtrl.9
Key Deleted : HKLM\SOFTWARE\Classes\PriceMeterLiveUpdate.OneClickProcessLauncherMachine
Key Deleted : HKLM\SOFTWARE\Classes\PriceMeterLiveUpdate.OneClickProcessLauncherMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\PriceMeterLiveUpdate.Update3WebControl.3
Key Deleted : HKLM\SOFTWARE\Classes\PriceMeterLiveUpdateUpdate.CoCreateAsync
Key Deleted : HKLM\SOFTWARE\Classes\PriceMeterLiveUpdateUpdate.CoCreateAsync.1.0
Key Deleted : HKLM\SOFTWARE\Classes\PriceMeterLiveUpdateUpdate.CoreClass
Key Deleted : HKLM\SOFTWARE\Classes\PriceMeterLiveUpdateUpdate.CoreClass.1
Key Deleted : HKLM\SOFTWARE\Classes\PriceMeterLiveUpdateUpdate.CoreMachineClass
Key Deleted : HKLM\SOFTWARE\Classes\PriceMeterLiveUpdateUpdate.CoreMachineClass.1
Key Deleted : HKLM\SOFTWARE\Classes\PriceMeterLiveUpdateUpdate.CredentialDialogMachine
Key Deleted : HKLM\SOFTWARE\Classes\PriceMeterLiveUpdateUpdate.CredentialDialogMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\PriceMeterLiveUpdateUpdate.OnDemandCOMClassMachine
Key Deleted : HKLM\SOFTWARE\Classes\PriceMeterLiveUpdateUpdate.OnDemandCOMClassMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\PriceMeterLiveUpdateUpdate.OnDemandCOMClassMachineFallback
Key Deleted : HKLM\SOFTWARE\Classes\PriceMeterLiveUpdateUpdate.OnDemandCOMClassMachineFallback.1.0
Key Deleted : HKLM\SOFTWARE\Classes\PriceMeterLiveUpdateUpdate.OnDemandCOMClassSvc
Key Deleted : HKLM\SOFTWARE\Classes\PriceMeterLiveUpdateUpdate.OnDemandCOMClassSvc.1.0
Key Deleted : HKLM\SOFTWARE\Classes\PriceMeterLiveUpdateUpdate.ProcessLauncher
Key Deleted : HKLM\SOFTWARE\Classes\PriceMeterLiveUpdateUpdate.ProcessLauncher.1.0
Key Deleted : HKLM\SOFTWARE\Classes\PriceMeterLiveUpdateUpdate.Update3COMClassService
Key Deleted : HKLM\SOFTWARE\Classes\PriceMeterLiveUpdateUpdate.Update3COMClassService.1.0
Key Deleted : HKLM\SOFTWARE\Classes\PriceMeterLiveUpdateUpdate.Update3WebMachine
Key Deleted : HKLM\SOFTWARE\Classes\PriceMeterLiveUpdateUpdate.Update3WebMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\PriceMeterLiveUpdateUpdate.Update3WebMachineFallback
Key Deleted : HKLM\SOFTWARE\Classes\PriceMeterLiveUpdateUpdate.Update3WebMachineFallback.1.0
Key Deleted : HKLM\SOFTWARE\Classes\PriceMeterLiveUpdateUpdate.Update3WebSvc
Key Deleted : HKLM\SOFTWARE\Classes\PriceMeterLiveUpdateUpdate.Update3WebSvc.1.0
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\mypc backup
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [AnyProtect Scanner]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [BlockAndSurf]
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@tools.updatepm.com/PriceMeterLiveUpdate Update;version=3
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@tools.updatepm.com/PriceMeterLiveUpdate Update;version=9
Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WindowsMangerProtect
Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\IePluginService
Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Wpm
Key Deleted : HKCU\Software\Classes\PepperZip
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{01994268-3C10-4044-A1EA-7A9C1B739A11}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9DC8FA51-B596-4F77-802C-5B295919C205}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00A154AE-6C33-4F1E-9057-242350540936}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{051E9166-B275-4683-907B-372FAE22BC7C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{126C78A0-36E7-4697-A3AB-32706144398B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{30D1E30D-B7F5-4C7A-8EDA-9F02966538A8}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3E28F712-0D6C-4EE3-AC8C-8F060F5D7C33}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{41C35ADE-DEDA-439F-8140-D53F2C76C963}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4211E851-747F-4470-923D-6EF683EE79CA}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{45F8961E-1314-421E-9F00-BDDE18CF8EA0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4825ACAD-F495-4CDD-9603-9C91BABB2B88}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{533403E2-6E21-4615-9E28-43F4E97E977B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5B60D1C0-453A-485D-AE91-61FAC9203719}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5C176BA0-6FC0-4EBD-8ACF-24AC592506B6}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6CE321DA-DC11-45C6-A0FC-4E8A7D978ABC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6EEBC7FF-67DA-4B90-9251-C2C5696E4B48}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{74137531-80F7-406F-9543-7D11385FA8C8}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{74930D00-2198-46FE-B6BC-FEEC60C666C9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{832599B2-55BF-4437-8F3E-030CF5AEB262}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{89449F37-4AB2-46ED-A566-BB3A7797701B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8D73A258-9787-4AE7-9232-41036673FD0E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9D24562E-40EC-4E46-B57C-700352059B55}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B1A429DB-FB06-4645-B7C0-0CC405EAD3CD}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B1F29F0C-2EC8-487B-97C2-8B8FEA6CEF14}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C0756D99-64A1-4332-B783-A5A1B571D431}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CF0A778A-DDA0-4492-9804-EF38C9A9F1A5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D1C6444C-CC06-4060-A486-736DEAFD9C16}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D8746A3A-A372-4C8B-96E5-B58F6474EB19}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DD67706E-819E-4EBD-BF8D-6D6147CC7A49}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F509ADC2-B40E-470F-A7B7-45191486B5CB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F62A4AF9-58B4-4FEC-89CC-D717A547D8E8}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0FCE4F01-64EC-42F1-83E1-1E08D38605D2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1A2A195A-A0F9-4006-AF02-3F05EEFDE792}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{22511E2E-7970-414E-BC7C-28D16C4AF54D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23C5311E-016D-4999-BCB1-499898429D6C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2C4B6DB8-6413-403B-A038-16A352CFE8B9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2D9DB233-DC4B-4677-946C-5FA5ABCF506B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3AE76A17-C344-4A83-81CE-65EFEE41E42D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{46803190-228D-470E-90FE-F5E0CEA9C4F2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4C0A69B0-CE97-42B7-86FC-08280C99C74D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E9EB4D5-C929-4005-AC62-1856B1DA5A24}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5180FE16-2E09-497B-9C8B-5A6F029ECECB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8FAF962C-3EDE-405E-B1D0-62B8235C6044}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A4F6E1B3-469E-46EF-A936-FBA9D5EFD2B9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C1F5E799-B218-4C32-B189-3C389BA140BB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C58D664A-3DBC-4925-AE74-0382007DF113}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C776D7F4-BA85-4B75-AAFC-3A0A11FE6E36}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C97AF157-6A27-4F57-9D47-E2D3E4761B77}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ED0D2C81-7DB5-4599-B7C0-1033418B5672}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F60C9408-3110-4C98-A139-ABE1EE1111DD}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{968EDCE0-C10A-47BB-B3B6-FDF09F2A417D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A9CAF365-EA35-45DA-BD8B-2EFA09D374AC}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{ED721A76-8160-4DA0-A18E-7FD7C4574774}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{89449F37-4AB2-46ED-A566-BB3A7797701B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F509ADC2-B40E-470F-A7B7-45191486B5CB}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{89449F37-4AB2-46ED-A566-BB3A7797701B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F509ADC2-B40E-470F-A7B7-45191486B5CB}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{051E9166-B275-4683-907B-372FAE22BC7C}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{5C176BA0-6FC0-4EBD-8ACF-24AC592506B6}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{A75BE48D-BF58-4A8B-B96C-F9A09DFB9844}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0FCE4F01-64EC-42F1-83E1-1E08D38605D2}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1A2A195A-A0F9-4006-AF02-3F05EEFDE792}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{22511E2E-7970-414E-BC7C-28D16C4AF54D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{23C5311E-016D-4999-BCB1-499898429D6C}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2C4B6DB8-6413-403B-A038-16A352CFE8B9}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2D9DB233-DC4B-4677-946C-5FA5ABCF506B}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3AE76A17-C344-4A83-81CE-65EFEE41E42D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{46803190-228D-470E-90FE-F5E0CEA9C4F2}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4C0A69B0-CE97-42B7-86FC-08280C99C74D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E9EB4D5-C929-4005-AC62-1856B1DA5A24}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{5180FE16-2E09-497B-9C8B-5A6F029ECECB}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{8FAF962C-3EDE-405E-B1D0-62B8235C6044}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A4F6E1B3-469E-46EF-A936-FBA9D5EFD2B9}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C1F5E799-B218-4C32-B189-3C389BA140BB}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C58D664A-3DBC-4925-AE74-0382007DF113}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C776D7F4-BA85-4B75-AAFC-3A0A11FE6E36}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C97AF157-6A27-4F57-9D47-E2D3E4761B77}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{ED0D2C81-7DB5-4599-B7C0-1033418B5672}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{F60C9408-3110-4C98-A139-ABE1EE1111DD}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CC865B26-C31D-4D23-B17B-96548EEF03F6}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{A25AC313-DD19-4238-ACA2-401D6BEE4321}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{015DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3B6E5E72-A483-436F-828E-8DFB0CD9D188}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Key Deleted : HKCU\Software\1ClickDownload
Key Deleted : HKCU\Software\AnyProtect
Key Deleted : HKCU\Software\Boost
Key Deleted : HKCU\Software\GlobalUpdate
Key Deleted : HKCU\Software\Iminent
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\Optimizer Pro
Key Deleted : HKCU\Software\PriceMeterLiveUpdate
Key Deleted : HKCU\Software\RegisteredApplicationsEx
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\SupHpUISoft
Key Deleted : HKCU\Software\systweak
Key Deleted : HKCU\Software\DriverSupport
Key Deleted : HKCU\Software\gameo
Key Deleted : HKCU\Software\Crossbrowse
Key Deleted : HKCU\Software\YorkNewCin
Key Deleted : HKCU\Software\HighDefAction
Key Deleted : HKCU\Software\ArenaHD
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKCU\Software\AppDataLow\Software\BlockAndSurf
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKCU\Software\AppDataLow\Software\DynConIE
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKCU\Software\AppDataLow\Software\suprasavings
Key Deleted : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Deleted : HKLM\SOFTWARE\Boost
Key Deleted : HKLM\SOFTWARE\DealPlyLive
Key Deleted : HKLM\SOFTWARE\FreeSoftToday
Key Deleted : HKLM\SOFTWARE\GlobalUpdate
Key Deleted : HKLM\SOFTWARE\IMGUPDATER
Key Deleted : HKLM\SOFTWARE\Iminent
Key Deleted : HKLM\SOFTWARE\InstallCore
Key Deleted : HKLM\SOFTWARE\istart123Software
Key Deleted : HKLM\SOFTWARE\NpApp
Key Deleted : HKLM\SOFTWARE\PriceMeterLiveUpdate
Key Deleted : HKLM\SOFTWARE\qone8Software
Key Deleted : HKLM\SOFTWARE\SupDp
Key Deleted : HKLM\SOFTWARE\SupTab
Key Deleted : HKLM\SOFTWARE\supWindowsMangerProtect
Key Deleted : HKLM\SOFTWARE\supWPM
Key Deleted : HKLM\SOFTWARE\systweak
Key Deleted : HKLM\SOFTWARE\TBID
Key Deleted : HKLM\SOFTWARE\Tutorials
Key Deleted : HKLM\SOFTWARE\Umbrella
Key Deleted : HKLM\SOFTWARE\Crossbrowse
Key Deleted : HKLM\SOFTWARE\BoostSoftware
Key Deleted : HKLM\SOFTWARE\coupoon
Key Deleted : HKLM\SOFTWARE\YorkNewCin
Key Deleted : HKLM\SOFTWARE\HighDefAction
Key Deleted : HKLM\SOFTWARE\ArenaHD
Key Deleted : HKU\.DEFAULT\Software\AnyProtect
Key Deleted : HKU\.DEFAULT\Software\AskPartnerNetwork
Key Deleted : HKU\.DEFAULT\Software\Microsoft\KanarCore
Key Deleted : [x64] HKLM\SOFTWARE\Iminent
Key Deleted : [x64] HKLM\SOFTWARE\suprasavings
Key Deleted : [x64] HKLM\SOFTWARE\TBID
Key Deleted : [x64] HKLM\SOFTWARE\YorkNewCin
Key Deleted : [x64] HKLM\SOFTWARE\HighDefAction
Key Deleted : [x64] HKLM\SOFTWARE\ArenaHD
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyPC Backup
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3152E1F19977892449DC968802CE8964
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DatamngrCoordinator.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PriceMeterLiveUpdate.exe
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ask.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\reimageplus.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.reimageplus.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.search.ask.com
Data Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyServer] - hxxp=127.0.0.1:58091;hxxps=127.0.0.1:58091
Data Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyEnable] - 1
Data Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <-loopback>
Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyServer] - 127.0.0.1:5050
Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyEnable] - 1
Data Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <-loopback>

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17416

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Search Page]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Search [Default_Search_URL]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Search [SearchAssistant]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\SearchUrl [Default]
Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]

-\\ Mozilla Firefox v38.0 (x86 en-US)

[pgx74g70.default\prefs.js] - Line Deleted : user_pref("extensions.crossrider.bic", "14d9c6d1b4a3d8f45bdbc47b2abdbf92");

-\\ Google Chrome v42.0.2311.90

[C:\Users\Pradeepa\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Extension] : blmchfpimpbbdmgpcieclabeafkljbhm
[C:\Users\Pradeepa\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Extension] : booedmolknjekdopkepjjeckmjkdpfgl
[C:\Users\Pradeepa\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Extension] : bopakagnckmlgajfccecajhnimjiiedh
[C:\Users\Pradeepa\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Extension] : ehhlaekjfiiojlddgndcnefflngfmhen
[C:\Users\Pradeepa\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Extension] : flpcjncodpafbgdpnkljologafpionhb
[C:\Users\Pradeepa\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Extension] : nbljechdpodpbchbmjcoamidppmpnmlc
[C:\Users\Pradeepa\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Extension] : pelmeidfhdlhlbjimpabfcbnnojbboma
[C:\Users\Pradeepa\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Extension] : pfkfdlcdbajamklbneflfbcmfgddmpae
[C:\Users\Pradeepa\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Extension] : bpffalghigmkdghibgickgcnkbcaidch
[C:\Users\Pradeepa\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Default_Search_Provider_Data] :

-\\ Comodo Dragon v


-\\ Chrome Canary v


*************************

AdwCleaner[R0].txt - [46667 bytes] - [02/06/2015 14:22:06]
AdwCleaner[S0].txt - [29223 bytes] - [02/06/2015 14:26:52]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [29283  bytes] ##########
 

Followed Step 2, Log file after running Malwarebytes Anti-Malware.

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 02-06-2015
Scan Time: 14:37:08
Logfile: 123.txt
Administrator: Yes

Version: 2.01.6.1022
Malware Database: v2015.06.02.05
Rootkit Database: v2015.06.02.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 8.1
CPU: x64
File System: NTFS
User: Pradeepa

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 401086
Time Elapsed: 42 min, 49 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

 

Followed Step3, FRST log file:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 29-05-2015
Ran by Pradeepa (administrator) on DEEPAM on 02-06-2015 15:35:32
Running from C:\FRST
Loaded Profiles: Pradeepa (Available Profiles: Pradeepa)
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(McAfee, Inc.) C:\Program Files\mcafee\msc\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.17709_none_fa7932f59afc2e40\TiWorker.exe
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Power Software Ltd) C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\Platform\McUICnt.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Intel® Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [HotKeysCmds] => C:\windows\system32\hkcmd.exe
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [286192 2013-01-31] (Intel Corporation)
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [900704 2013-03-15] (Conexant Systems, Inc.)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [17097200 2013-08-16] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [193008 2013-08-16] (Lenovo(beijing) Limited)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-02-13] (Apple Inc.)
HKLM-x32\...\Run: [YouCam Tray] => C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe [168464 2012-10-30] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateP2GShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [217088 2012-04-18] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)
HKLM-x32\...\Run: [mcui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [537992 2014-04-25] (McAfee, Inc.)
HKLM-x32\...\Run: [Intel AppUp(SM) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-07-12] (Intel Corporation)
HKLM-x32\...\Run: [mcpltui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [537992 2014-04-25] (McAfee, Inc.)
HKLM-x32\...\Run: [PC HealthFix] => "C:\ProgramData\PC HealthFix\PCHealthFix.exe" /runscan
HKLM-x32\...\Run: [PWRISOVM.EXE] => C:\Program Files (x86)\PowerISO\PWRISOVM.EXE [337432 2013-07-21] (Power Software Ltd)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896 2015-04-30] (Oracle Corporation)
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-21-3688121889-113363352-3167696593-1001\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [479744 2014-10-28] (Microsoft Corporation)
HKU\S-1-5-21-3688121889-113363352-3167696593-1001\...\RunOnce: [Application Restart #5] => C:\Users\Pradeepa\AppData\Local\Pokki\Engine\HostAppService.exe  /openmenu --disable-internal-flash --noerrdialogs --no-message-box --disable-extensions --disable-web-security --disable-web-resources  (the data entry has 565 more characters).
HKU\S-1-5-21-3688121889-113363352-3167696593-1001\...\MountPoints2: {7a7642b8-cbf2-11e4-bf23-0cd2926109df} - "G:\LaunchU3.exe" -a
AppInit_DLLs: C:\ProgramData\FlashBeat\FlashBeat64.dll => C:\ProgramData\FlashBeat\FlashBeat64.dll File not found
AppInit_DLLs-x32: C:\ProgramData\FlashBeat\FlashBeat32.dll => "C:\ProgramData\FlashBeat\FlashBeat32.dll" File not found
AppInit_DLLs-x32:  C:\PROGRA~3\{0420E~1\1172~1.1\nore.dll => "C:\PROGRA~3\{0420E~1\1172~1.1\nore.dll" File not found
Startup: C:\Users\Pradeepa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Ok_Bangaram_(2015)_-_320_-_[www.SouthMp3.CO].zip.lnk [2015-04-09]
ShortcutTarget: Ok_Bangaram_(2015)_-_320_-_[www.SouthMp3.CO].zip.lnk -> C:\ProgramData\{361ea319-36f5-66df-361e-ea31936f8c64}\Ok_Bangaram_(2015)_-_320_-_[www.SouthMp3.CO].zip.exe (No File)
ShellIconOverlayIdentifiers: [SugarSyncBackedUp] -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll No File
ShellIconOverlayIdentifiers: [SugarSyncPending] -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll No File
ShellIconOverlayIdentifiers: [SugarSyncRoot] -> {A759AFF6-5851-457D-A540-F4ECED148351} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll No File
ShellIconOverlayIdentifiers: [SugarSyncShared] -> {1574C9EF-7D58-488F-B358-8B78C1538F51} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll No File
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-3688121889-113363352-3167696593-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
ProxyEnable: [S-1-5-19] => Internet Explorer proxy is enabled
ProxyEnable: [S-1-5-20] => Internet Explorer proxy is enabled
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
HKU\S-1-5-21-3688121889-113363352-3167696593-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3688121889-113363352-3167696593-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo13.msn.com
HKU\S-1-5-21-3688121889-113363352-3167696593-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://home.lenovo.com
HKU\S-1-5-21-3688121889-113363352-3167696593-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://home.lenovo.com
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3688121889-113363352-3167696593-1001 -> {8304A897-E2BF-433C-A8B4-A3FEAC03F4BF} URL =
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-05-23] (Oracle Corporation)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-05-23] (Oracle Corporation)
DPF: HKLM-x32 {4FF78044-96B4-4312-A5B7-FDA3CB328095}
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll [2014-04-25] (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll [2014-04-25] (McAfee, Inc.)
Tcpip\Parameters: [DhcpNameServer] 167.206.245.135 167.206.245.136 192.168.1.1
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF ProfilePath: C:\Users\Pradeepa\AppData\Roaming\Mozilla\Firefox\Profiles\pgx74g70.default
FF DefaultSearchEngine: Cassiopesa
FF DefaultSearchEngine.US: Cassiopesa
FF SelectedSearchEngine: Cassiopesa
FF Homepage: hxxp://www.google.com/
FF NetworkProxy: "type", 0
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2014-04-25] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2013-12-10] (VideoLAN)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2014-02-27] (Adobe Systems)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2014-03-11] (Google, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-11-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-11-06] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-05-23] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-05-23] (Oracle Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2014-04-25] ()
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Pro 8\npnitromozilla.dll [2012-12-14] (Nitro PDF)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll [2015-04-25] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll [2015-04-25] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2014-02-27] (Adobe Systems)
FF Plugin HKU\S-1-5-21-3688121889-113363352-3167696593-1001: @talk.google.com/GoogleTalkPlugin -> C:\Users\Pradeepa\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2014-06-06] (Google)
FF Plugin HKU\S-1-5-21-3688121889-113363352-3167696593-1001: @talk.google.com/O1DPlugin -> C:\Users\Pradeepa\AppData\Roaming\Mozilla\plugins\npo1d.dll [2014-06-06] (Google)
FF Plugin HKU\S-1-5-21-3688121889-113363352-3167696593-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Pradeepa\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File
FF Plugin HKU\S-1-5-21-3688121889-113363352-3167696593-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Pradeepa\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File
FF Plugin ProgramFiles/Appdata: C:\Users\Pradeepa\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2014-06-06] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Pradeepa\AppData\Roaming\mozilla\plugins\npMeetingJoinPluginAOCUser.dll [2014-05-01] ()
FF Plugin ProgramFiles/Appdata: C:\Users\Pradeepa\AppData\Roaming\mozilla\plugins\npo1d.dll [2014-06-06] (Google)
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2013-08-16]
FF Extension: No Name - C:\Users\Pradeepa\AppData\Roaming\Mozilla\Firefox\Profiles\pgx74g70.default\extensions\d4db60df25f14dae9dd18@185c395f9e794c9ab86be3eb.com [not found]
StartMenuInternet: FIREFOX.EXE - firefox.exe

Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\Pradeepa\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Pradeepa\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-04-25]
CHR Extension: (Google Docs) - C:\Users\Pradeepa\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-04-25]
CHR Extension: (Google Drive) - C:\Users\Pradeepa\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-04-25]
CHR Extension: (YouTube) - C:\Users\Pradeepa\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-04-25]
CHR Extension: (Adblock Plus) - C:\Users\Pradeepa\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-04-25]
CHR Extension: (Google Search) - C:\Users\Pradeepa\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-04-25]
CHR Extension: (Google Sheets) - C:\Users\Pradeepa\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-04-25]
CHR Extension: (Bookmark Manager) - C:\Users\Pradeepa\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-04-26]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Pradeepa\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-04-26]
CHR Extension: (Skype Click to Call) - C:\Users\Pradeepa\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2015-04-25]
CHR Extension: (Google Wallet) - C:\Users\Pradeepa\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-04-25]
CHR Extension: (Gmail) - C:\Users\Pradeepa\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-25]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2015-05-01]
StartMenuInternet: Google Chrome - chrome.exe

