Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected By DNS Changer


  • This topic is locked This topic is locked
5 replies to this topic

#1 Geekdom

Geekdom

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:02:14 PM

Posted 20 July 2015 - 03:06 AM

Hey guys, I've been a lurker for a while and have been able to resolve most of the problems I've had without having to bother y'all and just skimming through threads. But with this current DNS changer that's hit my system I'm having my DNS changed constantly in my modem's settings to mainly Russian IPs and once a Bulgarian IP.
 
Haven't found a proper solution for this yet. It's also causing my pages to take forever to resolve.
 
I've tried hard resetting my router but that hasn't helped. Changing the DNS in my DNS settings (192.168.1.1/dns.html) lasts only for some time before which it changes to a malicious IP on its own.
 
Removed PUM.DNS registry files that I found with RogueKiller which was the only program detecting it but it decided to pop back up again after a restart.
 
The current DNS IP it's using is:
146.185.239.245
 
It doesn't seem to change my alternate DNS server, only the primary one.
 
Modem: D-Link DSL 2520U
 
Have attached the Addition.txt file with this post as well.
 
Thanks in advance and let me know if you need anything else from me!
 
 
Please find below the FRST.txt log below:
 
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 18-07-2015 01
Ran by Priya's (administrator) on PRIYA on 20-07-2015 13:10:01
Running from C:\Users\Priya's\Desktop\Kushal's Stuff
Loaded Profiles: Priya's (Available Profiles: Priya's)
Platform: Microsoft Windows 8 Pro (X86) OS Language: English (United Kingdom)
Internet Explorer Version 10 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
() C:\Program Files\Autodesk\Content Service\Connect.Service.ContentService.exe
(Broadcom Corporation.) C:\Windows\System32\BtwRSupportService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(ASUSTek Computer Inc.) C:\Program Files\ASUS\ASUS Ai Charger\AiChargerAP.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe
(Google) C:\Program Files\Google\Drive\googledrivesync.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Dropbox, Inc.) C:\Users\Priya's\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files\Evernote\Evernote\EvernoteClipper.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
(Google) C:\Program Files\Google\Drive\googledrivesync.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jucheck.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
() C:\Users\Priya's\Desktop\Kushal's Stuff\RogueKiller.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Microsoft Corporation) C:\Windows\System32\sfc.exe
(Microsoft Corporation) C:\Windows\WinSxS\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.17280_none_0606535398b4f643\TiWorker.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-05-15] (Apple Inc.)
HKLM\...\Run: [SDTray] => C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [3830224 2013-05-16] (Safer-Networking Ltd.)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [2296600 2013-08-01] (Logitech, Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [499608 2011-03-15] (Adobe Systems Incorporated)
HKLM\...\Run: [SwitchBoard] => C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM\...\Run: [AdobeCS5.5ServiceManager] => C:\Program Files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe [1523360 2011-01-12] (Adobe Systems Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [ASUS Ai Charger] => C:\Program Files\ASUS\ASUS Ai Charger\AiChargerAP.exe [547984 2012-08-13] (ASUSTek Computer Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [157992 2015-06-29] (Apple Inc.)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll [2013-06-14] (Logitech, Inc.)
Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]
HKU\S-1-5-21-698754671-3113082751-3385502478-1001\...\Run: [GoogleDriveSync] => C:\Program Files\Google\Drive\googledrivesync.exe [22012688 2015-06-20] (Google)
HKU\S-1-5-21-698754671-3113082751-3385502478-1001\...\Run: [Facebook Update] => "C:\Users\Priya's\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
HKU\S-1-5-21-698754671-3113082751-3385502478-1001\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [53288576 2015-06-30] (Skype Technologies S.A.)
HKU\S-1-5-21-698754671-3113082751-3385502478-1001\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-698754671-3113082751-3385502478-1001\...\Run: [Dropbox Update] => C:\Users\Priya's\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-18] (Dropbox, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2014-10-02]
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\Users\Priya's\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2015-07-09]
ShortcutTarget: Dropbox.lnk -> C:\Users\Priya's\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Priya's\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk [2014-01-30]
ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\Windows\system32\AcSignIcon.dll [2011-02-03] (Autodesk, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Priya's\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-06-27] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Priya's\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-06-27] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Priya's\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-06-27] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [GDriveBlacklistedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync32.dll [2015-06-20] (Google)
ShellIconOverlayIdentifiers: [GDriveSharedEditOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files\Google\Drive\googledrivesync32.dll [2015-06-20] (Google)
ShellIconOverlayIdentifiers: [GDriveSharedViewOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} => C:\Program Files\Google\Drive\googledrivesync32.dll [2015-06-20] (Google)
ShellIconOverlayIdentifiers: [GDriveSyncedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync32.dll [2015-06-20] (Google)
ShellIconOverlayIdentifiers: [GDriveSyncingOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync32.dll [2015-06-20] (Google)
BootExecute: autocheck autochk * sdnclean.exe
GroupPolicyScripts: Group Policy detected <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKU\S-1-5-21-698754671-3113082751-3385502478-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/en-in/?ocid=iehp
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2013-12-18] (Oracle Corporation)
BHO: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files\Evernote\Evernote\EvernoteIE.dll [2014-01-28] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll [2013-08-01] (Logitech, Inc.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2013-12-18] (Oracle Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-08-30] (Apple Inc.)
Tcpip\..\Interfaces\{81E5DE78-D959-4E4C-9EB4-5AE16AD70F4A}: [DhcpNameServer] 10.0.0.1
 
FireFox:
========
FF ProfilePath: C:\Users\Priya's\AppData\Roaming\Mozilla\Firefox\Profiles\hivk6y9x.default
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1203133.dll [2013-06-26] (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2015-01-06] ()
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll [2014-06-06] (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2013-12-18] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2013-12-18] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll [2013-05-13] ( Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-16] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-16] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2013-07-31] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-698754671-3113082751-3385502478-1001: @citrixonline.com/appdetectorplugin -> C:\Users\Priya's\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2013-11-17] (Citrix Online)
FF Plugin HKU\S-1-5-21-698754671-3113082751-3385502478-1001: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Priya's\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll No File
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-06-19]
FF HKLM\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2013-10-11]
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\itms.js [2015-06-23]
 
Chrome: 
=======
CHR Profile: C:\Users\Priya's\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Bejeweled) - C:\Users\Priya's\AppData\Local\Google\Chrome\User Data\Default\Extensions\adpkifcfcacgmnggcbpbjbkdijciiigm [2015-04-18]
CHR Extension: (Google Docs) - C:\Users\Priya's\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-09-09]
CHR Extension: (Google Drive) - C:\Users\Priya's\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-09-09]
CHR Extension: (YouTube) - C:\Users\Priya's\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-09-09]
CHR Extension: (Awesome Screenshot Minus) - C:\Users\Priya's\AppData\Local\Google\Chrome\User Data\Default\Extensions\bnophbnknjcjnbadhhkciahanapffepm [2015-06-19]
CHR Extension: (OneTab) - C:\Users\Priya's\AppData\Local\Google\Chrome\User Data\Default\Extensions\chphlpgkkbolifaimnlloiipkdnihall [2015-07-05]
CHR Extension: (Google Search) - C:\Users\Priya's\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-09-09]
CHR Extension: (AutoCAD 360) - C:\Users\Priya's\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcjeclnkejmbepoibfnamioojinoopln [2015-04-18]
CHR Extension: (Unlimited Free VPN - Hola) - C:\Users\Priya's\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio [2015-07-07]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\Priya's\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2015-06-12]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Priya's\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-14]
CHR Extension: (Google Wallet) - C:\Users\Priya's\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-09]
CHR Extension: (Gmail) - C:\Users\Priya's\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-09-09]
CHR HKU\S-1-5-21-698754671-3113082751-3385502478-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - https://clients2.google.com/service/update2/crx
 
