Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Macfee AntiVirus Infected with Unwanted Program in Firefox


  • This topic is locked This topic is locked
19 replies to this topic

#1 Victor43

Victor43

  • Members
  • 57 posts
  • OFFLINE
  •  
  • Local time:11:48 PM

Posted 10 November 2015 - 01:44 AM

My home page keeps changing to the following link:

 

http://searchinterneat-a.akamaihd.net/t?eq=U0EeFFhaR1oWHAxFJFxaUVtADFRCcg4VVQ1CQhgbIlhaTA5JGAJCeQtaVAwQGRNBNARaB0tXUUEeGGlxR1dMbFpNIUtbCX8YT1E=

 

The file appears to be plugin.exe and there are several folders which have this file and task manager shows multiple instances of this file running.

 

I'm running MalwareBytes free at the moment. Some application is spawning these additional threads and I'm not sure if its firefox or a malware application which is running along aside with Firefox .

 

Any help with this plugin,exe file would be appreciated.

 

 

 

 

Attached Files



BC AdBot (Login to Remove)

 


#2 Victor43

Victor43
  • Topic Starter

  • Members
  • 57 posts
  • OFFLINE
  •  
  • Local time:11:48 PM

Posted 10 November 2015 - 02:47 AM

My home page keeps changing to the following link:

 

http://searchinterneat-a.akamaihd.net/t?eq=U0EeFFhaR1oWHAxFJFxaUVtADFRCcg4VVQ1CQhgbIlhaTA5JGAJCeQtaVAwQGRNBNARaB0tXUUEeGGlxR1dMbFpNIUtbCX8YT1E=

 

The file appears to be plugin.exe and there are several folders which have this file and task manager shows multiple instances of this file running.

 

I'm running MalwareBytes free at the moment. Some application is spawning these additional threads and I'm not sure if its firefox or a malware application which is running along aside with Firefox .

 

Any help with this plugin,exe file would be appreciated.

 

Just finished MalwwareBytes and it found many infected objects said it removed them and proceeded to reboot and ran MB again same objects found So how do I find the Queen Bee ?

 

 

 



#3 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:06:48 AM

Posted 11 November 2015 - 01:07 PM

Hi & :welcome: to Bleeping Computer Forums!
My name is Jürgen and I will be assisting you with your Malware related problems. :warrior:

Before we move on, please read the following points carefully: :exclame:
  • My native language isn't English. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.
  • Please read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.
  • If you have illegal/cracked software, cracks, keygens, etc. on the system, please remove or uninstall them now!
  • Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 5 days from this initial or any subsequent post, then this thread will be closed.
  • If I don't reply within 24 hours please PM me!
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
Step 1

Please run a FRST scan. This will help us diagnose your problem.

frst.pngfrstscan.png
Please download Farbar Recovery Scan Tool and save it to your Desktop.
(If you are not sure which version (32-/64-bit) applies to your system, download and try to start both of them as just the right one will run.)
  • Start FRST with administator privileges.
  • Make sure the option Addition.txt is checked and press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
  • Please copy and paste these logs in your next reply.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#4 Victor43

Victor43
  • Topic Starter

  • Members
  • 57 posts
  • OFFLINE
  •  
  • Local time:11:48 PM

Posted 16 November 2015 - 12:57 AM

OK thanks I'm back sorry I did not monitor this topic closer. I'll run the scan you have mentioned above. The OS is Windows 8.1 64bit


Edited by Victor43, 16 November 2015 - 12:58 AM.


#5 Victor43

Victor43
  • Topic Starter

  • Members
  • 57 posts
  • OFFLINE
  •  
  • Local time:11:48 PM

Posted 16 November 2015 - 02:07 AM

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:07-11-2015
Ran by Simpson (administrator) on HP (16-11-2015 02:00:09)
Running from C:\Users\STD-USER\Downloads
Loaded Profiles: Simpson & STD-USER (Available Profiles: Simpson & STD-USER)
Platform: Windows 8.1 Connected (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Softex Inc.) C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE64.EXE
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe
(Intel® Corporation) C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfemms.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Microsoft Online Services\MSOIDSVC.EXE
(TechSmith Corporation) C:\Program Files (x86)\Common Files\TechSmith Shared\Uploader\UploaderService.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Microsoft Online Services\MSOIDSVCM.EXE
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe
(McAfee, Inc.) C:\Program Files\mcafee\msc\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\CSP\1.5.450.0\McCSPServiceHost.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(McAfee, Inc.) C:\Program Files\mcafee\virusscan\mcods.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
() C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\platform\McUICnt.exe
(Research In Motion Limited) C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
(Research In Motion Limited) C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Program Files (x86)\Windows Live\Mail\wlmail.exe
(Microsoft Corporation) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.Reader_6.4.9926.17994_x64__8wekyb3d8bbwe\glcnd.exe
(Microsoft Corporation) C:\Program Files\Windows NT\Accessories\wordpad.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7204568 2013-11-04] (Realtek Semiconductor)
HKLM\...\Run: [SimplePass] => C:\Program Files\Hewlett-Packard\SimplePass\ClientCore.exe [3962936 2014-03-28] (Hewlett-Packard)
HKLM\...\Run: [OPBHOBroker] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe [415288 2014-03-28] (Hewlett-Packard)
HKLM\...\Run: [OPBHOBrokerDesktop] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe [415288 2014-03-28] (Hewlett-Packard)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2771184 2013-07-26] (Synaptics Incorporated)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-09-23] (Apple Inc.)
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [161728 2015-08-09] (IvoSoft)
HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe [475448 2014-03-26] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [mcpltui_exe] => C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe [719272 2015-04-02] (McAfee, Inc.)
HKLM-x32\...\Run: [RIMBBLaunchAgent.exe] => C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [267792 2013-01-17] (Research In Motion Limited)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3180272459-1113277286-116663844-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8204056 2015-04-23] (Piriform Ltd)
HKU\S-1-5-21-3180272459-1113277286-116663844-1001\...\Run: [CCleaner] => C:\Program Files\CCleaner\CCleaner64.exe [8204056 2015-04-23] (Piriform Ltd)
HKU\S-1-5-21-3180272459-1113277286-116663844-1001\...\MountPoints2: {a937e3a2-c7b8-11e4-8263-3863bb9aa258} - "F:\LaunchU3.exe" -a
HKU\S-1-5-21-3180272459-1113277286-116663844-1001\...\MountPoints2: {a937e60b-c7b8-11e4-8263-3863bb9aa258} - "F:\LaunchU3.exe" -a
HKU\S-1-5-21-3180272459-1113277286-116663844-1004\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8204056 2015-04-23] (Piriform Ltd)
HKU\S-1-5-21-3180272459-1113277286-116663844-1004\...\MountPoints2: {a937e3a2-c7b8-11e4-8263-3863bb9aa258} - "F:\LaunchU3.exe" -a
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2015-08-09] (IvoSoft)
ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll [2015-08-09] (IvoSoft)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{2FF6CA08-7F64-43E5-B9FF-7FDF00332F9F}: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{E255DDF2-AF07-460D-B241-655B0902CF0D}: [DhcpNameServer] 192.168.1.254

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.msn.com/HPCON14/4
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.msn.com/HPCON14/4
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPCON14/4
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPCON14/4
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-21-3180272459-1113277286-116663844-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yahoo.com/
HKU\S-1-5-21-3180272459-1113277286-116663844-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPCON14/4
HKU\S-1-5-21-3180272459-1113277286-116663844-1004\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3180272459-1113277286-116663844-1004\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPCON14/4
SearchScopes: HKLM -> {F349ECEF-43B3-417B-8201-6BB8B10C4D26} URL = hxxp://www.amazon.ca/s/ref=azs_osd_ieaca?ie=UTF-8&tag=hp-ca2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> {F349ECEF-43B3-417B-8201-6BB8B10C4D26} URL = hxxp://www.amazon.ca/s/ref=azs_osd_ieaca?ie=UTF-8&tag=hp-ca2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-3180272459-1113277286-116663844-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?PC=WCUG&FORM=WCUGDF&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3180272459-1113277286-116663844-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?PC=WCUG&FORM=WCUGDF&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3180272459-1113277286-116663844-1001 -> {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = hxxp://search.yahoo.com/search?p={searchTerms}&fr=mkg028
SearchScopes: HKU\S-1-5-21-3180272459-1113277286-116663844-1001 -> {F349ECEF-43B3-417B-8201-6BB8B10C4D26} URL = hxxp://www.amazon.ca/s/ref=azs_osd_ieaca?ie=UTF-8&tag=hp-ca2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-3180272459-1113277286-116663844-1004 -> {F349ECEF-43B3-417B-8201-6BB8B10C4D26} URL = hxxp://www.amazon.ca/s/ref=azs_osd_ieaca?ie=UTF-8&tag=hp-ca2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll [2015-08-09] (IvoSoft)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2011-06-12] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28] (Hewlett-Packard)
BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll [2015-08-09] (IvoSoft)
BHO-x32: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> No File
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll [2015-08-09] (IvoSoft)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-28] (Hewlett-Packard)
BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll [2015-08-09] (IvoSoft)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll [2015-08-09] (IvoSoft)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll [2015-08-09] (IvoSoft)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll [2015-04-07] (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll [2015-04-07] (McAfee, Inc.)

FireFox:
========
FF ProfilePath: C:\Users\sukhbindars\AppData\Roaming\Mozilla\Firefox\Profiles\l55wer61.default
FF DefaultSearchEngine: Default
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2015-04-07] ()
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1204144.dll [2013-09-05] (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2015-04-07] ()
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @RIM.com/WebSLLauncher,version=1.0 -> C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll [2012-12-13] ()
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-18] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-18] (Google Inc.)
FF user.js: detected! => C:\Users\sukhbindars\AppData\Roaming\Mozilla\Firefox\Profiles\l55wer61.default\user.js [2015-10-17]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2015-07-05] [not signed]