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.)
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-28] (Microsoft Corporation)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1394816 2015-05-01] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1772672 2015-05-01] (Microsoft Corporation)
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15344 2013-01-31] (Intel Corporation)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [319376 2014-10-01] (Intel Corporation)
R2 Intel® Wireless Bluetooth® 4.0 Radio Management; C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe [161736 2013-04-15] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165760 2012-11-06] (Intel Corporation)
S3 LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [1662424 2014-02-19] ()
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-04-14] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [178528 2014-04-25] (McAfee, Inc.)
S3 McAWFwk; C:\Program Files\mcafee\msc\McAWFwk.exe [332080 2012-01-26] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [602944 2013-08-02] (McAfee, Inc.)
S2 McOobeSv; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [200728 2012-05-11] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1025712 2014-01-20] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219752 2014-03-17] (McAfee, Inc.)
R2 mfevtp; C:\windows\system32\mfevtps.exe [185792 2014-03-17] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273136 2013-04-18] ()
R2 NitroDriverReadSpool8; C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe [230408 2012-12-14] (Nitro PDF Software)
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [390632 2012-04-24] ()
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-03] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-03] (Microsoft Corporation)
S2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3388144 2013-04-18] (Intel® Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1366328 2013-03-28] (Motorola Solutions, Inc.)
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [70592 2014-03-17] (McAfee, Inc.)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [136408 2015-06-02] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-04-14] (Malwarebytes Corporation)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [180272 2014-03-17] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [311600 2014-03-17] (McAfee, Inc.)
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [69344 2014-03-17] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [522360 2014-03-17] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [783864 2014-03-17] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\system32\DRIVERS\mfencbdc.sys [422712 2014-01-20] (McAfee, Inc.)
S3 mfencrk; C:\Windows\system32\DRIVERS\mfencrk.sys [96592 2014-01-20] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [345456 2014-03-17] (McAfee, Inc.)
R3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew00.sys [3344352 2013-07-08] (Intel Corporation)
R3 rtsuvc; C:\Windows\system32\DRIVERS\rtsuvc.sys [8243272 2013-04-10] (Realtek Semiconductor Corp.)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-03] (Microsoft Corporation)
S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-13] ("CyberLink)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-02 15:23 - 2015-06-02 15:23 - 00001043 _____ () C:\Users\Pradeepa\Desktop\123.txt
2015-06-02 15:23 - 2015-06-02 15:23 - 00000000 ____D () C:\Users\Pradeepa\AppData\Roaming\EncryptStick
2015-06-02 14:37 - 2015-06-02 14:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2015-06-02 14:36 - 2015-06-02 15:32 - 00136408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-06-02 14:36 - 2015-06-02 14:36 - 00001125 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-06-02 14:36 - 2015-06-02 14:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-06-02 14:36 - 2015-06-02 14:36 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-06-02 14:36 - 2015-06-02 14:36 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-06-02 14:36 - 2015-04-14 09:38 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-06-02 14:36 - 2015-04-14 09:37 - 00107736 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-06-02 14:36 - 2015-04-14 09:37 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-06-02 14:35 - 2015-06-02 13:58 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\Pradeepa\Desktop\mbam-setup-2.1.6.1022.exe
2015-06-02 14:22 - 2015-06-02 14:29 - 00000000 ____D () C:\AdwCleaner
2015-06-02 14:21 - 2015-06-02 13:58 - 02231296 _____ () C:\Users\Pradeepa\Desktop\AdwCleaner.exe
2015-06-02 13:48 - 2015-06-02 13:48 - 00064647 _____ () C:\Users\Pradeepa\Desktop\FRST.txt
2015-06-02 13:00 - 2015-06-02 13:00 - 00000000 ____D () C:\TDSSKiller_Quarantine
2015-06-02 08:33 - 2015-06-02 08:33 - 00001291 _____ () C:\Users\Pradeepa\Desktop\Revo Uninstaller.lnk
2015-06-02 08:33 - 2015-06-02 08:33 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2015-06-02 08:30 - 2015-06-02 08:24 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Pradeepa\Desktop\revosetup.exe
2015-06-02 08:29 - 2015-06-02 08:25 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\Pradeepa\Desktop\tdsskiller.exe
2015-06-01 19:30 - 2015-06-01 19:30 - 00000000 ____D () C:\Users\Pradeepa\AppData\Local\GWX
2015-06-01 17:37 - 2015-06-01 20:02 - 00000000 ____D () C:\Users\Pradeepa\Desktop\It's My Love Story (2011). telugu movie.DvdRip.XviD. ESubs.nanda36
2015-06-01 16:15 - 2014-02-17 22:22 - 656451053 _____ () C:\Users\Pradeepa\Desktop\Biriyani (2013) Lotus Telugu Tamil DVDRip 1CD By Team TQR.mkv
2015-06-01 15:31 - 2015-06-01 15:31 - 00290392 _____ () C:\WINDOWS\Minidump\060115-21203-01.dmp
2015-06-01 12:58 - 2015-06-01 12:58 - 00000000 ____D () C:\Users\Pradeepa\Desktop\Data
2015-06-01 11:42 - 2015-06-01 11:47 - 00000000 ____D () C:\Users\Pradeepa\Desktop\Rang De Basanti 2006 DVDRip{Dare~Devils }
2015-06-01 11:42 - 2015-06-01 11:42 - 00000000 ____D () C:\Users\Pradeepa\Desktop\7 Khoon Maaf - DVDScr - XviD - 1CDRip - [DDR]
2015-05-31 18:36 - 2015-05-31 18:36 - 00000000 ____D () C:\Program Files (x86)\ESET
2015-05-31 17:36 - 2015-06-02 15:35 - 00000000 ____D () C:\FRST
2015-05-30 23:11 - 2015-06-01 15:31 - 753279719 _____ () C:\WINDOWS\MEMORY.DMP
2015-05-30 23:11 - 2015-06-01 15:31 - 00000000 ____D () C:\WINDOWS\Minidump
2015-05-30 23:11 - 2015-05-30 23:11 - 00290448 _____ () C:\WINDOWS\Minidump\053015-29734-01.dmp
2015-05-29 00:41 - 2015-05-31 11:00 - 00000000 ____D () C:\WINDOWS\pss
2015-05-28 20:27 - 2015-05-28 20:31 - 00002231 _____ () C:\Users\Pradeepa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
2015-05-28 20:27 - 2015-05-28 20:27 - 00002127 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-05-28 18:31 - 2015-05-28 18:31 - 00003186 _____ () C:\WINDOWS\System32\Tasks\{6015F274-DF5B-41B4-BB18-85DC0DCEC752}
2015-05-28 14:49 - 2015-05-30 23:08 - 00000112 _____ () C:\ProgramData\H2NmLy.dat
2015-05-28 14:43 - 2015-05-28 17:43 - 00000004 _____ () C:\WINDOWS\SysWOW64\029B560A371F4E00AB32838EBC01B9E7
2015-05-28 14:38 - 2015-05-28 14:38 - 00000000 ____D () C:\ProgramData\28341ff220e0446c9fff27c4493d622e
2015-05-28 14:38 - 2015-05-28 14:38 - 00000000 ____D () C:\ProgramData\0f8be51fc7a84a16a49ae00b238d2a95
2015-05-28 14:31 - 2015-05-28 14:31 - 00000064 _____ () C:\Users\Pradeepa\AppData\Local\d611a977fc6d24361b8e49f489329352
2015-05-28 14:29 - 2015-05-28 14:31 - 00000000 ____D () C:\data_from_forms
2015-05-28 14:26 - 2013-08-22 09:25 - 00000824 _____ () C:\WINDOWS\system32\Drivers\etc\hp.bak
2015-05-28 14:25 - 2015-05-28 14:25 - 00000000 ____D () C:\Users\Pradeepa\AppData\Local\Downloaded Installations
2015-05-28 14:14 - 2015-05-28 14:17 - 149173944 _____ (ETS) C:\Users\Pradeepa\Downloads\TOEFL_Sampler_2014.exe
2015-05-19 10:54 - 2015-05-19 10:54 - 01213478 _____ () C:\Users\Pradeepa\Downloads\OS03691745_AppForm (7).zip
2015-05-19 10:54 - 2015-05-19 10:54 - 01213478 _____ () C:\Users\Pradeepa\Downloads\OS03691745_AppForm (6).zip
2015-05-19 10:54 - 2015-05-19 10:54 - 01213478 _____ () C:\Users\Pradeepa\Downloads\OS03691745_AppForm (5).zip
2015-05-19 10:53 - 2015-05-19 10:53 - 01213478 _____ () C:\Users\Pradeepa\Downloads\OS03691745_AppForm (4).zip
2015-05-19 10:53 - 2015-05-19 10:53 - 01213478 _____ () C:\Users\Pradeepa\Downloads\OS03691745_AppForm (3).zip
2015-05-15 23:40 - 2015-05-05 13:59 - 00792568 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-05-15 23:40 - 2015-05-05 13:59 - 00178168 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-05-13 17:30 - 2015-04-24 17:32 - 00036864 _____ (Microsoft Corporation) C:\WINDOWS\system32\UtcResources.dll
2015-05-13 17:30 - 2015-03-04 19:09 - 01429504 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2015-05-12 19:34 - 2015-04-30 16:35 - 00124112 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-12 19:34 - 2015-04-30 16:35 - 00102608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-05-12 18:30 - 2015-05-12 18:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-05-12 18:29 - 2015-05-12 18:29 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2015-05-12 18:29 - 2015-05-12 18:29 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2015-05-12 17:46 - 2015-04-09 20:34 - 02256896 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2015-05-12 17:46 - 2015-04-09 20:11 - 01943040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2015-05-12 17:46 - 2015-03-17 13:26 - 00467776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2015-05-12 17:46 - 2015-03-08 22:02 - 00057856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthhfenum.sys
2015-05-12 17:44 - 2015-04-30 19:05 - 00429568 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2015-05-12 17:44 - 2015-04-30 18:48 - 00358912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2015-05-12 17:44 - 2015-04-08 18:55 - 00410128 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe
2015-05-12 17:44 - 2015-04-01 18:22 - 02985984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2015-05-12 17:44 - 2015-04-01 18:20 - 04417536 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2015-05-12 17:44 - 2015-03-31 23:45 - 01491456 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbghelp.dll
2015-05-12 17:44 - 2015-03-31 22:31 - 01207296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbghelp.dll
2015-05-12 17:44 - 2015-03-30 01:47 - 00561928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2015-05-12 17:44 - 2015-03-26 23:27 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2015-05-12 17:44 - 2015-03-26 22:50 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2015-05-12 17:44 - 2015-03-26 22:48 - 01441792 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2015-05-12 17:44 - 2015-03-19 21:56 - 00080384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ahcache.sys
2015-05-12 17:44 - 2015-03-13 00:03 - 00239424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2015-05-12 17:44 - 2015-03-13 00:03 - 00154432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2015-05-12 17:44 - 2015-03-12 21:11 - 02162176 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2015-05-12 17:44 - 2015-03-12 20:39 - 01812992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRH.dll
2015-05-12 17:44 - 2015-03-12 20:29 - 00410017 _____ () C:\WINDOWS\system32\ApnDatabase.xml
2015-05-12 17:44 - 2015-03-10 21:49 - 00024576 _____ (Microsoft Corporation) C:\WINDOWS\system32\sdbinst.exe
2015-05-12 17:44 - 2015-03-10 21:09 - 00021504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sdbinst.exe
2015-05-12 17:44 - 2015-03-05 23:08 - 02067968 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpdshext.dll
2015-05-12 17:44 - 2015-03-05 22:47 - 01696256 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll
2015-05-12 17:44 - 2015-03-05 22:43 - 01969664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wpdshext.dll
2015-05-12 17:44 - 2015-03-03 21:32 - 00172544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Input.Inking.dll
2015-05-12 17:44 - 2015-03-03 21:12 - 00141824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Input.Inking.dll
2015-05-12 17:44 - 2015-02-17 19:19 - 00186368 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpapisrv.dll
2015-05-12 17:44 - 2015-01-29 20:53 - 02819584 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers.dll
2015-05-12 17:44 - 2014-11-14 02:58 - 00116736 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsDatabase.dll
2015-05-12 17:43 - 2015-04-13 18:48 - 04180480 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-05-12 17:43 - 2015-04-09 21:00 - 01996800 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2015-05-12 17:43 - 2015-04-09 20:50 - 01387008 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2015-05-12 17:43 - 2015-04-09 20:26 - 01560576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
2015-05-12 17:43 - 2015-04-02 20:35 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhotoMetadataHandler.dll
2015-05-12 17:43 - 2015-04-02 20:14 - 00364544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhotoMetadataHandler.dll
2015-05-12 17:43 - 2015-03-12 22:02 - 00316416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\udfs.sys
2015-05-12 17:42 - 2015-04-21 13:14 - 24971776 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-05-12 17:42 - 2015-04-21 12:50 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-05-12 17:42 - 2015-04-21 12:50 - 00417792 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec
2015-05-12 17:42 - 2015-04-21 12:49 - 02885120 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-05-12 17:42 - 2015-04-21 12:37 - 00633856 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll
2015-05-12 17:42 - 2015-04-21 12:35 - 00816640 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-05-12 17:42 - 2015-04-21 12:31 - 06025728 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-05-12 17:42 - 2015-04-21 12:24 - 19691008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-05-12 17:42 - 2015-04-21 12:13 - 00107520 _____ (Microsoft Corporation) C:\WINDOWS\system32\inseng.dll
2015-05-12 17:42 - 2015-04-21 12:11 - 00504320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-05-12 17:42 - 2015-04-21 12:09 - 00341504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\html.iec
2015-05-12 17:42 - 2015-04-21 12:08 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2015-05-12 17:42 - 2015-04-21 12:07 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2015-05-12 17:42 - 2015-04-21 12:05 - 00316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2015-05-12 17:42 - 2015-04-21 12:04 - 02278400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-05-12 17:42 - 2015-04-21 11:59 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-05-12 17:42 - 2015-04-21 11:58 - 00664576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-05-12 17:42 - 2015-04-21 11:52 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2015-05-12 17:42 - 2015-04-21 11:49 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-05-12 17:42 - 2015-04-21 11:49 - 00720384 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2015-05-12 17:42 - 2015-04-21 11:49 - 00374272 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2015-05-12 17:42 - 2015-04-21 11:46 - 02125824 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-05-12 17:42 - 2015-04-21 11:40 - 14401536 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-05-12 17:42 - 2015-04-21 11:38 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2015-05-12 17:42 - 2015-04-21 11:37 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2015-05-12 17:42 - 2015-04-21 11:36 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2015-05-12 17:42 - 2015-04-21 11:32 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-05-12 17:42 - 2015-04-21 11:31 - 04305920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-05-12 17:42 - 2015-04-21 11:28 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2015-05-12 17:42 - 2015-04-21 11:27 - 02352128 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-05-12 17:42 - 2015-04-21 11:26 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-05-12 17:42 - 2015-04-21 11:26 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2015-05-12 17:42 - 2015-04-21 11:25 - 02052608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2015-05-12 17:42 - 2015-04-21 11:17 - 12828672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-05-12 17:42 - 2015-04-21 11:15 - 01547264 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-05-12 17:42 - 2015-04-21 11:03 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-05-12 17:42 - 2015-04-21 11:02 - 01882112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-05-12 17:42 - 2015-04-21 10:58 - 01310208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-05-12 17:42 - 2015-04-21 10:56 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-05-06 22:09 - 2015-05-06 22:19 - 00060928 _____ () C:\Users\Pradeepa\Downloads\CEF_Ahmed.XLS

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-02 15:35 - 2014-04-20 01:08 - 00003596 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3688121889-113363352-3167696593-1001
2015-06-02 15:34 - 2014-12-03 14:24 - 01739442 _____ () C:\WINDOWS\WindowsUpdate.log
2015-06-02 15:32 - 2015-04-25 18:27 - 00000916 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-06-02 15:30 - 2015-04-25 18:27 - 00000912 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-06-02 15:30 - 2014-09-24 03:03 - 00574014 _____ () C:\WINDOWS\PFRO.log
2015-06-02 15:30 - 2013-08-22 10:46 - 00309385 _____ () C:\WINDOWS\setupact.log
2015-06-02 15:30 - 2013-08-22 10:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-06-02 15:25 - 2014-03-22 00:27 - 29255798 _____ () C:\Users\Public\CAFADEBUG.log
2015-06-02 15:13 - 2014-08-10 13:38 - 00000934 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3688121889-113363352-3167696593-1001UA.job
2015-06-02 15:02 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-06-02 14:40 - 2014-12-08 00:59 - 00003930 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{DD07D13C-5A28-496D-9E46-B5A2B164563C}
2015-06-02 14:35 - 2014-09-24 03:15 - 00865408 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-06-01 19:09 - 2014-04-25 14:26 - 00000000 ____D () C:\Users\Pradeepa\AppData\Roaming\vlc
2015-06-01 17:29 - 2015-01-02 17:21 - 02792448 ___SH () C:\Users\Pradeepa\Downloads\Thumbs.db
2015-06-01 15:32 - 2014-12-03 14:04 - 00000000 ____D () C:\Users\Pradeepa
2015-06-01 12:41 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-05-31 00:58 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\system32\NDF
2015-05-30 23:25 - 2013-08-22 09:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2015-05-30 23:19 - 2015-02-24 23:38 - 00000000 ___HD () C:\ProgramData\CanonIJScan
2015-05-30 23:19 - 2015-02-24 23:26 - 00000000 ____D () C:\Users\Pradeepa\AppData\Roaming\Canon
2015-05-30 23:18 - 2015-02-24 22:48 - 00000000 ____D () C:\Program Files (x86)\Canon
2015-05-30 23:14 - 2014-03-22 00:47 - 00000000 ___RD () C:\Program Files (x86)\Skype
2015-05-30 23:13 - 2014-08-10 13:38 - 00000882 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3688121889-113363352-3167696593-1001Core.job
2015-05-30 23:12 - 2013-08-22 09:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2015-05-28 22:50 - 2013-08-16 05:25 - 00000000 ____D () C:\ProgramData\Package Cache
2015-05-28 20:27 - 2015-04-25 18:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-05-28 18:27 - 2015-03-17 21:54 - 00000000 ____D () C:\Program Files (x86)\Apple Software Update
2015-05-28 14:30 - 2014-11-17 22:44 - 00001158 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-05-28 14:29 - 2014-03-21 22:54 - 00000000 ____D () C:\Users\Pradeepa\AppData\Roaming\Macromedia
2015-05-26 13:42 - 2014-03-22 00:47 - 00000000 ____D () C:\Users\Pradeepa\AppData\Roaming\Skype
2015-05-23 21:18 - 2015-04-25 18:34 - 00000000 ____D () C:\Program Files (x86)\Java
2015-05-23 21:16 - 2015-04-25 18:35 - 00097888 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2015-05-16 02:34 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\rescache
2015-05-16 01:38 - 2014-04-18 01:09 - 00002457 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-05-15 23:39 - 2013-08-22 11:37 - 00005217 _____ () C:\WINDOWS\DtcInstall.log
2015-05-15 23:37 - 2013-08-22 10:44 - 00510400 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2015-05-15 23:22 - 2015-04-04 06:02 - 00000000 ___SD () C:\WINDOWS\SysWOW64\GWX
2015-05-15 23:22 - 2015-04-04 06:02 - 00000000 ___SD () C:\WINDOWS\system32\GWX
2015-05-15 23:22 - 2013-08-22 11:36 - 00000000 ___RD () C:\WINDOWS\ImmersiveControlPanel
2015-05-15 23:21 - 2014-09-24 02:53 - 00000000 ____D () C:\Program Files\Windows Journal
2015-05-15 23:21 - 2013-08-22 11:36 - 00000000 ___RD () C:\WINDOWS\ToastData
2015-05-15 23:21 - 2013-08-22 11:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-05-15 23:21 - 2013-08-22 11:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-05-15 23:21 - 2013-08-22 11:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-05-15 23:21 - 2013-08-22 11:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-05-15 23:21 - 2013-08-22 11:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-05-15 23:21 - 2013-08-22 11:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-05-15 23:21 - 2013-08-22 11:36 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools
2015-05-15 23:21 - 2013-08-22 11:36 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2015-05-15 23:21 - 2013-08-22 11:36 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-05-15 23:21 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\MediaViewer
2015-05-15 23:21 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\FileManager
2015-05-15 23:21 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\Camera
2015-05-15 23:21 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\system32\AdvancedInstallers
2015-05-15 23:19 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\sppui
2015-05-15 23:19 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\setup
2015-05-15 23:19 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\migwiz
2015-05-15 23:19 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\Com
2015-05-15 23:19 - 2013-08-22 11:36 - 00000000 ____D () C:\Program Files\Windows Portable Devices
2015-05-15 23:19 - 2013-08-22 11:36 - 00000000 ____D () C:\Program Files\Windows Photo Viewer
2015-05-15 23:19 - 2013-08-22 11:36 - 00000000 ____D () C:\Program Files\Windows Multimedia Platform
2015-05-15 23:19 - 2013-08-22 11:36 - 00000000 ____D () C:\Program Files\Common Files\System
2015-05-15 23:19 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\oobe
2015-05-15 23:19 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\Dism
2015-05-15 23:19 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\servicing
2015-05-15 23:12 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\system32\WinBioPlugIns
2015-05-15 23:12 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\system32\sppui
2015-05-15 23:12 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\system32\setup
2015-05-15 23:12 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\system32\Com
2015-05-15 23:12 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\IME
2015-05-15 23:12 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\system32\Sysprep
2015-05-15 23:12 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\system32\oobe
2015-05-15 23:11 - 2013-08-22 11:36 - 00000000 ___SD () C:\WINDOWS\system32\dsc
2015-05-15 23:11 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\system32\SystemResetPlatform
2015-05-15 23:11 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\system32\migwiz
2015-05-15 23:11 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\system32\Dism
2015-05-15 23:04 - 2013-08-22 11:36 - 00000000 ____D () C:\Program Files (x86)\Windows Portable Devices
2015-05-15 23:04 - 2013-08-22 11:36 - 00000000 ____D () C:\Program Files (x86)\Windows Photo Viewer
2015-05-15 23:04 - 2013-08-22 11:36 - 00000000 ____D () C:\Program Files (x86)\Windows Multimedia Platform
2015-05-15 23:03 - 2013-08-22 11:36 - 00000000 ____D () C:\Program Files\WindowsPowerShell
2015-05-15 22:59 - 2012-07-26 03:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2015-05-12 20:34 - 2014-12-01 19:02 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-05-12 19:20 - 2014-04-18 12:08 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-05-12 19:07 - 2014-04-18 12:08 - 140425016 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-05-05 00:24 - 2014-03-22 00:47 - 00000000 ____D () C:\ProgramData\Skype