========================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 Autodesk Content Service; C:\Program Files\Autodesk\Content Service\Connect.Service.ContentService.exe [18656 2011-02-02] ()
R2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [1680088 2013-10-28] (Broadcom Corporation.)
R2 c2cautoupdatesvc; C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1394816 2015-05-01] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1772672 2015-05-01] (Microsoft Corporation)
S3 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [1044816 2015-03-30] (Flexera Software, Inc.)
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-06-18] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1817560 2013-05-16] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [1033688 2013-05-16] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2013-05-15] (Safer-Networking Ltd.)
S2 Service KMSELDI; C:\Program Files\KMSpico\Service_KMS.exe [971968 2015-02-03] (@ByELDI) [File not signed]
S3 SwitchBoard; C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [14456 2015-01-31] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 AiCharger; C:\Windows\System32\drivers\AiCharger.sys [13952 2012-03-22] (ASUSTek Computer Inc.)
R1 BasicRender; C:\Windows\System32\drivers\BasicRender.sys [24576 2012-07-26] (Microsoft Corporation)
R3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [175320 2013-10-28] (Broadcom Corporation.)
R3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63.sys [4704256 2012-06-02] (Broadcom Corporation)
R3 btwampfl; C:\Windows\system32\DRIVERS\btwampfl.sys [144600 2013-10-28] (Broadcom Corporation.)
S3 eapihdrv; C:\Users\Priya's\AppData\Local\Temp\ehdrv.sys [135760 2015-07-14] (ESET)
R3 L1C; C:\Windows\system32\DRIVERS\L1C63x86.sys [93848 2012-06-22] (Qualcomm Atheros Co., Ltd.)
S3 LUsbFilt; C:\Windows\System32\Drivers\LUsbFilt.Sys [28312 2013-05-23] (Logitech, Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-06-18] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [98520 2015-07-20] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-06-18] (Malwarebytes Corporation)
R1 MpKsleb627dd9; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{5F8719C0-498D-464D-ADAD-97DBC89DC98F}\MpKsleb627dd9.sys [39168 2015-07-20] (Microsoft Corporation)
U3 TrueSight; C:\Windows\System32\Drivers\TrueSight.sys [35064 2015-07-20] ()
S3 WUDFSensorLP; C:\Windows\system32\DRIVERS\WUDFRd.sys [155136 2012-07-26] (Microsoft Corporation)
S3 WUDFWpdMtp; C:\Windows\System32\drivers\WUDFRd.sys [155136 2012-07-26] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-07-20 13:04 - 2015-07-20 13:10 - 00000000 ____D C:\FRST
2015-07-17 12:47 - 2015-07-17 14:22 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-07-16 18:57 - 2015-07-16 18:57 - 00000000 ____D C:\Users\Priya's\Tracing
2015-07-15 13:40 - 2015-06-15 20:52 - 13771264 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-07-15 13:40 - 2015-06-15 20:52 - 02056704 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-07-15 13:40 - 2015-06-15 20:52 - 01763328 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-07-15 13:40 - 2015-06-15 20:52 - 01181696 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-07-15 13:40 - 2015-06-15 20:52 - 00524288 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-07-15 13:39 - 2015-06-27 19:25 - 02865152 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-07-15 13:39 - 2015-06-15 20:52 - 00737280 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2015-07-15 13:39 - 2015-06-15 20:52 - 00690176 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-07-15 13:39 - 2015-06-15 20:52 - 00493056 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-07-15 13:39 - 2015-06-15 20:52 - 00357888 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-07-15 13:39 - 2015-06-15 20:52 - 00226816 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-07-15 13:39 - 2015-06-15 20:52 - 00226816 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-07-15 13:39 - 2015-06-15 20:52 - 00080384 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-07-15 13:39 - 2015-06-09 19:57 - 02801664 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2015-07-15 13:39 - 2015-01-07 09:27 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-07-15 13:38 - 2015-07-03 19:02 - 00035328 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-07-15 13:38 - 2015-07-03 18:46 - 00304128 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-07-15 13:38 - 2015-07-03 00:45 - 14384640 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-07-15 13:38 - 2015-06-25 07:23 - 03391488 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-07-15 13:38 - 2015-06-17 19:43 - 01150264 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2015-07-15 13:37 - 2015-06-27 20:04 - 00155992 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-07-15 13:37 - 2015-06-27 19:26 - 00839168 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-07-15 13:37 - 2015-06-27 19:26 - 00452608 _____ (Microsoft Corporation) C:\Windows\system32\SHCore.dll
2015-07-15 13:37 - 2015-06-27 19:25 - 00668160 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-07-15 13:37 - 2015-06-27 19:25 - 00273920 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-07-15 13:37 - 2015-06-25 23:39 - 00160256 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-07-15 13:37 - 2015-06-25 23:37 - 00246272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-07-15 13:36 - 2015-06-15 20:52 - 08858112 _____ (Microsoft Corporation) C:\Windows\system32\twinui.dll
2015-07-15 13:36 - 2015-06-15 20:52 - 02416640 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2015-07-15 13:36 - 2015-06-15 20:52 - 02037760 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2015-07-15 13:36 - 2015-06-15 20:52 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe
2015-07-15 13:35 - 2015-06-12 00:35 - 01079296 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-07-14 02:57 - 2015-07-14 02:57 - 00000000 ____D C:\Program Files\ESET
2015-07-13 18:54 - 2015-07-13 18:58 - 00000000 ____D C:\AdwCleaner
2015-07-13 18:47 - 2015-07-13 19:13 - 00001996 _____ C:\Users\Priya's\Desktop\Rkill.txt
2015-07-13 18:11 - 2015-07-20 12:29 - 00035064 _____ C:\Windows\system32\Drivers\TrueSight.sys
2015-07-13 18:10 - 2015-07-14 11:33 - 00000000 ____D C:\ProgramData\RogueKiller
2015-07-13 15:13 - 2015-07-13 15:13 - 00002259 _____ C:\Windows\epplauncher.mif
2015-07-13 14:41 - 2015-06-29 19:52 - 00024240 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2015-07-13 14:41 - 2015-06-29 19:00 - 00628224 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-07-13 14:41 - 2015-06-29 19:00 - 00587264 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-07-13 14:41 - 2015-06-29 18:59 - 00923648 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-07-13 14:41 - 2015-06-29 18:59 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-07-13 14:41 - 2015-06-29 18:59 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-07-13 14:41 - 2015-06-29 18:59 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-07-13 14:41 - 2015-06-26 18:36 - 00932864 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-07-13 14:40 - 2015-05-12 02:30 - 00753496 _____ (Microsoft Corporation) C:\Windows\system32\mcupdate_GenuineIntel.dll
2015-07-13 14:40 - 2015-05-07 18:34 - 00410739 _____ C:\Windows\system32\ApnDatabase.xml
2015-07-13 14:40 - 2015-05-01 00:29 - 04190720 _____ (Microsoft Corporation) C:\Windows\system32\sppsvc.exe
2015-07-13 14:40 - 2015-05-01 00:28 - 01000960 _____ (Microsoft Corporation) C:\Windows\system32\sppobjs.dll
2015-07-13 14:40 - 2015-05-01 00:28 - 00330752 _____ (Microsoft Corporation) C:\Windows\system32\sppwinob.dll
2015-07-13 14:40 - 2015-04-30 19:14 - 00478296 _____ C:\Windows\system32\locale.nls
2015-07-13 14:29 - 2015-07-13 14:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KMSpico
2015-07-13 14:29 - 2015-07-13 14:29 - 00000000 ____D C:\Program Files\KMSpico
2015-07-13 14:29 - 2010-12-06 07:46 - 00090112 _____ (Vestris Inc.) C:\Windows\system32\Vestris.ResourceLib.dll