Chrome:
=======
CHR HomePage: Profile 1 -> hxxp://www.msn.com/en-ca/
CHR StartupUrls: Profile 1 -> "hxxp://www.msn.com/en-ca/"
CHR NewTab: Profile 1 -> "chrome-extension://icpgjfneehieebagbmdbhnlpiopdcmna/main.html"
CHR Profile: C:\Users\sukhbindars\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (Google Docs) - C:\Users\sukhbindars\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2015-04-14]
CHR Extension: (Google Drive) - C:\Users\sukhbindars\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-09-18]
CHR Extension: (YouTube) - C:\Users\sukhbindars\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-04-14]
CHR Extension: (Adblock Plus) - C:\Users\sukhbindars\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-09-18]
CHR Extension: (Google Search) - C:\Users\sukhbindars\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-04-14]
CHR Extension: (Google Docs Offline) - C:\Users\sukhbindars\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-09-18]
CHR Extension: (Hola Better Internet) - C:\Users\sukhbindars\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio [2015-07-05]
CHR Extension: (New Tab Redirect) - C:\Users\sukhbindars\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\icpgjfneehieebagbmdbhnlpiopdcmna [2015-04-14]
CHR Extension: (Chrome Web Store Payments) - C:\Users\sukhbindars\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-09-18]
CHR Extension: (Gmail) - C:\Users\sukhbindars\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-14]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-09-02] (Apple Inc.)
R3 Blackberry Device Manager; C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe [577536 2013-01-18] (Research In Motion Limited) [File not signed]
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [340744 2015-04-02] (McAfee, Inc.)
R2 HPWMISVC; C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe [469304 2014-03-26] (Hewlett-Packard Development Company, L.P.)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe [733696 2013-07-01] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe [822232 2013-07-01] (Intel® Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [753768 2015-04-07] (McAfee, Inc.)
S3 McAWFwk; c:\Program Files\Common Files\mcafee\ActWiz\McAWFwk.exe [334608 2013-07-29] (McAfee, Inc.)
R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\1.5.450.0\McCSPServiceHost.exe [207344 2015-04-08] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [340744 2015-04-02] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [340744 2015-04-02] (McAfee, Inc.)
R3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [612688 2015-04-09] (McAfee, Inc.)
S4 McOobeSv2; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [340744 2015-04-02] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [340744 2015-04-02] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [340744 2015-04-02] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [232656 2015-02-17] (McAfee, Inc.)
R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe [372144 2015-04-06] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [250672 2015-02-17] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [340744 2015-04-02] (McAfee, Inc.)
R2 msoidsvc; C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE [2079520 2012-05-17] (Microsoft Corp.)
R2 omniserv; C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe [88064 2014-03-28] (Softex Inc.) [File not signed]
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [289496 2013-10-16] (Realtek Semiconductor)
R2 TechSmith Uploader Service; C:\Program Files (x86)\Common Files\TechSmith Shared\Uploader\UploaderService.exe [3408384 2015-01-26] (TechSmith Corporation) [File not signed]
S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2014-04-02] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)
S2 0188161446709712mcinstcleanup; C:\Windows\TEMP\018816~1.EXE -cleanup -nolog [X]
S3 BrYNSvc; "C:\Program Files (x86)\Browny02\BrYNSvc.exe" [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 androidusb; C:\Windows\System32\Drivers\wsadb.sys [40232 2015-03-10] (Google Inc)
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [68784 2015-02-17] (McAfee, Inc.)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91912 2013-11-12] (CyberLink)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)
R0 MBI; C:\Windows\System32\drivers\MBI.sys [29464 2013-10-10] (Intel Corporation)
R3 mfeaack; C:\Windows\System32\drivers\mfeaack.sys [401736 2015-02-17] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [337888 2015-02-17] (McAfee, Inc.)
R0 mfedisk; C:\Windows\System32\DRIVERS\mfedisk.sys [101872 2015-02-17] (McAfee, Inc.)
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [80160 2015-02-13] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [488000 2015-02-17] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [864072 2015-02-17] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [482600 2015-01-15] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [100720 2015-01-15] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [340448 2015-02-17] (McAfee, Inc.)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [78336 2013-01-03] (Research In Motion Limited)
R3 RimVSerPort; C:\Windows\system32\DRIVERS\RimSerial_AMD64.sys [44544 2012-12-10] (Research in Motion Ltd)
R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [294104 2014-07-04] (Realtek Semiconductor Corp.)
U5 RTSPER; C:\Windows\System32\Drivers\RTSPER.sys [506072 2014-06-20] (Realsil Semiconductor Corporation)
R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [3068120 2014-01-13] (Realtek Semiconductor Corporation                           )
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [30448 2013-07-26] (Synaptics Incorporated)
S3 SmbDrvI; C:\Windows\System32\drivers\Smb_driver_Intel.sys [34544 2013-07-26] (Synaptics Incorporated)
S3 ssudserd; C:\Windows\system32\DRIVERS\ssudserd.sys [206080 2014-01-22] (DEVGURU Co., LTD.(www.devguru.co.kr))
R3 TXEIx64; C:\Windows\System32\drivers\TXEIx64.sys [88592 2014-01-15] (Intel Corporation)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2013-07-22] (Hewlett-Packard Development Company, L.P.)
S3 npf; \??\C:\Users\SUKHBI~1\AppData\Local\Temp\HouseCall\tmase\nmap\npf\x64\npf.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-11-16 02:00 - 2015-11-16 02:01 - 00022925 _____ C:\Users\STD-USER\Downloads\FRST.txt
2015-11-16 01:59 - 2015-11-16 02:00 - 00000000 ___DC C:\FRST
2015-11-16 01:58 - 2015-11-16 01:58 - 02198528 _____ (Farbar) C:\Users\STD-USER\Downloads\FRST64.exe
2015-11-16 01:54 - 2015-11-16 02:01 - 00000062 _____ C:\Users\STD-USER\Documents\fsfddf.txt
2015-11-16 01:03 - 2015-11-16 01:03 - 00003688 _____ C:\Users\STD-USER\Documents\TI and Silicon Labs and ARM Final Questions To Ask.txt
2015-11-16 00:17 - 2015-11-16 00:24 - 00001252 _____ C:\Users\STD-USER\Documents\TI Last and Final Questions November 16 2015.txt
2015-11-15 22:56 - 2015-11-15 22:56 - 00496705 _____ C:\Users\STD-USER\Documents\bookmarks.html
2015-11-14 02:34 - 2015-11-14 02:34 - 00001817 _____ C:\Users\STD-USER\Documents\USA National Anthem.txt
2015-11-12 15:33 - 2015-11-12 15:33 - 00001096 _____ C:\Users\sukhbindars\Desktop\Windows Fax and Scan.lnk
2015-11-12 15:33 - 2015-11-12 15:33 - 00000000 ____D C:\Users\sukhbindars\Documents\Fax
2015-11-12 15:25 - 2015-11-12 15:25 - 00000000 ____H C:\Users\sukhbindars\BITC6D2.tmp
2015-11-12 14:28 - 2015-11-12 14:28 - 00001728 _____ C:\Windows\PFRO.log
2015-11-12 03:22 - 2015-11-12 14:29 - 00000232 _____ C:\Windows\setupact.log
2015-11-12 03:22 - 2015-11-12 03:22 - 00425864 _____ C:\Windows\system32\FNTCACHE.DAT
2015-11-12 03:22 - 2015-11-12 03:22 - 00000000 _____ C:\Windows\setuperr.log
2015-11-12 01:43 - 2015-11-13 23:40 - 00006971 _____ C:\Users\STD-USER\Documents\Angela ARM Questions.txt
2015-11-10 04:27 - 2015-11-10 04:27 - 00000036 _____ C:\Users\sukhbindars\AppData\Local\housecall.guid.cache
2015-11-10 04:27 - 2015-05-29 02:43 - 00307352 _____ (Trend Micro Inc.) C:\Windows\system32\Drivers\tmcomm.sys
2015-11-09 03:39 - 2015-11-09 03:39 - 00000000 ____D C:\Users\STD-USER\Downloads\Firefox
2015-11-08 03:29 - 2015-11-15 20:51 - 01588279 _____ C:\Windows\WindowsUpdate.log
2015-11-04 23:55 - 2015-11-04 23:55 - 00000000 ____D C:\Users\STD-USER\AppData\Local\MediaShow
2015-11-04 23:54 - 2015-11-04 23:54 - 00000000 ____D C:\Users\STD-USER\Documents\CyberLink
2015-11-04 21:16 - 2015-11-04 23:22 - 00000000 ____D C:\Users\STD-USER\AppData\Roaming\Audacity
2015-11-04 21:10 - 2015-11-04 23:54 - 00000000 ____D C:\Users\STD-USER\AppData\Roaming\CyberLink
2015-11-03 21:41 - 2015-11-04 02:52 - 00000536 _____ C:\Users\STD-USER\Documents\food testing items techniques.txt
2015-11-03 04:35 - 2015-11-03 04:35 - 00000000 ____D C:\Users\STD-USER\AppData\Roaming\Nero
2015-10-31 00:45 - 2015-10-31 00:56 - 304293008 _____ (Microsoft Corporation) C:\Users\STD-USER\Downloads\office2007sp2-kb953195-fullfile-en-us.exe
2015-10-31 00:44 - 2015-10-31 00:57 - 368945248 _____ (Microsoft Corporation) C:\Users\STD-USER\Downloads\office2007sp3-kb2526086-fullfile-en-us.exe
2015-10-30 22:15 - 2015-10-30 22:15 - 00000000 ____D C:\Users\STD-USER\AppData\Roaming\Macromedia
2015-10-29 01:29 - 2015-10-29 01:29 - 00001224 _____ C:\Users\STD-USER\Desktop\WFS.exe - Shortcut.lnk
2015-10-28 03:00 - 2015-10-28 03:00 - 00000000 ____D C:\Users\STD-USER\Downloads\Context Menus
2015-10-25 02:00 - 2015-10-25 02:29 - 765883568 _____ (Microsoft Corporation) C:\Users\STD-USER\Downloads\officesp2010-kb2687455-fullfile-x64-en-us.exe
2015-10-25 01:59 - 2015-10-25 02:18 - 461215096 _____ (Microsoft Corporation) C:\Users\STD-USER\Downloads\officesuite2010sp1-kb2460049-x64-fullfile-en-us.exe
2015-10-25 01:38 - 2015-10-25 01:58 - 669173640 _____ (Microsoft Corporation) C:\Users\STD-USER\Downloads\officesp2010-kb2687455-fullfile-x86-en-us.exe
2015-10-25 01:37 - 2015-10-25 01:52 - 379534904 _____ (Microsoft Corporation) C:\Users\STD-USER\Downloads\officesuite2010sp1-kb2460049-x86-fullfile-en-us.exe
2015-10-23 03:10 - 2015-10-23 03:10 - 00000000 ___DC C:\Program Files (x86)\Microsoft Sync Framework
2015-10-18 22:09 - 2015-11-07 04:07 - 00000308 _____ C:\Users\STD-USER\AppData\Roaming\Rim.DesktopHelper.Exception.log
2015-10-18 22:08 - 2015-11-07 04:07 - 00000308 _____ C:\Users\STD-USER\AppData\Roaming\Rim.Desktop.Exception.log
2015-10-18 22:08 - 2015-10-18 22:13 - 00000000 ____D C:\Users\STD-USER\AppData\Roaming\Research In Motion
2015-10-18 22:08 - 2015-10-18 22:08 - 00000000 ____D C:\Users\STD-USER\AppData\Local\Research In Motion
2015-10-18 01:18 - 2015-10-18 01:19 - 00000000 ____C C:\Recovery.txt
2015-10-17 21:05 - 2015-11-09 03:22 - 01465344 ___SH C:\Users\STD-USER\Downloads\Thumbs.db
2015-10-17 20:53 - 2015-10-17 20:53 - 02721168 _____ (Microsoft Corporation) C:\Users\STD-USER\Downloads\Windows7-USB-DVD-Download-Tool-Installer-en-US.exe
2015-10-17 05:35 - 2015-10-17 05:35 - 00000000 ____D C:\Users\sukhbindars\AppData\Roaming\Nero
2015-10-17 05:32 - 2015-10-17 05:34 - 3532521472 _____ C:\Users\sukhbindars\Downloads\Windows 8.1.iso
2015-10-17 04:22 - 2015-10-17 04:22 - 00000270 _____ C:\Users\sukhbindars\Documents\HP 15-f033wn Windows 8.1 Product Key.txt
2015-10-17 04:19 - 2015-10-17 05:34 - 00000000 _RHDC C:\ESD
2015-10-17 03:55 - 2015-10-17 03:55 - 00000000 ____D C:\Windows\pss
2015-10-17 03:30 - 2015-11-09 00:43 - 00104392 _____ C:\Users\STD-USER\AppData\Local\GDIPFONTCACHEV1.DAT
2015-10-17 02:23 - 2015-10-17 02:23 - 00038462 _____ C:\Users\STD-USER\AppData\Roaming\Comma Separated Values (Windows).ADR
2015-10-17 01:43 - 2015-10-17 01:43 - 00000000 ____D C:\Users\STD-USER\Downloads\Winrar
2015-10-17 00:41 - 2015-10-17 00:41 - 00000000 ___DC C:\Program Files\WinRAR
2015-10-17 00:41 - 2015-10-17 00:41 - 00000000 ____D C:\Users\sukhbindars\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-10-17 00:41 - 2015-10-17 00:41 - 00000000 ____D C:\Users\STD-USER\AppData\Roaming\WinRAR
2015-10-17 00:41 - 2015-10-17 00:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-10-17 00:29 - 2015-10-17 00:29 - 00000000 ____D C:\Users\STD-USER\Downloads\RingCentral
2015-10-17 00:28 - 2015-10-17 00:29 - 00000000 ____D C:\Users\STD-USER\Downloads\Classic Shell
2015-10-17 00:28 - 2015-10-17 00:28 - 00000000 ____D C:\Users\STD-USER\Downloads\Microsoft Media Creation Tool