==================== Files in the root of some directories =======

2014-08-24 13:23 - 2014-11-09 00:28 - 0000117 _____ () C:\Users\Pradeepa\AppData\Roaming\WB.CFG
2015-05-28 14:31 - 2015-05-28 14:31 - 0000064 _____ () C:\Users\Pradeepa\AppData\Local\d611a977fc6d24361b8e49f489329352
2014-08-13 21:53 - 2014-08-13 21:53 - 0575544 _____ (ClickMeIn Limited) C:\Users\Pradeepa\AppData\Local\nss6409.tmp
2015-05-28 23:01 - 2015-05-28 23:01 - 0011790 _____ () C:\Users\Pradeepa\AppData\Local\Temp-log.txt
2013-08-16 05:22 - 2013-08-16 05:22 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2015-05-28 14:49 - 2015-05-30 23:08 - 0000112 _____ () C:\ProgramData\H2NmLy.dat

Files to move or delete:
====================
C:\ProgramData\H2NmLy.dat


Some files in TEMP:
====================
C:\Users\Pradeepa\AppData\Local\Temp\C22E.exe
C:\Users\Pradeepa\AppData\Local\Temp\i4jdel0.exe
C:\Users\Pradeepa\AppData\Local\Temp\MSETUP4.EXE
C:\Users\Pradeepa\AppData\Local\Temp\nitro_pro8_x64.exe
C:\Users\Pradeepa\AppData\Local\Temp\oct2D25.tmp.exe
C:\Users\Pradeepa\AppData\Local\Temp\oct3B5A.tmp.exe
C:\Users\Pradeepa\AppData\Local\Temp\oct4437.tmp.exe
C:\Users\Pradeepa\AppData\Local\Temp\oct4E9.tmp.exe
C:\Users\Pradeepa\AppData\Local\Temp\oct6CAC.tmp.exe
C:\Users\Pradeepa\AppData\Local\Temp\octB884.tmp.exe
C:\Users\Pradeepa\AppData\Local\Temp\octC147.tmp.exe
C:\Users\Pradeepa\AppData\Local\Temp\octE48D.tmp.exe
C:\Users\Pradeepa\AppData\Local\Temp\octEDEC.tmp.exe
C:\Users\Pradeepa\AppData\Local\Temp\Quarantine.exe
C:\Users\Pradeepa\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Pradeepa\AppData\Local\Temp\SpOrder.dll
C:\Users\Pradeepa\AppData\Local\Temp\sqlite3.dll
C:\Users\Pradeepa\AppData\Local\Temp\vlc-2.1.5-win64.exe
C:\Users\Pradeepa\AppData\Local\Temp\{5582C7D4-7466-4442-A39F-199E94218092}-GoogleUpdateSetup.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-06-01 15:29

==================== End of log ============================

 

Additonal log file:

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 29-05-2015
Ran by Pradeepa at 2015-06-02 15:37:22
Running from C:\FRST
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3688121889-113363352-3167696593-500 - Administrator - Disabled)
Guest (S-1-5-21-3688121889-113363352-3167696593-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3688121889-113363352-3167696593-1003 - Limited - Enabled)
Pradeepa (S-1-5-21-3688121889-113363352-3167696593-1001 - Administrator - Enabled) => C:\Users\Pradeepa

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: McAfee Anti-Virus and Anti-Spyware (Disabled - Up to date) {ADA629C7-7F48-5689-624A-3B76997E0892}
AS: McAfee Anti-Virus and Anti-Spyware (Disabled - Out of date) {16C7C823-5972-5907-58FA-0004E2F9422F}
FW: McAfee Firewall (Disabled) {959DA8E2-3527-57D1-4915-924367AD4FE9}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Reader XI (11.0.11) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.11 - Adobe Systems Incorporated)
Apple Application Support (32-bit) (HKLM-x32\...\{447CDCE5-F555-429B-BFA6-642C3C6D684F}) (Version: 3.1.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{0DF7096B-715A-4233-8633-C7A16ED6D616}) (Version: 3.1.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{C4123106-B685-48E6-B9BD-E4F911841EB4}) (Version: 8.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.64.52.0 - Conexant)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.0.2810 - CyberLink Corp.)
CyberLink PowerDirector 10 (Version: 10.0.0.2810 - CyberLink Corp.) Hidden
Dolby Advanced Audio v2 (HKLM-x32\...\{B9E70C7A-9F85-4A39-A4A3-BFA3C3BF7613}) (Version: 7.2.8000.17 - Dolby Laboratories Inc)
EditiX-Free XML Editor free-2008-sp2 (HKLM-x32\...\EditiX-Free XML Editor free-2008-sp2) (Version:  - JAPISoft)
Energy Management (HKLM-x32\...\InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}) (Version: 8.0.2.11 - Lenovo)
Energy Management (x32 Version: 8.0.2.11 - Lenovo) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 42.0.2311.90 - Google Inc.)
Google Talk Plugin (HKLM-x32\...\{C1E3DFE7-4EAD-3E9E-A826-E06055BA5921}) (Version: 5.4.2.18903 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Intel AppUp(SM) center (HKLM-x32\...\Intel AppUp(SM) center 33057) (Version: 3.6.1.33057.10 - Intel)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1281 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3958 - Intel Corporation)
Intel® PROSet/Wireless Software for Bluetooth® Technology (HKLM\...\{302600C1-6BDF-4FD1-1305-148929CC1385}) (Version: 3.0.1305.0340 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.0.0.1083 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{e6d17d96-ddaa-476f-bb07-db601024ffb1}) (Version: 15.8.0 - Intel Corporation)
iTunes (HKLM\...\{D227565A-0033-40AD-89BA-653A205CDC11}) (Version: 12.1.1.4 - Apple Inc.)
Java 8 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)
Lenovo EasyCamera (HKLM-x32\...\{E0A7ED39-8CD6-4351-93C3-69CCA00D12B4}) (Version: 6.2.9200.10227 - Realtek Semiconductor Corp.)
Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.0.0.1219 - CyberLink Corp.)
Lenovo OneKey Recovery (Version: 8.0.0.1219 - CyberLink Corp.) Hidden
Lenovo pointing device (HKLM\...\Elantech) (Version: 11.4.14.1 - ELAN Microelectronic Corp.)
Lenovo PowerDVD10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.4331.52 - CyberLink Corp.)
Lenovo PowerDVD10 (x32 Version: 10.0.4331.52 - CyberLink Corp.) Hidden
Lenovo Solution Center (HKLM\...\{C51863E5-EB09-43A5-9D43-26A32587EEAC}) (Version: 2.4.002.00 - Lenovo Group Limited)
Lenovo YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 4.1.3423 - CyberLink Corp.)
Lenovo YouCam (x32 Version: 4.1.3423 - CyberLink Corp.) Hidden
Malwarebytes Anti-Malware version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
McAfee Internet Security (HKLM-x32\...\MSC) (Version: 12.8.957 - McAfee, Inc.)
Microsoft Lync 2010 Attendee (HKLM-x32\...\{6F72D695-5188-4484-B21E-E16CD89C4008}) (Version: 4.0.7577.4446 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Visio Professional 2003 (HKLM-x32\...\{90510409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 38.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 38.0 (x86 en-US)) (Version: 38.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 34.0 - Mozilla)
Nitro Pro 8 (HKLM\...\{34BE77EE-B563-49D7-A8A0-FFD76D29BBD3}) (Version: 8.0.10.7 - Nitro)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Power2Go (HKLM-x32\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 5.6.0.9109 - CyberLink Corp.)
PowerISO (HKLM-x32\...\PowerISO) (Version: 5.7 - Power Software Ltd)
Qualcomm Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.15 - Qualcomm Atheros Communications Inc.)
Realtek USB Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.2.9200.39036 - Realtek Semiconductor Corp.)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.4.0.9058 - Microsoft Corporation)
Skype™ 7.4 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.4.102 - Skype Technologies S.A.)
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.32494 - TeamViewer)
UserGuide (HKLM-x32\...\InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 1.0.0.15 - Lenovo)
UserGuide (x32 Version: 1.0.0.15 - Lenovo) Hidden
VLC media player 2.1.2 (HKLM\...\VLC media player) (Version: 2.1.2 - VideoLAN)
Windows Driver Package - Lenovo (ACPIVPC) System  (06/15/2012 8.1.0.1) (HKLM\...\71BC3FD63F450BA0A957AAECBDB4A000C4F2BE42) (Version: 06/15/2012 8.1.0.1 - Lenovo)
Windows Driver Package - Lenovo (WUDFRd) LenovoVhid  (06/19/2012 10.13.29.733) (HKLM\...\8A223E56FB1ED4F697B54E5BF96F1EB63B512684) (Version: 06/19/2012 10.13.29.733 - Lenovo)
WinRAR 5.21 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3688121889-113363352-3167696593-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)
CustomCLSID: HKU\S-1-5-21-3688121889-113363352-3167696593-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Pradeepa\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-3688121889-113363352-3167696593-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Pradeepa\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File

==================== Restore Points =========================

15-05-2015 22:57:10 Windows Update
24-05-2015 08:33:42 Scheduled Checkpoint
28-05-2015 14:25:53 Installed TOEFL Sampler.
31-05-2015 01:05:23 Restore Operation
02-06-2015 08:34:48 Revo Uninstaller's restore point - WPM18.8.0.212

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 09:25 - 2013-08-22 09:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {03EDDA8E-E32D-4C30-92AE-BCCD7D5BB4A0} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3688121889-113363352-3167696593-1001Core => C:\Users\Pradeepa\AppData\Local\Google\Update\GoogleUpdate.exe
Task: {07C6E9B4-24F2-4321-8A7A-DF39931A65ED} - System32\Tasks\PCSB_Pradeepa_PCSpeedBoost_RS_WeeklyTask => C:\Program Files (x86)\PC SpeedBoost\PCSpeedBoost.exe
Task: {0C896AE7-3213-4261-A8A0-27908A3FCBA4} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program => C:\Program Files\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2014-02-19] (Lenovo)
Task: {0D8AA707-E11E-405A-BA3F-628BA05D71AE} - \ProPCCleaner_Start No Task File <==== ATTENTION
Task: {1A684D52-F88C-49EB-B946-6AE0A01C2A59} - System32\Tasks\Lenovo\LSC\LSCTaskService => C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCTaskService.exe [2014-02-19] ()
Task: {1E403FC5-531D-4C35-A7DE-40BE5B46AC0A} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\Logon => C:\Windows\system32\GWX\GWX.exe [2015-05-06] (Microsoft Corporation)
Task: {2A587C89-D90B-4098-89D8-057D79E5518D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-04-25] (Google Inc.)
Task: {36CB9F6E-F5F3-4DCE-A76D-7F7DF78FF5E1} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {3E119BC4-ECE3-4360-A829-35DB73389304} - \ProPCCleaner_Popup No Task File <==== ATTENTION
Task: {4AA51CC2-F99E-4737-8E50-2555F957FD3B} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-05-12] (Microsoft Corporation)
Task: {5069CBA7-BA23-45F5-834C-A4069CBBFC08} - System32\Tasks\Lenovo\Lenovo Solution Center Launcher => C:\Program Files\lenovo\lenovo solution center\App\LSCService.exe [2014-02-19] (Lenovo)
Task: {7F4774C4-B0AC-4826-80C7-86150ECEF3C6} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle => C:\Windows\system32\GWX\GWX.exe [2015-05-06] (Microsoft Corporation)
Task: {84AD8E10-7878-4987-AEEB-53A67A332684} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-05-06] (Microsoft Corporation)
Task: {8D9B8E3E-D892-44E9-B835-FCBAC6BC0A53} - System32\Tasks\Dolby Selector => C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe [2012-08-31] (Dolby Laboratories Inc.)
Task: {9E91AF71-B9E2-43CA-A45A-8E3EC5779C16} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-05-06] (Microsoft Corporation)
Task: {A380FA02-F152-4B7A-9667-80692A996A6E} - System32\Tasks\PCSB_Pradeepa_PCSpeedBoost_LogonTask => C:\Program Files (x86)\PC SpeedBoost\PCSpeedBoost.exe
Task: {A9146D45-6546-4A3C-A37A-4C515E3E1D77} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3688121889-113363352-3167696593-1001UA => C:\Users\Pradeepa\AppData\Local\Google\Update\GoogleUpdate.exe
Task: {AD305BC8-1B89-48BF-ABB2-DF389AC995BD} - System32\Tasks\{6015F274-DF5B-41B4-BB18-85DC0DCEC752} => pcalua.exe -a C:\Users\Pradeepa\AppData\Local\SmartWeb\__u.exe -c _?=C:\Users\Pradeepa\AppData\Local\SmartWeb
Task: {B35DAA05-6AA5-4297-B008-FAB18F31DB31} - System32\Tasks\PCSB_Pradeepa_PCSpeedBoost_RS_DailyTask => C:\Program Files (x86)\PC SpeedBoost\PCSpeedBoost.exe
Task: {D37D4A63-F121-41D8-A8C4-CA4504374374} - System32\Tasks\Lenovo\LSC\LSCHardwareScan => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2014-02-19] ()
Task: {DA5D0AE0-0C71-4BDB-9749-90784B1469E8} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => schtasks
Task: {EB6682D6-7C33-4EA3-9711-E4ECD9287540} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-04-25] (Google Inc.)
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3688121889-113363352-3167696593-1001Core.job => C:\Users\Pradeepa\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3688121889-113363352-3167696593-1001UA.job => C:\Users\Pradeepa\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (Whitelisted) ==============

2013-09-05 01:17 - 2013-09-05 01:17 - 04300456 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 16:23 - 2010-10-20 16:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2015-02-13 04:20 - 2015-02-13 04:20 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-02-13 04:20 - 2015-02-13 04:20 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2013-08-16 05:42 - 2012-04-24 06:43 - 00390632 _____ () C:\Program Files\CyberLink\Shared files\RichVideo64.exe
2013-09-05 01:14 - 2013-09-05 01:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 16:45 - 2010-10-20 16:45 - 08801120 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2013-08-16 05:18 - 2012-11-06 01:31 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Windows:nlsPreferences
AlternateDataStreams: C:\WINDOWS\system32\Drivers\btmhsf.sys:Microsoft_Appcompat_ReinstallUpgrade

==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\97645918.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Givceb119.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Malguwl119.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\97645918.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Givceb119.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Malguwl119.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3688121889-113363352-3167696593-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Pradeepa\Desktop\My Photos\USA_2015\Sea Girt Beach_1005\IMG_0724.JPG
DNS Servers: 167.206.245.135 - 167.206.245.136

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\Run: => "BTMTrayAgent"
HKLM\...\StartupApproved\Run: => "HotKeysCmds"
HKLM\...\StartupApproved\Run32: => "AnyProtect Scanner"
HKLM\...\StartupApproved\Run32: => "PC HealthFix"
HKLM\...\StartupApproved\Run32: => "BlockAndSurf"
HKU\S-1-5-21-3688121889-113363352-3167696593-1001\...\StartupApproved\StartupFolder: => "Ok_Bangaram_(2015)_-_320_-_[www.SouthMp3.CO].zip.lnk"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{15D53714-7A89-4798-AA55-DF931DDDBD41}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
FirewallRules: [{55E6D168-923B-4D65-986A-E932060471A1}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
FirewallRules: [{38BFF3A2-14AC-4F54-AEB6-EF7AB0537901}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
FirewallRules: [{18E57BE9-953E-41F9-9749-D1B9BD9DD532}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
FirewallRules: [{FB33F8AB-4D13-4518-905C-000039F9E0C4}] => (Allow) C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe
FirewallRules: [{AB612F04-0F86-455E-B463-7C3548ED96F6}] => (Allow) C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe
FirewallRules: [{D58D3DAD-7507-49C9-AE57-1B7B0530E484}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{3D31DB7C-9014-4A44-B2FF-365CCD7DC970}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
FirewallRules: [{8EAE4F36-C1EA-4887-A585-B7C708C50010}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
FirewallRules: [{94BA6CE9-02ED-4AB6-A5CB-F9ED1D838884}] => (Allow) C:\Program Files (x86)\Lenovo\PowerDVD10\PowerDVD10.EXE
FirewallRules: [{2018520F-0503-44FD-9DCD-2735625B7EDA}] => (Allow) C:\Program Files (x86)\Lenovo\PowerDVD10\PowerDVD Cinema\PowerDVDCinema10.exe
FirewallRules: [{99C70D39-A5BE-4D78-B474-8778EC2E74E1}] => (Allow) C:\Program Files\CyberLink\PowerDirector10\PDR10.EXE
FirewallRules: [{96AB2F4C-B2F9-4B13-BE60-48F90E621EB5}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{768E7E40-0839-40BB-947A-9CC7D28A8C16}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{B01A85F1-BE27-4A73-9687-8124844C36ED}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{BD30CF13-4987-4B3A-B30A-9B54C8BD07A0}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{34F19DB5-9526-4711-8311-93BCA3ABD1A8}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{87DF2906-7614-4985-9372-14B0367CB2C3}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{2AB08BB5-171C-4889-BC12-075E5538EF1D}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{108EDEEB-A71E-4590-9C1D-99438DEBA3D1}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{ECB6CBA2-A5D9-400F-8418-D82FCEA3B1BE}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{3E175CC0-86EF-46FC-8537-CFF578AA04CA}] => (Allow) C:\ProgramData\boostwebapp\1.1.0.31\ikuamys.EXE
FirewallRules: [{AF1D8777-20E7-4BBF-9FCE-3066B608F82F}] => (Allow) C:\ProgramData\boostwebapp\1.1.0.31\ikuamys.EXE
FirewallRules: [{53AAD0C0-E94E-4EE5-810B-E98F3510F770}] => (Allow) C:\ProgramData\boostwebapp\1.1.0.31\ikuamys.EXE
FirewallRules: [{2D98279B-D429-4515-85F5-F8A1721D1FA8}] => (Allow) C:\ProgramData\boostwebapp\1.1.0.31\ikuamys.EXE
FirewallRules: [{72BA4AF2-101A-49CF-AE99-100305039436}] => (Allow) C:\ProgramData\boostwebapp\1.1.0.31\ikuamys.EXE
FirewallRules: [{D49A1E62-A31C-4818-9FD1-629B6E610416}] => (Allow) C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\crossbrowse.exe

==================== Faulty Device Manager Devices =============

Name: Intel® Centrino® Wireless Bluetooth® 4.0 + High Speed Adapter
Description: Intel® Centrino® Wireless Bluetooth® 4.0 + High Speed Adapter
Class Guid: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}
Manufacturer: Intel Corporation
Service: BTHUSB
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Qualcomm Atheros AR8172/8176/8178 PCI-E Fast Ethernet Controller (NDIS 6.30)
Description: Qualcomm Atheros AR8172/8176/8178 PCI-E Fast Ethernet Controller (NDIS 6.30)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Qualcomm Atheros
Service: L1C
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (06/02/2015 03:31:04 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: ZeroConfigService.exe, version: 15.8.0.0, time stamp: 0x51709701
Faulting module name: MurocApi.dll, version: 15.8.0.0, time stamp: 0x5170961c
Exception code: 0xc0000005
Fault offset: 0x0000000000026990
Faulting process id: 0xbe4
Faulting application start time: 0xZeroConfigService.exe0
Faulting application path: ZeroConfigService.exe1
Faulting module path: ZeroConfigService.exe2
Report Id: ZeroConfigService.exe3
Faulting package full name: ZeroConfigService.exe4
Faulting package-relative application ID: ZeroConfigService.exe5

Error: (06/02/2015 03:29:23 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe_iphlpsvc, version: 6.3.9600.17415, time stamp: 0x54504177
Faulting module name: ntdll.dll, version: 6.3.9600.17736, time stamp: 0x550f4336
Exception code: 0xc0000005
Fault offset: 0x000000000003d85e
Faulting process id: 0x2bc
Faulting application start time: 0xsvchost.exe_iphlpsvc0
Faulting application path: svchost.exe_iphlpsvc1
Faulting module path: svchost.exe_iphlpsvc2
Report Id: svchost.exe_iphlpsvc3
Faulting package full name: svchost.exe_iphlpsvc4
Faulting package-relative application ID: svchost.exe_iphlpsvc5

Error: (06/02/2015 03:26:52 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: ZeroConfigService.exe, version: 15.8.0.0, time stamp: 0x51709701
Faulting module name: MurocApi.dll, version: 15.8.0.0, time stamp: 0x5170961c
Exception code: 0xc0000005
Fault offset: 0x0000000000026990
Faulting process id: 0xb78
Faulting application start time: 0xZeroConfigService.exe0
Faulting application path: ZeroConfigService.exe1
Faulting module path: ZeroConfigService.exe2
Report Id: ZeroConfigService.exe3
Faulting package full name: ZeroConfigService.exe4
Faulting package-relative application ID: ZeroConfigService.exe5

Error: (06/02/2015 03:25:16 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe_iphlpsvc, version: 6.3.9600.17415, time stamp: 0x54504177
Faulting module name: ntdll.dll, version: 6.3.9600.17736, time stamp: 0x550f4336
Exception code: 0xc0000005
Fault offset: 0x000000000003d85e
Faulting process id: 0x2ac
Faulting application start time: 0xsvchost.exe_iphlpsvc0
Faulting application path: svchost.exe_iphlpsvc1
Faulting module path: svchost.exe_iphlpsvc2
Report Id: svchost.exe_iphlpsvc3
Faulting package full name: svchost.exe_iphlpsvc4
Faulting package-relative application ID: svchost.exe_iphlpsvc5

Error: (06/02/2015 03:24:44 PM) (Source: PlsvcV2) (EventID: 99) (User: )
Description: In the enable methodRetrieving the COM class factory for component with CLSID {6EEBC7FF-67DA-4B90-9251-C2C5696E4B48} failed due to the following error: 80040154 Class not registered (Exception from HRESULT: 0x80040154 (REGDB_E_CLASSNOTREG)).

Error: (06/02/2015 03:19:44 PM) (Source: PlsvcV2) (EventID: 99) (User: )
Description: In the enable methodRetrieving the COM class factory for component with CLSID {6EEBC7FF-67DA-4B90-9251-C2C5696E4B48} failed due to the following error: 80040154 Class not registered (Exception from HRESULT: 0x80040154 (REGDB_E_CLASSNOTREG)).

Error: (06/02/2015 03:14:43 PM) (Source: PlsvcV2) (EventID: 99) (User: )
Description: In the enable methodRetrieving the COM class factory for component with CLSID {6EEBC7FF-67DA-4B90-9251-C2C5696E4B48} failed due to the following error: 80040154 Class not registered (Exception from HRESULT: 0x80040154 (REGDB_E_CLASSNOTREG)).

Error: (06/02/2015 03:09:43 PM) (Source: PlsvcV2) (EventID: 99) (User: )
Description: In the enable methodRetrieving the COM class factory for component with CLSID {6EEBC7FF-67DA-4B90-9251-C2C5696E4B48} failed due to the following error: 80040154 Class not registered (Exception from HRESULT: 0x80040154 (REGDB_E_CLASSNOTREG)).