2015-07-13 14:15 - 2015-07-13 14:15 - 00410851 _____ C:\Users\Priya's\AppData\Local\census.cache
2015-07-13 14:15 - 2015-07-13 14:15 - 00172487 _____ C:\Users\Priya's\AppData\Local\ars.cache
2015-07-13 14:10 - 2015-07-13 14:10 - 00000010 _____ C:\Users\Priya's\AppData\Local\sponge.last.runtime.cache
2015-07-13 14:09 - 2015-07-13 14:10 - 00000000 ____D C:\Program Files\KMSPico 10.0.6
2015-07-13 13:48 - 2013-09-28 08:26 - 00289352 _____ (Trend Micro Inc.) C:\Windows\system32\Drivers\tmcomm.sys
2015-07-13 13:47 - 2015-07-13 13:47 - 00000036 _____ C:\Users\Priya's\AppData\Local\housecall.guid.cache
2015-07-13 13:12 - 2015-07-13 13:43 - 00000000 ____D C:\ProgramData\F-Secure
2015-07-13 13:12 - 2015-07-13 13:12 - 00000000 ____D C:\Users\Priya's\AppData\Local\F-Secure
2015-07-10 13:00 - 2015-07-10 13:00 - 00001753 _____ C:\Users\Public\Desktop\iTunes.lnk
2015-07-10 13:00 - 2015-07-10 13:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-07-10 12:55 - 2015-07-10 12:59 - 00000000 ____D C:\Program Files\iTunes
2015-07-10 12:55 - 2015-07-10 12:55 - 00000000 ____D C:\Program Files\iPod
2015-07-09 23:29 - 2015-07-09 23:29 - 00000000 ____D C:\Users\Priya's\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-07-08 23:52 - 2015-07-08 23:52 - 00000000 ____D C:\Users\Priya's\AppData\Local\CrashDumps
2015-07-06 16:40 - 2015-07-07 11:49 - 00000000 ____D C:\Users\Priya's\Downloads\DSL-2520U-Z2-FW-Ver-1
2015-07-06 16:39 - 2015-07-06 16:39 - 01223405 _____ C:\Users\Priya's\Downloads\DSL-2520U-Z2-FW-Ver-1.zip
2015-07-06 16:15 - 2015-07-20 13:01 - 00098520 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-07-06 16:15 - 2015-07-06 16:15 - 00001060 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-07-06 16:15 - 2015-07-06 16:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-07-06 16:14 - 2015-07-17 12:46 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-07-06 16:14 - 2015-07-06 16:15 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware
2015-07-06 16:14 - 2015-06-18 08:41 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-07-06 16:11 - 2015-07-06 16:12 - 24345872 _____ (Malwarebytes Corporation ) C:\Users\Priya's\Downloads\mbam-setup-2.1.8.1057.exe
2015-07-05 13:15 - 2015-07-05 13:15 - 00050976 _____ C:\Users\Priya's\Documents\fdj.dwg
2015-07-05 01:39 - 2015-07-05 01:39 - 00000046 _____ C:\Users\Priya's\jagex_cl_runescape_LIVE.dat
2015-07-05 01:39 - 2015-07-05 01:39 - 00000000 ____D C:\Users\Priya's\.jagex_cache_32
2015-07-05 01:25 - 2015-07-05 05:05 - 00000024 _____ C:\Users\Priya's\random.dat
2015-07-05 01:25 - 2015-07-05 01:25 - 00000046 _____ C:\Users\Priya's\jagex_cl_oldschool_LIVE.dat
2015-07-05 01:25 - 2015-07-05 01:25 - 00000000 ____D C:\.jagex_cache_32
2015-07-05 01:24 - 2015-07-05 01:54 - 00000023 _____ C:\Users\Priya's\jagexappletviewer.preferences
2015-07-05 01:24 - 2015-07-05 01:24 - 00002096 _____ C:\Users\Priya's\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OldSchool RuneScape.lnk
2015-07-05 01:24 - 2015-07-05 01:24 - 00002066 _____ C:\Users\Priya's\Desktop\OldSchool RuneScape.lnk
2015-07-05 01:24 - 2015-07-05 01:24 - 00000000 ____D C:\Users\Priya's\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OldSchool RuneScape
2015-07-05 01:23 - 2015-07-05 01:39 - 00000000 ____D C:\Users\Priya's\jagexcache
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-07-20 13:10 - 2015-06-16 09:31 - 00000000 ____D C:\Users\Priya's\Desktop\Kushal's Stuff
2015-07-20 13:01 - 2015-06-18 15:49 - 00000938 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-698754671-3113082751-3385502478-1001UA.job
2015-07-20 12:36 - 2013-09-08 22:32 - 01128984 _____ C:\Windows\WindowsUpdate.log
2015-07-20 12:30 - 2012-07-26 12:23 - 00000000 ____D C:\Windows\system32\sru
2015-07-20 11:57 - 2014-02-07 20:52 - 00000948 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-698754671-3113082751-3385502478-1001UA.job
2015-07-20 11:27 - 2012-07-26 12:23 - 00000000 ____D C:\Windows\Microsoft.NET
2015-07-20 11:00 - 2015-06-18 15:49 - 00000886 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-698754671-3113082751-3385502478-1001Core.job
2015-07-20 10:51 - 2013-09-08 22:32 - 00848230 _____ C:\Windows\system32\PerfStringBackup.INI
2015-07-20 10:48 - 2013-09-09 00:58 - 00000000 ____D C:\Users\Priya's\AppData\Roaming\Skype
2015-07-20 10:48 - 2013-09-08 23:59 - 00000000 ____D C:\ProgramData\Skype
2015-07-20 10:47 - 2014-08-09 18:39 - 00000000 ___RD C:\Program Files\Skype
2015-07-20 10:47 - 2014-06-15 19:29 - 00000000 ___RD C:\Users\Priya's\Dropbox
2015-07-20 10:46 - 2014-06-15 19:13 - 00000000 ____D C:\Users\Priya's\AppData\Roaming\Dropbox
2015-07-20 10:45 - 2012-07-26 11:33 - 00034652 _____ C:\Windows\setupact.log
2015-07-20 10:44 - 2012-07-26 11:34 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-07-17 12:53 - 2013-09-09 00:19 - 00000000 ____D C:\Windows\system32\MRT
2015-07-16 18:57 - 2013-09-08 22:32 - 00000000 ____D C:\Users\Priya's
2015-07-16 17:22 - 2013-09-09 00:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2015-07-16 16:47 - 2012-07-26 12:23 - 00000000 ____D C:\Windows\rescache
2015-07-16 16:36 - 2012-07-26 12:13 - 00000000 ____D C:\Windows\CbsTemp
2015-07-16 16:21 - 2015-03-30 14:59 - 04011680 _____ C:\Windows\system32\FNTCACHE.DAT
2015-07-16 16:16 - 2012-07-26 12:23 - 00000000 ___RD C:\Windows\ToastData
2015-07-16 16:13 - 2013-09-08 23:47 - 00000906 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-07-16 16:13 - 2013-09-08 23:47 - 00000902 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-07-15 20:57 - 2014-02-07 20:52 - 00000926 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-698754671-3113082751-3385502478-1001Core.job
2015-07-15 19:13 - 2015-06-19 15:21 - 00000000 ____D C:\Program Files\Mozilla Firefox
2015-07-14 22:59 - 2013-09-08 23:48 - 00002129 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-07-14 11:34 - 2012-07-26 09:47 - 00262144 ___SH C:\Windows\system32\config\BBI
2015-07-14 02:52 - 2014-12-23 13:10 - 00792032 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-07-14 02:52 - 2014-12-23 13:10 - 00177632 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-07-13 14:50 - 2013-09-08 22:27 - 00011734 _____ C:\Windows\PFRO.log
2015-07-13 14:48 - 2014-12-23 13:06 - 00000000 ____D C:\Windows\system32\appraiser
2015-07-13 14:48 - 2014-07-24 20:54 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-07-13 14:33 - 2013-09-08 23:53 - 00000000 ____D C:\Users\Priya's\AppData\Roaming\uTorrent
2015-07-13 13:50 - 2013-11-17 13:47 - 03801600 ___SH C:\Users\Priya's\Desktop\Thumbs.db
2015-07-12 23:15 - 2012-07-26 12:23 - 00000000 ____D C:\Windows\AUInstallAgent
2015-07-10 14:58 - 2013-09-09 00:18 - 00000000 ____D C:\Users\Priya's\AppData\Roaming\Apple Computer
2015-07-10 12:55 - 2013-09-09 00:18 - 00000000 ____D C:\ProgramData\Apple Computer
2015-07-10 12:55 - 2013-09-09 00:18 - 00000000 ____D C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2015-07-10 12:55 - 2013-09-09 00:16 - 00000000 ____D C:\Program Files\Common Files\Apple
2015-07-10 12:33 - 2013-09-09 00:16 - 00000000 ____D C:\ProgramData\Apple
2015-07-08 15:14 - 2014-10-18 15:24 - 00000132 _____ C:\Users\Priya's\AppData\Roaming\Adobe PNG Format CS5 Prefs
2015-07-07 12:45 - 2012-07-26 13:57 - 00000000 ____D C:\Windows\SKB
2015-07-07 12:09 - 2013-09-09 00:23 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2015-07-06 17:45 - 2013-10-24 16:46 - 01165312 ___SH C:\Users\Priya's\Downloads\Thumbs.db
2015-07-06 16:15 - 2013-09-09 00:19 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-07-05 20:50 - 2013-09-09 00:22 - 00000000 ____D C:\Program Files\Spybot - Search & Destroy 2
2015-07-05 13:44 - 2015-02-17 16:06 - 00000000 ____D C:\Users\Priya's\Desktop\AoE
2015-07-05 13:44 - 2015-02-07 09:55 - 00000000 ____D C:\Users\Priya's\Desktop\Pari
2015-07-03 13:44 - 2013-09-08 23:46 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2015-07-03 08:49 - 2013-09-09 00:19 - 127070192 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-06-28 13:50 - 2015-06-19 15:53 - 00000000 ____D C:\Users\Priya's\AppData\Roaming\HandBrake
2015-06-22 13:33 - 2014-04-27 23:19 - 00000000 ____D C:\Users\Priya's\AppData\Local\Mozilla
 