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-11-16 02:00 - 2013-08-22 10:36 - 00000000 ____D C:\Windows\system32\sru
2015-11-16 01:44 - 2015-10-12 20:11 - 00000000 ____D C:\Users\STD-USER\Documents\Outlook Files
2015-11-16 01:32 - 2015-02-25 17:48 - 00000912 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-11-16 01:28 - 2014-03-18 04:53 - 00956476 _____ C:\Windows\system32\PerfStringBackup.INI
2015-11-16 01:26 - 2015-10-12 02:21 - 00000139 _____ C:\Users\STD-USER\Documents\FILES NEEDS BACKUP.txt
2015-11-15 23:01 - 2015-10-14 03:30 - 00430592 ___SH C:\Users\STD-USER\Documents\Thumbs.db
2015-11-15 20:21 - 2015-10-11 23:07 - 00003596 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3180272459-1113277286-116663844-1004
2015-11-15 20:13 - 2015-10-11 23:02 - 00000000 ____D C:\Users\STD-USER\Documents\Youcam
2015-11-15 20:12 - 2015-02-25 17:48 - 00000908 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-11-15 03:59 - 2015-10-11 23:06 - 00000000 ____D C:\Users\STD-USER\AppData\Local\ClassicShell
2015-11-15 01:45 - 2015-10-13 05:08 - 00003914 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{319D0C6F-60CA-4AE7-AABD-141293723AAD}
2015-11-12 17:43 - 2015-04-14 22:15 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-11-12 17:36 - 2015-04-15 10:57 - 00000000 ____D C:\Users\sukhbindars\AppData\Local\ClassicShell
2015-11-12 15:25 - 2015-09-18 14:25 - 00003164 _____ C:\Windows\System32\Tasks\HPCeeScheduleForSimpson
2015-11-12 15:25 - 2015-09-18 14:25 - 00000346 _____ C:\Windows\Tasks\HPCeeScheduleForSimpson.job
2015-11-12 15:25 - 2015-02-25 17:38 - 00000000 ____D C:\Users\sukhbindars
2015-11-12 14:36 - 2015-02-25 17:45 - 00003596 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3180272459-1113277286-116663844-1001
2015-11-12 14:33 - 2015-04-26 18:13 - 00000000 ____D C:\Users\sukhbindars\Documents\Youcam
2015-11-12 14:29 - 2013-08-22 09:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-11-12 14:28 - 2013-08-22 08:25 - 00262144 ___SH C:\Windows\system32\config\BBI
2015-11-12 13:36 - 2013-08-22 10:36 - 00000000 ____D C:\Windows\AppReadiness
2015-11-11 21:36 - 2015-02-25 17:48 - 00002170 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-11-11 05:21 - 2015-10-11 23:31 - 00000000 ____D C:\Users\sukhbindars\AppData\Local\CrashDumps
2015-11-11 02:34 - 2013-08-22 10:20 - 00000000 ____D C:\Windows\CbsTemp
2015-11-10 03:57 - 2013-08-22 08:25 - 00262144 ___SH C:\Windows\system32\config\ELAM
2015-11-10 01:43 - 2015-04-14 22:15 - 00001081 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-11-10 01:43 - 2015-04-14 22:15 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-11-08 22:43 - 2015-10-11 23:34 - 00000000 ____D C:\Users\STD-USER\Documents\Snagit
2015-11-08 04:03 - 2015-03-11 00:41 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-11-05 02:49 - 2014-08-26 06:51 - 00000000 ____D C:\ProgramData\McAfee
2015-11-04 23:54 - 2014-08-26 07:42 - 00000000 ____D C:\Users\Public\Documents\CyberLink
2015-11-04 21:18 - 2015-10-12 00:52 - 00000000 ___DC C:\Program Files (x86)\Audacity
2015-11-04 21:10 - 2015-10-11 23:02 - 00000000 ____D C:\Users\STD-USER\AppData\Local\CyberLink
2015-11-04 21:10 - 2014-08-26 06:38 - 00000000 ____D C:\ProgramData\CyberLink
2015-11-03 02:50 - 2013-08-22 10:36 - 00000000 ____D C:\Windows\rescache
2015-10-25 03:52 - 2015-10-12 01:05 - 00000000 ____D C:\Users\STD-USER\AppData\Roaming\Apple Computer
2015-10-25 00:45 - 2015-10-11 23:17 - 00000000 ____D C:\Users\STD-USER\Downloads\Office 2010 Professional
2015-10-23 03:57 - 2015-03-11 00:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2015-10-23 03:52 - 2014-07-18 03:30 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2015-10-23 03:04 - 2015-10-14 22:40 - 00000000 ____D C:\Users\STD-USER\AppData\Local\Microsoft Help
2015-10-22 23:00 - 2014-08-26 06:23 - 00000000 ____D C:\Program Files (x86)\Realtek
2015-10-22 22:36 - 2015-04-04 22:27 - 00000052 _____ C:\Windows\SysWOW64\DOErrors.log
2015-10-22 21:53 - 2013-08-22 10:36 - 00000000 ____D C:\Windows\tracing
2015-10-22 01:38 - 2013-08-22 10:36 - 00000000 ____D C:\Windows\LiveKernelReports
2015-10-21 04:06 - 2013-08-22 10:36 - 00000000 ___RD C:\Windows\ToastData
2015-10-21 04:01 - 2015-04-15 11:11 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-10-21 04:01 - 2015-04-15 11:11 - 00000000 ____D C:\Windows\system32\appraiser
2015-10-20 04:39 - 2015-10-12 02:45 - 00000000 ____D C:\Users\STD-USER\AppData\Local\Windows Live Writer
2015-10-20 04:38 - 2015-10-12 02:45 - 00000000 ____D C:\Users\STD-USER\AppData\Roaming\Windows Live Writer
2015-10-18 23:57 - 2015-10-11 23:00 - 00000000 ____D C:\Users\STD-USER\AppData\Local\Google
2015-10-18 01:18 - 2014-04-02 04:27 - 00000000 __SHD C:\Recovery
2015-10-17 21:11 - 2013-08-22 10:36 - 00000000 ____D C:\Windows\system32\Recovery

==================== Files in the root of some directories =======

2015-03-10 23:59 - 2015-03-24 04:18 - 0000308 _____ () C:\Users\sukhbindars\AppData\Roaming\Rim.Desktop.Exception.log
2015-03-10 23:51 - 2015-10-12 00:21 - 0003048 _____ () C:\Users\sukhbindars\AppData\Roaming\Rim.Desktop.HttpServerSetup.log
2015-03-10 23:59 - 2015-03-24 04:18 - 0000308 _____ () C:\Users\sukhbindars\AppData\Roaming\Rim.DesktopHelper.Exception.log
2015-11-10 04:27 - 2015-11-10 04:27 - 0000036 _____ () C:\Users\sukhbindars\AppData\Local\housecall.guid.cache

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-11-15 02:09

==================== End of FRST.txt ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version:07-11-2015
Ran by Simpson (2015-11-16 02:03:30)
Running from C:\Users\STD-USER\Downloads
Windows 8.1 Connected (X64) (2015-02-25 22:38:27)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3180272459-1113277286-116663844-500 - Administrator - Disabled)
Guest (S-1-5-21-3180272459-1113277286-116663844-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3180272459-1113277286-116663844-1003 - Limited - Enabled)
Simpson (S-1-5-21-3180272459-1113277286-116663844-1001 - Administrator - Enabled) => C:\Users\sukhbindars
STD-USER (S-1-5-21-3180272459-1113277286-116663844-1004 - Limited - Enabled) => C:\Users\STD-USER

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {DA9F8ED0-D0DE-39CC-F55A-51AB4CC1B556}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {61FE6F34-F6E4-3642-CFEA-6AD93746FFEB}
FW: McAfee Firewall (Enabled) {E2A40FF5-9AB1-3894-DE05-F89EB212F22D}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.4.144 - Adobe Systems, Inc.)
Apple Application Support (32-bit) (HKLM-x32\...\{A50679D9-6CBD-4FCD-BACB-62EF3894F6F3}) (Version: 4.0.3 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{1F72FDD5-A069-45B4-928F-D0F16492DC69}) (Version: 4.0.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{FD244E19-6EFE-4A2D-948A-0D45D4C168BE}) (Version: 9.0.0.26 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
Audacity 2.1.0 (HKLM-x32\...\Audacity_is1) (Version: 2.1.0 - Audacity Team)
BlackBerry Desktop Software 7.1 (HKLM-x32\...\BlackBerry_Desktop) (Version: 7.1.0.41 - Research In Motion Ltd.)
BlackBerry Desktop Software 7.1 (x32 Version: 7.1.0.41 - Research In Motion Ltd.) Hidden
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.05 - Piriform)
Classic Shell (HKLM\...\{E289B7DD-6732-4333-A47A-75A145D23EE3}) (Version: 4.2.4 - IvoSoft)
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.6.3728 - CyberLink Corp.)
Cyberlink PhotoDirector (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.4.4824 - CyberLink Corp.)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.6.3821 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.6.3912 - CyberLink Corp.)
CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.3.3709 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 5.0.3.3907 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DisableMSDefender (Version: 1.0.0 - Hewlett-Packard Company) Hidden
Energy Star (HKLM\...\{465CA2B6-98AF-4E77-BE22-A908C34BB9EC}) (Version: 1.0.9 - Hewlett-Packard Company)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 46.0.2490.86 - Google Inc.)
Google Update Helper (x32 Version: 1.3.28.15 - Google Inc.) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP Documentation (HKLM-x32\...\{DCB0919F-F0A6-4C63-800F-B6825D6C0434}) (Version: 1.1.0.0 - Hewlett-Packard)
HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.7493.4758 - Hewlett-Packard)
HP SimplePass (HKLM-x32\...\InstallShield_{314FAD12-F785-4471-BCE8-AB506642B9A1}) (Version: 8.01.11 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{8C696B4B-6AB1-44BC-9416-96EAC474CABE}) (Version: 7.5.2.12 - Hewlett-Packard Company)
HP System Event Utility (HKLM-x32\...\{DEF23826-DB71-4654-BC00-D5D6C20802EA}) (Version: 1.1.4 - Hewlett-Packard Company)
HP Utility Center (HKLM\...\{82E6836B-9400-4965-9FD2-46BD64D8BE41}) (Version: 2.4.7 - Hewlett-Packard Company)
HP Wireless Button Driver (HKLM-x32\...\{30B2D1D8-0A07-4B71-9553-0710C5D31E35}) (Version: 1.1.2.1 - Hewlett-Packard Company)
Inst5675 (Version: 8.01.11 - Softex Inc.) Hidden
Inst5676 (Version: 8.01.11 - Softex Inc.) Hidden
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3408 - Intel Corporation)
Intel® Sideband Fabric Device Driver (HKLM-x32\...\C5A8BC6E-723A-4C0F-96E1-C426D1A4BCA9) (Version: 1.0.0.1002 - Intel Corporation)
Intel® Trusted Execution Engine (HKLM\...\{176E2755-0A17-42C6-88E2-192AB2131278}) (Version: 1.0.0.1064 - Intel Corporation)
iTunes (HKLM\...\{96984DE8-1DB8-425C-AC8C-3098BC696F04}) (Version: 12.3.0.44 - Apple Inc.)
Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
McAfee LiveSafe - Internet Security (HKLM-x32\...\MSC) (Version: 14.0.1029 - McAfee, Inc.)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Office Professional 2007 (HKLM-x32\...\PROR) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Online Services Sign-in Assistant (HKLM\...\{46E637E2-AC34-4B45-B5DF-D20903A3DB61}) (Version: 7.250.4303.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 40.0.3 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 40.0.3 (x86 en-US)) (Version: 40.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 40.0.3 - Mozilla)
Nero BurningROM 12 (HKLM-x32\...\{318B413D-A001-4AB6-A0B6-2B4999561117}) (Version: 12.5.01000 - Nero AG)
Prerequisite installer (x32 Version: 12.0.0003 - Nero AG) Hidden
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.273.55 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.20.815.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7083 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\{A5107464-AA9B-4177-8129-5FF2F42DD322}) (Version: 1.00.12.0906 - REALTEK Semiconductor Corp.)
Snagit 12 (HKLM-x32\...\{ae5218bf-cfcc-4099-818d-7e16ce0d97df}) (Version: 12.4.0.2992 - TechSmith Corporation)
Snagit 12 (x32 Version: 12.4.0 - TechSmith Corporation) Hidden
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.6.2 - Synaptics Incorporated)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-0014-0000-0000-0000000FF1CE}_PROR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinRAR 5.30 beta 5 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.30.5 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Restore Points =========================