Error: (06/02/2015 03:04:44 PM) (Source: PlsvcV2) (EventID: 99) (User: )
Description: In the enable methodRetrieving the COM class factory for component with CLSID {6EEBC7FF-67DA-4B90-9251-C2C5696E4B48} failed due to the following error: 80040154 Class not registered (Exception from HRESULT: 0x80040154 (REGDB_E_CLASSNOTREG)).

Error: (06/02/2015 02:59:44 PM) (Source: PlsvcV2) (EventID: 99) (User: )
Description: In the enable methodRetrieving the COM class factory for component with CLSID {6EEBC7FF-67DA-4B90-9251-C2C5696E4B48} failed due to the following error: 80040154 Class not registered (Exception from HRESULT: 0x80040154 (REGDB_E_CLASSNOTREG)).


System errors:
=============
Error: (06/02/2015 03:32:30 PM) (Source: DCOM) (EventID: 10016) (User: Deepam)
Description: application-specificLocalLaunch{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}DeepamPradeepaS-1-5-21-3688121889-113363352-3167696593-1001LocalHost (Using LRPC)UnavailableUnavailable

Error: (06/02/2015 03:32:30 PM) (Source: DCOM) (EventID: 10016) (User: Deepam)
Description: application-specificLocalLaunch{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}DeepamPradeepaS-1-5-21-3688121889-113363352-3167696593-1001LocalHost (Using LRPC)UnavailableUnavailable

Error: (06/02/2015 03:32:29 PM) (Source: DCOM) (EventID: 10016) (User: Deepam)
Description: application-specificLocalLaunch{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}DeepamPradeepaS-1-5-21-3688121889-113363352-3167696593-1001LocalHost (Using LRPC)UnavailableUnavailable

Error: (06/02/2015 03:32:29 PM) (Source: DCOM) (EventID: 10016) (User: Deepam)
Description: application-specificLocalLaunch{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}DeepamPradeepaS-1-5-21-3688121889-113363352-3167696593-1001LocalHost (Using LRPC)UnavailableUnavailable

Error: (06/02/2015 03:32:28 PM) (Source: DCOM) (EventID: 10016) (User: Deepam)
Description: application-specificLocalLaunch{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}DeepamPradeepaS-1-5-21-3688121889-113363352-3167696593-1001LocalHost (Using LRPC)UnavailableUnavailable

Error: (06/02/2015 03:32:28 PM) (Source: DCOM) (EventID: 10016) (User: Deepam)
Description: application-specificLocalLaunch{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}DeepamPradeepaS-1-5-21-3688121889-113363352-3167696593-1001LocalHost (Using LRPC)UnavailableUnavailable

Error: (06/02/2015 03:32:28 PM) (Source: DCOM) (EventID: 10016) (User: Deepam)
Description: application-specificLocalLaunch{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}DeepamPradeepaS-1-5-21-3688121889-113363352-3167696593-1001LocalHost (Using LRPC)UnavailableUnavailable

Error: (06/02/2015 03:32:28 PM) (Source: DCOM) (EventID: 10016) (User: Deepam)
Description: application-specificLocalLaunch{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}DeepamPradeepaS-1-5-21-3688121889-113363352-3167696593-1001LocalHost (Using LRPC)UnavailableUnavailable

Error: (06/02/2015 03:32:28 PM) (Source: DCOM) (EventID: 10016) (User: Deepam)
Description: application-specificLocalLaunch{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}DeepamPradeepaS-1-5-21-3688121889-113363352-3167696593-1001LocalHost (Using LRPC)UnavailableUnavailable

Error: (06/02/2015 03:32:24 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel® PROSet/Wireless Zero Configuration Service service terminated unexpectedly.  It has done this 1 time(s).


Microsoft Office:
=========================
Error: (06/02/2015 03:31:04 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: ZeroConfigService.exe15.8.0.051709701MurocApi.dll15.8.0.05170961cc00000050000000000026990be401d09d6a94a5bd8cC:\Program Files\Intel\WiFi\bin\ZeroConfigService.exeC:\Program Files\Intel\WiFi\bin\MurocApi.dlle7d7d1d7-095d-11e5-bf5b-801754678a1e

Error: (06/02/2015 03:29:23 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: svchost.exe_iphlpsvc6.3.9600.1741554504177ntdll.dll6.3.9600.17736550f4336c0000005000000000003d85e2bc01d09d69f75b0162C:\WINDOWS\system32\svchost.exeC:\WINDOWS\SYSTEM32\ntdll.dllac2d6a0d-095d-11e5-bf5a-e0342ac1f5c2

Error: (06/02/2015 03:26:52 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: ZeroConfigService.exe15.8.0.051709701MurocApi.dll15.8.0.05170961cc00000050000000000026990b7801d09d6a00e40583C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exeC:\Program Files\Intel\WiFi\bin\MurocApi.dll521dc785-095d-11e5-bf5a-f83a26f3b6be

Error: (06/02/2015 03:25:16 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: svchost.exe_iphlpsvc6.3.9600.1741554504177ntdll.dll6.3.9600.17736550f4336c0000005000000000003d85e2ac01d09d623f03fd94C:\WINDOWS\system32\svchost.exeC:\WINDOWS\SYSTEM32\ntdll.dll18ecd17f-095d-11e5-bf59-b43e5e47511c

Error: (06/02/2015 03:24:44 PM) (Source: PlsvcV2) (EventID: 99) (User: )
Description: In the enable methodRetrieving the COM class factory for component with CLSID {6EEBC7FF-67DA-4B90-9251-C2C5696E4B48} failed due to the following error: 80040154 Class not registered (Exception from HRESULT: 0x80040154 (REGDB_E_CLASSNOTREG)).

Error: (06/02/2015 03:19:44 PM) (Source: PlsvcV2) (EventID: 99) (User: )
Description: In the enable methodRetrieving the COM class factory for component with CLSID {6EEBC7FF-67DA-4B90-9251-C2C5696E4B48} failed due to the following error: 80040154 Class not registered (Exception from HRESULT: 0x80040154 (REGDB_E_CLASSNOTREG)).

Error: (06/02/2015 03:14:43 PM) (Source: PlsvcV2) (EventID: 99) (User: )
Description: In the enable methodRetrieving the COM class factory for component with CLSID {6EEBC7FF-67DA-4B90-9251-C2C5696E4B48} failed due to the following error: 80040154 Class not registered (Exception from HRESULT: 0x80040154 (REGDB_E_CLASSNOTREG)).

Error: (06/02/2015 03:09:43 PM) (Source: PlsvcV2) (EventID: 99) (User: )
Description: In the enable methodRetrieving the COM class factory for component with CLSID {6EEBC7FF-67DA-4B90-9251-C2C5696E4B48} failed due to the following error: 80040154 Class not registered (Exception from HRESULT: 0x80040154 (REGDB_E_CLASSNOTREG)).

Error: (06/02/2015 03:04:44 PM) (Source: PlsvcV2) (EventID: 99) (User: )
Description: In the enable methodRetrieving the COM class factory for component with CLSID {6EEBC7FF-67DA-4B90-9251-C2C5696E4B48} failed due to the following error: 80040154 Class not registered (Exception from HRESULT: 0x80040154 (REGDB_E_CLASSNOTREG)).

Error: (06/02/2015 02:59:44 PM) (Source: PlsvcV2) (EventID: 99) (User: )
Description: In the enable methodRetrieving the COM class factory for component with CLSID {6EEBC7FF-67DA-4B90-9251-C2C5696E4B48} failed due to the following error: 80040154 Class not registered (Exception from HRESULT: 0x80040154 (REGDB_E_CLASSNOTREG)).


CodeIntegrity Errors:
===================================
  Date: 2014-12-11 22:10:51.710
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Windows\System32\myradioplayer64.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-12-11 22:10:51.319
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Windows\System32\myradioplayer64.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-12-10 16:40:31.181
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info ===========================

Processor: Intel® Core™ i5-3230M CPU @ 2.60GHz
Percentage of memory in use: 23%
Total physical RAM: 8057.77 MB
Available physical RAM: 6168.33 MB
Total Pagefile: 26489.77 MB
Available Pagefile: 24569.38 MB
Total Virtual: 131072 MB
Available Virtual: 131071.83 MB

==================== Drives ================================

Drive c: (Windows8_OS) (Fixed) (Total:890.38 GB) (Free:799.15 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (LENOVO) (Fixed) (Total:25 GB) (Free:24.9 GB) NTFS
Drive f: () (Removable) (Total:28.94 GB) (Free:28.89 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 387BD561)

Partition: GPT Partition Type.

========================================================
Disk: 1 (Size: 29 GB) (Disk ID: 00000000)

Partition: GPT Partition Type.

==================== End of log ============================



#12 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:02:51 AM

Posted 03 June 2015 - 10:32 AM

Hi there,

Step 1

frst.pngfrstfix.png

Press the w8.png + R on your keyboard at the same time. Type notepad and click OK.
  • Copy the entire content of the codebox below and paste into the notepad document:
    CloseProcesses:
    HKLM-x32\...\Run: [PC HealthFix] => "C:\ProgramData\PC HealthFix\PCHealthFix.exe" /runscan
    C:\ProgramData\PC HealthFix\
    HKU\S-1-5-21-3688121889-113363352-3167696593-1001\...\RunOnce: [Application Restart #5] => C:\Users\Pradeepa\AppData\Local\Pokki\Engine\HostAppService.exe  /openmenu --disable-internal-flash --noerrdialogs --no-message-box --disable-extensions --disable-web-security --disable-web-resources  (the data entry has 565 more characters).
    AppInit_DLLs: C:\ProgramData\FlashBeat\FlashBeat64.dll => C:\ProgramData\FlashBeat\FlashBeat64.dll File not found
    AppInit_DLLs-x32: C:\ProgramData\FlashBeat\FlashBeat32.dll => "C:\ProgramData\FlashBeat\FlashBeat32.dll" File not found
    AppInit_DLLs-x32:  C:\PROGRA~3\{0420E~1\1172~1.1\nore.dll => "C:\PROGRA~3\{0420E~1\1172~1.1\nore.dll" File not found
    Startup: C:\Users\Pradeepa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Ok_Bangaram_(2015)_-_320_-_[www.SouthMp3.CO].zip.lnk [2015-04-09]
    ShellIconOverlayIdentifiers: [SugarSyncBackedUp] -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll No File
    ShellIconOverlayIdentifiers: [SugarSyncPending] -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll No File
    ShellIconOverlayIdentifiers: [SugarSyncRoot] -> {A759AFF6-5851-457D-A540-F4ECED148351} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll No File
    ShellIconOverlayIdentifiers: [SugarSyncShared] -> {1574C9EF-7D58-488F-B358-8B78C1538F51} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll No File
    GroupPolicy: Group Policy on Chrome detected 
    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction 
    HKU\S-1-5-21-3688121889-113363352-3167696593-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction 
    RemoveProxy:
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-21-3688121889-113363352-3167696593-1001 -> {8304A897-E2BF-433C-A8B4-A3FEAC03F4BF} URL =
    FF DefaultSearchEngine: Cassiopesa
    FF DefaultSearchEngine.US: Cassiopesa
    FF SelectedSearchEngine: Cassiopesa
    FF NetworkProxy: "type", 0
    C:\ProgramData\boostwebapp
    2015-05-28 14:49 - 2015-05-30 23:08 - 00000112 _____ () C:\ProgramData\H2NmLy.dat
    2015-05-28 14:43 - 2015-05-28 17:43 - 00000004 _____ () C:\WINDOWS\SysWOW64\029B560A371F4E00AB32838EBC01B9E7
    2015-05-28 14:38 - 2015-05-28 14:38 - 00000000 ____D () C:\ProgramData\28341ff220e0446c9fff27c4493d622e
    2015-05-28 14:38 - 2015-05-28 14:38 - 00000000 ____D () C:\ProgramData\0f8be51fc7a84a16a49ae00b238d2a95
    2015-05-28 14:31 - 2015-05-28 14:31 - 00000064 _____ () C:\Users\Pradeepa\AppData\Local\d611a977fc6d24361b8e49f489329352
    Task: {07C6E9B4-24F2-4321-8A7A-DF39931A65ED} - System32\Tasks\PCSB_Pradeepa_PCSpeedBoost_RS_WeeklyTask => C:\Program Files (x86)\PC SpeedBoost\PCSpeedBoost.exe
    Task: {0D8AA707-E11E-405A-BA3F-628BA05D71AE} - \ProPCCleaner_Start No Task File 
    Task: {A380FA02-F152-4B7A-9667-80692A996A6E} - System32\Tasks\PCSB_Pradeepa_PCSpeedBoost_LogonTask => C:\Program Files (x86)\PC SpeedBoost\PCSpeedBoost.exe
    Task: {AD305BC8-1B89-48BF-ABB2-DF389AC995BD} - System32\Tasks\{6015F274-DF5B-41B4-BB18-85DC0DCEC752} => pcalua.exe -a C:\Users\Pradeepa\AppData\Local\SmartWeb\__u.exe -c _?=C:\Users\Pradeepa\AppData\Local\SmartWeb
    Task: {B35DAA05-6AA5-4297-B008-FAB18F31DB31} - System32\Tasks\PCSB_Pradeepa_PCSpeedBoost_RS_DailyTask => C:\Program Files (x86)\PC SpeedBoost\PCSpeedBoost.exe
    C:\Program Files (x86)\PC SpeedBoost\
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Givceb119.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControSe
    t\Control\SafeBoot\Minimal\Malguwl119.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Givceb119.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Malguwl119.sys => ""="Driver"
    FirewallRules: [{3E175CC0-86EF-46FC-8537-CFF578AA04CA}] => (Allow) C:\ProgramData\boostwebapp\1.1.0.31\ikuamys.EXE
    FirewallRules: [{AF1D8777-20E7-4BBF-9FCE-3066B608F82F}] => (Allow) C:\ProgramData\boostwebapp\1.1.0.31\ikuamys.EXE
    FirewallRules: [{53AAD0C0-E94E-4EE5-810B-E98F3510F770}] => (Allow) C:\ProgramData\boostwebapp\1.1.0.31\ikuamys.EXE
    FirewallRules: [{2D98279B-D429-4515-85F5-F8A1721D1FA8}] => (Allow) C:\ProgramData\boostwebapp\1.1.0.31\ikuamys.EXE
    FirewallRules: [{72BA4AF2-101A-49CF-AE99-100305039436}] => (Allow) C:\ProgramData\boostwebapp\1.1.0.31\ikuamys.EXE
    FirewallRules: [{D49A1E62-A31C-4818-9FD1-629B6E610416}] => (Allow) C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\crossbrowse.exe
    CreateRestorePoint:
    EmptyTemp:
    
  • Click File, Save As and type fixlist.txt as the File Name.
Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!
  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Press the Fix button just once and wait.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finished FRST will generate a log on the Desktop, called Fixlog.txt.
Please post it to your reply.
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#13 hlingam

hlingam
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:08:51 PM

Posted 03 June 2015 - 11:44 AM

Fix result of Farbar Recovery Scan Tool (x64) Version: 29-05-2015
Ran by Pradeepa at 2015-06-03 12:21:50 Run:1
Running from C:\FRST
Loaded Profiles: Pradeepa &  (Available Profiles: Pradeepa)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CloseProcesses:
HKLM-x32\...\Run: [PC HealthFix] => "C:\ProgramData\PC HealthFix\PCHealthFix.exe" /runscan
C:\ProgramData\PC HealthFix\
HKU\S-1-5-21-3688121889-113363352-3167696593-1001\...\RunOnce: [Application Restart #5] => C:\Users\Pradeepa\AppData\Local\Pokki\Engine\HostAppService.exe  /openmenu --disable-internal-flash --noerrdialogs --no-message-box --disable-extensions --disable-web-security --disable-web-resources  (the data entry has 565 more characters).
AppInit_DLLs: C:\ProgramData\FlashBeat\FlashBeat64.dll => C:\ProgramData\FlashBeat\FlashBeat64.dll File not found
AppInit_DLLs-x32: C:\ProgramData\FlashBeat\FlashBeat32.dll => "C:\ProgramData\FlashBeat\FlashBeat32.dll" File not found
AppInit_DLLs-x32:  C:\PROGRA~3\{0420E~1\1172~1.1\nore.dll => "C:\PROGRA~3\{0420E~1\1172~1.1\nore.dll" File not found
Startup:
C:\Users\Pradeepa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Ok_Bangaram_(2015)_-_320_-_[www.SouthMp3.CO].zip.lnk [2015-04-09]
ShellIconOverlayIdentifiers: [SugarSyncBackedUp] -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll No File
ShellIconOverlayIdentifiers: [SugarSyncPending] -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll No File
ShellIconOverlayIdentifiers: [SugarSyncRoot] -> {A759AFF6-5851-457D-A540-F4ECED148351} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll No File
ShellIconOverlayIdentifiers: [SugarSyncShared] -> {1574C9EF-7D58-488F-B358-8B78C1538F51} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll No File
GroupPolicy: Group Policy on Chrome detected
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction

HKU\S-1-5-21-3688121889-113363352-3167696593-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction
RemoveProxy:
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3688121889-113363352-3167696593-1001 -> {8304A897-E2BF-433C-A8B4-A3FEAC03F4BF} URL =
FF DefaultSearchEngine: Cassiopesa
FF DefaultSearchEngine.US: Cassiopesa
FF SelectedSearchEngine: Cassiopesa
FF NetworkProxy: "type", 0
C:\ProgramData\boostwebapp
2015-05-28 14:49 - 2015-05-30 23:08 - 00000112 _____ () C:\ProgramData\H2NmLy.dat
2015-05-28 14:43 - 2015-05-28 17:43 - 00000004 _____ () C:\WINDOWS\SysWOW64\029B560A371F4E00AB32838EBC01B9E7
2015-05-28 14:38 - 2015-05-28 14:38 - 00000000 ____D () C:\ProgramData\28341ff220e0446c9fff27c4493d622e
2015-05-28
14:38 - 2015-05-28 14:38 - 00000000 ____D () C:\ProgramData\0f8be51fc7a84a16a49ae00b238d2a95
2015-05-28 14:31 - 2015-05-28 14:31 - 00000064 _____ () C:\Users\Pradeepa\AppData\Local\d611a977fc6d24361b8e49f489329352
Task: {07C6E9B4-24F2-4321-8A7A-DF39931A65ED} - System32\Tasks\PCSB_Pradeepa_PCSpeedBoost_RS_WeeklyTask => C:\Program Files (x86)\PC SpeedBoost\PCSpeedBoost.exe
Task: {0D8AA707-E11E-405A-BA3F-628BA05D71AE} - \ProPCCleaner_Start No Task File
Task: {A380FA02-F152-4B7A-9667-80692A996A6E} - System32\Tasks\PCSB_Pradeepa_PCSpeedBoost_LogonTask => C:\Program Files (x86)\PC SpeedBoost\PCSpeedBoost.exe
Task: {AD305BC8-1B89-48BF-ABB2-DF389AC995BD} - System32\Tasks\{6015F274-DF5B-41B4-BB18-85DC0DCEC752} => pcalua.exe -a C:\Users\Pradeepa\AppData\Local\SmartWeb\__u.exe -c _?=C:\Users\Pradeepa\AppData\Local\SmartWeb
Task: {B35DAA05-6AA5-4297-B008-FAB18F31DB31} - System32\Tasks\PCSB_Pradeepa_PCSpeedBoost_RS_DailyTask => C:\Program Files (x86)\PC
SpeedBoost\PCSpeedBoost.exe
C:\Program Files (x86)\PC SpeedBoost\
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Givceb119.sys => ""="Driver"
HKLM\SYSTEM\CurrentControSe
t\Control\SafeBoot\Minimal\Malguwl119.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Givceb119.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Malguwl119.sys => ""="Driver"
FirewallRules: [{3E175CC0-86EF-46FC-8537-CFF578AA04CA}] => (Allow) C:\ProgramData\boostwebapp\1.1.0.31\ikuamys.EXE
FirewallRules: [{AF1D8777-20E7-4BBF-9FCE-3066B608F82F}] => (Allow) C:\ProgramData\boostwebapp\1.1.0.31\ikuamys.EXE
FirewallRules: [{53AAD0C0-E94E-4EE5-810B-E98F3510F770}] => (Allow) C:\ProgramData\boostwebapp\1.1.0.31\ikuamys.EXE
FirewallRules: [{2D98279B-D429-4515-85F5-F8A1721D1FA8}] => (Allow) C:\ProgramData\boostwebapp\1.1.0.31\ikuamys.EXE
FirewallRules: [{72BA4AF2-101A-49CF-AE99-100305039436}] => (Allow)
C:\ProgramData\boostwebapp\1.1.0.31\ikuamys.EXE
FirewallRules: [{D49A1E62-A31C-4818-9FD1-629B6E610416}] => (Allow) C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\crossbrowse.exe
CreateRestorePoint:
EmptyTemp:
*****************

Processes closed successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\PC HealthFix => value Removed successfully
"C:\ProgramData\PC HealthFix" => File/Folder not found.
HKU\S-1-5-21-3688121889-113363352-3167696593-1001\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Application Restart #5 => value Removed successfully
"C:\ProgramData\FlashBeat\FlashBeat64.dll" => value data Removed successfully.
"C:\ProgramData\FlashBeat\FlashBeat32.dll" => value data Removed successfully.
" C:\PROGRA~3\{0420E~1\1172~1.1\nore.dll" => value data Removed successfully.
Startup: => Error: No automatic fix found for this entry.
"C:\Users\Pradeepa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Ok_Bangaram_(2015)_-_320_-_[www.SouthMp3.CO].zip.lnk [2015-04-09]" => File/Folder not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\SugarSyncBackedUp" => key Removed successfully
"HKCR\CLSID\{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}" => key Removed successfully
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\SugarSyncPending" => key Removed successfully
"HKCR\CLSID\{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}" => key Removed successfully
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\SugarSyncRoot" => key Removed successfully
"HKCR\CLSID\{A759AFF6-5851-457D-A540-F4ECED148351}" => key Removed successfully
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\SugarSyncShared" => key Removed successfully
"HKCR\CLSID\{1574C9EF-7D58-488F-B358-8B78C1538F51}" => key Removed successfully
C:\WINDOWS\system32\GroupPolicy\Machine => Moved successfully.
C:\WINDOWS\system32\GroupPolicy\GPT.ini => Moved successfully.
C:\WINDOWS\SysWOW64\GroupPolicy\GPT.ini => Moved successfully.
"HKLM\SOFTWARE\Policies\Google" => key Removed successfully
"HKU\S-1-5-21-3688121889-113363352-3167696593-1001\SOFTWARE\Policies\Microsoft\Internet Explorer" => key Removed successfully

========= RemoveProxy: =========

"HKU\S-1-5-21-3688121889-113363352-3167696593-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Policies\Microsoft\Internet Explorer" => key Removed successfully
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value Removed successfully
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value Removed successfully
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value Removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value Removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value Removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value Removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value Removed successfully
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value Removed successfully
HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value Removed successfully
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value Removed successfully
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value Removed successfully
HKU\S-1-5-21-3688121889-113363352-3167696593-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value Removed successfully
HKU\S-1-5-21-3688121889-113363352-3167696593-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value Removed successfully
HKU\S-1-5-21-3688121889-113363352-3167696593-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value Removed successfully
HKU\S-1-5-21-3688121889-113363352-3167696593-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value Removed successfully