==================== Files in the root of some directories =======
 
2014-10-18 15:24 - 2015-07-08 15:14 - 0000132 _____ () C:\Users\Priya's\AppData\Roaming\Adobe PNG Format CS5 Prefs
2015-07-13 14:15 - 2015-07-13 14:15 - 0172487 _____ () C:\Users\Priya's\AppData\Local\ars.cache
2015-07-13 14:15 - 2015-07-13 14:15 - 0410851 _____ () C:\Users\Priya's\AppData\Local\census.cache
2015-07-13 13:47 - 2015-07-13 13:47 - 0000036 _____ () C:\Users\Priya's\AppData\Local\housecall.guid.cache
2015-07-13 14:10 - 2015-07-13 14:10 - 0000010 _____ () C:\Users\Priya's\AppData\Local\sponge.last.runtime.cache
2015-03-30 17:05 - 2015-03-30 17:05 - 0000147 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
 
Some files in TEMP:
====================
C:\Users\Priya's\AppData\Local\Temp\dllnt_dump.dll
C:\Users\Priya's\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpkgfwow.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-07-12 23:59
 
==================== End of log ============================

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 18-07-2015 01
Ran by Priya's at 2015-07-20 13:19:27
Running from C:\Users\Priya's\Desktop\Kushal's Stuff
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-698754671-3113082751-3385502478-500 - Administrator - Disabled)
Guest (S-1-5-21-698754671-3113082751-3385502478-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-698754671-3113082751-3385502478-1003 - Limited - Enabled)
Priya's (S-1-5-21-698754671-3113082751-3385502478-1001 - Administrator - Enabled) => C:\Users\Priya's