31-10-2015 00:58:32 Scheduled Checkpoint
07-11-2015 22:46:20 Scheduled Checkpoint

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 08:25 - 2013-08-22 08:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {00DD3671-BE07-4985-A7E7-27FF9890D5EB} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2015-10-14] (Microsoft Corporation)
Task: {15AD23DC-9449-420C-8512-6AFECD7C9E99} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-02-25] (Google Inc.)
Task: {29327D85-F5C4-4304-ABA6-D5E54C430617} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HPW10UpgradeReminder => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPW10UpgradeReminder.exe [2015-08-11] (Hewlett-Packard)
Task: {360AB3FB-168B-4013-8F90-257137DEAF00} - System32\Tasks\TechSmith Updater => C:\Program Files (x86)\Common Files\TechSmith Shared\Updater\TSCUpdClt.exe [2014-07-31] (TechSmith Corporation)
Task: {3CF5F6F3-AE20-407D-B978-8B5DA2AA88E4} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
Task: {40724E0F-FBCF-4D65-B203-3F4F6B417305} - System32\Tasks\YCMServiceAgent => C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe [2014-03-07] (CyberLink Corp.)
Task: {4FEBBF0F-E471-499D-8B56-E04735F00E2E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-02-25] (Google Inc.)
Task: {67AC88CD-C09E-40C7-9B43-B4E617002311} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-04-23] (Piriform Ltd)
Task: {845F555F-CA03-4052-B5F2-5AE04E9895EF} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2014-01-13] (Hewlett-Packard Company)
Task: {916757DC-FF30-4FF6-8BE2-5D573D10AA16} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2013-07-26] (Synaptics Incorporated)
Task: {94598921-81EE-49A5-9585-2907DB7CFC08} - System32\Tasks\HPCeeScheduleForSimpson => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
Task: {B286A65B-02B1-4E83-9B52-60882A7B7CDD} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-09-29] (Hewlett-Packard)
Task: {B8856B31-00C0-4AB9-8A25-A70CC40166EA} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2014-01-13] (Hewlett-Packard Company)
Task: {BCFF2EC6-D80D-40A0-B819-7A1814A46D59} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Tuneup => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2014-01-13] (Hewlett-Packard Company)
Task: {EA0F7492-DCB3-4FBD-BED6-A67B917698B3} - System32\Tasks\McAfee Remediation (Prepare) => C:\Program Files\Common Files\AV\McAfee Anti-Virus And Anti-Spyware\upgrade.exe [2015-09-01] (McAfee, Inc.)
Task: {EB731D04-A41C-434D-9671-CBBC87ED6F12} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HPSFUpdaterRedux => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForSimpson.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Loaded Modules (Whitelisted) ==============

2014-03-28 15:31 - 2014-03-28 15:31 - 02110464 _____ () C:\Program Files\Hewlett-Packard\SimplePass\autheng.dll
2014-03-28 15:27 - 2014-03-28 15:27 - 00021504 _____ () C:\Program Files\Hewlett-Packard\SimplePass\cryptodll.dll
2014-03-28 15:27 - 2014-03-28 15:27 - 00035328 _____ () C:\Program Files\Hewlett-Packard\SimplePass\ssplogon.dll
2014-03-28 15:27 - 2014-03-28 15:27 - 00055296 _____ () C:\Program Files\Hewlett-Packard\SimplePass\RandomPass.dll
2014-03-28 15:48 - 2014-03-28 15:48 - 00367504 _____ () C:\Program Files\Hewlett-Packard\SimplePass\mstrpwd.dll
2014-03-28 15:48 - 2014-03-28 15:48 - 00712080 _____ () C:\Program Files\Hewlett-Packard\SimplePass\GraphicalPwd.dll
2015-09-23 15:47 - 2015-09-23 15:47 - 00085800 ____C () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-09-23 15:47 - 2015-09-23 15:47 - 01328912 ____C () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2010-01-30 01:40 - 2010-01-30 01:40 - 04254560 ____C () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-03-24 20:38 - 2010-03-24 20:38 - 08794976 ____C () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2014-03-28 15:36 - 2014-03-28 15:36 - 00065024 _____ () C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe
2015-04-24 19:55 - 2015-04-24 19:55 - 00055576 ____C () C:\Program Files\CCleaner\branding.dll
2014-06-11 11:19 - 2014-06-11 11:19 - 00622080 _____ () C:\Windows\system32\spool\DRIVERS\x64\3\JobCapsA.dll
2014-03-31 20:35 - 2014-03-31 20:35 - 00270016 ____C () C:\Program Files (x86)\Windows Live\Writer\en\WindowsLive.Writer.Localization.resources.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfemms => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3180272459-1113277286-116663844-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\sukhbindars\AppData\Local\Microsoft\Windows\Themes\Blue Wate\DesktopBackground\bluewater07.jpg
HKU\S-1-5-21-3180272459-1113277286-116663844-1004\Control Panel\Desktop\\Wallpaper -> C:\Users\STD-USER\AppData\Local\Microsoft\Windows\Themes\Reflectio\DesktopBackground\reflections10.jpg
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: Service Mgr MonarchFind => 2
MSCONFIG\Services: Update Mgr MonarchFind => 2
HKLM\...\StartupApproved\StartupFolder: => "MobileGo Service.lnk"
HKLM\...\StartupApproved\Run: => "HotKeysCmds"
HKLM\...\StartupApproved\Run: => "Persistence"
HKLM\...\StartupApproved\Run: => "SimplePass"
HKLM\...\StartupApproved\Run: => "OPBHOBroker"
HKLM\...\StartupApproved\Run: => "OPBHOBrokerDesktop"
HKLM\...\StartupApproved\Run32: => "HPMessageService"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{18E64C73-0925-423B-8F1D-2180CB098BBE}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12.exe
FirewallRules: [{D4236DF4-EAA1-4C85-BE3A-5C9A997046BC}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
FirewallRules: [{F7687827-C8C1-4702-BC8D-3F6A9C130D16}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12ML.exe
FirewallRules: [{B7015BF9-93E4-4DFC-9AFA-1C859C84F651}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD.exe
FirewallRules: [{B05CF7C8-03E6-4E9C-B8AB-28B14B733DE1}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{D2C56E25-9D73-4591-AB87-EB140772B55D}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{6A7B11A0-6D76-4FA3-8CCD-C9252CA2B6A9}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXE
FirewallRules: [{D3DB6A00-D717-4156-85CA-842570D1F82E}] => (Allow) LPort=4481
FirewallRules: [{C0144E60-ADFE-47DC-A2EA-1CD82FB8F674}] => (Allow) LPort=4481
FirewallRules: [{3C324BC8-C2A6-43A5-82C7-E0D1D3AAEA95}] => (Allow) LPort=4482
FirewallRules: [{7EE3C8DA-6BEA-464B-B120-57ABD7893F77}] => (Allow) LPort=4482
FirewallRules: [{384F2246-D879-460A-9256-9C188996C4C6}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{0F5405C4-1192-4E66-ADED-A7B01C45A117}] => (Allow) LPort=8298
FirewallRules: [{4F51FDED-3724-4F3E-83C1-0F6A6521D6D7}] => (Allow) C:\Program Files (x86)\Research In Motion\BlackBerry Desktop\Rim.Desktop.exe
FirewallRules: [{F64B8F8D-8D01-40D3-A605-F9B3D566CBCF}] => (Allow) C:\Program Files (x86)\Research In Motion\BlackBerry Desktop\Rim.Desktop.exe
FirewallRules: [{64757B09-000D-4D09-BFE6-70789583AC2D}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{99012ED7-315B-4D23-8FD5-222FDF207B04}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{84080D6B-09DD-4820-9310-F6A26035184D}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{8FBDB691-400E-4BC6-947A-86E427A79C3D}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{9584AD97-61F6-4D78-8A87-1D8FD2FDC73A}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{6D89DD1D-C4E7-41C6-BAD8-CC547E0853E7}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{5C4A5203-102A-43FE-A340-18B99CC12BDD}] => (Allow) LPort=2869
FirewallRules: [{CE8656B7-A12C-4FB8-90BB-64ED7DE99633}] => (Allow) LPort=1900
FirewallRules: [{991FF986-D88A-43D7-8B60-30E3A2415C78}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (11/15/2015 01:41:46 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 80173438

Error: (11/15/2015 01:41:46 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 80173438

Error: (11/15/2015 01:41:46 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (11/12/2015 05:36:42 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15297

Error: (11/12/2015 05:36:42 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 15297

Error: (11/12/2015 05:36:42 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (11/12/2015 01:24:02 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 484203

Error: (11/12/2015 01:24:02 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 484203

Error: (11/12/2015 01:24:02 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (11/12/2015 03:24:00 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 30875


System errors:
=============
Error: (11/15/2015 08:13:33 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: {209500FC-6B45-4693-8871-6296C4843751}

Error: (11/15/2015 02:10:02 AM) (Source: DCOM) (EventID: 10010) (User: HP)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

Error: (11/15/2015 02:09:32 AM) (Source: DCOM) (EventID: 10010) (User: HP)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

Error: (11/13/2015 03:25:31 AM) (Source: DCOM) (EventID: 10010) (User: HP)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

Error: (11/13/2015 03:25:01 AM) (Source: DCOM) (EventID: 10010) (User: HP)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

Error: (11/13/2015 12:47:07 AM) (Source: DCOM) (EventID: 10010) (User: HP)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

Error: (11/13/2015 12:46:36 AM) (Source: DCOM) (EventID: 10010) (User: HP)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

Error: (11/12/2015 06:33:06 PM) (Source: DCOM) (EventID: 10010) (User: HP)
Description: {6812639B-FD61-4329-9901-22CFDBD690FE}

Error: (11/12/2015 02:29:12 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has failed to start.

Module Path: C:\Windows\system32\Rtlihvs.dll
Error Code: 126

Error: (11/12/2015 03:22:55 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has failed to start.

Module Path: C:\Windows\system32\Rtlihvs.dll
Error Code: 126


==================== Memory info ===========================

Processor: Intel® Celeron® CPU N2830 @ 2.16GHz
Percentage of memory in use: 62%
Total physical RAM: 3986.95 MB
Available physical RAM: 1480.54 MB
Total Virtual: 4690.95 MB
Available Virtual: 2252.57 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:443.69 GB) (Free:349.28 GB) NTFS
Drive d: (RECOVERY) (Fixed) (Total:21.06 GB) (Free:2.11 GB) NTFS ==>[system with boot components (obtained from drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 159542BB)

Partition: GPT.