========= End of RemoveProxy: =========

HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value Removed successfully
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value Removed successfully
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value Removed successfully
"HKU\S-1-5-21-3688121889-113363352-3167696593-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{8304A897-E2BF-433C-A8B4-A3FEAC03F4BF}" => key Removed successfully
HKCR\CLSID\{8304A897-E2BF-433C-A8B4-A3FEAC03F4BF} => key not found.
Firefox DefaultSearchEngine Removed successfully
Firefox DefaultSearchEngine.US Removed successfully
Firefox SelectedSearchEngine Removed successfully
Firefox Proxy settings were reset.
"C:\ProgramData\boostwebapp" => File/Folder not found.
C:\ProgramData\H2NmLy.dat => Moved successfully.
C:\WINDOWS\SysWOW64\029B560A371F4E00AB32838EBC01B9E7 => Moved successfully.
C:\ProgramData\28341ff220e0446c9fff27c4493d622e => Moved successfully.
2015-05-28 => Error: No automatic fix found for this entry.
14:38 - 2015-05-28 14:38 - 00000000 ____D () C:\ProgramData\0f8be51fc7a84a16a49ae00b238d2a95 => Error: No automatic fix found for this entry.
C:\Users\Pradeepa\AppData\Local\d611a977fc6d24361b8e49f489329352 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{07C6E9B4-24F2-4321-8A7A-DF39931A65ED}" => key Removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{07C6E9B4-24F2-4321-8A7A-DF39931A65ED}" => key Removed successfully
C:\Windows\System32\Tasks\PCSB_Pradeepa_PCSpeedBoost_RS_WeeklyTask => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PCSB_Pradeepa_PCSpeedBoost_RS_WeeklyTask" => key Removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{0D8AA707-E11E-405A-BA3F-628BA05D71AE}" => key Removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0D8AA707-E11E-405A-BA3F-628BA05D71AE}" => key Removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ProPCCleaner_Start" => key Removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{A380FA02-F152-4B7A-9667-80692A996A6E}" => key Removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A380FA02-F152-4B7A-9667-80692A996A6E}" => key Removed successfully
C:\Windows\System32\Tasks\PCSB_Pradeepa_PCSpeedBoost_LogonTask => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PCSB_Pradeepa_PCSpeedBoost_LogonTask" => key Removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AD305BC8-1B89-48BF-ABB2-DF389AC995BD}" => key Removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AD305BC8-1B89-48BF-ABB2-DF389AC995BD}" => key Removed successfully
C:\Windows\System32\Tasks\{6015F274-DF5B-41B4-BB18-85DC0DCEC752} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{6015F274-DF5B-41B4-BB18-85DC0DCEC752}" => key Removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B35DAA05-6AA5-4297-B008-FAB18F31DB31}" => key Removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B35DAA05-6AA5-4297-B008-FAB18F31DB31}" => key Removed successfully
C:\Windows\System32\Tasks\PCSB_Pradeepa_PCSpeedBoost_RS_DailyTask => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PCSB_Pradeepa_PCSpeedBoost_RS_DailyTask" => key Removed successfully
SpeedBoost\PCSpeedBoost.exe => Error: No automatic fix found for this entry.
"C:\Program Files (x86)\PC SpeedBoost" => File/Folder not found.
"HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\Givceb119.sys" => key Removed successfully
HKLM\SYSTEM\CurrentControSe => Error: No automatic fix found for this entry.
t\Control\SafeBoot\Minimal\Malguwl119.sys => ""="Driver" => Error: No automatic fix found for this entry.
"HKLM\System\CurrentControlSet\Control\SafeBoot\Network\Givceb119.sys" => key Removed successfully
"HKLM\System\CurrentControlSet\Control\SafeBoot\Network\Malguwl119.sys" => key Removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{3E175CC0-86EF-46FC-8537-CFF578AA04CA} => value Removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{AF1D8777-20E7-4BBF-9FCE-3066B608F82F} => value Removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{53AAD0C0-E94E-4EE5-810B-E98F3510F770} => value Removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{2D98279B-D429-4515-85F5-F8A1721D1FA8} => value Removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{72BA4AF2-101A-49CF-AE99-100305039436} => value Removed successfully
"C:\ProgramData\boostwebapp\1.1.0.31\ikuamys.EXE" => File/Folder not found.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{D49A1E62-A31C-4818-9FD1-629B6E610416} => value Removed successfully
Restore point was successfully created.
EmptyTemp: => Removed 4.5 GB temporary data.


The system needed a reboot.

==== End of Fixlog 12:25:13 ====



#14 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:02:51 AM

Posted 03 June 2015 - 11:50 AM

Step 1

Please downloadesetlogo.pngOnline Scanner and save it to your Desktop.
  • Disable the realtime-protection of your antivirus and anti-malware programs because they might interfere with the scan.
  • Start installer.pngwith administartor privileges.
  • Select the option Yes, I accept the Terms of Use and click on Start.
  • Choose the following settings:
settings.png
  • Click on Start. The virus signature database will begin to download. This may take some time.
  • When completed the Online Scan will begin automatically.
    Note: This scan might take a long time! Please be patient.
  • When completed, click on Finish.
  • A log filelog.pngis created at logpath.png
    Copy and paste the content of this log file in your next reply.
esetlog.png

Note: Do not forget to re-enable your antivirus application after running the above scan!
eset.gif

Step 2

frst.pngfrstscan.png

Start FRST with administator privileges.
  • Make sure the following option is checked: addition.png
  • Press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
    Please copy and paste these logs in your next reply.
lesestoff.png

Can you please tell me which problems still persist now?
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#15 hlingam

hlingam
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:08:51 PM

Posted 04 June 2015 - 02:48 PM

Step 1: Log file after the ESET online Scanner ran,

 