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-698754671-3113082751-3385502478-1001\...\uTorrent) (Version: 3.3.1.30017 - BitTorrent Inc.)
2007 Microsoft Office Suite Service Pack 1 (SP1) (HKLM\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}) (Version: - Microsoft)
2007 Microsoft Office Suite Service Pack 1 (SP1) (Version: - Microsoft) Hidden
Adobe AIR (HKLM\...\Adobe AIR) (Version: 3.8.0.1280 - Adobe Systems Incorporated)
Adobe Community Help (HKLM\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.4.980 - Adobe Systems Incorporated.)
Adobe Photoshop CS3 (HKLM\...\Adobe_719d6f144d0c086a0dfa7ff76bb9ac1) (Version: 10.0 - Adobe Systems Incorporated)
Adobe Photoshop CS5.1 (HKLM\...\{9158FF30-78D7-40EF-B83E-451AC5334640}) (Version: 12.1 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM\...\Adobe Shockwave Player) (Version: 12.0.3.133 - Adobe Systems, Inc.)
Age of Empires II HD © Microsoft Studios version 1 (HKLM\...\QWdlIG9mIEVtcGlyZXMgSUkgSEQgKGMpIE1pY3Jvc29mdCBTdHVkaW9z_is1) (Version: 1 - )
Apple Application Support (32-bit) (HKLM\...\{7FE25256-B7C1-480D-B736-10A67A833AEA}) (Version: 3.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{538227C6-C74B-4A74-99E1-2C0B4F9DA5E1}) (Version: 8.2.1.3 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ASUS Ai Charger (HKLM\...\{7FB64E72-9B0E-4460-A821-040C341E414A}) (Version: 1.03.00 - ASUSTeK Computer Inc.)
AutoCAD 2009 - English (HKLM\...\AutoCAD 2009 - English) (Version: 17.2.56.0 - Autodesk)
AutoCAD 2009 - English (Version: 17.2.56.0 - Autodesk) Hidden
AutoCAD 2012 - English (HKLM\...\AutoCAD 2012 - English) (Version: 18.2.51.0 - Autodesk)
AutoCAD 2012 - English (Version: 18.2.51.0 - Autodesk) Hidden
AutoCAD 2012 Language Pack - English (Version: 18.2.51.0 - Autodesk) Hidden
Autodesk Content Service (HKLM\...\{086F9A69-CD39-4893-A9FB-D3A0634CE3F7}) (Version: 2.0.90 - Autodesk)
Autodesk Inventor Fusion 2012 (HKLM\...\Autodesk Inventor Fusion 2012) (Version: 1.0.0.79 - Autodesk, Inc.)
Autodesk Inventor Fusion 2012 (Version: 1.0.0.79 - Autodesk, Inc.) Hidden
Autodesk Inventor Fusion 2012 Language Pack (Version: 1.0.0.79 - Autodesk, Inc.) Hidden
Autodesk Inventor Fusion plug-in for AutoCAD 2012 (HKLM\...\Autodesk Inventor Fusion plug-in for AutoCAD 2012) (Version: 0.0.1.138 - Autodesk)
Autodesk Inventor Fusion plug-in for AutoCAD 2012 (Version: 0.0.1.138 - Autodesk) Hidden
Autodesk Inventor Fusion plug-in language pack for AutoCAD 2012 (Version: 0.0.1.138 - Autodesk) Hidden
Autodesk Material Library 2012 (HKLM\...\{8F0837C2-EE09-4903-88F3-1976FE7FFF4E}) (Version: 2.5.0.8 - Autodesk)
Autodesk Material Library Base Resolution Image Library 2012 (HKLM\...\{65420DC9-306E-4371-905F-F4DC3B418E52}) (Version: 2.5.0.8 - Autodesk)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
CanSecure-Retail (HKLM\...\{5E4D6466-1917-4F6A-91FC-0A3EE4F31181}) (Version: 1.1.933 - Canara Bank)
Citrix Online Launcher (HKLM\...\{307ECD26-43D7-4AD4-82CF-794B63EDF096}) (Version: 1.0.141 - Citrix)
Dropbox (HKU\S-1-5-21-698754671-3113082751-3385502478-1001\...\Dropbox) (Version: 3.6.8 - Dropbox, Inc.)
eReg (Version: 1.20.138.34 - Logitech, Inc.) Hidden
ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version: - )
Evernote v. 5.1.2 (HKLM\...\{12FB6296-8840-11E3-86D7-00163E98E7D0}) (Version: 5.1.2.2387 - Evernote Corp.)
Facebook Video Calling 3.1.0.521 (HKLM\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
FARO LS 1.1.406.58 (HKLM\...\{951B0F30-9F1A-4BF6-B3DA-99EB0E917B1C}) (Version: 4.6.58.2 - FARO Scanner Production)
FileZilla Client 3.11.0.2 (HKLM\...\FileZilla Client) (Version: 3.11.0.2 - Tim Kosse)
FormatFactory 3.6.0.0 (HKLM\...\FormatFactory) (Version: 3.6.0.0 - Format Factory)
Google Chrome (HKLM\...\{AF69DB21-C080-3845-B5A1-62BB493085EF}) (Version: 65.130.49218 - Google, Inc.)
Google Drive (HKLM\...\{6EA8B94E-D869-4D96-88DF-5E1ECE1D6876}) (Version: 1.23.9648.8824 - Google, Inc.)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.28.1 - Google Inc.) Hidden
GoToMeeting 5.5.0.1132 (HKU\S-1-5-21-698754671-3113082751-3385502478-1001\...\GoToMeeting) (Version: 5.5.0.1132 - CitrixOnline)
HandBrake 0.10.2 (HKLM\...\HandBrake) (Version: 0.10.2 - )
iTunes (HKLM\...\{A3875CED-8B9B-47F5-9AB9-0C36DD2D8D18}) (Version: 12.2.0.145 - Apple Inc.)
Java 7 Update 51 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.510 - Oracle)
K-Lite Codec Pack 10.0.0 Full (HKLM\...\KLiteCodecPack_is1) (Version: 10.0.0 - )
KMSpico (HKLM\...\{8B29D47F-92E2-4C20-9EE0-F710991F5D7C}_is1) (Version: - )
Logitech SetPoint 6.61 (HKLM\...\sp6) (Version: 6.61.15 - Logitech)
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
Microsoft Office Professional Plus 2007 (HKLM\...\PROPLUS) (Version: 12.0.6215.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20513.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Mozilla Firefox 38.0.5 (x86 en-GB) (HKLM\...\Mozilla Firefox 38.0.5 (x86 en-GB)) (Version: 38.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 38.0.5 - Mozilla)
OldSchool RuneScape Launcher 1.2.5 (HKLM\...\{375893B6-C8DB-42B0-9547-6E4437542C33}) (Version: 1.2.5 - Jagex Ltd)
PDF Settings (Version: 1.0 - Adobe Systems Incorporated) Hidden
PDF Settings CS5 (Version: 10.0 - Adobe Systems Incorporated) Hidden
Picasa 3 (HKLM\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Skype Click to Call (HKLM\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.4.0.9058 - Microsoft Corporation)
Skype™ 7.6 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.6.105 - Skype Technologies S.A.)
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.1.19 - Safer-Networking Ltd.)
Steam (HKLM\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
VLC media player 2.0.8 (HKLM\...\VLC media player) (Version: 2.0.8 - VideoLAN)
WIDCOMM Bluetooth Software (HKLM\...\{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}) (Version: 6.2.1.100 - Broadcom Corporation)
WinRAR 5.00 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.00.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-698754671-3113082751-3385502478-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Priya's\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-698754671-3113082751-3385502478-1001_Classes\CLSID\{0A368B9B-3566-4730-B40E-EAF6858A53AF}\InprocServer32 -> C:\Users\Priya's\AppData\Local\Dropbox\Update\1.3.27.33\psuser.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-698754671-3113082751-3385502478-1001_Classes\CLSID\{28B7AA99-C0F9-4C47-995E-8A8D729603A1}\localserver32 -> C:\Program Files\AutoCAD 2009\acad.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-698754671-3113082751-3385502478-1001_Classes\CLSID\{2F1F7574-ECCA-4361-B4DE-C411BF7EEE23}\localserver32 -> C:\Program Files\AutoCAD 2009\acad.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-698754671-3113082751-3385502478-1001_Classes\CLSID\{3059C9E6-9EDC-4C89-933E-C65623F8FD60}\localserver32 -> C:\Users\Priya's\AppData\Local\Dropbox\Update\DropboxUpdate.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-698754671-3113082751-3385502478-1001_Classes\CLSID\{6AB55F46-2523-4701-A912-B226F46252BA}\localserver32 -> C:\Program Files\AutoCAD 2009\acad.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-698754671-3113082751-3385502478-1001_Classes\CLSID\{6D7AE628-FF41-4CD3-91DD-34825BB1A251}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2012 - English\acad.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-698754671-3113082751-3385502478-1001_Classes\CLSID\{7AABBB95-79BE-4C0F-8024-EB6AF271231C}\localserver32 -> C:\Program Files\AutoCAD 2009\acad.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-698754671-3113082751-3385502478-1001_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Program Files\Citrix\GoToMeeting\1132\G2MOutlookAddin.dll (Citrix Online, a division of Citrix Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-698754671-3113082751-3385502478-1001_Classes\CLSID\{87DC457B-B35D-48AC-BD42-BDF35EF623CE}\localserver32 -> C:\Users\Priya's\AppData\Local\Dropbox\Update\1.3.27.33\DropboxUpdateOnDemand.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-698754671-3113082751-3385502478-1001_Classes\CLSID\{8B9F5BF4-0407-4BB2-9FED-4C0372DABD00}\localserver32 -> C:\Users\Priya's\AppData\Local\Facebook\Video\Skype\FacebookVideoCallingProxy.exe No File
CustomCLSID: HKU\S-1-5-21-698754671-3113082751-3385502478-1001_Classes\CLSID\{9FAA38ED-5635-44F7-9BE0-8CAFE29B3783}\localserver32 -> C:\Users\Priya's\AppData\Local\Dropbox\Update\1.3.27.33\DropboxUpdateOnDemand.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-698754671-3113082751-3385502478-1001_Classes\CLSID\{B77E471C-FBF3-4CB5-880F-D7528AD4B349}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2012 - English\acad.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-698754671-3113082751-3385502478-1001_Classes\CLSID\{C0DD324D-A74F-4533-84AD-030F76771C77}\localserver32 -> C:\Users\Priya's\AppData\Local\Dropbox\Update\1.3.27.33\DropboxUpdateOnDemand.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-698754671-3113082751-3385502478-1001_Classes\CLSID\{C32E3EEC-3C10-426E-95F3-38C7F139FADD}\localserver32 -> C:\Users\Priya's\AppData\Local\Dropbox\Update\1.3.27.33\DropboxUpdateOnDemand.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-698754671-3113082751-3385502478-1001_Classes\CLSID\{C92FB640-AD4D-498A-9979-A51A2540C977}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2012 - English\acad.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-698754671-3113082751-3385502478-1001_Classes\CLSID\{CBE9C57E-FFA9-4123-8354-AD360D6DD3CC}\InprocServer32 -> C:\Users\Priya's\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll No File
CustomCLSID: HKU\S-1-5-21-698754671-3113082751-3385502478-1001_Classes\CLSID\{D166BD15-03AF-413A-BEFD-0679FF410B49}\InprocServer32 -> C:\Users\Priya's\AppData\Local\Dropbox\Update\1.3.27.29\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-698754671-3113082751-3385502478-1001_Classes\CLSID\{D70E31AD-2614-49F2-B0FC-ACA781D81F3E}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2012 - English\acad.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-698754671-3113082751-3385502478-1001_Classes\CLSID\{E2C40589-DE61-11ce-BAE0-0020AF6D7005}\InprocServer32 -> C:\Program Files\AutoCAD 2009\acadficn.dll (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-698754671-3113082751-3385502478-1001_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Priya's\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-698754671-3113082751-3385502478-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Priya's\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-698754671-3113082751-3385502478-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Priya's\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-698754671-3113082751-3385502478-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Priya's\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-698754671-3113082751-3385502478-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Priya's\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-698754671-3113082751-3385502478-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Priya's\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-698754671-3113082751-3385502478-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Priya's\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-698754671-3113082751-3385502478-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Priya's\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-698754671-3113082751-3385502478-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Priya's\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-698754671-3113082751-3385502478-1001_Classes\CLSID\{FE819BE5-BADF-4370-9913-6FB84ABA6FB1}\InprocServer32 -> C:\Users\Priya's\AppData\Local\Dropbox\Update\1.3.27.33\psuser.dll (Dropbox, Inc.)