==================== End of Addition.txt ============================



#6 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:06:48 AM

Posted 16 November 2015 - 02:59 AM

Hi,

Step 1

v21logo.PNG

Scan with Malwarebytes Anti-Malware.
  • Please open Malwarebytes Anti-Malware and update the database.
  • Click "Settings" [1] and go to "Detection and Protection" [2]
  • Make sure "Scan for Rootkits" is checked.
  • Click on Dashboard [3], then click on Scan Now [4] to start the scan.
    :exclame: If Malware or Potentially Unwanted Programs [PUPs] are found, you will receive a prompt:
    m21p.png
  • Click on "Remove Selected" [5].
  • Then click "Save Results" [6] and select
    m21p4.png
  • Return to our forum. Paste your log into your next reply and then click Finish [7].
mbamv21.gif

Step 2

Please download adwcleaner.png AdwCleaner (by Xplode) and save it to your Desktop.
  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select "Run As Administrator"
  • Click on the Scan button.
  • After the scan has finished, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • After rebooting, a logfile report (AdwCleaner[C#].txt) will open automatically (where the largest value of # represents the most recent report).
    Copy and paste the contents of that logfile in your next reply.
Step 3

Please downloadesetlogo.pngOnline Scanner and save it to your Desktop.
  • Disable the realtime-protection of your antivirus and anti-malware programs because they might interfere with the scan.
  • Start installer.pngwith administartor privileges.
  • Select the option Yes, I accept the Terms of Use and click on Start.
  • Choose the following settings:
settings.png
  • Click on Start. The virus signature database will begin to download. This may take some time.
  • When completed the Online Scan will begin automatically.
    Note: This scan might take a long time! Please be patient.
  • When completed, click on Finish.
  • A log filelog.pngis created at logpath.png
    Copy and paste the content of this log file in your next reply.
esetlog.png

Note: Do not forget to re-enable your antivirus application after running the above scan!
eset.gif
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#7 Victor43

Victor43
  • Topic Starter

  • Members
  • 57 posts
  • OFFLINE
  •  
  • Local time:11:48 PM

Posted 16 November 2015 - 11:28 PM

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 2015-11-16
Scan Time: 10:05 PM
Logfile: Malwarebytes Scan Log.txt
Administrator: No

Version: 2.2.0.1024
Malware Database: v2015.11.16.07
Rootkit Database: v2015.11.14.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 8.1
CPU: x64
File System: NTFS
User: STD-USER

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 263155
Time Elapsed: 12 min, 57 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)



#8 Victor43

Victor43
  • Topic Starter

  • Members
  • 57 posts
  • OFFLINE
  •  
  • Local time:11:48 PM

Posted 16 November 2015 - 11:29 PM

# AdwCleaner v5.021 - Logfile created 16/11/2015 at 22:38:36
# Updated 14/11/2015 by Xplode
# Database : 2015-11-13.3 [Server]
# Operating system : Windows 8.1 Connected  (x64)
# Username : Simpson - HP
# Running from : C:\Users\STD-USER\Downloads\adwcleaner_5.021.exe
# Option : Cleaning
# Support : http://toolslib.net/forum

***** [ Services ] *****


***** [ Folders ] *****

[-] Folder Deleted : C:\Users\sukhbindars\AppData\LocalLow\visi_coupon
[-] Folder Deleted : C:\Users\sukhbindars\AppData\LocalLow\YahooCouponAddOn
[!] Folder Not Deleted : C:\Users\sukhbindars\AppData\LocalLow\visi_coupon
[!] Folder Not Deleted : C:\Users\sukhbindars\AppData\LocalLow\YahooCouponAddOn
[-] Folder Deleted : C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Yahoo!\Companion

***** [ Files ] *****

[-] File Deleted : C:\Users\sukhbindars\AppData\Roaming\Mozilla\Firefox\Profiles\l55wer61.default\invalidprefs.js
[-] File Deleted : C:\Users\sukhbindars\AppData\Roaming\Mozilla\Firefox\Profiles\l55wer61.default\invalidprefs.js
[-] File Deleted : C:\Users\sukhbindars\AppData\Roaming\Mozilla\Firefox\Profiles\l55wer61.default\user.js
[-] File Deleted : C:\Users\sukhbindars\AppData\Roaming\Mozilla\Firefox\Profiles\l55wer61.default\user.js
[-] File Deleted : C:\Users\sukhbindars\AppData\Roaming\Mozilla\Firefox\Profiles\l55wer61.default\invalidprefs.js
[-] File Deleted : C:\Users\sukhbindars\AppData\Roaming\Mozilla\Firefox\Profiles\l55wer61.default\invalidprefs.js
[-] File Deleted : C:\Users\sukhbindars\AppData\Roaming\Mozilla\Firefox\Profiles\l55wer61.default\user.js
[-] File Deleted : C:\Users\sukhbindars\AppData\Roaming\Mozilla\Firefox\Profiles\l55wer61.default\user.js

***** [ DLLs ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****

[-] Key Deleted : HKLM\SOFTWARE\Classes\YBrowserToolbar.YBrowserToolbar.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\YBrowserToolbar.YBrowserToolbar
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
[-] Key Deleted : HKCU\Software\Yahoo\Companion
[-] Key Deleted : HKCU\Software\Yahoo\YFriendsBar
[-] Key Deleted : HKCU\Software\AppDataLow\Software\Yahoo\Companion
[-] Key Deleted : HKLM\SOFTWARE\Yahoo\Companion
[-] Key Deleted : HKU\.DEFAULT\Software\Yahoo\Companion
[-] Key Deleted : HKU\.DEFAULT\Software\Yahoo\YFriendsBar
[-] Key Deleted : HKU\.DEFAULT\Software\AppDataLow\Software\Yahoo\Companion

***** [ Web browsers ] *****


*************************

:: "Tracing" keys removed
:: Winsock settings cleared

########## EOF - \AdwCleaner\AdwCleaner[C1].txt - [3095 bytes] ##########
 



#9 Victor43

Victor43
  • Topic Starter

  • Members
  • 57 posts
  • OFFLINE
  •  
  • Local time:11:48 PM

Posted 17 November 2015 - 02:35 AM

OK here is the Eset Log Results

 

C:\Users\suhuh\Downloads\Dads downloads October 11 2015\ccsetup504.exe    Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\Users\suhuh\Downloads\Dads downloads October 11 2015\ccsetup505.exe    Win32/Bundled.Toolbar.Google.D potentially unsafe application
 



#10 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:06:48 AM

Posted 17 November 2015 - 03:52 AM

Please try to post the ESET log as instructed.
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#11 Victor43

Victor43
  • Topic Starter

  • Members
  • 57 posts
  • OFFLINE
  •  
  • Local time:11:48 PM

Posted 19 November 2015 - 02:13 AM

Please try to post the ESET log as instructed.

 

Hello I'm sorry but I missed the proper instructions for Eset log file. I will have to run the program again. I shall post the log file once I have completed running the scanner again.



#12 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:06:48 AM

Posted 19 November 2015 - 12:34 PM

OK.:)


regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#13 Victor43

Victor43
  • Topic Starter

  • Members
  • 57 posts
  • OFFLINE
  •  
  • Local time:11:48 PM

Posted 19 November 2015 - 10:21 PM

ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=f54afb3916d64e44b652efcc91bb856e
# end=init
# utc_time=2015-11-19 07:15:12
# local_time=2015-11-19 02:15:12 (-0500, Eastern Standard Time)
# country="United States"
# osver=6.2.9200 NT
Update Init
Update Download
Update Finalize
Updated modules version: 26794
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=f54afb3916d64e44b652efcc91bb856e
# end=updated
# utc_time=2015-11-19 07:18:14
# local_time=2015-11-19 02:18:14 (-0500, Eastern Standard Time)
# country="United States"
# osver=6.2.9200 NT
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=f54afb3916d64e44b652efcc91bb856e
# engine=26794
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2015-11-19 12:54:45
# local_time=2015-11-19 07:54:45 (-0500, Eastern Standard Time)
# country="United States"
# lang=1033
# osver=6.2.9200 NT
# compatibility_mode_1='*McAfee*'
# compatibility_mode=5131 16777214 100 97 10904831 70440325 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 5244094 41343119 0 0
# scanned=356734
# found=2
# cleaned=0
# scan_time=20190
sh=95515E5CD54F8D3B375FAFB34E53C0C1D2E7C344 ft=1 fh=00a7bfbc17a0357b vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Users\sukhbindars\Downloads\Dads downloads October 11 2015\ccsetup504.exe"
sh=3032CB5B0066ACB77259EC89E9ECAFDB21C06BE6 ft=1 fh=4cc4f419610b1b22 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Users\sukhbindars\Downloads\Dads downloads October 11 2015\ccsetup505.exe"
 



#14 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:06:48 AM

Posted 20 November 2015 - 03:19 AM

:thumbup2:

Step 1

frst.pngfrstscan.png

Start FRST with administator privileges.
  • Make sure the following option is checked: addition.png
  • Press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
    Please copy and paste these logs in your next reply.
lesestoff.png

Can you please tell me which problems still persist now?
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#15 Victor43

Victor43
  • Topic Starter

  • Members
  • 57 posts
  • OFFLINE
  •  
  • Local time:11:48 PM

Posted 22 November 2015 - 12:53 AM

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:20-11-2015
Ran by Simpson (administrator) on HP (22-11-2015 00:47:08)
Running from C:\Users\STD-USER\Downloads
Loaded Profiles: Simpson & STD-USER (Available Profiles: Simpson & STD-USER)
Platform: Windows 8.1 Connected (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Softex Inc.) C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE64.EXE
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe
(Intel® Corporation) C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfemms.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\AMCore\mcshield.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Microsoft Online Services\MSOIDSVC.EXE
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Microsoft Online Services\MSOIDSVCM.EXE
(TechSmith Corporation) C:\Program Files (x86)\Common Files\TechSmith Shared\Uploader\UploaderService.exe
(McAfee, Inc.) C:\Program Files\mcafee\msc\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\CSP\1.5.450.0\McCSPServiceHost.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Research In Motion Limited) C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe
(McAfee, Inc.) C:\Program Files\mcafee\virusscan\mcods.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
() C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\platform\McUICnt.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Research In Motion Limited) C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe
(Research In Motion Limited) C:\Program Files (x86)\Common Files\Research In Motion\RIMDeviceManager\RIMDeviceManager.exe
(Research In Motion) C:\Program Files (x86)\Research In Motion\BlackBerry Desktop\Rim.Desktop.AutoUpdate.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.Reader_6.4.9926.17994_x64__8wekyb3d8bbwe\glcnd.exe
(McAfee, Inc.) C:\Program Files\mcafee\virusscan\McVsShld.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7204568 2013-11-04] (Realtek Semiconductor)
HKLM\...\Run: [SimplePass] => C:\Program Files\Hewlett-Packard\SimplePass\ClientCore.exe [3962936 2014-03-28] (Hewlett-Packard)
HKLM\...\Run: [OPBHOBroker] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe [415288 2014-03-28] (Hewlett-Packard)
HKLM\...\Run: [OPBHOBrokerDesktop] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe [415288 2014-03-28] (Hewlett-Packard)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2771184 2013-07-26] (Synaptics Incorporated)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-09-23] (Apple Inc.)
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [161728 2015-08-09] (IvoSoft)
HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe [475448 2014-03-26] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [mcpltui_exe] => C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe [719272 2015-04-02] (McAfee, Inc.)
HKLM-x32\...\Run: [RIMBBLaunchAgent.exe] => C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [267792 2013-01-17] (Research In Motion Limited)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3180272459-1113277286-116663844-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8204056 2015-04-23] (Piriform Ltd)
HKU\S-1-5-21-3180272459-1113277286-116663844-1001\...\Run: [CCleaner] => C:\Program Files\CCleaner\CCleaner64.exe [8204056 2015-04-23] (Piriform Ltd)
HKU\S-1-5-21-3180272459-1113277286-116663844-1001\...\MountPoints2: {a937e3a2-c7b8-11e4-8263-3863bb9aa258} - "F:\LaunchU3.exe" -a
HKU\S-1-5-21-3180272459-1113277286-116663844-1001\...\MountPoints2: {a937e60b-c7b8-11e4-8263-3863bb9aa258} - "F:\LaunchU3.exe" -a
HKU\S-1-5-21-3180272459-1113277286-116663844-1004\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8204056 2015-04-23] (Piriform Ltd)
HKU\S-1-5-21-3180272459-1113277286-116663844-1004\...\MountPoints2: {a937e3a2-c7b8-11e4-8263-3863bb9aa258} - "F:\LaunchU3.exe" -a
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2015-08-09] (IvoSoft)
ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll [2015-08-09] (IvoSoft)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{2FF6CA08-7F64-43E5-B9FF-7FDF00332F9F}: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{E255DDF2-AF07-460D-B241-655B0902CF0D}: [DhcpNameServer] 192.168.1.254

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.msn.com/HPCON14/4
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.msn.com/HPCON14/4
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPCON14/4
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPCON14/4
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-21-3180272459-1113277286-116663844-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yahoo.com/
HKU\S-1-5-21-3180272459-1113277286-116663844-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPCON14/4
HKU\S-1-5-21-3180272459-1113277286-116663844-1004\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPCON14/4
SearchScopes: HKLM -> {F349ECEF-43B3-417B-8201-6BB8B10C4D26} URL = hxxp://www.amazon.ca/s/ref=azs_osd_ieaca?ie=UTF-8&tag=hp-ca2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> {F349ECEF-43B3-417B-8201-6BB8B10C4D26} URL = hxxp://www.amazon.ca/s/ref=azs_osd_ieaca?ie=UTF-8&tag=hp-ca2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-3180272459-1113277286-116663844-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?PC=WCUG&FORM=WCUGDF&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3180272459-1113277286-116663844-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?PC=WCUG&FORM=WCUGDF&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3180272459-1113277286-116663844-1001 -> {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = hxxp://search.yahoo.com/search?p={searchTerms}&fr=mkg028
SearchScopes: HKU\S-1-5-21-3180272459-1113277286-116663844-1001 -> {F349ECEF-43B3-417B-8201-6BB8B10C4D26} URL = hxxp://www.amazon.ca/s/ref=azs_osd_ieaca?ie=UTF-8&tag=hp-ca2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-3180272459-1113277286-116663844-1004 -> {F349ECEF-43B3-417B-8201-6BB8B10C4D26} URL = hxxp://www.amazon.ca/s/ref=azs_osd_ieaca?ie=UTF-8&tag=hp-ca2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll [2015-08-09] (IvoSoft)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2011-06-12] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28] (Hewlett-Packard)
BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll [2015-08-09] (IvoSoft)
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll [2015-08-09] (IvoSoft)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-28] (Hewlett-Packard)
BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll [2015-08-09] (IvoSoft)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll [2015-08-09] (IvoSoft)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll [2015-08-09] (IvoSoft)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll [2015-04-07] (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll [2015-04-07] (McAfee, Inc.)