ESETSmartInstaller@High as downloader log:
Can not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=688c13998b869c48b28a234dfc78cbee
# end=init
# utc_time=2015-06-03 05:04:16
# local_time=2015-06-03 01:04:16 (-0500, Eastern Daylight Time)
# country="India"
# osver=6.2.9200 NT 
Update Init
Update Download
Update Finalize
Updated modules version: 24155
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=688c13998b869c48b28a234dfc78cbee
# end=updated
# utc_time=2015-06-03 05:08:47
# local_time=2015-06-03 01:08:47 (-0500, Eastern Daylight Time)
# country="India"
# osver=6.2.9200 NT 
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=688c13998b869c48b28a234dfc78cbee
# engine=24155
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2015-06-04 01:13:48
# local_time=2015-06-03 09:13:48 (-0500, Eastern Daylight Time)
# country="India"
# lang=1033
# osver=6.2.9200 NT 
# compatibility_mode_1='McAfee Anti-Virus and Anti-Spyware'
# compatibility_mode=5124 16777214 100 97 34832612 118890043 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 3914859 10376419 0 0
# scanned=233033
# found=74
# cleaned=0
# scan_time=29099
sh=96A5AEBAF5A2C96B869168D409FAF54BC52F4BFB ft=1 fh=95a04965e73ede3e vn="a variant of Win64/Adware.Adpeak.C application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\005\cyycfhtzro64.exe.vir"
sh=28BA99B607AA2386FD063F60779923323B7C091C ft=1 fh=8291538623018cee vn="a variant of Win32/Toolbar.BitCocktail.C potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\V-bates\libapi2hook.dll.vir"
sh=FCC6E5F72538FEDB58BE1A7198A5D5D66B81834E ft=1 fh=790c124496a55473 vn="a variant of Win32/Toolbar.BitCocktail.C potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\V-bates\libinject2.dll.vir"
sh=3FAC7B4058F8EB1821A0A4D76134ED98CA3DF7EA ft=1 fh=19cb26363ce0943b vn="a variant of Win32/Toolbar.BitCocktail.C potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\V-bates\libredir2.dll.vir"
sh=9A4313ED047498DF2E94BE4E23D469975D320366 ft=0 fh=0000000000000000 vn="Win32/UnlimitedDownloads.D potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Common Files\DealAlly\node\conf.js.vir"
sh=3135E658F633705878984EEF46BFFCB3B072AA0B ft=1 fh=c71c00118990396c vn="a variant of Win32/UnlimitedDownloads.F potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Common Files\DealAlly\node\service.exe.vir"
sh=8ADFF97D11DAFBD0D321FFB1E6B9FB6990C0CF17 ft=0 fh=0000000000000000 vn="Win32/UnlimitedDownloads.D potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Common Files\Hoist Search\node\conf.js.vir"
sh=3135E658F633705878984EEF46BFFCB3B072AA0B ft=1 fh=c71c00118990396c vn="a variant of Win32/UnlimitedDownloads.F potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Common Files\Hoist Search\node\service.exe.vir"
sh=6AA9B920031A8608EB768EE4822F296799568251 ft=1 fh=c71c001189b57520 vn="a variant of Win32/AdWare.MultiPlug.BN application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\cosstminn\Kh_Gh.dll.vir"
sh=39EEC02A1FFFFB9AE09E2512D2173AA7922C79C4 ft=1 fh=c71c00116448cb73 vn="a variant of Win64/Adware.MultiPlug.D application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\cosstminn\Kh_Gh.x64.dll.vir"
sh=6B2F37FE313C1C42B127A42EDB18DDACCA243E2C ft=1 fh=1427d39a5484cf7e vn="a variant of MSIL/MyPCBackup.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\MyPC Backup\BackupStackUI.dll.vir"
sh=11B8D455B3768FC94ED175C72BED524866305025 ft=1 fh=bf7906e96ac12b62 vn="a variant of MSIL/RunElevated.A potentially unsafe application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\MyPC Backup\Configuration Updater.exe.vir"
sh=527D588D14CB85E352AF186AD5A5A3C966CC2532 ft=1 fh=d275acc407c52099 vn="a variant of Win32/MyPCBackup.D potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\MyPC Backup\MPCBClient.dll.0.old.vir"
sh=E193CD7154D960D9185D1D4ACB6EA651FB8E9F62 ft=1 fh=0da1b5f7cecafc70 vn="a variant of MSIL/MyPCBackup.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\MyPC Backup\MyPC Backup.exe.0.old.vir"
sh=798D644BF91719A79B513C8BCCE956C0C355CA6F ft=1 fh=e0fb99ac84073a86 vn="Win32/DealPly.AN potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\PriceMeterLiveUpdate\Update\1.3.23.0\goopdate.dll.vir"
sh=15ED5B6C5946E85E7A5C77F4A7689E4E76CCBAFB ft=1 fh=c71c0011fe889422 vn="Win32/Thinknice.E potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\DpInterface32.dll.vir"
sh=8FF07C7F0E7320A1EB53CADD4D30D3154FF33BBA ft=1 fh=f622fe8cae001c0b vn="Win64/Thinknice.F potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\DpInterface64.dll.vir"
sh=72971E4B87542575A876B36FB87879B416F4EC88 ft=1 fh=eb8c71c588367618 vn="a variant of Win32/Thinknice.B potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\DpInterfacef32.dll.vir"
sh=532A232C336AB1E5D65E829DFA191A71B96E2CC6 ft=1 fh=c71c001152b88659 vn="Win32/Thinknice.E potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\HpUI.exe.vir"
sh=9E99BBE4E9F6026A66DB442D589FF049D44E43E9 ft=1 fh=c71c001149569c6f vn="Win32/ELEX.AV potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\RSHP.exe.vir"
sh=55B49E6175EC153F5F6D595F7E36CF04D61C70AC ft=1 fh=c71c0011122aac36 vn="Win32/Thinknice.E potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\SearchProtect32.dll.vir"
sh=B1740CE6528491D6914E0015C836A3A8E31A28E9 ft=1 fh=667e6cf17acea18e vn="Win64/Thinknice.F potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\SearchProtect64.dll.vir"
sh=6148DAB05D76E4FCEF4B394B0F60D9ADB2E2AB1E ft=1 fh=c71c0011346812ac vn="Win32/ELEX.AV potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\SupIePluginServiceUpdate.exe.vir"
sh=03DBFA1572019E6B0A7745CA443E74CCA8FEEFFD ft=1 fh=c71c0011e74d8dee vn="Win32/Thinknice.B potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\SupTab.dll.vir"
sh=E9BEAFD5EF09360852ECDCC4312188064742E51A ft=1 fh=c71c0011421e8e27 vn="Win32/Thinknice.E potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\uninstall.exe.vir"
sh=E3C659B9CAA4B5CFF2906CA02EB3F178906A2416 ft=1 fh=c71c00117f5fd915 vn="Win32/Thinknice.E potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\WindowsSupportDll32.dll.vir"
sh=8B488C388E304F78CA88312A651D07494469D292 ft=1 fh=8013085d4e45f122 vn="Win64/Thinknice.D potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\WindowsSupportDll64.dll.vir"
sh=C064395FD68E943C1B3185A7D327AE01CD0ABF5A ft=1 fh=36f383857725220c vn="MSIL/Adware.PullUpdate.H application" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\Browser\prompt.exe.vir"
sh=C2BFEF60F3862EA2EF2F719E4B1C57ED2D54BD0B ft=1 fh=afd2e4a86221ede2 vn="a variant of Win64/Adware.CouponMarvel.A application" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\FlashBeat\FlashBeat.exe.vir"
sh=F77C1A49A361425F094D029A65A3AB3351FF5662 ft=1 fh=1419f4c54d873a93 vn="a variant of Win32/Adware.CouponMarvel.D application" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\FlashBeat\FlashBeat32.dll.vir"
sh=472620AD4095646223D9BDC283D0E742D2AA1091 ft=1 fh=c242169f090f1fc9 vn="a variant of Win64/Adware.CouponMarvel.B application" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\FlashBeat\FlashBeat64.dll.vir"
sh=60823E5C992E8A79CAA9388D55A35047576FA21D ft=1 fh=494fe9787e94078c vn="a variant of Win32/Adware.CouponMarvel.E application" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\FlashBeat\NSISHelper.dll.vir"
sh=39A247FB2B26EA556C628F21B3FFC4650C80EB97 ft=1 fh=836f283afb8d344e vn="a variant of Win32/Adware.CouponMarvel.D application" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\FlashBeat\SoftConfigTest.exe.vir"
sh=28768C96477E82EAFA478179FD7255488BA95A59 ft=1 fh=58ff7d86cb17140b vn="a variant of Win32/Adware.MultiPlug.HY application" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\{1f9ca189-3f43-6789-1f9c-ca1893f48624}\Ok_Bangaram_(2015)_-_320_-_[www.SouthMp3.CO].zip.exe.vir"
sh=28768C96477E82EAFA478179FD7255488BA95A59 ft=1 fh=58ff7d86cb17140b vn="a variant of Win32/Adware.MultiPlug.HY application" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\{361ea319-36f5-66df-361e-ea31936f8c64}\Ok_Bangaram_(2015)_-_320_-_[www.SouthMp3.CO].zip.exe.vir"
sh=28768C96477E82EAFA478179FD7255488BA95A59 ft=1 fh=58ff7d86cb17140b vn="a variant of Win32/Adware.MultiPlug.HY application" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\{5cf97880-2e60-a565-5cf9-978802e6e200}\Ok_Bangaram_(2015)_-_320_-_[www.SouthMp3.CO].zip.exe.vir"
sh=28768C96477E82EAFA478179FD7255488BA95A59 ft=1 fh=58ff7d86cb17140b vn="a variant of Win32/Adware.MultiPlug.HY application" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\{b3c7ae85-476d-187b-b3c7-7ae85476ba15}\Ok_Bangaram_(2015)_-_320_-_[www.SouthMp3.CO].zip.exe.vir"
sh=E2E1C92991F3C2B3DAF1F24D223C8D0738CFB08E ft=1 fh=c71c00110111363f vn="a variant of Win32/Adware.ConvertAd.RE application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Pradeepa\AppData\Local\5D46E0FF-1432823376-E211-A330-208984ECA4BC\onsf5ED.tmp.vir"
sh=A355BE6913EB3EEEA64AF55EC93A829B044E9879 ft=1 fh=361cc550cf19be75 vn="a variant of Win32/Adware.ConvertAd.RK application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Pradeepa\AppData\Local\5D46E0FF-1432823376-E211-A330-208984ECA4BC\pnsu5FD.exe.vir"
sh=82A7694EBAD68782CA67C01C583A8F12C597FD32 ft=1 fh=f244f32f17fdf3a0 vn="a variant of Win32/Adware.ConvertAd.RB application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Pradeepa\AppData\Local\5D46E0FF-1432823376-E211-A330-208984ECA4BC\rnsf5EC.exe.vir"
sh=0E61018423004C261903B09F714B1B98AFBA7D49 ft=1 fh=b65768fe62575019 vn="a variant of Win32/Adware.ConvertAd.QQ application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Pradeepa\AppData\Local\5D46E0FF-1432823376-E211-A330-208984ECA4BC\snsp5DB.tmp.vir"
sh=2FCEBC9997734A0FB36AF2C072A72130DDC1548E ft=1 fh=4ed2a84156cdf251 vn="a variant of MSIL/Adware.iBryte.F application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Pradeepa\AppData\Local\Browsersafeguard\BrowserSafeguard.exe.vir"
sh=34B9D1640D13BE7E0D8EE9E2C9024B52FEE6E3D7 ft=1 fh=3629e850807bd909 vn="MSIL/Adware.iBryte.F application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Pradeepa\AppData\Local\Browsersafeguard\uninstall.BrowserSafeguard.exe.vir"
sh=32BE00C9B8BD83BF621E433EC87DE21B08F82098 ft=1 fh=a4fbdca8e8e73dc7 vn="a variant of Win32/PriceGong.C potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Pradeepa\AppData\Local\SmartWeb\__u.exe.vir"
sh=085F77EB21E35804B09F1D53064AD09EDFD30F3B ft=1 fh=30d6e2c5eecf8f6b vn="a variant of Win32/Toolbar.CrossRider.CB potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Pradeepa\AppData\Roaming\hafPwBCY41nK7GdUOXVl.exe.vir"
sh=171D0DFAD4ABC8BFCFC3DE6AD9EB03DBA9CB60AC ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.C potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Pradeepa\AppData\Roaming\hafPwBCY41nK7GdUOXVl.vir"
sh=565407875B52B8871A5E40AF6867D2C7001729FD ft=1 fh=8c2335f384428732 vn="a variant of Win32/Toolbar.CrossRider.AX potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Pradeepa\AppData\Roaming\SBIRUWJ.exe.vir"
sh=C2CDF8F5CF8F8E7082898326B1937499DEFA5C63 ft=1 fh=4dce2de995a2d99e vn="a variant of Win32/Toolbar.CrossRider.CB potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Pradeepa\AppData\Roaming\X1J5Mh6BdzxCv9rZmVR.exe.vir"
sh=5D6F29C6E1C37B46B9EC3B46E76B2F6E0A5A81C8 ft=1 fh=cb17fc361a8e775f vn="a variant of Win32/Toolbar.CrossRider.CB potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Pradeepa\AppData\Roaming\YWNEQGCS.exe.vir"
sh=CB4880C5F2A408AB012092CFE59EF6DFF53AD12A ft=1 fh=d9d68bb2627a62ac vn="multiple threats" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Pradeepa\AppData\Roaming\OpenCandy\B25BBCFF4CF040EC8FBE2E7E4DFCC5CB\myradioplayerSetupx30012.exe.vir"
sh=EC7EC5D60C5A578BC9953115D368BECD05BA14B2 ft=1 fh=ecbff00cc7dcc0fd vn="a variant of Win32/Thinknice.B potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Pradeepa\AppData\Roaming\SupTab\SupTab.dll.vir"
sh=FA55D765ACECF0E142995558447BA1C0C64A95B9 ft=1 fh=8a5fed32a6adae19 vn="a variant of Win64/Systweak.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\WINDOWS\System32\roboot64.exe.vir"
sh=996E8D90F9A8BCFBA34C4F5BE6BB0AF22D27BB73 ft=1 fh=eb815731a9cd1b83 vn="a variant of Win64/NetFilter.A potentially unsafe application" ac=I fn="C:\AdwCleaner\Quarantine\C\WINDOWS\System32\drivers\{2635ac50-5488-40bf-9bfd-accb158f8f3f}w64.sys.vir"
sh=DF886E79B521BB68A87D7B300C1174FDDA8FE4F4 ft=1 fh=6542f1b8c404f51d vn="a variant of Win64/NetFilter.A potentially unsafe application" ac=I fn="C:\AdwCleaner\Quarantine\C\WINDOWS\System32\drivers\{55dce8ba-9dec-4013-937e-adbf9317d990}Gw64.sys.vir"
sh=0B77671D69706F23C1109472D043538E37BFC58A ft=1 fh=5e8973dc602be47f vn="a variant of Win64/NetFilter.A potentially unsafe application" ac=I fn="C:\AdwCleaner\Quarantine\C\WINDOWS\System32\drivers\{55dce8ba-9dec-4013-937e-adbf9317d990}w64.sys.vir"
sh=EA676CC66B4AB2A29BEE6211B30E5140DBD658E0 ft=0 fh=0000000000000000 vn="Win32/UnlimitedDownloads.D potentially unwanted application" ac=I fn="C:\Program Files (x86)\Common Files\Cache utility\node\conf.js"
sh=3135E658F633705878984EEF46BFFCB3B072AA0B ft=1 fh=c71c00118990396c vn="a variant of Win32/UnlimitedDownloads.F potentially unwanted application" ac=I fn="C:\Program Files (x86)\Common Files\Cache utility\node\service.exe"
sh=458FEF6D1A9874309182F3ECEDA928EB94158A07 ft=0 fh=0000000000000000 vn="Win32/UnlimitedDownloads.D potentially unwanted application" ac=I fn="C:\Program Files (x86)\Common Files\Common dictionary\node\conf.js"
sh=3135E658F633705878984EEF46BFFCB3B072AA0B ft=1 fh=c71c00118990396c vn="a variant of Win32/UnlimitedDownloads.F potentially unwanted application" ac=I fn="C:\Program Files (x86)\Common Files\Common dictionary\node\service.exe"
sh=93852C2E2430CD160819511090D401D85D6E7841 ft=0 fh=0000000000000000 vn="Win32/UnlimitedDownloads.D potentially unwanted application" ac=I fn="C:\Program Files (x86)\Common Files\Display settings\node\conf.js"
sh=3135E658F633705878984EEF46BFFCB3B072AA0B ft=1 fh=c71c00118990396c vn="a variant of Win32/UnlimitedDownloads.F potentially unwanted application" ac=I fn="C:\Program Files (x86)\Common Files\Display settings\node\service.exe"
sh=3F0D12A79D972606FA679D2CA8EE490E36C84D8D ft=1 fh=452fa00e8ed1ed5b vn="a variant of Win32/Adware.ConvertAd.QQ application" ac=I fn="C:\TDSSKiller_Quarantine\02.06.2015_12.54.32\susp0001\svc0000\tsk0000.dta"
sh=6716C9FC394BBCA8E0468EAAEBB0D5CB5AD535FE ft=1 fh=c40a9c84a48ba55a vn="a variant of Win64/Adware.PennyBee.I application" ac=I fn="C:\TDSSKiller_Quarantine\02.06.2015_12.54.32\susp0002\svc0000\tsk0000.dta"
sh=02E1E58BE25BC656589C5DC5AF311B9F2E5EA6E2 ft=1 fh=a94b1d23b6435b2a vn="Win32/Toolbar.Iminent.G potentially unwanted application" ac=I fn="C:\TDSSKiller_Quarantine\02.06.2015_12.54.32\susp0003\svc0000\tsk0000.dta"
sh=A570C4F7C3167E770D7ED58A6750B812396D4732 ft=1 fh=8af26d7a9f2db10f vn="a variant of Win32/Adware.PennyBee.U application" ac=I fn="C:\TDSSKiller_Quarantine\02.06.2015_12.54.32\susp0004\svc0000\tsk0000.dta"
sh=4A26D530F1CE41ED7D4358E5D173F9754A448085 ft=1 fh=706a4155ed80320e vn="a variant of Win64/Adware.PennyBee.I application" ac=I fn="C:\TDSSKiller_Quarantine\02.06.2015_12.54.32\susp0005\svc0000\tsk0000.dta"
sh=65D4118A76DA6D80D6D09103706FEB50031FEECF ft=1 fh=f82753b4dcf3f2b4 vn="a variant of Win32/Adware.PennyBee.U application" ac=I fn="C:\TDSSKiller_Quarantine\02.06.2015_12.54.32\susp0006\svc0000\tsk0000.dta"
sh=CD2A8683798D09B9D9A234666AB0D33B5342B663 ft=1 fh=f108dc17df498bb1 vn="Win32/Adware.ConvertAd.RN application" ac=I fn="C:\TDSSKiller_Quarantine\02.06.2015_12.54.32\susp0008\svc0000\tsk0000.dta"
sh=66159079491653590E59B993657CDD640C2B3EAC ft=1 fh=71a378737edc0009 vn="a variant of Win32/Adware.PennyBee.U application" ac=I fn="C:\TDSSKiller_Quarantine\02.06.2015_12.54.32\susp0009\svc0000\tsk0000.dta"
sh=F537726756F3819ABA7C898D21284AFA866195E9 ft=1 fh=c71c00115f0c7af6 vn="a variant of Win32/Adware.PennyBee.U application" ac=I fn="C:\TDSSKiller_Quarantine\02.06.2015_12.54.32\susp0010\svc0000\tsk0000.dta"
sh=6D2CF68F0985AF8537108809C981A1E2D7E81884 ft=1 fh=fe72414cd28c1f8b vn="Win32/VOPackage.BC potentially unwanted application" ac=I fn="C:\Users\Pradeepa\AppData\Local\nss6409.tmp"
sh=C26932E319CBB55EF075048CEE0931BDB4393F20 ft=1 fh=780b34063046b6f9 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Users\Pradeepa\AppData\Local\Adobe\AIH.89fd7ffce6c9b5136b65709a33766d3d760e23b3\GTB.exe"
sh=8F2432122CF5A940E2C8495A76B7A170CBA0634C ft=1 fh=ad8d2823fe7e5aea vn="a variant of Win32/InstallCore.PL potentially unwanted application" ac=I fn="C:\Users\Pradeepa\Downloads\Google_Talk_Setup (1).exe"
sh=8F2432122CF5A940E2C8495A76B7A170CBA0634C ft=1 fh=ad8d2823fe7e5aea vn="a variant of Win32/InstallCore.PL potentially unwanted application" ac=I fn="C:\Users\Pradeepa\Downloads\Google_Talk_Setup.exe"
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=688c13998b869c48b28a234dfc78cbee
# end=init
# utc_time=2015-06-04 01:14:26
# local_time=2015-06-03 09:14:26 (-0500, Eastern Daylight Time)
# country="India"
# osver=6.2.9200 NT 
Update Init
Update Download
Update Finalize
Updated modules version: 24161
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=688c13998b869c48b28a234dfc78cbee
# end=updated
# utc_time=2015-06-04 01:16:06
# local_time=2015-06-03 09:16:06 (-0500, Eastern Daylight Time)
# country="India"
# osver=6.2.9200 NT 
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=688c13998b869c48b28a234dfc78cbee
# engine=24161
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2015-06-04 03:29:14
# local_time=2015-06-03 11:29:14 (-0500, Eastern Daylight Time)
# country="India"
# lang=1033
# osver=6.2.9200 NT 
# compatibility_mode_1='McAfee Anti-Virus and Anti-Spyware'
# compatibility_mode=5124 16777214 100 97 34840739 118898170 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 3922986 10384546 0 0
# scanned=233471
# found=71
# cleaned=0
# scan_time=7987
sh=96A5AEBAF5A2C96B869168D409FAF54BC52F4BFB ft=1 fh=95a04965e73ede3e vn="a variant of Win64/Adware.Adpeak.C application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\005\cyycfhtzro64.exe.vir"
sh=28BA99B607AA2386FD063F60779923323B7C091C ft=1 fh=8291538623018cee vn="a variant of Win32/Toolbar.BitCocktail.C potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\V-bates\libapi2hook.dll.vir"
sh=FCC6E5F72538FEDB58BE1A7198A5D5D66B81834E ft=1 fh=790c124496a55473 vn="a variant of Win32/Toolbar.BitCocktail.C potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\V-bates\libinject2.dll.vir"
sh=3FAC7B4058F8EB1821A0A4D76134ED98CA3DF7EA ft=1 fh=19cb26363ce0943b vn="a variant of Win32/Toolbar.BitCocktail.C potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\V-bates\libredir2.dll.vir"
sh=9A4313ED047498DF2E94BE4E23D469975D320366 ft=0 fh=0000000000000000 vn="Win32/UnlimitedDownloads.D potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Common Files\DealAlly\node\conf.js.vir"
sh=8ADFF97D11DAFBD0D321FFB1E6B9FB6990C0CF17 ft=0 fh=0000000000000000 vn="Win32/UnlimitedDownloads.D potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Common Files\Hoist Search\node\conf.js.vir"
sh=3135E658F633705878984EEF46BFFCB3B072AA0B ft=1 fh=c71c00118990396c vn="a variant of Win32/UnlimitedDownloads.F potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Common Files\Hoist Search\node\service.exe.vir"
sh=6AA9B920031A8608EB768EE4822F296799568251 ft=1 fh=c71c001189b57520 vn="a variant of Win32/AdWare.MultiPlug.BN application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\cosstminn\Kh_Gh.dll.vir"
sh=39EEC02A1FFFFB9AE09E2512D2173AA7922C79C4 ft=1 fh=c71c00116448cb73 vn="a variant of Win64/Adware.MultiPlug.D application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\cosstminn\Kh_Gh.x64.dll.vir"
sh=6B2F37FE313C1C42B127A42EDB18DDACCA243E2C ft=1 fh=1427d39a5484cf7e vn="a variant of MSIL/MyPCBackup.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\MyPC Backup\BackupStackUI.dll.vir"
sh=11B8D455B3768FC94ED175C72BED524866305025 ft=1 fh=bf7906e96ac12b62 vn="a variant of MSIL/RunElevated.A potentially unsafe application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\MyPC Backup\Configuration Updater.exe.vir"
sh=527D588D14CB85E352AF186AD5A5A3C966CC2532 ft=1 fh=d275acc407c52099 vn="a variant of Win32/MyPCBackup.D potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\MyPC Backup\MPCBClient.dll.0.old.vir"
sh=E193CD7154D960D9185D1D4ACB6EA651FB8E9F62 ft=1 fh=0da1b5f7cecafc70 vn="a variant of MSIL/MyPCBackup.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\MyPC Backup\MyPC Backup.exe.0.old.vir"
sh=798D644BF91719A79B513C8BCCE956C0C355CA6F ft=1 fh=e0fb99ac84073a86 vn="Win32/DealPly.AN potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\PriceMeterLiveUpdate\Update\1.3.23.0\goopdate.dll.vir"
sh=15ED5B6C5946E85E7A5C77F4A7689E4E76CCBAFB ft=1 fh=c71c0011fe889422 vn="Win32/Thinknice.E potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\DpInterface32.dll.vir"
sh=8FF07C7F0E7320A1EB53CADD4D30D3154FF33BBA ft=1 fh=f622fe8cae001c0b vn="Win64/Thinknice.F potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\DpInterface64.dll.vir"
sh=72971E4B87542575A876B36FB87879B416F4EC88 ft=1 fh=eb8c71c588367618 vn="a variant of Win32/Thinknice.B potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\DpInterfacef32.dll.vir"
sh=532A232C336AB1E5D65E829DFA191A71B96E2CC6 ft=1 fh=c71c001152b88659 vn="Win32/Thinknice.E potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\HpUI.exe.vir"
sh=9E99BBE4E9F6026A66DB442D589FF049D44E43E9 ft=1 fh=c71c001149569c6f vn="Win32/ELEX.AV potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\RSHP.exe.vir"
sh=55B49E6175EC153F5F6D595F7E36CF04D61C70AC ft=1 fh=c71c0011122aac36 vn="Win32/Thinknice.E potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\SearchProtect32.dll.vir"
sh=B1740CE6528491D6914E0015C836A3A8E31A28E9 ft=1 fh=667e6cf17acea18e vn="Win64/Thinknice.F potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\SearchProtect64.dll.vir"
sh=6148DAB05D76E4FCEF4B394B0F60D9ADB2E2AB1E ft=1 fh=c71c0011346812ac vn="Win32/ELEX.AV potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\SupIePluginServiceUpdate.exe.vir"
sh=03DBFA1572019E6B0A7745CA443E74CCA8FEEFFD ft=1 fh=c71c0011e74d8dee vn="Win32/Thinknice.B potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\SupTab.dll.vir"
sh=E3C659B9CAA4B5CFF2906CA02EB3F178906A2416 ft=1 fh=c71c00117f5fd915 vn="Win32/Thinknice.E potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\WindowsSupportDll32.dll.vir"
sh=8B488C388E304F78CA88312A651D07494469D292 ft=1 fh=8013085d4e45f122 vn="Win64/Thinknice.D potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\WindowsSupportDll64.dll.vir"
sh=C064395FD68E943C1B3185A7D327AE01CD0ABF5A ft=1 fh=36f383857725220c vn="MSIL/Adware.PullUpdate.H application" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\Browser\prompt.exe.vir"
sh=C2BFEF60F3862EA2EF2F719E4B1C57ED2D54BD0B ft=1 fh=afd2e4a86221ede2 vn="a variant of Win64/Adware.CouponMarvel.A application" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\FlashBeat\FlashBeat.exe.vir"
sh=F77C1A49A361425F094D029A65A3AB3351FF5662 ft=1 fh=1419f4c54d873a93 vn="a variant of Win32/Adware.CouponMarvel.D application" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\FlashBeat\FlashBeat32.dll.vir"
sh=472620AD4095646223D9BDC283D0E742D2AA1091 ft=1 fh=c242169f090f1fc9 vn="a variant of Win64/Adware.CouponMarvel.B application" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\FlashBeat\FlashBeat64.dll.vir"
sh=60823E5C992E8A79CAA9388D55A35047576FA21D ft=1 fh=494fe9787e94078c vn="a variant of Win32/Adware.CouponMarvel.E application" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\FlashBeat\NSISHelper.dll.vir"
sh=39A247FB2B26EA556C628F21B3FFC4650C80EB97 ft=1 fh=836f283afb8d344e vn="a variant of Win32/Adware.CouponMarvel.D application" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\FlashBeat\SoftConfigTest.exe.vir"
sh=28768C96477E82EAFA478179FD7255488BA95A59 ft=1 fh=58ff7d86cb17140b vn="a variant of Win32/Adware.MultiPlug.HY application" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\{1f9ca189-3f43-6789-1f9c-ca1893f48624}\Ok_Bangaram_(2015)_-_320_-_[www.SouthMp3.CO].zip.exe.vir"
sh=28768C96477E82EAFA478179FD7255488BA95A59 ft=1 fh=58ff7d86cb17140b vn="a variant of Win32/Adware.MultiPlug.HY application" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\{361ea319-36f5-66df-361e-ea31936f8c64}\Ok_Bangaram_(2015)_-_320_-_[www.SouthMp3.CO].zip.exe.vir"
sh=28768C96477E82EAFA478179FD7255488BA95A59 ft=1 fh=58ff7d86cb17140b vn="a variant of Win32/Adware.MultiPlug.HY application" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\{5cf97880-2e60-a565-5cf9-978802e6e200}\Ok_Bangaram_(2015)_-_320_-_[www.SouthMp3.CO].zip.exe.vir"
sh=28768C96477E82EAFA478179FD7255488BA95A59 ft=1 fh=58ff7d86cb17140b vn="a variant of Win32/Adware.MultiPlug.HY application" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\{b3c7ae85-476d-187b-b3c7-7ae85476ba15}\Ok_Bangaram_(2015)_-_320_-_[www.SouthMp3.CO].zip.exe.vir"
sh=E2E1C92991F3C2B3DAF1F24D223C8D0738CFB08E ft=1 fh=c71c00110111363f vn="a variant of Win32/Adware.ConvertAd.RE application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Pradeepa\AppData\Local\5D46E0FF-1432823376-E211-A330-208984ECA4BC\onsf5ED.tmp.vir"
sh=A355BE6913EB3EEEA64AF55EC93A829B044E9879 ft=1 fh=361cc550cf19be75 vn="a variant of Win32/Adware.ConvertAd.RK application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Pradeepa\AppData\Local\5D46E0FF-1432823376-E211-A330-208984ECA4BC\pnsu5FD.exe.vir"
sh=82A7694EBAD68782CA67C01C583A8F12C597FD32 ft=1 fh=f244f32f17fdf3a0 vn="a variant of Win32/Adware.ConvertAd.RB application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Pradeepa\AppData\Local\5D46E0FF-1432823376-E211-A330-208984ECA4BC\rnsf5EC.exe.vir"
sh=0E61018423004C261903B09F714B1B98AFBA7D49 ft=1 fh=b65768fe62575019 vn="a variant of Win32/Adware.ConvertAd.QQ application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Pradeepa\AppData\Local\5D46E0FF-1432823376-E211-A330-208984ECA4BC\snsp5DB.tmp.vir"
sh=2FCEBC9997734A0FB36AF2C072A72130DDC1548E ft=1 fh=4ed2a84156cdf251 vn="a variant of MSIL/Adware.iBryte.F application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Pradeepa\AppData\Local\Browsersafeguard\BrowserSafeguard.exe.vir"
sh=34B9D1640D13BE7E0D8EE9E2C9024B52FEE6E3D7 ft=1 fh=3629e850807bd909 vn="MSIL/Adware.iBryte.F application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Pradeepa\AppData\Local\Browsersafeguard\uninstall.BrowserSafeguard.exe.vir"
sh=32BE00C9B8BD83BF621E433EC87DE21B08F82098 ft=1 fh=a4fbdca8e8e73dc7 vn="a variant of Win32/PriceGong.C potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Pradeepa\AppData\Local\SmartWeb\__u.exe.vir"
sh=085F77EB21E35804B09F1D53064AD09EDFD30F3B ft=1 fh=30d6e2c5eecf8f6b vn="a variant of Win32/Toolbar.CrossRider.CB potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Pradeepa\AppData\Roaming\hafPwBCY41nK7GdUOXVl.exe.vir"
sh=171D0DFAD4ABC8BFCFC3DE6AD9EB03DBA9CB60AC ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.C potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Pradeepa\AppData\Roaming\hafPwBCY41nK7GdUOXVl.vir"
sh=565407875B52B8871A5E40AF6867D2C7001729FD ft=1 fh=8c2335f384428732 vn="a variant of Win32/Toolbar.CrossRider.AX potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Pradeepa\AppData\Roaming\SBIRUWJ.exe.vir"
sh=C2CDF8F5CF8F8E7082898326B1937499DEFA5C63 ft=1 fh=4dce2de995a2d99e vn="a variant of Win32/Toolbar.CrossRider.CB potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Pradeepa\AppData\Roaming\X1J5Mh6BdzxCv9rZmVR.exe.vir"
sh=5D6F29C6E1C37B46B9EC3B46E76B2F6E0A5A81C8 ft=1 fh=cb17fc361a8e775f vn="a variant of Win32/Toolbar.CrossRider.CB potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Pradeepa\AppData\Roaming\YWNEQGCS.exe.vir"
sh=CB4880C5F2A408AB012092CFE59EF6DFF53AD12A ft=1 fh=d9d68bb2627a62ac vn="multiple threats" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Pradeepa\AppData\Roaming\OpenCandy\B25BBCFF4CF040EC8FBE2E7E4DFCC5CB\myradioplayerSetupx30012.exe.vir"
sh=EC7EC5D60C5A578BC9953115D368BECD05BA14B2 ft=1 fh=ecbff00cc7dcc0fd vn="a variant of Win32/Thinknice.B potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Pradeepa\AppData\Roaming\SupTab\SupTab.dll.vir"
sh=FA55D765ACECF0E142995558447BA1C0C64A95B9 ft=1 fh=8a5fed32a6adae19 vn="a variant of Win64/Systweak.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\WINDOWS\System32\roboot64.exe.vir"
sh=996E8D90F9A8BCFBA34C4F5BE6BB0AF22D27BB73 ft=1 fh=eb815731a9cd1b83 vn="a variant of Win64/NetFilter.A potentially unsafe application" ac=I fn="C:\AdwCleaner\Quarantine\C\WINDOWS\System32\drivers\{2635ac50-5488-40bf-9bfd-accb158f8f3f}w64.sys.vir"
sh=0B77671D69706F23C1109472D043538E37BFC58A ft=1 fh=5e8973dc602be47f vn="a variant of Win64/NetFilter.A potentially unsafe application" ac=I fn="C:\AdwCleaner\Quarantine\C\WINDOWS\System32\drivers\{55dce8ba-9dec-4013-937e-adbf9317d990}w64.sys.vir"
sh=EA676CC66B4AB2A29BEE6211B30E5140DBD658E0 ft=0 fh=0000000000000000 vn="Win32/UnlimitedDownloads.D potentially unwanted application" ac=I fn="C:\Program Files (x86)\Common Files\Cache utility\node\conf.js"
sh=3135E658F633705878984EEF46BFFCB3B072AA0B ft=1 fh=c71c00118990396c vn="a variant of Win32/UnlimitedDownloads.F potentially unwanted application" ac=I fn="C:\Program Files (x86)\Common Files\Cache utility\node\service.exe"
sh=458FEF6D1A9874309182F3ECEDA928EB94158A07 ft=0 fh=0000000000000000 vn="Win32/UnlimitedDownloads.D potentially unwanted application" ac=I fn="C:\Program Files (x86)\Common Files\Common dictionary\node\conf.js"
sh=3135E658F633705878984EEF46BFFCB3B072AA0B ft=1 fh=c71c00118990396c vn="a variant of Win32/UnlimitedDownloads.F potentially unwanted application" ac=I fn="C:\Program Files (x86)\Common Files\Common dictionary\node\service.exe"
sh=93852C2E2430CD160819511090D401D85D6E7841 ft=0 fh=0000000000000000 vn="Win32/UnlimitedDownloads.D potentially unwanted application" ac=I fn="C:\Program Files (x86)\Common Files\Display settings\node\conf.js"
sh=3135E658F633705878984EEF46BFFCB3B072AA0B ft=1 fh=c71c00118990396c vn="a variant of Win32/UnlimitedDownloads.F potentially unwanted application" ac=I fn="C:\Program Files (x86)\Common Files\Display settings\node\service.exe"
sh=3F0D12A79D972606FA679D2CA8EE490E36C84D8D ft=1 fh=452fa00e8ed1ed5b vn="a variant of Win32/Adware.ConvertAd.QQ application" ac=I fn="C:\TDSSKiller_Quarantine\02.06.2015_12.54.32\susp0001\svc0000\tsk0000.dta"
sh=6716C9FC394BBCA8E0468EAAEBB0D5CB5AD535FE ft=1 fh=c40a9c84a48ba55a vn="a variant of Win64/Adware.PennyBee.I application" ac=I fn="C:\TDSSKiller_Quarantine\02.06.2015_12.54.32\susp0002\svc0000\tsk0000.dta"
sh=02E1E58BE25BC656589C5DC5AF311B9F2E5EA6E2 ft=1 fh=a94b1d23b6435b2a vn="Win32/Toolbar.Iminent.G potentially unwanted application" ac=I fn="C:\TDSSKiller_Quarantine\02.06.2015_12.54.32\susp0003\svc0000\tsk0000.dta"
sh=A570C4F7C3167E770D7ED58A6750B812396D4732 ft=1 fh=8af26d7a9f2db10f vn="a variant of Win32/Adware.PennyBee.U application" ac=I fn="C:\TDSSKiller_Quarantine\02.06.2015_12.54.32\susp0004\svc0000\tsk0000.dta"
sh=4A26D530F1CE41ED7D4358E5D173F9754A448085 ft=1 fh=706a4155ed80320e vn="a variant of Win64/Adware.PennyBee.I application" ac=I fn="C:\TDSSKiller_Quarantine\02.06.2015_12.54.32\susp0005\svc0000\tsk0000.dta"
sh=65D4118A76DA6D80D6D09103706FEB50031FEECF ft=1 fh=f82753b4dcf3f2b4 vn="a variant of Win32/Adware.PennyBee.U application" ac=I fn="C:\TDSSKiller_Quarantine\02.06.2015_12.54.32\susp0006\svc0000\tsk0000.dta"
sh=CD2A8683798D09B9D9A234666AB0D33B5342B663 ft=1 fh=f108dc17df498bb1 vn="Win32/Adware.ConvertAd.RN application" ac=I fn="C:\TDSSKiller_Quarantine\02.06.2015_12.54.32\susp0008\svc0000\tsk0000.dta"
sh=66159079491653590E59B993657CDD640C2B3EAC ft=1 fh=71a378737edc0009 vn="a variant of Win32/Adware.PennyBee.U application" ac=I fn="C:\TDSSKiller_Quarantine\02.06.2015_12.54.32\susp0009\svc0000\tsk0000.dta"
sh=F537726756F3819ABA7C898D21284AFA866195E9 ft=1 fh=c71c00115f0c7af6 vn="a variant of Win32/Adware.PennyBee.U application" ac=I fn="C:\TDSSKiller_Quarantine\02.06.2015_12.54.32\susp0010\svc0000\tsk0000.dta"
sh=6D2CF68F0985AF8537108809C981A1E2D7E81884 ft=1 fh=fe72414cd28c1f8b vn="Win32/VOPackage.BC potentially unwanted application" ac=I fn="C:\Users\Pradeepa\AppData\Local\nss6409.tmp"
sh=C26932E319CBB55EF075048CEE0931BDB4393F20 ft=1 fh=780b34063046b6f9 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Users\Pradeepa\AppData\Local\Adobe\AIH.89fd7ffce6c9b5136b65709a33766d3d760e23b3\GTB.exe"
sh=8F2432122CF5A940E2C8495A76B7A170CBA0634C ft=1 fh=ad8d2823fe7e5aea vn="a variant of Win32/InstallCore.PL potentially unwanted application" ac=I fn="C:\Users\Pradeepa\Downloads\Google_Talk_Setup (1).exe"
sh=8F2432122CF5A940E2C8495A76B7A170CBA0634C ft=1 fh=ad8d2823fe7e5aea vn="a variant of Win32/InstallCore.PL potentially unwanted application" ac=I fn="C:\Users\Pradeepa\Downloads\Google_Talk_Setup.exe"
 