==================== Restore Points =========================


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2012-07-26 09:47 - 2012-07-26 09:47 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {1BE3E310-9686-415C-9C6A-7DCD680733B2} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-698754671-3113082751-3385502478-1001UA => C:\Users\Priya's\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-18] (Dropbox, Inc.)
Task: {1D375F87-C7C5-4901-A208-52B39A136BE8} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-09-08] (Google Inc.)
Task: {4C324FAB-B481-4530-8AA7-6083B7F18F70} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {4E9E3326-F2AF-44A1-BF75-081157C95CB2} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-698754671-3113082751-3385502478-1001UA => C:\Users\Priya's\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: {67E855B8-8709-4CA6-8E75-EA6A9CA12EF0} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2015-07-03] (Microsoft Corporation)
Task: {7129B5A1-181B-43C2-AFFB-0ECA446C71E2} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files\Spybot - Search & Destroy 2\SDImmunize.exe [2013-05-16] (Safer-Networking Ltd.)
Task: {8A8BEA18-C112-422A-9E8B-EA4EB5B67598} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-698754671-3113082751-3385502478-1001Core => C:\Users\Priya's\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: {AC6542F6-8EB7-468F-9FF2-C711B6A4D34F} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-698754671-3113082751-3385502478-1001Core => C:\Users\Priya's\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-18] (Dropbox, Inc.)
Task: {BD78404D-8ADA-4C50-90AF-997D7FC79E8E} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe [2013-05-16] (Safer-Networking Ltd.)
Task: {C0E3A037-02B7-4EF4-8C94-8E54383D4771} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-09-08] (Google Inc.)
Task: {CE3A12E1-A62D-4158-80AD-82AC63D028F6} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files\Spybot - Search & Destroy 2\SDScan.exe [2013-05-16] (Safer-Networking Ltd.)
Task: {EAC23FED-A80F-48B0-BEC2-E85D54DE3E24} - System32\Tasks\AutoPico Daily Restart => C:\Program Files\KMSpico\AutoPico.exe [2015-02-03] (@ByELDI)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-698754671-3113082751-3385502478-1001Core.job => C:\Users\Priya's\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-698754671-3113082751-3385502478-1001UA.job => C:\Users\Priya's\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-698754671-3113082751-3385502478-1001Core.job => C:\Users\Priya's\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-698754671-3113082751-3385502478-1001UA.job => C:\Users\Priya's\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (Whitelisted) ==============