FireFox:
========
FF ProfilePath: C:\Users\sukhbindars\AppData\Roaming\Mozilla\Firefox\Profiles\l55wer61.default
FF DefaultSearchEngine: Default
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2015-04-07] ()
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1204144.dll [2013-09-05] (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2015-04-07] ()
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @RIM.com/WebSLLauncher,version=1.0 -> C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll [2012-12-13] ()
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-18] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-18] (Google Inc.)
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2015-07-05] [not signed]

Chrome:
=======
CHR HomePage: Profile 1 -> hxxp://www.msn.com/en-ca/
CHR StartupUrls: Profile 1 -> "hxxp://www.msn.com/en-ca/"
CHR NewTab: Profile 1 -> "chrome-extension://icpgjfneehieebagbmdbhnlpiopdcmna/main.html"
CHR Profile: C:\Users\sukhbindars\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (Google Docs) - C:\Users\sukhbindars\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2015-04-14]
CHR Extension: (Google Drive) - C:\Users\sukhbindars\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-09-18]
CHR Extension: (YouTube) - C:\Users\sukhbindars\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-04-14]
CHR Extension: (Adblock Plus) - C:\Users\sukhbindars\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-09-18]
CHR Extension: (Google Search) - C:\Users\sukhbindars\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-04-14]
CHR Extension: (Google Docs Offline) - C:\Users\sukhbindars\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-09-18]
CHR Extension: (Hola Better Internet) - C:\Users\sukhbindars\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio [2015-07-05]
CHR Extension: (New Tab Redirect) - C:\Users\sukhbindars\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\icpgjfneehieebagbmdbhnlpiopdcmna [2015-04-14]
CHR Extension: (Chrome Web Store Payments) - C:\Users\sukhbindars\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-09-18]
CHR Extension: (Gmail) - C:\Users\sukhbindars\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-14]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-09-02] (Apple Inc.)
R3 Blackberry Device Manager; C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe [577536 2013-01-18] (Research In Motion Limited) [File not signed]
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [340744 2015-04-02] (McAfee, Inc.)
R2 HPWMISVC; C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe [469304 2014-03-26] (Hewlett-Packard Development Company, L.P.)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe [733696 2013-07-01] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe [822232 2013-07-01] (Intel® Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [753768 2015-04-07] (McAfee, Inc.)
S3 McAWFwk; c:\Program Files\Common Files\mcafee\ActWiz\McAWFwk.exe [334608 2013-07-29] (McAfee, Inc.)
R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\1.5.450.0\McCSPServiceHost.exe [207344 2015-04-08] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [340744 2015-04-02] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [340744 2015-04-02] (McAfee, Inc.)
R3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [612688 2015-04-09] (McAfee, Inc.)
S4 McOobeSv2; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [340744 2015-04-02] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [340744 2015-04-02] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [340744 2015-04-02] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [232656 2015-02-17] (McAfee, Inc.)
R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe [372144 2015-04-06] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [250672 2015-02-17] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [340744 2015-04-02] (McAfee, Inc.)
R2 msoidsvc; C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE [2079520 2012-05-17] (Microsoft Corp.)
R2 omniserv; C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe [88064 2014-03-28] (Softex Inc.) [File not signed]
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [289496 2013-10-16] (Realtek Semiconductor)
R2 TechSmith Uploader Service; C:\Program Files (x86)\Common Files\TechSmith Shared\Uploader\UploaderService.exe [3408384 2015-01-26] (TechSmith Corporation) [File not signed]
S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2014-04-02] (Microsoft Corporation)
S3 w3logsvc; C:\Windows\SysWOW64\inetsrv\w3logsvc.dll [66560 2014-04-02] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)
S2 0188161446709712mcinstcleanup; C:\Windows\TEMP\018816~1.EXE -cleanup -nolog [X]
S3 BrYNSvc; "C:\Program Files (x86)\Browny02\BrYNSvc.exe" [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 androidusb; C:\Windows\System32\Drivers\wsadb.sys [40232 2015-03-10] (Google Inc)
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [68784 2015-02-17] (McAfee, Inc.)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91912 2013-11-12] (CyberLink)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)
R0 MBI; C:\Windows\System32\drivers\MBI.sys [29464 2013-10-10] (Intel Corporation)
R3 mfeaack; C:\Windows\System32\drivers\mfeaack.sys [401736 2015-02-17] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [337888 2015-02-17] (McAfee, Inc.)
R0 mfedisk; C:\Windows\System32\DRIVERS\mfedisk.sys [101872 2015-02-17] (McAfee, Inc.)
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [80160 2015-02-13] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [488000 2015-02-17] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [864072 2015-02-17] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [482600 2015-01-15] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [100720 2015-01-15] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [340448 2015-02-17] (McAfee, Inc.)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [78336 2013-01-03] (Research In Motion Limited)
R3 RimVSerPort; C:\Windows\system32\DRIVERS\RimSerial_AMD64.sys [44544 2012-12-10] (Research in Motion Ltd)
R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [294104 2014-07-04] (Realtek Semiconductor Corp.)
U5 RTSPER; C:\Windows\System32\Drivers\RTSPER.sys [506072 2014-06-20] (Realsil Semiconductor Corporation)
R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [3068120 2014-01-13] (Realtek Semiconductor Corporation                           )
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [30448 2013-07-26] (Synaptics Incorporated)
S3 SmbDrvI; C:\Windows\System32\drivers\Smb_driver_Intel.sys [34544 2013-07-26] (Synaptics Incorporated)
S3 ssudserd; C:\Windows\system32\DRIVERS\ssudserd.sys [206080 2014-01-22] (DEVGURU Co., LTD.(www.devguru.co.kr))
R3 TXEIx64; C:\Windows\System32\drivers\TXEIx64.sys [88592 2014-01-15] (Intel Corporation)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2013-07-22] (Hewlett-Packard Development Company, L.P.)
S3 npf; \??\C:\Users\SUKHBI~1\AppData\Local\Temp\HouseCall\tmase\nmap\npf\x64\npf.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-11-22 00:47 - 2015-11-22 00:48 - 00022871 _____ C:\Users\STD-USER\Downloads\FRST.txt
2015-11-22 00:46 - 2015-11-22 00:46 - 02345984 ____C (Farbar) C:\Users\STD-USER\Downloads\FRST64.exe
2015-11-22 00:46 - 2015-11-22 00:46 - 00000000 ____D C:\Users\STD-USER\Downloads\FRST-OlderVersion
2015-11-21 23:45 - 2015-11-21 23:45 - 00000070 _____ C:\Users\STD-USER\Documents\sdfdsf.txt
2015-11-21 21:59 - 2015-11-21 21:59 - 00000150 _____ C:\Users\STD-USER\Documents\Movies Wanted.txt
2015-11-21 21:51 - 2015-11-21 21:51 - 00000544 _____ C:\Users\STD-USER\Documents\sdssd.txt
2015-11-20 23:02 - 2015-11-20 23:02 - 00503148 _____ C:\Users\STD-USER\Documents\bookmarks.html
2015-11-20 01:35 - 2015-11-20 01:35 - 00000000 ____D C:\Users\STD-USER\AppData\Local\Apple
2015-11-19 23:40 - 2015-11-20 02:06 - 00000237 _____ C:\Users\STD-USER\Documents\ToDo.txt
2015-11-19 23:03 - 2015-11-19 23:14 - 00001374 _____ C:\Users\STD-USER\Documents\TI Broken Links and Final Questions.txt
2015-11-19 03:48 - 2015-11-19 03:48 - 00000794 _____ C:\Windows\setupact.log
2015-11-19 03:48 - 2015-11-19 03:48 - 00000000 _____ C:\Windows\setuperr.log
2015-11-19 01:34 - 2015-11-19 01:34 - 00001032 _____ C:\Users\STD-USER\Desktop\FTP Commander.lnk
2015-11-18 03:22 - 2015-11-18 03:26 - 00000000 ___DC C:\Program Files (x86)\FTP Commander
2015-11-18 03:22 - 2015-11-18 03:22 - 00000000 ____D C:\Users\sukhbindars\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FTP Commander
2015-11-18 03:22 - 2015-11-18 03:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FTP Commander
2015-11-16 22:32 - 2015-11-16 22:51 - 00000000 ___DC C:\AdwCleaner
2015-11-16 22:21 - 2015-11-16 22:21 - 00000000 ___DC C:\Program Files (x86)\ESET
2015-11-16 01:59 - 2015-11-22 00:47 - 00000000 ___DC C:\FRST
2015-11-16 01:03 - 2015-11-16 01:03 - 00003688 _____ C:\Users\STD-USER\Documents\TI and Silicon Labs and ARM Final Questions To Ask.txt
2015-11-16 00:17 - 2015-11-16 00:24 - 00001252 _____ C:\Users\STD-USER\Documents\TI Last and Final Questions November 16 2015.txt
2015-11-12 15:33 - 2015-11-12 15:33 - 00001096 _____ C:\Users\sukhbindars\Desktop\Windows Fax and Scan.lnk
2015-11-12 15:33 - 2015-11-12 15:33 - 00000000 ____D C:\Users\sukhbindars\Documents\Fax
2015-11-12 01:43 - 2015-11-13 23:40 - 00006971 _____ C:\Users\STD-USER\Documents\Angela ARM Questions.txt
2015-11-10 04:27 - 2015-11-10 04:27 - 00000036 _____ C:\Users\sukhbindars\AppData\Local\housecall.guid.cache
2015-11-10 04:27 - 2015-05-29 02:43 - 00307352 _____ (Trend Micro Inc.) C:\Windows\system32\Drivers\tmcomm.sys
2015-11-09 03:39 - 2015-11-09 03:39 - 00000000 ____D C:\Users\STD-USER\Downloads\Firefox
2015-11-08 03:29 - 2015-11-21 21:38 - 02044241 _____ C:\Windows\WindowsUpdate.log
2015-11-04 23:55 - 2015-11-04 23:55 - 00000000 ____D C:\Users\STD-USER\AppData\Local\MediaShow
2015-11-04 23:54 - 2015-11-04 23:54 - 00000000 ____D C:\Users\STD-USER\Documents\CyberLink
2015-11-04 21:16 - 2015-11-04 23:22 - 00000000 ____D C:\Users\STD-USER\AppData\Roaming\Audacity
2015-11-04 21:10 - 2015-11-04 23:54 - 00000000 ____D C:\Users\STD-USER\AppData\Roaming\CyberLink
2015-11-03 21:41 - 2015-11-20 01:46 - 00000513 _____ C:\Users\STD-USER\Documents\food testing items techniques.txt
2015-11-03 04:35 - 2015-11-03 04:35 - 00000000 ____D C:\Users\STD-USER\AppData\Roaming\Nero
2015-10-31 00:45 - 2015-10-31 00:56 - 304293008 _____ (Microsoft Corporation) C:\Users\STD-USER\Downloads\office2007sp2-kb953195-fullfile-en-us.exe
2015-10-31 00:44 - 2015-10-31 00:57 - 368945248 _____ (Microsoft Corporation) C:\Users\STD-USER\Downloads\office2007sp3-kb2526086-fullfile-en-us.exe
2015-10-30 22:15 - 2015-10-30 22:15 - 00000000 ____D C:\Users\STD-USER\AppData\Roaming\Macromedia
2015-10-29 01:29 - 2015-10-29 01:29 - 00001224 _____ C:\Users\STD-USER\Desktop\WFS.exe - Shortcut.lnk
2015-10-28 03:00 - 2015-10-28 03:00 - 00000000 ____D C:\Users\STD-USER\Downloads\Context Menus
2015-10-25 02:00 - 2015-10-25 02:29 - 765883568 _____ (Microsoft Corporation) C:\Users\STD-USER\Downloads\officesp2010-kb2687455-fullfile-x64-en-us.exe
2015-10-25 01:59 - 2015-10-25 02:18 - 461215096 _____ (Microsoft Corporation) C:\Users\STD-USER\Downloads\officesuite2010sp1-kb2460049-x64-fullfile-en-us.exe
2015-10-25 01:38 - 2015-10-25 01:58 - 669173640 _____ (Microsoft Corporation) C:\Users\STD-USER\Downloads\officesp2010-kb2687455-fullfile-x86-en-us.exe
2015-10-25 01:37 - 2015-10-25 01:52 - 379534904 _____ (Microsoft Corporation) C:\Users\STD-USER\Downloads\officesuite2010sp1-kb2460049-x86-fullfile-en-us.exe
2015-10-23 03:10 - 2015-10-23 03:10 - 00000000 ___DC C:\Program Files (x86)\Microsoft Sync Framework
2015-10-23 02:38 - 2015-10-17 20:53 - 02721168 _____ (Microsoft Corporation) C:\Users\STD-USER\Downloads\Windows7-USB-DVD-Download-Tool-Installer-en-US (2).exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-11-22 00:47 - 2014-03-18 04:53 - 00956476 _____ C:\Windows\system32\PerfStringBackup.INI
2015-11-22 00:32 - 2015-02-25 17:48 - 00000912 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-11-21 23:00 - 2013-08-22 10:36 - 00000000 ____D C:\Windows\system32\sru
2015-11-21 22:41 - 2015-10-12 02:21 - 00000325 _____ C:\Users\STD-USER\Documents\FILES NEEDS BACKUP.txt
2015-11-21 22:38 - 2015-10-18 22:09 - 00000385 _____ C:\Users\STD-USER\AppData\Roaming\Rim.DesktopHelper.Exception.log
2015-11-21 22:38 - 2015-10-18 22:08 - 00000385 _____ C:\Users\STD-USER\AppData\Roaming\Rim.Desktop.Exception.log
2015-11-21 21:45 - 2015-10-13 05:08 - 00003914 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{319D0C6F-60CA-4AE7-AABD-141293723AAD}
2015-11-21 21:35 - 2015-10-11 23:07 - 00003596 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3180272459-1113277286-116663844-1004
2015-11-21 21:29 - 2015-10-11 23:02 - 00000000 ____D C:\Users\STD-USER\Documents\Youcam
2015-11-21 21:28 - 2015-02-25 17:48 - 00000908 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-11-21 03:22 - 2015-10-11 23:06 - 00000000 ____D C:\Users\STD-USER\AppData\Local\ClassicShell
2015-11-20 23:46 - 2015-10-12 20:11 - 00000000 ____D C:\Users\STD-USER\Documents\Outlook Files
2015-11-19 01:34 - 2015-10-11 23:00 - 00000000 ____D C:\Users\STD-USER\AppData\Local\VirtualStore
2015-11-17 21:30 - 2015-04-15 10:57 - 00000000 ____D C:\Users\sukhbindars\AppData\Local\ClassicShell
2015-11-17 20:07 - 2013-08-22 08:25 - 00262144 ___SH C:\Windows\system32\config\ELAM
2015-11-17 02:30 - 2015-10-14 03:30 - 00442880 ___SH C:\Users\STD-USER\Documents\Thumbs.db
2015-11-16 22:40 - 2015-09-18 14:25 - 00000346 _____ C:\Windows\Tasks\HPCeeScheduleForSimpson.job
2015-11-16 22:40 - 2013-08-22 09:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-11-16 22:39 - 2013-08-22 08:25 - 00262144 ___SH C:\Windows\system32\config\BBI
2015-11-16 22:27 - 2015-04-26 18:13 - 00000000 ____D C:\Users\sukhbindars\Documents\Youcam
2015-11-16 22:26 - 2015-09-18 14:25 - 00003164 _____ C:\Windows\System32\Tasks\HPCeeScheduleForSimpson
2015-11-16 22:26 - 2015-02-25 17:38 - 00000000 ____D C:\Users\sukhbindars
2015-11-12 17:43 - 2015-04-14 22:15 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-11-12 14:36 - 2015-02-25 17:45 - 00003596 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3180272459-1113277286-116663844-1001
2015-11-12 13:36 - 2013-08-22 10:36 - 00000000 ____D C:\Windows\AppReadiness
2015-11-11 21:36 - 2015-02-25 17:48 - 00002170 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-11-11 05:21 - 2015-10-11 23:31 - 00000000 ____D C:\Users\sukhbindars\AppData\Local\CrashDumps
2015-11-11 02:34 - 2013-08-22 10:20 - 00000000 ____D C:\Windows\CbsTemp
2015-11-10 01:43 - 2015-04-14 22:15 - 00001081 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-11-10 01:43 - 2015-04-14 22:15 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-11-09 03:22 - 2015-10-17 21:05 - 01465344 ___SH C:\Users\STD-USER\Downloads\Thumbs.db
2015-11-09 00:43 - 2015-10-17 03:30 - 00104392 _____ C:\Users\STD-USER\AppData\Local\GDIPFONTCACHEV1.DAT
2015-11-08 22:43 - 2015-10-11 23:34 - 00000000 ____D C:\Users\STD-USER\Documents\Snagit
2015-11-08 04:03 - 2015-03-11 00:41 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-11-05 02:49 - 2014-08-26 06:51 - 00000000 ____D C:\ProgramData\McAfee
2015-11-04 23:54 - 2014-08-26 07:42 - 00000000 ____D C:\Users\Public\Documents\CyberLink
2015-11-04 21:18 - 2015-10-12 00:52 - 00000000 ___DC C:\Program Files (x86)\Audacity
2015-11-04 21:10 - 2015-10-11 23:02 - 00000000 ____D C:\Users\STD-USER\AppData\Local\CyberLink
2015-11-04 21:10 - 2014-08-26 06:38 - 00000000 ____D C:\ProgramData\CyberLink
2015-11-03 02:50 - 2013-08-22 10:36 - 00000000 ____D C:\Windows\rescache
2015-10-25 03:52 - 2015-10-12 01:05 - 00000000 ____D C:\Users\STD-USER\AppData\Roaming\Apple Computer
2015-10-25 00:45 - 2015-10-11 23:17 - 00000000 ____D C:\Users\STD-USER\Downloads\Office 2010 Professional
2015-10-23 03:57 - 2015-03-11 00:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2015-10-23 03:52 - 2014-07-18 03:30 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2015-10-23 03:04 - 2015-10-14 22:40 - 00000000 ____D C:\Users\STD-USER\AppData\Local\Microsoft Help