Step2: 
FRST.txt log file
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 29-05-2015
Ran by Pradeepa (administrator) on DEEPAM on 04-06-2015 08:01:39
Running from C:\FRST
Loaded Profiles: Pradeepa &  (Available Profiles: Pradeepa)
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(McAfee, Inc.) C:\Program Files\mcafee\msc\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe
(Power Software Ltd) C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Intel® Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(McAfee, Inc.) C:\Program Files\mcafee\msm\McSmtFwk.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\Platform\McUICnt.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [HotKeysCmds] => C:\windows\system32\hkcmd.exe
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [286192 2013-01-31] (Intel Corporation)
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [900704 2013-03-15] (Conexant Systems, Inc.)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [17097200 2013-08-16] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [193008 2013-08-16] (Lenovo(beijing) Limited)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-02-13] (Apple Inc.)
HKLM-x32\...\Run: [YouCam Tray] => C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe [168464 2012-10-30] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateP2GShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [217088 2012-04-18] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)
HKLM-x32\...\Run: [mcui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [537992 2014-04-25] (McAfee, Inc.)
HKLM-x32\...\Run: [Intel AppUp(SM) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-07-12] (Intel Corporation)
HKLM-x32\...\Run: [mcpltui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [537992 2014-04-25] (McAfee, Inc.)
HKLM-x32\...\Run: [PWRISOVM.EXE] => C:\Program Files (x86)\PowerISO\PWRISOVM.EXE [337432 2013-07-21] (Power Software Ltd)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896 2015-04-30] (Oracle Corporation)
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-21-3688121889-113363352-3167696593-1001\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [479744 2014-10-28] (Microsoft Corporation)
HKU\S-1-5-21-3688121889-113363352-3167696593-1001\...\MountPoints2: {7a7642b8-cbf2-11e4-bf23-0cd2926109df} - "G:\LaunchU3.exe" -a
HKU\S-1-5-21-3688121889-113363352-3167696593-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [479744 2014-10-28] (Microsoft Corporation)
HKU\S-1-5-21-3688121889-113363352-3167696593-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {7a7642b8-cbf2-11e4-bf23-0cd2926109df} - "G:\LaunchU3.exe" -a
Startup: C:\Users\Pradeepa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Ok_Bangaram_(2015)_-_320_-_[www.SouthMp3.CO].zip.lnk [2015-04-09]
ShortcutTarget: Ok_Bangaram_(2015)_-_320_-_[www.SouthMp3.CO].zip.lnk -> C:\ProgramData\{361ea319-36f5-66df-361e-ea31936f8c64}\Ok_Bangaram_(2015)_-_320_-_[www.SouthMp3.CO].zip.exe (No File)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
HKU\S-1-5-21-3688121889-113363352-3167696593-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3688121889-113363352-3167696593-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo13.msn.com
HKU\S-1-5-21-3688121889-113363352-3167696593-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://home.lenovo.com
HKU\S-1-5-21-3688121889-113363352-3167696593-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://home.lenovo.com
HKU\S-1-5-21-3688121889-113363352-3167696593-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3688121889-113363352-3167696593-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo13.msn.com
HKU\S-1-5-21-3688121889-113363352-3167696593-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://home.lenovo.com
HKU\S-1-5-21-3688121889-113363352-3167696593-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://home.lenovo.com
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-05-23] (Oracle Corporation)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-05-23] (Oracle Corporation)
DPF: HKLM-x32 {4FF78044-96B4-4312-A5B7-FDA3CB328095} 
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll [2014-04-25] (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll [2014-04-25] (McAfee, Inc.)
Tcpip\Parameters: [DhcpNameServer] 167.206.245.135 167.206.245.136 192.168.1.1
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
 
FireFox:
========
FF ProfilePath: C:\Users\Pradeepa\AppData\Roaming\Mozilla\Firefox\Profiles\pgx74g70.default
FF Homepage: hxxp://www.google.com/
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2014-04-25] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2013-12-10] (VideoLAN)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2014-02-27] (Adobe Systems)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2014-03-11] (Google, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-11-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-11-06] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-05-23] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-05-23] (Oracle Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2014-04-25] ()
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Pro 8\npnitromozilla.dll [2012-12-14] (Nitro PDF)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-06-03] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-06-03] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2014-02-27] (Adobe Systems)
FF Plugin HKU\S-1-5-21-3688121889-113363352-3167696593-1001: @talk.google.com/GoogleTalkPlugin -> C:\Users\Pradeepa\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2014-06-06] (Google)
FF Plugin HKU\S-1-5-21-3688121889-113363352-3167696593-1001: @talk.google.com/O1DPlugin -> C:\Users\Pradeepa\AppData\Roaming\Mozilla\plugins\npo1d.dll [2014-06-06] (Google)
FF Plugin HKU\S-1-5-21-3688121889-113363352-3167696593-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Pradeepa\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File
FF Plugin HKU\S-1-5-21-3688121889-113363352-3167696593-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Pradeepa\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File
FF Plugin HKU\S-1-5-21-3688121889-113363352-3167696593-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @talk.google.com/GoogleTalkPlugin -> C:\Users\Pradeepa\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2014-06-06] (Google)
FF Plugin HKU\S-1-5-21-3688121889-113363352-3167696593-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @talk.google.com/O1DPlugin -> C:\Users\Pradeepa\AppData\Roaming\Mozilla\plugins\npo1d.dll [2014-06-06] (Google)
FF Plugin HKU\S-1-5-21-3688121889-113363352-3167696593-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @tools.google.com/Google Update;version=3 -> C:\Users\Pradeepa\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File
FF Plugin HKU\S-1-5-21-3688121889-113363352-3167696593-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @tools.google.com/Google Update;version=9 -> C:\Users\Pradeepa\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File
FF Plugin ProgramFiles/Appdata: C:\Users\Pradeepa\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2014-06-06] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Pradeepa\AppData\Roaming\mozilla\plugins\npMeetingJoinPluginAOCUser.dll [2014-05-01] ()
FF Plugin ProgramFiles/Appdata: C:\Users\Pradeepa\AppData\Roaming\mozilla\plugins\npo1d.dll [2014-06-06] (Google)
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2013-08-16]
FF Extension: No Name - C:\Users\Pradeepa\AppData\Roaming\Mozilla\Firefox\Profiles\pgx74g70.default\extensions\d4db60df25f14dae9dd18@185c395f9e794c9ab86be3eb.com [not found]
StartMenuInternet: FIREFOX.EXE - firefox.exe
 
Chrome: 
=======
CHR Profile: C:\Users\Pradeepa\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Adblock Plus) - C:\Users\Pradeepa\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-06-03]
CHR Extension: (Bookmark Manager) - C:\Users\Pradeepa\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-04-26]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Pradeepa\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-04-26]
CHR Extension: (Google Wallet) - C:\Users\Pradeepa\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-04-25]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2015-05-01]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.)
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-28] (Microsoft Corporation)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1394816 2015-05-01] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1772672 2015-05-01] (Microsoft Corporation)
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15344 2013-01-31] (Intel Corporation)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [319376 2014-10-01] (Intel Corporation)
R2 Intel® Wireless Bluetooth® 4.0 Radio Management; C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe [161736 2013-04-15] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165760 2012-11-06] (Intel Corporation)
S3 LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [1662424 2014-02-19] ()
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-04-14] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [178528 2014-04-25] (McAfee, Inc.)
S3 McAWFwk; C:\Program Files\mcafee\msc\McAWFwk.exe [332080 2012-01-26] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [602944 2013-08-02] (McAfee, Inc.)
S2 McOobeSv; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [200728 2012-05-11] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1025712 2014-01-20] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219752 2014-03-17] (McAfee, Inc.)
R2 mfevtp; C:\windows\system32\mfevtps.exe [185792 2014-03-17] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273136 2013-04-18] ()
R2 NitroDriverReadSpool8; C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe [230408 2012-12-14] (Nitro PDF Software)
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [390632 2012-04-24] ()
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-03] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-03] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3388144 2013-04-18] (Intel® Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1366328 2013-03-28] (Motorola Solutions, Inc.)
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [70592 2014-03-17] (McAfee, Inc.)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [136408 2015-06-04] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-04-14] (Malwarebytes Corporation)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [180272 2014-03-17] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [311600 2014-03-17] (McAfee, Inc.)
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [69344 2014-03-17] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [522360 2014-03-17] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [783864 2014-03-17] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\system32\DRIVERS\mfencbdc.sys [422712 2014-01-20] (McAfee, Inc.)
S3 mfencrk; C:\Windows\system32\DRIVERS\mfencrk.sys [96592 2014-01-20] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [345456 2014-03-17] (McAfee, Inc.)
R3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew00.sys [3344352 2013-07-08] (Intel Corporation)
R3 rtsuvc; C:\Windows\system32\DRIVERS\rtsuvc.sys [8243272 2013-04-10] (Realtek Semiconductor Corp.)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-03] (Microsoft Corporation)
S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-13] ("CyberLink)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-06-04 08:03 - 2015-06-04 08:03 - 21860813 _____ () C:\Users\Pradeepa\Downloads\Unconfirmed 461570.crdownload
2015-06-04 07:58 - 2015-06-04 07:58 - 00019832 _____ () C:\Users\Pradeepa\Desktop\scsn.txt
2015-06-03 20:02 - 2015-06-03 20:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2015-06-03 13:03 - 2015-06-03 13:02 - 02870984 _____ (ESET) C:\Users\Pradeepa\Desktop\esetsmartinstaller_enu.exe
2015-06-03 13:02 - 2015-06-03 13:02 - 02870984 _____ (ESET) C:\Users\Pradeepa\Downloads\esetsmartinstaller_enu.exe
2015-06-02 15:40 - 2015-06-02 15:40 - 00053068 _____ () C:\Users\Pradeepa\Desktop\FRST_0206.txt
2015-06-02 15:40 - 2015-06-02 15:40 - 00037184 _____ () C:\Users\Pradeepa\Desktop\Addition_0206.txt
2015-06-02 15:23 - 2015-06-02 15:23 - 00001043 _____ () C:\Users\Pradeepa\Desktop\123.txt
2015-06-02 15:23 - 2015-06-02 15:23 - 00000000 ____D () C:\Users\Pradeepa\AppData\Roaming\EncryptStick
2015-06-02 14:36 - 2015-06-04 07:45 - 00136408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-06-02 14:36 - 2015-06-02 14:36 - 00001125 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-06-02 14:36 - 2015-06-02 14:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-06-02 14:36 - 2015-06-02 14:36 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-06-02 14:36 - 2015-06-02 14:36 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-06-02 14:36 - 2015-04-14 09:38 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-06-02 14:36 - 2015-04-14 09:37 - 00107736 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-06-02 14:36 - 2015-04-14 09:37 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-06-02 14:35 - 2015-06-02 13:58 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\Pradeepa\Desktop\mbam-setup-2.1.6.1022.exe
2015-06-02 14:22 - 2015-06-02 14:29 - 00000000 ____D () C:\AdwCleaner
2015-06-02 14:21 - 2015-06-02 13:58 - 02231296 _____ () C:\Users\Pradeepa\Desktop\AdwCleaner.exe
2015-06-02 13:48 - 2015-06-02 13:48 - 00064647 _____ () C:\Users\Pradeepa\Desktop\FRST.txt
2015-06-02 13:00 - 2015-06-02 13:00 - 00000000 ____D () C:\TDSSKiller_Quarantine
2015-06-02 08:33 - 2015-06-02 08:33 - 00001291 _____ () C:\Users\Pradeepa\Desktop\Revo Uninstaller.lnk
2015-06-02 08:33 - 2015-06-02 08:33 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2015-06-02 08:30 - 2015-06-02 08:24 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Pradeepa\Desktop\revosetup.exe
2015-06-02 08:29 - 2015-06-02 08:25 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\Pradeepa\Desktop\tdsskiller.exe
2015-06-01 19:30 - 2015-06-01 19:30 - 00000000 ____D () C:\Users\Pradeepa\AppData\Local\GWX
2015-06-01 17:37 - 2015-06-01 20:02 - 00000000 ____D () C:\Users\Pradeepa\Desktop\It's My Love Story (2011). telugu movie.DvdRip.XviD. ESubs.nanda36
2015-06-01 16:15 - 2014-02-17 22:22 - 656451053 _____ () C:\Users\Pradeepa\Desktop\Biriyani (2013) Lotus Telugu Tamil DVDRip 1CD By Team TQR.mkv
2015-06-01 15:31 - 2015-06-01 15:31 - 00290392 _____ () C:\WINDOWS\Minidump\060115-21203-01.dmp
2015-06-01 12:58 - 2015-06-01 12:58 - 00000000 ____D () C:\Users\Pradeepa\Desktop\Data
2015-06-01 11:42 - 2015-06-01 11:47 - 00000000 ____D () C:\Users\Pradeepa\Desktop\Rang De Basanti 2006 DVDRip{Dare~Devils }
2015-06-01 11:42 - 2015-06-01 11:42 - 00000000 ____D () C:\Users\Pradeepa\Desktop\7 Khoon Maaf - DVDScr - XviD - 1CDRip - [DDR]
2015-05-31 18:36 - 2015-05-31 18:36 - 00000000 ____D () C:\Program Files (x86)\ESET
2015-05-31 17:36 - 2015-06-04 08:01 - 00000000 ____D () C:\FRST
2015-05-30 23:11 - 2015-06-01 15:31 - 753279719 _____ () C:\WINDOWS\MEMORY.DMP
2015-05-30 23:11 - 2015-06-01 15:31 - 00000000 ____D () C:\WINDOWS\Minidump
2015-05-30 23:11 - 2015-05-30 23:11 - 00290448 _____ () C:\WINDOWS\Minidump\053015-29734-01.dmp
2015-05-29 00:41 - 2015-05-31 11:00 - 00000000 ____D () C:\WINDOWS\pss
2015-05-28 20:27 - 2015-06-03 12:41 - 00002214 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-05-28 20:27 - 2015-05-28 20:31 - 00002231 _____ () C:\Users\Pradeepa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
2015-05-28 14:38 - 2015-05-28 14:38 - 00000000 ____D () C:\ProgramData\0f8be51fc7a84a16a49ae00b238d2a95
2015-05-28 14:29 - 2015-05-28 14:31 - 00000000 ____D () C:\data_from_forms
2015-05-28 14:26 - 2013-08-22 09:25 - 00000824 _____ () C:\WINDOWS\system32\Drivers\etc\hp.bak
2015-05-28 14:25 - 2015-05-28 14:25 - 00000000 ____D () C:\Users\Pradeepa\AppData\Local\Downloaded Installations
2015-05-28 14:14 - 2015-05-28 14:17 - 149173944 _____ (ETS) C:\Users\Pradeepa\Downloads\TOEFL_Sampler_2014.exe
2015-05-19 10:54 - 2015-05-19 10:54 - 01213478 _____ () C:\Users\Pradeepa\Downloads\OS03691745_AppForm (7).zip
2015-05-19 10:54 - 2015-05-19 10:54 - 01213478 _____ () C:\Users\Pradeepa\Downloads\OS03691745_AppForm (6).zip
2015-05-19 10:54 - 2015-05-19 10:54 - 01213478 _____ () C:\Users\Pradeepa\Downloads\OS03691745_AppForm (5).zip
2015-05-19 10:53 - 2015-05-19 10:53 - 01213478 _____ () C:\Users\Pradeepa\Downloads\OS03691745_AppForm (4).zip
2015-05-19 10:53 - 2015-05-19 10:53 - 01213478 _____ () C:\Users\Pradeepa\Downloads\OS03691745_AppForm (3).zip
2015-05-15 23:40 - 2015-05-05 13:59 - 00792568 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-05-15 23:40 - 2015-05-05 13:59 - 00178168 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-05-13 17:30 - 2015-04-24 17:32 - 00036864 _____ (Microsoft Corporation) C:\WINDOWS\system32\UtcResources.dll
2015-05-13 17:30 - 2015-03-04 19:09 - 01429504 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2015-05-12 19:34 - 2015-04-30 16:35 - 00124112 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-12 19:34 - 2015-04-30 16:35 - 00102608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-05-12 18:30 - 2015-05-12 18:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-05-12 18:29 - 2015-05-12 18:29 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2015-05-12 18:29 - 2015-05-12 18:29 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2015-05-12 17:46 - 2015-04-09 20:34 - 02256896 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2015-05-12 17:46 - 2015-04-09 20:11 - 01943040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2015-05-12 17:46 - 2015-03-17 13:26 - 00467776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2015-05-12 17:46 - 2015-03-08 22:02 - 00057856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthhfenum.sys
2015-05-12 17:44 - 2015-04-30 19:05 - 00429568 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2015-05-12 17:44 - 2015-04-30 18:48 - 00358912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2015-05-12 17:44 - 2015-04-08 18:55 - 00410128 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe
2015-05-12 17:44 - 2015-04-01 18:22 - 02985984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2015-05-12 17:44 - 2015-04-01 18:20 - 04417536 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2015-05-12 17:44 - 2015-03-31 23:45 - 01491456 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbghelp.dll
2015-05-12 17:44 - 2015-03-31 22:31 - 01207296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbghelp.dll
2015-05-12 17:44 - 2015-03-30 01:47 - 00561928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2015-05-12 17:44 - 2015-03-26 23:27 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2015-05-12 17:44 - 2015-03-26 22:50 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2015-05-12 17:44 - 2015-03-26 22:48 - 01441792 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2015-05-12 17:44 - 2015-03-19 21:56 - 00080384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ahcache.sys
2015-05-12 17:44 - 2015-03-13 00:03 - 00239424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2015-05-12 17:44 - 2015-03-13 00:03 - 00154432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2015-05-12 17:44 - 2015-03-12 21:11 - 02162176 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2015-05-12 17:44 - 2015-03-12 20:39 - 01812992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRH.dll
2015-05-12 17:44 - 2015-03-12 20:29 - 00410017 _____ () C:\WINDOWS\system32\ApnDatabase.xml
2015-05-12 17:44 - 2015-03-10 21:49 - 00024576 _____ (Microsoft Corporation) C:\WINDOWS\system32\sdbinst.exe
2015-05-12 17:44 - 2015-03-10 21:09 - 00021504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sdbinst.exe
2015-05-12 17:44 - 2015-03-05 23:08 - 02067968 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpdshext.dll
2015-05-12 17:44 - 2015-03-05 22:47 - 01696256 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll
2015-05-12 17:44 - 2015-03-05 22:43 - 01969664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wpdshext.dll
2015-05-12 17:44 - 2015-03-03 21:32 - 00172544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Input.Inking.dll
2015-05-12 17:44 - 2015-03-03 21:12 - 00141824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Input.Inking.dll
2015-05-12 17:44 - 2015-02-17 19:19 - 00186368 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpapisrv.dll
2015-05-12 17:44 - 2015-01-29 20:53 - 02819584 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers.dll
2015-05-12 17:44 - 2014-11-14 02:58 - 00116736 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsDatabase.dll
2015-05-12 17:43 - 2015-04-13 18:48 - 04180480 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-05-12 17:43 - 2015-04-09 21:00 - 01996800 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2015-05-12 17:43 - 2015-04-09 20:50 - 01387008 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2015-05-12 17:43 - 2015-04-09 20:26 - 01560576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
2015-05-12 17:43 - 2015-04-02 20:35 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhotoMetadataHandler.dll
2015-05-12 17:43 - 2015-04-02 20:14 - 00364544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhotoMetadataHandler.dll
2015-05-12 17:43 - 2015-03-12 22:02 - 00316416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\udfs.sys
2015-05-12 17:42 - 2015-04-21 13:14 - 24971776 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-05-12 17:42 - 2015-04-21 12:50 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-05-12 17:42 - 2015-04-21 12:50 - 00417792 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec
2015-05-12 17:42 - 2015-04-21 12:49 - 02885120 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-05-12 17:42 - 2015-04-21 12:37 - 00633856 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll
2015-05-12 17:42 - 2015-04-21 12:35 - 00816640 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-05-12 17:42 - 2015-04-21 12:31 - 06025728 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-05-12 17:42 - 2015-04-21 12:24 - 19691008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-05-12 17:42 - 2015-04-21 12:13 - 00107520 _____ (Microsoft Corporation) C:\WINDOWS\system32\inseng.dll
2015-05-12 17:42 - 2015-04-21 12:11 - 00504320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-05-12 17:42 - 2015-04-21 12:09 - 00341504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\html.iec
2015-05-12 17:42 - 2015-04-21 12:08 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2015-05-12 17:42 - 2015-04-21 12:07 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2015-05-12 17:42 - 2015-04-21 12:05 - 00316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2015-05-12 17:42 - 2015-04-21 12:04 - 02278400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-05-12 17:42 - 2015-04-21 11:59 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-05-12 17:42 - 2015-04-21 11:58 - 00664576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-05-12 17:42 - 2015-04-21 11:52 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2015-05-12 17:42 - 2015-04-21 11:49 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-05-12 17:42 - 2015-04-21 11:49 - 00720384 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2015-05-12 17:42 - 2015-04-21 11:49 - 00374272 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2015-05-12 17:42 - 2015-04-21 11:46 - 02125824 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-05-12 17:42 - 2015-04-21 11:40 - 14401536 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-05-12 17:42 - 2015-04-21 11:38 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2015-05-12 17:42 - 2015-04-21 11:37 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2015-05-12 17:42 - 2015-04-21 11:36 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2015-05-12 17:42 - 2015-04-21 11:32 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-05-12 17:42 - 2015-04-21 11:31 - 04305920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-05-12 17:42 - 2015-04-21 11:28 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2015-05-12 17:42 - 2015-04-21 11:27 - 02352128 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-05-12 17:42 - 2015-04-21 11:26 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-05-12 17:42 - 2015-04-21 11:26 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2015-05-12 17:42 - 2015-04-21 11:25 - 02052608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2015-05-12 17:42 - 2015-04-21 11:17 - 12828672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-05-12 17:42 - 2015-04-21 11:15 - 01547264 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-05-12 17:42 - 2015-04-21 11:03 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-05-12 17:42 - 2015-04-21 11:02 - 01882112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-05-12 17:42 - 2015-04-21 10:58 - 01310208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-05-12 17:42 - 2015-04-21 10:56 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-05-06 22:09 - 2015-05-06 22:19 - 00060928 _____ () C:\Users\Pradeepa\Downloads\CEF_Ahmed.XLS
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-06-04 08:00 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-06-04 07:50 - 2014-12-08 00:59 - 00003930 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{DD07D13C-5A28-496D-9E46-B5A2B164563C}
2015-06-04 00:13 - 2014-08-10 13:38 - 00000934 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3688121889-113363352-3167696593-1001UA.job
2015-06-04 00:04 - 2014-12-03 14:24 - 02026267 _____ () C:\WINDOWS\WindowsUpdate.log
2015-06-03 23:38 - 2015-04-25 18:27 - 00000920 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-06-03 23:29 - 2014-04-20 01:08 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3688121889-113363352-3167696593-1001
2015-06-03 23:13 - 2014-08-10 13:38 - 00000882 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3688121889-113363352-3167696593-1001Core.job
2015-06-03 19:25 - 2015-01-02 17:21 - 02792448 ___SH () C:\Users\Pradeepa\Downloads\Thumbs.db
2015-06-03 12:57 - 2014-09-24 03:15 - 00865408 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-06-03 12:52 - 2015-04-25 18:27 - 00000916 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-06-03 12:52 - 2013-08-22 10:46 - 00309539 _____ () C:\WINDOWS\setupact.log
2015-06-03 12:52 - 2013-08-22 10:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-06-03 12:51 - 2014-03-22 00:27 - 29425268 _____ () C:\Users\Public\CAFADEBUG.log
2015-06-03 12:36 - 2014-12-07 10:57 - 00000008 __RSH () C:\ProgramData\ntuser.pol
2015-06-03 12:33 - 2015-04-25 18:27 - 00003892 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2015-06-03 12:33 - 2015-04-25 18:27 - 00003656 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2015-06-03 12:21 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\GroupPolicy
2015-06-03 12:21 - 2012-07-26 04:12 - 00000000 ___HD () C:\WINDOWS\system32\GroupPolicy
2015-06-02 15:30 - 2014-09-24 03:03 - 00574014 _____ () C:\WINDOWS\PFRO.log
2015-06-01 19:09 - 2014-04-25 14:26 - 00000000 ____D () C:\Users\Pradeepa\AppData\Roaming\vlc
2015-06-01 15:32 - 2014-12-03 14:04 - 00000000 ____D () C:\Users\Pradeepa
2015-06-01 12:41 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-05-31 00:58 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\system32\NDF
2015-05-30 23:25 - 2013-08-22 09:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2015-05-30 23:19 - 2015-02-24 23:38 - 00000000 ___HD () C:\ProgramData\CanonIJScan
2015-05-30 23:19 - 2015-02-24 23:26 - 00000000 ____D () C:\Users\Pradeepa\AppData\Roaming\Canon
2015-05-30 23:18 - 2015-02-24 22:48 - 00000000 ____D () C:\Program Files (x86)\Canon
2015-05-30 23:14 - 2014-03-22 00:47 - 00000000 ___RD () C:\Program Files (x86)\Skype
2015-05-30 23:12 - 2013-08-22 09:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2015-05-28 22:50 - 2013-08-16 05:25 - 00000000 ____D () C:\ProgramData\Package Cache
2015-05-28 20:27 - 2015-04-25 18:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-05-28 18:27 - 2015-03-17 21:54 - 00000000 ____D () C:\Program Files (x86)\Apple Software Update
2015-05-28 14:30 - 2014-11-17 22:44 - 00001158 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-05-28 14:29 - 2014-03-21 22:54 - 00000000 ____D () C:\Users\Pradeepa\AppData\Roaming\Macromedia
2015-05-26 13:42 - 2014-03-22 00:47 - 00000000 ____D () C:\Users\Pradeepa\AppData\Roaming\Skype
2015-05-23 21:18 - 2015-04-25 18:34 - 00000000 ____D () C:\Program Files (x86)\Java
2015-05-23 21:16 - 2015-04-25 18:35 - 00097888 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2015-05-16 02:34 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\rescache
2015-05-16 01:38 - 2014-04-18 01:09 - 00002457 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-05-15 23:39 - 2013-08-22 11:37 - 00005217 _____ () C:\WINDOWS\DtcInstall.log
2015-05-15 23:37 - 2013-08-22 10:44 - 00510400 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2015-05-15 23:22 - 2015-04-04 06:02 - 00000000 ___SD () C:\WINDOWS\SysWOW64\GWX
2015-05-15 23:22 - 2015-04-04 06:02 - 00000000 ___SD () C:\WINDOWS\system32\GWX
2015-05-15 23:22 - 2013-08-22 11:36 - 00000000 ___RD () C:\WINDOWS\ImmersiveControlPanel
2015-05-15 23:21 - 2014-09-24 02:53 - 00000000 ____D () C:\Program Files\Windows Journal
2015-05-15 23:21 - 2013-08-22 11:36 - 00000000 ___RD () C:\WINDOWS\ToastData
2015-05-15 23:21 - 2013-08-22 11:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-05-15 23:21 - 2013-08-22 11:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-05-15 23:21 - 2013-08-22 11:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-05-15 23:21 - 2013-08-22 11:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-05-15 23:21 - 2013-08-22 11:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-05-15 23:21 - 2013-08-22 11:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-05-15 23:21 - 2013-08-22 11:36 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools
2015-05-15 23:21 - 2013-08-22 11:36 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2015-05-15 23:21 - 2013-08-22 11:36 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-05-15 23:21 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\MediaViewer
2015-05-15 23:21 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\FileManager
2015-05-15 23:21 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\Camera
2015-05-15 23:21 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\system32\AdvancedInstallers
2015-05-15 23:19 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\sppui
2015-05-15 23:19 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\setup
2015-05-15 23:19 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\migwiz
2015-05-15 23:19 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\Com
2015-05-15 23:19 - 2013-08-22 11:36 - 00000000 ____D () C:\Program Files\Windows Portable Devices
2015-05-15 23:19 - 2013-08-22 11:36 - 00000000 ____D () C:\Program Files\Windows Photo Viewer
2015-05-15 23:19 - 2013-08-22 11:36 - 00000000 ____D () C:\Program Files\Windows Multimedia Platform
2015-05-15 23:19 - 2013-08-22 11:36 - 00000000 ____D () C:\Program Files\Common Files\System
2015-05-15 23:19 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\oobe
2015-05-15 23:19 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\Dism
2015-05-15 23:19 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\servicing
2015-05-15 23:12 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\system32\WinBioPlugIns
2015-05-15 23:12 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\system32\sppui
2015-05-15 23:12 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\system32\setup
2015-05-15 23:12 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\system32\Com
2015-05-15 23:12 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\IME
2015-05-15 23:12 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\system32\Sysprep
2015-05-15 23:12 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\system32\oobe
2015-05-15 23:11 - 2013-08-22 11:36 - 00000000 ___SD () C:\WINDOWS\system32\dsc
2015-05-15 23:11 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\system32\SystemResetPlatform
2015-05-15 23:11 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\system32\migwiz
2015-05-15 23:11 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\system32\Dism
2015-05-15 23:04 - 2013-08-22 11:36 - 00000000 ____D () C:\Program Files (x86)\Windows Portable Devices
2015-05-15 23:04 - 2013-08-22 11:36 - 00000000 ____D () C:\Program Files (x86)\Windows Photo Viewer
2015-05-15 23:04 - 2013-08-22 11:36 - 00000000 ____D () C:\Program Files (x86)\Windows Multimedia Platform
2015-05-15 23:03 - 2013-08-22 11:36 - 00000000 ____D () C:\Program Files\WindowsPowerShell
2015-05-15 22:59 - 2012-07-26 03:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2015-05-12 20:34 - 2014-12-01 19:02 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-05-12 19:20 - 2014-04-18 12:08 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-05-12 19:07 - 2014-04-18 12:08 - 140425016 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-05-05 00:24 - 2014-03-22 00:47 - 00000000 ____D () C:\ProgramData\Skype
 