2015-05-15 16:27 - 2015-05-15 16:27 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-05-15 16:27 - 2015-05-15 16:27 - 01044776 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2011-02-02 14:08 - 2011-02-02 14:08 - 00018656 _____ () C:\Program Files\Autodesk\Content Service\Connect.Service.ContentService.exe
2013-09-09 00:22 - 2013-05-16 10:55 - 00113496 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2013-09-09 00:22 - 2013-05-16 10:55 - 00161112 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2013-09-09 00:22 - 2013-05-16 10:55 - 00416600 _____ () C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl
2013-09-09 00:22 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files\Spybot - Search & Destroy 2\sqlite3.dll
2013-09-09 00:22 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2015-07-20 10:45 - 2015-07-20 10:45 - 00043008 _____ () c:\users\priya's\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpkgfwow.dll
2015-07-09 23:29 - 2015-03-19 12:45 - 00750080 _____ () C:\Users\Priya's\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2015-07-09 23:29 - 2015-03-19 12:45 - 00047616 _____ () C:\Users\Priya's\AppData\Roaming\Dropbox\bin\libEGL.dll
2015-07-09 23:29 - 2015-03-19 12:45 - 00865280 _____ () C:\Users\Priya's\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll
2015-07-09 23:29 - 2015-03-19 12:45 - 00200704 _____ () C:\Users\Priya's\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll
2015-07-09 23:29 - 2015-03-19 12:45 - 00010240 _____ () C:\Users\Priya's\AppData\Roaming\Dropbox\bin\QtQuick.2\qtquick2plugin.dll
2015-07-09 23:29 - 2015-03-19 12:45 - 00726016 _____ () C:\Users\Priya's\AppData\Roaming\Dropbox\bin\QtQuick\Controls\qtquickcontrolsplugin.dll
2015-07-09 23:29 - 2015-03-19 12:45 - 00010240 _____ () C:\Users\Priya's\AppData\Roaming\Dropbox\bin\QtQuick\Window.2\windowplugin.dll
2014-01-22 13:29 - 2014-01-22 13:29 - 00433664 _____ () C:\Program Files\Evernote\Evernote\libxml2.dll
2014-01-22 13:29 - 2014-01-22 13:29 - 00315392 _____ () C:\Program Files\Evernote\Evernote\libtidy.dll
2015-07-20 10:45 - 2015-07-20 10:45 - 00098816 _____ () C:\Users\Priya's\AppData\Local\Temp\_MEI45562\win32api.pyd
2015-07-20 10:45 - 2015-07-20 10:45 - 00110080 _____ () C:\Users\Priya's\AppData\Local\Temp\_MEI45562\pywintypes27.dll
2015-07-20 10:45 - 2015-07-20 10:45 - 00364544 _____ () C:\Users\Priya's\AppData\Local\Temp\_MEI45562\pythoncom27.dll
2015-07-20 10:45 - 2015-07-20 10:45 - 00045568 _____ () C:\Users\Priya's\AppData\Local\Temp\_MEI45562\_socket.pyd
2015-07-20 10:45 - 2015-07-20 10:45 - 01161216 _____ () C:\Users\Priya's\AppData\Local\Temp\_MEI45562\_ssl.pyd
2015-07-20 10:45 - 2015-07-20 10:45 - 00320512 _____ () C:\Users\Priya's\AppData\Local\Temp\_MEI45562\win32com.shell.shell.pyd
2015-07-20 10:45 - 2015-07-20 10:45 - 00713216 _____ () C:\Users\Priya's\AppData\Local\Temp\_MEI45562\_hashlib.pyd
2015-07-20 10:45 - 2015-07-20 10:45 - 01175040 _____ () C:\Users\Priya's\AppData\Local\Temp\_MEI45562\wx._core_.pyd
2015-07-20 10:45 - 2015-07-20 10:45 - 00805888 _____ () C:\Users\Priya's\AppData\Local\Temp\_MEI45562\wx._gdi_.pyd
2015-07-20 10:45 - 2015-07-20 10:45 - 00811008 _____ () C:\Users\Priya's\AppData\Local\Temp\_MEI45562\wx._windows_.pyd
2015-07-20 10:45 - 2015-07-20 10:45 - 01062400 _____ () C:\Users\Priya's\AppData\Local\Temp\_MEI45562\wx._controls_.pyd
2015-07-20 10:45 - 2015-07-20 10:45 - 00735232 _____ () C:\Users\Priya's\AppData\Local\Temp\_MEI45562\wx._misc_.pyd
2015-07-20 10:45 - 2015-07-20 10:45 - 00682496 _____ () C:\Users\Priya's\AppData\Local\Temp\_MEI45562\pysqlite2._sqlite.pyd
2015-07-20 10:45 - 2015-07-20 10:45 - 00087552 _____ () C:\Users\Priya's\AppData\Local\Temp\_MEI45562\_ctypes.pyd
2015-07-20 10:45 - 2015-07-20 10:45 - 00119808 _____ () C:\Users\Priya's\AppData\Local\Temp\_MEI45562\win32file.pyd
2015-07-20 10:45 - 2015-07-20 10:45 - 00108544 _____ () C:\Users\Priya's\AppData\Local\Temp\_MEI45562\win32security.pyd
2015-07-20 10:45 - 2015-07-20 10:45 - 00007168 _____ () C:\Users\Priya's\AppData\Local\Temp\_MEI45562\hashobjs_ext.pyd
2015-07-20 10:45 - 2015-07-20 10:45 - 00068096 _____ () C:\Users\Priya's\AppData\Local\Temp\_MEI45562\usb_ext.pyd
2015-07-20 10:45 - 2015-07-20 10:45 - 00167936 _____ () C:\Users\Priya's\AppData\Local\Temp\_MEI45562\win32gui.pyd
2015-07-20 10:45 - 2015-07-20 10:45 - 00018432 _____ () C:\Users\Priya's\AppData\Local\Temp\_MEI45562\win32event.pyd
2015-07-20 10:45 - 2015-07-20 10:45 - 00128512 _____ () C:\Users\Priya's\AppData\Local\Temp\_MEI45562\_elementtree.pyd
2015-07-20 10:45 - 2015-07-20 10:45 - 00127488 _____ () C:\Users\Priya's\AppData\Local\Temp\_MEI45562\pyexpat.pyd
2015-07-20 10:45 - 2015-07-20 10:45 - 00013824 _____ () C:\Users\Priya's\AppData\Local\Temp\_MEI45562\common.time34.pyd
2015-07-20 10:45 - 2015-07-20 10:45 - 00036864 _____ () C:\Users\Priya's\AppData\Local\Temp\_MEI45562\_psutil_windows.pyd
2015-07-20 10:45 - 2015-07-20 10:45 - 00038912 _____ () C:\Users\Priya's\AppData\Local\Temp\_MEI45562\win32inet.pyd
2015-07-20 10:45 - 2015-07-20 10:45 - 00011264 _____ () C:\Users\Priya's\AppData\Local\Temp\_MEI45562\win32crypt.pyd
2015-07-20 10:45 - 2015-07-20 10:45 - 00070656 _____ () C:\Users\Priya's\AppData\Local\Temp\_MEI45562\wx._html2.pyd
2015-07-20 10:45 - 2015-07-20 10:45 - 00027136 _____ () C:\Users\Priya's\AppData\Local\Temp\_MEI45562\_multiprocessing.pyd
2015-07-20 10:45 - 2015-07-20 10:45 - 00020480 _____ () C:\Users\Priya's\AppData\Local\Temp\_MEI45562\_yappi.pyd
2015-07-20 10:45 - 2015-07-20 10:45 - 00035840 _____ () C:\Users\Priya's\AppData\Local\Temp\_MEI45562\win32process.pyd
2015-07-20 10:45 - 2015-07-20 10:45 - 00686080 _____ () C:\Users\Priya's\AppData\Local\Temp\_MEI45562\unicodedata.pyd
2015-07-20 10:45 - 2015-07-20 10:45 - 00122368 _____ () C:\Users\Priya's\AppData\Local\Temp\_MEI45562\wx._wizard.pyd
2015-07-20 10:45 - 2015-07-20 10:45 - 00024064 _____ () C:\Users\Priya's\AppData\Local\Temp\_MEI45562\win32pipe.pyd
2015-07-20 10:45 - 2015-07-20 10:45 - 00010240 _____ () C:\Users\Priya's\AppData\Local\Temp\_MEI45562\select.pyd
2015-07-20 10:45 - 2015-07-20 10:45 - 00025600 _____ () C:\Users\Priya's\AppData\Local\Temp\_MEI45562\win32pdh.pyd
2015-07-20 10:45 - 2015-07-20 10:45 - 00525640 _____ () C:\Users\Priya's\AppData\Local\Temp\_MEI45562\windows._lib_cacheinvalidation.pyd
2015-07-20 10:45 - 2015-07-20 10:45 - 00017408 _____ () C:\Users\Priya's\AppData\Local\Temp\_MEI45562\win32profile.pyd
2015-07-20 10:45 - 2015-07-20 10:45 - 00022528 _____ () C:\Users\Priya's\AppData\Local\Temp\_MEI45562\win32ts.pyd
2015-07-20 10:45 - 2015-07-20 10:45 - 00078336 _____ () C:\Users\Priya's\AppData\Local\Temp\_MEI45562\wx._animate.pyd
2015-06-02 20:50 - 2015-06-02 20:50 - 00039384 _____ () C:\Program Files\FileZilla FTP Client\fzshellext.dll
2015-07-14 22:58 - 2015-07-14 03:25 - 01281864 _____ () C:\Program Files\Google\Chrome\Application\43.0.2357.134\libglesv2.dll
2015-07-14 22:58 - 2015-07-14 03:25 - 00080712 _____ () C:\Program Files\Google\Chrome\Application\43.0.2357.134\libegl.dll
2015-07-13 18:08 - 2015-07-13 18:09 - 18070088 _____ () C:\Users\Priya's\Desktop\Kushal's Stuff\RogueKiller.exe
2015-07-14 22:58 - 2015-07-14 03:25 - 16308040 _____ () C:\Program Files\Google\Chrome\Application\43.0.2357.134\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-698754671-3113082751-3385502478-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Theme2\img10.jpg
DNS Servers: 10.0.0.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppextcomobj.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppextcomobj.exe
FirewallRules: [{F4517EBA-CAD9-4942-BD68-4BFDD9975E64}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{0FB72059-32D3-4FF9-9762-756F2DF19B0B}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{108999CE-8791-4737-8A35-6A95F6EEEB02}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [TCP Query User{58B666B0-D53D-4B55-800B-99C3A9C83BE7}C:\users\priya's\appdata\roaming\utorrent\utorrent.exe] => (Block) C:\users\priya's\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [UDP Query User{951E9483-94AD-40AC-B035-6D2BD65FE0A8}C:\users\priya's\appdata\roaming\utorrent\utorrent.exe] => (Block) C:\users\priya's\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [{C1B5E714-6D85-4D35-BD51-89E3B22534F7}] => (Allow) C:\Users\Priya's\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{17A20855-9EFC-4778-B9A0-09CB84FD5F9F}] => (Allow) C:\Users\Priya's\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [TCP Query User{ED92CBDF-01E1-4652-9E21-58B869F9DC98}C:\users\priya's\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\priya's\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{42413A0B-F709-4565-A772-34A8B0A9162D}C:\users\priya's\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\priya's\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [{DC3A11A0-EB24-40F9-8409-7FF92384106D}] => (Allow) C:\Users\Priya's\AppData\Local\Facebook\Video\Skype\FacebookVideoCalling.exe
FirewallRules: [{CE5E4788-0B4E-47CE-8547-F26AD6FEA642}] => (Allow) C:\Program Files\Steam\Steam.exe
FirewallRules: [{168976A5-9659-411C-832B-BE112DF6FF44}] => (Allow) C:\Program Files\Steam\Steam.exe
FirewallRules: [{E76DAD93-DC95-46CC-AC3D-08AC6E8DEFE1}] => (Allow) C:\Program Files\Steam\bin\steamwebhelper.exe
FirewallRules: [{4D74ADB9-07F5-49B8-9D55-C547F64A6627}] => (Allow) C:\Program Files\Steam\bin\steamwebhelper.exe
FirewallRules: [TCP Query User{CBC934CF-A193-432B-9941-5013F6A221A6}C:\users\priya's\appdata\roaming\utorrent\utorrent.exe] => (Block) C:\users\priya's\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [UDP Query User{80354719-3BCD-40FE-8502-A8216FCEFDC6}C:\users\priya's\appdata\roaming\utorrent\utorrent.exe] => (Block) C:\users\priya's\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [TCP Query User{BCC03703-2E59-4986-9D6C-258A3E6CD14A}C:\users\priya's\desktop\aoe ii\aoe ii\age2_x1.exe] => (Allow) C:\users\priya's\desktop\aoe ii\aoe ii\age2_x1.exe
FirewallRules: [UDP Query User{89467C4D-9C6C-4895-A315-79F19475B4A1}C:\users\priya's\desktop\aoe ii\aoe ii\age2_x1.exe] => (Allow) C:\users\priya's\desktop\aoe ii\aoe ii\age2_x1.exe
FirewallRules: [TCP Query User{58E80F6B-51E8-41F3-9694-69B7C7B5155E}C:\windows\system32\dplaysvr.exe] => (Allow) C:\windows\system32\dplaysvr.exe
FirewallRules: [UDP Query User{7F0D7695-EB04-48E5-9EE1-FAA6C2DDBC55}C:\windows\system32\dplaysvr.exe] => (Allow) C:\windows\system32\dplaysvr.exe
FirewallRules: [{0AD34837-6F07-4B26-BEBF-5C449AEAF04D}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{576D6F37-2244-4AC4-BF60-186630089BA0}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{B0FF0816-4224-4882-A4D6-A642B709708F}C:\program files\spybot - search & destroy 2\sdupdate.exe] => (Allow) C:\program files\spybot - search & destroy 2\sdupdate.exe
FirewallRules: [UDP Query User{BE3E4D21-9124-4BA6-BF00-B4FA8D8086FF}C:\program files\spybot - search & destroy 2\sdupdate.exe] => (Allow) C:\program files\spybot - search & destroy 2\sdupdate.exe
FirewallRules: [{A66B63F6-5A71-4EB9-AD0C-752338FE48E4}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{F2F00D23-6496-4B52-90A7-6997742CC5B5}] => (Allow) C:\Users\Priya's\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{D8AC589A-C683-4CCA-B2E9-721F365FE550}] => (Allow) C:\Users\Priya's\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{12E09C89-2495-4A3C-A4E5-6DCF9D08BC93}] => (Allow) LPort=1688
FirewallRules: [{1CAD77A9-B991-4BED-ABFE-C690B7581B78}] => (Allow) C:\Program Files\KMSpico\Service_KMS.exe
FirewallRules: [{E1036159-F977-428D-8D25-9DF6DB2368CB}] => (Allow) C:\Program Files\KMSpico\Service_KMS.exe
FirewallRules: [{FA7742EF-8ED2-48AD-8BDC-D4804CE6EA22}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot-S&D 2 Tray Icon
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (07/20/2015 12:47:06 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Priya)
Description: Activation of application Microsoft.SkypeApp_kzf8qxf38zg5c!App failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (07/20/2015 10:32:05 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Priya)
Description: Activation of application Microsoft.SkypeApp_kzf8qxf38zg5c!App failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (07/20/2015 10:32:05 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Priya)
Description: Activation of application Microsoft.SkypeApp_kzf8qxf38zg5c!App failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (07/20/2015 10:32:00 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program wwahost.exe version 6.2.9200.16420 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1fdc