==================== Files in the root of some directories =======

2015-03-10 23:59 - 2015-03-24 04:18 - 0000308 _____ () C:\Users\sukhbindars\AppData\Roaming\Rim.Desktop.Exception.log
2015-03-10 23:51 - 2015-10-12 00:21 - 0003048 _____ () C:\Users\sukhbindars\AppData\Roaming\Rim.Desktop.HttpServerSetup.log
2015-03-10 23:59 - 2015-03-24 04:18 - 0000308 _____ () C:\Users\sukhbindars\AppData\Roaming\Rim.DesktopHelper.Exception.log
2015-11-10 04:27 - 2015-11-10 04:27 - 0000036 _____ () C:\Users\sukhbindars\AppData\Local\housecall.guid.cache

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-11-15 02:09

==================== End of FRST.txt ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version:20-11-2015
Ran by Simpson (2015-11-22 00:50:14)
Running from C:\Users\STD-USER\Downloads
Windows 8.1 Connected (X64) (2015-02-25 22:38:27)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3180272459-1113277286-116663844-500 - Administrator - Disabled)
Guest (S-1-5-21-3180272459-1113277286-116663844-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3180272459-1113277286-116663844-1003 - Limited - Enabled)
Simpson (S-1-5-21-3180272459-1113277286-116663844-1001 - Administrator - Enabled) => C:\Users\sukhbindars
STD-USER (S-1-5-21-3180272459-1113277286-116663844-1004 - Limited - Enabled) => C:\Users\STD-USER

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {DA9F8ED0-D0DE-39CC-F55A-51AB4CC1B556}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {61FE6F34-F6E4-3642-CFEA-6AD93746FFEB}
FW: McAfee Firewall (Enabled) {E2A40FF5-9AB1-3894-DE05-F89EB212F22D}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.4.144 - Adobe Systems, Inc.)
Apple Application Support (32-bit) (HKLM-x32\...\{A50679D9-6CBD-4FCD-BACB-62EF3894F6F3}) (Version: 4.0.3 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{1F72FDD5-A069-45B4-928F-D0F16492DC69}) (Version: 4.0.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{FD244E19-6EFE-4A2D-948A-0D45D4C168BE}) (Version: 9.0.0.26 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
Audacity 2.1.0 (HKLM-x32\...\Audacity_is1) (Version: 2.1.0 - Audacity Team)
BlackBerry Desktop Software 7.1 (HKLM-x32\...\BlackBerry_Desktop) (Version: 7.1.0.41 - Research In Motion Ltd.)
BlackBerry Desktop Software 7.1 (x32 Version: 7.1.0.41 - Research In Motion Ltd.) Hidden
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.05 - Piriform)
Classic Shell (HKLM\...\{E289B7DD-6732-4333-A47A-75A145D23EE3}) (Version: 4.2.4 - IvoSoft)
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.6.3728 - CyberLink Corp.)
Cyberlink PhotoDirector (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.4.4824 - CyberLink Corp.)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.6.3821 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.6.3912 - CyberLink Corp.)
CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.3.3709 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 5.0.3.3907 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DisableMSDefender (Version: 1.0.0 - Hewlett-Packard Company) Hidden
Energy Star (HKLM\...\{465CA2B6-98AF-4E77-BE22-A908C34BB9EC}) (Version: 1.0.9 - Hewlett-Packard Company)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
FTP Commander (HKLM-x32\...\FTP Commander) (Version:  - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 46.0.2490.86 - Google Inc.)
Google Update Helper (x32 Version: 1.3.28.15 - Google Inc.) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP Documentation (HKLM-x32\...\{DCB0919F-F0A6-4C63-800F-B6825D6C0434}) (Version: 1.1.0.0 - Hewlett-Packard)
HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.7493.4758 - Hewlett-Packard)
HP SimplePass (HKLM-x32\...\InstallShield_{314FAD12-F785-4471-BCE8-AB506642B9A1}) (Version: 8.01.11 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{8C696B4B-6AB1-44BC-9416-96EAC474CABE}) (Version: 7.5.2.12 - Hewlett-Packard Company)
HP System Event Utility (HKLM-x32\...\{DEF23826-DB71-4654-BC00-D5D6C20802EA}) (Version: 1.1.4 - Hewlett-Packard Company)
HP Utility Center (HKLM\...\{82E6836B-9400-4965-9FD2-46BD64D8BE41}) (Version: 2.4.7 - Hewlett-Packard Company)
HP Wireless Button Driver (HKLM-x32\...\{30B2D1D8-0A07-4B71-9553-0710C5D31E35}) (Version: 1.1.2.1 - Hewlett-Packard Company)
Inst5675 (Version: 8.01.11 - Softex Inc.) Hidden
Inst5676 (Version: 8.01.11 - Softex Inc.) Hidden
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3408 - Intel Corporation)
Intel® Sideband Fabric Device Driver (HKLM-x32\...\C5A8BC6E-723A-4C0F-96E1-C426D1A4BCA9) (Version: 1.0.0.1002 - Intel Corporation)
Intel® Trusted Execution Engine (HKLM\...\{176E2755-0A17-42C6-88E2-192AB2131278}) (Version: 1.0.0.1064 - Intel Corporation)
iTunes (HKLM\...\{96984DE8-1DB8-425C-AC8C-3098BC696F04}) (Version: 12.3.0.44 - Apple Inc.)
Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
McAfee LiveSafe - Internet Security (HKLM-x32\...\MSC) (Version: 14.0.1029 - McAfee, Inc.)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Office Professional 2007 (HKLM-x32\...\PROR) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Online Services Sign-in Assistant (HKLM\...\{46E637E2-AC34-4B45-B5DF-D20903A3DB61}) (Version: 7.250.4303.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 40.0.3 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 40.0.3 (x86 en-US)) (Version: 40.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 40.0.3 - Mozilla)
Nero BurningROM 12 (HKLM-x32\...\{318B413D-A001-4AB6-A0B6-2B4999561117}) (Version: 12.5.01000 - Nero AG)
Prerequisite installer (x32 Version: 12.0.0003 - Nero AG) Hidden
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.273.55 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.20.815.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7083 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\{A5107464-AA9B-4177-8129-5FF2F42DD322}) (Version: 1.00.12.0906 - REALTEK Semiconductor Corp.)
Snagit 12 (HKLM-x32\...\{ae5218bf-cfcc-4099-818d-7e16ce0d97df}) (Version: 12.4.0.2992 - TechSmith Corporation)
Snagit 12 (x32 Version: 12.4.0 - TechSmith Corporation) Hidden
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.6.2 - Synaptics Incorporated)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-0014-0000-0000-0000000FF1CE}_PROR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinRAR 5.30 beta 5 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.30.5 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Restore Points =========================