==================== Files in the root of some directories =======
 
2014-08-24 13:23 - 2014-11-09 00:28 - 0000117 _____ () C:\Users\Pradeepa\AppData\Roaming\WB.CFG
2014-08-13 21:53 - 2014-08-13 21:53 - 0575544 _____ (ClickMeIn Limited) C:\Users\Pradeepa\AppData\Local\nss6409.tmp
2015-05-28 23:01 - 2015-05-28 23:01 - 0011790 _____ () C:\Users\Pradeepa\AppData\Local\Temp-log.txt
2013-08-16 05:22 - 2013-08-16 05:22 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-06-03 23:29
 
==================== End of log ============================
 
Additonal.txt log file:
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 29-05-2015
Ran by Pradeepa at 2015-06-04 08:03:48
Running from C:\FRST
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-3688121889-113363352-3167696593-500 - Administrator - Disabled)
Guest (S-1-5-21-3688121889-113363352-3167696593-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3688121889-113363352-3167696593-1003 - Limited - Enabled)
Pradeepa (S-1-5-21-3688121889-113363352-3167696593-1001 - Administrator - Enabled) => C:\Users\Pradeepa
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: McAfee Anti-Virus and Anti-Spyware (Disabled - Up to date) {ADA629C7-7F48-5689-624A-3B76997E0892}
AS: McAfee Anti-Virus and Anti-Spyware (Disabled - Out of date) {16C7C823-5972-5907-58FA-0004E2F9422F}
FW: McAfee Firewall (Disabled) {959DA8E2-3527-57D1-4915-924367AD4FE9}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Reader XI (11.0.11) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.11 - Adobe Systems Incorporated)
Apple Application Support (32-bit) (HKLM-x32\...\{447CDCE5-F555-429B-BFA6-642C3C6D684F}) (Version: 3.1.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{0DF7096B-715A-4233-8633-C7A16ED6D616}) (Version: 3.1.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{C4123106-B685-48E6-B9BD-E4F911841EB4}) (Version: 8.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.64.52.0 - Conexant)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.0.2810 - CyberLink Corp.)
CyberLink PowerDirector 10 (Version: 10.0.0.2810 - CyberLink Corp.) Hidden
Dolby Advanced Audio v2 (HKLM-x32\...\{B9E70C7A-9F85-4A39-A4A3-BFA3C3BF7613}) (Version: 7.2.8000.17 - Dolby Laboratories Inc)
EditiX-Free XML Editor free-2008-sp2 (HKLM-x32\...\EditiX-Free XML Editor free-2008-sp2) (Version:  - JAPISoft)
Energy Management (HKLM-x32\...\InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}) (Version: 8.0.2.11 - Lenovo)
Energy Management (x32 Version: 8.0.2.11 - Lenovo) Hidden
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.81 - Google Inc.)
Google Talk Plugin (HKLM-x32\...\{C1E3DFE7-4EAD-3E9E-A826-E06055BA5921}) (Version: 5.4.2.18903 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden
Intel AppUp(SM) center (HKLM-x32\...\Intel AppUp(SM) center 33057) (Version: 3.6.1.33057.10 - Intel)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1281 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3958 - Intel Corporation)
Intel® PROSet/Wireless Software for Bluetooth® Technology (HKLM\...\{302600C1-6BDF-4FD1-1305-148929CC1385}) (Version: 3.0.1305.0340 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.0.0.1083 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{e6d17d96-ddaa-476f-bb07-db601024ffb1}) (Version: 15.8.0 - Intel Corporation)
iTunes (HKLM\...\{D227565A-0033-40AD-89BA-653A205CDC11}) (Version: 12.1.1.4 - Apple Inc.)
Java 8 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)
Lenovo EasyCamera (HKLM-x32\...\{E0A7ED39-8CD6-4351-93C3-69CCA00D12B4}) (Version: 6.2.9200.10227 - Realtek Semiconductor Corp.)
Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.0.0.1219 - CyberLink Corp.)
Lenovo OneKey Recovery (Version: 8.0.0.1219 - CyberLink Corp.) Hidden
Lenovo pointing device (HKLM\...\Elantech) (Version: 11.4.14.1 - ELAN Microelectronic Corp.)
Lenovo PowerDVD10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.4331.52 - CyberLink Corp.)
Lenovo PowerDVD10 (x32 Version: 10.0.4331.52 - CyberLink Corp.) Hidden
Lenovo Solution Center (HKLM\...\{C51863E5-EB09-43A5-9D43-26A32587EEAC}) (Version: 2.4.002.00 - Lenovo Group Limited)
Lenovo YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 4.1.3423 - CyberLink Corp.)
Lenovo YouCam (x32 Version: 4.1.3423 - CyberLink Corp.) Hidden
Malwarebytes Anti-Malware version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
McAfee Internet Security (HKLM-x32\...\MSC) (Version: 12.8.957 - McAfee, Inc.)
Microsoft Lync 2010 Attendee (HKLM-x32\...\{6F72D695-5188-4484-B21E-E16CD89C4008}) (Version: 4.0.7577.4446 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Visio Professional 2003 (HKLM-x32\...\{90510409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 38.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 38.0 (x86 en-US)) (Version: 38.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 34.0 - Mozilla)
Nitro Pro 8 (HKLM\...\{34BE77EE-B563-49D7-A8A0-FFD76D29BBD3}) (Version: 8.0.10.7 - Nitro)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Power2Go (HKLM-x32\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 5.6.0.9109 - CyberLink Corp.)
PowerISO (HKLM-x32\...\PowerISO) (Version: 5.7 - Power Software Ltd)
Qualcomm Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.15 - Qualcomm Atheros Communications Inc.)
Realtek USB Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.2.9200.39036 - Realtek Semiconductor Corp.)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.4.0.9058 - Microsoft Corporation)
Skype™ 7.4 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.4.102 - Skype Technologies S.A.)
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.32494 - TeamViewer)
UserGuide (HKLM-x32\...\InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 1.0.0.15 - Lenovo)
UserGuide (x32 Version: 1.0.0.15 - Lenovo) Hidden
VLC media player 2.1.2 (HKLM\...\VLC media player) (Version: 2.1.2 - VideoLAN)
Windows Driver Package - Lenovo (ACPIVPC) System  (06/15/2012 8.1.0.1) (HKLM\...\71BC3FD63F450BA0A957AAECBDB4A000C4F2BE42) (Version: 06/15/2012 8.1.0.1 - Lenovo)
Windows Driver Package - Lenovo (WUDFRd) LenovoVhid  (06/19/2012 10.13.29.733) (HKLM\...\8A223E56FB1ED4F697B54E5BF96F1EB63B512684) (Version: 06/19/2012 10.13.29.733 - Lenovo)
WinRAR 5.21 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-3688121889-113363352-3167696593-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)
CustomCLSID: HKU\S-1-5-21-3688121889-113363352-3167696593-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Pradeepa\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-3688121889-113363352-3167696593-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Pradeepa\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-3688121889-113363352-3167696593-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)
CustomCLSID: HKU\S-1-5-21-3688121889-113363352-3167696593-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Pradeepa\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-3688121889-113363352-3167696593-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Pradeepa\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
 
==================== Restore Points =========================
 
15-05-2015 22:57:10 Windows Update
24-05-2015 08:33:42 Scheduled Checkpoint
28-05-2015 14:25:53 Installed TOEFL Sampler.
31-05-2015 01:05:23 Restore Operation
02-06-2015 08:34:48 Revo Uninstaller's restore point - WPM18.8.0.212
03-06-2015 12:22:20 Restore Point Created by FRST
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 09:25 - 2013-08-22 09:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {03EDDA8E-E32D-4C30-92AE-BCCD7D5BB4A0} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3688121889-113363352-3167696593-1001Core => C:\Users\Pradeepa\AppData\Local\Google\Update\GoogleUpdate.exe
Task: {0C896AE7-3213-4261-A8A0-27908A3FCBA4} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program => C:\Program Files\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2014-02-19] (Lenovo)
Task: {1A684D52-F88C-49EB-B946-6AE0A01C2A59} - System32\Tasks\Lenovo\LSC\LSCTaskService => C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCTaskService.exe [2014-02-19] ()
Task: {2A587C89-D90B-4098-89D8-057D79E5518D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-04-25] (Google Inc.)
Task: {36CB9F6E-F5F3-4DCE-A76D-7F7DF78FF5E1} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {3E119BC4-ECE3-4360-A829-35DB73389304} - \ProPCCleaner_Popup No Task File <==== ATTENTION
Task: {5069CBA7-BA23-45F5-834C-A4069CBBFC08} - System32\Tasks\Lenovo\Lenovo Solution Center Launcher => C:\Program Files\lenovo\lenovo solution center\App\LSCService.exe [2014-02-19] (Lenovo)
Task: {7338D91B-A378-44BC-9636-0F883893E370} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => schtasks
Task: {84AD8E10-7878-4987-AEEB-53A67A332684} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-05-06] (Microsoft Corporation)
Task: {8D9B8E3E-D892-44E9-B835-FCBAC6BC0A53} - System32\Tasks\Dolby Selector => C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe [2012-08-31] (Dolby Laboratories Inc.)
Task: {9CAAFACC-4A07-4D7A-B1A1-D5B258A9F109} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-05-12] (Microsoft Corporation)
Task: {9E91AF71-B9E2-43CA-A45A-8E3EC5779C16} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-05-06] (Microsoft Corporation)
Task: {A9146D45-6546-4A3C-A37A-4C515E3E1D77} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3688121889-113363352-3167696593-1001UA => C:\Users\Pradeepa\AppData\Local\Google\Update\GoogleUpdate.exe
Task: {A9E45091-494B-437D-A621-AA5036EC4A69} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\Logon => C:\Windows\system32\GWX\GWX.exe [2015-05-06] (Microsoft Corporation)
Task: {D37D4A63-F121-41D8-A8C4-CA4504374374} - System32\Tasks\Lenovo\LSC\LSCHardwareScan => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2014-02-19] ()
Task: {D42911DD-8705-4E49-91E8-63BFEA0DE7BB} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle => C:\Windows\system32\GWX\GWX.exe [2015-05-06] (Microsoft Corporation)
Task: {EB6682D6-7C33-4EA3-9711-E4ECD9287540} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-04-25] (Google Inc.)
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3688121889-113363352-3167696593-1001Core.job => C:\Users\Pradeepa\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3688121889-113363352-3167696593-1001UA.job => C:\Users\Pradeepa\AppData\Local\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (Whitelisted) ==============
 
2013-09-05 01:17 - 2013-09-05 01:17 - 04300456 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 16:23 - 2010-10-20 16:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2015-02-13 04:20 - 2015-02-13 04:20 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-02-13 04:20 - 2015-02-13 04:20 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2013-08-16 05:42 - 2012-04-24 06:43 - 00390632 _____ () C:\Program Files\CyberLink\Shared files\RichVideo64.exe
2013-09-05 01:14 - 2013-09-05 01:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 16:45 - 2010-10-20 16:45 - 08801120 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2015-06-03 12:40 - 2015-05-22 16:22 - 01281864 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.81\libglesv2.dll
2015-06-03 12:40 - 2015-05-22 16:22 - 00080712 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.81\libegl.dll
2013-08-16 05:18 - 2012-11-06 01:31 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll
2015-06-03 12:40 - 2015-05-22 16:22 - 14982472 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.81\PepperFlash\pepflashplayer.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\Windows:nlsPreferences
AlternateDataStreams: C:\WINDOWS\system32\Drivers\btmhsf.sys:Microsoft_Appcompat_ReinstallUpgrade
 
==================== Safe Mode (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\97645918.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Malguwl119.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\97645918.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-3688121889-113363352-3167696593-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Pradeepa\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
HKU\S-1-5-21-3688121889-113363352-3167696593-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> C:\Users\Pradeepa\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 167.206.245.135 - 167.206.245.136
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
HKLM\...\StartupApproved\Run: => "BTMTrayAgent"
HKLM\...\StartupApproved\Run: => "HotKeysCmds"
HKLM\...\StartupApproved\Run32: => "AnyProtect Scanner"
HKLM\...\StartupApproved\Run32: => "PC HealthFix"
HKLM\...\StartupApproved\Run32: => "BlockAndSurf"
HKU\S-1-5-21-3688121889-113363352-3167696593-1001\...\StartupApproved\StartupFolder: => "Ok_Bangaram_(2015)_-_320_-_[www.SouthMp3.CO].zip.lnk"
HKU\S-1-5-21-3688121889-113363352-3167696593-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\StartupFolder: => "Ok_Bangaram_(2015)_-_320_-_[www.SouthMp3.CO].zip.lnk"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{15D53714-7A89-4798-AA55-DF931DDDBD41}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
FirewallRules: [{55E6D168-923B-4D65-986A-E932060471A1}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
FirewallRules: [{38BFF3A2-14AC-4F54-AEB6-EF7AB0537901}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
FirewallRules: [{18E57BE9-953E-41F9-9749-D1B9BD9DD532}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
FirewallRules: [{FB33F8AB-4D13-4518-905C-000039F9E0C4}] => (Allow) C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe
FirewallRules: [{AB612F04-0F86-455E-B463-7C3548ED96F6}] => (Allow) C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe
FirewallRules: [{D58D3DAD-7507-49C9-AE57-1B7B0530E484}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{3D31DB7C-9014-4A44-B2FF-365CCD7DC970}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
FirewallRules: [{8EAE4F36-C1EA-4887-A585-B7C708C50010}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
FirewallRules: [{94BA6CE9-02ED-4AB6-A5CB-F9ED1D838884}] => (Allow) C:\Program Files (x86)\Lenovo\PowerDVD10\PowerDVD10.EXE
FirewallRules: [{2018520F-0503-44FD-9DCD-2735625B7EDA}] => (Allow) C:\Program Files (x86)\Lenovo\PowerDVD10\PowerDVD Cinema\PowerDVDCinema10.exe
FirewallRules: [{99C70D39-A5BE-4D78-B474-8778EC2E74E1}] => (Allow) C:\Program Files\CyberLink\PowerDirector10\PDR10.EXE
FirewallRules: [{96AB2F4C-B2F9-4B13-BE60-48F90E621EB5}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{768E7E40-0839-40BB-947A-9CC7D28A8C16}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{B01A85F1-BE27-4A73-9687-8124844C36ED}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{BD30CF13-4987-4B3A-B30A-9B54C8BD07A0}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{34F19DB5-9526-4711-8311-93BCA3ABD1A8}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{87DF2906-7614-4985-9372-14B0367CB2C3}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{2AB08BB5-171C-4889-BC12-075E5538EF1D}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{108EDEEB-A71E-4590-9C1D-99438DEBA3D1}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{65B7F9E9-77E9-406E-BE3B-4C9AA98CABFC}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Faulty Device Manager Devices =============
 
Name: Intel® Centrino® Wireless Bluetooth® 4.0 + High Speed Adapter
Description: Intel® Centrino® Wireless Bluetooth® 4.0 + High Speed Adapter
Class Guid: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}
Manufacturer: Intel Corporation
Service: BTHUSB
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: Qualcomm Atheros AR8172/8176/8178 PCI-E Fast Ethernet Controller (NDIS 6.30)
Description: Qualcomm Atheros AR8172/8176/8178 PCI-E Fast Ethernet Controller (ND