Start Time: 01d0c2a8b7ecd289

Termination Time: 4294967295

Application Path: C:\Windows\system32\wwahost.exe

Report Id: 3f732c4e-2e9c-11e5-b036-b8ac6f6252dc

Faulting package full name: Microsoft.SkypeApp_1.9.0.2020_x86__kzf8qxf38zg5c

Faulting package-relative application ID: App

Error: (07/17/2015 11:07:37 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 72515

Error: (07/17/2015 11:07:37 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 72515

Error: (07/17/2015 11:07:37 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (07/17/2015 11:07:36 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 71109

Error: (07/17/2015 11:07:36 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 71109

Error: (07/17/2015 11:07:36 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second


System errors:
=============
Error: (07/20/2015 12:47:06 PM) (Source: DCOM) (EventID: 10010) (User: Priya)
Description: App.AppX54xz6wnkhmw763c2y8tb018n7d71dtx7.wwa

Error: (07/20/2015 12:44:48 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect.

Error: (07/20/2015 12:43:52 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect.

Error: (07/20/2015 12:40:58 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Service KMSELDI service terminated unexpectedly. It has done this 1 time(s).

Error: (07/20/2015 10:28:56 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the btwdins service.

Error: (07/20/2015 10:27:52 AM) (Source: BTHUSB) (EventID: 17) (User: )
Description: The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded.

Error: (07/17/2015 11:04:59 PM) (Source: BTHUSB) (EventID: 17) (User: )
Description: The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded.

Error: (07/17/2015 02:53:27 PM) (Source: volsnap) (EventID: 14) (User: )
Description: The shadow copies of volume C: were aborted because of an IO failure on volume C:.

Error: (07/17/2015 02:39:51 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for FailureCommand with the following error:
%%5

Error: (07/17/2015 02:39:42 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for Start with the following error:
%%5


Microsoft Office:
=========================

==================== Memory info ===========================

Processor: Intel® Core™ i3 CPU M 350 @ 2.27GHz
Percentage of memory in use: 80%
Total physical RAM: 3060.52 MB
Available physical RAM: 603.49 MB
Total Virtual: 8180.52 MB
Available Virtual: 4718.07 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:123.5 GB) (Free:55.56 GB) NTFS
Drive g: (Priya's) (Fixed) (Total:332.03 GB) (Free:309.13 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: F0000000)
Partition 1: (Not Active) - (Size=361 MB) - (Type=DE)
Partition 2: (Active) - (Size=9.9 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=123.5 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=332 GB) - (Type=OF Extended)

==================== End of log ============================

Attached Files


Edited by Oh My!, 21 July 2015 - 02:02 PM.


BC AdBot (Login to Remove)

 


m

#2 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 35,532 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:44 AM

Posted 21 July 2015 - 02:10 PM

Greetings Geekdom and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that. :thumbup2:

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. :)
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
  • Now let's get started :thumbup2:
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. Unfortunately there is evidence of pirated software on your computer and I am going to ask that it be removed before we continue addressing your issues. If you are willing to do that please fully uninstall Microsoft Office Professional Plus 2007 and let me know when that has been done. If you prefer not to do that I will be closing the Topic.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#3 Geekdom

Geekdom
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:02:14 PM

Posted 22 July 2015 - 12:10 AM

Hi Gary,

 

Thank you for assisting me. Sure, you can call me Kushal.

 

I have gone ahead and uninstalled MS Office from my system. What is the next step I should take?



#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 35,532 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:44 AM

Posted 22 July 2015 - 08:36 AM

Greetings Kushal,

Thank you for your understanding

Do you know what this is?

C:\Users\Priya's\Documents\fdj.dwg

Could you post your previous RogueKiller log so I can review it?

Please do this.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it to your desktop (<<<Important) as fixlist.txt
Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]
HKU\S-1-5-21-698754671-3113082751-3385502478-1001\...\Run: [AdobeBridge] => [X]
GroupPolicyScripts: Group Policy detected <======= ATTENTION
FF Plugin HKU\S-1-5-21-698754671-3113082751-3385502478-1001: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Priya's\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll No File
S2 Service KMSELDI; C:\Program Files\KMSpico\Service_KMS.exe [971968 2015-02-03] (@ByELDI) [File not signed]
C:\Program Files\KMSpico
C:\Program Files\KMSPico 10.0.6
CustomCLSID: HKU\S-1-5-21-698754671-3113082751-3385502478-1001_Classes\CLSID\{8B9F5BF4-0407-4BB2-9FED-4C0372DABD00}\localserver32 -> C:\Users\Priya's\AppData\Local\Facebook\Video\Skype\FacebookVideoCallingProxy.exe No File
CustomCLSID: HKU\S-1-5-21-698754671-3113082751-3385502478-1001_Classes\CLSID\{CBE9C57E-FFA9-4123-8354-AD360D6DD3CC}\InprocServer32 -> C:\Users\Priya's\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll No File
CustomCLSID: HKU\S-1-5-21-698754671-3113082751-3385502478-1001_Classes\CLSID\{D166BD15-03AF-413A-BEFD-0679FF410B49}\InprocServer32 -> C:\Users\Priya's\AppData\Local\Dropbox\Update\1.3.27.29\psuser.dll No File
Task: {EAC23FED-A80F-48B0-BEC2-E85D54DE3E24} - System32\Tasks\AutoPico Daily Restart => C:\Program Files\KMSpico\AutoPico.exe [2015-02-03] (@ByELDI)
 C:\Users\Priya's\AppData\Local\Temp\_MEI45562
FirewallRules: [{1CAD77A9-B991-4BED-ABFE-C690B7581B78}] => (Allow) C:\Program Files\KMSpico\Service_KMS.exe
FirewallRules: [{E1036159-F977-428D-8D25-9DF6DB2368CB}] => (Allow) C:\Program Files\KMSpico\Service_KMS.exe
cmd: ipconfig /flushdns
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

Farbar's MiniToolBox

--------------------
  • Please download MiniToolBox, save it to your desktop
  • Please close any Firefox browsers you may have open
  • Double click the icon to launch the program
  • Make sure only the following options are checked:

Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries

  • Click Go and once the scan is completed a Result.txt Notepad document will open on your desktop
  • Please copy and paste the contents in your reply
===================================================

System Summary Information

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type msinfo32 and press Enter
  • Left click on System Summary
  • Click File, Save, and name the file Summary
  • Zip and attach the file to your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • RogueKiller log
  • Fixlog
  • Result.txt
  • System Summary Information
  • Update on computer performance

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#5 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 35,532 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:44 AM

Posted 26 July 2015 - 09:09 AM

Greetings,

===================================================

3 Day Bump

It has been more than 3 days since my last post.
  • Do you still need help with this?
  • If after 48hrs you have not replied to this thread then it will have to be closed.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#6 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 35,532 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:44 AM

Posted 28 July 2015 - 12:27 PM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users