07-11-2015 22:46:20 Scheduled Checkpoint
18-11-2015 02:49:26 Scheduled Checkpoint

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 08:25 - 2013-08-22 08:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0C9C11C4-A2D3-44F8-92AB-23917BCE3409} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2015-10-14] (Microsoft Corporation)
Task: {15AD23DC-9449-420C-8512-6AFECD7C9E99} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-02-25] (Google Inc.)
Task: {29327D85-F5C4-4304-ABA6-D5E54C430617} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HPW10UpgradeReminder => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPW10UpgradeReminder.exe [2015-08-11] (Hewlett-Packard)
Task: {360AB3FB-168B-4013-8F90-257137DEAF00} - System32\Tasks\TechSmith Updater => C:\Program Files (x86)\Common Files\TechSmith Shared\Updater\TSCUpdClt.exe [2014-07-31] (TechSmith Corporation)
Task: {3CF5F6F3-AE20-407D-B978-8B5DA2AA88E4} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
Task: {40724E0F-FBCF-4D65-B203-3F4F6B417305} - System32\Tasks\YCMServiceAgent => C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe [2014-03-07] (CyberLink Corp.)
Task: {4FEBBF0F-E471-499D-8B56-E04735F00E2E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-02-25] (Google Inc.)
Task: {67AC88CD-C09E-40C7-9B43-B4E617002311} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-04-23] (Piriform Ltd)
Task: {845F555F-CA03-4052-B5F2-5AE04E9895EF} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2014-01-13] (Hewlett-Packard Company)
Task: {916757DC-FF30-4FF6-8BE2-5D573D10AA16} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2013-07-26] (Synaptics Incorporated)
Task: {B286A65B-02B1-4E83-9B52-60882A7B7CDD} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-09-29] (Hewlett-Packard)
Task: {B8856B31-00C0-4AB9-8A25-A70CC40166EA} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2014-01-13] (Hewlett-Packard Company)
Task: {BCFF2EC6-D80D-40A0-B819-7A1814A46D59} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Tuneup => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2014-01-13] (Hewlett-Packard Company)
Task: {E404A685-E1F8-4C30-BBE0-D922DDDD8FE8} - System32\Tasks\HPCeeScheduleForSimpson => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
Task: {EA0F7492-DCB3-4FBD-BED6-A67B917698B3} - System32\Tasks\McAfee Remediation (Prepare) => C:\Program Files\Common Files\AV\McAfee Anti-Virus And Anti-Spyware\upgrade.exe [2015-09-01] (McAfee, Inc.)
Task: {EB731D04-A41C-434D-9671-CBBC87ED6F12} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HPSFUpdaterRedux => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForSimpson.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Loaded Modules (Whitelisted) ==============

2014-03-28 15:31 - 2014-03-28 15:31 - 02110464 _____ () C:\Program Files\Hewlett-Packard\SimplePass\autheng.dll
2014-03-28 15:27 - 2014-03-28 15:27 - 00021504 _____ () C:\Program Files\Hewlett-Packard\SimplePass\cryptodll.dll
2014-03-28 15:27 - 2014-03-28 15:27 - 00035328 _____ () C:\Program Files\Hewlett-Packard\SimplePass\ssplogon.dll
2014-03-28 15:27 - 2014-03-28 15:27 - 00055296 _____ () C:\Program Files\Hewlett-Packard\SimplePass\RandomPass.dll
2014-03-28 15:48 - 2014-03-28 15:48 - 00367504 _____ () C:\Program Files\Hewlett-Packard\SimplePass\mstrpwd.dll
2014-03-28 15:48 - 2014-03-28 15:48 - 00712080 _____ () C:\Program Files\Hewlett-Packard\SimplePass\GraphicalPwd.dll
2015-09-23 15:47 - 2015-09-23 15:47 - 00085800 ____C () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-09-23 15:47 - 2015-09-23 15:47 - 01328912 ____C () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2010-01-30 01:40 - 2010-01-30 01:40 - 04254560 ____C () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-03-24 20:38 - 2010-03-24 20:38 - 08794976 ____C () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2014-03-28 15:36 - 2014-03-28 15:36 - 00065024 _____ () C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe
2015-04-24 19:55 - 2015-04-24 19:55 - 00055576 ____C () C:\Program Files\CCleaner\branding.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfemms => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3180272459-1113277286-116663844-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\sukhbindars\AppData\Local\Microsoft\Windows\Themes\Blue Wate\DesktopBackground\bluewater07.jpg
HKU\S-1-5-21-3180272459-1113277286-116663844-1004\Control Panel\Desktop\\Wallpaper -> C:\Users\STD-USER\AppData\Local\Microsoft\Windows\Themes\Reflectio\DesktopBackground\reflections10.jpg
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: Service Mgr MonarchFind => 2
MSCONFIG\Services: Update Mgr MonarchFind => 2
HKLM\...\StartupApproved\StartupFolder: => "MobileGo Service.lnk"
HKLM\...\StartupApproved\Run: => "HotKeysCmds"
HKLM\...\StartupApproved\Run: => "Persistence"
HKLM\...\StartupApproved\Run: => "SimplePass"
HKLM\...\StartupApproved\Run: => "OPBHOBroker"
HKLM\...\StartupApproved\Run: => "OPBHOBrokerDesktop"
HKLM\...\StartupApproved\Run32: => "HPMessageService"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{18E64C73-0925-423B-8F1D-2180CB098BBE}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12.exe
FirewallRules: [{D4236DF4-EAA1-4C85-BE3A-5C9A997046BC}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
FirewallRules: [{F7687827-C8C1-4702-BC8D-3F6A9C130D16}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12ML.exe
FirewallRules: [{B7015BF9-93E4-4DFC-9AFA-1C859C84F651}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD.exe
FirewallRules: [{B05CF7C8-03E6-4E9C-B8AB-28B14B733DE1}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{D2C56E25-9D73-4591-AB87-EB140772B55D}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{6A7B11A0-6D76-4FA3-8CCD-C9252CA2B6A9}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXE
FirewallRules: [{D3DB6A00-D717-4156-85CA-842570D1F82E}] => (Allow) LPort=4481
FirewallRules: [{C0144E60-ADFE-47DC-A2EA-1CD82FB8F674}] => (Allow) LPort=4481
FirewallRules: [{3C324BC8-C2A6-43A5-82C7-E0D1D3AAEA95}] => (Allow) LPort=4482
FirewallRules: [{7EE3C8DA-6BEA-464B-B120-57ABD7893F77}] => (Allow) LPort=4482
FirewallRules: [{384F2246-D879-460A-9256-9C188996C4C6}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{0F5405C4-1192-4E66-ADED-A7B01C45A117}] => (Allow) LPort=8298
FirewallRules: [{4F51FDED-3724-4F3E-83C1-0F6A6521D6D7}] => (Allow) C:\Program Files (x86)\Research In Motion\BlackBerry Desktop\Rim.Desktop.exe
FirewallRules: [{F64B8F8D-8D01-40D3-A605-F9B3D566CBCF}] => (Allow) C:\Program Files (x86)\Research In Motion\BlackBerry Desktop\Rim.Desktop.exe
FirewallRules: [{64757B09-000D-4D09-BFE6-70789583AC2D}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{99012ED7-315B-4D23-8FD5-222FDF207B04}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{84080D6B-09DD-4820-9310-F6A26035184D}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{8FBDB691-400E-4BC6-947A-86E427A79C3D}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{9584AD97-61F6-4D78-8A87-1D8FD2FDC73A}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{6D89DD1D-C4E7-41C6-BAD8-CC547E0853E7}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{5C4A5203-102A-43FE-A340-18B99CC12BDD}] => (Allow) LPort=2869
FirewallRules: [{CE8656B7-A12C-4FB8-90BB-64ED7DE99633}] => (Allow) LPort=1900
FirewallRules: [{991FF986-D88A-43D7-8B60-30E3A2415C78}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (11/22/2015 00:45:53 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_a9ec6aab013aafee.manifest.

Error: (11/21/2015 09:26:50 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 65027343

Error: (11/21/2015 09:26:50 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 65027343

Error: (11/21/2015 09:26:50 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (11/21/2015 03:22:42 AM) (Source: Winlogon) (EventID: 4005) (User: )
Description: The Windows logon process has unexpectedly terminated.

Error: (11/20/2015 10:04:33 PM) (Source: TechSmith Updater) (EventID: 0) (User: )
Description: Access is denied. (Exception from HRESULT: 0x80070005 (E_ACCESSDENIED))

Error: (11/20/2015 00:40:12 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_a9ec6aab013aafee.manifest.

Error: (11/19/2015 09:46:58 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 47825500

Error: (11/19/2015 09:46:58 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 47825500

Error: (11/19/2015 09:46:58 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second


System errors:
=============
Error: (11/19/2015 11:30:19 PM) (Source: DCOM) (EventID: 10010) (User: HP)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

Error: (11/19/2015 11:29:48 PM) (Source: DCOM) (EventID: 10010) (User: HP)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

Error: (11/18/2015 04:45:50 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: {209500FC-6B45-4693-8871-6296C4843751}

Error: (11/18/2015 03:48:36 AM) (Source: DCOM) (EventID: 10010) (User: HP)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

Error: (11/18/2015 03:48:06 AM) (Source: DCOM) (EventID: 10010) (User: HP)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

Error: (11/18/2015 02:06:33 AM) (Source: DCOM) (EventID: 10010) (User: HP)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

Error: (11/18/2015 02:06:03 AM) (Source: DCOM) (EventID: 10010) (User: HP)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

Error: (11/17/2015 11:29:38 PM) (Source: DCOM) (EventID: 10010) (User: HP)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

Error: (11/17/2015 11:29:08 PM) (Source: DCOM) (EventID: 10010) (User: HP)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}


==================== Memory info ===========================

Processor: Intel® Celeron® CPU N2830 @ 2.16GHz
Percentage of memory in use: 60%
Total physical RAM: 3986.95 MB
Available physical RAM: 1572.89 MB
Total Virtual: 4690.95 MB
Available Virtual: 2421.93 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:443.69 GB) (Free:349.29 GB) NTFS
Drive d: (RECOVERY) (Fixed) (Total:21.06 GB) (Free:2.11 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive f: () (Removable) (Total:29.8 GB) (Free:12.49 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 159542BB)

Partition: GPT.

========================================================
Disk: 1 (Size: 29.8 GB) (Disk ID: 00000000)

Partition: GPT.

==================== End of Addition.txt ============================






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users